lkft/sashal-linus-next - v6.13-rc7-43476-g00b0249a355d - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 8, 2025, 7:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.216357] ==================================================================
[   19.216422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.216530] Write of size 1 at addr fff00000c781a0eb by task kunit_try_catch/162
[   19.216614] 
[   19.216731] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.216841] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.216867] Hardware name: linux,dummy-virt (DT)
[   19.216902] Call trace:
[   19.217077]  show_stack+0x20/0x38 (C)
[   19.217244]  dump_stack_lvl+0x8c/0xd0
[   19.217299]  print_report+0x118/0x608
[   19.217343]  kasan_report+0xdc/0x128
[   19.217386]  __asan_report_store1_noabort+0x20/0x30
[   19.217489]  krealloc_less_oob_helper+0xa58/0xc50
[   19.217574]  krealloc_large_less_oob+0x20/0x38
[   19.217621]  kunit_try_run_case+0x170/0x3f0
[   19.217861]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.217964]  kthread+0x328/0x630
[   19.218017]  ret_from_fork+0x10/0x20
[   19.218062] 
[   19.218262] The buggy address belongs to the physical page:
[   19.218357] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.218463] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.218600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.218827] page_type: f8(unknown)
[   19.218929] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.218981] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.219058] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.219275] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.219341] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.219480] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.219668] page dumped because: kasan: bad access detected
[   19.219853] 
[   19.219920] Memory state around the buggy address:
[   19.219955]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.220023]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.220064] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.220503]                                                           ^
[   19.220607]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.220768]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.220849] ==================================================================
[   19.132817] ==================================================================
[   19.132986] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.133041] Write of size 1 at addr fff00000c1b1b8d0 by task kunit_try_catch/158
[   19.133194] 
[   19.133420] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.133510] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.133535] Hardware name: linux,dummy-virt (DT)
[   19.133563] Call trace:
[   19.133641]  show_stack+0x20/0x38 (C)
[   19.133694]  dump_stack_lvl+0x8c/0xd0
[   19.133790]  print_report+0x118/0x608
[   19.133834]  kasan_report+0xdc/0x128
[   19.134048]  __asan_report_store1_noabort+0x20/0x30
[   19.134117]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.134165]  krealloc_less_oob+0x20/0x38
[   19.134217]  kunit_try_run_case+0x170/0x3f0
[   19.134262]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.134474]  kthread+0x328/0x630
[   19.134528]  ret_from_fork+0x10/0x20
[   19.134574] 
[   19.134592] Allocated by task 158:
[   19.134757]  kasan_save_stack+0x3c/0x68
[   19.134810]  kasan_save_track+0x20/0x40
[   19.134867]  kasan_save_alloc_info+0x40/0x58
[   19.135025]  __kasan_krealloc+0x118/0x178
[   19.135083]  krealloc_noprof+0x128/0x360
[   19.135119]  krealloc_less_oob_helper+0x168/0xc50
[   19.135495]  krealloc_less_oob+0x20/0x38
[   19.135602]  kunit_try_run_case+0x170/0x3f0
[   19.135648]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.135689]  kthread+0x328/0x630
[   19.135730]  ret_from_fork+0x10/0x20
[   19.136074] 
[   19.136215] The buggy address belongs to the object at fff00000c1b1b800
[   19.136215]  which belongs to the cache kmalloc-256 of size 256
[   19.136414] The buggy address is located 7 bytes to the right of
[   19.136414]  allocated 201-byte region [fff00000c1b1b800, fff00000c1b1b8c9)
[   19.136535] 
[   19.136565] The buggy address belongs to the physical page:
[   19.136638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.137101] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.137215] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.137358] page_type: f5(slab)
[   19.137448] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.137632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.137701] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.138108] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.138194] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.138687] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.138782] page dumped because: kasan: bad access detected
[   19.138871] 
[   19.139022] Memory state around the buggy address:
[   19.139109]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.139160]  fff00000c1b1b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.139485] >fff00000c1b1b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.139556]                                                  ^
[   19.139703]  fff00000c1b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.139910]  fff00000c1b1b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.140007] ==================================================================
[   19.210378] ==================================================================
[   19.210422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.210468] Write of size 1 at addr fff00000c781a0ea by task kunit_try_catch/162
[   19.210573] 
[   19.210601] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.210852] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.210887] Hardware name: linux,dummy-virt (DT)
[   19.211093] Call trace:
[   19.211137]  show_stack+0x20/0x38 (C)
[   19.211245]  dump_stack_lvl+0x8c/0xd0
[   19.211291]  print_report+0x118/0x608
[   19.211335]  kasan_report+0xdc/0x128
[   19.211378]  __asan_report_store1_noabort+0x20/0x30
[   19.211535]  krealloc_less_oob_helper+0xae4/0xc50
[   19.211986]  krealloc_large_less_oob+0x20/0x38
[   19.212091]  kunit_try_run_case+0x170/0x3f0
[   19.212243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.212348]  kthread+0x328/0x630
[   19.212493]  ret_from_fork+0x10/0x20
[   19.212749] 
[   19.212846] The buggy address belongs to the physical page:
[   19.212985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.213097] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.213158] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.213211] page_type: f8(unknown)
[   19.213254] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.213303] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.213361] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.213423] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.213471] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.213517] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.213556] page dumped because: kasan: bad access detected
[   19.213595] 
[   19.213612] Memory state around the buggy address:
[   19.213642]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.213682]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.213757] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.213903]                                                           ^
[   19.214507]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.214575]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.215150] ==================================================================
[   19.158003] ==================================================================
[   19.158050] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.158507] Write of size 1 at addr fff00000c1b1b8eb by task kunit_try_catch/158
[   19.158576] 
[   19.158700] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.158919] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.158953] Hardware name: linux,dummy-virt (DT)
[   19.158999] Call trace:
[   19.159021]  show_stack+0x20/0x38 (C)
[   19.159351]  dump_stack_lvl+0x8c/0xd0
[   19.159504]  print_report+0x118/0x608
[   19.159552]  kasan_report+0xdc/0x128
[   19.159595]  __asan_report_store1_noabort+0x20/0x30
[   19.159911]  krealloc_less_oob_helper+0xa58/0xc50
[   19.159987]  krealloc_less_oob+0x20/0x38
[   19.160086]  kunit_try_run_case+0x170/0x3f0
[   19.160139]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.160371]  kthread+0x328/0x630
[   19.160556]  ret_from_fork+0x10/0x20
[   19.160829] 
[   19.160921] Allocated by task 158:
[   19.160950]  kasan_save_stack+0x3c/0x68
[   19.161127]  kasan_save_track+0x20/0x40
[   19.161316]  kasan_save_alloc_info+0x40/0x58
[   19.161398]  __kasan_krealloc+0x118/0x178
[   19.161449]  krealloc_noprof+0x128/0x360
[   19.161605]  krealloc_less_oob_helper+0x168/0xc50
[   19.161866]  krealloc_less_oob+0x20/0x38
[   19.161963]  kunit_try_run_case+0x170/0x3f0
[   19.162015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.162198]  kthread+0x328/0x630
[   19.162387]  ret_from_fork+0x10/0x20
[   19.162464] 
[   19.162593] The buggy address belongs to the object at fff00000c1b1b800
[   19.162593]  which belongs to the cache kmalloc-256 of size 256
[   19.162686] The buggy address is located 34 bytes to the right of
[   19.162686]  allocated 201-byte region [fff00000c1b1b800, fff00000c1b1b8c9)
[   19.162893] 
[   19.163098] The buggy address belongs to the physical page:
[   19.163160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.163339] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.163391] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.163457] page_type: f5(slab)
[   19.163515] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.163564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.163622] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.163678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.163738] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.164285] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.164424] page dumped because: kasan: bad access detected
[   19.164510] 
[   19.164654] Memory state around the buggy address:
[   19.164812]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.164885]  fff00000c1b1b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.164926] >fff00000c1b1b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.165120]                                                           ^
[   19.165165]  fff00000c1b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.165470]  fff00000c1b1b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.165580] ==================================================================
[   19.197113] ==================================================================
[   19.197188] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.197240] Write of size 1 at addr fff00000c781a0d0 by task kunit_try_catch/162
[   19.197288] 
[   19.197575] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.197819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.197856] Hardware name: linux,dummy-virt (DT)
[   19.197886] Call trace:
[   19.197945]  show_stack+0x20/0x38 (C)
[   19.198285]  dump_stack_lvl+0x8c/0xd0
[   19.198359]  print_report+0x118/0x608
[   19.198405]  kasan_report+0xdc/0x128
[   19.198448]  __asan_report_store1_noabort+0x20/0x30
[   19.198817]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.198937]  krealloc_large_less_oob+0x20/0x38
[   19.198989]  kunit_try_run_case+0x170/0x3f0
[   19.199033]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.199219]  kthread+0x328/0x630
[   19.199274]  ret_from_fork+0x10/0x20
[   19.199320] 
[   19.199470] The buggy address belongs to the physical page:
[   19.199679] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.199748] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.199800] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.200135] page_type: f8(unknown)
[   19.200209] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.200315] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.200365] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.200586] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.200641] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.201014] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.201153] page dumped because: kasan: bad access detected
[   19.201223] 
[   19.201360] Memory state around the buggy address:
[   19.201435]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.201911]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.201995] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.202139]                                                  ^
[   19.202215]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.202274]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.202787] ==================================================================
[   19.141260] ==================================================================
[   19.141382] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.141553] Write of size 1 at addr fff00000c1b1b8da by task kunit_try_catch/158
[   19.141820] 
[   19.141896] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.141985] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.142141] Hardware name: linux,dummy-virt (DT)
[   19.142324] Call trace:
[   19.142376]  show_stack+0x20/0x38 (C)
[   19.142427]  dump_stack_lvl+0x8c/0xd0
[   19.142538]  print_report+0x118/0x608
[   19.142624]  kasan_report+0xdc/0x128
[   19.142668]  __asan_report_store1_noabort+0x20/0x30
[   19.142815]  krealloc_less_oob_helper+0xa80/0xc50
[   19.142886]  krealloc_less_oob+0x20/0x38
[   19.143064]  kunit_try_run_case+0x170/0x3f0
[   19.143280]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.143356]  kthread+0x328/0x630
[   19.143471]  ret_from_fork+0x10/0x20
[   19.143610] 
[   19.143737] Allocated by task 158:
[   19.143786]  kasan_save_stack+0x3c/0x68
[   19.143860]  kasan_save_track+0x20/0x40
[   19.143899]  kasan_save_alloc_info+0x40/0x58
[   19.144296]  __kasan_krealloc+0x118/0x178
[   19.144407]  krealloc_noprof+0x128/0x360
[   19.144495]  krealloc_less_oob_helper+0x168/0xc50
[   19.144636]  krealloc_less_oob+0x20/0x38
[   19.144694]  kunit_try_run_case+0x170/0x3f0
[   19.144824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.144884]  kthread+0x328/0x630
[   19.144948]  ret_from_fork+0x10/0x20
[   19.145113] 
[   19.145312] The buggy address belongs to the object at fff00000c1b1b800
[   19.145312]  which belongs to the cache kmalloc-256 of size 256
[   19.145411] The buggy address is located 17 bytes to the right of
[   19.145411]  allocated 201-byte region [fff00000c1b1b800, fff00000c1b1b8c9)
[   19.145586] 
[   19.145625] The buggy address belongs to the physical page:
[   19.145739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.145792] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.146175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.146282] page_type: f5(slab)
[   19.146360] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.146507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.146605] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.147066] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.147173] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.147270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.147412] page dumped because: kasan: bad access detected
[   19.147499] 
[   19.147550] Memory state around the buggy address:
[   19.147656]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.147698]  fff00000c1b1b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.147762] >fff00000c1b1b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.147798]                                                     ^
[   19.148140]  fff00000c1b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.148252]  fff00000c1b1b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.148361] ==================================================================
[   19.149672] ==================================================================
[   19.149736] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.149783] Write of size 1 at addr fff00000c1b1b8ea by task kunit_try_catch/158
[   19.149856] 
[   19.149886] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.149963] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.149998] Hardware name: linux,dummy-virt (DT)
[   19.150033] Call trace:
[   19.150064]  show_stack+0x20/0x38 (C)
[   19.150110]  dump_stack_lvl+0x8c/0xd0
[   19.150163]  print_report+0x118/0x608
[   19.150215]  kasan_report+0xdc/0x128
[   19.150260]  __asan_report_store1_noabort+0x20/0x30
[   19.150317]  krealloc_less_oob_helper+0xae4/0xc50
[   19.150364]  krealloc_less_oob+0x20/0x38
[   19.150414]  kunit_try_run_case+0x170/0x3f0
[   19.150467]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.150518]  kthread+0x328/0x630
[   19.150557]  ret_from_fork+0x10/0x20
[   19.150610] 
[   19.150628] Allocated by task 158:
[   19.150654]  kasan_save_stack+0x3c/0x68
[   19.150693]  kasan_save_track+0x20/0x40
[   19.150739]  kasan_save_alloc_info+0x40/0x58
[   19.150777]  __kasan_krealloc+0x118/0x178
[   19.150986]  krealloc_noprof+0x128/0x360
[   19.151057]  krealloc_less_oob_helper+0x168/0xc50
[   19.151492]  krealloc_less_oob+0x20/0x38
[   19.151564]  kunit_try_run_case+0x170/0x3f0
[   19.151718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.152150]  kthread+0x328/0x630
[   19.152208]  ret_from_fork+0x10/0x20
[   19.152861] 
[   19.152897] The buggy address belongs to the object at fff00000c1b1b800
[   19.152897]  which belongs to the cache kmalloc-256 of size 256
[   19.153098] The buggy address is located 33 bytes to the right of
[   19.153098]  allocated 201-byte region [fff00000c1b1b800, fff00000c1b1b8c9)
[   19.153366] 
[   19.153432] The buggy address belongs to the physical page:
[   19.153498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.153576] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.154303] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.154419] page_type: f5(slab)
[   19.154906] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.155011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.155452] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.155615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.155706] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.155763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.155801] page dumped because: kasan: bad access detected
[   19.156149] 
[   19.156231] Memory state around the buggy address:
[   19.156626]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.156789]  fff00000c1b1b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.156872] >fff00000c1b1b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.156979]                                                           ^
[   19.157055]  fff00000c1b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.157122]  fff00000c1b1b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.157266] ==================================================================
[   19.128498] ==================================================================
[   19.128785] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.128847] Write of size 1 at addr fff00000c1b1b8c9 by task kunit_try_catch/158
[   19.128895] 
[   19.128930] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.129008] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.129038] Hardware name: linux,dummy-virt (DT)
[   19.129067] Call trace:
[   19.129087]  show_stack+0x20/0x38 (C)
[   19.129133]  dump_stack_lvl+0x8c/0xd0
[   19.129177]  print_report+0x118/0x608
[   19.129231]  kasan_report+0xdc/0x128
[   19.129275]  __asan_report_store1_noabort+0x20/0x30
[   19.129332]  krealloc_less_oob_helper+0xa48/0xc50
[   19.129379]  krealloc_less_oob+0x20/0x38
[   19.129422]  kunit_try_run_case+0x170/0x3f0
[   19.129476]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.129526]  kthread+0x328/0x630
[   19.129566]  ret_from_fork+0x10/0x20
[   19.129613] 
[   19.129631] Allocated by task 158:
[   19.129663]  kasan_save_stack+0x3c/0x68
[   19.129720]  kasan_save_track+0x20/0x40
[   19.129756]  kasan_save_alloc_info+0x40/0x58
[   19.129799]  __kasan_krealloc+0x118/0x178
[   19.129835]  krealloc_noprof+0x128/0x360
[   19.129870]  krealloc_less_oob_helper+0x168/0xc50
[   19.129907]  krealloc_less_oob+0x20/0x38
[   19.129950]  kunit_try_run_case+0x170/0x3f0
[   19.129986]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.130027]  kthread+0x328/0x630
[   19.130057]  ret_from_fork+0x10/0x20
[   19.130099] 
[   19.130117] The buggy address belongs to the object at fff00000c1b1b800
[   19.130117]  which belongs to the cache kmalloc-256 of size 256
[   19.130171] The buggy address is located 0 bytes to the right of
[   19.130171]  allocated 201-byte region [fff00000c1b1b800, fff00000c1b1b8c9)
[   19.130232] 
[   19.130251] The buggy address belongs to the physical page:
[   19.130288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.130340] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.130386] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.130434] page_type: f5(slab)
[   19.130469] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.130526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.130576] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.130624] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.130678] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.131556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.131629] page dumped because: kasan: bad access detected
[   19.131685] 
[   19.131735] Memory state around the buggy address:
[   19.131800]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.131868]  fff00000c1b1b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.131917] >fff00000c1b1b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.131969]                                               ^
[   19.132023]  fff00000c1b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.132235]  fff00000c1b1b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.132453] ==================================================================
[   19.204486] ==================================================================
[   19.204535] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.204591] Write of size 1 at addr fff00000c781a0da by task kunit_try_catch/162
[   19.204913] 
[   19.205042] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.205177] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.205202] Hardware name: linux,dummy-virt (DT)
[   19.205231] Call trace:
[   19.205251]  show_stack+0x20/0x38 (C)
[   19.205413]  dump_stack_lvl+0x8c/0xd0
[   19.205505]  print_report+0x118/0x608
[   19.205721]  kasan_report+0xdc/0x128
[   19.205774]  __asan_report_store1_noabort+0x20/0x30
[   19.205923]  krealloc_less_oob_helper+0xa80/0xc50
[   19.205974]  krealloc_large_less_oob+0x20/0x38
[   19.206019]  kunit_try_run_case+0x170/0x3f0
[   19.206063]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.206128]  kthread+0x328/0x630
[   19.206184]  ret_from_fork+0x10/0x20
[   19.206230] 
[   19.206249] The buggy address belongs to the physical page:
[   19.206610] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.206752] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.206837] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.206946] page_type: f8(unknown)
[   19.207014] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.207068] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.207134] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.207181] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.207350] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.207409] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.207554] page dumped because: kasan: bad access detected
[   19.207600] 
[   19.207784] Memory state around the buggy address:
[   19.207881]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.208050]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.208091] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.208134]                                                     ^
[   19.208490]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.208547]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.208660] ==================================================================
[   19.190269] ==================================================================
[   19.190334] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.190383] Write of size 1 at addr fff00000c781a0c9 by task kunit_try_catch/162
[   19.190431] 
[   19.190462] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.190550] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.190575] Hardware name: linux,dummy-virt (DT)
[   19.190604] Call trace:
[   19.190630]  show_stack+0x20/0x38 (C)
[   19.190675]  dump_stack_lvl+0x8c/0xd0
[   19.190936]  print_report+0x118/0x608
[   19.190991]  kasan_report+0xdc/0x128
[   19.191036]  __asan_report_store1_noabort+0x20/0x30
[   19.191925]  krealloc_less_oob_helper+0xa48/0xc50
[   19.192250]  krealloc_large_less_oob+0x20/0x38
[   19.192302]  kunit_try_run_case+0x170/0x3f0
[   19.192365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.192756]  kthread+0x328/0x630
[   19.192814]  ret_from_fork+0x10/0x20
[   19.193099] 
[   19.193273] The buggy address belongs to the physical page:
[   19.193325] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.193531] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.193896] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.194093] page_type: f8(unknown)
[   19.194259] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.194357] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.194503] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.194623] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.194724] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.195122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.195170] page dumped because: kasan: bad access detected
[   19.195218] 
[   19.195292] Memory state around the buggy address:
[   19.195575]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.195660]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.195802] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.195840]                                               ^
[   19.195874]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.195914]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.195961] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbZAsW0CRR2ffMkw5j8F6DHgyw

job_id

TEST:linaro@lkft#2zbZELhCwKziSXCacuqaKlig2QS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbZELhCwKziSXCacuqaKlig2QS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZBqBVTAxuRuCQHYdewgbYp7s/Image.gz
sha256sum	13ed34663cef83d4fb86ede6789c93f31050bb758da77d00bf5796a1642a8000

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZBqBVTAxuRuCQHYdewgbYp7s/modules.tar.xz
sha256sum	a968762691f131e35c1b902f768cc0424c6e9593e0a95acbdc41831f7268e4b5

durations

tests

boot	0
kunit	166.57

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.760682] ==================================================================
[   12.761035] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.761450] Write of size 1 at addr ffff888102b6a0ea by task kunit_try_catch/179
[   12.761890] 
[   12.761977] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.762019] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.762030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.762063] Call Trace:
[   12.762074]  <TASK>
[   12.762088]  dump_stack_lvl+0x73/0xb0
[   12.762114]  print_report+0xd1/0x650
[   12.762134]  ? __virt_addr_valid+0x1db/0x2d0
[   12.762155]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.762177]  ? kasan_addr_to_slab+0x11/0xa0
[   12.762196]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.762218]  kasan_report+0x141/0x180
[   12.762239]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.762266]  __asan_report_store1_noabort+0x1b/0x30
[   12.762289]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.762313]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.762335]  ? finish_task_switch.isra.0+0x153/0x700
[   12.762356]  ? __switch_to+0x47/0xf50
[   12.762381]  ? __schedule+0x10cc/0x2b60
[   12.762402]  ? __pfx_read_tsc+0x10/0x10
[   12.762424]  krealloc_large_less_oob+0x1c/0x30
[   12.762446]  kunit_try_run_case+0x1a5/0x480
[   12.762468]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.762488]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.762521]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.762543]  ? __kthread_parkme+0x82/0x180
[   12.762561]  ? preempt_count_sub+0x50/0x80
[   12.762595]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.762618]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.762639]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.762661]  kthread+0x337/0x6f0
[   12.762678]  ? trace_preempt_on+0x20/0xc0
[   12.762700]  ? __pfx_kthread+0x10/0x10
[   12.762728]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.762755]  ? calculate_sigpending+0x7b/0xa0
[   12.762777]  ? __pfx_kthread+0x10/0x10
[   12.762809]  ret_from_fork+0x116/0x1d0
[   12.762826]  ? __pfx_kthread+0x10/0x10
[   12.762845]  ret_from_fork_asm+0x1a/0x30
[   12.762874]  </TASK>
[   12.762885] 
[   12.771473] The buggy address belongs to the physical page:
[   12.771745] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.772117] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.772421] flags: 0x200000000000040(head|node=0|zone=2)
[   12.773164] page_type: f8(unknown)
[   12.773329] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.773549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.774157] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.774537] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.775258] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.776416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.776806] page dumped because: kasan: bad access detected
[   12.777073] 
[   12.777389] Memory state around the buggy address:
[   12.777793]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.778358]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.779325] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.779983]                                                           ^
[   12.780315]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.781025]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.781471] ==================================================================
[   12.742285] ==================================================================
[   12.742645] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.743034] Write of size 1 at addr ffff888102b6a0da by task kunit_try_catch/179
[   12.743267] 
[   12.743357] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.743400] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.743412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.743433] Call Trace:
[   12.743445]  <TASK>
[   12.743462]  dump_stack_lvl+0x73/0xb0
[   12.743516]  print_report+0xd1/0x650
[   12.743538]  ? __virt_addr_valid+0x1db/0x2d0
[   12.743559]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.743582]  ? kasan_addr_to_slab+0x11/0xa0
[   12.743601]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.743623]  kasan_report+0x141/0x180
[   12.743644]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.743671]  __asan_report_store1_noabort+0x1b/0x30
[   12.743705]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.743742]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.743777]  ? finish_task_switch.isra.0+0x153/0x700
[   12.743800]  ? __switch_to+0x47/0xf50
[   12.743826]  ? __schedule+0x10cc/0x2b60
[   12.743848]  ? __pfx_read_tsc+0x10/0x10
[   12.743871]  krealloc_large_less_oob+0x1c/0x30
[   12.743892]  kunit_try_run_case+0x1a5/0x480
[   12.743916]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.743936]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.743959]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.743981]  ? __kthread_parkme+0x82/0x180
[   12.744000]  ? preempt_count_sub+0x50/0x80
[   12.744022]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.744058]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.744080]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.744101]  kthread+0x337/0x6f0
[   12.744119]  ? trace_preempt_on+0x20/0xc0
[   12.744141]  ? __pfx_kthread+0x10/0x10
[   12.744160]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.744180]  ? calculate_sigpending+0x7b/0xa0
[   12.744203]  ? __pfx_kthread+0x10/0x10
[   12.744223]  ret_from_fork+0x116/0x1d0
[   12.744240]  ? __pfx_kthread+0x10/0x10
[   12.744260]  ret_from_fork_asm+0x1a/0x30
[   12.744289]  </TASK>
[   12.744301] 
[   12.753392] The buggy address belongs to the physical page:
[   12.753716] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.753998] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.754484] flags: 0x200000000000040(head|node=0|zone=2)
[   12.754845] page_type: f8(unknown)
[   12.754973] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.755423] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.755806] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.756028] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.756256] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.757029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.757626] page dumped because: kasan: bad access detected
[   12.757950] 
[   12.758030] Memory state around the buggy address:
[   12.758313]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.758564]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.758772] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.759023]                                                     ^
[   12.759576]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.759814]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.760018] ==================================================================
[   12.783100] ==================================================================
[   12.783419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.783996] Write of size 1 at addr ffff888102b6a0eb by task kunit_try_catch/179
[   12.784935] 
[   12.785064] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.785111] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.785123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.785144] Call Trace:
[   12.785158]  <TASK>
[   12.785174]  dump_stack_lvl+0x73/0xb0
[   12.785203]  print_report+0xd1/0x650
[   12.785225]  ? __virt_addr_valid+0x1db/0x2d0
[   12.785247]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.785270]  ? kasan_addr_to_slab+0x11/0xa0
[   12.785290]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.785313]  kasan_report+0x141/0x180
[   12.785334]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.785362]  __asan_report_store1_noabort+0x1b/0x30
[   12.785385]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.785409]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.785432]  ? finish_task_switch.isra.0+0x153/0x700
[   12.785454]  ? __switch_to+0x47/0xf50
[   12.785481]  ? __schedule+0x10cc/0x2b60
[   12.785502]  ? __pfx_read_tsc+0x10/0x10
[   12.785526]  krealloc_large_less_oob+0x1c/0x30
[   12.785548]  kunit_try_run_case+0x1a5/0x480
[   12.785579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.785600]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.785622]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.785645]  ? __kthread_parkme+0x82/0x180
[   12.785664]  ? preempt_count_sub+0x50/0x80
[   12.785686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.785709]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.785731]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.785752]  kthread+0x337/0x6f0
[   12.785771]  ? trace_preempt_on+0x20/0xc0
[   12.785794]  ? __pfx_kthread+0x10/0x10
[   12.785813]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.785833]  ? calculate_sigpending+0x7b/0xa0
[   12.785856]  ? __pfx_kthread+0x10/0x10
[   12.785876]  ret_from_fork+0x116/0x1d0
[   12.785894]  ? __pfx_kthread+0x10/0x10
[   12.785914]  ret_from_fork_asm+0x1a/0x30
[   12.785944]  </TASK>
[   12.785955] 
[   12.798661] The buggy address belongs to the physical page:
[   12.798904] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.799827] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.800724] flags: 0x200000000000040(head|node=0|zone=2)
[   12.800999] page_type: f8(unknown)
[   12.801495] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.801846] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.802526] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.803216] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.804321] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.804873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.805740] page dumped because: kasan: bad access detected
[   12.806150] 
[   12.806258] Memory state around the buggy address:
[   12.806471]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.807262]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.807872] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.808455]                                                           ^
[   12.809282]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.809746]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.810428] ==================================================================
[   12.510016] ==================================================================
[   12.510408] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.510869] Write of size 1 at addr ffff8881003466d0 by task kunit_try_catch/175
[   12.511469] 
[   12.511706] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.511753] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.511765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.511786] Call Trace:
[   12.511800]  <TASK>
[   12.511818]  dump_stack_lvl+0x73/0xb0
[   12.511869]  print_report+0xd1/0x650
[   12.511890]  ? __virt_addr_valid+0x1db/0x2d0
[   12.511912]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.511934]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.511959]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.511981]  kasan_report+0x141/0x180
[   12.512002]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.512029]  __asan_report_store1_noabort+0x1b/0x30
[   12.512322]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.512359]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.512381]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.512410]  ? __pfx_krealloc_less_oob+0x10/0x10
[   12.512437]  krealloc_less_oob+0x1c/0x30
[   12.512459]  kunit_try_run_case+0x1a5/0x480
[   12.512482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.512520]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.512545]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.512567]  ? __kthread_parkme+0x82/0x180
[   12.512587]  ? preempt_count_sub+0x50/0x80
[   12.512610]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.512633]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.512654]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.512675]  kthread+0x337/0x6f0
[   12.512693]  ? trace_preempt_on+0x20/0xc0
[   12.512716]  ? __pfx_kthread+0x10/0x10
[   12.512736]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.512755]  ? calculate_sigpending+0x7b/0xa0
[   12.512778]  ? __pfx_kthread+0x10/0x10
[   12.512799]  ret_from_fork+0x116/0x1d0
[   12.512817]  ? __pfx_kthread+0x10/0x10
[   12.512837]  ret_from_fork_asm+0x1a/0x30
[   12.512867]  </TASK>
[   12.512878] 
[   12.524233] Allocated by task 175:
[   12.524395]  kasan_save_stack+0x45/0x70
[   12.524913]  kasan_save_track+0x18/0x40
[   12.525122]  kasan_save_alloc_info+0x3b/0x50
[   12.525758]  __kasan_krealloc+0x190/0x1f0
[   12.525970]  krealloc_noprof+0xf3/0x340
[   12.526445]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.526763]  krealloc_less_oob+0x1c/0x30
[   12.526988]  kunit_try_run_case+0x1a5/0x480
[   12.527387]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.527830]  kthread+0x337/0x6f0
[   12.528003]  ret_from_fork+0x116/0x1d0
[   12.528279]  ret_from_fork_asm+0x1a/0x30
[   12.528464] 
[   12.528570] The buggy address belongs to the object at ffff888100346600
[   12.528570]  which belongs to the cache kmalloc-256 of size 256
[   12.529086] The buggy address is located 7 bytes to the right of
[   12.529086]  allocated 201-byte region [ffff888100346600, ffff8881003466c9)
[   12.530259] 
[   12.530362] The buggy address belongs to the physical page:
[   12.530578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.531203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.531645] flags: 0x200000000000040(head|node=0|zone=2)
[   12.531982] page_type: f5(slab)
[   12.532255] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.532758] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.533408] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.533998] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.534631] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.534938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.535581] page dumped because: kasan: bad access detected
[   12.535843] 
[   12.535943] Memory state around the buggy address:
[   12.536396]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.536849]  ffff888100346600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.537522] >ffff888100346680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.537823]                                                  ^
[   12.538126]  ffff888100346700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.538676]  ffff888100346780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.539161] ==================================================================
[   12.686779] ==================================================================
[   12.687263] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.687584] Write of size 1 at addr ffff888102b6a0c9 by task kunit_try_catch/179
[   12.687888] 
[   12.687994] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.688051] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.688063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.688439] Call Trace:
[   12.688453]  <TASK>
[   12.688472]  dump_stack_lvl+0x73/0xb0
[   12.688527]  print_report+0xd1/0x650
[   12.688567]  ? __virt_addr_valid+0x1db/0x2d0
[   12.688590]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.688624]  ? kasan_addr_to_slab+0x11/0xa0
[   12.688644]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.688666]  kasan_report+0x141/0x180
[   12.688799]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.688832]  __asan_report_store1_noabort+0x1b/0x30
[   12.688855]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.688880]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.688902]  ? finish_task_switch.isra.0+0x153/0x700
[   12.688925]  ? __switch_to+0x47/0xf50
[   12.688951]  ? __schedule+0x10cc/0x2b60
[   12.688973]  ? __pfx_read_tsc+0x10/0x10
[   12.688997]  krealloc_large_less_oob+0x1c/0x30
[   12.689019]  kunit_try_run_case+0x1a5/0x480
[   12.689054]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.689075]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.689098]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.689121]  ? __kthread_parkme+0x82/0x180
[   12.689141]  ? preempt_count_sub+0x50/0x80
[   12.689163]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.689199]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.689221]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.689243]  kthread+0x337/0x6f0
[   12.689273]  ? trace_preempt_on+0x20/0xc0
[   12.689296]  ? __pfx_kthread+0x10/0x10
[   12.689315]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.689346]  ? calculate_sigpending+0x7b/0xa0
[   12.689370]  ? __pfx_kthread+0x10/0x10
[   12.689390]  ret_from_fork+0x116/0x1d0
[   12.689420]  ? __pfx_kthread+0x10/0x10
[   12.689440]  ret_from_fork_asm+0x1a/0x30
[   12.689472]  </TASK>
[   12.689496] 
[   12.702451] The buggy address belongs to the physical page:
[   12.702922] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.703563] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.704139] flags: 0x200000000000040(head|node=0|zone=2)
[   12.704581] page_type: f8(unknown)
[   12.704893] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.705403] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.705944] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.706517] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.706983] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.707453] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.708015] page dumped because: kasan: bad access detected
[   12.708506] 
[   12.708632] Memory state around the buggy address:
[   12.709113]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.709566]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.710009] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.710460]                                               ^
[   12.710895]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.711417]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.711866] ==================================================================
[   12.540170] ==================================================================
[   12.540490] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.540968] Write of size 1 at addr ffff8881003466da by task kunit_try_catch/175
[   12.541802] 
[   12.541937] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.541984] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.542013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.542035] Call Trace:
[   12.542067]  <TASK>
[   12.542139]  dump_stack_lvl+0x73/0xb0
[   12.542170]  print_report+0xd1/0x650
[   12.542192]  ? __virt_addr_valid+0x1db/0x2d0
[   12.542214]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.542236]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.542261]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.542283]  kasan_report+0x141/0x180
[   12.542304]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.542331]  __asan_report_store1_noabort+0x1b/0x30
[   12.542354]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.542379]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.542400]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.542430]  ? __pfx_krealloc_less_oob+0x10/0x10
[   12.542456]  krealloc_less_oob+0x1c/0x30
[   12.542476]  kunit_try_run_case+0x1a5/0x480
[   12.542498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.542519]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.542542]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.542563]  ? __kthread_parkme+0x82/0x180
[   12.542583]  ? preempt_count_sub+0x50/0x80
[   12.542606]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.542628]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.542650]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.542671]  kthread+0x337/0x6f0
[   12.542690]  ? trace_preempt_on+0x20/0xc0
[   12.542711]  ? __pfx_kthread+0x10/0x10
[   12.542731]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.542750]  ? calculate_sigpending+0x7b/0xa0
[   12.542773]  ? __pfx_kthread+0x10/0x10
[   12.542793]  ret_from_fork+0x116/0x1d0
[   12.542811]  ? __pfx_kthread+0x10/0x10
[   12.542830]  ret_from_fork_asm+0x1a/0x30
[   12.542861]  </TASK>
[   12.542872] 
[   12.554723] Allocated by task 175:
[   12.554932]  kasan_save_stack+0x45/0x70
[   12.555277]  kasan_save_track+0x18/0x40
[   12.555621]  kasan_save_alloc_info+0x3b/0x50
[   12.555829]  __kasan_krealloc+0x190/0x1f0
[   12.556014]  krealloc_noprof+0xf3/0x340
[   12.556239]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.556746]  krealloc_less_oob+0x1c/0x30
[   12.556946]  kunit_try_run_case+0x1a5/0x480
[   12.557525]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.557978]  kthread+0x337/0x6f0
[   12.558283]  ret_from_fork+0x116/0x1d0
[   12.558645]  ret_from_fork_asm+0x1a/0x30
[   12.558846] 
[   12.558946] The buggy address belongs to the object at ffff888100346600
[   12.558946]  which belongs to the cache kmalloc-256 of size 256
[   12.559810] The buggy address is located 17 bytes to the right of
[   12.559810]  allocated 201-byte region [ffff888100346600, ffff8881003466c9)
[   12.560834] 
[   12.561089] The buggy address belongs to the physical page:
[   12.561721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.562246] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.562650] flags: 0x200000000000040(head|node=0|zone=2)
[   12.562886] page_type: f5(slab)
[   12.563330] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.563654] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.563980] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.564521] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.564943] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.565722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.566199] page dumped because: kasan: bad access detected
[   12.566466] 
[   12.566775] Memory state around the buggy address:
[   12.567015]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.567382]  ffff888100346600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.567936] >ffff888100346680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.568414]                                                     ^
[   12.568894]  ffff888100346700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.569602]  ffff888100346780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.569932] ==================================================================
[   12.602394] ==================================================================
[   12.602937] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.603628] Write of size 1 at addr ffff8881003466eb by task kunit_try_catch/175
[   12.603945] 
[   12.604066] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.604111] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.604124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.604147] Call Trace:
[   12.604165]  <TASK>
[   12.604184]  dump_stack_lvl+0x73/0xb0
[   12.604214]  print_report+0xd1/0x650
[   12.604236]  ? __virt_addr_valid+0x1db/0x2d0
[   12.604257]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.604279]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.604304]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.604327]  kasan_report+0x141/0x180
[   12.604348]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.604376]  __asan_report_store1_noabort+0x1b/0x30
[   12.604399]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.604423]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.604444]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.604473]  ? __pfx_krealloc_less_oob+0x10/0x10
[   12.604499]  krealloc_less_oob+0x1c/0x30
[   12.604519]  kunit_try_run_case+0x1a5/0x480
[   12.604543]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604564]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.604587]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.604608]  ? __kthread_parkme+0x82/0x180
[   12.604628]  ? preempt_count_sub+0x50/0x80
[   12.604652]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604674]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.604695]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.604717]  kthread+0x337/0x6f0
[   12.604736]  ? trace_preempt_on+0x20/0xc0
[   12.604757]  ? __pfx_kthread+0x10/0x10
[   12.604777]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.604797]  ? calculate_sigpending+0x7b/0xa0
[   12.604820]  ? __pfx_kthread+0x10/0x10
[   12.604840]  ret_from_fork+0x116/0x1d0
[   12.604859]  ? __pfx_kthread+0x10/0x10
[   12.604878]  ret_from_fork_asm+0x1a/0x30
[   12.604908]  </TASK>
[   12.604919] 
[   12.616644] Allocated by task 175:
[   12.616806]  kasan_save_stack+0x45/0x70
[   12.617398]  kasan_save_track+0x18/0x40
[   12.617608]  kasan_save_alloc_info+0x3b/0x50
[   12.617777]  __kasan_krealloc+0x190/0x1f0
[   12.618140]  krealloc_noprof+0xf3/0x340
[   12.618314]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.618810]  krealloc_less_oob+0x1c/0x30
[   12.619051]  kunit_try_run_case+0x1a5/0x480
[   12.619595]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.619857]  kthread+0x337/0x6f0
[   12.620186]  ret_from_fork+0x116/0x1d0
[   12.620456]  ret_from_fork_asm+0x1a/0x30
[   12.620841] 
[   12.620944] The buggy address belongs to the object at ffff888100346600
[   12.620944]  which belongs to the cache kmalloc-256 of size 256
[   12.621721] The buggy address is located 34 bytes to the right of
[   12.621721]  allocated 201-byte region [ffff888100346600, ffff8881003466c9)
[   12.622575] 
[   12.622704] The buggy address belongs to the physical page:
[   12.623201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.623522] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.623858] flags: 0x200000000000040(head|node=0|zone=2)
[   12.624095] page_type: f5(slab)
[   12.624579] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.624953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.625523] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.626007] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.626528] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.626962] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.627589] page dumped because: kasan: bad access detected
[   12.628010] 
[   12.628228] Memory state around the buggy address:
[   12.628412]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.629163]  ffff888100346600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.629752] >ffff888100346680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.630197]                                                           ^
[   12.630619]  ffff888100346700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.630916]  ffff888100346780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.631637] ==================================================================
[   12.712746] ==================================================================
[   12.713429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.713929] Write of size 1 at addr ffff888102b6a0d0 by task kunit_try_catch/179
[   12.714721] 
[   12.715067] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.715119] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.715131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.715153] Call Trace:
[   12.715165]  <TASK>
[   12.715182]  dump_stack_lvl+0x73/0xb0
[   12.715212]  print_report+0xd1/0x650
[   12.715233]  ? __virt_addr_valid+0x1db/0x2d0
[   12.715255]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.715278]  ? kasan_addr_to_slab+0x11/0xa0
[   12.715297]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.715320]  kasan_report+0x141/0x180
[   12.715341]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.715368]  __asan_report_store1_noabort+0x1b/0x30
[   12.715391]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.715416]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.715438]  ? finish_task_switch.isra.0+0x153/0x700
[   12.715459]  ? __switch_to+0x47/0xf50
[   12.715486]  ? __schedule+0x10cc/0x2b60
[   12.715507]  ? __pfx_read_tsc+0x10/0x10
[   12.715532]  krealloc_large_less_oob+0x1c/0x30
[   12.715553]  kunit_try_run_case+0x1a5/0x480
[   12.715577]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.715598]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.715620]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.715642]  ? __kthread_parkme+0x82/0x180
[   12.715662]  ? preempt_count_sub+0x50/0x80
[   12.715683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.715705]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.715727]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.715748]  kthread+0x337/0x6f0
[   12.715766]  ? trace_preempt_on+0x20/0xc0
[   12.715789]  ? __pfx_kthread+0x10/0x10
[   12.715808]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.715828]  ? calculate_sigpending+0x7b/0xa0
[   12.715851]  ? __pfx_kthread+0x10/0x10
[   12.715871]  ret_from_fork+0x116/0x1d0
[   12.715888]  ? __pfx_kthread+0x10/0x10
[   12.715907]  ret_from_fork_asm+0x1a/0x30
[   12.715937]  </TASK>
[   12.715949] 
[   12.729532] The buggy address belongs to the physical page:
[   12.730067] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.730887] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.731401] flags: 0x200000000000040(head|node=0|zone=2)
[   12.731720] page_type: f8(unknown)
[   12.732106] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.732576] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.733022] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.733613] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.733964] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.734631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.735261] page dumped because: kasan: bad access detected
[   12.735473] 
[   12.735549] Memory state around the buggy address:
[   12.736528]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.738253]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.738474] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.738682]                                                  ^
[   12.738859]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.739202]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.739464] ==================================================================
[   12.470281] ==================================================================
[   12.470866] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.471397] Write of size 1 at addr ffff8881003466c9 by task kunit_try_catch/175
[   12.472336] 
[   12.472599] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.472647] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.472658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.472679] Call Trace:
[   12.472691]  <TASK>
[   12.472708]  dump_stack_lvl+0x73/0xb0
[   12.472738]  print_report+0xd1/0x650
[   12.472760]  ? __virt_addr_valid+0x1db/0x2d0
[   12.472781]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.472803]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.472828]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.472850]  kasan_report+0x141/0x180
[   12.472870]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.472897]  __asan_report_store1_noabort+0x1b/0x30
[   12.472920]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.472944]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.472965]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.472994]  ? __pfx_krealloc_less_oob+0x10/0x10
[   12.473019]  krealloc_less_oob+0x1c/0x30
[   12.473057]  kunit_try_run_case+0x1a5/0x480
[   12.473081]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.473101]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.473125]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.473146]  ? __kthread_parkme+0x82/0x180
[   12.473166]  ? preempt_count_sub+0x50/0x80
[   12.473189]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.473210]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.473232]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.473253]  kthread+0x337/0x6f0
[   12.473271]  ? trace_preempt_on+0x20/0xc0
[   12.473293]  ? __pfx_kthread+0x10/0x10
[   12.473312]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.473332]  ? calculate_sigpending+0x7b/0xa0
[   12.473354]  ? __pfx_kthread+0x10/0x10
[   12.473375]  ret_from_fork+0x116/0x1d0
[   12.473392]  ? __pfx_kthread+0x10/0x10
[   12.473412]  ret_from_fork_asm+0x1a/0x30
[   12.473442]  </TASK>
[   12.473453] 
[   12.488594] Allocated by task 175:
[   12.488783]  kasan_save_stack+0x45/0x70
[   12.488983]  kasan_save_track+0x18/0x40
[   12.491034]  kasan_save_alloc_info+0x3b/0x50
[   12.491285]  __kasan_krealloc+0x190/0x1f0
[   12.491476]  krealloc_noprof+0xf3/0x340
[   12.492325]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.492903]  krealloc_less_oob+0x1c/0x30
[   12.493333]  kunit_try_run_case+0x1a5/0x480
[   12.494275]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.494597]  kthread+0x337/0x6f0
[   12.494907]  ret_from_fork+0x116/0x1d0
[   12.495673]  ret_from_fork_asm+0x1a/0x30
[   12.495951] 
[   12.496307] The buggy address belongs to the object at ffff888100346600
[   12.496307]  which belongs to the cache kmalloc-256 of size 256
[   12.497486] The buggy address is located 0 bytes to the right of
[   12.497486]  allocated 201-byte region [ffff888100346600, ffff8881003466c9)
[   12.498822] 
[   12.498953] The buggy address belongs to the physical page:
[   12.499974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.500502] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.500822] flags: 0x200000000000040(head|node=0|zone=2)
[   12.501543] page_type: f5(slab)
[   12.501721] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.502054] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.502428] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.503236] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.503781] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.504111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.504639] page dumped because: kasan: bad access detected
[   12.504991] 
[   12.505082] Memory state around the buggy address:
[   12.505461]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.506198]  ffff888100346600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.506502] >ffff888100346680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.506933]                                               ^
[   12.507496]  ffff888100346700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.507826]  ffff888100346780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.508492] ==================================================================
[   12.571325] ==================================================================
[   12.572434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.572881] Write of size 1 at addr ffff8881003466ea by task kunit_try_catch/175
[   12.573431] 
[   12.573692] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.573741] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.573753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.573774] Call Trace:
[   12.573789]  <TASK>
[   12.573807]  dump_stack_lvl+0x73/0xb0
[   12.573837]  print_report+0xd1/0x650
[   12.573858]  ? __virt_addr_valid+0x1db/0x2d0
[   12.573879]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.573902]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.573926]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.573949]  kasan_report+0x141/0x180
[   12.573971]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.573999]  __asan_report_store1_noabort+0x1b/0x30
[   12.574021]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.574061]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.574082]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.574111]  ? __pfx_krealloc_less_oob+0x10/0x10
[   12.574137]  krealloc_less_oob+0x1c/0x30
[   12.574157]  kunit_try_run_case+0x1a5/0x480
[   12.574181]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574202]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574224]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574247]  ? __kthread_parkme+0x82/0x180
[   12.574266]  ? preempt_count_sub+0x50/0x80
[   12.574289]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574311]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574333]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574355]  kthread+0x337/0x6f0
[   12.574373]  ? trace_preempt_on+0x20/0xc0
[   12.574394]  ? __pfx_kthread+0x10/0x10
[   12.574414]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.574433]  ? calculate_sigpending+0x7b/0xa0
[   12.574456]  ? __pfx_kthread+0x10/0x10
[   12.574477]  ret_from_fork+0x116/0x1d0
[   12.574495]  ? __pfx_kthread+0x10/0x10
[   12.574514]  ret_from_fork_asm+0x1a/0x30
[   12.574545]  </TASK>
[   12.574555] 
[   12.586322] Allocated by task 175:
[   12.586730]  kasan_save_stack+0x45/0x70
[   12.586945]  kasan_save_track+0x18/0x40
[   12.587341]  kasan_save_alloc_info+0x3b/0x50
[   12.587802]  __kasan_krealloc+0x190/0x1f0
[   12.587998]  krealloc_noprof+0xf3/0x340
[   12.588401]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.588692]  krealloc_less_oob+0x1c/0x30
[   12.588910]  kunit_try_run_case+0x1a5/0x480
[   12.589372]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.589642]  kthread+0x337/0x6f0
[   12.589820]  ret_from_fork+0x116/0x1d0
[   12.590230]  ret_from_fork_asm+0x1a/0x30
[   12.590412] 
[   12.590512] The buggy address belongs to the object at ffff888100346600
[   12.590512]  which belongs to the cache kmalloc-256 of size 256
[   12.591515] The buggy address is located 33 bytes to the right of
[   12.591515]  allocated 201-byte region [ffff888100346600, ffff8881003466c9)
[   12.592374] 
[   12.592809] The buggy address belongs to the physical page:
[   12.593073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.593712] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.594253] flags: 0x200000000000040(head|node=0|zone=2)
[   12.594520] page_type: f5(slab)
[   12.594695] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.594986] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.595825] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.596357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.596824] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.597388] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.597918] page dumped because: kasan: bad access detected
[   12.598213] 
[   12.598500] Memory state around the buggy address:
[   12.598822]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.599145]  ffff888100346600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.599794] >ffff888100346680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.600263]                                                           ^
[   12.600530]  ffff888100346700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.600994]  ffff888100346780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.601472] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbZAsW0CRR2ffMkw5j8F6DHgyw

job_id

TEST:linaro@lkft#2zbZFHK4Sw86b4pmV5PXfz8prpJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbZFHK4Sw86b4pmV5PXfz8prpJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZCcAU3GCfH6PwaRBQnAehPTl/bzImage
sha256sum	0bf0ad7ccf29b0f731e894460d46dafee55e63e8cafe197024b102058e3d162c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZCcAU3GCfH6PwaRBQnAehPTl/modules.tar.xz
sha256sum	0dc6a04d7bca38bbdcbb0c995f09194f0b64c8de10ad0918054455d46bad2376

durations

tests

boot	0
kunit	214.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit