lkft/sashal-linus-next - v6.13-rc7-43108-gb6b7fc407c99 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 1, 2025, 12:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.315894] ==================================================================
[   17.315946] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.316185] Write of size 1 at addr fff00000c663a0ea by task kunit_try_catch/162
[   17.316540] 
[   17.316590] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.317118] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.317163] Hardware name: linux,dummy-virt (DT)
[   17.317261] Call trace:
[   17.317291]  show_stack+0x20/0x38 (C)
[   17.317467]  dump_stack_lvl+0x8c/0xd0
[   17.317530]  print_report+0x118/0x608
[   17.317576]  kasan_report+0xdc/0x128
[   17.317629]  __asan_report_store1_noabort+0x20/0x30
[   17.317852]  krealloc_less_oob_helper+0xae4/0xc50
[   17.318263]  krealloc_large_less_oob+0x20/0x38
[   17.318417]  kunit_try_run_case+0x170/0x3f0
[   17.318481]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.318535]  kthread+0x328/0x630
[   17.318916]  ret_from_fork+0x10/0x20
[   17.319275] 
[   17.319421] The buggy address belongs to the physical page:
[   17.319469] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.319668] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.319899] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.320216] page_type: f8(unknown)
[   17.320453] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.320520] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.320782] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.321250] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.321380] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.321647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.321901] page dumped because: kasan: bad access detected
[   17.322042] 
[   17.322194] Memory state around the buggy address:
[   17.322426]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.322761]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.322860] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.323056]                                                           ^
[   17.323110]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.323154]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.323195] ==================================================================
[   17.205477] ==================================================================
[   17.205728] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.205788] Write of size 1 at addr fff00000c46ffcc9 by task kunit_try_catch/158
[   17.205930] 
[   17.205965] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.206049] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.206076] Hardware name: linux,dummy-virt (DT)
[   17.206148] Call trace:
[   17.206170]  show_stack+0x20/0x38 (C)
[   17.206237]  dump_stack_lvl+0x8c/0xd0
[   17.206426]  print_report+0x118/0x608
[   17.206598]  kasan_report+0xdc/0x128
[   17.206701]  __asan_report_store1_noabort+0x20/0x30
[   17.206750]  krealloc_less_oob_helper+0xa48/0xc50
[   17.206816]  krealloc_less_oob+0x20/0x38
[   17.206920]  kunit_try_run_case+0x170/0x3f0
[   17.207059]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.207113]  kthread+0x328/0x630
[   17.207155]  ret_from_fork+0x10/0x20
[   17.207202] 
[   17.207276] Allocated by task 158:
[   17.207488]  kasan_save_stack+0x3c/0x68
[   17.207666]  kasan_save_track+0x20/0x40
[   17.207759]  kasan_save_alloc_info+0x40/0x58
[   17.207799]  __kasan_krealloc+0x118/0x178
[   17.208208]  krealloc_noprof+0x128/0x360
[   17.208315]  krealloc_less_oob_helper+0x168/0xc50
[   17.208431]  krealloc_less_oob+0x20/0x38
[   17.208477]  kunit_try_run_case+0x170/0x3f0
[   17.208857]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.209283]  kthread+0x328/0x630
[   17.209426]  ret_from_fork+0x10/0x20
[   17.209472] 
[   17.209492] The buggy address belongs to the object at fff00000c46ffc00
[   17.209492]  which belongs to the cache kmalloc-256 of size 256
[   17.209739] The buggy address is located 0 bytes to the right of
[   17.209739]  allocated 201-byte region [fff00000c46ffc00, fff00000c46ffcc9)
[   17.209897] 
[   17.210031] The buggy address belongs to the physical page:
[   17.210117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.210171] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.210396] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.210688] page_type: f5(slab)
[   17.210791] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.210843] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.211056] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.211261] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.211405] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.211519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.211599] page dumped because: kasan: bad access detected
[   17.211630] 
[   17.211678] Memory state around the buggy address:
[   17.211710]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.211753]  fff00000c46ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.211825] >fff00000c46ffc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.212135]                                               ^
[   17.212306]  fff00000c46ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.212388]  fff00000c46ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.212433] ==================================================================
[   17.220259] ==================================================================
[   17.220307] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.220607] Write of size 1 at addr fff00000c46ffcda by task kunit_try_catch/158
[   17.220743] 
[   17.220774] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.220852] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.220920] Hardware name: linux,dummy-virt (DT)
[   17.221196] Call trace:
[   17.221395]  show_stack+0x20/0x38 (C)
[   17.221552]  dump_stack_lvl+0x8c/0xd0
[   17.221645]  print_report+0x118/0x608
[   17.221692]  kasan_report+0xdc/0x128
[   17.221758]  __asan_report_store1_noabort+0x20/0x30
[   17.222069]  krealloc_less_oob_helper+0xa80/0xc50
[   17.222155]  krealloc_less_oob+0x20/0x38
[   17.222312]  kunit_try_run_case+0x170/0x3f0
[   17.222489]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.222544]  kthread+0x328/0x630
[   17.222640]  ret_from_fork+0x10/0x20
[   17.222750] 
[   17.222798] Allocated by task 158:
[   17.222825]  kasan_save_stack+0x3c/0x68
[   17.222888]  kasan_save_track+0x20/0x40
[   17.222925]  kasan_save_alloc_info+0x40/0x58
[   17.223378]  __kasan_krealloc+0x118/0x178
[   17.223628]  krealloc_noprof+0x128/0x360
[   17.223919]  krealloc_less_oob_helper+0x168/0xc50
[   17.224020]  krealloc_less_oob+0x20/0x38
[   17.224057]  kunit_try_run_case+0x170/0x3f0
[   17.224115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.224373]  kthread+0x328/0x630
[   17.224558]  ret_from_fork+0x10/0x20
[   17.224684] 
[   17.224798] The buggy address belongs to the object at fff00000c46ffc00
[   17.224798]  which belongs to the cache kmalloc-256 of size 256
[   17.224989] The buggy address is located 17 bytes to the right of
[   17.224989]  allocated 201-byte region [fff00000c46ffc00, fff00000c46ffcc9)
[   17.225294] 
[   17.225429] The buggy address belongs to the physical page:
[   17.225881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.226167] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.226217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.226277] page_type: f5(slab)
[   17.226317] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.226438] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.227045] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.227120] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.227169] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.227609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.227869] page dumped because: kasan: bad access detected
[   17.228281] 
[   17.228534] Memory state around the buggy address:
[   17.228650]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.228716]  fff00000c46ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.228779] >fff00000c46ffc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.228841]                                                     ^
[   17.229040]  fff00000c46ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.229430]  fff00000c46ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.229601] ==================================================================
[   17.312302] ==================================================================
[   17.312356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.312404] Write of size 1 at addr fff00000c663a0da by task kunit_try_catch/162
[   17.312465] 
[   17.312494] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.312573] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.312599] Hardware name: linux,dummy-virt (DT)
[   17.312640] Call trace:
[   17.312662]  show_stack+0x20/0x38 (C)
[   17.312709]  dump_stack_lvl+0x8c/0xd0
[   17.312755]  print_report+0x118/0x608
[   17.312808]  kasan_report+0xdc/0x128
[   17.312853]  __asan_report_store1_noabort+0x20/0x30
[   17.312900]  krealloc_less_oob_helper+0xa80/0xc50
[   17.312947]  krealloc_large_less_oob+0x20/0x38
[   17.313003]  kunit_try_run_case+0x170/0x3f0
[   17.313050]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.313101]  kthread+0x328/0x630
[   17.313142]  ret_from_fork+0x10/0x20
[   17.313187] 
[   17.313206] The buggy address belongs to the physical page:
[   17.313237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.313300] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.313347] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.313397] page_type: f8(unknown)
[   17.313441] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.313816] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.313868] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.313916] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.314320] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.314387] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.314727] page dumped because: kasan: bad access detected
[   17.314778] 
[   17.314796] Memory state around the buggy address:
[   17.314842]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.314888]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.314930] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.315256]                                                     ^
[   17.315467]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.315536]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.315576] ==================================================================
[   17.325033] ==================================================================
[   17.325531] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.325758] Write of size 1 at addr fff00000c663a0eb by task kunit_try_catch/162
[   17.325913] 
[   17.325949] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.326031] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.326156] Hardware name: linux,dummy-virt (DT)
[   17.326190] Call trace:
[   17.326211]  show_stack+0x20/0x38 (C)
[   17.326515]  dump_stack_lvl+0x8c/0xd0
[   17.326601]  print_report+0x118/0x608
[   17.326897]  kasan_report+0xdc/0x128
[   17.327073]  __asan_report_store1_noabort+0x20/0x30
[   17.327129]  krealloc_less_oob_helper+0xa58/0xc50
[   17.327198]  krealloc_large_less_oob+0x20/0x38
[   17.327438]  kunit_try_run_case+0x170/0x3f0
[   17.327662]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.327977]  kthread+0x328/0x630
[   17.328174]  ret_from_fork+0x10/0x20
[   17.328589] 
[   17.328633] The buggy address belongs to the physical page:
[   17.328668] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.328890] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.329060] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.329212] page_type: f8(unknown)
[   17.329258] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.329311] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.329362] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.329412] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.329656] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.329727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.330055] page dumped because: kasan: bad access detected
[   17.330265] 
[   17.330643] Memory state around the buggy address:
[   17.330852]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.331054]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.331100] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.331154]                                                           ^
[   17.331574]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.331628]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.331760] ==================================================================
[   17.240574] ==================================================================
[   17.240625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.241227] Write of size 1 at addr fff00000c46ffceb by task kunit_try_catch/158
[   17.241372] 
[   17.241408] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.241500] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.241561] Hardware name: linux,dummy-virt (DT)
[   17.241674] Call trace:
[   17.241696]  show_stack+0x20/0x38 (C)
[   17.241911]  dump_stack_lvl+0x8c/0xd0
[   17.242021]  print_report+0x118/0x608
[   17.242075]  kasan_report+0xdc/0x128
[   17.242119]  __asan_report_store1_noabort+0x20/0x30
[   17.242591]  krealloc_less_oob_helper+0xa58/0xc50
[   17.242707]  krealloc_less_oob+0x20/0x38
[   17.242778]  kunit_try_run_case+0x170/0x3f0
[   17.242846]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.243225]  kthread+0x328/0x630
[   17.243381]  ret_from_fork+0x10/0x20
[   17.243713] 
[   17.243738] Allocated by task 158:
[   17.243917]  kasan_save_stack+0x3c/0x68
[   17.244181]  kasan_save_track+0x20/0x40
[   17.244401]  kasan_save_alloc_info+0x40/0x58
[   17.244507]  __kasan_krealloc+0x118/0x178
[   17.244692]  krealloc_noprof+0x128/0x360
[   17.244875]  krealloc_less_oob_helper+0x168/0xc50
[   17.244984]  krealloc_less_oob+0x20/0x38
[   17.245125]  kunit_try_run_case+0x170/0x3f0
[   17.245201]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.245574]  kthread+0x328/0x630
[   17.245926]  ret_from_fork+0x10/0x20
[   17.246104] 
[   17.246428] The buggy address belongs to the object at fff00000c46ffc00
[   17.246428]  which belongs to the cache kmalloc-256 of size 256
[   17.246860] The buggy address is located 34 bytes to the right of
[   17.246860]  allocated 201-byte region [fff00000c46ffc00, fff00000c46ffcc9)
[   17.247009] 
[   17.247129] The buggy address belongs to the physical page:
[   17.247317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.247652] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.247703] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.247784] page_type: f5(slab)
[   17.248097] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.248164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.248214] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.248666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.249048] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.249119] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.249350] page dumped because: kasan: bad access detected
[   17.249524] 
[   17.249753] Memory state around the buggy address:
[   17.249943]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.250304]  fff00000c46ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.250601] >fff00000c46ffc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.250796]                                                           ^
[   17.250944]  fff00000c46ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.251199]  fff00000c46ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.251518] ==================================================================
[   17.301525] ==================================================================
[   17.301589] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.302106] Write of size 1 at addr fff00000c663a0d0 by task kunit_try_catch/162
[   17.302217] 
[   17.302558] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.302814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.302851] Hardware name: linux,dummy-virt (DT)
[   17.302984] Call trace:
[   17.303183]  show_stack+0x20/0x38 (C)
[   17.303235]  dump_stack_lvl+0x8c/0xd0
[   17.303765]  print_report+0x118/0x608
[   17.303867]  kasan_report+0xdc/0x128
[   17.304222]  __asan_report_store1_noabort+0x20/0x30
[   17.304306]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.304389]  krealloc_large_less_oob+0x20/0x38
[   17.304474]  kunit_try_run_case+0x170/0x3f0
[   17.304660]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.305458]  kthread+0x328/0x630
[   17.305532]  ret_from_fork+0x10/0x20
[   17.305954] 
[   17.305980] The buggy address belongs to the physical page:
[   17.306192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.306261] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.306849] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.307263] page_type: f8(unknown)
[   17.307432] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.307580] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.307928] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.308310] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.308646] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.308711] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.308882] page dumped because: kasan: bad access detected
[   17.309029] 
[   17.309054] Memory state around the buggy address:
[   17.309419]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.309485]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.309529] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.310012]                                                  ^
[   17.310291]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.310520]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.310872] ==================================================================
[   17.213970] ==================================================================
[   17.214023] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.214072] Write of size 1 at addr fff00000c46ffcd0 by task kunit_try_catch/158
[   17.214262] 
[   17.214394] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.214513] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.214637] Hardware name: linux,dummy-virt (DT)
[   17.214670] Call trace:
[   17.214690]  show_stack+0x20/0x38 (C)
[   17.215010]  dump_stack_lvl+0x8c/0xd0
[   17.215184]  print_report+0x118/0x608
[   17.215356]  kasan_report+0xdc/0x128
[   17.215412]  __asan_report_store1_noabort+0x20/0x30
[   17.215471]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.215534]  krealloc_less_oob+0x20/0x38
[   17.215579]  kunit_try_run_case+0x170/0x3f0
[   17.215626]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.215688]  kthread+0x328/0x630
[   17.215728]  ret_from_fork+0x10/0x20
[   17.215774] 
[   17.215802] Allocated by task 158:
[   17.215830]  kasan_save_stack+0x3c/0x68
[   17.215877]  kasan_save_track+0x20/0x40
[   17.215914]  kasan_save_alloc_info+0x40/0x58
[   17.215959]  __kasan_krealloc+0x118/0x178
[   17.215996]  krealloc_noprof+0x128/0x360
[   17.216032]  krealloc_less_oob_helper+0x168/0xc50
[   17.216071]  krealloc_less_oob+0x20/0x38
[   17.216106]  kunit_try_run_case+0x170/0x3f0
[   17.216142]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.216197]  kthread+0x328/0x630
[   17.216238]  ret_from_fork+0x10/0x20
[   17.216272] 
[   17.216290] The buggy address belongs to the object at fff00000c46ffc00
[   17.216290]  which belongs to the cache kmalloc-256 of size 256
[   17.216355] The buggy address is located 7 bytes to the right of
[   17.216355]  allocated 201-byte region [fff00000c46ffc00, fff00000c46ffcc9)
[   17.216419] 
[   17.216437] The buggy address belongs to the physical page:
[   17.216477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.216529] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.216602] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.216653] page_type: f5(slab)
[   17.216690] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.217064] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.217359] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.217497] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.217645] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.217828] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.217888] page dumped because: kasan: bad access detected
[   17.217929] 
[   17.217946] Memory state around the buggy address:
[   17.217977]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.218293]  fff00000c46ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.218369] >fff00000c46ffc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.218612]                                                  ^
[   17.218763]  fff00000c46ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.218950]  fff00000c46ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.219213] ==================================================================
[   17.231893] ==================================================================
[   17.232158] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.232223] Write of size 1 at addr fff00000c46ffcea by task kunit_try_catch/158
[   17.232471] 
[   17.232546] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.232828] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.233043] Hardware name: linux,dummy-virt (DT)
[   17.233110] Call trace:
[   17.233332]  show_stack+0x20/0x38 (C)
[   17.233394]  dump_stack_lvl+0x8c/0xd0
[   17.233687]  print_report+0x118/0x608
[   17.233987]  kasan_report+0xdc/0x128
[   17.234118]  __asan_report_store1_noabort+0x20/0x30
[   17.234311]  krealloc_less_oob_helper+0xae4/0xc50
[   17.234363]  krealloc_less_oob+0x20/0x38
[   17.234743]  kunit_try_run_case+0x170/0x3f0
[   17.235161]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.235285]  kthread+0x328/0x630
[   17.235337]  ret_from_fork+0x10/0x20
[   17.235384] 
[   17.235402] Allocated by task 158:
[   17.235736]  kasan_save_stack+0x3c/0x68
[   17.236168]  kasan_save_track+0x20/0x40
[   17.236283]  kasan_save_alloc_info+0x40/0x58
[   17.236539]  __kasan_krealloc+0x118/0x178
[   17.236982]  krealloc_noprof+0x128/0x360
[   17.237051]  krealloc_less_oob_helper+0x168/0xc50
[   17.237091]  krealloc_less_oob+0x20/0x38
[   17.237126]  kunit_try_run_case+0x170/0x3f0
[   17.237163]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.237205]  kthread+0x328/0x630
[   17.237256]  ret_from_fork+0x10/0x20
[   17.237312] 
[   17.237346] The buggy address belongs to the object at fff00000c46ffc00
[   17.237346]  which belongs to the cache kmalloc-256 of size 256
[   17.237414] The buggy address is located 33 bytes to the right of
[   17.237414]  allocated 201-byte region [fff00000c46ffc00, fff00000c46ffcc9)
[   17.237495] 
[   17.237516] The buggy address belongs to the physical page:
[   17.237549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.237612] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.237659] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.237718] page_type: f5(slab)
[   17.237772] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.237833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.237897] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.237951] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.237999] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.238053] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.238094] page dumped because: kasan: bad access detected
[   17.238134] 
[   17.238151] Memory state around the buggy address:
[   17.238188]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.238252]  fff00000c46ffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.238304] >fff00000c46ffc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.238342]                                                           ^
[   17.238389]  fff00000c46ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.238440]  fff00000c46ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.239051] ==================================================================
[   17.293793] ==================================================================
[   17.293855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.293919] Write of size 1 at addr fff00000c663a0c9 by task kunit_try_catch/162
[   17.293995] 
[   17.294038] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.294150] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.294178] Hardware name: linux,dummy-virt (DT)
[   17.294220] Call trace:
[   17.294245]  show_stack+0x20/0x38 (C)
[   17.294295]  dump_stack_lvl+0x8c/0xd0
[   17.294345]  print_report+0x118/0x608
[   17.294390]  kasan_report+0xdc/0x128
[   17.294438]  __asan_report_store1_noabort+0x20/0x30
[   17.294497]  krealloc_less_oob_helper+0xa48/0xc50
[   17.294545]  krealloc_large_less_oob+0x20/0x38
[   17.294600]  kunit_try_run_case+0x170/0x3f0
[   17.294650]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.294701]  kthread+0x328/0x630
[   17.294743]  ret_from_fork+0x10/0x20
[   17.294800] 
[   17.294822] The buggy address belongs to the physical page:
[   17.294865] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.294928] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.295871] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.296224] page_type: f8(unknown)
[   17.296617] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.296756] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.296888] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.297260] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.297896] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.298003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.298419] page dumped because: kasan: bad access detected
[   17.298794] 
[   17.298812] Memory state around the buggy address:
[   17.299023]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.299105]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.299172] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.299574]                                               ^
[   17.299723]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.299770]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.299829] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZAgR4HGSChCPu8KuJLPt15ei

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZAgR4HGSChCPu8KuJLPt15ei

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/Image.gz
sha256sum	f21f2f7031b771bca830a5b3afef9252dc911b1937cfdab3c3cb3770ee1dfdef

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/modules.tar.xz
sha256sum	373376c87789d93a6bf9062ae250416e65b9f0b18e5cf538a39cc351f73c170d

durations

tests

boot	0
kunit	175.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.164544] ==================================================================
[   11.165092] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.165532] Write of size 1 at addr ffff888100a334d0 by task kunit_try_catch/175
[   11.165759] 
[   11.165848] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.165890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.165901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.165921] Call Trace:
[   11.165933]  <TASK>
[   11.165949]  dump_stack_lvl+0x73/0xb0
[   11.165974]  print_report+0xd1/0x650
[   11.165996]  ? __virt_addr_valid+0x1db/0x2d0
[   11.166016]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.166243]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.166273]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.166297]  kasan_report+0x141/0x180
[   11.166318]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.166345]  __asan_report_store1_noabort+0x1b/0x30
[   11.166365]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.166389]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.166411]  ? finish_task_switch.isra.0+0x153/0x700
[   11.166433]  ? __switch_to+0x47/0xf50
[   11.166457]  ? __schedule+0x10cc/0x2b60
[   11.166478]  ? __pfx_read_tsc+0x10/0x10
[   11.166500]  krealloc_less_oob+0x1c/0x30
[   11.166520]  kunit_try_run_case+0x1a5/0x480
[   11.166542]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.166562]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.166584]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.166605]  ? __kthread_parkme+0x82/0x180
[   11.166624]  ? preempt_count_sub+0x50/0x80
[   11.166645]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.166667]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.166687]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.166709]  kthread+0x337/0x6f0
[   11.166727]  ? trace_preempt_on+0x20/0xc0
[   11.166749]  ? __pfx_kthread+0x10/0x10
[   11.166768]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.166787]  ? calculate_sigpending+0x7b/0xa0
[   11.166809]  ? __pfx_kthread+0x10/0x10
[   11.166829]  ret_from_fork+0x116/0x1d0
[   11.166846]  ? __pfx_kthread+0x10/0x10
[   11.166865]  ret_from_fork_asm+0x1a/0x30
[   11.166894]  </TASK>
[   11.166904] 
[   11.181612] Allocated by task 175:
[   11.181751]  kasan_save_stack+0x45/0x70
[   11.181894]  kasan_save_track+0x18/0x40
[   11.182040]  kasan_save_alloc_info+0x3b/0x50
[   11.182374]  __kasan_krealloc+0x190/0x1f0
[   11.182625]  krealloc_noprof+0xf3/0x340
[   11.182776]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.182984]  krealloc_less_oob+0x1c/0x30
[   11.183377]  kunit_try_run_case+0x1a5/0x480
[   11.183522]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.183845]  kthread+0x337/0x6f0
[   11.184138]  ret_from_fork+0x116/0x1d0
[   11.184313]  ret_from_fork_asm+0x1a/0x30
[   11.184596] 
[   11.184677] The buggy address belongs to the object at ffff888100a33400
[   11.184677]  which belongs to the cache kmalloc-256 of size 256
[   11.185229] The buggy address is located 7 bytes to the right of
[   11.185229]  allocated 201-byte region [ffff888100a33400, ffff888100a334c9)
[   11.185892] 
[   11.185965] The buggy address belongs to the physical page:
[   11.186208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   11.186772] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.187190] flags: 0x200000000000040(head|node=0|zone=2)
[   11.187494] page_type: f5(slab)
[   11.187628] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.187961] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.188373] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.188719] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.189177] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   11.189482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.189832] page dumped because: kasan: bad access detected
[   11.190238] 
[   11.190343] Memory state around the buggy address:
[   11.190545]  ffff888100a33380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.190832]  ffff888100a33400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.191327] >ffff888100a33480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.191689]                                                  ^
[   11.191954]  ffff888100a33500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.192393]  ffff888100a33580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.192689] ==================================================================
[   11.386230] ==================================================================
[   11.386537] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.386830] Write of size 1 at addr ffff88810295a0eb by task kunit_try_catch/179
[   11.387171] 
[   11.387414] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.387460] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.387471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.387491] Call Trace:
[   11.387505]  <TASK>
[   11.387519]  dump_stack_lvl+0x73/0xb0
[   11.387546]  print_report+0xd1/0x650
[   11.387568]  ? __virt_addr_valid+0x1db/0x2d0
[   11.387589]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.387613]  ? kasan_addr_to_slab+0x11/0xa0
[   11.387648]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.387672]  kasan_report+0x141/0x180
[   11.387694]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.387734]  __asan_report_store1_noabort+0x1b/0x30
[   11.387754]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.387778]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.387801]  ? finish_task_switch.isra.0+0x153/0x700
[   11.387823]  ? __switch_to+0x47/0xf50
[   11.387846]  ? __schedule+0x10cc/0x2b60
[   11.387867]  ? __pfx_read_tsc+0x10/0x10
[   11.387890]  krealloc_large_less_oob+0x1c/0x30
[   11.387912]  kunit_try_run_case+0x1a5/0x480
[   11.387934]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.387955]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.387977]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.387998]  ? __kthread_parkme+0x82/0x180
[   11.388018]  ? preempt_count_sub+0x50/0x80
[   11.388050]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.388072]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.388094]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.388124]  kthread+0x337/0x6f0
[   11.388143]  ? trace_preempt_on+0x20/0xc0
[   11.388164]  ? __pfx_kthread+0x10/0x10
[   11.388195]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.388216]  ? calculate_sigpending+0x7b/0xa0
[   11.388239]  ? __pfx_kthread+0x10/0x10
[   11.388260]  ret_from_fork+0x116/0x1d0
[   11.388277]  ? __pfx_kthread+0x10/0x10
[   11.388297]  ret_from_fork_asm+0x1a/0x30
[   11.388326]  </TASK>
[   11.388337] 
[   11.397309] The buggy address belongs to the physical page:
[   11.397595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102958
[   11.397972] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.398496] flags: 0x200000000000040(head|node=0|zone=2)
[   11.398715] page_type: f8(unknown)
[   11.398943] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.399253] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.399678] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.399979] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.400389] head: 0200000000000002 ffffea00040a5601 00000000ffffffff 00000000ffffffff
[   11.400915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.401439] page dumped because: kasan: bad access detected
[   11.401682] 
[   11.401825] Memory state around the buggy address:
[   11.402136]  ffff888102959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.402562]  ffff88810295a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.402875] >ffff88810295a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.403288]                                                           ^
[   11.403632]  ffff88810295a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.403885]  ffff88810295a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.404229] ==================================================================
[   11.331516] ==================================================================
[   11.331836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.332478] Write of size 1 at addr ffff88810295a0d0 by task kunit_try_catch/179
[   11.332749] 
[   11.332836] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.332876] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.332897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.332916] Call Trace:
[   11.332927]  <TASK>
[   11.332941]  dump_stack_lvl+0x73/0xb0
[   11.332979]  print_report+0xd1/0x650
[   11.333000]  ? __virt_addr_valid+0x1db/0x2d0
[   11.333021]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.333054]  ? kasan_addr_to_slab+0x11/0xa0
[   11.333074]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.333098]  kasan_report+0x141/0x180
[   11.333119]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.333291]  __asan_report_store1_noabort+0x1b/0x30
[   11.333317]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.333342]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.333377]  ? finish_task_switch.isra.0+0x153/0x700
[   11.333398]  ? __switch_to+0x47/0xf50
[   11.333422]  ? __schedule+0x10cc/0x2b60
[   11.333529]  ? __pfx_read_tsc+0x10/0x10
[   11.333553]  krealloc_large_less_oob+0x1c/0x30
[   11.333575]  kunit_try_run_case+0x1a5/0x480
[   11.333597]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.333618]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.333640]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.333662]  ? __kthread_parkme+0x82/0x180
[   11.333681]  ? preempt_count_sub+0x50/0x80
[   11.333702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.333725]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.333746]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.333768]  kthread+0x337/0x6f0
[   11.333900]  ? trace_preempt_on+0x20/0xc0
[   11.333925]  ? __pfx_kthread+0x10/0x10
[   11.333945]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.333965]  ? calculate_sigpending+0x7b/0xa0
[   11.333996]  ? __pfx_kthread+0x10/0x10
[   11.334017]  ret_from_fork+0x116/0x1d0
[   11.334054]  ? __pfx_kthread+0x10/0x10
[   11.334074]  ret_from_fork_asm+0x1a/0x30
[   11.334254]  </TASK>
[   11.334268] 
[   11.342647] The buggy address belongs to the physical page:
[   11.342925] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102958
[   11.343299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.343554] flags: 0x200000000000040(head|node=0|zone=2)
[   11.344110] page_type: f8(unknown)
[   11.344378] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.344708] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.345039] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.345460] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.345794] head: 0200000000000002 ffffea00040a5601 00000000ffffffff 00000000ffffffff
[   11.346128] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.346674] page dumped because: kasan: bad access detected
[   11.346936] 
[   11.347111] Memory state around the buggy address:
[   11.347367]  ffff888102959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.347693]  ffff88810295a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.347977] >ffff88810295a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.348419]                                                  ^
[   11.348605]  ffff88810295a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.348974]  ffff88810295a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.349419] ==================================================================
[   11.242913] ==================================================================
[   11.243395] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.243664] Write of size 1 at addr ffff888100a334eb by task kunit_try_catch/175
[   11.243987] 
[   11.244094] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.244146] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.244157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.244313] Call Trace:
[   11.244333]  <TASK>
[   11.244347]  dump_stack_lvl+0x73/0xb0
[   11.244375]  print_report+0xd1/0x650
[   11.244411]  ? __virt_addr_valid+0x1db/0x2d0
[   11.244431]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.244454]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.244475]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.244500]  kasan_report+0x141/0x180
[   11.244524]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.244552]  __asan_report_store1_noabort+0x1b/0x30
[   11.244572]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.244606]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.244629]  ? finish_task_switch.isra.0+0x153/0x700
[   11.244650]  ? __switch_to+0x47/0xf50
[   11.244685]  ? __schedule+0x10cc/0x2b60
[   11.244706]  ? __pfx_read_tsc+0x10/0x10
[   11.244730]  krealloc_less_oob+0x1c/0x30
[   11.244757]  kunit_try_run_case+0x1a5/0x480
[   11.244779]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.244800]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.244821]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.244842]  ? __kthread_parkme+0x82/0x180
[   11.244861]  ? preempt_count_sub+0x50/0x80
[   11.244882]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.244905]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.244926]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.244947]  kthread+0x337/0x6f0
[   11.244965]  ? trace_preempt_on+0x20/0xc0
[   11.244986]  ? __pfx_kthread+0x10/0x10
[   11.245007]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.245041]  ? calculate_sigpending+0x7b/0xa0
[   11.245066]  ? __pfx_kthread+0x10/0x10
[   11.245144]  ret_from_fork+0x116/0x1d0
[   11.245164]  ? __pfx_kthread+0x10/0x10
[   11.245184]  ret_from_fork_asm+0x1a/0x30
[   11.245224]  </TASK>
[   11.245234] 
[   11.253253] Allocated by task 175:
[   11.253460]  kasan_save_stack+0x45/0x70
[   11.253661]  kasan_save_track+0x18/0x40
[   11.253849]  kasan_save_alloc_info+0x3b/0x50
[   11.254178]  __kasan_krealloc+0x190/0x1f0
[   11.254351]  krealloc_noprof+0xf3/0x340
[   11.254542]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.254765]  krealloc_less_oob+0x1c/0x30
[   11.254972]  kunit_try_run_case+0x1a5/0x480
[   11.255209]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.255554]  kthread+0x337/0x6f0
[   11.255716]  ret_from_fork+0x116/0x1d0
[   11.255849]  ret_from_fork_asm+0x1a/0x30
[   11.255986] 
[   11.256324] The buggy address belongs to the object at ffff888100a33400
[   11.256324]  which belongs to the cache kmalloc-256 of size 256
[   11.256893] The buggy address is located 34 bytes to the right of
[   11.256893]  allocated 201-byte region [ffff888100a33400, ffff888100a334c9)
[   11.257724] 
[   11.257815] The buggy address belongs to the physical page:
[   11.257986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   11.258482] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.258799] flags: 0x200000000000040(head|node=0|zone=2)
[   11.259163] page_type: f5(slab)
[   11.259287] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.259517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.259860] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.260497] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.260878] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   11.261261] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.261571] page dumped because: kasan: bad access detected
[   11.261818] 
[   11.261916] Memory state around the buggy address:
[   11.262089]  ffff888100a33380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.262556]  ffff888100a33400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.262898] >ffff888100a33480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.263320]                                                           ^
[   11.263620]  ffff888100a33500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.263922]  ffff888100a33580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.264410] ==================================================================
[   11.349697] ==================================================================
[   11.350080] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.350559] Write of size 1 at addr ffff88810295a0da by task kunit_try_catch/179
[   11.350871] 
[   11.350985] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.351046] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.351102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.351121] Call Trace:
[   11.351134]  <TASK>
[   11.351156]  dump_stack_lvl+0x73/0xb0
[   11.351184]  print_report+0xd1/0x650
[   11.351205]  ? __virt_addr_valid+0x1db/0x2d0
[   11.351239]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.351261]  ? kasan_addr_to_slab+0x11/0xa0
[   11.351281]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.351315]  kasan_report+0x141/0x180
[   11.351336]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.351364]  __asan_report_store1_noabort+0x1b/0x30
[   11.351384]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.351410]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.351433]  ? finish_task_switch.isra.0+0x153/0x700
[   11.351454]  ? __switch_to+0x47/0xf50
[   11.351478]  ? __schedule+0x10cc/0x2b60
[   11.351499]  ? __pfx_read_tsc+0x10/0x10
[   11.351521]  krealloc_large_less_oob+0x1c/0x30
[   11.351544]  kunit_try_run_case+0x1a5/0x480
[   11.351566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.351587]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.351609]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.351631]  ? __kthread_parkme+0x82/0x180
[   11.351659]  ? preempt_count_sub+0x50/0x80
[   11.351680]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.351703]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.351735]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.351757]  kthread+0x337/0x6f0
[   11.351776]  ? trace_preempt_on+0x20/0xc0
[   11.351798]  ? __pfx_kthread+0x10/0x10
[   11.351818]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.351838]  ? calculate_sigpending+0x7b/0xa0
[   11.351861]  ? __pfx_kthread+0x10/0x10
[   11.351881]  ret_from_fork+0x116/0x1d0
[   11.351899]  ? __pfx_kthread+0x10/0x10
[   11.351918]  ret_from_fork_asm+0x1a/0x30
[   11.351948]  </TASK>
[   11.351958] 
[   11.360268] The buggy address belongs to the physical page:
[   11.360554] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102958
[   11.360910] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.361261] flags: 0x200000000000040(head|node=0|zone=2)
[   11.361435] page_type: f8(unknown)
[   11.361852] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.362530] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.363099] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.363365] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.363880] head: 0200000000000002 ffffea00040a5601 00000000ffffffff 00000000ffffffff
[   11.364293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.364749] page dumped because: kasan: bad access detected
[   11.365084] 
[   11.365155] Memory state around the buggy address:
[   11.365352]  ffff888102959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.365700]  ffff88810295a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.366236] >ffff88810295a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.366560]                                                     ^
[   11.366794]  ffff88810295a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.367255]  ffff88810295a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.367590] ==================================================================
[   11.124730] ==================================================================
[   11.126074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.127169] Write of size 1 at addr ffff888100a334c9 by task kunit_try_catch/175
[   11.127404] 
[   11.127494] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.127537] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.127549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.127568] Call Trace:
[   11.127580]  <TASK>
[   11.127594]  dump_stack_lvl+0x73/0xb0
[   11.127623]  print_report+0xd1/0x650
[   11.127644]  ? __virt_addr_valid+0x1db/0x2d0
[   11.127666]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.127688]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.127709]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.127731]  kasan_report+0x141/0x180
[   11.127752]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.127779]  __asan_report_store1_noabort+0x1b/0x30
[   11.127798]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.127822]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.127844]  ? finish_task_switch.isra.0+0x153/0x700
[   11.127864]  ? __switch_to+0x47/0xf50
[   11.127889]  ? __schedule+0x10cc/0x2b60
[   11.127909]  ? __pfx_read_tsc+0x10/0x10
[   11.127931]  krealloc_less_oob+0x1c/0x30
[   11.127951]  kunit_try_run_case+0x1a5/0x480
[   11.127975]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.127996]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.128017]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.128056]  ? __kthread_parkme+0x82/0x180
[   11.128337]  ? preempt_count_sub+0x50/0x80
[   11.128368]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.128393]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.128415]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.128436]  kthread+0x337/0x6f0
[   11.128454]  ? trace_preempt_on+0x20/0xc0
[   11.128476]  ? __pfx_kthread+0x10/0x10
[   11.128496]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.128516]  ? calculate_sigpending+0x7b/0xa0
[   11.128538]  ? __pfx_kthread+0x10/0x10
[   11.128558]  ret_from_fork+0x116/0x1d0
[   11.128575]  ? __pfx_kthread+0x10/0x10
[   11.128595]  ret_from_fork_asm+0x1a/0x30
[   11.128625]  </TASK>
[   11.128636] 
[   11.144886] Allocated by task 175:
[   11.145341]  kasan_save_stack+0x45/0x70
[   11.145722]  kasan_save_track+0x18/0x40
[   11.146175]  kasan_save_alloc_info+0x3b/0x50
[   11.146650]  __kasan_krealloc+0x190/0x1f0
[   11.147022]  krealloc_noprof+0xf3/0x340
[   11.147456]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.147825]  krealloc_less_oob+0x1c/0x30
[   11.147965]  kunit_try_run_case+0x1a5/0x480
[   11.148320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.148813]  kthread+0x337/0x6f0
[   11.149143]  ret_from_fork+0x116/0x1d0
[   11.149646]  ret_from_fork_asm+0x1a/0x30
[   11.149791] 
[   11.149863] The buggy address belongs to the object at ffff888100a33400
[   11.149863]  which belongs to the cache kmalloc-256 of size 256
[   11.150754] The buggy address is located 0 bytes to the right of
[   11.150754]  allocated 201-byte region [ffff888100a33400, ffff888100a334c9)
[   11.152087] 
[   11.152360] The buggy address belongs to the physical page:
[   11.152683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   11.152927] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.153718] flags: 0x200000000000040(head|node=0|zone=2)
[   11.154239] page_type: f5(slab)
[   11.154829] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.155753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.156703] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.157163] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.157706] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   11.157941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.158472] page dumped because: kasan: bad access detected
[   11.159105] 
[   11.159388] Memory state around the buggy address:
[   11.159823]  ffff888100a33380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.160580]  ffff888100a33400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.161369] >ffff888100a33480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.161783]                                               ^
[   11.161959]  ffff888100a33500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.162749]  ffff888100a33580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.163545] ==================================================================
[   11.368069] ==================================================================
[   11.368474] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.368815] Write of size 1 at addr ffff88810295a0ea by task kunit_try_catch/179
[   11.369252] 
[   11.369463] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.369524] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.369536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.369555] Call Trace:
[   11.369569]  <TASK>
[   11.369601]  dump_stack_lvl+0x73/0xb0
[   11.369629]  print_report+0xd1/0x650
[   11.369652]  ? __virt_addr_valid+0x1db/0x2d0
[   11.369685]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.369708]  ? kasan_addr_to_slab+0x11/0xa0
[   11.369728]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.369756]  kasan_report+0x141/0x180
[   11.369777]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.369817]  __asan_report_store1_noabort+0x1b/0x30
[   11.369837]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.369862]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.369901]  ? finish_task_switch.isra.0+0x153/0x700
[   11.369922]  ? __switch_to+0x47/0xf50
[   11.369964]  ? __schedule+0x10cc/0x2b60
[   11.369985]  ? __pfx_read_tsc+0x10/0x10
[   11.370008]  krealloc_large_less_oob+0x1c/0x30
[   11.370177]  kunit_try_run_case+0x1a5/0x480
[   11.370205]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.370226]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.370478]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.370515]  ? __kthread_parkme+0x82/0x180
[   11.370534]  ? preempt_count_sub+0x50/0x80
[   11.370556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.370591]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.370613]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.370635]  kthread+0x337/0x6f0
[   11.370654]  ? trace_preempt_on+0x20/0xc0
[   11.370676]  ? __pfx_kthread+0x10/0x10
[   11.370695]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.370716]  ? calculate_sigpending+0x7b/0xa0
[   11.370739]  ? __pfx_kthread+0x10/0x10
[   11.370759]  ret_from_fork+0x116/0x1d0
[   11.370777]  ? __pfx_kthread+0x10/0x10
[   11.370796]  ret_from_fork_asm+0x1a/0x30
[   11.370835]  </TASK>
[   11.370846] 
[   11.379323] The buggy address belongs to the physical page:
[   11.379568] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102958
[   11.379915] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.380356] flags: 0x200000000000040(head|node=0|zone=2)
[   11.380630] page_type: f8(unknown)
[   11.380810] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.381237] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.381474] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.381779] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.382154] head: 0200000000000002 ffffea00040a5601 00000000ffffffff 00000000ffffffff
[   11.382563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.382831] page dumped because: kasan: bad access detected
[   11.383217] 
[   11.383478] Memory state around the buggy address:
[   11.383696]  ffff888102959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.383948]  ffff88810295a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.384476] >ffff88810295a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.384748]                                                           ^
[   11.385016]  ffff88810295a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.385453]  ffff88810295a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.385752] ==================================================================
[   11.193211] ==================================================================
[   11.193633] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.193957] Write of size 1 at addr ffff888100a334da by task kunit_try_catch/175
[   11.194229] 
[   11.194349] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.194398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.194408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.194427] Call Trace:
[   11.194441]  <TASK>
[   11.194455]  dump_stack_lvl+0x73/0xb0
[   11.194579]  print_report+0xd1/0x650
[   11.194604]  ? __virt_addr_valid+0x1db/0x2d0
[   11.194625]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.194647]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.194677]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.194700]  kasan_report+0x141/0x180
[   11.194720]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.194757]  __asan_report_store1_noabort+0x1b/0x30
[   11.194778]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.194803]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.194835]  ? finish_task_switch.isra.0+0x153/0x700
[   11.194856]  ? __switch_to+0x47/0xf50
[   11.194881]  ? __schedule+0x10cc/0x2b60
[   11.194911]  ? __pfx_read_tsc+0x10/0x10
[   11.194934]  krealloc_less_oob+0x1c/0x30
[   11.194954]  kunit_try_run_case+0x1a5/0x480
[   11.194978]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.194998]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.195019]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.195054]  ? __kthread_parkme+0x82/0x180
[   11.195072]  ? preempt_count_sub+0x50/0x80
[   11.195093]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.195115]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.195145]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.195167]  kthread+0x337/0x6f0
[   11.195184]  ? trace_preempt_on+0x20/0xc0
[   11.195206]  ? __pfx_kthread+0x10/0x10
[   11.195236]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.195255]  ? calculate_sigpending+0x7b/0xa0
[   11.195277]  ? __pfx_kthread+0x10/0x10
[   11.195297]  ret_from_fork+0x116/0x1d0
[   11.195314]  ? __pfx_kthread+0x10/0x10
[   11.195333]  ret_from_fork_asm+0x1a/0x30
[   11.195361]  </TASK>
[   11.195371] 
[   11.203926] Allocated by task 175:
[   11.204119]  kasan_save_stack+0x45/0x70
[   11.204319]  kasan_save_track+0x18/0x40
[   11.204510]  kasan_save_alloc_info+0x3b/0x50
[   11.204664]  __kasan_krealloc+0x190/0x1f0
[   11.204992]  krealloc_noprof+0xf3/0x340
[   11.205373]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.205540]  krealloc_less_oob+0x1c/0x30
[   11.205678]  kunit_try_run_case+0x1a5/0x480
[   11.205914]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.206335]  kthread+0x337/0x6f0
[   11.206491]  ret_from_fork+0x116/0x1d0
[   11.206743]  ret_from_fork_asm+0x1a/0x30
[   11.206941] 
[   11.207015] The buggy address belongs to the object at ffff888100a33400
[   11.207015]  which belongs to the cache kmalloc-256 of size 256
[   11.207380] The buggy address is located 17 bytes to the right of
[   11.207380]  allocated 201-byte region [ffff888100a33400, ffff888100a334c9)
[   11.208233] 
[   11.208481] The buggy address belongs to the physical page:
[   11.208843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   11.209381] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.209611] flags: 0x200000000000040(head|node=0|zone=2)
[   11.209783] page_type: f5(slab)
[   11.209928] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.210502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.210885] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.211296] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.211630] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   11.211997] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.212555] page dumped because: kasan: bad access detected
[   11.212801] 
[   11.212911] Memory state around the buggy address:
[   11.213244]  ffff888100a33380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.213563]  ffff888100a33400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.213781] >ffff888100a33480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.214126]                                                     ^
[   11.214407]  ffff888100a33500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.214801]  ffff888100a33580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.215222] ==================================================================
[   11.313539] ==================================================================
[   11.314006] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.314403] Write of size 1 at addr ffff88810295a0c9 by task kunit_try_catch/179
[   11.314737] 
[   11.314852] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.314895] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.314918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.314938] Call Trace:
[   11.314950]  <TASK>
[   11.314964]  dump_stack_lvl+0x73/0xb0
[   11.314992]  print_report+0xd1/0x650
[   11.315013]  ? __virt_addr_valid+0x1db/0x2d0
[   11.315052]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.315134]  ? kasan_addr_to_slab+0x11/0xa0
[   11.315155]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.315191]  kasan_report+0x141/0x180
[   11.315212]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.315249]  __asan_report_store1_noabort+0x1b/0x30
[   11.315269]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.315293]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.315327]  ? finish_task_switch.isra.0+0x153/0x700
[   11.315348]  ? __switch_to+0x47/0xf50
[   11.315372]  ? __schedule+0x10cc/0x2b60
[   11.315395]  ? __pfx_read_tsc+0x10/0x10
[   11.315418]  krealloc_large_less_oob+0x1c/0x30
[   11.315440]  kunit_try_run_case+0x1a5/0x480
[   11.315464]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.315484]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.315507]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.315528]  ? __kthread_parkme+0x82/0x180
[   11.315547]  ? preempt_count_sub+0x50/0x80
[   11.315578]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.315600]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.315622]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.315655]  kthread+0x337/0x6f0
[   11.315674]  ? trace_preempt_on+0x20/0xc0
[   11.315696]  ? __pfx_kthread+0x10/0x10
[   11.315716]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.315736]  ? calculate_sigpending+0x7b/0xa0
[   11.315759]  ? __pfx_kthread+0x10/0x10
[   11.315788]  ret_from_fork+0x116/0x1d0
[   11.315805]  ? __pfx_kthread+0x10/0x10
[   11.315825]  ret_from_fork_asm+0x1a/0x30
[   11.315865]  </TASK>
[   11.315876] 
[   11.323858] The buggy address belongs to the physical page:
[   11.324349] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102958
[   11.324600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.324950] flags: 0x200000000000040(head|node=0|zone=2)
[   11.325437] page_type: f8(unknown)
[   11.325621] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.325963] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.326405] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.326745] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.327135] head: 0200000000000002 ffffea00040a5601 00000000ffffffff 00000000ffffffff
[   11.327500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.327727] page dumped because: kasan: bad access detected
[   11.327988] 
[   11.328247] Memory state around the buggy address:
[   11.328512]  ffff888102959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.328733]  ffff88810295a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.329290] >ffff88810295a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.329646]                                               ^
[   11.329924]  ffff88810295a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.330385]  ffff88810295a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.330650] ==================================================================
[   11.215723] ==================================================================
[   11.216011] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.216585] Write of size 1 at addr ffff888100a334ea by task kunit_try_catch/175
[   11.216921] 
[   11.217020] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.217070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.217081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.217099] Call Trace:
[   11.217114]  <TASK>
[   11.217138]  dump_stack_lvl+0x73/0xb0
[   11.217166]  print_report+0xd1/0x650
[   11.217188]  ? __virt_addr_valid+0x1db/0x2d0
[   11.217220]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.217243]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.217263]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.217285]  kasan_report+0x141/0x180
[   11.217306]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.217406]  __asan_report_store1_noabort+0x1b/0x30
[   11.217428]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.217453]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.217475]  ? finish_task_switch.isra.0+0x153/0x700
[   11.217496]  ? __switch_to+0x47/0xf50
[   11.217520]  ? __schedule+0x10cc/0x2b60
[   11.217540]  ? __pfx_read_tsc+0x10/0x10
[   11.217562]  krealloc_less_oob+0x1c/0x30
[   11.217582]  kunit_try_run_case+0x1a5/0x480
[   11.217605]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.217625]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.217647]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.217668]  ? __kthread_parkme+0x82/0x180
[   11.217687]  ? preempt_count_sub+0x50/0x80
[   11.217708]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.217730]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.217751]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.217772]  kthread+0x337/0x6f0
[   11.217790]  ? trace_preempt_on+0x20/0xc0
[   11.217811]  ? __pfx_kthread+0x10/0x10
[   11.217839]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.217859]  ? calculate_sigpending+0x7b/0xa0
[   11.217881]  ? __pfx_kthread+0x10/0x10
[   11.217912]  ret_from_fork+0x116/0x1d0
[   11.217929]  ? __pfx_kthread+0x10/0x10
[   11.217948]  ret_from_fork_asm+0x1a/0x30
[   11.217976]  </TASK>
[   11.217986] 
[   11.231162] Allocated by task 175:
[   11.231423]  kasan_save_stack+0x45/0x70
[   11.231748]  kasan_save_track+0x18/0x40
[   11.231954]  kasan_save_alloc_info+0x3b/0x50
[   11.232257]  __kasan_krealloc+0x190/0x1f0
[   11.232493]  krealloc_noprof+0xf3/0x340
[   11.232852]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.233021]  krealloc_less_oob+0x1c/0x30
[   11.233174]  kunit_try_run_case+0x1a5/0x480
[   11.233564]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.233840]  kthread+0x337/0x6f0
[   11.234009]  ret_from_fork+0x116/0x1d0
[   11.234392]  ret_from_fork_asm+0x1a/0x30
[   11.234557] 
[   11.234630] The buggy address belongs to the object at ffff888100a33400
[   11.234630]  which belongs to the cache kmalloc-256 of size 256
[   11.235164] The buggy address is located 33 bytes to the right of
[   11.235164]  allocated 201-byte region [ffff888100a33400, ffff888100a334c9)
[   11.235745] 
[   11.235847] The buggy address belongs to the physical page:
[   11.236038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   11.236296] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.236861] flags: 0x200000000000040(head|node=0|zone=2)
[   11.237293] page_type: f5(slab)
[   11.237425] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.237667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.238007] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.238575] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.238923] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   11.239380] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.239724] page dumped because: kasan: bad access detected
[   11.239962] 
[   11.240239] Memory state around the buggy address:
[   11.240460]  ffff888100a33380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.240763]  ffff888100a33400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.241043] >ffff888100a33480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.241426]                                                           ^
[   11.241709]  ffff888100a33500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.242001]  ffff888100a33580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.242470] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZBUndPDS8X4MXFxkaR3tx0zz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZBUndPDS8X4MXFxkaR3tx0zz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/bzImage
sha256sum	fdab25edf269586788f4854ddc82bfb248384cd49a929fd8a11612d5c6323a6b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/modules.tar.xz
sha256sum	b870eec76e2de65ecab7668dc6c268dfb8fbc1fee9d4a7541f1df48cf623d5fd

durations

tests

boot	0
kunit	204.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit