lkft/sashal-linus-next - v6.13-rc7-43514-gb6b19ce74be8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 10, 2025, 6:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.775872] ==================================================================
[   16.775922] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.776088] Write of size 1 at addr fff00000c1d24eeb by task kunit_try_catch/158
[   16.776152] 
[   16.776183] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.776288] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.776314] Hardware name: linux,dummy-virt (DT)
[   16.776355] Call trace:
[   16.776377]  show_stack+0x20/0x38 (C)
[   16.776559]  dump_stack_lvl+0x8c/0xd0
[   16.776609]  print_report+0x118/0x608
[   16.776655]  kasan_report+0xdc/0x128
[   16.776700]  __asan_report_store1_noabort+0x20/0x30
[   16.776804]  krealloc_less_oob_helper+0xa58/0xc50
[   16.776880]  krealloc_less_oob+0x20/0x38
[   16.776954]  kunit_try_run_case+0x170/0x3f0
[   16.777011]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.777065]  kthread+0x328/0x630
[   16.777138]  ret_from_fork+0x10/0x20
[   16.777214] 
[   16.777232] Allocated by task 158:
[   16.777267]  kasan_save_stack+0x3c/0x68
[   16.777308]  kasan_save_track+0x20/0x40
[   16.777357]  kasan_save_alloc_info+0x40/0x58
[   16.777585]  __kasan_krealloc+0x118/0x178
[   16.777653]  krealloc_noprof+0x128/0x360
[   16.777709]  krealloc_less_oob_helper+0x168/0xc50
[   16.777767]  krealloc_less_oob+0x20/0x38
[   16.777803]  kunit_try_run_case+0x170/0x3f0
[   16.777860]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.778063]  kthread+0x328/0x630
[   16.778138]  ret_from_fork+0x10/0x20
[   16.778267] 
[   16.778290] The buggy address belongs to the object at fff00000c1d24e00
[   16.778290]  which belongs to the cache kmalloc-256 of size 256
[   16.778411] The buggy address is located 34 bytes to the right of
[   16.778411]  allocated 201-byte region [fff00000c1d24e00, fff00000c1d24ec9)
[   16.778483] 
[   16.778503] The buggy address belongs to the physical page:
[   16.778532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.778583] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.778630] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.778678] page_type: f5(slab)
[   16.778714] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.778764] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.778813] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.779047] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.779192] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.779287] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.779445] page dumped because: kasan: bad access detected
[   16.779563] 
[   16.779668] Memory state around the buggy address:
[   16.779748]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.779842]  fff00000c1d24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.779884] >fff00000c1d24e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.780124]                                                           ^
[   16.780181]  fff00000c1d24f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.780754]  fff00000c1d24f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.780805] ==================================================================
[   16.802568] ==================================================================
[   16.802623] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.802851] Write of size 1 at addr fff00000c78aa0c9 by task kunit_try_catch/162
[   16.802925] 
[   16.802962] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.803040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.803065] Hardware name: linux,dummy-virt (DT)
[   16.803095] Call trace:
[   16.803117]  show_stack+0x20/0x38 (C)
[   16.803167]  dump_stack_lvl+0x8c/0xd0
[   16.803389]  print_report+0x118/0x608
[   16.803504]  kasan_report+0xdc/0x128
[   16.803589]  __asan_report_store1_noabort+0x20/0x30
[   16.803642]  krealloc_less_oob_helper+0xa48/0xc50
[   16.803716]  krealloc_large_less_oob+0x20/0x38
[   16.803788]  kunit_try_run_case+0x170/0x3f0
[   16.803866]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.803950]  kthread+0x328/0x630
[   16.804004]  ret_from_fork+0x10/0x20
[   16.804070] 
[   16.804118] The buggy address belongs to the physical page:
[   16.804355] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.804522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.804574] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.804670] page_type: f8(unknown)
[   16.804736] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.804809] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.804894] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.804949] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.805004] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.805052] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.805090] page dumped because: kasan: bad access detected
[   16.805119] 
[   16.805136] Memory state around the buggy address:
[   16.805171]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.805363]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.805478] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.805557]                                               ^
[   16.805619]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.805686]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.805724] ==================================================================
[   16.769776] ==================================================================
[   16.769846] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.770166] Write of size 1 at addr fff00000c1d24eea by task kunit_try_catch/158
[   16.770330] 
[   16.770464] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.770607] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.770656] Hardware name: linux,dummy-virt (DT)
[   16.770766] Call trace:
[   16.770805]  show_stack+0x20/0x38 (C)
[   16.770855]  dump_stack_lvl+0x8c/0xd0
[   16.770901]  print_report+0x118/0x608
[   16.770947]  kasan_report+0xdc/0x128
[   16.771122]  __asan_report_store1_noabort+0x20/0x30
[   16.771442]  krealloc_less_oob_helper+0xae4/0xc50
[   16.771642]  krealloc_less_oob+0x20/0x38
[   16.771811]  kunit_try_run_case+0x170/0x3f0
[   16.771898]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.771976]  kthread+0x328/0x630
[   16.772212]  ret_from_fork+0x10/0x20
[   16.772319] 
[   16.772346] Allocated by task 158:
[   16.772373]  kasan_save_stack+0x3c/0x68
[   16.772621]  kasan_save_track+0x20/0x40
[   16.772717]  kasan_save_alloc_info+0x40/0x58
[   16.772835]  __kasan_krealloc+0x118/0x178
[   16.772970]  krealloc_noprof+0x128/0x360
[   16.773057]  krealloc_less_oob_helper+0x168/0xc50
[   16.773167]  krealloc_less_oob+0x20/0x38
[   16.773203]  kunit_try_run_case+0x170/0x3f0
[   16.773276]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.773623]  kthread+0x328/0x630
[   16.773794]  ret_from_fork+0x10/0x20
[   16.773907] 
[   16.774040] The buggy address belongs to the object at fff00000c1d24e00
[   16.774040]  which belongs to the cache kmalloc-256 of size 256
[   16.774110] The buggy address is located 33 bytes to the right of
[   16.774110]  allocated 201-byte region [fff00000c1d24e00, fff00000c1d24ec9)
[   16.774171] 
[   16.774190] The buggy address belongs to the physical page:
[   16.774225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.774286] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.774330] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.774401] page_type: f5(slab)
[   16.774449] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.774497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.774545] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.774602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.774649] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.774706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.774745] page dumped because: kasan: bad access detected
[   16.774774] 
[   16.774791] Memory state around the buggy address:
[   16.774829]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.774870]  fff00000c1d24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.774919] >fff00000c1d24e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.774970]                                                           ^
[   16.775006]  fff00000c1d24f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.775074]  fff00000c1d24f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.775119] ==================================================================
[   16.813982] ==================================================================
[   16.814016] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.814059] Write of size 1 at addr fff00000c78aa0ea by task kunit_try_catch/162
[   16.814105] 
[   16.814133] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.814208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.814257] Hardware name: linux,dummy-virt (DT)
[   16.814288] Call trace:
[   16.814308]  show_stack+0x20/0x38 (C)
[   16.814368]  dump_stack_lvl+0x8c/0xd0
[   16.814414]  print_report+0x118/0x608
[   16.814606]  kasan_report+0xdc/0x128
[   16.814796]  __asan_report_store1_noabort+0x20/0x30
[   16.814879]  krealloc_less_oob_helper+0xae4/0xc50
[   16.814968]  krealloc_large_less_oob+0x20/0x38
[   16.815054]  kunit_try_run_case+0x170/0x3f0
[   16.815164]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.815283]  kthread+0x328/0x630
[   16.815432]  ret_from_fork+0x10/0x20
[   16.815499] 
[   16.815518] The buggy address belongs to the physical page:
[   16.815546] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.815596] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.815641] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.815909] page_type: f8(unknown)
[   16.816018] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.816066] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.816157] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.816225] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.816298] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.816449] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.816556] page dumped because: kasan: bad access detected
[   16.816691] 
[   16.816741] Memory state around the buggy address:
[   16.816793]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.816834]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.816903] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.816959]                                                           ^
[   16.816996]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.817039]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.817074] ==================================================================
[   16.811468] ==================================================================
[   16.811541] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.811613] Write of size 1 at addr fff00000c78aa0da by task kunit_try_catch/162
[   16.811688] 
[   16.811717] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.811795] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.812051] Hardware name: linux,dummy-virt (DT)
[   16.812092] Call trace:
[   16.812194]  show_stack+0x20/0x38 (C)
[   16.812248]  dump_stack_lvl+0x8c/0xd0
[   16.812304]  print_report+0x118/0x608
[   16.812363]  kasan_report+0xdc/0x128
[   16.812619]  __asan_report_store1_noabort+0x20/0x30
[   16.812717]  krealloc_less_oob_helper+0xa80/0xc50
[   16.812821]  krealloc_large_less_oob+0x20/0x38
[   16.812894]  kunit_try_run_case+0x170/0x3f0
[   16.812944]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.812996]  kthread+0x328/0x630
[   16.813038]  ret_from_fork+0x10/0x20
[   16.813084] 
[   16.813103] The buggy address belongs to the physical page:
[   16.813151] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.813202] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.813246] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.813294] page_type: f8(unknown)
[   16.813331] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.813399] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.813447] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.813493] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.813540] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.813587] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.813625] page dumped because: kasan: bad access detected
[   16.813653] 
[   16.813672] Memory state around the buggy address:
[   16.813701]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.813741]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.813781] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.813816]                                                     ^
[   16.813851]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.813891]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.813933] ==================================================================
[   16.760586] ==================================================================
[   16.760661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.760710] Write of size 1 at addr fff00000c1d24ed0 by task kunit_try_catch/158
[   16.760758] 
[   16.760788] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.760866] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.760896] Hardware name: linux,dummy-virt (DT)
[   16.760936] Call trace:
[   16.760958]  show_stack+0x20/0x38 (C)
[   16.761006]  dump_stack_lvl+0x8c/0xd0
[   16.761053]  print_report+0x118/0x608
[   16.761099]  kasan_report+0xdc/0x128
[   16.761150]  __asan_report_store1_noabort+0x20/0x30
[   16.761202]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.761258]  krealloc_less_oob+0x20/0x38
[   16.761311]  kunit_try_run_case+0x170/0x3f0
[   16.761380]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.761442]  kthread+0x328/0x630
[   16.761483]  ret_from_fork+0x10/0x20
[   16.761529] 
[   16.761552] Allocated by task 158:
[   16.761578]  kasan_save_stack+0x3c/0x68
[   16.761617]  kasan_save_track+0x20/0x40
[   16.761653]  kasan_save_alloc_info+0x40/0x58
[   16.761692]  __kasan_krealloc+0x118/0x178
[   16.761729]  krealloc_noprof+0x128/0x360
[   16.761770]  krealloc_less_oob_helper+0x168/0xc50
[   16.761810]  krealloc_less_oob+0x20/0x38
[   16.761851]  kunit_try_run_case+0x170/0x3f0
[   16.761888]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.761961]  kthread+0x328/0x630
[   16.761993]  ret_from_fork+0x10/0x20
[   16.762027] 
[   16.762045] The buggy address belongs to the object at fff00000c1d24e00
[   16.762045]  which belongs to the cache kmalloc-256 of size 256
[   16.762099] The buggy address is located 7 bytes to the right of
[   16.762099]  allocated 201-byte region [fff00000c1d24e00, fff00000c1d24ec9)
[   16.762159] 
[   16.762204] The buggy address belongs to the physical page:
[   16.762235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.762285] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.762358] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.762409] page_type: f5(slab)
[   16.762444] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.762492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.762539] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.762586] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.762633] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.762680] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.762717] page dumped because: kasan: bad access detected
[   16.762747] 
[   16.762764] Memory state around the buggy address:
[   16.762793]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.762864]  fff00000c1d24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.762953] >fff00000c1d24e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.763012]                                                  ^
[   16.763064]  fff00000c1d24f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.763144]  fff00000c1d24f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.763256] ==================================================================
[   16.805852] ==================================================================
[   16.805940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.806479] Write of size 1 at addr fff00000c78aa0d0 by task kunit_try_catch/162
[   16.806554] 
[   16.806597] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.806693] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.806727] Hardware name: linux,dummy-virt (DT)
[   16.806755] Call trace:
[   16.806775]  show_stack+0x20/0x38 (C)
[   16.806824]  dump_stack_lvl+0x8c/0xd0
[   16.806890]  print_report+0x118/0x608
[   16.806938]  kasan_report+0xdc/0x128
[   16.806983]  __asan_report_store1_noabort+0x20/0x30
[   16.807160]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.807217]  krealloc_large_less_oob+0x20/0x38
[   16.807265]  kunit_try_run_case+0x170/0x3f0
[   16.807490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.807658]  kthread+0x328/0x630
[   16.807804]  ret_from_fork+0x10/0x20
[   16.807913] 
[   16.808030] The buggy address belongs to the physical page:
[   16.808085] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.808135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.808196] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.808542] page_type: f8(unknown)
[   16.808685] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.808802] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.808914] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.808994] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.809128] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.809256] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.809397] page dumped because: kasan: bad access detected
[   16.809428] 
[   16.809445] Memory state around the buggy address:
[   16.809533]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.809856]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.810113] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.810206]                                                  ^
[   16.810313]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.810378]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.810416] ==================================================================
[   16.754555] ==================================================================
[   16.754733] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.754811] Write of size 1 at addr fff00000c1d24ec9 by task kunit_try_catch/158
[   16.754883] 
[   16.754923] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.755007] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.755033] Hardware name: linux,dummy-virt (DT)
[   16.755201] Call trace:
[   16.755317]  show_stack+0x20/0x38 (C)
[   16.755526]  dump_stack_lvl+0x8c/0xd0
[   16.755620]  print_report+0x118/0x608
[   16.755742]  kasan_report+0xdc/0x128
[   16.755836]  __asan_report_store1_noabort+0x20/0x30
[   16.755889]  krealloc_less_oob_helper+0xa48/0xc50
[   16.756248]  krealloc_less_oob+0x20/0x38
[   16.756411]  kunit_try_run_case+0x170/0x3f0
[   16.756579]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.756635]  kthread+0x328/0x630
[   16.756678]  ret_from_fork+0x10/0x20
[   16.756728] 
[   16.756746] Allocated by task 158:
[   16.756773]  kasan_save_stack+0x3c/0x68
[   16.756963]  kasan_save_track+0x20/0x40
[   16.757042]  kasan_save_alloc_info+0x40/0x58
[   16.757156]  __kasan_krealloc+0x118/0x178
[   16.757204]  krealloc_noprof+0x128/0x360
[   16.757241]  krealloc_less_oob_helper+0x168/0xc50
[   16.757280]  krealloc_less_oob+0x20/0x38
[   16.757315]  kunit_try_run_case+0x170/0x3f0
[   16.757499]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.757603]  kthread+0x328/0x630
[   16.757683]  ret_from_fork+0x10/0x20
[   16.757731] 
[   16.757750] The buggy address belongs to the object at fff00000c1d24e00
[   16.757750]  which belongs to the cache kmalloc-256 of size 256
[   16.757807] The buggy address is located 0 bytes to the right of
[   16.757807]  allocated 201-byte region [fff00000c1d24e00, fff00000c1d24ec9)
[   16.757868] 
[   16.757891] The buggy address belongs to the physical page:
[   16.757952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.758009] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.758173] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.758290] page_type: f5(slab)
[   16.758365] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.758436] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.758486] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.758533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.758580] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.758743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.758809] page dumped because: kasan: bad access detected
[   16.758918] 
[   16.759021] Memory state around the buggy address:
[   16.759063]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.759143]  fff00000c1d24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.759214] >fff00000c1d24e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.759251]                                               ^
[   16.759285]  fff00000c1d24f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.759363]  fff00000c1d24f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.759556] ==================================================================
[   16.817534] ==================================================================
[   16.817578] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.817693] Write of size 1 at addr fff00000c78aa0eb by task kunit_try_catch/162
[   16.817779] 
[   16.817817] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.817927] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.818061] Hardware name: linux,dummy-virt (DT)
[   16.818169] Call trace:
[   16.818315]  show_stack+0x20/0x38 (C)
[   16.818390]  dump_stack_lvl+0x8c/0xd0
[   16.818537]  print_report+0x118/0x608
[   16.818753]  kasan_report+0xdc/0x128
[   16.818949]  __asan_report_store1_noabort+0x20/0x30
[   16.819036]  krealloc_less_oob_helper+0xa58/0xc50
[   16.819130]  krealloc_large_less_oob+0x20/0x38
[   16.819252]  kunit_try_run_case+0x170/0x3f0
[   16.819443]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.819529]  kthread+0x328/0x630
[   16.819641]  ret_from_fork+0x10/0x20
[   16.819901] 
[   16.819924] The buggy address belongs to the physical page:
[   16.819954] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.820415] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.820578] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.820663] page_type: f8(unknown)
[   16.820716] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.820869] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.821201] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.821272] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.821416] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.821552] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.821707] page dumped because: kasan: bad access detected
[   16.821797] 
[   16.821947] Memory state around the buggy address:
[   16.821990]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.822031]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.822072] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.822108]                                                           ^
[   16.822146]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.822186]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.822625] ==================================================================
[   16.764211] ==================================================================
[   16.764405] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.764461] Write of size 1 at addr fff00000c1d24eda by task kunit_try_catch/158
[   16.764605] 
[   16.764664] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.764743] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.764786] Hardware name: linux,dummy-virt (DT)
[   16.764815] Call trace:
[   16.764836]  show_stack+0x20/0x38 (C)
[   16.764901]  dump_stack_lvl+0x8c/0xd0
[   16.764948]  print_report+0x118/0x608
[   16.764993]  kasan_report+0xdc/0x128
[   16.765234]  __asan_report_store1_noabort+0x20/0x30
[   16.765298]  krealloc_less_oob_helper+0xa80/0xc50
[   16.765379]  krealloc_less_oob+0x20/0x38
[   16.765444]  kunit_try_run_case+0x170/0x3f0
[   16.765510]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.765569]  kthread+0x328/0x630
[   16.765637]  ret_from_fork+0x10/0x20
[   16.765731] 
[   16.765779] Allocated by task 158:
[   16.765807]  kasan_save_stack+0x3c/0x68
[   16.765873]  kasan_save_track+0x20/0x40
[   16.766026]  kasan_save_alloc_info+0x40/0x58
[   16.766136]  __kasan_krealloc+0x118/0x178
[   16.766175]  krealloc_noprof+0x128/0x360
[   16.766211]  krealloc_less_oob_helper+0x168/0xc50
[   16.766250]  krealloc_less_oob+0x20/0x38
[   16.766285]  kunit_try_run_case+0x170/0x3f0
[   16.766322]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.766431]  kthread+0x328/0x630
[   16.766474]  ret_from_fork+0x10/0x20
[   16.766509] 
[   16.766527] The buggy address belongs to the object at fff00000c1d24e00
[   16.766527]  which belongs to the cache kmalloc-256 of size 256
[   16.766589] The buggy address is located 17 bytes to the right of
[   16.766589]  allocated 201-byte region [fff00000c1d24e00, fff00000c1d24ec9)
[   16.766691] 
[   16.766769] The buggy address belongs to the physical page:
[   16.766824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.766921] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.766998] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.767085] page_type: f5(slab)
[   16.767202] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.767328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.767455] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.767567] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.767617] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.767936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.768073] page dumped because: kasan: bad access detected
[   16.768151] 
[   16.768189] Memory state around the buggy address:
[   16.768218]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.768383]  fff00000c1d24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.768646] >fff00000c1d24e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.768724]                                                     ^
[   16.768807]  fff00000c1d24f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.768893]  fff00000c1d24f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.768940] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6YfNos6w8xohFb8qFQv3OHbb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6YfNos6w8xohFb8qFQv3OHbb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/Image.gz
sha256sum	5777f0c14b003f9164a55cf9da149f541eebfde18dd695220d32c2a687f9babe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/modules.tar.xz
sha256sum	3d1cdbe99292ade1bea537f77888a5f86577293975d366777e0dc375bac545b3

durations

tests

boot	0
kunit	172.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.262767] ==================================================================
[   12.263303] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.263622] Write of size 1 at addr ffff888100a964da by task kunit_try_catch/175
[   12.263871] 
[   12.264157] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.264202] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.264213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.264233] Call Trace:
[   12.264248]  <TASK>
[   12.264263]  dump_stack_lvl+0x73/0xb0
[   12.264292]  print_report+0xd1/0x650
[   12.264314]  ? __virt_addr_valid+0x1db/0x2d0
[   12.264336]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.264360]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.264382]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.264406]  kasan_report+0x141/0x180
[   12.264427]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.264455]  __asan_report_store1_noabort+0x1b/0x30
[   12.264480]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.264505]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.264530]  ? finish_task_switch.isra.0+0x153/0x700
[   12.264553]  ? __switch_to+0x47/0xf50
[   12.264577]  ? __schedule+0x10cc/0x2b60
[   12.264598]  ? __pfx_read_tsc+0x10/0x10
[   12.264621]  krealloc_less_oob+0x1c/0x30
[   12.264642]  kunit_try_run_case+0x1a5/0x480
[   12.264666]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.264688]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.264711]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.264734]  ? __kthread_parkme+0x82/0x180
[   12.264753]  ? preempt_count_sub+0x50/0x80
[   12.264775]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.264799]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.264841]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.264866]  kthread+0x337/0x6f0
[   12.264884]  ? trace_preempt_on+0x20/0xc0
[   12.264907]  ? __pfx_kthread+0x10/0x10
[   12.264927]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.264996]  ? calculate_sigpending+0x7b/0xa0
[   12.265021]  ? __pfx_kthread+0x10/0x10
[   12.265056]  ret_from_fork+0x116/0x1d0
[   12.265074]  ? __pfx_kthread+0x10/0x10
[   12.265094]  ret_from_fork_asm+0x1a/0x30
[   12.265125]  </TASK>
[   12.265134] 
[   12.273329] Allocated by task 175:
[   12.273459]  kasan_save_stack+0x45/0x70
[   12.273658]  kasan_save_track+0x18/0x40
[   12.274021]  kasan_save_alloc_info+0x3b/0x50
[   12.274289]  __kasan_krealloc+0x190/0x1f0
[   12.274477]  krealloc_noprof+0xf3/0x340
[   12.274613]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.274863]  krealloc_less_oob+0x1c/0x30
[   12.275136]  kunit_try_run_case+0x1a5/0x480
[   12.275344]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.275520]  kthread+0x337/0x6f0
[   12.275639]  ret_from_fork+0x116/0x1d0
[   12.275796]  ret_from_fork_asm+0x1a/0x30
[   12.276167] 
[   12.276269] The buggy address belongs to the object at ffff888100a96400
[   12.276269]  which belongs to the cache kmalloc-256 of size 256
[   12.276798] The buggy address is located 17 bytes to the right of
[   12.276798]  allocated 201-byte region [ffff888100a96400, ffff888100a964c9)
[   12.277405] 
[   12.277485] The buggy address belongs to the physical page:
[   12.277657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   12.278227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.278729] flags: 0x200000000000040(head|node=0|zone=2)
[   12.278901] page_type: f5(slab)
[   12.279018] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.279811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.280281] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.280518] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.281042] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   12.281378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.281633] page dumped because: kasan: bad access detected
[   12.281896] 
[   12.281988] Memory state around the buggy address:
[   12.282180]  ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.282613]  ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.283131] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.283406]                                                     ^
[   12.283663]  ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.284070]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.284290] ==================================================================
[   12.307333] ==================================================================
[   12.307601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.308046] Write of size 1 at addr ffff888100a964eb by task kunit_try_catch/175
[   12.308280] 
[   12.308389] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.308429] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.308439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.308458] Call Trace:
[   12.308472]  <TASK>
[   12.308485]  dump_stack_lvl+0x73/0xb0
[   12.308514]  print_report+0xd1/0x650
[   12.308538]  ? __virt_addr_valid+0x1db/0x2d0
[   12.308563]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308592]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.308615]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308640]  kasan_report+0x141/0x180
[   12.308661]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308689]  __asan_report_store1_noabort+0x1b/0x30
[   12.308714]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.308739]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.308766]  ? finish_task_switch.isra.0+0x153/0x700
[   12.308789]  ? __switch_to+0x47/0xf50
[   12.308813]  ? __schedule+0x10cc/0x2b60
[   12.308834]  ? __pfx_read_tsc+0x10/0x10
[   12.308857]  krealloc_less_oob+0x1c/0x30
[   12.308878]  kunit_try_run_case+0x1a5/0x480
[   12.308902]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.308925]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.309165]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.309191]  ? __kthread_parkme+0x82/0x180
[   12.309211]  ? preempt_count_sub+0x50/0x80
[   12.309234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.309258]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.309283]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.309308]  kthread+0x337/0x6f0
[   12.309326]  ? trace_preempt_on+0x20/0xc0
[   12.309349]  ? __pfx_kthread+0x10/0x10
[   12.309369]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.309390]  ? calculate_sigpending+0x7b/0xa0
[   12.309413]  ? __pfx_kthread+0x10/0x10
[   12.309434]  ret_from_fork+0x116/0x1d0
[   12.309479]  ? __pfx_kthread+0x10/0x10
[   12.309500]  ret_from_fork_asm+0x1a/0x30
[   12.309530]  </TASK>
[   12.309539] 
[   12.317703] Allocated by task 175:
[   12.317985]  kasan_save_stack+0x45/0x70
[   12.318171]  kasan_save_track+0x18/0x40
[   12.318333]  kasan_save_alloc_info+0x3b/0x50
[   12.318540]  __kasan_krealloc+0x190/0x1f0
[   12.318703]  krealloc_noprof+0xf3/0x340
[   12.318853]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.319254]  krealloc_less_oob+0x1c/0x30
[   12.319486]  kunit_try_run_case+0x1a5/0x480
[   12.319669]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.319845]  kthread+0x337/0x6f0
[   12.319968]  ret_from_fork+0x116/0x1d0
[   12.320305]  ret_from_fork_asm+0x1a/0x30
[   12.320503] 
[   12.320599] The buggy address belongs to the object at ffff888100a96400
[   12.320599]  which belongs to the cache kmalloc-256 of size 256
[   12.321406] The buggy address is located 34 bytes to the right of
[   12.321406]  allocated 201-byte region [ffff888100a96400, ffff888100a964c9)
[   12.321990] 
[   12.322137] The buggy address belongs to the physical page:
[   12.322394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   12.322763] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.323243] flags: 0x200000000000040(head|node=0|zone=2)
[   12.323517] page_type: f5(slab)
[   12.323687] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.324176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.324531] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.325135] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.325446] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   12.325898] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.326239] page dumped because: kasan: bad access detected
[   12.326492] 
[   12.326612] Memory state around the buggy address:
[   12.326884]  ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.327286]  ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.327580] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.328024]                                                           ^
[   12.328287]  ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.328607]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.328932] ==================================================================
[   12.203925] ==================================================================
[   12.204408] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.204732] Write of size 1 at addr ffff888100a964c9 by task kunit_try_catch/175
[   12.205257] 
[   12.205372] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.205417] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.205688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.205712] Call Trace:
[   12.205723]  <TASK>
[   12.205738]  dump_stack_lvl+0x73/0xb0
[   12.205781]  print_report+0xd1/0x650
[   12.205803]  ? __virt_addr_valid+0x1db/0x2d0
[   12.205825]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.205859]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.205942]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.205967]  kasan_report+0x141/0x180
[   12.205988]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.206025]  __asan_report_store1_noabort+0x1b/0x30
[   12.206061]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.206098]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.206123]  ? finish_task_switch.isra.0+0x153/0x700
[   12.206146]  ? __switch_to+0x47/0xf50
[   12.206172]  ? __schedule+0x10cc/0x2b60
[   12.206193]  ? __pfx_read_tsc+0x10/0x10
[   12.206217]  krealloc_less_oob+0x1c/0x30
[   12.206239]  kunit_try_run_case+0x1a5/0x480
[   12.206264]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.206287]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.206310]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.206335]  ? __kthread_parkme+0x82/0x180
[   12.206356]  ? preempt_count_sub+0x50/0x80
[   12.206378]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.206402]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.206427]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.206452]  kthread+0x337/0x6f0
[   12.206472]  ? trace_preempt_on+0x20/0xc0
[   12.206496]  ? __pfx_kthread+0x10/0x10
[   12.206516]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.206538]  ? calculate_sigpending+0x7b/0xa0
[   12.206561]  ? __pfx_kthread+0x10/0x10
[   12.206581]  ret_from_fork+0x116/0x1d0
[   12.206599]  ? __pfx_kthread+0x10/0x10
[   12.206619]  ret_from_fork_asm+0x1a/0x30
[   12.206649]  </TASK>
[   12.206659] 
[   12.215261] Allocated by task 175:
[   12.215393]  kasan_save_stack+0x45/0x70
[   12.215580]  kasan_save_track+0x18/0x40
[   12.215769]  kasan_save_alloc_info+0x3b/0x50
[   12.216008]  __kasan_krealloc+0x190/0x1f0
[   12.216162]  krealloc_noprof+0xf3/0x340
[   12.216298]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.216869]  krealloc_less_oob+0x1c/0x30
[   12.217225]  kunit_try_run_case+0x1a5/0x480
[   12.217483]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.217667]  kthread+0x337/0x6f0
[   12.217790]  ret_from_fork+0x116/0x1d0
[   12.217966]  ret_from_fork_asm+0x1a/0x30
[   12.218168] 
[   12.218274] The buggy address belongs to the object at ffff888100a96400
[   12.218274]  which belongs to the cache kmalloc-256 of size 256
[   12.218797] The buggy address is located 0 bytes to the right of
[   12.218797]  allocated 201-byte region [ffff888100a96400, ffff888100a964c9)
[   12.219704] 
[   12.219806] The buggy address belongs to the physical page:
[   12.220262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   12.220603] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.221088] flags: 0x200000000000040(head|node=0|zone=2)
[   12.221340] page_type: f5(slab)
[   12.221512] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.221768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.222383] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.222673] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.223237] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   12.223572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.224054] page dumped because: kasan: bad access detected
[   12.224293] 
[   12.224363] Memory state around the buggy address:
[   12.224532]  ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.224851]  ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.225104] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.225417]                                               ^
[   12.225645]  ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.225888]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.226249] ==================================================================
[   12.420198] ==================================================================
[   12.420487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.420784] Write of size 1 at addr ffff888102a520ea by task kunit_try_catch/179
[   12.421259] 
[   12.421344] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.421383] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.421393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.421411] Call Trace:
[   12.421423]  <TASK>
[   12.421435]  dump_stack_lvl+0x73/0xb0
[   12.421462]  print_report+0xd1/0x650
[   12.421483]  ? __virt_addr_valid+0x1db/0x2d0
[   12.421504]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.421528]  ? kasan_addr_to_slab+0x11/0xa0
[   12.421548]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.421572]  kasan_report+0x141/0x180
[   12.421593]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.421621]  __asan_report_store1_noabort+0x1b/0x30
[   12.421646]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.421671]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.421696]  ? finish_task_switch.isra.0+0x153/0x700
[   12.421718]  ? __switch_to+0x47/0xf50
[   12.421743]  ? __schedule+0x10cc/0x2b60
[   12.421763]  ? __pfx_read_tsc+0x10/0x10
[   12.421786]  krealloc_large_less_oob+0x1c/0x30
[   12.421890]  kunit_try_run_case+0x1a5/0x480
[   12.421913]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.421936]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.421975]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.421999]  ? __kthread_parkme+0x82/0x180
[   12.422018]  ? preempt_count_sub+0x50/0x80
[   12.422049]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.422073]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.422097]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.422122]  kthread+0x337/0x6f0
[   12.422140]  ? trace_preempt_on+0x20/0xc0
[   12.422163]  ? __pfx_kthread+0x10/0x10
[   12.422183]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.422203]  ? calculate_sigpending+0x7b/0xa0
[   12.422226]  ? __pfx_kthread+0x10/0x10
[   12.422247]  ret_from_fork+0x116/0x1d0
[   12.422265]  ? __pfx_kthread+0x10/0x10
[   12.422285]  ret_from_fork_asm+0x1a/0x30
[   12.422315]  </TASK>
[   12.422324] 
[   12.432101] The buggy address belongs to the physical page:
[   12.432350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50
[   12.432672] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.433532] flags: 0x200000000000040(head|node=0|zone=2)
[   12.434163] page_type: f8(unknown)
[   12.434391] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.435044] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.435535] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.436169] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.436724] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff
[   12.437477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.438083] page dumped because: kasan: bad access detected
[   12.438448] 
[   12.438543] Memory state around the buggy address:
[   12.438753]  ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.439378]  ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.439679] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.439978]                                                           ^
[   12.440257]  ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.440546]  ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.440833] ==================================================================
[   12.371383] ==================================================================
[   12.371855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.372196] Write of size 1 at addr ffff888102a520c9 by task kunit_try_catch/179
[   12.372497] 
[   12.372593] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.372636] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.372647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.372666] Call Trace:
[   12.372679]  <TASK>
[   12.372693]  dump_stack_lvl+0x73/0xb0
[   12.372722]  print_report+0xd1/0x650
[   12.372743]  ? __virt_addr_valid+0x1db/0x2d0
[   12.372765]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.372788]  ? kasan_addr_to_slab+0x11/0xa0
[   12.372807]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.372829]  kasan_report+0x141/0x180
[   12.372850]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.372877]  __asan_report_store1_noabort+0x1b/0x30
[   12.372900]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.372924]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.372947]  ? finish_task_switch.isra.0+0x153/0x700
[   12.372969]  ? __switch_to+0x47/0xf50
[   12.372993]  ? __schedule+0x10cc/0x2b60
[   12.373013]  ? __pfx_read_tsc+0x10/0x10
[   12.373073]  krealloc_large_less_oob+0x1c/0x30
[   12.373098]  kunit_try_run_case+0x1a5/0x480
[   12.373125]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.373149]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.373173]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.373196]  ? __kthread_parkme+0x82/0x180
[   12.373227]  ? preempt_count_sub+0x50/0x80
[   12.373256]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.373280]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.373304]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.373329]  kthread+0x337/0x6f0
[   12.373348]  ? trace_preempt_on+0x20/0xc0
[   12.373371]  ? __pfx_kthread+0x10/0x10
[   12.373391]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.373412]  ? calculate_sigpending+0x7b/0xa0
[   12.373436]  ? __pfx_kthread+0x10/0x10
[   12.373456]  ret_from_fork+0x116/0x1d0
[   12.373474]  ? __pfx_kthread+0x10/0x10
[   12.373511]  ret_from_fork_asm+0x1a/0x30
[   12.373541]  </TASK>
[   12.373551] 
[   12.381464] The buggy address belongs to the physical page:
[   12.381729] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50
[   12.382095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.382444] flags: 0x200000000000040(head|node=0|zone=2)
[   12.382658] page_type: f8(unknown)
[   12.382928] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.383277] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.383618] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.383984] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.384231] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff
[   12.384570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.385089] page dumped because: kasan: bad access detected
[   12.385313] 
[   12.385410] Memory state around the buggy address:
[   12.385596]  ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.385851]  ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.386185] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.386504]                                               ^
[   12.386734]  ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.387146]  ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.387421] ==================================================================
[   12.404083] ==================================================================
[   12.404384] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.404678] Write of size 1 at addr ffff888102a520da by task kunit_try_catch/179
[   12.405170] 
[   12.405273] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.405312] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.405322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.405341] Call Trace:
[   12.405354]  <TASK>
[   12.405367]  dump_stack_lvl+0x73/0xb0
[   12.405397]  print_report+0xd1/0x650
[   12.405419]  ? __virt_addr_valid+0x1db/0x2d0
[   12.405441]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.405465]  ? kasan_addr_to_slab+0x11/0xa0
[   12.405486]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.405510]  kasan_report+0x141/0x180
[   12.405532]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.405560]  __asan_report_store1_noabort+0x1b/0x30
[   12.405585]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.405610]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.405635]  ? finish_task_switch.isra.0+0x153/0x700
[   12.405657]  ? __switch_to+0x47/0xf50
[   12.405681]  ? __schedule+0x10cc/0x2b60
[   12.405702]  ? __pfx_read_tsc+0x10/0x10
[   12.405726]  krealloc_large_less_oob+0x1c/0x30
[   12.405748]  kunit_try_run_case+0x1a5/0x480
[   12.405771]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.405869]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.405897]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.405921]  ? __kthread_parkme+0x82/0x180
[   12.405941]  ? preempt_count_sub+0x50/0x80
[   12.405979]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.406005]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.406039]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.406064]  kthread+0x337/0x6f0
[   12.406082]  ? trace_preempt_on+0x20/0xc0
[   12.406105]  ? __pfx_kthread+0x10/0x10
[   12.406125]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.406146]  ? calculate_sigpending+0x7b/0xa0
[   12.406169]  ? __pfx_kthread+0x10/0x10
[   12.406190]  ret_from_fork+0x116/0x1d0
[   12.406208]  ? __pfx_kthread+0x10/0x10
[   12.406229]  ret_from_fork_asm+0x1a/0x30
[   12.406259]  </TASK>
[   12.406268] 
[   12.413672] The buggy address belongs to the physical page:
[   12.414027] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50
[   12.414399] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.414734] flags: 0x200000000000040(head|node=0|zone=2)
[   12.415087] page_type: f8(unknown)
[   12.415259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.415564] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.415917] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.416191] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.416485] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff
[   12.416980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.417361] page dumped because: kasan: bad access detected
[   12.417537] 
[   12.417606] Memory state around the buggy address:
[   12.417770]  ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.418198]  ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.418518] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.418895]                                                     ^
[   12.419190]  ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.419470]  ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.419765] ==================================================================
[   12.284764] ==================================================================
[   12.285265] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.285727] Write of size 1 at addr ffff888100a964ea by task kunit_try_catch/175
[   12.286142] 
[   12.286249] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.286292] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.286302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.286321] Call Trace:
[   12.286335]  <TASK>
[   12.286349]  dump_stack_lvl+0x73/0xb0
[   12.286377]  print_report+0xd1/0x650
[   12.286397]  ? __virt_addr_valid+0x1db/0x2d0
[   12.286419]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.286442]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.286464]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.286488]  kasan_report+0x141/0x180
[   12.286509]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.286537]  __asan_report_store1_noabort+0x1b/0x30
[   12.286561]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.286587]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.286612]  ? finish_task_switch.isra.0+0x153/0x700
[   12.286633]  ? __switch_to+0x47/0xf50
[   12.286657]  ? __schedule+0x10cc/0x2b60
[   12.286677]  ? __pfx_read_tsc+0x10/0x10
[   12.286701]  krealloc_less_oob+0x1c/0x30
[   12.286721]  kunit_try_run_case+0x1a5/0x480
[   12.286746]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.286768]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.286791]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.286815]  ? __kthread_parkme+0x82/0x180
[   12.286989]  ? preempt_count_sub+0x50/0x80
[   12.287013]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.287053]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.287078]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.287102]  kthread+0x337/0x6f0
[   12.287120]  ? trace_preempt_on+0x20/0xc0
[   12.287143]  ? __pfx_kthread+0x10/0x10
[   12.287163]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.287184]  ? calculate_sigpending+0x7b/0xa0
[   12.287207]  ? __pfx_kthread+0x10/0x10
[   12.287228]  ret_from_fork+0x116/0x1d0
[   12.287246]  ? __pfx_kthread+0x10/0x10
[   12.287265]  ret_from_fork_asm+0x1a/0x30
[   12.287295]  </TASK>
[   12.287304] 
[   12.295688] Allocated by task 175:
[   12.295929]  kasan_save_stack+0x45/0x70
[   12.296157]  kasan_save_track+0x18/0x40
[   12.296347]  kasan_save_alloc_info+0x3b/0x50
[   12.296559]  __kasan_krealloc+0x190/0x1f0
[   12.296746]  krealloc_noprof+0xf3/0x340
[   12.297110]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.297315]  krealloc_less_oob+0x1c/0x30
[   12.297464]  kunit_try_run_case+0x1a5/0x480
[   12.297673]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.297896]  kthread+0x337/0x6f0
[   12.298158]  ret_from_fork+0x116/0x1d0
[   12.298369]  ret_from_fork_asm+0x1a/0x30
[   12.298602] 
[   12.298692] The buggy address belongs to the object at ffff888100a96400
[   12.298692]  which belongs to the cache kmalloc-256 of size 256
[   12.299392] The buggy address is located 33 bytes to the right of
[   12.299392]  allocated 201-byte region [ffff888100a96400, ffff888100a964c9)
[   12.299789] 
[   12.299988] The buggy address belongs to the physical page:
[   12.300452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   12.300744] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.300995] flags: 0x200000000000040(head|node=0|zone=2)
[   12.301281] page_type: f5(slab)
[   12.301599] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.302050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.302399] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.302712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.302943] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   12.303285] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.303712] page dumped because: kasan: bad access detected
[   12.303882] 
[   12.303957] Memory state around the buggy address:
[   12.304122]  ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.304938]  ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.305409] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.305720]                                                           ^
[   12.306194]  ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.306450]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.306760] ==================================================================
[   12.442389] ==================================================================
[   12.442758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.443359] Write of size 1 at addr ffff888102a520eb by task kunit_try_catch/179
[   12.444040] 
[   12.444256] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.444301] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.444313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.444331] Call Trace:
[   12.444443]  <TASK>
[   12.444460]  dump_stack_lvl+0x73/0xb0
[   12.444491]  print_report+0xd1/0x650
[   12.444512]  ? __virt_addr_valid+0x1db/0x2d0
[   12.444534]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.444557]  ? kasan_addr_to_slab+0x11/0xa0
[   12.444609]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.444634]  kasan_report+0x141/0x180
[   12.444655]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.444683]  __asan_report_store1_noabort+0x1b/0x30
[   12.444708]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.444734]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.444758]  ? finish_task_switch.isra.0+0x153/0x700
[   12.444779]  ? __switch_to+0x47/0xf50
[   12.444987]  ? __schedule+0x10cc/0x2b60
[   12.445015]  ? __pfx_read_tsc+0x10/0x10
[   12.445050]  krealloc_large_less_oob+0x1c/0x30
[   12.445074]  kunit_try_run_case+0x1a5/0x480
[   12.445097]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.445121]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.445149]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.445173]  ? __kthread_parkme+0x82/0x180
[   12.445193]  ? preempt_count_sub+0x50/0x80
[   12.445215]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.445239]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.445263]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.445287]  kthread+0x337/0x6f0
[   12.445306]  ? trace_preempt_on+0x20/0xc0
[   12.445328]  ? __pfx_kthread+0x10/0x10
[   12.445347]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.445368]  ? calculate_sigpending+0x7b/0xa0
[   12.445392]  ? __pfx_kthread+0x10/0x10
[   12.445413]  ret_from_fork+0x116/0x1d0
[   12.445430]  ? __pfx_kthread+0x10/0x10
[   12.445450]  ret_from_fork_asm+0x1a/0x30
[   12.445480]  </TASK>
[   12.445490] 
[   12.456663] The buggy address belongs to the physical page:
[   12.457354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50
[   12.458076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.458464] flags: 0x200000000000040(head|node=0|zone=2)
[   12.458703] page_type: f8(unknown)
[   12.459221] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.459581] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.460245] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.460582] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.461369] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff
[   12.461707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.462339] page dumped because: kasan: bad access detected
[   12.462588] 
[   12.462678] Memory state around the buggy address:
[   12.463027]  ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.463343]  ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.463634] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.464314]                                                           ^
[   12.464545]  ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.464982]  ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.465296] ==================================================================
[   12.226998] ==================================================================
[   12.227323] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.227646] Write of size 1 at addr ffff888100a964d0 by task kunit_try_catch/175
[   12.228181] 
[   12.228300] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.228341] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.228351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.228484] Call Trace:
[   12.228502]  <TASK>
[   12.228515]  dump_stack_lvl+0x73/0xb0
[   12.228545]  print_report+0xd1/0x650
[   12.228566]  ? __virt_addr_valid+0x1db/0x2d0
[   12.228587]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.228611]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.228633]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.228657]  kasan_report+0x141/0x180
[   12.228678]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.228717]  __asan_report_store1_noabort+0x1b/0x30
[   12.228742]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.228779]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.228803]  ? finish_task_switch.isra.0+0x153/0x700
[   12.228825]  ? __switch_to+0x47/0xf50
[   12.228849]  ? __schedule+0x10cc/0x2b60
[   12.228870]  ? __pfx_read_tsc+0x10/0x10
[   12.228934]  krealloc_less_oob+0x1c/0x30
[   12.228958]  kunit_try_run_case+0x1a5/0x480
[   12.228983]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.229005]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.229039]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.229062]  ? __kthread_parkme+0x82/0x180
[   12.229082]  ? preempt_count_sub+0x50/0x80
[   12.229128]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.229152]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.229187]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.229212]  kthread+0x337/0x6f0
[   12.229230]  ? trace_preempt_on+0x20/0xc0
[   12.229252]  ? __pfx_kthread+0x10/0x10
[   12.229281]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.229302]  ? calculate_sigpending+0x7b/0xa0
[   12.229326]  ? __pfx_kthread+0x10/0x10
[   12.229358]  ret_from_fork+0x116/0x1d0
[   12.229376]  ? __pfx_kthread+0x10/0x10
[   12.229396]  ret_from_fork_asm+0x1a/0x30
[   12.229426]  </TASK>
[   12.229444] 
[   12.241554] Allocated by task 175:
[   12.242403]  kasan_save_stack+0x45/0x70
[   12.243081]  kasan_save_track+0x18/0x40
[   12.244117]  kasan_save_alloc_info+0x3b/0x50
[   12.244705]  __kasan_krealloc+0x190/0x1f0
[   12.244874]  krealloc_noprof+0xf3/0x340
[   12.245012]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.245188]  krealloc_less_oob+0x1c/0x30
[   12.245326]  kunit_try_run_case+0x1a5/0x480
[   12.245475]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.245651]  kthread+0x337/0x6f0
[   12.245770]  ret_from_fork+0x116/0x1d0
[   12.245901]  ret_from_fork_asm+0x1a/0x30
[   12.246509] 
[   12.246744] The buggy address belongs to the object at ffff888100a96400
[   12.246744]  which belongs to the cache kmalloc-256 of size 256
[   12.248671] The buggy address is located 7 bytes to the right of
[   12.248671]  allocated 201-byte region [ffff888100a96400, ffff888100a964c9)
[   12.250314] 
[   12.250661] The buggy address belongs to the physical page:
[   12.251386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   12.252390] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.253369] flags: 0x200000000000040(head|node=0|zone=2)
[   12.254069] page_type: f5(slab)
[   12.254597] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.255474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.256113] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.257073] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.257538] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   12.257776] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.258404] page dumped because: kasan: bad access detected
[   12.258957] 
[   12.259162] Memory state around the buggy address:
[   12.259600]  ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.260148]  ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.260756] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.261324]                                                  ^
[   12.261510]  ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.261725]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.261952] ==================================================================
[   12.387950] ==================================================================
[   12.388206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.388506] Write of size 1 at addr ffff888102a520d0 by task kunit_try_catch/179
[   12.388992] 
[   12.389090] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.389129] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.389140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.389157] Call Trace:
[   12.389168]  <TASK>
[   12.389181]  dump_stack_lvl+0x73/0xb0
[   12.389208]  print_report+0xd1/0x650
[   12.389230]  ? __virt_addr_valid+0x1db/0x2d0
[   12.389252]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.389276]  ? kasan_addr_to_slab+0x11/0xa0
[   12.389296]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.389320]  kasan_report+0x141/0x180
[   12.389341]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.389370]  __asan_report_store1_noabort+0x1b/0x30
[   12.389395]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.389420]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.389445]  ? finish_task_switch.isra.0+0x153/0x700
[   12.389467]  ? __switch_to+0x47/0xf50
[   12.389490]  ? __schedule+0x10cc/0x2b60
[   12.389511]  ? __pfx_read_tsc+0x10/0x10
[   12.389534]  krealloc_large_less_oob+0x1c/0x30
[   12.389556]  kunit_try_run_case+0x1a5/0x480
[   12.389579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.389601]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.389624]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.389647]  ? __kthread_parkme+0x82/0x180
[   12.389667]  ? preempt_count_sub+0x50/0x80
[   12.389689]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.389713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.389737]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.389761]  kthread+0x337/0x6f0
[   12.389779]  ? trace_preempt_on+0x20/0xc0
[   12.389870]  ? __pfx_kthread+0x10/0x10
[   12.389894]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.389933]  ? calculate_sigpending+0x7b/0xa0
[   12.389957]  ? __pfx_kthread+0x10/0x10
[   12.389978]  ret_from_fork+0x116/0x1d0
[   12.389996]  ? __pfx_kthread+0x10/0x10
[   12.390016]  ret_from_fork_asm+0x1a/0x30
[   12.390054]  </TASK>
[   12.390064] 
[   12.397867] The buggy address belongs to the physical page:
[   12.398074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50
[   12.398428] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.398733] flags: 0x200000000000040(head|node=0|zone=2)
[   12.398956] page_type: f8(unknown)
[   12.399233] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.399549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.399913] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.400231] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.400462] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff
[   12.400713] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.401220] page dumped because: kasan: bad access detected
[   12.401472] 
[   12.401563] Memory state around the buggy address:
[   12.401743]  ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.402116]  ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.402365] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.402684]                                                  ^
[   12.403061]  ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.403357]  ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.403608] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6ZNztcGXg2O8uNeKx6V5kr88

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6ZNztcGXg2O8uNeKx6V5kr88

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/bzImage
sha256sum	1e1574ecc8c4221677c1bc00b6aa400c5a95520bd7b8881c6e36fd86dc7a4db6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/modules.tar.xz
sha256sum	56cebba46b14ff78df64e8cde24854df1e7692bca96ad63f09d123563bd0e53d

durations

tests

boot	0
kunit	218.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit