lkft/linux-next-master - next-20250703 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 3, 2025, 10:10 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64

[   35.477527] ==================================================================
[   35.484839] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   35.492502] Write of size 1 at addr ffff00009697ecea by task kunit_try_catch/267
[   35.499989] 
[   35.501516] CPU: 4 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   35.501544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.501552] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.501562] Call trace:
[   35.501567]  show_stack+0x20/0x38 (C)
[   35.501584]  dump_stack_lvl+0x8c/0xd0
[   35.501602]  print_report+0x118/0x608
[   35.501619]  kasan_report+0xdc/0x128
[   35.501637]  __asan_report_store1_noabort+0x20/0x30
[   35.501654]  krealloc_less_oob_helper+0xae4/0xc50
[   35.501672]  krealloc_less_oob+0x20/0x38
[   35.501688]  kunit_try_run_case+0x170/0x3f0
[   35.501705]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.501726]  kthread+0x328/0x630
[   35.501739]  ret_from_fork+0x10/0x20
[   35.501754] 
[   35.571979] Allocated by task 267:
[   35.575433]  kasan_save_stack+0x3c/0x68
[   35.579339]  kasan_save_track+0x20/0x40
[   35.583245]  kasan_save_alloc_info+0x40/0x58
[   35.587582]  __kasan_krealloc+0x118/0x178
[   35.591654]  krealloc_noprof+0x128/0x360
[   35.595646]  krealloc_less_oob_helper+0x168/0xc50
[   35.600422]  krealloc_less_oob+0x20/0x38
[   35.604413]  kunit_try_run_case+0x170/0x3f0
[   35.608664]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.614231]  kthread+0x328/0x630
[   35.617514]  ret_from_fork+0x10/0x20
[   35.621147] 
[   35.622670] The buggy address belongs to the object at ffff00009697ec00
[   35.622670]  which belongs to the cache kmalloc-256 of size 256
[   35.635325] The buggy address is located 33 bytes to the right of
[   35.635325]  allocated 201-byte region [ffff00009697ec00, ffff00009697ecc9)
[   35.648508] 
[   35.650031] The buggy address belongs to the physical page:
[   35.655672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11697c
[   35.663774] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.671530] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.678583] page_type: f5(slab)
[   35.681781] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.689626] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.697471] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.705401] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.713331] head: 0bfffe0000000002 fffffdffc25a5f01 00000000ffffffff 00000000ffffffff
[   35.721262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.729186] page dumped because: kasan: bad access detected
[   35.734830] 
[   35.736362] Memory state around the buggy address:
[   35.741216]  ffff00009697eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.748524]  ffff00009697ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.755832] >ffff00009697ec80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   35.763141]                                                           ^
[   35.769840]  ffff00009697ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.777149]  ffff00009697ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.784453] ==================================================================
[   34.531896] ==================================================================
[   34.543105] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   34.550778] Write of size 1 at addr ffff00009697ecc9 by task kunit_try_catch/267
[   34.558272] 
[   34.559813] CPU: 2 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   34.559843] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.559851] Hardware name: Thundercomm Dragonboard 845c (DT)
[   34.559860] Call trace:
[   34.559867]  show_stack+0x20/0x38 (C)
[   34.559884]  dump_stack_lvl+0x8c/0xd0
[   34.559904]  print_report+0x118/0x608
[   34.559924]  kasan_report+0xdc/0x128
[   34.559942]  __asan_report_store1_noabort+0x20/0x30
[   34.559959]  krealloc_less_oob_helper+0xa48/0xc50
[   34.559977]  krealloc_less_oob+0x20/0x38
[   34.559994]  kunit_try_run_case+0x170/0x3f0
[   34.560012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.560033]  kthread+0x328/0x630
[   34.560048]  ret_from_fork+0x10/0x20
[   34.560065] 
[   34.630340] Allocated by task 267:
[   34.633799]  kasan_save_stack+0x3c/0x68
[   34.637708]  kasan_save_track+0x20/0x40
[   34.641614]  kasan_save_alloc_info+0x40/0x58
[   34.645949]  __kasan_krealloc+0x118/0x178
[   34.650031]  krealloc_noprof+0x128/0x360
[   34.654026]  krealloc_less_oob_helper+0x168/0xc50
[   34.658808]  krealloc_less_oob+0x20/0x38
[   34.662803]  kunit_try_run_case+0x170/0x3f0
[   34.667053]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.672620]  kthread+0x328/0x630
[   34.675912]  ret_from_fork+0x10/0x20
[   34.679551] 
[   34.681087] The buggy address belongs to the object at ffff00009697ec00
[   34.681087]  which belongs to the cache kmalloc-256 of size 256
[   34.693747] The buggy address is located 0 bytes to the right of
[   34.693747]  allocated 201-byte region [ffff00009697ec00, ffff00009697ecc9)
[   34.706852] 
[   34.708385] The buggy address belongs to the physical page:
[   34.714036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11697c
[   34.722147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.729900] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   34.736952] page_type: f5(slab)
[   34.740155] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   34.747998] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   34.755841] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   34.763771] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   34.771700] head: 0bfffe0000000002 fffffdffc25a5f01 00000000ffffffff 00000000ffffffff
[   34.779628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   34.787554] page dumped because: kasan: bad access detected
[   34.793197] 
[   34.794727] Memory state around the buggy address:
[   34.799586]  ffff00009697eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.806900]  ffff00009697ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.814221] >ffff00009697ec80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   34.821541]                                               ^
[   34.827190]  ffff00009697ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.834514]  ffff00009697ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.841833] ==================================================================
[   37.308828] ==================================================================
[   37.316142] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   37.323807] Write of size 1 at addr ffff0000861960ea by task kunit_try_catch/271
[   37.331291] 
[   37.332818] CPU: 4 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   37.332848] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.332855] Hardware name: Thundercomm Dragonboard 845c (DT)
[   37.332865] Call trace:
[   37.332871]  show_stack+0x20/0x38 (C)
[   37.332887]  dump_stack_lvl+0x8c/0xd0
[   37.332905]  print_report+0x118/0x608
[   37.332922]  kasan_report+0xdc/0x128
[   37.332939]  __asan_report_store1_noabort+0x20/0x30
[   37.332956]  krealloc_less_oob_helper+0xae4/0xc50
[   37.332974]  krealloc_large_less_oob+0x20/0x38
[   37.332991]  kunit_try_run_case+0x170/0x3f0
[   37.333009]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.333028]  kthread+0x328/0x630
[   37.333041]  ret_from_fork+0x10/0x20
[   37.333057] 
[   37.403834] The buggy address belongs to the physical page:
[   37.409480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194
[   37.417586] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.425332] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   37.432384] page_type: f8(unknown)
[   37.435844] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.443689] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.451525] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.459453] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.467383] head: 0bfffe0000000002 fffffdffc2186501 00000000ffffffff 00000000ffffffff
[   37.475312] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   37.483241] page dumped because: kasan: bad access detected
[   37.488888] 
[   37.490410] Memory state around the buggy address:
[   37.495261]  ffff000086195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.502573]  ffff000086196000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.509882] >ffff000086196080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   37.517189]                                                           ^
[   37.523888]  ffff000086196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.531198]  ffff000086196180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.538507] ==================================================================
[   34.849245] ==================================================================
[   34.856566] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   34.864238] Write of size 1 at addr ffff00009697ecd0 by task kunit_try_catch/267
[   34.871740] 
[   34.873268] CPU: 2 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   34.873297] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.873305] Hardware name: Thundercomm Dragonboard 845c (DT)
[   34.873316] Call trace:
[   34.873324]  show_stack+0x20/0x38 (C)
[   34.873343]  dump_stack_lvl+0x8c/0xd0
[   34.873365]  print_report+0x118/0x608
[   34.873386]  kasan_report+0xdc/0x128
[   34.873405]  __asan_report_store1_noabort+0x20/0x30
[   34.873423]  krealloc_less_oob_helper+0xb9c/0xc50
[   34.873441]  krealloc_less_oob+0x20/0x38
[   34.873459]  kunit_try_run_case+0x170/0x3f0
[   34.873477]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.873499]  kthread+0x328/0x630
[   34.873514]  ret_from_fork+0x10/0x20
[   34.873532] 
[   34.943836] Allocated by task 267:
[   34.947300]  kasan_save_stack+0x3c/0x68
[   34.951210]  kasan_save_track+0x20/0x40
[   34.955119]  kasan_save_alloc_info+0x40/0x58
[   34.959457]  __kasan_krealloc+0x118/0x178
[   34.963538]  krealloc_noprof+0x128/0x360
[   34.967534]  krealloc_less_oob_helper+0x168/0xc50
[   34.972313]  krealloc_less_oob+0x20/0x38
[   34.976307]  kunit_try_run_case+0x170/0x3f0
[   34.980562]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.986135]  kthread+0x328/0x630
[   34.989425]  ret_from_fork+0x10/0x20
[   34.993064] 
[   34.994594] The buggy address belongs to the object at ffff00009697ec00
[   34.994594]  which belongs to the cache kmalloc-256 of size 256
[   35.007258] The buggy address is located 7 bytes to the right of
[   35.007258]  allocated 201-byte region [ffff00009697ec00, ffff00009697ecc9)
[   35.020359] 
[   35.021891] The buggy address belongs to the physical page:
[   35.027538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11697c
[   35.035650] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.043405] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.050459] page_type: f5(slab)
[   35.053664] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.061509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.069354] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.077284] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.085213] head: 0bfffe0000000002 fffffdffc25a5f01 00000000ffffffff 00000000ffffffff
[   35.093144] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.101069] page dumped because: kasan: bad access detected
[   35.106719] 
[   35.108252] Memory state around the buggy address:
[   35.113113]  ffff00009697eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.120438]  ffff00009697ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.127753] >ffff00009697ec80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   35.135065]                                                  ^
[   35.140981]  ffff00009697ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.148304]  ffff00009697ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.155619] ==================================================================
[   36.835388] ==================================================================
[   36.842709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   36.850383] Write of size 1 at addr ffff0000861960d0 by task kunit_try_catch/271
[   36.857880] 
[   36.859411] CPU: 3 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   36.859439] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.859447] Hardware name: Thundercomm Dragonboard 845c (DT)
[   36.859457] Call trace:
[   36.859464]  show_stack+0x20/0x38 (C)
[   36.859482]  dump_stack_lvl+0x8c/0xd0
[   36.859503]  print_report+0x118/0x608
[   36.859521]  kasan_report+0xdc/0x128
[   36.859539]  __asan_report_store1_noabort+0x20/0x30
[   36.859557]  krealloc_less_oob_helper+0xb9c/0xc50
[   36.859576]  krealloc_large_less_oob+0x20/0x38
[   36.859595]  kunit_try_run_case+0x170/0x3f0
[   36.859613]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.859634]  kthread+0x328/0x630
[   36.859649]  ret_from_fork+0x10/0x20
[   36.859666] 
[   36.930484] The buggy address belongs to the physical page:
[   36.936138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194
[   36.944249] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   36.952004] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   36.959062] page_type: f8(unknown)
[   36.962528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.970373] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   36.978218] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.986148] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   36.994079] head: 0bfffe0000000002 fffffdffc2186501 00000000ffffffff 00000000ffffffff
[   37.002008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   37.009935] page dumped because: kasan: bad access detected
[   37.015581] 
[   37.017107] Memory state around the buggy address:
[   37.021969]  ffff000086195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.029293]  ffff000086196000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.036616] >ffff000086196080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   37.043937]                                                  ^
[   37.049847]  ffff000086196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.057171]  ffff000086196180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.064493] ==================================================================
[   35.792013] ==================================================================
[   35.799339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   35.807017] Write of size 1 at addr ffff00009697eceb by task kunit_try_catch/267
[   35.814508] 
[   35.816048] CPU: 3 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   35.816076] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.816085] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.816096] Call trace:
[   35.816103]  show_stack+0x20/0x38 (C)
[   35.816122]  dump_stack_lvl+0x8c/0xd0
[   35.816143]  print_report+0x118/0x608
[   35.816162]  kasan_report+0xdc/0x128
[   35.816181]  __asan_report_store1_noabort+0x20/0x30
[   35.816199]  krealloc_less_oob_helper+0xa58/0xc50
[   35.816217]  krealloc_less_oob+0x20/0x38
[   35.816235]  kunit_try_run_case+0x170/0x3f0
[   35.816255]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.816275]  kthread+0x328/0x630
[   35.816290]  ret_from_fork+0x10/0x20
[   35.816307] 
[   35.886597] Allocated by task 267:
[   35.890058]  kasan_save_stack+0x3c/0x68
[   35.893968]  kasan_save_track+0x20/0x40
[   35.897879]  kasan_save_alloc_info+0x40/0x58
[   35.902219]  __kasan_krealloc+0x118/0x178
[   35.906302]  krealloc_noprof+0x128/0x360
[   35.910300]  krealloc_less_oob_helper+0x168/0xc50
[   35.915083]  krealloc_less_oob+0x20/0x38
[   35.919080]  kunit_try_run_case+0x170/0x3f0
[   35.923335]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.928907]  kthread+0x328/0x630
[   35.932199]  ret_from_fork+0x10/0x20
[   35.935839] 
[   35.937370] The buggy address belongs to the object at ffff00009697ec00
[   35.937370]  which belongs to the cache kmalloc-256 of size 256
[   35.950026] The buggy address is located 34 bytes to the right of
[   35.950026]  allocated 201-byte region [ffff00009697ec00, ffff00009697ecc9)
[   35.963211] 
[   35.964739] The buggy address belongs to the physical page:
[   35.970389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11697c
[   35.978492] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.986252] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.993309] page_type: f5(slab)
[   35.996513] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   36.004360] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   36.012206] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   36.020139] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   36.028072] head: 0bfffe0000000002 fffffdffc25a5f01 00000000ffffffff 00000000ffffffff
[   36.036005] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   36.043934] page dumped because: kasan: bad access detected
[   36.049585] 
[   36.051113] Memory state around the buggy address:
[   36.055974]  ffff00009697eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.063293]  ffff00009697ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.070611] >ffff00009697ec80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   36.077923]                                                           ^
[   36.084630]  ffff00009697ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.091945]  ffff00009697ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.099262] ==================================================================
[   36.594768] ==================================================================
[   36.606509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   36.614186] Write of size 1 at addr ffff0000861960c9 by task kunit_try_catch/271
[   36.621687] 
[   36.623221] CPU: 3 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   36.623249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.623257] Hardware name: Thundercomm Dragonboard 845c (DT)
[   36.623270] Call trace:
[   36.623277]  show_stack+0x20/0x38 (C)
[   36.623295]  dump_stack_lvl+0x8c/0xd0
[   36.623315]  print_report+0x118/0x608
[   36.623334]  kasan_report+0xdc/0x128
[   36.623353]  __asan_report_store1_noabort+0x20/0x30
[   36.623372]  krealloc_less_oob_helper+0xa48/0xc50
[   36.623392]  krealloc_large_less_oob+0x20/0x38
[   36.623410]  kunit_try_run_case+0x170/0x3f0
[   36.623429]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.623450]  kthread+0x328/0x630
[   36.623465]  ret_from_fork+0x10/0x20
[   36.623483] 
[   36.694294] The buggy address belongs to the physical page:
[   36.699939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194
[   36.708044] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   36.715802] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   36.722860] page_type: f8(unknown)
[   36.726330] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.734178] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   36.742026] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.749959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   36.757891] head: 0bfffe0000000002 fffffdffc2186501 00000000ffffffff 00000000ffffffff
[   36.765824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   36.773751] page dumped because: kasan: bad access detected
[   36.779396] 
[   36.780926] Memory state around the buggy address:
[   36.785785]  ffff000086195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.793100]  ffff000086196000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.800415] >ffff000086196080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   36.807727]                                               ^
[   36.813375]  ffff000086196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.820689]  ffff000086196180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.828002] ==================================================================
[   37.072217] ==================================================================
[   37.079537] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   37.087212] Write of size 1 at addr ffff0000861960da by task kunit_try_catch/271
[   37.094700] 
[   37.096238] CPU: 4 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   37.096268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.096276] Hardware name: Thundercomm Dragonboard 845c (DT)
[   37.096286] Call trace:
[   37.096292]  show_stack+0x20/0x38 (C)
[   37.096310]  dump_stack_lvl+0x8c/0xd0
[   37.096329]  print_report+0x118/0x608
[   37.096347]  kasan_report+0xdc/0x128
[   37.096365]  __asan_report_store1_noabort+0x20/0x30
[   37.096381]  krealloc_less_oob_helper+0xa80/0xc50
[   37.096399]  krealloc_large_less_oob+0x20/0x38
[   37.096415]  kunit_try_run_case+0x170/0x3f0
[   37.096432]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.096454]  kthread+0x328/0x630
[   37.096467]  ret_from_fork+0x10/0x20
[   37.096483] 
[   37.167264] The buggy address belongs to the physical page:
[   37.172910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194
[   37.181016] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.188762] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   37.195813] page_type: f8(unknown)
[   37.199274] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.207108] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.214945] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.222874] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.230804] head: 0bfffe0000000002 fffffdffc2186501 00000000ffffffff 00000000ffffffff
[   37.238734] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   37.246651] page dumped because: kasan: bad access detected
[   37.252292] 
[   37.253816] Memory state around the buggy address:
[   37.258671]  ffff000086195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.265980]  ffff000086196000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.273289] >ffff000086196080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   37.280598]                                                     ^
[   37.286767]  ffff000086196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.294078]  ffff000086196180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.301387] ==================================================================
[   37.546341] ==================================================================
[   37.553662] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   37.561332] Write of size 1 at addr ffff0000861960eb by task kunit_try_catch/271
[   37.568823] 
[   37.570351] CPU: 5 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   37.570381] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.570389] Hardware name: Thundercomm Dragonboard 845c (DT)
[   37.570400] Call trace:
[   37.570406]  show_stack+0x20/0x38 (C)
[   37.570423]  dump_stack_lvl+0x8c/0xd0
[   37.570442]  print_report+0x118/0x608
[   37.570460]  kasan_report+0xdc/0x128
[   37.570478]  __asan_report_store1_noabort+0x20/0x30
[   37.570495]  krealloc_less_oob_helper+0xa58/0xc50
[   37.570512]  krealloc_large_less_oob+0x20/0x38
[   37.570530]  kunit_try_run_case+0x170/0x3f0
[   37.570546]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.570566]  kthread+0x328/0x630
[   37.570580]  ret_from_fork+0x10/0x20
[   37.570597] 
[   37.641384] The buggy address belongs to the physical page:
[   37.647027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194
[   37.655125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.662879] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   37.669933] page_type: f8(unknown)
[   37.673391] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.681230] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.689070] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   37.696993] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   37.704917] head: 0bfffe0000000002 fffffdffc2186501 00000000ffffffff 00000000ffffffff
[   37.712842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   37.720765] page dumped because: kasan: bad access detected
[   37.726406] 
[   37.727934] Memory state around the buggy address:
[   37.732784]  ffff000086195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.740097]  ffff000086196000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.747411] >ffff000086196080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   37.754719]                                                           ^
[   37.761412]  ffff000086196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.768727]  ffff000086196180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   37.776035] ==================================================================
[   35.163637] ==================================================================
[   35.170964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   35.178639] Write of size 1 at addr ffff00009697ecda by task kunit_try_catch/267
[   35.186136] 
[   35.187673] CPU: 4 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   35.187702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.187711] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.187721] Call trace:
[   35.187727]  show_stack+0x20/0x38 (C)
[   35.187745]  dump_stack_lvl+0x8c/0xd0
[   35.187766]  print_report+0x118/0x608
[   35.187784]  kasan_report+0xdc/0x128
[   35.187802]  __asan_report_store1_noabort+0x20/0x30
[   35.187820]  krealloc_less_oob_helper+0xa80/0xc50
[   35.187837]  krealloc_less_oob+0x20/0x38
[   35.187854]  kunit_try_run_case+0x170/0x3f0
[   35.187872]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.187892]  kthread+0x328/0x630
[   35.187906]  ret_from_fork+0x10/0x20
[   35.187923] 
[   35.258166] Allocated by task 267:
[   35.261622]  kasan_save_stack+0x3c/0x68
[   35.265519]  kasan_save_track+0x20/0x40
[   35.269424]  kasan_save_alloc_info+0x40/0x58
[   35.273760]  __kasan_krealloc+0x118/0x178
[   35.277842]  krealloc_noprof+0x128/0x360
[   35.281824]  krealloc_less_oob_helper+0x168/0xc50
[   35.286598]  krealloc_less_oob+0x20/0x38
[   35.290581]  kunit_try_run_case+0x170/0x3f0
[   35.294832]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.300397]  kthread+0x328/0x630
[   35.303680]  ret_from_fork+0x10/0x20
[   35.307313] 
[   35.308836] The buggy address belongs to the object at ffff00009697ec00
[   35.308836]  which belongs to the cache kmalloc-256 of size 256
[   35.321486] The buggy address is located 17 bytes to the right of
[   35.321486]  allocated 201-byte region [ffff00009697ec00, ffff00009697ecc9)
[   35.334669] 
[   35.336202] The buggy address belongs to the physical page:
[   35.341847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11697c
[   35.349951] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.357705] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.364755] page_type: f5(slab)
[   35.367954] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.375799] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.383642] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   35.391572] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.399501] head: 0bfffe0000000002 fffffdffc25a5f01 00000000ffffffff 00000000ffffffff
[   35.407430] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.415356] page dumped because: kasan: bad access detected
[   35.421004] 
[   35.422526] Memory state around the buggy address:
[   35.427378]  ffff00009697eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.434691]  ffff00009697ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.442000] >ffff00009697ec80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   35.449307]                                                     ^
[   35.455473]  ffff00009697ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.462783]  ffff00009697ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.470092] ==================================================================

Metadata Full log Test run details

[   30.958434] ==================================================================
[   30.958888] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.958959] Write of size 1 at addr fff00000c9bc60da by task kunit_try_catch/194
[   30.959095] 
[   30.959213] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.959352] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.959378] Hardware name: linux,dummy-virt (DT)
[   30.959446] Call trace:
[   30.959716]  show_stack+0x20/0x38 (C)
[   30.960229]  dump_stack_lvl+0x8c/0xd0
[   30.960615]  print_report+0x118/0x608
[   30.960738]  kasan_report+0xdc/0x128
[   30.960788]  __asan_report_store1_noabort+0x20/0x30
[   30.960852]  krealloc_less_oob_helper+0xa80/0xc50
[   30.961103]  krealloc_large_less_oob+0x20/0x38
[   30.961244]  kunit_try_run_case+0x170/0x3f0
[   30.961655]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.962206]  kthread+0x328/0x630
[   30.962400]  ret_from_fork+0x10/0x20
[   30.963229] 
[   30.963511] The buggy address belongs to the physical page:
[   30.963641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4
[   30.963814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.963942] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.964091] page_type: f8(unknown)
[   30.964147] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.964215] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.964566] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.964645] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.964949] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff
[   30.965140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.965225] page dumped because: kasan: bad access detected
[   30.965359] 
[   30.965378] Memory state around the buggy address:
[   30.965410]  fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.965613]  fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.965739] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.966016]                                                     ^
[   30.966227]  fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.966276]  fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.966472] ==================================================================
[   30.950379] ==================================================================
[   30.950425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.950478] Write of size 1 at addr fff00000c9bc60d0 by task kunit_try_catch/194
[   30.950864] 
[   30.950979] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.951208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.951236] Hardware name: linux,dummy-virt (DT)
[   30.951270] Call trace:
[   30.951297]  show_stack+0x20/0x38 (C)
[   30.951585]  dump_stack_lvl+0x8c/0xd0
[   30.951910]  print_report+0x118/0x608
[   30.951968]  kasan_report+0xdc/0x128
[   30.952176]  __asan_report_store1_noabort+0x20/0x30
[   30.952256]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.952583]  krealloc_large_less_oob+0x20/0x38
[   30.952746]  kunit_try_run_case+0x170/0x3f0
[   30.952923]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.953051]  kthread+0x328/0x630
[   30.953124]  ret_from_fork+0x10/0x20
[   30.953511] 
[   30.953630] The buggy address belongs to the physical page:
[   30.953707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4
[   30.953852] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.954139] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.954379] page_type: f8(unknown)
[   30.954580] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.954745] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.954853] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.954974] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.955311] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff
[   30.955506] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.955616] page dumped because: kasan: bad access detected
[   30.955763] 
[   30.955881] Memory state around the buggy address:
[   30.955916]  fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.956194]  fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.956423] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.956482]                                                  ^
[   30.956879]  fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.957104]  fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.957215] ==================================================================
[   30.973750] ==================================================================
[   30.973797] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.973860] Write of size 1 at addr fff00000c9bc60eb by task kunit_try_catch/194
[   30.974028] 
[   30.974106] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.974474] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.974530] Hardware name: linux,dummy-virt (DT)
[   30.974566] Call trace:
[   30.974615]  show_stack+0x20/0x38 (C)
[   30.974796]  dump_stack_lvl+0x8c/0xd0
[   30.974874]  print_report+0x118/0x608
[   30.975000]  kasan_report+0xdc/0x128
[   30.975086]  __asan_report_store1_noabort+0x20/0x30
[   30.975141]  krealloc_less_oob_helper+0xa58/0xc50
[   30.975198]  krealloc_large_less_oob+0x20/0x38
[   30.975515]  kunit_try_run_case+0x170/0x3f0
[   30.975645]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.975732]  kthread+0x328/0x630
[   30.975777]  ret_from_fork+0x10/0x20
[   30.975975] 
[   30.976155] The buggy address belongs to the physical page:
[   30.976205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4
[   30.976315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.976412] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.976568] page_type: f8(unknown)
[   30.976625] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.976677] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.976737] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.977106] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.977270] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff
[   30.977423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.977519] page dumped because: kasan: bad access detected
[   30.977615] 
[   30.977756] Memory state around the buggy address:
[   30.977887]  fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.977971]  fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.978301] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.978371]                                                           ^
[   30.978474]  fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.978568]  fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.978734] ==================================================================
[   30.898401] ==================================================================
[   30.898444] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.898509] Write of size 1 at addr fff00000c872c6eb by task kunit_try_catch/190
[   30.898559] 
[   30.898594] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.898675] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.898700] Hardware name: linux,dummy-virt (DT)
[   30.898752] Call trace:
[   30.898781]  show_stack+0x20/0x38 (C)
[   30.899670]  dump_stack_lvl+0x8c/0xd0
[   30.899742]  print_report+0x118/0x608
[   30.899814]  kasan_report+0xdc/0x128
[   30.900047]  __asan_report_store1_noabort+0x20/0x30
[   30.900122]  krealloc_less_oob_helper+0xa58/0xc50
[   30.900345]  krealloc_less_oob+0x20/0x38
[   30.900579]  kunit_try_run_case+0x170/0x3f0
[   30.900856]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.901125]  kthread+0x328/0x630
[   30.901234]  ret_from_fork+0x10/0x20
[   30.901660] 
[   30.901785] Allocated by task 190:
[   30.901977]  kasan_save_stack+0x3c/0x68
[   30.902106]  kasan_save_track+0x20/0x40
[   30.902295]  kasan_save_alloc_info+0x40/0x58
[   30.902335]  __kasan_krealloc+0x118/0x178
[   30.902573]  krealloc_noprof+0x128/0x360
[   30.902880]  krealloc_less_oob_helper+0x168/0xc50
[   30.903137]  krealloc_less_oob+0x20/0x38
[   30.903323]  kunit_try_run_case+0x170/0x3f0
[   30.903385]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.903497]  kthread+0x328/0x630
[   30.903600]  ret_from_fork+0x10/0x20
[   30.903945] 
[   30.904250] The buggy address belongs to the object at fff00000c872c600
[   30.904250]  which belongs to the cache kmalloc-256 of size 256
[   30.904381] The buggy address is located 34 bytes to the right of
[   30.904381]  allocated 201-byte region [fff00000c872c600, fff00000c872c6c9)
[   30.904513] 
[   30.904545] The buggy address belongs to the physical page:
[   30.904633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c
[   30.904691] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.904983] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.905226] page_type: f5(slab)
[   30.905396] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.905501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.905633] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.905701] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.905825] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff
[   30.906188] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.906258] page dumped because: kasan: bad access detected
[   30.906289] 
[   30.907053] Memory state around the buggy address:
[   30.907116]  fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.907170]  fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.907237] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.907312]                                                           ^
[   30.907888]  fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.908187]  fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.908234] ==================================================================
[   30.872366] ==================================================================
[   30.872540] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.872696] Write of size 1 at addr fff00000c872c6d0 by task kunit_try_catch/190
[   30.872945] 
[   30.872983] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.873320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.873425] Hardware name: linux,dummy-virt (DT)
[   30.873564] Call trace:
[   30.873623]  show_stack+0x20/0x38 (C)
[   30.873977]  dump_stack_lvl+0x8c/0xd0
[   30.874111]  print_report+0x118/0x608
[   30.874344]  kasan_report+0xdc/0x128
[   30.874561]  __asan_report_store1_noabort+0x20/0x30
[   30.874628]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.874797]  krealloc_less_oob+0x20/0x38
[   30.875001]  kunit_try_run_case+0x170/0x3f0
[   30.875219]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.875482]  kthread+0x328/0x630
[   30.875576]  ret_from_fork+0x10/0x20
[   30.876108] 
[   30.876143] Allocated by task 190:
[   30.876316]  kasan_save_stack+0x3c/0x68
[   30.876627]  kasan_save_track+0x20/0x40
[   30.876679]  kasan_save_alloc_info+0x40/0x58
[   30.877018]  __kasan_krealloc+0x118/0x178
[   30.877090]  krealloc_noprof+0x128/0x360
[   30.877285]  krealloc_less_oob_helper+0x168/0xc50
[   30.877511]  krealloc_less_oob+0x20/0x38
[   30.877699]  kunit_try_run_case+0x170/0x3f0
[   30.877784]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.877988]  kthread+0x328/0x630
[   30.878071]  ret_from_fork+0x10/0x20
[   30.878488] 
[   30.878534] The buggy address belongs to the object at fff00000c872c600
[   30.878534]  which belongs to the cache kmalloc-256 of size 256
[   30.878615] The buggy address is located 7 bytes to the right of
[   30.878615]  allocated 201-byte region [fff00000c872c600, fff00000c872c6c9)
[   30.878998] 
[   30.879051] The buggy address belongs to the physical page:
[   30.879156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c
[   30.879249] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.879343] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.879463] page_type: f5(slab)
[   30.880127] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.880282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.880337] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.880573] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.880629] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff
[   30.880678] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.880861] page dumped because: kasan: bad access detected
[   30.881005] 
[   30.881104] Memory state around the buggy address:
[   30.881529]  fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.881617]  fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.881735] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.882019]                                                  ^
[   30.882196]  fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.882249]  fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.882287] ==================================================================
[   30.863635] ==================================================================
[   30.863699] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.863760] Write of size 1 at addr fff00000c872c6c9 by task kunit_try_catch/190
[   30.864057] 
[   30.864239] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.864345] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.864419] Hardware name: linux,dummy-virt (DT)
[   30.864591] Call trace:
[   30.864615]  show_stack+0x20/0x38 (C)
[   30.864804]  dump_stack_lvl+0x8c/0xd0
[   30.865094]  print_report+0x118/0x608
[   30.865302]  kasan_report+0xdc/0x128
[   30.865465]  __asan_report_store1_noabort+0x20/0x30
[   30.865631]  krealloc_less_oob_helper+0xa48/0xc50
[   30.865905]  krealloc_less_oob+0x20/0x38
[   30.866092]  kunit_try_run_case+0x170/0x3f0
[   30.866220]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.866306]  kthread+0x328/0x630
[   30.866365]  ret_from_fork+0x10/0x20
[   30.866414] 
[   30.866432] Allocated by task 190:
[   30.866469]  kasan_save_stack+0x3c/0x68
[   30.866514]  kasan_save_track+0x20/0x40
[   30.866573]  kasan_save_alloc_info+0x40/0x58
[   30.866611]  __kasan_krealloc+0x118/0x178
[   30.866659]  krealloc_noprof+0x128/0x360
[   30.866713]  krealloc_less_oob_helper+0x168/0xc50
[   30.866762]  krealloc_less_oob+0x20/0x38
[   30.866799]  kunit_try_run_case+0x170/0x3f0
[   30.866856]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.866908]  kthread+0x328/0x630
[   30.866941]  ret_from_fork+0x10/0x20
[   30.866998] 
[   30.867018] The buggy address belongs to the object at fff00000c872c600
[   30.867018]  which belongs to the cache kmalloc-256 of size 256
[   30.867080] The buggy address is located 0 bytes to the right of
[   30.867080]  allocated 201-byte region [fff00000c872c600, fff00000c872c6c9)
[   30.867148] 
[   30.867168] The buggy address belongs to the physical page:
[   30.867200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c
[   30.867251] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.867307] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.867367] page_type: f5(slab)
[   30.867407] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.867458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.867514] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.867570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.867629] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff
[   30.867685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.867733] page dumped because: kasan: bad access detected
[   30.867770] 
[   30.867787] Memory state around the buggy address:
[   30.867827]  fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.868143]  fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.868402] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.868448]                                               ^
[   30.868847]  fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.869422]  fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.869722] ==================================================================
[   30.893295] ==================================================================
[   30.893441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.893499] Write of size 1 at addr fff00000c872c6ea by task kunit_try_catch/190
[   30.893654] 
[   30.893854] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.893943] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.894129] Hardware name: linux,dummy-virt (DT)
[   30.894419] Call trace:
[   30.894454]  show_stack+0x20/0x38 (C)
[   30.894516]  dump_stack_lvl+0x8c/0xd0
[   30.894649]  print_report+0x118/0x608
[   30.894735]  kasan_report+0xdc/0x128
[   30.895054]  __asan_report_store1_noabort+0x20/0x30
[   30.895253]  krealloc_less_oob_helper+0xae4/0xc50
[   30.895365]  krealloc_less_oob+0x20/0x38
[   30.895432]  kunit_try_run_case+0x170/0x3f0
[   30.895551]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.895665]  kthread+0x328/0x630
[   30.895774]  ret_from_fork+0x10/0x20
[   30.895825] 
[   30.895980] Allocated by task 190:
[   30.896175]  kasan_save_stack+0x3c/0x68
[   30.896287]  kasan_save_track+0x20/0x40
[   30.896423]  kasan_save_alloc_info+0x40/0x58
[   30.896477]  __kasan_krealloc+0x118/0x178
[   30.896638]  krealloc_noprof+0x128/0x360
[   30.896691]  krealloc_less_oob_helper+0x168/0xc50
[   30.896732]  krealloc_less_oob+0x20/0x38
[   30.896769]  kunit_try_run_case+0x170/0x3f0
[   30.896807]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.896912]  kthread+0x328/0x630
[   30.896961]  ret_from_fork+0x10/0x20
[   30.897012] 
[   30.897031] The buggy address belongs to the object at fff00000c872c600
[   30.897031]  which belongs to the cache kmalloc-256 of size 256
[   30.897098] The buggy address is located 33 bytes to the right of
[   30.897098]  allocated 201-byte region [fff00000c872c600, fff00000c872c6c9)
[   30.897163] 
[   30.897181] The buggy address belongs to the physical page:
[   30.897219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c
[   30.897280] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.897334] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.897392] page_type: f5(slab)
[   30.897430] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.897493] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.897544] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.897615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.897672] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff
[   30.897730] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.897774] page dumped because: kasan: bad access detected
[   30.897803] 
[   30.897821] Memory state around the buggy address:
[   30.897866]  fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.897916]  fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.897982] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.898033]                                                           ^
[   30.898069]  fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.898111]  fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.898163] ==================================================================
[   30.967160] ==================================================================
[   30.967217] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.967270] Write of size 1 at addr fff00000c9bc60ea by task kunit_try_catch/194
[   30.967318] 
[   30.967348] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.967430] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.967468] Hardware name: linux,dummy-virt (DT)
[   30.967500] Call trace:
[   30.967521]  show_stack+0x20/0x38 (C)
[   30.967569]  dump_stack_lvl+0x8c/0xd0
[   30.967628]  print_report+0x118/0x608
[   30.967675]  kasan_report+0xdc/0x128
[   30.967720]  __asan_report_store1_noabort+0x20/0x30
[   30.967778]  krealloc_less_oob_helper+0xae4/0xc50
[   30.967828]  krealloc_large_less_oob+0x20/0x38
[   30.967888]  kunit_try_run_case+0x170/0x3f0
[   30.967937]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.968012]  kthread+0x328/0x630
[   30.968055]  ret_from_fork+0x10/0x20
[   30.968101] 
[   30.968120] The buggy address belongs to the physical page:
[   30.968150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4
[   30.968201] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.968246] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.968296] page_type: f8(unknown)
[   30.969105] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.969171] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.969646] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.969844] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.969916] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff
[   30.970310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.970370] page dumped because: kasan: bad access detected
[   30.970474] 
[   30.970493] Memory state around the buggy address:
[   30.970544]  fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.970883]  fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.970983] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.971387]                                                           ^
[   30.971453]  fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.971817]  fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.971991] ==================================================================
[   30.884683] ==================================================================
[   30.884741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.884960] Write of size 1 at addr fff00000c872c6da by task kunit_try_catch/190
[   30.885083] 
[   30.885245] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.885345] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.885491] Hardware name: linux,dummy-virt (DT)
[   30.885635] Call trace:
[   30.885767]  show_stack+0x20/0x38 (C)
[   30.885825]  dump_stack_lvl+0x8c/0xd0
[   30.885885]  print_report+0x118/0x608
[   30.885932]  kasan_report+0xdc/0x128
[   30.885985]  __asan_report_store1_noabort+0x20/0x30
[   30.886046]  krealloc_less_oob_helper+0xa80/0xc50
[   30.886104]  krealloc_less_oob+0x20/0x38
[   30.886152]  kunit_try_run_case+0x170/0x3f0
[   30.886201]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.886264]  kthread+0x328/0x630
[   30.886306]  ret_from_fork+0x10/0x20
[   30.886353] 
[   30.886371] Allocated by task 190:
[   30.886399]  kasan_save_stack+0x3c/0x68
[   30.886441]  kasan_save_track+0x20/0x40
[   30.886488]  kasan_save_alloc_info+0x40/0x58
[   30.886526]  __kasan_krealloc+0x118/0x178
[   30.886574]  krealloc_noprof+0x128/0x360
[   30.886611]  krealloc_less_oob_helper+0x168/0xc50
[   30.886657]  krealloc_less_oob+0x20/0x38
[   30.886709]  kunit_try_run_case+0x170/0x3f0
[   30.886747]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.886806]  kthread+0x328/0x630
[   30.887517]  ret_from_fork+0x10/0x20
[   30.887569] 
[   30.887589] The buggy address belongs to the object at fff00000c872c600
[   30.887589]  which belongs to the cache kmalloc-256 of size 256
[   30.887678] The buggy address is located 17 bytes to the right of
[   30.887678]  allocated 201-byte region [fff00000c872c600, fff00000c872c6c9)
[   30.887937] 
[   30.888272] The buggy address belongs to the physical page:
[   30.888361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c
[   30.888579] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.888750] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.888962] page_type: f5(slab)
[   30.889093] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.889357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.889611] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.889666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.889829] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff
[   30.890084] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.890236] page dumped because: kasan: bad access detected
[   30.890670] 
[   30.890852] Memory state around the buggy address:
[   30.891051]  fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.891148]  fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.891250] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.891379]                                                     ^
[   30.891417]  fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.891894]  fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.892036] ==================================================================
[   30.946120] ==================================================================
[   30.946183] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.946246] Write of size 1 at addr fff00000c9bc60c9 by task kunit_try_catch/194
[   30.946593] 
[   30.946732] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.946826] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.946864] Hardware name: linux,dummy-virt (DT)
[   30.946899] Call trace:
[   30.946921]  show_stack+0x20/0x38 (C)
[   30.946972]  dump_stack_lvl+0x8c/0xd0
[   30.947021]  print_report+0x118/0x608
[   30.947069]  kasan_report+0xdc/0x128
[   30.947136]  __asan_report_store1_noabort+0x20/0x30
[   30.947186]  krealloc_less_oob_helper+0xa48/0xc50
[   30.947235]  krealloc_large_less_oob+0x20/0x38
[   30.947284]  kunit_try_run_case+0x170/0x3f0
[   30.947333]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.947387]  kthread+0x328/0x630
[   30.947428]  ret_from_fork+0x10/0x20
[   30.947475] 
[   30.947495] The buggy address belongs to the physical page:
[   30.947528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4
[   30.947580] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.947627] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.947679] page_type: f8(unknown)
[   30.947744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.947796] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.947858] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.947910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.947959] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff
[   30.948017] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.948064] page dumped because: kasan: bad access detected
[   30.948103] 
[   30.948121] Memory state around the buggy address:
[   30.948161]  fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.948203]  fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.948244] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.948281]                                               ^
[   30.949085]  fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.949228]  fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.949313] ==================================================================

Metadata Full log Test run details

[   22.778638] ==================================================================
[   22.779128] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   22.780779] Write of size 1 at addr ffff8881055a0ec9 by task kunit_try_catch/207
[   22.781895] 
[   22.782021] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.782070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.782083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.782104] Call Trace:
[   22.782117]  <TASK>
[   22.782200]  dump_stack_lvl+0x73/0xb0
[   22.782234]  print_report+0xd1/0x650
[   22.782257]  ? __virt_addr_valid+0x1db/0x2d0
[   22.782280]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.782302]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.782327]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.782350]  kasan_report+0x141/0x180
[   22.782372]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.782399]  __asan_report_store1_noabort+0x1b/0x30
[   22.782422]  krealloc_less_oob_helper+0xd70/0x11d0
[   22.782448]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.782482]  ? finish_task_switch.isra.0+0x153/0x700
[   22.782503]  ? __switch_to+0x47/0xf50
[   22.782531]  ? __schedule+0x10cc/0x2b60
[   22.782556]  ? __pfx_read_tsc+0x10/0x10
[   22.782581]  krealloc_less_oob+0x1c/0x30
[   22.782603]  kunit_try_run_case+0x1a5/0x480
[   22.782628]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.782651]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.782671]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.782696]  ? __kthread_parkme+0x82/0x180
[   22.782716]  ? preempt_count_sub+0x50/0x80
[   22.782738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.782763]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.782786]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.782810]  kthread+0x337/0x6f0
[   22.782829]  ? trace_preempt_on+0x20/0xc0
[   22.782852]  ? __pfx_kthread+0x10/0x10
[   22.782873]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.782896]  ? calculate_sigpending+0x7b/0xa0
[   22.782919]  ? __pfx_kthread+0x10/0x10
[   22.782940]  ret_from_fork+0x116/0x1d0
[   22.782959]  ? __pfx_kthread+0x10/0x10
[   22.782979]  ret_from_fork_asm+0x1a/0x30
[   22.783010]  </TASK>
[   22.783021] 
[   22.790385] Allocated by task 207:
[   22.790570]  kasan_save_stack+0x45/0x70
[   22.790768]  kasan_save_track+0x18/0x40
[   22.790953]  kasan_save_alloc_info+0x3b/0x50
[   22.791251]  __kasan_krealloc+0x190/0x1f0
[   22.791430]  krealloc_noprof+0xf3/0x340
[   22.791616]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.791770]  krealloc_less_oob+0x1c/0x30
[   22.791901]  kunit_try_run_case+0x1a5/0x480
[   22.792040]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.792360]  kthread+0x337/0x6f0
[   22.792542]  ret_from_fork+0x116/0x1d0
[   22.792725]  ret_from_fork_asm+0x1a/0x30
[   22.792914] 
[   22.793008] The buggy address belongs to the object at ffff8881055a0e00
[   22.793008]  which belongs to the cache kmalloc-256 of size 256
[   22.793621] The buggy address is located 0 bytes to the right of
[   22.793621]  allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9)
[   22.794025] 
[   22.794115] The buggy address belongs to the physical page:
[   22.794445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0
[   22.794813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.795104] flags: 0x200000000000040(head|node=0|zone=2)
[   22.795535] page_type: f5(slab)
[   22.795686] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.795973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.796295] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.796570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.796913] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff
[   22.797336] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.797667] page dumped because: kasan: bad access detected
[   22.797882] 
[   22.797972] Memory state around the buggy address:
[   22.798244]  ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.798484]  ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.798692] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.798969]                                               ^
[   22.799303]  ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.799632]  ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.799934] ==================================================================
[   22.853585] ==================================================================
[   22.853889] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   22.854140] Write of size 1 at addr ffff8881055a0eea by task kunit_try_catch/207
[   22.855492] 
[   22.855616] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.855664] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.855677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.855697] Call Trace:
[   22.855710]  <TASK>
[   22.855725]  dump_stack_lvl+0x73/0xb0
[   22.855752]  print_report+0xd1/0x650
[   22.855774]  ? __virt_addr_valid+0x1db/0x2d0
[   22.855796]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   22.855819]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.855844]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   22.855866]  kasan_report+0x141/0x180
[   22.855888]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   22.855915]  __asan_report_store1_noabort+0x1b/0x30
[   22.855938]  krealloc_less_oob_helper+0xe90/0x11d0
[   22.855963]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.855986]  ? finish_task_switch.isra.0+0x153/0x700
[   22.856006]  ? __switch_to+0x47/0xf50
[   22.856031]  ? __schedule+0x10cc/0x2b60
[   22.856058]  ? __pfx_read_tsc+0x10/0x10
[   22.856086]  krealloc_less_oob+0x1c/0x30
[   22.856107]  kunit_try_run_case+0x1a5/0x480
[   22.856131]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.856154]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.856175]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.856212]  ? __kthread_parkme+0x82/0x180
[   22.856231]  ? preempt_count_sub+0x50/0x80
[   22.856254]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.856279]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.856303]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.856327]  kthread+0x337/0x6f0
[   22.856346]  ? trace_preempt_on+0x20/0xc0
[   22.856368]  ? __pfx_kthread+0x10/0x10
[   22.856388]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.856411]  ? calculate_sigpending+0x7b/0xa0
[   22.856434]  ? __pfx_kthread+0x10/0x10
[   22.856465]  ret_from_fork+0x116/0x1d0
[   22.856484]  ? __pfx_kthread+0x10/0x10
[   22.856504]  ret_from_fork_asm+0x1a/0x30
[   22.856535]  </TASK>
[   22.856546] 
[   22.870389] Allocated by task 207:
[   22.870530]  kasan_save_stack+0x45/0x70
[   22.870674]  kasan_save_track+0x18/0x40
[   22.870798]  kasan_save_alloc_info+0x3b/0x50
[   22.870933]  __kasan_krealloc+0x190/0x1f0
[   22.871061]  krealloc_noprof+0xf3/0x340
[   22.871254]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.872101]  krealloc_less_oob+0x1c/0x30
[   22.872683]  kunit_try_run_case+0x1a5/0x480
[   22.873215]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.873965]  kthread+0x337/0x6f0
[   22.874540]  ret_from_fork+0x116/0x1d0
[   22.874990]  ret_from_fork_asm+0x1a/0x30
[   22.875500] 
[   22.875717] The buggy address belongs to the object at ffff8881055a0e00
[   22.875717]  which belongs to the cache kmalloc-256 of size 256
[   22.877138] The buggy address is located 33 bytes to the right of
[   22.877138]  allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9)
[   22.877781] 
[   22.877862] The buggy address belongs to the physical page:
[   22.878033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0
[   22.878285] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.878783] flags: 0x200000000000040(head|node=0|zone=2)
[   22.879426] page_type: f5(slab)
[   22.879616] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.880064] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.880646] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.881076] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.881596] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff
[   22.882028] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.882490] page dumped because: kasan: bad access detected
[   22.882842] 
[   22.882941] Memory state around the buggy address:
[   22.883149]  ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.883815]  ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.884215] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.884739]                                                           ^
[   22.885005]  ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.885391]  ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.886002] ==================================================================
[   22.887167] ==================================================================
[   22.887809] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   22.888877] Write of size 1 at addr ffff8881055a0eeb by task kunit_try_catch/207
[   22.889653] 
[   22.889936] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.890124] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.890139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.890211] Call Trace:
[   22.890230]  <TASK>
[   22.890246]  dump_stack_lvl+0x73/0xb0
[   22.890275]  print_report+0xd1/0x650
[   22.890298]  ? __virt_addr_valid+0x1db/0x2d0
[   22.890320]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   22.890343]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.890368]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   22.890391]  kasan_report+0x141/0x180
[   22.890412]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   22.890439]  __asan_report_store1_noabort+0x1b/0x30
[   22.890473]  krealloc_less_oob_helper+0xd47/0x11d0
[   22.890498]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.890522]  ? finish_task_switch.isra.0+0x153/0x700
[   22.890542]  ? __switch_to+0x47/0xf50
[   22.890568]  ? __schedule+0x10cc/0x2b60
[   22.890594]  ? __pfx_read_tsc+0x10/0x10
[   22.890619]  krealloc_less_oob+0x1c/0x30
[   22.890641]  kunit_try_run_case+0x1a5/0x480
[   22.890666]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.890689]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.890710]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.890735]  ? __kthread_parkme+0x82/0x180
[   22.890755]  ? preempt_count_sub+0x50/0x80
[   22.890778]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.890802]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.890825]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.890849]  kthread+0x337/0x6f0
[   22.890869]  ? trace_preempt_on+0x20/0xc0
[   22.890891]  ? __pfx_kthread+0x10/0x10
[   22.890912]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.890935]  ? calculate_sigpending+0x7b/0xa0
[   22.890959]  ? __pfx_kthread+0x10/0x10
[   22.890980]  ret_from_fork+0x116/0x1d0
[   22.890999]  ? __pfx_kthread+0x10/0x10
[   22.891019]  ret_from_fork_asm+0x1a/0x30
[   22.891050]  </TASK>
[   22.891060] 
[   22.902270] Allocated by task 207:
[   22.902605]  kasan_save_stack+0x45/0x70
[   22.902806]  kasan_save_track+0x18/0x40
[   22.902983]  kasan_save_alloc_info+0x3b/0x50
[   22.903179]  __kasan_krealloc+0x190/0x1f0
[   22.903351]  krealloc_noprof+0xf3/0x340
[   22.903531]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.903750]  krealloc_less_oob+0x1c/0x30
[   22.903931]  kunit_try_run_case+0x1a5/0x480
[   22.904119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.904888]  kthread+0x337/0x6f0
[   22.905046]  ret_from_fork+0x116/0x1d0
[   22.905227]  ret_from_fork_asm+0x1a/0x30
[   22.905712] 
[   22.905813] The buggy address belongs to the object at ffff8881055a0e00
[   22.905813]  which belongs to the cache kmalloc-256 of size 256
[   22.906855] The buggy address is located 34 bytes to the right of
[   22.906855]  allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9)
[   22.907720] 
[   22.907902] The buggy address belongs to the physical page:
[   22.908122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0
[   22.908745] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.909106] flags: 0x200000000000040(head|node=0|zone=2)
[   22.909453] page_type: f5(slab)
[   22.909766] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.910270] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.910714] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.911098] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.911504] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff
[   22.911833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.912142] page dumped because: kasan: bad access detected
[   22.912806] 
[   22.912902] Memory state around the buggy address:
[   22.913069]  ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.913592]  ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.913879] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.914136]                                                           ^
[   22.914400]  ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.914708]  ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.914988] ==================================================================
[   22.974710] ==================================================================
[   22.975082] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   22.975475] Write of size 1 at addr ffff8881057460c9 by task kunit_try_catch/211
[   22.976588] 
[   22.976896] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.976949] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.977068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.977090] Call Trace:
[   22.977104]  <TASK>
[   22.977121]  dump_stack_lvl+0x73/0xb0
[   22.977154]  print_report+0xd1/0x650
[   22.977176]  ? __virt_addr_valid+0x1db/0x2d0
[   22.977221]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.977244]  ? kasan_addr_to_slab+0x11/0xa0
[   22.977268]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.977290]  kasan_report+0x141/0x180
[   22.977312]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.977339]  __asan_report_store1_noabort+0x1b/0x30
[   22.977363]  krealloc_less_oob_helper+0xd70/0x11d0
[   22.977388]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.977410]  ? finish_task_switch.isra.0+0x153/0x700
[   22.977432]  ? __switch_to+0x47/0xf50
[   22.977476]  ? __schedule+0x10cc/0x2b60
[   22.977502]  ? __pfx_read_tsc+0x10/0x10
[   22.977533]  krealloc_large_less_oob+0x1c/0x30
[   22.977556]  kunit_try_run_case+0x1a5/0x480
[   22.977582]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.977604]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.977625]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.977650]  ? __kthread_parkme+0x82/0x180
[   22.977670]  ? preempt_count_sub+0x50/0x80
[   22.977692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.977715]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.977738]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.977762]  kthread+0x337/0x6f0
[   22.977781]  ? trace_preempt_on+0x20/0xc0
[   22.977804]  ? __pfx_kthread+0x10/0x10
[   22.977825]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.977851]  ? calculate_sigpending+0x7b/0xa0
[   22.977875]  ? __pfx_kthread+0x10/0x10
[   22.977896]  ret_from_fork+0x116/0x1d0
[   22.977915]  ? __pfx_kthread+0x10/0x10
[   22.977935]  ret_from_fork_asm+0x1a/0x30
[   22.977967]  </TASK>
[   22.977978] 
[   22.994543] The buggy address belongs to the physical page:
[   22.994723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744
[   22.995737] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.996536] flags: 0x200000000000040(head|node=0|zone=2)
[   22.997196] page_type: f8(unknown)
[   22.997683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.998364] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.998605] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.998827] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.999066] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff
[   22.999476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.999793] page dumped because: kasan: bad access detected
[   23.000447] 
[   23.000568] Memory state around the buggy address:
[   23.001065]  ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.001531]  ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.001777] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.002096]                                               ^
[   23.002572]  ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.002947]  ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.003499] ==================================================================
[   23.040710] ==================================================================
[   23.041212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.041669] Write of size 1 at addr ffff8881057460ea by task kunit_try_catch/211
[   23.041971] 
[   23.042099] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   23.042200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.042215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.042235] Call Trace:
[   23.042248]  <TASK>
[   23.042262]  dump_stack_lvl+0x73/0xb0
[   23.042289]  print_report+0xd1/0x650
[   23.042310]  ? __virt_addr_valid+0x1db/0x2d0
[   23.042333]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.042355]  ? kasan_addr_to_slab+0x11/0xa0
[   23.042379]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.042402]  kasan_report+0x141/0x180
[   23.042423]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.042450]  __asan_report_store1_noabort+0x1b/0x30
[   23.042487]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.042512]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.042535]  ? finish_task_switch.isra.0+0x153/0x700
[   23.042555]  ? __switch_to+0x47/0xf50
[   23.042586]  ? __schedule+0x10cc/0x2b60
[   23.042610]  ? __pfx_read_tsc+0x10/0x10
[   23.042639]  krealloc_large_less_oob+0x1c/0x30
[   23.042661]  kunit_try_run_case+0x1a5/0x480
[   23.042685]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.042707]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.042727]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.042775]  ? __kthread_parkme+0x82/0x180
[   23.042795]  ? preempt_count_sub+0x50/0x80
[   23.042817]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.042841]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.042879]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.042916]  kthread+0x337/0x6f0
[   23.042949]  ? trace_preempt_on+0x20/0xc0
[   23.042971]  ? __pfx_kthread+0x10/0x10
[   23.042991]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.043014]  ? calculate_sigpending+0x7b/0xa0
[   23.043037]  ? __pfx_kthread+0x10/0x10
[   23.043059]  ret_from_fork+0x116/0x1d0
[   23.043078]  ? __pfx_kthread+0x10/0x10
[   23.043099]  ret_from_fork_asm+0x1a/0x30
[   23.043129]  </TASK>
[   23.043140] 
[   23.051821] The buggy address belongs to the physical page:
[   23.052588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744
[   23.052830] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.053126] flags: 0x200000000000040(head|node=0|zone=2)
[   23.053415] page_type: f8(unknown)
[   23.053601] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.053943] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.054310] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.054720] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.055054] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff
[   23.055479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.055799] page dumped because: kasan: bad access detected
[   23.055972] 
[   23.056042] Memory state around the buggy address:
[   23.056418]  ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.056930]  ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.057283] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.057744]                                                           ^
[   23.058055]  ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.058489]  ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.058732] ==================================================================
[   22.801892] ==================================================================
[   22.802500] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   22.802746] Write of size 1 at addr ffff8881055a0ed0 by task kunit_try_catch/207
[   22.802963] 
[   22.803042] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.803086] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.803098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.803117] Call Trace:
[   22.803130]  <TASK>
[   22.803810]  dump_stack_lvl+0x73/0xb0
[   22.803852]  print_report+0xd1/0x650
[   22.803876]  ? __virt_addr_valid+0x1db/0x2d0
[   22.803898]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.803921]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.803948]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.803972]  kasan_report+0x141/0x180
[   22.803994]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.804021]  __asan_report_store1_noabort+0x1b/0x30
[   22.804045]  krealloc_less_oob_helper+0xe23/0x11d0
[   22.804070]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.804094]  ? finish_task_switch.isra.0+0x153/0x700
[   22.804115]  ? __switch_to+0x47/0xf50
[   22.804149]  ? __schedule+0x10cc/0x2b60
[   22.804174]  ? __pfx_read_tsc+0x10/0x10
[   22.804199]  krealloc_less_oob+0x1c/0x30
[   22.804220]  kunit_try_run_case+0x1a5/0x480
[   22.804244]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.804267]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.804287]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.804312]  ? __kthread_parkme+0x82/0x180
[   22.804332]  ? preempt_count_sub+0x50/0x80
[   22.804354]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.804378]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.804402]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.804425]  kthread+0x337/0x6f0
[   22.804446]  ? trace_preempt_on+0x20/0xc0
[   22.804480]  ? __pfx_kthread+0x10/0x10
[   22.804545]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.804569]  ? calculate_sigpending+0x7b/0xa0
[   22.804593]  ? __pfx_kthread+0x10/0x10
[   22.804615]  ret_from_fork+0x116/0x1d0
[   22.804635]  ? __pfx_kthread+0x10/0x10
[   22.804656]  ret_from_fork_asm+0x1a/0x30
[   22.804688]  </TASK>
[   22.804700] 
[   22.812869] Allocated by task 207:
[   22.813029]  kasan_save_stack+0x45/0x70
[   22.813228]  kasan_save_track+0x18/0x40
[   22.813505]  kasan_save_alloc_info+0x3b/0x50
[   22.813716]  __kasan_krealloc+0x190/0x1f0
[   22.813917]  krealloc_noprof+0xf3/0x340
[   22.814105]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.814412]  krealloc_less_oob+0x1c/0x30
[   22.814788]  kunit_try_run_case+0x1a5/0x480
[   22.814946]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.815145]  kthread+0x337/0x6f0
[   22.815325]  ret_from_fork+0x116/0x1d0
[   22.815594]  ret_from_fork_asm+0x1a/0x30
[   22.815736] 
[   22.815800] The buggy address belongs to the object at ffff8881055a0e00
[   22.815800]  which belongs to the cache kmalloc-256 of size 256
[   22.816359] The buggy address is located 7 bytes to the right of
[   22.816359]  allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9)
[   22.816992] 
[   22.817086] The buggy address belongs to the physical page:
[   22.817328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0
[   22.817574] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.818312] flags: 0x200000000000040(head|node=0|zone=2)
[   22.818565] page_type: f5(slab)
[   22.818683] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.818935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.819736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.820562] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.821370] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff
[   22.821858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.822369] page dumped because: kasan: bad access detected
[   22.822759] 
[   22.822849] Memory state around the buggy address:
[   22.823053]  ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.823612]  ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.823916] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.824551]                                                  ^
[   22.824958]  ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.825606]  ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.825903] ==================================================================
[   23.023109] ==================================================================
[   23.023443] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.023872] Write of size 1 at addr ffff8881057460da by task kunit_try_catch/211
[   23.024286] 
[   23.024374] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   23.024440] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.024453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.024484] Call Trace:
[   23.024498]  <TASK>
[   23.024513]  dump_stack_lvl+0x73/0xb0
[   23.024538]  print_report+0xd1/0x650
[   23.024559]  ? __virt_addr_valid+0x1db/0x2d0
[   23.024581]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.024624]  ? kasan_addr_to_slab+0x11/0xa0
[   23.024648]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.024670]  kasan_report+0x141/0x180
[   23.024691]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.024718]  __asan_report_store1_noabort+0x1b/0x30
[   23.024742]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.024785]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.024808]  ? finish_task_switch.isra.0+0x153/0x700
[   23.024829]  ? __switch_to+0x47/0xf50
[   23.024859]  ? __schedule+0x10cc/0x2b60
[   23.024884]  ? __pfx_read_tsc+0x10/0x10
[   23.024913]  krealloc_large_less_oob+0x1c/0x30
[   23.024936]  kunit_try_run_case+0x1a5/0x480
[   23.024960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.024983]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.025020]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.025045]  ? __kthread_parkme+0x82/0x180
[   23.025064]  ? preempt_count_sub+0x50/0x80
[   23.025103]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.025127]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.025194]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.025219]  kthread+0x337/0x6f0
[   23.025239]  ? trace_preempt_on+0x20/0xc0
[   23.025261]  ? __pfx_kthread+0x10/0x10
[   23.025281]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.025304]  ? calculate_sigpending+0x7b/0xa0
[   23.025328]  ? __pfx_kthread+0x10/0x10
[   23.025349]  ret_from_fork+0x116/0x1d0
[   23.025369]  ? __pfx_kthread+0x10/0x10
[   23.025389]  ret_from_fork_asm+0x1a/0x30
[   23.025419]  </TASK>
[   23.025430] 
[   23.033725] The buggy address belongs to the physical page:
[   23.033928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744
[   23.034541] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.034916] flags: 0x200000000000040(head|node=0|zone=2)
[   23.035262] page_type: f8(unknown)
[   23.035469] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.035804] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.036159] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.036504] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.036772] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff
[   23.037103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.037667] page dumped because: kasan: bad access detected
[   23.037850] 
[   23.037916] Memory state around the buggy address:
[   23.038065]  ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.038586]  ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.038929] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.039491]                                                     ^
[   23.039794]  ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.040102]  ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.040365] ==================================================================
[   23.004414] ==================================================================
[   23.005674] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.006078] Write of size 1 at addr ffff8881057460d0 by task kunit_try_catch/211
[   23.007013] 
[   23.007224] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   23.007371] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.007385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.007405] Call Trace:
[   23.007418]  <TASK>
[   23.007432]  dump_stack_lvl+0x73/0xb0
[   23.007475]  print_report+0xd1/0x650
[   23.007497]  ? __virt_addr_valid+0x1db/0x2d0
[   23.007520]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.007542]  ? kasan_addr_to_slab+0x11/0xa0
[   23.007565]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.007588]  kasan_report+0x141/0x180
[   23.007609]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.007636]  __asan_report_store1_noabort+0x1b/0x30
[   23.007660]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.007684]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.007707]  ? finish_task_switch.isra.0+0x153/0x700
[   23.007728]  ? __switch_to+0x47/0xf50
[   23.007758]  ? __schedule+0x10cc/0x2b60
[   23.007783]  ? __pfx_read_tsc+0x10/0x10
[   23.007812]  krealloc_large_less_oob+0x1c/0x30
[   23.007833]  kunit_try_run_case+0x1a5/0x480
[   23.007858]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.007880]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.007900]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.007925]  ? __kthread_parkme+0x82/0x180
[   23.007944]  ? preempt_count_sub+0x50/0x80
[   23.007966]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.007990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.008012]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.008036]  kthread+0x337/0x6f0
[   23.008054]  ? trace_preempt_on+0x20/0xc0
[   23.008076]  ? __pfx_kthread+0x10/0x10
[   23.008096]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.008118]  ? calculate_sigpending+0x7b/0xa0
[   23.008142]  ? __pfx_kthread+0x10/0x10
[   23.008163]  ret_from_fork+0x116/0x1d0
[   23.008182]  ? __pfx_kthread+0x10/0x10
[   23.008203]  ret_from_fork_asm+0x1a/0x30
[   23.008233]  </TASK>
[   23.008245] 
[   23.016151] The buggy address belongs to the physical page:
[   23.016529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744
[   23.016900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.017438] flags: 0x200000000000040(head|node=0|zone=2)
[   23.017729] page_type: f8(unknown)
[   23.017890] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.018106] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.018342] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.018927] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.019339] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff
[   23.019691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.019990] page dumped because: kasan: bad access detected
[   23.020195] 
[   23.020286] Memory state around the buggy address:
[   23.020512]  ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.020821]  ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.021154] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.021451]                                                  ^
[   23.021714]  ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.022112]  ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.022704] ==================================================================
[   23.059106] ==================================================================
[   23.059371] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.059725] Write of size 1 at addr ffff8881057460eb by task kunit_try_catch/211
[   23.059966] 
[   23.060041] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   23.060082] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.060094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.060113] Call Trace:
[   23.060128]  <TASK>
[   23.060143]  dump_stack_lvl+0x73/0xb0
[   23.060168]  print_report+0xd1/0x650
[   23.060189]  ? __virt_addr_valid+0x1db/0x2d0
[   23.060211]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.060233]  ? kasan_addr_to_slab+0x11/0xa0
[   23.060257]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.060279]  kasan_report+0x141/0x180
[   23.060300]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.060328]  __asan_report_store1_noabort+0x1b/0x30
[   23.060351]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.060375]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.060398]  ? finish_task_switch.isra.0+0x153/0x700
[   23.060419]  ? __switch_to+0x47/0xf50
[   23.060449]  ? __schedule+0x10cc/0x2b60
[   23.060584]  ? __pfx_read_tsc+0x10/0x10
[   23.060614]  krealloc_large_less_oob+0x1c/0x30
[   23.060637]  kunit_try_run_case+0x1a5/0x480
[   23.060662]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.060684]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.060705]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.060729]  ? __kthread_parkme+0x82/0x180
[   23.060749]  ? preempt_count_sub+0x50/0x80
[   23.060771]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.060795]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.060818]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.060841]  kthread+0x337/0x6f0
[   23.060860]  ? trace_preempt_on+0x20/0xc0
[   23.060882]  ? __pfx_kthread+0x10/0x10
[   23.060902]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.060925]  ? calculate_sigpending+0x7b/0xa0
[   23.060949]  ? __pfx_kthread+0x10/0x10
[   23.060970]  ret_from_fork+0x116/0x1d0
[   23.060989]  ? __pfx_kthread+0x10/0x10
[   23.061009]  ret_from_fork_asm+0x1a/0x30
[   23.061039]  </TASK>
[   23.061049] 
[   23.070038] The buggy address belongs to the physical page:
[   23.070360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744
[   23.070845] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.071173] flags: 0x200000000000040(head|node=0|zone=2)
[   23.071503] page_type: f8(unknown)
[   23.071648] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.071983] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.072329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.072569] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.072975] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff
[   23.073438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.073773] page dumped because: kasan: bad access detected
[   23.074017] 
[   23.074083] Memory state around the buggy address:
[   23.074224]  ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.074425]  ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.074765] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.075076]                                                           ^
[   23.075563]  ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.076103]  ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.076526] ==================================================================
[   22.827038] ==================================================================
[   22.827671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   22.828136] Write of size 1 at addr ffff8881055a0eda by task kunit_try_catch/207
[   22.828744] 
[   22.828853] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.828898] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.828911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.828930] Call Trace:
[   22.828945]  <TASK>
[   22.828960]  dump_stack_lvl+0x73/0xb0
[   22.828989]  print_report+0xd1/0x650
[   22.829010]  ? __virt_addr_valid+0x1db/0x2d0
[   22.829033]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.829055]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.829080]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.829103]  kasan_report+0x141/0x180
[   22.829125]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.829154]  __asan_report_store1_noabort+0x1b/0x30
[   22.829178]  krealloc_less_oob_helper+0xec6/0x11d0
[   22.829359]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.829385]  ? finish_task_switch.isra.0+0x153/0x700
[   22.829421]  ? __switch_to+0x47/0xf50
[   22.829447]  ? __schedule+0x10cc/0x2b60
[   22.829484]  ? __pfx_read_tsc+0x10/0x10
[   22.829509]  krealloc_less_oob+0x1c/0x30
[   22.829531]  kunit_try_run_case+0x1a5/0x480
[   22.829556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.829579]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.829601]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.829626]  ? __kthread_parkme+0x82/0x180
[   22.829645]  ? preempt_count_sub+0x50/0x80
[   22.829667]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.829691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.829714]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.829738]  kthread+0x337/0x6f0
[   22.829758]  ? trace_preempt_on+0x20/0xc0
[   22.829779]  ? __pfx_kthread+0x10/0x10
[   22.829799]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.829822]  ? calculate_sigpending+0x7b/0xa0
[   22.829854]  ? __pfx_kthread+0x10/0x10
[   22.829876]  ret_from_fork+0x116/0x1d0
[   22.829894]  ? __pfx_kthread+0x10/0x10
[   22.829915]  ret_from_fork_asm+0x1a/0x30
[   22.829946]  </TASK>
[   22.829956] 
[   22.840036] Allocated by task 207:
[   22.840498]  kasan_save_stack+0x45/0x70
[   22.840710]  kasan_save_track+0x18/0x40
[   22.840924]  kasan_save_alloc_info+0x3b/0x50
[   22.841111]  __kasan_krealloc+0x190/0x1f0
[   22.841580]  krealloc_noprof+0xf3/0x340
[   22.841866]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.842049]  krealloc_less_oob+0x1c/0x30
[   22.842262]  kunit_try_run_case+0x1a5/0x480
[   22.842688]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.843102]  kthread+0x337/0x6f0
[   22.843262]  ret_from_fork+0x116/0x1d0
[   22.843477]  ret_from_fork_asm+0x1a/0x30
[   22.843882] 
[   22.844087] The buggy address belongs to the object at ffff8881055a0e00
[   22.844087]  which belongs to the cache kmalloc-256 of size 256
[   22.844858] The buggy address is located 17 bytes to the right of
[   22.844858]  allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9)
[   22.845467] 
[   22.845561] The buggy address belongs to the physical page:
[   22.845782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0
[   22.846127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.846641] flags: 0x200000000000040(head|node=0|zone=2)
[   22.846962] page_type: f5(slab)
[   22.847113] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.847757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.848121] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.848558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.849104] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff
[   22.849565] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.849893] page dumped because: kasan: bad access detected
[   22.850112] 
[   22.850417] Memory state around the buggy address:
[   22.850654]  ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.850941]  ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.851402] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.851801]                                                     ^
[   22.852341]  ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.852629]  ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.853047] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMOF8s2A2UwjPib0KeBbIV61UG

job_id

TEST:linaro@lkft#2zMOKhbfzWPDwh45umdhdhUF4H1

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMOKhbfzWPDwh45umdhdhUF4H1

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMOHOWFJIfy24rIK923z4Yrl7h/bzImage
sha256sum	e44a7e50f99d7a9802d66068185b6905dcc4c9fd4182e425a09649a677927cc3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMOHOWFJIfy24rIK923z4Yrl7h/modules.tar.xz
sha256sum	dfdae765b4e29de5ab27efcfb47c5d1a2a4b5c6ed3c786764ae66cbe24c85522

durations

tests

boot	0
kunit	215.40

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit