lkft/linux-next-master - next-20250723 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 23, 2025, 3:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.292031] ==================================================================
[   30.292087] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.292140] Write of size 1 at addr fff00000c9ae60da by task kunit_try_catch/195
[   30.292188] 
[   30.292414] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.292564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.292700] Hardware name: linux,dummy-virt (DT)
[   30.292736] Call trace:
[   30.293452]  show_stack+0x20/0x38 (C)
[   30.293540]  dump_stack_lvl+0x8c/0xd0
[   30.293618]  print_report+0x118/0x5e8
[   30.293664]  kasan_report+0xdc/0x128
[   30.293876]  __asan_report_store1_noabort+0x20/0x30
[   30.294178]  krealloc_less_oob_helper+0xa80/0xc50
[   30.294425]  krealloc_large_less_oob+0x20/0x38
[   30.294513]  kunit_try_run_case+0x170/0x3f0
[   30.294598]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.294650]  kthread+0x328/0x630
[   30.294699]  ret_from_fork+0x10/0x20
[   30.294748] 
[   30.294769] The buggy address belongs to the physical page:
[   30.294805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.294856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.294920] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.294972] page_type: f8(unknown)
[   30.295018] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.295072] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.295118] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.295173] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.295236] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.295298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.295336] page dumped because: kasan: bad access detected
[   30.295365] 
[   30.295388] Memory state around the buggy address:
[   30.295433]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.295474]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.295514] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.295560]                                                     ^
[   30.295598]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.295648]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.295684] ==================================================================
[   30.284304] ==================================================================
[   30.284350] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.284509] Write of size 1 at addr fff00000c9ae60d0 by task kunit_try_catch/195
[   30.285045] 
[   30.285153] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.285239] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.285265] Hardware name: linux,dummy-virt (DT)
[   30.285294] Call trace:
[   30.285315]  show_stack+0x20/0x38 (C)
[   30.285891]  dump_stack_lvl+0x8c/0xd0
[   30.286011]  print_report+0x118/0x5e8
[   30.286157]  kasan_report+0xdc/0x128
[   30.286233]  __asan_report_store1_noabort+0x20/0x30
[   30.286304]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.286687]  krealloc_large_less_oob+0x20/0x38
[   30.286834]  kunit_try_run_case+0x170/0x3f0
[   30.287001]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.287248]  kthread+0x328/0x630
[   30.287487]  ret_from_fork+0x10/0x20
[   30.287570] 
[   30.287591] The buggy address belongs to the physical page:
[   30.287786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.288049] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.288194] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.288300] page_type: f8(unknown)
[   30.288377] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.288662] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.288845] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.289012] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.289100] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.289253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.289343] page dumped because: kasan: bad access detected
[   30.289399] 
[   30.289422] Memory state around the buggy address:
[   30.289453]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.289496]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.289745] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.289987]                                                  ^
[   30.290126]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.290201]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.290250] ==================================================================
[   30.218815] ==================================================================
[   30.218883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.218969] Write of size 1 at addr fff00000c91e64c9 by task kunit_try_catch/191
[   30.219072] 
[   30.219163] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.219269] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.219306] Hardware name: linux,dummy-virt (DT)
[   30.219339] Call trace:
[   30.219362]  show_stack+0x20/0x38 (C)
[   30.219652]  dump_stack_lvl+0x8c/0xd0
[   30.219699]  print_report+0x118/0x5e8
[   30.219760]  kasan_report+0xdc/0x128
[   30.219834]  __asan_report_store1_noabort+0x20/0x30
[   30.219923]  krealloc_less_oob_helper+0xa48/0xc50
[   30.219996]  krealloc_less_oob+0x20/0x38
[   30.220043]  kunit_try_run_case+0x170/0x3f0
[   30.220111]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.220195]  kthread+0x328/0x630
[   30.220498]  ret_from_fork+0x10/0x20
[   30.220563] 
[   30.220581] Allocated by task 191:
[   30.220609]  kasan_save_stack+0x3c/0x68
[   30.220670]  kasan_save_track+0x20/0x40
[   30.220704]  kasan_save_alloc_info+0x40/0x58
[   30.220800]  __kasan_krealloc+0x118/0x178
[   30.220860]  krealloc_noprof+0x128/0x360
[   30.221002]  krealloc_less_oob_helper+0x168/0xc50
[   30.221070]  krealloc_less_oob+0x20/0x38
[   30.221188]  kunit_try_run_case+0x170/0x3f0
[   30.221276]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.221368]  kthread+0x328/0x630
[   30.221402]  ret_from_fork+0x10/0x20
[   30.221436] 
[   30.221472] The buggy address belongs to the object at fff00000c91e6400
[   30.221472]  which belongs to the cache kmalloc-256 of size 256
[   30.221709] The buggy address is located 0 bytes to the right of
[   30.221709]  allocated 201-byte region [fff00000c91e6400, fff00000c91e64c9)
[   30.221774] 
[   30.221794] The buggy address belongs to the physical page:
[   30.221834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.221944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.222025] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.222103] page_type: f5(slab)
[   30.222143] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.222190] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.222237] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.222355] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.222402] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.222448] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.222523] page dumped because: kasan: bad access detected
[   30.222619] 
[   30.222688] Memory state around the buggy address:
[   30.222744]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.222812]  fff00000c91e6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.222870] >fff00000c91e6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.222917]                                               ^
[   30.222953]  fff00000c91e6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.222995]  fff00000c91e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.223068] ==================================================================
[   30.239088] ==================================================================
[   30.239136] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.239186] Write of size 1 at addr fff00000c91e64eb by task kunit_try_catch/191
[   30.239234] 
[   30.239262] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.239343] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.239368] Hardware name: linux,dummy-virt (DT)
[   30.239419] Call trace:
[   30.239442]  show_stack+0x20/0x38 (C)
[   30.239490]  dump_stack_lvl+0x8c/0xd0
[   30.239534]  print_report+0x118/0x5e8
[   30.239576]  kasan_report+0xdc/0x128
[   30.239617]  __asan_report_store1_noabort+0x20/0x30
[   30.239665]  krealloc_less_oob_helper+0xa58/0xc50
[   30.239714]  krealloc_less_oob+0x20/0x38
[   30.239759]  kunit_try_run_case+0x170/0x3f0
[   30.239803]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.239852]  kthread+0x328/0x630
[   30.240072]  ret_from_fork+0x10/0x20
[   30.240138] 
[   30.240157] Allocated by task 191:
[   30.240247]  kasan_save_stack+0x3c/0x68
[   30.240298]  kasan_save_track+0x20/0x40
[   30.240492]  kasan_save_alloc_info+0x40/0x58
[   30.240560]  __kasan_krealloc+0x118/0x178
[   30.240639]  krealloc_noprof+0x128/0x360
[   30.240673]  krealloc_less_oob_helper+0x168/0xc50
[   30.240712]  krealloc_less_oob+0x20/0x38
[   30.241229]  kunit_try_run_case+0x170/0x3f0
[   30.241632]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.241712]  kthread+0x328/0x630
[   30.241764]  ret_from_fork+0x10/0x20
[   30.241817] 
[   30.242258] The buggy address belongs to the object at fff00000c91e6400
[   30.242258]  which belongs to the cache kmalloc-256 of size 256
[   30.242364] The buggy address is located 34 bytes to the right of
[   30.242364]  allocated 201-byte region [fff00000c91e6400, fff00000c91e64c9)
[   30.242570] 
[   30.242654] The buggy address belongs to the physical page:
[   30.242745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.242850] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.242960] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.243285] page_type: f5(slab)
[   30.243344] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.243483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.243595] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.243660] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.243761] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.243814] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.243852] page dumped because: kasan: bad access detected
[   30.243881] 
[   30.243915] Memory state around the buggy address:
[   30.243946]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.244010]  fff00000c91e6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.244059] >fff00000c91e6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.244104]                                                           ^
[   30.244152]  fff00000c91e6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.244202]  fff00000c91e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.244238] ==================================================================
[   30.228032] ==================================================================
[   30.228079] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.228154] Write of size 1 at addr fff00000c91e64da by task kunit_try_catch/191
[   30.228202] 
[   30.228255] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.228342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.228368] Hardware name: linux,dummy-virt (DT)
[   30.228398] Call trace:
[   30.228453]  show_stack+0x20/0x38 (C)
[   30.228506]  dump_stack_lvl+0x8c/0xd0
[   30.228566]  print_report+0x118/0x5e8
[   30.228666]  kasan_report+0xdc/0x128
[   30.228792]  __asan_report_store1_noabort+0x20/0x30
[   30.228880]  krealloc_less_oob_helper+0xa80/0xc50
[   30.228991]  krealloc_less_oob+0x20/0x38
[   30.229068]  kunit_try_run_case+0x170/0x3f0
[   30.229145]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.229195]  kthread+0x328/0x630
[   30.229401]  ret_from_fork+0x10/0x20
[   30.229451] 
[   30.229469] Allocated by task 191:
[   30.229495]  kasan_save_stack+0x3c/0x68
[   30.229534]  kasan_save_track+0x20/0x40
[   30.229567]  kasan_save_alloc_info+0x40/0x58
[   30.229603]  __kasan_krealloc+0x118/0x178
[   30.229660]  krealloc_noprof+0x128/0x360
[   30.229730]  krealloc_less_oob_helper+0x168/0xc50
[   30.229776]  krealloc_less_oob+0x20/0x38
[   30.229847]  kunit_try_run_case+0x170/0x3f0
[   30.229954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.230046]  kthread+0x328/0x630
[   30.230084]  ret_from_fork+0x10/0x20
[   30.230131] 
[   30.230148] The buggy address belongs to the object at fff00000c91e6400
[   30.230148]  which belongs to the cache kmalloc-256 of size 256
[   30.230203] The buggy address is located 17 bytes to the right of
[   30.230203]  allocated 201-byte region [fff00000c91e6400, fff00000c91e64c9)
[   30.230265] 
[   30.230304] The buggy address belongs to the physical page:
[   30.230355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.230414] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.230468] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.230517] page_type: f5(slab)
[   30.230552] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.230599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.230646] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.230702] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.230749] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.230794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.230832] page dumped because: kasan: bad access detected
[   30.230861] 
[   30.230887] Memory state around the buggy address:
[   30.231257]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.231520]  fff00000c91e6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.231565] >fff00000c91e6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.231748]                                                     ^
[   30.231852]  fff00000c91e6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.231976]  fff00000c91e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.232048] ==================================================================
[   30.303961] ==================================================================
[   30.304109] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.304183] Write of size 1 at addr fff00000c9ae60eb by task kunit_try_catch/195
[   30.304386] 
[   30.304431] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.304517] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.304804] Hardware name: linux,dummy-virt (DT)
[   30.304877] Call trace:
[   30.304976]  show_stack+0x20/0x38 (C)
[   30.305211]  dump_stack_lvl+0x8c/0xd0
[   30.305430]  print_report+0x118/0x5e8
[   30.305554]  kasan_report+0xdc/0x128
[   30.305601]  __asan_report_store1_noabort+0x20/0x30
[   30.305678]  krealloc_less_oob_helper+0xa58/0xc50
[   30.306029]  krealloc_large_less_oob+0x20/0x38
[   30.306122]  kunit_try_run_case+0x170/0x3f0
[   30.306255]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.306343]  kthread+0x328/0x630
[   30.306475]  ret_from_fork+0x10/0x20
[   30.306535] 
[   30.306562] The buggy address belongs to the physical page:
[   30.306882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.307065] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.307147] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.307294] page_type: f8(unknown)
[   30.307351] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.307430] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.307514] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.307942] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.308067] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.308196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.308273] page dumped because: kasan: bad access detected
[   30.308388] 
[   30.308440] Memory state around the buggy address:
[   30.308517]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.308562]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.309007] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.309137]                                                           ^
[   30.309206]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.309348]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.309434] ==================================================================
[   30.232519] ==================================================================
[   30.232596] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.232674] Write of size 1 at addr fff00000c91e64ea by task kunit_try_catch/191
[   30.232765] 
[   30.232801] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.232958] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.233011] Hardware name: linux,dummy-virt (DT)
[   30.233041] Call trace:
[   30.233062]  show_stack+0x20/0x38 (C)
[   30.233108]  dump_stack_lvl+0x8c/0xd0
[   30.233153]  print_report+0x118/0x5e8
[   30.233253]  kasan_report+0xdc/0x128
[   30.233388]  __asan_report_store1_noabort+0x20/0x30
[   30.233475]  krealloc_less_oob_helper+0xae4/0xc50
[   30.233563]  krealloc_less_oob+0x20/0x38
[   30.233685]  kunit_try_run_case+0x170/0x3f0
[   30.233773]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.233848]  kthread+0x328/0x630
[   30.233889]  ret_from_fork+0x10/0x20
[   30.234224] 
[   30.234294] Allocated by task 191:
[   30.234378]  kasan_save_stack+0x3c/0x68
[   30.234477]  kasan_save_track+0x20/0x40
[   30.234558]  kasan_save_alloc_info+0x40/0x58
[   30.234651]  __kasan_krealloc+0x118/0x178
[   30.234726]  krealloc_noprof+0x128/0x360
[   30.234783]  krealloc_less_oob_helper+0x168/0xc50
[   30.234824]  krealloc_less_oob+0x20/0x38
[   30.234860]  kunit_try_run_case+0x170/0x3f0
[   30.235158]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.235284]  kthread+0x328/0x630
[   30.235362]  ret_from_fork+0x10/0x20
[   30.235428] 
[   30.235496] The buggy address belongs to the object at fff00000c91e6400
[   30.235496]  which belongs to the cache kmalloc-256 of size 256
[   30.235581] The buggy address is located 33 bytes to the right of
[   30.235581]  allocated 201-byte region [fff00000c91e6400, fff00000c91e64c9)
[   30.235685] 
[   30.235712] The buggy address belongs to the physical page:
[   30.235753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.235803] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.236066] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.236214] page_type: f5(slab)
[   30.236309] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.236396] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.236508] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.236554] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.236750] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.236804] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.237045] page dumped because: kasan: bad access detected
[   30.237129] 
[   30.237194] Memory state around the buggy address:
[   30.237291]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.237369]  fff00000c91e6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.237492] >fff00000c91e6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.237563]                                                           ^
[   30.237614]  fff00000c91e6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.237931]  fff00000c91e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.238031] ==================================================================
[   30.223482] ==================================================================
[   30.223547] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.223616] Write of size 1 at addr fff00000c91e64d0 by task kunit_try_catch/191
[   30.223664] 
[   30.223693] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.223860] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.223889] Hardware name: linux,dummy-virt (DT)
[   30.223931] Call trace:
[   30.223952]  show_stack+0x20/0x38 (C)
[   30.224040]  dump_stack_lvl+0x8c/0xd0
[   30.224097]  print_report+0x118/0x5e8
[   30.224165]  kasan_report+0xdc/0x128
[   30.224223]  __asan_report_store1_noabort+0x20/0x30
[   30.224318]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.224383]  krealloc_less_oob+0x20/0x38
[   30.224428]  kunit_try_run_case+0x170/0x3f0
[   30.224473]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.224637]  kthread+0x328/0x630
[   30.224683]  ret_from_fork+0x10/0x20
[   30.224741] 
[   30.224759] Allocated by task 191:
[   30.224837]  kasan_save_stack+0x3c/0x68
[   30.224975]  kasan_save_track+0x20/0x40
[   30.225037]  kasan_save_alloc_info+0x40/0x58
[   30.225083]  __kasan_krealloc+0x118/0x178
[   30.225134]  krealloc_noprof+0x128/0x360
[   30.225168]  krealloc_less_oob_helper+0x168/0xc50
[   30.225209]  krealloc_less_oob+0x20/0x38
[   30.225246]  kunit_try_run_case+0x170/0x3f0
[   30.225410]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.225453]  kthread+0x328/0x630
[   30.225484]  ret_from_fork+0x10/0x20
[   30.225518] 
[   30.225536] The buggy address belongs to the object at fff00000c91e6400
[   30.225536]  which belongs to the cache kmalloc-256 of size 256
[   30.225591] The buggy address is located 7 bytes to the right of
[   30.225591]  allocated 201-byte region [fff00000c91e6400, fff00000c91e64c9)
[   30.225718] 
[   30.225797] The buggy address belongs to the physical page:
[   30.225880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.225993] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.226087] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.226192] page_type: f5(slab)
[   30.226270] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.226332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.226387] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.226561] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.226609] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.226669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.226776] page dumped because: kasan: bad access detected
[   30.226926] 
[   30.226996] Memory state around the buggy address:
[   30.227084]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.227173]  fff00000c91e6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.227226] >fff00000c91e6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.227278]                                                  ^
[   30.227315]  fff00000c91e6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.227372]  fff00000c91e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.227410] ==================================================================
[   30.279215] ==================================================================
[   30.279292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.279352] Write of size 1 at addr fff00000c9ae60c9 by task kunit_try_catch/195
[   30.279598] 
[   30.279663] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.279946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.280025] Hardware name: linux,dummy-virt (DT)
[   30.280059] Call trace:
[   30.280100]  show_stack+0x20/0x38 (C)
[   30.280224]  dump_stack_lvl+0x8c/0xd0
[   30.280300]  print_report+0x118/0x5e8
[   30.280344]  kasan_report+0xdc/0x128
[   30.280530]  __asan_report_store1_noabort+0x20/0x30
[   30.280765]  krealloc_less_oob_helper+0xa48/0xc50
[   30.280852]  krealloc_large_less_oob+0x20/0x38
[   30.280999]  kunit_try_run_case+0x170/0x3f0
[   30.281081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.281219]  kthread+0x328/0x630
[   30.281285]  ret_from_fork+0x10/0x20
[   30.281341] 
[   30.281361] The buggy address belongs to the physical page:
[   30.281396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.281867] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.281981] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.282070] page_type: f8(unknown)
[   30.282198] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.282292] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.282542] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.282749] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.282964] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.283041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.283172] page dumped because: kasan: bad access detected
[   30.283215] 
[   30.283234] Memory state around the buggy address:
[   30.283265]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.283347]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.283388] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.283433]                                               ^
[   30.283470]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.283520]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.283562] ==================================================================
[   30.296738] ==================================================================
[   30.297050] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.297220] Write of size 1 at addr fff00000c9ae60ea by task kunit_try_catch/195
[   30.297277] 
[   30.297688] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.298110] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.298165] Hardware name: linux,dummy-virt (DT)
[   30.298295] Call trace:
[   30.298321]  show_stack+0x20/0x38 (C)
[   30.298378]  dump_stack_lvl+0x8c/0xd0
[   30.298425]  print_report+0x118/0x5e8
[   30.298478]  kasan_report+0xdc/0x128
[   30.298645]  __asan_report_store1_noabort+0x20/0x30
[   30.298708]  krealloc_less_oob_helper+0xae4/0xc50
[   30.298818]  krealloc_large_less_oob+0x20/0x38
[   30.299166]  kunit_try_run_case+0x170/0x3f0
[   30.299442]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.299511]  kthread+0x328/0x630
[   30.299570]  ret_from_fork+0x10/0x20
[   30.299825] 
[   30.299980] The buggy address belongs to the physical page:
[   30.300026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.300079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.300123] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.300306] page_type: f8(unknown)
[   30.300437] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.300578] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.300633] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.300681] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.301039] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.301187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.301228] page dumped because: kasan: bad access detected
[   30.301435] 
[   30.301464] Memory state around the buggy address:
[   30.301622]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.301947]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.302147] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.302191]                                                           ^
[   30.302543]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.302678]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.302764] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3i68xlwMFkooOhGrPcdOJwq6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3i68xlwMFkooOhGrPcdOJwq6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/Image.gz
sha256sum	b30e1898089cf202216a8d94747025c3be63110289f9fb6007e080b423a71d05

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/modules.tar.xz
sha256sum	eb69e4b4edadc912a9040d92071e298890d9adf22425e3972f798522efd0a9a6

durations

tests

boot	0
kunit	175.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   24.767210] ==================================================================
[   24.767910] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.768934] Write of size 1 at addr ffff8881055e3cc9 by task kunit_try_catch/207
[   24.769828] 
[   24.770098] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.770166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.770179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.770202] Call Trace:
[   24.770216]  <TASK>
[   24.770235]  dump_stack_lvl+0x73/0xb0
[   24.770271]  print_report+0xd1/0x640
[   24.770295]  ? __virt_addr_valid+0x1db/0x2d0
[   24.770319]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.770343]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.770376]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.770400]  kasan_report+0x141/0x180
[   24.770421]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.770449]  __asan_report_store1_noabort+0x1b/0x30
[   24.770473]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.770498]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.770522]  ? finish_task_switch.isra.0+0x153/0x700
[   24.770543]  ? __switch_to+0x47/0xf80
[   24.770570]  ? __schedule+0x10da/0x2b60
[   24.770595]  ? __pfx_read_tsc+0x10/0x10
[   24.770619]  krealloc_less_oob+0x1c/0x30
[   24.770641]  kunit_try_run_case+0x1a5/0x480
[   24.770667]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.770689]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.770714]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.770739]  ? __kthread_parkme+0x82/0x180
[   24.770759]  ? preempt_count_sub+0x50/0x80
[   24.770781]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.770805]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.770828]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.770854]  kthread+0x337/0x6f0
[   24.770877]  ? trace_preempt_on+0x20/0xc0
[   24.770902]  ? __pfx_kthread+0x10/0x10
[   24.770922]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.770946]  ? calculate_sigpending+0x7b/0xa0
[   24.770969]  ? __pfx_kthread+0x10/0x10
[   24.770990]  ret_from_fork+0x116/0x1d0
[   24.771010]  ? __pfx_kthread+0x10/0x10
[   24.771030]  ret_from_fork_asm+0x1a/0x30
[   24.771061]  </TASK>
[   24.771072] 
[   24.781811] Allocated by task 207:
[   24.782103]  kasan_save_stack+0x45/0x70
[   24.782359]  kasan_save_track+0x18/0x40
[   24.782489]  kasan_save_alloc_info+0x3b/0x50
[   24.782822]  __kasan_krealloc+0x190/0x1f0
[   24.783017]  krealloc_noprof+0xf3/0x340
[   24.783223]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.783534]  krealloc_less_oob+0x1c/0x30
[   24.783692]  kunit_try_run_case+0x1a5/0x480
[   24.783854]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.784170]  kthread+0x337/0x6f0
[   24.784341]  ret_from_fork+0x116/0x1d0
[   24.784640]  ret_from_fork_asm+0x1a/0x30
[   24.784786] 
[   24.784852] The buggy address belongs to the object at ffff8881055e3c00
[   24.784852]  which belongs to the cache kmalloc-256 of size 256
[   24.785666] The buggy address is located 0 bytes to the right of
[   24.785666]  allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9)
[   24.786030] 
[   24.786188] The buggy address belongs to the physical page:
[   24.786530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2
[   24.786916] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.787323] flags: 0x200000000000040(head|node=0|zone=2)
[   24.787668] page_type: f5(slab)
[   24.787796] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.788295] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.788515] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.789191] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.789717] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff
[   24.790072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.790507] page dumped because: kasan: bad access detected
[   24.790751] 
[   24.790820] Memory state around the buggy address:
[   24.790972]  ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.791273]  ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.791767] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.792100]                                               ^
[   24.792312]  ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.792761]  ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.793068] ==================================================================
[   24.818292] ==================================================================
[   24.818896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.819254] Write of size 1 at addr ffff8881055e3cda by task kunit_try_catch/207
[   24.819675] 
[   24.819809] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.819874] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.819886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.819908] Call Trace:
[   24.819924]  <TASK>
[   24.819954]  dump_stack_lvl+0x73/0xb0
[   24.819997]  print_report+0xd1/0x640
[   24.820021]  ? __virt_addr_valid+0x1db/0x2d0
[   24.820056]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.820080]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.820106]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.820129]  kasan_report+0x141/0x180
[   24.820173]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.820201]  __asan_report_store1_noabort+0x1b/0x30
[   24.820225]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.820261]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.820284]  ? finish_task_switch.isra.0+0x153/0x700
[   24.820306]  ? __switch_to+0x47/0xf80
[   24.820333]  ? __schedule+0x10da/0x2b60
[   24.820366]  ? __pfx_read_tsc+0x10/0x10
[   24.820391]  krealloc_less_oob+0x1c/0x30
[   24.820412]  kunit_try_run_case+0x1a5/0x480
[   24.820443]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.820473]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.820497]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.820522]  ? __kthread_parkme+0x82/0x180
[   24.820542]  ? preempt_count_sub+0x50/0x80
[   24.820565]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.820588]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.820611]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.820634]  kthread+0x337/0x6f0
[   24.820654]  ? trace_preempt_on+0x20/0xc0
[   24.820678]  ? __pfx_kthread+0x10/0x10
[   24.820699]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.820722]  ? calculate_sigpending+0x7b/0xa0
[   24.820745]  ? __pfx_kthread+0x10/0x10
[   24.820766]  ret_from_fork+0x116/0x1d0
[   24.820786]  ? __pfx_kthread+0x10/0x10
[   24.820806]  ret_from_fork_asm+0x1a/0x30
[   24.820837]  </TASK>
[   24.820849] 
[   24.829031] Allocated by task 207:
[   24.829267]  kasan_save_stack+0x45/0x70
[   24.829739]  kasan_save_track+0x18/0x40
[   24.829947]  kasan_save_alloc_info+0x3b/0x50
[   24.830185]  __kasan_krealloc+0x190/0x1f0
[   24.830648]  krealloc_noprof+0xf3/0x340
[   24.830870]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.831265]  krealloc_less_oob+0x1c/0x30
[   24.831497]  kunit_try_run_case+0x1a5/0x480
[   24.831712]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.831953]  kthread+0x337/0x6f0
[   24.832117]  ret_from_fork+0x116/0x1d0
[   24.832324]  ret_from_fork_asm+0x1a/0x30
[   24.832629] 
[   24.832731] The buggy address belongs to the object at ffff8881055e3c00
[   24.832731]  which belongs to the cache kmalloc-256 of size 256
[   24.833303] The buggy address is located 17 bytes to the right of
[   24.833303]  allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9)
[   24.833906] 
[   24.833991] The buggy address belongs to the physical page:
[   24.834176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2
[   24.834416] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.834635] flags: 0x200000000000040(head|node=0|zone=2)
[   24.834807] page_type: f5(slab)
[   24.834924] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.835576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.836446] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.836747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.837095] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff
[   24.837576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.837926] page dumped because: kasan: bad access detected
[   24.838134] 
[   24.838207] Memory state around the buggy address:
[   24.838360]  ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.838571]  ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.838958] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.839303]                                                     ^
[   24.839815]  ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.840288]  ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.840498] ==================================================================
[   25.040846] ==================================================================
[   25.041131] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   25.041516] Write of size 1 at addr ffff8881060da0eb by task kunit_try_catch/211
[   25.041802] 
[   25.041914] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   25.042122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.042140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.042178] Call Trace:
[   25.042198]  <TASK>
[   25.042217]  dump_stack_lvl+0x73/0xb0
[   25.042248]  print_report+0xd1/0x640
[   25.042271]  ? __virt_addr_valid+0x1db/0x2d0
[   25.042295]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.042319]  ? kasan_addr_to_slab+0x11/0xa0
[   25.042339]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.042363]  kasan_report+0x141/0x180
[   25.042385]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.042412]  __asan_report_store1_noabort+0x1b/0x30
[   25.042437]  krealloc_less_oob_helper+0xd47/0x11d0
[   25.042462]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.042486]  ? finish_task_switch.isra.0+0x153/0x700
[   25.042508]  ? __switch_to+0x47/0xf80
[   25.042534]  ? __schedule+0x10da/0x2b60
[   25.042560]  ? __pfx_read_tsc+0x10/0x10
[   25.042586]  krealloc_large_less_oob+0x1c/0x30
[   25.042608]  kunit_try_run_case+0x1a5/0x480
[   25.042633]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.042655]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.042680]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.042705]  ? __kthread_parkme+0x82/0x180
[   25.042725]  ? preempt_count_sub+0x50/0x80
[   25.042747]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.042771]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.042794]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.042817]  kthread+0x337/0x6f0
[   25.042837]  ? trace_preempt_on+0x20/0xc0
[   25.042861]  ? __pfx_kthread+0x10/0x10
[   25.042882]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.042905]  ? calculate_sigpending+0x7b/0xa0
[   25.042928]  ? __pfx_kthread+0x10/0x10
[   25.042949]  ret_from_fork+0x116/0x1d0
[   25.042969]  ? __pfx_kthread+0x10/0x10
[   25.042989]  ret_from_fork_asm+0x1a/0x30
[   25.043022]  </TASK>
[   25.043034] 
[   25.050575] The buggy address belongs to the physical page:
[   25.050799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   25.051087] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.051443] flags: 0x200000000000040(head|node=0|zone=2)
[   25.051694] page_type: f8(unknown)
[   25.051868] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.052368] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.052755] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.053187] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.053527] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   25.053834] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.054202] page dumped because: kasan: bad access detected
[   25.054472] 
[   25.054559] Memory state around the buggy address:
[   25.054750]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.055106]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.055406] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.055632]                                                           ^
[   25.055832]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.056042]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.056257] ==================================================================
[   24.872049] ==================================================================
[   24.872813] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.873362] Write of size 1 at addr ffff8881055e3ceb by task kunit_try_catch/207
[   24.874092] 
[   24.874285] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.874338] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.874350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.874373] Call Trace:
[   24.874394]  <TASK>
[   24.874416]  dump_stack_lvl+0x73/0xb0
[   24.874448]  print_report+0xd1/0x640
[   24.874525]  ? __virt_addr_valid+0x1db/0x2d0
[   24.874551]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.874574]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.874600]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.874624]  kasan_report+0x141/0x180
[   24.874645]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.874673]  __asan_report_store1_noabort+0x1b/0x30
[   24.874697]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.874722]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.874745]  ? finish_task_switch.isra.0+0x153/0x700
[   24.874767]  ? __switch_to+0x47/0xf80
[   24.874793]  ? __schedule+0x10da/0x2b60
[   24.874818]  ? __pfx_read_tsc+0x10/0x10
[   24.874843]  krealloc_less_oob+0x1c/0x30
[   24.874865]  kunit_try_run_case+0x1a5/0x480
[   24.874890]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.874912]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.874936]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.874968]  ? __kthread_parkme+0x82/0x180
[   24.874988]  ? preempt_count_sub+0x50/0x80
[   24.875011]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.875034]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.875057]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.875080]  kthread+0x337/0x6f0
[   24.875100]  ? trace_preempt_on+0x20/0xc0
[   24.875124]  ? __pfx_kthread+0x10/0x10
[   24.875144]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.875181]  ? calculate_sigpending+0x7b/0xa0
[   24.875204]  ? __pfx_kthread+0x10/0x10
[   24.875226]  ret_from_fork+0x116/0x1d0
[   24.875246]  ? __pfx_kthread+0x10/0x10
[   24.875266]  ret_from_fork_asm+0x1a/0x30
[   24.875299]  </TASK>
[   24.875310] 
[   24.888998] Allocated by task 207:
[   24.889410]  kasan_save_stack+0x45/0x70
[   24.889795]  kasan_save_track+0x18/0x40
[   24.890165]  kasan_save_alloc_info+0x3b/0x50
[   24.890320]  __kasan_krealloc+0x190/0x1f0
[   24.890627]  krealloc_noprof+0xf3/0x340
[   24.891004]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.891455]  krealloc_less_oob+0x1c/0x30
[   24.891939]  kunit_try_run_case+0x1a5/0x480
[   24.892100]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.892284]  kthread+0x337/0x6f0
[   24.892428]  ret_from_fork+0x116/0x1d0
[   24.892556]  ret_from_fork_asm+0x1a/0x30
[   24.892777] 
[   24.892941] The buggy address belongs to the object at ffff8881055e3c00
[   24.892941]  which belongs to the cache kmalloc-256 of size 256
[   24.893398] The buggy address is located 34 bytes to the right of
[   24.893398]  allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9)
[   24.894060] 
[   24.894132] The buggy address belongs to the physical page:
[   24.894334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2
[   24.894975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.895320] flags: 0x200000000000040(head|node=0|zone=2)
[   24.895794] page_type: f5(slab)
[   24.895953] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.896274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.896768] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.897071] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.897348] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff
[   24.897616] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.897943] page dumped because: kasan: bad access detected
[   24.898274] 
[   24.898343] Memory state around the buggy address:
[   24.898743]  ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.899047]  ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.899314] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.899911]                                                           ^
[   24.900190]  ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.900494]  ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.900818] ==================================================================
[   24.795180] ==================================================================
[   24.795499] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.796072] Write of size 1 at addr ffff8881055e3cd0 by task kunit_try_catch/207
[   24.796400] 
[   24.796514] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.796641] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.796654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.796687] Call Trace:
[   24.796708]  <TASK>
[   24.796729]  dump_stack_lvl+0x73/0xb0
[   24.796774]  print_report+0xd1/0x640
[   24.796798]  ? __virt_addr_valid+0x1db/0x2d0
[   24.796822]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.796846]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.796872]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.796904]  kasan_report+0x141/0x180
[   24.796926]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.796954]  __asan_report_store1_noabort+0x1b/0x30
[   24.796998]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.797024]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.797048]  ? finish_task_switch.isra.0+0x153/0x700
[   24.797070]  ? __switch_to+0x47/0xf80
[   24.797097]  ? __schedule+0x10da/0x2b60
[   24.797129]  ? __pfx_read_tsc+0x10/0x10
[   24.797170]  krealloc_less_oob+0x1c/0x30
[   24.797192]  kunit_try_run_case+0x1a5/0x480
[   24.797217]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.797239]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.797264]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.797288]  ? __kthread_parkme+0x82/0x180
[   24.797317]  ? preempt_count_sub+0x50/0x80
[   24.797339]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.797363]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.797407]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.797431]  kthread+0x337/0x6f0
[   24.797451]  ? trace_preempt_on+0x20/0xc0
[   24.797476]  ? __pfx_kthread+0x10/0x10
[   24.797497]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.797520]  ? calculate_sigpending+0x7b/0xa0
[   24.797544]  ? __pfx_kthread+0x10/0x10
[   24.797565]  ret_from_fork+0x116/0x1d0
[   24.797585]  ? __pfx_kthread+0x10/0x10
[   24.797606]  ret_from_fork_asm+0x1a/0x30
[   24.797638]  </TASK>
[   24.797649] 
[   24.806086] Allocated by task 207:
[   24.806307]  kasan_save_stack+0x45/0x70
[   24.806584]  kasan_save_track+0x18/0x40
[   24.806782]  kasan_save_alloc_info+0x3b/0x50
[   24.807056]  __kasan_krealloc+0x190/0x1f0
[   24.807264]  krealloc_noprof+0xf3/0x340
[   24.807455]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.807758]  krealloc_less_oob+0x1c/0x30
[   24.807901]  kunit_try_run_case+0x1a5/0x480
[   24.808226]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.808424]  kthread+0x337/0x6f0
[   24.808559]  ret_from_fork+0x116/0x1d0
[   24.808837]  ret_from_fork_asm+0x1a/0x30
[   24.809232] 
[   24.809326] The buggy address belongs to the object at ffff8881055e3c00
[   24.809326]  which belongs to the cache kmalloc-256 of size 256
[   24.809956] The buggy address is located 7 bytes to the right of
[   24.809956]  allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9)
[   24.810564] 
[   24.810678] The buggy address belongs to the physical page:
[   24.810911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2
[   24.811296] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.811722] flags: 0x200000000000040(head|node=0|zone=2)
[   24.812002] page_type: f5(slab)
[   24.812206] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.812726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.813063] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.813558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.813901] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff
[   24.814236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.814586] page dumped because: kasan: bad access detected
[   24.814840] 
[   24.814909] Memory state around the buggy address:
[   24.815061]  ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.815285]  ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.815548] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.816082]                                                  ^
[   24.816439]  ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.816773]  ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.817312] ==================================================================
[   24.956130] ==================================================================
[   24.956758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.957138] Write of size 1 at addr ffff8881060da0c9 by task kunit_try_catch/211
[   24.957462] 
[   24.957744] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.957840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.957854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.957876] Call Trace:
[   24.957890]  <TASK>
[   24.957909]  dump_stack_lvl+0x73/0xb0
[   24.957944]  print_report+0xd1/0x640
[   24.957968]  ? __virt_addr_valid+0x1db/0x2d0
[   24.957992]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.958016]  ? kasan_addr_to_slab+0x11/0xa0
[   24.958037]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.958075]  kasan_report+0x141/0x180
[   24.958098]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.958126]  __asan_report_store1_noabort+0x1b/0x30
[   24.958163]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.958209]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.958233]  ? finish_task_switch.isra.0+0x153/0x700
[   24.958255]  ? __switch_to+0x47/0xf80
[   24.958282]  ? __schedule+0x10da/0x2b60
[   24.958326]  ? __pfx_read_tsc+0x10/0x10
[   24.958351]  krealloc_large_less_oob+0x1c/0x30
[   24.958374]  kunit_try_run_case+0x1a5/0x480
[   24.958483]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.958506]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.958532]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.958558]  ? __kthread_parkme+0x82/0x180
[   24.958578]  ? preempt_count_sub+0x50/0x80
[   24.958601]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.958626]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.958649]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.958672]  kthread+0x337/0x6f0
[   24.958693]  ? trace_preempt_on+0x20/0xc0
[   24.958718]  ? __pfx_kthread+0x10/0x10
[   24.958739]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.958763]  ? calculate_sigpending+0x7b/0xa0
[   24.958787]  ? __pfx_kthread+0x10/0x10
[   24.958809]  ret_from_fork+0x116/0x1d0
[   24.958829]  ? __pfx_kthread+0x10/0x10
[   24.958849]  ret_from_fork_asm+0x1a/0x30
[   24.958881]  </TASK>
[   24.958893] 
[   24.968478] The buggy address belongs to the physical page:
[   24.968893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   24.969489] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.969802] flags: 0x200000000000040(head|node=0|zone=2)
[   24.970693] page_type: f8(unknown)
[   24.970886] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.971655] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.972020] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.972330] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.973581] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   24.974307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.974736] page dumped because: kasan: bad access detected
[   24.975183] 
[   24.975471] Memory state around the buggy address:
[   24.975964]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.976307]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.976793] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.977252]                                               ^
[   24.977616]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.977894]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.978837] ==================================================================
[   25.006610] ==================================================================
[   25.006853] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   25.007253] Write of size 1 at addr ffff8881060da0da by task kunit_try_catch/211
[   25.007646] 
[   25.007764] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   25.007815] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.007827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.007848] Call Trace:
[   25.007869]  <TASK>
[   25.007888]  dump_stack_lvl+0x73/0xb0
[   25.007917]  print_report+0xd1/0x640
[   25.007941]  ? __virt_addr_valid+0x1db/0x2d0
[   25.007965]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.007988]  ? kasan_addr_to_slab+0x11/0xa0
[   25.008008]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.008032]  kasan_report+0x141/0x180
[   25.008053]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.008080]  __asan_report_store1_noabort+0x1b/0x30
[   25.008104]  krealloc_less_oob_helper+0xec6/0x11d0
[   25.008129]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.008165]  ? finish_task_switch.isra.0+0x153/0x700
[   25.008186]  ? __switch_to+0x47/0xf80
[   25.008213]  ? __schedule+0x10da/0x2b60
[   25.008238]  ? __pfx_read_tsc+0x10/0x10
[   25.008262]  krealloc_large_less_oob+0x1c/0x30
[   25.008285]  kunit_try_run_case+0x1a5/0x480
[   25.008310]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.008331]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.008355]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.008426]  ? __kthread_parkme+0x82/0x180
[   25.008450]  ? preempt_count_sub+0x50/0x80
[   25.008472]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.008495]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.008518]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.008541]  kthread+0x337/0x6f0
[   25.008562]  ? trace_preempt_on+0x20/0xc0
[   25.008586]  ? __pfx_kthread+0x10/0x10
[   25.008606]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.008629]  ? calculate_sigpending+0x7b/0xa0
[   25.008653]  ? __pfx_kthread+0x10/0x10
[   25.008674]  ret_from_fork+0x116/0x1d0
[   25.008694]  ? __pfx_kthread+0x10/0x10
[   25.008714]  ret_from_fork_asm+0x1a/0x30
[   25.008746]  </TASK>
[   25.008758] 
[   25.016695] The buggy address belongs to the physical page:
[   25.016924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   25.017304] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.017667] flags: 0x200000000000040(head|node=0|zone=2)
[   25.017921] page_type: f8(unknown)
[   25.018105] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.018434] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.018717] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.018945] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.019280] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   25.019757] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.020038] page dumped because: kasan: bad access detected
[   25.020571] 
[   25.020678] Memory state around the buggy address:
[   25.020910]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.021399]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.021672] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.022014]                                                     ^
[   25.022245]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.022764]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.023046] ==================================================================
[   25.023390] ==================================================================
[   25.023644] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   25.023883] Write of size 1 at addr ffff8881060da0ea by task kunit_try_catch/211
[   25.024099] 
[   25.024191] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   25.024237] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.024249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.024270] Call Trace:
[   25.024288]  <TASK>
[   25.024305]  dump_stack_lvl+0x73/0xb0
[   25.024330]  print_report+0xd1/0x640
[   25.024352]  ? __virt_addr_valid+0x1db/0x2d0
[   25.024374]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.024396]  ? kasan_addr_to_slab+0x11/0xa0
[   25.024416]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.024438]  kasan_report+0x141/0x180
[   25.024637]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.024670]  __asan_report_store1_noabort+0x1b/0x30
[   25.024696]  krealloc_less_oob_helper+0xe90/0x11d0
[   25.024722]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.024746]  ? finish_task_switch.isra.0+0x153/0x700
[   25.024768]  ? __switch_to+0x47/0xf80
[   25.024794]  ? __schedule+0x10da/0x2b60
[   25.024820]  ? __pfx_read_tsc+0x10/0x10
[   25.024845]  krealloc_large_less_oob+0x1c/0x30
[   25.024868]  kunit_try_run_case+0x1a5/0x480
[   25.024893]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.024915]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.024940]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.024966]  ? __kthread_parkme+0x82/0x180
[   25.024987]  ? preempt_count_sub+0x50/0x80
[   25.025009]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.025032]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.025056]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.025079]  kthread+0x337/0x6f0
[   25.025099]  ? trace_preempt_on+0x20/0xc0
[   25.025123]  ? __pfx_kthread+0x10/0x10
[   25.025144]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.025182]  ? calculate_sigpending+0x7b/0xa0
[   25.025206]  ? __pfx_kthread+0x10/0x10
[   25.025228]  ret_from_fork+0x116/0x1d0
[   25.025248]  ? __pfx_kthread+0x10/0x10
[   25.025269]  ret_from_fork_asm+0x1a/0x30
[   25.025302]  </TASK>
[   25.025314] 
[   25.034070] The buggy address belongs to the physical page:
[   25.034341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   25.034775] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.035099] flags: 0x200000000000040(head|node=0|zone=2)
[   25.035320] page_type: f8(unknown)
[   25.035498] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.035780] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.036117] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.036434] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.036690] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   25.036917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.037249] page dumped because: kasan: bad access detected
[   25.037583] 
[   25.037672] Memory state around the buggy address:
[   25.037890]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.038633]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.038953] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.039306]                                                           ^
[   25.039646]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.040139]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.040411] ==================================================================
[   24.980189] ==================================================================
[   24.980638] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.981599] Write of size 1 at addr ffff8881060da0d0 by task kunit_try_catch/211
[   24.981916] 
[   24.982193] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.982358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.982373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.982396] Call Trace:
[   24.982410]  <TASK>
[   24.982455]  dump_stack_lvl+0x73/0xb0
[   24.982495]  print_report+0xd1/0x640
[   24.982519]  ? __virt_addr_valid+0x1db/0x2d0
[   24.982543]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.982567]  ? kasan_addr_to_slab+0x11/0xa0
[   24.982589]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.982613]  kasan_report+0x141/0x180
[   24.982635]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.982662]  __asan_report_store1_noabort+0x1b/0x30
[   24.982686]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.982711]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.982734]  ? finish_task_switch.isra.0+0x153/0x700
[   24.982755]  ? __switch_to+0x47/0xf80
[   24.982782]  ? __schedule+0x10da/0x2b60
[   24.982806]  ? __pfx_read_tsc+0x10/0x10
[   24.982830]  krealloc_large_less_oob+0x1c/0x30
[   24.982852]  kunit_try_run_case+0x1a5/0x480
[   24.982877]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.982899]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.982922]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.983203]  ? __kthread_parkme+0x82/0x180
[   24.983242]  ? preempt_count_sub+0x50/0x80
[   24.983265]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.983290]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.983315]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.983337]  kthread+0x337/0x6f0
[   24.983358]  ? trace_preempt_on+0x20/0xc0
[   24.983441]  ? __pfx_kthread+0x10/0x10
[   24.983462]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.983486]  ? calculate_sigpending+0x7b/0xa0
[   24.983510]  ? __pfx_kthread+0x10/0x10
[   24.983530]  ret_from_fork+0x116/0x1d0
[   24.983550]  ? __pfx_kthread+0x10/0x10
[   24.983570]  ret_from_fork_asm+0x1a/0x30
[   24.983602]  </TASK>
[   24.983613] 
[   24.996507] The buggy address belongs to the physical page:
[   24.996839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   24.997420] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.997920] flags: 0x200000000000040(head|node=0|zone=2)
[   24.998362] page_type: f8(unknown)
[   24.998840] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.999453] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.000070] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.000414] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.000728] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   25.001414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.001775] page dumped because: kasan: bad access detected
[   25.002221] 
[   25.002478] Memory state around the buggy address:
[   25.003160]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.003769]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.004422] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.004708]                                                  ^
[   25.004954]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.005241]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.005909] ==================================================================
[   24.841295] ==================================================================
[   24.841725] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.842015] Write of size 1 at addr ffff8881055e3cea by task kunit_try_catch/207
[   24.842370] 
[   24.842489] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.842599] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.842611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.842632] Call Trace:
[   24.842653]  <TASK>
[   24.842673]  dump_stack_lvl+0x73/0xb0
[   24.842713]  print_report+0xd1/0x640
[   24.842736]  ? __virt_addr_valid+0x1db/0x2d0
[   24.842761]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.842795]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.842821]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.842845]  kasan_report+0x141/0x180
[   24.842875]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.842903]  __asan_report_store1_noabort+0x1b/0x30
[   24.842927]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.842976]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.843000]  ? finish_task_switch.isra.0+0x153/0x700
[   24.843022]  ? __switch_to+0x47/0xf80
[   24.843049]  ? __schedule+0x10da/0x2b60
[   24.843082]  ? __pfx_read_tsc+0x10/0x10
[   24.843108]  krealloc_less_oob+0x1c/0x30
[   24.843129]  kunit_try_run_case+0x1a5/0x480
[   24.843174]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.843196]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.843220]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.843246]  ? __kthread_parkme+0x82/0x180
[   24.843274]  ? preempt_count_sub+0x50/0x80
[   24.843297]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.843320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.843353]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.843477]  kthread+0x337/0x6f0
[   24.843506]  ? trace_preempt_on+0x20/0xc0
[   24.843531]  ? __pfx_kthread+0x10/0x10
[   24.843564]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.843588]  ? calculate_sigpending+0x7b/0xa0
[   24.843611]  ? __pfx_kthread+0x10/0x10
[   24.843637]  ret_from_fork+0x116/0x1d0
[   24.843793]  ? __pfx_kthread+0x10/0x10
[   24.843819]  ret_from_fork_asm+0x1a/0x30
[   24.843862]  </TASK>
[   24.843873] 
[   24.852810] Allocated by task 207:
[   24.852951]  kasan_save_stack+0x45/0x70
[   24.853286]  kasan_save_track+0x18/0x40
[   24.853776]  kasan_save_alloc_info+0x3b/0x50
[   24.854209]  __kasan_krealloc+0x190/0x1f0
[   24.854559]  krealloc_noprof+0xf3/0x340
[   24.854932]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.855633]  krealloc_less_oob+0x1c/0x30
[   24.856006]  kunit_try_run_case+0x1a5/0x480
[   24.856396]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.856905]  kthread+0x337/0x6f0
[   24.857058]  ret_from_fork+0x116/0x1d0
[   24.857201]  ret_from_fork_asm+0x1a/0x30
[   24.857338] 
[   24.857456] The buggy address belongs to the object at ffff8881055e3c00
[   24.857456]  which belongs to the cache kmalloc-256 of size 256
[   24.858548] The buggy address is located 33 bytes to the right of
[   24.858548]  allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9)
[   24.859853] 
[   24.860204] The buggy address belongs to the physical page:
[   24.860754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2
[   24.861280] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.861841] flags: 0x200000000000040(head|node=0|zone=2)
[   24.862210] page_type: f5(slab)
[   24.862550] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.863234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.863491] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.863724] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.864171] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff
[   24.864916] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.865678] page dumped because: kasan: bad access detected
[   24.866189] 
[   24.866341] Memory state around the buggy address:
[   24.866898]  ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.867706]  ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.868608] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.869326]                                                           ^
[   24.869618]  ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.870196]  ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.870919] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3j74iQKw0QFlrSngm0dpeaMJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3j74iQKw0QFlrSngm0dpeaMJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/bzImage
sha256sum	371f4f87cae012670505649e4e687713b51a0312ceeb0d149c78e0b6bf6d272b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/modules.tar.xz
sha256sum	1a60ff32537a1f4915659be5386778e0052a5e702d5e77815e3fc933dbd119e2

durations

tests

boot	0
kunit	253.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit