lkft/sashal-linus-next - v6.13-rc7-43418-g558c6dd4d863 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 5, 2025, 5:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.141589] ==================================================================
[   18.141660] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.141718] Write of size 1 at addr fff00000c47a5ada by task kunit_try_catch/158
[   18.141880] 
[   18.141929] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.142084] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.142163] Hardware name: linux,dummy-virt (DT)
[   18.142194] Call trace:
[   18.142214]  show_stack+0x20/0x38 (C)
[   18.142263]  dump_stack_lvl+0x8c/0xd0
[   18.142467]  print_report+0x118/0x608
[   18.142727]  kasan_report+0xdc/0x128
[   18.142885]  __asan_report_store1_noabort+0x20/0x30
[   18.143074]  krealloc_less_oob_helper+0xa80/0xc50
[   18.143282]  krealloc_less_oob+0x20/0x38
[   18.143342]  kunit_try_run_case+0x170/0x3f0
[   18.143590]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.143745]  kthread+0x328/0x630
[   18.143906]  ret_from_fork+0x10/0x20
[   18.144060] 
[   18.144108] Allocated by task 158:
[   18.144245]  kasan_save_stack+0x3c/0x68
[   18.144298]  kasan_save_track+0x20/0x40
[   18.144350]  kasan_save_alloc_info+0x40/0x58
[   18.144746]  __kasan_krealloc+0x118/0x178
[   18.145744]  krealloc_noprof+0x128/0x360
[   18.145833]  krealloc_less_oob_helper+0x168/0xc50
[   18.145887]  krealloc_less_oob+0x20/0x38
[   18.145923]  kunit_try_run_case+0x170/0x3f0
[   18.145983]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.146430]  kthread+0x328/0x630
[   18.146538]  ret_from_fork+0x10/0x20
[   18.146776] 
[   18.147009] The buggy address belongs to the object at fff00000c47a5a00
[   18.147009]  which belongs to the cache kmalloc-256 of size 256
[   18.147174] The buggy address is located 17 bytes to the right of
[   18.147174]  allocated 201-byte region [fff00000c47a5a00, fff00000c47a5ac9)
[   18.147490] 
[   18.147578] The buggy address belongs to the physical page:
[   18.147657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.147772] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.147910] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.148040] page_type: f5(slab)
[   18.148354] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.148417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.148763] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.148942] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.149045] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.149154] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.149296] page dumped because: kasan: bad access detected
[   18.149380] 
[   18.149442] Memory state around the buggy address:
[   18.149560]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.149639]  fff00000c47a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.149784] >fff00000c47a5a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.149878]                                                     ^
[   18.149915]  fff00000c47a5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.149956]  fff00000c47a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.150007] ==================================================================
[   18.225309] ==================================================================
[   18.225359] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.225404] Write of size 1 at addr fff00000c78460eb by task kunit_try_catch/162
[   18.225576] 
[   18.225840] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.225986] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.226015] Hardware name: linux,dummy-virt (DT)
[   18.226045] Call trace:
[   18.226065]  show_stack+0x20/0x38 (C)
[   18.226113]  dump_stack_lvl+0x8c/0xd0
[   18.226297]  print_report+0x118/0x608
[   18.226811]  kasan_report+0xdc/0x128
[   18.226904]  __asan_report_store1_noabort+0x20/0x30
[   18.226961]  krealloc_less_oob_helper+0xa58/0xc50
[   18.227009]  krealloc_large_less_oob+0x20/0x38
[   18.227155]  kunit_try_run_case+0x170/0x3f0
[   18.227208]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.227398]  kthread+0x328/0x630
[   18.227586]  ret_from_fork+0x10/0x20
[   18.227710] 
[   18.227799] The buggy address belongs to the physical page:
[   18.228244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.228349] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.228479] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.228576] page_type: f8(unknown)
[   18.228620] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.228693] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.228766] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.228814] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.228872] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.228928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.228966] page dumped because: kasan: bad access detected
[   18.229009] 
[   18.229053] Memory state around the buggy address:
[   18.229093]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.229142]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.229182] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.229220]                                                           ^
[   18.229257]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.229309]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.229352] ==================================================================
[   18.220230] ==================================================================
[   18.220316] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.220409] Write of size 1 at addr fff00000c78460ea by task kunit_try_catch/162
[   18.220458] 
[   18.220486] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.220674] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.220705] Hardware name: linux,dummy-virt (DT)
[   18.220876] Call trace:
[   18.221062]  show_stack+0x20/0x38 (C)
[   18.221188]  dump_stack_lvl+0x8c/0xd0
[   18.221296]  print_report+0x118/0x608
[   18.221371]  kasan_report+0xdc/0x128
[   18.221478]  __asan_report_store1_noabort+0x20/0x30
[   18.221556]  krealloc_less_oob_helper+0xae4/0xc50
[   18.221652]  krealloc_large_less_oob+0x20/0x38
[   18.221754]  kunit_try_run_case+0x170/0x3f0
[   18.221849]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.222172]  kthread+0x328/0x630
[   18.222309]  ret_from_fork+0x10/0x20
[   18.222371] 
[   18.222396] The buggy address belongs to the physical page:
[   18.222426] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.222501] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.222549] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.222597] page_type: f8(unknown)
[   18.222633] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.222682] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.222729] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.222787] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.223204] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.223259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.223602] page dumped because: kasan: bad access detected
[   18.223715] 
[   18.223755] Memory state around the buggy address:
[   18.223787]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.223981]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.224081] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.224290]                                                           ^
[   18.224338]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.224662]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.224730] ==================================================================
[   18.198158] ==================================================================
[   18.198254] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.198309] Write of size 1 at addr fff00000c78460c9 by task kunit_try_catch/162
[   18.198356] 
[   18.198410] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.198487] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.198521] Hardware name: linux,dummy-virt (DT)
[   18.198552] Call trace:
[   18.198573]  show_stack+0x20/0x38 (C)
[   18.198621]  dump_stack_lvl+0x8c/0xd0
[   18.198674]  print_report+0x118/0x608
[   18.198720]  kasan_report+0xdc/0x128
[   18.199366]  __asan_report_store1_noabort+0x20/0x30
[   18.199446]  krealloc_less_oob_helper+0xa48/0xc50
[   18.199497]  krealloc_large_less_oob+0x20/0x38
[   18.199926]  kunit_try_run_case+0x170/0x3f0
[   18.200040]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.200176]  kthread+0x328/0x630
[   18.200260]  ret_from_fork+0x10/0x20
[   18.200622] 
[   18.200666] The buggy address belongs to the physical page:
[   18.200731] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.200784] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.201113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.201274] page_type: f8(unknown)
[   18.201315] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.201430] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.201752] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.202016] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.202142] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.202287] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.202385] page dumped because: kasan: bad access detected
[   18.202576] 
[   18.202855] Memory state around the buggy address:
[   18.202952]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.203141]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.203192] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.203551]                                               ^
[   18.203620]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.203704]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.203845] ==================================================================
[   18.134549] ==================================================================
[   18.134713] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.134767] Write of size 1 at addr fff00000c47a5ad0 by task kunit_try_catch/158
[   18.134988] 
[   18.135201] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.135306] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.135467] Hardware name: linux,dummy-virt (DT)
[   18.135650] Call trace:
[   18.135729]  show_stack+0x20/0x38 (C)
[   18.135797]  dump_stack_lvl+0x8c/0xd0
[   18.136019]  print_report+0x118/0x608
[   18.136262]  kasan_report+0xdc/0x128
[   18.136373]  __asan_report_store1_noabort+0x20/0x30
[   18.136481]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.136609]  krealloc_less_oob+0x20/0x38
[   18.136662]  kunit_try_run_case+0x170/0x3f0
[   18.136714]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.136765]  kthread+0x328/0x630
[   18.136805]  ret_from_fork+0x10/0x20
[   18.136928] 
[   18.136948] Allocated by task 158:
[   18.136975]  kasan_save_stack+0x3c/0x68
[   18.137016]  kasan_save_track+0x20/0x40
[   18.137052]  kasan_save_alloc_info+0x40/0x58
[   18.137090]  __kasan_krealloc+0x118/0x178
[   18.137135]  krealloc_noprof+0x128/0x360
[   18.137171]  krealloc_less_oob_helper+0x168/0xc50
[   18.137208]  krealloc_less_oob+0x20/0x38
[   18.137258]  kunit_try_run_case+0x170/0x3f0
[   18.137294]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.137335]  kthread+0x328/0x630
[   18.137376]  ret_from_fork+0x10/0x20
[   18.137420] 
[   18.137438] The buggy address belongs to the object at fff00000c47a5a00
[   18.137438]  which belongs to the cache kmalloc-256 of size 256
[   18.137500] The buggy address is located 7 bytes to the right of
[   18.137500]  allocated 201-byte region [fff00000c47a5a00, fff00000c47a5ac9)
[   18.137560] 
[   18.137594] The buggy address belongs to the physical page:
[   18.137623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.137672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.137716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.137764] page_type: f5(slab)
[   18.137814] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.138182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.138466] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.138979] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.139130] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.139243] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.139293] page dumped because: kasan: bad access detected
[   18.139323] 
[   18.139341] Memory state around the buggy address:
[   18.139539]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.139702]  fff00000c47a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.139851] >fff00000c47a5a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.139955]                                                  ^
[   18.140033]  fff00000c47a5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.140150]  fff00000c47a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.140231] ==================================================================
[   18.205424] ==================================================================
[   18.205623] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.205813] Write of size 1 at addr fff00000c78460d0 by task kunit_try_catch/162
[   18.205881] 
[   18.205910] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.206184] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.206229] Hardware name: linux,dummy-virt (DT)
[   18.206381] Call trace:
[   18.206459]  show_stack+0x20/0x38 (C)
[   18.206517]  dump_stack_lvl+0x8c/0xd0
[   18.206571]  print_report+0x118/0x608
[   18.206617]  kasan_report+0xdc/0x128
[   18.206661]  __asan_report_store1_noabort+0x20/0x30
[   18.206708]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.206896]  krealloc_large_less_oob+0x20/0x38
[   18.207109]  kunit_try_run_case+0x170/0x3f0
[   18.207292]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.207422]  kthread+0x328/0x630
[   18.207602]  ret_from_fork+0x10/0x20
[   18.208087] 
[   18.208193] The buggy address belongs to the physical page:
[   18.208225] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.208741] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.208959] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.209110] page_type: f8(unknown)
[   18.209190] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.209287] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.209523] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.209584] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.209631] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.209687] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.209736] page dumped because: kasan: bad access detected
[   18.209766] 
[   18.209783] Memory state around the buggy address:
[   18.209822]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.209884]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.209925] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.209981]                                                  ^
[   18.210019]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.210061]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.210098] ==================================================================
[   18.126214] ==================================================================
[   18.126275] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.126326] Write of size 1 at addr fff00000c47a5ac9 by task kunit_try_catch/158
[   18.126375] 
[   18.126405] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.126560] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.126601] Hardware name: linux,dummy-virt (DT)
[   18.126631] Call trace:
[   18.126652]  show_stack+0x20/0x38 (C)
[   18.126700]  dump_stack_lvl+0x8c/0xd0
[   18.126745]  print_report+0x118/0x608
[   18.127069]  kasan_report+0xdc/0x128
[   18.127145]  __asan_report_store1_noabort+0x20/0x30
[   18.127232]  krealloc_less_oob_helper+0xa48/0xc50
[   18.127319]  krealloc_less_oob+0x20/0x38
[   18.127405]  kunit_try_run_case+0x170/0x3f0
[   18.127503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.127666]  kthread+0x328/0x630
[   18.127738]  ret_from_fork+0x10/0x20
[   18.127838] 
[   18.127909] Allocated by task 158:
[   18.127978]  kasan_save_stack+0x3c/0x68
[   18.128035]  kasan_save_track+0x20/0x40
[   18.128071]  kasan_save_alloc_info+0x40/0x58
[   18.128355]  __kasan_krealloc+0x118/0x178
[   18.128715]  krealloc_noprof+0x128/0x360
[   18.128777]  krealloc_less_oob_helper+0x168/0xc50
[   18.128851]  krealloc_less_oob+0x20/0x38
[   18.128942]  kunit_try_run_case+0x170/0x3f0
[   18.129004]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.129146]  kthread+0x328/0x630
[   18.129637]  ret_from_fork+0x10/0x20
[   18.129706] 
[   18.129754] The buggy address belongs to the object at fff00000c47a5a00
[   18.129754]  which belongs to the cache kmalloc-256 of size 256
[   18.129838] The buggy address is located 0 bytes to the right of
[   18.129838]  allocated 201-byte region [fff00000c47a5a00, fff00000c47a5ac9)
[   18.129983] 
[   18.130003] The buggy address belongs to the physical page:
[   18.130063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.130405] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.130533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.130611] page_type: f5(slab)
[   18.130684] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.130887] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.131254] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.131361] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.131514] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.131628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.131668] page dumped because: kasan: bad access detected
[   18.131697] 
[   18.132148] Memory state around the buggy address:
[   18.132240]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.132288]  fff00000c47a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.132329] >fff00000c47a5a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.132364]                                               ^
[   18.132398]  fff00000c47a5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.132438]  fff00000c47a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.132606] ==================================================================
[   18.152813] ==================================================================
[   18.152906] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.152990] Write of size 1 at addr fff00000c47a5aea by task kunit_try_catch/158
[   18.153256] 
[   18.153301] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.153389] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.153533] Hardware name: linux,dummy-virt (DT)
[   18.153576] Call trace:
[   18.153597]  show_stack+0x20/0x38 (C)
[   18.153645]  dump_stack_lvl+0x8c/0xd0
[   18.153692]  print_report+0x118/0x608
[   18.153737]  kasan_report+0xdc/0x128
[   18.153797]  __asan_report_store1_noabort+0x20/0x30
[   18.153844]  krealloc_less_oob_helper+0xae4/0xc50
[   18.153904]  krealloc_less_oob+0x20/0x38
[   18.154119]  kunit_try_run_case+0x170/0x3f0
[   18.154365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.154466]  kthread+0x328/0x630
[   18.154509]  ret_from_fork+0x10/0x20
[   18.154564] 
[   18.154582] Allocated by task 158:
[   18.154844]  kasan_save_stack+0x3c/0x68
[   18.155029]  kasan_save_track+0x20/0x40
[   18.155121]  kasan_save_alloc_info+0x40/0x58
[   18.155244]  __kasan_krealloc+0x118/0x178
[   18.155284]  krealloc_noprof+0x128/0x360
[   18.155340]  krealloc_less_oob_helper+0x168/0xc50
[   18.155592]  krealloc_less_oob+0x20/0x38
[   18.155802]  kunit_try_run_case+0x170/0x3f0
[   18.155847]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.156279]  kthread+0x328/0x630
[   18.156405]  ret_from_fork+0x10/0x20
[   18.156555] 
[   18.156726] The buggy address belongs to the object at fff00000c47a5a00
[   18.156726]  which belongs to the cache kmalloc-256 of size 256
[   18.156824] The buggy address is located 33 bytes to the right of
[   18.156824]  allocated 201-byte region [fff00000c47a5a00, fff00000c47a5ac9)
[   18.157161] 
[   18.157479] The buggy address belongs to the physical page:
[   18.157539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.157688] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.157766] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.158242] page_type: f5(slab)
[   18.158317] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.158520] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.158739] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.158791] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.158979] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.159178] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.159263] page dumped because: kasan: bad access detected
[   18.159411] 
[   18.159437] Memory state around the buggy address:
[   18.159505]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.159966]  fff00000c47a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.160012] >fff00000c47a5a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.160050]                                                           ^
[   18.160088]  fff00000c47a5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.160129]  fff00000c47a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.160166] ==================================================================
[   18.212459] ==================================================================
[   18.212507] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.212925] Write of size 1 at addr fff00000c78460da by task kunit_try_catch/162
[   18.213036] 
[   18.213145] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.213225] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.213250] Hardware name: linux,dummy-virt (DT)
[   18.213320] Call trace:
[   18.213348]  show_stack+0x20/0x38 (C)
[   18.213421]  dump_stack_lvl+0x8c/0xd0
[   18.213750]  print_report+0x118/0x608
[   18.213810]  kasan_report+0xdc/0x128
[   18.213854]  __asan_report_store1_noabort+0x20/0x30
[   18.213963]  krealloc_less_oob_helper+0xa80/0xc50
[   18.214059]  krealloc_large_less_oob+0x20/0x38
[   18.214231]  kunit_try_run_case+0x170/0x3f0
[   18.214282]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.214499]  kthread+0x328/0x630
[   18.214548]  ret_from_fork+0x10/0x20
[   18.214602] 
[   18.214710] The buggy address belongs to the physical page:
[   18.214817] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.215111] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.215356] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.215555] page_type: f8(unknown)
[   18.215630] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.215834] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.216202] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.216321] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.216384] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.216576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.216799] page dumped because: kasan: bad access detected
[   18.216852] 
[   18.216970] Memory state around the buggy address:
[   18.217151]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.217273]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.217348] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.218399]                                                     ^
[   18.218730]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.219286]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.219361] ==================================================================
[   18.162027] ==================================================================
[   18.162110] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.162165] Write of size 1 at addr fff00000c47a5aeb by task kunit_try_catch/158
[   18.162232] 
[   18.162262] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.162340] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.162365] Hardware name: linux,dummy-virt (DT)
[   18.162533] Call trace:
[   18.162645]  show_stack+0x20/0x38 (C)
[   18.162813]  dump_stack_lvl+0x8c/0xd0
[   18.162874]  print_report+0x118/0x608
[   18.162920]  kasan_report+0xdc/0x128
[   18.163605]  __asan_report_store1_noabort+0x20/0x30
[   18.163754]  krealloc_less_oob_helper+0xa58/0xc50
[   18.163855]  krealloc_less_oob+0x20/0x38
[   18.163923]  kunit_try_run_case+0x170/0x3f0
[   18.163970]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.164031]  kthread+0x328/0x630
[   18.164072]  ret_from_fork+0x10/0x20
[   18.164118] 
[   18.164157] Allocated by task 158:
[   18.164192]  kasan_save_stack+0x3c/0x68
[   18.164246]  kasan_save_track+0x20/0x40
[   18.164286]  kasan_save_alloc_info+0x40/0x58
[   18.164325]  __kasan_krealloc+0x118/0x178
[   18.164362]  krealloc_noprof+0x128/0x360
[   18.164400]  krealloc_less_oob_helper+0x168/0xc50
[   18.164450]  krealloc_less_oob+0x20/0x38
[   18.164486]  kunit_try_run_case+0x170/0x3f0
[   18.164550]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.164592]  kthread+0x328/0x630
[   18.164625]  ret_from_fork+0x10/0x20
[   18.164671] 
[   18.164689] The buggy address belongs to the object at fff00000c47a5a00
[   18.164689]  which belongs to the cache kmalloc-256 of size 256
[   18.164753] The buggy address is located 34 bytes to the right of
[   18.164753]  allocated 201-byte region [fff00000c47a5a00, fff00000c47a5ac9)
[   18.164820] 
[   18.164840] The buggy address belongs to the physical page:
[   18.164893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.164956] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.165009] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.165073] page_type: f5(slab)
[   18.165114] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.165171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.165226] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.165273] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.165320] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.165365] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.165403] page dumped because: kasan: bad access detected
[   18.165432] 
[   18.165449] Memory state around the buggy address:
[   18.165478]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.165518]  fff00000c47a5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.165564] >fff00000c47a5a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.165600]                                                           ^
[   18.165636]  fff00000c47a5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.165686]  fff00000c47a5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.165722] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrWDq0bEi1EjtPufprycAKDeO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrWDq0bEi1EjtPufprycAKDeO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/Image.gz
sha256sum	c37d8937dcd7669a560694b12aa880cb8a3fca13f19914a1dd4b319a7759a1c4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/modules.tar.xz
sha256sum	54680ff2ac79b5b7aaf875ee8ccdcad9cb40402efd743a3b1747b89f302da86f

durations

tests

boot	0
kunit	171.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.458308] ==================================================================
[   11.458580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.459070] Write of size 1 at addr ffff888102a2a0d0 by task kunit_try_catch/180
[   11.459570] 
[   11.459661] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.459702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.459714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.459733] Call Trace:
[   11.459747]  <TASK>
[   11.459761]  dump_stack_lvl+0x73/0xb0
[   11.459800]  print_report+0xd1/0x650
[   11.459822]  ? __virt_addr_valid+0x1db/0x2d0
[   11.459844]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.459879]  ? kasan_addr_to_slab+0x11/0xa0
[   11.459899]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.459923]  kasan_report+0x141/0x180
[   11.459956]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.459984]  __asan_report_store1_noabort+0x1b/0x30
[   11.460004]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.460040]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.460066]  ? __kasan_check_write+0x18/0x20
[   11.460085]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.460106]  ? irqentry_exit+0x2a/0x60
[   11.460127]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.460151]  ? trace_hardirqs_on+0x37/0xe0
[   11.460173]  ? __pfx_read_tsc+0x10/0x10
[   11.460197]  krealloc_large_less_oob+0x1c/0x30
[   11.460219]  kunit_try_run_case+0x1a5/0x480
[   11.460243]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.460266]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.460288]  ? __kthread_parkme+0x82/0x180
[   11.460308]  ? preempt_count_sub+0x50/0x80
[   11.460331]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.460364]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.460387]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.460409]  kthread+0x337/0x6f0
[   11.460439]  ? trace_preempt_on+0x20/0xc0
[   11.460469]  ? __pfx_kthread+0x10/0x10
[   11.460490]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.460510]  ? calculate_sigpending+0x7b/0xa0
[   11.460541]  ? __pfx_kthread+0x10/0x10
[   11.460562]  ret_from_fork+0x116/0x1d0
[   11.460580]  ? __pfx_kthread+0x10/0x10
[   11.460600]  ret_from_fork_asm+0x1a/0x30
[   11.460641]  </TASK>
[   11.460652] 
[   11.468640] The buggy address belongs to the physical page:
[   11.469070] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28
[   11.469837] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.470541] flags: 0x200000000000040(head|node=0|zone=2)
[   11.471262] page_type: f8(unknown)
[   11.471521] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.471986] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.472404] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.472868] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.473285] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff
[   11.473718] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.474134] page dumped because: kasan: bad access detected
[   11.474476] 
[   11.474580] Memory state around the buggy address:
[   11.474986]  ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.475398]  ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.475861] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.476175]                                                  ^
[   11.476517]  ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.476901]  ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.477249] ==================================================================
[   11.516382] ==================================================================
[   11.516923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.517163] Write of size 1 at addr ffff888102a2a0eb by task kunit_try_catch/180
[   11.517385] 
[   11.517482] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.517523] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.517535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.517555] Call Trace:
[   11.517568]  <TASK>
[   11.517582]  dump_stack_lvl+0x73/0xb0
[   11.517607]  print_report+0xd1/0x650
[   11.517628]  ? __virt_addr_valid+0x1db/0x2d0
[   11.517650]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.517694]  ? kasan_addr_to_slab+0x11/0xa0
[   11.517714]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.517737]  kasan_report+0x141/0x180
[   11.517758]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.517786]  __asan_report_store1_noabort+0x1b/0x30
[   11.517806]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.517831]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.517855]  ? __kasan_check_write+0x18/0x20
[   11.517893]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.517914]  ? irqentry_exit+0x2a/0x60
[   11.517934]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.517956]  ? trace_hardirqs_on+0x37/0xe0
[   11.517978]  ? __pfx_read_tsc+0x10/0x10
[   11.518001]  krealloc_large_less_oob+0x1c/0x30
[   11.518022]  kunit_try_run_case+0x1a5/0x480
[   11.518045]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.518086]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.518107]  ? __kthread_parkme+0x82/0x180
[   11.518127]  ? preempt_count_sub+0x50/0x80
[   11.518166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.518189]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.518210]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.518232]  kthread+0x337/0x6f0
[   11.518251]  ? trace_preempt_on+0x20/0xc0
[   11.518271]  ? __pfx_kthread+0x10/0x10
[   11.518291]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.518328]  ? calculate_sigpending+0x7b/0xa0
[   11.518350]  ? __pfx_kthread+0x10/0x10
[   11.518371]  ret_from_fork+0x116/0x1d0
[   11.518388]  ? __pfx_kthread+0x10/0x10
[   11.518408]  ret_from_fork_asm+0x1a/0x30
[   11.518437]  </TASK>
[   11.518448] 
[   11.526229] The buggy address belongs to the physical page:
[   11.526551] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28
[   11.527119] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.527489] flags: 0x200000000000040(head|node=0|zone=2)
[   11.527772] page_type: f8(unknown)
[   11.527935] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.528160] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.528443] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.528945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.529283] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff
[   11.529654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.529950] page dumped because: kasan: bad access detected
[   11.530238] 
[   11.530364] Memory state around the buggy address:
[   11.530619]  ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.530927]  ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.531249] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.531566]                                                           ^
[   11.531935]  ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.532140]  ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.532343] ==================================================================
[   11.270891] ==================================================================
[   11.271451] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.271807] Write of size 1 at addr ffff88810033e4d0 by task kunit_try_catch/176
[   11.272095] 
[   11.272252] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.272296] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.272308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.272328] Call Trace:
[   11.272340]  <TASK>
[   11.272355]  dump_stack_lvl+0x73/0xb0
[   11.272380]  print_report+0xd1/0x650
[   11.272401]  ? __virt_addr_valid+0x1db/0x2d0
[   11.272422]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.272444]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.272477]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.272499]  kasan_report+0x141/0x180
[   11.272521]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.272548]  __asan_report_store1_noabort+0x1b/0x30
[   11.272567]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.272592]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.272614]  ? finish_task_switch.isra.0+0x153/0x700
[   11.272635]  ? __switch_to+0x47/0xf50
[   11.272659]  ? __schedule+0x10cc/0x2b60
[   11.272679]  ? __pfx_read_tsc+0x10/0x10
[   11.272702]  krealloc_less_oob+0x1c/0x30
[   11.272723]  kunit_try_run_case+0x1a5/0x480
[   11.272746]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.272767]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.272789]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.272811]  ? __kthread_parkme+0x82/0x180
[   11.272830]  ? preempt_count_sub+0x50/0x80
[   11.272851]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.272874]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.272895]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.272917]  kthread+0x337/0x6f0
[   11.272935]  ? trace_preempt_on+0x20/0xc0
[   11.272957]  ? __pfx_kthread+0x10/0x10
[   11.272977]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.272997]  ? calculate_sigpending+0x7b/0xa0
[   11.273019]  ? __pfx_kthread+0x10/0x10
[   11.273040]  ret_from_fork+0x116/0x1d0
[   11.273057]  ? __pfx_kthread+0x10/0x10
[   11.273077]  ret_from_fork_asm+0x1a/0x30
[   11.273106]  </TASK>
[   11.273116] 
[   11.281218] Allocated by task 176:
[   11.281356]  kasan_save_stack+0x45/0x70
[   11.281546]  kasan_save_track+0x18/0x40
[   11.281797]  kasan_save_alloc_info+0x3b/0x50
[   11.282030]  __kasan_krealloc+0x190/0x1f0
[   11.282286]  krealloc_noprof+0xf3/0x340
[   11.282476]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.282660]  krealloc_less_oob+0x1c/0x30
[   11.282858]  kunit_try_run_case+0x1a5/0x480
[   11.283046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.283438]  kthread+0x337/0x6f0
[   11.283621]  ret_from_fork+0x116/0x1d0
[   11.283842]  ret_from_fork_asm+0x1a/0x30
[   11.284027] 
[   11.284127] The buggy address belongs to the object at ffff88810033e400
[   11.284127]  which belongs to the cache kmalloc-256 of size 256
[   11.284677] The buggy address is located 7 bytes to the right of
[   11.284677]  allocated 201-byte region [ffff88810033e400, ffff88810033e4c9)
[   11.285170] 
[   11.285349] The buggy address belongs to the physical page:
[   11.285609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.285983] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.286368] flags: 0x200000000000040(head|node=0|zone=2)
[   11.286579] page_type: f5(slab)
[   11.286702] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.286932] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.287163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.287548] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.288223] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.288578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.288931] page dumped because: kasan: bad access detected
[   11.289135] 
[   11.289361] Memory state around the buggy address:
[   11.289620]  ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.289987]  ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.290227] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.290438]                                                  ^
[   11.290715]  ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.291170]  ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.291560] ==================================================================
[   11.292134] ==================================================================
[   11.292513] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.292984] Write of size 1 at addr ffff88810033e4da by task kunit_try_catch/176
[   11.293371] 
[   11.293490] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.293531] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.293543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.293563] Call Trace:
[   11.293575]  <TASK>
[   11.293590]  dump_stack_lvl+0x73/0xb0
[   11.293616]  print_report+0xd1/0x650
[   11.293637]  ? __virt_addr_valid+0x1db/0x2d0
[   11.293658]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.293680]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.293701]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.293724]  kasan_report+0x141/0x180
[   11.293745]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.293772]  __asan_report_store1_noabort+0x1b/0x30
[   11.293792]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.293816]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.293839]  ? finish_task_switch.isra.0+0x153/0x700
[   11.293860]  ? __switch_to+0x47/0xf50
[   11.293884]  ? __schedule+0x10cc/0x2b60
[   11.293905]  ? __pfx_read_tsc+0x10/0x10
[   11.293927]  krealloc_less_oob+0x1c/0x30
[   11.293948]  kunit_try_run_case+0x1a5/0x480
[   11.293970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.293991]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.294013]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.294035]  ? __kthread_parkme+0x82/0x180
[   11.294053]  ? preempt_count_sub+0x50/0x80
[   11.294075]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294097]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.294119]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.294140]  kthread+0x337/0x6f0
[   11.294159]  ? trace_preempt_on+0x20/0xc0
[   11.294180]  ? __pfx_kthread+0x10/0x10
[   11.294200]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.294220]  ? calculate_sigpending+0x7b/0xa0
[   11.294242]  ? __pfx_kthread+0x10/0x10
[   11.294262]  ret_from_fork+0x116/0x1d0
[   11.294280]  ? __pfx_kthread+0x10/0x10
[   11.294299]  ret_from_fork_asm+0x1a/0x30
[   11.294328]  </TASK>
[   11.294338] 
[   11.302304] Allocated by task 176:
[   11.302966]  kasan_save_stack+0x45/0x70
[   11.303558]  kasan_save_track+0x18/0x40
[   11.304196]  kasan_save_alloc_info+0x3b/0x50
[   11.304800]  __kasan_krealloc+0x190/0x1f0
[   11.305048]  krealloc_noprof+0xf3/0x340
[   11.305433]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.306027]  krealloc_less_oob+0x1c/0x30
[   11.306800]  kunit_try_run_case+0x1a5/0x480
[   11.307057]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.307586]  kthread+0x337/0x6f0
[   11.308134]  ret_from_fork+0x116/0x1d0
[   11.308878]  ret_from_fork_asm+0x1a/0x30
[   11.309341] 
[   11.309439] The buggy address belongs to the object at ffff88810033e400
[   11.309439]  which belongs to the cache kmalloc-256 of size 256
[   11.310384] The buggy address is located 17 bytes to the right of
[   11.310384]  allocated 201-byte region [ffff88810033e400, ffff88810033e4c9)
[   11.312013] 
[   11.312414] The buggy address belongs to the physical page:
[   11.313038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.313313] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.314210] flags: 0x200000000000040(head|node=0|zone=2)
[   11.314709] page_type: f5(slab)
[   11.315079] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.315615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.316380] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.316888] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.317123] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.317807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.318565] page dumped because: kasan: bad access detected
[   11.319076] 
[   11.319279] Memory state around the buggy address:
[   11.319824]  ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.320544]  ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.321094] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.321681]                                                     ^
[   11.322304]  ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.322938]  ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.323488] ==================================================================
[   11.241135] ==================================================================
[   11.241878] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.242591] Write of size 1 at addr ffff88810033e4c9 by task kunit_try_catch/176
[   11.243314] 
[   11.243480] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.243525] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.243537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.243558] Call Trace:
[   11.243571]  <TASK>
[   11.243586]  dump_stack_lvl+0x73/0xb0
[   11.243613]  print_report+0xd1/0x650
[   11.243635]  ? __virt_addr_valid+0x1db/0x2d0
[   11.243656]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.243678]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.243699]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.243722]  kasan_report+0x141/0x180
[   11.243743]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.243770]  __asan_report_store1_noabort+0x1b/0x30
[   11.243789]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.243814]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.243837]  ? finish_task_switch.isra.0+0x153/0x700
[   11.243857]  ? __switch_to+0x47/0xf50
[   11.243882]  ? __schedule+0x10cc/0x2b60
[   11.243903]  ? __pfx_read_tsc+0x10/0x10
[   11.243926]  krealloc_less_oob+0x1c/0x30
[   11.243946]  kunit_try_run_case+0x1a5/0x480
[   11.243969]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.243990]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.244011]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.244033]  ? __kthread_parkme+0x82/0x180
[   11.244053]  ? preempt_count_sub+0x50/0x80
[   11.244075]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.244097]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.244118]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.244140]  kthread+0x337/0x6f0
[   11.244158]  ? trace_preempt_on+0x20/0xc0
[   11.244180]  ? __pfx_kthread+0x10/0x10
[   11.244200]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.244220]  ? calculate_sigpending+0x7b/0xa0
[   11.244242]  ? __pfx_kthread+0x10/0x10
[   11.244262]  ret_from_fork+0x116/0x1d0
[   11.244279]  ? __pfx_kthread+0x10/0x10
[   11.244299]  ret_from_fork_asm+0x1a/0x30
[   11.244328]  </TASK>
[   11.244339] 
[   11.257730] Allocated by task 176:
[   11.258098]  kasan_save_stack+0x45/0x70
[   11.258536]  kasan_save_track+0x18/0x40
[   11.258928]  kasan_save_alloc_info+0x3b/0x50
[   11.259111]  __kasan_krealloc+0x190/0x1f0
[   11.259302]  krealloc_noprof+0xf3/0x340
[   11.259672]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.260153]  krealloc_less_oob+0x1c/0x30
[   11.260568]  kunit_try_run_case+0x1a5/0x480
[   11.260955]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.261165]  kthread+0x337/0x6f0
[   11.261710]  ret_from_fork+0x116/0x1d0
[   11.262090]  ret_from_fork_asm+0x1a/0x30
[   11.262503] 
[   11.262630] The buggy address belongs to the object at ffff88810033e400
[   11.262630]  which belongs to the cache kmalloc-256 of size 256
[   11.263027] The buggy address is located 0 bytes to the right of
[   11.263027]  allocated 201-byte region [ffff88810033e400, ffff88810033e4c9)
[   11.263506] 
[   11.263611] The buggy address belongs to the physical page:
[   11.263988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.264320] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.264668] flags: 0x200000000000040(head|node=0|zone=2)
[   11.264940] page_type: f5(slab)
[   11.265101] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.265601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.265868] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.266394] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.266738] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.267030] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.267318] page dumped because: kasan: bad access detected
[   11.267626] 
[   11.267722] Memory state around the buggy address:
[   11.267952]  ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.268227]  ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.268544] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.268807]                                               ^
[   11.269124]  ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.269506]  ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.269876] ==================================================================
[   11.477822] ==================================================================
[   11.478088] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.479023] Write of size 1 at addr ffff888102a2a0da by task kunit_try_catch/180
[   11.479266] 
[   11.479359] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.479401] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.479414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.479435] Call Trace:
[   11.479463]  <TASK>
[   11.479479]  dump_stack_lvl+0x73/0xb0
[   11.479508]  print_report+0xd1/0x650
[   11.479529]  ? __virt_addr_valid+0x1db/0x2d0
[   11.479550]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.479572]  ? kasan_addr_to_slab+0x11/0xa0
[   11.479592]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.479614]  kasan_report+0x141/0x180
[   11.479635]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.479685]  __asan_report_store1_noabort+0x1b/0x30
[   11.479706]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.479731]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.479756]  ? __kasan_check_write+0x18/0x20
[   11.479774]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.479795]  ? irqentry_exit+0x2a/0x60
[   11.479815]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.479838]  ? trace_hardirqs_on+0x37/0xe0
[   11.479860]  ? __pfx_read_tsc+0x10/0x10
[   11.479883]  krealloc_large_less_oob+0x1c/0x30
[   11.479904]  kunit_try_run_case+0x1a5/0x480
[   11.479928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.479951]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.479973]  ? __kthread_parkme+0x82/0x180
[   11.479992]  ? preempt_count_sub+0x50/0x80
[   11.480014]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.480036]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.480058]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.480079]  kthread+0x337/0x6f0
[   11.480098]  ? trace_preempt_on+0x20/0xc0
[   11.480118]  ? __pfx_kthread+0x10/0x10
[   11.480138]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.480157]  ? calculate_sigpending+0x7b/0xa0
[   11.480179]  ? __pfx_kthread+0x10/0x10
[   11.480200]  ret_from_fork+0x116/0x1d0
[   11.480217]  ? __pfx_kthread+0x10/0x10
[   11.480237]  ret_from_fork_asm+0x1a/0x30
[   11.480266]  </TASK>
[   11.480277] 
[   11.488415] The buggy address belongs to the physical page:
[   11.488621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28
[   11.488903] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.489406] flags: 0x200000000000040(head|node=0|zone=2)
[   11.489893] page_type: f8(unknown)
[   11.490217] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.491186] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.491619] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.492632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.493358] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff
[   11.494035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.494280] page dumped because: kasan: bad access detected
[   11.494466] 
[   11.494541] Memory state around the buggy address:
[   11.494773]  ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.495361]  ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.495979] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.496575]                                                     ^
[   11.497206]  ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.497906]  ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.498529] ==================================================================
[   11.499156] ==================================================================
[   11.499391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.500080] Write of size 1 at addr ffff888102a2a0ea by task kunit_try_catch/180
[   11.500580] 
[   11.500694] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.500733] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.500746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.500766] Call Trace:
[   11.500781]  <TASK>
[   11.500796]  dump_stack_lvl+0x73/0xb0
[   11.500823]  print_report+0xd1/0x650
[   11.500844]  ? __virt_addr_valid+0x1db/0x2d0
[   11.500865]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.500887]  ? kasan_addr_to_slab+0x11/0xa0
[   11.500907]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.500930]  kasan_report+0x141/0x180
[   11.500951]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.500979]  __asan_report_store1_noabort+0x1b/0x30
[   11.500999]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.501024]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.501049]  ? __kasan_check_write+0x18/0x20
[   11.501068]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.501089]  ? irqentry_exit+0x2a/0x60
[   11.501110]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.501133]  ? trace_hardirqs_on+0x37/0xe0
[   11.501154]  ? __pfx_read_tsc+0x10/0x10
[   11.501177]  krealloc_large_less_oob+0x1c/0x30
[   11.501199]  kunit_try_run_case+0x1a5/0x480
[   11.501222]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.501245]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.501301]  ? __kthread_parkme+0x82/0x180
[   11.501323]  ? preempt_count_sub+0x50/0x80
[   11.501346]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.501368]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.501396]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.501418]  kthread+0x337/0x6f0
[   11.501437]  ? trace_preempt_on+0x20/0xc0
[   11.501476]  ? __pfx_kthread+0x10/0x10
[   11.501496]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.501517]  ? calculate_sigpending+0x7b/0xa0
[   11.501540]  ? __pfx_kthread+0x10/0x10
[   11.501560]  ret_from_fork+0x116/0x1d0
[   11.501578]  ? __pfx_kthread+0x10/0x10
[   11.501597]  ret_from_fork_asm+0x1a/0x30
[   11.501627]  </TASK>
[   11.501638] 
[   11.509797] The buggy address belongs to the physical page:
[   11.510047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28
[   11.510375] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.510705] flags: 0x200000000000040(head|node=0|zone=2)
[   11.510919] page_type: f8(unknown)
[   11.511093] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.511431] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.511787] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.512074] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.512607] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff
[   11.512941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.513279] page dumped because: kasan: bad access detected
[   11.513513] 
[   11.513584] Memory state around the buggy address:
[   11.513839]  ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.514152]  ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.514387] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.514741]                                                           ^
[   11.515049]  ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.515379]  ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.515694] ==================================================================
[   11.324118] ==================================================================
[   11.324527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.325284] Write of size 1 at addr ffff88810033e4ea by task kunit_try_catch/176
[   11.325887] 
[   11.326068] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.326122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.326133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.326153] Call Trace:
[   11.326170]  <TASK>
[   11.326187]  dump_stack_lvl+0x73/0xb0
[   11.326214]  print_report+0xd1/0x650
[   11.326235]  ? __virt_addr_valid+0x1db/0x2d0
[   11.326256]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.326288]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.326309]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.326332]  kasan_report+0x141/0x180
[   11.326364]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.326391]  __asan_report_store1_noabort+0x1b/0x30
[   11.326410]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.326435]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.326466]  ? finish_task_switch.isra.0+0x153/0x700
[   11.326486]  ? __switch_to+0x47/0xf50
[   11.326510]  ? __schedule+0x10cc/0x2b60
[   11.326531]  ? __pfx_read_tsc+0x10/0x10
[   11.326554]  krealloc_less_oob+0x1c/0x30
[   11.326575]  kunit_try_run_case+0x1a5/0x480
[   11.326597]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.326618]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.326640]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.326671]  ? __kthread_parkme+0x82/0x180
[   11.326691]  ? preempt_count_sub+0x50/0x80
[   11.326713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.326745]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.326767]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.326789]  kthread+0x337/0x6f0
[   11.326807]  ? trace_preempt_on+0x20/0xc0
[   11.326829]  ? __pfx_kthread+0x10/0x10
[   11.326848]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.326868]  ? calculate_sigpending+0x7b/0xa0
[   11.326890]  ? __pfx_kthread+0x10/0x10
[   11.326911]  ret_from_fork+0x116/0x1d0
[   11.326928]  ? __pfx_kthread+0x10/0x10
[   11.326947]  ret_from_fork_asm+0x1a/0x30
[   11.326977]  </TASK>
[   11.326988] 
[   11.341230] Allocated by task 176:
[   11.341660]  kasan_save_stack+0x45/0x70
[   11.342067]  kasan_save_track+0x18/0x40
[   11.342633]  kasan_save_alloc_info+0x3b/0x50
[   11.342835]  __kasan_krealloc+0x190/0x1f0
[   11.343507]  krealloc_noprof+0xf3/0x340
[   11.343915]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.344372]  krealloc_less_oob+0x1c/0x30
[   11.344532]  kunit_try_run_case+0x1a5/0x480
[   11.344690]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.345260]  kthread+0x337/0x6f0
[   11.345675]  ret_from_fork+0x116/0x1d0
[   11.346035]  ret_from_fork_asm+0x1a/0x30
[   11.346443] 
[   11.346703] The buggy address belongs to the object at ffff88810033e400
[   11.346703]  which belongs to the cache kmalloc-256 of size 256
[   11.347757] The buggy address is located 33 bytes to the right of
[   11.347757]  allocated 201-byte region [ffff88810033e400, ffff88810033e4c9)
[   11.348575] 
[   11.348654] The buggy address belongs to the physical page:
[   11.349171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.349920] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.350150] flags: 0x200000000000040(head|node=0|zone=2)
[   11.350369] page_type: f5(slab)
[   11.350745] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.351531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.352279] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.353157] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.353706] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.354425] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.354933] page dumped because: kasan: bad access detected
[   11.355349] 
[   11.355424] Memory state around the buggy address:
[   11.355593]  ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.355868]  ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.356611] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.357355]                                                           ^
[   11.358150]  ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.358875]  ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.359516] ==================================================================
[   11.441545] ==================================================================
[   11.442066] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.442475] Write of size 1 at addr ffff888102a2a0c9 by task kunit_try_catch/180
[   11.442837] 
[   11.442972] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.443027] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.443048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.443070] Call Trace:
[   11.443084]  <TASK>
[   11.443100]  dump_stack_lvl+0x73/0xb0
[   11.443137]  print_report+0xd1/0x650
[   11.443159]  ? __virt_addr_valid+0x1db/0x2d0
[   11.443180]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.443203]  ? kasan_addr_to_slab+0x11/0xa0
[   11.443223]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.443246]  kasan_report+0x141/0x180
[   11.443268]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.443304]  __asan_report_store1_noabort+0x1b/0x30
[   11.443324]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.443349]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.443385]  ? __kasan_check_write+0x18/0x20
[   11.443403]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.443424]  ? irqentry_exit+0x2a/0x60
[   11.443447]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.443478]  ? trace_hardirqs_on+0x37/0xe0
[   11.443500]  ? __pfx_read_tsc+0x10/0x10
[   11.443524]  krealloc_large_less_oob+0x1c/0x30
[   11.443554]  kunit_try_run_case+0x1a5/0x480
[   11.443579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.443612]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.443635]  ? __kthread_parkme+0x82/0x180
[   11.443654]  ? preempt_count_sub+0x50/0x80
[   11.443677]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.443700]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.443722]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.443753]  kthread+0x337/0x6f0
[   11.443772]  ? trace_preempt_on+0x20/0xc0
[   11.443794]  ? __pfx_kthread+0x10/0x10
[   11.443825]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.443847]  ? calculate_sigpending+0x7b/0xa0
[   11.443870]  ? __pfx_kthread+0x10/0x10
[   11.443893]  ret_from_fork+0x116/0x1d0
[   11.443911]  ? __pfx_kthread+0x10/0x10
[   11.443931]  ret_from_fork_asm+0x1a/0x30
[   11.443961]  </TASK>
[   11.443972] 
[   11.452034] The buggy address belongs to the physical page:
[   11.452306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28
[   11.452569] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.453057] flags: 0x200000000000040(head|node=0|zone=2)
[   11.453284] page_type: f8(unknown)
[   11.453477] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.453824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.454089] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.454464] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.454775] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff
[   11.455102] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.455330] page dumped because: kasan: bad access detected
[   11.455518] 
[   11.455610] Memory state around the buggy address:
[   11.455848]  ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.456174]  ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.456500] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.456870]                                               ^
[   11.457049]  ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.457324]  ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.457685] ==================================================================
[   11.360065] ==================================================================
[   11.360800] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.361418] Write of size 1 at addr ffff88810033e4eb by task kunit_try_catch/176
[   11.362141] 
[   11.362247] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.362290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.362301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.362328] Call Trace:
[   11.362344]  <TASK>
[   11.362360]  dump_stack_lvl+0x73/0xb0
[   11.362387]  print_report+0xd1/0x650
[   11.362408]  ? __virt_addr_valid+0x1db/0x2d0
[   11.362429]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362460]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.362482]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362504]  kasan_report+0x141/0x180
[   11.362525]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362562]  __asan_report_store1_noabort+0x1b/0x30
[   11.362582]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.362606]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.362629]  ? finish_task_switch.isra.0+0x153/0x700
[   11.362649]  ? __switch_to+0x47/0xf50
[   11.362673]  ? __schedule+0x10cc/0x2b60
[   11.362694]  ? __pfx_read_tsc+0x10/0x10
[   11.362717]  krealloc_less_oob+0x1c/0x30
[   11.362737]  kunit_try_run_case+0x1a5/0x480
[   11.362760]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.362781]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.362803]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.362826]  ? __kthread_parkme+0x82/0x180
[   11.362844]  ? preempt_count_sub+0x50/0x80
[   11.362866]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.362888]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.362909]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.362931]  kthread+0x337/0x6f0
[   11.362949]  ? trace_preempt_on+0x20/0xc0
[   11.362971]  ? __pfx_kthread+0x10/0x10
[   11.362991]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.363011]  ? calculate_sigpending+0x7b/0xa0
[   11.363033]  ? __pfx_kthread+0x10/0x10
[   11.363054]  ret_from_fork+0x116/0x1d0
[   11.363071]  ? __pfx_kthread+0x10/0x10
[   11.363090]  ret_from_fork_asm+0x1a/0x30
[   11.363120]  </TASK>
[   11.363130] 
[   11.377265] Allocated by task 176:
[   11.377685]  kasan_save_stack+0x45/0x70
[   11.378115]  kasan_save_track+0x18/0x40
[   11.378449]  kasan_save_alloc_info+0x3b/0x50
[   11.378870]  __kasan_krealloc+0x190/0x1f0
[   11.379013]  krealloc_noprof+0xf3/0x340
[   11.379148]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.379353]  krealloc_less_oob+0x1c/0x30
[   11.379794]  kunit_try_run_case+0x1a5/0x480
[   11.380234]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.381059]  kthread+0x337/0x6f0
[   11.381483]  ret_from_fork+0x116/0x1d0
[   11.381887]  ret_from_fork_asm+0x1a/0x30
[   11.382281] 
[   11.382558] The buggy address belongs to the object at ffff88810033e400
[   11.382558]  which belongs to the cache kmalloc-256 of size 256
[   11.383240] The buggy address is located 34 bytes to the right of
[   11.383240]  allocated 201-byte region [ffff88810033e400, ffff88810033e4c9)
[   11.384467] 
[   11.384673] The buggy address belongs to the physical page:
[   11.384971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.385770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.386262] flags: 0x200000000000040(head|node=0|zone=2)
[   11.386833] page_type: f5(slab)
[   11.386972] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.387769] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.388003] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.388347] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.389104] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.389927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.390986] page dumped because: kasan: bad access detected
[   11.391363] 
[   11.391439] Memory state around the buggy address:
[   11.391611]  ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.392169]  ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.392918] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.393574]                                                           ^
[   11.394197]  ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.394796]  ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.395099] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrX3orQWFDB1hBYGYI2ScAyiH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrX3orQWFDB1hBYGYI2ScAyiH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/bzImage
sha256sum	4a2ec3783c3fcf44f65d4d40ee2c81be96bf4d87b6db1ab01308c5fbd0723b99

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/modules.tar.xz
sha256sum	9f0760e2bc35f8a8e1fdf686c304d05bf0ea231e498a0100efa46359e97d8474

durations

tests

boot	0
kunit	205.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit