Hay
Date
July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86

[   16.782585] ==================================================================
[   16.782691] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.782845] Write of size 1 at addr fff00000c78420eb by task kunit_try_catch/161
[   16.782943] 
[   16.783024] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.783128] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.783162] Hardware name: linux,dummy-virt (DT)
[   16.783191] Call trace:
[   16.783238]  show_stack+0x20/0x38 (C)
[   16.783287]  dump_stack_lvl+0x8c/0xd0
[   16.783333]  print_report+0x118/0x608
[   16.783523]  kasan_report+0xdc/0x128
[   16.783756]  __asan_report_store1_noabort+0x20/0x30
[   16.783857]  krealloc_more_oob_helper+0x60c/0x678
[   16.784047]  krealloc_large_more_oob+0x20/0x38
[   16.784159]  kunit_try_run_case+0x170/0x3f0
[   16.784260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.784342]  kthread+0x328/0x630
[   16.784382]  ret_from_fork+0x10/0x20
[   16.784712] 
[   16.784744] The buggy address belongs to the physical page:
[   16.784775] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   16.785125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.785292] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.785387] page_type: f8(unknown)
[   16.785501] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.785563] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.785628] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.785705] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.785770] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   16.785837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.785894] page dumped because: kasan: bad access detected
[   16.785939] 
[   16.785966] Memory state around the buggy address:
[   16.786259]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.786308]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.786349] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.786385]                                                           ^
[   16.786577]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.787040]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.787129] ==================================================================
[   16.730892] ==================================================================
[   16.731057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.731175] Write of size 1 at addr fff00000c45a88f0 by task kunit_try_catch/157
[   16.731257] 
[   16.731294] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.731370] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.731395] Hardware name: linux,dummy-virt (DT)
[   16.731545] Call trace:
[   16.731610]  show_stack+0x20/0x38 (C)
[   16.731707]  dump_stack_lvl+0x8c/0xd0
[   16.731772]  print_report+0x118/0x608
[   16.731850]  kasan_report+0xdc/0x128
[   16.731933]  __asan_report_store1_noabort+0x20/0x30
[   16.732038]  krealloc_more_oob_helper+0x5c0/0x678
[   16.732141]  krealloc_more_oob+0x20/0x38
[   16.732238]  kunit_try_run_case+0x170/0x3f0
[   16.732332]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.732417]  kthread+0x328/0x630
[   16.732515]  ret_from_fork+0x10/0x20
[   16.732560] 
[   16.732577] Allocated by task 157:
[   16.732603]  kasan_save_stack+0x3c/0x68
[   16.732789]  kasan_save_track+0x20/0x40
[   16.732851]  kasan_save_alloc_info+0x40/0x58
[   16.732950]  __kasan_krealloc+0x118/0x178
[   16.733071]  krealloc_noprof+0x128/0x360
[   16.733147]  krealloc_more_oob_helper+0x168/0x678
[   16.733193]  krealloc_more_oob+0x20/0x38
[   16.733280]  kunit_try_run_case+0x170/0x3f0
[   16.733404]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.733489]  kthread+0x328/0x630
[   16.733595]  ret_from_fork+0x10/0x20
[   16.733639] 
[   16.733659] The buggy address belongs to the object at fff00000c45a8800
[   16.733659]  which belongs to the cache kmalloc-256 of size 256
[   16.734043] The buggy address is located 5 bytes to the right of
[   16.734043]  allocated 235-byte region [fff00000c45a8800, fff00000c45a88eb)
[   16.734167] 
[   16.734318] The buggy address belongs to the physical page:
[   16.734358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8
[   16.734534] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.734804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.734884] page_type: f5(slab)
[   16.734948] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.735009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.735068] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.735115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.735288] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff
[   16.735453] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.735550] page dumped because: kasan: bad access detected
[   16.735667] 
[   16.735743] Memory state around the buggy address:
[   16.735864]  fff00000c45a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.735927]  fff00000c45a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.736006] >fff00000c45a8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.736144]                                                              ^
[   16.736215]  fff00000c45a8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.736316]  fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.736381] ==================================================================
[   16.725782] ==================================================================
[   16.725854] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.725924] Write of size 1 at addr fff00000c45a88eb by task kunit_try_catch/157
[   16.725987] 
[   16.726018] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.726095] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.726119] Hardware name: linux,dummy-virt (DT)
[   16.726148] Call trace:
[   16.726315]  show_stack+0x20/0x38 (C)
[   16.726445]  dump_stack_lvl+0x8c/0xd0
[   16.726518]  print_report+0x118/0x608
[   16.726674]  kasan_report+0xdc/0x128
[   16.726730]  __asan_report_store1_noabort+0x20/0x30
[   16.726779]  krealloc_more_oob_helper+0x60c/0x678
[   16.726825]  krealloc_more_oob+0x20/0x38
[   16.726868]  kunit_try_run_case+0x170/0x3f0
[   16.726942]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.727092]  kthread+0x328/0x630
[   16.727313]  ret_from_fork+0x10/0x20
[   16.727443] 
[   16.727494] Allocated by task 157:
[   16.727566]  kasan_save_stack+0x3c/0x68
[   16.727622]  kasan_save_track+0x20/0x40
[   16.727659]  kasan_save_alloc_info+0x40/0x58
[   16.727697]  __kasan_krealloc+0x118/0x178
[   16.727753]  krealloc_noprof+0x128/0x360
[   16.727789]  krealloc_more_oob_helper+0x168/0x678
[   16.727826]  krealloc_more_oob+0x20/0x38
[   16.728088]  kunit_try_run_case+0x170/0x3f0
[   16.728231]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.728287]  kthread+0x328/0x630
[   16.728326]  ret_from_fork+0x10/0x20
[   16.728372] 
[   16.728392] The buggy address belongs to the object at fff00000c45a8800
[   16.728392]  which belongs to the cache kmalloc-256 of size 256
[   16.728458] The buggy address is located 0 bytes to the right of
[   16.728458]  allocated 235-byte region [fff00000c45a8800, fff00000c45a88eb)
[   16.728534] 
[   16.728561] The buggy address belongs to the physical page:
[   16.728592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8
[   16.728644] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.728690] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.728746] page_type: f5(slab)
[   16.728787] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.728846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.728900] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.728949] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.729017] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff
[   16.729063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.729101] page dumped because: kasan: bad access detected
[   16.729136] 
[   16.729158] Memory state around the buggy address:
[   16.729189]  fff00000c45a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.729244]  fff00000c45a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.729292] >fff00000c45a8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.729328]                                                           ^
[   16.729373]  fff00000c45a8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.729422]  fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.729472] ==================================================================
[   16.788247] ==================================================================
[   16.788317] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.788415] Write of size 1 at addr fff00000c78420f0 by task kunit_try_catch/161
[   16.788493] 
[   16.788540] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.788617] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.788670] Hardware name: linux,dummy-virt (DT)
[   16.788719] Call trace:
[   16.788757]  show_stack+0x20/0x38 (C)
[   16.788827]  dump_stack_lvl+0x8c/0xd0
[   16.788933]  print_report+0x118/0x608
[   16.788994]  kasan_report+0xdc/0x128
[   16.789056]  __asan_report_store1_noabort+0x20/0x30
[   16.789106]  krealloc_more_oob_helper+0x5c0/0x678
[   16.789424]  krealloc_large_more_oob+0x20/0x38
[   16.789524]  kunit_try_run_case+0x170/0x3f0
[   16.789570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.789839]  kthread+0x328/0x630
[   16.789933]  ret_from_fork+0x10/0x20
[   16.790025] 
[   16.790075] The buggy address belongs to the physical page:
[   16.790112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   16.790165] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.790217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.790307] page_type: f8(unknown)
[   16.790382] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.790441] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.790495] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.790542] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.790589] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   16.790642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.790680] page dumped because: kasan: bad access detected
[   16.790730] 
[   16.790749] Memory state around the buggy address:
[   16.790780]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.790821]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.791085] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.791162]                                                              ^
[   16.791212]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.791281]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.791330] ==================================================================

[   16.676493] ==================================================================
[   16.676548] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.676599] Write of size 1 at addr fff00000c172deeb by task kunit_try_catch/157
[   16.677016] 
[   16.677112] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.677199] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.677238] Hardware name: linux,dummy-virt (DT)
[   16.677268] Call trace:
[   16.677288]  show_stack+0x20/0x38 (C)
[   16.677356]  dump_stack_lvl+0x8c/0xd0
[   16.677625]  print_report+0x118/0x608
[   16.677678]  kasan_report+0xdc/0x128
[   16.677733]  __asan_report_store1_noabort+0x20/0x30
[   16.677851]  krealloc_more_oob_helper+0x60c/0x678
[   16.677904]  krealloc_more_oob+0x20/0x38
[   16.677958]  kunit_try_run_case+0x170/0x3f0
[   16.678293]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.678403]  kthread+0x328/0x630
[   16.678483]  ret_from_fork+0x10/0x20
[   16.678599] 
[   16.678629] Allocated by task 157:
[   16.678667]  kasan_save_stack+0x3c/0x68
[   16.678706]  kasan_save_track+0x20/0x40
[   16.678742]  kasan_save_alloc_info+0x40/0x58
[   16.678921]  __kasan_krealloc+0x118/0x178
[   16.678964]  krealloc_noprof+0x128/0x360
[   16.679032]  krealloc_more_oob_helper+0x168/0x678
[   16.679070]  krealloc_more_oob+0x20/0x38
[   16.679144]  kunit_try_run_case+0x170/0x3f0
[   16.679187]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.679310]  kthread+0x328/0x630
[   16.679343]  ret_from_fork+0x10/0x20
[   16.679377] 
[   16.679396] The buggy address belongs to the object at fff00000c172de00
[   16.679396]  which belongs to the cache kmalloc-256 of size 256
[   16.679540] The buggy address is located 0 bytes to the right of
[   16.679540]  allocated 235-byte region [fff00000c172de00, fff00000c172deeb)
[   16.679813] 
[   16.679836] The buggy address belongs to the physical page:
[   16.679868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172c
[   16.680055] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.680136] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.680188] page_type: f5(slab)
[   16.680225] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.680274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.680669] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.680721] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.680821] head: 0bfffe0000000001 ffffc1ffc305cb01 00000000ffffffff 00000000ffffffff
[   16.680920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.680960] page dumped because: kasan: bad access detected
[   16.680989] 
[   16.681156] Memory state around the buggy address:
[   16.681268]  fff00000c172dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.681310]  fff00000c172de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.681351] >fff00000c172de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.681397]                                                           ^
[   16.681540]  fff00000c172df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.681580]  fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.681615] ==================================================================
[   16.755448] ==================================================================
[   16.755575] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.755669] Write of size 1 at addr fff00000c770e0f0 by task kunit_try_catch/161
[   16.755717] 
[   16.755746] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.755822] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.755847] Hardware name: linux,dummy-virt (DT)
[   16.755886] Call trace:
[   16.755907]  show_stack+0x20/0x38 (C)
[   16.755966]  dump_stack_lvl+0x8c/0xd0
[   16.756351]  print_report+0x118/0x608
[   16.756584]  kasan_report+0xdc/0x128
[   16.756696]  __asan_report_store1_noabort+0x20/0x30
[   16.756746]  krealloc_more_oob_helper+0x5c0/0x678
[   16.756985]  krealloc_large_more_oob+0x20/0x38
[   16.757082]  kunit_try_run_case+0x170/0x3f0
[   16.757161]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.757213]  kthread+0x328/0x630
[   16.757253]  ret_from_fork+0x10/0x20
[   16.757299] 
[   16.757320] The buggy address belongs to the physical page:
[   16.757350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10770c
[   16.757401] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.757449] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.757499] page_type: f8(unknown)
[   16.757536] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.757595] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.757644] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.757842] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.758133] head: 0bfffe0000000002 ffffc1ffc31dc301 00000000ffffffff 00000000ffffffff
[   16.758433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.758542] page dumped because: kasan: bad access detected
[   16.758625] 
[   16.758761] Memory state around the buggy address:
[   16.758796]  fff00000c770df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.758838]  fff00000c770e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.758879] >fff00000c770e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.758948]                                                              ^
[   16.759028]  fff00000c770e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.759211]  fff00000c770e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.759368] ==================================================================
[   16.748976] ==================================================================
[   16.749033] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.749149] Write of size 1 at addr fff00000c770e0eb by task kunit_try_catch/161
[   16.749531] 
[   16.749568] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.749647] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.749887] Hardware name: linux,dummy-virt (DT)
[   16.749963] Call trace:
[   16.750080]  show_stack+0x20/0x38 (C)
[   16.750135]  dump_stack_lvl+0x8c/0xd0
[   16.750182]  print_report+0x118/0x608
[   16.750245]  kasan_report+0xdc/0x128
[   16.750289]  __asan_report_store1_noabort+0x20/0x30
[   16.750383]  krealloc_more_oob_helper+0x60c/0x678
[   16.750606]  krealloc_large_more_oob+0x20/0x38
[   16.750680]  kunit_try_run_case+0x170/0x3f0
[   16.750729]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.750785]  kthread+0x328/0x630
[   16.750832]  ret_from_fork+0x10/0x20
[   16.751050] 
[   16.751127] The buggy address belongs to the physical page:
[   16.751178] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10770c
[   16.751306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.751407] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.751458] page_type: f8(unknown)
[   16.751585] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.751706] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.751755] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.751814] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.751902] head: 0bfffe0000000002 ffffc1ffc31dc301 00000000ffffffff 00000000ffffffff
[   16.751964] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.752004] page dumped because: kasan: bad access detected
[   16.752033] 
[   16.752050] Memory state around the buggy address:
[   16.752080]  fff00000c770df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.752121]  fff00000c770e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.752161] >fff00000c770e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.752613]                                                           ^
[   16.752660]  fff00000c770e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.752701]  fff00000c770e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.752738] ==================================================================
[   16.685453] ==================================================================
[   16.685585] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.685660] Write of size 1 at addr fff00000c172def0 by task kunit_try_catch/157
[   16.686021] 
[   16.686171] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.686263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.686288] Hardware name: linux,dummy-virt (DT)
[   16.686363] Call trace:
[   16.686403]  show_stack+0x20/0x38 (C)
[   16.686454]  dump_stack_lvl+0x8c/0xd0
[   16.686633]  print_report+0x118/0x608
[   16.686803]  kasan_report+0xdc/0x128
[   16.686952]  __asan_report_store1_noabort+0x20/0x30
[   16.687073]  krealloc_more_oob_helper+0x5c0/0x678
[   16.687121]  krealloc_more_oob+0x20/0x38
[   16.687167]  kunit_try_run_case+0x170/0x3f0
[   16.687212]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.687263]  kthread+0x328/0x630
[   16.687313]  ret_from_fork+0x10/0x20
[   16.687359] 
[   16.687376] Allocated by task 157:
[   16.687530]  kasan_save_stack+0x3c/0x68
[   16.687676]  kasan_save_track+0x20/0x40
[   16.687797]  kasan_save_alloc_info+0x40/0x58
[   16.687875]  __kasan_krealloc+0x118/0x178
[   16.687945]  krealloc_noprof+0x128/0x360
[   16.688047]  krealloc_more_oob_helper+0x168/0x678
[   16.688098]  krealloc_more_oob+0x20/0x38
[   16.688132]  kunit_try_run_case+0x170/0x3f0
[   16.688168]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.688210]  kthread+0x328/0x630
[   16.688242]  ret_from_fork+0x10/0x20
[   16.688286] 
[   16.688306] The buggy address belongs to the object at fff00000c172de00
[   16.688306]  which belongs to the cache kmalloc-256 of size 256
[   16.688950] The buggy address is located 5 bytes to the right of
[   16.688950]  allocated 235-byte region [fff00000c172de00, fff00000c172deeb)
[   16.689029] 
[   16.689055] The buggy address belongs to the physical page:
[   16.689085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172c
[   16.689138] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.689184] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.689234] page_type: f5(slab)
[   16.689271] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.689321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.689369] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.689416] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.689464] head: 0bfffe0000000001 ffffc1ffc305cb01 00000000ffffffff 00000000ffffffff
[   16.689511] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.689549] page dumped because: kasan: bad access detected
[   16.689578] 
[   16.689596] Memory state around the buggy address:
[   16.689625]  fff00000c172dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.689666]  fff00000c172de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.689707] >fff00000c172de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.689743]                                                              ^
[   16.689780]  fff00000c172df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.689820]  fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.689856] ==================================================================

[   12.809959] ==================================================================
[   12.810419] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.811148] Write of size 1 at addr ffff88810034cceb by task kunit_try_catch/174
[   12.811579] 
[   12.811774] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.811860] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.811881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.811915] Call Trace:
[   12.811940]  <TASK>
[   12.811963]  dump_stack_lvl+0x73/0xb0
[   12.812015]  print_report+0xd1/0x650
[   12.812052]  ? __virt_addr_valid+0x1db/0x2d0
[   12.812090]  ? krealloc_more_oob_helper+0x821/0x930
[   12.812127]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.812167]  ? krealloc_more_oob_helper+0x821/0x930
[   12.812202]  kasan_report+0x141/0x180
[   12.812287]  ? krealloc_more_oob_helper+0x821/0x930
[   12.812342]  __asan_report_store1_noabort+0x1b/0x30
[   12.812384]  krealloc_more_oob_helper+0x821/0x930
[   12.812425]  ? __schedule+0x10cc/0x2b60
[   12.812461]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.812496]  ? finish_task_switch.isra.0+0x153/0x700
[   12.812528]  ? __switch_to+0x47/0xf50
[   12.812570]  ? __schedule+0x10cc/0x2b60
[   12.812606]  ? __pfx_read_tsc+0x10/0x10
[   12.812691]  krealloc_more_oob+0x1c/0x30
[   12.812731]  kunit_try_run_case+0x1a5/0x480
[   12.812782]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.812814]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.812851]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.812888]  ? __kthread_parkme+0x82/0x180
[   12.812923]  ? preempt_count_sub+0x50/0x80
[   12.812966]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.813007]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.813029]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.813050]  kthread+0x337/0x6f0
[   12.813068]  ? trace_preempt_on+0x20/0xc0
[   12.813089]  ? __pfx_kthread+0x10/0x10
[   12.813113]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.813138]  ? calculate_sigpending+0x7b/0xa0
[   12.813160]  ? __pfx_kthread+0x10/0x10
[   12.813179]  ret_from_fork+0x116/0x1d0
[   12.813196]  ? __pfx_kthread+0x10/0x10
[   12.813214]  ret_from_fork_asm+0x1a/0x30
[   12.813243]  </TASK>
[   12.813254] 
[   12.825088] Allocated by task 174:
[   12.825546]  kasan_save_stack+0x45/0x70
[   12.825758]  kasan_save_track+0x18/0x40
[   12.825947]  kasan_save_alloc_info+0x3b/0x50
[   12.826505]  __kasan_krealloc+0x190/0x1f0
[   12.826878]  krealloc_noprof+0xf3/0x340
[   12.827145]  krealloc_more_oob_helper+0x1a9/0x930
[   12.827400]  krealloc_more_oob+0x1c/0x30
[   12.827672]  kunit_try_run_case+0x1a5/0x480
[   12.827896]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.828199]  kthread+0x337/0x6f0
[   12.828475]  ret_from_fork+0x116/0x1d0
[   12.829022]  ret_from_fork_asm+0x1a/0x30
[   12.829416] 
[   12.829675] The buggy address belongs to the object at ffff88810034cc00
[   12.829675]  which belongs to the cache kmalloc-256 of size 256
[   12.830393] The buggy address is located 0 bytes to the right of
[   12.830393]  allocated 235-byte region [ffff88810034cc00, ffff88810034cceb)
[   12.830959] 
[   12.831142] The buggy address belongs to the physical page:
[   12.831531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c
[   12.831926] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.832257] flags: 0x200000000000040(head|node=0|zone=2)
[   12.832640] page_type: f5(slab)
[   12.832899] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.833288] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.833538] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.833904] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.834423] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff
[   12.834824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.835190] page dumped because: kasan: bad access detected
[   12.835430] 
[   12.835571] Memory state around the buggy address:
[   12.835822]  ffff88810034cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.836167]  ffff88810034cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.836549] >ffff88810034cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.836991]                                                           ^
[   12.837311]  ffff88810034cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.837770]  ffff88810034cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.838042] ==================================================================
[   13.037058] ==================================================================
[   13.037510] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.038032] Write of size 1 at addr ffff88810263e0eb by task kunit_try_catch/178
[   13.038231] 
[   13.038423] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.038501] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.038522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.038561] Call Trace:
[   13.038587]  <TASK>
[   13.038634]  dump_stack_lvl+0x73/0xb0
[   13.038697]  print_report+0xd1/0x650
[   13.038739]  ? __virt_addr_valid+0x1db/0x2d0
[   13.039388]  ? krealloc_more_oob_helper+0x821/0x930
[   13.039470]  ? kasan_addr_to_slab+0x11/0xa0
[   13.039503]  ? krealloc_more_oob_helper+0x821/0x930
[   13.039536]  kasan_report+0x141/0x180
[   13.039569]  ? krealloc_more_oob_helper+0x821/0x930
[   13.039636]  __asan_report_store1_noabort+0x1b/0x30
[   13.039679]  krealloc_more_oob_helper+0x821/0x930
[   13.039845]  ? __schedule+0x10cc/0x2b60
[   13.039873]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.039896]  ? finish_task_switch.isra.0+0x153/0x700
[   13.039918]  ? __switch_to+0x47/0xf50
[   13.039944]  ? __schedule+0x10cc/0x2b60
[   13.039962]  ? __pfx_read_tsc+0x10/0x10
[   13.039985]  krealloc_large_more_oob+0x1c/0x30
[   13.040006]  kunit_try_run_case+0x1a5/0x480
[   13.040029]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.040049]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.040071]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.040090]  ? __kthread_parkme+0x82/0x180
[   13.040113]  ? preempt_count_sub+0x50/0x80
[   13.040154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.040187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.040217]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.040246]  kthread+0x337/0x6f0
[   13.040273]  ? trace_preempt_on+0x20/0xc0
[   13.040306]  ? __pfx_kthread+0x10/0x10
[   13.040334]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.040362]  ? calculate_sigpending+0x7b/0xa0
[   13.040396]  ? __pfx_kthread+0x10/0x10
[   13.040428]  ret_from_fork+0x116/0x1d0
[   13.040454]  ? __pfx_kthread+0x10/0x10
[   13.040484]  ret_from_fork_asm+0x1a/0x30
[   13.040531]  </TASK>
[   13.040551] 
[   13.054281] The buggy address belongs to the physical page:
[   13.054689] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10263c
[   13.055507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.056113] flags: 0x200000000000040(head|node=0|zone=2)
[   13.056309] page_type: f8(unknown)
[   13.056636] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.057258] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.057563] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.057787] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.059946] head: 0200000000000002 ffffea0004098f01 00000000ffffffff 00000000ffffffff
[   13.060480] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.060992] page dumped because: kasan: bad access detected
[   13.061498] 
[   13.061676] Memory state around the buggy address:
[   13.062839]  ffff88810263df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.064917]  ffff88810263e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.065363] >ffff88810263e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.065593]                                                           ^
[   13.066029]  ffff88810263e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.066584]  ffff88810263e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.066870] ==================================================================
[   12.841012] ==================================================================
[   12.841407] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.841755] Write of size 1 at addr ffff88810034ccf0 by task kunit_try_catch/174
[   12.842212] 
[   12.842337] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.842407] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.842426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.842456] Call Trace:
[   12.842478]  <TASK>
[   12.842503]  dump_stack_lvl+0x73/0xb0
[   12.842557]  print_report+0xd1/0x650
[   12.842594]  ? __virt_addr_valid+0x1db/0x2d0
[   12.842644]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.842686]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.842730]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.842772]  kasan_report+0x141/0x180
[   12.842806]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.842847]  __asan_report_store1_noabort+0x1b/0x30
[   12.842884]  krealloc_more_oob_helper+0x7eb/0x930
[   12.842918]  ? __schedule+0x10cc/0x2b60
[   12.842958]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.842999]  ? finish_task_switch.isra.0+0x153/0x700
[   12.843037]  ? __switch_to+0x47/0xf50
[   12.843079]  ? __schedule+0x10cc/0x2b60
[   12.843148]  ? __pfx_read_tsc+0x10/0x10
[   12.843190]  krealloc_more_oob+0x1c/0x30
[   12.843229]  kunit_try_run_case+0x1a5/0x480
[   12.843268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.843302]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.843337]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.843375]  ? __kthread_parkme+0x82/0x180
[   12.843408]  ? preempt_count_sub+0x50/0x80
[   12.843449]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.843484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.843505]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.843526]  kthread+0x337/0x6f0
[   12.843544]  ? trace_preempt_on+0x20/0xc0
[   12.843565]  ? __pfx_kthread+0x10/0x10
[   12.843584]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.843602]  ? calculate_sigpending+0x7b/0xa0
[   12.843641]  ? __pfx_kthread+0x10/0x10
[   12.843662]  ret_from_fork+0x116/0x1d0
[   12.843680]  ? __pfx_kthread+0x10/0x10
[   12.843698]  ret_from_fork_asm+0x1a/0x30
[   12.843726]  </TASK>
[   12.843738] 
[   12.851837] Allocated by task 174:
[   12.852005]  kasan_save_stack+0x45/0x70
[   12.852297]  kasan_save_track+0x18/0x40
[   12.852556]  kasan_save_alloc_info+0x3b/0x50
[   12.852862]  __kasan_krealloc+0x190/0x1f0
[   12.853147]  krealloc_noprof+0xf3/0x340
[   12.853373]  krealloc_more_oob_helper+0x1a9/0x930
[   12.853562]  krealloc_more_oob+0x1c/0x30
[   12.853751]  kunit_try_run_case+0x1a5/0x480
[   12.854046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.854418]  kthread+0x337/0x6f0
[   12.854667]  ret_from_fork+0x116/0x1d0
[   12.854949]  ret_from_fork_asm+0x1a/0x30
[   12.855266] 
[   12.855424] The buggy address belongs to the object at ffff88810034cc00
[   12.855424]  which belongs to the cache kmalloc-256 of size 256
[   12.855943] The buggy address is located 5 bytes to the right of
[   12.855943]  allocated 235-byte region [ffff88810034cc00, ffff88810034cceb)
[   12.856658] 
[   12.856788] The buggy address belongs to the physical page:
[   12.857007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c
[   12.857298] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.857540] flags: 0x200000000000040(head|node=0|zone=2)
[   12.857919] page_type: f5(slab)
[   12.858232] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.858720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.860279] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.860774] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.861076] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff
[   12.862507] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.862800] page dumped because: kasan: bad access detected
[   12.862995] 
[   12.863092] Memory state around the buggy address:
[   12.863585]  ffff88810034cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.864441]  ffff88810034cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.864907] >ffff88810034cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.865178]                                                              ^
[   12.865609]  ffff88810034cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.865968]  ffff88810034cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.866218] ==================================================================
[   13.067557] ==================================================================
[   13.068499] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.068940] Write of size 1 at addr ffff88810263e0f0 by task kunit_try_catch/178
[   13.069279] 
[   13.069403] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.069473] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.069489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.069521] Call Trace:
[   13.069545]  <TASK>
[   13.069572]  dump_stack_lvl+0x73/0xb0
[   13.069613]  print_report+0xd1/0x650
[   13.071552]  ? __virt_addr_valid+0x1db/0x2d0
[   13.071665]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.071706]  ? kasan_addr_to_slab+0x11/0xa0
[   13.071739]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.071774]  kasan_report+0x141/0x180
[   13.071811]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.071856]  __asan_report_store1_noabort+0x1b/0x30
[   13.071896]  krealloc_more_oob_helper+0x7eb/0x930
[   13.071932]  ? __schedule+0x10cc/0x2b60
[   13.071969]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.072005]  ? finish_task_switch.isra.0+0x153/0x700
[   13.072041]  ? __switch_to+0x47/0xf50
[   13.072082]  ? __schedule+0x10cc/0x2b60
[   13.072400]  ? __pfx_read_tsc+0x10/0x10
[   13.072458]  krealloc_large_more_oob+0x1c/0x30
[   13.072530]  kunit_try_run_case+0x1a5/0x480
[   13.072568]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.072598]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.072662]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.072690]  ? __kthread_parkme+0x82/0x180
[   13.072721]  ? preempt_count_sub+0x50/0x80
[   13.072758]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.072790]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.072828]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.072862]  kthread+0x337/0x6f0
[   13.072892]  ? trace_preempt_on+0x20/0xc0
[   13.072928]  ? __pfx_kthread+0x10/0x10
[   13.072950]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.072968]  ? calculate_sigpending+0x7b/0xa0
[   13.072990]  ? __pfx_kthread+0x10/0x10
[   13.073009]  ret_from_fork+0x116/0x1d0
[   13.073026]  ? __pfx_kthread+0x10/0x10
[   13.073061]  ret_from_fork_asm+0x1a/0x30
[   13.073139]  </TASK>
[   13.073161] 
[   13.084458] The buggy address belongs to the physical page:
[   13.085301] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10263c
[   13.085987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.086410] flags: 0x200000000000040(head|node=0|zone=2)
[   13.086879] page_type: f8(unknown)
[   13.087172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.087436] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.088131] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.088952] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.089350] head: 0200000000000002 ffffea0004098f01 00000000ffffffff 00000000ffffffff
[   13.089945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.090351] page dumped because: kasan: bad access detected
[   13.090836] 
[   13.091004] Memory state around the buggy address:
[   13.091246]  ffff88810263df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.091847]  ffff88810263e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.092408] >ffff88810263e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.093219]                                                              ^
[   13.093425]  ffff88810263e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.093942]  ffff88810263e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.094495] ==================================================================

[   13.288793] ==================================================================
[   13.289096] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.289357] Write of size 1 at addr ffff8881029f20f0 by task kunit_try_catch/177
[   13.289665] 
[   13.289833] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.289877] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.289889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.289909] Call Trace:
[   13.289920]  <TASK>
[   13.289935]  dump_stack_lvl+0x73/0xb0
[   13.289964]  print_report+0xd1/0x650
[   13.289986]  ? __virt_addr_valid+0x1db/0x2d0
[   13.290008]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.290032]  ? kasan_addr_to_slab+0x11/0xa0
[   13.290066]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.290091]  kasan_report+0x141/0x180
[   13.290113]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.290143]  __asan_report_store1_noabort+0x1b/0x30
[   13.290168]  krealloc_more_oob_helper+0x7eb/0x930
[   13.290191]  ? __schedule+0x10cc/0x2b60
[   13.290213]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.290240]  ? __kasan_check_write+0x18/0x20
[   13.290259]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.290285]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   13.290309]  ? __pfx_read_tsc+0x10/0x10
[   13.290334]  krealloc_large_more_oob+0x1c/0x30
[   13.290356]  kunit_try_run_case+0x1a5/0x480
[   13.290381]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.290403]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   13.290425]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.290448]  ? __kthread_parkme+0x82/0x180
[   13.290469]  ? preempt_count_sub+0x50/0x80
[   13.290494]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.290517]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.290540]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.290563]  kthread+0x337/0x6f0
[   13.290582]  ? trace_preempt_on+0x20/0xc0
[   13.290606]  ? __pfx_kthread+0x10/0x10
[   13.290628]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.290649]  ? calculate_sigpending+0x7b/0xa0
[   13.290672]  ? __pfx_kthread+0x10/0x10
[   13.290723]  ret_from_fork+0x116/0x1d0
[   13.290743]  ? __pfx_kthread+0x10/0x10
[   13.290777]  ret_from_fork_asm+0x1a/0x30
[   13.290810]  </TASK>
[   13.290820] 
[   13.299285] The buggy address belongs to the physical page:
[   13.299523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f0
[   13.299939] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.300226] flags: 0x200000000000040(head|node=0|zone=2)
[   13.300545] page_type: f8(unknown)
[   13.300804] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.301092] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.301407] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.301742] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.302112] head: 0200000000000002 ffffea00040a7c01 00000000ffffffff 00000000ffffffff
[   13.302463] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.302794] page dumped because: kasan: bad access detected
[   13.303008] 
[   13.303118] Memory state around the buggy address:
[   13.303288]  ffff8881029f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.303510]  ffff8881029f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.303732] >ffff8881029f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.303950]                                                              ^
[   13.304299]  ffff8881029f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.304625]  ffff8881029f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.304964] ==================================================================
[   13.100933] ==================================================================
[   13.101320] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.101735] Write of size 1 at addr ffff888100a300f0 by task kunit_try_catch/173
[   13.102205] 
[   13.102300] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.102341] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.102353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.102372] Call Trace:
[   13.102385]  <TASK>
[   13.102399]  dump_stack_lvl+0x73/0xb0
[   13.102425]  print_report+0xd1/0x650
[   13.102491]  ? __virt_addr_valid+0x1db/0x2d0
[   13.102512]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.102536]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.102561]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.102584]  kasan_report+0x141/0x180
[   13.102639]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.102670]  __asan_report_store1_noabort+0x1b/0x30
[   13.102701]  krealloc_more_oob_helper+0x7eb/0x930
[   13.102723]  ? __schedule+0x10cc/0x2b60
[   13.102744]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.102816]  ? finish_task_switch.isra.0+0x153/0x700
[   13.102838]  ? __switch_to+0x47/0xf50
[   13.102864]  ? __schedule+0x10cc/0x2b60
[   13.102884]  ? __pfx_read_tsc+0x10/0x10
[   13.102937]  krealloc_more_oob+0x1c/0x30
[   13.102958]  kunit_try_run_case+0x1a5/0x480
[   13.102981]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.103002]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.103024]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.103046]  ? __kthread_parkme+0x82/0x180
[   13.103077]  ? preempt_count_sub+0x50/0x80
[   13.103099]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.103122]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.103143]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.103166]  kthread+0x337/0x6f0
[   13.103185]  ? trace_preempt_on+0x20/0xc0
[   13.103208]  ? __pfx_kthread+0x10/0x10
[   13.103228]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.103250]  ? calculate_sigpending+0x7b/0xa0
[   13.103273]  ? __pfx_kthread+0x10/0x10
[   13.103293]  ret_from_fork+0x116/0x1d0
[   13.103311]  ? __pfx_kthread+0x10/0x10
[   13.103331]  ret_from_fork_asm+0x1a/0x30
[   13.103362]  </TASK>
[   13.103372] 
[   13.112702] Allocated by task 173:
[   13.112910]  kasan_save_stack+0x45/0x70
[   13.113204]  kasan_save_track+0x18/0x40
[   13.113364]  kasan_save_alloc_info+0x3b/0x50
[   13.113583]  __kasan_krealloc+0x190/0x1f0
[   13.113821]  krealloc_noprof+0xf3/0x340
[   13.114068]  krealloc_more_oob_helper+0x1a9/0x930
[   13.114300]  krealloc_more_oob+0x1c/0x30
[   13.114520]  kunit_try_run_case+0x1a5/0x480
[   13.114759]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.114957]  kthread+0x337/0x6f0
[   13.115092]  ret_from_fork+0x116/0x1d0
[   13.115232]  ret_from_fork_asm+0x1a/0x30
[   13.115429] 
[   13.115530] The buggy address belongs to the object at ffff888100a30000
[   13.115530]  which belongs to the cache kmalloc-256 of size 256
[   13.116148] The buggy address is located 5 bytes to the right of
[   13.116148]  allocated 235-byte region [ffff888100a30000, ffff888100a300eb)
[   13.116866] 
[   13.116960] The buggy address belongs to the physical page:
[   13.117278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30
[   13.117623] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.117880] flags: 0x200000000000040(head|node=0|zone=2)
[   13.118368] page_type: f5(slab)
[   13.118602] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.119234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.119968] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.120388] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.120749] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff
[   13.120990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.121369] page dumped because: kasan: bad access detected
[   13.121786] 
[   13.121906] Memory state around the buggy address:
[   13.122134]  ffff888100a2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.122521]  ffff888100a30000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.123026] >ffff888100a30080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.123277]                                                              ^
[   13.123492]  ffff888100a30100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.123722]  ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.124026] ==================================================================
[   13.271267] ==================================================================
[   13.271775] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.272122] Write of size 1 at addr ffff8881029f20eb by task kunit_try_catch/177
[   13.272459] 
[   13.272584] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.272629] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.272640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.272661] Call Trace:
[   13.272674]  <TASK>
[   13.272690]  dump_stack_lvl+0x73/0xb0
[   13.272749]  print_report+0xd1/0x650
[   13.272771]  ? __virt_addr_valid+0x1db/0x2d0
[   13.272795]  ? krealloc_more_oob_helper+0x821/0x930
[   13.272818]  ? kasan_addr_to_slab+0x11/0xa0
[   13.272837]  ? krealloc_more_oob_helper+0x821/0x930
[   13.272860]  kasan_report+0x141/0x180
[   13.272882]  ? krealloc_more_oob_helper+0x821/0x930
[   13.272911]  __asan_report_store1_noabort+0x1b/0x30
[   13.272936]  krealloc_more_oob_helper+0x821/0x930
[   13.272958]  ? __schedule+0x10cc/0x2b60
[   13.272993]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.273019]  ? __kasan_check_write+0x18/0x20
[   13.273037]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.273072]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   13.273096]  ? __pfx_read_tsc+0x10/0x10
[   13.273121]  krealloc_large_more_oob+0x1c/0x30
[   13.273143]  kunit_try_run_case+0x1a5/0x480
[   13.273169]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.273190]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   13.273212]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.273235]  ? __kthread_parkme+0x82/0x180
[   13.273256]  ? preempt_count_sub+0x50/0x80
[   13.273281]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.273304]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.273327]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.273349]  kthread+0x337/0x6f0
[   13.273369]  ? trace_preempt_on+0x20/0xc0
[   13.273392]  ? __pfx_kthread+0x10/0x10
[   13.273413]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.273434]  ? calculate_sigpending+0x7b/0xa0
[   13.273458]  ? __pfx_kthread+0x10/0x10
[   13.273479]  ret_from_fork+0x116/0x1d0
[   13.273497]  ? __pfx_kthread+0x10/0x10
[   13.273517]  ret_from_fork_asm+0x1a/0x30
[   13.273553]  </TASK>
[   13.273564] 
[   13.281773] The buggy address belongs to the physical page:
[   13.282097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f0
[   13.282443] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.282892] flags: 0x200000000000040(head|node=0|zone=2)
[   13.283140] page_type: f8(unknown)
[   13.283401] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.283842] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.284224] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.284490] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.284858] head: 0200000000000002 ffffea00040a7c01 00000000ffffffff 00000000ffffffff
[   13.285237] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.285824] page dumped because: kasan: bad access detected
[   13.286070] 
[   13.286177] Memory state around the buggy address:
[   13.286362]  ffff8881029f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.286666]  ffff8881029f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.287091] >ffff8881029f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.287407]                                                           ^
[   13.287639]  ffff8881029f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.287993]  ffff8881029f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.288259] ==================================================================
[   13.076586] ==================================================================
[   13.077377] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.077795] Write of size 1 at addr ffff888100a300eb by task kunit_try_catch/173
[   13.078215] 
[   13.078376] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.078450] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.078463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.078485] Call Trace:
[   13.078498]  <TASK>
[   13.078514]  dump_stack_lvl+0x73/0xb0
[   13.078547]  print_report+0xd1/0x650
[   13.078570]  ? __virt_addr_valid+0x1db/0x2d0
[   13.078595]  ? krealloc_more_oob_helper+0x821/0x930
[   13.078618]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.078684]  ? krealloc_more_oob_helper+0x821/0x930
[   13.078759]  kasan_report+0x141/0x180
[   13.078795]  ? krealloc_more_oob_helper+0x821/0x930
[   13.078824]  __asan_report_store1_noabort+0x1b/0x30
[   13.078849]  krealloc_more_oob_helper+0x821/0x930
[   13.078871]  ? __schedule+0x10cc/0x2b60
[   13.078894]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.078917]  ? finish_task_switch.isra.0+0x153/0x700
[   13.078941]  ? __switch_to+0x47/0xf50
[   13.078968]  ? __schedule+0x10cc/0x2b60
[   13.078989]  ? __pfx_read_tsc+0x10/0x10
[   13.079015]  krealloc_more_oob+0x1c/0x30
[   13.079036]  kunit_try_run_case+0x1a5/0x480
[   13.079072]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.079094]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.079119]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.079141]  ? __kthread_parkme+0x82/0x180
[   13.079162]  ? preempt_count_sub+0x50/0x80
[   13.079185]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.079208]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.079230]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.079253]  kthread+0x337/0x6f0
[   13.079272]  ? trace_preempt_on+0x20/0xc0
[   13.079296]  ? __pfx_kthread+0x10/0x10
[   13.079316]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.079337]  ? calculate_sigpending+0x7b/0xa0
[   13.079361]  ? __pfx_kthread+0x10/0x10
[   13.079383]  ret_from_fork+0x116/0x1d0
[   13.079401]  ? __pfx_kthread+0x10/0x10
[   13.079421]  ret_from_fork_asm+0x1a/0x30
[   13.079454]  </TASK>
[   13.079466] 
[   13.088549] Allocated by task 173:
[   13.088814]  kasan_save_stack+0x45/0x70
[   13.088997]  kasan_save_track+0x18/0x40
[   13.089211]  kasan_save_alloc_info+0x3b/0x50
[   13.089420]  __kasan_krealloc+0x190/0x1f0
[   13.089574]  krealloc_noprof+0xf3/0x340
[   13.089800]  krealloc_more_oob_helper+0x1a9/0x930
[   13.090047]  krealloc_more_oob+0x1c/0x30
[   13.090282]  kunit_try_run_case+0x1a5/0x480
[   13.090576]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.090792]  kthread+0x337/0x6f0
[   13.090923]  ret_from_fork+0x116/0x1d0
[   13.091097]  ret_from_fork_asm+0x1a/0x30
[   13.091353] 
[   13.091492] The buggy address belongs to the object at ffff888100a30000
[   13.091492]  which belongs to the cache kmalloc-256 of size 256
[   13.092544] The buggy address is located 0 bytes to the right of
[   13.092544]  allocated 235-byte region [ffff888100a30000, ffff888100a300eb)
[   13.093167] 
[   13.093252] The buggy address belongs to the physical page:
[   13.093506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30
[   13.094039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.094347] flags: 0x200000000000040(head|node=0|zone=2)
[   13.094620] page_type: f5(slab)
[   13.094772] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.095083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.095526] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.095905] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.096353] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff
[   13.096696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.097126] page dumped because: kasan: bad access detected
[   13.097454] 
[   13.097551] Memory state around the buggy address:
[   13.097806]  ffff888100a2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.098290]  ffff888100a30000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.098657] >ffff888100a30080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.099192]                                                           ^
[   13.099532]  ffff888100a30100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.099949]  ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.100308] ==================================================================

[   20.939434] ==================================================================
[   20.946661] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   20.954235] Write of size 1 at addr ffff888104ffa0f0 by task kunit_try_catch/201
[   20.961628] 
[   20.963127] CPU: 3 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   20.963135] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   20.963138] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   20.963141] Call Trace:
[   20.963143]  <TASK>
[   20.963144]  dump_stack_lvl+0x73/0xb0
[   20.963149]  print_report+0xd1/0x650
[   20.963152]  ? __virt_addr_valid+0x1db/0x2d0
[   20.963156]  ? krealloc_more_oob_helper+0x7eb/0x930
[   20.963161]  ? kasan_addr_to_slab+0x11/0xa0
[   20.963164]  ? krealloc_more_oob_helper+0x7eb/0x930
[   20.963168]  kasan_report+0x141/0x180
[   20.963172]  ? krealloc_more_oob_helper+0x7eb/0x930
[   20.963178]  __asan_report_store1_noabort+0x1b/0x30
[   20.963182]  krealloc_more_oob_helper+0x7eb/0x930
[   20.963186]  ? __schedule+0x10cc/0x2b60
[   20.963190]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.963195]  ? finish_task_switch.isra.0+0x153/0x700
[   20.963199]  ? __switch_to+0x544/0xf50
[   20.963203]  ? __schedule+0x10cc/0x2b60
[   20.963208]  krealloc_large_more_oob+0x1c/0x30
[   20.963212]  kunit_try_run_case+0x1a2/0x480
[   20.963216]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.963220]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   20.963224]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.963229]  ? __kthread_parkme+0x82/0x180
[   20.963232]  ? preempt_count_sub+0x50/0x80
[   20.963236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.963240]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   20.963244]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.963249]  kthread+0x334/0x6f0
[   20.963252]  ? trace_preempt_on+0x20/0xc0
[   20.963256]  ? __pfx_kthread+0x10/0x10
[   20.963260]  ? _raw_spin_unlock_irq+0x47/0x80
[   20.963263]  ? calculate_sigpending+0x7b/0xa0
[   20.963268]  ? __pfx_kthread+0x10/0x10
[   20.963272]  ret_from_fork+0x113/0x1d0
[   20.963275]  ? __pfx_kthread+0x10/0x10
[   20.963278]  ret_from_fork_asm+0x1a/0x30
[   20.963284]  </TASK>
[   20.963286] 
[   21.143063] The buggy address belongs to the physical page:
[   21.148636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ff8
[   21.156644] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.164298] flags: 0x200000000000040(head|node=0|zone=2)
[   21.169617] page_type: f8(unknown)
[   21.173025] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.180765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.188513] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.196365] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.204215] head: 0200000000000002 ffffea000413fe01 00000000ffffffff 00000000ffffffff
[   21.212041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.219867] page dumped because: kasan: bad access detected
[   21.225440] 
[   21.226939] Memory state around the buggy address:
[   21.231733]  ffff888104ff9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.238959]  ffff888104ffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.246181] >ffff888104ffa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.253407]                                                              ^
[   21.260279]  ffff888104ffa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.267498]  ffff888104ffa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.274717] ==================================================================
[   18.058241] ==================================================================
[   18.065465] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   18.073032] Write of size 1 at addr ffff88810561ccf0 by task kunit_try_catch/197
[   18.080425] 
[   18.081926] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.081934] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   18.081937] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   18.081940] Call Trace:
[   18.081941]  <TASK>
[   18.081943]  dump_stack_lvl+0x73/0xb0
[   18.081948]  print_report+0xd1/0x650
[   18.081952]  ? __virt_addr_valid+0x1db/0x2d0
[   18.081955]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.081960]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.081965]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.081969]  kasan_report+0x141/0x180
[   18.081973]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.081978]  __asan_report_store1_noabort+0x1b/0x30
[   18.081983]  krealloc_more_oob_helper+0x7eb/0x930
[   18.081987]  ? __schedule+0x10cc/0x2b60
[   18.081991]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   18.081996]  ? finish_task_switch.isra.0+0x153/0x700
[   18.082000]  ? __switch_to+0x544/0xf50
[   18.082004]  ? __schedule+0x10cc/0x2b60
[   18.082009]  krealloc_more_oob+0x1c/0x30
[   18.082013]  kunit_try_run_case+0x1a2/0x480
[   18.082017]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.082021]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.082025]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.082029]  ? __kthread_parkme+0x82/0x180
[   18.082033]  ? preempt_count_sub+0x50/0x80
[   18.082037]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.082041]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   18.082045]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.082050]  kthread+0x334/0x6f0
[   18.082053]  ? trace_preempt_on+0x20/0xc0
[   18.082057]  ? __pfx_kthread+0x10/0x10
[   18.082061]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.082064]  ? calculate_sigpending+0x7b/0xa0
[   18.082069]  ? __pfx_kthread+0x10/0x10
[   18.082073]  ret_from_fork+0x113/0x1d0
[   18.082076]  ? __pfx_kthread+0x10/0x10
[   18.082080]  ret_from_fork_asm+0x1a/0x30
[   18.082085]  </TASK>
[   18.082087] 
[   18.262509] Allocated by task 197:
[   18.265917]  kasan_save_stack+0x45/0x70
[   18.269756]  kasan_save_track+0x18/0x40
[   18.273595]  kasan_save_alloc_info+0x3b/0x50
[   18.277866]  __kasan_krealloc+0x190/0x1f0
[   18.281880]  krealloc_noprof+0xf3/0x340
[   18.285719]  krealloc_more_oob_helper+0x1a9/0x930
[   18.290425]  krealloc_more_oob+0x1c/0x30
[   18.294363]  kunit_try_run_case+0x1a2/0x480
[   18.298572]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   18.303971]  kthread+0x334/0x6f0
[   18.307205]  ret_from_fork+0x113/0x1d0
[   18.310956]  ret_from_fork_asm+0x1a/0x30
[   18.314882] 
[   18.316394] The buggy address belongs to the object at ffff88810561cc00
[   18.316394]  which belongs to the cache kmalloc-256 of size 256
[   18.328914] The buggy address is located 5 bytes to the right of
[   18.328914]  allocated 235-byte region [ffff88810561cc00, ffff88810561cceb)
[   18.341861] 
[   18.343364] The buggy address belongs to the physical page:
[   18.348942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c
[   18.356941] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.364593] flags: 0x200000000000040(head|node=0|zone=2)
[   18.369908] page_type: f5(slab)
[   18.373054] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000
[   18.380792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.388534] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000
[   18.396367] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.404220] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff
[   18.412055] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.419888] page dumped because: kasan: bad access detected
[   18.425461] 
[   18.426960] Memory state around the buggy address:
[   18.431753]  ffff88810561cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.438972]  ffff88810561cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.446193] >ffff88810561cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.453417]                                                              ^
[   18.460291]  ffff88810561cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.467512]  ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.474729] ==================================================================
[   17.630962] ==================================================================
[   17.641773] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   17.649363] Write of size 1 at addr ffff88810561cceb by task kunit_try_catch/197
[   17.656782] 
[   17.658282] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   17.658291] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   17.658294] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   17.658297] Call Trace:
[   17.658299]  <TASK>
[   17.658301]  dump_stack_lvl+0x73/0xb0
[   17.658306]  print_report+0xd1/0x650
[   17.658310]  ? __virt_addr_valid+0x1db/0x2d0
[   17.658314]  ? krealloc_more_oob_helper+0x821/0x930
[   17.658318]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.658323]  ? krealloc_more_oob_helper+0x821/0x930
[   17.658327]  kasan_report+0x141/0x180
[   17.658348]  ? krealloc_more_oob_helper+0x821/0x930
[   17.658354]  __asan_report_store1_noabort+0x1b/0x30
[   17.658359]  krealloc_more_oob_helper+0x821/0x930
[   17.658363]  ? __schedule+0x10cc/0x2b60
[   17.658367]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.658384]  ? finish_task_switch.isra.0+0x153/0x700
[   17.658388]  ? __switch_to+0x544/0xf50
[   17.658393]  ? __schedule+0x10cc/0x2b60
[   17.658397]  krealloc_more_oob+0x1c/0x30
[   17.658401]  kunit_try_run_case+0x1a2/0x480
[   17.658406]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.658410]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.658414]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.658418]  ? __kthread_parkme+0x82/0x180
[   17.658422]  ? preempt_count_sub+0x50/0x80
[   17.658426]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.658430]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   17.658434]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.658439]  kthread+0x334/0x6f0
[   17.658442]  ? trace_preempt_on+0x20/0xc0
[   17.658446]  ? __pfx_kthread+0x10/0x10
[   17.658450]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.658454]  ? calculate_sigpending+0x7b/0xa0
[   17.658458]  ? __pfx_kthread+0x10/0x10
[   17.658462]  ret_from_fork+0x113/0x1d0
[   17.658465]  ? __pfx_kthread+0x10/0x10
[   17.658469]  ret_from_fork_asm+0x1a/0x30
[   17.658474]  </TASK>
[   17.658476] 
[   17.838902] Allocated by task 197:
[   17.842309]  kasan_save_stack+0x45/0x70
[   17.846147]  kasan_save_track+0x18/0x40
[   17.849986]  kasan_save_alloc_info+0x3b/0x50
[   17.854259]  __kasan_krealloc+0x190/0x1f0
[   17.858272]  krealloc_noprof+0xf3/0x340
[   17.862113]  krealloc_more_oob_helper+0x1a9/0x930
[   17.866827]  krealloc_more_oob+0x1c/0x30
[   17.870754]  kunit_try_run_case+0x1a2/0x480
[   17.874947]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   17.880363]  kthread+0x334/0x6f0
[   17.883612]  ret_from_fork+0x113/0x1d0
[   17.887367]  ret_from_fork_asm+0x1a/0x30
[   17.891317] 
[   17.892817] The buggy address belongs to the object at ffff88810561cc00
[   17.892817]  which belongs to the cache kmalloc-256 of size 256
[   17.905323] The buggy address is located 0 bytes to the right of
[   17.905323]  allocated 235-byte region [ffff88810561cc00, ffff88810561cceb)
[   17.918288] 
[   17.919789] The buggy address belongs to the physical page:
[   17.925364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c
[   17.933403] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.941057] flags: 0x200000000000040(head|node=0|zone=2)
[   17.946370] page_type: f5(slab)
[   17.949534] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000
[   17.957282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.965031] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000
[   17.972864] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.980697] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff
[   17.988525] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.996365] page dumped because: kasan: bad access detected
[   18.001964] 
[   18.003466] Memory state around the buggy address:
[   18.008256]  ffff88810561cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.015478]  ffff88810561cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.022698] >ffff88810561cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.029922]                                                           ^
[   18.036536]  ffff88810561cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.043755]  ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.050976] ==================================================================
[   20.593258] ==================================================================
[   20.604329] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   20.611947] Write of size 1 at addr ffff888104ffa0eb by task kunit_try_catch/201
[   20.619364] 
[   20.620891] CPU: 3 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   20.620900] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   20.620902] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   20.620905] Call Trace:
[   20.620907]  <TASK>
[   20.620909]  dump_stack_lvl+0x73/0xb0
[   20.620914]  print_report+0xd1/0x650
[   20.620918]  ? __virt_addr_valid+0x1db/0x2d0
[   20.620922]  ? krealloc_more_oob_helper+0x821/0x930
[   20.620926]  ? kasan_addr_to_slab+0x11/0xa0
[   20.620930]  ? krealloc_more_oob_helper+0x821/0x930
[   20.620934]  kasan_report+0x141/0x180
[   20.620938]  ? krealloc_more_oob_helper+0x821/0x930
[   20.620943]  __asan_report_store1_noabort+0x1b/0x30
[   20.620948]  krealloc_more_oob_helper+0x821/0x930
[   20.620952]  ? __schedule+0x10cc/0x2b60
[   20.620956]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.620961]  ? finish_task_switch.isra.0+0x153/0x700
[   20.620965]  ? __switch_to+0x544/0xf50
[   20.620970]  ? __schedule+0x10cc/0x2b60
[   20.620974]  krealloc_large_more_oob+0x1c/0x30
[   20.620978]  kunit_try_run_case+0x1a2/0x480
[   20.620983]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.620987]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   20.620991]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.620995]  ? __kthread_parkme+0x82/0x180
[   20.620999]  ? preempt_count_sub+0x50/0x80
[   20.621003]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.621007]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   20.621011]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.621015]  kthread+0x334/0x6f0
[   20.621019]  ? trace_preempt_on+0x20/0xc0
[   20.621023]  ? __pfx_kthread+0x10/0x10
[   20.621027]  ? _raw_spin_unlock_irq+0x47/0x80
[   20.621030]  ? calculate_sigpending+0x7b/0xa0
[   20.621035]  ? __pfx_kthread+0x10/0x10
[   20.621039]  ret_from_fork+0x113/0x1d0
[   20.621042]  ? __pfx_kthread+0x10/0x10
[   20.621046]  ret_from_fork_asm+0x1a/0x30
[   20.621051]  </TASK>
[   20.621053] 
[   20.800802] The buggy address belongs to the physical page:
[   20.806395] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ff8
[   20.814404] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.822060] flags: 0x200000000000040(head|node=0|zone=2)
[   20.827393] page_type: f8(unknown)
[   20.830806] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.838552] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.846294] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.854128] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.861953] head: 0200000000000002 ffffea000413fe01 00000000ffffffff 00000000ffffffff
[   20.869778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.877603] page dumped because: kasan: bad access detected
[   20.883176] 
[   20.884675] Memory state around the buggy address:
[   20.889470]  ffff888104ff9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.896688]  ffff888104ffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.903910] >ffff888104ffa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   20.911137]                                                           ^
[   20.917748]  ffff888104ffa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.924969]  ffff888104ffa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.932187] ==================================================================