lkft/sashal-linus-next - v6.13-rc7-43165-gcfb37db724c4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 3, 2025, 6:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.635077] ==================================================================
[   16.635132] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.635177] Write of size 1 at addr fff00000c59ab4d0 by task kunit_try_catch/158
[   16.635232] 
[   16.635272] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.635500] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.635631] Hardware name: linux,dummy-virt (DT)
[   16.635667] Call trace:
[   16.635896]  show_stack+0x20/0x38 (C)
[   16.636085]  dump_stack_lvl+0x8c/0xd0
[   16.636136]  print_report+0x118/0x608
[   16.636302]  kasan_report+0xdc/0x128
[   16.636448]  __asan_report_store1_noabort+0x20/0x30
[   16.636915]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.637205]  krealloc_less_oob+0x20/0x38
[   16.637311]  kunit_try_run_case+0x170/0x3f0
[   16.637609]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.637773]  kthread+0x328/0x630
[   16.637849]  ret_from_fork+0x10/0x20
[   16.638313] 
[   16.638339] Allocated by task 158:
[   16.638405]  kasan_save_stack+0x3c/0x68
[   16.638476]  kasan_save_track+0x20/0x40
[   16.638623]  kasan_save_alloc_info+0x40/0x58
[   16.638941]  __kasan_krealloc+0x118/0x178
[   16.639040]  krealloc_noprof+0x128/0x360
[   16.639152]  krealloc_less_oob_helper+0x168/0xc50
[   16.639240]  krealloc_less_oob+0x20/0x38
[   16.639470]  kunit_try_run_case+0x170/0x3f0
[   16.639567]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.640121]  kthread+0x328/0x630
[   16.640221]  ret_from_fork+0x10/0x20
[   16.640345] 
[   16.640398] The buggy address belongs to the object at fff00000c59ab400
[   16.640398]  which belongs to the cache kmalloc-256 of size 256
[   16.640498] The buggy address is located 7 bytes to the right of
[   16.640498]  allocated 201-byte region [fff00000c59ab400, fff00000c59ab4c9)
[   16.640652] 
[   16.640712] The buggy address belongs to the physical page:
[   16.640929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.641122] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.641300] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.641443] page_type: f5(slab)
[   16.641490] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.641548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.641601] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.641667] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.641714] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.641765] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.641804] page dumped because: kasan: bad access detected
[   16.641833] 
[   16.641850] Memory state around the buggy address:
[   16.641896]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.641945]  fff00000c59ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.641985] >fff00000c59ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.642053]                                                  ^
[   16.642468]  fff00000c59ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.642570]  fff00000c59ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.643122] ==================================================================
[   16.623949] ==================================================================
[   16.624084] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.624137] Write of size 1 at addr fff00000c59ab4c9 by task kunit_try_catch/158
[   16.624184] 
[   16.624216] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.624551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.624858] Hardware name: linux,dummy-virt (DT)
[   16.624928] Call trace:
[   16.625011]  show_stack+0x20/0x38 (C)
[   16.625257]  dump_stack_lvl+0x8c/0xd0
[   16.625502]  print_report+0x118/0x608
[   16.625630]  kasan_report+0xdc/0x128
[   16.625880]  __asan_report_store1_noabort+0x20/0x30
[   16.626114]  krealloc_less_oob_helper+0xa48/0xc50
[   16.626286]  krealloc_less_oob+0x20/0x38
[   16.626470]  kunit_try_run_case+0x170/0x3f0
[   16.626569]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.626974]  kthread+0x328/0x630
[   16.627139]  ret_from_fork+0x10/0x20
[   16.627349] 
[   16.627505] Allocated by task 158:
[   16.627604]  kasan_save_stack+0x3c/0x68
[   16.627994]  kasan_save_track+0x20/0x40
[   16.628109]  kasan_save_alloc_info+0x40/0x58
[   16.628530]  __kasan_krealloc+0x118/0x178
[   16.628712]  krealloc_noprof+0x128/0x360
[   16.628753]  krealloc_less_oob_helper+0x168/0xc50
[   16.628790]  krealloc_less_oob+0x20/0x38
[   16.628825]  kunit_try_run_case+0x170/0x3f0
[   16.629110]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.629288]  kthread+0x328/0x630
[   16.629591]  ret_from_fork+0x10/0x20
[   16.629652] 
[   16.629799] The buggy address belongs to the object at fff00000c59ab400
[   16.629799]  which belongs to the cache kmalloc-256 of size 256
[   16.629887] The buggy address is located 0 bytes to the right of
[   16.629887]  allocated 201-byte region [fff00000c59ab400, fff00000c59ab4c9)
[   16.630158] 
[   16.630229] The buggy address belongs to the physical page:
[   16.630298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.630675] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.631002] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.631193] page_type: f5(slab)
[   16.631306] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.631394] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.631723] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.631933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.632024] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.632185] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.632281] page dumped because: kasan: bad access detected
[   16.632317] 
[   16.632503] Memory state around the buggy address:
[   16.632545]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.632605]  fff00000c59ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.632865] >fff00000c59ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.632944]                                               ^
[   16.633148]  fff00000c59ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.633211]  fff00000c59ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.633247] ==================================================================
[   16.651247] ==================================================================
[   16.651609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.651719] Write of size 1 at addr fff00000c59ab4ea by task kunit_try_catch/158
[   16.652050] 
[   16.652099] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.652181] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.652206] Hardware name: linux,dummy-virt (DT)
[   16.652235] Call trace:
[   16.652416]  show_stack+0x20/0x38 (C)
[   16.652483]  dump_stack_lvl+0x8c/0xd0
[   16.652682]  print_report+0x118/0x608
[   16.652810]  kasan_report+0xdc/0x128
[   16.653170]  __asan_report_store1_noabort+0x20/0x30
[   16.653377]  krealloc_less_oob_helper+0xae4/0xc50
[   16.653524]  krealloc_less_oob+0x20/0x38
[   16.653572]  kunit_try_run_case+0x170/0x3f0
[   16.653640]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.653910]  kthread+0x328/0x630
[   16.654202]  ret_from_fork+0x10/0x20
[   16.654285] 
[   16.654333] Allocated by task 158:
[   16.654425]  kasan_save_stack+0x3c/0x68
[   16.654525]  kasan_save_track+0x20/0x40
[   16.654758]  kasan_save_alloc_info+0x40/0x58
[   16.655047]  __kasan_krealloc+0x118/0x178
[   16.655205]  krealloc_noprof+0x128/0x360
[   16.655325]  krealloc_less_oob_helper+0x168/0xc50
[   16.655400]  krealloc_less_oob+0x20/0x38
[   16.655445]  kunit_try_run_case+0x170/0x3f0
[   16.655639]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.655830]  kthread+0x328/0x630
[   16.655993]  ret_from_fork+0x10/0x20
[   16.656157] 
[   16.656229] The buggy address belongs to the object at fff00000c59ab400
[   16.656229]  which belongs to the cache kmalloc-256 of size 256
[   16.656627] The buggy address is located 33 bytes to the right of
[   16.656627]  allocated 201-byte region [fff00000c59ab400, fff00000c59ab4c9)
[   16.656802] 
[   16.656893] The buggy address belongs to the physical page:
[   16.656962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.657182] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.657232] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.657292] page_type: f5(slab)
[   16.657328] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.657703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.657847] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.658018] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.658203] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.658521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.658700] page dumped because: kasan: bad access detected
[   16.658827] 
[   16.658897] Memory state around the buggy address:
[   16.659042]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.659173]  fff00000c59ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.659242] >fff00000c59ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.659305]                                                           ^
[   16.659598]  fff00000c59ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.659844]  fff00000c59ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.659917] ==================================================================
[   16.645145] ==================================================================
[   16.645197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.645243] Write of size 1 at addr fff00000c59ab4da by task kunit_try_catch/158
[   16.645315] 
[   16.645439] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.645541] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.645567] Hardware name: linux,dummy-virt (DT)
[   16.645603] Call trace:
[   16.645623]  show_stack+0x20/0x38 (C)
[   16.645917]  dump_stack_lvl+0x8c/0xd0
[   16.646070]  print_report+0x118/0x608
[   16.646143]  kasan_report+0xdc/0x128
[   16.646190]  __asan_report_store1_noabort+0x20/0x30
[   16.646236]  krealloc_less_oob_helper+0xa80/0xc50
[   16.646520]  krealloc_less_oob+0x20/0x38
[   16.646656]  kunit_try_run_case+0x170/0x3f0
[   16.646834]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.646891]  kthread+0x328/0x630
[   16.646932]  ret_from_fork+0x10/0x20
[   16.647124] 
[   16.647296] Allocated by task 158:
[   16.647331]  kasan_save_stack+0x3c/0x68
[   16.647373]  kasan_save_track+0x20/0x40
[   16.647681]  kasan_save_alloc_info+0x40/0x58
[   16.647749]  __kasan_krealloc+0x118/0x178
[   16.647786]  krealloc_noprof+0x128/0x360
[   16.647820]  krealloc_less_oob_helper+0x168/0xc50
[   16.647857]  krealloc_less_oob+0x20/0x38
[   16.647892]  kunit_try_run_case+0x170/0x3f0
[   16.647928]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.648421]  kthread+0x328/0x630
[   16.648481]  ret_from_fork+0x10/0x20
[   16.648517] 
[   16.648572] The buggy address belongs to the object at fff00000c59ab400
[   16.648572]  which belongs to the cache kmalloc-256 of size 256
[   16.648628] The buggy address is located 17 bytes to the right of
[   16.648628]  allocated 201-byte region [fff00000c59ab400, fff00000c59ab4c9)
[   16.648826] 
[   16.649008] The buggy address belongs to the physical page:
[   16.649050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.649115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.649159] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.649207] page_type: f5(slab)
[   16.649268] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.649327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.649394] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.649452] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.649512] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.649564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.649603] page dumped because: kasan: bad access detected
[   16.649641] 
[   16.649658] Memory state around the buggy address:
[   16.649687]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.649728]  fff00000c59ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.649768] >fff00000c59ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.649805]                                                     ^
[   16.649849]  fff00000c59ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.649898]  fff00000c59ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.649942] ==================================================================
[   16.661769] ==================================================================
[   16.661840] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.661913] Write of size 1 at addr fff00000c59ab4eb by task kunit_try_catch/158
[   16.662145] 
[   16.662193] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.662282] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.662307] Hardware name: linux,dummy-virt (DT)
[   16.662336] Call trace:
[   16.662544]  show_stack+0x20/0x38 (C)
[   16.662607]  dump_stack_lvl+0x8c/0xd0
[   16.662652]  print_report+0x118/0x608
[   16.662705]  kasan_report+0xdc/0x128
[   16.662898]  __asan_report_store1_noabort+0x20/0x30
[   16.662958]  krealloc_less_oob_helper+0xa58/0xc50
[   16.663005]  krealloc_less_oob+0x20/0x38
[   16.663265]  kunit_try_run_case+0x170/0x3f0
[   16.663329]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.663381]  kthread+0x328/0x630
[   16.663421]  ret_from_fork+0x10/0x20
[   16.663476] 
[   16.663494] Allocated by task 158:
[   16.663521]  kasan_save_stack+0x3c/0x68
[   16.663560]  kasan_save_track+0x20/0x40
[   16.663595]  kasan_save_alloc_info+0x40/0x58
[   16.663634]  __kasan_krealloc+0x118/0x178
[   16.663670]  krealloc_noprof+0x128/0x360
[   16.663705]  krealloc_less_oob_helper+0x168/0xc50
[   16.663743]  krealloc_less_oob+0x20/0x38
[   16.663776]  kunit_try_run_case+0x170/0x3f0
[   16.663812]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.663864]  kthread+0x328/0x630
[   16.663895]  ret_from_fork+0x10/0x20
[   16.663928] 
[   16.663947] The buggy address belongs to the object at fff00000c59ab400
[   16.663947]  which belongs to the cache kmalloc-256 of size 256
[   16.664000] The buggy address is located 34 bytes to the right of
[   16.664000]  allocated 201-byte region [fff00000c59ab400, fff00000c59ab4c9)
[   16.664426] 
[   16.664658] The buggy address belongs to the physical page:
[   16.664700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.664779] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.664840] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.665002] page_type: f5(slab)
[   16.665111] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.665160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.665633] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.665738] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.665941] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.666134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.666199] page dumped because: kasan: bad access detected
[   16.666229] 
[   16.666246] Memory state around the buggy address:
[   16.666586]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.666648]  fff00000c59ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.666806] >fff00000c59ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.666929]                                                           ^
[   16.666976]  fff00000c59ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.667137]  fff00000c59ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.667177] ==================================================================
[   16.725970] ==================================================================
[   16.726021] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.726078] Write of size 1 at addr fff00000c780a0ea by task kunit_try_catch/162
[   16.726182] 
[   16.726213] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.726289] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.726314] Hardware name: linux,dummy-virt (DT)
[   16.726343] Call trace:
[   16.726363]  show_stack+0x20/0x38 (C)
[   16.726409]  dump_stack_lvl+0x8c/0xd0
[   16.726452]  print_report+0x118/0x608
[   16.726507]  kasan_report+0xdc/0x128
[   16.726551]  __asan_report_store1_noabort+0x20/0x30
[   16.726597]  krealloc_less_oob_helper+0xae4/0xc50
[   16.726643]  krealloc_large_less_oob+0x20/0x38
[   16.726688]  kunit_try_run_case+0x170/0x3f0
[   16.726733]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.726784]  kthread+0x328/0x630
[   16.726833]  ret_from_fork+0x10/0x20
[   16.726878] 
[   16.726897] The buggy address belongs to the physical page:
[   16.726926] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   16.726974] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.727049] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.727098] page_type: f8(unknown)
[   16.727142] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.727200] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.727257] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.727305] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.727352] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   16.727409] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.727447] page dumped because: kasan: bad access detected
[   16.727481] 
[   16.727499] Memory state around the buggy address:
[   16.727536]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.727577]  fff00000c780a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.727622] >fff00000c780a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.727657]                                                           ^
[   16.727693]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.727740]  fff00000c780a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.727777] ==================================================================
[   16.720865] ==================================================================
[   16.720929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.720977] Write of size 1 at addr fff00000c780a0da by task kunit_try_catch/162
[   16.721023] 
[   16.721063] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.721139] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.721348] Hardware name: linux,dummy-virt (DT)
[   16.721514] Call trace:
[   16.721600]  show_stack+0x20/0x38 (C)
[   16.721654]  dump_stack_lvl+0x8c/0xd0
[   16.721698]  print_report+0x118/0x608
[   16.721743]  kasan_report+0xdc/0x128
[   16.721827]  __asan_report_store1_noabort+0x20/0x30
[   16.721905]  krealloc_less_oob_helper+0xa80/0xc50
[   16.721971]  krealloc_large_less_oob+0x20/0x38
[   16.722062]  kunit_try_run_case+0x170/0x3f0
[   16.722108]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.722158]  kthread+0x328/0x630
[   16.722318]  ret_from_fork+0x10/0x20
[   16.722630] 
[   16.722732] The buggy address belongs to the physical page:
[   16.722770] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   16.722822] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.722899] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.722978] page_type: f8(unknown)
[   16.723019] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.723266] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.723329] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.723481] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.723632] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   16.723727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.723840] page dumped because: kasan: bad access detected
[   16.723873] 
[   16.723890] Memory state around the buggy address:
[   16.724072]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.724127]  fff00000c780a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.724338] >fff00000c780a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.724428]                                                     ^
[   16.724477]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.724875]  fff00000c780a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.724941] ==================================================================
[   16.714585] ==================================================================
[   16.714654] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.714828] Write of size 1 at addr fff00000c780a0d0 by task kunit_try_catch/162
[   16.714911] 
[   16.714942] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.715241] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.715390] Hardware name: linux,dummy-virt (DT)
[   16.715432] Call trace:
[   16.715452]  show_stack+0x20/0x38 (C)
[   16.715782]  dump_stack_lvl+0x8c/0xd0
[   16.715892]  print_report+0x118/0x608
[   16.715953]  kasan_report+0xdc/0x128
[   16.715999]  __asan_report_store1_noabort+0x20/0x30
[   16.716056]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.716111]  krealloc_large_less_oob+0x20/0x38
[   16.716157]  kunit_try_run_case+0x170/0x3f0
[   16.716202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.716252]  kthread+0x328/0x630
[   16.716299]  ret_from_fork+0x10/0x20
[   16.716356] 
[   16.716385] The buggy address belongs to the physical page:
[   16.716417] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   16.716473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.716518] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.716831] page_type: f8(unknown)
[   16.716977] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.717139] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.717580] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.717810] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.717886] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   16.718075] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.718419] page dumped because: kasan: bad access detected
[   16.718574] 
[   16.718665] Memory state around the buggy address:
[   16.718780]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.718854]  fff00000c780a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.718901] >fff00000c780a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.719087]                                                  ^
[   16.719147]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.719448]  fff00000c780a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.719516] ==================================================================
[   16.727826] ==================================================================
[   16.727860] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.727907] Write of size 1 at addr fff00000c780a0eb by task kunit_try_catch/162
[   16.727953] 
[   16.727986] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.728321] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.728349] Hardware name: linux,dummy-virt (DT)
[   16.728483] Call trace:
[   16.728516]  show_stack+0x20/0x38 (C)
[   16.729126]  dump_stack_lvl+0x8c/0xd0
[   16.729208]  print_report+0x118/0x608
[   16.729268]  kasan_report+0xdc/0x128
[   16.729312]  __asan_report_store1_noabort+0x20/0x30
[   16.729358]  krealloc_less_oob_helper+0xa58/0xc50
[   16.729715]  krealloc_large_less_oob+0x20/0x38
[   16.729814]  kunit_try_run_case+0x170/0x3f0
[   16.730058]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.730497]  kthread+0x328/0x630
[   16.730666]  ret_from_fork+0x10/0x20
[   16.730850] 
[   16.730985] The buggy address belongs to the physical page:
[   16.731063] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   16.731137] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.731358] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.731775] page_type: f8(unknown)
[   16.731898] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.731997] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.732080] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.732127] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.732502] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   16.732731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.732831] page dumped because: kasan: bad access detected
[   16.732997] 
[   16.733069] Memory state around the buggy address:
[   16.733101]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.733142]  fff00000c780a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.733186] >fff00000c780a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.733383]                                                           ^
[   16.733671]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.734086]  fff00000c780a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.734185] ==================================================================
[   16.704575] ==================================================================
[   16.704671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.704884] Write of size 1 at addr fff00000c780a0c9 by task kunit_try_catch/162
[   16.704937] 
[   16.704970] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.705231] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.705377] Hardware name: linux,dummy-virt (DT)
[   16.705466] Call trace:
[   16.705503]  show_stack+0x20/0x38 (C)
[   16.705743]  dump_stack_lvl+0x8c/0xd0
[   16.705850]  print_report+0x118/0x608
[   16.706123]  kasan_report+0xdc/0x128
[   16.706259]  __asan_report_store1_noabort+0x20/0x30
[   16.706466]  krealloc_less_oob_helper+0xa48/0xc50
[   16.706793]  krealloc_large_less_oob+0x20/0x38
[   16.706956]  kunit_try_run_case+0x170/0x3f0
[   16.707091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.707249]  kthread+0x328/0x630
[   16.707338]  ret_from_fork+0x10/0x20
[   16.707773] 
[   16.707876] The buggy address belongs to the physical page:
[   16.707947] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   16.708099] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.708175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.708383] page_type: f8(unknown)
[   16.708648] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.709085] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.709491] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.709589] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.709737] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   16.709867] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.709947] page dumped because: kasan: bad access detected
[   16.709996] 
[   16.710347] Memory state around the buggy address:
[   16.710463]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.710524]  fff00000c780a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.710857] >fff00000c780a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.711087]                                               ^
[   16.711347]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.711419]  fff00000c780a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.711499] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL5oRbEmqaoyhMhEOvLzS6IfC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL5oRbEmqaoyhMhEOvLzS6IfC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/Image.gz
sha256sum	75bd93f2a9f934a99efc331115dacf43cd61683d1338c69f56928f4e505c4b9f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/modules.tar.xz
sha256sum	ba9b1a7bf6af40dbc6b67719635e8125d452a6738f5e6a1c543b4789f281320d

durations

tests

boot	0
kunit	167.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.113951] ==================================================================
[   11.114819] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.115415] Write of size 1 at addr ffff88810034a0c9 by task kunit_try_catch/176
[   11.115792] 
[   11.115884] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.115929] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.115941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.115962] Call Trace:
[   11.115974]  <TASK>
[   11.115990]  dump_stack_lvl+0x73/0xb0
[   11.116018]  print_report+0xd1/0x650
[   11.116040]  ? __virt_addr_valid+0x1db/0x2d0
[   11.116063]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.116086]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.116127]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.116213]  kasan_report+0x141/0x180
[   11.116236]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.116263]  __asan_report_store1_noabort+0x1b/0x30
[   11.116283]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.116308]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.116349]  ? finish_task_switch.isra.0+0x153/0x700
[   11.116371]  ? __switch_to+0x47/0xf50
[   11.116396]  ? __schedule+0x10cc/0x2b60
[   11.116417]  ? __pfx_read_tsc+0x10/0x10
[   11.116441]  krealloc_less_oob+0x1c/0x30
[   11.116461]  kunit_try_run_case+0x1a5/0x480
[   11.116486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.116507]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.116529]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.116551]  ? __kthread_parkme+0x82/0x180
[   11.116570]  ? preempt_count_sub+0x50/0x80
[   11.116591]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.116614]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.116635]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.116657]  kthread+0x337/0x6f0
[   11.116675]  ? trace_preempt_on+0x20/0xc0
[   11.116698]  ? __pfx_kthread+0x10/0x10
[   11.116718]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.116738]  ? calculate_sigpending+0x7b/0xa0
[   11.116760]  ? __pfx_kthread+0x10/0x10
[   11.116781]  ret_from_fork+0x116/0x1d0
[   11.116798]  ? __pfx_kthread+0x10/0x10
[   11.116817]  ret_from_fork_asm+0x1a/0x30
[   11.116846]  </TASK>
[   11.116857] 
[   11.130282] Allocated by task 176:
[   11.130624]  kasan_save_stack+0x45/0x70
[   11.130977]  kasan_save_track+0x18/0x40
[   11.131409]  kasan_save_alloc_info+0x3b/0x50
[   11.131769]  __kasan_krealloc+0x190/0x1f0
[   11.131910]  krealloc_noprof+0xf3/0x340
[   11.132047]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.132223]  krealloc_less_oob+0x1c/0x30
[   11.132430]  kunit_try_run_case+0x1a5/0x480
[   11.132622]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.133088]  kthread+0x337/0x6f0
[   11.133455]  ret_from_fork+0x116/0x1d0
[   11.133890]  ret_from_fork_asm+0x1a/0x30
[   11.134293] 
[   11.134449] The buggy address belongs to the object at ffff88810034a000
[   11.134449]  which belongs to the cache kmalloc-256 of size 256
[   11.135223] The buggy address is located 0 bytes to the right of
[   11.135223]  allocated 201-byte region [ffff88810034a000, ffff88810034a0c9)
[   11.136589] 
[   11.136837] The buggy address belongs to the physical page:
[   11.137140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   11.137447] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.138129] flags: 0x200000000000040(head|node=0|zone=2)
[   11.138704] page_type: f5(slab)
[   11.139032] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.140020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.140602] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.141314] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.141555] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   11.141794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.142027] page dumped because: kasan: bad access detected
[   11.142219] 
[   11.142292] Memory state around the buggy address:
[   11.142617]  ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.142878]  ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.143134] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.143588]                                               ^
[   11.143887]  ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.144246]  ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.144580] ==================================================================
[   11.367497] ==================================================================
[   11.367803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.368100] Write of size 1 at addr ffff8881027ba0ea by task kunit_try_catch/180
[   11.368537] 
[   11.368629] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.368670] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.368681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.368701] Call Trace:
[   11.368714]  <TASK>
[   11.368728]  dump_stack_lvl+0x73/0xb0
[   11.368753]  print_report+0xd1/0x650
[   11.368774]  ? __virt_addr_valid+0x1db/0x2d0
[   11.368796]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.368818]  ? kasan_addr_to_slab+0x11/0xa0
[   11.368837]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.368860]  kasan_report+0x141/0x180
[   11.368881]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.368909]  __asan_report_store1_noabort+0x1b/0x30
[   11.368929]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.368953]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.368976]  ? finish_task_switch.isra.0+0x153/0x700
[   11.368996]  ? __switch_to+0x47/0xf50
[   11.369020]  ? __schedule+0x10cc/0x2b60
[   11.369040]  ? __pfx_read_tsc+0x10/0x10
[   11.369062]  krealloc_large_less_oob+0x1c/0x30
[   11.369084]  kunit_try_run_case+0x1a5/0x480
[   11.369120]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.369142]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.369164]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.369185]  ? __kthread_parkme+0x82/0x180
[   11.369204]  ? preempt_count_sub+0x50/0x80
[   11.369226]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.369249]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.369271]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.369293]  kthread+0x337/0x6f0
[   11.369311]  ? trace_preempt_on+0x20/0xc0
[   11.369333]  ? __pfx_kthread+0x10/0x10
[   11.369352]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.369372]  ? calculate_sigpending+0x7b/0xa0
[   11.369394]  ? __pfx_kthread+0x10/0x10
[   11.369414]  ret_from_fork+0x116/0x1d0
[   11.369431]  ? __pfx_kthread+0x10/0x10
[   11.369451]  ret_from_fork_asm+0x1a/0x30
[   11.369480]  </TASK>
[   11.369490] 
[   11.377198] The buggy address belongs to the physical page:
[   11.377384] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8
[   11.378267] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.378550] flags: 0x200000000000040(head|node=0|zone=2)
[   11.378726] page_type: f8(unknown)
[   11.378927] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.379494] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.379736] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.379972] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.380275] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff
[   11.380613] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.380953] page dumped because: kasan: bad access detected
[   11.381317] 
[   11.381511] Memory state around the buggy address:
[   11.381715]  ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.381931]  ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.382259] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.382884]                                                           ^
[   11.383386]  ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.383683]  ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.383972] ==================================================================
[   11.384421] ==================================================================
[   11.384811] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.385078] Write of size 1 at addr ffff8881027ba0eb by task kunit_try_catch/180
[   11.385415] 
[   11.385519] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.385556] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.385567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.385585] Call Trace:
[   11.385599]  <TASK>
[   11.385612]  dump_stack_lvl+0x73/0xb0
[   11.385634]  print_report+0xd1/0x650
[   11.385656]  ? __virt_addr_valid+0x1db/0x2d0
[   11.385676]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.385699]  ? kasan_addr_to_slab+0x11/0xa0
[   11.385718]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.385741]  kasan_report+0x141/0x180
[   11.385777]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.385804]  __asan_report_store1_noabort+0x1b/0x30
[   11.385825]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.385849]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.385872]  ? finish_task_switch.isra.0+0x153/0x700
[   11.385892]  ? __switch_to+0x47/0xf50
[   11.385918]  ? __schedule+0x10cc/0x2b60
[   11.385939]  ? __pfx_read_tsc+0x10/0x10
[   11.385962]  krealloc_large_less_oob+0x1c/0x30
[   11.385983]  kunit_try_run_case+0x1a5/0x480
[   11.386006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.386027]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.386049]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.386071]  ? __kthread_parkme+0x82/0x180
[   11.386090]  ? preempt_count_sub+0x50/0x80
[   11.386121]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.386144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.386165]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.386187]  kthread+0x337/0x6f0
[   11.386205]  ? trace_preempt_on+0x20/0xc0
[   11.386227]  ? __pfx_kthread+0x10/0x10
[   11.386247]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.386266]  ? calculate_sigpending+0x7b/0xa0
[   11.386288]  ? __pfx_kthread+0x10/0x10
[   11.386308]  ret_from_fork+0x116/0x1d0
[   11.386326]  ? __pfx_kthread+0x10/0x10
[   11.386345]  ret_from_fork_asm+0x1a/0x30
[   11.386374]  </TASK>
[   11.386384] 
[   11.394007] The buggy address belongs to the physical page:
[   11.394309] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8
[   11.394581] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.394810] flags: 0x200000000000040(head|node=0|zone=2)
[   11.395062] page_type: f8(unknown)
[   11.395263] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.395577] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.395808] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.396041] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.396646] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff
[   11.396997] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.397352] page dumped because: kasan: bad access detected
[   11.397558] 
[   11.397629] Memory state around the buggy address:
[   11.397785]  ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.398049]  ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.398544] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.398878]                                                           ^
[   11.399268]  ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.399639]  ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.399878] ==================================================================
[   11.145307] ==================================================================
[   11.145937] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.146369] Write of size 1 at addr ffff88810034a0d0 by task kunit_try_catch/176
[   11.146784] 
[   11.146950] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.147002] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.147013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.147032] Call Trace:
[   11.147043]  <TASK>
[   11.147057]  dump_stack_lvl+0x73/0xb0
[   11.147093]  print_report+0xd1/0x650
[   11.147133]  ? __virt_addr_valid+0x1db/0x2d0
[   11.147155]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.147177]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.147198]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.147229]  kasan_report+0x141/0x180
[   11.147250]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.147277]  __asan_report_store1_noabort+0x1b/0x30
[   11.147297]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.147321]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.147354]  ? finish_task_switch.isra.0+0x153/0x700
[   11.147374]  ? __switch_to+0x47/0xf50
[   11.147399]  ? __schedule+0x10cc/0x2b60
[   11.147431]  ? __pfx_read_tsc+0x10/0x10
[   11.147454]  krealloc_less_oob+0x1c/0x30
[   11.147474]  kunit_try_run_case+0x1a5/0x480
[   11.147498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.147519]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.147541]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.147563]  ? __kthread_parkme+0x82/0x180
[   11.147583]  ? preempt_count_sub+0x50/0x80
[   11.147655]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.147679]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.147701]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.147733]  kthread+0x337/0x6f0
[   11.147752]  ? trace_preempt_on+0x20/0xc0
[   11.147776]  ? __pfx_kthread+0x10/0x10
[   11.147806]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.147826]  ? calculate_sigpending+0x7b/0xa0
[   11.147858]  ? __pfx_kthread+0x10/0x10
[   11.147879]  ret_from_fork+0x116/0x1d0
[   11.147896]  ? __pfx_kthread+0x10/0x10
[   11.147926]  ret_from_fork_asm+0x1a/0x30
[   11.147956]  </TASK>
[   11.147967] 
[   11.159092] Allocated by task 176:
[   11.159387]  kasan_save_stack+0x45/0x70
[   11.159965]  kasan_save_track+0x18/0x40
[   11.160152]  kasan_save_alloc_info+0x3b/0x50
[   11.160523]  __kasan_krealloc+0x190/0x1f0
[   11.160727]  krealloc_noprof+0xf3/0x340
[   11.160913]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.161154]  krealloc_less_oob+0x1c/0x30
[   11.161855]  kunit_try_run_case+0x1a5/0x480
[   11.162169]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.162559]  kthread+0x337/0x6f0
[   11.162801]  ret_from_fork+0x116/0x1d0
[   11.163088]  ret_from_fork_asm+0x1a/0x30
[   11.163350] 
[   11.163496] The buggy address belongs to the object at ffff88810034a000
[   11.163496]  which belongs to the cache kmalloc-256 of size 256
[   11.164453] The buggy address is located 7 bytes to the right of
[   11.164453]  allocated 201-byte region [ffff88810034a000, ffff88810034a0c9)
[   11.165081] 
[   11.165368] The buggy address belongs to the physical page:
[   11.165730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   11.166062] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.166755] flags: 0x200000000000040(head|node=0|zone=2)
[   11.167137] page_type: f5(slab)
[   11.167499] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.167943] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.168435] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.168798] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.169305] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   11.169799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.170306] page dumped because: kasan: bad access detected
[   11.170649] 
[   11.170768] Memory state around the buggy address:
[   11.171093]  ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.171775]  ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.172099] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.172716]                                                  ^
[   11.173060]  ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.173634]  ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.173996] ==================================================================
[   11.350662] ==================================================================
[   11.350887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.351157] Write of size 1 at addr ffff8881027ba0da by task kunit_try_catch/180
[   11.351745] 
[   11.351864] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.351905] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.351916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.351934] Call Trace:
[   11.351949]  <TASK>
[   11.351964]  dump_stack_lvl+0x73/0xb0
[   11.351990]  print_report+0xd1/0x650
[   11.352011]  ? __virt_addr_valid+0x1db/0x2d0
[   11.352032]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.352054]  ? kasan_addr_to_slab+0x11/0xa0
[   11.352073]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.352096]  kasan_report+0x141/0x180
[   11.352130]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.352239]  __asan_report_store1_noabort+0x1b/0x30
[   11.352264]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.352289]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.352312]  ? finish_task_switch.isra.0+0x153/0x700
[   11.352332]  ? __switch_to+0x47/0xf50
[   11.352355]  ? __schedule+0x10cc/0x2b60
[   11.352375]  ? __pfx_read_tsc+0x10/0x10
[   11.352398]  krealloc_large_less_oob+0x1c/0x30
[   11.352419]  kunit_try_run_case+0x1a5/0x480
[   11.352443]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.352464]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.352486]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.352507]  ? __kthread_parkme+0x82/0x180
[   11.352527]  ? preempt_count_sub+0x50/0x80
[   11.352548]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.352571]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.352592]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.352614]  kthread+0x337/0x6f0
[   11.352632]  ? trace_preempt_on+0x20/0xc0
[   11.352655]  ? __pfx_kthread+0x10/0x10
[   11.352674]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.352694]  ? calculate_sigpending+0x7b/0xa0
[   11.352716]  ? __pfx_kthread+0x10/0x10
[   11.352736]  ret_from_fork+0x116/0x1d0
[   11.352754]  ? __pfx_kthread+0x10/0x10
[   11.352774]  ret_from_fork_asm+0x1a/0x30
[   11.352803]  </TASK>
[   11.352813] 
[   11.361021] The buggy address belongs to the physical page:
[   11.361394] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8
[   11.361685] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.361915] flags: 0x200000000000040(head|node=0|zone=2)
[   11.362170] page_type: f8(unknown)
[   11.362347] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.362710] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.362944] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.363194] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.363444] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff
[   11.364120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.364476] page dumped because: kasan: bad access detected
[   11.364963] 
[   11.365043] Memory state around the buggy address:
[   11.365212]  ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.365442]  ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.365767] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.366077]                                                     ^
[   11.366356]  ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.366677]  ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.366955] ==================================================================
[   11.205774] ==================================================================
[   11.206018] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.206990] Write of size 1 at addr ffff88810034a0ea by task kunit_try_catch/176
[   11.207763] 
[   11.208029] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.208284] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.208298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.208340] Call Trace:
[   11.208356]  <TASK>
[   11.208372]  dump_stack_lvl+0x73/0xb0
[   11.208401]  print_report+0xd1/0x650
[   11.208425]  ? __virt_addr_valid+0x1db/0x2d0
[   11.208449]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.208474]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.208496]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.208519]  kasan_report+0x141/0x180
[   11.208541]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.208568]  __asan_report_store1_noabort+0x1b/0x30
[   11.208588]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.208612]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.208635]  ? finish_task_switch.isra.0+0x153/0x700
[   11.208656]  ? __switch_to+0x47/0xf50
[   11.208680]  ? __schedule+0x10cc/0x2b60
[   11.208701]  ? __pfx_read_tsc+0x10/0x10
[   11.208724]  krealloc_less_oob+0x1c/0x30
[   11.208745]  kunit_try_run_case+0x1a5/0x480
[   11.208768]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.208788]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.208811]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.208832]  ? __kthread_parkme+0x82/0x180
[   11.208851]  ? preempt_count_sub+0x50/0x80
[   11.208873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.208895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.208916]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.208937]  kthread+0x337/0x6f0
[   11.208956]  ? trace_preempt_on+0x20/0xc0
[   11.208979]  ? __pfx_kthread+0x10/0x10
[   11.208999]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.209019]  ? calculate_sigpending+0x7b/0xa0
[   11.209040]  ? __pfx_kthread+0x10/0x10
[   11.209061]  ret_from_fork+0x116/0x1d0
[   11.209078]  ? __pfx_kthread+0x10/0x10
[   11.209097]  ret_from_fork_asm+0x1a/0x30
[   11.209198]  </TASK>
[   11.209213] 
[   11.220680] Allocated by task 176:
[   11.220854]  kasan_save_stack+0x45/0x70
[   11.221037]  kasan_save_track+0x18/0x40
[   11.221934]  kasan_save_alloc_info+0x3b/0x50
[   11.222390]  __kasan_krealloc+0x190/0x1f0
[   11.222557]  krealloc_noprof+0xf3/0x340
[   11.222984]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.223436]  krealloc_less_oob+0x1c/0x30
[   11.223610]  kunit_try_run_case+0x1a5/0x480
[   11.224071]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.224702]  kthread+0x337/0x6f0
[   11.224996]  ret_from_fork+0x116/0x1d0
[   11.225428]  ret_from_fork_asm+0x1a/0x30
[   11.225832] 
[   11.225930] The buggy address belongs to the object at ffff88810034a000
[   11.225930]  which belongs to the cache kmalloc-256 of size 256
[   11.226655] The buggy address is located 33 bytes to the right of
[   11.226655]  allocated 201-byte region [ffff88810034a000, ffff88810034a0c9)
[   11.227618] 
[   11.227926] The buggy address belongs to the physical page:
[   11.228252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   11.228685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.229368] flags: 0x200000000000040(head|node=0|zone=2)
[   11.229819] page_type: f5(slab)
[   11.230087] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.230672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.231150] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.231467] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.231818] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   11.232490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.232797] page dumped because: kasan: bad access detected
[   11.233232] 
[   11.233343] Memory state around the buggy address:
[   11.233785]  ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.234289]  ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.234696] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.235120]                                                           ^
[   11.235749]  ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.236270]  ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.236672] ==================================================================
[   11.333944] ==================================================================
[   11.334331] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.334657] Write of size 1 at addr ffff8881027ba0d0 by task kunit_try_catch/180
[   11.334967] 
[   11.335070] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.335121] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.335132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.335150] Call Trace:
[   11.335178]  <TASK>
[   11.335191]  dump_stack_lvl+0x73/0xb0
[   11.335221]  print_report+0xd1/0x650
[   11.335242]  ? __virt_addr_valid+0x1db/0x2d0
[   11.335264]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.335286]  ? kasan_addr_to_slab+0x11/0xa0
[   11.335306]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.335329]  kasan_report+0x141/0x180
[   11.335350]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.335377]  __asan_report_store1_noabort+0x1b/0x30
[   11.335397]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.335422]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.335445]  ? finish_task_switch.isra.0+0x153/0x700
[   11.335465]  ? __switch_to+0x47/0xf50
[   11.335488]  ? __schedule+0x10cc/0x2b60
[   11.335509]  ? __pfx_read_tsc+0x10/0x10
[   11.335531]  krealloc_large_less_oob+0x1c/0x30
[   11.335553]  kunit_try_run_case+0x1a5/0x480
[   11.335577]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.335598]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.335620]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.335641]  ? __kthread_parkme+0x82/0x180
[   11.335660]  ? preempt_count_sub+0x50/0x80
[   11.335681]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.335704]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.335725]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.335747]  kthread+0x337/0x6f0
[   11.335766]  ? trace_preempt_on+0x20/0xc0
[   11.335789]  ? __pfx_kthread+0x10/0x10
[   11.335809]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.335828]  ? calculate_sigpending+0x7b/0xa0
[   11.335850]  ? __pfx_kthread+0x10/0x10
[   11.335871]  ret_from_fork+0x116/0x1d0
[   11.335888]  ? __pfx_kthread+0x10/0x10
[   11.335907]  ret_from_fork_asm+0x1a/0x30
[   11.335936]  </TASK>
[   11.335946] 
[   11.344212] The buggy address belongs to the physical page:
[   11.344452] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8
[   11.344816] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.345138] flags: 0x200000000000040(head|node=0|zone=2)
[   11.345369] page_type: f8(unknown)
[   11.345542] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.345824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.346413] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.346712] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.347019] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff
[   11.347519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.347818] page dumped because: kasan: bad access detected
[   11.348053] 
[   11.348145] Memory state around the buggy address:
[   11.348322]  ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.348644]  ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.349008] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.349383]                                                  ^
[   11.349674]  ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.349961]  ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.350273] ==================================================================
[   11.174875] ==================================================================
[   11.175564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.175903] Write of size 1 at addr ffff88810034a0da by task kunit_try_catch/176
[   11.176443] 
[   11.176650] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.176695] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.176806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.176829] Call Trace:
[   11.176845]  <TASK>
[   11.176861]  dump_stack_lvl+0x73/0xb0
[   11.176888]  print_report+0xd1/0x650
[   11.176910]  ? __virt_addr_valid+0x1db/0x2d0
[   11.176931]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.176953]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.176975]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.176997]  kasan_report+0x141/0x180
[   11.177018]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.177045]  __asan_report_store1_noabort+0x1b/0x30
[   11.177065]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.177090]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.177124]  ? finish_task_switch.isra.0+0x153/0x700
[   11.177145]  ? __switch_to+0x47/0xf50
[   11.177169]  ? __schedule+0x10cc/0x2b60
[   11.177190]  ? __pfx_read_tsc+0x10/0x10
[   11.177212]  krealloc_less_oob+0x1c/0x30
[   11.177233]  kunit_try_run_case+0x1a5/0x480
[   11.177255]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.177276]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.177299]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.177321]  ? __kthread_parkme+0x82/0x180
[   11.177340]  ? preempt_count_sub+0x50/0x80
[   11.177361]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.177383]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.177405]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.177426]  kthread+0x337/0x6f0
[   11.177446]  ? trace_preempt_on+0x20/0xc0
[   11.177468]  ? __pfx_kthread+0x10/0x10
[   11.177488]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.177507]  ? calculate_sigpending+0x7b/0xa0
[   11.177529]  ? __pfx_kthread+0x10/0x10
[   11.177550]  ret_from_fork+0x116/0x1d0
[   11.177567]  ? __pfx_kthread+0x10/0x10
[   11.177586]  ret_from_fork_asm+0x1a/0x30
[   11.177616]  </TASK>
[   11.177627] 
[   11.189771] Allocated by task 176:
[   11.189984]  kasan_save_stack+0x45/0x70
[   11.190549]  kasan_save_track+0x18/0x40
[   11.190771]  kasan_save_alloc_info+0x3b/0x50
[   11.191009]  __kasan_krealloc+0x190/0x1f0
[   11.191215]  krealloc_noprof+0xf3/0x340
[   11.191680]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.191876]  krealloc_less_oob+0x1c/0x30
[   11.192192]  kunit_try_run_case+0x1a5/0x480
[   11.192741]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.192995]  kthread+0x337/0x6f0
[   11.193325]  ret_from_fork+0x116/0x1d0
[   11.193786]  ret_from_fork_asm+0x1a/0x30
[   11.194160] 
[   11.194244] The buggy address belongs to the object at ffff88810034a000
[   11.194244]  which belongs to the cache kmalloc-256 of size 256
[   11.195345] The buggy address is located 17 bytes to the right of
[   11.195345]  allocated 201-byte region [ffff88810034a000, ffff88810034a0c9)
[   11.196032] 
[   11.196155] The buggy address belongs to the physical page:
[   11.196642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   11.196994] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.197788] flags: 0x200000000000040(head|node=0|zone=2)
[   11.198184] page_type: f5(slab)
[   11.198524] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.198875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.199193] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.199693] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.200004] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   11.200376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.200625] page dumped because: kasan: bad access detected
[   11.200804] 
[   11.200880] Memory state around the buggy address:
[   11.201040]  ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.201983]  ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.203319] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.204246]                                                     ^
[   11.204570]  ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.204916]  ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.205264] ==================================================================
[   11.240346] ==================================================================
[   11.240824] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.241074] Write of size 1 at addr ffff88810034a0eb by task kunit_try_catch/176
[   11.241572] 
[   11.241778] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.241822] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.241833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.241853] Call Trace:
[   11.241867]  <TASK>
[   11.241881]  dump_stack_lvl+0x73/0xb0
[   11.241908]  print_report+0xd1/0x650
[   11.241930]  ? __virt_addr_valid+0x1db/0x2d0
[   11.241952]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.241976]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.241997]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.242020]  kasan_report+0x141/0x180
[   11.242042]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.242069]  __asan_report_store1_noabort+0x1b/0x30
[   11.242088]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.242124]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.242148]  ? finish_task_switch.isra.0+0x153/0x700
[   11.242170]  ? __switch_to+0x47/0xf50
[   11.242194]  ? __schedule+0x10cc/0x2b60
[   11.242215]  ? __pfx_read_tsc+0x10/0x10
[   11.242238]  krealloc_less_oob+0x1c/0x30
[   11.242259]  kunit_try_run_case+0x1a5/0x480
[   11.242282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.242302]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.242325]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.242346]  ? __kthread_parkme+0x82/0x180
[   11.242366]  ? preempt_count_sub+0x50/0x80
[   11.242398]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.242421]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.242442]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.242464]  kthread+0x337/0x6f0
[   11.242482]  ? trace_preempt_on+0x20/0xc0
[   11.242506]  ? __pfx_kthread+0x10/0x10
[   11.242525]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.242545]  ? calculate_sigpending+0x7b/0xa0
[   11.242568]  ? __pfx_kthread+0x10/0x10
[   11.242588]  ret_from_fork+0x116/0x1d0
[   11.242605]  ? __pfx_kthread+0x10/0x10
[   11.242624]  ret_from_fork_asm+0x1a/0x30
[   11.242654]  </TASK>
[   11.242665] 
[   11.254919] Allocated by task 176:
[   11.255056]  kasan_save_stack+0x45/0x70
[   11.255405]  kasan_save_track+0x18/0x40
[   11.255567]  kasan_save_alloc_info+0x3b/0x50
[   11.255727]  __kasan_krealloc+0x190/0x1f0
[   11.255877]  krealloc_noprof+0xf3/0x340
[   11.256267]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.256723]  krealloc_less_oob+0x1c/0x30
[   11.257096]  kunit_try_run_case+0x1a5/0x480
[   11.257519]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.258014]  kthread+0x337/0x6f0
[   11.258149]  ret_from_fork+0x116/0x1d0
[   11.258283]  ret_from_fork_asm+0x1a/0x30
[   11.258621] 
[   11.258781] The buggy address belongs to the object at ffff88810034a000
[   11.258781]  which belongs to the cache kmalloc-256 of size 256
[   11.260007] The buggy address is located 34 bytes to the right of
[   11.260007]  allocated 201-byte region [ffff88810034a000, ffff88810034a0c9)
[   11.261150] 
[   11.261325] The buggy address belongs to the physical page:
[   11.261816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   11.262060] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.262650] flags: 0x200000000000040(head|node=0|zone=2)
[   11.263223] page_type: f5(slab)
[   11.263563] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.264287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.265021] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.265526] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.266228] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   11.266888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.267309] page dumped because: kasan: bad access detected
[   11.267503] 
[   11.267672] Memory state around the buggy address:
[   11.267848]  ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.268066]  ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.268589] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.268874]                                                           ^
[   11.269287]  ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.269857]  ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.270148] ==================================================================
[   11.315417] ==================================================================
[   11.316918] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.317464] Write of size 1 at addr ffff8881027ba0c9 by task kunit_try_catch/180
[   11.317997] 
[   11.318124] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.318168] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.318180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.318200] Call Trace:
[   11.318213]  <TASK>
[   11.318228]  dump_stack_lvl+0x73/0xb0
[   11.318256]  print_report+0xd1/0x650
[   11.318279]  ? __virt_addr_valid+0x1db/0x2d0
[   11.318301]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.318324]  ? kasan_addr_to_slab+0x11/0xa0
[   11.318343]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.318366]  kasan_report+0x141/0x180
[   11.318387]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.318413]  __asan_report_store1_noabort+0x1b/0x30
[   11.318433]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.318458]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.318481]  ? finish_task_switch.isra.0+0x153/0x700
[   11.318502]  ? __switch_to+0x47/0xf50
[   11.318527]  ? __schedule+0x10cc/0x2b60
[   11.318548]  ? __pfx_read_tsc+0x10/0x10
[   11.318571]  krealloc_large_less_oob+0x1c/0x30
[   11.318593]  kunit_try_run_case+0x1a5/0x480
[   11.318617]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.318638]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.318661]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.318683]  ? __kthread_parkme+0x82/0x180
[   11.318704]  ? preempt_count_sub+0x50/0x80
[   11.318727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.318751]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.318773]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.318795]  kthread+0x337/0x6f0
[   11.318813]  ? trace_preempt_on+0x20/0xc0
[   11.318836]  ? __pfx_kthread+0x10/0x10
[   11.318855]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.318875]  ? calculate_sigpending+0x7b/0xa0
[   11.318899]  ? __pfx_kthread+0x10/0x10
[   11.318919]  ret_from_fork+0x116/0x1d0
[   11.318936]  ? __pfx_kthread+0x10/0x10
[   11.318955]  ret_from_fork_asm+0x1a/0x30
[   11.318985]  </TASK>
[   11.318996] 
[   11.326916] The buggy address belongs to the physical page:
[   11.327165] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8
[   11.327576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.327809] flags: 0x200000000000040(head|node=0|zone=2)
[   11.328063] page_type: f8(unknown)
[   11.328415] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.328760] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.329117] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.329632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.329907] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff
[   11.330157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.330521] page dumped because: kasan: bad access detected
[   11.330773] 
[   11.330868] Memory state around the buggy address:
[   11.331309]  ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.331641]  ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.331922] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.332299]                                               ^
[   11.332582]  ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.332841]  ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.333129] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL6lw8QpiLx2X80bHtYDEoIkO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL6lw8QpiLx2X80bHtYDEoIkO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/bzImage
sha256sum	f913311db6c7753aa3ccadda2e754832cad135a441849c4a73d7959c2b6c87e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/modules.tar.xz
sha256sum	43ae06e48ef12e1aba423c47b6cdbc55af315831d6ed3f78d515cc08d1dc28a1

durations

tests

boot	0
kunit	204.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit