Hay
Sign in
Date
July 5, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.962994] ==================================================================
[   17.963028] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.963068] Write of size 1 at addr fff00000c78320f0 by task kunit_try_catch/160
[   17.963123] 
[   17.963495] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.964014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.964057] Hardware name: linux,dummy-virt (DT)
[   17.964173] Call trace:
[   17.964287]  show_stack+0x20/0x38 (C)
[   17.964421]  dump_stack_lvl+0x8c/0xd0
[   17.964466]  print_report+0x118/0x608
[   17.964533]  kasan_report+0xdc/0x128
[   17.964579]  __asan_report_store1_noabort+0x20/0x30
[   17.964812]  krealloc_more_oob_helper+0x5c0/0x678
[   17.964986]  krealloc_large_more_oob+0x20/0x38
[   17.965122]  kunit_try_run_case+0x170/0x3f0
[   17.965244]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.965296]  kthread+0x328/0x630
[   17.965532]  ret_from_fork+0x10/0x20
[   17.965659] 
[   17.965679] The buggy address belongs to the physical page:
[   17.965727] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107830
[   17.965786] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.965830] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.966093] page_type: f8(unknown)
[   17.966174] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.966289] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.966356] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.966402] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.966630] head: 0bfffe0000000002 ffffc1ffc31e0c01 00000000ffffffff 00000000ffffffff
[   17.966716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.966832] page dumped because: kasan: bad access detected
[   17.966958] 
[   17.967047] Memory state around the buggy address:
[   17.967077]  fff00000c7831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.967368]  fff00000c7832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.967490] >fff00000c7832080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.967548]                                                              ^
[   17.967665]  fff00000c7832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.967752]  fff00000c7832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.967788] ==================================================================
[   17.922359] ==================================================================
[   17.922417] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.922493] Write of size 1 at addr fff00000c44ec8f0 by task kunit_try_catch/156
[   17.922541] 
[   17.922585] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.922661] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.922686] Hardware name: linux,dummy-virt (DT)
[   17.922760] Call trace:
[   17.922782]  show_stack+0x20/0x38 (C)
[   17.922919]  dump_stack_lvl+0x8c/0xd0
[   17.923006]  print_report+0x118/0x608
[   17.923071]  kasan_report+0xdc/0x128
[   17.923116]  __asan_report_store1_noabort+0x20/0x30
[   17.923217]  krealloc_more_oob_helper+0x5c0/0x678
[   17.923283]  krealloc_more_oob+0x20/0x38
[   17.923336]  kunit_try_run_case+0x170/0x3f0
[   17.923382]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.923520]  kthread+0x328/0x630
[   17.923590]  ret_from_fork+0x10/0x20
[   17.923639] 
[   17.923657] Allocated by task 156:
[   17.923771]  kasan_save_stack+0x3c/0x68
[   17.923818]  kasan_save_track+0x20/0x40
[   17.923887]  kasan_save_alloc_info+0x40/0x58
[   17.924074]  __kasan_krealloc+0x118/0x178
[   17.924171]  krealloc_noprof+0x128/0x360
[   17.924207]  krealloc_more_oob_helper+0x168/0x678
[   17.924244]  krealloc_more_oob+0x20/0x38
[   17.924301]  kunit_try_run_case+0x170/0x3f0
[   17.924336]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.924378]  kthread+0x328/0x630
[   17.924409]  ret_from_fork+0x10/0x20
[   17.924443] 
[   17.924607] The buggy address belongs to the object at fff00000c44ec800
[   17.924607]  which belongs to the cache kmalloc-256 of size 256
[   17.924762] The buggy address is located 5 bytes to the right of
[   17.924762]  allocated 235-byte region [fff00000c44ec800, fff00000c44ec8eb)
[   17.924914] 
[   17.925027] The buggy address belongs to the physical page:
[   17.925056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec
[   17.925348] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.925474] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.925623] page_type: f5(slab)
[   17.925709] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.925784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.925937] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.926056] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.926190] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff
[   17.926330] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.926444] page dumped because: kasan: bad access detected
[   17.926474] 
[   17.926491] Memory state around the buggy address:
[   17.926724]  fff00000c44ec780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.926838]  fff00000c44ec800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.927005] >fff00000c44ec880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.927146]                                                              ^
[   17.927196]  fff00000c44ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927451]  fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927538] ==================================================================
[   17.915901] ==================================================================
[   17.916003] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.916055] Write of size 1 at addr fff00000c44ec8eb by task kunit_try_catch/156
[   17.916123] 
[   17.916165] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.916508] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.916688] Hardware name: linux,dummy-virt (DT)
[   17.916720] Call trace:
[   17.916779]  show_stack+0x20/0x38 (C)
[   17.916950]  dump_stack_lvl+0x8c/0xd0
[   17.917069]  print_report+0x118/0x608
[   17.917145]  kasan_report+0xdc/0x128
[   17.917203]  __asan_report_store1_noabort+0x20/0x30
[   17.917426]  krealloc_more_oob_helper+0x60c/0x678
[   17.917572]  krealloc_more_oob+0x20/0x38
[   17.917670]  kunit_try_run_case+0x170/0x3f0
[   17.917844]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.917947]  kthread+0x328/0x630
[   17.917988]  ret_from_fork+0x10/0x20
[   17.918174] 
[   17.918194] Allocated by task 156:
[   17.918264]  kasan_save_stack+0x3c/0x68
[   17.918421]  kasan_save_track+0x20/0x40
[   17.918520]  kasan_save_alloc_info+0x40/0x58
[   17.918668]  __kasan_krealloc+0x118/0x178
[   17.918724]  krealloc_noprof+0x128/0x360
[   17.918762]  krealloc_more_oob_helper+0x168/0x678
[   17.918800]  krealloc_more_oob+0x20/0x38
[   17.918834]  kunit_try_run_case+0x170/0x3f0
[   17.918870]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.919132]  kthread+0x328/0x630
[   17.919272]  ret_from_fork+0x10/0x20
[   17.919350] 
[   17.919426] The buggy address belongs to the object at fff00000c44ec800
[   17.919426]  which belongs to the cache kmalloc-256 of size 256
[   17.919550] The buggy address is located 0 bytes to the right of
[   17.919550]  allocated 235-byte region [fff00000c44ec800, fff00000c44ec8eb)
[   17.919641] 
[   17.919693] The buggy address belongs to the physical page:
[   17.919725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec
[   17.919799] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.919925] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.920090] page_type: f5(slab)
[   17.920280] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.920397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.920445] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.920491] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.920537] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff
[   17.920611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.920650] page dumped because: kasan: bad access detected
[   17.920680] 
[   17.920699] Memory state around the buggy address:
[   17.920728]  fff00000c44ec780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.920769]  fff00000c44ec800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.920938] >fff00000c44ec880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.921096]                                                           ^
[   17.921185]  fff00000c44ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.921313]  fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.921402] ==================================================================
[   17.961177] ==================================================================
[   17.961234] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.961283] Write of size 1 at addr fff00000c78320eb by task kunit_try_catch/160
[   17.961337] 
[   17.961368] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.961459] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.961485] Hardware name: linux,dummy-virt (DT)
[   17.961514] Call trace:
[   17.961535]  show_stack+0x20/0x38 (C)
[   17.961581]  dump_stack_lvl+0x8c/0xd0
[   17.961627]  print_report+0x118/0x608
[   17.961673]  kasan_report+0xdc/0x128
[   17.961719]  __asan_report_store1_noabort+0x20/0x30
[   17.961765]  krealloc_more_oob_helper+0x60c/0x678
[   17.961812]  krealloc_large_more_oob+0x20/0x38
[   17.961867]  kunit_try_run_case+0x170/0x3f0
[   17.961912]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.961963]  kthread+0x328/0x630
[   17.962003]  ret_from_fork+0x10/0x20
[   17.962064] 
[   17.962094] The buggy address belongs to the physical page:
[   17.962130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107830
[   17.962191] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.962245] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.962294] page_type: f8(unknown)
[   17.962331] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.962387] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.962434] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.962480] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.962527] head: 0bfffe0000000002 ffffc1ffc31e0c01 00000000ffffffff 00000000ffffffff
[   17.962572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.962611] page dumped because: kasan: bad access detected
[   17.962640] 
[   17.962666] Memory state around the buggy address:
[   17.962696]  fff00000c7831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.962736]  fff00000c7832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.962785] >fff00000c7832080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.962822]                                                           ^
[   17.962859]  fff00000c7832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962901]  fff00000c7832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962940] ==================================================================
Metadata Full log Test run details 

[   13.296647] ==================================================================
[   13.297191] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.297632] Write of size 1 at addr ffff888102afe0eb by task kunit_try_catch/178
[   13.298209] 
[   13.298355] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.298423] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.298436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.298475] Call Trace:
[   13.298490]  <TASK>
[   13.298511]  dump_stack_lvl+0x73/0xb0
[   13.298560]  print_report+0xd1/0x650
[   13.298586]  ? __virt_addr_valid+0x1db/0x2d0
[   13.298613]  ? krealloc_more_oob_helper+0x821/0x930
[   13.298652]  ? kasan_addr_to_slab+0x11/0xa0
[   13.298674]  ? krealloc_more_oob_helper+0x821/0x930
[   13.298702]  kasan_report+0x141/0x180
[   13.298727]  ? krealloc_more_oob_helper+0x821/0x930
[   13.298758]  __asan_report_store1_noabort+0x1b/0x30
[   13.298781]  krealloc_more_oob_helper+0x821/0x930
[   13.298816]  ? __schedule+0x10cc/0x2b60
[   13.298842]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.298869]  ? finish_task_switch.isra.0+0x153/0x700
[   13.298906]  ? __switch_to+0x47/0xf50
[   13.298936]  ? __schedule+0x10cc/0x2b60
[   13.298960]  ? __pfx_read_tsc+0x10/0x10
[   13.299001]  krealloc_large_more_oob+0x1c/0x30
[   13.299026]  kunit_try_run_case+0x1a5/0x480
[   13.299068]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.299092]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.299119]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.299173]  ? __kthread_parkme+0x82/0x180
[   13.299197]  ? preempt_count_sub+0x50/0x80
[   13.299234]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.299259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.299284]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.299309]  kthread+0x337/0x6f0
[   13.299331]  ? trace_preempt_on+0x20/0xc0
[   13.299358]  ? __pfx_kthread+0x10/0x10
[   13.299380]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.299405]  ? calculate_sigpending+0x7b/0xa0
[   13.299432]  ? __pfx_kthread+0x10/0x10
[   13.299456]  ret_from_fork+0x116/0x1d0
[   13.299477]  ? __pfx_kthread+0x10/0x10
[   13.299499]  ret_from_fork_asm+0x1a/0x30
[   13.299534]  </TASK>
[   13.299548] 
[   13.311706] The buggy address belongs to the physical page:
[   13.312172] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc
[   13.312713] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.313222] flags: 0x200000000000040(head|node=0|zone=2)
[   13.313636] page_type: f8(unknown)
[   13.313959] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.314543] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.314950] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.315491] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.315971] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff
[   13.316475] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.316971] page dumped because: kasan: bad access detected
[   13.317402] 
[   13.317520] Memory state around the buggy address:
[   13.317955]  ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.318422]  ffff888102afe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.318851] >ffff888102afe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.319324]                                                           ^
[   13.319724]  ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.320107]  ffff888102afe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.320672] ==================================================================
[   13.058947] ==================================================================
[   13.060398] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.061339] Write of size 1 at addr ffff888100ab80eb by task kunit_try_catch/174
[   13.062492] 
[   13.062633] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.062689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.062704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.062729] Call Trace:
[   13.062744]  <TASK>
[   13.062765]  dump_stack_lvl+0x73/0xb0
[   13.062820]  print_report+0xd1/0x650
[   13.062847]  ? __virt_addr_valid+0x1db/0x2d0
[   13.062874]  ? krealloc_more_oob_helper+0x821/0x930
[   13.062900]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.062925]  ? krealloc_more_oob_helper+0x821/0x930
[   13.062951]  kasan_report+0x141/0x180
[   13.062975]  ? krealloc_more_oob_helper+0x821/0x930
[   13.063006]  __asan_report_store1_noabort+0x1b/0x30
[   13.063028]  krealloc_more_oob_helper+0x821/0x930
[   13.063052]  ? __schedule+0x10cc/0x2b60
[   13.063079]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.063106]  ? finish_task_switch.isra.0+0x153/0x700
[   13.063131]  ? __switch_to+0x47/0xf50
[   13.063160]  ? __schedule+0x10cc/0x2b60
[   13.063183]  ? __pfx_read_tsc+0x10/0x10
[   13.063211]  krealloc_more_oob+0x1c/0x30
[   13.063300]  kunit_try_run_case+0x1a5/0x480
[   13.063349]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.063374]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.063412]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.063438]  ? __kthread_parkme+0x82/0x180
[   13.063462]  ? preempt_count_sub+0x50/0x80
[   13.063488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.063513]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.063538]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.063563]  kthread+0x337/0x6f0
[   13.063584]  ? trace_preempt_on+0x20/0xc0
[   13.063611]  ? __pfx_kthread+0x10/0x10
[   13.063635]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.063659]  ? calculate_sigpending+0x7b/0xa0
[   13.063686]  ? __pfx_kthread+0x10/0x10
[   13.063710]  ret_from_fork+0x116/0x1d0
[   13.063732]  ? __pfx_kthread+0x10/0x10
[   13.063754]  ret_from_fork_asm+0x1a/0x30
[   13.063800]  </TASK>
[   13.063813] 
[   13.074466] Allocated by task 174:
[   13.075032]  kasan_save_stack+0x45/0x70
[   13.075551]  kasan_save_track+0x18/0x40
[   13.075721]  kasan_save_alloc_info+0x3b/0x50
[   13.075921]  __kasan_krealloc+0x190/0x1f0
[   13.076532]  krealloc_noprof+0xf3/0x340
[   13.077808]  krealloc_more_oob_helper+0x1a9/0x930
[   13.078819]  krealloc_more_oob+0x1c/0x30
[   13.079669]  kunit_try_run_case+0x1a5/0x480
[   13.080133]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.080371]  kthread+0x337/0x6f0
[   13.080514]  ret_from_fork+0x116/0x1d0
[   13.080669]  ret_from_fork_asm+0x1a/0x30
[   13.080843] 
[   13.080928] The buggy address belongs to the object at ffff888100ab8000
[   13.080928]  which belongs to the cache kmalloc-256 of size 256
[   13.081496] The buggy address is located 0 bytes to the right of
[   13.081496]  allocated 235-byte region [ffff888100ab8000, ffff888100ab80eb)
[   13.082036] 
[   13.082348] The buggy address belongs to the physical page:
[   13.082575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8
[   13.082877] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.083215] flags: 0x200000000000040(head|node=0|zone=2)
[   13.083818] page_type: f5(slab)
[   13.084186] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.085098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.086045] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.087472] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.088090] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff
[   13.089536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.090205] page dumped because: kasan: bad access detected
[   13.090408] 
[   13.090490] Memory state around the buggy address:
[   13.090666]  ffff888100ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.090920]  ffff888100ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.091159] >ffff888100ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.091390]                                                           ^
[   13.091613]  ffff888100ab8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.092151]  ffff888100ab8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.093706] ==================================================================
[   13.321542] ==================================================================
[   13.321942] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.322994] Write of size 1 at addr ffff888102afe0f0 by task kunit_try_catch/178
[   13.323337] 
[   13.323478] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.323532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.323547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.323572] Call Trace:
[   13.323596]  <TASK>
[   13.323618]  dump_stack_lvl+0x73/0xb0
[   13.323657]  print_report+0xd1/0x650
[   13.323684]  ? __virt_addr_valid+0x1db/0x2d0
[   13.323710]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.323737]  ? kasan_addr_to_slab+0x11/0xa0
[   13.323760]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.323802]  kasan_report+0x141/0x180
[   13.323827]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.323858]  __asan_report_store1_noabort+0x1b/0x30
[   13.323881]  krealloc_more_oob_helper+0x7eb/0x930
[   13.323906]  ? __schedule+0x10cc/0x2b60
[   13.323931]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.323958]  ? finish_task_switch.isra.0+0x153/0x700
[   13.323983]  ? __switch_to+0x47/0xf50
[   13.324012]  ? __schedule+0x10cc/0x2b60
[   13.324036]  ? __pfx_read_tsc+0x10/0x10
[   13.324063]  krealloc_large_more_oob+0x1c/0x30
[   13.324088]  kunit_try_run_case+0x1a5/0x480
[   13.324115]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.324139]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.324165]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.324190]  ? __kthread_parkme+0x82/0x180
[   13.324214]  ? preempt_count_sub+0x50/0x80
[   13.324239]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.324265]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.324289]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.324314]  kthread+0x337/0x6f0
[   13.324335]  ? trace_preempt_on+0x20/0xc0
[   13.324362]  ? __pfx_kthread+0x10/0x10
[   13.324384]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.324408]  ? calculate_sigpending+0x7b/0xa0
[   13.324434]  ? __pfx_kthread+0x10/0x10
[   13.324457]  ret_from_fork+0x116/0x1d0
[   13.324478]  ? __pfx_kthread+0x10/0x10
[   13.324501]  ret_from_fork_asm+0x1a/0x30
[   13.324535]  </TASK>
[   13.324548] 
[   13.332640] The buggy address belongs to the physical page:
[   13.333125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc
[   13.333545] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.333860] flags: 0x200000000000040(head|node=0|zone=2)
[   13.334067] page_type: f8(unknown)
[   13.334239] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.334725] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.335268] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.335570] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.335861] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff
[   13.336144] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.336539] page dumped because: kasan: bad access detected
[   13.336844] 
[   13.336981] Memory state around the buggy address:
[   13.337241]  ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.337620]  ffff888102afe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.337982] >ffff888102afe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.338354]                                                              ^
[   13.338620]  ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.338920]  ffff888102afe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.339287] ==================================================================
[   13.095274] ==================================================================
[   13.095662] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.095973] Write of size 1 at addr ffff888100ab80f0 by task kunit_try_catch/174
[   13.096351] 
[   13.096721] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.096779] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.096808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.096833] Call Trace:
[   13.096849]  <TASK>
[   13.096871]  dump_stack_lvl+0x73/0xb0
[   13.096909]  print_report+0xd1/0x650
[   13.097194]  ? __virt_addr_valid+0x1db/0x2d0
[   13.097224]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.097266]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.097343]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.097371]  kasan_report+0x141/0x180
[   13.097409]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.097441]  __asan_report_store1_noabort+0x1b/0x30
[   13.097466]  krealloc_more_oob_helper+0x7eb/0x930
[   13.097491]  ? __schedule+0x10cc/0x2b60
[   13.097517]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.097545]  ? finish_task_switch.isra.0+0x153/0x700
[   13.097571]  ? __switch_to+0x47/0xf50
[   13.097600]  ? __schedule+0x10cc/0x2b60
[   13.097624]  ? __pfx_read_tsc+0x10/0x10
[   13.097652]  krealloc_more_oob+0x1c/0x30
[   13.097677]  kunit_try_run_case+0x1a5/0x480
[   13.097705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.097729]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.097756]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.097782]  ? __kthread_parkme+0x82/0x180
[   13.097829]  ? preempt_count_sub+0x50/0x80
[   13.097854]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.097881]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.097906]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.097932]  kthread+0x337/0x6f0
[   13.097954]  ? trace_preempt_on+0x20/0xc0
[   13.097981]  ? __pfx_kthread+0x10/0x10
[   13.098005]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.098029]  ? calculate_sigpending+0x7b/0xa0
[   13.098056]  ? __pfx_kthread+0x10/0x10
[   13.098080]  ret_from_fork+0x116/0x1d0
[   13.098101]  ? __pfx_kthread+0x10/0x10
[   13.098124]  ret_from_fork_asm+0x1a/0x30
[   13.098159]  </TASK>
[   13.098173] 
[   13.110662] Allocated by task 174:
[   13.110857]  kasan_save_stack+0x45/0x70
[   13.111033]  kasan_save_track+0x18/0x40
[   13.111222]  kasan_save_alloc_info+0x3b/0x50
[   13.111591]  __kasan_krealloc+0x190/0x1f0
[   13.111810]  krealloc_noprof+0xf3/0x340
[   13.112088]  krealloc_more_oob_helper+0x1a9/0x930
[   13.112591]  krealloc_more_oob+0x1c/0x30
[   13.112871]  kunit_try_run_case+0x1a5/0x480
[   13.113089]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.113524]  kthread+0x337/0x6f0
[   13.113859]  ret_from_fork+0x116/0x1d0
[   13.114153]  ret_from_fork_asm+0x1a/0x30
[   13.114318] 
[   13.114400] The buggy address belongs to the object at ffff888100ab8000
[   13.114400]  which belongs to the cache kmalloc-256 of size 256
[   13.115256] The buggy address is located 5 bytes to the right of
[   13.115256]  allocated 235-byte region [ffff888100ab8000, ffff888100ab80eb)
[   13.116052] 
[   13.116399] The buggy address belongs to the physical page:
[   13.116685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8
[   13.117053] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.117766] flags: 0x200000000000040(head|node=0|zone=2)
[   13.118079] page_type: f5(slab)
[   13.118244] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.118808] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.119375] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.119775] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.120186] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff
[   13.120738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.121159] page dumped because: kasan: bad access detected
[   13.121566] 
[   13.121682] Memory state around the buggy address:
[   13.121925]  ffff888100ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.122494]  ffff888100ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.122910] >ffff888100ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.123355]                                                              ^
[   13.123780]  ffff888100ab8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.124124]  ffff888100ab8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.124734] ==================================================================
Metadata Full log Test run details