lkft/linux-next-master - next-20250709 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   29.222346] ==================================================================
[   29.222610] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.222679] Write of size 1 at addr fff00000c9b020c9 by task kunit_try_catch/194
[   29.222825] 
[   29.222853] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.222937] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.222964] Hardware name: linux,dummy-virt (DT)
[   29.222993] Call trace:
[   29.223015]  show_stack+0x20/0x38 (C)
[   29.223074]  dump_stack_lvl+0x8c/0xd0
[   29.223122]  print_report+0x118/0x5d0
[   29.223164]  kasan_report+0xdc/0x128
[   29.223206]  __asan_report_store1_noabort+0x20/0x30
[   29.223254]  krealloc_less_oob_helper+0xa48/0xc50
[   29.223302]  krealloc_large_less_oob+0x20/0x38
[   29.223349]  kunit_try_run_case+0x170/0x3f0
[   29.223398]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.223450]  kthread+0x328/0x630
[   29.223491]  ret_from_fork+0x10/0x20
[   29.223552] 
[   29.223572] The buggy address belongs to the physical page:
[   29.223601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.223691] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.223737] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.223865] page_type: f8(unknown)
[   29.223905] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.223953] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.224002] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.224049] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.224126] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.224174] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.224336] page dumped because: kasan: bad access detected
[   29.224491] 
[   29.224515] Memory state around the buggy address:
[   29.224545]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.224694]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.224747] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.224924]                                               ^
[   29.225046]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.225153]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.225297] ==================================================================
[   29.179437] ==================================================================
[   29.179546] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.179616] Write of size 1 at addr fff00000c97e28ea by task kunit_try_catch/190
[   29.180028] 
[   29.180151] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.180299] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.180400] Hardware name: linux,dummy-virt (DT)
[   29.180487] Call trace:
[   29.180510]  show_stack+0x20/0x38 (C)
[   29.180560]  dump_stack_lvl+0x8c/0xd0
[   29.180635]  print_report+0x118/0x5d0
[   29.180678]  kasan_report+0xdc/0x128
[   29.180720]  __asan_report_store1_noabort+0x20/0x30
[   29.181039]  krealloc_less_oob_helper+0xae4/0xc50
[   29.181263]  krealloc_less_oob+0x20/0x38
[   29.181523]  kunit_try_run_case+0x170/0x3f0
[   29.181709]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.181832]  kthread+0x328/0x630
[   29.181901]  ret_from_fork+0x10/0x20
[   29.182037] 
[   29.182097] Allocated by task 190:
[   29.182127]  kasan_save_stack+0x3c/0x68
[   29.182332]  kasan_save_track+0x20/0x40
[   29.182430]  kasan_save_alloc_info+0x40/0x58
[   29.182571]  __kasan_krealloc+0x118/0x178
[   29.182616]  krealloc_noprof+0x128/0x360
[   29.182753]  krealloc_less_oob_helper+0x168/0xc50
[   29.182919]  krealloc_less_oob+0x20/0x38
[   29.183099]  kunit_try_run_case+0x170/0x3f0
[   29.183167]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.183210]  kthread+0x328/0x630
[   29.183377]  ret_from_fork+0x10/0x20
[   29.183583] 
[   29.183751] The buggy address belongs to the object at fff00000c97e2800
[   29.183751]  which belongs to the cache kmalloc-256 of size 256
[   29.183809] The buggy address is located 33 bytes to the right of
[   29.183809]  allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9)
[   29.183894] 
[   29.184069] The buggy address belongs to the physical page:
[   29.184434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.184515] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.184720] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.184846] page_type: f5(slab)
[   29.185160] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.185382] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.185578] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.185682] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.185794] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.185843] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.186028] page dumped because: kasan: bad access detected
[   29.186109] 
[   29.186188] Memory state around the buggy address:
[   29.186326]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.186574]  fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.186645] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.186916]                                                           ^
[   29.186963]  fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.187133]  fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.187274] ==================================================================
[   29.148689] ==================================================================
[   29.148893] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.148993] Write of size 1 at addr fff00000c97e28c9 by task kunit_try_catch/190
[   29.149371] 
[   29.149407] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.149544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.149571] Hardware name: linux,dummy-virt (DT)
[   29.149601] Call trace:
[   29.149630]  show_stack+0x20/0x38 (C)
[   29.149715]  dump_stack_lvl+0x8c/0xd0
[   29.149922]  print_report+0x118/0x5d0
[   29.150047]  kasan_report+0xdc/0x128
[   29.150116]  __asan_report_store1_noabort+0x20/0x30
[   29.150171]  krealloc_less_oob_helper+0xa48/0xc50
[   29.150355]  krealloc_less_oob+0x20/0x38
[   29.150401]  kunit_try_run_case+0x170/0x3f0
[   29.150457]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.150684]  kthread+0x328/0x630
[   29.150777]  ret_from_fork+0x10/0x20
[   29.150864] 
[   29.150945] Allocated by task 190:
[   29.150995]  kasan_save_stack+0x3c/0x68
[   29.151035]  kasan_save_track+0x20/0x40
[   29.151080]  kasan_save_alloc_info+0x40/0x58
[   29.151116]  __kasan_krealloc+0x118/0x178
[   29.151153]  krealloc_noprof+0x128/0x360
[   29.151190]  krealloc_less_oob_helper+0x168/0xc50
[   29.151228]  krealloc_less_oob+0x20/0x38
[   29.151264]  kunit_try_run_case+0x170/0x3f0
[   29.151486]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.151537]  kthread+0x328/0x630
[   29.151568]  ret_from_fork+0x10/0x20
[   29.152167] 
[   29.152189] The buggy address belongs to the object at fff00000c97e2800
[   29.152189]  which belongs to the cache kmalloc-256 of size 256
[   29.152244] The buggy address is located 0 bytes to the right of
[   29.152244]  allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9)
[   29.152702] 
[   29.152762] The buggy address belongs to the physical page:
[   29.152848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.152899] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.152945] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.153022] page_type: f5(slab)
[   29.153110] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.153318] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.153433] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.153558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.153689] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.153736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.153775] page dumped because: kasan: bad access detected
[   29.153850] 
[   29.153890] Memory state around the buggy address:
[   29.153920]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.154399]  fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.154561] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.154598]                                               ^
[   29.154639]  fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.154678]  fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.154714] ==================================================================
