lkft/linux-next-master - next-20250714 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   40.888234] ==================================================================
[   40.895219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   40.902767] Write of size 1 at addr ffff000806cce0da by task kunit_try_catch/246
[   40.910143] 
[   40.911628] CPU: 2 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   40.911682] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.911697] Hardware name: WinLink E850-96 board (DT)
[   40.911715] Call trace:
[   40.911728]  show_stack+0x20/0x38 (C)
[   40.911760]  dump_stack_lvl+0x8c/0xd0
[   40.911795]  print_report+0x118/0x5d0
[   40.911821]  kasan_report+0xdc/0x128
[   40.911848]  __asan_report_store1_noabort+0x20/0x30
[   40.911883]  krealloc_less_oob_helper+0xa80/0xc50
[   40.911917]  krealloc_large_less_oob+0x20/0x38
[   40.911949]  kunit_try_run_case+0x170/0x3f0
[   40.911987]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.912019]  kthread+0x328/0x630
[   40.912047]  ret_from_fork+0x10/0x20
[   40.912081] 
[   40.980717] The buggy address belongs to the physical page:
[   40.986275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886ccc
[   40.994257] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.001898] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.008840] page_type: f8(unknown)
[   41.012236] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.019957] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.027684] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.035495] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.043308] head: 0bfffe0000000002 fffffdffe01b3301 00000000ffffffff 00000000ffffffff
[   41.051120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.058926] page dumped because: kasan: bad access detected
[   41.064481] 
[   41.065957] Memory state around the buggy address:
[   41.070738]  ffff000806ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.077939]  ffff000806cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.085144] >ffff000806cce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   41.092345]                                                     ^
[   41.098425]  ffff000806cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.105630]  ffff000806cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.112833] ==================================================================
[   41.352722] ==================================================================
[   41.359794] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   41.367342] Write of size 1 at addr ffff000806cce0eb by task kunit_try_catch/246
[   41.374719] 
[   41.376205] CPU: 2 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   41.376252] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.376267] Hardware name: WinLink E850-96 board (DT)
[   41.376283] Call trace:
[   41.376296]  show_stack+0x20/0x38 (C)
[   41.376328]  dump_stack_lvl+0x8c/0xd0
[   41.376360]  print_report+0x118/0x5d0
[   41.376388]  kasan_report+0xdc/0x128
[   41.376415]  __asan_report_store1_noabort+0x20/0x30
[   41.376449]  krealloc_less_oob_helper+0xa58/0xc50
[   41.376483]  krealloc_large_less_oob+0x20/0x38
[   41.376515]  kunit_try_run_case+0x170/0x3f0
[   41.376552]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.376586]  kthread+0x328/0x630
[   41.376614]  ret_from_fork+0x10/0x20
[   41.376647] 
[   41.445293] The buggy address belongs to the physical page:
[   41.450850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886ccc
[   41.458833] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.466473] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.473416] page_type: f8(unknown)
[   41.476813] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.484533] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.492260] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.500071] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.507884] head: 0bfffe0000000002 fffffdffe01b3301 00000000ffffffff 00000000ffffffff
[   41.515696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.523502] page dumped because: kasan: bad access detected
[   41.529057] 
[   41.530533] Memory state around the buggy address:
[   41.535313]  ffff000806ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.542516]  ffff000806cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.549720] >ffff000806cce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   41.556922]                                                           ^
[   41.563522]  ffff000806cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.570727]  ffff000806cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.577928] ==================================================================
[   40.656358] ==================================================================
[   40.663447] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   40.670998] Write of size 1 at addr ffff000806cce0d0 by task kunit_try_catch/246
[   40.678376] 
[   40.679864] CPU: 2 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   40.679915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.679931] Hardware name: WinLink E850-96 board (DT)
[   40.679949] Call trace:
[   40.679961]  show_stack+0x20/0x38 (C)
[   40.679995]  dump_stack_lvl+0x8c/0xd0
[   40.680026]  print_report+0x118/0x5d0
[   40.680054]  kasan_report+0xdc/0x128
[   40.680083]  __asan_report_store1_noabort+0x20/0x30
[   40.680115]  krealloc_less_oob_helper+0xb9c/0xc50
[   40.680148]  krealloc_large_less_oob+0x20/0x38
[   40.680180]  kunit_try_run_case+0x170/0x3f0
[   40.680216]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.680250]  kthread+0x328/0x630
[   40.680278]  ret_from_fork+0x10/0x20
[   40.680311] 
[   40.748950] The buggy address belongs to the physical page:
[   40.754506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886ccc
[   40.762490] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.770130] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.777073] page_type: f8(unknown)
[   40.780469] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.788190] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.795916] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.803728] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.811541] head: 0bfffe0000000002 fffffdffe01b3301 00000000ffffffff 00000000ffffffff
[   40.819353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.827158] page dumped because: kasan: bad access detected
[   40.832714] 
[   40.834189] Memory state around the buggy address:
[   40.838969]  ffff000806ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.846172]  ffff000806cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.853377] >ffff000806cce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   40.860578]                                                  ^
[   40.866397]  ffff000806cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.873601]  ffff000806cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.880803] ==================================================================
[   40.422036] ==================================================================
[   40.431941] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   40.439491] Write of size 1 at addr ffff000806cce0c9 by task kunit_try_catch/246
[   40.446869] 
[   40.448354] CPU: 2 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   40.448407] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.448424] Hardware name: WinLink E850-96 board (DT)
[   40.448443] Call trace:
[   40.448455]  show_stack+0x20/0x38 (C)
[   40.448489]  dump_stack_lvl+0x8c/0xd0
[   40.448524]  print_report+0x118/0x5d0
[   40.448554]  kasan_report+0xdc/0x128
[   40.448581]  __asan_report_store1_noabort+0x20/0x30
[   40.448615]  krealloc_less_oob_helper+0xa48/0xc50
[   40.448648]  krealloc_large_less_oob+0x20/0x38
[   40.448681]  kunit_try_run_case+0x170/0x3f0
[   40.448719]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.448753]  kthread+0x328/0x630
[   40.448783]  ret_from_fork+0x10/0x20
[   40.448816] 
[   40.517443] The buggy address belongs to the physical page:
[   40.522999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886ccc
[   40.530984] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.538623] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.545567] page_type: f8(unknown)
[   40.548962] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.556683] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.564409] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.572220] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.580034] head: 0bfffe0000000002 fffffdffe01b3301 00000000ffffffff 00000000ffffffff
[   40.587846] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.595651] page dumped because: kasan: bad access detected
[   40.601207] 
[   40.602682] Memory state around the buggy address:
[   40.607463]  ffff000806ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.614665]  ffff000806cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.621872] >ffff000806cce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   40.629071]                                               ^
[   40.634630]  ffff000806cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.641835]  ffff000806cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.649038] ==================================================================
[   41.120364] ==================================================================
[   41.127246] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   41.134793] Write of size 1 at addr ffff000806cce0ea by task kunit_try_catch/246
[   41.142171] 
[   41.143656] CPU: 2 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   41.143705] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.143721] Hardware name: WinLink E850-96 board (DT)
[   41.143739] Call trace:
[   41.143752]  show_stack+0x20/0x38 (C)
[   41.143785]  dump_stack_lvl+0x8c/0xd0
[   41.143817]  print_report+0x118/0x5d0
[   41.143844]  kasan_report+0xdc/0x128
[   41.143871]  __asan_report_store1_noabort+0x20/0x30
[   41.143904]  krealloc_less_oob_helper+0xae4/0xc50
[   41.143937]  krealloc_large_less_oob+0x20/0x38
[   41.143971]  kunit_try_run_case+0x170/0x3f0
[   41.144007]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.144037]  kthread+0x328/0x630
[   41.144065]  ret_from_fork+0x10/0x20
[   41.144097] 
[   41.212745] The buggy address belongs to the physical page:
[   41.218301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886ccc
[   41.226285] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.233926] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.240867] page_type: f8(unknown)
[   41.244264] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.251985] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.259711] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.267523] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.275336] head: 0bfffe0000000002 fffffdffe01b3301 00000000ffffffff 00000000ffffffff
[   41.283148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.290954] page dumped because: kasan: bad access detected
[   41.296509] 
[   41.297984] Memory state around the buggy address:
[   41.302766]  ffff000806ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.309967]  ffff000806cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.317172] >ffff000806cce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   41.324373]                                                           ^
[   41.330974]  ffff000806cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.338178]  ffff000806cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.345380] ==================================================================

Metadata Full log Test run details

[   29.445135] ==================================================================
[   29.445197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.445256] Write of size 1 at addr fff00000c96882c9 by task kunit_try_catch/189
[   29.445305] 
[   29.445341] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.445528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.445554] Hardware name: linux,dummy-virt (DT)
[   29.445584] Call trace:
[   29.445612]  show_stack+0x20/0x38 (C)
[   29.445717]  dump_stack_lvl+0x8c/0xd0
[   29.445854]  print_report+0x118/0x5d0
[   29.445898]  kasan_report+0xdc/0x128
[   29.445939]  __asan_report_store1_noabort+0x20/0x30
[   29.445986]  krealloc_less_oob_helper+0xa48/0xc50
[   29.446034]  krealloc_less_oob+0x20/0x38
[   29.446089]  kunit_try_run_case+0x170/0x3f0
[   29.446136]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.446184]  kthread+0x328/0x630
[   29.446225]  ret_from_fork+0x10/0x20
[   29.446272] 
[   29.446290] Allocated by task 189:
[   29.446317]  kasan_save_stack+0x3c/0x68
[   29.446368]  kasan_save_track+0x20/0x40
[   29.446408]  kasan_save_alloc_info+0x40/0x58
[   29.446445]  __kasan_krealloc+0x118/0x178
[   29.446560]  krealloc_noprof+0x128/0x360
[   29.446783]  krealloc_less_oob_helper+0x168/0xc50
[   29.447114]  krealloc_less_oob+0x20/0x38
[   29.447158]  kunit_try_run_case+0x170/0x3f0
[   29.447475]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.447662]  kthread+0x328/0x630
[   29.447697]  ret_from_fork+0x10/0x20
[   29.447731] 
[   29.447750] The buggy address belongs to the object at fff00000c9688200
[   29.447750]  which belongs to the cache kmalloc-256 of size 256
[   29.448332] The buggy address is located 0 bytes to the right of
[   29.448332]  allocated 201-byte region [fff00000c9688200, fff00000c96882c9)
[   29.448416] 
[   29.448438] The buggy address belongs to the physical page:
[   29.448469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.448688] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.448843] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.448899] page_type: f5(slab)
[   29.448940] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.448999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.449058] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.449501] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.449628] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.449813] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.450040] page dumped because: kasan: bad access detected
[   29.450117] 
[   29.450135] Memory state around the buggy address:
[   29.450202]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.450243]  fff00000c9688200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.450448] >fff00000c9688280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.450626]                                               ^
[   29.450666]  fff00000c9688300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.450842]  fff00000c9688380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.450916] ==================================================================
[   29.461298] ==================================================================
[   29.461353] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.461408] Write of size 1 at addr fff00000c96882da by task kunit_try_catch/189
[   29.461456] 
[   29.461580] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.461948] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.461974] Hardware name: linux,dummy-virt (DT)
[   29.462004] Call trace:
[   29.462026]  show_stack+0x20/0x38 (C)
[   29.462085]  dump_stack_lvl+0x8c/0xd0
[   29.462129]  print_report+0x118/0x5d0
[   29.462171]  kasan_report+0xdc/0x128
[   29.462213]  __asan_report_store1_noabort+0x20/0x30
[   29.462267]  krealloc_less_oob_helper+0xa80/0xc50
[   29.462490]  krealloc_less_oob+0x20/0x38
[   29.462707]  kunit_try_run_case+0x170/0x3f0
[   29.462783]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.462832]  kthread+0x328/0x630
[   29.462880]  ret_from_fork+0x10/0x20
[   29.463003] 
[   29.463040] Allocated by task 189:
[   29.463336]  kasan_save_stack+0x3c/0x68
[   29.463671]  kasan_save_track+0x20/0x40
[   29.464020]  kasan_save_alloc_info+0x40/0x58
[   29.464071]  __kasan_krealloc+0x118/0x178
[   29.464109]  krealloc_noprof+0x128/0x360
[   29.464147]  krealloc_less_oob_helper+0x168/0xc50
[   29.464478]  krealloc_less_oob+0x20/0x38
[   29.464626]  kunit_try_run_case+0x170/0x3f0
[   29.464783]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.464870]  kthread+0x328/0x630
[   29.464904]  ret_from_fork+0x10/0x20
[   29.464940] 
[   29.464960] The buggy address belongs to the object at fff00000c9688200
[   29.464960]  which belongs to the cache kmalloc-256 of size 256
[   29.465018] The buggy address is located 17 bytes to the right of
[   29.465018]  allocated 201-byte region [fff00000c9688200, fff00000c96882c9)
[   29.465091] 
[   29.465111] The buggy address belongs to the physical page:
[   29.465168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.465219] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.465264] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.465315] page_type: f5(slab)
[   29.465352] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.465400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.465447] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.465907] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.466025] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.466096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.466189] page dumped because: kasan: bad access detected
[   29.466289] 
[   29.466307] Memory state around the buggy address:
[   29.466338]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.466387]  fff00000c9688200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.466767] >fff00000c9688280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.466869]                                                     ^
[   29.466922]  fff00000c9688300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.467022]  fff00000c9688380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.467205] ==================================================================
[   29.522835] ==================================================================
[   29.522867] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.522906] Write of size 1 at addr fff00000c9b060eb by task kunit_try_catch/193
[   29.522955] 
[   29.522982] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.523186] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.523286] Hardware name: linux,dummy-virt (DT)
[   29.523406] Call trace:
[   29.523460]  show_stack+0x20/0x38 (C)
[   29.523505]  dump_stack_lvl+0x8c/0xd0
[   29.523700]  print_report+0x118/0x5d0
[   29.523811]  kasan_report+0xdc/0x128
[   29.523938]  __asan_report_store1_noabort+0x20/0x30
[   29.524148]  krealloc_less_oob_helper+0xa58/0xc50
[   29.524231]  krealloc_large_less_oob+0x20/0x38
[   29.524278]  kunit_try_run_case+0x170/0x3f0
[   29.524325]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.524373]  kthread+0x328/0x630
[   29.524414]  ret_from_fork+0x10/0x20
[   29.524460] 
[   29.524479] The buggy address belongs to the physical page:
[   29.524508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.524558] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.524602] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.524651] page_type: f8(unknown)
[   29.524715] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.524817] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.524877] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.524925] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.524972] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.525020] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.525066] page dumped because: kasan: bad access detected
[   29.525095] 
[   29.525156] Memory state around the buggy address:
[   29.525185]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.525227]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.525286] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.525321]                                                           ^
[   29.525358]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.525399]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.525495] ==================================================================
[   29.518292] ==================================================================
[   29.518361] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.518415] Write of size 1 at addr fff00000c9b060da by task kunit_try_catch/193
[   29.518543] 
[   29.518629] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.518708] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.518732] Hardware name: linux,dummy-virt (DT)
[   29.518761] Call trace:
[   29.518781]  show_stack+0x20/0x38 (C)
[   29.518826]  dump_stack_lvl+0x8c/0xd0
[   29.518870]  print_report+0x118/0x5d0
[   29.518911]  kasan_report+0xdc/0x128
[   29.518952]  __asan_report_store1_noabort+0x20/0x30
[   29.519020]  krealloc_less_oob_helper+0xa80/0xc50
[   29.519079]  krealloc_large_less_oob+0x20/0x38
[   29.519125]  kunit_try_run_case+0x170/0x3f0
[   29.519172]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.519220]  kthread+0x328/0x630
[   29.519260]  ret_from_fork+0x10/0x20
[   29.519315] 
[   29.519335] The buggy address belongs to the physical page:
[   29.519364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.519414] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.519458] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.519510] page_type: f8(unknown)
[   29.519546] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.519695] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.519878] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.519924] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.520128] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.520244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.520284] page dumped because: kasan: bad access detected
[   29.520313] 
[   29.520330] Memory state around the buggy address:
[   29.520360]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.520400]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.520440] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.520475]                                                     ^
[   29.520547]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.520605]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.520642] ==================================================================
[   29.473897] ==================================================================
[   29.473942] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.473990] Write of size 1 at addr fff00000c96882eb by task kunit_try_catch/189
[   29.474037] 
[   29.474080] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.474159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.474194] Hardware name: linux,dummy-virt (DT)
[   29.474337] Call trace:
[   29.474360]  show_stack+0x20/0x38 (C)
[   29.474407]  dump_stack_lvl+0x8c/0xd0
[   29.474450]  print_report+0x118/0x5d0
[   29.474492]  kasan_report+0xdc/0x128
[   29.474533]  __asan_report_store1_noabort+0x20/0x30
[   29.474580]  krealloc_less_oob_helper+0xa58/0xc50
[   29.474627]  krealloc_less_oob+0x20/0x38
[   29.474671]  kunit_try_run_case+0x170/0x3f0
[   29.474718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.474766]  kthread+0x328/0x630
[   29.474806]  ret_from_fork+0x10/0x20
[   29.474858] 
[   29.474882] Allocated by task 189:
[   29.474908]  kasan_save_stack+0x3c/0x68
[   29.475305]  kasan_save_track+0x20/0x40
[   29.475530]  kasan_save_alloc_info+0x40/0x58
[   29.475966]  __kasan_krealloc+0x118/0x178
[   29.476011]  krealloc_noprof+0x128/0x360
[   29.476428]  krealloc_less_oob_helper+0x168/0xc50
[   29.476684]  krealloc_less_oob+0x20/0x38
[   29.476725]  kunit_try_run_case+0x170/0x3f0
[   29.476763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.476806]  kthread+0x328/0x630
[   29.476838]  ret_from_fork+0x10/0x20
[   29.476991] 
[   29.477016] The buggy address belongs to the object at fff00000c9688200
[   29.477016]  which belongs to the cache kmalloc-256 of size 256
[   29.477271] The buggy address is located 34 bytes to the right of
[   29.477271]  allocated 201-byte region [fff00000c9688200, fff00000c96882c9)
[   29.477372] 
[   29.477399] The buggy address belongs to the physical page:
[   29.477556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.477664] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.477710] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.477772] page_type: f5(slab)
[   29.477905] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.477953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.478003] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.478060] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.478108] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.478254] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.478447] page dumped because: kasan: bad access detected
[   29.478481] 
[   29.478633] Memory state around the buggy address:
[   29.479017]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.479268]  fff00000c9688200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.479376] >fff00000c9688280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.479426]                                                           ^
[   29.479500]  fff00000c9688300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.479666]  fff00000c9688380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.479703] ==================================================================
[   29.452232] ==================================================================
[   29.452280] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.452328] Write of size 1 at addr fff00000c96882d0 by task kunit_try_catch/189
[   29.452375] 
[   29.452407] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.452487] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.452512] Hardware name: linux,dummy-virt (DT)
[   29.452542] Call trace:
[   29.452563]  show_stack+0x20/0x38 (C)
[   29.452990]  dump_stack_lvl+0x8c/0xd0
[   29.453064]  print_report+0x118/0x5d0
[   29.453107]  kasan_report+0xdc/0x128
[   29.453149]  __asan_report_store1_noabort+0x20/0x30
[   29.453503]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.453849]  krealloc_less_oob+0x20/0x38
[   29.454037]  kunit_try_run_case+0x170/0x3f0
[   29.454111]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.454546]  kthread+0x328/0x630
[   29.454709]  ret_from_fork+0x10/0x20
[   29.455154] 
[   29.455325] Allocated by task 189:
[   29.455455]  kasan_save_stack+0x3c/0x68
[   29.455499]  kasan_save_track+0x20/0x40
[   29.455560]  kasan_save_alloc_info+0x40/0x58
[   29.455926]  __kasan_krealloc+0x118/0x178
[   29.455974]  krealloc_noprof+0x128/0x360
[   29.456058]  krealloc_less_oob_helper+0x168/0xc50
[   29.456097]  krealloc_less_oob+0x20/0x38
[   29.456481]  kunit_try_run_case+0x170/0x3f0
[   29.456526]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.456565]  kthread+0x328/0x630
[   29.456597]  ret_from_fork+0x10/0x20
[   29.456703] 
[   29.456722] The buggy address belongs to the object at fff00000c9688200
[   29.456722]  which belongs to the cache kmalloc-256 of size 256
[   29.457013] The buggy address is located 7 bytes to the right of
[   29.457013]  allocated 201-byte region [fff00000c9688200, fff00000c96882c9)
[   29.457158] 
[   29.457180] The buggy address belongs to the physical page:
[   29.457412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.457524] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.457582] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.457639] page_type: f5(slab)
[   29.457678] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.457860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.457915] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.458094] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.458148] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.458195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.458351] page dumped because: kasan: bad access detected
[   29.458427] 
[   29.458446] Memory state around the buggy address:
[   29.458481]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.458623]  fff00000c9688200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.458708] >fff00000c9688280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.458809]                                                  ^
[   29.458906]  fff00000c9688300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.458948]  fff00000c9688380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.459028] ==================================================================
[   29.509897] ==================================================================
[   29.509972] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.510035] Write of size 1 at addr fff00000c9b060c9 by task kunit_try_catch/193
[   29.510098] 
[   29.510136] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.510218] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.510244] Hardware name: linux,dummy-virt (DT)
[   29.510275] Call trace:
[   29.510298]  show_stack+0x20/0x38 (C)
[   29.510345]  dump_stack_lvl+0x8c/0xd0
[   29.510391]  print_report+0x118/0x5d0
[   29.510433]  kasan_report+0xdc/0x128
[   29.510475]  __asan_report_store1_noabort+0x20/0x30
[   29.510522]  krealloc_less_oob_helper+0xa48/0xc50
[   29.510569]  krealloc_large_less_oob+0x20/0x38
[   29.510616]  kunit_try_run_case+0x170/0x3f0
[   29.510663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.511008]  kthread+0x328/0x630
[   29.511323]  ret_from_fork+0x10/0x20
[   29.511752] 
[   29.511920] The buggy address belongs to the physical page:
[   29.511958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.512014] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.512072] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.512307] page_type: f8(unknown)
[   29.512490] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.512755] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.513018] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.513075] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.513125] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.513193] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.513232] page dumped because: kasan: bad access detected
[   29.513262] 
[   29.513280] Memory state around the buggy address:
[   29.513312]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.513354]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.513394] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.513430]                                               ^
[   29.513463]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.513505]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.513541] ==================================================================
[   29.515419] ==================================================================
[   29.515466] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.515517] Write of size 1 at addr fff00000c9b060d0 by task kunit_try_catch/193
[   29.515564] 
[   29.515595] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.515676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.515701] Hardware name: linux,dummy-virt (DT)
[   29.515748] Call trace:
[   29.515782]  show_stack+0x20/0x38 (C)
[   29.515838]  dump_stack_lvl+0x8c/0xd0
[   29.516091]  print_report+0x118/0x5d0
[   29.516232]  kasan_report+0xdc/0x128
[   29.516274]  __asan_report_store1_noabort+0x20/0x30
[   29.516321]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.516369]  krealloc_large_less_oob+0x20/0x38
[   29.516415]  kunit_try_run_case+0x170/0x3f0
[   29.516464]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.516512]  kthread+0x328/0x630
[   29.516553]  ret_from_fork+0x10/0x20
[   29.516600] 
[   29.516620] The buggy address belongs to the physical page:
[   29.516650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.516702] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.516764] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.516888] page_type: f8(unknown)
[   29.516934] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.517056] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.517283] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.517330] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.517378] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.517424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.517462] page dumped because: kasan: bad access detected
[   29.517491] 
[   29.517508] Memory state around the buggy address:
[   29.517537]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.517580]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.517627] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.517674]                                                  ^
[   29.517708]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.517749]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.517872] ==================================================================
[   29.467872] ==================================================================
[   29.467941] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.467987] Write of size 1 at addr fff00000c96882ea by task kunit_try_catch/189
[   29.468034] 
[   29.468076] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.468155] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.468215] Hardware name: linux,dummy-virt (DT)
[   29.468295] Call trace:
[   29.468317]  show_stack+0x20/0x38 (C)
[   29.468492]  dump_stack_lvl+0x8c/0xd0
[   29.468542]  print_report+0x118/0x5d0
[   29.468641]  kasan_report+0xdc/0x128
[   29.468732]  __asan_report_store1_noabort+0x20/0x30
[   29.468849]  krealloc_less_oob_helper+0xae4/0xc50
[   29.468944]  krealloc_less_oob+0x20/0x38
[   29.469089]  kunit_try_run_case+0x170/0x3f0
[   29.469232]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.469320]  kthread+0x328/0x630
[   29.469448]  ret_from_fork+0x10/0x20
[   29.469523] 
[   29.469542] Allocated by task 189:
[   29.469581]  kasan_save_stack+0x3c/0x68
[   29.469626]  kasan_save_track+0x20/0x40
[   29.469663]  kasan_save_alloc_info+0x40/0x58
[   29.469806]  __kasan_krealloc+0x118/0x178
[   29.470077]  krealloc_noprof+0x128/0x360
[   29.470118]  krealloc_less_oob_helper+0x168/0xc50
[   29.470202]  krealloc_less_oob+0x20/0x38
[   29.470239]  kunit_try_run_case+0x170/0x3f0
[   29.470283]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.470449]  kthread+0x328/0x630
[   29.470480]  ret_from_fork+0x10/0x20
[   29.470514] 
[   29.470533] The buggy address belongs to the object at fff00000c9688200
[   29.470533]  which belongs to the cache kmalloc-256 of size 256
[   29.470589] The buggy address is located 33 bytes to the right of
[   29.470589]  allocated 201-byte region [fff00000c9688200, fff00000c96882c9)
[   29.470651] 
[   29.470716] The buggy address belongs to the physical page:
[   29.470858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.471068] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.471114] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.471163] page_type: f5(slab)
[   29.471252] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.471573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.471923] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.471985] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.472036] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.472091] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.472129] page dumped because: kasan: bad access detected
[   29.472368] 
[   29.472453] Memory state around the buggy address:
[   29.472492]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.472535]  fff00000c9688200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.472575] >fff00000c9688280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.472611]                                                           ^
[   29.472844]  fff00000c9688300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.472962]  fff00000c9688380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.472999] ==================================================================
[   29.520788] ==================================================================
[   29.520826] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.520870] Write of size 1 at addr fff00000c9b060ea by task kunit_try_catch/193
[   29.520916] 
[   29.520943] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.521085] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.521113] Hardware name: linux,dummy-virt (DT)
[   29.521142] Call trace:
[   29.521162]  show_stack+0x20/0x38 (C)
[   29.521208]  dump_stack_lvl+0x8c/0xd0
[   29.521263]  print_report+0x118/0x5d0
[   29.521462]  kasan_report+0xdc/0x128
[   29.521505]  __asan_report_store1_noabort+0x20/0x30
[   29.521559]  krealloc_less_oob_helper+0xae4/0xc50
[   29.521638]  krealloc_large_less_oob+0x20/0x38
[   29.521684]  kunit_try_run_case+0x170/0x3f0
[   29.521732]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.521779]  kthread+0x328/0x630
[   29.521820]  ret_from_fork+0x10/0x20
[   29.521866] 
[   29.521894] The buggy address belongs to the physical page:
[   29.521995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.522071] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.522115] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.522164] page_type: f8(unknown)
[   29.522200] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.522247] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.522294] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.522341] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.522388] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.522434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.522472] page dumped because: kasan: bad access detected
[   29.522501] 
[   29.522518] Memory state around the buggy address:
[   29.522547]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.522597]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.522638] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.522674]                                                           ^
[   29.522710]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.522749]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.522784] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.142433] ==================================================================
[   24.142760] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.143350] Write of size 1 at addr ffff88810587a0eb by task kunit_try_catch/211
[   24.143718] 
[   24.143843] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.143925] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.143938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.143972] Call Trace:
[   24.143991]  <TASK>
[   24.144011]  dump_stack_lvl+0x73/0xb0
[   24.144044]  print_report+0xd1/0x610
[   24.144067]  ? __virt_addr_valid+0x1db/0x2d0
[   24.144091]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.144114]  ? kasan_addr_to_slab+0x11/0xa0
[   24.144134]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.144156]  kasan_report+0x141/0x180
[   24.144178]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.144205]  __asan_report_store1_noabort+0x1b/0x30
[   24.144228]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.144252]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.144275]  ? finish_task_switch.isra.0+0x153/0x700
[   24.144298]  ? __switch_to+0x47/0xf80
[   24.144323]  ? __schedule+0x10cc/0x2b60
[   24.144345]  ? __pfx_read_tsc+0x10/0x10
[   24.144369]  krealloc_large_less_oob+0x1c/0x30
[   24.144390]  kunit_try_run_case+0x1a5/0x480
[   24.144413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.144432]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.144454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.144477]  ? __kthread_parkme+0x82/0x180
[   24.144497]  ? preempt_count_sub+0x50/0x80
[   24.144548]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.144570]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.144596]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.144631]  kthread+0x337/0x6f0
[   24.144650]  ? trace_preempt_on+0x20/0xc0
[   24.144682]  ? __pfx_kthread+0x10/0x10
[   24.144703]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.144724]  ? calculate_sigpending+0x7b/0xa0
[   24.144747]  ? __pfx_kthread+0x10/0x10
[   24.144768]  ret_from_fork+0x116/0x1d0
[   24.144786]  ? __pfx_kthread+0x10/0x10
[   24.144806]  ret_from_fork_asm+0x1a/0x30
[   24.144836]  </TASK>
[   24.144847] 
[   24.154039] The buggy address belongs to the physical page:
[   24.154364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.154869] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.155283] flags: 0x200000000000040(head|node=0|zone=2)
[   24.155623] page_type: f8(unknown)
[   24.155855] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.156173] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.156577] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.156959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.157434] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.157810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.158498] page dumped because: kasan: bad access detected
[   24.158805] 
[   24.158894] Memory state around the buggy address:
[   24.159157]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.159372]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.159767] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.160243]                                                           ^
[   24.160799]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.161194]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.161493] ==================================================================
[   23.952695] ==================================================================
[   23.953171] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.953482] Write of size 1 at addr ffff888104a978ea by task kunit_try_catch/207
[   23.953813] 
[   23.953921] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.953973] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.953986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.954009] Call Trace:
[   23.954029]  <TASK>
[   23.954056]  dump_stack_lvl+0x73/0xb0
[   23.954087]  print_report+0xd1/0x610
[   23.954108]  ? __virt_addr_valid+0x1db/0x2d0
[   23.954132]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.954154]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.954178]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.954202]  kasan_report+0x141/0x180
[   23.954222]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.954249]  __asan_report_store1_noabort+0x1b/0x30
[   23.954273]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.954297]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.954320]  ? finish_task_switch.isra.0+0x153/0x700
[   23.954342]  ? __switch_to+0x47/0xf80
[   23.954369]  ? __schedule+0x10cc/0x2b60
[   23.954392]  ? __pfx_read_tsc+0x10/0x10
[   23.954415]  krealloc_less_oob+0x1c/0x30
[   23.954436]  kunit_try_run_case+0x1a5/0x480
[   23.954458]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.954478]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.954500]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.954522]  ? __kthread_parkme+0x82/0x180
[   23.954542]  ? preempt_count_sub+0x50/0x80
[   23.954566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.954587]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.954611]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.954635]  kthread+0x337/0x6f0
[   23.954654]  ? trace_preempt_on+0x20/0xc0
[   23.954758]  ? __pfx_kthread+0x10/0x10
[   23.954778]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.954799]  ? calculate_sigpending+0x7b/0xa0
[   23.954823]  ? __pfx_kthread+0x10/0x10
[   23.954844]  ret_from_fork+0x116/0x1d0
[   23.954863]  ? __pfx_kthread+0x10/0x10
[   23.954883]  ret_from_fork_asm+0x1a/0x30
[   23.954914]  </TASK>
[   23.954925] 
[   23.961305] Allocated by task 207:
[   23.961500]  kasan_save_stack+0x45/0x70
[   23.961722]  kasan_save_track+0x18/0x40
[   23.961915]  kasan_save_alloc_info+0x3b/0x50
[   23.962132]  __kasan_krealloc+0x190/0x1f0
[   23.962708]  krealloc_noprof+0xf3/0x340
[   23.962894]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.963149]  krealloc_less_oob+0x1c/0x30
[   23.963286]  kunit_try_run_case+0x1a5/0x480
[   23.963424]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.963596]  kthread+0x337/0x6f0
[   23.963800]  ret_from_fork+0x116/0x1d0
[   23.964001]  ret_from_fork_asm+0x1a/0x30
[   23.964190] 
[   23.964278] The buggy address belongs to the object at ffff888104a97800
[   23.964278]  which belongs to the cache kmalloc-256 of size 256
[   23.964813] The buggy address is located 33 bytes to the right of
[   23.964813]  allocated 201-byte region [ffff888104a97800, ffff888104a978c9)
[   23.965281] 
[   23.965347] The buggy address belongs to the physical page:
[   23.965599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96
[   23.966167] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.966467] flags: 0x200000000000040(head|node=0|zone=2)
[   23.966687] page_type: f5(slab)
[   23.966883] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.967397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.967714] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.967990] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.968274] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff
[   23.968594] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.968902] page dumped because: kasan: bad access detected
[   23.969430] 
[   23.969515] Memory state around the buggy address:
[   23.969686]  ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.970012]  ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.970223] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.970425]                                                           ^
[   23.970618]  ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.970831]  ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.971036] ==================================================================
[   23.928333] ==================================================================
[   23.928610] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.929384] Write of size 1 at addr ffff888104a978da by task kunit_try_catch/207
[   23.929719] 
[   23.929904] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.930035] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.930058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.930081] Call Trace:
[   23.930101]  <TASK>
[   23.930121]  dump_stack_lvl+0x73/0xb0
[   23.930157]  print_report+0xd1/0x610
[   23.930180]  ? __virt_addr_valid+0x1db/0x2d0
[   23.930203]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.930226]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.930250]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.930272]  kasan_report+0x141/0x180
[   23.930293]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.930319]  __asan_report_store1_noabort+0x1b/0x30
[   23.930342]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.930366]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.930389]  ? finish_task_switch.isra.0+0x153/0x700
[   23.930410]  ? __switch_to+0x47/0xf80
[   23.930436]  ? __schedule+0x10cc/0x2b60
[   23.930458]  ? __pfx_read_tsc+0x10/0x10
[   23.930482]  krealloc_less_oob+0x1c/0x30
[   23.930502]  kunit_try_run_case+0x1a5/0x480
[   23.930524]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.930543]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.930565]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.930587]  ? __kthread_parkme+0x82/0x180
[   23.930607]  ? preempt_count_sub+0x50/0x80
[   23.930629]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.930649]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.930687]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.930712]  kthread+0x337/0x6f0
[   23.930731]  ? trace_preempt_on+0x20/0xc0
[   23.930763]  ? __pfx_kthread+0x10/0x10
[   23.930783]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.930804]  ? calculate_sigpending+0x7b/0xa0
[   23.930828]  ? __pfx_kthread+0x10/0x10
[   23.930848]  ret_from_fork+0x116/0x1d0
[   23.930867]  ? __pfx_kthread+0x10/0x10
[   23.930886]  ret_from_fork_asm+0x1a/0x30
[   23.930916]  </TASK>
[   23.930927] 
[   23.940403] Allocated by task 207:
[   23.940561]  kasan_save_stack+0x45/0x70
[   23.941100]  kasan_save_track+0x18/0x40
[   23.941450]  kasan_save_alloc_info+0x3b/0x50
[   23.942142]  __kasan_krealloc+0x190/0x1f0
[   23.942374]  krealloc_noprof+0xf3/0x340
[   23.942722]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.943116]  krealloc_less_oob+0x1c/0x30
[   23.943524]  kunit_try_run_case+0x1a5/0x480
[   23.943951]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.944197]  kthread+0x337/0x6f0
[   23.944321]  ret_from_fork+0x116/0x1d0
[   23.944448]  ret_from_fork_asm+0x1a/0x30
[   23.944582] 
[   23.944649] The buggy address belongs to the object at ffff888104a97800
[   23.944649]  which belongs to the cache kmalloc-256 of size 256
[   23.945471] The buggy address is located 17 bytes to the right of
[   23.945471]  allocated 201-byte region [ffff888104a97800, ffff888104a978c9)
[   23.945928] 
[   23.946053] The buggy address belongs to the physical page:
[   23.946424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96
[   23.946746] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.947074] flags: 0x200000000000040(head|node=0|zone=2)
[   23.947288] page_type: f5(slab)
[   23.947408] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.947748] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.948176] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.948470] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.948753] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff
[   23.949051] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.949311] page dumped because: kasan: bad access detected
[   23.949601] 
[   23.949700] Memory state around the buggy address:
[   23.950292]  ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.950587]  ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.950885] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.951138]                                                     ^
[   23.951395]  ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.951823]  ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.952038] ==================================================================
[   23.971501] ==================================================================
[   23.971901] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.972273] Write of size 1 at addr ffff888104a978eb by task kunit_try_catch/207
[   23.972595] 
[   23.972713] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.972763] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.972775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.972852] Call Trace:
[   23.972875]  <TASK>
[   23.972894]  dump_stack_lvl+0x73/0xb0
[   23.972975]  print_report+0xd1/0x610
[   23.972998]  ? __virt_addr_valid+0x1db/0x2d0
[   23.973021]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.973043]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.973097]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.973123]  kasan_report+0x141/0x180
[   23.973144]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.973170]  __asan_report_store1_noabort+0x1b/0x30
[   23.973193]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.973219]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.973241]  ? finish_task_switch.isra.0+0x153/0x700
[   23.973265]  ? __switch_to+0x47/0xf80
[   23.973290]  ? __schedule+0x10cc/0x2b60
[   23.973313]  ? __pfx_read_tsc+0x10/0x10
[   23.973337]  krealloc_less_oob+0x1c/0x30
[   23.973357]  kunit_try_run_case+0x1a5/0x480
[   23.973379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.973399]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.973421]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.973444]  ? __kthread_parkme+0x82/0x180
[   23.973464]  ? preempt_count_sub+0x50/0x80
[   23.973486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.973506]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.973530]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.973555]  kthread+0x337/0x6f0
[   23.973574]  ? trace_preempt_on+0x20/0xc0
[   23.973597]  ? __pfx_kthread+0x10/0x10
[   23.973617]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.973638]  ? calculate_sigpending+0x7b/0xa0
[   23.973672]  ? __pfx_kthread+0x10/0x10
[   23.973693]  ret_from_fork+0x116/0x1d0
[   23.973711]  ? __pfx_kthread+0x10/0x10
[   23.973732]  ret_from_fork_asm+0x1a/0x30
[   23.973762]  </TASK>
[   23.973773] 
[   23.981043] Allocated by task 207:
[   23.981220]  kasan_save_stack+0x45/0x70
[   23.981375]  kasan_save_track+0x18/0x40
[   23.981502]  kasan_save_alloc_info+0x3b/0x50
[   23.981643]  __kasan_krealloc+0x190/0x1f0
[   23.981785]  krealloc_noprof+0xf3/0x340
[   23.981932]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.982152]  krealloc_less_oob+0x1c/0x30
[   23.982388]  kunit_try_run_case+0x1a5/0x480
[   23.982585]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.982842]  kthread+0x337/0x6f0
[   23.983004]  ret_from_fork+0x116/0x1d0
[   23.983185]  ret_from_fork_asm+0x1a/0x30
[   23.983410] 
[   23.983473] The buggy address belongs to the object at ffff888104a97800
[   23.983473]  which belongs to the cache kmalloc-256 of size 256
[   23.983830] The buggy address is located 34 bytes to the right of
[   23.983830]  allocated 201-byte region [ffff888104a97800, ffff888104a978c9)
[   23.984648] 
[   23.984836] The buggy address belongs to the physical page:
[   23.988598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96
[   23.989140] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.989368] flags: 0x200000000000040(head|node=0|zone=2)
[   23.989545] page_type: f5(slab)
[   23.993134] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.994217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.996043] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.996303] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.996548] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff
[   23.996886] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.997171] page dumped because: kasan: bad access detected
[   23.997390] 
[   23.997457] Memory state around the buggy address:
[   23.997649]  ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.998417]  ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.998919] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.999201]                                                           ^
[   23.999393]  ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.999600]  ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.000007] ==================================================================
[   24.122299] ==================================================================
[   24.122847] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.123340] Write of size 1 at addr ffff88810587a0ea by task kunit_try_catch/211
[   24.123808] 
[   24.123911] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.123965] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.123978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.124029] Call Trace:
[   24.124049]  <TASK>
[   24.124069]  dump_stack_lvl+0x73/0xb0
[   24.124184]  print_report+0xd1/0x610
[   24.124208]  ? __virt_addr_valid+0x1db/0x2d0
[   24.124244]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.124266]  ? kasan_addr_to_slab+0x11/0xa0
[   24.124286]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.124308]  kasan_report+0x141/0x180
[   24.124357]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.124384]  __asan_report_store1_noabort+0x1b/0x30
[   24.124435]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.124459]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.124481]  ? finish_task_switch.isra.0+0x153/0x700
[   24.124503]  ? __switch_to+0x47/0xf80
[   24.124528]  ? __schedule+0x10cc/0x2b60
[   24.124552]  ? __pfx_read_tsc+0x10/0x10
[   24.124575]  krealloc_large_less_oob+0x1c/0x30
[   24.124596]  kunit_try_run_case+0x1a5/0x480
[   24.124619]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.124677]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.124699]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.124723]  ? __kthread_parkme+0x82/0x180
[   24.124753]  ? preempt_count_sub+0x50/0x80
[   24.124785]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.124806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.124831]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.124855]  kthread+0x337/0x6f0
[   24.124875]  ? trace_preempt_on+0x20/0xc0
[   24.124898]  ? __pfx_kthread+0x10/0x10
[   24.124936]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.125032]  ? calculate_sigpending+0x7b/0xa0
[   24.125058]  ? __pfx_kthread+0x10/0x10
[   24.125079]  ret_from_fork+0x116/0x1d0
[   24.125118]  ? __pfx_kthread+0x10/0x10
[   24.125147]  ret_from_fork_asm+0x1a/0x30
[   24.125178]  </TASK>
[   24.125189] 
[   24.134582] The buggy address belongs to the physical page:
[   24.134922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.135308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.135760] flags: 0x200000000000040(head|node=0|zone=2)
[   24.136066] page_type: f8(unknown)
[   24.136316] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.136683] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.137298] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.137555] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.138067] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.138338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.138556] page dumped because: kasan: bad access detected
[   24.138723] 
[   24.138819] Memory state around the buggy address:
[   24.139088]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.139462]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.140053] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.140409]                                                           ^
[   24.140649]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.140901]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.141428] ==================================================================
[   23.883346] ==================================================================
[   23.883852] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.884216] Write of size 1 at addr ffff888104a978c9 by task kunit_try_catch/207
[   23.884902] 
[   23.885028] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.885083] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.885096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.885118] Call Trace:
[   23.885131]  <TASK>
[   23.885150]  dump_stack_lvl+0x73/0xb0
[   23.885181]  print_report+0xd1/0x610
[   23.885203]  ? __virt_addr_valid+0x1db/0x2d0
[   23.885228]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.885267]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.885303]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.885327]  kasan_report+0x141/0x180
[   23.885348]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.885374]  __asan_report_store1_noabort+0x1b/0x30
[   23.885397]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.885421]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.885444]  ? finish_task_switch.isra.0+0x153/0x700
[   23.885466]  ? __switch_to+0x47/0xf80
[   23.885492]  ? __schedule+0x10cc/0x2b60
[   23.885515]  ? __pfx_read_tsc+0x10/0x10
[   23.885538]  krealloc_less_oob+0x1c/0x30
[   23.885558]  kunit_try_run_case+0x1a5/0x480
[   23.885581]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.885600]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.885622]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.885644]  ? __kthread_parkme+0x82/0x180
[   23.885676]  ? preempt_count_sub+0x50/0x80
[   23.885698]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.885718]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.885743]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.885989]  kthread+0x337/0x6f0
[   23.886010]  ? trace_preempt_on+0x20/0xc0
[   23.886033]  ? __pfx_kthread+0x10/0x10
[   23.886060]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.886081]  ? calculate_sigpending+0x7b/0xa0
[   23.886105]  ? __pfx_kthread+0x10/0x10
[   23.886125]  ret_from_fork+0x116/0x1d0
[   23.886144]  ? __pfx_kthread+0x10/0x10
[   23.886164]  ret_from_fork_asm+0x1a/0x30
[   23.886194]  </TASK>
[   23.886206] 
[   23.895571] Allocated by task 207:
[   23.895764]  kasan_save_stack+0x45/0x70
[   23.895920]  kasan_save_track+0x18/0x40
[   23.896102]  kasan_save_alloc_info+0x3b/0x50
[   23.896322]  __kasan_krealloc+0x190/0x1f0
[   23.896513]  krealloc_noprof+0xf3/0x340
[   23.896649]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.896929]  krealloc_less_oob+0x1c/0x30
[   23.897129]  kunit_try_run_case+0x1a5/0x480
[   23.897391]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.897580]  kthread+0x337/0x6f0
[   23.897706]  ret_from_fork+0x116/0x1d0
[   23.897877]  ret_from_fork_asm+0x1a/0x30
[   23.898075] 
[   23.898164] The buggy address belongs to the object at ffff888104a97800
[   23.898164]  which belongs to the cache kmalloc-256 of size 256
[   23.898684] The buggy address is located 0 bytes to the right of
[   23.898684]  allocated 201-byte region [ffff888104a97800, ffff888104a978c9)
[   23.899251] 
[   23.899318] The buggy address belongs to the physical page:
[   23.899486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96
[   23.899897] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.900348] flags: 0x200000000000040(head|node=0|zone=2)
[   23.900597] page_type: f5(slab)
[   23.900727] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.901100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.901433] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.901667] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.902006] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff
[   23.902808] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.903058] page dumped because: kasan: bad access detected
[   23.903223] 
[   23.903287] Memory state around the buggy address:
[   23.903444]  ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.903785]  ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.904099] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.904351]                                               ^
[   23.904540]  ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.905135]  ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.905431] ==================================================================
[   24.082795] ==================================================================
[   24.083396] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.083744] Write of size 1 at addr ffff88810587a0d0 by task kunit_try_catch/211
[   24.084148] 
[   24.084276] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.084358] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.084371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.084394] Call Trace:
[   24.084407]  <TASK>
[   24.084438]  dump_stack_lvl+0x73/0xb0
[   24.084471]  print_report+0xd1/0x610
[   24.084520]  ? __virt_addr_valid+0x1db/0x2d0
[   24.084544]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.084566]  ? kasan_addr_to_slab+0x11/0xa0
[   24.084596]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.084619]  kasan_report+0x141/0x180
[   24.084639]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.084674]  __asan_report_store1_noabort+0x1b/0x30
[   24.084698]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.084723]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.084745]  ? finish_task_switch.isra.0+0x153/0x700
[   24.084793]  ? __switch_to+0x47/0xf80
[   24.084819]  ? __schedule+0x10cc/0x2b60
[   24.084842]  ? __pfx_read_tsc+0x10/0x10
[   24.084876]  krealloc_large_less_oob+0x1c/0x30
[   24.084898]  kunit_try_run_case+0x1a5/0x480
[   24.084938]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.084967]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.084989]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.085046]  ? __kthread_parkme+0x82/0x180
[   24.085066]  ? preempt_count_sub+0x50/0x80
[   24.085088]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.085108]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.085133]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.085158]  kthread+0x337/0x6f0
[   24.085177]  ? trace_preempt_on+0x20/0xc0
[   24.085200]  ? __pfx_kthread+0x10/0x10
[   24.085220]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.085241]  ? calculate_sigpending+0x7b/0xa0
[   24.085264]  ? __pfx_kthread+0x10/0x10
[   24.085284]  ret_from_fork+0x116/0x1d0
[   24.085302]  ? __pfx_kthread+0x10/0x10
[   24.085322]  ret_from_fork_asm+0x1a/0x30
[   24.085353]  </TASK>
[   24.085364] 
[   24.094428] The buggy address belongs to the physical page:
[   24.094751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.095176] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.095544] flags: 0x200000000000040(head|node=0|zone=2)
[   24.095874] page_type: f8(unknown)
[   24.096153] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.096524] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.097023] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.097714] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.098174] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.098569] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.098975] page dumped because: kasan: bad access detected
[   24.099206] 
[   24.099269] Memory state around the buggy address:
[   24.099745]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.100203]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.100550] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.100885]                                                  ^
[   24.101057]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.101485]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.102033] ==================================================================
[   24.060880] ==================================================================
[   24.061803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.062601] Write of size 1 at addr ffff88810587a0c9 by task kunit_try_catch/211
[   24.063113] 
[   24.063234] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.063290] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.063304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.063327] Call Trace:
[   24.063342]  <TASK>
[   24.063361]  dump_stack_lvl+0x73/0xb0
[   24.063397]  print_report+0xd1/0x610
[   24.063421]  ? __virt_addr_valid+0x1db/0x2d0
[   24.063444]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.063468]  ? kasan_addr_to_slab+0x11/0xa0
[   24.063488]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.063511]  kasan_report+0x141/0x180
[   24.063531]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.063558]  __asan_report_store1_noabort+0x1b/0x30
[   24.063581]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.063605]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.063628]  ? finish_task_switch.isra.0+0x153/0x700
[   24.063650]  ? __switch_to+0x47/0xf80
[   24.063687]  ? __schedule+0x10cc/0x2b60
[   24.063710]  ? __pfx_read_tsc+0x10/0x10
[   24.063735]  krealloc_large_less_oob+0x1c/0x30
[   24.063769]  kunit_try_run_case+0x1a5/0x480
[   24.063793]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.063813]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.063835]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.063857]  ? __kthread_parkme+0x82/0x180
[   24.063877]  ? preempt_count_sub+0x50/0x80
[   24.063899]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.063919]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.063944]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.064035]  kthread+0x337/0x6f0
[   24.064056]  ? trace_preempt_on+0x20/0xc0
[   24.064080]  ? __pfx_kthread+0x10/0x10
[   24.064100]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.064121]  ? calculate_sigpending+0x7b/0xa0
[   24.064144]  ? __pfx_kthread+0x10/0x10
[   24.064165]  ret_from_fork+0x116/0x1d0
[   24.064184]  ? __pfx_kthread+0x10/0x10
[   24.064204]  ret_from_fork_asm+0x1a/0x30
[   24.064234]  </TASK>
[   24.064245] 
[   24.074317] The buggy address belongs to the physical page:
[   24.074603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.075210] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.075557] flags: 0x200000000000040(head|node=0|zone=2)
[   24.075864] page_type: f8(unknown)
[   24.076112] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.076519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.076840] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.077627] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.078129] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.078434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.078741] page dumped because: kasan: bad access detected
[   24.079045] 
[   24.079223] Memory state around the buggy address:
[   24.079473]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.079811]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.080216] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.080586]                                               ^
[   24.080886]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.081241]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.081601] ==================================================================
[   23.905967] ==================================================================
[   23.906883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.907779] Write of size 1 at addr ffff888104a978d0 by task kunit_try_catch/207
[   23.908346] 
[   23.908444] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.908497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.908510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.908532] Call Trace:
[   23.908546]  <TASK>
[   23.908564]  dump_stack_lvl+0x73/0xb0
[   23.908598]  print_report+0xd1/0x610
[   23.908620]  ? __virt_addr_valid+0x1db/0x2d0
[   23.908643]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.908677]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.908702]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.908724]  kasan_report+0x141/0x180
[   23.908745]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.908771]  __asan_report_store1_noabort+0x1b/0x30
[   23.908794]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.908818]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.908841]  ? finish_task_switch.isra.0+0x153/0x700
[   23.908863]  ? __switch_to+0x47/0xf80
[   23.908888]  ? __schedule+0x10cc/0x2b60
[   23.908910]  ? __pfx_read_tsc+0x10/0x10
[   23.908935]  krealloc_less_oob+0x1c/0x30
[   23.909007]  kunit_try_run_case+0x1a5/0x480
[   23.909029]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.909049]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.909072]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.909094]  ? __kthread_parkme+0x82/0x180
[   23.909114]  ? preempt_count_sub+0x50/0x80
[   23.909136]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.909157]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.909181]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.909205]  kthread+0x337/0x6f0
[   23.909224]  ? trace_preempt_on+0x20/0xc0
[   23.909248]  ? __pfx_kthread+0x10/0x10
[   23.909270]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.909292]  ? calculate_sigpending+0x7b/0xa0
[   23.909317]  ? __pfx_kthread+0x10/0x10
[   23.909338]  ret_from_fork+0x116/0x1d0
[   23.909357]  ? __pfx_kthread+0x10/0x10
[   23.909377]  ret_from_fork_asm+0x1a/0x30
[   23.909407]  </TASK>
[   23.909418] 
[   23.917218] Allocated by task 207:
[   23.917368]  kasan_save_stack+0x45/0x70
[   23.917654]  kasan_save_track+0x18/0x40
[   23.918001]  kasan_save_alloc_info+0x3b/0x50
[   23.918521]  __kasan_krealloc+0x190/0x1f0
[   23.918732]  krealloc_noprof+0xf3/0x340
[   23.918938]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.919227]  krealloc_less_oob+0x1c/0x30
[   23.919365]  kunit_try_run_case+0x1a5/0x480
[   23.919503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.919741]  kthread+0x337/0x6f0
[   23.919924]  ret_from_fork+0x116/0x1d0
[   23.920108]  ret_from_fork_asm+0x1a/0x30
[   23.920342] 
[   23.920481] The buggy address belongs to the object at ffff888104a97800
[   23.920481]  which belongs to the cache kmalloc-256 of size 256
[   23.920897] The buggy address is located 7 bytes to the right of
[   23.920897]  allocated 201-byte region [ffff888104a97800, ffff888104a978c9)
[   23.921347] 
[   23.921437] The buggy address belongs to the physical page:
[   23.921692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96
[   23.922088] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.922412] flags: 0x200000000000040(head|node=0|zone=2)
[   23.922582] page_type: f5(slab)
[   23.922710] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.923133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.923478] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   23.923829] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.924467] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff
[   23.924860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.925083] page dumped because: kasan: bad access detected
[   23.925246] 
[   23.925308] Memory state around the buggy address:
[   23.925597]  ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.925924]  ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.926180] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.926473]                                                  ^
[   23.926646]  ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.927259]  ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.927571] ==================================================================
[   24.102724] ==================================================================
[   24.103129] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.103505] Write of size 1 at addr ffff88810587a0da by task kunit_try_catch/211
[   24.103870] 
[   24.104032] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.104169] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.104183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.104206] Call Trace:
[   24.104225]  <TASK>
[   24.104256]  dump_stack_lvl+0x73/0xb0
[   24.104289]  print_report+0xd1/0x610
[   24.104339]  ? __virt_addr_valid+0x1db/0x2d0
[   24.104362]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.104384]  ? kasan_addr_to_slab+0x11/0xa0
[   24.104415]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.104437]  kasan_report+0x141/0x180
[   24.104458]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.104485]  __asan_report_store1_noabort+0x1b/0x30
[   24.104534]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.104558]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.104581]  ? finish_task_switch.isra.0+0x153/0x700
[   24.104613]  ? __switch_to+0x47/0xf80
[   24.104638]  ? __schedule+0x10cc/0x2b60
[   24.104696]  ? __pfx_read_tsc+0x10/0x10
[   24.104720]  krealloc_large_less_oob+0x1c/0x30
[   24.104742]  kunit_try_run_case+0x1a5/0x480
[   24.104789]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.104809]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.104830]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.104882]  ? __kthread_parkme+0x82/0x180
[   24.104902]  ? preempt_count_sub+0x50/0x80
[   24.104923]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.104996]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.105052]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.105077]  kthread+0x337/0x6f0
[   24.105097]  ? trace_preempt_on+0x20/0xc0
[   24.105131]  ? __pfx_kthread+0x10/0x10
[   24.105151]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.105172]  ? calculate_sigpending+0x7b/0xa0
[   24.105196]  ? __pfx_kthread+0x10/0x10
[   24.105216]  ret_from_fork+0x116/0x1d0
[   24.105234]  ? __pfx_kthread+0x10/0x10
[   24.105254]  ret_from_fork_asm+0x1a/0x30
[   24.105301]  </TASK>
[   24.105311] 
[   24.114523] The buggy address belongs to the physical page:
[   24.115026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.115339] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.115553] flags: 0x200000000000040(head|node=0|zone=2)
[   24.115881] page_type: f8(unknown)
[   24.116245] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.116722] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.117000] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.117574] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.118002] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.118250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.118572] page dumped because: kasan: bad access detected
[   24.119229] 
[   24.119344] Memory state around the buggy address:
[   24.119616]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.119893]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.120165] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.120578]                                                     ^
[   24.121076]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.121395]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.121736] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW5XeyUzOSFr9BpBP7b7OYkHS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW5XeyUzOSFr9BpBP7b7OYkHS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/bzImage
sha256sum	4565f21e261caec61f0904b87ff9eab2fa750b37970854db3ef378370e96c96a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/modules.tar.xz
sha256sum	25191cedf68988510c88d39b245d9f83740d3133c412cf5e2b129a6de7adb415

durations

tests

boot	0
kunit	230.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit