lkft/sashal-linus-next - v6.13-rc7-43689-g85c2c095929a - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 16, 2025, 3:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.530284] ==================================================================
[   16.530487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.530671] Write of size 1 at addr fff00000c638a2da by task kunit_try_catch/158
[   16.530813] 
[   16.530847] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.530927] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.530996] Hardware name: linux,dummy-virt (DT)
[   16.531064] Call trace:
[   16.531113]  show_stack+0x20/0x38 (C)
[   16.531291]  dump_stack_lvl+0x8c/0xd0
[   16.531537]  print_report+0x118/0x5d0
[   16.531624]  kasan_report+0xdc/0x128
[   16.531699]  __asan_report_store1_noabort+0x20/0x30
[   16.531902]  krealloc_less_oob_helper+0xa80/0xc50
[   16.531979]  krealloc_less_oob+0x20/0x38
[   16.532146]  kunit_try_run_case+0x170/0x3f0
[   16.532244]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.532381]  kthread+0x328/0x630
[   16.532423]  ret_from_fork+0x10/0x20
[   16.532496] 
[   16.532643] Allocated by task 158:
[   16.532694]  kasan_save_stack+0x3c/0x68
[   16.532913]  kasan_save_track+0x20/0x40
[   16.533149]  kasan_save_alloc_info+0x40/0x58
[   16.533368]  __kasan_krealloc+0x118/0x178
[   16.533538]  krealloc_noprof+0x128/0x360
[   16.533593]  krealloc_less_oob_helper+0x168/0xc50
[   16.533741]  krealloc_less_oob+0x20/0x38
[   16.533810]  kunit_try_run_case+0x170/0x3f0
[   16.534009]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.534203]  kthread+0x328/0x630
[   16.534284]  ret_from_fork+0x10/0x20
[   16.534412] 
[   16.534430] The buggy address belongs to the object at fff00000c638a200
[   16.534430]  which belongs to the cache kmalloc-256 of size 256
[   16.534491] The buggy address is located 17 bytes to the right of
[   16.534491]  allocated 201-byte region [fff00000c638a200, fff00000c638a2c9)
[   16.534567] 
[   16.534593] The buggy address belongs to the physical page:
[   16.534625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.534677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.534894] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.535046] page_type: f5(slab)
[   16.535103] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.535287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.535363] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.535520] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.535596] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.535661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.535703] page dumped because: kasan: bad access detected
[   16.536080] 
[   16.536300] Memory state around the buggy address:
[   16.536370]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.536434]  fff00000c638a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.536545] >fff00000c638a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.536612]                                                     ^
[   16.536701]  fff00000c638a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.536755]  fff00000c638a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.536792] ==================================================================
[   16.523164] ==================================================================
[   16.523212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.523273] Write of size 1 at addr fff00000c638a2d0 by task kunit_try_catch/158
[   16.523322] 
[   16.523351] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.523429] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.523454] Hardware name: linux,dummy-virt (DT)
[   16.523483] Call trace:
[   16.523504]  show_stack+0x20/0x38 (C)
[   16.523550]  dump_stack_lvl+0x8c/0xd0
[   16.523595]  print_report+0x118/0x5d0
[   16.523641]  kasan_report+0xdc/0x128
[   16.523685]  __asan_report_store1_noabort+0x20/0x30
[   16.524876]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.524956]  krealloc_less_oob+0x20/0x38
[   16.525014]  kunit_try_run_case+0x170/0x3f0
[   16.525081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.525147]  kthread+0x328/0x630
[   16.525189]  ret_from_fork+0x10/0x20
[   16.525254] 
[   16.525271] Allocated by task 158:
[   16.525313]  kasan_save_stack+0x3c/0x68
[   16.525403]  kasan_save_track+0x20/0x40
[   16.525462]  kasan_save_alloc_info+0x40/0x58
[   16.525502]  __kasan_krealloc+0x118/0x178
[   16.525544]  krealloc_noprof+0x128/0x360
[   16.525586]  krealloc_less_oob_helper+0x168/0xc50
[   16.525624]  krealloc_less_oob+0x20/0x38
[   16.525658]  kunit_try_run_case+0x170/0x3f0
[   16.525694]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.525883]  kthread+0x328/0x630
[   16.525926]  ret_from_fork+0x10/0x20
[   16.526139] 
[   16.526296] The buggy address belongs to the object at fff00000c638a200
[   16.526296]  which belongs to the cache kmalloc-256 of size 256
[   16.526495] The buggy address is located 7 bytes to the right of
[   16.526495]  allocated 201-byte region [fff00000c638a200, fff00000c638a2c9)
[   16.526578] 
[   16.526788] The buggy address belongs to the physical page:
[   16.526829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.526964] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.527058] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.527177] page_type: f5(slab)
[   16.527240] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.527418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.527471] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.527534] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.527879] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.528011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.528089] page dumped because: kasan: bad access detected
[   16.528253] 
[   16.528283] Memory state around the buggy address:
[   16.528349]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.528651]  fff00000c638a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.528785] >fff00000c638a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.528942]                                                  ^
[   16.529050]  fff00000c638a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.529187]  fff00000c638a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.529256] ==================================================================
[   16.612819] ==================================================================
[   16.612870] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.612926] Write of size 1 at addr fff00000c78960d0 by task kunit_try_catch/162
[   16.612975] 
[   16.613007] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.613085] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.613110] Hardware name: linux,dummy-virt (DT)
[   16.614735] Call trace:
[   16.614769]  show_stack+0x20/0x38 (C)
[   16.614823]  dump_stack_lvl+0x8c/0xd0
[   16.614870]  print_report+0x118/0x5d0
[   16.614917]  kasan_report+0xdc/0x128
[   16.614962]  __asan_report_store1_noabort+0x20/0x30
[   16.615013]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.615060]  krealloc_large_less_oob+0x20/0x38
[   16.615107]  kunit_try_run_case+0x170/0x3f0
[   16.615153]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.615205]  kthread+0x328/0x630
[   16.615245]  ret_from_fork+0x10/0x20
[   16.615291] 
[   16.615310] The buggy address belongs to the physical page:
[   16.615341] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.615512] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.615579] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.615630] page_type: f8(unknown)
[   16.615667] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.615726] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.615774] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.615824] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.615932] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.615993] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.616048] page dumped because: kasan: bad access detected
[   16.616101] 
[   16.616119] Memory state around the buggy address:
[   16.616148]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.616310]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.616355] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.616411]                                                  ^
[   16.616533]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.616591]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.616628] ==================================================================
[   16.619761] ==================================================================
[   16.619814] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.619862] Write of size 1 at addr fff00000c78960ea by task kunit_try_catch/162
[   16.619911] 
[   16.620078] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.620181] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.620206] Hardware name: linux,dummy-virt (DT)
[   16.620235] Call trace:
[   16.620255]  show_stack+0x20/0x38 (C)
[   16.620330]  dump_stack_lvl+0x8c/0xd0
[   16.620501]  print_report+0x118/0x5d0
[   16.620617]  kasan_report+0xdc/0x128
[   16.620832]  __asan_report_store1_noabort+0x20/0x30
[   16.620885]  krealloc_less_oob_helper+0xae4/0xc50
[   16.620937]  krealloc_large_less_oob+0x20/0x38
[   16.621282]  kunit_try_run_case+0x170/0x3f0
[   16.621387]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.621528]  kthread+0x328/0x630
[   16.621572]  ret_from_fork+0x10/0x20
[   16.621619] 
[   16.621638] The buggy address belongs to the physical page:
[   16.621807] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.621904] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.621991] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.622053] page_type: f8(unknown)
[   16.622138] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.622220] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.622316] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.622386] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.622436] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.622617] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.622743] page dumped because: kasan: bad access detected
[   16.622865] 
[   16.622985] Memory state around the buggy address:
[   16.623097]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.623158]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.623199] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.623242]                                                           ^
[   16.623281]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.623322]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.623554] ==================================================================
[   16.538009] ==================================================================
[   16.538058] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.538107] Write of size 1 at addr fff00000c638a2ea by task kunit_try_catch/158
[   16.538155] 
[   16.538366] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.538473] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.538499] Hardware name: linux,dummy-virt (DT)
[   16.538545] Call trace:
[   16.538566]  show_stack+0x20/0x38 (C)
[   16.538617]  dump_stack_lvl+0x8c/0xd0
[   16.538665]  print_report+0x118/0x5d0
[   16.538721]  kasan_report+0xdc/0x128
[   16.538766]  __asan_report_store1_noabort+0x20/0x30
[   16.538817]  krealloc_less_oob_helper+0xae4/0xc50
[   16.538864]  krealloc_less_oob+0x20/0x38
[   16.538915]  kunit_try_run_case+0x170/0x3f0
[   16.538961]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.539013]  kthread+0x328/0x630
[   16.539054]  ret_from_fork+0x10/0x20
[   16.539101] 
[   16.539118] Allocated by task 158:
[   16.539152]  kasan_save_stack+0x3c/0x68
[   16.539201]  kasan_save_track+0x20/0x40
[   16.539245]  kasan_save_alloc_info+0x40/0x58
[   16.539283]  __kasan_krealloc+0x118/0x178
[   16.539319]  krealloc_noprof+0x128/0x360
[   16.539355]  krealloc_less_oob_helper+0x168/0xc50
[   16.539393]  krealloc_less_oob+0x20/0x38
[   16.539429]  kunit_try_run_case+0x170/0x3f0
[   16.539794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.539875]  kthread+0x328/0x630
[   16.539909]  ret_from_fork+0x10/0x20
[   16.540055] 
[   16.540122] The buggy address belongs to the object at fff00000c638a200
[   16.540122]  which belongs to the cache kmalloc-256 of size 256
[   16.540435] The buggy address is located 33 bytes to the right of
[   16.540435]  allocated 201-byte region [fff00000c638a200, fff00000c638a2c9)
[   16.540563] 
[   16.540622] The buggy address belongs to the physical page:
[   16.540808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.540913] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.541087] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.541181] page_type: f5(slab)
[   16.541390] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.541507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.541604] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.541781] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.541853] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.541945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.542083] page dumped because: kasan: bad access detected
[   16.542150] 
[   16.542216] Memory state around the buggy address:
[   16.542248]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.542557]  fff00000c638a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.542703] >fff00000c638a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.542804]                                                           ^
[   16.542933]  fff00000c638a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.543007]  fff00000c638a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.543093] ==================================================================
[   16.624178] ==================================================================
[   16.624226] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.624275] Write of size 1 at addr fff00000c78960eb by task kunit_try_catch/162
[   16.624324] 
[   16.624355] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.624677] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.624782] Hardware name: linux,dummy-virt (DT)
[   16.624848] Call trace:
[   16.624913]  show_stack+0x20/0x38 (C)
[   16.625039]  dump_stack_lvl+0x8c/0xd0
[   16.625110]  print_report+0x118/0x5d0
[   16.625477]  kasan_report+0xdc/0x128
[   16.625556]  __asan_report_store1_noabort+0x20/0x30
[   16.625687]  krealloc_less_oob_helper+0xa58/0xc50
[   16.625766]  krealloc_large_less_oob+0x20/0x38
[   16.625868]  kunit_try_run_case+0x170/0x3f0
[   16.626183]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.626304]  kthread+0x328/0x630
[   16.626383]  ret_from_fork+0x10/0x20
[   16.626502] 
[   16.626749] The buggy address belongs to the physical page:
[   16.626784] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.627020] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.627203] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.627349] page_type: f8(unknown)
[   16.627388] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.627690] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.627828] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.627944] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.628103] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.628209] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.628249] page dumped because: kasan: bad access detected
[   16.628520] 
[   16.628615] Memory state around the buggy address:
[   16.628724]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.628841]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.628893] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.628939]                                                           ^
[   16.629217]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.629328]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.629458] ==================================================================
[   16.517396] ==================================================================
[   16.517454] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.517947] Write of size 1 at addr fff00000c638a2c9 by task kunit_try_catch/158
[   16.518112] 
[   16.518281] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.518362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.518388] Hardware name: linux,dummy-virt (DT)
[   16.518418] Call trace:
[   16.518439]  show_stack+0x20/0x38 (C)
[   16.518489]  dump_stack_lvl+0x8c/0xd0
[   16.518537]  print_report+0x118/0x5d0
[   16.518590]  kasan_report+0xdc/0x128
[   16.518669]  __asan_report_store1_noabort+0x20/0x30
[   16.518907]  krealloc_less_oob_helper+0xa48/0xc50
[   16.519032]  krealloc_less_oob+0x20/0x38
[   16.519194]  kunit_try_run_case+0x170/0x3f0
[   16.519304]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.519355]  kthread+0x328/0x630
[   16.519396]  ret_from_fork+0x10/0x20
[   16.519443] 
[   16.519461] Allocated by task 158:
[   16.519488]  kasan_save_stack+0x3c/0x68
[   16.519989]  kasan_save_track+0x20/0x40
[   16.520050]  kasan_save_alloc_info+0x40/0x58
[   16.520307]  __kasan_krealloc+0x118/0x178
[   16.520345]  krealloc_noprof+0x128/0x360
[   16.520381]  krealloc_less_oob_helper+0x168/0xc50
[   16.520419]  krealloc_less_oob+0x20/0x38
[   16.520454]  kunit_try_run_case+0x170/0x3f0
[   16.520494]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.520548]  kthread+0x328/0x630
[   16.520580]  ret_from_fork+0x10/0x20
[   16.520614] 
[   16.520886] The buggy address belongs to the object at fff00000c638a200
[   16.520886]  which belongs to the cache kmalloc-256 of size 256
[   16.520954] The buggy address is located 0 bytes to the right of
[   16.520954]  allocated 201-byte region [fff00000c638a200, fff00000c638a2c9)
[   16.521019] 
[   16.521039] The buggy address belongs to the physical page:
[   16.521071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.521126] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.521184] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.521236] page_type: f5(slab)
[   16.521523] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.521615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.521902] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.521955] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.522004] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.522052] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.522093] page dumped because: kasan: bad access detected
[   16.522123] 
[   16.522140] Memory state around the buggy address:
[   16.522170]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.522216]  fff00000c638a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.522258] >fff00000c638a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.522295]                                               ^
[   16.522329]  fff00000c638a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.522371]  fff00000c638a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.522408] ==================================================================
[   16.617248] ==================================================================
[   16.617313] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.617380] Write of size 1 at addr fff00000c78960da by task kunit_try_catch/162
[   16.617474] 
[   16.617572] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.617651] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.617701] Hardware name: linux,dummy-virt (DT)
[   16.617755] Call trace:
[   16.617793]  show_stack+0x20/0x38 (C)
[   16.617859]  dump_stack_lvl+0x8c/0xd0
[   16.617911]  print_report+0x118/0x5d0
[   16.617963]  kasan_report+0xdc/0x128
[   16.618017]  __asan_report_store1_noabort+0x20/0x30
[   16.618068]  krealloc_less_oob_helper+0xa80/0xc50
[   16.618115]  krealloc_large_less_oob+0x20/0x38
[   16.618162]  kunit_try_run_case+0x170/0x3f0
[   16.618208]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.618259]  kthread+0x328/0x630
[   16.618299]  ret_from_fork+0x10/0x20
[   16.618344] 
[   16.618363] The buggy address belongs to the physical page:
[   16.618402] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.618454] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.618500] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.618550] page_type: f8(unknown)
[   16.618585] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.618634] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.618683] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.618751] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.618801] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.618849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.618887] page dumped because: kasan: bad access detected
[   16.618917] 
[   16.618934] Memory state around the buggy address:
[   16.618963]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.619004]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.619045] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.619081]                                                     ^
[   16.619117]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.619158]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.619195] ==================================================================
[   16.544255] ==================================================================
[   16.544454] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.544524] Write of size 1 at addr fff00000c638a2eb by task kunit_try_catch/158
[   16.544579] 
[   16.544619] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.544699] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.544735] Hardware name: linux,dummy-virt (DT)
[   16.545027] Call trace:
[   16.545094]  show_stack+0x20/0x38 (C)
[   16.545223]  dump_stack_lvl+0x8c/0xd0
[   16.545279]  print_report+0x118/0x5d0
[   16.545345]  kasan_report+0xdc/0x128
[   16.545398]  __asan_report_store1_noabort+0x20/0x30
[   16.545507]  krealloc_less_oob_helper+0xa58/0xc50
[   16.545574]  krealloc_less_oob+0x20/0x38
[   16.545619]  kunit_try_run_case+0x170/0x3f0
[   16.545671]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.545955]  kthread+0x328/0x630
[   16.546027]  ret_from_fork+0x10/0x20
[   16.546081] 
[   16.546098] Allocated by task 158:
[   16.546126]  kasan_save_stack+0x3c/0x68
[   16.546259]  kasan_save_track+0x20/0x40
[   16.546326]  kasan_save_alloc_info+0x40/0x58
[   16.546383]  __kasan_krealloc+0x118/0x178
[   16.546497]  krealloc_noprof+0x128/0x360
[   16.546551]  krealloc_less_oob_helper+0x168/0xc50
[   16.546609]  krealloc_less_oob+0x20/0x38
[   16.546645]  kunit_try_run_case+0x170/0x3f0
[   16.546681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.547039]  kthread+0x328/0x630
[   16.547082]  ret_from_fork+0x10/0x20
[   16.547118] 
[   16.547137] The buggy address belongs to the object at fff00000c638a200
[   16.547137]  which belongs to the cache kmalloc-256 of size 256
[   16.547291] The buggy address is located 34 bytes to the right of
[   16.547291]  allocated 201-byte region [fff00000c638a200, fff00000c638a2c9)
[   16.547391] 
[   16.547411] The buggy address belongs to the physical page:
[   16.547658] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.547823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.547932] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.548149] page_type: f5(slab)
[   16.548228] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.548303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.548491] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.548554] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.548799] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.548905] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.548964] page dumped because: kasan: bad access detected
[   16.549076] 
[   16.549176] Memory state around the buggy address:
[   16.549253]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.549597]  fff00000c638a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.549646] >fff00000c638a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.549683]                                                           ^
[   16.549757]  fff00000c638a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.550037]  fff00000c638a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.550103] ==================================================================
[   16.599064] ==================================================================
[   16.599125] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.599181] Write of size 1 at addr fff00000c78960c9 by task kunit_try_catch/162
[   16.599243] 
[   16.599276] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.599355] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.599381] Hardware name: linux,dummy-virt (DT)
[   16.599411] Call trace:
[   16.599432]  show_stack+0x20/0x38 (C)
[   16.601224]  dump_stack_lvl+0x8c/0xd0
[   16.601650]  print_report+0x118/0x5d0
[   16.602279]  kasan_report+0xdc/0x128
[   16.602886]  __asan_report_store1_noabort+0x20/0x30
[   16.603016]  krealloc_less_oob_helper+0xa48/0xc50
[   16.603190]  krealloc_large_less_oob+0x20/0x38
[   16.603672]  kunit_try_run_case+0x170/0x3f0
[   16.604304]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.604656]  kthread+0x328/0x630
[   16.604990]  ret_from_fork+0x10/0x20
[   16.605437] 
[   16.605543] The buggy address belongs to the physical page:
[   16.605622] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.606112] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.606378] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.606831] page_type: f8(unknown)
[   16.607426] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.607668] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.608064] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.608399] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.608629] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.608680] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.609316] page dumped because: kasan: bad access detected
[   16.609555] 
[   16.609574] Memory state around the buggy address:
[   16.609607]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.610053]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.610273] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.610457]                                               ^
[   16.610494]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.610817]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.611063] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhPau2yAblffjobEYDaYG9UHu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhPau2yAblffjobEYDaYG9UHu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/Image.gz
sha256sum	2b0debcad36297881bc624782cf0edc33acb46b91709a8f0c31c1d114a03cebe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/modules.tar.xz
sha256sum	0b414e42fe2c93d65e38e631ab86e7681d93e88e3b96220c05e8c582fa2dd427

durations

tests

boot	0
kunit	186.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.420778] ==================================================================
[   12.421434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.422117] Write of size 1 at addr ffff88810278a0da by task kunit_try_catch/179
[   12.422361] 
[   12.422481] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.422521] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.422532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.422550] Call Trace:
[   12.422563]  <TASK>
[   12.422577]  dump_stack_lvl+0x73/0xb0
[   12.422604]  print_report+0xd1/0x610
[   12.422626]  ? __virt_addr_valid+0x1db/0x2d0
[   12.422648]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.422672]  ? kasan_addr_to_slab+0x11/0xa0
[   12.422693]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.422719]  kasan_report+0x141/0x180
[   12.422741]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.422783]  __asan_report_store1_noabort+0x1b/0x30
[   12.422809]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.422835]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.422861]  ? __schedule+0x207f/0x2b60
[   12.422880]  ? schedule+0x7c/0x2e0
[   12.422900]  ? trace_hardirqs_on+0x37/0xe0
[   12.422923]  ? __schedule+0x207f/0x2b60
[   12.422944]  ? __pfx_read_tsc+0x10/0x10
[   12.422968]  krealloc_large_less_oob+0x1c/0x30
[   12.423003]  kunit_try_run_case+0x1a5/0x480
[   12.423027]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.423050]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.423074]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.423098]  ? __kthread_parkme+0x82/0x180
[   12.423118]  ? preempt_count_sub+0x50/0x80
[   12.423142]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.423166]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.423197]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.423223]  kthread+0x337/0x6f0
[   12.423242]  ? trace_preempt_on+0x20/0xc0
[   12.423264]  ? __pfx_kthread+0x10/0x10
[   12.423285]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.423307]  ? calculate_sigpending+0x7b/0xa0
[   12.423330]  ? __pfx_kthread+0x10/0x10
[   12.423352]  ret_from_fork+0x116/0x1d0
[   12.423371]  ? __pfx_kthread+0x10/0x10
[   12.423391]  ret_from_fork_asm+0x1a/0x30
[   12.423422]  </TASK>
[   12.423443] 
[   12.431554] The buggy address belongs to the physical page:
[   12.431929] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.432253] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.432480] flags: 0x200000000000040(head|node=0|zone=2)
[   12.432799] page_type: f8(unknown)
[   12.432983] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.433459] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.433837] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.434356] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.434699] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.435076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.435324] page dumped because: kasan: bad access detected
[   12.435579] 
[   12.435750] Memory state around the buggy address:
[   12.436068]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.436355]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.436665] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.436932]                                                     ^
[   12.437405]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.437706]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.438093] ==================================================================
[   12.306225] ==================================================================
[   12.306864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.307749] Write of size 1 at addr ffff8881003422eb by task kunit_try_catch/175
[   12.307998] 
[   12.308085] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.308128] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.308140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.308160] Call Trace:
[   12.308176]  <TASK>
[   12.308190]  dump_stack_lvl+0x73/0xb0
[   12.308219]  print_report+0xd1/0x610
[   12.308241]  ? __virt_addr_valid+0x1db/0x2d0
[   12.308263]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308287]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.308311]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308336]  kasan_report+0x141/0x180
[   12.308358]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.308387]  __asan_report_store1_noabort+0x1b/0x30
[   12.308412]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.308470]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.308494]  ? finish_task_switch.isra.0+0x153/0x700
[   12.308517]  ? __switch_to+0x47/0xf50
[   12.308543]  ? __schedule+0x10cc/0x2b60
[   12.308565]  ? __pfx_read_tsc+0x10/0x10
[   12.308588]  krealloc_less_oob+0x1c/0x30
[   12.308610]  kunit_try_run_case+0x1a5/0x480
[   12.308734]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.308766]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.308790]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.308814]  ? __kthread_parkme+0x82/0x180
[   12.308835]  ? preempt_count_sub+0x50/0x80
[   12.308857]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.308881]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.308907]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.308932]  kthread+0x337/0x6f0
[   12.308951]  ? trace_preempt_on+0x20/0xc0
[   12.308974]  ? __pfx_kthread+0x10/0x10
[   12.308994]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.309015]  ? calculate_sigpending+0x7b/0xa0
[   12.309039]  ? __pfx_kthread+0x10/0x10
[   12.309060]  ret_from_fork+0x116/0x1d0
[   12.309078]  ? __pfx_kthread+0x10/0x10
[   12.309099]  ret_from_fork_asm+0x1a/0x30
[   12.309129]  </TASK>
[   12.309138] 
[   12.323332] Allocated by task 175:
[   12.323706]  kasan_save_stack+0x45/0x70
[   12.323955]  kasan_save_track+0x18/0x40
[   12.324265]  kasan_save_alloc_info+0x3b/0x50
[   12.324642]  __kasan_krealloc+0x190/0x1f0
[   12.324794]  krealloc_noprof+0xf3/0x340
[   12.324932]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.325095]  krealloc_less_oob+0x1c/0x30
[   12.325235]  kunit_try_run_case+0x1a5/0x480
[   12.325382]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.325899]  kthread+0x337/0x6f0
[   12.326212]  ret_from_fork+0x116/0x1d0
[   12.326584]  ret_from_fork_asm+0x1a/0x30
[   12.326956] 
[   12.327119] The buggy address belongs to the object at ffff888100342200
[   12.327119]  which belongs to the cache kmalloc-256 of size 256
[   12.328208] The buggy address is located 34 bytes to the right of
[   12.328208]  allocated 201-byte region [ffff888100342200, ffff8881003422c9)
[   12.329330] 
[   12.329532] The buggy address belongs to the physical page:
[   12.330018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.330552] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.330992] flags: 0x200000000000040(head|node=0|zone=2)
[   12.331176] page_type: f5(slab)
[   12.331298] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.331802] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.332481] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.333148] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.333844] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.334524] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.334939] page dumped because: kasan: bad access detected
[   12.335388] 
[   12.335556] Memory state around the buggy address:
[   12.335868]  ffff888100342180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.336084]  ffff888100342200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.336299] >ffff888100342280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.336731]                                                           ^
[   12.337312]  ffff888100342300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.337941]  ffff888100342380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.338569] ==================================================================
[   12.438421] ==================================================================
[   12.438701] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.439123] Write of size 1 at addr ffff88810278a0ea by task kunit_try_catch/179
[   12.439360] 
[   12.439446] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.439487] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.439498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.439517] Call Trace:
[   12.439530]  <TASK>
[   12.439543]  dump_stack_lvl+0x73/0xb0
[   12.439581]  print_report+0xd1/0x610
[   12.439604]  ? __virt_addr_valid+0x1db/0x2d0
[   12.439627]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.439651]  ? kasan_addr_to_slab+0x11/0xa0
[   12.439672]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.439698]  kasan_report+0x141/0x180
[   12.439719]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.439749]  __asan_report_store1_noabort+0x1b/0x30
[   12.439786]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.439813]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.439838]  ? __schedule+0x207f/0x2b60
[   12.439858]  ? schedule+0x7c/0x2e0
[   12.439878]  ? trace_hardirqs_on+0x37/0xe0
[   12.439902]  ? __schedule+0x207f/0x2b60
[   12.439923]  ? __pfx_read_tsc+0x10/0x10
[   12.439947]  krealloc_large_less_oob+0x1c/0x30
[   12.439970]  kunit_try_run_case+0x1a5/0x480
[   12.440011]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.440035]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.440059]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.440083]  ? __kthread_parkme+0x82/0x180
[   12.440105]  ? preempt_count_sub+0x50/0x80
[   12.440130]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.440155]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.440180]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.440205]  kthread+0x337/0x6f0
[   12.440224]  ? trace_preempt_on+0x20/0xc0
[   12.440247]  ? __pfx_kthread+0x10/0x10
[   12.440268]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.440289]  ? calculate_sigpending+0x7b/0xa0
[   12.440313]  ? __pfx_kthread+0x10/0x10
[   12.440335]  ret_from_fork+0x116/0x1d0
[   12.440354]  ? __pfx_kthread+0x10/0x10
[   12.440374]  ret_from_fork_asm+0x1a/0x30
[   12.440405]  </TASK>
[   12.440414] 
[   12.449089] The buggy address belongs to the physical page:
[   12.449438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.450124] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.450438] flags: 0x200000000000040(head|node=0|zone=2)
[   12.450732] page_type: f8(unknown)
[   12.450871] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.451103] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.451340] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.451675] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.452027] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.452420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.452872] page dumped because: kasan: bad access detected
[   12.453333] 
[   12.453446] Memory state around the buggy address:
[   12.453664]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.453895]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.454399] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.454898]                                                           ^
[   12.455250]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.455565]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.455849] ==================================================================
[   12.403773] ==================================================================
[   12.404382] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.404668] Write of size 1 at addr ffff88810278a0d0 by task kunit_try_catch/179
[   12.404933] 
[   12.405397] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.405443] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.405455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.405475] Call Trace:
[   12.405486]  <TASK>
[   12.405500]  dump_stack_lvl+0x73/0xb0
[   12.405529]  print_report+0xd1/0x610
[   12.405554]  ? __virt_addr_valid+0x1db/0x2d0
[   12.405578]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.405602]  ? kasan_addr_to_slab+0x11/0xa0
[   12.405623]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.405649]  kasan_report+0x141/0x180
[   12.405671]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.405700]  __asan_report_store1_noabort+0x1b/0x30
[   12.405726]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.405768]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.405793]  ? __schedule+0x207f/0x2b60
[   12.405813]  ? schedule+0x7c/0x2e0
[   12.405833]  ? trace_hardirqs_on+0x37/0xe0
[   12.405856]  ? __schedule+0x207f/0x2b60
[   12.405878]  ? __pfx_read_tsc+0x10/0x10
[   12.405903]  krealloc_large_less_oob+0x1c/0x30
[   12.405926]  kunit_try_run_case+0x1a5/0x480
[   12.405951]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.405974]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.406017]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.406041]  ? __kthread_parkme+0x82/0x180
[   12.406062]  ? preempt_count_sub+0x50/0x80
[   12.406087]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.406111]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.406136]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.406162]  kthread+0x337/0x6f0
[   12.406181]  ? trace_preempt_on+0x20/0xc0
[   12.406203]  ? __pfx_kthread+0x10/0x10
[   12.406224]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.406246]  ? calculate_sigpending+0x7b/0xa0
[   12.406270]  ? __pfx_kthread+0x10/0x10
[   12.406291]  ret_from_fork+0x116/0x1d0
[   12.406311]  ? __pfx_kthread+0x10/0x10
[   12.406332]  ret_from_fork_asm+0x1a/0x30
[   12.406365]  </TASK>
[   12.406376] 
[   12.414217] The buggy address belongs to the physical page:
[   12.414485] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.414976] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.415250] flags: 0x200000000000040(head|node=0|zone=2)
[   12.415500] page_type: f8(unknown)
[   12.415674] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.415994] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.416282] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.416811] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.417114] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.417419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.417939] page dumped because: kasan: bad access detected
[   12.418180] 
[   12.418381] Memory state around the buggy address:
[   12.418612]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.418913]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.419242] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.419580]                                                  ^
[   12.419866]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.420181]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.420434] ==================================================================
[   12.274554] ==================================================================
[   12.274925] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.275516] Write of size 1 at addr ffff8881003422ea by task kunit_try_catch/175
[   12.275802] 
[   12.275888] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.275928] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.275940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.275959] Call Trace:
[   12.275972]  <TASK>
[   12.275985]  dump_stack_lvl+0x73/0xb0
[   12.276012]  print_report+0xd1/0x610
[   12.276033]  ? __virt_addr_valid+0x1db/0x2d0
[   12.276056]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.276080]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.276103]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.276128]  kasan_report+0x141/0x180
[   12.276150]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.276179]  __asan_report_store1_noabort+0x1b/0x30
[   12.276204]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.276231]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.276256]  ? finish_task_switch.isra.0+0x153/0x700
[   12.276279]  ? __switch_to+0x47/0xf50
[   12.276304]  ? __schedule+0x10cc/0x2b60
[   12.276326]  ? __pfx_read_tsc+0x10/0x10
[   12.276349]  krealloc_less_oob+0x1c/0x30
[   12.276371]  kunit_try_run_case+0x1a5/0x480
[   12.276394]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.276417]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.276454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.276478]  ? __kthread_parkme+0x82/0x180
[   12.276498]  ? preempt_count_sub+0x50/0x80
[   12.276521]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.276545]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.276570]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.276595]  kthread+0x337/0x6f0
[   12.276614]  ? trace_preempt_on+0x20/0xc0
[   12.276637]  ? __pfx_kthread+0x10/0x10
[   12.276658]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.276679]  ? calculate_sigpending+0x7b/0xa0
[   12.276704]  ? __pfx_kthread+0x10/0x10
[   12.276725]  ret_from_fork+0x116/0x1d0
[   12.276743]  ? __pfx_kthread+0x10/0x10
[   12.276773]  ret_from_fork_asm+0x1a/0x30
[   12.276803]  </TASK>
[   12.276813] 
[   12.285846] Allocated by task 175:
[   12.286027]  kasan_save_stack+0x45/0x70
[   12.286234]  kasan_save_track+0x18/0x40
[   12.286367]  kasan_save_alloc_info+0x3b/0x50
[   12.286669]  __kasan_krealloc+0x190/0x1f0
[   12.286881]  krealloc_noprof+0xf3/0x340
[   12.287018]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.287182]  krealloc_less_oob+0x1c/0x30
[   12.287673]  kunit_try_run_case+0x1a5/0x480
[   12.289731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.289996]  kthread+0x337/0x6f0
[   12.290126]  ret_from_fork+0x116/0x1d0
[   12.290263]  ret_from_fork_asm+0x1a/0x30
[   12.290405] 
[   12.290486] The buggy address belongs to the object at ffff888100342200
[   12.290486]  which belongs to the cache kmalloc-256 of size 256
[   12.291861] The buggy address is located 33 bytes to the right of
[   12.291861]  allocated 201-byte region [ffff888100342200, ffff8881003422c9)
[   12.292974] 
[   12.293063] The buggy address belongs to the physical page:
[   12.293235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.294463] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.295379] flags: 0x200000000000040(head|node=0|zone=2)
[   12.296264] page_type: f5(slab)
[   12.296869] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.297534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.298211] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.298960] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.299713] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.300613] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.301259] page dumped because: kasan: bad access detected
[   12.301820] 
[   12.301983] Memory state around the buggy address:
[   12.302395]  ffff888100342180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.303021]  ffff888100342200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.303454] >ffff888100342280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.303671]                                                           ^
[   12.303883]  ffff888100342300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.304098]  ffff888100342380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.304311] ==================================================================
[   12.235047] ==================================================================
[   12.235403] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.235910] Write of size 1 at addr ffff8881003422d0 by task kunit_try_catch/175
[   12.236427] 
[   12.236546] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.236590] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.236601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.236622] Call Trace:
[   12.236633]  <TASK>
[   12.236647]  dump_stack_lvl+0x73/0xb0
[   12.236676]  print_report+0xd1/0x610
[   12.236698]  ? __virt_addr_valid+0x1db/0x2d0
[   12.236721]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.236745]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.236782]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.236807]  kasan_report+0x141/0x180
[   12.236829]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.236858]  __asan_report_store1_noabort+0x1b/0x30
[   12.236884]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.236910]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.236935]  ? finish_task_switch.isra.0+0x153/0x700
[   12.236959]  ? __switch_to+0x47/0xf50
[   12.236983]  ? __schedule+0x10cc/0x2b60
[   12.237006]  ? __pfx_read_tsc+0x10/0x10
[   12.237030]  krealloc_less_oob+0x1c/0x30
[   12.237052]  kunit_try_run_case+0x1a5/0x480
[   12.237076]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.237099]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.237123]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.237147]  ? __kthread_parkme+0x82/0x180
[   12.237167]  ? preempt_count_sub+0x50/0x80
[   12.237190]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.237215]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.237239]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.237264]  kthread+0x337/0x6f0
[   12.237283]  ? trace_preempt_on+0x20/0xc0
[   12.237306]  ? __pfx_kthread+0x10/0x10
[   12.237327]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.237348]  ? calculate_sigpending+0x7b/0xa0
[   12.237373]  ? __pfx_kthread+0x10/0x10
[   12.237394]  ret_from_fork+0x116/0x1d0
[   12.237413]  ? __pfx_kthread+0x10/0x10
[   12.237433]  ret_from_fork_asm+0x1a/0x30
[   12.237464]  </TASK>
[   12.237473] 
[   12.244784] Allocated by task 175:
[   12.244917]  kasan_save_stack+0x45/0x70
[   12.245058]  kasan_save_track+0x18/0x40
[   12.245244]  kasan_save_alloc_info+0x3b/0x50
[   12.245456]  __kasan_krealloc+0x190/0x1f0
[   12.245782]  krealloc_noprof+0xf3/0x340
[   12.246004]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.246218]  krealloc_less_oob+0x1c/0x30
[   12.246373]  kunit_try_run_case+0x1a5/0x480
[   12.246623]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.246892]  kthread+0x337/0x6f0
[   12.247060]  ret_from_fork+0x116/0x1d0
[   12.247197]  ret_from_fork_asm+0x1a/0x30
[   12.247395] 
[   12.247530] The buggy address belongs to the object at ffff888100342200
[   12.247530]  which belongs to the cache kmalloc-256 of size 256
[   12.247982] The buggy address is located 7 bytes to the right of
[   12.247982]  allocated 201-byte region [ffff888100342200, ffff8881003422c9)
[   12.248551] 
[   12.248624] The buggy address belongs to the physical page:
[   12.248822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.249183] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.249509] flags: 0x200000000000040(head|node=0|zone=2)
[   12.249729] page_type: f5(slab)
[   12.249870] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.250162] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.250496] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.250803] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.251063] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.251298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.251581] page dumped because: kasan: bad access detected
[   12.251854] 
[   12.251946] Memory state around the buggy address:
[   12.252165]  ffff888100342180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.252395]  ffff888100342200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.252609] >ffff888100342280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.253066]                                                  ^
[   12.253329]  ffff888100342300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.253649]  ffff888100342380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.253909] ==================================================================
[   12.254490] ==================================================================
[   12.255069] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.255458] Write of size 1 at addr ffff8881003422da by task kunit_try_catch/175
[   12.255789] 
[   12.255873] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.255911] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.255923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.255941] Call Trace:
[   12.255954]  <TASK>
[   12.255967]  dump_stack_lvl+0x73/0xb0
[   12.255992]  print_report+0xd1/0x610
[   12.256014]  ? __virt_addr_valid+0x1db/0x2d0
[   12.256035]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.256060]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.256083]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.256107]  kasan_report+0x141/0x180
[   12.256129]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.256158]  __asan_report_store1_noabort+0x1b/0x30
[   12.256184]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.256210]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.256235]  ? finish_task_switch.isra.0+0x153/0x700
[   12.256258]  ? __switch_to+0x47/0xf50
[   12.256283]  ? __schedule+0x10cc/0x2b60
[   12.256304]  ? __pfx_read_tsc+0x10/0x10
[   12.256328]  krealloc_less_oob+0x1c/0x30
[   12.256350]  kunit_try_run_case+0x1a5/0x480
[   12.256374]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.256397]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.256420]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.256444]  ? __kthread_parkme+0x82/0x180
[   12.256463]  ? preempt_count_sub+0x50/0x80
[   12.256486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.256511]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.256535]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.256561]  kthread+0x337/0x6f0
[   12.256579]  ? trace_preempt_on+0x20/0xc0
[   12.256602]  ? __pfx_kthread+0x10/0x10
[   12.256623]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.256644]  ? calculate_sigpending+0x7b/0xa0
[   12.256668]  ? __pfx_kthread+0x10/0x10
[   12.256700]  ret_from_fork+0x116/0x1d0
[   12.256718]  ? __pfx_kthread+0x10/0x10
[   12.256738]  ret_from_fork_asm+0x1a/0x30
[   12.256779]  </TASK>
[   12.256788] 
[   12.264128] Allocated by task 175:
[   12.264312]  kasan_save_stack+0x45/0x70
[   12.264494]  kasan_save_track+0x18/0x40
[   12.264630]  kasan_save_alloc_info+0x3b/0x50
[   12.264789]  __kasan_krealloc+0x190/0x1f0
[   12.264931]  krealloc_noprof+0xf3/0x340
[   12.265102]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.265338]  krealloc_less_oob+0x1c/0x30
[   12.265536]  kunit_try_run_case+0x1a5/0x480
[   12.265746]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.266010]  kthread+0x337/0x6f0
[   12.266179]  ret_from_fork+0x116/0x1d0
[   12.266349]  ret_from_fork_asm+0x1a/0x30
[   12.266489] 
[   12.266559] The buggy address belongs to the object at ffff888100342200
[   12.266559]  which belongs to the cache kmalloc-256 of size 256
[   12.267446] The buggy address is located 17 bytes to the right of
[   12.267446]  allocated 201-byte region [ffff888100342200, ffff8881003422c9)
[   12.268007] 
[   12.268086] The buggy address belongs to the physical page:
[   12.268260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.268539] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.268891] flags: 0x200000000000040(head|node=0|zone=2)
[   12.269150] page_type: f5(slab)
[   12.269318] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.269646] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.269889] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.270154] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.270545] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.270903] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.271239] page dumped because: kasan: bad access detected
[   12.271481] 
[   12.271560] Memory state around the buggy address:
[   12.271717]  ffff888100342180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.272034]  ffff888100342200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.272344] >ffff888100342280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.272661]                                                     ^
[   12.272888]  ffff888100342300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.273103]  ffff888100342380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.273342] ==================================================================
[   12.212894] ==================================================================
[   12.213649] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.213970] Write of size 1 at addr ffff8881003422c9 by task kunit_try_catch/175
[   12.214310] 
[   12.214506] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.214552] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.214563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.214583] Call Trace:
[   12.214595]  <TASK>
[   12.214610]  dump_stack_lvl+0x73/0xb0
[   12.214640]  print_report+0xd1/0x610
[   12.214662]  ? __virt_addr_valid+0x1db/0x2d0
[   12.214684]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.214709]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.214732]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.214769]  kasan_report+0x141/0x180
[   12.214792]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.214821]  __asan_report_store1_noabort+0x1b/0x30
[   12.214847]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.214873]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.214900]  ? finish_task_switch.isra.0+0x153/0x700
[   12.214923]  ? __switch_to+0x47/0xf50
[   12.214949]  ? __schedule+0x10cc/0x2b60
[   12.214971]  ? __pfx_read_tsc+0x10/0x10
[   12.215037]  krealloc_less_oob+0x1c/0x30
[   12.215060]  kunit_try_run_case+0x1a5/0x480
[   12.215085]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.215108]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.215132]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.215156]  ? __kthread_parkme+0x82/0x180
[   12.215186]  ? preempt_count_sub+0x50/0x80
[   12.215209]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.215233]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.215258]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.215283]  kthread+0x337/0x6f0
[   12.215302]  ? trace_preempt_on+0x20/0xc0
[   12.215325]  ? __pfx_kthread+0x10/0x10
[   12.215345]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.215367]  ? calculate_sigpending+0x7b/0xa0
[   12.215392]  ? __pfx_kthread+0x10/0x10
[   12.215413]  ret_from_fork+0x116/0x1d0
[   12.215441]  ? __pfx_kthread+0x10/0x10
[   12.215462]  ret_from_fork_asm+0x1a/0x30
[   12.215492]  </TASK>
[   12.215502] 
[   12.223705] Allocated by task 175:
[   12.223904]  kasan_save_stack+0x45/0x70
[   12.224203]  kasan_save_track+0x18/0x40
[   12.224463]  kasan_save_alloc_info+0x3b/0x50
[   12.224642]  __kasan_krealloc+0x190/0x1f0
[   12.224829]  krealloc_noprof+0xf3/0x340
[   12.225014]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.225243]  krealloc_less_oob+0x1c/0x30
[   12.225510]  kunit_try_run_case+0x1a5/0x480
[   12.225695]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.225920]  kthread+0x337/0x6f0
[   12.226181]  ret_from_fork+0x116/0x1d0
[   12.226353]  ret_from_fork_asm+0x1a/0x30
[   12.226537] 
[   12.226609] The buggy address belongs to the object at ffff888100342200
[   12.226609]  which belongs to the cache kmalloc-256 of size 256
[   12.226977] The buggy address is located 0 bytes to the right of
[   12.226977]  allocated 201-byte region [ffff888100342200, ffff8881003422c9)
[   12.227570] 
[   12.227659] The buggy address belongs to the physical page:
[   12.227887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.228583] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.228899] flags: 0x200000000000040(head|node=0|zone=2)
[   12.229321] page_type: f5(slab)
[   12.229505] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.229775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.230043] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.230533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.230912] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.231456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.231727] page dumped because: kasan: bad access detected
[   12.231913] 
[   12.231984] Memory state around the buggy address:
[   12.232142]  ffff888100342180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.232461]  ffff888100342200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.232790] >ffff888100342280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.233349]                                               ^
[   12.233621]  ffff888100342300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.233963]  ffff888100342380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.234389] ==================================================================
[   12.386345] ==================================================================
[   12.386952] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.387384] Write of size 1 at addr ffff88810278a0c9 by task kunit_try_catch/179
[   12.387711] 
[   12.387829] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.387871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.387883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.387902] Call Trace:
[   12.387914]  <TASK>
[   12.387929]  dump_stack_lvl+0x73/0xb0
[   12.387960]  print_report+0xd1/0x610
[   12.387982]  ? __virt_addr_valid+0x1db/0x2d0
[   12.388005]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.388030]  ? kasan_addr_to_slab+0x11/0xa0
[   12.388051]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.388076]  kasan_report+0x141/0x180
[   12.388098]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.388127]  __asan_report_store1_noabort+0x1b/0x30
[   12.388153]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.388192]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.388217]  ? __schedule+0x207f/0x2b60
[   12.388238]  ? schedule+0x7c/0x2e0
[   12.388258]  ? trace_hardirqs_on+0x37/0xe0
[   12.388282]  ? __schedule+0x207f/0x2b60
[   12.388304]  ? __pfx_read_tsc+0x10/0x10
[   12.388329]  krealloc_large_less_oob+0x1c/0x30
[   12.388353]  kunit_try_run_case+0x1a5/0x480
[   12.388377]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.388400]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.388425]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.388505]  ? __kthread_parkme+0x82/0x180
[   12.388528]  ? preempt_count_sub+0x50/0x80
[   12.388552]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.388577]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.388602]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.388628]  kthread+0x337/0x6f0
[   12.388647]  ? trace_preempt_on+0x20/0xc0
[   12.388669]  ? __pfx_kthread+0x10/0x10
[   12.388690]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.388712]  ? calculate_sigpending+0x7b/0xa0
[   12.388737]  ? __pfx_kthread+0x10/0x10
[   12.388768]  ret_from_fork+0x116/0x1d0
[   12.388787]  ? __pfx_kthread+0x10/0x10
[   12.388808]  ret_from_fork_asm+0x1a/0x30
[   12.388838]  </TASK>
[   12.388848] 
[   12.396918] The buggy address belongs to the physical page:
[   12.397107] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.397538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.397903] flags: 0x200000000000040(head|node=0|zone=2)
[   12.398499] page_type: f8(unknown)
[   12.398674] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.398961] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.399463] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.399770] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.400186] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.400526] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.400823] page dumped because: kasan: bad access detected
[   12.401137] 
[   12.401232] Memory state around the buggy address:
[   12.401471]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.401768]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.402142] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.402499]                                               ^
[   12.402676]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.402979]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.403406] ==================================================================
[   12.456404] ==================================================================
[   12.456645] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.456961] Write of size 1 at addr ffff88810278a0eb by task kunit_try_catch/179
[   12.457285] 
[   12.457390] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.457429] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.457440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.457458] Call Trace:
[   12.457470]  <TASK>
[   12.457482]  dump_stack_lvl+0x73/0xb0
[   12.457508]  print_report+0xd1/0x610
[   12.457530]  ? __virt_addr_valid+0x1db/0x2d0
[   12.457551]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.457574]  ? kasan_addr_to_slab+0x11/0xa0
[   12.457594]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.457617]  kasan_report+0x141/0x180
[   12.457638]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.457682]  __asan_report_store1_noabort+0x1b/0x30
[   12.457708]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.457735]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.457769]  ? __schedule+0x207f/0x2b60
[   12.457789]  ? schedule+0x7c/0x2e0
[   12.457809]  ? trace_hardirqs_on+0x37/0xe0
[   12.457833]  ? __schedule+0x207f/0x2b60
[   12.457854]  ? __pfx_read_tsc+0x10/0x10
[   12.457878]  krealloc_large_less_oob+0x1c/0x30
[   12.457901]  kunit_try_run_case+0x1a5/0x480
[   12.457925]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.457949]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.457972]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.457996]  ? __kthread_parkme+0x82/0x180
[   12.458017]  ? preempt_count_sub+0x50/0x80
[   12.458041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.458066]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.458091]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.458116]  kthread+0x337/0x6f0
[   12.458136]  ? trace_preempt_on+0x20/0xc0
[   12.458158]  ? __pfx_kthread+0x10/0x10
[   12.458178]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.458200]  ? calculate_sigpending+0x7b/0xa0
[   12.458224]  ? __pfx_kthread+0x10/0x10
[   12.458245]  ret_from_fork+0x116/0x1d0
[   12.458264]  ? __pfx_kthread+0x10/0x10
[   12.458285]  ret_from_fork_asm+0x1a/0x30
[   12.458315]  </TASK>
[   12.458324] 
[   12.466509] The buggy address belongs to the physical page:
[   12.466791] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.467320] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.467657] flags: 0x200000000000040(head|node=0|zone=2)
[   12.467875] page_type: f8(unknown)
[   12.468066] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.468364] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.468645] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.468984] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.469297] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.469605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.470035] page dumped because: kasan: bad access detected
[   12.470273] 
[   12.470343] Memory state around the buggy address:
[   12.470524]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.470743]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.471264] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.471613]                                                           ^
[   12.471920]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.472277]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.472550] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhQRPGZHbRb85n8CYDdoCjSy0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhQRPGZHbRb85n8CYDdoCjSy0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/bzImage
sha256sum	94877b9cad13014eacc1b841cafb46b2097b45d947e8687ced9818c2ce733fa2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/modules.tar.xz
sha256sum	6702e05d8ba94a91e49ea6d51a35ae017a4bc99ef9af93b264bfdbdbbf2ed2bf

durations

tests

boot	0
kunit	207.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit