lkft/linux-next-master - next-20250711 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 11, 2025, 10:11 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   40.065834] ==================================================================
[   40.072802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   40.080347] Write of size 1 at addr ffff000801b81cd0 by task kunit_try_catch/242
[   40.087725] 
[   40.089210] CPU: 2 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   40.089261] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.089275] Hardware name: WinLink E850-96 board (DT)
[   40.089296] Call trace:
[   40.089307]  show_stack+0x20/0x38 (C)
[   40.089341]  dump_stack_lvl+0x8c/0xd0
[   40.089373]  print_report+0x118/0x5d0
[   40.089401]  kasan_report+0xdc/0x128
[   40.089428]  __asan_report_store1_noabort+0x20/0x30
[   40.089461]  krealloc_less_oob_helper+0xb9c/0xc50
[   40.089494]  krealloc_less_oob+0x20/0x38
[   40.089525]  kunit_try_run_case+0x170/0x3f0
[   40.089563]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.089595]  kthread+0x328/0x630
[   40.089627]  ret_from_fork+0x10/0x20
[   40.089664] 
[   40.157776] Allocated by task 242:
[   40.161165]  kasan_save_stack+0x3c/0x68
[   40.164981]  kasan_save_track+0x20/0x40
[   40.168802]  kasan_save_alloc_info+0x40/0x58
[   40.173054]  __kasan_krealloc+0x118/0x178
[   40.177047]  krealloc_noprof+0x128/0x360
[   40.180953]  krealloc_less_oob_helper+0x168/0xc50
[   40.185640]  krealloc_less_oob+0x20/0x38
[   40.189547]  kunit_try_run_case+0x170/0x3f0
[   40.193714]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.199182]  kthread+0x328/0x630
[   40.202394]  ret_from_fork+0x10/0x20
[   40.205953] 
[   40.207430] The buggy address belongs to the object at ffff000801b81c00
[   40.207430]  which belongs to the cache kmalloc-256 of size 256
[   40.219931] The buggy address is located 7 bytes to the right of
[   40.219931]  allocated 201-byte region [ffff000801b81c00, ffff000801b81cc9)
[   40.232862] 
[   40.234340] The buggy address belongs to the physical page:
[   40.239898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b80
[   40.247881] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.255520] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.262462] page_type: f5(slab)
[   40.265600] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.273320] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.281046] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.288857] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.296670] head: 0bfffe0000000002 fffffdffe006e001 00000000ffffffff 00000000ffffffff
[   40.304482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.312288] page dumped because: kasan: bad access detected
[   40.317843] 
[   40.319319] Memory state around the buggy address:
[   40.324099]  ffff000801b81b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.331302]  ffff000801b81c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.338508] >ffff000801b81c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.345707]                                                  ^
[   40.351527]  ffff000801b81d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.358732]  ffff000801b81d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.365933] ==================================================================
[   41.768554] ==================================================================
[   41.778591] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   41.786138] Write of size 1 at addr ffff000805b420c9 by task kunit_try_catch/246
[   41.793516] 
[   41.795001] CPU: 3 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   41.795059] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.795073] Hardware name: WinLink E850-96 board (DT)
[   41.795096] Call trace:
[   41.795111]  show_stack+0x20/0x38 (C)
[   41.795147]  dump_stack_lvl+0x8c/0xd0
[   41.795180]  print_report+0x118/0x5d0
[   41.795210]  kasan_report+0xdc/0x128
[   41.795235]  __asan_report_store1_noabort+0x20/0x30
[   41.795271]  krealloc_less_oob_helper+0xa48/0xc50
[   41.795306]  krealloc_large_less_oob+0x20/0x38
[   41.795338]  kunit_try_run_case+0x170/0x3f0
[   41.795375]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.795407]  kthread+0x328/0x630
[   41.795437]  ret_from_fork+0x10/0x20
[   41.795474] 
[   41.864090] The buggy address belongs to the physical page:
[   41.869648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885b40
[   41.877631] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.885271] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.892213] page_type: f8(unknown)
[   41.895609] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.903329] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.911056] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.918867] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.926680] head: 0bfffe0000000002 fffffdffe016d001 00000000ffffffff 00000000ffffffff
[   41.934493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.942298] page dumped because: kasan: bad access detected
[   41.947853] 
[   41.949329] Memory state around the buggy address:
[   41.954110]  ffff000805b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.961312]  ffff000805b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.968520] >ffff000805b42080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   41.975717]                                               ^
[   41.981277]  ffff000805b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.988481]  ffff000805b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.995684] ==================================================================
[   42.003187] ==================================================================
[   42.010100] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   42.017645] Write of size 1 at addr ffff000805b420d0 by task kunit_try_catch/246
[   42.025023] 
[   42.026507] CPU: 5 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   42.026561] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.026577] Hardware name: WinLink E850-96 board (DT)
[   42.026597] Call trace:
[   42.026613]  show_stack+0x20/0x38 (C)
[   42.026649]  dump_stack_lvl+0x8c/0xd0
[   42.026682]  print_report+0x118/0x5d0
[   42.026711]  kasan_report+0xdc/0x128
[   42.026738]  __asan_report_store1_noabort+0x20/0x30
[   42.026771]  krealloc_less_oob_helper+0xb9c/0xc50
[   42.026806]  krealloc_large_less_oob+0x20/0x38
[   42.026838]  kunit_try_run_case+0x170/0x3f0
[   42.026878]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.026912]  kthread+0x328/0x630
[   42.026944]  ret_from_fork+0x10/0x20
[   42.026980] 
[   42.095596] The buggy address belongs to the physical page:
[   42.101154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885b40
[   42.109138] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.116777] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.123719] page_type: f8(unknown)
[   42.127116] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.134836] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.142563] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.150374] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.158187] head: 0bfffe0000000002 fffffdffe016d001 00000000ffffffff 00000000ffffffff
[   42.165999] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.173805] page dumped because: kasan: bad access detected
[   42.179360] 
[   42.180836] Memory state around the buggy address:
[   42.185618]  ffff000805b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.192819]  ffff000805b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.200027] >ffff000805b42080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.207225]                                                  ^
[   42.213044]  ffff000805b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.220249]  ffff000805b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.227450] ==================================================================
[   40.681150] ==================================================================
[   40.688244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   40.695789] Write of size 1 at addr ffff000801b81cea by task kunit_try_catch/242
[   40.703167] 
[   40.704652] CPU: 3 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   40.704702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.704717] Hardware name: WinLink E850-96 board (DT)
[   40.704736] Call trace:
[   40.704750]  show_stack+0x20/0x38 (C)
[   40.704784]  dump_stack_lvl+0x8c/0xd0
[   40.704815]  print_report+0x118/0x5d0
[   40.704842]  kasan_report+0xdc/0x128
[   40.704868]  __asan_report_store1_noabort+0x20/0x30
[   40.704899]  krealloc_less_oob_helper+0xae4/0xc50
[   40.704934]  krealloc_less_oob+0x20/0x38
[   40.704966]  kunit_try_run_case+0x170/0x3f0
[   40.705002]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.705036]  kthread+0x328/0x630
[   40.705066]  ret_from_fork+0x10/0x20
[   40.705100] 
[   40.773218] Allocated by task 242:
[   40.776605]  kasan_save_stack+0x3c/0x68
[   40.780423]  kasan_save_track+0x20/0x40
[   40.784243]  kasan_save_alloc_info+0x40/0x58
[   40.788496]  __kasan_krealloc+0x118/0x178
[   40.792489]  krealloc_noprof+0x128/0x360
[   40.796395]  krealloc_less_oob_helper+0x168/0xc50
[   40.801082]  krealloc_less_oob+0x20/0x38
[   40.804989]  kunit_try_run_case+0x170/0x3f0
[   40.809155]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.814624]  kthread+0x328/0x630
[   40.817836]  ret_from_fork+0x10/0x20
[   40.821395] 
[   40.822874] The buggy address belongs to the object at ffff000801b81c00
[   40.822874]  which belongs to the cache kmalloc-256 of size 256
[   40.835371] The buggy address is located 33 bytes to the right of
[   40.835371]  allocated 201-byte region [ffff000801b81c00, ffff000801b81cc9)
[   40.848391] 
[   40.849869] The buggy address belongs to the physical page:
[   40.855425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b80
[   40.863410] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.871048] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.877992] page_type: f5(slab)
[   40.881128] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.888848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.896575] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.904386] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.912199] head: 0bfffe0000000002 fffffdffe006e001 00000000ffffffff 00000000ffffffff
[   40.920011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.927817] page dumped because: kasan: bad access detected
[   40.933372] 
[   40.934848] Memory state around the buggy address:
[   40.939627]  ffff000801b81b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.946831]  ffff000801b81c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.954037] >ffff000801b81c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.961237]                                                           ^
[   40.967837]  ffff000801b81d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.975042]  ffff000801b81d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.982243] ==================================================================
[   42.234771] ==================================================================
[   42.241862] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   42.249412] Write of size 1 at addr ffff000805b420da by task kunit_try_catch/246
[   42.256790] 
[   42.258273] CPU: 5 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   42.258322] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.258337] Hardware name: WinLink E850-96 board (DT)
[   42.258353] Call trace:
[   42.258367]  show_stack+0x20/0x38 (C)
[   42.258401]  dump_stack_lvl+0x8c/0xd0
[   42.258433]  print_report+0x118/0x5d0
[   42.258460]  kasan_report+0xdc/0x128
[   42.258488]  __asan_report_store1_noabort+0x20/0x30
[   42.258520]  krealloc_less_oob_helper+0xa80/0xc50
[   42.258553]  krealloc_large_less_oob+0x20/0x38
[   42.258585]  kunit_try_run_case+0x170/0x3f0
[   42.258621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.258653]  kthread+0x328/0x630
[   42.258682]  ret_from_fork+0x10/0x20
[   42.258717] 
[   42.327363] The buggy address belongs to the physical page:
[   42.332920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885b40
[   42.340903] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.348544] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.355486] page_type: f8(unknown)
[   42.358882] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.366604] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.374330] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.382142] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.389955] head: 0bfffe0000000002 fffffdffe016d001 00000000ffffffff 00000000ffffffff
[   42.397767] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.405573] page dumped because: kasan: bad access detected
[   42.411128] 
[   42.412603] Memory state around the buggy address:
[   42.417383]  ffff000805b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.424586]  ffff000805b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.431793] >ffff000805b42080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.438992]                                                     ^
[   42.445072]  ffff000805b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.452277]  ffff000805b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.459478] ==================================================================
[   42.466762] ==================================================================
[   42.473890] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   42.481440] Write of size 1 at addr ffff000805b420ea by task kunit_try_catch/246
[   42.488818] 
[   42.490300] CPU: 5 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   42.490347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.490363] Hardware name: WinLink E850-96 board (DT)
[   42.490381] Call trace:
[   42.490391]  show_stack+0x20/0x38 (C)
[   42.490423]  dump_stack_lvl+0x8c/0xd0
[   42.490452]  print_report+0x118/0x5d0
[   42.490479]  kasan_report+0xdc/0x128
[   42.490505]  __asan_report_store1_noabort+0x20/0x30
[   42.490539]  krealloc_less_oob_helper+0xae4/0xc50
[   42.490573]  krealloc_large_less_oob+0x20/0x38
[   42.490605]  kunit_try_run_case+0x170/0x3f0
[   42.490643]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.490675]  kthread+0x328/0x630
[   42.490703]  ret_from_fork+0x10/0x20
[   42.490735] 
[   42.559391] The buggy address belongs to the physical page:
[   42.564947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885b40
[   42.572931] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.580572] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.587514] page_type: f8(unknown)
[   42.590909] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.598631] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.606358] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.614170] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.621982] head: 0bfffe0000000002 fffffdffe016d001 00000000ffffffff 00000000ffffffff
[   42.629794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.637600] page dumped because: kasan: bad access detected
[   42.643155] 
[   42.644631] Memory state around the buggy address:
[   42.649410]  ffff000805b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.656614]  ffff000805b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.663820] >ffff000805b42080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.671020]                                                           ^
[   42.677621]  ffff000805b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.684825]  ffff000805b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.692027] ==================================================================
[   42.699325] ==================================================================
[   42.706438] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   42.713988] Write of size 1 at addr ffff000805b420eb by task kunit_try_catch/246
[   42.721366] 
[   42.722847] CPU: 5 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   42.722893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.722908] Hardware name: WinLink E850-96 board (DT)
[   42.722925] Call trace:
[   42.722936]  show_stack+0x20/0x38 (C)
[   42.722967]  dump_stack_lvl+0x8c/0xd0
[   42.722995]  print_report+0x118/0x5d0
[   42.723021]  kasan_report+0xdc/0x128
[   42.723047]  __asan_report_store1_noabort+0x20/0x30
[   42.723080]  krealloc_less_oob_helper+0xa58/0xc50
[   42.723114]  krealloc_large_less_oob+0x20/0x38
[   42.723148]  kunit_try_run_case+0x170/0x3f0
[   42.723184]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.723215]  kthread+0x328/0x630
[   42.723241]  ret_from_fork+0x10/0x20
[   42.723271] 
[   42.791940] The buggy address belongs to the physical page:
[   42.797496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885b40
[   42.805480] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.813120] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.820063] page_type: f8(unknown)
[   42.823459] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.831180] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.838907] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.846718] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.854531] head: 0bfffe0000000002 fffffdffe016d001 00000000ffffffff 00000000ffffffff
[   42.862343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.870149] page dumped because: kasan: bad access detected
[   42.875704] 
[   42.877180] Memory state around the buggy address:
[   42.881959]  ffff000805b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.889163]  ffff000805b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.896368] >ffff000805b42080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.903568]                                                           ^
[   42.910169]  ffff000805b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.917374]  ffff000805b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.924575] ==================================================================
[   40.373322] ==================================================================
[   40.380349] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   40.387895] Write of size 1 at addr ffff000801b81cda by task kunit_try_catch/242
[   40.395273] 
[   40.396756] CPU: 3 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   40.396812] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.396826] Hardware name: WinLink E850-96 board (DT)
[   40.396847] Call trace:
[   40.396864]  show_stack+0x20/0x38 (C)
[   40.396899]  dump_stack_lvl+0x8c/0xd0
[   40.396929]  print_report+0x118/0x5d0
[   40.396955]  kasan_report+0xdc/0x128
[   40.396979]  __asan_report_store1_noabort+0x20/0x30
[   40.397012]  krealloc_less_oob_helper+0xa80/0xc50
[   40.397045]  krealloc_less_oob+0x20/0x38
[   40.397076]  kunit_try_run_case+0x170/0x3f0
[   40.397112]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.397145]  kthread+0x328/0x630
[   40.397174]  ret_from_fork+0x10/0x20
[   40.397211] 
[   40.465325] Allocated by task 242:
[   40.468712]  kasan_save_stack+0x3c/0x68
[   40.472529]  kasan_save_track+0x20/0x40
[   40.476348]  kasan_save_alloc_info+0x40/0x58
[   40.480601]  __kasan_krealloc+0x118/0x178
[   40.484594]  krealloc_noprof+0x128/0x360
[   40.488500]  krealloc_less_oob_helper+0x168/0xc50
[   40.493188]  krealloc_less_oob+0x20/0x38
[   40.497094]  kunit_try_run_case+0x170/0x3f0
[   40.501260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.506729]  kthread+0x328/0x630
[   40.509941]  ret_from_fork+0x10/0x20
[   40.513500] 
[   40.514979] The buggy address belongs to the object at ffff000801b81c00
[   40.514979]  which belongs to the cache kmalloc-256 of size 256
[   40.527476] The buggy address is located 17 bytes to the right of
[   40.527476]  allocated 201-byte region [ffff000801b81c00, ffff000801b81cc9)
[   40.540496] 
[   40.541974] The buggy address belongs to the physical page:
[   40.547531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b80
[   40.555515] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.563155] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.570098] page_type: f5(slab)
[   40.573232] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.580953] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.588680] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.596491] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.604304] head: 0bfffe0000000002 fffffdffe006e001 00000000ffffffff 00000000ffffffff
[   40.612116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.619922] page dumped because: kasan: bad access detected
[   40.625477] 
[   40.626953] Memory state around the buggy address:
[   40.631732]  ffff000801b81b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.638936]  ffff000801b81c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.646142] >ffff000801b81c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.653342]                                                     ^
[   40.659422]  ffff000801b81d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.666627]  ffff000801b81d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.673828] ==================================================================
[   40.989552] ==================================================================
[   40.996657] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   41.004205] Write of size 1 at addr ffff000801b81ceb by task kunit_try_catch/242
[   41.011583] 
[   41.013068] CPU: 3 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   41.013122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.013136] Hardware name: WinLink E850-96 board (DT)
[   41.013155] Call trace:
[   41.013169]  show_stack+0x20/0x38 (C)
[   41.013202]  dump_stack_lvl+0x8c/0xd0
[   41.013235]  print_report+0x118/0x5d0
[   41.013263]  kasan_report+0xdc/0x128
[   41.013288]  __asan_report_store1_noabort+0x20/0x30
[   41.013319]  krealloc_less_oob_helper+0xa58/0xc50
[   41.013352]  krealloc_less_oob+0x20/0x38
[   41.013384]  kunit_try_run_case+0x170/0x3f0
[   41.013423]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.013454]  kthread+0x328/0x630
[   41.013482]  ret_from_fork+0x10/0x20
[   41.013515] 
[   41.081634] Allocated by task 242:
[   41.085021]  kasan_save_stack+0x3c/0x68
[   41.088839]  kasan_save_track+0x20/0x40
[   41.092658]  kasan_save_alloc_info+0x40/0x58
[   41.096912]  __kasan_krealloc+0x118/0x178
[   41.100904]  krealloc_noprof+0x128/0x360
[   41.104811]  krealloc_less_oob_helper+0x168/0xc50
[   41.109498]  krealloc_less_oob+0x20/0x38
[   41.113404]  kunit_try_run_case+0x170/0x3f0
[   41.117571]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.123040]  kthread+0x328/0x630
[   41.126251]  ret_from_fork+0x10/0x20
[   41.129810] 
[   41.131289] The buggy address belongs to the object at ffff000801b81c00
[   41.131289]  which belongs to the cache kmalloc-256 of size 256
[   41.143789] The buggy address is located 34 bytes to the right of
[   41.143789]  allocated 201-byte region [ffff000801b81c00, ffff000801b81cc9)
[   41.156807] 
[   41.158284] The buggy address belongs to the physical page:
[   41.163840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b80
[   41.171827] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.179464] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.186407] page_type: f5(slab)
[   41.189543] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   41.197264] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   41.204990] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   41.212801] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   41.220614] head: 0bfffe0000000002 fffffdffe006e001 00000000ffffffff 00000000ffffffff
[   41.228426] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.236234] page dumped because: kasan: bad access detected
[   41.241787] 
[   41.243263] Memory state around the buggy address:
[   41.248043]  ffff000801b81b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.255246]  ffff000801b81c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.262454] >ffff000801b81c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   41.269652]                                                           ^
[   41.276253]  ffff000801b81d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.283457]  ffff000801b81d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.290659] ==================================================================
[   39.756188] ==================================================================
[   39.765512] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   39.773063] Write of size 1 at addr ffff000801b81cc9 by task kunit_try_catch/242
[   39.780441] 
[   39.781924] CPU: 2 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   39.781980] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.781995] Hardware name: WinLink E850-96 board (DT)
[   39.782017] Call trace:
[   39.782029]  show_stack+0x20/0x38 (C)
[   39.782063]  dump_stack_lvl+0x8c/0xd0
[   39.782098]  print_report+0x118/0x5d0
[   39.782129]  kasan_report+0xdc/0x128
[   39.782158]  __asan_report_store1_noabort+0x20/0x30
[   39.782193]  krealloc_less_oob_helper+0xa48/0xc50
[   39.782229]  krealloc_less_oob+0x20/0x38
[   39.782261]  kunit_try_run_case+0x170/0x3f0
[   39.782299]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.782331]  kthread+0x328/0x630
[   39.782361]  ret_from_fork+0x10/0x20
[   39.782394] 
[   39.850489] Allocated by task 242:
[   39.853878]  kasan_save_stack+0x3c/0x68
[   39.857696]  kasan_save_track+0x20/0x40
[   39.861515]  kasan_save_alloc_info+0x40/0x58
[   39.865767]  __kasan_krealloc+0x118/0x178
[   39.869761]  krealloc_noprof+0x128/0x360
[   39.873666]  krealloc_less_oob_helper+0x168/0xc50
[   39.878353]  krealloc_less_oob+0x20/0x38
[   39.882259]  kunit_try_run_case+0x170/0x3f0
[   39.886426]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.891895]  kthread+0x328/0x630
[   39.895106]  ret_from_fork+0x10/0x20
[   39.898665] 
[   39.900144] The buggy address belongs to the object at ffff000801b81c00
[   39.900144]  which belongs to the cache kmalloc-256 of size 256
[   39.912646] The buggy address is located 0 bytes to the right of
[   39.912646]  allocated 201-byte region [ffff000801b81c00, ffff000801b81cc9)
[   39.925577] 
[   39.927055] The buggy address belongs to the physical page:
[   39.932611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b80
[   39.940594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.948235] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.955178] page_type: f5(slab)
[   39.958313] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.966032] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.973760] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.981570] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.989383] head: 0bfffe0000000002 fffffdffe006e001 00000000ffffffff 00000000ffffffff
[   39.997195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.005001] page dumped because: kasan: bad access detected
[   40.010556] 
[   40.012031] Memory state around the buggy address:
[   40.016812]  ffff000801b81b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.024016]  ffff000801b81c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.031221] >ffff000801b81c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.038421]                                               ^
[   40.043979]  ffff000801b81d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.051185]  ffff000801b81d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.058386] ==================================================================

Metadata Full log Test run details

[   30.218360] ==================================================================
[   30.218410] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.218533] Write of size 1 at addr fff00000c9554aea by task kunit_try_catch/189
[   30.218920] 
[   30.218956] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.219048] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.219073] Hardware name: linux,dummy-virt (DT)
[   30.219103] Call trace:
[   30.219125]  show_stack+0x20/0x38 (C)
[   30.219175]  dump_stack_lvl+0x8c/0xd0
[   30.219219]  print_report+0x118/0x5d0
[   30.219835]  kasan_report+0xdc/0x128
[   30.219879]  __asan_report_store1_noabort+0x20/0x30
[   30.220298]  krealloc_less_oob_helper+0xae4/0xc50
[   30.220452]  krealloc_less_oob+0x20/0x38
[   30.220498]  kunit_try_run_case+0x170/0x3f0
[   30.220774]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.220884]  kthread+0x328/0x630
[   30.220935]  ret_from_fork+0x10/0x20
[   30.221084] 
[   30.221104] Allocated by task 189:
[   30.221132]  kasan_save_stack+0x3c/0x68
[   30.221172]  kasan_save_track+0x20/0x40
[   30.221443]  kasan_save_alloc_info+0x40/0x58
[   30.221485]  __kasan_krealloc+0x118/0x178
[   30.221523]  krealloc_noprof+0x128/0x360
[   30.221585]  krealloc_less_oob_helper+0x168/0xc50
[   30.221665]  krealloc_less_oob+0x20/0x38
[   30.221702]  kunit_try_run_case+0x170/0x3f0
[   30.221876]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.221917]  kthread+0x328/0x630
[   30.222269]  ret_from_fork+0x10/0x20
[   30.222315] 
[   30.222353] The buggy address belongs to the object at fff00000c9554a00
[   30.222353]  which belongs to the cache kmalloc-256 of size 256
[   30.222421] The buggy address is located 33 bytes to the right of
[   30.222421]  allocated 201-byte region [fff00000c9554a00, fff00000c9554ac9)
[   30.222538] 
[   30.222648] The buggy address belongs to the physical page:
[   30.222712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.222782] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.222884] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.222938] page_type: f5(slab)
[   30.222977] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.223090] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.223168] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.223350] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.223398] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.223444] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.223481] page dumped because: kasan: bad access detected
[   30.223511] 
[   30.223528] Memory state around the buggy address:
[   30.223758]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.224144]  fff00000c9554a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.224188] >fff00000c9554a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.224256]                                                           ^
[   30.224447]  fff00000c9554b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.224511]  fff00000c9554b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.224547] ==================================================================
[   30.282887] ==================================================================
[   30.282987] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.283059] Write of size 1 at addr fff00000c9a660eb by task kunit_try_catch/193
[   30.283120] 
[   30.283381] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.283473] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.283499] Hardware name: linux,dummy-virt (DT)
[   30.283528] Call trace:
[   30.283909]  show_stack+0x20/0x38 (C)
[   30.284035]  dump_stack_lvl+0x8c/0xd0
[   30.284081]  print_report+0x118/0x5d0
[   30.284124]  kasan_report+0xdc/0x128
[   30.284165]  __asan_report_store1_noabort+0x20/0x30
[   30.284218]  krealloc_less_oob_helper+0xa58/0xc50
[   30.284554]  krealloc_large_less_oob+0x20/0x38
[   30.284698]  kunit_try_run_case+0x170/0x3f0
[   30.285088]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.285207]  kthread+0x328/0x630
[   30.285639]  ret_from_fork+0x10/0x20
[   30.285721] 
[   30.285742] The buggy address belongs to the physical page:
[   30.285773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.285833] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.285879] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.286090] page_type: f8(unknown)
[   30.286266] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.286316] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.286376] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.286423] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.286470] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.286516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.286567] page dumped because: kasan: bad access detected
[   30.286596] 
[   30.286614] Memory state around the buggy address:
[   30.286839]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.286938]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.287048] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.287400]                                                           ^
[   30.287626]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.287677]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.288041] ==================================================================
[   30.276514] ==================================================================
[   30.276819] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.277108] Write of size 1 at addr fff00000c9a660ea by task kunit_try_catch/193
[   30.277164] 
[   30.277295] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.277640] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.277682] Hardware name: linux,dummy-virt (DT)
[   30.277712] Call trace:
[   30.277734]  show_stack+0x20/0x38 (C)
[   30.277784]  dump_stack_lvl+0x8c/0xd0
[   30.277832]  print_report+0x118/0x5d0
[   30.278098]  kasan_report+0xdc/0x128
[   30.278278]  __asan_report_store1_noabort+0x20/0x30
[   30.278339]  krealloc_less_oob_helper+0xae4/0xc50
[   30.278388]  krealloc_large_less_oob+0x20/0x38
[   30.278446]  kunit_try_run_case+0x170/0x3f0
[   30.278493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.278717]  kthread+0x328/0x630
[   30.278997]  ret_from_fork+0x10/0x20
[   30.279059] 
[   30.279109] The buggy address belongs to the physical page:
[   30.279138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.279260] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.279342] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.279393] page_type: f8(unknown)
[   30.279443] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.279492] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.279909] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.280106] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.280205] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.280305] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.280354] page dumped because: kasan: bad access detected
[   30.280384] 
[   30.280401] Memory state around the buggy address:
[   30.280441]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.280483]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.281261] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.281435]                                                           ^
[   30.281475]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.281516]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.281552] ==================================================================
[   30.271493] ==================================================================
[   30.271628] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.271805] Write of size 1 at addr fff00000c9a660da by task kunit_try_catch/193
[   30.271853] 
[   30.271880] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.271961] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.271985] Hardware name: linux,dummy-virt (DT)
[   30.272288] Call trace:
[   30.272443]  show_stack+0x20/0x38 (C)
[   30.272631]  dump_stack_lvl+0x8c/0xd0
[   30.272719]  print_report+0x118/0x5d0
[   30.272811]  kasan_report+0xdc/0x128
[   30.272914]  __asan_report_store1_noabort+0x20/0x30
[   30.272961]  krealloc_less_oob_helper+0xa80/0xc50
[   30.273015]  krealloc_large_less_oob+0x20/0x38
[   30.273206]  kunit_try_run_case+0x170/0x3f0
[   30.273277]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.273368]  kthread+0x328/0x630
[   30.273409]  ret_from_fork+0x10/0x20
[   30.274010] 
[   30.274098] The buggy address belongs to the physical page:
[   30.274152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.274206] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.274263] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.274316] page_type: f8(unknown)
[   30.274365] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.274413] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.274593] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.275077] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.275132] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.275212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.275249] page dumped because: kasan: bad access detected
[   30.275278] 
[   30.275296] Memory state around the buggy address:
[   30.275499]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.275549]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.275697] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.275733]                                                     ^
[   30.275788]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.275936]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.275972] ==================================================================
[   30.225307] ==================================================================
[   30.225516] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.225763] Write of size 1 at addr fff00000c9554aeb by task kunit_try_catch/189
[   30.225820] 
[   30.225863] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.226052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.226078] Hardware name: linux,dummy-virt (DT)
[   30.226108] Call trace:
[   30.226183]  show_stack+0x20/0x38 (C)
[   30.226336]  dump_stack_lvl+0x8c/0xd0
[   30.226406]  print_report+0x118/0x5d0
[   30.226529]  kasan_report+0xdc/0x128
[   30.226628]  __asan_report_store1_noabort+0x20/0x30
[   30.226717]  krealloc_less_oob_helper+0xa58/0xc50
[   30.226845]  krealloc_less_oob+0x20/0x38
[   30.226924]  kunit_try_run_case+0x170/0x3f0
[   30.227150]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.227203]  kthread+0x328/0x630
[   30.227245]  ret_from_fork+0x10/0x20
[   30.227602] 
[   30.227624] Allocated by task 189:
[   30.227652]  kasan_save_stack+0x3c/0x68
[   30.227792]  kasan_save_track+0x20/0x40
[   30.227926]  kasan_save_alloc_info+0x40/0x58
[   30.227990]  __kasan_krealloc+0x118/0x178
[   30.228153]  krealloc_noprof+0x128/0x360
[   30.228191]  krealloc_less_oob_helper+0x168/0xc50
[   30.228232]  krealloc_less_oob+0x20/0x38
[   30.228275]  kunit_try_run_case+0x170/0x3f0
[   30.228578]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.228733]  kthread+0x328/0x630
[   30.229110]  ret_from_fork+0x10/0x20
[   30.229150] 
[   30.229245] The buggy address belongs to the object at fff00000c9554a00
[   30.229245]  which belongs to the cache kmalloc-256 of size 256
[   30.229348] The buggy address is located 34 bytes to the right of
[   30.229348]  allocated 201-byte region [fff00000c9554a00, fff00000c9554ac9)
[   30.229421] 
[   30.229497] The buggy address belongs to the physical page:
[   30.229586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.229660] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.229706] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.229758] page_type: f5(slab)
[   30.229796] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.229844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.229892] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.229949] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.230239] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.230290] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.230338] page dumped because: kasan: bad access detected
[   30.230660] 
[   30.230681] Memory state around the buggy address:
[   30.230714]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.230756]  fff00000c9554a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.230796] >fff00000c9554a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.230831]                                                           ^
[   30.231196]  fff00000c9554b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.231275]  fff00000c9554b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.231346] ==================================================================
[   30.192556] ==================================================================
[   30.193034] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.193114] Write of size 1 at addr fff00000c9554ac9 by task kunit_try_catch/189
[   30.193172] 
[   30.193226] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.193313] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.193351] Hardware name: linux,dummy-virt (DT)
[   30.193389] Call trace:
[   30.193415]  show_stack+0x20/0x38 (C)
[   30.193465]  dump_stack_lvl+0x8c/0xd0
[   30.194107]  print_report+0x118/0x5d0
[   30.194356]  kasan_report+0xdc/0x128
[   30.194454]  __asan_report_store1_noabort+0x20/0x30
[   30.194716]  krealloc_less_oob_helper+0xa48/0xc50
[   30.194791]  krealloc_less_oob+0x20/0x38
[   30.194968]  kunit_try_run_case+0x170/0x3f0
[   30.195019]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.195074]  kthread+0x328/0x630
[   30.195157]  ret_from_fork+0x10/0x20
[   30.195396] 
[   30.195453] Allocated by task 189:
[   30.195481]  kasan_save_stack+0x3c/0x68
[   30.195524]  kasan_save_track+0x20/0x40
[   30.195561]  kasan_save_alloc_info+0x40/0x58
[   30.195637]  __kasan_krealloc+0x118/0x178
[   30.195693]  krealloc_noprof+0x128/0x360
[   30.195836]  krealloc_less_oob_helper+0x168/0xc50
[   30.196010]  krealloc_less_oob+0x20/0x38
[   30.196176]  kunit_try_run_case+0x170/0x3f0
[   30.196231]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.196311]  kthread+0x328/0x630
[   30.196516]  ret_from_fork+0x10/0x20
[   30.196758] 
[   30.196779] The buggy address belongs to the object at fff00000c9554a00
[   30.196779]  which belongs to the cache kmalloc-256 of size 256
[   30.196836] The buggy address is located 0 bytes to the right of
[   30.196836]  allocated 201-byte region [fff00000c9554a00, fff00000c9554ac9)
[   30.197224] 
[   30.197441] The buggy address belongs to the physical page:
[   30.197564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.197641] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.197794] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.197874] page_type: f5(slab)
[   30.197957] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.198076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.198241] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.198337] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.198386] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.198598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.198656] page dumped because: kasan: bad access detected
[   30.198784] 
[   30.198877] Memory state around the buggy address:
[   30.198910]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.198951]  fff00000c9554a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.198994] >fff00000c9554a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.199037]                                               ^
[   30.199071]  fff00000c9554b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.199507]  fff00000c9554b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.199891] ==================================================================
[   30.267620] ==================================================================
[   30.267669] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.267722] Write of size 1 at addr fff00000c9a660d0 by task kunit_try_catch/193
[   30.267769] 
[   30.267801] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.267881] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.267906] Hardware name: linux,dummy-virt (DT)
[   30.267934] Call trace:
[   30.267956]  show_stack+0x20/0x38 (C)
[   30.268002]  dump_stack_lvl+0x8c/0xd0
[   30.268057]  print_report+0x118/0x5d0
[   30.268187]  kasan_report+0xdc/0x128
[   30.268299]  __asan_report_store1_noabort+0x20/0x30
[   30.268376]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.268426]  krealloc_large_less_oob+0x20/0x38
[   30.268472]  kunit_try_run_case+0x170/0x3f0
[   30.268519]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.268766]  kthread+0x328/0x630
[   30.269081]  ret_from_fork+0x10/0x20
[   30.269387] 
[   30.269467] The buggy address belongs to the physical page:
[   30.269737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.269858] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.269912] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.270006] page_type: f8(unknown)
[   30.270131] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.270251] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.270299] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.270356] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.270403] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.270471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.270508] page dumped because: kasan: bad access detected
[   30.270590] 
[   30.270610] Memory state around the buggy address:
[   30.270832]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.270911]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.270953] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.271075]                                                  ^
[   30.271212]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.271252]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.271288] ==================================================================
[   30.210549] ==================================================================
[   30.210603] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.210662] Write of size 1 at addr fff00000c9554ada by task kunit_try_catch/189
[   30.210901] 
[   30.210936] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.211016] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.211056] Hardware name: linux,dummy-virt (DT)
[   30.211193] Call trace:
[   30.211302]  show_stack+0x20/0x38 (C)
[   30.211471]  dump_stack_lvl+0x8c/0xd0
[   30.211594]  print_report+0x118/0x5d0
[   30.211687]  kasan_report+0xdc/0x128
[   30.211803]  __asan_report_store1_noabort+0x20/0x30
[   30.211877]  krealloc_less_oob_helper+0xa80/0xc50
[   30.211952]  krealloc_less_oob+0x20/0x38
[   30.211997]  kunit_try_run_case+0x170/0x3f0
[   30.212049]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.212216]  kthread+0x328/0x630
[   30.212309]  ret_from_fork+0x10/0x20
[   30.212704] 
[   30.212735] Allocated by task 189:
[   30.212767]  kasan_save_stack+0x3c/0x68
[   30.212965]  kasan_save_track+0x20/0x40
[   30.213025]  kasan_save_alloc_info+0x40/0x58
[   30.213061]  __kasan_krealloc+0x118/0x178
[   30.213382]  krealloc_noprof+0x128/0x360
[   30.213741]  krealloc_less_oob_helper+0x168/0xc50
[   30.213794]  krealloc_less_oob+0x20/0x38
[   30.214047]  kunit_try_run_case+0x170/0x3f0
[   30.214148]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.214195]  kthread+0x328/0x630
[   30.214591]  ret_from_fork+0x10/0x20
[   30.214675] 
[   30.214696] The buggy address belongs to the object at fff00000c9554a00
[   30.214696]  which belongs to the cache kmalloc-256 of size 256
[   30.214752] The buggy address is located 17 bytes to the right of
[   30.214752]  allocated 201-byte region [fff00000c9554a00, fff00000c9554ac9)
[   30.214814] 
[   30.214834] The buggy address belongs to the physical page:
[   30.215035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.215408] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.215565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.215641] page_type: f5(slab)
[   30.215917] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.215968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.216016] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.216062] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.216109] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.216155] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.216194] page dumped because: kasan: bad access detected
[   30.216280] 
[   30.216300] Memory state around the buggy address:
[   30.216535]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.216914]  fff00000c9554a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.217049] >fff00000c9554a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.217092]                                                     ^
[   30.217129]  fff00000c9554b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.217354]  fff00000c9554b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.217485] ==================================================================
[   30.201100] ==================================================================
[   30.201150] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.201203] Write of size 1 at addr fff00000c9554ad0 by task kunit_try_catch/189
[   30.201250] 
[   30.201283] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.201380] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.201406] Hardware name: linux,dummy-virt (DT)
[   30.201435] Call trace:
[   30.201458]  show_stack+0x20/0x38 (C)
[   30.201506]  dump_stack_lvl+0x8c/0xd0
[   30.201678]  print_report+0x118/0x5d0
[   30.202446]  kasan_report+0xdc/0x128
[   30.202623]  __asan_report_store1_noabort+0x20/0x30
[   30.202774]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.202853]  krealloc_less_oob+0x20/0x38
[   30.202906]  kunit_try_run_case+0x170/0x3f0
[   30.203507]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.203831]  kthread+0x328/0x630
[   30.204146]  ret_from_fork+0x10/0x20
[   30.204477] 
[   30.204498] Allocated by task 189:
[   30.204598]  kasan_save_stack+0x3c/0x68
[   30.204800]  kasan_save_track+0x20/0x40
[   30.204867]  kasan_save_alloc_info+0x40/0x58
[   30.204979]  __kasan_krealloc+0x118/0x178
[   30.205034]  krealloc_noprof+0x128/0x360
[   30.205079]  krealloc_less_oob_helper+0x168/0xc50
[   30.205228]  krealloc_less_oob+0x20/0x38
[   30.205270]  kunit_try_run_case+0x170/0x3f0
[   30.205358]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.205397]  kthread+0x328/0x630
[   30.205428]  ret_from_fork+0x10/0x20
[   30.205462] 
[   30.205481] The buggy address belongs to the object at fff00000c9554a00
[   30.205481]  which belongs to the cache kmalloc-256 of size 256
[   30.205537] The buggy address is located 7 bytes to the right of
[   30.205537]  allocated 201-byte region [fff00000c9554a00, fff00000c9554ac9)
[   30.206045] 
[   30.206143] The buggy address belongs to the physical page:
[   30.206222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.206304] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.206364] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.206683] page_type: f5(slab)
[   30.206738] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.206842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.206891] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.207186] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.207425] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.207475] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.207514] page dumped because: kasan: bad access detected
[   30.207544] 
[   30.207562] Memory state around the buggy address:
[   30.207749]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.207948]  fff00000c9554a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.207991] >fff00000c9554a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.208026]                                                  ^
[   30.208062]  fff00000c9554b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.208494]  fff00000c9554b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.208536] ==================================================================
[   30.260097] ==================================================================
[   30.260548] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.260908] Write of size 1 at addr fff00000c9a660c9 by task kunit_try_catch/193
[   30.260961] 
[   30.260997] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.261405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.261440] Hardware name: linux,dummy-virt (DT)
[   30.261472] Call trace:
[   30.261494]  show_stack+0x20/0x38 (C)
[   30.262023]  dump_stack_lvl+0x8c/0xd0
[   30.262104]  print_report+0x118/0x5d0
[   30.262148]  kasan_report+0xdc/0x128
[   30.262192]  __asan_report_store1_noabort+0x20/0x30
[   30.262241]  krealloc_less_oob_helper+0xa48/0xc50
[   30.262289]  krealloc_large_less_oob+0x20/0x38
[   30.262348]  kunit_try_run_case+0x170/0x3f0
[   30.262620]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.262701]  kthread+0x328/0x630
[   30.262828]  ret_from_fork+0x10/0x20
[   30.262925] 
[   30.262946] The buggy address belongs to the physical page:
[   30.262995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.263222] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.263271] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.263349] page_type: f8(unknown)
[   30.263390] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.263599] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.263687] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.263842] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.263890] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.263937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.264033] page dumped because: kasan: bad access detected
[   30.264100] 
[   30.264118] Memory state around the buggy address:
[   30.264156]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.264422]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.264582] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.264819]                                               ^
[   30.264859]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.264980]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.265064] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizOeD8Jm6gvF6WEX3HpY0Yiv3

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizOeD8Jm6gvF6WEX3HpY0Yiv3

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/Image.gz
sha256sum	37d9d8f3bf88d1e931fe46cf36571593b5a433a5d7333af6ff92cab414d2ee0c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/modules.tar.xz
sha256sum	f716ec16fb4ddf54116cb1eb73ee916ed3bd359ff95e4d969af9a161c3cb0a9f

durations

tests

boot	0
kunit	172.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.616776] ==================================================================
[   23.617133] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.617602] Write of size 1 at addr ffff888102b960ea by task kunit_try_catch/212
[   23.617953] 
[   23.618076] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.618136] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.618148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.618169] Call Trace:
[   23.618187]  <TASK>
[   23.618203]  dump_stack_lvl+0x73/0xb0
[   23.618234]  print_report+0xd1/0x610
[   23.618263]  ? __virt_addr_valid+0x1db/0x2d0
[   23.618287]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.618311]  ? kasan_addr_to_slab+0x11/0xa0
[   23.618331]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.618354]  kasan_report+0x141/0x180
[   23.618375]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.618403]  __asan_report_store1_noabort+0x1b/0x30
[   23.618427]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.618451]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.618475]  ? finish_task_switch.isra.0+0x153/0x700
[   23.618496]  ? __switch_to+0x47/0xf80
[   23.618521]  ? __schedule+0x10cc/0x2b60
[   23.618545]  ? __pfx_read_tsc+0x10/0x10
[   23.618570]  krealloc_large_less_oob+0x1c/0x30
[   23.618591]  kunit_try_run_case+0x1a5/0x480
[   23.618614]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.618633]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.618656]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.618679]  ? __kthread_parkme+0x82/0x180
[   23.618759]  ? preempt_count_sub+0x50/0x80
[   23.618798]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.618843]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.618868]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.618922]  kthread+0x337/0x6f0
[   23.618942]  ? trace_preempt_on+0x20/0xc0
[   23.618965]  ? __pfx_kthread+0x10/0x10
[   23.618987]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.619008]  ? calculate_sigpending+0x7b/0xa0
[   23.619032]  ? __pfx_kthread+0x10/0x10
[   23.619055]  ret_from_fork+0x116/0x1d0
[   23.619075]  ? __pfx_kthread+0x10/0x10
[   23.619096]  ret_from_fork_asm+0x1a/0x30
[   23.619153]  </TASK>
[   23.619164] 
[   23.627287] The buggy address belongs to the physical page:
[   23.627534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.628120] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.628555] flags: 0x200000000000040(head|node=0|zone=2)
[   23.628852] page_type: f8(unknown)
[   23.629019] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.629481] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.629789] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.630123] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.630646] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.630978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.631334] page dumped because: kasan: bad access detected
[   23.631608] 
[   23.631759] Memory state around the buggy address:
[   23.632001]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.632332]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.632825] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.633332]                                                           ^
[   23.633647]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.633993]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.634314] ==================================================================
[   23.455457] ==================================================================
[   23.455774] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.456271] Write of size 1 at addr ffff88810579daea by task kunit_try_catch/208
[   23.456635] 
[   23.456908] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.456965] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.456977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.456999] Call Trace:
[   23.457016]  <TASK>
[   23.457032]  dump_stack_lvl+0x73/0xb0
[   23.457064]  print_report+0xd1/0x610
[   23.457086]  ? __virt_addr_valid+0x1db/0x2d0
[   23.457111]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.457304]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.457330]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.457353]  kasan_report+0x141/0x180
[   23.457375]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.457402]  __asan_report_store1_noabort+0x1b/0x30
[   23.457426]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.457451]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.457474]  ? finish_task_switch.isra.0+0x153/0x700
[   23.457495]  ? __switch_to+0x47/0xf80
[   23.457521]  ? __schedule+0x10cc/0x2b60
[   23.457577]  ? __pfx_read_tsc+0x10/0x10
[   23.457601]  krealloc_less_oob+0x1c/0x30
[   23.457622]  kunit_try_run_case+0x1a5/0x480
[   23.457655]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.457674]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.457698]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.457721]  ? __kthread_parkme+0x82/0x180
[   23.457752]  ? preempt_count_sub+0x50/0x80
[   23.457774]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.457795]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.457819]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.457844]  kthread+0x337/0x6f0
[   23.457863]  ? trace_preempt_on+0x20/0xc0
[   23.457887]  ? __pfx_kthread+0x10/0x10
[   23.457907]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.457928]  ? calculate_sigpending+0x7b/0xa0
[   23.457952]  ? __pfx_kthread+0x10/0x10
[   23.457973]  ret_from_fork+0x116/0x1d0
[   23.457992]  ? __pfx_kthread+0x10/0x10
[   23.458012]  ret_from_fork_asm+0x1a/0x30
[   23.458042]  </TASK>
[   23.458053] 
[   23.465748] Allocated by task 208:
[   23.465919]  kasan_save_stack+0x45/0x70
[   23.466114]  kasan_save_track+0x18/0x40
[   23.466282]  kasan_save_alloc_info+0x3b/0x50
[   23.466459]  __kasan_krealloc+0x190/0x1f0
[   23.466654]  krealloc_noprof+0xf3/0x340
[   23.466853]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.467063]  krealloc_less_oob+0x1c/0x30
[   23.467205]  kunit_try_run_case+0x1a5/0x480
[   23.467406]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.467754]  kthread+0x337/0x6f0
[   23.467914]  ret_from_fork+0x116/0x1d0
[   23.468112]  ret_from_fork_asm+0x1a/0x30
[   23.468248] 
[   23.468312] The buggy address belongs to the object at ffff88810579da00
[   23.468312]  which belongs to the cache kmalloc-256 of size 256
[   23.468845] The buggy address is located 33 bytes to the right of
[   23.468845]  allocated 201-byte region [ffff88810579da00, ffff88810579dac9)
[   23.469356] 
[   23.469455] The buggy address belongs to the physical page:
[   23.469709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.470105] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.470327] flags: 0x200000000000040(head|node=0|zone=2)
[   23.470542] page_type: f5(slab)
[   23.470711] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.471114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.471438] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.471711] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.472114] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.472542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.472840] page dumped because: kasan: bad access detected
[   23.473007] 
[   23.473070] Memory state around the buggy address:
[   23.473218]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.473642]  ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.473975] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.474338]                                                           ^
[   23.474621]  ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.474986]  ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.475301] ==================================================================
[   23.591534] ==================================================================
[   23.591778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.592018] Write of size 1 at addr ffff888102b960da by task kunit_try_catch/212
[   23.592234] 
[   23.592323] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.592371] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.592383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.592404] Call Trace:
[   23.592419]  <TASK>
[   23.592433]  dump_stack_lvl+0x73/0xb0
[   23.592461]  print_report+0xd1/0x610
[   23.592482]  ? __virt_addr_valid+0x1db/0x2d0
[   23.592506]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.592528]  ? kasan_addr_to_slab+0x11/0xa0
[   23.592547]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.592569]  kasan_report+0x141/0x180
[   23.592590]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.592616]  __asan_report_store1_noabort+0x1b/0x30
[   23.592639]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.592663]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.592685]  ? finish_task_switch.isra.0+0x153/0x700
[   23.592707]  ? __switch_to+0x47/0xf80
[   23.592742]  ? __schedule+0x10cc/0x2b60
[   23.592765]  ? __pfx_read_tsc+0x10/0x10
[   23.592789]  krealloc_large_less_oob+0x1c/0x30
[   23.592810]  kunit_try_run_case+0x1a5/0x480
[   23.592831]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.592850]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.592934]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.592971]  ? __kthread_parkme+0x82/0x180
[   23.592991]  ? preempt_count_sub+0x50/0x80
[   23.593028]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.593305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.593331]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.593374]  kthread+0x337/0x6f0
[   23.593412]  ? trace_preempt_on+0x20/0xc0
[   23.593653]  ? __pfx_kthread+0x10/0x10
[   23.593700]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.594340]  ? calculate_sigpending+0x7b/0xa0
[   23.594370]  ? __pfx_kthread+0x10/0x10
[   23.594424]  ret_from_fork+0x116/0x1d0
[   23.594447]  ? __pfx_kthread+0x10/0x10
[   23.594469]  ret_from_fork_asm+0x1a/0x30
[   23.594501]  </TASK>
[   23.594512] 
[   23.608529] The buggy address belongs to the physical page:
[   23.609091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.610098] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.610897] flags: 0x200000000000040(head|node=0|zone=2)
[   23.611419] page_type: f8(unknown)
[   23.611850] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.612534] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.613112] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.613807] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.614041] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.614263] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.614489] page dumped because: kasan: bad access detected
[   23.614652] 
[   23.614714] Memory state around the buggy address:
[   23.614871]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.615076]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.615282] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.615483]                                                     ^
[   23.615664]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.615905]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.616109] ==================================================================
[   23.634725] ==================================================================
[   23.635279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.635506] Write of size 1 at addr ffff888102b960eb by task kunit_try_catch/212
[   23.635712] 
[   23.635799] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.635843] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.635855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.635874] Call Trace:
[   23.635888]  <TASK>
[   23.635901]  dump_stack_lvl+0x73/0xb0
[   23.635928]  print_report+0xd1/0x610
[   23.635950]  ? __virt_addr_valid+0x1db/0x2d0
[   23.635974]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.635996]  ? kasan_addr_to_slab+0x11/0xa0
[   23.636015]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.636037]  kasan_report+0x141/0x180
[   23.636058]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.636084]  __asan_report_store1_noabort+0x1b/0x30
[   23.636107]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.636130]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.636209]  ? finish_task_switch.isra.0+0x153/0x700
[   23.636233]  ? __switch_to+0x47/0xf80
[   23.636280]  ? __schedule+0x10cc/0x2b60
[   23.636304]  ? __pfx_read_tsc+0x10/0x10
[   23.636334]  krealloc_large_less_oob+0x1c/0x30
[   23.636356]  kunit_try_run_case+0x1a5/0x480
[   23.636377]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.636397]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.636419]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.636442]  ? __kthread_parkme+0x82/0x180
[   23.636482]  ? preempt_count_sub+0x50/0x80
[   23.636514]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.636535]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.636587]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.636612]  kthread+0x337/0x6f0
[   23.636632]  ? trace_preempt_on+0x20/0xc0
[   23.636655]  ? __pfx_kthread+0x10/0x10
[   23.636676]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.636697]  ? calculate_sigpending+0x7b/0xa0
[   23.636721]  ? __pfx_kthread+0x10/0x10
[   23.636752]  ret_from_fork+0x116/0x1d0
[   23.636771]  ? __pfx_kthread+0x10/0x10
[   23.636792]  ret_from_fork_asm+0x1a/0x30
[   23.636822]  </TASK>
[   23.636833] 
[   23.645506] The buggy address belongs to the physical page:
[   23.645780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.646119] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.646471] flags: 0x200000000000040(head|node=0|zone=2)
[   23.646960] page_type: f8(unknown)
[   23.647090] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.647700] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.648243] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.648704] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.649082] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.649487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.649846] page dumped because: kasan: bad access detected
[   23.650116] 
[   23.650245] Memory state around the buggy address:
[   23.650625]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.651135]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.651475] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.651823]                                                           ^
[   23.652273]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.652582]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.652892] ==================================================================
[   23.548703] ==================================================================
[   23.549325] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.549573] Write of size 1 at addr ffff888102b960c9 by task kunit_try_catch/212
[   23.549800] 
[   23.549887] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.549937] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.549949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.549971] Call Trace:
[   23.549984]  <TASK>
[   23.550000]  dump_stack_lvl+0x73/0xb0
[   23.550031]  print_report+0xd1/0x610
[   23.550052]  ? __virt_addr_valid+0x1db/0x2d0
[   23.550077]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.550103]  ? kasan_addr_to_slab+0x11/0xa0
[   23.550124]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.550147]  kasan_report+0x141/0x180
[   23.550168]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.550194]  __asan_report_store1_noabort+0x1b/0x30
[   23.550218]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.550242]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.550264]  ? finish_task_switch.isra.0+0x153/0x700
[   23.550287]  ? __switch_to+0x47/0xf80
[   23.550313]  ? __schedule+0x10cc/0x2b60
[   23.550336]  ? __pfx_read_tsc+0x10/0x10
[   23.550361]  krealloc_large_less_oob+0x1c/0x30
[   23.550382]  kunit_try_run_case+0x1a5/0x480
[   23.550404]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.550423]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.550446]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.550468]  ? __kthread_parkme+0x82/0x180
[   23.550488]  ? preempt_count_sub+0x50/0x80
[   23.550510]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.550530]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.550554]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.550578]  kthread+0x337/0x6f0
[   23.550598]  ? trace_preempt_on+0x20/0xc0
[   23.550622]  ? __pfx_kthread+0x10/0x10
[   23.550643]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.550664]  ? calculate_sigpending+0x7b/0xa0
[   23.550688]  ? __pfx_kthread+0x10/0x10
[   23.550709]  ret_from_fork+0x116/0x1d0
[   23.550728]  ? __pfx_kthread+0x10/0x10
[   23.551439]  ret_from_fork_asm+0x1a/0x30
[   23.551841]  </TASK>
[   23.551858] 
[   23.562427] The buggy address belongs to the physical page:
[   23.562674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.563090] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.563608] flags: 0x200000000000040(head|node=0|zone=2)
[   23.563875] page_type: f8(unknown)
[   23.564056] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.564501] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.564756] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.564985] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.565352] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.565928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.566466] page dumped because: kasan: bad access detected
[   23.566633] 
[   23.566696] Memory state around the buggy address:
[   23.566889]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.567224]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.567577] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.567982]                                               ^
[   23.568239]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.568591]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.568849] ==================================================================
[   23.476039] ==================================================================
[   23.476750] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.477076] Write of size 1 at addr ffff88810579daeb by task kunit_try_catch/208
[   23.477487] 
[   23.477572] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.477651] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.477663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.477695] Call Trace:
[   23.477723]  <TASK>
[   23.477747]  dump_stack_lvl+0x73/0xb0
[   23.477776]  print_report+0xd1/0x610
[   23.477797]  ? __virt_addr_valid+0x1db/0x2d0
[   23.477820]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.477842]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.477867]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.477890]  kasan_report+0x141/0x180
[   23.477911]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.477938]  __asan_report_store1_noabort+0x1b/0x30
[   23.477961]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.477986]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.478039]  ? finish_task_switch.isra.0+0x153/0x700
[   23.478061]  ? __switch_to+0x47/0xf80
[   23.478102]  ? __schedule+0x10cc/0x2b60
[   23.478124]  ? __pfx_read_tsc+0x10/0x10
[   23.478148]  krealloc_less_oob+0x1c/0x30
[   23.478169]  kunit_try_run_case+0x1a5/0x480
[   23.478190]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.478209]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.478232]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.478255]  ? __kthread_parkme+0x82/0x180
[   23.478275]  ? preempt_count_sub+0x50/0x80
[   23.478297]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.478319]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.478343]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.478368]  kthread+0x337/0x6f0
[   23.478387]  ? trace_preempt_on+0x20/0xc0
[   23.478477]  ? __pfx_kthread+0x10/0x10
[   23.478499]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.478520]  ? calculate_sigpending+0x7b/0xa0
[   23.478555]  ? __pfx_kthread+0x10/0x10
[   23.478576]  ret_from_fork+0x116/0x1d0
[   23.478595]  ? __pfx_kthread+0x10/0x10
[   23.478615]  ret_from_fork_asm+0x1a/0x30
[   23.478645]  </TASK>
[   23.478655] 
[   23.491041] Allocated by task 208:
[   23.491167]  kasan_save_stack+0x45/0x70
[   23.491307]  kasan_save_track+0x18/0x40
[   23.491502]  kasan_save_alloc_info+0x3b/0x50
[   23.491912]  __kasan_krealloc+0x190/0x1f0
[   23.492296]  krealloc_noprof+0xf3/0x340
[   23.492730]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.493193]  krealloc_less_oob+0x1c/0x30
[   23.493586]  kunit_try_run_case+0x1a5/0x480
[   23.493997]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.494508]  kthread+0x337/0x6f0
[   23.494848]  ret_from_fork+0x116/0x1d0
[   23.495083]  ret_from_fork_asm+0x1a/0x30
[   23.495218] 
[   23.495283] The buggy address belongs to the object at ffff88810579da00
[   23.495283]  which belongs to the cache kmalloc-256 of size 256
[   23.496250] The buggy address is located 34 bytes to the right of
[   23.496250]  allocated 201-byte region [ffff88810579da00, ffff88810579dac9)
[   23.497524] 
[   23.497678] The buggy address belongs to the physical page:
[   23.498024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.498262] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.498646] flags: 0x200000000000040(head|node=0|zone=2)
[   23.499143] page_type: f5(slab)
[   23.499445] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.500119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.500921] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.501565] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.501801] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.502026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.502244] page dumped because: kasan: bad access detected
[   23.502416] 
[   23.502570] Memory state around the buggy address:
[   23.503002]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.503659]  ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.504540] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.505143]                                                           ^
[   23.505857]  ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.506490]  ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.507104] ==================================================================
[   23.407666] ==================================================================
[   23.408196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.408883] Write of size 1 at addr ffff88810579dad0 by task kunit_try_catch/208
[   23.409767] 
[   23.409902] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.409967] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.409979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.410001] Call Trace:
[   23.410014]  <TASK>
[   23.410030]  dump_stack_lvl+0x73/0xb0
[   23.410061]  print_report+0xd1/0x610
[   23.410082]  ? __virt_addr_valid+0x1db/0x2d0
[   23.410106]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.410128]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.410154]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.410176]  kasan_report+0x141/0x180
[   23.410229]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.410257]  __asan_report_store1_noabort+0x1b/0x30
[   23.410443]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.410474]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.410497]  ? finish_task_switch.isra.0+0x153/0x700
[   23.410519]  ? __switch_to+0x47/0xf80
[   23.410546]  ? __schedule+0x10cc/0x2b60
[   23.410569]  ? __pfx_read_tsc+0x10/0x10
[   23.410647]  krealloc_less_oob+0x1c/0x30
[   23.410668]  kunit_try_run_case+0x1a5/0x480
[   23.410702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.410722]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.410755]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.410778]  ? __kthread_parkme+0x82/0x180
[   23.410798]  ? preempt_count_sub+0x50/0x80
[   23.410820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.410841]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.410865]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.410889]  kthread+0x337/0x6f0
[   23.410908]  ? trace_preempt_on+0x20/0xc0
[   23.410930]  ? __pfx_kthread+0x10/0x10
[   23.410951]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.410972]  ? calculate_sigpending+0x7b/0xa0
[   23.410996]  ? __pfx_kthread+0x10/0x10
[   23.411016]  ret_from_fork+0x116/0x1d0
[   23.411035]  ? __pfx_kthread+0x10/0x10
[   23.411055]  ret_from_fork_asm+0x1a/0x30
[   23.411084]  </TASK>
[   23.411095] 
[   23.419781] Allocated by task 208:
[   23.419966]  kasan_save_stack+0x45/0x70
[   23.420195]  kasan_save_track+0x18/0x40
[   23.420330]  kasan_save_alloc_info+0x3b/0x50
[   23.420470]  __kasan_krealloc+0x190/0x1f0
[   23.420601]  krealloc_noprof+0xf3/0x340
[   23.420908]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.421156]  krealloc_less_oob+0x1c/0x30
[   23.421347]  kunit_try_run_case+0x1a5/0x480
[   23.421548]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.422020]  kthread+0x337/0x6f0
[   23.422209]  ret_from_fork+0x116/0x1d0
[   23.422410]  ret_from_fork_asm+0x1a/0x30
[   23.422658] 
[   23.422726] The buggy address belongs to the object at ffff88810579da00
[   23.422726]  which belongs to the cache kmalloc-256 of size 256
[   23.423084] The buggy address is located 7 bytes to the right of
[   23.423084]  allocated 201-byte region [ffff88810579da00, ffff88810579dac9)
[   23.424089] 
[   23.424252] The buggy address belongs to the physical page:
[   23.424594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.425099] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.425556] flags: 0x200000000000040(head|node=0|zone=2)
[   23.425817] page_type: f5(slab)
[   23.425991] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.426294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.426524] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.427081] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.427639] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.428050] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.428431] page dumped because: kasan: bad access detected
[   23.428702] 
[   23.428803] Memory state around the buggy address:
[   23.429003]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.429290]  ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.429570] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.429906]                                                  ^
[   23.430145]  ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.430712]  ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.431084] ==================================================================
[   23.385023] ==================================================================
[   23.386318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.386573] Write of size 1 at addr ffff88810579dac9 by task kunit_try_catch/208
[   23.386810] 
[   23.386896] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.386948] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.386960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.386982] Call Trace:
[   23.386996]  <TASK>
[   23.387013]  dump_stack_lvl+0x73/0xb0
[   23.387473]  print_report+0xd1/0x610
[   23.387503]  ? __virt_addr_valid+0x1db/0x2d0
[   23.387529]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.387553]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.387581]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.387609]  kasan_report+0x141/0x180
[   23.387631]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.387659]  __asan_report_store1_noabort+0x1b/0x30
[   23.387683]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.387707]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.387743]  ? finish_task_switch.isra.0+0x153/0x700
[   23.387767]  ? __switch_to+0x47/0xf80
[   23.387792]  ? __schedule+0x10cc/0x2b60
[   23.387816]  ? __pfx_read_tsc+0x10/0x10
[   23.387841]  krealloc_less_oob+0x1c/0x30
[   23.387862]  kunit_try_run_case+0x1a5/0x480
[   23.387885]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.387905]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.387928]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.387950]  ? __kthread_parkme+0x82/0x180
[   23.387971]  ? preempt_count_sub+0x50/0x80
[   23.387993]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.388014]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.388038]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.388062]  kthread+0x337/0x6f0
[   23.388081]  ? trace_preempt_on+0x20/0xc0
[   23.388105]  ? __pfx_kthread+0x10/0x10
[   23.388125]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.388146]  ? calculate_sigpending+0x7b/0xa0
[   23.388170]  ? __pfx_kthread+0x10/0x10
[   23.388191]  ret_from_fork+0x116/0x1d0
[   23.388209]  ? __pfx_kthread+0x10/0x10
[   23.388229]  ret_from_fork_asm+0x1a/0x30
[   23.388259]  </TASK>
[   23.388270] 
[   23.396280] Allocated by task 208:
[   23.396416]  kasan_save_stack+0x45/0x70
[   23.396714]  kasan_save_track+0x18/0x40
[   23.396967]  kasan_save_alloc_info+0x3b/0x50
[   23.397174]  __kasan_krealloc+0x190/0x1f0
[   23.397549]  krealloc_noprof+0xf3/0x340
[   23.397763]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.397991]  krealloc_less_oob+0x1c/0x30
[   23.398129]  kunit_try_run_case+0x1a5/0x480
[   23.398268]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.398740]  kthread+0x337/0x6f0
[   23.398935]  ret_from_fork+0x116/0x1d0
[   23.399149]  ret_from_fork_asm+0x1a/0x30
[   23.399343] 
[   23.399409] The buggy address belongs to the object at ffff88810579da00
[   23.399409]  which belongs to the cache kmalloc-256 of size 256
[   23.399968] The buggy address is located 0 bytes to the right of
[   23.399968]  allocated 201-byte region [ffff88810579da00, ffff88810579dac9)
[   23.400336] 
[   23.400413] The buggy address belongs to the physical page:
[   23.400681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.401042] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.401452] flags: 0x200000000000040(head|node=0|zone=2)
[   23.401622] page_type: f5(slab)
[   23.401747] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.402326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.402953] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.403371] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.403724] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.404012] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.404511] page dumped because: kasan: bad access detected
[   23.404708] 
[   23.404783] Memory state around the buggy address:
[   23.404932]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.405243]  ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.405686] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.405944]                                               ^
[   23.406229]  ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.406655]  ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.406945] ==================================================================
[   23.431686] ==================================================================
[   23.432055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.432782] Write of size 1 at addr ffff88810579dada by task kunit_try_catch/208
[   23.433190] 
[   23.433373] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.433440] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.433452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.433474] Call Trace:
[   23.433490]  <TASK>
[   23.433535]  dump_stack_lvl+0x73/0xb0
[   23.433566]  print_report+0xd1/0x610
[   23.433599]  ? __virt_addr_valid+0x1db/0x2d0
[   23.433623]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.433646]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.433671]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.433694]  kasan_report+0x141/0x180
[   23.433715]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.433752]  __asan_report_store1_noabort+0x1b/0x30
[   23.433776]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.433800]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.433823]  ? finish_task_switch.isra.0+0x153/0x700
[   23.433845]  ? __switch_to+0x47/0xf80
[   23.433871]  ? __schedule+0x10cc/0x2b60
[   23.433893]  ? __pfx_read_tsc+0x10/0x10
[   23.433918]  krealloc_less_oob+0x1c/0x30
[   23.433938]  kunit_try_run_case+0x1a5/0x480
[   23.433960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.433980]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.434002]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.434025]  ? __kthread_parkme+0x82/0x180
[   23.434076]  ? preempt_count_sub+0x50/0x80
[   23.434098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.434141]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.434165]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.434190]  kthread+0x337/0x6f0
[   23.434209]  ? trace_preempt_on+0x20/0xc0
[   23.434232]  ? __pfx_kthread+0x10/0x10
[   23.434253]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.434325]  ? calculate_sigpending+0x7b/0xa0
[   23.434351]  ? __pfx_kthread+0x10/0x10
[   23.434372]  ret_from_fork+0x116/0x1d0
[   23.434391]  ? __pfx_kthread+0x10/0x10
[   23.434423]  ret_from_fork_asm+0x1a/0x30
[   23.434453]  </TASK>
[   23.434464] 
[   23.442907] Allocated by task 208:
[   23.443038]  kasan_save_stack+0x45/0x70
[   23.443196]  kasan_save_track+0x18/0x40
[   23.443607]  kasan_save_alloc_info+0x3b/0x50
[   23.443837]  __kasan_krealloc+0x190/0x1f0
[   23.444143]  krealloc_noprof+0xf3/0x340
[   23.444503]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.444799]  krealloc_less_oob+0x1c/0x30
[   23.444973]  kunit_try_run_case+0x1a5/0x480
[   23.445119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.445298]  kthread+0x337/0x6f0
[   23.445465]  ret_from_fork+0x116/0x1d0
[   23.445694]  ret_from_fork_asm+0x1a/0x30
[   23.445954] 
[   23.446194] The buggy address belongs to the object at ffff88810579da00
[   23.446194]  which belongs to the cache kmalloc-256 of size 256
[   23.446718] The buggy address is located 17 bytes to the right of
[   23.446718]  allocated 201-byte region [ffff88810579da00, ffff88810579dac9)
[   23.447504] 
[   23.447623] The buggy address belongs to the physical page:
[   23.447882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.448152] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.448572] flags: 0x200000000000040(head|node=0|zone=2)
[   23.449020] page_type: f5(slab)
[   23.449170] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.449559] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.449887] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.450245] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.450676] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.450948] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.451359] page dumped because: kasan: bad access detected
[   23.451696] 
[   23.451800] Memory state around the buggy address:
[   23.451984]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.452289]  ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.452661] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.452951]                                                     ^
[   23.453193]  ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.453607]  ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.453856] ==================================================================
[   23.569320] ==================================================================
[   23.569904] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.570215] Write of size 1 at addr ffff888102b960d0 by task kunit_try_catch/212
[   23.570651] 
[   23.570782] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.570852] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.570865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.570886] Call Trace:
[   23.570902]  <TASK>
[   23.570917]  dump_stack_lvl+0x73/0xb0
[   23.570947]  print_report+0xd1/0x610
[   23.570987]  ? __virt_addr_valid+0x1db/0x2d0
[   23.571011]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.571034]  ? kasan_addr_to_slab+0x11/0xa0
[   23.571054]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.571077]  kasan_report+0x141/0x180
[   23.571099]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.571126]  __asan_report_store1_noabort+0x1b/0x30
[   23.571165]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.571203]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.571226]  ? finish_task_switch.isra.0+0x153/0x700
[   23.571248]  ? __switch_to+0x47/0xf80
[   23.571317]  ? __schedule+0x10cc/0x2b60
[   23.571343]  ? __pfx_read_tsc+0x10/0x10
[   23.571367]  krealloc_large_less_oob+0x1c/0x30
[   23.571389]  kunit_try_run_case+0x1a5/0x480
[   23.571411]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.571431]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.571453]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.571496]  ? __kthread_parkme+0x82/0x180
[   23.571531]  ? preempt_count_sub+0x50/0x80
[   23.571566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.571589]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.571627]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.571651]  kthread+0x337/0x6f0
[   23.571672]  ? trace_preempt_on+0x20/0xc0
[   23.571694]  ? __pfx_kthread+0x10/0x10
[   23.571716]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.571762]  ? calculate_sigpending+0x7b/0xa0
[   23.571787]  ? __pfx_kthread+0x10/0x10
[   23.571809]  ret_from_fork+0x116/0x1d0
[   23.571828]  ? __pfx_kthread+0x10/0x10
[   23.571849]  ret_from_fork_asm+0x1a/0x30
[   23.571879]  </TASK>
[   23.571890] 
[   23.580217] The buggy address belongs to the physical page:
[   23.580501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.580996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.581533] flags: 0x200000000000040(head|node=0|zone=2)
[   23.581766] page_type: f8(unknown)
[   23.581891] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.582229] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.582728] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.583000] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.583437] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.583669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.585564] page dumped because: kasan: bad access detected
[   23.585750] 
[   23.585815] Memory state around the buggy address:
[   23.585959]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.586160]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.586368] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.586568]                                                  ^
[   23.587676]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.588987]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.590220] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizPosnQ5rY23goGLqjSSGUMDT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizPosnQ5rY23goGLqjSSGUMDT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/bzImage
sha256sum	0b86f8183e71d185ecf48e91daf338a38748221ed84c99d5fcc0aff2fb4fe4d2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/modules.tar.xz
sha256sum	1cecf8a22d53cbe6f1135ddb095fc53e6fe8ebbda902547c47910320c1d5aa61

durations

tests

boot	0
kunit	220.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit