lkft/sashal-linus-next - v6.13-rc7-43420-g0bb7ecc6c892 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 9, 2025, 12:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.436582] ==================================================================
[   19.436635] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.436685] Write of size 1 at addr fff00000c46e02da by task kunit_try_catch/159
[   19.436738] 
[   19.436845] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.436927] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.438412] Hardware name: linux,dummy-virt (DT)
[   19.438471] Call trace:
[   19.438512]  show_stack+0x20/0x38 (C)
[   19.438568]  dump_stack_lvl+0x8c/0xd0
[   19.438614]  print_report+0x118/0x608
[   19.438666]  kasan_report+0xdc/0x128
[   19.438905]  __asan_report_store1_noabort+0x20/0x30
[   19.439165]  krealloc_less_oob_helper+0xa80/0xc50
[   19.439261]  krealloc_less_oob+0x20/0x38
[   19.439306]  kunit_try_run_case+0x170/0x3f0
[   19.439361]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.439451]  kthread+0x328/0x630
[   19.439493]  ret_from_fork+0x10/0x20
[   19.439661] 
[   19.439680] Allocated by task 159:
[   19.439718]  kasan_save_stack+0x3c/0x68
[   19.439760]  kasan_save_track+0x20/0x40
[   19.439797]  kasan_save_alloc_info+0x40/0x58
[   19.439837]  __kasan_krealloc+0x118/0x178
[   19.440172]  krealloc_noprof+0x128/0x360
[   19.440228]  krealloc_less_oob_helper+0x168/0xc50
[   19.441131]  krealloc_less_oob+0x20/0x38
[   19.441415]  kunit_try_run_case+0x170/0x3f0
[   19.441585]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.441648]  kthread+0x328/0x630
[   19.441892]  ret_from_fork+0x10/0x20
[   19.442153] 
[   19.442208] The buggy address belongs to the object at fff00000c46e0200
[   19.442208]  which belongs to the cache kmalloc-256 of size 256
[   19.442280] The buggy address is located 17 bytes to the right of
[   19.442280]  allocated 201-byte region [fff00000c46e0200, fff00000c46e02c9)
[   19.442708] 
[   19.442733] The buggy address belongs to the physical page:
[   19.442979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.443310] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.443645] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.443844] page_type: f5(slab)
[   19.444197] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.444271] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.444321] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.444370] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.444511] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.444700] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.444794] page dumped because: kasan: bad access detected
[   19.444847] 
[   19.444865] Memory state around the buggy address:
[   19.444897]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.444941]  fff00000c46e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.444983] >fff00000c46e0280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.445023]                                                     ^
[   19.445059]  fff00000c46e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.445164]  fff00000c46e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.445313] ==================================================================
[   19.527005] ==================================================================
[   19.527106] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.527159] Write of size 1 at addr fff00000c76ba0d0 by task kunit_try_catch/163
[   19.527208] 
[   19.527492] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.527930] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.528245] Hardware name: linux,dummy-virt (DT)
[   19.528387] Call trace:
[   19.528421]  show_stack+0x20/0x38 (C)
[   19.528476]  dump_stack_lvl+0x8c/0xd0
[   19.528728]  print_report+0x118/0x608
[   19.529030]  kasan_report+0xdc/0x128
[   19.529209]  __asan_report_store1_noabort+0x20/0x30
[   19.529316]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.529575]  krealloc_large_less_oob+0x20/0x38
[   19.529626]  kunit_try_run_case+0x170/0x3f0
[   19.530047]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.530494]  kthread+0x328/0x630
[   19.530732]  ret_from_fork+0x10/0x20
[   19.530950] 
[   19.530971] The buggy address belongs to the physical page:
[   19.531001] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.531385] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.531449] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.531502] page_type: f8(unknown)
[   19.531801] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.531865] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.532098] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.532357] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.532810] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.533234] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.533664] page dumped because: kasan: bad access detected
[   19.534307] 
[   19.534414] Memory state around the buggy address:
[   19.534448]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.535203]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.535915] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.536429]                                                  ^
[   19.536505]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.536922]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.537369] ==================================================================
[   19.459469] ==================================================================
[   19.459726] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.459779] Write of size 1 at addr fff00000c46e02eb by task kunit_try_catch/159
[   19.459827] 
[   19.459856] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.459935] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.459961] Hardware name: linux,dummy-virt (DT)
[   19.459991] Call trace:
[   19.460012]  show_stack+0x20/0x38 (C)
[   19.460115]  dump_stack_lvl+0x8c/0xd0
[   19.460177]  print_report+0x118/0x608
[   19.460223]  kasan_report+0xdc/0x128
[   19.460269]  __asan_report_store1_noabort+0x20/0x30
[   19.460321]  krealloc_less_oob_helper+0xa58/0xc50
[   19.460370]  krealloc_less_oob+0x20/0x38
[   19.460425]  kunit_try_run_case+0x170/0x3f0
[   19.460473]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.460525]  kthread+0x328/0x630
[   19.460567]  ret_from_fork+0x10/0x20
[   19.460614] 
[   19.460632] Allocated by task 159:
[   19.460659]  kasan_save_stack+0x3c/0x68
[   19.460726]  kasan_save_track+0x20/0x40
[   19.460763]  kasan_save_alloc_info+0x40/0x58
[   19.460818]  __kasan_krealloc+0x118/0x178
[   19.460901]  krealloc_noprof+0x128/0x360
[   19.461156]  krealloc_less_oob_helper+0x168/0xc50
[   19.461291]  krealloc_less_oob+0x20/0x38
[   19.461430]  kunit_try_run_case+0x170/0x3f0
[   19.461778]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.462129]  kthread+0x328/0x630
[   19.462444]  ret_from_fork+0x10/0x20
[   19.462546] 
[   19.462566] The buggy address belongs to the object at fff00000c46e0200
[   19.462566]  which belongs to the cache kmalloc-256 of size 256
[   19.463014] The buggy address is located 34 bytes to the right of
[   19.463014]  allocated 201-byte region [fff00000c46e0200, fff00000c46e02c9)
[   19.463305] 
[   19.463327] The buggy address belongs to the physical page:
[   19.463511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.463853] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.464154] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.464429] page_type: f5(slab)
[   19.464474] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.464909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.464976] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.465032] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.465280] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.465839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.466152] page dumped because: kasan: bad access detected
[   19.466210] 
[   19.466230] Memory state around the buggy address:
[   19.466322]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.466810]  fff00000c46e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.467054] >fff00000c46e0280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.467095]                                                           ^
[   19.467137]  fff00000c46e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.467650]  fff00000c46e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.468147] ==================================================================
[   19.423840] ==================================================================
[   19.423896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.424050] Write of size 1 at addr fff00000c46e02c9 by task kunit_try_catch/159
[   19.424160] 
[   19.424208] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.425604] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.425879] Hardware name: linux,dummy-virt (DT)
[   19.425980] Call trace:
[   19.426028]  show_stack+0x20/0x38 (C)
[   19.426099]  dump_stack_lvl+0x8c/0xd0
[   19.426145]  print_report+0x118/0x608
[   19.426192]  kasan_report+0xdc/0x128
[   19.426321]  __asan_report_store1_noabort+0x20/0x30
[   19.426412]  krealloc_less_oob_helper+0xa48/0xc50
[   19.426486]  krealloc_less_oob+0x20/0x38
[   19.426568]  kunit_try_run_case+0x170/0x3f0
[   19.426663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.426717]  kthread+0x328/0x630
[   19.426761]  ret_from_fork+0x10/0x20
[   19.426809] 
[   19.426827] Allocated by task 159:
[   19.426861]  kasan_save_stack+0x3c/0x68
[   19.426901]  kasan_save_track+0x20/0x40
[   19.426938]  kasan_save_alloc_info+0x40/0x58
[   19.427099]  __kasan_krealloc+0x118/0x178
[   19.427167]  krealloc_noprof+0x128/0x360
[   19.427223]  krealloc_less_oob_helper+0x168/0xc50
[   19.427269]  krealloc_less_oob+0x20/0x38
[   19.427305]  kunit_try_run_case+0x170/0x3f0
[   19.427342]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.427384]  kthread+0x328/0x630
[   19.427542]  ret_from_fork+0x10/0x20
[   19.427580] 
[   19.427606] The buggy address belongs to the object at fff00000c46e0200
[   19.427606]  which belongs to the cache kmalloc-256 of size 256
[   19.427677] The buggy address is located 0 bytes to the right of
[   19.427677]  allocated 201-byte region [fff00000c46e0200, fff00000c46e02c9)
[   19.427740] 
[   19.427765] The buggy address belongs to the physical page:
[   19.427796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.427852] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.427915] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.427965] page_type: f5(slab)
[   19.428002] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.428075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.428126] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.428174] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.428222] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.428270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.428310] page dumped because: kasan: bad access detected
[   19.428488] 
[   19.428511] Memory state around the buggy address:
[   19.428543]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.428585]  fff00000c46e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.428627] >fff00000c46e0280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.428664]                                               ^
[   19.428704]  fff00000c46e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.428745]  fff00000c46e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.428781] ==================================================================
[   19.578026] ==================================================================
[   19.578199] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.578774] Write of size 1 at addr fff00000c76ba0eb by task kunit_try_catch/163
[   19.579982] 
[   19.580074] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.580236] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.580272] Hardware name: linux,dummy-virt (DT)
[   19.580327] Call trace:
[   19.580875]  show_stack+0x20/0x38 (C)
[   19.581966]  dump_stack_lvl+0x8c/0xd0
[   19.582026]  print_report+0x118/0x608
[   19.582081]  kasan_report+0xdc/0x128
[   19.582127]  __asan_report_store1_noabort+0x20/0x30
[   19.582513]  krealloc_less_oob_helper+0xa58/0xc50
[   19.582650]  krealloc_large_less_oob+0x20/0x38
[   19.582699]  kunit_try_run_case+0x170/0x3f0
[   19.582750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.583865]  kthread+0x328/0x630
[   19.584811]  ret_from_fork+0x10/0x20
[   19.585633] 
[   19.585663] The buggy address belongs to the physical page:
[   19.586046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.586116] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.586530] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.587304] page_type: f8(unknown)
[   19.587593] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.588122] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.588622] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.588675] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.588724] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.588773] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.588812] page dumped because: kasan: bad access detected
[   19.588842] 
[   19.588861] Memory state around the buggy address:
[   19.590510]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.590973]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.591332] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.591483]                                                           ^
[   19.591886]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.592112]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.592153] ==================================================================
[   19.559352] ==================================================================
[   19.559528] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.559579] Write of size 1 at addr fff00000c76ba0ea by task kunit_try_catch/163
[   19.559628] 
[   19.559660] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.559739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.561180] Hardware name: linux,dummy-virt (DT)
[   19.561736] Call trace:
[   19.561878]  show_stack+0x20/0x38 (C)
[   19.562274]  dump_stack_lvl+0x8c/0xd0
[   19.562504]  print_report+0x118/0x608
[   19.562910]  kasan_report+0xdc/0x128
[   19.564438]  __asan_report_store1_noabort+0x20/0x30
[   19.564708]  krealloc_less_oob_helper+0xae4/0xc50
[   19.564923]  krealloc_large_less_oob+0x20/0x38
[   19.565981]  kunit_try_run_case+0x170/0x3f0
[   19.566109]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.566212]  kthread+0x328/0x630
[   19.566964]  ret_from_fork+0x10/0x20
[   19.567020] 
[   19.567041] The buggy address belongs to the physical page:
[   19.567078] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.567204] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.567384] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.567446] page_type: f8(unknown)
[   19.568186] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.568457] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.568600] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.568773] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.569498] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.569920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.570702] page dumped because: kasan: bad access detected
[   19.571190] 
[   19.571289] Memory state around the buggy address:
[   19.571421]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.571646]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.572174] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.572240]                                                           ^
[   19.572699]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.572849]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.573408] ==================================================================
[   19.519392] ==================================================================
[   19.519467] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.519522] Write of size 1 at addr fff00000c76ba0c9 by task kunit_try_catch/163
[   19.519571] 
[   19.519602] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.519681] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.519708] Hardware name: linux,dummy-virt (DT)
[   19.519737] Call trace:
[   19.519758]  show_stack+0x20/0x38 (C)
[   19.519807]  dump_stack_lvl+0x8c/0xd0
[   19.519852]  print_report+0x118/0x608
[   19.519898]  kasan_report+0xdc/0x128
[   19.519945]  __asan_report_store1_noabort+0x20/0x30
[   19.519995]  krealloc_less_oob_helper+0xa48/0xc50
[   19.520056]  krealloc_large_less_oob+0x20/0x38
[   19.520106]  kunit_try_run_case+0x170/0x3f0
[   19.520155]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.520207]  kthread+0x328/0x630
[   19.520248]  ret_from_fork+0x10/0x20
[   19.520295] 
[   19.520315] The buggy address belongs to the physical page:
[   19.520345] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.520407] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.520454] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.521235] page_type: f8(unknown)
[   19.521339] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.521391] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.522024] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.522564] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.523307] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.523358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.524143] page dumped because: kasan: bad access detected
[   19.524365] 
[   19.524387] Memory state around the buggy address:
[   19.524457]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.524514]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.524557] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.524593]                                               ^
[   19.524629]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.524675]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.525245] ==================================================================
[   19.541978] ==================================================================
[   19.542162] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.542648] Write of size 1 at addr fff00000c76ba0da by task kunit_try_catch/163
[   19.542853] 
[   19.542896] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.543785] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.544264] Hardware name: linux,dummy-virt (DT)
[   19.544568] Call trace:
[   19.544639]  show_stack+0x20/0x38 (C)
[   19.545005]  dump_stack_lvl+0x8c/0xd0
[   19.545622]  print_report+0x118/0x608
[   19.546147]  kasan_report+0xdc/0x128
[   19.546387]  __asan_report_store1_noabort+0x20/0x30
[   19.547005]  krealloc_less_oob_helper+0xa80/0xc50
[   19.547518]  krealloc_large_less_oob+0x20/0x38
[   19.547636]  kunit_try_run_case+0x170/0x3f0
[   19.548390]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.549044]  kthread+0x328/0x630
[   19.549368]  ret_from_fork+0x10/0x20
[   19.550225] 
[   19.550362] The buggy address belongs to the physical page:
[   19.550539] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.550675] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.550809] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.550864] page_type: f8(unknown)
[   19.551415] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.551472] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.551974] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.552382] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.552861] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.553500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.554009] page dumped because: kasan: bad access detected
[   19.554055] 
[   19.554073] Memory state around the buggy address:
[   19.554106]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.554681]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.554731] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.555406]                                                     ^
[   19.555869]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.556336]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.556651] ==================================================================
[   19.429951] ==================================================================
[   19.430009] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.430070] Write of size 1 at addr fff00000c46e02d0 by task kunit_try_catch/159
[   19.430137] 
[   19.430175] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.430266] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.430313] Hardware name: linux,dummy-virt (DT)
[   19.430352] Call trace:
[   19.430373]  show_stack+0x20/0x38 (C)
[   19.430444]  dump_stack_lvl+0x8c/0xd0
[   19.430690]  print_report+0x118/0x608
[   19.430747]  kasan_report+0xdc/0x128
[   19.430793]  __asan_report_store1_noabort+0x20/0x30
[   19.430863]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.430921]  krealloc_less_oob+0x20/0x38
[   19.430977]  kunit_try_run_case+0x170/0x3f0
[   19.431033]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.431101]  kthread+0x328/0x630
[   19.431144]  ret_from_fork+0x10/0x20
[   19.431202] 
[   19.431221] Allocated by task 159:
[   19.431249]  kasan_save_stack+0x3c/0x68
[   19.432634]  kasan_save_track+0x20/0x40
[   19.432956]  kasan_save_alloc_info+0x40/0x58
[   19.433009]  __kasan_krealloc+0x118/0x178
[   19.433111]  krealloc_noprof+0x128/0x360
[   19.433232]  krealloc_less_oob_helper+0x168/0xc50
[   19.433322]  krealloc_less_oob+0x20/0x38
[   19.433388]  kunit_try_run_case+0x170/0x3f0
[   19.433466]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.433533]  kthread+0x328/0x630
[   19.433596]  ret_from_fork+0x10/0x20
[   19.433847] 
[   19.433869] The buggy address belongs to the object at fff00000c46e0200
[   19.433869]  which belongs to the cache kmalloc-256 of size 256
[   19.434014] The buggy address is located 7 bytes to the right of
[   19.434014]  allocated 201-byte region [fff00000c46e0200, fff00000c46e02c9)
[   19.434086] 
[   19.434128] The buggy address belongs to the physical page:
[   19.434166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.434248] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.434325] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.434443] page_type: f5(slab)
[   19.434500] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.434577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.434639] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.434687] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.434753] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.434801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.434840] page dumped because: kasan: bad access detected
[   19.434870] 
[   19.434888] Memory state around the buggy address:
[   19.434917]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.434984]  fff00000c46e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.435131] >fff00000c46e0280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.435222]                                                  ^
[   19.435282]  fff00000c46e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.435339]  fff00000c46e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.435579] ==================================================================
[   19.446320] ==================================================================
[   19.446391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.446880] Write of size 1 at addr fff00000c46e02ea by task kunit_try_catch/159
[   19.446930] 
[   19.446963] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.447042] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.447786] Hardware name: linux,dummy-virt (DT)
[   19.448146] Call trace:
[   19.448254]  show_stack+0x20/0x38 (C)
[   19.448543]  dump_stack_lvl+0x8c/0xd0
[   19.448761]  print_report+0x118/0x608
[   19.448893]  kasan_report+0xdc/0x128
[   19.448941]  __asan_report_store1_noabort+0x20/0x30
[   19.448993]  krealloc_less_oob_helper+0xae4/0xc50
[   19.449043]  krealloc_less_oob+0x20/0x38
[   19.449705]  kunit_try_run_case+0x170/0x3f0
[   19.451961]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.452029]  kthread+0x328/0x630
[   19.452149]  ret_from_fork+0x10/0x20
[   19.452490] 
[   19.452516] Allocated by task 159:
[   19.452546]  kasan_save_stack+0x3c/0x68
[   19.453149]  kasan_save_track+0x20/0x40
[   19.453189]  kasan_save_alloc_info+0x40/0x58
[   19.453228]  __kasan_krealloc+0x118/0x178
[   19.453266]  krealloc_noprof+0x128/0x360
[   19.453305]  krealloc_less_oob_helper+0x168/0xc50
[   19.453344]  krealloc_less_oob+0x20/0x38
[   19.453380]  kunit_try_run_case+0x170/0x3f0
[   19.454215]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.454277]  kthread+0x328/0x630
[   19.454311]  ret_from_fork+0x10/0x20
[   19.454681] 
[   19.454704] The buggy address belongs to the object at fff00000c46e0200
[   19.454704]  which belongs to the cache kmalloc-256 of size 256
[   19.454762] The buggy address is located 33 bytes to the right of
[   19.454762]  allocated 201-byte region [fff00000c46e0200, fff00000c46e02c9)
[   19.454826] 
[   19.454844] The buggy address belongs to the physical page:
[   19.454874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.455982] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.456117] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.456172] page_type: f5(slab)
[   19.456210] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.456260] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.456308] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.456357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.456416] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.456488] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.456529] page dumped because: kasan: bad access detected
[   19.456613] 
[   19.456674] Memory state around the buggy address:
[   19.456711]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.456832]  fff00000c46e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.456912] >fff00000c46e0280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.457190]                                                           ^
[   19.457236]  fff00000c46e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.457641]  fff00000c46e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.457992] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAEs3GnocWqbWkV7rOIaC0ynd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAEs3GnocWqbWkV7rOIaC0ynd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/Image.gz
sha256sum	43942746c31837a748f7022cb72cf36f2b91f61e7d895fc8b55a1572e458e713

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/modules.tar.xz
sha256sum	8807b7479e37c86501e73242d675a1e38566097096d6197d93fffacaa4ec941e

durations

tests

boot	0
kunit	176.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.426863] ==================================================================
[   12.427959] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.429036] Write of size 1 at addr ffff88810a5da0c9 by task kunit_try_catch/179
[   12.429520] 
[   12.429744] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.429793] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.429806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.429827] Call Trace:
[   12.429842]  <TASK>
[   12.429863]  dump_stack_lvl+0x73/0xb0
[   12.429901]  print_report+0xd1/0x650
[   12.429937]  ? __virt_addr_valid+0x1db/0x2d0
[   12.430027]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.430051]  ? kasan_addr_to_slab+0x11/0xa0
[   12.430071]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.430095]  kasan_report+0x141/0x180
[   12.430117]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.430145]  __asan_report_store1_noabort+0x1b/0x30
[   12.430169]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.430195]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.430219]  ? finish_task_switch.isra.0+0x153/0x700
[   12.430244]  ? __switch_to+0x47/0xf50
[   12.430270]  ? __schedule+0x10cc/0x2b60
[   12.430293]  ? __pfx_read_tsc+0x10/0x10
[   12.430317]  krealloc_large_less_oob+0x1c/0x30
[   12.430340]  kunit_try_run_case+0x1a5/0x480
[   12.430366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.430389]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.430414]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.430437]  ? __kthread_parkme+0x82/0x180
[   12.430459]  ? preempt_count_sub+0x50/0x80
[   12.430482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.430506]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.430531]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.430557]  kthread+0x337/0x6f0
[   12.430578]  ? trace_preempt_on+0x20/0xc0
[   12.430602]  ? __pfx_kthread+0x10/0x10
[   12.430623]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.430645]  ? calculate_sigpending+0x7b/0xa0
[   12.430670]  ? __pfx_kthread+0x10/0x10
[   12.430691]  ret_from_fork+0x116/0x1d0
[   12.430717]  ? __pfx_kthread+0x10/0x10
[   12.430737]  ret_from_fork_asm+0x1a/0x30
[   12.430768]  </TASK>
[   12.430779] 
[   12.443650] The buggy address belongs to the physical page:
[   12.443850] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a5d8
[   12.444470] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.445197] flags: 0x200000000000040(head|node=0|zone=2)
[   12.445684] page_type: f8(unknown)
[   12.446038] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.446830] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.447384] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.447617] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.447844] head: 0200000000000002 ffffea0004297601 00000000ffffffff 00000000ffffffff
[   12.448311] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.448710] page dumped because: kasan: bad access detected
[   12.448883] 
[   12.449137] Memory state around the buggy address:
[   12.449561]  ffff88810a5d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.450249]  ffff88810a5da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.450858] >ffff88810a5da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.451267]                                               ^
[   12.451446]  ffff88810a5da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.451657]  ffff88810a5da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.451866] ==================================================================
[   12.260772] ==================================================================
[   12.261359] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.261815] Write of size 1 at addr ffff888100a17cc9 by task kunit_try_catch/175
[   12.262131] 
[   12.262257] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.262304] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.262327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.262349] Call Trace:
[   12.262361]  <TASK>
[   12.262380]  dump_stack_lvl+0x73/0xb0
[   12.262412]  print_report+0xd1/0x650
[   12.262435]  ? __virt_addr_valid+0x1db/0x2d0
[   12.262468]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.262492]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.262515]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.262550]  kasan_report+0x141/0x180
[   12.262571]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.262600]  __asan_report_store1_noabort+0x1b/0x30
[   12.262633]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.262660]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.262684]  ? finish_task_switch.isra.0+0x153/0x700
[   12.262725]  ? __switch_to+0x47/0xf50
[   12.262753]  ? __schedule+0x10cc/0x2b60
[   12.262777]  ? __pfx_read_tsc+0x10/0x10
[   12.262805]  krealloc_less_oob+0x1c/0x30
[   12.262826]  kunit_try_run_case+0x1a5/0x480
[   12.262852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.262874]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.262898]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.262938]  ? __kthread_parkme+0x82/0x180
[   12.262960]  ? preempt_count_sub+0x50/0x80
[   12.262982]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.263017]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.263042]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.263067]  kthread+0x337/0x6f0
[   12.263086]  ? trace_preempt_on+0x20/0xc0
[   12.263110]  ? __pfx_kthread+0x10/0x10
[   12.263130]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.263160]  ? calculate_sigpending+0x7b/0xa0
[   12.263184]  ? __pfx_kthread+0x10/0x10
[   12.263205]  ret_from_fork+0x116/0x1d0
[   12.263233]  ? __pfx_kthread+0x10/0x10
[   12.263254]  ret_from_fork_asm+0x1a/0x30
[   12.263293]  </TASK>
[   12.263304] 
[   12.270794] Allocated by task 175:
[   12.270977]  kasan_save_stack+0x45/0x70
[   12.271125]  kasan_save_track+0x18/0x40
[   12.271260]  kasan_save_alloc_info+0x3b/0x50
[   12.271435]  __kasan_krealloc+0x190/0x1f0
[   12.271684]  krealloc_noprof+0xf3/0x340
[   12.271874]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.272108]  krealloc_less_oob+0x1c/0x30
[   12.272355]  kunit_try_run_case+0x1a5/0x480
[   12.272560]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.272773]  kthread+0x337/0x6f0
[   12.272967]  ret_from_fork+0x116/0x1d0
[   12.273133]  ret_from_fork_asm+0x1a/0x30
[   12.273296] 
[   12.273390] The buggy address belongs to the object at ffff888100a17c00
[   12.273390]  which belongs to the cache kmalloc-256 of size 256
[   12.273880] The buggy address is located 0 bytes to the right of
[   12.273880]  allocated 201-byte region [ffff888100a17c00, ffff888100a17cc9)
[   12.274511] 
[   12.274623] The buggy address belongs to the physical page:
[   12.274844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.275211] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.275540] flags: 0x200000000000040(head|node=0|zone=2)
[   12.275759] page_type: f5(slab)
[   12.275937] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.276232] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.276520] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.276747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.276985] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.277334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.277670] page dumped because: kasan: bad access detected
[   12.277919] 
[   12.278023] Memory state around the buggy address:
[   12.278249]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.278567]  ffff888100a17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.278783] >ffff888100a17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.279002]                                               ^
[   12.279174]  ffff888100a17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.279430]  ffff888100a17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.279766] ==================================================================
[   12.281496] ==================================================================
[   12.281876] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.282317] Write of size 1 at addr ffff888100a17cd0 by task kunit_try_catch/175
[   12.282664] 
[   12.282787] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.282840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.282852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.282872] Call Trace:
[   12.282884]  <TASK>
[   12.282914]  dump_stack_lvl+0x73/0xb0
[   12.282954]  print_report+0xd1/0x650
[   12.282976]  ? __virt_addr_valid+0x1db/0x2d0
[   12.282999]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.283023]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.283045]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.283069]  kasan_report+0x141/0x180
[   12.283090]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.283118]  __asan_report_store1_noabort+0x1b/0x30
[   12.283143]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.283169]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.283193]  ? finish_task_switch.isra.0+0x153/0x700
[   12.283217]  ? __switch_to+0x47/0xf50
[   12.283269]  ? __schedule+0x10cc/0x2b60
[   12.283291]  ? __pfx_read_tsc+0x10/0x10
[   12.283327]  krealloc_less_oob+0x1c/0x30
[   12.283349]  kunit_try_run_case+0x1a5/0x480
[   12.283373]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.283407]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.283431]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.283455]  ? __kthread_parkme+0x82/0x180
[   12.283487]  ? preempt_count_sub+0x50/0x80
[   12.283509]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.283533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.283569]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.283594]  kthread+0x337/0x6f0
[   12.283622]  ? trace_preempt_on+0x20/0xc0
[   12.283646]  ? __pfx_kthread+0x10/0x10
[   12.283666]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.283687]  ? calculate_sigpending+0x7b/0xa0
[   12.283711]  ? __pfx_kthread+0x10/0x10
[   12.283732]  ret_from_fork+0x116/0x1d0
[   12.283759]  ? __pfx_kthread+0x10/0x10
[   12.283779]  ret_from_fork_asm+0x1a/0x30
[   12.283810]  </TASK>
[   12.283820] 
[   12.291032] Allocated by task 175:
[   12.291183]  kasan_save_stack+0x45/0x70
[   12.291367]  kasan_save_track+0x18/0x40
[   12.291571]  kasan_save_alloc_info+0x3b/0x50
[   12.291813]  __kasan_krealloc+0x190/0x1f0
[   12.292041]  krealloc_noprof+0xf3/0x340
[   12.292282]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.292533]  krealloc_less_oob+0x1c/0x30
[   12.292750]  kunit_try_run_case+0x1a5/0x480
[   12.292983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.293219]  kthread+0x337/0x6f0
[   12.293396]  ret_from_fork+0x116/0x1d0
[   12.293527]  ret_from_fork_asm+0x1a/0x30
[   12.293721] 
[   12.293827] The buggy address belongs to the object at ffff888100a17c00
[   12.293827]  which belongs to the cache kmalloc-256 of size 256
[   12.294338] The buggy address is located 7 bytes to the right of
[   12.294338]  allocated 201-byte region [ffff888100a17c00, ffff888100a17cc9)
[   12.294855] 
[   12.294971] The buggy address belongs to the physical page:
[   12.295196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.295556] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.295887] flags: 0x200000000000040(head|node=0|zone=2)
[   12.296090] page_type: f5(slab)
[   12.296210] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.296459] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.296686] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.297061] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.297421] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.297755] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.298101] page dumped because: kasan: bad access detected
[   12.298374] 
[   12.298467] Memory state around the buggy address:
[   12.298673]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.298965]  ffff888100a17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.299176] >ffff888100a17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.299408]                                                  ^
[   12.299666]  ffff888100a17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.300013]  ffff888100a17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.300402] ==================================================================
[   12.342446] ==================================================================
[   12.342741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.343117] Write of size 1 at addr ffff888100a17ceb by task kunit_try_catch/175
[   12.343462] 
[   12.343576] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.343616] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.343637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.343656] Call Trace:
[   12.343668]  <TASK>
[   12.343684]  dump_stack_lvl+0x73/0xb0
[   12.343726]  print_report+0xd1/0x650
[   12.343749]  ? __virt_addr_valid+0x1db/0x2d0
[   12.343771]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.343794]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.343826]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.343850]  kasan_report+0x141/0x180
[   12.343871]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.343911]  __asan_report_store1_noabort+0x1b/0x30
[   12.343944]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.343970]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.344003]  ? finish_task_switch.isra.0+0x153/0x700
[   12.344027]  ? __switch_to+0x47/0xf50
[   12.344051]  ? __schedule+0x10cc/0x2b60
[   12.344079]  ? __pfx_read_tsc+0x10/0x10
[   12.344103]  krealloc_less_oob+0x1c/0x30
[   12.344125]  kunit_try_run_case+0x1a5/0x480
[   12.344149]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.344171]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.344195]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.344218]  ? __kthread_parkme+0x82/0x180
[   12.344245]  ? preempt_count_sub+0x50/0x80
[   12.344268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.344292]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.344316]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.344340]  kthread+0x337/0x6f0
[   12.344359]  ? trace_preempt_on+0x20/0xc0
[   12.344382]  ? __pfx_kthread+0x10/0x10
[   12.344402]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.344423]  ? calculate_sigpending+0x7b/0xa0
[   12.344447]  ? __pfx_kthread+0x10/0x10
[   12.344468]  ret_from_fork+0x116/0x1d0
[   12.344485]  ? __pfx_kthread+0x10/0x10
[   12.344505]  ret_from_fork_asm+0x1a/0x30
[   12.344536]  </TASK>
[   12.344545] 
[   12.351683] Allocated by task 175:
[   12.351811]  kasan_save_stack+0x45/0x70
[   12.351966]  kasan_save_track+0x18/0x40
[   12.352160]  kasan_save_alloc_info+0x3b/0x50
[   12.352402]  __kasan_krealloc+0x190/0x1f0
[   12.352602]  krealloc_noprof+0xf3/0x340
[   12.352819]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.353055]  krealloc_less_oob+0x1c/0x30
[   12.353268]  kunit_try_run_case+0x1a5/0x480
[   12.353503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.353707]  kthread+0x337/0x6f0
[   12.353827]  ret_from_fork+0x116/0x1d0
[   12.353964]  ret_from_fork_asm+0x1a/0x30
[   12.354163] 
[   12.354297] The buggy address belongs to the object at ffff888100a17c00
[   12.354297]  which belongs to the cache kmalloc-256 of size 256
[   12.354849] The buggy address is located 34 bytes to the right of
[   12.354849]  allocated 201-byte region [ffff888100a17c00, ffff888100a17cc9)
[   12.355366] 
[   12.355452] The buggy address belongs to the physical page:
[   12.355708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.356070] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.356410] flags: 0x200000000000040(head|node=0|zone=2)
[   12.356648] page_type: f5(slab)
[   12.356808] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.357119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.357369] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.357595] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.357914] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.358271] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.358608] page dumped because: kasan: bad access detected
[   12.358862] 
[   12.358966] Memory state around the buggy address:
[   12.359196]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.359528]  ffff888100a17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.359741] >ffff888100a17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.359959]                                                           ^
[   12.360204]  ffff888100a17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.360576]  ffff888100a17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.360919] ==================================================================
[   12.322362] ==================================================================
[   12.322628] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.323152] Write of size 1 at addr ffff888100a17cea by task kunit_try_catch/175
[   12.323519] 
[   12.323634] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.323676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.323687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.323707] Call Trace:
[   12.323735]  <TASK>
[   12.323754]  dump_stack_lvl+0x73/0xb0
[   12.323783]  print_report+0xd1/0x650
[   12.323817]  ? __virt_addr_valid+0x1db/0x2d0
[   12.323840]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.323863]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.323893]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.323917]  kasan_report+0x141/0x180
[   12.323952]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.323981]  __asan_report_store1_noabort+0x1b/0x30
[   12.324005]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.324031]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.324056]  ? finish_task_switch.isra.0+0x153/0x700
[   12.324079]  ? __switch_to+0x47/0xf50
[   12.324113]  ? __schedule+0x10cc/0x2b60
[   12.324135]  ? __pfx_read_tsc+0x10/0x10
[   12.324170]  krealloc_less_oob+0x1c/0x30
[   12.324191]  kunit_try_run_case+0x1a5/0x480
[   12.324215]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.324237]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.324280]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.324303]  ? __kthread_parkme+0x82/0x180
[   12.324324]  ? preempt_count_sub+0x50/0x80
[   12.324347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.324370]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.324394]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.324428]  kthread+0x337/0x6f0
[   12.324446]  ? trace_preempt_on+0x20/0xc0
[   12.324470]  ? __pfx_kthread+0x10/0x10
[   12.324502]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.324523]  ? calculate_sigpending+0x7b/0xa0
[   12.324547]  ? __pfx_kthread+0x10/0x10
[   12.324568]  ret_from_fork+0x116/0x1d0
[   12.324586]  ? __pfx_kthread+0x10/0x10
[   12.324606]  ret_from_fork_asm+0x1a/0x30
[   12.324636]  </TASK>
[   12.324647] 
[   12.331854] Allocated by task 175:
[   12.332043]  kasan_save_stack+0x45/0x70
[   12.332188]  kasan_save_track+0x18/0x40
[   12.332341]  kasan_save_alloc_info+0x3b/0x50
[   12.332579]  __kasan_krealloc+0x190/0x1f0
[   12.332778]  krealloc_noprof+0xf3/0x340
[   12.332962]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.333130]  krealloc_less_oob+0x1c/0x30
[   12.333317]  kunit_try_run_case+0x1a5/0x480
[   12.333528]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.333810]  kthread+0x337/0x6f0
[   12.334011]  ret_from_fork+0x116/0x1d0
[   12.334214]  ret_from_fork_asm+0x1a/0x30
[   12.334395] 
[   12.334514] The buggy address belongs to the object at ffff888100a17c00
[   12.334514]  which belongs to the cache kmalloc-256 of size 256
[   12.334975] The buggy address is located 33 bytes to the right of
[   12.334975]  allocated 201-byte region [ffff888100a17c00, ffff888100a17cc9)
[   12.335526] 
[   12.335622] The buggy address belongs to the physical page:
[   12.335867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.336210] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.336542] flags: 0x200000000000040(head|node=0|zone=2)
[   12.336721] page_type: f5(slab)
[   12.336841] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.337077] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.337451] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.337783] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.338121] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.338484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.338715] page dumped because: kasan: bad access detected
[   12.338883] 
[   12.338969] Memory state around the buggy address:
[   12.339197]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.339554]  ffff888100a17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.339885] >ffff888100a17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.340220]                                                           ^
[   12.340457]  ffff888100a17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.340696]  ffff888100a17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.341073] ==================================================================
[   12.472982] ==================================================================
[   12.473539] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.473903] Write of size 1 at addr ffff88810a5da0da by task kunit_try_catch/179
[   12.474248] 
[   12.474596] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.474643] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.474655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.474674] Call Trace:
[   12.474687]  <TASK>
[   12.474709]  dump_stack_lvl+0x73/0xb0
[   12.474798]  print_report+0xd1/0x650
[   12.474824]  ? __virt_addr_valid+0x1db/0x2d0
[   12.474847]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.474870]  ? kasan_addr_to_slab+0x11/0xa0
[   12.474890]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.474913]  kasan_report+0x141/0x180
[   12.474948]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.474976]  __asan_report_store1_noabort+0x1b/0x30
[   12.475000]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.475026]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.475098]  ? finish_task_switch.isra.0+0x153/0x700
[   12.475123]  ? __switch_to+0x47/0xf50
[   12.475147]  ? __schedule+0x10cc/0x2b60
[   12.475169]  ? __pfx_read_tsc+0x10/0x10
[   12.475193]  krealloc_large_less_oob+0x1c/0x30
[   12.475216]  kunit_try_run_case+0x1a5/0x480
[   12.475240]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.475274]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.475298]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.475321]  ? __kthread_parkme+0x82/0x180
[   12.475341]  ? preempt_count_sub+0x50/0x80
[   12.475363]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.475387]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.475411]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.475435]  kthread+0x337/0x6f0
[   12.475453]  ? trace_preempt_on+0x20/0xc0
[   12.475477]  ? __pfx_kthread+0x10/0x10
[   12.475497]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.475518]  ? calculate_sigpending+0x7b/0xa0
[   12.475542]  ? __pfx_kthread+0x10/0x10
[   12.475562]  ret_from_fork+0x116/0x1d0
[   12.475580]  ? __pfx_kthread+0x10/0x10
[   12.475600]  ret_from_fork_asm+0x1a/0x30
[   12.475631]  </TASK>
[   12.475641] 
[   12.483285] The buggy address belongs to the physical page:
[   12.483563] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a5d8
[   12.483911] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.484328] flags: 0x200000000000040(head|node=0|zone=2)
[   12.484542] page_type: f8(unknown)
[   12.484667] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.484948] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.485444] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.485762] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.486387] head: 0200000000000002 ffffea0004297601 00000000ffffffff 00000000ffffffff
[   12.486674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.486910] page dumped because: kasan: bad access detected
[   12.487206] 
[   12.487395] Memory state around the buggy address:
[   12.487634]  ffff88810a5d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.487994]  ffff88810a5da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.488292] >ffff88810a5da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.488502]                                                     ^
[   12.488778]  ffff88810a5da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.489171]  ffff88810a5da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.489518] ==================================================================
[   12.506115] ==================================================================
[   12.506474] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.506791] Write of size 1 at addr ffff88810a5da0eb by task kunit_try_catch/179
[   12.507309] 
[   12.507448] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.507490] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.507501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.507520] Call Trace:
[   12.507537]  <TASK>
[   12.507554]  dump_stack_lvl+0x73/0xb0
[   12.507586]  print_report+0xd1/0x650
[   12.507609]  ? __virt_addr_valid+0x1db/0x2d0
[   12.507631]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.507655]  ? kasan_addr_to_slab+0x11/0xa0
[   12.507675]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.507699]  kasan_report+0x141/0x180
[   12.507720]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.507748]  __asan_report_store1_noabort+0x1b/0x30
[   12.507773]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.507799]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.507823]  ? finish_task_switch.isra.0+0x153/0x700
[   12.507846]  ? __switch_to+0x47/0xf50
[   12.507870]  ? __schedule+0x10cc/0x2b60
[   12.507892]  ? __pfx_read_tsc+0x10/0x10
[   12.507917]  krealloc_large_less_oob+0x1c/0x30
[   12.508017]  kunit_try_run_case+0x1a5/0x480
[   12.508041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.508064]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.508089]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.508112]  ? __kthread_parkme+0x82/0x180
[   12.508132]  ? preempt_count_sub+0x50/0x80
[   12.508154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.508178]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.508202]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.508226]  kthread+0x337/0x6f0
[   12.508244]  ? trace_preempt_on+0x20/0xc0
[   12.508268]  ? __pfx_kthread+0x10/0x10
[   12.508304]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.508325]  ? calculate_sigpending+0x7b/0xa0
[   12.508349]  ? __pfx_kthread+0x10/0x10
[   12.508369]  ret_from_fork+0x116/0x1d0
[   12.508388]  ? __pfx_kthread+0x10/0x10
[   12.508408]  ret_from_fork_asm+0x1a/0x30
[   12.508438]  </TASK>
[   12.508448] 
[   12.515881] The buggy address belongs to the physical page:
[   12.516173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a5d8
[   12.516548] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.516868] flags: 0x200000000000040(head|node=0|zone=2)
[   12.517148] page_type: f8(unknown)
[   12.517317] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.517604] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.517916] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.518386] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.518647] head: 0200000000000002 ffffea0004297601 00000000ffffffff 00000000ffffffff
[   12.518882] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.519299] page dumped because: kasan: bad access detected
[   12.519551] 
[   12.519642] Memory state around the buggy address:
[   12.519862]  ffff88810a5d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.520248]  ffff88810a5da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.520577] >ffff88810a5da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.520885]                                                           ^
[   12.521242]  ffff88810a5da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.521474]  ffff88810a5da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.521722] ==================================================================
[   12.301543] ==================================================================
[   12.301874] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.302659] Write of size 1 at addr ffff888100a17cda by task kunit_try_catch/175
[   12.303059] 
[   12.303178] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.303221] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.303232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.303277] Call Trace:
[   12.303296]  <TASK>
[   12.303316]  dump_stack_lvl+0x73/0xb0
[   12.303361]  print_report+0xd1/0x650
[   12.303383]  ? __virt_addr_valid+0x1db/0x2d0
[   12.303407]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.303433]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.303456]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.303490]  kasan_report+0x141/0x180
[   12.303511]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.303552]  __asan_report_store1_noabort+0x1b/0x30
[   12.303578]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.303603]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.303628]  ? finish_task_switch.isra.0+0x153/0x700
[   12.303651]  ? __switch_to+0x47/0xf50
[   12.303676]  ? __schedule+0x10cc/0x2b60
[   12.303698]  ? __pfx_read_tsc+0x10/0x10
[   12.303731]  krealloc_less_oob+0x1c/0x30
[   12.303752]  kunit_try_run_case+0x1a5/0x480
[   12.303777]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.303810]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.303834]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.303858]  ? __kthread_parkme+0x82/0x180
[   12.303879]  ? preempt_count_sub+0x50/0x80
[   12.303901]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.303934]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.303958]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.303983]  kthread+0x337/0x6f0
[   12.304002]  ? trace_preempt_on+0x20/0xc0
[   12.304025]  ? __pfx_kthread+0x10/0x10
[   12.304045]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.304066]  ? calculate_sigpending+0x7b/0xa0
[   12.304090]  ? __pfx_kthread+0x10/0x10
[   12.304111]  ret_from_fork+0x116/0x1d0
[   12.304129]  ? __pfx_kthread+0x10/0x10
[   12.304158]  ret_from_fork_asm+0x1a/0x30
[   12.304189]  </TASK>
[   12.304199] 
[   12.311521] Allocated by task 175:
[   12.311660]  kasan_save_stack+0x45/0x70
[   12.311888]  kasan_save_track+0x18/0x40
[   12.312084]  kasan_save_alloc_info+0x3b/0x50
[   12.312317]  __kasan_krealloc+0x190/0x1f0
[   12.312499]  krealloc_noprof+0xf3/0x340
[   12.312631]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.312789]  krealloc_less_oob+0x1c/0x30
[   12.312997]  kunit_try_run_case+0x1a5/0x480
[   12.313206]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.313510]  kthread+0x337/0x6f0
[   12.313693]  ret_from_fork+0x116/0x1d0
[   12.313902]  ret_from_fork_asm+0x1a/0x30
[   12.314102] 
[   12.314171] The buggy address belongs to the object at ffff888100a17c00
[   12.314171]  which belongs to the cache kmalloc-256 of size 256
[   12.314545] The buggy address is located 17 bytes to the right of
[   12.314545]  allocated 201-byte region [ffff888100a17c00, ffff888100a17cc9)
[   12.315106] 
[   12.315213] The buggy address belongs to the physical page:
[   12.315453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.315697] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.315937] flags: 0x200000000000040(head|node=0|zone=2)
[   12.316190] page_type: f5(slab)
[   12.316410] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.316758] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.317114] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.317493] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.317818] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.318795] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.319166] page dumped because: kasan: bad access detected
[   12.319459] 
[   12.319561] Memory state around the buggy address:
[   12.319775]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.320072]  ffff888100a17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.320376] >ffff888100a17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.320675]                                                     ^
[   12.320896]  ffff888100a17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.321163]  ffff888100a17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.321508] ==================================================================
[   12.489839] ==================================================================
[   12.490235] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.490610] Write of size 1 at addr ffff88810a5da0ea by task kunit_try_catch/179
[   12.490903] 
[   12.491002] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.491043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.491054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.491073] Call Trace:
[   12.491088]  <TASK>
[   12.491104]  dump_stack_lvl+0x73/0xb0
[   12.491132]  print_report+0xd1/0x650
[   12.491154]  ? __virt_addr_valid+0x1db/0x2d0
[   12.491176]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.491199]  ? kasan_addr_to_slab+0x11/0xa0
[   12.491219]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.491243]  kasan_report+0x141/0x180
[   12.491264]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.491292]  __asan_report_store1_noabort+0x1b/0x30
[   12.491316]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.491343]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.491367]  ? finish_task_switch.isra.0+0x153/0x700
[   12.491390]  ? __switch_to+0x47/0xf50
[   12.491414]  ? __schedule+0x10cc/0x2b60
[   12.491435]  ? __pfx_read_tsc+0x10/0x10
[   12.491460]  krealloc_large_less_oob+0x1c/0x30
[   12.491483]  kunit_try_run_case+0x1a5/0x480
[   12.491506]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.491528]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.491551]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.491575]  ? __kthread_parkme+0x82/0x180
[   12.491595]  ? preempt_count_sub+0x50/0x80
[   12.491617]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.491641]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.491664]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.491689]  kthread+0x337/0x6f0
[   12.491708]  ? trace_preempt_on+0x20/0xc0
[   12.491731]  ? __pfx_kthread+0x10/0x10
[   12.491751]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.491772]  ? calculate_sigpending+0x7b/0xa0
[   12.491796]  ? __pfx_kthread+0x10/0x10
[   12.491816]  ret_from_fork+0x116/0x1d0
[   12.491834]  ? __pfx_kthread+0x10/0x10
[   12.491854]  ret_from_fork_asm+0x1a/0x30
[   12.491884]  </TASK>
[   12.491894] 
[   12.499537] The buggy address belongs to the physical page:
[   12.499756] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a5d8
[   12.500066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.500393] flags: 0x200000000000040(head|node=0|zone=2)
[   12.500660] page_type: f8(unknown)
[   12.500844] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.501277] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.501618] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.501900] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.502351] head: 0200000000000002 ffffea0004297601 00000000ffffffff 00000000ffffffff
[   12.502737] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.503155] page dumped because: kasan: bad access detected
[   12.503432] 
[   12.503527] Memory state around the buggy address:
[   12.503753]  ffff88810a5d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.504142]  ffff88810a5da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.504440] >ffff88810a5da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.504651]                                                           ^
[   12.505016]  ffff88810a5da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.505368]  ffff88810a5da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.505689] ==================================================================
[   12.452939] ==================================================================
[   12.453837] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.454593] Write of size 1 at addr ffff88810a5da0d0 by task kunit_try_catch/179
[   12.455537] 
[   12.455757] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.455803] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.455814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.455833] Call Trace:
[   12.455852]  <TASK>
[   12.455871]  dump_stack_lvl+0x73/0xb0
[   12.455904]  print_report+0xd1/0x650
[   12.455966]  ? __virt_addr_valid+0x1db/0x2d0
[   12.455991]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.456014]  ? kasan_addr_to_slab+0x11/0xa0
[   12.456034]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.456058]  kasan_report+0x141/0x180
[   12.456079]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.456107]  __asan_report_store1_noabort+0x1b/0x30
[   12.456145]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.456171]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.456195]  ? finish_task_switch.isra.0+0x153/0x700
[   12.456218]  ? __switch_to+0x47/0xf50
[   12.456259]  ? __schedule+0x10cc/0x2b60
[   12.456282]  ? __pfx_read_tsc+0x10/0x10
[   12.456306]  krealloc_large_less_oob+0x1c/0x30
[   12.456328]  kunit_try_run_case+0x1a5/0x480
[   12.456352]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.456374]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.456398]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.456422]  ? __kthread_parkme+0x82/0x180
[   12.456442]  ? preempt_count_sub+0x50/0x80
[   12.456464]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.456487]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.456511]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.456536]  kthread+0x337/0x6f0
[   12.456554]  ? trace_preempt_on+0x20/0xc0
[   12.456577]  ? __pfx_kthread+0x10/0x10
[   12.456597]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.456618]  ? calculate_sigpending+0x7b/0xa0
[   12.456641]  ? __pfx_kthread+0x10/0x10
[   12.456662]  ret_from_fork+0x116/0x1d0
[   12.456680]  ? __pfx_kthread+0x10/0x10
[   12.456700]  ret_from_fork_asm+0x1a/0x30
[   12.456730]  </TASK>
[   12.456740] 
[   12.466287] The buggy address belongs to the physical page:
[   12.466574] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a5d8
[   12.466932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.467231] flags: 0x200000000000040(head|node=0|zone=2)
[   12.467712] page_type: f8(unknown)
[   12.467872] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.468112] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.468389] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.468793] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.469177] head: 0200000000000002 ffffea0004297601 00000000ffffffff 00000000ffffffff
[   12.469411] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.469986] page dumped because: kasan: bad access detected
[   12.470247] 
[   12.470341] Memory state around the buggy address:
[   12.470569]  ffff88810a5d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.470855]  ffff88810a5da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.471216] >ffff88810a5da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.471642]                                                  ^
[   12.471865]  ffff88810a5da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.472366]  ffff88810a5da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.472580] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAFkblEHml5vWceVaiL0Z7pv2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAFkblEHml5vWceVaiL0Z7pv2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/bzImage
sha256sum	27b537d7ff0cc2505073732e0426981d2e11aae2d444edf9f87b5f4cd09a88c1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/modules.tar.xz
sha256sum	de6330518eae5656446007b0b43210efdfbd212f286fe2bf16230e157f9f0923

durations

tests

boot	0
kunit	201.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit