lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   39.963642] ==================================================================
[   39.970601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   39.978147] Write of size 1 at addr ffff0008030f84d0 by task kunit_try_catch/239
[   39.985525] 
[   39.987011] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   39.987063] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.987079] Hardware name: WinLink E850-96 board (DT)
[   39.987097] Call trace:
[   39.987112]  show_stack+0x20/0x38 (C)
[   39.987144]  dump_stack_lvl+0x8c/0xd0
[   39.987178]  print_report+0x118/0x5d0
[   39.987206]  kasan_report+0xdc/0x128
[   39.987231]  __asan_report_store1_noabort+0x20/0x30
[   39.987261]  krealloc_less_oob_helper+0xb9c/0xc50
[   39.987294]  krealloc_less_oob+0x20/0x38
[   39.987325]  kunit_try_run_case+0x170/0x3f0
[   39.987357]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.987392]  kthread+0x328/0x630
[   39.987419]  ret_from_fork+0x10/0x20
[   39.987454] 
[   40.055576] Allocated by task 239:
[   40.058964]  kasan_save_stack+0x3c/0x68
[   40.062781]  kasan_save_track+0x20/0x40
[   40.066601]  kasan_save_alloc_info+0x40/0x58
[   40.070854]  __kasan_krealloc+0x118/0x178
[   40.074847]  krealloc_noprof+0x128/0x360
[   40.078753]  krealloc_less_oob_helper+0x168/0xc50
[   40.083441]  krealloc_less_oob+0x20/0x38
[   40.087347]  kunit_try_run_case+0x170/0x3f0
[   40.091513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.096982]  kthread+0x328/0x630
[   40.100194]  ret_from_fork+0x10/0x20
[   40.103753] 
[   40.105230] The buggy address belongs to the object at ffff0008030f8400
[   40.105230]  which belongs to the cache kmalloc-256 of size 256
[   40.117730] The buggy address is located 7 bytes to the right of
[   40.117730]  allocated 201-byte region [ffff0008030f8400, ffff0008030f84c9)
[   40.130662] 
[   40.132141] The buggy address belongs to the physical page:
[   40.137697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830f8
[   40.145681] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.153319] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.160262] page_type: f5(slab)
[   40.163397] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.171120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.178845] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.186657] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.194470] head: 0bfffe0000000002 fffffdffe00c3e01 00000000ffffffff 00000000ffffffff
[   40.202282] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.210088] page dumped because: kasan: bad access detected
[   40.215643] 
[   40.217119] Memory state around the buggy address:
[   40.221899]  ffff0008030f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.229103]  ffff0008030f8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.236307] >ffff0008030f8480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.243508]                                                  ^
[   40.249327]  ffff0008030f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.256532]  ffff0008030f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.263733] ==================================================================
[   40.579009] ==================================================================
[   40.586039] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   40.593591] Write of size 1 at addr ffff0008030f84ea by task kunit_try_catch/239
[   40.600968] 
[   40.602452] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   40.602505] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.602521] Hardware name: WinLink E850-96 board (DT)
[   40.602540] Call trace:
[   40.602553]  show_stack+0x20/0x38 (C)
[   40.602584]  dump_stack_lvl+0x8c/0xd0
[   40.602616]  print_report+0x118/0x5d0
[   40.602642]  kasan_report+0xdc/0x128
[   40.602667]  __asan_report_store1_noabort+0x20/0x30
[   40.602698]  krealloc_less_oob_helper+0xae4/0xc50
[   40.602730]  krealloc_less_oob+0x20/0x38
[   40.602761]  kunit_try_run_case+0x170/0x3f0
[   40.602789]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.602822]  kthread+0x328/0x630
[   40.602848]  ret_from_fork+0x10/0x20
[   40.602877] 
[   40.671018] Allocated by task 239:
[   40.674406]  kasan_save_stack+0x3c/0x68
[   40.678223]  kasan_save_track+0x20/0x40
[   40.682044]  kasan_save_alloc_info+0x40/0x58
[   40.686296]  __kasan_krealloc+0x118/0x178
[   40.690289]  krealloc_noprof+0x128/0x360
[   40.694195]  krealloc_less_oob_helper+0x168/0xc50
[   40.698883]  krealloc_less_oob+0x20/0x38
[   40.702789]  kunit_try_run_case+0x170/0x3f0
[   40.706956]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.712424]  kthread+0x328/0x630
[   40.715636]  ret_from_fork+0x10/0x20
[   40.719195] 
[   40.720671] The buggy address belongs to the object at ffff0008030f8400
[   40.720671]  which belongs to the cache kmalloc-256 of size 256
[   40.733171] The buggy address is located 33 bytes to the right of
[   40.733171]  allocated 201-byte region [ffff0008030f8400, ffff0008030f84c9)
[   40.746191] 
[   40.747669] The buggy address belongs to the physical page:
[   40.753226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830f8
[   40.761210] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.768848] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.775791] page_type: f5(slab)
[   40.778924] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.786650] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.794375] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.802186] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.810000] head: 0bfffe0000000002 fffffdffe00c3e01 00000000ffffffff 00000000ffffffff
[   40.817811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.825618] page dumped because: kasan: bad access detected
[   40.831174] 
[   40.832648] Memory state around the buggy address:
[   40.837427]  ffff0008030f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.844632]  ffff0008030f8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.851835] >ffff0008030f8480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.859037]                                                           ^
[   40.865637]  ffff0008030f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.872844]  ffff0008030f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.880043] ==================================================================
[   42.597173] ==================================================================
[   42.604238] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   42.611790] Write of size 1 at addr ffff0008062c60eb by task kunit_try_catch/243
[   42.619166] 
[   42.620650] CPU: 2 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   42.620698] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.620712] Hardware name: WinLink E850-96 board (DT)
[   42.620730] Call trace:
[   42.620742]  show_stack+0x20/0x38 (C)
[   42.620776]  dump_stack_lvl+0x8c/0xd0
[   42.620808]  print_report+0x118/0x5d0
[   42.620834]  kasan_report+0xdc/0x128
[   42.620864]  __asan_report_store1_noabort+0x20/0x30
[   42.620895]  krealloc_less_oob_helper+0xa58/0xc50
[   42.620927]  krealloc_large_less_oob+0x20/0x38
[   42.620959]  kunit_try_run_case+0x170/0x3f0
[   42.620987]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.621020]  kthread+0x328/0x630
[   42.621046]  ret_from_fork+0x10/0x20
[   42.621078] 
[   42.689740] The buggy address belongs to the physical page:
[   42.695298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   42.703279] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.710920] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.717863] page_type: f8(unknown)
[   42.721256] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.728980] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.736707] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.744518] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.752331] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   42.760143] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.767949] page dumped because: kasan: bad access detected
[   42.773504] 
[   42.774980] Memory state around the buggy address:
[   42.779759]  ffff0008062c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.786963]  ffff0008062c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.794167] >ffff0008062c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.801368]                                                           ^
[   42.807969]  ffff0008062c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.815174]  ffff0008062c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.822375] ==================================================================
[   42.132586] ==================================================================
[   42.139663] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   42.147213] Write of size 1 at addr ffff0008062c60da by task kunit_try_catch/243
[   42.154590] 
[   42.156075] CPU: 2 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   42.156131] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.156148] Hardware name: WinLink E850-96 board (DT)
[   42.156166] Call trace:
[   42.156179]  show_stack+0x20/0x38 (C)
[   42.156211]  dump_stack_lvl+0x8c/0xd0
[   42.156245]  print_report+0x118/0x5d0
[   42.156273]  kasan_report+0xdc/0x128
[   42.156298]  __asan_report_store1_noabort+0x20/0x30
[   42.156331]  krealloc_less_oob_helper+0xa80/0xc50
[   42.156366]  krealloc_large_less_oob+0x20/0x38
[   42.156397]  kunit_try_run_case+0x170/0x3f0
[   42.156427]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.156460]  kthread+0x328/0x630
[   42.156487]  ret_from_fork+0x10/0x20
[   42.156521] 
[   42.225164] The buggy address belongs to the physical page:
[   42.230722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   42.238705] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.246345] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.253287] page_type: f8(unknown)
[   42.256681] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.264404] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.272130] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.279942] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.287755] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   42.295567] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.303372] page dumped because: kasan: bad access detected
[   42.308928] 
[   42.310405] Memory state around the buggy address:
[   42.315185]  ffff0008062c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.322388]  ffff0008062c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.329591] >ffff0008062c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.336792]                                                     ^
[   42.342872]  ffff0008062c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.350077]  ffff0008062c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.357279] ==================================================================
[   40.887399] ==================================================================
[   40.894456] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   40.902006] Write of size 1 at addr ffff0008030f84eb by task kunit_try_catch/239
[   40.909383] 
[   40.910868] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   40.910921] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.910936] Hardware name: WinLink E850-96 board (DT)
[   40.910956] Call trace:
[   40.910970]  show_stack+0x20/0x38 (C)
[   40.911001]  dump_stack_lvl+0x8c/0xd0
[   40.911036]  print_report+0x118/0x5d0
[   40.911062]  kasan_report+0xdc/0x128
[   40.911088]  __asan_report_store1_noabort+0x20/0x30
[   40.911118]  krealloc_less_oob_helper+0xa58/0xc50
[   40.911151]  krealloc_less_oob+0x20/0x38
[   40.911180]  kunit_try_run_case+0x170/0x3f0
[   40.911208]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.911239]  kthread+0x328/0x630
[   40.911262]  ret_from_fork+0x10/0x20
[   40.911293] 
[   40.979434] Allocated by task 239:
[   40.982820]  kasan_save_stack+0x3c/0x68
[   40.986639]  kasan_save_track+0x20/0x40
[   40.990458]  kasan_save_alloc_info+0x40/0x58
[   40.994712]  __kasan_krealloc+0x118/0x178
[   40.998705]  krealloc_noprof+0x128/0x360
[   41.002611]  krealloc_less_oob_helper+0x168/0xc50
[   41.007298]  krealloc_less_oob+0x20/0x38
[   41.011204]  kunit_try_run_case+0x170/0x3f0
[   41.015371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.020840]  kthread+0x328/0x630
[   41.024052]  ret_from_fork+0x10/0x20
[   41.027610] 
[   41.029088] The buggy address belongs to the object at ffff0008030f8400
[   41.029088]  which belongs to the cache kmalloc-256 of size 256
[   41.041586] The buggy address is located 34 bytes to the right of
[   41.041586]  allocated 201-byte region [ffff0008030f8400, ffff0008030f84c9)
[   41.054606] 
[   41.056086] The buggy address belongs to the physical page:
[   41.061642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830f8
[   41.069625] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.077264] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.084208] page_type: f5(slab)
[   41.087341] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   41.095064] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   41.102790] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   41.110602] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   41.118415] head: 0bfffe0000000002 fffffdffe00c3e01 00000000ffffffff 00000000ffffffff
[   41.126227] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.134033] page dumped because: kasan: bad access detected
[   41.139588] 
[   41.141063] Memory state around the buggy address:
[   41.145843]  ffff0008030f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.153046]  ffff0008030f8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.160251] >ffff0008030f8480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   41.167452]                                                           ^
[   41.174053]  ffff0008030f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.181258]  ffff0008030f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.188459] ==================================================================
[   41.666304] ==================================================================
[   41.676389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   41.683939] Write of size 1 at addr ffff0008062c60c9 by task kunit_try_catch/243
[   41.691316] 
[   41.692804] CPU: 2 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   41.692859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.692876] Hardware name: WinLink E850-96 board (DT)
[   41.692896] Call trace:
[   41.692911]  show_stack+0x20/0x38 (C)
[   41.692946]  dump_stack_lvl+0x8c/0xd0
[   41.692984]  print_report+0x118/0x5d0
[   41.693013]  kasan_report+0xdc/0x128
[   41.693040]  __asan_report_store1_noabort+0x20/0x30
[   41.693073]  krealloc_less_oob_helper+0xa48/0xc50
[   41.693105]  krealloc_large_less_oob+0x20/0x38
[   41.693136]  kunit_try_run_case+0x170/0x3f0
[   41.693168]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.693202]  kthread+0x328/0x630
[   41.693230]  ret_from_fork+0x10/0x20
[   41.693263] 
[   41.761893] The buggy address belongs to the physical page:
[   41.767448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   41.775431] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.783071] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.790012] page_type: f8(unknown)
[   41.793411] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.801130] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.808859] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.816667] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.824481] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   41.832292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.840100] page dumped because: kasan: bad access detected
[   41.845655] 
[   41.847130] Memory state around the buggy address:
[   41.851910]  ffff0008062c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.859113]  ffff0008062c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.866317] >ffff0008062c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   41.873518]                                               ^
[   41.879077]  ffff0008062c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.886282]  ffff0008062c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.893484] ==================================================================
[   41.901051] ==================================================================
[   41.907898] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   41.915445] Write of size 1 at addr ffff0008062c60d0 by task kunit_try_catch/243
[   41.922822] 
[   41.924308] CPU: 2 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   41.924363] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.924380] Hardware name: WinLink E850-96 board (DT)
[   41.924399] Call trace:
[   41.924413]  show_stack+0x20/0x38 (C)
[   41.924446]  dump_stack_lvl+0x8c/0xd0
[   41.924480]  print_report+0x118/0x5d0
[   41.924508]  kasan_report+0xdc/0x128
[   41.924533]  __asan_report_store1_noabort+0x20/0x30
[   41.924565]  krealloc_less_oob_helper+0xb9c/0xc50
[   41.924598]  krealloc_large_less_oob+0x20/0x38
[   41.924632]  kunit_try_run_case+0x170/0x3f0
[   41.924663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.924695]  kthread+0x328/0x630
[   41.924722]  ret_from_fork+0x10/0x20
[   41.924753] 
[   41.993397] The buggy address belongs to the physical page:
[   41.998956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   42.006938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.014578] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.021521] page_type: f8(unknown)
[   42.024914] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.032637] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.040364] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.048175] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.055987] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   42.063799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.071605] page dumped because: kasan: bad access detected
[   42.077161] 
[   42.078637] Memory state around the buggy address:
[   42.083418]  ffff0008062c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.090619]  ffff0008062c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.097824] >ffff0008062c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.105025]                                                  ^
[   42.110844]  ffff0008062c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.118049]  ffff0008062c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.125250] ==================================================================
[   40.271112] ==================================================================
[   40.278150] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   40.285698] Write of size 1 at addr ffff0008030f84da by task kunit_try_catch/239
[   40.293075] 
[   40.294558] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   40.294611] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.294628] Hardware name: WinLink E850-96 board (DT)
[   40.294646] Call trace:
[   40.294660]  show_stack+0x20/0x38 (C)
[   40.294694]  dump_stack_lvl+0x8c/0xd0
[   40.294729]  print_report+0x118/0x5d0
[   40.294757]  kasan_report+0xdc/0x128
[   40.294782]  __asan_report_store1_noabort+0x20/0x30
[   40.294814]  krealloc_less_oob_helper+0xa80/0xc50
[   40.294846]  krealloc_less_oob+0x20/0x38
[   40.294877]  kunit_try_run_case+0x170/0x3f0
[   40.294908]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.294942]  kthread+0x328/0x630
[   40.294970]  ret_from_fork+0x10/0x20
[   40.295003] 
[   40.363125] Allocated by task 239:
[   40.366511]  kasan_save_stack+0x3c/0x68
[   40.370329]  kasan_save_track+0x20/0x40
[   40.374148]  kasan_save_alloc_info+0x40/0x58
[   40.378401]  __kasan_krealloc+0x118/0x178
[   40.382394]  krealloc_noprof+0x128/0x360
[   40.386301]  krealloc_less_oob_helper+0x168/0xc50
[   40.390988]  krealloc_less_oob+0x20/0x38
[   40.394894]  kunit_try_run_case+0x170/0x3f0
[   40.399061]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.404529]  kthread+0x328/0x630
[   40.407741]  ret_from_fork+0x10/0x20
[   40.411300] 
[   40.412777] The buggy address belongs to the object at ffff0008030f8400
[   40.412777]  which belongs to the cache kmalloc-256 of size 256
[   40.425277] The buggy address is located 17 bytes to the right of
[   40.425277]  allocated 201-byte region [ffff0008030f8400, ffff0008030f84c9)
[   40.438296] 
[   40.439776] The buggy address belongs to the physical page:
[   40.445332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830f8
[   40.453315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.460955] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.467898] page_type: f5(slab)
[   40.471034] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.478755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.486482] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   40.494292] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   40.502104] head: 0bfffe0000000002 fffffdffe00c3e01 00000000ffffffff 00000000ffffffff
[   40.509917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.517724] page dumped because: kasan: bad access detected
[   40.523277] 
[   40.524753] Memory state around the buggy address:
[   40.529534]  ffff0008030f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.536736]  ffff0008030f8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.543941] >ffff0008030f8480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   40.551142]                                                     ^
[   40.557222]  ffff0008030f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.564426]  ffff0008030f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.571628] ==================================================================
[   42.364610] ==================================================================
[   42.371691] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   42.379241] Write of size 1 at addr ffff0008062c60ea by task kunit_try_catch/243
[   42.386619] 
[   42.388102] CPU: 2 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   42.388156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   42.388171] Hardware name: WinLink E850-96 board (DT)
[   42.388187] Call trace:
[   42.388199]  show_stack+0x20/0x38 (C)
[   42.388229]  dump_stack_lvl+0x8c/0xd0
[   42.388262]  print_report+0x118/0x5d0
[   42.388288]  kasan_report+0xdc/0x128
[   42.388314]  __asan_report_store1_noabort+0x20/0x30
[   42.388347]  krealloc_less_oob_helper+0xae4/0xc50
[   42.388380]  krealloc_large_less_oob+0x20/0x38
[   42.388412]  kunit_try_run_case+0x170/0x3f0
[   42.388441]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   42.388474]  kthread+0x328/0x630
[   42.388502]  ret_from_fork+0x10/0x20
[   42.388531] 
[   42.457191] The buggy address belongs to the physical page:
[   42.462749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8862c4
[   42.470733] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   42.478371] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   42.485314] page_type: f8(unknown)
[   42.488707] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.496432] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.504158] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   42.511969] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   42.519783] head: 0bfffe0000000002 fffffdffe018b101 00000000ffffffff 00000000ffffffff
[   42.527594] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   42.535400] page dumped because: kasan: bad access detected
[   42.540956] 
[   42.542431] Memory state around the buggy address:
[   42.547210]  ffff0008062c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.554414]  ffff0008062c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.561619] >ffff0008062c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   42.568820]                                                           ^
[   42.575421]  ffff0008062c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.582625]  ffff0008062c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   42.589828] ==================================================================
[   39.653995] ==================================================================
[   39.663312] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   39.670862] Write of size 1 at addr ffff0008030f84c9 by task kunit_try_catch/239
[   39.678238] 
[   39.679725] CPU: 2 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   39.679783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.679800] Hardware name: WinLink E850-96 board (DT)
[   39.679820] Call trace:
[   39.679833]  show_stack+0x20/0x38 (C)
[   39.679870]  dump_stack_lvl+0x8c/0xd0
[   39.679904]  print_report+0x118/0x5d0
[   39.679931]  kasan_report+0xdc/0x128
[   39.679960]  __asan_report_store1_noabort+0x20/0x30
[   39.679992]  krealloc_less_oob_helper+0xa48/0xc50
[   39.680027]  krealloc_less_oob+0x20/0x38
[   39.680056]  kunit_try_run_case+0x170/0x3f0
[   39.680086]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.680121]  kthread+0x328/0x630
[   39.680149]  ret_from_fork+0x10/0x20
[   39.680183] 
[   39.748292] Allocated by task 239:
[   39.751677]  kasan_save_stack+0x3c/0x68
[   39.755494]  kasan_save_track+0x20/0x40
[   39.759314]  kasan_save_alloc_info+0x40/0x58
[   39.763567]  __kasan_krealloc+0x118/0x178
[   39.767560]  krealloc_noprof+0x128/0x360
[   39.771466]  krealloc_less_oob_helper+0x168/0xc50
[   39.776154]  krealloc_less_oob+0x20/0x38
[   39.780060]  kunit_try_run_case+0x170/0x3f0
[   39.784226]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.789695]  kthread+0x328/0x630
[   39.792907]  ret_from_fork+0x10/0x20
[   39.796466] 
[   39.797944] The buggy address belongs to the object at ffff0008030f8400
[   39.797944]  which belongs to the cache kmalloc-256 of size 256
[   39.810445] The buggy address is located 0 bytes to the right of
[   39.810445]  allocated 201-byte region [ffff0008030f8400, ffff0008030f84c9)
[   39.823375] 
[   39.824855] The buggy address belongs to the physical page:
[   39.830412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830f8
[   39.838394] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.846035] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.852976] page_type: f5(slab)
[   39.856114] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.863832] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.871561] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.879370] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.887183] head: 0bfffe0000000002 fffffdffe00c3e01 00000000ffffffff 00000000ffffffff
[   39.894995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.902801] page dumped because: kasan: bad access detected
[   39.908356] 
[   39.909832] Memory state around the buggy address:
[   39.914614]  ffff0008030f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.921818]  ffff0008030f8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.929021] >ffff0008030f8480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   39.936220]                                               ^
[   39.941780]  ffff0008030f8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.948985]  ffff0008030f8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.956187] ==================================================================

Metadata Full log Test run details

[   30.485506] ==================================================================
[   30.485563] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.485634] Write of size 1 at addr fff00000c792eaea by task kunit_try_catch/190
[   30.485705] 
[   30.485734] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.485960] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.486675] Hardware name: linux,dummy-virt (DT)
[   30.486774] Call trace:
[   30.486848]  show_stack+0x20/0x38 (C)
[   30.486938]  dump_stack_lvl+0x8c/0xd0
[   30.487035]  print_report+0x118/0x5d0
[   30.487136]  kasan_report+0xdc/0x128
[   30.487235]  __asan_report_store1_noabort+0x20/0x30
[   30.487374]  krealloc_less_oob_helper+0xae4/0xc50
[   30.487424]  krealloc_less_oob+0x20/0x38
[   30.487661]  kunit_try_run_case+0x170/0x3f0
[   30.487728]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.487839]  kthread+0x328/0x630
[   30.487937]  ret_from_fork+0x10/0x20
[   30.488200] 
[   30.488430] Allocated by task 190:
[   30.488512]  kasan_save_stack+0x3c/0x68
[   30.488598]  kasan_save_track+0x20/0x40
[   30.488712]  kasan_save_alloc_info+0x40/0x58
[   30.488778]  __kasan_krealloc+0x118/0x178
[   30.488813]  krealloc_noprof+0x128/0x360
[   30.489082]  krealloc_less_oob_helper+0x168/0xc50
[   30.489179]  krealloc_less_oob+0x20/0x38
[   30.489242]  kunit_try_run_case+0x170/0x3f0
[   30.489279]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.489342]  kthread+0x328/0x630
[   30.489383]  ret_from_fork+0x10/0x20
[   30.489418] 
[   30.489448] The buggy address belongs to the object at fff00000c792ea00
[   30.489448]  which belongs to the cache kmalloc-256 of size 256
[   30.489510] The buggy address is located 33 bytes to the right of
[   30.489510]  allocated 201-byte region [fff00000c792ea00, fff00000c792eac9)
[   30.489572] 
[   30.489599] The buggy address belongs to the physical page:
[   30.489662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.489763] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.489901] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.489957] page_type: f5(slab)
[   30.489994] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.490041] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.490123] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.490171] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.490325] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.490413] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.490503] page dumped because: kasan: bad access detected
[   30.490580] 
[   30.490641] Memory state around the buggy address:
[   30.490723]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.490834]  fff00000c792ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.490907] >fff00000c792ea80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.490943]                                                           ^
[   30.490997]  fff00000c792eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.491042]  fff00000c792eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.491131] ==================================================================
[   30.514263] ==================================================================
[   30.514319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.514374] Write of size 1 at addr fff00000c9a5a0c9 by task kunit_try_catch/194
[   30.514421] 
[   30.514536] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.514733] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.514814] Hardware name: linux,dummy-virt (DT)
[   30.514878] Call trace:
[   30.514986]  show_stack+0x20/0x38 (C)
[   30.515126]  dump_stack_lvl+0x8c/0xd0
[   30.515271]  print_report+0x118/0x5d0
[   30.515398]  kasan_report+0xdc/0x128
[   30.515463]  __asan_report_store1_noabort+0x20/0x30
[   30.515512]  krealloc_less_oob_helper+0xa48/0xc50
[   30.515562]  krealloc_large_less_oob+0x20/0x38
[   30.515610]  kunit_try_run_case+0x170/0x3f0
[   30.515961]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.516101]  kthread+0x328/0x630
[   30.516185]  ret_from_fork+0x10/0x20
[   30.516317] 
[   30.516375] The buggy address belongs to the physical page:
[   30.516432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.516522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.516577] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.516673] page_type: f8(unknown)
[   30.516762] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.516819] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.516893] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.517204] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.517309] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.517403] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.517459] page dumped because: kasan: bad access detected
[   30.517685] 
[   30.517868] Memory state around the buggy address:
[   30.517943]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.518091]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.518170] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.518245]                                               ^
[   30.518319]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.518366]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.518476] ==================================================================
[   30.475992] ==================================================================
[   30.476081] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.476133] Write of size 1 at addr fff00000c792ead0 by task kunit_try_catch/190
[   30.476186] 
[   30.476320] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.476575] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.476604] Hardware name: linux,dummy-virt (DT)
[   30.476633] Call trace:
[   30.476663]  show_stack+0x20/0x38 (C)
[   30.476723]  dump_stack_lvl+0x8c/0xd0
[   30.476895]  print_report+0x118/0x5d0
[   30.477003]  kasan_report+0xdc/0x128
[   30.477055]  __asan_report_store1_noabort+0x20/0x30
[   30.477109]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.477291]  krealloc_less_oob+0x20/0x38
[   30.477346]  kunit_try_run_case+0x170/0x3f0
[   30.477390]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.477452]  kthread+0x328/0x630
[   30.477493]  ret_from_fork+0x10/0x20
[   30.477662] 
[   30.477682] Allocated by task 190:
[   30.477799]  kasan_save_stack+0x3c/0x68
[   30.477852]  kasan_save_track+0x20/0x40
[   30.477921]  kasan_save_alloc_info+0x40/0x58
[   30.477989]  __kasan_krealloc+0x118/0x178
[   30.478026]  krealloc_noprof+0x128/0x360
[   30.478134]  krealloc_less_oob_helper+0x168/0xc50
[   30.478219]  krealloc_less_oob+0x20/0x38
[   30.478343]  kunit_try_run_case+0x170/0x3f0
[   30.478505]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.478604]  kthread+0x328/0x630
[   30.478681]  ret_from_fork+0x10/0x20
[   30.478778] 
[   30.478799] The buggy address belongs to the object at fff00000c792ea00
[   30.478799]  which belongs to the cache kmalloc-256 of size 256
[   30.478854] The buggy address is located 7 bytes to the right of
[   30.478854]  allocated 201-byte region [fff00000c792ea00, fff00000c792eac9)
[   30.478931] 
[   30.478951] The buggy address belongs to the physical page:
[   30.479328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.479477] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.479530] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.479647] page_type: f5(slab)
[   30.479784] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.479869] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.479955] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.480064] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.480198] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.480246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.480304] page dumped because: kasan: bad access detected
[   30.480523] 
[   30.480665] Memory state around the buggy address:
[   30.480739]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.480822]  fff00000c792ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.480863] >fff00000c792ea80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.480919]                                                  ^
[   30.480962]  fff00000c792eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.481005]  fff00000c792eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.481041] ==================================================================
[   30.525322] ==================================================================
[   30.525356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.525426] Write of size 1 at addr fff00000c9a5a0ea by task kunit_try_catch/194
[   30.525540] 
[   30.525567] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.525659] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.525684] Hardware name: linux,dummy-virt (DT)
[   30.525712] Call trace:
[   30.525889]  show_stack+0x20/0x38 (C)
[   30.525937]  dump_stack_lvl+0x8c/0xd0
[   30.526107]  print_report+0x118/0x5d0
[   30.526287]  kasan_report+0xdc/0x128
[   30.526407]  __asan_report_store1_noabort+0x20/0x30
[   30.526534]  krealloc_less_oob_helper+0xae4/0xc50
[   30.526664]  krealloc_large_less_oob+0x20/0x38
[   30.526796]  kunit_try_run_case+0x170/0x3f0
[   30.526926]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.527064]  kthread+0x328/0x630
[   30.527124]  ret_from_fork+0x10/0x20
[   30.527180] 
[   30.527429] The buggy address belongs to the physical page:
[   30.527531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.527674] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.527781] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.527925] page_type: f8(unknown)
[   30.527990] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.528076] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.528188] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.528311] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.528360] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.528606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.528818] page dumped because: kasan: bad access detected
[   30.528918] 
[   30.528995] Memory state around the buggy address:
[   30.529128]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.529233]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.529330] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.529379]                                                           ^
[   30.529454]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.529572]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.529609] ==================================================================
[   30.519129] ==================================================================
[   30.519174] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.519227] Write of size 1 at addr fff00000c9a5a0d0 by task kunit_try_catch/194
[   30.519273] 
[   30.519309] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.519388] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.519413] Hardware name: linux,dummy-virt (DT)
[   30.519459] Call trace:
[   30.519479]  show_stack+0x20/0x38 (C)
[   30.519526]  dump_stack_lvl+0x8c/0xd0
[   30.519725]  print_report+0x118/0x5d0
[   30.519790]  kasan_report+0xdc/0x128
[   30.519839]  __asan_report_store1_noabort+0x20/0x30
[   30.519889]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.519938]  krealloc_large_less_oob+0x20/0x38
[   30.519995]  kunit_try_run_case+0x170/0x3f0
[   30.520041]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.520092]  kthread+0x328/0x630
[   30.520136]  ret_from_fork+0x10/0x20
[   30.520183] 
[   30.520202] The buggy address belongs to the physical page:
[   30.520237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.520288] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.520335] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.520383] page_type: f8(unknown)
[   30.520420] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.520766] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.520826] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.520978] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.521036] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.521094] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.521170] page dumped because: kasan: bad access detected
[   30.521201] 
[   30.521218] Memory state around the buggy address:
[   30.521264]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.521322]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.521420] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.521475]                                                  ^
[   30.521511]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.521611]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.521704] ==================================================================
[   30.522364] ==================================================================
[   30.522408] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.522508] Write of size 1 at addr fff00000c9a5a0da by task kunit_try_catch/194
[   30.522574] 
[   30.522631] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.522711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.522762] Hardware name: linux,dummy-virt (DT)
[   30.522809] Call trace:
[   30.522873]  show_stack+0x20/0x38 (C)
[   30.522939]  dump_stack_lvl+0x8c/0xd0
[   30.523004]  print_report+0x118/0x5d0
[   30.523068]  kasan_report+0xdc/0x128
[   30.523139]  __asan_report_store1_noabort+0x20/0x30
[   30.523188]  krealloc_less_oob_helper+0xa80/0xc50
[   30.523237]  krealloc_large_less_oob+0x20/0x38
[   30.523284]  kunit_try_run_case+0x170/0x3f0
[   30.523503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.523565]  kthread+0x328/0x630
[   30.523689]  ret_from_fork+0x10/0x20
[   30.523755] 
[   30.523804] The buggy address belongs to the physical page:
[   30.523876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.523928] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.523972] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.524019] page_type: f8(unknown)
[   30.524055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.524140] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.524207] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.524262] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.524337] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.524671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.524788] page dumped because: kasan: bad access detected
[   30.524836] 
[   30.524875] Memory state around the buggy address:
[   30.524923]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.524965]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.525042] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.525079]                                                     ^
[   30.525113]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.525181]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.525245] ==================================================================
[   30.470901] ==================================================================
[   30.470960] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.471030] Write of size 1 at addr fff00000c792eac9 by task kunit_try_catch/190
[   30.471158] 
[   30.471192] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.471274] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.471299] Hardware name: linux,dummy-virt (DT)
[   30.471329] Call trace:
[   30.471350]  show_stack+0x20/0x38 (C)
[   30.471397]  dump_stack_lvl+0x8c/0xd0
[   30.471485]  print_report+0x118/0x5d0
[   30.471528]  kasan_report+0xdc/0x128
[   30.471572]  __asan_report_store1_noabort+0x20/0x30
[   30.471622]  krealloc_less_oob_helper+0xa48/0xc50
[   30.471853]  krealloc_less_oob+0x20/0x38
[   30.472001]  kunit_try_run_case+0x170/0x3f0
[   30.472058]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.472151]  kthread+0x328/0x630
[   30.472279]  ret_from_fork+0x10/0x20
[   30.472409] 
[   30.472532] Allocated by task 190:
[   30.472603]  kasan_save_stack+0x3c/0x68
[   30.472656]  kasan_save_track+0x20/0x40
[   30.472694]  kasan_save_alloc_info+0x40/0x58
[   30.472730]  __kasan_krealloc+0x118/0x178
[   30.472765]  krealloc_noprof+0x128/0x360
[   30.472814]  krealloc_less_oob_helper+0x168/0xc50
[   30.472863]  krealloc_less_oob+0x20/0x38
[   30.472900]  kunit_try_run_case+0x170/0x3f0
[   30.472935]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.472977]  kthread+0x328/0x630
[   30.473021]  ret_from_fork+0x10/0x20
[   30.473065] 
[   30.473084] The buggy address belongs to the object at fff00000c792ea00
[   30.473084]  which belongs to the cache kmalloc-256 of size 256
[   30.473148] The buggy address is located 0 bytes to the right of
[   30.473148]  allocated 201-byte region [fff00000c792ea00, fff00000c792eac9)
[   30.473209] 
[   30.473228] The buggy address belongs to the physical page:
[   30.473260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.473333] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.473405] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.473467] page_type: f5(slab)
[   30.473505] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.473552] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.473599] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.473646] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.473719] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.474079] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.474210] page dumped because: kasan: bad access detected
[   30.474309] 
[   30.474460] Memory state around the buggy address:
[   30.474590]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.474659]  fff00000c792ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.474727] >fff00000c792ea80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.474832]                                               ^
[   30.475046]  fff00000c792eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.475092]  fff00000c792eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.475132] ==================================================================
[   30.492491] ==================================================================
[   30.492545] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.492595] Write of size 1 at addr fff00000c792eaeb by task kunit_try_catch/190
[   30.492642] 
[   30.492679] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.492760] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.492785] Hardware name: linux,dummy-virt (DT)
[   30.492982] Call trace:
[   30.493044]  show_stack+0x20/0x38 (C)
[   30.493098]  dump_stack_lvl+0x8c/0xd0
[   30.493145]  print_report+0x118/0x5d0
[   30.493198]  kasan_report+0xdc/0x128
[   30.493242]  __asan_report_store1_noabort+0x20/0x30
[   30.493290]  krealloc_less_oob_helper+0xa58/0xc50
[   30.493339]  krealloc_less_oob+0x20/0x38
[   30.493385]  kunit_try_run_case+0x170/0x3f0
[   30.493462]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.493514]  kthread+0x328/0x630
[   30.493554]  ret_from_fork+0x10/0x20
[   30.493611] 
[   30.493676] Allocated by task 190:
[   30.493704]  kasan_save_stack+0x3c/0x68
[   30.494022]  kasan_save_track+0x20/0x40
[   30.494136]  kasan_save_alloc_info+0x40/0x58
[   30.494176]  __kasan_krealloc+0x118/0x178
[   30.494211]  krealloc_noprof+0x128/0x360
[   30.494275]  krealloc_less_oob_helper+0x168/0xc50
[   30.494316]  krealloc_less_oob+0x20/0x38
[   30.494352]  kunit_try_run_case+0x170/0x3f0
[   30.494626]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.494745]  kthread+0x328/0x630
[   30.494816]  ret_from_fork+0x10/0x20
[   30.494918] 
[   30.494987] The buggy address belongs to the object at fff00000c792ea00
[   30.494987]  which belongs to the cache kmalloc-256 of size 256
[   30.495043] The buggy address is located 34 bytes to the right of
[   30.495043]  allocated 201-byte region [fff00000c792ea00, fff00000c792eac9)
[   30.495368] 
[   30.495501] The buggy address belongs to the physical page:
[   30.495646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.495715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.495759] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.496082] page_type: f5(slab)
[   30.496172] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.496269] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.496363] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.496415] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.496478] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.496534] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.496573] page dumped because: kasan: bad access detected
[   30.496605] 
[   30.496622] Memory state around the buggy address:
[   30.496652]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.496692]  fff00000c792ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.496733] >fff00000c792ea80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.496768]                                                           ^
[   30.496812]  fff00000c792eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.496868]  fff00000c792eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.496913] ==================================================================
[   30.481732] ==================================================================
[   30.481777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.481896] Write of size 1 at addr fff00000c792eada by task kunit_try_catch/190
[   30.482045] 
[   30.482081] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.482272] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.482319] Hardware name: linux,dummy-virt (DT)
[   30.482349] Call trace:
[   30.482369]  show_stack+0x20/0x38 (C)
[   30.482419]  dump_stack_lvl+0x8c/0xd0
[   30.482482]  print_report+0x118/0x5d0
[   30.482525]  kasan_report+0xdc/0x128
[   30.482585]  __asan_report_store1_noabort+0x20/0x30
[   30.482660]  krealloc_less_oob_helper+0xa80/0xc50
[   30.482715]  krealloc_less_oob+0x20/0x38
[   30.482782]  kunit_try_run_case+0x170/0x3f0
[   30.482846]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.482909]  kthread+0x328/0x630
[   30.482950]  ret_from_fork+0x10/0x20
[   30.482997] 
[   30.483015] Allocated by task 190:
[   30.483064]  kasan_save_stack+0x3c/0x68
[   30.483105]  kasan_save_track+0x20/0x40
[   30.483187]  kasan_save_alloc_info+0x40/0x58
[   30.483318]  __kasan_krealloc+0x118/0x178
[   30.483373]  krealloc_noprof+0x128/0x360
[   30.483472]  krealloc_less_oob_helper+0x168/0xc50
[   30.483552]  krealloc_less_oob+0x20/0x38
[   30.483608]  kunit_try_run_case+0x170/0x3f0
[   30.483645]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.483750]  kthread+0x328/0x630
[   30.483808]  ret_from_fork+0x10/0x20
[   30.483843] 
[   30.483892] The buggy address belongs to the object at fff00000c792ea00
[   30.483892]  which belongs to the cache kmalloc-256 of size 256
[   30.483948] The buggy address is located 17 bytes to the right of
[   30.483948]  allocated 201-byte region [fff00000c792ea00, fff00000c792eac9)
[   30.484009] 
[   30.484027] The buggy address belongs to the physical page:
[   30.484076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.484178] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.484223] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.484298] page_type: f5(slab)
[   30.484366] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.484415] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.484561] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.484704] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.484758] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.484823] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.484919] page dumped because: kasan: bad access detected
[   30.484956] 
[   30.484974] Memory state around the buggy address:
[   30.485031]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.485117]  fff00000c792ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.485196] >fff00000c792ea80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.485232]                                                     ^
[   30.485267]  fff00000c792eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.485306]  fff00000c792eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.485342] ==================================================================
[   30.530847] ==================================================================
[   30.530897] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.531238] Write of size 1 at addr fff00000c9a5a0eb by task kunit_try_catch/194
[   30.531350] 
[   30.531384] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.531519] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.531545] Hardware name: linux,dummy-virt (DT)
[   30.531574] Call trace:
[   30.531612]  show_stack+0x20/0x38 (C)
[   30.531675]  dump_stack_lvl+0x8c/0xd0
[   30.531740]  print_report+0x118/0x5d0
[   30.531784]  kasan_report+0xdc/0x128
[   30.531831]  __asan_report_store1_noabort+0x20/0x30
[   30.531899]  krealloc_less_oob_helper+0xa58/0xc50
[   30.531949]  krealloc_large_less_oob+0x20/0x38
[   30.531997]  kunit_try_run_case+0x170/0x3f0
[   30.532042]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.532092]  kthread+0x328/0x630
[   30.532143]  ret_from_fork+0x10/0x20
[   30.532190] 
[   30.532208] The buggy address belongs to the physical page:
[   30.532237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.532287] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.532331] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.532378] page_type: f8(unknown)
[   30.532413] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.532471] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.532518] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.532564] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.532611] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.532657] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.532694] page dumped because: kasan: bad access detected
[   30.532723] 
[   30.532751] Memory state around the buggy address:
[   30.532780]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.532820]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.532860] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.532895]                                                           ^
[   30.532930]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.532969]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.533005] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.972352] ==================================================================
[   23.972871] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.973230] Write of size 1 at addr ffff8881049420eb by task kunit_try_catch/210
[   23.973567] 
[   23.973709] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.973758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.973771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.973792] Call Trace:
[   23.973805]  <TASK>
[   23.973821]  dump_stack_lvl+0x73/0xb0
[   23.973855]  print_report+0xd1/0x610
[   23.973881]  ? __virt_addr_valid+0x1db/0x2d0
[   23.973910]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.973938]  ? kasan_addr_to_slab+0x11/0xa0
[   23.973963]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.973991]  kasan_report+0x141/0x180
[   23.974018]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.974053]  __asan_report_store1_noabort+0x1b/0x30
[   23.974081]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.974112]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.974141]  ? finish_task_switch.isra.0+0x153/0x700
[   23.974167]  ? __switch_to+0x47/0xf80
[   23.974199]  ? __schedule+0x10cc/0x2b60
[   23.974228]  ? __pfx_read_tsc+0x10/0x10
[   23.974259]  krealloc_large_less_oob+0x1c/0x30
[   23.974286]  kunit_try_run_case+0x1a5/0x480
[   23.974315]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.974341]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.974368]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.974395]  ? __kthread_parkme+0x82/0x180
[   23.974421]  ? preempt_count_sub+0x50/0x80
[   23.974449]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.974481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.974512]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.974553]  kthread+0x337/0x6f0
[   23.974577]  ? trace_preempt_on+0x20/0xc0
[   23.974605]  ? __pfx_kthread+0x10/0x10
[   23.974631]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.974672]  ? calculate_sigpending+0x7b/0xa0
[   23.974701]  ? __pfx_kthread+0x10/0x10
[   23.974729]  ret_from_fork+0x116/0x1d0
[   23.974752]  ? __pfx_kthread+0x10/0x10
[   23.974777]  ret_from_fork_asm+0x1a/0x30
[   23.974818]  </TASK>
[   23.974830] 
[   23.982038] The buggy address belongs to the physical page:
[   23.982301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940
[   23.982776] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.983039] flags: 0x200000000000040(head|node=0|zone=2)
[   23.983220] page_type: f8(unknown)
[   23.983393] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.983927] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.984288] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.984597] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.984949] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff
[   23.985281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.985535] page dumped because: kasan: bad access detected
[   23.985705] 
[   23.985772] Memory state around the buggy address:
[   23.985926]  ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.986199]  ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.986514] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.986878]                                                           ^
[   23.987145]  ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.987361]  ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.987703] ==================================================================
[   23.838669] ==================================================================
[   23.838906] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.839325] Write of size 1 at addr ffff8881009a90eb by task kunit_try_catch/206
[   23.839998] 
[   23.840110] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.840156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.840167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.840186] Call Trace:
[   23.840202]  <TASK>
[   23.840215]  dump_stack_lvl+0x73/0xb0
[   23.840244]  print_report+0xd1/0x610
[   23.840266]  ? __virt_addr_valid+0x1db/0x2d0
[   23.840288]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.840311]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.840336]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.840359]  kasan_report+0x141/0x180
[   23.840380]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.840408]  __asan_report_store1_noabort+0x1b/0x30
[   23.840432]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.840457]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.840480]  ? finish_task_switch.isra.0+0x153/0x700
[   23.840501]  ? __switch_to+0x47/0xf80
[   23.840540]  ? __schedule+0x10cc/0x2b60
[   23.840561]  ? __pfx_read_tsc+0x10/0x10
[   23.840586]  krealloc_less_oob+0x1c/0x30
[   23.840607]  kunit_try_run_case+0x1a5/0x480
[   23.840629]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.840650]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.840672]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.840693]  ? __kthread_parkme+0x82/0x180
[   23.840713]  ? preempt_count_sub+0x50/0x80
[   23.840735]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.840757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.840783]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.840808]  kthread+0x337/0x6f0
[   23.840827]  ? trace_preempt_on+0x20/0xc0
[   23.840850]  ? __pfx_kthread+0x10/0x10
[   23.840870]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.840985]  ? calculate_sigpending+0x7b/0xa0
[   23.841010]  ? __pfx_kthread+0x10/0x10
[   23.841032]  ret_from_fork+0x116/0x1d0
[   23.841051]  ? __pfx_kthread+0x10/0x10
[   23.841071]  ret_from_fork_asm+0x1a/0x30
[   23.841104]  </TASK>
[   23.841114] 
[   23.848241] Allocated by task 206:
[   23.848407]  kasan_save_stack+0x45/0x70
[   23.848586]  kasan_save_track+0x18/0x40
[   23.848740]  kasan_save_alloc_info+0x3b/0x50
[   23.848883]  __kasan_krealloc+0x190/0x1f0
[   23.849016]  krealloc_noprof+0xf3/0x340
[   23.849147]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.849373]  krealloc_less_oob+0x1c/0x30
[   23.849571]  kunit_try_run_case+0x1a5/0x480
[   23.849857]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.850151]  kthread+0x337/0x6f0
[   23.850266]  ret_from_fork+0x116/0x1d0
[   23.850391]  ret_from_fork_asm+0x1a/0x30
[   23.850539] 
[   23.850602] The buggy address belongs to the object at ffff8881009a9000
[   23.850602]  which belongs to the cache kmalloc-256 of size 256
[   23.851102] The buggy address is located 34 bytes to the right of
[   23.851102]  allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9)
[   23.851656] 
[   23.851744] The buggy address belongs to the physical page:
[   23.852156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   23.852402] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.852771] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.852960] page_type: f5(slab)
[   23.853119] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.853455] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.854002] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.854404] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.854772] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff
[   23.855136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.855360] page dumped because: kasan: bad access detected
[   23.855548] 
[   23.855669] Memory state around the buggy address:
[   23.855883]  ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.856195]  ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.856508] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.856944]                                                           ^
[   23.857145]  ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.857354]  ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.857571] ==================================================================
[   23.922898] ==================================================================
[   23.923154] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.923394] Write of size 1 at addr ffff8881049420d0 by task kunit_try_catch/210
[   23.923727] 
[   23.923840] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.923887] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.923900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.923921] Call Trace:
[   23.923934]  <TASK>
[   23.923949]  dump_stack_lvl+0x73/0xb0
[   23.923979]  print_report+0xd1/0x610
[   23.924006]  ? __virt_addr_valid+0x1db/0x2d0
[   23.924033]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.924060]  ? kasan_addr_to_slab+0x11/0xa0
[   23.924085]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.924113]  kasan_report+0x141/0x180
[   23.924140]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.924175]  __asan_report_store1_noabort+0x1b/0x30
[   23.924203]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.924234]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.924262]  ? finish_task_switch.isra.0+0x153/0x700
[   23.924417]  ? __switch_to+0x47/0xf80
[   23.924453]  ? __schedule+0x10cc/0x2b60
[   23.924480]  ? __pfx_read_tsc+0x10/0x10
[   23.924510]  krealloc_large_less_oob+0x1c/0x30
[   23.924551]  kunit_try_run_case+0x1a5/0x480
[   23.924579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.924605]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.924632]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.924659]  ? __kthread_parkme+0x82/0x180
[   23.924684]  ? preempt_count_sub+0x50/0x80
[   23.924713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.924740]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.924771]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.924802]  kthread+0x337/0x6f0
[   23.924826]  ? trace_preempt_on+0x20/0xc0
[   23.924853]  ? __pfx_kthread+0x10/0x10
[   23.924879]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.924908]  ? calculate_sigpending+0x7b/0xa0
[   23.924936]  ? __pfx_kthread+0x10/0x10
[   23.924963]  ret_from_fork+0x116/0x1d0
[   23.924987]  ? __pfx_kthread+0x10/0x10
[   23.925012]  ret_from_fork_asm+0x1a/0x30
[   23.925105]  </TASK>
[   23.925117] 
[   23.932955] The buggy address belongs to the physical page:
[   23.933192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940
[   23.933497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.933917] flags: 0x200000000000040(head|node=0|zone=2)
[   23.934168] page_type: f8(unknown)
[   23.934321] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.934734] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.935129] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.935456] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.935851] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff
[   23.936135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.936469] page dumped because: kasan: bad access detected
[   23.936715] 
[   23.936792] Memory state around the buggy address:
[   23.936945]  ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.937261]  ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.937725] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.938020]                                                  ^
[   23.938253]  ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.938558]  ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.938924] ==================================================================
[   23.729045] ==================================================================
[   23.729567] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.729906] Write of size 1 at addr ffff8881009a90c9 by task kunit_try_catch/206
[   23.730498] 
[   23.730658] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.730711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.730723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.730745] Call Trace:
[   23.730757]  <TASK>
[   23.730989]  dump_stack_lvl+0x73/0xb0
[   23.731064]  print_report+0xd1/0x610
[   23.731089]  ? __virt_addr_valid+0x1db/0x2d0
[   23.731115]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.731147]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.731173]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.731197]  kasan_report+0x141/0x180
[   23.731219]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.731247]  __asan_report_store1_noabort+0x1b/0x30
[   23.731271]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.731296]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.731320]  ? finish_task_switch.isra.0+0x153/0x700
[   23.731342]  ? __switch_to+0x47/0xf80
[   23.731369]  ? __schedule+0x10cc/0x2b60
[   23.731392]  ? __pfx_read_tsc+0x10/0x10
[   23.731417]  krealloc_less_oob+0x1c/0x30
[   23.731438]  kunit_try_run_case+0x1a5/0x480
[   23.731462]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.731482]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.731505]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.731536]  ? __kthread_parkme+0x82/0x180
[   23.731560]  ? preempt_count_sub+0x50/0x80
[   23.731651]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.731675]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.731702]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.731728]  kthread+0x337/0x6f0
[   23.731747]  ? trace_preempt_on+0x20/0xc0
[   23.731772]  ? __pfx_kthread+0x10/0x10
[   23.731793]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.731818]  ? calculate_sigpending+0x7b/0xa0
[   23.731842]  ? __pfx_kthread+0x10/0x10
[   23.731863]  ret_from_fork+0x116/0x1d0
[   23.731883]  ? __pfx_kthread+0x10/0x10
[   23.731903]  ret_from_fork_asm+0x1a/0x30
[   23.731936]  </TASK>
[   23.731947] 
[   23.742253] Allocated by task 206:
[   23.742703]  kasan_save_stack+0x45/0x70
[   23.743219]  kasan_save_track+0x18/0x40
[   23.743669]  kasan_save_alloc_info+0x3b/0x50
[   23.744162]  __kasan_krealloc+0x190/0x1f0
[   23.744562]  krealloc_noprof+0xf3/0x340
[   23.745002]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.745555]  krealloc_less_oob+0x1c/0x30
[   23.745955]  kunit_try_run_case+0x1a5/0x480
[   23.746376]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.746944]  kthread+0x337/0x6f0
[   23.747287]  ret_from_fork+0x116/0x1d0
[   23.747734]  ret_from_fork_asm+0x1a/0x30
[   23.748146] 
[   23.748340] The buggy address belongs to the object at ffff8881009a9000
[   23.748340]  which belongs to the cache kmalloc-256 of size 256
[   23.749397] The buggy address is located 0 bytes to the right of
[   23.749397]  allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9)
[   23.750047] 
[   23.750204] The buggy address belongs to the physical page:
[   23.750774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   23.751614] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.752335] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.752981] page_type: f5(slab)
[   23.753280] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.753507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.753974] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.754772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.755549] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff
[   23.756307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.757098] page dumped because: kasan: bad access detected
[   23.757698] 
[   23.757775] Memory state around the buggy address:
[   23.757923]  ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.758159]  ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.758887] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.759667]                                               ^
[   23.760218]  ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.761073]  ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.761742] ==================================================================
[   23.790541] ==================================================================
[   23.791068] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.791434] Write of size 1 at addr ffff8881009a90da by task kunit_try_catch/206
[   23.791800] 
[   23.792023] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.792073] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.792084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.792104] Call Trace:
[   23.792117]  <TASK>
[   23.792131]  dump_stack_lvl+0x73/0xb0
[   23.792158]  print_report+0xd1/0x610
[   23.792181]  ? __virt_addr_valid+0x1db/0x2d0
[   23.792202]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.792225]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.792250]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.792273]  kasan_report+0x141/0x180
[   23.792295]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.792323]  __asan_report_store1_noabort+0x1b/0x30
[   23.792347]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.792373]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.792396]  ? finish_task_switch.isra.0+0x153/0x700
[   23.792417]  ? __switch_to+0x47/0xf80
[   23.792442]  ? __schedule+0x10cc/0x2b60
[   23.792464]  ? __pfx_read_tsc+0x10/0x10
[   23.792487]  krealloc_less_oob+0x1c/0x30
[   23.792508]  kunit_try_run_case+0x1a5/0x480
[   23.792543]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.792564]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.792789]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.792827]  ? __kthread_parkme+0x82/0x180
[   23.792848]  ? preempt_count_sub+0x50/0x80
[   23.792871]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.792894]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.792920]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.792946]  kthread+0x337/0x6f0
[   23.792965]  ? trace_preempt_on+0x20/0xc0
[   23.792988]  ? __pfx_kthread+0x10/0x10
[   23.793008]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.793032]  ? calculate_sigpending+0x7b/0xa0
[   23.793055]  ? __pfx_kthread+0x10/0x10
[   23.793076]  ret_from_fork+0x116/0x1d0
[   23.793095]  ? __pfx_kthread+0x10/0x10
[   23.793115]  ret_from_fork_asm+0x1a/0x30
[   23.793147]  </TASK>
[   23.793157] 
[   23.801086] Allocated by task 206:
[   23.801209]  kasan_save_stack+0x45/0x70
[   23.801386]  kasan_save_track+0x18/0x40
[   23.801592]  kasan_save_alloc_info+0x3b/0x50
[   23.801793]  __kasan_krealloc+0x190/0x1f0
[   23.801997]  krealloc_noprof+0xf3/0x340
[   23.802329]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.802494]  krealloc_less_oob+0x1c/0x30
[   23.802640]  kunit_try_run_case+0x1a5/0x480
[   23.802836]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.803113]  kthread+0x337/0x6f0
[   23.803382]  ret_from_fork+0x116/0x1d0
[   23.803511]  ret_from_fork_asm+0x1a/0x30
[   23.803901] 
[   23.804010] The buggy address belongs to the object at ffff8881009a9000
[   23.804010]  which belongs to the cache kmalloc-256 of size 256
[   23.804545] The buggy address is located 17 bytes to the right of
[   23.804545]  allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9)
[   23.805093] 
[   23.805205] The buggy address belongs to the physical page:
[   23.805420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   23.805928] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.806196] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.806380] page_type: f5(slab)
[   23.806550] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.807134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.807611] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.807841] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.808334] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff
[   23.808770] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.809237] page dumped because: kasan: bad access detected
[   23.809442] 
[   23.809513] Memory state around the buggy address:
[   23.810010]  ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.810282]  ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.810575] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.811020]                                                     ^
[   23.811207]  ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.811529]  ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.812020] ==================================================================
[   23.812430] ==================================================================
[   23.812791] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.813184] Write of size 1 at addr ffff8881009a90ea by task kunit_try_catch/206
[   23.813542] 
[   23.813692] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.813738] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.813750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.813769] Call Trace:
[   23.814319]  <TASK>
[   23.814346]  dump_stack_lvl+0x73/0xb0
[   23.814437]  print_report+0xd1/0x610
[   23.814476]  ? __virt_addr_valid+0x1db/0x2d0
[   23.814501]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.814535]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.814562]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.814740]  kasan_report+0x141/0x180
[   23.814767]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.814795]  __asan_report_store1_noabort+0x1b/0x30
[   23.814819]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.814847]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.814873]  ? finish_task_switch.isra.0+0x153/0x700
[   23.814897]  ? __switch_to+0x47/0xf80
[   23.814923]  ? __schedule+0x10cc/0x2b60
[   23.814945]  ? __pfx_read_tsc+0x10/0x10
[   23.814970]  krealloc_less_oob+0x1c/0x30
[   23.814992]  kunit_try_run_case+0x1a5/0x480
[   23.815015]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.815036]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.815057]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.815080]  ? __kthread_parkme+0x82/0x180
[   23.815100]  ? preempt_count_sub+0x50/0x80
[   23.815123]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.815146]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.815172]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.815198]  kthread+0x337/0x6f0
[   23.815217]  ? trace_preempt_on+0x20/0xc0
[   23.815240]  ? __pfx_kthread+0x10/0x10
[   23.815260]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.815284]  ? calculate_sigpending+0x7b/0xa0
[   23.815307]  ? __pfx_kthread+0x10/0x10
[   23.815328]  ret_from_fork+0x116/0x1d0
[   23.815347]  ? __pfx_kthread+0x10/0x10
[   23.815367]  ret_from_fork_asm+0x1a/0x30
[   23.815398]  </TASK>
[   23.815409] 
[   23.828859] Allocated by task 206:
[   23.829017]  kasan_save_stack+0x45/0x70
[   23.829196]  kasan_save_track+0x18/0x40
[   23.829359]  kasan_save_alloc_info+0x3b/0x50
[   23.829570]  __kasan_krealloc+0x190/0x1f0
[   23.829786]  krealloc_noprof+0xf3/0x340
[   23.829958]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.830174]  krealloc_less_oob+0x1c/0x30
[   23.830347]  kunit_try_run_case+0x1a5/0x480
[   23.830543]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.830750]  kthread+0x337/0x6f0
[   23.830862]  ret_from_fork+0x116/0x1d0
[   23.830985]  ret_from_fork_asm+0x1a/0x30
[   23.831144] 
[   23.831230] The buggy address belongs to the object at ffff8881009a9000
[   23.831230]  which belongs to the cache kmalloc-256 of size 256
[   23.831824] The buggy address is located 33 bytes to the right of
[   23.831824]  allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9)
[   23.832307] 
[   23.832397] The buggy address belongs to the physical page:
[   23.832700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   23.833036] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.833345] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.833823] page_type: f5(slab)
[   23.833964] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.834188] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.834539] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.834973] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.835300] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff
[   23.835627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.835878] page dumped because: kasan: bad access detected
[   23.836128] 
[   23.836204] Memory state around the buggy address:
[   23.836363]  ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.836588]  ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.836894] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.837297]                                                           ^
[   23.837532]  ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.837892]  ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.838179] ==================================================================
[   23.906310] ==================================================================
[   23.906945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.907300] Write of size 1 at addr ffff8881049420c9 by task kunit_try_catch/210
[   23.907644] 
[   23.907834] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.907893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.907907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.907931] Call Trace:
[   23.907946]  <TASK>
[   23.907977]  dump_stack_lvl+0x73/0xb0
[   23.908015]  print_report+0xd1/0x610
[   23.908043]  ? __virt_addr_valid+0x1db/0x2d0
[   23.908074]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.908102]  ? kasan_addr_to_slab+0x11/0xa0
[   23.908127]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.908156]  kasan_report+0x141/0x180
[   23.908183]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.908218]  __asan_report_store1_noabort+0x1b/0x30
[   23.908247]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.908278]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.908307]  ? finish_task_switch.isra.0+0x153/0x700
[   23.908333]  ? __switch_to+0x47/0xf80
[   23.908367]  ? __schedule+0x10cc/0x2b60
[   23.908395]  ? __pfx_read_tsc+0x10/0x10
[   23.908426]  krealloc_large_less_oob+0x1c/0x30
[   23.908453]  kunit_try_run_case+0x1a5/0x480
[   23.908483]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.908509]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.908549]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.908576]  ? __kthread_parkme+0x82/0x180
[   23.908656]  ? preempt_count_sub+0x50/0x80
[   23.908686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.908714]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.908752]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.908783]  kthread+0x337/0x6f0
[   23.908807]  ? trace_preempt_on+0x20/0xc0
[   23.908838]  ? __pfx_kthread+0x10/0x10
[   23.908863]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.908893]  ? calculate_sigpending+0x7b/0xa0
[   23.908921]  ? __pfx_kthread+0x10/0x10
[   23.908948]  ret_from_fork+0x116/0x1d0
[   23.908972]  ? __pfx_kthread+0x10/0x10
[   23.908997]  ret_from_fork_asm+0x1a/0x30
[   23.909038]  </TASK>
[   23.909052] 
[   23.916378] The buggy address belongs to the physical page:
[   23.916735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940
[   23.917380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.917699] flags: 0x200000000000040(head|node=0|zone=2)
[   23.917929] page_type: f8(unknown)
[   23.918100] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.918405] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.918652] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.918910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.919249] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff
[   23.919720] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.920028] page dumped because: kasan: bad access detected
[   23.920199] 
[   23.920266] Memory state around the buggy address:
[   23.920437]  ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.921012]  ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.921339] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.921692]                                               ^
[   23.921916]  ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.922195]  ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.922495] ==================================================================
[   23.955485] ==================================================================
[   23.956375] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.956960] Write of size 1 at addr ffff8881049420ea by task kunit_try_catch/210
[   23.957275] 
[   23.957361] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.957407] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.957421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.957442] Call Trace:
[   23.957457]  <TASK>
[   23.957472]  dump_stack_lvl+0x73/0xb0
[   23.957504]  print_report+0xd1/0x610
[   23.957545]  ? __virt_addr_valid+0x1db/0x2d0
[   23.957572]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.957618]  ? kasan_addr_to_slab+0x11/0xa0
[   23.957643]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.957672]  kasan_report+0x141/0x180
[   23.957699]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.957734]  __asan_report_store1_noabort+0x1b/0x30
[   23.957763]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.957795]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.957824]  ? finish_task_switch.isra.0+0x153/0x700
[   23.957849]  ? __switch_to+0x47/0xf80
[   23.957881]  ? __schedule+0x10cc/0x2b60
[   23.957907]  ? __pfx_read_tsc+0x10/0x10
[   23.957937]  krealloc_large_less_oob+0x1c/0x30
[   23.957964]  kunit_try_run_case+0x1a5/0x480
[   23.957992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.958018]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.958045]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.958072]  ? __kthread_parkme+0x82/0x180
[   23.958096]  ? preempt_count_sub+0x50/0x80
[   23.958125]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.958153]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.958183]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.958214]  kthread+0x337/0x6f0
[   23.958238]  ? trace_preempt_on+0x20/0xc0
[   23.958266]  ? __pfx_kthread+0x10/0x10
[   23.958291]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.958320]  ? calculate_sigpending+0x7b/0xa0
[   23.958349]  ? __pfx_kthread+0x10/0x10
[   23.958375]  ret_from_fork+0x116/0x1d0
[   23.958399]  ? __pfx_kthread+0x10/0x10
[   23.958424]  ret_from_fork_asm+0x1a/0x30
[   23.958468]  </TASK>
[   23.958480] 
[   23.965543] The buggy address belongs to the physical page:
[   23.966049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940
[   23.966402] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.966893] flags: 0x200000000000040(head|node=0|zone=2)
[   23.967118] page_type: f8(unknown)
[   23.967244] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.967473] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.968161] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.968532] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.968916] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff
[   23.969238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.969535] page dumped because: kasan: bad access detected
[   23.969857] 
[   23.969945] Memory state around the buggy address:
[   23.970147]  ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.970404]  ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.970886] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.971155]                                                           ^
[   23.971405]  ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.971819]  ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.972065] ==================================================================
[   23.762338] ==================================================================
[   23.762699] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.763350] Write of size 1 at addr ffff8881009a90d0 by task kunit_try_catch/206
[   23.763995] 
[   23.764089] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.764153] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.764165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.764208] Call Trace:
[   23.764223]  <TASK>
[   23.764238]  dump_stack_lvl+0x73/0xb0
[   23.764277]  print_report+0xd1/0x610
[   23.764299]  ? __virt_addr_valid+0x1db/0x2d0
[   23.764321]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.764344]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.764369]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.764423]  kasan_report+0x141/0x180
[   23.764444]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.764501]  __asan_report_store1_noabort+0x1b/0x30
[   23.764543]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.764568]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.764632]  ? finish_task_switch.isra.0+0x153/0x700
[   23.764911]  ? __switch_to+0x47/0xf80
[   23.764937]  ? __schedule+0x10cc/0x2b60
[   23.764959]  ? __pfx_read_tsc+0x10/0x10
[   23.764983]  krealloc_less_oob+0x1c/0x30
[   23.765004]  kunit_try_run_case+0x1a5/0x480
[   23.765027]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.765047]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.765069]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.765091]  ? __kthread_parkme+0x82/0x180
[   23.765111]  ? preempt_count_sub+0x50/0x80
[   23.765133]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.765156]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.765181]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.765207]  kthread+0x337/0x6f0
[   23.765226]  ? trace_preempt_on+0x20/0xc0
[   23.765248]  ? __pfx_kthread+0x10/0x10
[   23.765268]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.765292]  ? calculate_sigpending+0x7b/0xa0
[   23.765315]  ? __pfx_kthread+0x10/0x10
[   23.765336]  ret_from_fork+0x116/0x1d0
[   23.765354]  ? __pfx_kthread+0x10/0x10
[   23.765374]  ret_from_fork_asm+0x1a/0x30
[   23.765405]  </TASK>
[   23.765415] 
[   23.777694] Allocated by task 206:
[   23.777817]  kasan_save_stack+0x45/0x70
[   23.778280]  kasan_save_track+0x18/0x40
[   23.778706]  kasan_save_alloc_info+0x3b/0x50
[   23.779136]  __kasan_krealloc+0x190/0x1f0
[   23.779655]  krealloc_noprof+0xf3/0x340
[   23.779993]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.780444]  krealloc_less_oob+0x1c/0x30
[   23.780745]  kunit_try_run_case+0x1a5/0x480
[   23.781104]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.781279]  kthread+0x337/0x6f0
[   23.781392]  ret_from_fork+0x116/0x1d0
[   23.781527]  ret_from_fork_asm+0x1a/0x30
[   23.781689] 
[   23.781798] The buggy address belongs to the object at ffff8881009a9000
[   23.781798]  which belongs to the cache kmalloc-256 of size 256
[   23.782307] The buggy address is located 7 bytes to the right of
[   23.782307]  allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9)
[   23.782858] 
[   23.782944] The buggy address belongs to the physical page:
[   23.783168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   23.783443] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.783921] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.784431] page_type: f5(slab)
[   23.784653] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.784964] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.785277] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.785746] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.786281] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff
[   23.786840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.787068] page dumped because: kasan: bad access detected
[   23.787231] 
[   23.787294] Memory state around the buggy address:
[   23.787440]  ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.787667]  ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.788263] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.788511]                                                  ^
[   23.789130]  ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.789564]  ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.789983] ==================================================================
[   23.939266] ==================================================================
[   23.939487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.939955] Write of size 1 at addr ffff8881049420da by task kunit_try_catch/210
[   23.940402] 
[   23.940488] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.940544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.940557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.940577] Call Trace:
[   23.940592]  <TASK>
[   23.940607]  dump_stack_lvl+0x73/0xb0
[   23.940637]  print_report+0xd1/0x610
[   23.940664]  ? __virt_addr_valid+0x1db/0x2d0
[   23.940692]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.940719]  ? kasan_addr_to_slab+0x11/0xa0
[   23.940744]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.940772]  kasan_report+0x141/0x180
[   23.940798]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.940833]  __asan_report_store1_noabort+0x1b/0x30
[   23.940862]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.940892]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.940920]  ? finish_task_switch.isra.0+0x153/0x700
[   23.941013]  ? __switch_to+0x47/0xf80
[   23.941046]  ? __schedule+0x10cc/0x2b60
[   23.941073]  ? __pfx_read_tsc+0x10/0x10
[   23.941103]  krealloc_large_less_oob+0x1c/0x30
[   23.941131]  kunit_try_run_case+0x1a5/0x480
[   23.941159]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.941185]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.941211]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.941238]  ? __kthread_parkme+0x82/0x180
[   23.941263]  ? preempt_count_sub+0x50/0x80
[   23.941292]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.941320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.941350]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.941381]  kthread+0x337/0x6f0
[   23.941405]  ? trace_preempt_on+0x20/0xc0
[   23.941432]  ? __pfx_kthread+0x10/0x10
[   23.941458]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.941486]  ? calculate_sigpending+0x7b/0xa0
[   23.941514]  ? __pfx_kthread+0x10/0x10
[   23.941554]  ret_from_fork+0x116/0x1d0
[   23.941578]  ? __pfx_kthread+0x10/0x10
[   23.941623]  ret_from_fork_asm+0x1a/0x30
[   23.941663]  </TASK>
[   23.941674] 
[   23.949101] The buggy address belongs to the physical page:
[   23.949363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940
[   23.949729] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.950285] flags: 0x200000000000040(head|node=0|zone=2)
[   23.950769] page_type: f8(unknown)
[   23.950901] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.951207] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.951562] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.951984] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.952301] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff
[   23.952645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.952919] page dumped because: kasan: bad access detected
[   23.953090] 
[   23.953157] Memory state around the buggy address:
[   23.953312]  ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.953576]  ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.954094] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.954405]                                                     ^
[   23.954685]  ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.954944]  ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.955152] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit