lkft/sashal-linus-next - v6.13-rc7-44054-ga0826ac5bfa4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 20, 2025, 8:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.033655] ==================================================================
[   15.033703] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.033752] Write of size 1 at addr fff00000c5f4b6d0 by task kunit_try_catch/159
[   15.033801] 
[   15.033829] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.033907] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.034108] Hardware name: linux,dummy-virt (DT)
[   15.034356] Call trace:
[   15.034382]  show_stack+0x20/0x38 (C)
[   15.034461]  dump_stack_lvl+0x8c/0xd0
[   15.034676]  print_report+0x118/0x5d0
[   15.034861]  kasan_report+0xdc/0x128
[   15.034945]  __asan_report_store1_noabort+0x20/0x30
[   15.034999]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.035116]  krealloc_less_oob+0x20/0x38
[   15.035181]  kunit_try_run_case+0x170/0x3f0
[   15.035327]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.035489]  kthread+0x328/0x630
[   15.035544]  ret_from_fork+0x10/0x20
[   15.035591] 
[   15.035609] Allocated by task 159:
[   15.035637]  kasan_save_stack+0x3c/0x68
[   15.035698]  kasan_save_track+0x20/0x40
[   15.035738]  kasan_save_alloc_info+0x40/0x58
[   15.035790]  __kasan_krealloc+0x118/0x178
[   15.035827]  krealloc_noprof+0x128/0x360
[   15.035863]  krealloc_less_oob_helper+0x168/0xc50
[   15.035900]  krealloc_less_oob+0x20/0x38
[   15.035935]  kunit_try_run_case+0x170/0x3f0
[   15.035971]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.036012]  kthread+0x328/0x630
[   15.036043]  ret_from_fork+0x10/0x20
[   15.036077] 
[   15.036096] The buggy address belongs to the object at fff00000c5f4b600
[   15.036096]  which belongs to the cache kmalloc-256 of size 256
[   15.036150] The buggy address is located 7 bytes to the right of
[   15.036150]  allocated 201-byte region [fff00000c5f4b600, fff00000c5f4b6c9)
[   15.036524] 
[   15.036549] The buggy address belongs to the physical page:
[   15.036580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.036860] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.037239] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.037359] page_type: f5(slab)
[   15.037406] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.037536] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.037588] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.037635] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.037859] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.038047] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.038138] page dumped because: kasan: bad access detected
[   15.038242] 
[   15.038304] Memory state around the buggy address:
[   15.038374]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.038738]  fff00000c5f4b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.038804] >fff00000c5f4b680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.038857]                                                  ^
[   15.038910]  fff00000c5f4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.039120]  fff00000c5f4b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.039307] ==================================================================
[   15.116132] ==================================================================
[   15.116177] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.116248] Write of size 1 at addr fff00000c769e0eb by task kunit_try_catch/163
[   15.116307] 
[   15.116359] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.116446] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.116473] Hardware name: linux,dummy-virt (DT)
[   15.116512] Call trace:
[   15.116543]  show_stack+0x20/0x38 (C)
[   15.116700]  dump_stack_lvl+0x8c/0xd0
[   15.116990]  print_report+0x118/0x5d0
[   15.117123]  kasan_report+0xdc/0x128
[   15.117286]  __asan_report_store1_noabort+0x20/0x30
[   15.117484]  krealloc_less_oob_helper+0xa58/0xc50
[   15.117565]  krealloc_large_less_oob+0x20/0x38
[   15.117652]  kunit_try_run_case+0x170/0x3f0
[   15.117712]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.117784]  kthread+0x328/0x630
[   15.118177]  ret_from_fork+0x10/0x20
[   15.118351] 
[   15.118413] The buggy address belongs to the physical page:
[   15.118451] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.118881] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.118974] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.119084] page_type: f8(unknown)
[   15.119141] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.119398] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.119687] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.119967] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.120020] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.120512] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.120595] page dumped because: kasan: bad access detected
[   15.120951] 
[   15.121015] Memory state around the buggy address:
[   15.121109]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.121488]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.121566] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.121663]                                                           ^
[   15.121742]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.121791]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.122086] ==================================================================
[   15.050481] ==================================================================
[   15.050526] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.050572] Write of size 1 at addr fff00000c5f4b6ea by task kunit_try_catch/159
[   15.050761] 
[   15.050803] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.050882] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.050909] Hardware name: linux,dummy-virt (DT)
[   15.050962] Call trace:
[   15.050985]  show_stack+0x20/0x38 (C)
[   15.051035]  dump_stack_lvl+0x8c/0xd0
[   15.051082]  print_report+0x118/0x5d0
[   15.051127]  kasan_report+0xdc/0x128
[   15.051176]  __asan_report_store1_noabort+0x20/0x30
[   15.051241]  krealloc_less_oob_helper+0xae4/0xc50
[   15.051288]  krealloc_less_oob+0x20/0x38
[   15.051333]  kunit_try_run_case+0x170/0x3f0
[   15.051379]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.051430]  kthread+0x328/0x630
[   15.051471]  ret_from_fork+0x10/0x20
[   15.051517] 
[   15.051536] Allocated by task 159:
[   15.051563]  kasan_save_stack+0x3c/0x68
[   15.051602]  kasan_save_track+0x20/0x40
[   15.051639]  kasan_save_alloc_info+0x40/0x58
[   15.051677]  __kasan_krealloc+0x118/0x178
[   15.051713]  krealloc_noprof+0x128/0x360
[   15.051749]  krealloc_less_oob_helper+0x168/0xc50
[   15.051787]  krealloc_less_oob+0x20/0x38
[   15.051822]  kunit_try_run_case+0x170/0x3f0
[   15.051859]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.051900]  kthread+0x328/0x630
[   15.051942]  ret_from_fork+0x10/0x20
[   15.051978] 
[   15.051996] The buggy address belongs to the object at fff00000c5f4b600
[   15.051996]  which belongs to the cache kmalloc-256 of size 256
[   15.052059] The buggy address is located 33 bytes to the right of
[   15.052059]  allocated 201-byte region [fff00000c5f4b600, fff00000c5f4b6c9)
[   15.052123] 
[   15.052143] The buggy address belongs to the physical page:
[   15.052171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.053089] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.053199] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.053271] page_type: f5(slab)
[   15.053493] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.053667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.053739] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.054103] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.054164] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.054297] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.054392] page dumped because: kasan: bad access detected
[   15.054424] 
[   15.054727] Memory state around the buggy address:
[   15.054789]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.054858]  fff00000c5f4b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.054924] >fff00000c5f4b680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.055023]                                                           ^
[   15.055147]  fff00000c5f4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.055200]  fff00000c5f4b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.055260] ==================================================================
[   15.104653] ==================================================================
[   15.104757] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.104856] Write of size 1 at addr fff00000c769e0da by task kunit_try_catch/163
[   15.105065] 
[   15.105124] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.105320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.105542] Hardware name: linux,dummy-virt (DT)
[   15.105720] Call trace:
[   15.105792]  show_stack+0x20/0x38 (C)
[   15.105899]  dump_stack_lvl+0x8c/0xd0
[   15.106054]  print_report+0x118/0x5d0
[   15.106101]  kasan_report+0xdc/0x128
[   15.106433]  __asan_report_store1_noabort+0x20/0x30
[   15.106627]  krealloc_less_oob_helper+0xa80/0xc50
[   15.106809]  krealloc_large_less_oob+0x20/0x38
[   15.106894]  kunit_try_run_case+0x170/0x3f0
[   15.107002]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.107381]  kthread+0x328/0x630
[   15.107480]  ret_from_fork+0x10/0x20
[   15.107598] 
[   15.107688] The buggy address belongs to the physical page:
[   15.107736] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.107924] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.107990] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.108091] page_type: f8(unknown)
[   15.108447] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.108681] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.108762] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.108907] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.109225] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.109294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.109542] page dumped because: kasan: bad access detected
[   15.109609] 
[   15.109685] Memory state around the buggy address:
[   15.109797]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.109869]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.109918] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.109955]                                                     ^
[   15.110291]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.110442]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.110529] ==================================================================
[   15.091950] ==================================================================
[   15.092004] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.092056] Write of size 1 at addr fff00000c769e0c9 by task kunit_try_catch/163
[   15.092248] 
[   15.092293] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.092635] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.092911] Hardware name: linux,dummy-virt (DT)
[   15.093051] Call trace:
[   15.093133]  show_stack+0x20/0x38 (C)
[   15.093200]  dump_stack_lvl+0x8c/0xd0
[   15.093274]  print_report+0x118/0x5d0
[   15.093321]  kasan_report+0xdc/0x128
[   15.093637]  __asan_report_store1_noabort+0x20/0x30
[   15.093862]  krealloc_less_oob_helper+0xa48/0xc50
[   15.093997]  krealloc_large_less_oob+0x20/0x38
[   15.094081]  kunit_try_run_case+0x170/0x3f0
[   15.094290]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.094556]  kthread+0x328/0x630
[   15.094627]  ret_from_fork+0x10/0x20
[   15.094777] 
[   15.094800] The buggy address belongs to the physical page:
[   15.094831] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.095207] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.095284] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.095689] page_type: f8(unknown)
[   15.095748] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.095835] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.095953] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.096119] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.096200] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.096841] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.096947] page dumped because: kasan: bad access detected
[   15.097086] 
[   15.097125] Memory state around the buggy address:
[   15.097159]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.097527]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.097925] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.097995]                                               ^
[   15.098086]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.098223]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.098333] ==================================================================
[   15.100119] ==================================================================
[   15.100165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.100382] Write of size 1 at addr fff00000c769e0d0 by task kunit_try_catch/163
[   15.100560] 
[   15.100665] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.100748] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.100774] Hardware name: linux,dummy-virt (DT)
[   15.100820] Call trace:
[   15.100886]  show_stack+0x20/0x38 (C)
[   15.101082]  dump_stack_lvl+0x8c/0xd0
[   15.101130]  print_report+0x118/0x5d0
[   15.101526]  kasan_report+0xdc/0x128
[   15.101621]  __asan_report_store1_noabort+0x20/0x30
[   15.101720]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.101865]  krealloc_large_less_oob+0x20/0x38
[   15.102060]  kunit_try_run_case+0x170/0x3f0
[   15.102161]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.102264]  kthread+0x328/0x630
[   15.102309]  ret_from_fork+0x10/0x20
[   15.102362] 
[   15.102388] The buggy address belongs to the physical page:
[   15.102436] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.102488] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.102534] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.102584] page_type: f8(unknown)
[   15.102627] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.102677] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.102726] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.102782] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.102833] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.102890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.102937] page dumped because: kasan: bad access detected
[   15.102976] 
[   15.102995] Memory state around the buggy address:
[   15.103034]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.103076]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.103125] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.103160]                                                  ^
[   15.103392]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.103464]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.103895] ==================================================================
[   15.041704] ==================================================================
[   15.041842] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.042001] Write of size 1 at addr fff00000c5f4b6da by task kunit_try_catch/159
[   15.042076] 
[   15.042113] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.042275] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.042331] Hardware name: linux,dummy-virt (DT)
[   15.042363] Call trace:
[   15.042395]  show_stack+0x20/0x38 (C)
[   15.042602]  dump_stack_lvl+0x8c/0xd0
[   15.042801]  print_report+0x118/0x5d0
[   15.043017]  kasan_report+0xdc/0x128
[   15.043244]  __asan_report_store1_noabort+0x20/0x30
[   15.043377]  krealloc_less_oob_helper+0xa80/0xc50
[   15.043445]  krealloc_less_oob+0x20/0x38
[   15.043498]  kunit_try_run_case+0x170/0x3f0
[   15.043621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.043677]  kthread+0x328/0x630
[   15.043732]  ret_from_fork+0x10/0x20
[   15.043786] 
[   15.043804] Allocated by task 159:
[   15.043832]  kasan_save_stack+0x3c/0x68
[   15.044155]  kasan_save_track+0x20/0x40
[   15.044450]  kasan_save_alloc_info+0x40/0x58
[   15.044637]  __kasan_krealloc+0x118/0x178
[   15.044686]  krealloc_noprof+0x128/0x360
[   15.044733]  krealloc_less_oob_helper+0x168/0xc50
[   15.044824]  krealloc_less_oob+0x20/0x38
[   15.044941]  kunit_try_run_case+0x170/0x3f0
[   15.045039]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.045197]  kthread+0x328/0x630
[   15.045243]  ret_from_fork+0x10/0x20
[   15.045281] 
[   15.045328] The buggy address belongs to the object at fff00000c5f4b600
[   15.045328]  which belongs to the cache kmalloc-256 of size 256
[   15.045735] The buggy address is located 17 bytes to the right of
[   15.045735]  allocated 201-byte region [fff00000c5f4b600, fff00000c5f4b6c9)
[   15.046225] 
[   15.046261] The buggy address belongs to the physical page:
[   15.046319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.046676] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.046759] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.046839] page_type: f5(slab)
[   15.046900] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.046953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.047126] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.047415] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.047842] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.048253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.048338] page dumped because: kasan: bad access detected
[   15.048440] 
[   15.048513] Memory state around the buggy address:
[   15.048591]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.048919]  fff00000c5f4b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.049335] >fff00000c5f4b680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.049449]                                                     ^
[   15.049542]  fff00000c5f4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.049670]  fff00000c5f4b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.049746] ==================================================================
[   15.111584] ==================================================================
[   15.111630] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.111675] Write of size 1 at addr fff00000c769e0ea by task kunit_try_catch/163
[   15.111771] 
[   15.111849] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.112225] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.112268] Hardware name: linux,dummy-virt (DT)
[   15.112352] Call trace:
[   15.112412]  show_stack+0x20/0x38 (C)
[   15.112464]  dump_stack_lvl+0x8c/0xd0
[   15.112586]  print_report+0x118/0x5d0
[   15.112651]  kasan_report+0xdc/0x128
[   15.112899]  __asan_report_store1_noabort+0x20/0x30
[   15.112974]  krealloc_less_oob_helper+0xae4/0xc50
[   15.113153]  krealloc_large_less_oob+0x20/0x38
[   15.113321]  kunit_try_run_case+0x170/0x3f0
[   15.113381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.113448]  kthread+0x328/0x630
[   15.113535]  ret_from_fork+0x10/0x20
[   15.113584] 
[   15.113626] The buggy address belongs to the physical page:
[   15.113656] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.113717] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.113762] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.113816] page_type: f8(unknown)
[   15.113863] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.113923] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.113972] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.114021] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.114069] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.114125] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.114176] page dumped because: kasan: bad access detected
[   15.114222] 
[   15.114240] Memory state around the buggy address:
[   15.114270]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.114328]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.114383] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.114420]                                                           ^
[   15.114464]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.114511]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.114560] ==================================================================
[   15.055989] ==================================================================
[   15.056100] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.056152] Write of size 1 at addr fff00000c5f4b6eb by task kunit_try_catch/159
[   15.056366] 
[   15.056486] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.056850] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.057088] Hardware name: linux,dummy-virt (DT)
[   15.057391] Call trace:
[   15.057456]  show_stack+0x20/0x38 (C)
[   15.057573]  dump_stack_lvl+0x8c/0xd0
[   15.057638]  print_report+0x118/0x5d0
[   15.057871]  kasan_report+0xdc/0x128
[   15.058063]  __asan_report_store1_noabort+0x20/0x30
[   15.058149]  krealloc_less_oob_helper+0xa58/0xc50
[   15.058224]  krealloc_less_oob+0x20/0x38
[   15.058625]  kunit_try_run_case+0x170/0x3f0
[   15.058730]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.058791]  kthread+0x328/0x630
[   15.059151]  ret_from_fork+0x10/0x20
[   15.059322] 
[   15.059363] Allocated by task 159:
[   15.059398]  kasan_save_stack+0x3c/0x68
[   15.059782]  kasan_save_track+0x20/0x40
[   15.059855]  kasan_save_alloc_info+0x40/0x58
[   15.059999]  __kasan_krealloc+0x118/0x178
[   15.060097]  krealloc_noprof+0x128/0x360
[   15.060136]  krealloc_less_oob_helper+0x168/0xc50
[   15.060471]  krealloc_less_oob+0x20/0x38
[   15.060556]  kunit_try_run_case+0x170/0x3f0
[   15.060708]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.060804]  kthread+0x328/0x630
[   15.061210]  ret_from_fork+0x10/0x20
[   15.061329] 
[   15.061381] The buggy address belongs to the object at fff00000c5f4b600
[   15.061381]  which belongs to the cache kmalloc-256 of size 256
[   15.061467] The buggy address is located 34 bytes to the right of
[   15.061467]  allocated 201-byte region [fff00000c5f4b600, fff00000c5f4b6c9)
[   15.061856] 
[   15.061900] The buggy address belongs to the physical page:
[   15.061966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.062085] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.062166] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.062298] page_type: f5(slab)
[   15.062336] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.062694] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.062769] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.063079] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.063178] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.063568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.063635] page dumped because: kasan: bad access detected
[   15.063993] 
[   15.064114] Memory state around the buggy address:
[   15.064162]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.064245]  fff00000c5f4b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.064334] >fff00000c5f4b680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.064416]                                                           ^
[   15.064492]  fff00000c5f4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.064864]  fff00000c5f4b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.065006] ==================================================================
[   15.024276] ==================================================================
[   15.024413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.024471] Write of size 1 at addr fff00000c5f4b6c9 by task kunit_try_catch/159
[   15.024675] 
[   15.024767] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.024997] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.025078] Hardware name: linux,dummy-virt (DT)
[   15.025138] Call trace:
[   15.025243]  show_stack+0x20/0x38 (C)
[   15.025347]  dump_stack_lvl+0x8c/0xd0
[   15.025640]  print_report+0x118/0x5d0
[   15.025825]  kasan_report+0xdc/0x128
[   15.025948]  __asan_report_store1_noabort+0x20/0x30
[   15.026020]  krealloc_less_oob_helper+0xa48/0xc50
[   15.026345]  krealloc_less_oob+0x20/0x38
[   15.026430]  kunit_try_run_case+0x170/0x3f0
[   15.026504]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.026649]  kthread+0x328/0x630
[   15.026749]  ret_from_fork+0x10/0x20
[   15.026914] 
[   15.026984] Allocated by task 159:
[   15.027300]  kasan_save_stack+0x3c/0x68
[   15.027486]  kasan_save_track+0x20/0x40
[   15.027578]  kasan_save_alloc_info+0x40/0x58
[   15.027666]  __kasan_krealloc+0x118/0x178
[   15.027826]  krealloc_noprof+0x128/0x360
[   15.027911]  krealloc_less_oob_helper+0x168/0xc50
[   15.028133]  krealloc_less_oob+0x20/0x38
[   15.028183]  kunit_try_run_case+0x170/0x3f0
[   15.028346]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.028674]  kthread+0x328/0x630
[   15.028815]  ret_from_fork+0x10/0x20
[   15.028962] 
[   15.028985] The buggy address belongs to the object at fff00000c5f4b600
[   15.028985]  which belongs to the cache kmalloc-256 of size 256
[   15.029062] The buggy address is located 0 bytes to the right of
[   15.029062]  allocated 201-byte region [fff00000c5f4b600, fff00000c5f4b6c9)
[   15.029484] 
[   15.029641] The buggy address belongs to the physical page:
[   15.029722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.029849] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.029909] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.029996] page_type: f5(slab)
[   15.030122] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.030200] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.030577] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.030652] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.030806] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.030914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.031058] page dumped because: kasan: bad access detected
[   15.031109] 
[   15.031134] Memory state around the buggy address:
[   15.031504]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.031560]  fff00000c5f4b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.031720] >fff00000c5f4b680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.031847]                                               ^
[   15.031904]  fff00000c5f4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.031951]  fff00000c5f4b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.032011] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309aanSV96FyzA0myvVcjb3yGd6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309aanSV96FyzA0myvVcjb3yGd6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/Image.gz
sha256sum	dd3efc46eaa5f6736b74b81818643c0723c262296650250cc4efcb52f7cb79a7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/modules.tar.xz
sha256sum	f1c09dfa4ab8134d947ef1ee155c8283abaf591e8ee31c2f7bd7de0ce8dedb59

durations

tests

boot	0
kunit	165.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.624663] ==================================================================
[   12.625302] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.625654] Write of size 1 at addr ffff888100a9a2d0 by task kunit_try_catch/176
[   12.626000] 
[   12.626228] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.626274] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.626285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.626306] Call Trace:
[   12.626318]  <TASK>
[   12.626332]  dump_stack_lvl+0x73/0xb0
[   12.626360]  print_report+0xd1/0x610
[   12.626381]  ? __virt_addr_valid+0x1db/0x2d0
[   12.626403]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.626426]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.626448]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.626486]  kasan_report+0x141/0x180
[   12.626508]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.626536]  __asan_report_store1_noabort+0x1b/0x30
[   12.626560]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.626586]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.626610]  ? finish_task_switch.isra.0+0x153/0x700
[   12.626632]  ? __switch_to+0x47/0xf50
[   12.626657]  ? __schedule+0x10c6/0x2b60
[   12.626679]  ? __pfx_read_tsc+0x10/0x10
[   12.626702]  krealloc_less_oob+0x1c/0x30
[   12.626724]  kunit_try_run_case+0x1a5/0x480
[   12.626747]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.626770]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.626792]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.626815]  ? __kthread_parkme+0x82/0x180
[   12.626835]  ? preempt_count_sub+0x50/0x80
[   12.626857]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.626893]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.626916]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.626939]  kthread+0x337/0x6f0
[   12.626959]  ? trace_preempt_on+0x20/0xc0
[   12.626981]  ? __pfx_kthread+0x10/0x10
[   12.627001]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.627022]  ? calculate_sigpending+0x7b/0xa0
[   12.627045]  ? __pfx_kthread+0x10/0x10
[   12.627067]  ret_from_fork+0x116/0x1d0
[   12.627084]  ? __pfx_kthread+0x10/0x10
[   12.627105]  ret_from_fork_asm+0x1a/0x30
[   12.627135]  </TASK>
[   12.627144] 
[   12.635565] Allocated by task 176:
[   12.635760]  kasan_save_stack+0x45/0x70
[   12.635983]  kasan_save_track+0x18/0x40
[   12.636156]  kasan_save_alloc_info+0x3b/0x50
[   12.636359]  __kasan_krealloc+0x190/0x1f0
[   12.636630]  krealloc_noprof+0xf3/0x340
[   12.636819]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.637107]  krealloc_less_oob+0x1c/0x30
[   12.637288]  kunit_try_run_case+0x1a5/0x480
[   12.637485]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.637728]  kthread+0x337/0x6f0
[   12.638529]  ret_from_fork+0x116/0x1d0
[   12.638698]  ret_from_fork_asm+0x1a/0x30
[   12.638843] 
[   12.638916] The buggy address belongs to the object at ffff888100a9a200
[   12.638916]  which belongs to the cache kmalloc-256 of size 256
[   12.639291] The buggy address is located 7 bytes to the right of
[   12.639291]  allocated 201-byte region [ffff888100a9a200, ffff888100a9a2c9)
[   12.640263] 
[   12.640380] The buggy address belongs to the physical page:
[   12.640667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9a
[   12.641316] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.641644] flags: 0x200000000000040(head|node=0|zone=2)
[   12.642508] page_type: f5(slab)
[   12.642673] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.643527] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.644011] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.644846] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.645298] head: 0200000000000001 ffffea000402a681 00000000ffffffff 00000000ffffffff
[   12.645642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.646283] page dumped because: kasan: bad access detected
[   12.646632] 
[   12.646719] Memory state around the buggy address:
[   12.647251]  ffff888100a9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.647694]  ffff888100a9a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.648184] >ffff888100a9a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.648622]                                                  ^
[   12.649030]  ffff888100a9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.649354]  ffff888100a9a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.649674] ==================================================================
[   12.673952] ==================================================================
[   12.674422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.674730] Write of size 1 at addr ffff888100a9a2ea by task kunit_try_catch/176
[   12.675242] 
[   12.675335] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.675378] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.675389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.675410] Call Trace:
[   12.675425]  <TASK>
[   12.675439]  dump_stack_lvl+0x73/0xb0
[   12.675467]  print_report+0xd1/0x610
[   12.675505]  ? __virt_addr_valid+0x1db/0x2d0
[   12.675528]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.675551]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.675574]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.675598]  kasan_report+0x141/0x180
[   12.675620]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.675648]  __asan_report_store1_noabort+0x1b/0x30
[   12.675672]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.675698]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.675721]  ? finish_task_switch.isra.0+0x153/0x700
[   12.675744]  ? __switch_to+0x47/0xf50
[   12.675769]  ? __schedule+0x10c6/0x2b60
[   12.675791]  ? __pfx_read_tsc+0x10/0x10
[   12.675815]  krealloc_less_oob+0x1c/0x30
[   12.675836]  kunit_try_run_case+0x1a5/0x480
[   12.675859]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.675882]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.675919]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.675942]  ? __kthread_parkme+0x82/0x180
[   12.675961]  ? preempt_count_sub+0x50/0x80
[   12.675984]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.676008]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.676031]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.676054]  kthread+0x337/0x6f0
[   12.676073]  ? trace_preempt_on+0x20/0xc0
[   12.676096]  ? __pfx_kthread+0x10/0x10
[   12.676117]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.676138]  ? calculate_sigpending+0x7b/0xa0
[   12.676161]  ? __pfx_kthread+0x10/0x10
[   12.676183]  ret_from_fork+0x116/0x1d0
[   12.676201]  ? __pfx_kthread+0x10/0x10
[   12.676221]  ret_from_fork_asm+0x1a/0x30
[   12.676252]  </TASK>
[   12.676262] 
[   12.684241] Allocated by task 176:
[   12.684431]  kasan_save_stack+0x45/0x70
[   12.684653]  kasan_save_track+0x18/0x40
[   12.684933]  kasan_save_alloc_info+0x3b/0x50
[   12.685396]  __kasan_krealloc+0x190/0x1f0
[   12.685630]  krealloc_noprof+0xf3/0x340
[   12.685908]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.686304]  krealloc_less_oob+0x1c/0x30
[   12.686456]  kunit_try_run_case+0x1a5/0x480
[   12.686683]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.687086]  kthread+0x337/0x6f0
[   12.687269]  ret_from_fork+0x116/0x1d0
[   12.687408]  ret_from_fork_asm+0x1a/0x30
[   12.687561] 
[   12.687635] The buggy address belongs to the object at ffff888100a9a200
[   12.687635]  which belongs to the cache kmalloc-256 of size 256
[   12.687995] The buggy address is located 33 bytes to the right of
[   12.687995]  allocated 201-byte region [ffff888100a9a200, ffff888100a9a2c9)
[   12.688560] 
[   12.688656] The buggy address belongs to the physical page:
[   12.688902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9a
[   12.689295] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.689637] flags: 0x200000000000040(head|node=0|zone=2)
[   12.689939] page_type: f5(slab)
[   12.690183] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.690431] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.690674] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.691364] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.691713] head: 0200000000000001 ffffea000402a681 00000000ffffffff 00000000ffffffff
[   12.692032] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.692338] page dumped because: kasan: bad access detected
[   12.692611] 
[   12.692707] Memory state around the buggy address:
[   12.692918]  ffff888100a9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.693377]  ffff888100a9a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.693690] >ffff888100a9a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.694162]                                                           ^
[   12.694454]  ffff888100a9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.694751]  ffff888100a9a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.695119] ==================================================================
[   12.650522] ==================================================================
[   12.650881] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.651158] Write of size 1 at addr ffff888100a9a2da by task kunit_try_catch/176
[   12.651520] 
[   12.651646] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.651694] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.651705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.651726] Call Trace:
[   12.651742]  <TASK>
[   12.651758]  dump_stack_lvl+0x73/0xb0
[   12.651786]  print_report+0xd1/0x610
[   12.651807]  ? __virt_addr_valid+0x1db/0x2d0
[   12.651830]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.651853]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.651875]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.651899]  kasan_report+0x141/0x180
[   12.651920]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.651948]  __asan_report_store1_noabort+0x1b/0x30
[   12.651973]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.651998]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.652022]  ? finish_task_switch.isra.0+0x153/0x700
[   12.652092]  ? __switch_to+0x47/0xf50
[   12.652118]  ? __schedule+0x10c6/0x2b60
[   12.652140]  ? __pfx_read_tsc+0x10/0x10
[   12.652164]  krealloc_less_oob+0x1c/0x30
[   12.652185]  kunit_try_run_case+0x1a5/0x480
[   12.652210]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.652232]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.652255]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.652278]  ? __kthread_parkme+0x82/0x180
[   12.652298]  ? preempt_count_sub+0x50/0x80
[   12.652320]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.652344]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.652367]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.652390]  kthread+0x337/0x6f0
[   12.652410]  ? trace_preempt_on+0x20/0xc0
[   12.652433]  ? __pfx_kthread+0x10/0x10
[   12.652453]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.652486]  ? calculate_sigpending+0x7b/0xa0
[   12.652510]  ? __pfx_kthread+0x10/0x10
[   12.652531]  ret_from_fork+0x116/0x1d0
[   12.652550]  ? __pfx_kthread+0x10/0x10
[   12.652570]  ret_from_fork_asm+0x1a/0x30
[   12.652601]  </TASK>
[   12.652611] 
[   12.662442] Allocated by task 176:
[   12.662662]  kasan_save_stack+0x45/0x70
[   12.662937]  kasan_save_track+0x18/0x40
[   12.663217]  kasan_save_alloc_info+0x3b/0x50
[   12.663391]  __kasan_krealloc+0x190/0x1f0
[   12.663619]  krealloc_noprof+0xf3/0x340
[   12.663820]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.663992]  krealloc_less_oob+0x1c/0x30
[   12.664140]  kunit_try_run_case+0x1a5/0x480
[   12.664295]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.664553]  kthread+0x337/0x6f0
[   12.664777]  ret_from_fork+0x116/0x1d0
[   12.665133]  ret_from_fork_asm+0x1a/0x30
[   12.665281] 
[   12.665356] The buggy address belongs to the object at ffff888100a9a200
[   12.665356]  which belongs to the cache kmalloc-256 of size 256
[   12.666009] The buggy address is located 17 bytes to the right of
[   12.666009]  allocated 201-byte region [ffff888100a9a200, ffff888100a9a2c9)
[   12.666622] 
[   12.666724] The buggy address belongs to the physical page:
[   12.667137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9a
[   12.667447] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.667705] flags: 0x200000000000040(head|node=0|zone=2)
[   12.668235] page_type: f5(slab)
[   12.668431] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.668832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.669201] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.669499] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.669750] head: 0200000000000001 ffffea000402a681 00000000ffffffff 00000000ffffffff
[   12.670128] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.670673] page dumped because: kasan: bad access detected
[   12.671119] 
[   12.671197] Memory state around the buggy address:
[   12.671361]  ffff888100a9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.671631]  ffff888100a9a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.671958] >ffff888100a9a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.672433]                                                     ^
[   12.672654]  ffff888100a9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.673151]  ffff888100a9a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.673462] ==================================================================
[   12.786083] ==================================================================
[   12.786641] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.787186] Write of size 1 at addr ffff8881028120d0 by task kunit_try_catch/180
[   12.787547] 
[   12.787650] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.787716] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.787728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.787749] Call Trace:
[   12.787762]  <TASK>
[   12.787776]  dump_stack_lvl+0x73/0xb0
[   12.787806]  print_report+0xd1/0x610
[   12.787829]  ? __virt_addr_valid+0x1db/0x2d0
[   12.787851]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.787876]  ? kasan_addr_to_slab+0x11/0xa0
[   12.787897]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.787942]  kasan_report+0x141/0x180
[   12.787966]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.787995]  __asan_report_store1_noabort+0x1b/0x30
[   12.788038]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.788065]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.788090]  ? finish_task_switch.isra.0+0x153/0x700
[   12.788112]  ? __switch_to+0x47/0xf50
[   12.788138]  ? __schedule+0x10c6/0x2b60
[   12.788161]  ? __pfx_read_tsc+0x10/0x10
[   12.788185]  krealloc_large_less_oob+0x1c/0x30
[   12.788208]  kunit_try_run_case+0x1a5/0x480
[   12.788234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.788256]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.788280]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.788303]  ? __kthread_parkme+0x82/0x180
[   12.788324]  ? preempt_count_sub+0x50/0x80
[   12.788347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.788371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.788394]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.788418]  kthread+0x337/0x6f0
[   12.788438]  ? trace_preempt_on+0x20/0xc0
[   12.788461]  ? __pfx_kthread+0x10/0x10
[   12.788492]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.788514]  ? calculate_sigpending+0x7b/0xa0
[   12.788538]  ? __pfx_kthread+0x10/0x10
[   12.788560]  ret_from_fork+0x116/0x1d0
[   12.788579]  ? __pfx_kthread+0x10/0x10
[   12.788599]  ret_from_fork_asm+0x1a/0x30
[   12.788630]  </TASK>
[   12.788641] 
[   12.798270] The buggy address belongs to the physical page:
[   12.798597] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.799056] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.799511] flags: 0x200000000000040(head|node=0|zone=2)
[   12.799758] page_type: f8(unknown)
[   12.799926] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.800299] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.800747] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.801178] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.801674] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.801947] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.802233] page dumped because: kasan: bad access detected
[   12.802512] 
[   12.802611] Memory state around the buggy address:
[   12.803178]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.803563]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.803786] >ffff888102812080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.804424]                                                  ^
[   12.804737]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.805119]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.805762] ==================================================================
[   12.766336] ==================================================================
[   12.767148] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.767524] Write of size 1 at addr ffff8881028120c9 by task kunit_try_catch/180
[   12.767896] 
[   12.768001] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.768066] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.768078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.768100] Call Trace:
[   12.768112]  <TASK>
[   12.768186]  dump_stack_lvl+0x73/0xb0
[   12.768221]  print_report+0xd1/0x610
[   12.768246]  ? __virt_addr_valid+0x1db/0x2d0
[   12.768269]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.768293]  ? kasan_addr_to_slab+0x11/0xa0
[   12.768338]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.768364]  kasan_report+0x141/0x180
[   12.768386]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.768415]  __asan_report_store1_noabort+0x1b/0x30
[   12.768440]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.768466]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.768503]  ? finish_task_switch.isra.0+0x153/0x700
[   12.768526]  ? __switch_to+0x47/0xf50
[   12.768552]  ? __schedule+0x10c6/0x2b60
[   12.768576]  ? __pfx_read_tsc+0x10/0x10
[   12.768621]  krealloc_large_less_oob+0x1c/0x30
[   12.768644]  kunit_try_run_case+0x1a5/0x480
[   12.768669]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.768692]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.768717]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.768741]  ? __kthread_parkme+0x82/0x180
[   12.768761]  ? preempt_count_sub+0x50/0x80
[   12.768792]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.768817]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.768859]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.768883]  kthread+0x337/0x6f0
[   12.768903]  ? trace_preempt_on+0x20/0xc0
[   12.768926]  ? __pfx_kthread+0x10/0x10
[   12.768947]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.768969]  ? calculate_sigpending+0x7b/0xa0
[   12.768993]  ? __pfx_kthread+0x10/0x10
[   12.769015]  ret_from_fork+0x116/0x1d0
[   12.769035]  ? __pfx_kthread+0x10/0x10
[   12.769102]  ret_from_fork_asm+0x1a/0x30
[   12.769133]  </TASK>
[   12.769144] 
[   12.778542] The buggy address belongs to the physical page:
[   12.778781] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.779419] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.779758] flags: 0x200000000000040(head|node=0|zone=2)
[   12.780029] page_type: f8(unknown)
[   12.780281] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.780571] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.780977] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.781420] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.781777] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.782247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.782715] page dumped because: kasan: bad access detected
[   12.783188] 
[   12.783292] Memory state around the buggy address:
[   12.783531]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.783888]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.784221] >ffff888102812080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.784562]                                               ^
[   12.784829]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.785257]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.785550] ==================================================================
[   12.695570] ==================================================================
[   12.695945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.696424] Write of size 1 at addr ffff888100a9a2eb by task kunit_try_catch/176
[   12.696739] 
[   12.696881] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.696923] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.696934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.696954] Call Trace:
[   12.696967]  <TASK>
[   12.696982]  dump_stack_lvl+0x73/0xb0
[   12.697009]  print_report+0xd1/0x610
[   12.697030]  ? __virt_addr_valid+0x1db/0x2d0
[   12.697053]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.697076]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.697097]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.697121]  kasan_report+0x141/0x180
[   12.697143]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.697171]  __asan_report_store1_noabort+0x1b/0x30
[   12.697196]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.697221]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.697245]  ? finish_task_switch.isra.0+0x153/0x700
[   12.697267]  ? __switch_to+0x47/0xf50
[   12.697292]  ? __schedule+0x10c6/0x2b60
[   12.697315]  ? __pfx_read_tsc+0x10/0x10
[   12.697339]  krealloc_less_oob+0x1c/0x30
[   12.697360]  kunit_try_run_case+0x1a5/0x480
[   12.697384]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.697407]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.697430]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.697453]  ? __kthread_parkme+0x82/0x180
[   12.697484]  ? preempt_count_sub+0x50/0x80
[   12.697507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.697531]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.697553]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.697576]  kthread+0x337/0x6f0
[   12.697596]  ? trace_preempt_on+0x20/0xc0
[   12.697618]  ? __pfx_kthread+0x10/0x10
[   12.697638]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.697659]  ? calculate_sigpending+0x7b/0xa0
[   12.697683]  ? __pfx_kthread+0x10/0x10
[   12.697704]  ret_from_fork+0x116/0x1d0
[   12.697722]  ? __pfx_kthread+0x10/0x10
[   12.697743]  ret_from_fork_asm+0x1a/0x30
[   12.697772]  </TASK>
[   12.697781] 
[   12.705743] Allocated by task 176:
[   12.705944]  kasan_save_stack+0x45/0x70
[   12.706168]  kasan_save_track+0x18/0x40
[   12.706506]  kasan_save_alloc_info+0x3b/0x50
[   12.706713]  __kasan_krealloc+0x190/0x1f0
[   12.706990]  krealloc_noprof+0xf3/0x340
[   12.707209]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.707409]  krealloc_less_oob+0x1c/0x30
[   12.707561]  kunit_try_run_case+0x1a5/0x480
[   12.707773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.708030]  kthread+0x337/0x6f0
[   12.708191]  ret_from_fork+0x116/0x1d0
[   12.708357]  ret_from_fork_asm+0x1a/0x30
[   12.708507] 
[   12.708578] The buggy address belongs to the object at ffff888100a9a200
[   12.708578]  which belongs to the cache kmalloc-256 of size 256
[   12.708932] The buggy address is located 34 bytes to the right of
[   12.708932]  allocated 201-byte region [ffff888100a9a200, ffff888100a9a2c9)
[   12.709300] 
[   12.709372] The buggy address belongs to the physical page:
[   12.709891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9a
[   12.710269] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.710629] flags: 0x200000000000040(head|node=0|zone=2)
[   12.710902] page_type: f5(slab)
[   12.711070] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.711568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.711922] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.712985] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.714294] head: 0200000000000001 ffffea000402a681 00000000ffffffff 00000000ffffffff
[   12.714606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.715707] page dumped because: kasan: bad access detected
[   12.716316] 
[   12.716419] Memory state around the buggy address:
[   12.716656]  ffff888100a9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.717435]  ffff888100a9a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.717999] >ffff888100a9a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.718382]                                                           ^
[   12.718683]  ffff888100a9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.719511]  ffff888100a9a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.720317] ==================================================================
[   12.846308] ==================================================================
[   12.846659] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.846992] Write of size 1 at addr ffff8881028120eb by task kunit_try_catch/180
[   12.847387] 
[   12.847493] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.847539] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.847550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.847572] Call Trace:
[   12.847586]  <TASK>
[   12.847601]  dump_stack_lvl+0x73/0xb0
[   12.847632]  print_report+0xd1/0x610
[   12.847655]  ? __virt_addr_valid+0x1db/0x2d0
[   12.847678]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.847703]  ? kasan_addr_to_slab+0x11/0xa0
[   12.847724]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.847748]  kasan_report+0x141/0x180
[   12.847771]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.847800]  __asan_report_store1_noabort+0x1b/0x30
[   12.847825]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.847851]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.847876]  ? finish_task_switch.isra.0+0x153/0x700
[   12.847899]  ? __switch_to+0x47/0xf50
[   12.847924]  ? __schedule+0x10c6/0x2b60
[   12.847948]  ? __pfx_read_tsc+0x10/0x10
[   12.848342]  krealloc_large_less_oob+0x1c/0x30
[   12.848389]  kunit_try_run_case+0x1a5/0x480
[   12.848429]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.848453]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.848506]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.848530]  ? __kthread_parkme+0x82/0x180
[   12.848551]  ? preempt_count_sub+0x50/0x80
[   12.848575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.848599]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.848623]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.848648]  kthread+0x337/0x6f0
[   12.848668]  ? trace_preempt_on+0x20/0xc0
[   12.848693]  ? __pfx_kthread+0x10/0x10
[   12.848714]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.848736]  ? calculate_sigpending+0x7b/0xa0
[   12.848761]  ? __pfx_kthread+0x10/0x10
[   12.848793]  ret_from_fork+0x116/0x1d0
[   12.848812]  ? __pfx_kthread+0x10/0x10
[   12.848833]  ret_from_fork_asm+0x1a/0x30
[   12.848885]  </TASK>
[   12.848896] 
[   12.858149] The buggy address belongs to the physical page:
[   12.858336] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.858894] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.859324] flags: 0x200000000000040(head|node=0|zone=2)
[   12.859644] page_type: f8(unknown)
[   12.859872] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.860375] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.860879] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.861342] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.861734] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.862160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.862408] page dumped because: kasan: bad access detected
[   12.862620] 
[   12.862721] Memory state around the buggy address:
[   12.863232]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.863604]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.863989] >ffff888102812080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.864500]                                                           ^
[   12.864778]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.865128]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.865449] ==================================================================
[   12.826353] ==================================================================
[   12.826705] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.827624] Write of size 1 at addr ffff8881028120ea by task kunit_try_catch/180
[   12.827962] 
[   12.828051] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.828117] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.828128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.828148] Call Trace:
[   12.828161]  <TASK>
[   12.828175]  dump_stack_lvl+0x73/0xb0
[   12.828282]  print_report+0xd1/0x610
[   12.828306]  ? __virt_addr_valid+0x1db/0x2d0
[   12.828328]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.828352]  ? kasan_addr_to_slab+0x11/0xa0
[   12.828373]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.828398]  kasan_report+0x141/0x180
[   12.828420]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.828450]  __asan_report_store1_noabort+0x1b/0x30
[   12.828489]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.828534]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.828574]  ? finish_task_switch.isra.0+0x153/0x700
[   12.828597]  ? __switch_to+0x47/0xf50
[   12.828637]  ? __schedule+0x10c6/0x2b60
[   12.828675]  ? __pfx_read_tsc+0x10/0x10
[   12.828700]  krealloc_large_less_oob+0x1c/0x30
[   12.828723]  kunit_try_run_case+0x1a5/0x480
[   12.828748]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.828785]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.828824]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.828848]  ? __kthread_parkme+0x82/0x180
[   12.828882]  ? preempt_count_sub+0x50/0x80
[   12.828905]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.828930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.828954]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.828977]  kthread+0x337/0x6f0
[   12.828998]  ? trace_preempt_on+0x20/0xc0
[   12.829020]  ? __pfx_kthread+0x10/0x10
[   12.829041]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.829063]  ? calculate_sigpending+0x7b/0xa0
[   12.829087]  ? __pfx_kthread+0x10/0x10
[   12.829109]  ret_from_fork+0x116/0x1d0
[   12.829128]  ? __pfx_kthread+0x10/0x10
[   12.829149]  ret_from_fork_asm+0x1a/0x30
[   12.829181]  </TASK>
[   12.829191] 
[   12.838518] The buggy address belongs to the physical page:
[   12.838846] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.839409] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.839771] flags: 0x200000000000040(head|node=0|zone=2)
[   12.840100] page_type: f8(unknown)
[   12.840312] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.840690] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.841002] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.841331] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.841958] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.842358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.842703] page dumped because: kasan: bad access detected
[   12.843030] 
[   12.843144] Memory state around the buggy address:
[   12.843589]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.843994]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.844395] >ffff888102812080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.844693]                                                           ^
[   12.845052]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.845435]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.845744] ==================================================================
[   12.806878] ==================================================================
[   12.807189] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.807577] Write of size 1 at addr ffff8881028120da by task kunit_try_catch/180
[   12.808168] 
[   12.808265] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.808311] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.808322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.808344] Call Trace:
[   12.808359]  <TASK>
[   12.808374]  dump_stack_lvl+0x73/0xb0
[   12.808432]  print_report+0xd1/0x610
[   12.808455]  ? __virt_addr_valid+0x1db/0x2d0
[   12.808491]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.808516]  ? kasan_addr_to_slab+0x11/0xa0
[   12.808537]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.808582]  kasan_report+0x141/0x180
[   12.808605]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.808634]  __asan_report_store1_noabort+0x1b/0x30
[   12.808659]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.808686]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.808710]  ? finish_task_switch.isra.0+0x153/0x700
[   12.808750]  ? __switch_to+0x47/0xf50
[   12.808776]  ? __schedule+0x10c6/0x2b60
[   12.808814]  ? __pfx_read_tsc+0x10/0x10
[   12.808838]  krealloc_large_less_oob+0x1c/0x30
[   12.808862]  kunit_try_run_case+0x1a5/0x480
[   12.808887]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.808910]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.808934]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.808957]  ? __kthread_parkme+0x82/0x180
[   12.808978]  ? preempt_count_sub+0x50/0x80
[   12.809001]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.809026]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.809049]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.809073]  kthread+0x337/0x6f0
[   12.809093]  ? trace_preempt_on+0x20/0xc0
[   12.809116]  ? __pfx_kthread+0x10/0x10
[   12.809137]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.809159]  ? calculate_sigpending+0x7b/0xa0
[   12.809248]  ? __pfx_kthread+0x10/0x10
[   12.809272]  ret_from_fork+0x116/0x1d0
[   12.809315]  ? __pfx_kthread+0x10/0x10
[   12.809337]  ret_from_fork_asm+0x1a/0x30
[   12.809368]  </TASK>
[   12.809379] 
[   12.818607] The buggy address belongs to the physical page:
[   12.818796] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.819216] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.819681] flags: 0x200000000000040(head|node=0|zone=2)
[   12.819925] page_type: f8(unknown)
[   12.820057] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.820441] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.820944] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.821396] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.821766] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.822139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.822666] page dumped because: kasan: bad access detected
[   12.822950] 
[   12.823049] Memory state around the buggy address:
[   12.823582]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.823920]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.824454] >ffff888102812080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.824821]                                                     ^
[   12.825042]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.825566]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.825911] ==================================================================
[   12.602089] ==================================================================
[   12.602698] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.603586] Write of size 1 at addr ffff888100a9a2c9 by task kunit_try_catch/176
[   12.604142] 
[   12.604251] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.604298] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.604310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.604332] Call Trace:
[   12.604345]  <TASK>
[   12.604361]  dump_stack_lvl+0x73/0xb0
[   12.604393]  print_report+0xd1/0x610
[   12.604416]  ? __virt_addr_valid+0x1db/0x2d0
[   12.604438]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.604461]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.604497]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.604520]  kasan_report+0x141/0x180
[   12.604541]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.604569]  __asan_report_store1_noabort+0x1b/0x30
[   12.604593]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.604618]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.604641]  ? finish_task_switch.isra.0+0x153/0x700
[   12.604663]  ? __switch_to+0x47/0xf50
[   12.604690]  ? __schedule+0x10c6/0x2b60
[   12.604713]  ? __pfx_read_tsc+0x10/0x10
[   12.604739]  krealloc_less_oob+0x1c/0x30
[   12.604760]  kunit_try_run_case+0x1a5/0x480
[   12.604797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604819]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.604843]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.604865]  ? __kthread_parkme+0x82/0x180
[   12.604885]  ? preempt_count_sub+0x50/0x80
[   12.604908]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.604931]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.604954]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.604977]  kthread+0x337/0x6f0
[   12.604995]  ? trace_preempt_on+0x20/0xc0
[   12.605018]  ? __pfx_kthread+0x10/0x10
[   12.605038]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.605059]  ? calculate_sigpending+0x7b/0xa0
[   12.605082]  ? __pfx_kthread+0x10/0x10
[   12.605103]  ret_from_fork+0x116/0x1d0
[   12.605123]  ? __pfx_kthread+0x10/0x10
[   12.605143]  ret_from_fork_asm+0x1a/0x30
[   12.605173]  </TASK>
[   12.605183] 
[   12.613075] Allocated by task 176:
[   12.613270]  kasan_save_stack+0x45/0x70
[   12.613511]  kasan_save_track+0x18/0x40
[   12.613736]  kasan_save_alloc_info+0x3b/0x50
[   12.613999]  __kasan_krealloc+0x190/0x1f0
[   12.614221]  krealloc_noprof+0xf3/0x340
[   12.614364]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.614543]  krealloc_less_oob+0x1c/0x30
[   12.614732]  kunit_try_run_case+0x1a5/0x480
[   12.614944]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.615196]  kthread+0x337/0x6f0
[   12.615365]  ret_from_fork+0x116/0x1d0
[   12.615561]  ret_from_fork_asm+0x1a/0x30
[   12.615729] 
[   12.615803] The buggy address belongs to the object at ffff888100a9a200
[   12.615803]  which belongs to the cache kmalloc-256 of size 256
[   12.616604] The buggy address is located 0 bytes to the right of
[   12.616604]  allocated 201-byte region [ffff888100a9a200, ffff888100a9a2c9)
[   12.617400] 
[   12.617514] The buggy address belongs to the physical page:
[   12.617741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9a
[   12.618032] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.618593] flags: 0x200000000000040(head|node=0|zone=2)
[   12.618873] page_type: f5(slab)
[   12.619001] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.619300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.619638] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.619877] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.620115] head: 0200000000000001 ffffea000402a681 00000000ffffffff 00000000ffffffff
[   12.620479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.620891] page dumped because: kasan: bad access detected
[   12.621154] 
[   12.621255] Memory state around the buggy address:
[   12.621688]  ffff888100a9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.622008]  ffff888100a9a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.622360] >ffff888100a9a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.622604]                                               ^
[   12.622834]  ffff888100a9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.623329]  ffff888100a9a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.623805] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309abhHRloGo6mUcqoKlDU4ru3c

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309abhHRloGo6mUcqoKlDU4ru3c

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/bzImage
sha256sum	5de0322184970aef882697713de6fec8525f446885c5f985efe758dc3916b299

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/modules.tar.xz
sha256sum	864aee9916a5d44816f3b48962b2c1a6fbaa1d2aa14a1b69233d00be09ee20a2

durations

tests

boot	0
kunit	226.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit