lkft/linux-next-master - next-20250708 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.968921] ==================================================================
[   30.969023] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.969102] Write of size 1 at addr fff00000c91e04da by task kunit_try_catch/189
[   30.969181] 
[   30.969278] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.969373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.969422] Hardware name: linux,dummy-virt (DT)
[   30.969452] Call trace:
[   30.969475]  show_stack+0x20/0x38 (C)
[   30.969523]  dump_stack_lvl+0x8c/0xd0
[   30.969787]  print_report+0x118/0x5d0
[   30.969894]  kasan_report+0xdc/0x128
[   30.969995]  __asan_report_store1_noabort+0x20/0x30
[   30.970116]  krealloc_less_oob_helper+0xa80/0xc50
[   30.970194]  krealloc_less_oob+0x20/0x38
[   30.970273]  kunit_try_run_case+0x170/0x3f0
[   30.970531]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.970618]  kthread+0x328/0x630
[   30.970677]  ret_from_fork+0x10/0x20
[   30.970754] 
[   30.970782] Allocated by task 189:
[   30.970810]  kasan_save_stack+0x3c/0x68
[   30.970851]  kasan_save_track+0x20/0x40
[   30.970906]  kasan_save_alloc_info+0x40/0x58
[   30.970943]  __kasan_krealloc+0x118/0x178
[   30.970982]  krealloc_noprof+0x128/0x360
[   30.971030]  krealloc_less_oob_helper+0x168/0xc50
[   30.971069]  krealloc_less_oob+0x20/0x38
[   30.971105]  kunit_try_run_case+0x170/0x3f0
[   30.971143]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.971202]  kthread+0x328/0x630
[   30.971243]  ret_from_fork+0x10/0x20
[   30.971278] 
[   30.971296] The buggy address belongs to the object at fff00000c91e0400
[   30.971296]  which belongs to the cache kmalloc-256 of size 256
[   30.971351] The buggy address is located 17 bytes to the right of
[   30.971351]  allocated 201-byte region [fff00000c91e0400, fff00000c91e04c9)
[   30.971618] 
[   30.971670] The buggy address belongs to the physical page:
[   30.971711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.971804] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.971926] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.971995] page_type: f5(slab)
[   30.972032] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.972081] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.972130] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.972271] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.972334] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.972459] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.972569] page dumped because: kasan: bad access detected
[   30.972640] 
[   30.972732] Memory state around the buggy address:
[   30.972763]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.972804]  fff00000c91e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.972861] >fff00000c91e0480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.972900]                                                     ^
[   30.973099]  fff00000c91e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.973306]  fff00000c91e0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.973416] ==================================================================
[   30.962791] ==================================================================
[   30.962994] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.963060] Write of size 1 at addr fff00000c91e04d0 by task kunit_try_catch/189
[   30.963118] 
[   30.963157] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.963266] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.963293] Hardware name: linux,dummy-virt (DT)
[   30.963322] Call trace:
[   30.963353]  show_stack+0x20/0x38 (C)
[   30.963408]  dump_stack_lvl+0x8c/0xd0
[   30.963454]  print_report+0x118/0x5d0
[   30.963587]  kasan_report+0xdc/0x128
[   30.963786]  __asan_report_store1_noabort+0x20/0x30
[   30.963865]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.963924]  krealloc_less_oob+0x20/0x38
[   30.963971]  kunit_try_run_case+0x170/0x3f0
[   30.964045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.964101]  kthread+0x328/0x630
[   30.964142]  ret_from_fork+0x10/0x20
[   30.964189] 
[   30.964322] Allocated by task 189:
[   30.964359]  kasan_save_stack+0x3c/0x68
[   30.964494]  kasan_save_track+0x20/0x40
[   30.964551]  kasan_save_alloc_info+0x40/0x58
[   30.964591]  __kasan_krealloc+0x118/0x178
[   30.964629]  krealloc_noprof+0x128/0x360
[   30.964667]  krealloc_less_oob_helper+0x168/0xc50
[   30.964705]  krealloc_less_oob+0x20/0x38
[   30.964741]  kunit_try_run_case+0x170/0x3f0
[   30.964845]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.964923]  kthread+0x328/0x630
[   30.964954]  ret_from_fork+0x10/0x20
[   30.964989] 
[   30.965032] The buggy address belongs to the object at fff00000c91e0400
[   30.965032]  which belongs to the cache kmalloc-256 of size 256
[   30.965091] The buggy address is located 7 bytes to the right of
[   30.965091]  allocated 201-byte region [fff00000c91e0400, fff00000c91e04c9)
[   30.965152] 
[   30.965170] The buggy address belongs to the physical page:
[   30.965200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.965268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.965314] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.965362] page_type: f5(slab)
[   30.965399] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.965585] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.965719] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.965788] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.965859] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.965929] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.966019] page dumped because: kasan: bad access detected
[   30.966080] 
[   30.966131] Memory state around the buggy address:
[   30.966168]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.966246]  fff00000c91e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.966287] >fff00000c91e0480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.966565]                                                  ^
[   30.966653]  fff00000c91e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.966738]  fff00000c91e0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.966786] ==================================================================
[   31.010740] ==================================================================
[   31.010794] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.010846] Write of size 1 at addr fff00000c9a2a0c9 by task kunit_try_catch/193
[   31.010894] 
[   31.010926] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.011006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.011032] Hardware name: linux,dummy-virt (DT)
[   31.011063] Call trace:
[   31.011085]  show_stack+0x20/0x38 (C)
[   31.011133]  dump_stack_lvl+0x8c/0xd0
[   31.011180]  print_report+0x118/0x5d0
[   31.011254]  kasan_report+0xdc/0x128
[   31.011300]  __asan_report_store1_noabort+0x20/0x30
[   31.011348]  krealloc_less_oob_helper+0xa48/0xc50
[   31.011396]  krealloc_large_less_oob+0x20/0x38
[   31.011443]  kunit_try_run_case+0x170/0x3f0
[   31.011492]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.011545]  kthread+0x328/0x630
[   31.011586]  ret_from_fork+0x10/0x20
[   31.013292] 
[   31.013328] The buggy address belongs to the physical page:
[   31.013361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.013416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.013716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.013771] page_type: f8(unknown)
[   31.014313] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.014364] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.014412] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.014459] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.014510] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.014558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.014597] page dumped because: kasan: bad access detected
[   31.014628] 
[   31.014646] Memory state around the buggy address:
[   31.014676]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.014718]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.014757] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.014793]                                               ^
[   31.014826]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.014866]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.014903] ==================================================================
[   31.021434] ==================================================================
[   31.021527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.021577] Write of size 1 at addr fff00000c9a2a0d0 by task kunit_try_catch/193
[   31.021625] 
[   31.022438] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.022619] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.022647] Hardware name: linux,dummy-virt (DT)
[   31.023659] Call trace:
[   31.023876]  show_stack+0x20/0x38 (C)
[   31.024124]  dump_stack_lvl+0x8c/0xd0
[   31.024175]  print_report+0x118/0x5d0
[   31.024233]  kasan_report+0xdc/0x128
[   31.024280]  __asan_report_store1_noabort+0x20/0x30
[   31.025509]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.025855]  krealloc_large_less_oob+0x20/0x38
[   31.026635]  kunit_try_run_case+0x170/0x3f0
[   31.026699]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.027122]  kthread+0x328/0x630
[   31.027734]  ret_from_fork+0x10/0x20
[   31.028698] 
[   31.029060] The buggy address belongs to the physical page:
[   31.029228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.029741] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.029978] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.030545] page_type: f8(unknown)
[   31.030781] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.031052] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.031519] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.031608] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.032101] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.032160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.032199] page dumped because: kasan: bad access detected
[   31.032241] 
[   31.032259] Memory state around the buggy address:
[   31.032290]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.032331]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.032377] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.032415]                                                  ^
[   31.032451]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.032491]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.032528] ==================================================================
[   31.035146] ==================================================================
[   31.035645] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.036518] Write of size 1 at addr fff00000c9a2a0da by task kunit_try_catch/193
[   31.037009] 
[   31.037231] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.037471] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.037528] Hardware name: linux,dummy-virt (DT)
[   31.037560] Call trace:
[   31.037583]  show_stack+0x20/0x38 (C)
[   31.037750]  dump_stack_lvl+0x8c/0xd0
[   31.037822]  print_report+0x118/0x5d0
[   31.038268]  kasan_report+0xdc/0x128
[   31.038548]  __asan_report_store1_noabort+0x20/0x30
[   31.038739]  krealloc_less_oob_helper+0xa80/0xc50
[   31.038952]  krealloc_large_less_oob+0x20/0x38
[   31.039001]  kunit_try_run_case+0x170/0x3f0
[   31.039052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.039104]  kthread+0x328/0x630
[   31.039322]  ret_from_fork+0x10/0x20
[   31.039665] 
[   31.039689] The buggy address belongs to the physical page:
[   31.040036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.040478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.040593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.040908] page_type: f8(unknown)
[   31.040948] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.040997] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.041045] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.041479] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.041570] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.041771] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.042067] page dumped because: kasan: bad access detected
[   31.042104] 
[   31.042251] Memory state around the buggy address:
[   31.042284]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.042538]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.042853] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.042893]                                                     ^
[   31.042930]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.042971]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.043007] ==================================================================
[   30.958390] ==================================================================
[   30.958444] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.958515] Write of size 1 at addr fff00000c91e04c9 by task kunit_try_catch/189
[   30.958581] 
[   30.958613] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.958804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.958838] Hardware name: linux,dummy-virt (DT)
[   30.959017] Call trace:
[   30.959100]  show_stack+0x20/0x38 (C)
[   30.959155]  dump_stack_lvl+0x8c/0xd0
[   30.959202]  print_report+0x118/0x5d0
[   30.959261]  kasan_report+0xdc/0x128
[   30.959306]  __asan_report_store1_noabort+0x20/0x30
[   30.959362]  krealloc_less_oob_helper+0xa48/0xc50
[   30.959420]  krealloc_less_oob+0x20/0x38
[   30.959467]  kunit_try_run_case+0x170/0x3f0
[   30.959525]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.959578]  kthread+0x328/0x630
[   30.959619]  ret_from_fork+0x10/0x20
[   30.959672] 
[   30.959691] Allocated by task 189:
[   30.959718]  kasan_save_stack+0x3c/0x68
[   30.959759]  kasan_save_track+0x20/0x40
[   30.959804]  kasan_save_alloc_info+0x40/0x58
[   30.959841]  __kasan_krealloc+0x118/0x178
[   30.959884]  krealloc_noprof+0x128/0x360
[   30.959922]  krealloc_less_oob_helper+0x168/0xc50
[   30.959978]  krealloc_less_oob+0x20/0x38
[   30.960015]  kunit_try_run_case+0x170/0x3f0
[   30.960062]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.960105]  kthread+0x328/0x630
[   30.960137]  ret_from_fork+0x10/0x20
[   30.960171] 
[   30.960190] The buggy address belongs to the object at fff00000c91e0400
[   30.960190]  which belongs to the cache kmalloc-256 of size 256
[   30.960665] The buggy address is located 0 bytes to the right of
[   30.960665]  allocated 201-byte region [fff00000c91e0400, fff00000c91e04c9)
[   30.960768] 
[   30.960790] The buggy address belongs to the physical page:
[   30.960859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.960916] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.961066] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.961194] page_type: f5(slab)
[   30.961244] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.961415] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.961517] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.961577] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.961639] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.961688] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.961751] page dumped because: kasan: bad access detected
[   30.961781] 
[   30.961798] Memory state around the buggy address:
[   30.961829]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.961981]  fff00000c91e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.962064] >fff00000c91e0480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.962127]                                               ^
[   30.962188]  fff00000c91e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.962263]  fff00000c91e0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.962323] ==================================================================
[   30.978698] ==================================================================
[   30.978864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.978920] Write of size 1 at addr fff00000c91e04eb by task kunit_try_catch/189
[   30.979122] 
[   30.979219] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.979313] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.979410] Hardware name: linux,dummy-virt (DT)
[   30.979479] Call trace:
[   30.979508]  show_stack+0x20/0x38 (C)
[   30.979558]  dump_stack_lvl+0x8c/0xd0
[   30.979613]  print_report+0x118/0x5d0
[   30.979660]  kasan_report+0xdc/0x128
[   30.979714]  __asan_report_store1_noabort+0x20/0x30
[   30.979770]  krealloc_less_oob_helper+0xa58/0xc50
[   30.979904]  krealloc_less_oob+0x20/0x38
[   30.979958]  kunit_try_run_case+0x170/0x3f0
[   30.980006]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.980120]  kthread+0x328/0x630
[   30.980182]  ret_from_fork+0x10/0x20
[   30.980305] 
[   30.980366] Allocated by task 189:
[   30.980396]  kasan_save_stack+0x3c/0x68
[   30.980569]  kasan_save_track+0x20/0x40
[   30.980735]  kasan_save_alloc_info+0x40/0x58
[   30.980891]  __kasan_krealloc+0x118/0x178
[   30.980972]  krealloc_noprof+0x128/0x360
[   30.981046]  krealloc_less_oob_helper+0x168/0xc50
[   30.981129]  krealloc_less_oob+0x20/0x38
[   30.981186]  kunit_try_run_case+0x170/0x3f0
[   30.981235]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.981279]  kthread+0x328/0x630
[   30.981310]  ret_from_fork+0x10/0x20
[   30.981347] 
[   30.981366] The buggy address belongs to the object at fff00000c91e0400
[   30.981366]  which belongs to the cache kmalloc-256 of size 256
[   30.981422] The buggy address is located 34 bytes to the right of
[   30.981422]  allocated 201-byte region [fff00000c91e0400, fff00000c91e04c9)
[   30.981483] 
[   30.981503] The buggy address belongs to the physical page:
[   30.981532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.981914] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.981983] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.982071] page_type: f5(slab)
[   30.982160] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.982235] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.982334] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.982381] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.982450] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.982628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.982690] page dumped because: kasan: bad access detected
[   30.982787] 
[   30.982839] Memory state around the buggy address:
[   30.982972]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.983017]  fff00000c91e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.983064] >fff00000c91e0480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.983122]                                                           ^
[   30.983361]  fff00000c91e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.983482]  fff00000c91e0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.983585] ==================================================================
[   31.052816] ==================================================================
[   31.052861] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.053283] Write of size 1 at addr fff00000c9a2a0eb by task kunit_try_catch/193
[   31.053562] 
[   31.053802] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.054307] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.054350] Hardware name: linux,dummy-virt (DT)
[   31.054381] Call trace:
[   31.054416]  show_stack+0x20/0x38 (C)
[   31.054568]  dump_stack_lvl+0x8c/0xd0
[   31.054842]  print_report+0x118/0x5d0
[   31.054899]  kasan_report+0xdc/0x128
[   31.055283]  __asan_report_store1_noabort+0x20/0x30
[   31.055379]  krealloc_less_oob_helper+0xa58/0xc50
[   31.055428]  krealloc_large_less_oob+0x20/0x38
[   31.055475]  kunit_try_run_case+0x170/0x3f0
[   31.055522]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.055575]  kthread+0x328/0x630
[   31.055617]  ret_from_fork+0x10/0x20
[   31.055663] 
[   31.055682] The buggy address belongs to the physical page:
[   31.056494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.056634] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.056907] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.057157] page_type: f8(unknown)
[   31.057201] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.057322] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.057370] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.057416] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.057463] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.057549] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.057648] page dumped because: kasan: bad access detected
[   31.057679] 
[   31.057739] Memory state around the buggy address:
[   31.057800]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.058153]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.058482] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.058531]                                                           ^
[   31.058654]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.058946]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.058983] ==================================================================
[   31.044595] ==================================================================
[   31.044642] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.044690] Write of size 1 at addr fff00000c9a2a0ea by task kunit_try_catch/193
[   31.044739] 
[   31.044767] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.044848] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.044873] Hardware name: linux,dummy-virt (DT)
[   31.045005] Call trace:
[   31.045176]  show_stack+0x20/0x38 (C)
[   31.045875]  dump_stack_lvl+0x8c/0xd0
[   31.046086]  print_report+0x118/0x5d0
[   31.046174]  kasan_report+0xdc/0x128
[   31.046231]  __asan_report_store1_noabort+0x20/0x30
[   31.046279]  krealloc_less_oob_helper+0xae4/0xc50
[   31.046568]  krealloc_large_less_oob+0x20/0x38
[   31.046739]  kunit_try_run_case+0x170/0x3f0
[   31.046909]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.047309]  kthread+0x328/0x630
[   31.047622]  ret_from_fork+0x10/0x20
[   31.047948] 
[   31.047977] The buggy address belongs to the physical page:
[   31.048068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.048397] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.048604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.049100] page_type: f8(unknown)
[   31.049152] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.049310] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.049362] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.049747] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.049911] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.050007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.050052] page dumped because: kasan: bad access detected
[   31.050083] 
[   31.050528] Memory state around the buggy address:
[   31.050579]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.050624]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.050665] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.050701]                                                           ^
[   31.051476]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.051754]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.052132] ==================================================================
[   30.974536] ==================================================================
[   30.974773] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.974831] Write of size 1 at addr fff00000c91e04ea by task kunit_try_catch/189
[   30.974899] 
[   30.974937] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.975029] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.975056] Hardware name: linux,dummy-virt (DT)
[   30.975085] Call trace:
[   30.975115]  show_stack+0x20/0x38 (C)
[   30.975164]  dump_stack_lvl+0x8c/0xd0
[   30.975221]  print_report+0x118/0x5d0
[   30.975357]  kasan_report+0xdc/0x128
[   30.975510]  __asan_report_store1_noabort+0x20/0x30
[   30.975637]  krealloc_less_oob_helper+0xae4/0xc50
[   30.975707]  krealloc_less_oob+0x20/0x38
[   30.975754]  kunit_try_run_case+0x170/0x3f0
[   30.975819]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.975873]  kthread+0x328/0x630
[   30.975923]  ret_from_fork+0x10/0x20
[   30.975970] 
[   30.975988] Allocated by task 189:
[   30.976021]  kasan_save_stack+0x3c/0x68
[   30.976143]  kasan_save_track+0x20/0x40
[   30.976188]  kasan_save_alloc_info+0x40/0x58
[   30.976235]  __kasan_krealloc+0x118/0x178
[   30.976273]  krealloc_noprof+0x128/0x360
[   30.976310]  krealloc_less_oob_helper+0x168/0xc50
[   30.976348]  krealloc_less_oob+0x20/0x38
[   30.976384]  kunit_try_run_case+0x170/0x3f0
[   30.976421]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.976592]  kthread+0x328/0x630
[   30.976708]  ret_from_fork+0x10/0x20
[   30.976783] 
[   30.976848] The buggy address belongs to the object at fff00000c91e0400
[   30.976848]  which belongs to the cache kmalloc-256 of size 256
[   30.976928] The buggy address is located 33 bytes to the right of
[   30.976928]  allocated 201-byte region [fff00000c91e0400, fff00000c91e04c9)
[   30.977011] 
[   30.977031] The buggy address belongs to the physical page:
[   30.977061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.977115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.977161] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.977574] page_type: f5(slab)
[   30.977645] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.977729] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.977835] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.977882] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.977930] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.977983] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.978041] page dumped because: kasan: bad access detected
[   30.978076] 
[   30.978118] Memory state around the buggy address:
[   30.978150]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.978199]  fff00000c91e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.978250] >fff00000c91e0480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.978287]                                                           ^
[   30.978323]  fff00000c91e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.978373]  fff00000c91e0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.978409] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadI5o4clKZiIYYjTSUQR6tPrp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadI5o4clKZiIYYjTSUQR6tPrp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/Image.gz
sha256sum	1ceb4687a4dcb5a790d42769a050e5ac78ce871667067fed7f3e7960550875ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/modules.tar.xz
sha256sum	3f48606753fbd3c6f5640d868ed22ac5af7831da8fafeb95bd8b8818bbdbc1a9

durations

tests

boot	0
kunit	170.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.126705] ==================================================================
[   23.127289] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.127622] Write of size 1 at addr ffff888100a236eb by task kunit_try_catch/206
[   23.128041] 
[   23.128130] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.128179] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.128191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.128212] Call Trace:
[   23.128232]  <TASK>
[   23.128264]  dump_stack_lvl+0x73/0xb0
[   23.128296]  print_report+0xd1/0x610
[   23.128318]  ? __virt_addr_valid+0x1db/0x2d0
[   23.128342]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.128368]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.128397]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.128421]  kasan_report+0x141/0x180
[   23.128444]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.128474]  __asan_report_store1_noabort+0x1b/0x30
[   23.128500]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.128527]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.128552]  ? finish_task_switch.isra.0+0x153/0x700
[   23.128574]  ? __switch_to+0x47/0xf50
[   23.128603]  ? __schedule+0x10cc/0x2b60
[   23.128631]  ? __pfx_read_tsc+0x10/0x10
[   23.128659]  krealloc_less_oob+0x1c/0x30
[   23.128682]  kunit_try_run_case+0x1a5/0x480
[   23.128704]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.128724]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.128746]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.128776]  ? __kthread_parkme+0x82/0x180
[   23.128797]  ? preempt_count_sub+0x50/0x80
[   23.128820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.128842]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.128870]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.128896]  kthread+0x337/0x6f0
[   23.128918]  ? trace_preempt_on+0x20/0xc0
[   23.128943]  ? __pfx_kthread+0x10/0x10
[   23.128965]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.128992]  ? calculate_sigpending+0x7b/0xa0
[   23.129019]  ? __pfx_kthread+0x10/0x10
[   23.129042]  ret_from_fork+0x116/0x1d0
[   23.129062]  ? __pfx_kthread+0x10/0x10
[   23.129084]  ret_from_fork_asm+0x1a/0x30
[   23.129117]  </TASK>
[   23.129129] 
[   23.136323] Allocated by task 206:
[   23.136482]  kasan_save_stack+0x45/0x70
[   23.136657]  kasan_save_track+0x18/0x40
[   23.136861]  kasan_save_alloc_info+0x3b/0x50
[   23.137046]  __kasan_krealloc+0x190/0x1f0
[   23.137178]  krealloc_noprof+0xf3/0x340
[   23.137380]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.137600]  krealloc_less_oob+0x1c/0x30
[   23.137785]  kunit_try_run_case+0x1a5/0x480
[   23.137935]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.138338]  kthread+0x337/0x6f0
[   23.138511]  ret_from_fork+0x116/0x1d0
[   23.138694]  ret_from_fork_asm+0x1a/0x30
[   23.139354] 
[   23.139458] The buggy address belongs to the object at ffff888100a23600
[   23.139458]  which belongs to the cache kmalloc-256 of size 256
[   23.139961] The buggy address is located 34 bytes to the right of
[   23.139961]  allocated 201-byte region [ffff888100a23600, ffff888100a236c9)
[   23.140476] 
[   23.140546] The buggy address belongs to the physical page:
[   23.140875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   23.141162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.141401] flags: 0x200000000000040(head|node=0|zone=2)
[   23.141573] page_type: f5(slab)
[   23.141690] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.142019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.142369] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.142789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.143111] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   23.143351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.143573] page dumped because: kasan: bad access detected
[   23.144041] 
[   23.144152] Memory state around the buggy address:
[   23.144390]  ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.144709]  ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.145493] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.145928]                                                           ^
[   23.146176]  ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.146466]  ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.146744] ==================================================================
[   23.075354] ==================================================================
[   23.075951] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.076274] Write of size 1 at addr ffff888100a236da by task kunit_try_catch/206
[   23.076544] 
[   23.076653] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.076702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.076714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.076735] Call Trace:
[   23.076756]  <TASK>
[   23.076795]  dump_stack_lvl+0x73/0xb0
[   23.076875]  print_report+0xd1/0x610
[   23.076920]  ? __virt_addr_valid+0x1db/0x2d0
[   23.076945]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.076970]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.076999]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.077024]  kasan_report+0x141/0x180
[   23.077047]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.077092]  __asan_report_store1_noabort+0x1b/0x30
[   23.077119]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.077146]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.077172]  ? finish_task_switch.isra.0+0x153/0x700
[   23.077200]  ? __switch_to+0x47/0xf50
[   23.077229]  ? __schedule+0x10cc/0x2b60
[   23.077269]  ? __pfx_read_tsc+0x10/0x10
[   23.077297]  krealloc_less_oob+0x1c/0x30
[   23.077320]  kunit_try_run_case+0x1a5/0x480
[   23.077342]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.077362]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.077384]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.077413]  ? __kthread_parkme+0x82/0x180
[   23.077434]  ? preempt_count_sub+0x50/0x80
[   23.077457]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.077479]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.077505]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.077532]  kthread+0x337/0x6f0
[   23.077553]  ? trace_preempt_on+0x20/0xc0
[   23.077580]  ? __pfx_kthread+0x10/0x10
[   23.077602]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.077629]  ? calculate_sigpending+0x7b/0xa0
[   23.077657]  ? __pfx_kthread+0x10/0x10
[   23.077680]  ret_from_fork+0x116/0x1d0
[   23.077699]  ? __pfx_kthread+0x10/0x10
[   23.077722]  ret_from_fork_asm+0x1a/0x30
[   23.077756]  </TASK>
[   23.077767] 
[   23.086052] Allocated by task 206:
[   23.086260]  kasan_save_stack+0x45/0x70
[   23.086487]  kasan_save_track+0x18/0x40
[   23.086618]  kasan_save_alloc_info+0x3b/0x50
[   23.086764]  __kasan_krealloc+0x190/0x1f0
[   23.086953]  krealloc_noprof+0xf3/0x340
[   23.087157]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.087625]  krealloc_less_oob+0x1c/0x30
[   23.087810]  kunit_try_run_case+0x1a5/0x480
[   23.088004]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.088226]  kthread+0x337/0x6f0
[   23.088504]  ret_from_fork+0x116/0x1d0
[   23.088635]  ret_from_fork_asm+0x1a/0x30
[   23.088927] 
[   23.089027] The buggy address belongs to the object at ffff888100a23600
[   23.089027]  which belongs to the cache kmalloc-256 of size 256
[   23.089459] The buggy address is located 17 bytes to the right of
[   23.089459]  allocated 201-byte region [ffff888100a23600, ffff888100a236c9)
[   23.090023] 
[   23.090120] The buggy address belongs to the physical page:
[   23.090373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   23.090618] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.090975] flags: 0x200000000000040(head|node=0|zone=2)
[   23.091258] page_type: f5(slab)
[   23.091423] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.091952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.092267] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.092602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.093051] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   23.093320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.093666] page dumped because: kasan: bad access detected
[   23.093916] 
[   23.094005] Memory state around the buggy address:
[   23.094224]  ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.094591]  ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.094957] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.095267]                                                     ^
[   23.095506]  ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.095847]  ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.096157] ==================================================================
[   23.231442] ==================================================================
[   23.232322] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.232917] Write of size 1 at addr ffff888105e160da by task kunit_try_catch/210
[   23.233268] 
[   23.233377] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.233428] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.233441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.233462] Call Trace:
[   23.233484]  <TASK>
[   23.233506]  dump_stack_lvl+0x73/0xb0
[   23.233538]  print_report+0xd1/0x610
[   23.233562]  ? __virt_addr_valid+0x1db/0x2d0
[   23.233586]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.233610]  ? kasan_addr_to_slab+0x11/0xa0
[   23.233631]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.233655]  kasan_report+0x141/0x180
[   23.233680]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.233709]  __asan_report_store1_noabort+0x1b/0x30
[   23.233737]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.234044]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.234074]  ? finish_task_switch.isra.0+0x153/0x700
[   23.234098]  ? __switch_to+0x47/0xf50
[   23.234127]  ? __schedule+0x10cc/0x2b60
[   23.234192]  ? __pfx_read_tsc+0x10/0x10
[   23.234224]  krealloc_large_less_oob+0x1c/0x30
[   23.234258]  kunit_try_run_case+0x1a5/0x480
[   23.234282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.234303]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.234324]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.234354]  ? __kthread_parkme+0x82/0x180
[   23.234375]  ? preempt_count_sub+0x50/0x80
[   23.234398]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.234420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.234446]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.234473]  kthread+0x337/0x6f0
[   23.234494]  ? trace_preempt_on+0x20/0xc0
[   23.234520]  ? __pfx_kthread+0x10/0x10
[   23.234542]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.234569]  ? calculate_sigpending+0x7b/0xa0
[   23.234596]  ? __pfx_kthread+0x10/0x10
[   23.234619]  ret_from_fork+0x116/0x1d0
[   23.234639]  ? __pfx_kthread+0x10/0x10
[   23.234661]  ret_from_fork_asm+0x1a/0x30
[   23.234695]  </TASK>
[   23.234707] 
[   23.247146] The buggy address belongs to the physical page:
[   23.247470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14
[   23.247982] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.248420] flags: 0x200000000000040(head|node=0|zone=2)
[   23.248656] page_type: f8(unknown)
[   23.249161] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.249485] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.250065] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.250416] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.250730] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff
[   23.251235] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.251554] page dumped because: kasan: bad access detected
[   23.251734] 
[   23.251799] Memory state around the buggy address:
[   23.251951]  ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.252611]  ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.252957] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.253303]                                                     ^
[   23.253486]  ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.253691]  ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.253894] ==================================================================
[   23.054218] ==================================================================
[   23.054496] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.054786] Write of size 1 at addr ffff888100a236d0 by task kunit_try_catch/206
[   23.055178] 
[   23.055273] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.055324] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.055335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.055356] Call Trace:
[   23.055370]  <TASK>
[   23.055459]  dump_stack_lvl+0x73/0xb0
[   23.055492]  print_report+0xd1/0x610
[   23.055516]  ? __virt_addr_valid+0x1db/0x2d0
[   23.055541]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.055565]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.055594]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.055619]  kasan_report+0x141/0x180
[   23.055642]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.055671]  __asan_report_store1_noabort+0x1b/0x30
[   23.055698]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.055725]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.055792]  ? finish_task_switch.isra.0+0x153/0x700
[   23.055819]  ? __switch_to+0x47/0xf50
[   23.055848]  ? __schedule+0x10cc/0x2b60
[   23.055877]  ? __pfx_read_tsc+0x10/0x10
[   23.055907]  krealloc_less_oob+0x1c/0x30
[   23.055930]  kunit_try_run_case+0x1a5/0x480
[   23.055953]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.055973]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.055995]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.056024]  ? __kthread_parkme+0x82/0x180
[   23.056045]  ? preempt_count_sub+0x50/0x80
[   23.056068]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.056090]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.056117]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.056143]  kthread+0x337/0x6f0
[   23.056164]  ? trace_preempt_on+0x20/0xc0
[   23.056189]  ? __pfx_kthread+0x10/0x10
[   23.056212]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.056252]  ? calculate_sigpending+0x7b/0xa0
[   23.056281]  ? __pfx_kthread+0x10/0x10
[   23.056304]  ret_from_fork+0x116/0x1d0
[   23.056324]  ? __pfx_kthread+0x10/0x10
[   23.056347]  ret_from_fork_asm+0x1a/0x30
[   23.056381]  </TASK>
[   23.056393] 
[   23.064313] Allocated by task 206:
[   23.064454]  kasan_save_stack+0x45/0x70
[   23.064602]  kasan_save_track+0x18/0x40
[   23.064731]  kasan_save_alloc_info+0x3b/0x50
[   23.064925]  __kasan_krealloc+0x190/0x1f0
[   23.065121]  krealloc_noprof+0xf3/0x340
[   23.065345]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.065578]  krealloc_less_oob+0x1c/0x30
[   23.065786]  kunit_try_run_case+0x1a5/0x480
[   23.066088]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.066384]  kthread+0x337/0x6f0
[   23.066537]  ret_from_fork+0x116/0x1d0
[   23.066720]  ret_from_fork_asm+0x1a/0x30
[   23.066969] 
[   23.067079] The buggy address belongs to the object at ffff888100a23600
[   23.067079]  which belongs to the cache kmalloc-256 of size 256
[   23.067444] The buggy address is located 7 bytes to the right of
[   23.067444]  allocated 201-byte region [ffff888100a23600, ffff888100a236c9)
[   23.067933] 
[   23.068028] The buggy address belongs to the physical page:
[   23.068306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   23.068842] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.069100] flags: 0x200000000000040(head|node=0|zone=2)
[   23.069294] page_type: f5(slab)
[   23.069416] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.069653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.070210] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.070771] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.071398] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   23.071742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.072216] page dumped because: kasan: bad access detected
[   23.072655] 
[   23.072783] Memory state around the buggy address:
[   23.072985]  ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.073401]  ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.073699] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.074031]                                                  ^
[   23.074307]  ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.074605]  ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.074811] ==================================================================
[   23.254233] ==================================================================
[   23.255454] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.256025] Write of size 1 at addr ffff888105e160ea by task kunit_try_catch/210
[   23.256271] 
[   23.256361] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.256411] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.256423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.256444] Call Trace:
[   23.256464]  <TASK>
[   23.256484]  dump_stack_lvl+0x73/0xb0
[   23.256515]  print_report+0xd1/0x610
[   23.256539]  ? __virt_addr_valid+0x1db/0x2d0
[   23.256564]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.256588]  ? kasan_addr_to_slab+0x11/0xa0
[   23.256608]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.257153]  kasan_report+0x141/0x180
[   23.257187]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.257226]  __asan_report_store1_noabort+0x1b/0x30
[   23.257381]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.257417]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.257444]  ? finish_task_switch.isra.0+0x153/0x700
[   23.257469]  ? __switch_to+0x47/0xf50
[   23.257499]  ? __schedule+0x10cc/0x2b60
[   23.257529]  ? __pfx_read_tsc+0x10/0x10
[   23.257557]  krealloc_large_less_oob+0x1c/0x30
[   23.257581]  kunit_try_run_case+0x1a5/0x480
[   23.257604]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.257624]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.257646]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.257676]  ? __kthread_parkme+0x82/0x180
[   23.257697]  ? preempt_count_sub+0x50/0x80
[   23.257720]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.257742]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.257769]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.257796]  kthread+0x337/0x6f0
[   23.257818]  ? trace_preempt_on+0x20/0xc0
[   23.257843]  ? __pfx_kthread+0x10/0x10
[   23.257866]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.257893]  ? calculate_sigpending+0x7b/0xa0
[   23.257920]  ? __pfx_kthread+0x10/0x10
[   23.257944]  ret_from_fork+0x116/0x1d0
[   23.257963]  ? __pfx_kthread+0x10/0x10
[   23.257986]  ret_from_fork_asm+0x1a/0x30
[   23.258021]  </TASK>
[   23.258033] 
[   23.268992] The buggy address belongs to the physical page:
[   23.269220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14
[   23.269530] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.270069] flags: 0x200000000000040(head|node=0|zone=2)
[   23.270336] page_type: f8(unknown)
[   23.270492] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.270876] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.271172] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.271528] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.271907] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff
[   23.272215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.272520] page dumped because: kasan: bad access detected
[   23.272739] 
[   23.273018] Memory state around the buggy address:
[   23.273182]  ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.273510]  ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.273744] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.273950]                                                           ^
[   23.274184]  ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.274501]  ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.274986] ==================================================================
[   23.096674] ==================================================================
[   23.097189] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.097523] Write of size 1 at addr ffff888100a236ea by task kunit_try_catch/206
[   23.097972] 
[   23.098087] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.098136] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.098148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.098169] Call Trace:
[   23.098187]  <TASK>
[   23.098229]  dump_stack_lvl+0x73/0xb0
[   23.098272]  print_report+0xd1/0x610
[   23.098295]  ? __virt_addr_valid+0x1db/0x2d0
[   23.098319]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.098343]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.098371]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.098416]  kasan_report+0x141/0x180
[   23.098440]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.098470]  __asan_report_store1_noabort+0x1b/0x30
[   23.098497]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.098524]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.098549]  ? finish_task_switch.isra.0+0x153/0x700
[   23.098571]  ? __switch_to+0x47/0xf50
[   23.098600]  ? __schedule+0x10cc/0x2b60
[   23.098650]  ? __pfx_read_tsc+0x10/0x10
[   23.098678]  krealloc_less_oob+0x1c/0x30
[   23.098702]  kunit_try_run_case+0x1a5/0x480
[   23.098726]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.098822]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.098846]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.098875]  ? __kthread_parkme+0x82/0x180
[   23.098896]  ? preempt_count_sub+0x50/0x80
[   23.098919]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.098941]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.098989]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.099016]  kthread+0x337/0x6f0
[   23.099038]  ? trace_preempt_on+0x20/0xc0
[   23.099063]  ? __pfx_kthread+0x10/0x10
[   23.099086]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.099113]  ? calculate_sigpending+0x7b/0xa0
[   23.099141]  ? __pfx_kthread+0x10/0x10
[   23.099164]  ret_from_fork+0x116/0x1d0
[   23.099183]  ? __pfx_kthread+0x10/0x10
[   23.099206]  ret_from_fork_asm+0x1a/0x30
[   23.099248]  </TASK>
[   23.099260] 
[   23.111622] Allocated by task 206:
[   23.111968]  kasan_save_stack+0x45/0x70
[   23.112454]  kasan_save_track+0x18/0x40
[   23.112879]  kasan_save_alloc_info+0x3b/0x50
[   23.113303]  __kasan_krealloc+0x190/0x1f0
[   23.113681]  krealloc_noprof+0xf3/0x340
[   23.114096]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.114606]  krealloc_less_oob+0x1c/0x30
[   23.115011]  kunit_try_run_case+0x1a5/0x480
[   23.115508]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.115916]  kthread+0x337/0x6f0
[   23.116152]  ret_from_fork+0x116/0x1d0
[   23.116444]  ret_from_fork_asm+0x1a/0x30
[   23.116587] 
[   23.116653] The buggy address belongs to the object at ffff888100a23600
[   23.116653]  which belongs to the cache kmalloc-256 of size 256
[   23.117948] The buggy address is located 33 bytes to the right of
[   23.117948]  allocated 201-byte region [ffff888100a23600, ffff888100a236c9)
[   23.119162] 
[   23.119417] The buggy address belongs to the physical page:
[   23.119595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   23.120092] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.120792] flags: 0x200000000000040(head|node=0|zone=2)
[   23.121296] page_type: f5(slab)
[   23.121579] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.122348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.122588] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.122835] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.123268] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   23.123555] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.123899] page dumped because: kasan: bad access detected
[   23.124098] 
[   23.124162] Memory state around the buggy address:
[   23.124395]  ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.124670]  ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.124944] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.125167]                                                           ^
[   23.125514]  ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.125781]  ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.126151] ==================================================================
[   23.026997] ==================================================================
[   23.027481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.027847] Write of size 1 at addr ffff888100a236c9 by task kunit_try_catch/206
[   23.028138] 
[   23.028234] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.028488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.028505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.028530] Call Trace:
[   23.028545]  <TASK>
[   23.028566]  dump_stack_lvl+0x73/0xb0
[   23.028602]  print_report+0xd1/0x610
[   23.028626]  ? __virt_addr_valid+0x1db/0x2d0
[   23.028654]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.028678]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.028707]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.028732]  kasan_report+0x141/0x180
[   23.028832]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.028865]  __asan_report_store1_noabort+0x1b/0x30
[   23.028892]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.028920]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.028945]  ? finish_task_switch.isra.0+0x153/0x700
[   23.028969]  ? __switch_to+0x47/0xf50
[   23.029000]  ? __schedule+0x10cc/0x2b60
[   23.029030]  ? __pfx_read_tsc+0x10/0x10
[   23.029059]  krealloc_less_oob+0x1c/0x30
[   23.029082]  kunit_try_run_case+0x1a5/0x480
[   23.029106]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.029127]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.029149]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.029178]  ? __kthread_parkme+0x82/0x180
[   23.029205]  ? preempt_count_sub+0x50/0x80
[   23.029229]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.029263]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.029290]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.029316]  kthread+0x337/0x6f0
[   23.029338]  ? trace_preempt_on+0x20/0xc0
[   23.029365]  ? __pfx_kthread+0x10/0x10
[   23.029388]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.029415]  ? calculate_sigpending+0x7b/0xa0
[   23.029445]  ? __pfx_kthread+0x10/0x10
[   23.029468]  ret_from_fork+0x116/0x1d0
[   23.029488]  ? __pfx_kthread+0x10/0x10
[   23.029510]  ret_from_fork_asm+0x1a/0x30
[   23.029545]  </TASK>
[   23.029558] 
[   23.038660] Allocated by task 206:
[   23.039517]  kasan_save_stack+0x45/0x70
[   23.039932]  kasan_save_track+0x18/0x40
[   23.040175]  kasan_save_alloc_info+0x3b/0x50
[   23.040483]  __kasan_krealloc+0x190/0x1f0
[   23.040811]  krealloc_noprof+0xf3/0x340
[   23.041057]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.041288]  krealloc_less_oob+0x1c/0x30
[   23.041468]  kunit_try_run_case+0x1a5/0x480
[   23.041651]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.042387]  kthread+0x337/0x6f0
[   23.042617]  ret_from_fork+0x116/0x1d0
[   23.042921]  ret_from_fork_asm+0x1a/0x30
[   23.043344] 
[   23.043436] The buggy address belongs to the object at ffff888100a23600
[   23.043436]  which belongs to the cache kmalloc-256 of size 256
[   23.044702] The buggy address is located 0 bytes to the right of
[   23.044702]  allocated 201-byte region [ffff888100a23600, ffff888100a236c9)
[   23.045589] 
[   23.045688] The buggy address belongs to the physical page:
[   23.046362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   23.046700] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.047070] flags: 0x200000000000040(head|node=0|zone=2)
[   23.047329] page_type: f5(slab)
[   23.047483] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.048146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.048448] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002
[   23.048749] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.049275] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   23.049577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.050072] page dumped because: kasan: bad access detected
[   23.050306] 
[   23.050388] Memory state around the buggy address:
[   23.050588]  ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.051039]  ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.051330] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.051605]                                               ^
[   23.052515]  ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.052755]  ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.053168] ==================================================================
[   23.190022] ==================================================================
[   23.190584] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.191022] Write of size 1 at addr ffff888105e160c9 by task kunit_try_catch/210
[   23.191400] 
[   23.191502] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.191560] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.191576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.191612] Call Trace:
[   23.191627]  <TASK>
[   23.191649]  dump_stack_lvl+0x73/0xb0
[   23.191684]  print_report+0xd1/0x610
[   23.191710]  ? __virt_addr_valid+0x1db/0x2d0
[   23.191740]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.191770]  ? kasan_addr_to_slab+0x11/0xa0
[   23.191793]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.191823]  kasan_report+0x141/0x180
[   23.191847]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.191880]  __asan_report_store1_noabort+0x1b/0x30
[   23.191910]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.191959]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.191988]  ? finish_task_switch.isra.0+0x153/0x700
[   23.192016]  ? __switch_to+0x47/0xf50
[   23.192048]  ? __schedule+0x10cc/0x2b60
[   23.192080]  ? __pfx_read_tsc+0x10/0x10
[   23.192110]  krealloc_large_less_oob+0x1c/0x30
[   23.192137]  kunit_try_run_case+0x1a5/0x480
[   23.192164]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.192188]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.192213]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.192257]  ? __kthread_parkme+0x82/0x180
[   23.192280]  ? preempt_count_sub+0x50/0x80
[   23.192306]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.192331]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.192362]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.192394]  kthread+0x337/0x6f0
[   23.192416]  ? trace_preempt_on+0x20/0xc0
[   23.192446]  ? __pfx_kthread+0x10/0x10
[   23.192470]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.192500]  ? calculate_sigpending+0x7b/0xa0
[   23.192531]  ? __pfx_kthread+0x10/0x10
[   23.192556]  ret_from_fork+0x116/0x1d0
[   23.192577]  ? __pfx_kthread+0x10/0x10
[   23.192601]  ret_from_fork_asm+0x1a/0x30
[   23.192638]  </TASK>
[   23.192650] 
[   23.200566] The buggy address belongs to the physical page:
[   23.201098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14
[   23.201496] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.201810] flags: 0x200000000000040(head|node=0|zone=2)
[   23.202150] page_type: f8(unknown)
[   23.202303] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.202555] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.202890] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.203339] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.203581] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff
[   23.203852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.204197] page dumped because: kasan: bad access detected
[   23.204461] 
[   23.204564] Memory state around the buggy address:
[   23.204723]  ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.205384]  ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.205615] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.205830]                                               ^
[   23.206257]  ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.206578]  ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.206999] ==================================================================
[   23.275339] ==================================================================
[   23.275562] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.276138] Write of size 1 at addr ffff888105e160eb by task kunit_try_catch/210
[   23.276488] 
[   23.276597] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.276648] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.276660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.276681] Call Trace:
[   23.276703]  <TASK>
[   23.276724]  dump_stack_lvl+0x73/0xb0
[   23.276754]  print_report+0xd1/0x610
[   23.276777]  ? __virt_addr_valid+0x1db/0x2d0
[   23.276801]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.277002]  ? kasan_addr_to_slab+0x11/0xa0
[   23.277028]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.277054]  kasan_report+0x141/0x180
[   23.277077]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.277106]  __asan_report_store1_noabort+0x1b/0x30
[   23.277133]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.277159]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.277184]  ? finish_task_switch.isra.0+0x153/0x700
[   23.277214]  ? __switch_to+0x47/0xf50
[   23.277258]  ? __schedule+0x10cc/0x2b60
[   23.277288]  ? __pfx_read_tsc+0x10/0x10
[   23.277317]  krealloc_large_less_oob+0x1c/0x30
[   23.277342]  kunit_try_run_case+0x1a5/0x480
[   23.277366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.277386]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.277408]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.277436]  ? __kthread_parkme+0x82/0x180
[   23.277456]  ? preempt_count_sub+0x50/0x80
[   23.277479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.277501]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.277527]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.277554]  kthread+0x337/0x6f0
[   23.277575]  ? trace_preempt_on+0x20/0xc0
[   23.277600]  ? __pfx_kthread+0x10/0x10
[   23.277623]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.277649]  ? calculate_sigpending+0x7b/0xa0
[   23.277675]  ? __pfx_kthread+0x10/0x10
[   23.277699]  ret_from_fork+0x116/0x1d0
[   23.277718]  ? __pfx_kthread+0x10/0x10
[   23.277740]  ret_from_fork_asm+0x1a/0x30
[   23.277837]  </TASK>
[   23.277849] 
[   23.285158] The buggy address belongs to the physical page:
[   23.285426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14
[   23.285853] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.286189] flags: 0x200000000000040(head|node=0|zone=2)
[   23.286449] page_type: f8(unknown)
[   23.286619] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.287082] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.287332] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.287662] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.287986] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff
[   23.288210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.289021] page dumped because: kasan: bad access detected
[   23.289265] 
[   23.289345] Memory state around the buggy address:
[   23.289553]  ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.289776]  ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.290086] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.290440]                                                           ^
[   23.290668]  ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.290960]  ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.291164] ==================================================================
[   23.207463] ==================================================================
[   23.207868] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.208166] Write of size 1 at addr ffff888105e160d0 by task kunit_try_catch/210
[   23.208406] 
[   23.208519] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.208584] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.208598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.208631] Call Trace:
[   23.208650]  <TASK>
[   23.208670]  dump_stack_lvl+0x73/0xb0
[   23.208702]  print_report+0xd1/0x610
[   23.208725]  ? __virt_addr_valid+0x1db/0x2d0
[   23.208749]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.208774]  ? kasan_addr_to_slab+0x11/0xa0
[   23.208794]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.208819]  kasan_report+0x141/0x180
[   23.208842]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.208872]  __asan_report_store1_noabort+0x1b/0x30
[   23.208899]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.208926]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.208951]  ? finish_task_switch.isra.0+0x153/0x700
[   23.208973]  ? __switch_to+0x47/0xf50
[   23.209002]  ? __schedule+0x10cc/0x2b60
[   23.209031]  ? __pfx_read_tsc+0x10/0x10
[   23.209060]  krealloc_large_less_oob+0x1c/0x30
[   23.209085]  kunit_try_run_case+0x1a5/0x480
[   23.209108]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.209128]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.209150]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.209178]  ? __kthread_parkme+0x82/0x180
[   23.209205]  ? preempt_count_sub+0x50/0x80
[   23.209228]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.209261]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.209287]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.209314]  kthread+0x337/0x6f0
[   23.209335]  ? trace_preempt_on+0x20/0xc0
[   23.209361]  ? __pfx_kthread+0x10/0x10
[   23.209383]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.209410]  ? calculate_sigpending+0x7b/0xa0
[   23.209437]  ? __pfx_kthread+0x10/0x10
[   23.209460]  ret_from_fork+0x116/0x1d0
[   23.209480]  ? __pfx_kthread+0x10/0x10
[   23.209502]  ret_from_fork_asm+0x1a/0x30
[   23.209537]  </TASK>
[   23.209548] 
[   23.221267] The buggy address belongs to the physical page:
[   23.221560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14
[   23.221960] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.222526] flags: 0x200000000000040(head|node=0|zone=2)
[   23.222982] page_type: f8(unknown)
[   23.223164] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.223492] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.224111] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.224633] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.225183] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff
[   23.225689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.226459] page dumped because: kasan: bad access detected
[   23.227207] 
[   23.227398] Memory state around the buggy address:
[   23.227611]  ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.228347]  ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.228822] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.229112]                                                  ^
[   23.229369]  ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.229653]  ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.230433] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadJ2rDp4QF2EanzdxmWx6xbyw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadJ2rDp4QF2EanzdxmWx6xbyw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/bzImage
sha256sum	d2e0f1ca9d9f79d7d3d3df8bfa6136f501414ea8fca61dd648f312b7af92ba7e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/modules.tar.xz
sha256sum	ae1650227c5d0061093609bf5a55f56383843ed1e291a338f9fc46e881212983

durations

tests

boot	0
kunit	246.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit