Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.931667] ================================================================== [ 33.942877] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 33.950548] Write of size 1 at addr ffff00008641a0eb by task kunit_try_catch/258 [ 33.958046] [ 33.959575] CPU: 3 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.959603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.959611] Hardware name: Thundercomm Dragonboard 845c (DT) [ 33.959621] Call trace: [ 33.959627] show_stack+0x20/0x38 (C) [ 33.959646] dump_stack_lvl+0x8c/0xd0 [ 33.959664] print_report+0x118/0x608 [ 33.959683] kasan_report+0xdc/0x128 [ 33.959702] __asan_report_store1_noabort+0x20/0x30 [ 33.959719] krealloc_more_oob_helper+0x60c/0x678 [ 33.959738] krealloc_large_more_oob+0x20/0x38 [ 33.959757] kunit_try_run_case+0x170/0x3f0 [ 33.959776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.959798] kthread+0x328/0x630 [ 33.959812] ret_from_fork+0x10/0x20 [ 33.959829] [ 34.030622] The buggy address belongs to the physical page: [ 34.036267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 34.044381] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.052137] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.059196] page_type: f8(unknown) [ 34.062662] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.070508] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.078355] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.086287] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.094218] head: 0bfffe0000000002 fffffdffc2190601 00000000ffffffff 00000000ffffffff [ 34.102149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.110076] page dumped because: kasan: bad access detected [ 34.115722] [ 34.117251] Memory state around the buggy address: [ 34.122114] ffff000086419f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.129428] ffff00008641a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.136742] >ffff00008641a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 34.144053] ^ [ 34.150753] ffff00008641a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.158066] ffff00008641a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.165378] ================================================================== [ 32.035808] ================================================================== [ 32.043130] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.050799] Write of size 1 at addr ffff000080e358f0 by task kunit_try_catch/254 [ 32.058300] [ 32.059841] CPU: 2 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.059869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.059878] Hardware name: Thundercomm Dragonboard 845c (DT) [ 32.059888] Call trace: [ 32.059895] show_stack+0x20/0x38 (C) [ 32.059914] dump_stack_lvl+0x8c/0xd0 [ 32.059934] print_report+0x118/0x608 [ 32.059953] kasan_report+0xdc/0x128 [ 32.059972] __asan_report_store1_noabort+0x20/0x30 [ 32.059990] krealloc_more_oob_helper+0x5c0/0x678 [ 32.060010] krealloc_more_oob+0x20/0x38 [ 32.060027] kunit_try_run_case+0x170/0x3f0 [ 32.060046] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.060068] kthread+0x328/0x630 [ 32.060083] ret_from_fork+0x10/0x20 [ 32.060100] [ 32.130377] Allocated by task 254: [ 32.133838] kasan_save_stack+0x3c/0x68 [ 32.137749] kasan_save_track+0x20/0x40 [ 32.141661] kasan_save_alloc_info+0x40/0x58 [ 32.146000] __kasan_krealloc+0x118/0x178 [ 32.150084] krealloc_noprof+0x128/0x360 [ 32.154083] krealloc_more_oob_helper+0x168/0x678 [ 32.158867] krealloc_more_oob+0x20/0x38 [ 32.162862] kunit_try_run_case+0x170/0x3f0 [ 32.167114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.172686] kthread+0x328/0x630 [ 32.175979] ret_from_fork+0x10/0x20 [ 32.179619] [ 32.181149] The buggy address belongs to the object at ffff000080e35800 [ 32.181149] which belongs to the cache kmalloc-256 of size 256 [ 32.193805] The buggy address is located 5 bytes to the right of [ 32.193805] allocated 235-byte region [ffff000080e35800, ffff000080e358eb) [ 32.206905] [ 32.208441] The buggy address belongs to the physical page: [ 32.214092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100e34 [ 32.222197] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.229957] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.237014] page_type: f5(slab) [ 32.240220] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 32.248067] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.255914] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 32.263847] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.271781] head: 0bfffe0000000002 fffffdffc2038d01 00000000ffffffff 00000000ffffffff [ 32.279714] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.287644] page dumped because: kasan: bad access detected [ 32.293292] [ 32.294822] Memory state around the buggy address: [ 32.299682] ffff000080e35780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.307000] ffff000080e35800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.314317] >ffff000080e35880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.321630] ^ [ 32.328597] ffff000080e35900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.335913] ffff000080e35980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.343229] ================================================================== [ 31.717342] ================================================================== [ 31.728285] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 31.735963] Write of size 1 at addr ffff000080e358eb by task kunit_try_catch/254 [ 31.743457] [ 31.744989] CPU: 2 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 31.745017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.745027] Hardware name: Thundercomm Dragonboard 845c (DT) [ 31.745039] Call trace: [ 31.745046] show_stack+0x20/0x38 (C) [ 31.745066] dump_stack_lvl+0x8c/0xd0 [ 31.745088] print_report+0x118/0x608 [ 31.745108] kasan_report+0xdc/0x128 [ 31.745126] __asan_report_store1_noabort+0x20/0x30 [ 31.745144] krealloc_more_oob_helper+0x60c/0x678 [ 31.745164] krealloc_more_oob+0x20/0x38 [ 31.745181] kunit_try_run_case+0x170/0x3f0 [ 31.745200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.745221] kthread+0x328/0x630 [ 31.745238] ret_from_fork+0x10/0x20 [ 31.745256] [ 31.815540] Allocated by task 254: [ 31.819002] kasan_save_stack+0x3c/0x68 [ 31.822903] kasan_save_track+0x20/0x40 [ 31.826803] kasan_save_alloc_info+0x40/0x58 [ 31.831141] __kasan_krealloc+0x118/0x178 [ 31.835225] krealloc_noprof+0x128/0x360 [ 31.839225] krealloc_more_oob_helper+0x168/0x678 [ 31.844007] krealloc_more_oob+0x20/0x38 [ 31.848004] kunit_try_run_case+0x170/0x3f0 [ 31.852259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.857834] kthread+0x328/0x630 [ 31.861126] ret_from_fork+0x10/0x20 [ 31.864766] [ 31.866297] The buggy address belongs to the object at ffff000080e35800 [ 31.866297] which belongs to the cache kmalloc-256 of size 256 [ 31.878954] The buggy address is located 0 bytes to the right of [ 31.878954] allocated 235-byte region [ffff000080e35800, ffff000080e358eb) [ 31.892052] [ 31.893583] The buggy address belongs to the physical page: [ 31.899232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100e34 [ 31.907339] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.915098] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.922158] page_type: f5(slab) [ 31.925364] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 31.933212] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.941059] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 31.948992] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.956925] head: 0bfffe0000000002 fffffdffc2038d01 00000000ffffffff 00000000ffffffff [ 31.964858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.972788] page dumped because: kasan: bad access detected [ 31.978438] [ 31.979974] Memory state around the buggy address: [ 31.984840] ffff000080e35780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.992156] ffff000080e35800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.999474] >ffff000080e35880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.006788] ^ [ 32.013495] ffff000080e35900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.020811] ffff000080e35980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.028124] ================================================================== [ 34.172752] ================================================================== [ 34.180075] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 34.187750] Write of size 1 at addr ffff00008641a0f0 by task kunit_try_catch/258 [ 34.195241] [ 34.196769] CPU: 3 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 34.196798] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.196806] Hardware name: Thundercomm Dragonboard 845c (DT) [ 34.196818] Call trace: [ 34.196825] show_stack+0x20/0x38 (C) [ 34.196844] dump_stack_lvl+0x8c/0xd0 [ 34.196862] print_report+0x118/0x608 [ 34.196881] kasan_report+0xdc/0x128 [ 34.196900] __asan_report_store1_noabort+0x20/0x30 [ 34.196918] krealloc_more_oob_helper+0x5c0/0x678 [ 34.196938] krealloc_large_more_oob+0x20/0x38 [ 34.196957] kunit_try_run_case+0x170/0x3f0 [ 34.196977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.196999] kthread+0x328/0x630 [ 34.197014] ret_from_fork+0x10/0x20 [ 34.197032] [ 34.267835] The buggy address belongs to the physical page: [ 34.273486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 34.281600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.289355] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.296412] page_type: f8(unknown) [ 34.299875] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.307721] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.315568] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.323499] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.331430] head: 0bfffe0000000002 fffffdffc2190601 00000000ffffffff 00000000ffffffff [ 34.339362] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.347290] page dumped because: kasan: bad access detected [ 34.352938] [ 34.354468] Memory state around the buggy address: [ 34.359327] ffff000086419f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.366640] ffff00008641a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.373955] >ffff00008641a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 34.381266] ^ [ 34.388231] ffff00008641a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.395547] ffff00008641a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.402862] ==================================================================
[ 32.756764] ================================================================== [ 32.757057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.757167] Write of size 1 at addr fff00000c775a0f0 by task kunit_try_catch/171 [ 32.757277] [ 32.757346] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.757532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.757595] Hardware name: linux,dummy-virt (DT) [ 32.759485] Call trace: [ 32.759552] show_stack+0x20/0x38 (C) [ 32.760609] dump_stack_lvl+0x8c/0xd0 [ 32.761186] print_report+0x118/0x608 [ 32.761306] kasan_report+0xdc/0x128 [ 32.761420] __asan_report_store1_noabort+0x20/0x30 [ 32.761533] krealloc_more_oob_helper+0x5c0/0x678 [ 32.762618] krealloc_large_more_oob+0x20/0x38 [ 32.763355] kunit_try_run_case+0x170/0x3f0 [ 32.763478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.764782] kthread+0x328/0x630 [ 32.765801] ret_from_fork+0x10/0x20 [ 32.766412] [ 32.766468] The buggy address belongs to the physical page: [ 32.767145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107758 [ 32.768274] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.768954] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.769905] page_type: f8(unknown) [ 32.770324] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.770455] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.770571] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.770686] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.770799] head: 0bfffe0000000002 ffffc1ffc31dd601 00000000ffffffff 00000000ffffffff [ 32.773076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.773534] page dumped because: kasan: bad access detected [ 32.774294] [ 32.774441] Memory state around the buggy address: [ 32.774656] fff00000c7759f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.775770] fff00000c775a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.776464] >fff00000c775a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.776633] ^ [ 32.777216] fff00000c775a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.777421] fff00000c775a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.777521] ================================================================== [ 32.618081] ================================================================== [ 32.618211] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.618336] Write of size 1 at addr fff00000c46336eb by task kunit_try_catch/167 [ 32.618460] [ 32.618538] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.618726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618791] Hardware name: linux,dummy-virt (DT) [ 32.618861] Call trace: [ 32.618954] show_stack+0x20/0x38 (C) [ 32.619138] dump_stack_lvl+0x8c/0xd0 [ 32.619307] print_report+0x118/0x608 [ 32.622280] kasan_report+0xdc/0x128 [ 32.622441] __asan_report_store1_noabort+0x20/0x30 [ 32.622579] krealloc_more_oob_helper+0x60c/0x678 [ 32.622678] krealloc_more_oob+0x20/0x38 [ 32.622738] kunit_try_run_case+0x170/0x3f0 [ 32.622799] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.622863] kthread+0x328/0x630 [ 32.622980] ret_from_fork+0x10/0x20 [ 32.623187] [ 32.623496] Allocated by task 167: [ 32.623925] kasan_save_stack+0x3c/0x68 [ 32.624193] kasan_save_track+0x20/0x40 [ 32.624325] kasan_save_alloc_info+0x40/0x58 [ 32.624487] __kasan_krealloc+0x118/0x178 [ 32.624582] krealloc_noprof+0x128/0x360 [ 32.624685] krealloc_more_oob_helper+0x168/0x678 [ 32.624922] krealloc_more_oob+0x20/0x38 [ 32.625069] kunit_try_run_case+0x170/0x3f0 [ 32.625229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.625667] kthread+0x328/0x630 [ 32.625905] ret_from_fork+0x10/0x20 [ 32.626032] [ 32.626164] The buggy address belongs to the object at fff00000c4633600 [ 32.626164] which belongs to the cache kmalloc-256 of size 256 [ 32.626331] The buggy address is located 0 bytes to the right of [ 32.626331] allocated 235-byte region [fff00000c4633600, fff00000c46336eb) [ 32.626743] [ 32.626865] The buggy address belongs to the physical page: [ 32.626971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.627156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.627456] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.627719] page_type: f5(slab) [ 32.627820] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.628018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.628328] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.628515] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.629058] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.629180] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.629276] page dumped because: kasan: bad access detected [ 32.629347] [ 32.629389] Memory state around the buggy address: [ 32.629534] fff00000c4633580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.630490] fff00000c4633600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.630614] >fff00000c4633680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.630766] ^ [ 32.630871] fff00000c4633700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.631175] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.631275] ================================================================== [ 32.633111] ================================================================== [ 32.633242] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.633428] Write of size 1 at addr fff00000c46336f0 by task kunit_try_catch/167 [ 32.633716] [ 32.633960] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.634327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.634408] Hardware name: linux,dummy-virt (DT) [ 32.634564] Call trace: [ 32.634622] show_stack+0x20/0x38 (C) [ 32.634738] dump_stack_lvl+0x8c/0xd0 [ 32.634850] print_report+0x118/0x608 [ 32.634981] kasan_report+0xdc/0x128 [ 32.635163] __asan_report_store1_noabort+0x20/0x30 [ 32.635433] krealloc_more_oob_helper+0x5c0/0x678 [ 32.636183] krealloc_more_oob+0x20/0x38 [ 32.636524] kunit_try_run_case+0x170/0x3f0 [ 32.636680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.636939] kthread+0x328/0x630 [ 32.637069] ret_from_fork+0x10/0x20 [ 32.637691] [ 32.637988] Allocated by task 167: [ 32.638059] kasan_save_stack+0x3c/0x68 [ 32.638487] kasan_save_track+0x20/0x40 [ 32.638667] kasan_save_alloc_info+0x40/0x58 [ 32.638764] __kasan_krealloc+0x118/0x178 [ 32.638904] krealloc_noprof+0x128/0x360 [ 32.639004] krealloc_more_oob_helper+0x168/0x678 [ 32.639151] krealloc_more_oob+0x20/0x38 [ 32.639248] kunit_try_run_case+0x170/0x3f0 [ 32.639339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.639466] kthread+0x328/0x630 [ 32.639641] ret_from_fork+0x10/0x20 [ 32.639772] [ 32.639829] The buggy address belongs to the object at fff00000c4633600 [ 32.639829] which belongs to the cache kmalloc-256 of size 256 [ 32.640048] The buggy address is located 5 bytes to the right of [ 32.640048] allocated 235-byte region [fff00000c4633600, fff00000c46336eb) [ 32.640202] [ 32.640256] The buggy address belongs to the physical page: [ 32.640330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.640452] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.640558] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.640677] page_type: f5(slab) [ 32.640765] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.640990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.641503] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.641624] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.641740] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.642146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.642396] page dumped because: kasan: bad access detected [ 32.642471] [ 32.642600] Memory state around the buggy address: [ 32.642697] fff00000c4633580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.642843] fff00000c4633600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.642961] >fff00000c4633680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.643057] ^ [ 32.643817] fff00000c4633700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.643943] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.644046] ================================================================== [ 32.746255] ================================================================== [ 32.746484] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.746855] Write of size 1 at addr fff00000c775a0eb by task kunit_try_catch/171 [ 32.747296] [ 32.747450] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.747793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.747973] Hardware name: linux,dummy-virt (DT) [ 32.748187] Call trace: [ 32.748337] show_stack+0x20/0x38 (C) [ 32.748603] dump_stack_lvl+0x8c/0xd0 [ 32.749269] print_report+0x118/0x608 [ 32.749488] kasan_report+0xdc/0x128 [ 32.749720] __asan_report_store1_noabort+0x20/0x30 [ 32.749866] krealloc_more_oob_helper+0x60c/0x678 [ 32.750004] krealloc_large_more_oob+0x20/0x38 [ 32.750119] kunit_try_run_case+0x170/0x3f0 [ 32.751374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.751545] kthread+0x328/0x630 [ 32.751703] ret_from_fork+0x10/0x20 [ 32.751825] [ 32.751955] The buggy address belongs to the physical page: [ 32.752036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107758 [ 32.752171] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.752428] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.752552] page_type: f8(unknown) [ 32.752647] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.752854] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.753038] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.753238] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.753400] head: 0bfffe0000000002 ffffc1ffc31dd601 00000000ffffffff 00000000ffffffff [ 32.753532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.753638] page dumped because: kasan: bad access detected [ 32.753721] [ 32.753771] Memory state around the buggy address: [ 32.753854] fff00000c7759f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.753972] fff00000c775a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.754071] >fff00000c775a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.754159] ^ [ 32.754274] fff00000c775a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.754404] fff00000c775a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.754542] ==================================================================
[ 28.607424] ================================================================== [ 28.608006] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 28.609061] Write of size 1 at addr ffff8881029fa0f0 by task kunit_try_catch/190 [ 28.609918] [ 28.610116] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.610221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.610251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.610293] Call Trace: [ 28.610319] <TASK> [ 28.610353] dump_stack_lvl+0x73/0xb0 [ 28.610420] print_report+0xd1/0x650 [ 28.610472] ? __virt_addr_valid+0x1db/0x2d0 [ 28.610531] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610609] ? kasan_addr_to_slab+0x11/0xa0 [ 28.610660] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610714] kasan_report+0x141/0x180 [ 28.610768] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610835] __asan_report_store1_noabort+0x1b/0x30 [ 28.610902] krealloc_more_oob_helper+0x7eb/0x930 [ 28.610961] ? __schedule+0x10cc/0x2b60 [ 28.611014] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.611047] ? finish_task_switch.isra.0+0x153/0x700 [ 28.611121] ? __switch_to+0x47/0xf50 [ 28.611183] ? __schedule+0x10cc/0x2b60 [ 28.611217] ? __pfx_read_tsc+0x10/0x10 [ 28.611253] krealloc_large_more_oob+0x1c/0x30 [ 28.611284] kunit_try_run_case+0x1a5/0x480 [ 28.611316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.611376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.611407] ? __kthread_parkme+0x82/0x180 [ 28.611433] ? preempt_count_sub+0x50/0x80 [ 28.611462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.611522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.611576] kthread+0x337/0x6f0 [ 28.611603] ? trace_preempt_on+0x20/0xc0 [ 28.611649] ? __pfx_kthread+0x10/0x10 [ 28.611699] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.611729] ? calculate_sigpending+0x7b/0xa0 [ 28.611759] ? __pfx_kthread+0x10/0x10 [ 28.611786] ret_from_fork+0x116/0x1d0 [ 28.611811] ? __pfx_kthread+0x10/0x10 [ 28.611848] ret_from_fork_asm+0x1a/0x30 [ 28.611887] </TASK> [ 28.611901] [ 28.630089] The buggy address belongs to the physical page: [ 28.630646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 28.631374] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.632334] flags: 0x200000000000040(head|node=0|zone=2) [ 28.632884] page_type: f8(unknown) [ 28.633440] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.634496] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.635030] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.635737] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.636279] head: 0200000000000002 ffffea00040a7e01 00000000ffffffff 00000000ffffffff [ 28.637071] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.637776] page dumped because: kasan: bad access detected [ 28.637981] [ 28.638050] Memory state around the buggy address: [ 28.638184] ffff8881029f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.638364] ffff8881029fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.638559] >ffff8881029fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 28.639866] ^ [ 28.640450] ffff8881029fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.641276] ffff8881029fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.641931] ================================================================== [ 28.260722] ================================================================== [ 28.261421] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 28.262464] Write of size 1 at addr ffff888102c282eb by task kunit_try_catch/186 [ 28.263513] [ 28.263770] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.263904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.263956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.264006] Call Trace: [ 28.264056] <TASK> [ 28.264107] dump_stack_lvl+0x73/0xb0 [ 28.264230] print_report+0xd1/0x650 [ 28.264291] ? __virt_addr_valid+0x1db/0x2d0 [ 28.264345] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264377] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.264411] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264443] kasan_report+0x141/0x180 [ 28.264472] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264507] __asan_report_store1_noabort+0x1b/0x30 [ 28.264538] krealloc_more_oob_helper+0x821/0x930 [ 28.264590] ? __schedule+0x10cc/0x2b60 [ 28.264623] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.264674] ? finish_task_switch.isra.0+0x153/0x700 [ 28.264706] ? __switch_to+0x47/0xf50 [ 28.264740] ? __schedule+0x10cc/0x2b60 [ 28.264769] ? __pfx_read_tsc+0x10/0x10 [ 28.264802] krealloc_more_oob+0x1c/0x30 [ 28.264830] kunit_try_run_case+0x1a5/0x480 [ 28.264864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.264893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.264923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.264954] ? __kthread_parkme+0x82/0x180 [ 28.264980] ? preempt_count_sub+0x50/0x80 [ 28.265009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.265039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.265087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.265140] kthread+0x337/0x6f0 [ 28.265183] ? trace_preempt_on+0x20/0xc0 [ 28.265234] ? __pfx_kthread+0x10/0x10 [ 28.265279] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.265329] ? calculate_sigpending+0x7b/0xa0 [ 28.265392] ? __pfx_kthread+0x10/0x10 [ 28.265449] ret_from_fork+0x116/0x1d0 [ 28.265495] ? __pfx_kthread+0x10/0x10 [ 28.265533] ret_from_fork_asm+0x1a/0x30 [ 28.265596] </TASK> [ 28.265611] [ 28.280119] Allocated by task 186: [ 28.280638] kasan_save_stack+0x45/0x70 [ 28.281076] kasan_save_track+0x18/0x40 [ 28.281334] kasan_save_alloc_info+0x3b/0x50 [ 28.281657] __kasan_krealloc+0x190/0x1f0 [ 28.282049] krealloc_noprof+0xf3/0x340 [ 28.282451] krealloc_more_oob_helper+0x1a9/0x930 [ 28.283209] krealloc_more_oob+0x1c/0x30 [ 28.283468] kunit_try_run_case+0x1a5/0x480 [ 28.283739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.284041] kthread+0x337/0x6f0 [ 28.284524] ret_from_fork+0x116/0x1d0 [ 28.284968] ret_from_fork_asm+0x1a/0x30 [ 28.285481] [ 28.285720] The buggy address belongs to the object at ffff888102c28200 [ 28.285720] which belongs to the cache kmalloc-256 of size 256 [ 28.287151] The buggy address is located 0 bytes to the right of [ 28.287151] allocated 235-byte region [ffff888102c28200, ffff888102c282eb) [ 28.287988] [ 28.288186] The buggy address belongs to the physical page: [ 28.288469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c28 [ 28.289192] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.289807] flags: 0x200000000000040(head|node=0|zone=2) [ 28.290201] page_type: f5(slab) [ 28.290530] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.290971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.291342] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.293626] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.294350] head: 0200000000000001 ffffea00040b0a01 00000000ffffffff 00000000ffffffff [ 28.295521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.295867] page dumped because: kasan: bad access detected [ 28.296019] [ 28.296081] Memory state around the buggy address: [ 28.296211] ffff888102c28180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.296382] ffff888102c28200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.296575] >ffff888102c28280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 28.296893] ^ [ 28.297690] ffff888102c28300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.298422] ffff888102c28380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.299090] ================================================================== [ 28.570790] ================================================================== [ 28.571469] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 28.572726] Write of size 1 at addr ffff8881029fa0eb by task kunit_try_catch/190 [ 28.573187] [ 28.573880] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.573993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.574026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.574111] Call Trace: [ 28.574143] <TASK> [ 28.574179] dump_stack_lvl+0x73/0xb0 [ 28.574253] print_report+0xd1/0x650 [ 28.574305] ? __virt_addr_valid+0x1db/0x2d0 [ 28.574363] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574421] ? kasan_addr_to_slab+0x11/0xa0 [ 28.574472] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574525] kasan_report+0x141/0x180 [ 28.574601] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574704] __asan_report_store1_noabort+0x1b/0x30 [ 28.574768] krealloc_more_oob_helper+0x821/0x930 [ 28.574824] ? __schedule+0x10cc/0x2b60 [ 28.574883] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.574945] ? finish_task_switch.isra.0+0x153/0x700 [ 28.575008] ? __switch_to+0x47/0xf50 [ 28.575104] ? __schedule+0x10cc/0x2b60 [ 28.575166] ? __pfx_read_tsc+0x10/0x10 [ 28.575225] krealloc_large_more_oob+0x1c/0x30 [ 28.575286] kunit_try_run_case+0x1a5/0x480 [ 28.575351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.575459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.575513] ? __kthread_parkme+0x82/0x180 [ 28.575577] ? preempt_count_sub+0x50/0x80 [ 28.575665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.575789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.575865] kthread+0x337/0x6f0 [ 28.575913] ? trace_preempt_on+0x20/0xc0 [ 28.575969] ? __pfx_kthread+0x10/0x10 [ 28.576010] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.576042] ? calculate_sigpending+0x7b/0xa0 [ 28.576108] ? __pfx_kthread+0x10/0x10 [ 28.576155] ret_from_fork+0x116/0x1d0 [ 28.576191] ? __pfx_kthread+0x10/0x10 [ 28.576220] ret_from_fork_asm+0x1a/0x30 [ 28.576261] </TASK> [ 28.576276] [ 28.592624] The buggy address belongs to the physical page: [ 28.593402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 28.594408] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.595020] flags: 0x200000000000040(head|node=0|zone=2) [ 28.595725] page_type: f8(unknown) [ 28.596038] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.596879] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.597333] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.598091] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.598530] head: 0200000000000002 ffffea00040a7e01 00000000ffffffff 00000000ffffffff [ 28.599170] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.599916] page dumped because: kasan: bad access detected [ 28.600571] [ 28.600803] Memory state around the buggy address: [ 28.601345] ffff8881029f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.601893] ffff8881029fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.602819] >ffff8881029fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 28.603231] ^ [ 28.604248] ffff8881029fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.604954] ffff8881029fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.605583] ================================================================== [ 28.300960] ================================================================== [ 28.302207] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 28.302658] Write of size 1 at addr ffff888102c282f0 by task kunit_try_catch/186 [ 28.303131] [ 28.303378] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.303489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.303519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.303583] Call Trace: [ 28.303619] <TASK> [ 28.303656] dump_stack_lvl+0x73/0xb0 [ 28.304097] print_report+0xd1/0x650 [ 28.304192] ? __virt_addr_valid+0x1db/0x2d0 [ 28.304260] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304315] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.304381] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304440] kasan_report+0x141/0x180 [ 28.304500] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304588] __asan_report_store1_noabort+0x1b/0x30 [ 28.304760] krealloc_more_oob_helper+0x7eb/0x930 [ 28.304845] ? __schedule+0x10cc/0x2b60 [ 28.304916] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.304960] ? finish_task_switch.isra.0+0x153/0x700 [ 28.304992] ? __switch_to+0x47/0xf50 [ 28.305025] ? __schedule+0x10cc/0x2b60 [ 28.305065] ? __pfx_read_tsc+0x10/0x10 [ 28.305154] krealloc_more_oob+0x1c/0x30 [ 28.305207] kunit_try_run_case+0x1a5/0x480 [ 28.305243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.305274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.305307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.305339] ? __kthread_parkme+0x82/0x180 [ 28.305366] ? preempt_count_sub+0x50/0x80 [ 28.305395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.305426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.305456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.305486] kthread+0x337/0x6f0 [ 28.305512] ? trace_preempt_on+0x20/0xc0 [ 28.305564] ? __pfx_kthread+0x10/0x10 [ 28.305593] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.305623] ? calculate_sigpending+0x7b/0xa0 [ 28.305678] ? __pfx_kthread+0x10/0x10 [ 28.305706] ret_from_fork+0x116/0x1d0 [ 28.305733] ? __pfx_kthread+0x10/0x10 [ 28.305759] ret_from_fork_asm+0x1a/0x30 [ 28.305799] </TASK> [ 28.305812] [ 28.324408] Allocated by task 186: [ 28.324846] kasan_save_stack+0x45/0x70 [ 28.325309] kasan_save_track+0x18/0x40 [ 28.325850] kasan_save_alloc_info+0x3b/0x50 [ 28.326640] __kasan_krealloc+0x190/0x1f0 [ 28.326892] krealloc_noprof+0xf3/0x340 [ 28.327451] krealloc_more_oob_helper+0x1a9/0x930 [ 28.328035] krealloc_more_oob+0x1c/0x30 [ 28.328528] kunit_try_run_case+0x1a5/0x480 [ 28.328862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.329451] kthread+0x337/0x6f0 [ 28.329746] ret_from_fork+0x116/0x1d0 [ 28.330120] ret_from_fork_asm+0x1a/0x30 [ 28.330454] [ 28.331335] The buggy address belongs to the object at ffff888102c28200 [ 28.331335] which belongs to the cache kmalloc-256 of size 256 [ 28.332288] The buggy address is located 5 bytes to the right of [ 28.332288] allocated 235-byte region [ffff888102c28200, ffff888102c282eb) [ 28.333239] [ 28.333769] The buggy address belongs to the physical page: [ 28.334044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c28 [ 28.334594] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.335583] flags: 0x200000000000040(head|node=0|zone=2) [ 28.336073] page_type: f5(slab) [ 28.336745] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.337523] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.338103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.339108] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.340162] head: 0200000000000001 ffffea00040b0a01 00000000ffffffff 00000000ffffffff [ 28.340482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.341158] page dumped because: kasan: bad access detected [ 28.341611] [ 28.341750] Memory state around the buggy address: [ 28.342365] ffff888102c28180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.343425] ffff888102c28200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.343899] >ffff888102c28280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 28.344270] ^ [ 28.345061] ffff888102c28300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.345659] ffff888102c28380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.346320] ==================================================================