[   29.155862] ==================================================================
[   29.156247] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.156306] Write of size 1 at addr fff00000c97e28d0 by task kunit_try_catch/190
[   29.156533] 
[   29.156725] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.156890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.156916] Hardware name: linux,dummy-virt (DT)
[   29.156946] Call trace:
[   29.157011]  show_stack+0x20/0x38 (C)
[   29.157238]  dump_stack_lvl+0x8c/0xd0
[   29.157317]  print_report+0x118/0x5d0
[   29.157360]  kasan_report+0xdc/0x128
[   29.157441]  __asan_report_store1_noabort+0x20/0x30
[   29.157642]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.157711]  krealloc_less_oob+0x20/0x38
[   29.157757]  kunit_try_run_case+0x170/0x3f0
[   29.157806]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.157859]  kthread+0x328/0x630
[   29.157936]  ret_from_fork+0x10/0x20
[   29.158000] 
[   29.158070] Allocated by task 190:
[   29.158097]  kasan_save_stack+0x3c/0x68
[   29.158137]  kasan_save_track+0x20/0x40
[   29.158174]  kasan_save_alloc_info+0x40/0x58
[   29.158210]  __kasan_krealloc+0x118/0x178
[   29.158247]  krealloc_noprof+0x128/0x360
[   29.158595]  krealloc_less_oob_helper+0x168/0xc50
[   29.159033]  krealloc_less_oob+0x20/0x38
[   29.159089]  kunit_try_run_case+0x170/0x3f0
[   29.159306]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.159355]  kthread+0x328/0x630
[   29.159386]  ret_from_fork+0x10/0x20
[   29.159421] 
[   29.159440] The buggy address belongs to the object at fff00000c97e2800
[   29.159440]  which belongs to the cache kmalloc-256 of size 256
[   29.159495] The buggy address is located 7 bytes to the right of
[   29.159495]  allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9)
[   29.159569] 
[   29.159587] The buggy address belongs to the physical page:
[   29.159665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.159716] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.159919] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.159984] page_type: f5(slab)
[   29.160021] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.160081] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.160130] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.160179] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.160226] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.160272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.160310] page dumped because: kasan: bad access detected
[   29.160340] 
[   29.160360] Memory state around the buggy address:
[   29.160739]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.160800]  fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.160933] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.160970]                                                  ^
[   29.161006]  fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.161535]  fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.161645] ==================================================================
[   29.227518] ==================================================================
[   29.227576] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.227660] Write of size 1 at addr fff00000c9b020da by task kunit_try_catch/194
[   29.227990] 
[   29.228017] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.228128] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.228153] Hardware name: linux,dummy-virt (DT)
[   29.228182] Call trace:
[   29.228225]  show_stack+0x20/0x38 (C)
[   29.228273]  dump_stack_lvl+0x8c/0xd0
[   29.228319]  print_report+0x118/0x5d0
[   29.228361]  kasan_report+0xdc/0x128
[   29.228403]  __asan_report_store1_noabort+0x20/0x30
[   29.228451]  krealloc_less_oob_helper+0xa80/0xc50
[   29.228499]  krealloc_large_less_oob+0x20/0x38
[   29.228546]  kunit_try_run_case+0x170/0x3f0
[   29.228679]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.228893]  kthread+0x328/0x630
[   29.228934]  ret_from_fork+0x10/0x20
[   29.229041] 
[   29.229087] The buggy address belongs to the physical page:
[   29.229116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.229166] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.229212] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.229306] page_type: f8(unknown)
[   29.229488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.229716] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.229810] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.230009] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.230462] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.230531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.230570] page dumped because: kasan: bad access detected
[   29.230600] 
[   29.230617] Memory state around the buggy address:
[   29.230647]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.230689]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.230730] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.230777]                                                     ^
[   29.230812]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.230852]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.230932] ==================================================================
[   29.188032] ==================================================================
[   29.188098] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.188147] Write of size 1 at addr fff00000c97e28eb by task kunit_try_catch/190
[   29.188195] 
[   29.188224] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.188305] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.188330] Hardware name: linux,dummy-virt (DT)
[   29.188360] Call trace:
[   29.188381]  show_stack+0x20/0x38 (C)
[   29.188427]  dump_stack_lvl+0x8c/0xd0
[   29.188472]  print_report+0x118/0x5d0
[   29.188515]  kasan_report+0xdc/0x128
[   29.188556]  __asan_report_store1_noabort+0x20/0x30
[   29.188604]  krealloc_less_oob_helper+0xa58/0xc50
[   29.188652]  krealloc_less_oob+0x20/0x38
[   29.188697]  kunit_try_run_case+0x170/0x3f0
[   29.188744]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.188796]  kthread+0x328/0x630
[   29.188837]  ret_from_fork+0x10/0x20
[   29.188882] 
[   29.188899] Allocated by task 190:
[   29.188926]  kasan_save_stack+0x3c/0x68
[   29.188966]  kasan_save_track+0x20/0x40
[   29.189003]  kasan_save_alloc_info+0x40/0x58
[   29.189038]  __kasan_krealloc+0x118/0x178
[   29.189094]  krealloc_noprof+0x128/0x360
[   29.189131]  krealloc_less_oob_helper+0x168/0xc50
[   29.189169]  krealloc_less_oob+0x20/0x38
[   29.189204]  kunit_try_run_case+0x170/0x3f0
[   29.189241]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.189283]  kthread+0x328/0x630
[   29.189314]  ret_from_fork+0x10/0x20
[   29.189348] 
[   29.189366] The buggy address belongs to the object at fff00000c97e2800
[   29.189366]  which belongs to the cache kmalloc-256 of size 256
[   29.189419] The buggy address is located 34 bytes to the right of
[   29.189419]  allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9)
[   29.189480] 
[   29.189498] The buggy address belongs to the physical page:
[   29.189527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.189576] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.189620] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.189667] page_type: f5(slab)
[   29.189703] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.189752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.189800] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.189847] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.189894] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.189941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.189979] page dumped because: kasan: bad access detected
[   29.190008] 
[   29.190026] Memory state around the buggy address:
[   29.190085]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.190130]  fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.190208] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.190264]                                                           ^
[   29.190303]  fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.190344]  fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.190381] ==================================================================
[   29.165633] ==================================================================
[   29.165688] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.165739] Write of size 1 at addr fff00000c97e28da by task kunit_try_catch/190
[   29.165788] 
[   29.165817] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.165898] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.165924] Hardware name: linux,dummy-virt (DT)
[   29.165955] Call trace:
[   29.166684]  show_stack+0x20/0x38 (C)
[   29.166996]  dump_stack_lvl+0x8c/0xd0
[   29.167224]  print_report+0x118/0x5d0
[   29.167409]  kasan_report+0xdc/0x128
[   29.167963]  __asan_report_store1_noabort+0x20/0x30
[   29.168554]  krealloc_less_oob_helper+0xa80/0xc50
[   29.169294]  krealloc_less_oob+0x20/0x38
[   29.169811]  kunit_try_run_case+0x170/0x3f0
[   29.169874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.170596]  kthread+0x328/0x630
[   29.170654]  ret_from_fork+0x10/0x20
[   29.171176] 
[   29.171521] Allocated by task 190:
[   29.171666]  kasan_save_stack+0x3c/0x68
[   29.171713]  kasan_save_track+0x20/0x40
[   29.171751]  kasan_save_alloc_info+0x40/0x58
[   29.172308]  __kasan_krealloc+0x118/0x178
[   29.172361]  krealloc_noprof+0x128/0x360
[   29.172399]  krealloc_less_oob_helper+0x168/0xc50
[   29.172438]  krealloc_less_oob+0x20/0x38
[   29.172621]  kunit_try_run_case+0x170/0x3f0
[   29.172706]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.172797]  kthread+0x328/0x630
[   29.172938]  ret_from_fork+0x10/0x20
[   29.173002] 
[   29.173203] The buggy address belongs to the object at fff00000c97e2800
[   29.173203]  which belongs to the cache kmalloc-256 of size 256
[   29.173555] The buggy address is located 17 bytes to the right of
[   29.173555]  allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9)
[   29.173880] 
[   29.174108] The buggy address belongs to the physical page:
[   29.174143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.174458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.174516] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.174941] page_type: f5(slab)
[   29.174984] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.175425] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.175531] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.175781] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.176068] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.176131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.176321] page dumped because: kasan: bad access detected
[   29.176364] 
[   29.176396] Memory state around the buggy address:
[   29.176428]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.176476]  fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.176517] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.176553]                                                     ^
[   29.177165]  fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.177214]  fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.177394] ==================================================================
[   29.236587] ==================================================================
[   29.236631] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.236679] Write of size 1 at addr fff00000c9b020eb by task kunit_try_catch/194
[   29.236738] 
[   29.236823] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.236907] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.236936] Hardware name: linux,dummy-virt (DT)
[   29.236975] Call trace:
[   29.237045]  show_stack+0x20/0x38 (C)
[   29.237110]  dump_stack_lvl+0x8c/0xd0
[   29.237162]  print_report+0x118/0x5d0
[   29.237262]  kasan_report+0xdc/0x128
[   29.237374]  __asan_report_store1_noabort+0x20/0x30
[   29.237589]  krealloc_less_oob_helper+0xa58/0xc50
[   29.237638]  krealloc_large_less_oob+0x20/0x38
[   29.237692]  kunit_try_run_case+0x170/0x3f0
[   29.237848]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.238013]  kthread+0x328/0x630
[   29.238076]  ret_from_fork+0x10/0x20
[   29.238130] 
[   29.238149] The buggy address belongs to the physical page:
[   29.238178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.238227] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.238271] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.238342] page_type: f8(unknown)
[   29.238514] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.238613] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.238680] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.238913] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.239132] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.239187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.239226] page dumped because: kasan: bad access detected
[   29.239262] 
[   29.239280] Memory state around the buggy address:
[   29.239310]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.239564]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.239606] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.239757]                                                           ^
[   29.239812]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.239852]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.239888] ==================================================================
[   29.225563] ==================================================================
[   29.225605] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.225676] Write of size 1 at addr fff00000c9b020d0 by task kunit_try_catch/194
[   29.225735] 
[   29.225762] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.225842] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.225867] Hardware name: linux,dummy-virt (DT)
[   29.225896] Call trace:
[   29.225933]  show_stack+0x20/0x38 (C)
[   29.225981]  dump_stack_lvl+0x8c/0xd0
[   29.226027]  print_report+0x118/0x5d0
[   29.226079]  kasan_report+0xdc/0x128
[   29.226131]  __asan_report_store1_noabort+0x20/0x30
[   29.226333]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.226383]  krealloc_large_less_oob+0x20/0x38
[   29.226431]  kunit_try_run_case+0x170/0x3f0
[   29.226480]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.226532]  kthread+0x328/0x630
[   29.226573]  ret_from_fork+0x10/0x20
[   29.226618] 
[   29.226636] The buggy address belongs to the physical page:
[   29.226665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.226717] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.226762] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.226809] page_type: f8(unknown)
[   29.226846] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.226895] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.226944] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.226991] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.227038] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.227096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.227134] page dumped because: kasan: bad access detected
[   29.227173] 
[   29.227191] Memory state around the buggy address:
[   29.227219]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.227259]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.227300] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.227347]                                                  ^
[   29.227381]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.227433]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.227469] ==================================================================
[   29.232293] ==================================================================
[   29.232339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.232389] Write of size 1 at addr fff00000c9b020ea by task kunit_try_catch/194
[   29.232452] 
[   29.232571] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.232900] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.232927] Hardware name: linux,dummy-virt (DT)
[   29.232956] Call trace:
[   29.232978]  show_stack+0x20/0x38 (C)
[   29.233026]  dump_stack_lvl+0x8c/0xd0
[   29.233086]  print_report+0x118/0x5d0
[   29.233129]  kasan_report+0xdc/0x128
[   29.233171]  __asan_report_store1_noabort+0x20/0x30
[   29.233225]  krealloc_less_oob_helper+0xae4/0xc50
[   29.233456]  krealloc_large_less_oob+0x20/0x38
[   29.233528]  kunit_try_run_case+0x170/0x3f0
[   29.233681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.233812]  kthread+0x328/0x630
[   29.234005]  ret_from_fork+0x10/0x20
[   29.234060] 
[   29.234079] The buggy address belongs to the physical page:
[   29.234108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.234157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.234202] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.234250] page_type: f8(unknown)
[   29.234296] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.234380] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.234763] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.235079] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.235185] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.235307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.235346] page dumped because: kasan: bad access detected
[   29.235376] 
[   29.235393] Memory state around the buggy address:
[   29.235423]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.235616]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.235899] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.235936]                                                           ^
[   29.236017]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.236131]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.236169] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdghTlh69PR1QDjNegFtBHq55A

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdghTlh69PR1QDjNegFtBHq55A

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/Image.gz
sha256sum	9f5eee9957545548ea4e1a38f001ee4d49216581a9ba43dfa3ccfa9e44a80665

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/modules.tar.xz
sha256sum	a00a8fd80d7c3e7553673b7b34ffa080501292edf8c4877ba00c110d5f08ed8f

durations

tests

boot	0
kunit	163.99

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.022481] ==================================================================
[   24.023063] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.023400] Write of size 1 at addr ffff8881061420eb by task kunit_try_catch/212
[   24.023613] 
[   24.023689] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   24.023749] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.023762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.023781] Call Trace:
[   24.023796]  <TASK>
[   24.023812]  dump_stack_lvl+0x73/0xb0
[   24.023848]  print_report+0xd1/0x610
[   24.023870]  ? __virt_addr_valid+0x1db/0x2d0
[   24.023892]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.023915]  ? kasan_addr_to_slab+0x11/0xa0
[   24.023934]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.023957]  kasan_report+0x141/0x180
[   24.024050]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.024079]  __asan_report_store1_noabort+0x1b/0x30
[   24.024102]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.024127]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.024150]  ? finish_task_switch.isra.0+0x153/0x700
[   24.024191]  ? __switch_to+0x47/0xf80
[   24.024217]  ? __schedule+0x10cc/0x2b60
[   24.024240]  ? __pfx_read_tsc+0x10/0x10
[   24.024264]  krealloc_large_less_oob+0x1c/0x30
[   24.024285]  kunit_try_run_case+0x1a5/0x480
[   24.024307]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.024327]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.024368]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.024391]  ? __kthread_parkme+0x82/0x180
[   24.024411]  ? preempt_count_sub+0x50/0x80
[   24.024433]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.024454]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.024479]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.024508]  kthread+0x337/0x6f0
[   24.024542]  ? trace_preempt_on+0x20/0xc0
[   24.024564]  ? __pfx_kthread+0x10/0x10
[   24.024585]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.024606]  ? calculate_sigpending+0x7b/0xa0
[   24.024629]  ? __pfx_kthread+0x10/0x10
[   24.024650]  ret_from_fork+0x116/0x1d0
[   24.024668]  ? __pfx_kthread+0x10/0x10
[   24.024688]  ret_from_fork_asm+0x1a/0x30
[   24.024727]  </TASK>
[   24.024739] 
[   24.033430] The buggy address belongs to the physical page:
[   24.033623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140
[   24.033903] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.034274] flags: 0x200000000000040(head|node=0|zone=2)
[   24.034721] page_type: f8(unknown)
[   24.034987] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.035416] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.035748] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.036166] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.036464] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff
[   24.036763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.037108] page dumped because: kasan: bad access detected
[   24.037274] 
[   24.037463] Memory state around the buggy address:
[   24.037729]  ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.037970]  ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.038200] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.038708]                                                           ^
[   24.038940]  ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.039146]  ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.040005] ==================================================================
[   23.947997] ==================================================================
[   23.948638] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.949075] Write of size 1 at addr ffff8881061420c9 by task kunit_try_catch/212
[   23.949524] 
[   23.949789] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.949859] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.949988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.950012] Call Trace:
[   23.950027]  <TASK>
[   23.950056]  dump_stack_lvl+0x73/0xb0
[   23.950090]  print_report+0xd1/0x610
[   23.950112]  ? __virt_addr_valid+0x1db/0x2d0
[   23.950137]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.950159]  ? kasan_addr_to_slab+0x11/0xa0
[   23.950179]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.950202]  kasan_report+0x141/0x180
[   23.950223]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.950249]  __asan_report_store1_noabort+0x1b/0x30
[   23.950273]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.950297]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.950320]  ? finish_task_switch.isra.0+0x153/0x700
[   23.950342]  ? __switch_to+0x47/0xf80
[   23.950369]  ? __schedule+0x10cc/0x2b60
[   23.950392]  ? __pfx_read_tsc+0x10/0x10
[   23.950416]  krealloc_large_less_oob+0x1c/0x30
[   23.950437]  kunit_try_run_case+0x1a5/0x480
[   23.950459]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.950479]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.950501]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.950525]  ? __kthread_parkme+0x82/0x180
[   23.950545]  ? preempt_count_sub+0x50/0x80
[   23.950567]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.950587]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.950611]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.950635]  kthread+0x337/0x6f0
[   23.950654]  ? trace_preempt_on+0x20/0xc0
[   23.950677]  ? __pfx_kthread+0x10/0x10
[   23.950707]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.950729]  ? calculate_sigpending+0x7b/0xa0
[   23.950753]  ? __pfx_kthread+0x10/0x10
[   23.950789]  ret_from_fork+0x116/0x1d0
[   23.950807]  ? __pfx_kthread+0x10/0x10
[   23.950827]  ret_from_fork_asm+0x1a/0x30
[   23.950858]  </TASK>
[   23.950870] 
[   23.961403] The buggy address belongs to the physical page:
[   23.961786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140
[   23.962329] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.962730] flags: 0x200000000000040(head|node=0|zone=2)
[   23.963354] page_type: f8(unknown)
[   23.963518] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.964102] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.964393] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.964777] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.965296] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff
[   23.965623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.966141] page dumped because: kasan: bad access detected
[   23.966485] 
[   23.966586] Memory state around the buggy address:
[   23.967152]  ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.967443]  ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.967760] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.968443]                                               ^
[   23.968638]  ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.969213]  ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.969587] ==================================================================
[   23.806013] ==================================================================
[   23.806318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.806609] Write of size 1 at addr ffff888104e2c8d0 by task kunit_try_catch/208
[   23.807258] 
[   23.807369] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.807420] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.807433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.807453] Call Trace:
[   23.807471]  <TASK>
[   23.807490]  dump_stack_lvl+0x73/0xb0
[   23.807520]  print_report+0xd1/0x610
[   23.807542]  ? __virt_addr_valid+0x1db/0x2d0
[   23.807566]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.807588]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.807613]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.807636]  kasan_report+0x141/0x180
[   23.807656]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.807683]  __asan_report_store1_noabort+0x1b/0x30
[   23.807719]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.807744]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.807766]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.807796]  ? __pfx_krealloc_less_oob+0x10/0x10
[   23.807825]  krealloc_less_oob+0x1c/0x30
[   23.807845]  kunit_try_run_case+0x1a5/0x480
[   23.807866]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.807885]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.807908]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.807931]  ? __kthread_parkme+0x82/0x180
[   23.807951]  ? preempt_count_sub+0x50/0x80
[   23.807974]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.807995]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.808019]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.808043]  kthread+0x337/0x6f0
[   23.808062]  ? trace_preempt_on+0x20/0xc0
[   23.808085]  ? __pfx_kthread+0x10/0x10
[   23.808106]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.808275]  ? calculate_sigpending+0x7b/0xa0
[   23.808299]  ? __pfx_kthread+0x10/0x10
[   23.808321]  ret_from_fork+0x116/0x1d0
[   23.808340]  ? __pfx_kthread+0x10/0x10
[   23.808361]  ret_from_fork_asm+0x1a/0x30
[   23.808391]  </TASK>
[   23.808402] 
[   23.815952] Allocated by task 208:
[   23.816119]  kasan_save_stack+0x45/0x70
[   23.816292]  kasan_save_track+0x18/0x40
[   23.816420]  kasan_save_alloc_info+0x3b/0x50
[   23.816561]  __kasan_krealloc+0x190/0x1f0
[   23.816703]  krealloc_noprof+0xf3/0x340
[   23.816887]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.817221]  krealloc_less_oob+0x1c/0x30
[   23.817404]  kunit_try_run_case+0x1a5/0x480
[   23.817619]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.817854]  kthread+0x337/0x6f0
[   23.817968]  ret_from_fork+0x116/0x1d0
[   23.818093]  ret_from_fork_asm+0x1a/0x30
[   23.818298] 
[   23.818389] The buggy address belongs to the object at ffff888104e2c800
[   23.818389]  which belongs to the cache kmalloc-256 of size 256
[   23.818929] The buggy address is located 7 bytes to the right of
[   23.818929]  allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9)
[   23.819471] 
[   23.819562] The buggy address belongs to the physical page:
[   23.819799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c
[   23.820110] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.820587] flags: 0x200000000000040(head|node=0|zone=2)
[   23.820841] page_type: f5(slab)
[   23.820993] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.821443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.821821] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.822164] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.822459] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff
[   23.822684] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.822916] page dumped because: kasan: bad access detected
[   23.823080] 
[   23.823143] Memory state around the buggy address:
[   23.823290]  ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.823564]  ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.823885] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.824190]                                                  ^
[   23.824496]  ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.824877]  ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.825326] ==================================================================
[   23.825794] ==================================================================
[   23.826473] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.826811] Write of size 1 at addr ffff888104e2c8da by task kunit_try_catch/208
[   23.828675] 
[   23.828834] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.828928] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.828945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.828965] Call Trace:
[   23.828982]  <TASK>
[   23.829000]  dump_stack_lvl+0x73/0xb0
[   23.829032]  print_report+0xd1/0x610
[   23.829053]  ? __virt_addr_valid+0x1db/0x2d0
[   23.829076]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.829098]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.829123]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.829145]  kasan_report+0x141/0x180
[   23.829166]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.829193]  __asan_report_store1_noabort+0x1b/0x30
[   23.829216]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.829240]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.829262]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.829291]  ? __pfx_krealloc_less_oob+0x10/0x10
[   23.829316]  krealloc_less_oob+0x1c/0x30
[   23.829337]  kunit_try_run_case+0x1a5/0x480
[   23.829358]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.829377]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.829400]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.829424]  ? __kthread_parkme+0x82/0x180
[   23.829444]  ? preempt_count_sub+0x50/0x80
[   23.829467]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.829488]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.829513]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.829537]  kthread+0x337/0x6f0
[   23.829556]  ? trace_preempt_on+0x20/0xc0
[   23.829579]  ? __pfx_kthread+0x10/0x10
[   23.829599]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.829620]  ? calculate_sigpending+0x7b/0xa0
[   23.829643]  ? __pfx_kthread+0x10/0x10
[   23.829664]  ret_from_fork+0x116/0x1d0
[   23.829682]  ? __pfx_kthread+0x10/0x10
[   23.829714]  ret_from_fork_asm+0x1a/0x30
[   23.829747]  </TASK>
[   23.829758] 
[   23.839941] Allocated by task 208:
[   23.840144]  kasan_save_stack+0x45/0x70
[   23.840512]  kasan_save_track+0x18/0x40
[   23.840681]  kasan_save_alloc_info+0x3b/0x50
[   23.841090]  __kasan_krealloc+0x190/0x1f0
[   23.841362]  krealloc_noprof+0xf3/0x340
[   23.841512]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.841831]  krealloc_less_oob+0x1c/0x30
[   23.842042]  kunit_try_run_case+0x1a5/0x480
[   23.842387]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.842726]  kthread+0x337/0x6f0
[   23.842876]  ret_from_fork+0x116/0x1d0
[   23.843136]  ret_from_fork_asm+0x1a/0x30
[   23.843537] 
[   23.843612] The buggy address belongs to the object at ffff888104e2c800
[   23.843612]  which belongs to the cache kmalloc-256 of size 256
[   23.844392] The buggy address is located 17 bytes to the right of
[   23.844392]  allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9)
[   23.845080] 
[   23.845169] The buggy address belongs to the physical page:
[   23.845389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c
[   23.845718] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.846435] flags: 0x200000000000040(head|node=0|zone=2)
[   23.846643] page_type: f5(slab)
[   23.846835] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.847540] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.848054] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.848442] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.848737] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff
[   23.849215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.849593] page dumped because: kasan: bad access detected
[   23.849852] 
[   23.850098] Memory state around the buggy address:
[   23.850406]  ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.850769]  ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.851310] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.851619]                                                     ^
[   23.852249]  ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.852513]  ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.853091] ==================================================================
[   23.873764] ==================================================================
[   23.874120] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.874431] Write of size 1 at addr ffff888104e2c8eb by task kunit_try_catch/208
[   23.874717] 
[   23.874814] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.874862] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.874874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.874935] Call Trace:
[   23.874950]  <TASK>
[   23.874966]  dump_stack_lvl+0x73/0xb0
[   23.874996]  print_report+0xd1/0x610
[   23.875017]  ? __virt_addr_valid+0x1db/0x2d0
[   23.875041]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.875063]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.875089]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.875112]  kasan_report+0x141/0x180
[   23.875133]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.875162]  __asan_report_store1_noabort+0x1b/0x30
[   23.875186]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.875211]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.875233]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.875263]  ? __pfx_krealloc_less_oob+0x10/0x10
[   23.875288]  krealloc_less_oob+0x1c/0x30
[   23.875309]  kunit_try_run_case+0x1a5/0x480
[   23.875331]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.875350]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.875373]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.875395]  ? __kthread_parkme+0x82/0x180
[   23.875415]  ? preempt_count_sub+0x50/0x80
[   23.875438]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.875459]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.875483]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.875507]  kthread+0x337/0x6f0
[   23.875527]  ? trace_preempt_on+0x20/0xc0
[   23.875549]  ? __pfx_kthread+0x10/0x10
[   23.875570]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.875591]  ? calculate_sigpending+0x7b/0xa0
[   23.875613]  ? __pfx_kthread+0x10/0x10
[   23.875634]  ret_from_fork+0x116/0x1d0
[   23.875652]  ? __pfx_kthread+0x10/0x10
[   23.875673]  ret_from_fork_asm+0x1a/0x30
[   23.875715]  </TASK>
[   23.875726] 
[   23.882987] Allocated by task 208:
[   23.883139]  kasan_save_stack+0x45/0x70
[   23.883317]  kasan_save_track+0x18/0x40
[   23.883480]  kasan_save_alloc_info+0x3b/0x50
[   23.883645]  __kasan_krealloc+0x190/0x1f0
[   23.883919]  krealloc_noprof+0xf3/0x340
[   23.884082]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.884280]  krealloc_less_oob+0x1c/0x30
[   23.884459]  kunit_try_run_case+0x1a5/0x480
[   23.884629]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.884808]  kthread+0x337/0x6f0
[   23.884925]  ret_from_fork+0x116/0x1d0
[   23.885051]  ret_from_fork_asm+0x1a/0x30
[   23.885397] 
[   23.885494] The buggy address belongs to the object at ffff888104e2c800
[   23.885494]  which belongs to the cache kmalloc-256 of size 256
[   23.886000] The buggy address is located 34 bytes to the right of
[   23.886000]  allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9)
[   23.886620] 
[   23.886727] The buggy address belongs to the physical page:
[   23.887132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c
[   23.887371] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.887589] flags: 0x200000000000040(head|node=0|zone=2)
[   23.887767] page_type: f5(slab)
[   23.887997] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.888331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.888659] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.889807] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.890475] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff
[   23.890727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.891545] page dumped because: kasan: bad access detected
[   23.892050] 
[   23.892288] Memory state around the buggy address:
[   23.892634]  ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.893213]  ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.893507] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.894079]                                                           ^
[   23.894501]  ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.895138]  ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.895428] ==================================================================
[   23.987800] ==================================================================
[   23.988330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.988619] Write of size 1 at addr ffff8881061420da by task kunit_try_catch/212
[   23.989258] 
[   23.989347] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.989394] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.989407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.989426] Call Trace:
[   23.989441]  <TASK>
[   23.989455]  dump_stack_lvl+0x73/0xb0
[   23.989484]  print_report+0xd1/0x610
[   23.989505]  ? __virt_addr_valid+0x1db/0x2d0
[   23.989527]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.989549]  ? kasan_addr_to_slab+0x11/0xa0
[   23.989569]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.989591]  kasan_report+0x141/0x180
[   23.989640]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.989668]  __asan_report_store1_noabort+0x1b/0x30
[   23.989702]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.989726]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.989749]  ? finish_task_switch.isra.0+0x153/0x700
[   23.989769]  ? __switch_to+0x47/0xf80
[   23.989801]  ? __schedule+0x10cc/0x2b60
[   23.989824]  ? __pfx_read_tsc+0x10/0x10
[   23.989848]  krealloc_large_less_oob+0x1c/0x30
[   23.989871]  kunit_try_run_case+0x1a5/0x480
[   23.989893]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.989913]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.989935]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.989959]  ? __kthread_parkme+0x82/0x180
[   23.989978]  ? preempt_count_sub+0x50/0x80
[   23.990000]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.990021]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.990045]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.990080]  kthread+0x337/0x6f0
[   23.990099]  ? trace_preempt_on+0x20/0xc0
[   23.990142]  ? __pfx_kthread+0x10/0x10
[   23.990162]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.990184]  ? calculate_sigpending+0x7b/0xa0
[   23.990207]  ? __pfx_kthread+0x10/0x10
[   23.990228]  ret_from_fork+0x116/0x1d0
[   23.990246]  ? __pfx_kthread+0x10/0x10
[   23.990266]  ret_from_fork_asm+0x1a/0x30
[   23.990297]  </TASK>
[   23.990307] 
[   23.998683] The buggy address belongs to the physical page:
[   23.998984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140
[   23.999331] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.999758] flags: 0x200000000000040(head|node=0|zone=2)
[   23.999934] page_type: f8(unknown)
[   24.000126] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.000464] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.000754] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.000975] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.001838] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff
[   24.002189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.002488] page dumped because: kasan: bad access detected
[   24.002765] 
[   24.002869] Memory state around the buggy address:
[   24.003122]  ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.003407]  ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.003613] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.003832]                                                     ^
[   24.004057]  ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.004368]  ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.004680] ==================================================================
[   24.005356] ==================================================================
[   24.005668] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.006180] Write of size 1 at addr ffff8881061420ea by task kunit_try_catch/212
[   24.006401] 
[   24.006480] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   24.006527] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.006539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.006560] Call Trace:
[   24.006602]  <TASK>
[   24.006620]  dump_stack_lvl+0x73/0xb0
[   24.006651]  print_report+0xd1/0x610
[   24.006685]  ? __virt_addr_valid+0x1db/0x2d0
[   24.006720]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.006742]  ? kasan_addr_to_slab+0x11/0xa0
[   24.006762]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.006784]  kasan_report+0x141/0x180
[   24.006805]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.006833]  __asan_report_store1_noabort+0x1b/0x30
[   24.006856]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.006953]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.006979]  ? finish_task_switch.isra.0+0x153/0x700
[   24.007000]  ? __switch_to+0x47/0xf80
[   24.007025]  ? __schedule+0x10cc/0x2b60
[   24.007047]  ? __pfx_read_tsc+0x10/0x10
[   24.007072]  krealloc_large_less_oob+0x1c/0x30
[   24.007093]  kunit_try_run_case+0x1a5/0x480
[   24.007116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.007135]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.007158]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.007181]  ? __kthread_parkme+0x82/0x180
[   24.007223]  ? preempt_count_sub+0x50/0x80
[   24.007245]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.007267]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.007291]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.007315]  kthread+0x337/0x6f0
[   24.007334]  ? trace_preempt_on+0x20/0xc0
[   24.007359]  ? __pfx_kthread+0x10/0x10
[   24.007379]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.007417]  ? calculate_sigpending+0x7b/0xa0
[   24.007441]  ? __pfx_kthread+0x10/0x10
[   24.007462]  ret_from_fork+0x116/0x1d0
[   24.007480]  ? __pfx_kthread+0x10/0x10
[   24.007500]  ret_from_fork_asm+0x1a/0x30
[   24.007530]  </TASK>
[   24.007541] 
[   24.015384] The buggy address belongs to the physical page:
[   24.015635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140
[   24.016057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.016276] flags: 0x200000000000040(head|node=0|zone=2)
[   24.016438] page_type: f8(unknown)
[   24.016618] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.016960] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.017299] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.017921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.018411] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff
[   24.018651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.019348] page dumped because: kasan: bad access detected
[   24.019691] 
[   24.019776] Memory state around the buggy address:
[   24.020044]  ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.020411]  ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.020690] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.021067]                                                           ^
[   24.021258]  ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.021533]  ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.022089] ==================================================================
[   23.970163] ==================================================================
[   23.970393] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.971177] Write of size 1 at addr ffff8881061420d0 by task kunit_try_catch/212
[   23.972115] 
[   23.972226] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.972275] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.972288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.972307] Call Trace:
[   23.972322]  <TASK>
[   23.972339]  dump_stack_lvl+0x73/0xb0
[   23.972370]  print_report+0xd1/0x610
[   23.972392]  ? __virt_addr_valid+0x1db/0x2d0
[   23.972414]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.972437]  ? kasan_addr_to_slab+0x11/0xa0
[   23.972456]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.972478]  kasan_report+0x141/0x180
[   23.972499]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.972526]  __asan_report_store1_noabort+0x1b/0x30
[   23.972549]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.972574]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.972597]  ? finish_task_switch.isra.0+0x153/0x700
[   23.972617]  ? __switch_to+0x47/0xf80
[   23.972643]  ? __schedule+0x10cc/0x2b60
[   23.972666]  ? __pfx_read_tsc+0x10/0x10
[   23.972691]  krealloc_large_less_oob+0x1c/0x30
[   23.972727]  kunit_try_run_case+0x1a5/0x480
[   23.972749]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.972769]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.972791]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.972837]  ? __kthread_parkme+0x82/0x180
[   23.972857]  ? preempt_count_sub+0x50/0x80
[   23.972879]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.972900]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.972924]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.972948]  kthread+0x337/0x6f0
[   23.973034]  ? trace_preempt_on+0x20/0xc0
[   23.973058]  ? __pfx_kthread+0x10/0x10
[   23.973078]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.973100]  ? calculate_sigpending+0x7b/0xa0
[   23.973122]  ? __pfx_kthread+0x10/0x10
[   23.973143]  ret_from_fork+0x116/0x1d0
[   23.973162]  ? __pfx_kthread+0x10/0x10
[   23.973182]  ret_from_fork_asm+0x1a/0x30
[   23.973211]  </TASK>
[   23.973222] 
[   23.981237] The buggy address belongs to the physical page:
[   23.981489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140
[   23.981764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.982080] flags: 0x200000000000040(head|node=0|zone=2)
[   23.982354] page_type: f8(unknown)
[   23.982473] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.982753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.983162] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.983427] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.983712] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff
[   23.984490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.985083] page dumped because: kasan: bad access detected
[   23.985281] 
[   23.985355] Memory state around the buggy address:
[   23.985591]  ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.986040]  ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.986317] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.986589]                                                  ^
[   23.986969]  ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.987193]  ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.987519] ==================================================================
[   23.853714] ==================================================================
[   23.854165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.854665] Write of size 1 at addr ffff888104e2c8ea by task kunit_try_catch/208
[   23.855117] 
[   23.855214] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.855263] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.855276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.855296] Call Trace:
[   23.855313]  <TASK>
[   23.855330]  dump_stack_lvl+0x73/0xb0
[   23.855360]  print_report+0xd1/0x610
[   23.855381]  ? __virt_addr_valid+0x1db/0x2d0
[   23.855404]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.855426]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.855451]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.855473]  kasan_report+0x141/0x180
[   23.855494]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.855521]  __asan_report_store1_noabort+0x1b/0x30
[   23.855546]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.855570]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.855592]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.855621]  ? __pfx_krealloc_less_oob+0x10/0x10
[   23.855646]  krealloc_less_oob+0x1c/0x30
[   23.855667]  kunit_try_run_case+0x1a5/0x480
[   23.855688]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.855721]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.855744]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.855767]  ? __kthread_parkme+0x82/0x180
[   23.855797]  ? preempt_count_sub+0x50/0x80
[   23.855824]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.855845]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.855870]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.855943]  kthread+0x337/0x6f0
[   23.855964]  ? trace_preempt_on+0x20/0xc0
[   23.855987]  ? __pfx_kthread+0x10/0x10
[   23.856007]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.856028]  ? calculate_sigpending+0x7b/0xa0
[   23.856051]  ? __pfx_kthread+0x10/0x10
[   23.856072]  ret_from_fork+0x116/0x1d0
[   23.856090]  ? __pfx_kthread+0x10/0x10
[   23.856110]  ret_from_fork_asm+0x1a/0x30
[   23.856140]  </TASK>
[   23.856151] 
[   23.863108] Allocated by task 208:
[   23.863282]  kasan_save_stack+0x45/0x70
[   23.863473]  kasan_save_track+0x18/0x40
[   23.863871]  kasan_save_alloc_info+0x3b/0x50
[   23.864039]  __kasan_krealloc+0x190/0x1f0
[   23.864171]  krealloc_noprof+0xf3/0x340
[   23.864302]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.864743]  krealloc_less_oob+0x1c/0x30
[   23.864990]  kunit_try_run_case+0x1a5/0x480
[   23.865170]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.865570]  kthread+0x337/0x6f0
[   23.865711]  ret_from_fork+0x116/0x1d0
[   23.866092]  ret_from_fork_asm+0x1a/0x30
[   23.866265] 
[   23.866354] The buggy address belongs to the object at ffff888104e2c800
[   23.866354]  which belongs to the cache kmalloc-256 of size 256
[   23.866814] The buggy address is located 33 bytes to the right of
[   23.866814]  allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9)
[   23.867344] 
[   23.867435] The buggy address belongs to the physical page:
[   23.867660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c
[   23.868077] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.868377] flags: 0x200000000000040(head|node=0|zone=2)
[   23.868574] page_type: f5(slab)
[   23.868717] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.869060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.869316] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.869539] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.869775] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff
[   23.870054] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.870543] page dumped because: kasan: bad access detected
[   23.870834] 
[   23.870998] Memory state around the buggy address:
[   23.871227]  ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.871469]  ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.871676] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.872256]                                                           ^
[   23.872557]  ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.873005]  ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.873327] ==================================================================
[   23.786059] ==================================================================
[   23.786509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.786831] Write of size 1 at addr ffff888104e2c8c9 by task kunit_try_catch/208
[   23.787142] 
[   23.787248] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.787594] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.787608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.787629] Call Trace:
[   23.787642]  <TASK>
[   23.787661]  dump_stack_lvl+0x73/0xb0
[   23.787707]  print_report+0xd1/0x610
[   23.787729]  ? __virt_addr_valid+0x1db/0x2d0
[   23.787753]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.787775]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.787812]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.787841]  kasan_report+0x141/0x180
[   23.787862]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.788090]  __asan_report_store1_noabort+0x1b/0x30
[   23.788123]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.788149]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.788171]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.788201]  ? __pfx_krealloc_less_oob+0x10/0x10
[   23.788226]  krealloc_less_oob+0x1c/0x30
[   23.788247]  kunit_try_run_case+0x1a5/0x480
[   23.788270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.788289]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.788312]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.788336]  ? __kthread_parkme+0x82/0x180
[   23.788357]  ? preempt_count_sub+0x50/0x80
[   23.788380]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.788401]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.788425]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.788449]  kthread+0x337/0x6f0
[   23.788468]  ? trace_preempt_on+0x20/0xc0
[   23.788491]  ? __pfx_kthread+0x10/0x10
[   23.788511]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.788532]  ? calculate_sigpending+0x7b/0xa0
[   23.788555]  ? __pfx_kthread+0x10/0x10
[   23.788576]  ret_from_fork+0x116/0x1d0
[   23.788595]  ? __pfx_kthread+0x10/0x10
[   23.788614]  ret_from_fork_asm+0x1a/0x30
[   23.788644]  </TASK>
[   23.788656] 
[   23.796049] Allocated by task 208:
[   23.796190]  kasan_save_stack+0x45/0x70
[   23.796335]  kasan_save_track+0x18/0x40
[   23.796509]  kasan_save_alloc_info+0x3b/0x50
[   23.796726]  __kasan_krealloc+0x190/0x1f0
[   23.797259]  krealloc_noprof+0xf3/0x340
[   23.797460]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.797615]  krealloc_less_oob+0x1c/0x30
[   23.797855]  kunit_try_run_case+0x1a5/0x480
[   23.798044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.798328]  kthread+0x337/0x6f0
[   23.798488]  ret_from_fork+0x116/0x1d0
[   23.798627]  ret_from_fork_asm+0x1a/0x30
[   23.798842] 
[   23.798955] The buggy address belongs to the object at ffff888104e2c800
[   23.798955]  which belongs to the cache kmalloc-256 of size 256
[   23.799374] The buggy address is located 0 bytes to the right of
[   23.799374]  allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9)
[   23.799744] 
[   23.799842] The buggy address belongs to the physical page:
[   23.800107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c
[   23.800455] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.800730] flags: 0x200000000000040(head|node=0|zone=2)
[   23.801135] page_type: f5(slab)
[   23.801255] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.801479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.801870] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.802222] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.802561] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff
[   23.802881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.803180] page dumped because: kasan: bad access detected
[   23.803388] 
[   23.803474] Memory state around the buggy address:
[   23.803668]  ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.804008]  ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.804290] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.804562]                                               ^
[   23.804808]  ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.805086]  ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.805355] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdgiR4lYmFolv6VtPNpXUv6c4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdgiR4lYmFolv6VtPNpXUv6c4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/bzImage
sha256sum	f7e62367d136756fd78b141e5190ae396942c5b5fabd4fda00971c136430b59f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/modules.tar.xz
sha256sum	4b09f4cdde291b6f441ef91e7389f5ff9bff86967f27fcee3276d7367dea1cc6

durations

tests

boot	0
kunit	223.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit