Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.733896] ================================================================== [ 30.733960] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.734259] Write of size 1 at addr fff00000c99d60c9 by task kunit_try_catch/195 [ 30.734386] [ 30.734449] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.734563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.734590] Hardware name: linux,dummy-virt (DT) [ 30.734772] Call trace: [ 30.734832] show_stack+0x20/0x38 (C) [ 30.734893] dump_stack_lvl+0x8c/0xd0 [ 30.734951] print_report+0x118/0x608 [ 30.735298] kasan_report+0xdc/0x128 [ 30.735369] __asan_report_store1_noabort+0x20/0x30 [ 30.735573] krealloc_less_oob_helper+0xa48/0xc50 [ 30.735648] krealloc_large_less_oob+0x20/0x38 [ 30.735696] kunit_try_run_case+0x170/0x3f0 [ 30.735753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.735806] kthread+0x328/0x630 [ 30.736010] ret_from_fork+0x10/0x20 [ 30.736259] [ 30.736347] The buggy address belongs to the physical page: [ 30.736417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.736551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.736608] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.736729] page_type: f8(unknown) [ 30.736789] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.736865] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.737158] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.737237] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.737431] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.737520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.737648] page dumped because: kasan: bad access detected [ 30.737706] [ 30.738052] Memory state around the buggy address: [ 30.738132] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.738226] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.738384] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.738637] ^ [ 30.738757] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.738821] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.738921] ================================================================== [ 30.701607] ================================================================== [ 30.701709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.701866] Write of size 1 at addr fff00000c8f6faeb by task kunit_try_catch/191 [ 30.702013] [ 30.702047] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.702131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.702375] Hardware name: linux,dummy-virt (DT) [ 30.702422] Call trace: [ 30.702763] show_stack+0x20/0x38 (C) [ 30.702834] dump_stack_lvl+0x8c/0xd0 [ 30.702883] print_report+0x118/0x608 [ 30.703000] kasan_report+0xdc/0x128 [ 30.703079] __asan_report_store1_noabort+0x20/0x30 [ 30.703136] krealloc_less_oob_helper+0xa58/0xc50 [ 30.703275] krealloc_less_oob+0x20/0x38 [ 30.703321] kunit_try_run_case+0x170/0x3f0 [ 30.703368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.703465] kthread+0x328/0x630 [ 30.703512] ret_from_fork+0x10/0x20 [ 30.703571] [ 30.703882] Allocated by task 191: [ 30.703948] kasan_save_stack+0x3c/0x68 [ 30.704114] kasan_save_track+0x20/0x40 [ 30.704192] kasan_save_alloc_info+0x40/0x58 [ 30.704317] __kasan_krealloc+0x118/0x178 [ 30.704396] krealloc_noprof+0x128/0x360 [ 30.704510] krealloc_less_oob_helper+0x168/0xc50 [ 30.704552] krealloc_less_oob+0x20/0x38 [ 30.704613] kunit_try_run_case+0x170/0x3f0 [ 30.704657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.704949] kthread+0x328/0x630 [ 30.705133] ret_from_fork+0x10/0x20 [ 30.705204] [ 30.705254] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.705254] which belongs to the cache kmalloc-256 of size 256 [ 30.705424] The buggy address is located 34 bytes to the right of [ 30.705424] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.705511] [ 30.705586] The buggy address belongs to the physical page: [ 30.705634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.706182] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.706255] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.706377] page_type: f5(slab) [ 30.706665] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.706827] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.706916] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.707110] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.707188] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.707332] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.707372] page dumped because: kasan: bad access detected [ 30.707429] [ 30.707619] Memory state around the buggy address: [ 30.707684] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707862] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.707947] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.708085] ^ [ 30.708152] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.708248] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.708305] ================================================================== [ 30.694311] ================================================================== [ 30.694356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.694404] Write of size 1 at addr fff00000c8f6faea by task kunit_try_catch/191 [ 30.694453] [ 30.694481] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.694563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.694589] Hardware name: linux,dummy-virt (DT) [ 30.694637] Call trace: [ 30.694659] show_stack+0x20/0x38 (C) [ 30.694706] dump_stack_lvl+0x8c/0xd0 [ 30.694758] print_report+0x118/0x608 [ 30.694805] kasan_report+0xdc/0x128 [ 30.694851] __asan_report_store1_noabort+0x20/0x30 [ 30.694899] krealloc_less_oob_helper+0xae4/0xc50 [ 30.695349] krealloc_less_oob+0x20/0x38 [ 30.695404] kunit_try_run_case+0x170/0x3f0 [ 30.695463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.695518] kthread+0x328/0x630 [ 30.695988] ret_from_fork+0x10/0x20 [ 30.696079] [ 30.696114] Allocated by task 191: [ 30.696349] kasan_save_stack+0x3c/0x68 [ 30.696454] kasan_save_track+0x20/0x40 [ 30.696624] kasan_save_alloc_info+0x40/0x58 [ 30.696705] __kasan_krealloc+0x118/0x178 [ 30.696795] krealloc_noprof+0x128/0x360 [ 30.696888] krealloc_less_oob_helper+0x168/0xc50 [ 30.696965] krealloc_less_oob+0x20/0x38 [ 30.697163] kunit_try_run_case+0x170/0x3f0 [ 30.697335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.697420] kthread+0x328/0x630 [ 30.697602] ret_from_fork+0x10/0x20 [ 30.697670] [ 30.697718] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.697718] which belongs to the cache kmalloc-256 of size 256 [ 30.697867] The buggy address is located 33 bytes to the right of [ 30.697867] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.697971] [ 30.698332] The buggy address belongs to the physical page: [ 30.698391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.698519] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.698585] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.698694] page_type: f5(slab) [ 30.698753] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.698847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.699032] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.699095] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.699446] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.699518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.699642] page dumped because: kasan: bad access detected [ 30.699712] [ 30.699832] Memory state around the buggy address: [ 30.699898] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699954] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.700211] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.700275] ^ [ 30.700523] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.700610] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.700660] ================================================================== [ 30.673382] ================================================================== [ 30.673436] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.673487] Write of size 1 at addr fff00000c8f6fac9 by task kunit_try_catch/191 [ 30.673536] [ 30.673566] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.673649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.673675] Hardware name: linux,dummy-virt (DT) [ 30.673706] Call trace: [ 30.673727] show_stack+0x20/0x38 (C) [ 30.673774] dump_stack_lvl+0x8c/0xd0 [ 30.673821] print_report+0x118/0x608 [ 30.673868] kasan_report+0xdc/0x128 [ 30.673914] __asan_report_store1_noabort+0x20/0x30 [ 30.674085] krealloc_less_oob_helper+0xa48/0xc50 [ 30.674251] krealloc_less_oob+0x20/0x38 [ 30.674312] kunit_try_run_case+0x170/0x3f0 [ 30.674360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.674421] kthread+0x328/0x630 [ 30.674464] ret_from_fork+0x10/0x20 [ 30.674560] [ 30.674580] Allocated by task 191: [ 30.674619] kasan_save_stack+0x3c/0x68 [ 30.674662] kasan_save_track+0x20/0x40 [ 30.674707] kasan_save_alloc_info+0x40/0x58 [ 30.674752] __kasan_krealloc+0x118/0x178 [ 30.674790] krealloc_noprof+0x128/0x360 [ 30.674827] krealloc_less_oob_helper+0x168/0xc50 [ 30.674876] krealloc_less_oob+0x20/0x38 [ 30.674914] kunit_try_run_case+0x170/0x3f0 [ 30.674963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.675011] kthread+0x328/0x630 [ 30.675044] ret_from_fork+0x10/0x20 [ 30.675080] [ 30.675099] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.675099] which belongs to the cache kmalloc-256 of size 256 [ 30.675163] The buggy address is located 0 bytes to the right of [ 30.675163] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.675226] [ 30.675254] The buggy address belongs to the physical page: [ 30.675285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.675336] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.675383] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.675441] page_type: f5(slab) [ 30.675479] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.675529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.675577] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.675646] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.675695] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.675742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.675780] page dumped because: kasan: bad access detected [ 30.675810] [ 30.675828] Memory state around the buggy address: [ 30.675859] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675908] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.676513] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.676557] ^ [ 30.676596] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.676638] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.676676] ================================================================== [ 30.740694] ================================================================== [ 30.740808] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.741076] Write of size 1 at addr fff00000c99d60d0 by task kunit_try_catch/195 [ 30.741208] [ 30.741259] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.741537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.741571] Hardware name: linux,dummy-virt (DT) [ 30.741603] Call trace: [ 30.741862] show_stack+0x20/0x38 (C) [ 30.742051] dump_stack_lvl+0x8c/0xd0 [ 30.742109] print_report+0x118/0x608 [ 30.742448] kasan_report+0xdc/0x128 [ 30.742589] __asan_report_store1_noabort+0x20/0x30 [ 30.742661] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.742718] krealloc_large_less_oob+0x20/0x38 [ 30.742833] kunit_try_run_case+0x170/0x3f0 [ 30.742900] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.743014] kthread+0x328/0x630 [ 30.743059] ret_from_fork+0x10/0x20 [ 30.743127] [ 30.743148] The buggy address belongs to the physical page: [ 30.743185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.743361] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.743419] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.743470] page_type: f8(unknown) [ 30.743508] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.743740] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.743869] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.743917] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.743981] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.744334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.744488] page dumped because: kasan: bad access detected [ 30.744549] [ 30.744600] Memory state around the buggy address: [ 30.744715] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.744782] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.744831] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.744894] ^ [ 30.745144] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.745399] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.745489] ================================================================== [ 30.756613] ================================================================== [ 30.756659] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.756707] Write of size 1 at addr fff00000c99d60eb by task kunit_try_catch/195 [ 30.757057] [ 30.757163] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.757571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.757614] Hardware name: linux,dummy-virt (DT) [ 30.757662] Call trace: [ 30.757704] show_stack+0x20/0x38 (C) [ 30.757756] dump_stack_lvl+0x8c/0xd0 [ 30.757804] print_report+0x118/0x608 [ 30.757882] kasan_report+0xdc/0x128 [ 30.757955] __asan_report_store1_noabort+0x20/0x30 [ 30.758120] krealloc_less_oob_helper+0xa58/0xc50 [ 30.758175] krealloc_large_less_oob+0x20/0x38 [ 30.758265] kunit_try_run_case+0x170/0x3f0 [ 30.758317] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.758696] kthread+0x328/0x630 [ 30.758824] ret_from_fork+0x10/0x20 [ 30.758901] [ 30.758951] The buggy address belongs to the physical page: [ 30.758989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.759042] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.759120] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.759170] page_type: f8(unknown) [ 30.759207] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.759265] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.759314] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.759361] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.759409] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.759467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.759515] page dumped because: kasan: bad access detected [ 30.759918] [ 30.759959] Memory state around the buggy address: [ 30.759992] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.760056] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.760108] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.760486] ^ [ 30.760540] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.760622] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.760691] ================================================================== [ 30.687436] ================================================================== [ 30.687485] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.687534] Write of size 1 at addr fff00000c8f6fada by task kunit_try_catch/191 [ 30.687837] [ 30.687985] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.688187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.688361] Hardware name: linux,dummy-virt (DT) [ 30.688428] Call trace: [ 30.688543] show_stack+0x20/0x38 (C) [ 30.688619] dump_stack_lvl+0x8c/0xd0 [ 30.688719] print_report+0x118/0x608 [ 30.688787] kasan_report+0xdc/0x128 [ 30.688939] __asan_report_store1_noabort+0x20/0x30 [ 30.689013] krealloc_less_oob_helper+0xa80/0xc50 [ 30.689203] krealloc_less_oob+0x20/0x38 [ 30.689421] kunit_try_run_case+0x170/0x3f0 [ 30.689499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.689840] kthread+0x328/0x630 [ 30.689948] ret_from_fork+0x10/0x20 [ 30.690045] [ 30.690221] Allocated by task 191: [ 30.690421] kasan_save_stack+0x3c/0x68 [ 30.690625] kasan_save_track+0x20/0x40 [ 30.690975] kasan_save_alloc_info+0x40/0x58 [ 30.691047] __kasan_krealloc+0x118/0x178 [ 30.691155] krealloc_noprof+0x128/0x360 [ 30.691235] krealloc_less_oob_helper+0x168/0xc50 [ 30.691304] krealloc_less_oob+0x20/0x38 [ 30.691613] kunit_try_run_case+0x170/0x3f0 [ 30.691740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.691839] kthread+0x328/0x630 [ 30.691887] ret_from_fork+0x10/0x20 [ 30.691939] [ 30.692101] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.692101] which belongs to the cache kmalloc-256 of size 256 [ 30.692284] The buggy address is located 17 bytes to the right of [ 30.692284] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.692438] [ 30.692490] The buggy address belongs to the physical page: [ 30.692528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.692783] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.692852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.693082] page_type: f5(slab) [ 30.693153] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.693211] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.693307] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.693357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.693405] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.693469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.693516] page dumped because: kasan: bad access detected [ 30.693547] [ 30.693565] Memory state around the buggy address: [ 30.693595] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693636] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.693677] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.693733] ^ [ 30.693770] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693820] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693871] ================================================================== [ 30.745993] ================================================================== [ 30.746037] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.746082] Write of size 1 at addr fff00000c99d60da by task kunit_try_catch/195 [ 30.746293] [ 30.746335] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.746421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.746449] Hardware name: linux,dummy-virt (DT) [ 30.746478] Call trace: [ 30.746524] show_stack+0x20/0x38 (C) [ 30.746576] dump_stack_lvl+0x8c/0xd0 [ 30.746631] print_report+0x118/0x608 [ 30.746679] kasan_report+0xdc/0x128 [ 30.746725] __asan_report_store1_noabort+0x20/0x30 [ 30.746773] krealloc_less_oob_helper+0xa80/0xc50 [ 30.746837] krealloc_large_less_oob+0x20/0x38 [ 30.746885] kunit_try_run_case+0x170/0x3f0 [ 30.746943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.746996] kthread+0x328/0x630 [ 30.747038] ret_from_fork+0x10/0x20 [ 30.747085] [ 30.747104] The buggy address belongs to the physical page: [ 30.747143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.747202] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.747250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.747299] page_type: f8(unknown) [ 30.747336] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.747383] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.747431] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.747477] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.747526] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.748139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.748185] page dumped because: kasan: bad access detected [ 30.748229] [ 30.748259] Memory state around the buggy address: [ 30.748292] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.748871] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749077] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.749546] ^ [ 30.749785] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750243] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750325] ================================================================== [ 30.750891] ================================================================== [ 30.751055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.751136] Write of size 1 at addr fff00000c99d60ea by task kunit_try_catch/195 [ 30.751204] [ 30.751242] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.751360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.751406] Hardware name: linux,dummy-virt (DT) [ 30.751588] Call trace: [ 30.751663] show_stack+0x20/0x38 (C) [ 30.751719] dump_stack_lvl+0x8c/0xd0 [ 30.751774] print_report+0x118/0x608 [ 30.752151] kasan_report+0xdc/0x128 [ 30.752282] __asan_report_store1_noabort+0x20/0x30 [ 30.752371] krealloc_less_oob_helper+0xae4/0xc50 [ 30.752498] krealloc_large_less_oob+0x20/0x38 [ 30.752587] kunit_try_run_case+0x170/0x3f0 [ 30.752716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.752806] kthread+0x328/0x630 [ 30.752920] ret_from_fork+0x10/0x20 [ 30.753025] [ 30.753130] The buggy address belongs to the physical page: [ 30.753167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.753218] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.753390] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.753473] page_type: f8(unknown) [ 30.753654] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.753793] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.753872] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.754213] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.754349] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.754418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.754485] page dumped because: kasan: bad access detected [ 30.754516] [ 30.754670] Memory state around the buggy address: [ 30.755172] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.755233] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.755333] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.755400] ^ [ 30.755451] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.755771] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.755838] ================================================================== [ 30.677954] ================================================================== [ 30.678288] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.678542] Write of size 1 at addr fff00000c8f6fad0 by task kunit_try_catch/191 [ 30.678694] [ 30.678730] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.679270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.679318] Hardware name: linux,dummy-virt (DT) [ 30.679360] Call trace: [ 30.679391] show_stack+0x20/0x38 (C) [ 30.679444] dump_stack_lvl+0x8c/0xd0 [ 30.679611] print_report+0x118/0x608 [ 30.680185] kasan_report+0xdc/0x128 [ 30.680281] __asan_report_store1_noabort+0x20/0x30 [ 30.680341] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.680393] krealloc_less_oob+0x20/0x38 [ 30.680440] kunit_try_run_case+0x170/0x3f0 [ 30.681118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.681271] kthread+0x328/0x630 [ 30.681328] ret_from_fork+0x10/0x20 [ 30.681499] [ 30.681548] Allocated by task 191: [ 30.681675] kasan_save_stack+0x3c/0x68 [ 30.681754] kasan_save_track+0x20/0x40 [ 30.681862] kasan_save_alloc_info+0x40/0x58 [ 30.681949] __kasan_krealloc+0x118/0x178 [ 30.682052] krealloc_noprof+0x128/0x360 [ 30.682104] krealloc_less_oob_helper+0x168/0xc50 [ 30.682161] krealloc_less_oob+0x20/0x38 [ 30.682414] kunit_try_run_case+0x170/0x3f0 [ 30.682592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.682671] kthread+0x328/0x630 [ 30.682704] ret_from_fork+0x10/0x20 [ 30.682901] [ 30.682960] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.682960] which belongs to the cache kmalloc-256 of size 256 [ 30.683254] The buggy address is located 7 bytes to the right of [ 30.683254] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.683332] [ 30.683351] The buggy address belongs to the physical page: [ 30.683409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.683586] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.683760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.683835] page_type: f5(slab) [ 30.683874] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.684115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.684348] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.684419] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.684483] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.684857] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.684939] page dumped because: kasan: bad access detected [ 30.684972] [ 30.685022] Memory state around the buggy address: [ 30.685215] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.685381] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.685635] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.685808] ^ [ 30.685913] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686006] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686200] ==================================================================
[ 32.534045] ================================================================== [ 32.534094] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.534143] Write of size 1 at addr fff00000c99f20ea by task kunit_try_catch/193 [ 32.534243] [ 32.534274] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.534358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.534384] Hardware name: linux,dummy-virt (DT) [ 32.534414] Call trace: [ 32.534437] show_stack+0x20/0x38 (C) [ 32.534486] dump_stack_lvl+0x8c/0xd0 [ 32.535310] print_report+0x118/0x608 [ 32.535601] kasan_report+0xdc/0x128 [ 32.535662] __asan_report_store1_noabort+0x20/0x30 [ 32.535709] krealloc_less_oob_helper+0xae4/0xc50 [ 32.535780] krealloc_large_less_oob+0x20/0x38 [ 32.535828] kunit_try_run_case+0x170/0x3f0 [ 32.535877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.535929] kthread+0x328/0x630 [ 32.536224] ret_from_fork+0x10/0x20 [ 32.536331] [ 32.536352] The buggy address belongs to the physical page: [ 32.536419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.536505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.536550] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.536600] page_type: f8(unknown) [ 32.536638] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.536686] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.536734] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.536955] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.537076] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.537126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.537176] page dumped because: kasan: bad access detected [ 32.537215] [ 32.537250] Memory state around the buggy address: [ 32.537280] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.537377] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.537418] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.537453] ^ [ 32.537623] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.537922] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.537960] ================================================================== [ 32.490861] ================================================================== [ 32.490930] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.490997] Write of size 1 at addr fff00000c893f4eb by task kunit_try_catch/189 [ 32.491052] [ 32.491087] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.491184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.491219] Hardware name: linux,dummy-virt (DT) [ 32.491250] Call trace: [ 32.491271] show_stack+0x20/0x38 (C) [ 32.491392] dump_stack_lvl+0x8c/0xd0 [ 32.491447] print_report+0x118/0x608 [ 32.491495] kasan_report+0xdc/0x128 [ 32.491541] __asan_report_store1_noabort+0x20/0x30 [ 32.491589] krealloc_less_oob_helper+0xa58/0xc50 [ 32.491637] krealloc_less_oob+0x20/0x38 [ 32.491683] kunit_try_run_case+0x170/0x3f0 [ 32.491893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.492020] kthread+0x328/0x630 [ 32.492077] ret_from_fork+0x10/0x20 [ 32.492225] [ 32.492290] Allocated by task 189: [ 32.492377] kasan_save_stack+0x3c/0x68 [ 32.492419] kasan_save_track+0x20/0x40 [ 32.492477] kasan_save_alloc_info+0x40/0x58 [ 32.492514] __kasan_krealloc+0x118/0x178 [ 32.492845] krealloc_noprof+0x128/0x360 [ 32.492923] krealloc_less_oob_helper+0x168/0xc50 [ 32.493011] krealloc_less_oob+0x20/0x38 [ 32.493082] kunit_try_run_case+0x170/0x3f0 [ 32.493187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.493257] kthread+0x328/0x630 [ 32.493289] ret_from_fork+0x10/0x20 [ 32.493324] [ 32.493343] The buggy address belongs to the object at fff00000c893f400 [ 32.493343] which belongs to the cache kmalloc-256 of size 256 [ 32.493398] The buggy address is located 34 bytes to the right of [ 32.493398] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.493474] [ 32.493521] The buggy address belongs to the physical page: [ 32.493673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.493780] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.493858] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.493936] page_type: f5(slab) [ 32.493983] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.494039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.494089] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.494137] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.494194] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.494247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.494297] page dumped because: kasan: bad access detected [ 32.494327] [ 32.494345] Memory state around the buggy address: [ 32.494374] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494417] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.494468] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.494505] ^ [ 32.494542] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494583] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494629] ================================================================== [ 32.516976] ================================================================== [ 32.517035] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.517091] Write of size 1 at addr fff00000c99f20c9 by task kunit_try_catch/193 [ 32.517152] [ 32.517199] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.517462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.517501] Hardware name: linux,dummy-virt (DT) [ 32.517535] Call trace: [ 32.517557] show_stack+0x20/0x38 (C) [ 32.517618] dump_stack_lvl+0x8c/0xd0 [ 32.517784] print_report+0x118/0x608 [ 32.517838] kasan_report+0xdc/0x128 [ 32.517990] __asan_report_store1_noabort+0x20/0x30 [ 32.518037] krealloc_less_oob_helper+0xa48/0xc50 [ 32.518086] krealloc_large_less_oob+0x20/0x38 [ 32.518133] kunit_try_run_case+0x170/0x3f0 [ 32.518192] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.518463] kthread+0x328/0x630 [ 32.518516] ret_from_fork+0x10/0x20 [ 32.518598] [ 32.518618] The buggy address belongs to the physical page: [ 32.518649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.518701] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.518747] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.518808] page_type: f8(unknown) [ 32.518847] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.518898] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.519319] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.519430] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.519527] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.519575] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.519614] page dumped because: kasan: bad access detected [ 32.519644] [ 32.519843] Memory state around the buggy address: [ 32.519927] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.520061] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.520104] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.520172] ^ [ 32.520206] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.520356] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.520393] ================================================================== [ 32.486477] ================================================================== [ 32.486523] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.486668] Write of size 1 at addr fff00000c893f4ea by task kunit_try_catch/189 [ 32.486717] [ 32.486774] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.486859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.486885] Hardware name: linux,dummy-virt (DT) [ 32.486915] Call trace: [ 32.486937] show_stack+0x20/0x38 (C) [ 32.486984] dump_stack_lvl+0x8c/0xd0 [ 32.487052] print_report+0x118/0x608 [ 32.487100] kasan_report+0xdc/0x128 [ 32.487147] __asan_report_store1_noabort+0x20/0x30 [ 32.487208] krealloc_less_oob_helper+0xae4/0xc50 [ 32.487256] krealloc_less_oob+0x20/0x38 [ 32.487302] kunit_try_run_case+0x170/0x3f0 [ 32.487350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.487402] kthread+0x328/0x630 [ 32.487480] ret_from_fork+0x10/0x20 [ 32.487528] [ 32.487546] Allocated by task 189: [ 32.487573] kasan_save_stack+0x3c/0x68 [ 32.487613] kasan_save_track+0x20/0x40 [ 32.487823] kasan_save_alloc_info+0x40/0x58 [ 32.487896] __kasan_krealloc+0x118/0x178 [ 32.487935] krealloc_noprof+0x128/0x360 [ 32.487975] krealloc_less_oob_helper+0x168/0xc50 [ 32.488014] krealloc_less_oob+0x20/0x38 [ 32.488050] kunit_try_run_case+0x170/0x3f0 [ 32.488087] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.488129] kthread+0x328/0x630 [ 32.488301] ret_from_fork+0x10/0x20 [ 32.488350] [ 32.488433] The buggy address belongs to the object at fff00000c893f400 [ 32.488433] which belongs to the cache kmalloc-256 of size 256 [ 32.488523] The buggy address is located 33 bytes to the right of [ 32.488523] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.488639] [ 32.488666] The buggy address belongs to the physical page: [ 32.488719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.488815] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.488879] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.488938] page_type: f5(slab) [ 32.488976] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.489024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.489180] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.489291] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.489367] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.489471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.489545] page dumped because: kasan: bad access detected [ 32.489619] [ 32.489685] Memory state around the buggy address: [ 32.489744] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.489807] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.489848] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.490079] ^ [ 32.490131] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.490200] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.490279] ================================================================== [ 32.478027] ================================================================== [ 32.478091] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.478145] Write of size 1 at addr fff00000c893f4d0 by task kunit_try_catch/189 [ 32.478208] [ 32.478237] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.478320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.478423] Hardware name: linux,dummy-virt (DT) [ 32.478461] Call trace: [ 32.478520] show_stack+0x20/0x38 (C) [ 32.478590] dump_stack_lvl+0x8c/0xd0 [ 32.478656] print_report+0x118/0x608 [ 32.478731] kasan_report+0xdc/0x128 [ 32.478796] __asan_report_store1_noabort+0x20/0x30 [ 32.478852] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.478911] krealloc_less_oob+0x20/0x38 [ 32.478957] kunit_try_run_case+0x170/0x3f0 [ 32.479023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.479076] kthread+0x328/0x630 [ 32.479125] ret_from_fork+0x10/0x20 [ 32.479201] [ 32.479241] Allocated by task 189: [ 32.479269] kasan_save_stack+0x3c/0x68 [ 32.479324] kasan_save_track+0x20/0x40 [ 32.479362] kasan_save_alloc_info+0x40/0x58 [ 32.479487] __kasan_krealloc+0x118/0x178 [ 32.479641] krealloc_noprof+0x128/0x360 [ 32.479741] krealloc_less_oob_helper+0x168/0xc50 [ 32.479889] krealloc_less_oob+0x20/0x38 [ 32.479925] kunit_try_run_case+0x170/0x3f0 [ 32.479962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.480005] kthread+0x328/0x630 [ 32.480037] ret_from_fork+0x10/0x20 [ 32.480195] [ 32.480272] The buggy address belongs to the object at fff00000c893f400 [ 32.480272] which belongs to the cache kmalloc-256 of size 256 [ 32.480359] The buggy address is located 7 bytes to the right of [ 32.480359] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.480472] [ 32.480519] The buggy address belongs to the physical page: [ 32.480571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.480639] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.480710] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.480813] page_type: f5(slab) [ 32.480871] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.480959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.481036] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.481103] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.481190] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.481278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.481336] page dumped because: kasan: bad access detected [ 32.481395] [ 32.481457] Memory state around the buggy address: [ 32.481523] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481593] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.481635] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.481672] ^ [ 32.481707] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481859] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481927] ================================================================== [ 32.520571] ================================================================== [ 32.520613] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.520658] Write of size 1 at addr fff00000c99f20d0 by task kunit_try_catch/193 [ 32.520705] [ 32.520733] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.520815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.521094] Hardware name: linux,dummy-virt (DT) [ 32.521294] Call trace: [ 32.521323] show_stack+0x20/0x38 (C) [ 32.521445] dump_stack_lvl+0x8c/0xd0 [ 32.521498] print_report+0x118/0x608 [ 32.521550] kasan_report+0xdc/0x128 [ 32.521763] __asan_report_store1_noabort+0x20/0x30 [ 32.521865] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.522034] krealloc_large_less_oob+0x20/0x38 [ 32.522082] kunit_try_run_case+0x170/0x3f0 [ 32.522129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.522189] kthread+0x328/0x630 [ 32.522231] ret_from_fork+0x10/0x20 [ 32.522279] [ 32.522299] The buggy address belongs to the physical page: [ 32.522329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.522380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.522425] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.522474] page_type: f8(unknown) [ 32.522512] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.522567] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.522792] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.522987] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.523059] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.523236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.523340] page dumped because: kasan: bad access detected [ 32.523370] [ 32.523387] Memory state around the buggy address: [ 32.523416] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.523481] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.523523] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.523558] ^ [ 32.523593] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.524345] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.524498] ================================================================== [ 32.538422] ================================================================== [ 32.538472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.538520] Write of size 1 at addr fff00000c99f20eb by task kunit_try_catch/193 [ 32.538580] [ 32.538674] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.538904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.539115] Hardware name: linux,dummy-virt (DT) [ 32.539226] Call trace: [ 32.539282] show_stack+0x20/0x38 (C) [ 32.539332] dump_stack_lvl+0x8c/0xd0 [ 32.539379] print_report+0x118/0x608 [ 32.539426] kasan_report+0xdc/0x128 [ 32.539554] __asan_report_store1_noabort+0x20/0x30 [ 32.539603] krealloc_less_oob_helper+0xa58/0xc50 [ 32.539812] krealloc_large_less_oob+0x20/0x38 [ 32.539865] kunit_try_run_case+0x170/0x3f0 [ 32.539913] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.540025] kthread+0x328/0x630 [ 32.540069] ret_from_fork+0x10/0x20 [ 32.540138] [ 32.540398] The buggy address belongs to the physical page: [ 32.540429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.540482] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.540706] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.540945] page_type: f8(unknown) [ 32.541139] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.541215] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.541538] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.541680] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.541728] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.541775] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.541814] page dumped because: kasan: bad access detected [ 32.541844] [ 32.541875] Memory state around the buggy address: [ 32.541934] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.541975] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.542048] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.542085] ^ [ 32.542123] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.542174] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.542392] ================================================================== [ 32.482354] ================================================================== [ 32.482401] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.482449] Write of size 1 at addr fff00000c893f4da by task kunit_try_catch/189 [ 32.482498] [ 32.482544] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.482681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.482709] Hardware name: linux,dummy-virt (DT) [ 32.482833] Call trace: [ 32.482861] show_stack+0x20/0x38 (C) [ 32.482929] dump_stack_lvl+0x8c/0xd0 [ 32.482986] print_report+0x118/0x608 [ 32.483042] kasan_report+0xdc/0x128 [ 32.483099] __asan_report_store1_noabort+0x20/0x30 [ 32.483148] krealloc_less_oob_helper+0xa80/0xc50 [ 32.483211] krealloc_less_oob+0x20/0x38 [ 32.483267] kunit_try_run_case+0x170/0x3f0 [ 32.483315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.483367] kthread+0x328/0x630 [ 32.483408] ret_from_fork+0x10/0x20 [ 32.483483] [ 32.483501] Allocated by task 189: [ 32.483529] kasan_save_stack+0x3c/0x68 [ 32.483685] kasan_save_track+0x20/0x40 [ 32.483750] kasan_save_alloc_info+0x40/0x58 [ 32.483818] __kasan_krealloc+0x118/0x178 [ 32.483885] krealloc_noprof+0x128/0x360 [ 32.483921] krealloc_less_oob_helper+0x168/0xc50 [ 32.483960] krealloc_less_oob+0x20/0x38 [ 32.483995] kunit_try_run_case+0x170/0x3f0 [ 32.484032] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.484075] kthread+0x328/0x630 [ 32.484106] ret_from_fork+0x10/0x20 [ 32.484141] [ 32.484171] The buggy address belongs to the object at fff00000c893f400 [ 32.484171] which belongs to the cache kmalloc-256 of size 256 [ 32.484358] The buggy address is located 17 bytes to the right of [ 32.484358] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.484446] [ 32.484495] The buggy address belongs to the physical page: [ 32.484579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.484646] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.484712] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.484925] page_type: f5(slab) [ 32.484965] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.485042] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.485119] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.485204] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.485280] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.485338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.485403] page dumped because: kasan: bad access detected [ 32.485451] [ 32.485492] Memory state around the buggy address: [ 32.485521] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485563] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.485603] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.485639] ^ [ 32.485675] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485715] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485839] ================================================================== [ 32.471222] ================================================================== [ 32.471276] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.471328] Write of size 1 at addr fff00000c893f4c9 by task kunit_try_catch/189 [ 32.471377] [ 32.471408] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.472367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.472433] Hardware name: linux,dummy-virt (DT) [ 32.472505] Call trace: [ 32.472644] show_stack+0x20/0x38 (C) [ 32.472727] dump_stack_lvl+0x8c/0xd0 [ 32.472816] print_report+0x118/0x608 [ 32.472873] kasan_report+0xdc/0x128 [ 32.472919] __asan_report_store1_noabort+0x20/0x30 [ 32.472967] krealloc_less_oob_helper+0xa48/0xc50 [ 32.473027] krealloc_less_oob+0x20/0x38 [ 32.473074] kunit_try_run_case+0x170/0x3f0 [ 32.473124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.473198] kthread+0x328/0x630 [ 32.473241] ret_from_fork+0x10/0x20 [ 32.473299] [ 32.473317] Allocated by task 189: [ 32.473346] kasan_save_stack+0x3c/0x68 [ 32.473386] kasan_save_track+0x20/0x40 [ 32.473423] kasan_save_alloc_info+0x40/0x58 [ 32.473469] __kasan_krealloc+0x118/0x178 [ 32.473512] krealloc_noprof+0x128/0x360 [ 32.473549] krealloc_less_oob_helper+0x168/0xc50 [ 32.473588] krealloc_less_oob+0x20/0x38 [ 32.473633] kunit_try_run_case+0x170/0x3f0 [ 32.473670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.473714] kthread+0x328/0x630 [ 32.473768] ret_from_fork+0x10/0x20 [ 32.473803] [ 32.473822] The buggy address belongs to the object at fff00000c893f400 [ 32.473822] which belongs to the cache kmalloc-256 of size 256 [ 32.473877] The buggy address is located 0 bytes to the right of [ 32.473877] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.473939] [ 32.473976] The buggy address belongs to the physical page: [ 32.474016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.474066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.474112] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.474589] page_type: f5(slab) [ 32.474647] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.475110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.475276] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.475503] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.475562] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.475610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.475650] page dumped because: kasan: bad access detected [ 32.475682] [ 32.475700] Memory state around the buggy address: [ 32.475764] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476145] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.476250] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.476507] ^ [ 32.476578] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476655] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476695] ================================================================== [ 32.525712] ================================================================== [ 32.525802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.525849] Write of size 1 at addr fff00000c99f20da by task kunit_try_catch/193 [ 32.525898] [ 32.525926] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.526010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.526036] Hardware name: linux,dummy-virt (DT) [ 32.526067] Call trace: [ 32.526101] show_stack+0x20/0x38 (C) [ 32.526214] dump_stack_lvl+0x8c/0xd0 [ 32.526420] print_report+0x118/0x608 [ 32.526799] kasan_report+0xdc/0x128 [ 32.526851] __asan_report_store1_noabort+0x20/0x30 [ 32.527053] krealloc_less_oob_helper+0xa80/0xc50 [ 32.527363] krealloc_large_less_oob+0x20/0x38 [ 32.527419] kunit_try_run_case+0x170/0x3f0 [ 32.527526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.527579] kthread+0x328/0x630 [ 32.527621] ret_from_fork+0x10/0x20 [ 32.527668] [ 32.527688] The buggy address belongs to the physical page: [ 32.527813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.527944] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.528115] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.528180] page_type: f8(unknown) [ 32.528219] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.528268] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.528316] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.528382] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.528704] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.528839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.528965] page dumped because: kasan: bad access detected [ 32.529059] [ 32.529078] Memory state around the buggy address: [ 32.529121] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.529233] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.529324] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.529362] ^ [ 32.529397] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.529475] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.529517] ==================================================================
[ 22.904522] ================================================================== [ 22.905972] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906246] Write of size 1 at addr ffff88810613e0c9 by task kunit_try_catch/210 [ 22.906485] [ 22.906572] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.906620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.906633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.906653] Call Trace: [ 22.906668] <TASK> [ 22.906685] dump_stack_lvl+0x73/0xb0 [ 22.906715] print_report+0xd1/0x650 [ 22.906738] ? __virt_addr_valid+0x1db/0x2d0 [ 22.906762] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906784] ? kasan_addr_to_slab+0x11/0xa0 [ 22.906803] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906826] kasan_report+0x141/0x180 [ 22.906846] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906873] __asan_report_store1_noabort+0x1b/0x30 [ 22.906897] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906921] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.906943] ? finish_task_switch.isra.0+0x153/0x700 [ 22.906965] ? __switch_to+0x47/0xf50 [ 22.906992] ? __schedule+0x10cc/0x2b60 [ 22.907014] ? __pfx_read_tsc+0x10/0x10 [ 22.907038] krealloc_large_less_oob+0x1c/0x30 [ 22.907059] kunit_try_run_case+0x1a5/0x480 [ 22.907085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.907108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.907129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.907149] ? __kthread_parkme+0x82/0x180 [ 22.907169] ? preempt_count_sub+0x50/0x80 [ 22.907191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.907214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.907237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.907261] kthread+0x337/0x6f0 [ 22.907280] ? trace_preempt_on+0x20/0xc0 [ 22.907304] ? __pfx_kthread+0x10/0x10 [ 22.907334] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.907357] ? calculate_sigpending+0x7b/0xa0 [ 22.907380] ? __pfx_kthread+0x10/0x10 [ 22.907400] ret_from_fork+0x116/0x1d0 [ 22.907418] ? __pfx_kthread+0x10/0x10 [ 22.907438] ret_from_fork_asm+0x1a/0x30 [ 22.907468] </TASK> [ 22.907479] [ 22.917072] The buggy address belongs to the physical page: [ 22.917343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.917801] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.918138] flags: 0x200000000000040(head|node=0|zone=2) [ 22.918391] page_type: f8(unknown) [ 22.918626] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.919151] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.919517] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.919921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.920265] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.920635] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.921057] page dumped because: kasan: bad access detected [ 22.921285] [ 22.921385] Memory state around the buggy address: [ 22.921629] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.921911] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.922180] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.922594] ^ [ 22.923014] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.923347] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.923641] ================================================================== [ 22.840482] ================================================================== [ 22.841143] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.841477] Write of size 1 at addr ffff888105fa06eb by task kunit_try_catch/206 [ 22.841788] [ 22.841865] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.841909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.841922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.841942] Call Trace: [ 22.841955] <TASK> [ 22.841969] dump_stack_lvl+0x73/0xb0 [ 22.841995] print_report+0xd1/0x650 [ 22.842015] ? __virt_addr_valid+0x1db/0x2d0 [ 22.842037] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842059] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.842084] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842106] kasan_report+0x141/0x180 [ 22.842128] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842154] __asan_report_store1_noabort+0x1b/0x30 [ 22.842178] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842202] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.842225] ? finish_task_switch.isra.0+0x153/0x700 [ 22.842256] ? __switch_to+0x47/0xf50 [ 22.842281] ? __schedule+0x10cc/0x2b60 [ 22.842301] ? __pfx_read_tsc+0x10/0x10 [ 22.842342] krealloc_less_oob+0x1c/0x30 [ 22.842363] kunit_try_run_case+0x1a5/0x480 [ 22.842387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.842410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.842430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.842451] ? __kthread_parkme+0x82/0x180 [ 22.842471] ? preempt_count_sub+0x50/0x80 [ 22.842504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.842529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.842552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.842575] kthread+0x337/0x6f0 [ 22.842594] ? trace_preempt_on+0x20/0xc0 [ 22.842626] ? __pfx_kthread+0x10/0x10 [ 22.842646] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.842669] ? calculate_sigpending+0x7b/0xa0 [ 22.842702] ? __pfx_kthread+0x10/0x10 [ 22.842722] ret_from_fork+0x116/0x1d0 [ 22.842741] ? __pfx_kthread+0x10/0x10 [ 22.842761] ret_from_fork_asm+0x1a/0x30 [ 22.842799] </TASK> [ 22.842809] [ 22.850432] Allocated by task 206: [ 22.850653] kasan_save_stack+0x45/0x70 [ 22.850830] kasan_save_track+0x18/0x40 [ 22.851050] kasan_save_alloc_info+0x3b/0x50 [ 22.851268] __kasan_krealloc+0x190/0x1f0 [ 22.851481] krealloc_noprof+0xf3/0x340 [ 22.851687] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.851912] krealloc_less_oob+0x1c/0x30 [ 22.852125] kunit_try_run_case+0x1a5/0x480 [ 22.852337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.852614] kthread+0x337/0x6f0 [ 22.852750] ret_from_fork+0x116/0x1d0 [ 22.852968] ret_from_fork_asm+0x1a/0x30 [ 22.853189] [ 22.853255] The buggy address belongs to the object at ffff888105fa0600 [ 22.853255] which belongs to the cache kmalloc-256 of size 256 [ 22.853842] The buggy address is located 34 bytes to the right of [ 22.853842] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.854436] [ 22.854553] The buggy address belongs to the physical page: [ 22.854820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.855159] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.855451] flags: 0x200000000000040(head|node=0|zone=2) [ 22.855614] page_type: f5(slab) [ 22.855724] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.855939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.856153] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.856529] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.856947] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.857417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.858185] page dumped because: kasan: bad access detected [ 22.858465] [ 22.858610] Memory state around the buggy address: [ 22.858847] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.859048] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.859266] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.859812] ^ [ 22.860101] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.860423] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.860772] ================================================================== [ 22.774225] ================================================================== [ 22.774644] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775117] Write of size 1 at addr ffff888105fa06d0 by task kunit_try_catch/206 [ 22.775479] [ 22.775590] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.775636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.775648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.775668] Call Trace: [ 22.775808] <TASK> [ 22.775837] dump_stack_lvl+0x73/0xb0 [ 22.775866] print_report+0xd1/0x650 [ 22.775887] ? __virt_addr_valid+0x1db/0x2d0 [ 22.775921] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.775968] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775991] kasan_report+0x141/0x180 [ 22.776012] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.776039] __asan_report_store1_noabort+0x1b/0x30 [ 22.776063] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.776087] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.776118] ? finish_task_switch.isra.0+0x153/0x700 [ 22.776139] ? __switch_to+0x47/0xf50 [ 22.776163] ? __schedule+0x10cc/0x2b60 [ 22.776193] ? __pfx_read_tsc+0x10/0x10 [ 22.776217] krealloc_less_oob+0x1c/0x30 [ 22.776237] kunit_try_run_case+0x1a5/0x480 [ 22.776262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.776284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.776315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.776335] ? __kthread_parkme+0x82/0x180 [ 22.776355] ? preempt_count_sub+0x50/0x80 [ 22.776376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.776400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.776423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.776455] kthread+0x337/0x6f0 [ 22.776474] ? trace_preempt_on+0x20/0xc0 [ 22.776507] ? __pfx_kthread+0x10/0x10 [ 22.776537] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.776560] ? calculate_sigpending+0x7b/0xa0 [ 22.776583] ? __pfx_kthread+0x10/0x10 [ 22.776604] ret_from_fork+0x116/0x1d0 [ 22.776622] ? __pfx_kthread+0x10/0x10 [ 22.776641] ret_from_fork_asm+0x1a/0x30 [ 22.776672] </TASK> [ 22.776734] [ 22.784722] Allocated by task 206: [ 22.784839] kasan_save_stack+0x45/0x70 [ 22.785203] kasan_save_track+0x18/0x40 [ 22.785442] kasan_save_alloc_info+0x3b/0x50 [ 22.785723] __kasan_krealloc+0x190/0x1f0 [ 22.785932] krealloc_noprof+0xf3/0x340 [ 22.786067] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.786230] krealloc_less_oob+0x1c/0x30 [ 22.786388] kunit_try_run_case+0x1a5/0x480 [ 22.786590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.786833] kthread+0x337/0x6f0 [ 22.787078] ret_from_fork+0x116/0x1d0 [ 22.787249] ret_from_fork_asm+0x1a/0x30 [ 22.787392] [ 22.787459] The buggy address belongs to the object at ffff888105fa0600 [ 22.787459] which belongs to the cache kmalloc-256 of size 256 [ 22.788286] The buggy address is located 7 bytes to the right of [ 22.788286] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.789036] [ 22.789158] The buggy address belongs to the physical page: [ 22.789391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.789858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.790209] flags: 0x200000000000040(head|node=0|zone=2) [ 22.790436] page_type: f5(slab) [ 22.790606] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.790994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.791353] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.791747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.791977] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.792343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.792997] page dumped because: kasan: bad access detected [ 22.793251] [ 22.793438] Memory state around the buggy address: [ 22.793724] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.793965] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.794185] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.794517] ^ [ 22.794958] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.795344] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.795692] ================================================================== [ 22.924025] ================================================================== [ 22.924434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.924873] Write of size 1 at addr ffff88810613e0d0 by task kunit_try_catch/210 [ 22.925222] [ 22.925333] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.925378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.925390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.925409] Call Trace: [ 22.925422] <TASK> [ 22.925435] dump_stack_lvl+0x73/0xb0 [ 22.925463] print_report+0xd1/0x650 [ 22.925524] ? __virt_addr_valid+0x1db/0x2d0 [ 22.925546] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925568] ? kasan_addr_to_slab+0x11/0xa0 [ 22.925588] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925611] kasan_report+0x141/0x180 [ 22.925632] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925732] __asan_report_store1_noabort+0x1b/0x30 [ 22.925770] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925795] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.925818] ? finish_task_switch.isra.0+0x153/0x700 [ 22.925839] ? __switch_to+0x47/0xf50 [ 22.925865] ? __schedule+0x10cc/0x2b60 [ 22.925886] ? __pfx_read_tsc+0x10/0x10 [ 22.925910] krealloc_large_less_oob+0x1c/0x30 [ 22.925952] kunit_try_run_case+0x1a5/0x480 [ 22.925977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.926000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.926021] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.926042] ? __kthread_parkme+0x82/0x180 [ 22.926062] ? preempt_count_sub+0x50/0x80 [ 22.926085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.926110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.926133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.926175] kthread+0x337/0x6f0 [ 22.926195] ? trace_preempt_on+0x20/0xc0 [ 22.926218] ? __pfx_kthread+0x10/0x10 [ 22.926251] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.926288] ? calculate_sigpending+0x7b/0xa0 [ 22.926322] ? __pfx_kthread+0x10/0x10 [ 22.926344] ret_from_fork+0x116/0x1d0 [ 22.926377] ? __pfx_kthread+0x10/0x10 [ 22.926397] ret_from_fork_asm+0x1a/0x30 [ 22.926427] </TASK> [ 22.926439] [ 22.934226] The buggy address belongs to the physical page: [ 22.934635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.935100] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.935525] flags: 0x200000000000040(head|node=0|zone=2) [ 22.935946] page_type: f8(unknown) [ 22.936102] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.936332] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.936585] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.937073] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.937472] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.937934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.938273] page dumped because: kasan: bad access detected [ 22.938545] [ 22.938618] Memory state around the buggy address: [ 22.938917] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.939210] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.939425] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.939658] ^ [ 22.940124] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.940499] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.940935] ================================================================== [ 22.977615] ================================================================== [ 22.978118] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.978424] Write of size 1 at addr ffff88810613e0eb by task kunit_try_catch/210 [ 22.978742] [ 22.978924] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.978970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.978983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.979002] Call Trace: [ 22.979015] <TASK> [ 22.979028] dump_stack_lvl+0x73/0xb0 [ 22.979054] print_report+0xd1/0x650 [ 22.979075] ? __virt_addr_valid+0x1db/0x2d0 [ 22.979096] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979118] ? kasan_addr_to_slab+0x11/0xa0 [ 22.979138] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979160] kasan_report+0x141/0x180 [ 22.979181] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979208] __asan_report_store1_noabort+0x1b/0x30 [ 22.979232] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979257] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.979280] ? finish_task_switch.isra.0+0x153/0x700 [ 22.979301] ? __switch_to+0x47/0xf50 [ 22.979339] ? __schedule+0x10cc/0x2b60 [ 22.979360] ? __pfx_read_tsc+0x10/0x10 [ 22.979384] krealloc_large_less_oob+0x1c/0x30 [ 22.979406] kunit_try_run_case+0x1a5/0x480 [ 22.979430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.979454] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.979495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.979517] ? __kthread_parkme+0x82/0x180 [ 22.979537] ? preempt_count_sub+0x50/0x80 [ 22.979559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.979583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.979607] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.979630] kthread+0x337/0x6f0 [ 22.979649] ? trace_preempt_on+0x20/0xc0 [ 22.979827] ? __pfx_kthread+0x10/0x10 [ 22.979850] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.979874] ? calculate_sigpending+0x7b/0xa0 [ 22.979897] ? __pfx_kthread+0x10/0x10 [ 22.979918] ret_from_fork+0x116/0x1d0 [ 22.979938] ? __pfx_kthread+0x10/0x10 [ 22.979958] ret_from_fork_asm+0x1a/0x30 [ 22.979988] </TASK> [ 22.979999] [ 22.987390] The buggy address belongs to the physical page: [ 22.987810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.988179] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.988481] flags: 0x200000000000040(head|node=0|zone=2) [ 22.988813] page_type: f8(unknown) [ 22.988948] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.989283] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.989548] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.989904] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.990250] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.990623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.990917] page dumped because: kasan: bad access detected [ 22.991087] [ 22.991176] Memory state around the buggy address: [ 22.991404] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.991893] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.992213] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.992513] ^ [ 22.992877] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.993170] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.993435] ================================================================== [ 22.958812] ================================================================== [ 22.959132] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.959503] Write of size 1 at addr ffff88810613e0ea by task kunit_try_catch/210 [ 22.960021] [ 22.960135] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.960183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.960196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.960216] Call Trace: [ 22.960231] <TASK> [ 22.960247] dump_stack_lvl+0x73/0xb0 [ 22.960274] print_report+0xd1/0x650 [ 22.960296] ? __virt_addr_valid+0x1db/0x2d0 [ 22.960331] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960374] ? kasan_addr_to_slab+0x11/0xa0 [ 22.960394] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960417] kasan_report+0x141/0x180 [ 22.960455] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960483] __asan_report_store1_noabort+0x1b/0x30 [ 22.960506] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960531] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.960554] ? finish_task_switch.isra.0+0x153/0x700 [ 22.960575] ? __switch_to+0x47/0xf50 [ 22.960618] ? __schedule+0x10cc/0x2b60 [ 22.960639] ? __pfx_read_tsc+0x10/0x10 [ 22.960669] krealloc_large_less_oob+0x1c/0x30 [ 22.960757] kunit_try_run_case+0x1a5/0x480 [ 22.960838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.960861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.960937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.960959] ? __kthread_parkme+0x82/0x180 [ 22.960978] ? preempt_count_sub+0x50/0x80 [ 22.961000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.961025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.961048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.961072] kthread+0x337/0x6f0 [ 22.961091] ? trace_preempt_on+0x20/0xc0 [ 22.961113] ? __pfx_kthread+0x10/0x10 [ 22.961133] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.961156] ? calculate_sigpending+0x7b/0xa0 [ 22.961180] ? __pfx_kthread+0x10/0x10 [ 22.961201] ret_from_fork+0x116/0x1d0 [ 22.961219] ? __pfx_kthread+0x10/0x10 [ 22.961239] ret_from_fork_asm+0x1a/0x30 [ 22.961269] </TASK> [ 22.961280] [ 22.969539] The buggy address belongs to the physical page: [ 22.969854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.970191] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.970523] flags: 0x200000000000040(head|node=0|zone=2) [ 22.970759] page_type: f8(unknown) [ 22.971024] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.971371] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.971843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.972190] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.972564] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.972900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.973337] page dumped because: kasan: bad access detected [ 22.973608] [ 22.973805] Memory state around the buggy address: [ 22.974057] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.974381] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.974695] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.974904] ^ [ 22.975095] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.975528] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.976035] ================================================================== [ 22.796600] ================================================================== [ 22.797043] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.797399] Write of size 1 at addr ffff888105fa06da by task kunit_try_catch/206 [ 22.797813] [ 22.797941] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.797987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.797999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.798019] Call Trace: [ 22.798031] <TASK> [ 22.798046] dump_stack_lvl+0x73/0xb0 [ 22.798072] print_report+0xd1/0x650 [ 22.798094] ? __virt_addr_valid+0x1db/0x2d0 [ 22.798116] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.798163] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798187] kasan_report+0x141/0x180 [ 22.798208] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798246] __asan_report_store1_noabort+0x1b/0x30 [ 22.798270] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798314] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.798337] ? finish_task_switch.isra.0+0x153/0x700 [ 22.798358] ? __switch_to+0x47/0xf50 [ 22.798383] ? __schedule+0x10cc/0x2b60 [ 22.798403] ? __pfx_read_tsc+0x10/0x10 [ 22.798426] krealloc_less_oob+0x1c/0x30 [ 22.798447] kunit_try_run_case+0x1a5/0x480 [ 22.798471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.798494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.798514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.798547] ? __kthread_parkme+0x82/0x180 [ 22.798567] ? preempt_count_sub+0x50/0x80 [ 22.798589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.798613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.798636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.798659] kthread+0x337/0x6f0 [ 22.798678] ? trace_preempt_on+0x20/0xc0 [ 22.798708] ? __pfx_kthread+0x10/0x10 [ 22.798791] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.798824] ? calculate_sigpending+0x7b/0xa0 [ 22.798847] ? __pfx_kthread+0x10/0x10 [ 22.798868] ret_from_fork+0x116/0x1d0 [ 22.798897] ? __pfx_kthread+0x10/0x10 [ 22.798917] ret_from_fork_asm+0x1a/0x30 [ 22.798947] </TASK> [ 22.798958] [ 22.806801] Allocated by task 206: [ 22.806925] kasan_save_stack+0x45/0x70 [ 22.807060] kasan_save_track+0x18/0x40 [ 22.807188] kasan_save_alloc_info+0x3b/0x50 [ 22.807497] __kasan_krealloc+0x190/0x1f0 [ 22.807695] krealloc_noprof+0xf3/0x340 [ 22.808059] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.808296] krealloc_less_oob+0x1c/0x30 [ 22.808560] kunit_try_run_case+0x1a5/0x480 [ 22.808984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.809196] kthread+0x337/0x6f0 [ 22.809323] ret_from_fork+0x116/0x1d0 [ 22.809449] ret_from_fork_asm+0x1a/0x30 [ 22.809581] [ 22.809666] The buggy address belongs to the object at ffff888105fa0600 [ 22.809666] which belongs to the cache kmalloc-256 of size 256 [ 22.810523] The buggy address is located 17 bytes to the right of [ 22.810523] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.810891] [ 22.810958] The buggy address belongs to the physical page: [ 22.811399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.812144] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.812880] flags: 0x200000000000040(head|node=0|zone=2) [ 22.813126] page_type: f5(slab) [ 22.813243] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.813733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.814080] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.814418] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.814832] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.815064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.815430] page dumped because: kasan: bad access detected [ 22.815674] [ 22.815761] Memory state around the buggy address: [ 22.816009] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.816499] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.817022] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.817338] ^ [ 22.817589] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.817989] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.818289] ================================================================== [ 22.818959] ================================================================== [ 22.819348] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.819899] Write of size 1 at addr ffff888105fa06ea by task kunit_try_catch/206 [ 22.820217] [ 22.820347] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.820392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.820416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.820436] Call Trace: [ 22.820448] <TASK> [ 22.820462] dump_stack_lvl+0x73/0xb0 [ 22.820497] print_report+0xd1/0x650 [ 22.820518] ? __virt_addr_valid+0x1db/0x2d0 [ 22.820540] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820562] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.820587] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820620] kasan_report+0x141/0x180 [ 22.820642] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820669] __asan_report_store1_noabort+0x1b/0x30 [ 22.820704] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820729] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.820752] ? finish_task_switch.isra.0+0x153/0x700 [ 22.820783] ? __switch_to+0x47/0xf50 [ 22.820808] ? __schedule+0x10cc/0x2b60 [ 22.820829] ? __pfx_read_tsc+0x10/0x10 [ 22.820853] krealloc_less_oob+0x1c/0x30 [ 22.820874] kunit_try_run_case+0x1a5/0x480 [ 22.820898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.820920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.820941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.820963] ? __kthread_parkme+0x82/0x180 [ 22.820983] ? preempt_count_sub+0x50/0x80 [ 22.821005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.821029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.821052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.821076] kthread+0x337/0x6f0 [ 22.821095] ? trace_preempt_on+0x20/0xc0 [ 22.821117] ? __pfx_kthread+0x10/0x10 [ 22.821137] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.821160] ? calculate_sigpending+0x7b/0xa0 [ 22.821183] ? __pfx_kthread+0x10/0x10 [ 22.821204] ret_from_fork+0x116/0x1d0 [ 22.821222] ? __pfx_kthread+0x10/0x10 [ 22.821242] ret_from_fork_asm+0x1a/0x30 [ 22.821272] </TASK> [ 22.821282] [ 22.830609] Allocated by task 206: [ 22.830782] kasan_save_stack+0x45/0x70 [ 22.830990] kasan_save_track+0x18/0x40 [ 22.831158] kasan_save_alloc_info+0x3b/0x50 [ 22.831366] __kasan_krealloc+0x190/0x1f0 [ 22.831501] krealloc_noprof+0xf3/0x340 [ 22.831659] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.831914] krealloc_less_oob+0x1c/0x30 [ 22.832107] kunit_try_run_case+0x1a5/0x480 [ 22.832293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.832471] kthread+0x337/0x6f0 [ 22.832594] ret_from_fork+0x116/0x1d0 [ 22.832805] ret_from_fork_asm+0x1a/0x30 [ 22.833023] [ 22.833114] The buggy address belongs to the object at ffff888105fa0600 [ 22.833114] which belongs to the cache kmalloc-256 of size 256 [ 22.833587] The buggy address is located 33 bytes to the right of [ 22.833587] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.834019] [ 22.834085] The buggy address belongs to the physical page: [ 22.834329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.834811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.835081] flags: 0x200000000000040(head|node=0|zone=2) [ 22.835337] page_type: f5(slab) [ 22.835507] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.835886] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.836193] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.836522] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.836862] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.837149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.837422] page dumped because: kasan: bad access detected [ 22.837674] [ 22.837763] Memory state around the buggy address: [ 22.838091] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.838406] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.838684] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.839073] ^ [ 22.839325] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.839533] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.839878] ================================================================== [ 22.941336] ================================================================== [ 22.941651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942113] Write of size 1 at addr ffff88810613e0da by task kunit_try_catch/210 [ 22.942446] [ 22.942574] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.942619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.942631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.942650] Call Trace: [ 22.942725] <TASK> [ 22.942742] dump_stack_lvl+0x73/0xb0 [ 22.942770] print_report+0xd1/0x650 [ 22.942791] ? __virt_addr_valid+0x1db/0x2d0 [ 22.942812] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942835] ? kasan_addr_to_slab+0x11/0xa0 [ 22.942855] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942878] kasan_report+0x141/0x180 [ 22.942899] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942926] __asan_report_store1_noabort+0x1b/0x30 [ 22.942950] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942974] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.942998] ? finish_task_switch.isra.0+0x153/0x700 [ 22.943018] ? __switch_to+0x47/0xf50 [ 22.943043] ? __schedule+0x10cc/0x2b60 [ 22.943063] ? __pfx_read_tsc+0x10/0x10 [ 22.943087] krealloc_large_less_oob+0x1c/0x30 [ 22.943109] kunit_try_run_case+0x1a5/0x480 [ 22.943133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.943156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.943201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.943223] ? __kthread_parkme+0x82/0x180 [ 22.943258] ? preempt_count_sub+0x50/0x80 [ 22.943280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.943305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.943338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.943361] kthread+0x337/0x6f0 [ 22.943380] ? trace_preempt_on+0x20/0xc0 [ 22.943402] ? __pfx_kthread+0x10/0x10 [ 22.943422] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.943446] ? calculate_sigpending+0x7b/0xa0 [ 22.943469] ? __pfx_kthread+0x10/0x10 [ 22.943527] ret_from_fork+0x116/0x1d0 [ 22.943546] ? __pfx_kthread+0x10/0x10 [ 22.943582] ret_from_fork_asm+0x1a/0x30 [ 22.943613] </TASK> [ 22.943623] [ 22.951622] The buggy address belongs to the physical page: [ 22.952019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.952580] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.953053] flags: 0x200000000000040(head|node=0|zone=2) [ 22.953302] page_type: f8(unknown) [ 22.953480] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.953816] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.954044] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.954525] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.954848] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.955216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.955591] page dumped because: kasan: bad access detected [ 22.955958] [ 22.956056] Memory state around the buggy address: [ 22.956278] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.956621] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.957048] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.957387] ^ [ 22.957628] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.957974] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.958330] ================================================================== [ 22.751534] ================================================================== [ 22.752224] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.752864] Write of size 1 at addr ffff888105fa06c9 by task kunit_try_catch/206 [ 22.753436] [ 22.753615] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.753666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.753678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.753698] Call Trace: [ 22.753710] <TASK> [ 22.753726] dump_stack_lvl+0x73/0xb0 [ 22.753824] print_report+0xd1/0x650 [ 22.753847] ? __virt_addr_valid+0x1db/0x2d0 [ 22.753921] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.753947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.753973] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.753997] kasan_report+0x141/0x180 [ 22.754018] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.754045] __asan_report_store1_noabort+0x1b/0x30 [ 22.754069] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.754093] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.754116] ? finish_task_switch.isra.0+0x153/0x700 [ 22.754139] ? __switch_to+0x47/0xf50 [ 22.754164] ? __schedule+0x10cc/0x2b60 [ 22.754185] ? __pfx_read_tsc+0x10/0x10 [ 22.754209] krealloc_less_oob+0x1c/0x30 [ 22.754230] kunit_try_run_case+0x1a5/0x480 [ 22.754254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.754277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.754298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.754331] ? __kthread_parkme+0x82/0x180 [ 22.754361] ? preempt_count_sub+0x50/0x80 [ 22.754383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.754407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.754442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.754466] kthread+0x337/0x6f0 [ 22.754486] ? trace_preempt_on+0x20/0xc0 [ 22.754520] ? __pfx_kthread+0x10/0x10 [ 22.754540] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.754563] ? calculate_sigpending+0x7b/0xa0 [ 22.754596] ? __pfx_kthread+0x10/0x10 [ 22.754617] ret_from_fork+0x116/0x1d0 [ 22.754636] ? __pfx_kthread+0x10/0x10 [ 22.754656] ret_from_fork_asm+0x1a/0x30 [ 22.754732] </TASK> [ 22.754746] [ 22.762589] Allocated by task 206: [ 22.762765] kasan_save_stack+0x45/0x70 [ 22.762958] kasan_save_track+0x18/0x40 [ 22.763186] kasan_save_alloc_info+0x3b/0x50 [ 22.763345] __kasan_krealloc+0x190/0x1f0 [ 22.763600] krealloc_noprof+0xf3/0x340 [ 22.763849] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.764160] krealloc_less_oob+0x1c/0x30 [ 22.764493] kunit_try_run_case+0x1a5/0x480 [ 22.764813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.765081] kthread+0x337/0x6f0 [ 22.765232] ret_from_fork+0x116/0x1d0 [ 22.765370] ret_from_fork_asm+0x1a/0x30 [ 22.765505] [ 22.765570] The buggy address belongs to the object at ffff888105fa0600 [ 22.765570] which belongs to the cache kmalloc-256 of size 256 [ 22.766068] The buggy address is located 0 bytes to the right of [ 22.766068] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.766585] [ 22.766652] The buggy address belongs to the physical page: [ 22.766818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.767582] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.768162] flags: 0x200000000000040(head|node=0|zone=2) [ 22.768356] page_type: f5(slab) [ 22.768474] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.768882] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.769345] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.769907] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.770211] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.770522] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.770857] page dumped because: kasan: bad access detected [ 22.771022] [ 22.771170] Memory state around the buggy address: [ 22.771398] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.771639] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.772044] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.772372] ^ [ 22.772609] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773054] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773379] ==================================================================
[ 23.210872] ================================================================== [ 23.211220] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.211567] Write of size 1 at addr ffff8881060b20ea by task kunit_try_catch/211 [ 23.211814] [ 23.211940] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.212096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.212111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.212133] Call Trace: [ 23.212155] <TASK> [ 23.212176] dump_stack_lvl+0x73/0xb0 [ 23.212206] print_report+0xd1/0x650 [ 23.212229] ? __virt_addr_valid+0x1db/0x2d0 [ 23.212253] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212276] ? kasan_addr_to_slab+0x11/0xa0 [ 23.212295] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212318] kasan_report+0x141/0x180 [ 23.212340] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212367] __asan_report_store1_noabort+0x1b/0x30 [ 23.212391] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212415] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.212438] ? finish_task_switch.isra.0+0x153/0x700 [ 23.212735] ? __switch_to+0x47/0xf50 [ 23.212786] ? __schedule+0x10cc/0x2b60 [ 23.212810] ? __pfx_read_tsc+0x10/0x10 [ 23.212836] krealloc_large_less_oob+0x1c/0x30 [ 23.212859] kunit_try_run_case+0x1a5/0x480 [ 23.212884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.212908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.213239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.213276] ? __kthread_parkme+0x82/0x180 [ 23.213298] ? preempt_count_sub+0x50/0x80 [ 23.213320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.213344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.213370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.213395] kthread+0x337/0x6f0 [ 23.213415] ? trace_preempt_on+0x20/0xc0 [ 23.213440] ? __pfx_kthread+0x10/0x10 [ 23.213460] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.213483] ? calculate_sigpending+0x7b/0xa0 [ 23.213507] ? __pfx_kthread+0x10/0x10 [ 23.213528] ret_from_fork+0x116/0x1d0 [ 23.213547] ? __pfx_kthread+0x10/0x10 [ 23.213567] ret_from_fork_asm+0x1a/0x30 [ 23.213598] </TASK> [ 23.213610] [ 23.223600] The buggy address belongs to the physical page: [ 23.224288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.224655] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.225116] flags: 0x200000000000040(head|node=0|zone=2) [ 23.225484] page_type: f8(unknown) [ 23.225702] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.226049] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.226374] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.226804] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.227110] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.227490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.227813] page dumped because: kasan: bad access detected [ 23.228195] [ 23.228547] Memory state around the buggy address: [ 23.228758] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.229152] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.229631] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.229971] ^ [ 23.230428] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.230738] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.231145] ================================================================== [ 23.035640] ================================================================== [ 23.035935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.036484] Write of size 1 at addr ffff8881055728ea by task kunit_try_catch/207 [ 23.036878] [ 23.037003] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.037080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.037093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.037129] Call Trace: [ 23.037151] <TASK> [ 23.037172] dump_stack_lvl+0x73/0xb0 [ 23.037203] print_report+0xd1/0x650 [ 23.037226] ? __virt_addr_valid+0x1db/0x2d0 [ 23.037249] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037272] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.037298] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037322] kasan_report+0x141/0x180 [ 23.037344] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037372] __asan_report_store1_noabort+0x1b/0x30 [ 23.037396] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037476] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.037505] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.037550] ? __switch_to+0x47/0xf50 [ 23.037576] ? __schedule+0x10cc/0x2b60 [ 23.037598] ? __pfx_read_tsc+0x10/0x10 [ 23.037640] krealloc_less_oob+0x1c/0x30 [ 23.037661] kunit_try_run_case+0x1a5/0x480 [ 23.037687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.037710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.037732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.037753] ? __kthread_parkme+0x82/0x180 [ 23.037773] ? preempt_count_sub+0x50/0x80 [ 23.037796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.037825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.037849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.037890] kthread+0x337/0x6f0 [ 23.037909] ? trace_preempt_on+0x20/0xc0 [ 23.037940] ? __pfx_kthread+0x10/0x10 [ 23.037961] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.037984] ? calculate_sigpending+0x7b/0xa0 [ 23.038009] ? __pfx_kthread+0x10/0x10 [ 23.038030] ret_from_fork+0x116/0x1d0 [ 23.038049] ? __pfx_kthread+0x10/0x10 [ 23.038097] ret_from_fork_asm+0x1a/0x30 [ 23.038129] </TASK> [ 23.038141] [ 23.046557] Allocated by task 207: [ 23.046766] kasan_save_stack+0x45/0x70 [ 23.046986] kasan_save_track+0x18/0x40 [ 23.047230] kasan_save_alloc_info+0x3b/0x50 [ 23.047444] __kasan_krealloc+0x190/0x1f0 [ 23.047783] krealloc_noprof+0xf3/0x340 [ 23.048166] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.048349] krealloc_less_oob+0x1c/0x30 [ 23.048634] kunit_try_run_case+0x1a5/0x480 [ 23.048864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.049098] kthread+0x337/0x6f0 [ 23.049248] ret_from_fork+0x116/0x1d0 [ 23.049493] ret_from_fork_asm+0x1a/0x30 [ 23.049643] [ 23.049750] The buggy address belongs to the object at ffff888105572800 [ 23.049750] which belongs to the cache kmalloc-256 of size 256 [ 23.050316] The buggy address is located 33 bytes to the right of [ 23.050316] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.050904] [ 23.050970] The buggy address belongs to the physical page: [ 23.051401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.051801] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.052148] flags: 0x200000000000040(head|node=0|zone=2) [ 23.052399] page_type: f5(slab) [ 23.052521] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.052757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.053090] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.053408] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.054126] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.054517] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.054865] page dumped because: kasan: bad access detected [ 23.055107] [ 23.055171] Memory state around the buggy address: [ 23.055313] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.055511] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.055946] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.056329] ^ [ 23.056612] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.057031] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.057456] ================================================================== [ 22.983037] ================================================================== [ 22.983494] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.983950] Write of size 1 at addr ffff8881055728d0 by task kunit_try_catch/207 [ 22.984208] [ 22.984568] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.984621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.984634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.984747] Call Trace: [ 22.984762] <TASK> [ 22.984783] dump_stack_lvl+0x73/0xb0 [ 22.984817] print_report+0xd1/0x650 [ 22.984840] ? __virt_addr_valid+0x1db/0x2d0 [ 22.984863] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.984912] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984935] kasan_report+0x141/0x180 [ 22.984958] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984987] __asan_report_store1_noabort+0x1b/0x30 [ 22.985013] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.985039] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.985074] ? finish_task_switch.isra.0+0x4c5/0x700 [ 22.985096] ? __switch_to+0x47/0xf50 [ 22.985122] ? __schedule+0x10cc/0x2b60 [ 22.985143] ? __pfx_read_tsc+0x10/0x10 [ 22.985167] krealloc_less_oob+0x1c/0x30 [ 22.985212] kunit_try_run_case+0x1a5/0x480 [ 22.985239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.985262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.985283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.985304] ? __kthread_parkme+0x82/0x180 [ 22.985324] ? preempt_count_sub+0x50/0x80 [ 22.985346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.985371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.985394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.985418] kthread+0x337/0x6f0 [ 22.985437] ? trace_preempt_on+0x20/0xc0 [ 22.985460] ? __pfx_kthread+0x10/0x10 [ 22.985480] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.985504] ? calculate_sigpending+0x7b/0xa0 [ 22.985527] ? __pfx_kthread+0x10/0x10 [ 22.985548] ret_from_fork+0x116/0x1d0 [ 22.985567] ? __pfx_kthread+0x10/0x10 [ 22.985587] ret_from_fork_asm+0x1a/0x30 [ 22.985618] </TASK> [ 22.985630] [ 22.997123] Allocated by task 207: [ 22.997429] kasan_save_stack+0x45/0x70 [ 22.997734] kasan_save_track+0x18/0x40 [ 22.997931] kasan_save_alloc_info+0x3b/0x50 [ 22.998549] __kasan_krealloc+0x190/0x1f0 [ 22.998713] krealloc_noprof+0xf3/0x340 [ 22.999139] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.999501] krealloc_less_oob+0x1c/0x30 [ 22.999704] kunit_try_run_case+0x1a5/0x480 [ 22.999921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.000606] kthread+0x337/0x6f0 [ 23.000774] ret_from_fork+0x116/0x1d0 [ 23.000918] ret_from_fork_asm+0x1a/0x30 [ 23.001521] [ 23.001613] The buggy address belongs to the object at ffff888105572800 [ 23.001613] which belongs to the cache kmalloc-256 of size 256 [ 23.002479] The buggy address is located 7 bytes to the right of [ 23.002479] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.003391] [ 23.003507] The buggy address belongs to the physical page: [ 23.003753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.004449] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.005327] flags: 0x200000000000040(head|node=0|zone=2) [ 23.005586] page_type: f5(slab) [ 23.005746] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.006409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.006851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.007559] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.007895] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.008528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.008912] page dumped because: kasan: bad access detected [ 23.009234] [ 23.009343] Memory state around the buggy address: [ 23.009542] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.009868] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.010632] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.010953] ^ [ 23.011160] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.011476] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.011752] ================================================================== [ 23.160877] ================================================================== [ 23.161134] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.161715] Write of size 1 at addr ffff8881060b20d0 by task kunit_try_catch/211 [ 23.162470] [ 23.162749] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.162805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.162818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.162840] Call Trace: [ 23.162862] <TASK> [ 23.162883] dump_stack_lvl+0x73/0xb0 [ 23.162927] print_report+0xd1/0x650 [ 23.162950] ? __virt_addr_valid+0x1db/0x2d0 [ 23.162986] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163010] ? kasan_addr_to_slab+0x11/0xa0 [ 23.163030] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163073] kasan_report+0x141/0x180 [ 23.163094] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163121] __asan_report_store1_noabort+0x1b/0x30 [ 23.163145] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163169] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.163192] ? finish_task_switch.isra.0+0x153/0x700 [ 23.163222] ? __switch_to+0x47/0xf50 [ 23.163248] ? __schedule+0x10cc/0x2b60 [ 23.163269] ? __pfx_read_tsc+0x10/0x10 [ 23.163294] krealloc_large_less_oob+0x1c/0x30 [ 23.163316] kunit_try_run_case+0x1a5/0x480 [ 23.163342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.163364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.163385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.163406] ? __kthread_parkme+0x82/0x180 [ 23.163426] ? preempt_count_sub+0x50/0x80 [ 23.163448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.163471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.163495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.163518] kthread+0x337/0x6f0 [ 23.163538] ? trace_preempt_on+0x20/0xc0 [ 23.163561] ? __pfx_kthread+0x10/0x10 [ 23.163581] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.163604] ? calculate_sigpending+0x7b/0xa0 [ 23.163628] ? __pfx_kthread+0x10/0x10 [ 23.163648] ret_from_fork+0x116/0x1d0 [ 23.163667] ? __pfx_kthread+0x10/0x10 [ 23.163687] ret_from_fork_asm+0x1a/0x30 [ 23.163719] </TASK> [ 23.163731] [ 23.178175] The buggy address belongs to the physical page: [ 23.178419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.179114] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.179887] flags: 0x200000000000040(head|node=0|zone=2) [ 23.180440] page_type: f8(unknown) [ 23.180837] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.181514] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.182121] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.182889] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.183529] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.184244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.184713] page dumped because: kasan: bad access detected [ 23.185240] [ 23.185396] Memory state around the buggy address: [ 23.185818] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.186100] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.186831] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.187424] ^ [ 23.188015] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.188605] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.188962] ================================================================== [ 23.130264] ================================================================== [ 23.131325] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.131759] Write of size 1 at addr ffff8881060b20c9 by task kunit_try_catch/211 [ 23.132227] [ 23.132431] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.132486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.132499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.132521] Call Trace: [ 23.132535] <TASK> [ 23.132555] dump_stack_lvl+0x73/0xb0 [ 23.132585] print_report+0xd1/0x650 [ 23.132608] ? __virt_addr_valid+0x1db/0x2d0 [ 23.132631] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132653] ? kasan_addr_to_slab+0x11/0xa0 [ 23.132673] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132695] kasan_report+0x141/0x180 [ 23.132752] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132780] __asan_report_store1_noabort+0x1b/0x30 [ 23.132816] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132841] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.132864] ? finish_task_switch.isra.0+0x153/0x700 [ 23.132885] ? __switch_to+0x47/0xf50 [ 23.132912] ? __schedule+0x10cc/0x2b60 [ 23.132950] ? __pfx_read_tsc+0x10/0x10 [ 23.132974] krealloc_large_less_oob+0x1c/0x30 [ 23.132996] kunit_try_run_case+0x1a5/0x480 [ 23.133023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.133077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.133098] ? __kthread_parkme+0x82/0x180 [ 23.133118] ? preempt_count_sub+0x50/0x80 [ 23.133140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.133234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.133258] kthread+0x337/0x6f0 [ 23.133277] ? trace_preempt_on+0x20/0xc0 [ 23.133301] ? __pfx_kthread+0x10/0x10 [ 23.133321] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.133344] ? calculate_sigpending+0x7b/0xa0 [ 23.133367] ? __pfx_kthread+0x10/0x10 [ 23.133388] ret_from_fork+0x116/0x1d0 [ 23.133407] ? __pfx_kthread+0x10/0x10 [ 23.133427] ret_from_fork_asm+0x1a/0x30 [ 23.133457] </TASK> [ 23.133469] [ 23.145098] The buggy address belongs to the physical page: [ 23.145610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.146069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.147100] flags: 0x200000000000040(head|node=0|zone=2) [ 23.147885] page_type: f8(unknown) [ 23.148461] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.149296] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.150194] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.150991] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.151772] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.152874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.153805] page dumped because: kasan: bad access detected [ 23.154431] [ 23.154594] Memory state around the buggy address: [ 23.155087] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.155875] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.156814] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.157520] ^ [ 23.158103] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.158919] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.159732] ================================================================== [ 23.189406] ================================================================== [ 23.190055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.190538] Write of size 1 at addr ffff8881060b20da by task kunit_try_catch/211 [ 23.191178] [ 23.191422] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.191473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.191485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.191508] Call Trace: [ 23.191529] <TASK> [ 23.191550] dump_stack_lvl+0x73/0xb0 [ 23.191579] print_report+0xd1/0x650 [ 23.191601] ? __virt_addr_valid+0x1db/0x2d0 [ 23.191626] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191648] ? kasan_addr_to_slab+0x11/0xa0 [ 23.191669] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191692] kasan_report+0x141/0x180 [ 23.191713] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191740] __asan_report_store1_noabort+0x1b/0x30 [ 23.191764] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191789] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.191813] ? finish_task_switch.isra.0+0x153/0x700 [ 23.191834] ? __switch_to+0x47/0xf50 [ 23.191860] ? __schedule+0x10cc/0x2b60 [ 23.191881] ? __pfx_read_tsc+0x10/0x10 [ 23.191907] krealloc_large_less_oob+0x1c/0x30 [ 23.191929] kunit_try_run_case+0x1a5/0x480 [ 23.191966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.191989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.192010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.192032] ? __kthread_parkme+0x82/0x180 [ 23.192052] ? preempt_count_sub+0x50/0x80 [ 23.192084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.192108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.192132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.192156] kthread+0x337/0x6f0 [ 23.192175] ? trace_preempt_on+0x20/0xc0 [ 23.192215] ? __pfx_kthread+0x10/0x10 [ 23.192236] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.192259] ? calculate_sigpending+0x7b/0xa0 [ 23.192283] ? __pfx_kthread+0x10/0x10 [ 23.192304] ret_from_fork+0x116/0x1d0 [ 23.192323] ? __pfx_kthread+0x10/0x10 [ 23.192344] ret_from_fork_asm+0x1a/0x30 [ 23.192375] </TASK> [ 23.192388] [ 23.203451] The buggy address belongs to the physical page: [ 23.203874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.204411] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.204864] flags: 0x200000000000040(head|node=0|zone=2) [ 23.205088] page_type: f8(unknown) [ 23.205314] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.205656] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.206036] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.206407] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.206736] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.207190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.207721] page dumped because: kasan: bad access detected [ 23.208105] [ 23.208176] Memory state around the buggy address: [ 23.208423] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.208740] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.209157] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.209566] ^ [ 23.209884] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.210166] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.210484] ================================================================== [ 22.958002] ================================================================== [ 22.958580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.958888] Write of size 1 at addr ffff8881055728c9 by task kunit_try_catch/207 [ 22.959236] [ 22.959333] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.959385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.959398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.959421] Call Trace: [ 22.959436] <TASK> [ 22.959455] dump_stack_lvl+0x73/0xb0 [ 22.959485] print_report+0xd1/0x650 [ 22.959508] ? __virt_addr_valid+0x1db/0x2d0 [ 22.959532] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.959580] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959603] kasan_report+0x141/0x180 [ 22.959625] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959652] __asan_report_store1_noabort+0x1b/0x30 [ 22.959676] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959701] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.959724] ? finish_task_switch.isra.0+0x4c5/0x700 [ 22.959746] ? __switch_to+0x47/0xf50 [ 22.959772] ? __schedule+0x10cc/0x2b60 [ 22.959793] ? __pfx_read_tsc+0x10/0x10 [ 22.959818] krealloc_less_oob+0x1c/0x30 [ 22.959839] kunit_try_run_case+0x1a5/0x480 [ 22.959865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.959888] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.959911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.959944] ? __kthread_parkme+0x82/0x180 [ 22.959965] ? preempt_count_sub+0x50/0x80 [ 22.959987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.960012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.960036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.960070] kthread+0x337/0x6f0 [ 22.960089] ? trace_preempt_on+0x20/0xc0 [ 22.960112] ? __pfx_kthread+0x10/0x10 [ 22.960132] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.960156] ? calculate_sigpending+0x7b/0xa0 [ 22.960181] ? __pfx_kthread+0x10/0x10 [ 22.960202] ret_from_fork+0x116/0x1d0 [ 22.960221] ? __pfx_kthread+0x10/0x10 [ 22.960242] ret_from_fork_asm+0x1a/0x30 [ 22.960272] </TASK> [ 22.960285] [ 22.967951] Allocated by task 207: [ 22.968140] kasan_save_stack+0x45/0x70 [ 22.968462] kasan_save_track+0x18/0x40 [ 22.968636] kasan_save_alloc_info+0x3b/0x50 [ 22.968777] __kasan_krealloc+0x190/0x1f0 [ 22.968909] krealloc_noprof+0xf3/0x340 [ 22.969041] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.969275] krealloc_less_oob+0x1c/0x30 [ 22.969465] kunit_try_run_case+0x1a5/0x480 [ 22.969670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.970057] kthread+0x337/0x6f0 [ 22.970818] ret_from_fork+0x116/0x1d0 [ 22.971022] ret_from_fork_asm+0x1a/0x30 [ 22.971245] [ 22.971535] The buggy address belongs to the object at ffff888105572800 [ 22.971535] which belongs to the cache kmalloc-256 of size 256 [ 22.972876] The buggy address is located 0 bytes to the right of [ 22.972876] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 22.974404] [ 22.974493] The buggy address belongs to the physical page: [ 22.974702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 22.975215] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.975644] flags: 0x200000000000040(head|node=0|zone=2) [ 22.975853] page_type: f5(slab) [ 22.976020] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.976443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.977217] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.977611] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.977980] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 22.978276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.978820] page dumped because: kasan: bad access detected [ 22.979105] [ 22.979198] Memory state around the buggy address: [ 22.979391] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.979886] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.980345] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.980553] ^ [ 22.980802] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.981152] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.981706] ================================================================== [ 23.057979] ================================================================== [ 23.058381] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.058894] Write of size 1 at addr ffff8881055728eb by task kunit_try_catch/207 [ 23.059316] [ 23.059420] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.059469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.059482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.059503] Call Trace: [ 23.059524] <TASK> [ 23.059563] dump_stack_lvl+0x73/0xb0 [ 23.059593] print_report+0xd1/0x650 [ 23.059615] ? __virt_addr_valid+0x1db/0x2d0 [ 23.059639] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.059687] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059728] kasan_report+0x141/0x180 [ 23.059749] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059776] __asan_report_store1_noabort+0x1b/0x30 [ 23.059800] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059825] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.059848] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.059886] ? __switch_to+0x47/0xf50 [ 23.059911] ? __schedule+0x10cc/0x2b60 [ 23.059942] ? __pfx_read_tsc+0x10/0x10 [ 23.059967] krealloc_less_oob+0x1c/0x30 [ 23.060004] kunit_try_run_case+0x1a5/0x480 [ 23.060030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.060115] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.060149] ? __kthread_parkme+0x82/0x180 [ 23.060169] ? preempt_count_sub+0x50/0x80 [ 23.060206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.060255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.060279] kthread+0x337/0x6f0 [ 23.060298] ? trace_preempt_on+0x20/0xc0 [ 23.060321] ? __pfx_kthread+0x10/0x10 [ 23.060341] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.060364] ? calculate_sigpending+0x7b/0xa0 [ 23.060388] ? __pfx_kthread+0x10/0x10 [ 23.060409] ret_from_fork+0x116/0x1d0 [ 23.060428] ? __pfx_kthread+0x10/0x10 [ 23.060448] ret_from_fork_asm+0x1a/0x30 [ 23.060478] </TASK> [ 23.060490] [ 23.068489] Allocated by task 207: [ 23.068772] kasan_save_stack+0x45/0x70 [ 23.069005] kasan_save_track+0x18/0x40 [ 23.069533] kasan_save_alloc_info+0x3b/0x50 [ 23.069738] __kasan_krealloc+0x190/0x1f0 [ 23.069956] krealloc_noprof+0xf3/0x340 [ 23.070294] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.070710] krealloc_less_oob+0x1c/0x30 [ 23.070899] kunit_try_run_case+0x1a5/0x480 [ 23.071125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.071434] kthread+0x337/0x6f0 [ 23.071605] ret_from_fork+0x116/0x1d0 [ 23.071783] ret_from_fork_asm+0x1a/0x30 [ 23.072037] [ 23.072124] The buggy address belongs to the object at ffff888105572800 [ 23.072124] which belongs to the cache kmalloc-256 of size 256 [ 23.072660] The buggy address is located 34 bytes to the right of [ 23.072660] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.073136] [ 23.073205] The buggy address belongs to the physical page: [ 23.073457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.073812] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.074248] flags: 0x200000000000040(head|node=0|zone=2) [ 23.074438] page_type: f5(slab) [ 23.074554] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.074768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.075107] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.075776] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.076154] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.076853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.077386] page dumped because: kasan: bad access detected [ 23.077869] [ 23.077963] Memory state around the buggy address: [ 23.078269] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.078602] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.078865] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.079172] ^ [ 23.079549] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.079836] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.080315] ================================================================== [ 23.231647] ================================================================== [ 23.231966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.232514] Write of size 1 at addr ffff8881060b20eb by task kunit_try_catch/211 [ 23.232799] [ 23.232914] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.232965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.232977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.233000] Call Trace: [ 23.233033] <TASK> [ 23.233054] dump_stack_lvl+0x73/0xb0 [ 23.233106] print_report+0xd1/0x650 [ 23.233130] ? __virt_addr_valid+0x1db/0x2d0 [ 23.233153] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233176] ? kasan_addr_to_slab+0x11/0xa0 [ 23.233196] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233219] kasan_report+0x141/0x180 [ 23.233240] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233267] __asan_report_store1_noabort+0x1b/0x30 [ 23.233292] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233316] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.233340] ? finish_task_switch.isra.0+0x153/0x700 [ 23.233362] ? __switch_to+0x47/0xf50 [ 23.233388] ? __schedule+0x10cc/0x2b60 [ 23.233409] ? __pfx_read_tsc+0x10/0x10 [ 23.233434] krealloc_large_less_oob+0x1c/0x30 [ 23.233542] kunit_try_run_case+0x1a5/0x480 [ 23.233581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.233604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.233625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.233659] ? __kthread_parkme+0x82/0x180 [ 23.233680] ? preempt_count_sub+0x50/0x80 [ 23.233712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.233736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.233770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.233794] kthread+0x337/0x6f0 [ 23.233813] ? trace_preempt_on+0x20/0xc0 [ 23.233844] ? __pfx_kthread+0x10/0x10 [ 23.233864] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.233888] ? calculate_sigpending+0x7b/0xa0 [ 23.233912] ? __pfx_kthread+0x10/0x10 [ 23.233943] ret_from_fork+0x116/0x1d0 [ 23.233962] ? __pfx_kthread+0x10/0x10 [ 23.233982] ret_from_fork_asm+0x1a/0x30 [ 23.234013] </TASK> [ 23.234025] [ 23.242630] The buggy address belongs to the physical page: [ 23.242931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.243307] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.243649] flags: 0x200000000000040(head|node=0|zone=2) [ 23.243898] page_type: f8(unknown) [ 23.244135] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.244355] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.244690] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.245152] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.245618] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.245970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.246518] page dumped because: kasan: bad access detected [ 23.246744] [ 23.246835] Memory state around the buggy address: [ 23.247072] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.247497] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.247798] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.248122] ^ [ 23.248514] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.248827] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.249190] ================================================================== [ 23.012428] ================================================================== [ 23.012763] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013136] Write of size 1 at addr ffff8881055728da by task kunit_try_catch/207 [ 23.013358] [ 23.013452] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.013505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.013517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.013541] Call Trace: [ 23.013564] <TASK> [ 23.013586] dump_stack_lvl+0x73/0xb0 [ 23.013685] print_report+0xd1/0x650 [ 23.013709] ? __virt_addr_valid+0x1db/0x2d0 [ 23.013734] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.013783] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013806] kasan_report+0x141/0x180 [ 23.013834] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013861] __asan_report_store1_noabort+0x1b/0x30 [ 23.013885] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013911] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.013948] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.013971] ? __switch_to+0x47/0xf50 [ 23.013996] ? __schedule+0x10cc/0x2b60 [ 23.014018] ? __pfx_read_tsc+0x10/0x10 [ 23.014042] krealloc_less_oob+0x1c/0x30 [ 23.014076] kunit_try_run_case+0x1a5/0x480 [ 23.014103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.014126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.014147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.014170] ? __kthread_parkme+0x82/0x180 [ 23.014225] ? preempt_count_sub+0x50/0x80 [ 23.014249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.014274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.014297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.014321] kthread+0x337/0x6f0 [ 23.014341] ? trace_preempt_on+0x20/0xc0 [ 23.014364] ? __pfx_kthread+0x10/0x10 [ 23.014385] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.014409] ? calculate_sigpending+0x7b/0xa0 [ 23.014432] ? __pfx_kthread+0x10/0x10 [ 23.014453] ret_from_fork+0x116/0x1d0 [ 23.014472] ? __pfx_kthread+0x10/0x10 [ 23.014492] ret_from_fork_asm+0x1a/0x30 [ 23.014523] </TASK> [ 23.014536] [ 23.023193] Allocated by task 207: [ 23.023336] kasan_save_stack+0x45/0x70 [ 23.023485] kasan_save_track+0x18/0x40 [ 23.023670] kasan_save_alloc_info+0x3b/0x50 [ 23.023876] __kasan_krealloc+0x190/0x1f0 [ 23.024261] krealloc_noprof+0xf3/0x340 [ 23.024455] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.024603] krealloc_less_oob+0x1c/0x30 [ 23.024759] kunit_try_run_case+0x1a5/0x480 [ 23.024992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.025249] kthread+0x337/0x6f0 [ 23.025512] ret_from_fork+0x116/0x1d0 [ 23.025943] ret_from_fork_asm+0x1a/0x30 [ 23.026300] [ 23.026376] The buggy address belongs to the object at ffff888105572800 [ 23.026376] which belongs to the cache kmalloc-256 of size 256 [ 23.026919] The buggy address is located 17 bytes to the right of [ 23.026919] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.027502] [ 23.027628] The buggy address belongs to the physical page: [ 23.027901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.028249] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.028638] flags: 0x200000000000040(head|node=0|zone=2) [ 23.028893] page_type: f5(slab) [ 23.029052] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.029402] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.029644] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.030058] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.030565] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.030848] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.031495] page dumped because: kasan: bad access detected [ 23.031952] [ 23.032265] Memory state around the buggy address: [ 23.032498] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.032765] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.033128] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.033725] ^ [ 23.033996] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.034499] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.034697] ==================================================================