lkft/sashal-linus-next - v6.13-rc7-44318-g27387b12fffb - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 23, 2025, 2:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.223259] ==================================================================
[   15.223342] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.223397] Write of size 1 at addr fff00000c0b938d0 by task kunit_try_catch/158
[   15.223473] 
[   15.223832] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.223933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.223960] Hardware name: linux,dummy-virt (DT)
[   15.224015] Call trace:
[   15.224044]  show_stack+0x20/0x38 (C)
[   15.224097]  dump_stack_lvl+0x8c/0xd0
[   15.224249]  print_report+0x118/0x5d0
[   15.224333]  kasan_report+0xdc/0x128
[   15.224442]  __asan_report_store1_noabort+0x20/0x30
[   15.224525]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.224575]  krealloc_less_oob+0x20/0x38
[   15.224637]  kunit_try_run_case+0x170/0x3f0
[   15.224923]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.225104]  kthread+0x328/0x630
[   15.225200]  ret_from_fork+0x10/0x20
[   15.225262] 
[   15.225334] Allocated by task 158:
[   15.225369]  kasan_save_stack+0x3c/0x68
[   15.225413]  kasan_save_track+0x20/0x40
[   15.225449]  kasan_save_alloc_info+0x40/0x58
[   15.225488]  __kasan_krealloc+0x118/0x178
[   15.225525]  krealloc_noprof+0x128/0x360
[   15.225896]  krealloc_less_oob_helper+0x168/0xc50
[   15.225999]  krealloc_less_oob+0x20/0x38
[   15.226104]  kunit_try_run_case+0x170/0x3f0
[   15.226147]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.226234]  kthread+0x328/0x630
[   15.226269]  ret_from_fork+0x10/0x20
[   15.226305] 
[   15.226324] The buggy address belongs to the object at fff00000c0b93800
[   15.226324]  which belongs to the cache kmalloc-256 of size 256
[   15.226686] The buggy address is located 7 bytes to the right of
[   15.226686]  allocated 201-byte region [fff00000c0b93800, fff00000c0b938c9)
[   15.226894] 
[   15.226973] The buggy address belongs to the physical page:
[   15.227050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.227116] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.227163] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.227222] page_type: f5(slab)
[   15.227261] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.227778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.227878] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.228026] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.228080] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.228195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.228256] page dumped because: kasan: bad access detected
[   15.228288] 
[   15.228305] Memory state around the buggy address:
[   15.228353]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.228410]  fff00000c0b93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.228452] >fff00000c0b93880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.228490]                                                  ^
[   15.228527]  fff00000c0b93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.228569]  fff00000c0b93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.228612] ==================================================================
[   15.318744] ==================================================================
[   15.318798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.318845] Write of size 1 at addr fff00000c65060eb by task kunit_try_catch/162
[   15.319116] 
[   15.319174] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.319449] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.319516] Hardware name: linux,dummy-virt (DT)
[   15.319550] Call trace:
[   15.319591]  show_stack+0x20/0x38 (C)
[   15.319691]  dump_stack_lvl+0x8c/0xd0
[   15.319777]  print_report+0x118/0x5d0
[   15.319824]  kasan_report+0xdc/0x128
[   15.320022]  __asan_report_store1_noabort+0x20/0x30
[   15.320075]  krealloc_less_oob_helper+0xa58/0xc50
[   15.320350]  krealloc_large_less_oob+0x20/0x38
[   15.320474]  kunit_try_run_case+0x170/0x3f0
[   15.320525]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.320591]  kthread+0x328/0x630
[   15.320710]  ret_from_fork+0x10/0x20
[   15.321009] 
[   15.321113] The buggy address belongs to the physical page:
[   15.321188] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.321325] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.321377] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.321430] page_type: f8(unknown)
[   15.321518] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.321571] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.321621] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.321943] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.321997] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.322416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.322488] page dumped because: kasan: bad access detected
[   15.322568] 
[   15.322588] Memory state around the buggy address:
[   15.322672]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.322815]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.322926] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.322964]                                                           ^
[   15.323010]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.323053]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.323467] ==================================================================
[   15.239864] ==================================================================
[   15.239919] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.240404] Write of size 1 at addr fff00000c0b938ea by task kunit_try_catch/158
[   15.240541] 
[   15.240575] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.241000] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.241044] Hardware name: linux,dummy-virt (DT)
[   15.241348] Call trace:
[   15.241468]  show_stack+0x20/0x38 (C)
[   15.241624]  dump_stack_lvl+0x8c/0xd0
[   15.241695]  print_report+0x118/0x5d0
[   15.241748]  kasan_report+0xdc/0x128
[   15.241793]  __asan_report_store1_noabort+0x20/0x30
[   15.241847]  krealloc_less_oob_helper+0xae4/0xc50
[   15.242151]  krealloc_less_oob+0x20/0x38
[   15.242221]  kunit_try_run_case+0x170/0x3f0
[   15.242277]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.242735]  kthread+0x328/0x630
[   15.242932]  ret_from_fork+0x10/0x20
[   15.243187] 
[   15.243231] Allocated by task 158:
[   15.243365]  kasan_save_stack+0x3c/0x68
[   15.243498]  kasan_save_track+0x20/0x40
[   15.243597]  kasan_save_alloc_info+0x40/0x58
[   15.243810]  __kasan_krealloc+0x118/0x178
[   15.244082]  krealloc_noprof+0x128/0x360
[   15.244259]  krealloc_less_oob_helper+0x168/0xc50
[   15.244507]  krealloc_less_oob+0x20/0x38
[   15.244552]  kunit_try_run_case+0x170/0x3f0
[   15.244763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.245105]  kthread+0x328/0x630
[   15.245212]  ret_from_fork+0x10/0x20
[   15.245501] 
[   15.245686] The buggy address belongs to the object at fff00000c0b93800
[   15.245686]  which belongs to the cache kmalloc-256 of size 256
[   15.246114] The buggy address is located 33 bytes to the right of
[   15.246114]  allocated 201-byte region [fff00000c0b93800, fff00000c0b938c9)
[   15.246604] 
[   15.246688] The buggy address belongs to the physical page:
[   15.246768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.246838] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.247075] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.247296] page_type: f5(slab)
[   15.247398] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.247452] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.247549] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.247839] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.248088] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.248145] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.248331] page dumped because: kasan: bad access detected
[   15.248528] 
[   15.248584] Memory state around the buggy address:
[   15.248701]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.248773]  fff00000c0b93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.249000] >fff00000c0b93880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.249089]                                                           ^
[   15.249130]  fff00000c0b93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.249295]  fff00000c0b93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.249343] ==================================================================
[   15.294493] ==================================================================
[   15.294538] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.295164] Write of size 1 at addr fff00000c65060d0 by task kunit_try_catch/162
[   15.295247] 
[   15.295309] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.295540] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.295570] Hardware name: linux,dummy-virt (DT)
[   15.295861] Call trace:
[   15.295989]  show_stack+0x20/0x38 (C)
[   15.296097]  dump_stack_lvl+0x8c/0xd0
[   15.296256]  print_report+0x118/0x5d0
[   15.296346]  kasan_report+0xdc/0x128
[   15.296920]  __asan_report_store1_noabort+0x20/0x30
[   15.297055]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.297172]  krealloc_large_less_oob+0x20/0x38
[   15.297327]  kunit_try_run_case+0x170/0x3f0
[   15.297416]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.297846]  kthread+0x328/0x630
[   15.297959]  ret_from_fork+0x10/0x20
[   15.298047] 
[   15.298820] The buggy address belongs to the physical page:
[   15.298938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.299023] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.299080] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.299353] page_type: f8(unknown)
[   15.299934] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.300021] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.300074] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.300539] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.300795] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.300882] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.300925] page dumped because: kasan: bad access detected
[   15.301228] 
[   15.301268] Memory state around the buggy address:
[   15.301387]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.301495]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.301734] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.301859]                                                  ^
[   15.302012]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.302157]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.302282] ==================================================================
[   15.208981] ==================================================================
[   15.209504] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.209757] Write of size 1 at addr fff00000c0b938c9 by task kunit_try_catch/158
[   15.209867] 
[   15.209904] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.210259] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.210303] Hardware name: linux,dummy-virt (DT)
[   15.210337] Call trace:
[   15.210359]  show_stack+0x20/0x38 (C)
[   15.210718]  dump_stack_lvl+0x8c/0xd0
[   15.210950]  print_report+0x118/0x5d0
[   15.211032]  kasan_report+0xdc/0x128
[   15.211078]  __asan_report_store1_noabort+0x20/0x30
[   15.211130]  krealloc_less_oob_helper+0xa48/0xc50
[   15.211177]  krealloc_less_oob+0x20/0x38
[   15.211502]  kunit_try_run_case+0x170/0x3f0
[   15.211686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.211748]  kthread+0x328/0x630
[   15.212301]  ret_from_fork+0x10/0x20
[   15.212529] 
[   15.212614] Allocated by task 158:
[   15.212774]  kasan_save_stack+0x3c/0x68
[   15.212906]  kasan_save_track+0x20/0x40
[   15.212976]  kasan_save_alloc_info+0x40/0x58
[   15.213209]  __kasan_krealloc+0x118/0x178
[   15.213410]  krealloc_noprof+0x128/0x360
[   15.213605]  krealloc_less_oob_helper+0x168/0xc50
[   15.213743]  krealloc_less_oob+0x20/0x38
[   15.213908]  kunit_try_run_case+0x170/0x3f0
[   15.214134]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.214235]  kthread+0x328/0x630
[   15.214553]  ret_from_fork+0x10/0x20
[   15.214732] 
[   15.215024] The buggy address belongs to the object at fff00000c0b93800
[   15.215024]  which belongs to the cache kmalloc-256 of size 256
[   15.215269] The buggy address is located 0 bytes to the right of
[   15.215269]  allocated 201-byte region [fff00000c0b93800, fff00000c0b938c9)
[   15.215378] 
[   15.215400] The buggy address belongs to the physical page:
[   15.215431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.215489] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.215985] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.216077] page_type: f5(slab)
[   15.216198] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.216291] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.216522] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.216604] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.216791] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.217002] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.217092] page dumped because: kasan: bad access detected
[   15.217315] 
[   15.217424] Memory state around the buggy address:
[   15.217677]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.217879]  fff00000c0b93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.217940] >fff00000c0b93880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.218001]                                               ^
[   15.218044]  fff00000c0b93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.218108]  fff00000c0b93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.218154] ==================================================================
[   15.230304] ==================================================================
[   15.230536] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.230608] Write of size 1 at addr fff00000c0b938da by task kunit_try_catch/158
[   15.230670] 
[   15.230699] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.231254] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.231388] Hardware name: linux,dummy-virt (DT)
[   15.231465] Call trace:
[   15.231592]  show_stack+0x20/0x38 (C)
[   15.231646]  dump_stack_lvl+0x8c/0xd0
[   15.231842]  print_report+0x118/0x5d0
[   15.232155]  kasan_report+0xdc/0x128
[   15.232251]  __asan_report_store1_noabort+0x20/0x30
[   15.232339]  krealloc_less_oob_helper+0xa80/0xc50
[   15.232503]  krealloc_less_oob+0x20/0x38
[   15.232598]  kunit_try_run_case+0x170/0x3f0
[   15.232882]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.233090]  kthread+0x328/0x630
[   15.233231]  ret_from_fork+0x10/0x20
[   15.233357] 
[   15.233546] Allocated by task 158:
[   15.233655]  kasan_save_stack+0x3c/0x68
[   15.233827]  kasan_save_track+0x20/0x40
[   15.234299]  kasan_save_alloc_info+0x40/0x58
[   15.234729]  __kasan_krealloc+0x118/0x178
[   15.234809]  krealloc_noprof+0x128/0x360
[   15.234864]  krealloc_less_oob_helper+0x168/0xc50
[   15.234935]  krealloc_less_oob+0x20/0x38
[   15.234972]  kunit_try_run_case+0x170/0x3f0
[   15.235219]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.235456]  kthread+0x328/0x630
[   15.235562]  ret_from_fork+0x10/0x20
[   15.235644] 
[   15.235918] The buggy address belongs to the object at fff00000c0b93800
[   15.235918]  which belongs to the cache kmalloc-256 of size 256
[   15.235981] The buggy address is located 17 bytes to the right of
[   15.235981]  allocated 201-byte region [fff00000c0b93800, fff00000c0b938c9)
[   15.236424] 
[   15.236602] The buggy address belongs to the physical page:
[   15.236704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.236797] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.236845] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.236917] page_type: f5(slab)
[   15.236956] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.237031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.237084] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.237132] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.237191] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.237245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.237293] page dumped because: kasan: bad access detected
[   15.237325] 
[   15.237343] Memory state around the buggy address:
[   15.237379]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237437]  fff00000c0b93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.237489] >fff00000c0b93880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.237535]                                                     ^
[   15.237572]  fff00000c0b93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237614]  fff00000c0b93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237652] ==================================================================
[   15.289022] ==================================================================
[   15.289085] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.289150] Write of size 1 at addr fff00000c65060c9 by task kunit_try_catch/162
[   15.289632] 
[   15.289717] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.289903] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.289962] Hardware name: linux,dummy-virt (DT)
[   15.290031] Call trace:
[   15.290138]  show_stack+0x20/0x38 (C)
[   15.290214]  dump_stack_lvl+0x8c/0xd0
[   15.290415]  print_report+0x118/0x5d0
[   15.290548]  kasan_report+0xdc/0x128
[   15.290736]  __asan_report_store1_noabort+0x20/0x30
[   15.290869]  krealloc_less_oob_helper+0xa48/0xc50
[   15.290921]  krealloc_large_less_oob+0x20/0x38
[   15.290968]  kunit_try_run_case+0x170/0x3f0
[   15.291014]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.291070]  kthread+0x328/0x630
[   15.291113]  ret_from_fork+0x10/0x20
[   15.291836] 
[   15.291905] The buggy address belongs to the physical page:
[   15.292283] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.292421] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.292539] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.292697] page_type: f8(unknown)
[   15.292776] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.292863] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.293153] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.293394] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.293480] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.293539] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.293621] page dumped because: kasan: bad access detected
[   15.293663] 
[   15.293680] Memory state around the buggy address:
[   15.293718]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.293761]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.293814] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.293865]                                               ^
[   15.293902]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.293955]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.294002] ==================================================================
[   15.304465] ==================================================================
[   15.304514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.304843] Write of size 1 at addr fff00000c65060da by task kunit_try_catch/162
[   15.304921] 
[   15.305205] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.305362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.305394] Hardware name: linux,dummy-virt (DT)
[   15.305424] Call trace:
[   15.305483]  show_stack+0x20/0x38 (C)
[   15.305951]  dump_stack_lvl+0x8c/0xd0
[   15.306260]  print_report+0x118/0x5d0
[   15.306355]  kasan_report+0xdc/0x128
[   15.306557]  __asan_report_store1_noabort+0x20/0x30
[   15.306774]  krealloc_less_oob_helper+0xa80/0xc50
[   15.306917]  krealloc_large_less_oob+0x20/0x38
[   15.306976]  kunit_try_run_case+0x170/0x3f0
[   15.307321]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.307501]  kthread+0x328/0x630
[   15.307582]  ret_from_fork+0x10/0x20
[   15.307930] 
[   15.307965] The buggy address belongs to the physical page:
[   15.308033] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.308159] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.308302] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.308518] page_type: f8(unknown)
[   15.308749] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.308972] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.309172] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.309229] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.309331] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.309399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.309462] page dumped because: kasan: bad access detected
[   15.309494] 
[   15.309512] Memory state around the buggy address:
[   15.309545]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.309588]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.309652] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.309690]                                                     ^
[   15.309737]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.309790]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.309828] ==================================================================
[   15.311865] ==================================================================
[   15.312236] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.312323] Write of size 1 at addr fff00000c65060ea by task kunit_try_catch/162
[   15.312376] 
[   15.312609] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.312872] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.313087] Hardware name: linux,dummy-virt (DT)
[   15.313144] Call trace:
[   15.313166]  show_stack+0x20/0x38 (C)
[   15.313455]  dump_stack_lvl+0x8c/0xd0
[   15.313620]  print_report+0x118/0x5d0
[   15.313692]  kasan_report+0xdc/0x128
[   15.313788]  __asan_report_store1_noabort+0x20/0x30
[   15.313995]  krealloc_less_oob_helper+0xae4/0xc50
[   15.314058]  krealloc_large_less_oob+0x20/0x38
[   15.314248]  kunit_try_run_case+0x170/0x3f0
[   15.314368]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.314740]  kthread+0x328/0x630
[   15.314992]  ret_from_fork+0x10/0x20
[   15.315436] 
[   15.315608] The buggy address belongs to the physical page:
[   15.315667] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.315864] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.316157] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.316370] page_type: f8(unknown)
[   15.316474] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.316608] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.316801] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.317204] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.317290] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.317428] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.317471] page dumped because: kasan: bad access detected
[   15.317502] 
[   15.317519] Memory state around the buggy address:
[   15.317551]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.317611]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.317654] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.317690]                                                           ^
[   15.317737]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.317780]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.317821] ==================================================================
[   15.249833] ==================================================================
[   15.249896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.250648] Write of size 1 at addr fff00000c0b938eb by task kunit_try_catch/158
[   15.250722] 
[   15.250752] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.251447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.251523] Hardware name: linux,dummy-virt (DT)
[   15.251754] Call trace:
[   15.251839]  show_stack+0x20/0x38 (C)
[   15.252036]  dump_stack_lvl+0x8c/0xd0
[   15.252162]  print_report+0x118/0x5d0
[   15.252325]  kasan_report+0xdc/0x128
[   15.252432]  __asan_report_store1_noabort+0x20/0x30
[   15.252640]  krealloc_less_oob_helper+0xa58/0xc50
[   15.252901]  krealloc_less_oob+0x20/0x38
[   15.253037]  kunit_try_run_case+0x170/0x3f0
[   15.253318]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.253498]  kthread+0x328/0x630
[   15.253675]  ret_from_fork+0x10/0x20
[   15.253892] 
[   15.253912] Allocated by task 158:
[   15.254146]  kasan_save_stack+0x3c/0x68
[   15.254306]  kasan_save_track+0x20/0x40
[   15.254604]  kasan_save_alloc_info+0x40/0x58
[   15.254827]  __kasan_krealloc+0x118/0x178
[   15.254897]  krealloc_noprof+0x128/0x360
[   15.254936]  krealloc_less_oob_helper+0x168/0xc50
[   15.255005]  krealloc_less_oob+0x20/0x38
[   15.255268]  kunit_try_run_case+0x170/0x3f0
[   15.255595]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.255672]  kthread+0x328/0x630
[   15.255779]  ret_from_fork+0x10/0x20
[   15.255844] 
[   15.255885] The buggy address belongs to the object at fff00000c0b93800
[   15.255885]  which belongs to the cache kmalloc-256 of size 256
[   15.255958] The buggy address is located 34 bytes to the right of
[   15.255958]  allocated 201-byte region [fff00000c0b93800, fff00000c0b938c9)
[   15.256054] 
[   15.256073] The buggy address belongs to the physical page:
[   15.256103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.256162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.256224] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.256275] page_type: f5(slab)
[   15.256329] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.256379] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.256445] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.256496] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.256559] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.256609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.256657] page dumped because: kasan: bad access detected
[   15.256696] 
[   15.256714] Memory state around the buggy address:
[   15.256750]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.256808]  fff00000c0b93800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.256868] >fff00000c0b93880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.256906]                                                           ^
[   15.256954]  fff00000c0b93900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.256996]  fff00000c0b93980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.257034] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30FwNKrR0chZl8JxQ9oDLeGgEf1

job_id

TEST:linaro@lkft#30FwR2fRkzTBthaEGsn2oSNBiak

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30FwR2fRkzTBthaEGsn2oSNBiak

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwONNWGijICJ48AAbFba1EVUs/Image.gz
sha256sum	8534d3ff5e7130a7351acf1ba2c07ffa9e7df27300561ffd2317b7b702473270

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwONNWGijICJ48AAbFba1EVUs/modules.tar.xz
sha256sum	f24656ab0c8f4ea78058682076f4e8713969b8fbd25774a6621886c8181a329c

durations

tests

boot	0
kunit	171.73

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.345442] ==================================================================
[   12.345778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.346076] Write of size 1 at addr ffff888100a1c8d0 by task kunit_try_catch/175
[   12.346664] 
[   12.346774] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.346829] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.346841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.346860] Call Trace:
[   12.346871]  <TASK>
[   12.346884]  dump_stack_lvl+0x73/0xb0
[   12.346912]  print_report+0xd1/0x610
[   12.346933]  ? __virt_addr_valid+0x1db/0x2d0
[   12.346954]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.346977]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.346998]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.347021]  kasan_report+0x141/0x180
[   12.347042]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.347070]  __asan_report_store1_noabort+0x1b/0x30
[   12.347093]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.347118]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.347141]  ? finish_task_switch.isra.0+0x153/0x700
[   12.347161]  ? __switch_to+0x47/0xf50
[   12.347185]  ? __schedule+0x10c6/0x2b60
[   12.347207]  ? __pfx_read_tsc+0x10/0x10
[   12.347230]  krealloc_less_oob+0x1c/0x30
[   12.347250]  kunit_try_run_case+0x1a5/0x480
[   12.347275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.347297]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.347320]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.347342]  ? __kthread_parkme+0x82/0x180
[   12.347361]  ? preempt_count_sub+0x50/0x80
[   12.347383]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.347459]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.347482]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.347505]  kthread+0x337/0x6f0
[   12.347525]  ? trace_preempt_on+0x20/0xc0
[   12.347546]  ? __pfx_kthread+0x10/0x10
[   12.347566]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.347587]  ? calculate_sigpending+0x7b/0xa0
[   12.347610]  ? __pfx_kthread+0x10/0x10
[   12.347630]  ret_from_fork+0x116/0x1d0
[   12.347648]  ? __pfx_kthread+0x10/0x10
[   12.347668]  ret_from_fork_asm+0x1a/0x30
[   12.347697]  </TASK>
[   12.347706] 
[   12.355467] Allocated by task 175:
[   12.355643]  kasan_save_stack+0x45/0x70
[   12.355861]  kasan_save_track+0x18/0x40
[   12.356017]  kasan_save_alloc_info+0x3b/0x50
[   12.356297]  __kasan_krealloc+0x190/0x1f0
[   12.356469]  krealloc_noprof+0xf3/0x340
[   12.356605]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.356769]  krealloc_less_oob+0x1c/0x30
[   12.356923]  kunit_try_run_case+0x1a5/0x480
[   12.357074]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.357251]  kthread+0x337/0x6f0
[   12.357372]  ret_from_fork+0x116/0x1d0
[   12.357505]  ret_from_fork_asm+0x1a/0x30
[   12.357645] 
[   12.357744] The buggy address belongs to the object at ffff888100a1c800
[   12.357744]  which belongs to the cache kmalloc-256 of size 256
[   12.358747] The buggy address is located 7 bytes to the right of
[   12.358747]  allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9)
[   12.359578] 
[   12.359656] The buggy address belongs to the physical page:
[   12.359843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   12.360087] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.360321] flags: 0x200000000000040(head|node=0|zone=2)
[   12.360577] page_type: f5(slab)
[   12.360746] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.361157] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.363113] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.363734] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.364103] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   12.364563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.364946] page dumped because: kasan: bad access detected
[   12.365549] 
[   12.365792] Memory state around the buggy address:
[   12.366183]  ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.366541]  ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.366864] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.367389]                                                  ^
[   12.367875]  ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.368615]  ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.369164] ==================================================================
[   12.546458] ==================================================================
[   12.546771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.547138] Write of size 1 at addr ffff8881029520eb by task kunit_try_catch/179
[   12.547565] 
[   12.547669] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.547710] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.547721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.547741] Call Trace:
[   12.547755]  <TASK>
[   12.547769]  dump_stack_lvl+0x73/0xb0
[   12.547796]  print_report+0xd1/0x610
[   12.547830]  ? __virt_addr_valid+0x1db/0x2d0
[   12.547852]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.547875]  ? kasan_addr_to_slab+0x11/0xa0
[   12.547894]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.547917]  kasan_report+0x141/0x180
[   12.547939]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.547967]  __asan_report_store1_noabort+0x1b/0x30
[   12.547990]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.548015]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.548040]  ? finish_task_switch.isra.0+0x153/0x700
[   12.548062]  ? __switch_to+0x47/0xf50
[   12.548086]  ? __schedule+0x10c6/0x2b60
[   12.548143]  ? __pfx_read_tsc+0x10/0x10
[   12.548167]  krealloc_large_less_oob+0x1c/0x30
[   12.548190]  kunit_try_run_case+0x1a5/0x480
[   12.548215]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.548237]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.548259]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.548283]  ? __kthread_parkme+0x82/0x180
[   12.548303]  ? preempt_count_sub+0x50/0x80
[   12.548325]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.548349]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.548371]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.548394]  kthread+0x337/0x6f0
[   12.548414]  ? trace_preempt_on+0x20/0xc0
[   12.548435]  ? __pfx_kthread+0x10/0x10
[   12.548455]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.548475]  ? calculate_sigpending+0x7b/0xa0
[   12.548499]  ? __pfx_kthread+0x10/0x10
[   12.548520]  ret_from_fork+0x116/0x1d0
[   12.548537]  ? __pfx_kthread+0x10/0x10
[   12.548558]  ret_from_fork_asm+0x1a/0x30
[   12.548588]  </TASK>
[   12.548597] 
[   12.556321] The buggy address belongs to the physical page:
[   12.556523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.556878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.557264] flags: 0x200000000000040(head|node=0|zone=2)
[   12.557484] page_type: f8(unknown)
[   12.557634] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.557906] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.558130] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.558432] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.558868] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.559420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.559667] page dumped because: kasan: bad access detected
[   12.559936] 
[   12.560025] Memory state around the buggy address:
[   12.560318]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.560600]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.560894] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.561206]                                                           ^
[   12.561402]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.561613]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.562415] ==================================================================
[   12.493683] ==================================================================
[   12.493997] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.494496] Write of size 1 at addr ffff8881029520d0 by task kunit_try_catch/179
[   12.494797] 
[   12.494916] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.494957] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.494968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.494988] Call Trace:
[   12.495000]  <TASK>
[   12.495014]  dump_stack_lvl+0x73/0xb0
[   12.495041]  print_report+0xd1/0x610
[   12.495062]  ? __virt_addr_valid+0x1db/0x2d0
[   12.495083]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.495115]  ? kasan_addr_to_slab+0x11/0xa0
[   12.495134]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.495158]  kasan_report+0x141/0x180
[   12.495179]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.495206]  __asan_report_store1_noabort+0x1b/0x30
[   12.495229]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.495254]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.495278]  ? finish_task_switch.isra.0+0x153/0x700
[   12.495299]  ? __switch_to+0x47/0xf50
[   12.495324]  ? __schedule+0x10c6/0x2b60
[   12.495345]  ? __pfx_read_tsc+0x10/0x10
[   12.495368]  krealloc_large_less_oob+0x1c/0x30
[   12.495390]  kunit_try_run_case+0x1a5/0x480
[   12.495413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.495435]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.495457]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.495479]  ? __kthread_parkme+0x82/0x180
[   12.495499]  ? preempt_count_sub+0x50/0x80
[   12.495521]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.495544]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.495566]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.495589]  kthread+0x337/0x6f0
[   12.495608]  ? trace_preempt_on+0x20/0xc0
[   12.495629]  ? __pfx_kthread+0x10/0x10
[   12.495649]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.495670]  ? calculate_sigpending+0x7b/0xa0
[   12.495692]  ? __pfx_kthread+0x10/0x10
[   12.495713]  ret_from_fork+0x116/0x1d0
[   12.495730]  ? __pfx_kthread+0x10/0x10
[   12.495750]  ret_from_fork_asm+0x1a/0x30
[   12.495779]  </TASK>
[   12.495788] 
[   12.504670] The buggy address belongs to the physical page:
[   12.504959] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.505426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.505705] flags: 0x200000000000040(head|node=0|zone=2)
[   12.505934] page_type: f8(unknown)
[   12.506114] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.506524] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.507111] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.507492] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.507799] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.508127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.508480] page dumped because: kasan: bad access detected
[   12.508656] 
[   12.508755] Memory state around the buggy address:
[   12.508997]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.509462]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.509683] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.510015]                                                  ^
[   12.510468]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.510806]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.511309] ==================================================================
[   12.528405] ==================================================================
[   12.528731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.529118] Write of size 1 at addr ffff8881029520ea by task kunit_try_catch/179
[   12.529517] 
[   12.529610] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.529651] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.529662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.529681] Call Trace:
[   12.529695]  <TASK>
[   12.529708]  dump_stack_lvl+0x73/0xb0
[   12.529734]  print_report+0xd1/0x610
[   12.529754]  ? __virt_addr_valid+0x1db/0x2d0
[   12.529774]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.529797]  ? kasan_addr_to_slab+0x11/0xa0
[   12.529829]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.529853]  kasan_report+0x141/0x180
[   12.529874]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.529901]  __asan_report_store1_noabort+0x1b/0x30
[   12.529924]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.529949]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.529972]  ? finish_task_switch.isra.0+0x153/0x700
[   12.529993]  ? __switch_to+0x47/0xf50
[   12.530016]  ? __schedule+0x10c6/0x2b60
[   12.530038]  ? __pfx_read_tsc+0x10/0x10
[   12.530060]  krealloc_large_less_oob+0x1c/0x30
[   12.530082]  kunit_try_run_case+0x1a5/0x480
[   12.530115]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.530137]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.530159]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.530181]  ? __kthread_parkme+0x82/0x180
[   12.530200]  ? preempt_count_sub+0x50/0x80
[   12.530222]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.530245]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.530267]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.530290]  kthread+0x337/0x6f0
[   12.530309]  ? trace_preempt_on+0x20/0xc0
[   12.530330]  ? __pfx_kthread+0x10/0x10
[   12.530350]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.530370]  ? calculate_sigpending+0x7b/0xa0
[   12.530393]  ? __pfx_kthread+0x10/0x10
[   12.530413]  ret_from_fork+0x116/0x1d0
[   12.530431]  ? __pfx_kthread+0x10/0x10
[   12.530450]  ret_from_fork_asm+0x1a/0x30
[   12.530479]  </TASK>
[   12.530489] 
[   12.538534] The buggy address belongs to the physical page:
[   12.538902] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.539561] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.539851] flags: 0x200000000000040(head|node=0|zone=2)
[   12.540109] page_type: f8(unknown)
[   12.540559] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.540933] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.541592] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.541928] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.542278] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.542618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.542978] page dumped because: kasan: bad access detected
[   12.543209] 
[   12.543279] Memory state around the buggy address:
[   12.543431]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.543641]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.544164] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.544824]                                                           ^
[   12.545336]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.545575]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.545859] ==================================================================
[   12.369855] ==================================================================
[   12.370099] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.370498] Write of size 1 at addr ffff888100a1c8da by task kunit_try_catch/175
[   12.370914] 
[   12.371011] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.371054] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.371065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.371085] Call Trace:
[   12.371102]  <TASK>
[   12.371117]  dump_stack_lvl+0x73/0xb0
[   12.371143]  print_report+0xd1/0x610
[   12.371164]  ? __virt_addr_valid+0x1db/0x2d0
[   12.371185]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.371207]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.371239]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.371263]  kasan_report+0x141/0x180
[   12.371285]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.371312]  __asan_report_store1_noabort+0x1b/0x30
[   12.371336]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.371361]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.371384]  ? finish_task_switch.isra.0+0x153/0x700
[   12.371405]  ? __switch_to+0x47/0xf50
[   12.371429]  ? __schedule+0x10c6/0x2b60
[   12.371451]  ? __pfx_read_tsc+0x10/0x10
[   12.371474]  krealloc_less_oob+0x1c/0x30
[   12.371495]  kunit_try_run_case+0x1a5/0x480
[   12.371520]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.371541]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.371564]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.371586]  ? __kthread_parkme+0x82/0x180
[   12.371605]  ? preempt_count_sub+0x50/0x80
[   12.371627]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.371650]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.371672]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.371695]  kthread+0x337/0x6f0
[   12.371713]  ? trace_preempt_on+0x20/0xc0
[   12.371735]  ? __pfx_kthread+0x10/0x10
[   12.371754]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.371775]  ? calculate_sigpending+0x7b/0xa0
[   12.371797]  ? __pfx_kthread+0x10/0x10
[   12.371828]  ret_from_fork+0x116/0x1d0
[   12.371845]  ? __pfx_kthread+0x10/0x10
[   12.371865]  ret_from_fork_asm+0x1a/0x30
[   12.371894]  </TASK>
[   12.371903] 
[   12.380264] Allocated by task 175:
[   12.380530]  kasan_save_stack+0x45/0x70
[   12.380725]  kasan_save_track+0x18/0x40
[   12.380932]  kasan_save_alloc_info+0x3b/0x50
[   12.381115]  __kasan_krealloc+0x190/0x1f0
[   12.381254]  krealloc_noprof+0xf3/0x340
[   12.381584]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.381794]  krealloc_less_oob+0x1c/0x30
[   12.381944]  kunit_try_run_case+0x1a5/0x480
[   12.382435]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.382734]  kthread+0x337/0x6f0
[   12.382921]  ret_from_fork+0x116/0x1d0
[   12.383084]  ret_from_fork_asm+0x1a/0x30
[   12.383225] 
[   12.383300] The buggy address belongs to the object at ffff888100a1c800
[   12.383300]  which belongs to the cache kmalloc-256 of size 256
[   12.383788] The buggy address is located 17 bytes to the right of
[   12.383788]  allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9)
[   12.384617] 
[   12.384690] The buggy address belongs to the physical page:
[   12.384876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   12.385537] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.385853] flags: 0x200000000000040(head|node=0|zone=2)
[   12.386036] page_type: f5(slab)
[   12.386194] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.386695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.387043] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.387311] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.387805] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   12.388069] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.388491] page dumped because: kasan: bad access detected
[   12.388938] 
[   12.389018] Memory state around the buggy address:
[   12.389195]  ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.389540]  ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.389926] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.390227]                                                     ^
[   12.390502]  ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.390949]  ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.391287] ==================================================================
[   12.413176] ==================================================================
[   12.413526] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.413864] Write of size 1 at addr ffff888100a1c8eb by task kunit_try_catch/175
[   12.414227] 
[   12.414339] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.414380] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.414391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.414411] Call Trace:
[   12.414424]  <TASK>
[   12.414437]  dump_stack_lvl+0x73/0xb0
[   12.414463]  print_report+0xd1/0x610
[   12.414484]  ? __virt_addr_valid+0x1db/0x2d0
[   12.414504]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.414527]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.414548]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.414571]  kasan_report+0x141/0x180
[   12.414592]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.414620]  __asan_report_store1_noabort+0x1b/0x30
[   12.414643]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.414668]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.414691]  ? finish_task_switch.isra.0+0x153/0x700
[   12.414713]  ? __switch_to+0x47/0xf50
[   12.414737]  ? __schedule+0x10c6/0x2b60
[   12.414758]  ? __pfx_read_tsc+0x10/0x10
[   12.414781]  krealloc_less_oob+0x1c/0x30
[   12.414802]  kunit_try_run_case+0x1a5/0x480
[   12.414837]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.414859]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.414882]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.414904]  ? __kthread_parkme+0x82/0x180
[   12.414923]  ? preempt_count_sub+0x50/0x80
[   12.414945]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.414968]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.414990]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.415012]  kthread+0x337/0x6f0
[   12.415031]  ? trace_preempt_on+0x20/0xc0
[   12.415053]  ? __pfx_kthread+0x10/0x10
[   12.415073]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.415093]  ? calculate_sigpending+0x7b/0xa0
[   12.415116]  ? __pfx_kthread+0x10/0x10
[   12.415136]  ret_from_fork+0x116/0x1d0
[   12.415154]  ? __pfx_kthread+0x10/0x10
[   12.415173]  ret_from_fork_asm+0x1a/0x30
[   12.415236]  </TASK>
[   12.415248] 
[   12.422744] Allocated by task 175:
[   12.422892]  kasan_save_stack+0x45/0x70
[   12.423037]  kasan_save_track+0x18/0x40
[   12.423175]  kasan_save_alloc_info+0x3b/0x50
[   12.423325]  __kasan_krealloc+0x190/0x1f0
[   12.423512]  krealloc_noprof+0xf3/0x340
[   12.423703]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.424053]  krealloc_less_oob+0x1c/0x30
[   12.424594]  kunit_try_run_case+0x1a5/0x480
[   12.424825]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.425103]  kthread+0x337/0x6f0
[   12.425343]  ret_from_fork+0x116/0x1d0
[   12.425535]  ret_from_fork_asm+0x1a/0x30
[   12.425730] 
[   12.425837] The buggy address belongs to the object at ffff888100a1c800
[   12.425837]  which belongs to the cache kmalloc-256 of size 256
[   12.426472] The buggy address is located 34 bytes to the right of
[   12.426472]  allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9)
[   12.427014] 
[   12.427134] The buggy address belongs to the physical page:
[   12.427460] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   12.427835] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.428183] flags: 0x200000000000040(head|node=0|zone=2)
[   12.428428] page_type: f5(slab)
[   12.428588] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.428934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.429268] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.429602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.430005] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   12.430569] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.430880] page dumped because: kasan: bad access detected
[   12.431167] 
[   12.431329] Memory state around the buggy address:
[   12.431555]  ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.431889]  ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.432292] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.432607]                                                           ^
[   12.432911]  ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.433313]  ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.433564] ==================================================================
[   12.323138] ==================================================================
[   12.324414] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.324719] Write of size 1 at addr ffff888100a1c8c9 by task kunit_try_catch/175
[   12.325000] 
[   12.325110] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.325151] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.325163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.325183] Call Trace:
[   12.325195]  <TASK>
[   12.325209]  dump_stack_lvl+0x73/0xb0
[   12.325237]  print_report+0xd1/0x610
[   12.325258]  ? __virt_addr_valid+0x1db/0x2d0
[   12.325279]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.325303]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.325324]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.325347]  kasan_report+0x141/0x180
[   12.325368]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.325396]  __asan_report_store1_noabort+0x1b/0x30
[   12.325419]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.325444]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.325467]  ? finish_task_switch.isra.0+0x153/0x700
[   12.325489]  ? __switch_to+0x47/0xf50
[   12.325515]  ? __schedule+0x10c6/0x2b60
[   12.325536]  ? __pfx_read_tsc+0x10/0x10
[   12.325559]  krealloc_less_oob+0x1c/0x30
[   12.325580]  kunit_try_run_case+0x1a5/0x480
[   12.325604]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.325626]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.325649]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.325671]  ? __kthread_parkme+0x82/0x180
[   12.325691]  ? preempt_count_sub+0x50/0x80
[   12.325713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.325736]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.325758]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.325781]  kthread+0x337/0x6f0
[   12.325801]  ? trace_preempt_on+0x20/0xc0
[   12.325834]  ? __pfx_kthread+0x10/0x10
[   12.325854]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.325875]  ? calculate_sigpending+0x7b/0xa0
[   12.325898]  ? __pfx_kthread+0x10/0x10
[   12.325918]  ret_from_fork+0x116/0x1d0
[   12.325936]  ? __pfx_kthread+0x10/0x10
[   12.325956]  ret_from_fork_asm+0x1a/0x30
[   12.325985]  </TASK>
[   12.325995] 
[   12.333860] Allocated by task 175:
[   12.334040]  kasan_save_stack+0x45/0x70
[   12.334508]  kasan_save_track+0x18/0x40
[   12.334724]  kasan_save_alloc_info+0x3b/0x50
[   12.334909]  __kasan_krealloc+0x190/0x1f0
[   12.335054]  krealloc_noprof+0xf3/0x340
[   12.335507]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.335767]  krealloc_less_oob+0x1c/0x30
[   12.335960]  kunit_try_run_case+0x1a5/0x480
[   12.336193]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.336428]  kthread+0x337/0x6f0
[   12.336567]  ret_from_fork+0x116/0x1d0
[   12.336755]  ret_from_fork_asm+0x1a/0x30
[   12.336926] 
[   12.337002] The buggy address belongs to the object at ffff888100a1c800
[   12.337002]  which belongs to the cache kmalloc-256 of size 256
[   12.337752] The buggy address is located 0 bytes to the right of
[   12.337752]  allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9)
[   12.338135] 
[   12.338212] The buggy address belongs to the physical page:
[   12.338392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   12.338719] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.339064] flags: 0x200000000000040(head|node=0|zone=2)
[   12.339679] page_type: f5(slab)
[   12.339863] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.340340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.340668] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.340918] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.341489] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   12.341874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.342367] page dumped because: kasan: bad access detected
[   12.342589] 
[   12.342685] Memory state around the buggy address:
[   12.342873]  ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.343254]  ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.343548] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.343784]                                               ^
[   12.343973]  ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.344598]  ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.344937] ==================================================================
[   12.476702] ==================================================================
[   12.477306] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.477615] Write of size 1 at addr ffff8881029520c9 by task kunit_try_catch/179
[   12.477906] 
[   12.478018] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.478061] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.478072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.478093] Call Trace:
[   12.478106]  <TASK>
[   12.478120]  dump_stack_lvl+0x73/0xb0
[   12.478150]  print_report+0xd1/0x610
[   12.478172]  ? __virt_addr_valid+0x1db/0x2d0
[   12.478195]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.478230]  ? kasan_addr_to_slab+0x11/0xa0
[   12.478250]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.478273]  kasan_report+0x141/0x180
[   12.478294]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.478322]  __asan_report_store1_noabort+0x1b/0x30
[   12.478345]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.478370]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.478394]  ? finish_task_switch.isra.0+0x153/0x700
[   12.478416]  ? __switch_to+0x47/0xf50
[   12.478441]  ? __schedule+0x10c6/0x2b60
[   12.478463]  ? __pfx_read_tsc+0x10/0x10
[   12.478488]  krealloc_large_less_oob+0x1c/0x30
[   12.478510]  kunit_try_run_case+0x1a5/0x480
[   12.478535]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.478557]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.478580]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.478603]  ? __kthread_parkme+0x82/0x180
[   12.478622]  ? preempt_count_sub+0x50/0x80
[   12.478644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.478668]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.478691]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.478713]  kthread+0x337/0x6f0
[   12.478732]  ? trace_preempt_on+0x20/0xc0
[   12.478755]  ? __pfx_kthread+0x10/0x10
[   12.478775]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.478796]  ? calculate_sigpending+0x7b/0xa0
[   12.478831]  ? __pfx_kthread+0x10/0x10
[   12.478852]  ret_from_fork+0x116/0x1d0
[   12.478871]  ? __pfx_kthread+0x10/0x10
[   12.478890]  ret_from_fork_asm+0x1a/0x30
[   12.478920]  </TASK>
[   12.478931] 
[   12.486905] The buggy address belongs to the physical page:
[   12.487125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.487474] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.487702] flags: 0x200000000000040(head|node=0|zone=2)
[   12.488142] page_type: f8(unknown)
[   12.488430] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.488739] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.488993] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.489312] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.489656] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.490254] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.490502] page dumped because: kasan: bad access detected
[   12.490698] 
[   12.490792] Memory state around the buggy address:
[   12.491034]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.491668]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.491946] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.492164]                                               ^
[   12.492422]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.492868]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.493117] ==================================================================
[   12.511655] ==================================================================
[   12.511895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.512451] Write of size 1 at addr ffff8881029520da by task kunit_try_catch/179
[   12.512680] 
[   12.512761] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.512800] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.512823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.512847] Call Trace:
[   12.512860]  <TASK>
[   12.512872]  dump_stack_lvl+0x73/0xb0
[   12.512899]  print_report+0xd1/0x610
[   12.512919]  ? __virt_addr_valid+0x1db/0x2d0
[   12.512940]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.512962]  ? kasan_addr_to_slab+0x11/0xa0
[   12.512983]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.513005]  kasan_report+0x141/0x180
[   12.513026]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.513054]  __asan_report_store1_noabort+0x1b/0x30
[   12.513077]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.513113]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.513137]  ? finish_task_switch.isra.0+0x153/0x700
[   12.513158]  ? __switch_to+0x47/0xf50
[   12.513181]  ? __schedule+0x10c6/0x2b60
[   12.513202]  ? __pfx_read_tsc+0x10/0x10
[   12.513225]  krealloc_large_less_oob+0x1c/0x30
[   12.513248]  kunit_try_run_case+0x1a5/0x480
[   12.513272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.513294]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.513316]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.513339]  ? __kthread_parkme+0x82/0x180
[   12.513358]  ? preempt_count_sub+0x50/0x80
[   12.513380]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.513403]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.513425]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.513521]  kthread+0x337/0x6f0
[   12.513542]  ? trace_preempt_on+0x20/0xc0
[   12.513564]  ? __pfx_kthread+0x10/0x10
[   12.513583]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.513604]  ? calculate_sigpending+0x7b/0xa0
[   12.513626]  ? __pfx_kthread+0x10/0x10
[   12.513647]  ret_from_fork+0x116/0x1d0
[   12.513665]  ? __pfx_kthread+0x10/0x10
[   12.513685]  ret_from_fork_asm+0x1a/0x30
[   12.513713]  </TASK>
[   12.513723] 
[   12.521486] The buggy address belongs to the physical page:
[   12.521876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.522208] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.522909] flags: 0x200000000000040(head|node=0|zone=2)
[   12.523178] page_type: f8(unknown)
[   12.523307] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.523672] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.524040] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.524492] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.524784] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.525034] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.525357] page dumped because: kasan: bad access detected
[   12.525612] 
[   12.525705] Memory state around the buggy address:
[   12.526039]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.526305]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.526937] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.527287]                                                     ^
[   12.527542]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.527837]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.528052] ==================================================================
[   12.391833] ==================================================================
[   12.392151] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.392561] Write of size 1 at addr ffff888100a1c8ea by task kunit_try_catch/175
[   12.392909] 
[   12.393021] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.393062] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.393073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.393093] Call Trace:
[   12.393107]  <TASK>
[   12.393121]  dump_stack_lvl+0x73/0xb0
[   12.393148]  print_report+0xd1/0x610
[   12.393169]  ? __virt_addr_valid+0x1db/0x2d0
[   12.393192]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.393262]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.393285]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.393308]  kasan_report+0x141/0x180
[   12.393330]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.393357]  __asan_report_store1_noabort+0x1b/0x30
[   12.393381]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.393406]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.393453]  ? finish_task_switch.isra.0+0x153/0x700
[   12.393475]  ? __switch_to+0x47/0xf50
[   12.393499]  ? __schedule+0x10c6/0x2b60
[   12.393521]  ? __pfx_read_tsc+0x10/0x10
[   12.393544]  krealloc_less_oob+0x1c/0x30
[   12.393565]  kunit_try_run_case+0x1a5/0x480
[   12.393589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.393611]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.393634]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.393656]  ? __kthread_parkme+0x82/0x180
[   12.393675]  ? preempt_count_sub+0x50/0x80
[   12.393697]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.393721]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.393743]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.393766]  kthread+0x337/0x6f0
[   12.393785]  ? trace_preempt_on+0x20/0xc0
[   12.393807]  ? __pfx_kthread+0x10/0x10
[   12.393838]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.393859]  ? calculate_sigpending+0x7b/0xa0
[   12.393882]  ? __pfx_kthread+0x10/0x10
[   12.393903]  ret_from_fork+0x116/0x1d0
[   12.393921]  ? __pfx_kthread+0x10/0x10
[   12.393941]  ret_from_fork_asm+0x1a/0x30
[   12.393971]  </TASK>
[   12.393981] 
[   12.402282] Allocated by task 175:
[   12.402583]  kasan_save_stack+0x45/0x70
[   12.402777]  kasan_save_track+0x18/0x40
[   12.402964]  kasan_save_alloc_info+0x3b/0x50
[   12.403156]  __kasan_krealloc+0x190/0x1f0
[   12.403428]  krealloc_noprof+0xf3/0x340
[   12.403602]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.403805]  krealloc_less_oob+0x1c/0x30
[   12.403987]  kunit_try_run_case+0x1a5/0x480
[   12.404198]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.404594]  kthread+0x337/0x6f0
[   12.404772]  ret_from_fork+0x116/0x1d0
[   12.404963]  ret_from_fork_asm+0x1a/0x30
[   12.405184] 
[   12.405257] The buggy address belongs to the object at ffff888100a1c800
[   12.405257]  which belongs to the cache kmalloc-256 of size 256
[   12.405956] The buggy address is located 33 bytes to the right of
[   12.405956]  allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9)
[   12.406347] 
[   12.406540] The buggy address belongs to the physical page:
[   12.406797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   12.407265] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.407528] flags: 0x200000000000040(head|node=0|zone=2)
[   12.407781] page_type: f5(slab)
[   12.407937] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.408171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.408405] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.408640] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.409003] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   12.409344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.409694] page dumped because: kasan: bad access detected
[   12.409876] 
[   12.409947] Memory state around the buggy address:
[   12.410143]  ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.410853]  ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.411316] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.411585]                                                           ^
[   12.411789]  ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.412026]  ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.412701] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30FwNKrR0chZl8JxQ9oDLeGgEf1

job_id

TEST:linaro@lkft#30FwRyqi5eF7k6ycwSB1dmi5d1h

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30FwRyqi5eF7k6ycwSB1dmi5d1h

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwP75WO2lZAs6D18BNTrSrzQc/bzImage
sha256sum	de02a38a1e0e36537754570131db9d2ba43a94a4de4de3ca471404ecde060069

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwP75WO2lZAs6D18BNTrSrzQc/modules.tar.xz
sha256sum	76c89c3c5410838d131be6caf03bba5297faf49ed3bb153877ad6287d570cf9b

durations

tests

boot	0
kunit	206.00

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit