lkft/linux-next-master - next-20250718 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 18, 2025, 1:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.381440] ==================================================================
[   31.381557] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.381633] Write of size 1 at addr fff00000c8f61cda by task kunit_try_catch/189
[   31.381796] 
[   31.381827] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.381933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.382133] Hardware name: linux,dummy-virt (DT)
[   31.382190] Call trace:
[   31.382220]  show_stack+0x20/0x38 (C)
[   31.382384]  dump_stack_lvl+0x8c/0xd0
[   31.382439]  print_report+0x118/0x5e8
[   31.382531]  kasan_report+0xdc/0x128
[   31.382576]  __asan_report_store1_noabort+0x20/0x30
[   31.382624]  krealloc_less_oob_helper+0xa80/0xc50
[   31.382773]  krealloc_less_oob+0x20/0x38
[   31.382842]  kunit_try_run_case+0x170/0x3f0
[   31.382887]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.383195]  kthread+0x328/0x630
[   31.383274]  ret_from_fork+0x10/0x20
[   31.383332] 
[   31.383403] Allocated by task 189:
[   31.383450]  kasan_save_stack+0x3c/0x68
[   31.383507]  kasan_save_track+0x20/0x40
[   31.383541]  kasan_save_alloc_info+0x40/0x58
[   31.383577]  __kasan_krealloc+0x118/0x178
[   31.383697]  krealloc_noprof+0x128/0x360
[   31.383737]  krealloc_less_oob_helper+0x168/0xc50
[   31.383778]  krealloc_less_oob+0x20/0x38
[   31.383814]  kunit_try_run_case+0x170/0x3f0
[   31.384127]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.384210]  kthread+0x328/0x630
[   31.384332]  ret_from_fork+0x10/0x20
[   31.384421] 
[   31.384481] The buggy address belongs to the object at fff00000c8f61c00
[   31.384481]  which belongs to the cache kmalloc-256 of size 256
[   31.384860] The buggy address is located 17 bytes to the right of
[   31.384860]  allocated 201-byte region [fff00000c8f61c00, fff00000c8f61cc9)
[   31.384955] 
[   31.385026] The buggy address belongs to the physical page:
[   31.385122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.385185] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.385300] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.385387] page_type: f5(slab)
[   31.385498] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.385548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.385631] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.385917] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.386097] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.386241] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.386329] page dumped because: kasan: bad access detected
[   31.386457] 
[   31.386477] Memory state around the buggy address:
[   31.386524]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.386617]  fff00000c8f61c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.386944] >fff00000c8f61c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.387008]                                                     ^
[   31.387179]  fff00000c8f61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.387253]  fff00000c8f61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.387375] ==================================================================
[   31.433749] ==================================================================
[   31.433795] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.434120] Write of size 1 at addr fff00000c9b120d0 by task kunit_try_catch/193
[   31.434188] 
[   31.434218] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.434415] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.434652] Hardware name: linux,dummy-virt (DT)
[   31.434697] Call trace:
[   31.434719]  show_stack+0x20/0x38 (C)
[   31.434780]  dump_stack_lvl+0x8c/0xd0
[   31.434987]  print_report+0x118/0x5e8
[   31.435045]  kasan_report+0xdc/0x128
[   31.435311]  __asan_report_store1_noabort+0x20/0x30
[   31.435384]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.435438]  krealloc_large_less_oob+0x20/0x38
[   31.435621]  kunit_try_run_case+0x170/0x3f0
[   31.435755]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.435824]  kthread+0x328/0x630
[   31.436141]  ret_from_fork+0x10/0x20
[   31.436302] 
[   31.436343] The buggy address belongs to the physical page:
[   31.436464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.436518] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.436563] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.436613] page_type: f8(unknown)
[   31.436852] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.437091] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.437200] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.437314] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.437362] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.437571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.437751] page dumped because: kasan: bad access detected
[   31.437841] 
[   31.437905] Memory state around the buggy address:
[   31.437957]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.438323]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.438418] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.438475]                                                  ^
[   31.438533]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.438660]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.438718] ==================================================================
[   31.363450] ==================================================================
[   31.363648] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.363839] Write of size 1 at addr fff00000c8f61cc9 by task kunit_try_catch/189
[   31.364069] 
[   31.364123] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.364456] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.364495] Hardware name: linux,dummy-virt (DT)
[   31.364526] Call trace:
[   31.364548]  show_stack+0x20/0x38 (C)
[   31.364610]  dump_stack_lvl+0x8c/0xd0
[   31.364788]  print_report+0x118/0x5e8
[   31.364877]  kasan_report+0xdc/0x128
[   31.365002]  __asan_report_store1_noabort+0x20/0x30
[   31.365377]  krealloc_less_oob_helper+0xa48/0xc50
[   31.365466]  krealloc_less_oob+0x20/0x38
[   31.365597]  kunit_try_run_case+0x170/0x3f0
[   31.365672]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.365974]  kthread+0x328/0x630
[   31.366062]  ret_from_fork+0x10/0x20
[   31.366208] 
[   31.366267] Allocated by task 189:
[   31.366548]  kasan_save_stack+0x3c/0x68
[   31.366650]  kasan_save_track+0x20/0x40
[   31.366703]  kasan_save_alloc_info+0x40/0x58
[   31.366804]  __kasan_krealloc+0x118/0x178
[   31.366873]  krealloc_noprof+0x128/0x360
[   31.366910]  krealloc_less_oob_helper+0x168/0xc50
[   31.367350]  krealloc_less_oob+0x20/0x38
[   31.367438]  kunit_try_run_case+0x170/0x3f0
[   31.367823]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.367906]  kthread+0x328/0x630
[   31.368014]  ret_from_fork+0x10/0x20
[   31.368110] 
[   31.368145] The buggy address belongs to the object at fff00000c8f61c00
[   31.368145]  which belongs to the cache kmalloc-256 of size 256
[   31.368377] The buggy address is located 0 bytes to the right of
[   31.368377]  allocated 201-byte region [fff00000c8f61c00, fff00000c8f61cc9)
[   31.368538] 
[   31.368624] The buggy address belongs to the physical page:
[   31.368671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.368771] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.369076] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.369173] page_type: f5(slab)
[   31.369255] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.369374] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.369699] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.369783] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.369911] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.369999] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.370161] page dumped because: kasan: bad access detected
[   31.370250] 
[   31.370269] Memory state around the buggy address:
[   31.370300]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.370631]  fff00000c8f61c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.370689] >fff00000c8f61c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.370988]                                               ^
[   31.371061]  fff00000c8f61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.371115]  fff00000c8f61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.371261] ==================================================================
[   31.372764] ==================================================================
[   31.372933] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.372986] Write of size 1 at addr fff00000c8f61cd0 by task kunit_try_catch/189
[   31.373092] 
[   31.373139] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.373221] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.373246] Hardware name: linux,dummy-virt (DT)
[   31.373276] Call trace:
[   31.373595]  show_stack+0x20/0x38 (C)
[   31.373660]  dump_stack_lvl+0x8c/0xd0
[   31.373745]  print_report+0x118/0x5e8
[   31.373809]  kasan_report+0xdc/0x128
[   31.373879]  __asan_report_store1_noabort+0x20/0x30
[   31.373945]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.374051]  krealloc_less_oob+0x20/0x38
[   31.374106]  kunit_try_run_case+0x170/0x3f0
[   31.374194]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.374248]  kthread+0x328/0x630
[   31.374574]  ret_from_fork+0x10/0x20
[   31.374734] 
[   31.374774] Allocated by task 189:
[   31.374821]  kasan_save_stack+0x3c/0x68
[   31.374878]  kasan_save_track+0x20/0x40
[   31.374981]  kasan_save_alloc_info+0x40/0x58
[   31.375038]  __kasan_krealloc+0x118/0x178
[   31.375088]  krealloc_noprof+0x128/0x360
[   31.375365]  krealloc_less_oob_helper+0x168/0xc50
[   31.375444]  krealloc_less_oob+0x20/0x38
[   31.375493]  kunit_try_run_case+0x170/0x3f0
[   31.375661]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.375720]  kthread+0x328/0x630
[   31.375752]  ret_from_fork+0x10/0x20
[   31.375905] 
[   31.375925] The buggy address belongs to the object at fff00000c8f61c00
[   31.375925]  which belongs to the cache kmalloc-256 of size 256
[   31.375981] The buggy address is located 7 bytes to the right of
[   31.375981]  allocated 201-byte region [fff00000c8f61c00, fff00000c8f61cc9)
[   31.376042] 
[   31.376061] The buggy address belongs to the physical page:
[   31.376494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.376612] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.376757] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.376851] page_type: f5(slab)
[   31.376937] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.377025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.377157] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.377247] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.377341] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.377685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.377792] page dumped because: kasan: bad access detected
[   31.377873] 
[   31.377943] Memory state around the buggy address:
[   31.378053]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.378124]  fff00000c8f61c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.378166] >fff00000c8f61c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.378212]                                                  ^
[   31.378247]  fff00000c8f61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.378302]  fff00000c8f61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.378361] ==================================================================
[   31.439254] ==================================================================
[   31.439298] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.439345] Write of size 1 at addr fff00000c9b120da by task kunit_try_catch/193
[   31.439523] 
[   31.439679] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.439826] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.440145] Hardware name: linux,dummy-virt (DT)
[   31.440212] Call trace:
[   31.440233]  show_stack+0x20/0x38 (C)
[   31.440339]  dump_stack_lvl+0x8c/0xd0
[   31.440697]  print_report+0x118/0x5e8
[   31.440989]  kasan_report+0xdc/0x128
[   31.441116]  __asan_report_store1_noabort+0x20/0x30
[   31.441241]  krealloc_less_oob_helper+0xa80/0xc50
[   31.441313]  krealloc_large_less_oob+0x20/0x38
[   31.441587]  kunit_try_run_case+0x170/0x3f0
[   31.441751]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.441847]  kthread+0x328/0x630
[   31.442196]  ret_from_fork+0x10/0x20
[   31.442308] 
[   31.442336] The buggy address belongs to the physical page:
[   31.442383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.442434] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.442481] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.442532] page_type: f8(unknown)
[   31.442602] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.442663] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.442722] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.442778] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.442826] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.442891] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.442930] page dumped because: kasan: bad access detected
[   31.442968] 
[   31.442986] Memory state around the buggy address:
[   31.443022]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.443063]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.443572] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.443678]                                                     ^
[   31.443766]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.443816]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.443852] ==================================================================
[   31.428614] ==================================================================
[   31.428667] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.429134] Write of size 1 at addr fff00000c9b120c9 by task kunit_try_catch/193
[   31.429203] 
[   31.429237] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.429543] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.429597] Hardware name: linux,dummy-virt (DT)
[   31.429639] Call trace:
[   31.429664]  show_stack+0x20/0x38 (C)
[   31.429784]  dump_stack_lvl+0x8c/0xd0
[   31.429862]  print_report+0x118/0x5e8
[   31.429906]  kasan_report+0xdc/0x128
[   31.429977]  __asan_report_store1_noabort+0x20/0x30
[   31.430050]  krealloc_less_oob_helper+0xa48/0xc50
[   31.430149]  krealloc_large_less_oob+0x20/0x38
[   31.430199]  kunit_try_run_case+0x170/0x3f0
[   31.430243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.430309]  kthread+0x328/0x630
[   31.430580]  ret_from_fork+0x10/0x20
[   31.430794] 
[   31.430822] The buggy address belongs to the physical page:
[   31.430875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.430927] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.430972] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.431095] page_type: f8(unknown)
[   31.431163] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.431255] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.431323] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.431388] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.431492] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.431559] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.431606] page dumped because: kasan: bad access detected
[   31.431676] 
[   31.431704] Memory state around the buggy address:
[   31.431754]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.431824]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.431872] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.432197]                                               ^
[   31.432373]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.432448]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.432563] ==================================================================
[   31.445117] ==================================================================
[   31.445211] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.445287] Write of size 1 at addr fff00000c9b120ea by task kunit_try_catch/193
[   31.445346] 
[   31.445382] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.445759] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.445802] Hardware name: linux,dummy-virt (DT)
[   31.445976] Call trace:
[   31.446010]  show_stack+0x20/0x38 (C)
[   31.446382]  dump_stack_lvl+0x8c/0xd0
[   31.446578]  print_report+0x118/0x5e8
[   31.446801]  kasan_report+0xdc/0x128
[   31.447052]  __asan_report_store1_noabort+0x20/0x30
[   31.447131]  krealloc_less_oob_helper+0xae4/0xc50
[   31.447227]  krealloc_large_less_oob+0x20/0x38
[   31.447313]  kunit_try_run_case+0x170/0x3f0
[   31.447544]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.447619]  kthread+0x328/0x630
[   31.447726]  ret_from_fork+0x10/0x20
[   31.447933] 
[   31.448008] The buggy address belongs to the physical page:
[   31.448103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.448158] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.448204] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.448655] page_type: f8(unknown)
[   31.448769] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.448855] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.448988] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.449241] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.449305] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.449644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.449717] page dumped because: kasan: bad access detected
[   31.449814] 
[   31.449874] Memory state around the buggy address:
[   31.449907]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.449962]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.450290] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.450342]                                                           ^
[   31.450503]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.450566]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.450603] ==================================================================
[   31.451340] ==================================================================
[   31.451441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.451524] Write of size 1 at addr fff00000c9b120eb by task kunit_try_catch/193
[   31.451576] 
[   31.451621] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.451879] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.451931] Hardware name: linux,dummy-virt (DT)
[   31.452073] Call trace:
[   31.452131]  show_stack+0x20/0x38 (C)
[   31.452310]  dump_stack_lvl+0x8c/0xd0
[   31.452528]  print_report+0x118/0x5e8
[   31.452757]  kasan_report+0xdc/0x128
[   31.452828]  __asan_report_store1_noabort+0x20/0x30
[   31.452987]  krealloc_less_oob_helper+0xa58/0xc50
[   31.453043]  krealloc_large_less_oob+0x20/0x38
[   31.453267]  kunit_try_run_case+0x170/0x3f0
[   31.453490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.453585]  kthread+0x328/0x630
[   31.453726]  ret_from_fork+0x10/0x20
[   31.453836] 
[   31.453995] The buggy address belongs to the physical page:
[   31.454063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.454454] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.454630] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.454747] page_type: f8(unknown)
[   31.454826] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.454938] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.455041] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.455099] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.455459] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.455539] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.455581] page dumped because: kasan: bad access detected
[   31.455612] 
[   31.455631] Memory state around the buggy address:
[   31.455672]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.455714]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.456119] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.456288]                                                           ^
[   31.456373]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.456580]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.456661] ==================================================================
[   31.389248] ==================================================================
[   31.389295] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.389583] Write of size 1 at addr fff00000c8f61cea by task kunit_try_catch/189
[   31.390123] 
[   31.390166] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.390249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.390275] Hardware name: linux,dummy-virt (DT)
[   31.390559] Call trace:
[   31.390618]  show_stack+0x20/0x38 (C)
[   31.390670]  dump_stack_lvl+0x8c/0xd0
[   31.390716]  print_report+0x118/0x5e8
[   31.390759]  kasan_report+0xdc/0x128
[   31.391095]  __asan_report_store1_noabort+0x20/0x30
[   31.391185]  krealloc_less_oob_helper+0xae4/0xc50
[   31.391464]  krealloc_less_oob+0x20/0x38
[   31.391702]  kunit_try_run_case+0x170/0x3f0
[   31.391963]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.392048]  kthread+0x328/0x630
[   31.392225]  ret_from_fork+0x10/0x20
[   31.392381] 
[   31.392451] Allocated by task 189:
[   31.392609]  kasan_save_stack+0x3c/0x68
[   31.392676]  kasan_save_track+0x20/0x40
[   31.392786]  kasan_save_alloc_info+0x40/0x58
[   31.392872]  __kasan_krealloc+0x118/0x178
[   31.393005]  krealloc_noprof+0x128/0x360
[   31.393206]  krealloc_less_oob_helper+0x168/0xc50
[   31.393262]  krealloc_less_oob+0x20/0x38
[   31.393429]  kunit_try_run_case+0x170/0x3f0
[   31.393511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.393633]  kthread+0x328/0x630
[   31.393747]  ret_from_fork+0x10/0x20
[   31.393823] 
[   31.393842] The buggy address belongs to the object at fff00000c8f61c00
[   31.393842]  which belongs to the cache kmalloc-256 of size 256
[   31.394113] The buggy address is located 33 bytes to the right of
[   31.394113]  allocated 201-byte region [fff00000c8f61c00, fff00000c8f61cc9)
[   31.394355] 
[   31.394423] The buggy address belongs to the physical page:
[   31.394725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.394813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.394876] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.395226] page_type: f5(slab)
[   31.395338] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.395401] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.395450] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.395496] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.395558] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.395613] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.395652] page dumped because: kasan: bad access detected
[   31.395681] 
[   31.395698] Memory state around the buggy address:
[   31.395963]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.396161]  fff00000c8f61c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.396250] >fff00000c8f61c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.396318]                                                           ^
[   31.396371]  fff00000c8f61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.396415]  fff00000c8f61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.396636] ==================================================================
[   31.397571] ==================================================================
[   31.397756] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.397810] Write of size 1 at addr fff00000c8f61ceb by task kunit_try_catch/189
[   31.397983] 
[   31.398032] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.398159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.398186] Hardware name: linux,dummy-virt (DT)
[   31.398232] Call trace:
[   31.398254]  show_stack+0x20/0x38 (C)
[   31.398551]  dump_stack_lvl+0x8c/0xd0
[   31.398654]  print_report+0x118/0x5e8
[   31.398745]  kasan_report+0xdc/0x128
[   31.398828]  __asan_report_store1_noabort+0x20/0x30
[   31.398886]  krealloc_less_oob_helper+0xa58/0xc50
[   31.399072]  krealloc_less_oob+0x20/0x38
[   31.399224]  kunit_try_run_case+0x170/0x3f0
[   31.399279]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.399329]  kthread+0x328/0x630
[   31.399369]  ret_from_fork+0x10/0x20
[   31.399453] 
[   31.399473] Allocated by task 189:
[   31.399500]  kasan_save_stack+0x3c/0x68
[   31.399538]  kasan_save_track+0x20/0x40
[   31.399572]  kasan_save_alloc_info+0x40/0x58
[   31.399607]  __kasan_krealloc+0x118/0x178
[   31.399641]  krealloc_noprof+0x128/0x360
[   31.399678]  krealloc_less_oob_helper+0x168/0xc50
[   31.400128]  krealloc_less_oob+0x20/0x38
[   31.400196]  kunit_try_run_case+0x170/0x3f0
[   31.400238]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.400538]  kthread+0x328/0x630
[   31.400864]  ret_from_fork+0x10/0x20
[   31.400940] 
[   31.400977] The buggy address belongs to the object at fff00000c8f61c00
[   31.400977]  which belongs to the cache kmalloc-256 of size 256
[   31.401033] The buggy address is located 34 bytes to the right of
[   31.401033]  allocated 201-byte region [fff00000c8f61c00, fff00000c8f61cc9)
[   31.401399] 
[   31.401516] The buggy address belongs to the physical page:
[   31.401585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.402108] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.402209] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.402492] page_type: f5(slab)
[   31.402694] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.402792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.402879] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.403106] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.403254] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.403385] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.403430] page dumped because: kasan: bad access detected
[   31.403628] 
[   31.403780] Memory state around the buggy address:
[   31.403897]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.403971]  fff00000c8f61c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.404103] >fff00000c8f61c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.404142]                                                           ^
[   31.404194]  fff00000c8f61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.404237]  fff00000c8f61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.404275] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#3036zhqEIPBB9ZWiNqxrt9yzBCZ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3036zhqEIPBB9ZWiNqxrt9yzBCZ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/Image.gz
sha256sum	ef45bb451b92e0e364dae8f4a03204dbe06c728b275ab06b9f73ab6225c4cc39

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/modules.tar.xz
sha256sum	5b93974edad32ed66a90059bce180e27102c332dbf4de7f92fd7321ca4fe262a

durations

tests

boot	0
kunit	167.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   24.446139] ==================================================================
[   24.446457] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.446799] Write of size 1 at addr ffff88810500d6d0 by task kunit_try_catch/206
[   24.447099] 
[   24.448069] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.448126] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.448139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.448160] Call Trace:
[   24.448173]  <TASK>
[   24.448207]  dump_stack_lvl+0x73/0xb0
[   24.448241]  print_report+0xd1/0x640
[   24.448265]  ? __virt_addr_valid+0x1db/0x2d0
[   24.448289]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.448311]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.448336]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.448359]  kasan_report+0x141/0x180
[   24.448380]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.448406]  __asan_report_store1_noabort+0x1b/0x30
[   24.448429]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.448453]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.448475]  ? finish_task_switch.isra.0+0x153/0x700
[   24.448496]  ? __switch_to+0x47/0xf80
[   24.448521]  ? __schedule+0x10da/0x2b60
[   24.448544]  ? __pfx_read_tsc+0x10/0x10
[   24.448568]  krealloc_less_oob+0x1c/0x30
[   24.448588]  kunit_try_run_case+0x1a5/0x480
[   24.448611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.448632]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.448664]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.448696]  ? __kthread_parkme+0x82/0x180
[   24.448715]  ? preempt_count_sub+0x50/0x80
[   24.448736]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.448758]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.448857]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.448883]  kthread+0x337/0x6f0
[   24.448902]  ? trace_preempt_on+0x20/0xc0
[   24.448925]  ? __pfx_kthread+0x10/0x10
[   24.448944]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.448974]  ? calculate_sigpending+0x7b/0xa0
[   24.448997]  ? __pfx_kthread+0x10/0x10
[   24.449017]  ret_from_fork+0x116/0x1d0
[   24.449035]  ? __pfx_kthread+0x10/0x10
[   24.449055]  ret_from_fork_asm+0x1a/0x30
[   24.449085]  </TASK>
[   24.449095] 
[   24.461134] Allocated by task 206:
[   24.461429]  kasan_save_stack+0x45/0x70
[   24.461631]  kasan_save_track+0x18/0x40
[   24.461821]  kasan_save_alloc_info+0x3b/0x50
[   24.462014]  __kasan_krealloc+0x190/0x1f0
[   24.462208]  krealloc_noprof+0xf3/0x340
[   24.462385]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.462596]  krealloc_less_oob+0x1c/0x30
[   24.462776]  kunit_try_run_case+0x1a5/0x480
[   24.462968]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.463781]  kthread+0x337/0x6f0
[   24.464244]  ret_from_fork+0x116/0x1d0
[   24.464407]  ret_from_fork_asm+0x1a/0x30
[   24.464605] 
[   24.464678] The buggy address belongs to the object at ffff88810500d600
[   24.464678]  which belongs to the cache kmalloc-256 of size 256
[   24.465513] The buggy address is located 7 bytes to the right of
[   24.465513]  allocated 201-byte region [ffff88810500d600, ffff88810500d6c9)
[   24.466457] 
[   24.466569] The buggy address belongs to the physical page:
[   24.467109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10500c
[   24.467588] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.467924] flags: 0x200000000000040(head|node=0|zone=2)
[   24.468162] page_type: f5(slab)
[   24.468311] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.468642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.468951] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.469941] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.470385] head: 0200000000000001 ffffea0004140301 00000000ffffffff 00000000ffffffff
[   24.470930] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.471330] page dumped because: kasan: bad access detected
[   24.471688] 
[   24.471760] Memory state around the buggy address:
[   24.472283]  ffff88810500d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.472680]  ffff88810500d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.473324] >ffff88810500d680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.473768]                                                  ^
[   24.474224]  ffff88810500d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.474658]  ffff88810500d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.475206] ==================================================================
[   24.606549] ==================================================================
[   24.606997] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.607264] Write of size 1 at addr ffff888102b3e0c9 by task kunit_try_catch/210
[   24.608058] 
[   24.608266] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.608537] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.608555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.608578] Call Trace:
[   24.608593]  <TASK>
[   24.608611]  dump_stack_lvl+0x73/0xb0
[   24.608647]  print_report+0xd1/0x640
[   24.608671]  ? __virt_addr_valid+0x1db/0x2d0
[   24.608695]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.608717]  ? kasan_addr_to_slab+0x11/0xa0
[   24.608737]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.608759]  kasan_report+0x141/0x180
[   24.608783]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.608835]  __asan_report_store1_noabort+0x1b/0x30
[   24.608872]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.608897]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.608920]  ? finish_task_switch.isra.0+0x153/0x700
[   24.608941]  ? __switch_to+0x47/0xf80
[   24.608967]  ? __schedule+0x10da/0x2b60
[   24.608990]  ? __pfx_read_tsc+0x10/0x10
[   24.609014]  krealloc_large_less_oob+0x1c/0x30
[   24.609037]  kunit_try_run_case+0x1a5/0x480
[   24.609061]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.609082]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.609114]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.609146]  ? __kthread_parkme+0x82/0x180
[   24.609167]  ? preempt_count_sub+0x50/0x80
[   24.609203]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.609225]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.609247]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.609269]  kthread+0x337/0x6f0
[   24.609288]  ? trace_preempt_on+0x20/0xc0
[   24.609311]  ? __pfx_kthread+0x10/0x10
[   24.609330]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.609359]  ? calculate_sigpending+0x7b/0xa0
[   24.609382]  ? __pfx_kthread+0x10/0x10
[   24.609402]  ret_from_fork+0x116/0x1d0
[   24.609420]  ? __pfx_kthread+0x10/0x10
[   24.609439]  ret_from_fork_asm+0x1a/0x30
[   24.609469]  </TASK>
[   24.609482] 
[   24.627143] The buggy address belongs to the physical page:
[   24.627859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.628764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.629349] flags: 0x200000000000040(head|node=0|zone=2)
[   24.629541] page_type: f8(unknown)
[   24.629669] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.630532] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.631696] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.632730] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.633545] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.634079] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.634943] page dumped because: kasan: bad access detected
[   24.635571] 
[   24.635673] Memory state around the buggy address:
[   24.636357]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.636990]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.637228] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.637437]                                               ^
[   24.637608]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.637967]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.638567] ==================================================================
[   24.689017] ==================================================================
[   24.689451] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.689701] Write of size 1 at addr ffff888102b3e0ea by task kunit_try_catch/210
[   24.689920] 
[   24.689998] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.690041] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.690053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.690085] Call Trace:
[   24.690118]  <TASK>
[   24.690132]  dump_stack_lvl+0x73/0xb0
[   24.690161]  print_report+0xd1/0x640
[   24.690183]  ? __virt_addr_valid+0x1db/0x2d0
[   24.690217]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.690239]  ? kasan_addr_to_slab+0x11/0xa0
[   24.690259]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.690281]  kasan_report+0x141/0x180
[   24.690303]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.690331]  __asan_report_store1_noabort+0x1b/0x30
[   24.690355]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.690379]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.690402]  ? finish_task_switch.isra.0+0x153/0x700
[   24.690423]  ? __switch_to+0x47/0xf80
[   24.690447]  ? __schedule+0x10da/0x2b60
[   24.690470]  ? __pfx_read_tsc+0x10/0x10
[   24.690493]  krealloc_large_less_oob+0x1c/0x30
[   24.690514]  kunit_try_run_case+0x1a5/0x480
[   24.690539]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.690560]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.690593]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.690631]  ? __kthread_parkme+0x82/0x180
[   24.690650]  ? preempt_count_sub+0x50/0x80
[   24.690671]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.690694]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.690716]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.690738]  kthread+0x337/0x6f0
[   24.690757]  ? trace_preempt_on+0x20/0xc0
[   24.690779]  ? __pfx_kthread+0x10/0x10
[   24.690821]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.690864]  ? calculate_sigpending+0x7b/0xa0
[   24.690888]  ? __pfx_kthread+0x10/0x10
[   24.690909]  ret_from_fork+0x116/0x1d0
[   24.690927]  ? __pfx_kthread+0x10/0x10
[   24.690946]  ret_from_fork_asm+0x1a/0x30
[   24.690976]  </TASK>
[   24.690986] 
[   24.705232] The buggy address belongs to the physical page:
[   24.705745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.706381] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.707075] flags: 0x200000000000040(head|node=0|zone=2)
[   24.707583] page_type: f8(unknown)
[   24.707902] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.708561] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.709325] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.709560] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.709787] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.710519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.711345] page dumped because: kasan: bad access detected
[   24.711868] 
[   24.712021] Memory state around the buggy address:
[   24.712446]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.713108]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.713811] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.714027]                                                           ^
[   24.714233]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.714736]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.715117] ==================================================================
[   24.640347] ==================================================================
[   24.640952] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.641514] Write of size 1 at addr ffff888102b3e0d0 by task kunit_try_catch/210
[   24.641747] 
[   24.641837] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.641884] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.641896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.641918] Call Trace:
[   24.641931]  <TASK>
[   24.641947]  dump_stack_lvl+0x73/0xb0
[   24.641980]  print_report+0xd1/0x640
[   24.642003]  ? __virt_addr_valid+0x1db/0x2d0
[   24.642027]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.642051]  ? kasan_addr_to_slab+0x11/0xa0
[   24.642071]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.642094]  kasan_report+0x141/0x180
[   24.642115]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.642141]  __asan_report_store1_noabort+0x1b/0x30
[   24.642218]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.642243]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.642295]  ? finish_task_switch.isra.0+0x153/0x700
[   24.642316]  ? __switch_to+0x47/0xf80
[   24.642352]  ? __schedule+0x10da/0x2b60
[   24.642375]  ? __pfx_read_tsc+0x10/0x10
[   24.642400]  krealloc_large_less_oob+0x1c/0x30
[   24.642422]  kunit_try_run_case+0x1a5/0x480
[   24.642446]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.642467]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.642514]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.642546]  ? __kthread_parkme+0x82/0x180
[   24.642566]  ? preempt_count_sub+0x50/0x80
[   24.642587]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.642610]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.642640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.642664]  kthread+0x337/0x6f0
[   24.642683]  ? trace_preempt_on+0x20/0xc0
[   24.642705]  ? __pfx_kthread+0x10/0x10
[   24.642725]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.642754]  ? calculate_sigpending+0x7b/0xa0
[   24.642777]  ? __pfx_kthread+0x10/0x10
[   24.642821]  ret_from_fork+0x116/0x1d0
[   24.642840]  ? __pfx_kthread+0x10/0x10
[   24.642860]  ret_from_fork_asm+0x1a/0x30
[   24.642901]  </TASK>
[   24.642912] 
[   24.651409] The buggy address belongs to the physical page:
[   24.651879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.652813] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.653628] flags: 0x200000000000040(head|node=0|zone=2)
[   24.654231] page_type: f8(unknown)
[   24.654594] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.655434] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.656301] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.657216] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.658100] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.658897] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.659540] page dumped because: kasan: bad access detected
[   24.659926] 
[   24.659991] Memory state around the buggy address:
[   24.660138]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.660354]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.660559] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.660762]                                                  ^
[   24.660933]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.661137]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.661849] ==================================================================
[   24.662728] ==================================================================
[   24.663406] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.664226] Write of size 1 at addr ffff888102b3e0da by task kunit_try_catch/210
[   24.665015] 
[   24.665198] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.665245] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.665257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.665279] Call Trace:
[   24.665295]  <TASK>
[   24.665308]  dump_stack_lvl+0x73/0xb0
[   24.665340]  print_report+0xd1/0x640
[   24.665363]  ? __virt_addr_valid+0x1db/0x2d0
[   24.665386]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.665408]  ? kasan_addr_to_slab+0x11/0xa0
[   24.665428]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.665451]  kasan_report+0x141/0x180
[   24.665474]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.665501]  __asan_report_store1_noabort+0x1b/0x30
[   24.665526]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.665556]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.665582]  ? finish_task_switch.isra.0+0x153/0x700
[   24.665603]  ? __switch_to+0x47/0xf80
[   24.665628]  ? __schedule+0x10da/0x2b60
[   24.665651]  ? __pfx_read_tsc+0x10/0x10
[   24.665676]  krealloc_large_less_oob+0x1c/0x30
[   24.665698]  kunit_try_run_case+0x1a5/0x480
[   24.665722]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.665743]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.665781]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.665814]  ? __kthread_parkme+0x82/0x180
[   24.665835]  ? preempt_count_sub+0x50/0x80
[   24.665858]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.665880]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.665904]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.665925]  kthread+0x337/0x6f0
[   24.665944]  ? trace_preempt_on+0x20/0xc0
[   24.665966]  ? __pfx_kthread+0x10/0x10
[   24.665986]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.666015]  ? calculate_sigpending+0x7b/0xa0
[   24.666038]  ? __pfx_kthread+0x10/0x10
[   24.666058]  ret_from_fork+0x116/0x1d0
[   24.666092]  ? __pfx_kthread+0x10/0x10
[   24.666111]  ret_from_fork_asm+0x1a/0x30
[   24.666141]  </TASK>
[   24.666151] 
[   24.679688] The buggy address belongs to the physical page:
[   24.680250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.680935] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.681478] flags: 0x200000000000040(head|node=0|zone=2)
[   24.681761] page_type: f8(unknown)
[   24.681885] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.682393] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.683092] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.683626] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.684046] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.684316] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.684539] page dumped because: kasan: bad access detected
[   24.684702] 
[   24.684764] Memory state around the buggy address:
[   24.685230]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.685674]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.686058] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.686312]                                                     ^
[   24.686555]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.687285]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.688108] ==================================================================
[   24.476469] ==================================================================
[   24.477107] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.477439] Write of size 1 at addr ffff88810500d6da by task kunit_try_catch/206
[   24.478110] 
[   24.478246] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.478296] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.478307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.478329] Call Trace:
[   24.478347]  <TASK>
[   24.478363]  dump_stack_lvl+0x73/0xb0
[   24.478397]  print_report+0xd1/0x640
[   24.478420]  ? __virt_addr_valid+0x1db/0x2d0
[   24.478443]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.478466]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.478490]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.478513]  kasan_report+0x141/0x180
[   24.478534]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.478560]  __asan_report_store1_noabort+0x1b/0x30
[   24.478583]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.478607]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.478635]  ? finish_task_switch.isra.0+0x153/0x700
[   24.478656]  ? __switch_to+0x47/0xf80
[   24.478681]  ? __schedule+0x10da/0x2b60
[   24.478703]  ? __pfx_read_tsc+0x10/0x10
[   24.478727]  krealloc_less_oob+0x1c/0x30
[   24.478747]  kunit_try_run_case+0x1a5/0x480
[   24.478771]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.479054]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.479091]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.479124]  ? __kthread_parkme+0x82/0x180
[   24.479143]  ? preempt_count_sub+0x50/0x80
[   24.479165]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.479199]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.479222]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.479244]  kthread+0x337/0x6f0
[   24.479263]  ? trace_preempt_on+0x20/0xc0
[   24.479285]  ? __pfx_kthread+0x10/0x10
[   24.479305]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.479334]  ? calculate_sigpending+0x7b/0xa0
[   24.479358]  ? __pfx_kthread+0x10/0x10
[   24.479378]  ret_from_fork+0x116/0x1d0
[   24.479397]  ? __pfx_kthread+0x10/0x10
[   24.479416]  ret_from_fork_asm+0x1a/0x30
[   24.479446]  </TASK>
[   24.479457] 
[   24.491564] Allocated by task 206:
[   24.491714]  kasan_save_stack+0x45/0x70
[   24.491927]  kasan_save_track+0x18/0x40
[   24.492123]  kasan_save_alloc_info+0x3b/0x50
[   24.492320]  __kasan_krealloc+0x190/0x1f0
[   24.492505]  krealloc_noprof+0xf3/0x340
[   24.492676]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.492888]  krealloc_less_oob+0x1c/0x30
[   24.493067]  kunit_try_run_case+0x1a5/0x480
[   24.494082]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.494307]  kthread+0x337/0x6f0
[   24.494671]  ret_from_fork+0x116/0x1d0
[   24.495081]  ret_from_fork_asm+0x1a/0x30
[   24.495291] 
[   24.495361] The buggy address belongs to the object at ffff88810500d600
[   24.495361]  which belongs to the cache kmalloc-256 of size 256
[   24.496242] The buggy address is located 17 bytes to the right of
[   24.496242]  allocated 201-byte region [ffff88810500d600, ffff88810500d6c9)
[   24.497014] 
[   24.497118] The buggy address belongs to the physical page:
[   24.497483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10500c
[   24.498239] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.498741] flags: 0x200000000000040(head|node=0|zone=2)
[   24.499196] page_type: f5(slab)
[   24.499337] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.499962] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.500410] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.500940] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.501285] head: 0200000000000001 ffffea0004140301 00000000ffffffff 00000000ffffffff
[   24.501610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.502346] page dumped because: kasan: bad access detected
[   24.502679] 
[   24.503042] Memory state around the buggy address:
[   24.503271]  ffff88810500d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.503645]  ffff88810500d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.504191] >ffff88810500d680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.504631]                                                     ^
[   24.505139]  ffff88810500d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.505520]  ffff88810500d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.506158] ==================================================================
[   24.716187] ==================================================================
[   24.716878] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.717408] Write of size 1 at addr ffff888102b3e0eb by task kunit_try_catch/210
[   24.717837] 
[   24.718008] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.718052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.718063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.718095] Call Trace:
[   24.718112]  <TASK>
[   24.718126]  dump_stack_lvl+0x73/0xb0
[   24.718161]  print_report+0xd1/0x640
[   24.718183]  ? __virt_addr_valid+0x1db/0x2d0
[   24.718216]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.718239]  ? kasan_addr_to_slab+0x11/0xa0
[   24.718259]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.718281]  kasan_report+0x141/0x180
[   24.718302]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.718330]  __asan_report_store1_noabort+0x1b/0x30
[   24.718353]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.718377]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.718400]  ? finish_task_switch.isra.0+0x153/0x700
[   24.718421]  ? __switch_to+0x47/0xf80
[   24.718446]  ? __schedule+0x10da/0x2b60
[   24.718468]  ? __pfx_read_tsc+0x10/0x10
[   24.718491]  krealloc_large_less_oob+0x1c/0x30
[   24.718513]  kunit_try_run_case+0x1a5/0x480
[   24.718537]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.718558]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.718591]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.718629]  ? __kthread_parkme+0x82/0x180
[   24.718649]  ? preempt_count_sub+0x50/0x80
[   24.718670]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.718692]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.718714]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.718736]  kthread+0x337/0x6f0
[   24.718755]  ? trace_preempt_on+0x20/0xc0
[   24.718777]  ? __pfx_kthread+0x10/0x10
[   24.718815]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.718844]  ? calculate_sigpending+0x7b/0xa0
[   24.718874]  ? __pfx_kthread+0x10/0x10
[   24.718895]  ret_from_fork+0x116/0x1d0
[   24.718913]  ? __pfx_kthread+0x10/0x10
[   24.718932]  ret_from_fork_asm+0x1a/0x30
[   24.718963]  </TASK>
[   24.718972] 
[   24.731349] The buggy address belongs to the physical page:
[   24.731761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.732076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.732308] flags: 0x200000000000040(head|node=0|zone=2)
[   24.732496] page_type: f8(unknown)
[   24.732783] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.733534] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.734391] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.734622] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.735036] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.735300] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.735522] page dumped because: kasan: bad access detected
[   24.735684] 
[   24.735745] Memory state around the buggy address:
[   24.735891]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.736382]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.736859] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.737597]                                                           ^
[   24.738259]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.738942]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.739384] ==================================================================
[   24.534310] ==================================================================
[   24.534904] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.535337] Write of size 1 at addr ffff88810500d6eb by task kunit_try_catch/206
[   24.535636] 
[   24.535730] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.535777] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.535789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.535810] Call Trace:
[   24.535829]  <TASK>
[   24.535846]  dump_stack_lvl+0x73/0xb0
[   24.536418]  print_report+0xd1/0x640
[   24.536443]  ? __virt_addr_valid+0x1db/0x2d0
[   24.536466]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.536488]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.536513]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.536536]  kasan_report+0x141/0x180
[   24.536557]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.536584]  __asan_report_store1_noabort+0x1b/0x30
[   24.536607]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.536631]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.536654]  ? finish_task_switch.isra.0+0x153/0x700
[   24.536675]  ? __switch_to+0x47/0xf80
[   24.536700]  ? __schedule+0x10da/0x2b60
[   24.536723]  ? __pfx_read_tsc+0x10/0x10
[   24.536747]  krealloc_less_oob+0x1c/0x30
[   24.536767]  kunit_try_run_case+0x1a5/0x480
[   24.536810]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.536832]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.536865]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.536897]  ? __kthread_parkme+0x82/0x180
[   24.536917]  ? preempt_count_sub+0x50/0x80
[   24.536939]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.536962]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.536984]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.537005]  kthread+0x337/0x6f0
[   24.537024]  ? trace_preempt_on+0x20/0xc0
[   24.537046]  ? __pfx_kthread+0x10/0x10
[   24.537065]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.537094]  ? calculate_sigpending+0x7b/0xa0
[   24.537118]  ? __pfx_kthread+0x10/0x10
[   24.537138]  ret_from_fork+0x116/0x1d0
[   24.537156]  ? __pfx_kthread+0x10/0x10
[   24.537176]  ret_from_fork_asm+0x1a/0x30
[   24.537217]  </TASK>
[   24.537227] 
[   24.547561] Allocated by task 206:
[   24.547884]  kasan_save_stack+0x45/0x70
[   24.548071]  kasan_save_track+0x18/0x40
[   24.548258]  kasan_save_alloc_info+0x3b/0x50
[   24.548443]  __kasan_krealloc+0x190/0x1f0
[   24.548620]  krealloc_noprof+0xf3/0x340
[   24.548773]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.549004]  krealloc_less_oob+0x1c/0x30
[   24.549682]  kunit_try_run_case+0x1a5/0x480
[   24.549829]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.550177]  kthread+0x337/0x6f0
[   24.550332]  ret_from_fork+0x116/0x1d0
[   24.550498]  ret_from_fork_asm+0x1a/0x30
[   24.550699] 
[   24.550767] The buggy address belongs to the object at ffff88810500d600
[   24.550767]  which belongs to the cache kmalloc-256 of size 256
[   24.551368] The buggy address is located 34 bytes to the right of
[   24.551368]  allocated 201-byte region [ffff88810500d600, ffff88810500d6c9)
[   24.552350] 
[   24.552577] The buggy address belongs to the physical page:
[   24.553030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10500c
[   24.553455] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.553986] flags: 0x200000000000040(head|node=0|zone=2)
[   24.554347] page_type: f5(slab)
[   24.554567] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.555061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.555373] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.555814] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.556301] head: 0200000000000001 ffffea0004140301 00000000ffffffff 00000000ffffffff
[   24.556690] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.557153] page dumped because: kasan: bad access detected
[   24.557353] 
[   24.557442] Memory state around the buggy address:
[   24.557653]  ffff88810500d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.557913]  ffff88810500d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.558224] >ffff88810500d680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.558502]                                                           ^
[   24.558764]  ffff88810500d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.559045]  ffff88810500d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.559865] ==================================================================
[   24.507396] ==================================================================
[   24.507719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.508058] Write of size 1 at addr ffff88810500d6ea by task kunit_try_catch/206
[   24.508382] 
[   24.508475] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.508520] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.508532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.508553] Call Trace:
[   24.508571]  <TASK>
[   24.508588]  dump_stack_lvl+0x73/0xb0
[   24.508618]  print_report+0xd1/0x640
[   24.508639]  ? __virt_addr_valid+0x1db/0x2d0
[   24.508662]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.508684]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.508709]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.508731]  kasan_report+0x141/0x180
[   24.508751]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.508777]  __asan_report_store1_noabort+0x1b/0x30
[   24.508800]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.508824]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.508846]  ? finish_task_switch.isra.0+0x153/0x700
[   24.508866]  ? __switch_to+0x47/0xf80
[   24.508891]  ? __schedule+0x10da/0x2b60
[   24.508913]  ? __pfx_read_tsc+0x10/0x10
[   24.508937]  krealloc_less_oob+0x1c/0x30
[   24.508957]  kunit_try_run_case+0x1a5/0x480
[   24.508980]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.509001]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.509033]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.509064]  ? __kthread_parkme+0x82/0x180
[   24.509083]  ? preempt_count_sub+0x50/0x80
[   24.509104]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.509126]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.509147]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.509169]  kthread+0x337/0x6f0
[   24.509687]  ? trace_preempt_on+0x20/0xc0
[   24.509723]  ? __pfx_kthread+0x10/0x10
[   24.509744]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.509775]  ? calculate_sigpending+0x7b/0xa0
[   24.509945]  ? __pfx_kthread+0x10/0x10
[   24.509970]  ret_from_fork+0x116/0x1d0
[   24.509989]  ? __pfx_kthread+0x10/0x10
[   24.510008]  ret_from_fork_asm+0x1a/0x30
[   24.510038]  </TASK>
[   24.510049] 
[   24.521145] Allocated by task 206:
[   24.521327]  kasan_save_stack+0x45/0x70
[   24.521523]  kasan_save_track+0x18/0x40
[   24.521700]  kasan_save_alloc_info+0x3b/0x50
[   24.522259]  __kasan_krealloc+0x190/0x1f0
[   24.522429]  krealloc_noprof+0xf3/0x340
[   24.522660]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.522911]  krealloc_less_oob+0x1c/0x30
[   24.523114]  kunit_try_run_case+0x1a5/0x480
[   24.523323]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.523493]  kthread+0x337/0x6f0
[   24.523997]  ret_from_fork+0x116/0x1d0
[   24.524208]  ret_from_fork_asm+0x1a/0x30
[   24.524541] 
[   24.524625] The buggy address belongs to the object at ffff88810500d600
[   24.524625]  which belongs to the cache kmalloc-256 of size 256
[   24.525258] The buggy address is located 33 bytes to the right of
[   24.525258]  allocated 201-byte region [ffff88810500d600, ffff88810500d6c9)
[   24.525760] 
[   24.525862] The buggy address belongs to the physical page:
[   24.526127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10500c
[   24.526457] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.526765] flags: 0x200000000000040(head|node=0|zone=2)
[   24.526996] page_type: f5(slab)
[   24.527149] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.528302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.528705] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.529215] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.529636] head: 0200000000000001 ffffea0004140301 00000000ffffffff 00000000ffffffff
[   24.530053] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.530362] page dumped because: kasan: bad access detected
[   24.530770] 
[   24.530905] Memory state around the buggy address:
[   24.531385]  ffff88810500d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.531642]  ffff88810500d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.531942] >ffff88810500d680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.532580]                                                           ^
[   24.532943]  ffff88810500d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.533197]  ffff88810500d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.533515] ==================================================================
[   24.412479] ==================================================================
[   24.413160] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.414163] Write of size 1 at addr ffff88810500d6c9 by task kunit_try_catch/206
[   24.414966] 
[   24.415077] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.415327] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.415340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.415363] Call Trace:
[   24.415377]  <TASK>
[   24.415394]  dump_stack_lvl+0x73/0xb0
[   24.415429]  print_report+0xd1/0x640
[   24.415451]  ? __virt_addr_valid+0x1db/0x2d0
[   24.415477]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.415500]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.415526]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.415548]  kasan_report+0x141/0x180
[   24.415569]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.415595]  __asan_report_store1_noabort+0x1b/0x30
[   24.415618]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.415643]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.415665]  ? finish_task_switch.isra.0+0x153/0x700
[   24.415687]  ? __switch_to+0x47/0xf80
[   24.415713]  ? __schedule+0x10da/0x2b60
[   24.415736]  ? __pfx_read_tsc+0x10/0x10
[   24.415760]  krealloc_less_oob+0x1c/0x30
[   24.415804]  kunit_try_run_case+0x1a5/0x480
[   24.415846]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.415868]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.415902]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.415933]  ? __kthread_parkme+0x82/0x180
[   24.415953]  ? preempt_count_sub+0x50/0x80
[   24.415974]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.415996]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.416018]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.416040]  kthread+0x337/0x6f0
[   24.416058]  ? trace_preempt_on+0x20/0xc0
[   24.416082]  ? __pfx_kthread+0x10/0x10
[   24.416102]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.416131]  ? calculate_sigpending+0x7b/0xa0
[   24.416154]  ? __pfx_kthread+0x10/0x10
[   24.416176]  ret_from_fork+0x116/0x1d0
[   24.416204]  ? __pfx_kthread+0x10/0x10
[   24.416224]  ret_from_fork_asm+0x1a/0x30
[   24.416254]  </TASK>
[   24.416265] 
[   24.430658] Allocated by task 206:
[   24.431198]  kasan_save_stack+0x45/0x70
[   24.431730]  kasan_save_track+0x18/0x40
[   24.432332]  kasan_save_alloc_info+0x3b/0x50
[   24.432694]  __kasan_krealloc+0x190/0x1f0
[   24.432840]  krealloc_noprof+0xf3/0x340
[   24.432972]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.433123]  krealloc_less_oob+0x1c/0x30
[   24.433268]  kunit_try_run_case+0x1a5/0x480
[   24.433414]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.433664]  kthread+0x337/0x6f0
[   24.433831]  ret_from_fork+0x116/0x1d0
[   24.433983]  ret_from_fork_asm+0x1a/0x30
[   24.434151] 
[   24.434768] The buggy address belongs to the object at ffff88810500d600
[   24.434768]  which belongs to the cache kmalloc-256 of size 256
[   24.435777] The buggy address is located 0 bytes to the right of
[   24.435777]  allocated 201-byte region [ffff88810500d600, ffff88810500d6c9)
[   24.436394] 
[   24.436714] The buggy address belongs to the physical page:
[   24.437166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10500c
[   24.437654] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.438195] flags: 0x200000000000040(head|node=0|zone=2)
[   24.438450] page_type: f5(slab)
[   24.438602] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.439384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.439678] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.440283] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.440759] head: 0200000000000001 ffffea0004140301 00000000ffffffff 00000000ffffffff
[   24.441296] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.441744] page dumped because: kasan: bad access detected
[   24.442213] 
[   24.442296] Memory state around the buggy address:
[   24.442715]  ffff88810500d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.443375]  ffff88810500d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.443907] >ffff88810500d680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.444162]                                               ^
[   24.444666]  ffff88810500d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.445106]  ffff88810500d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.445442] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#30370jamGaSAgcfW3PKLOLBtw8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30370jamGaSAgcfW3PKLOLBtw8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/bzImage
sha256sum	fe25299d7ea64504487f8eb839cd1708aceb4f0c82b81f45634bb8a73b3edfa6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/modules.tar.xz
sha256sum	bb9109246fd36b7a8249a4772c2bee7e93157a7bc523efedb3b113d0ba7942ea

durations

tests

boot	0
kunit	224.21

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned