Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.352885] ================================================================== [ 36.360200] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 36.367878] Write of size 1 at addr ffff0000861920f0 by task kunit_try_catch/269 [ 36.375370] [ 36.376901] CPU: 3 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.376929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.376938] Hardware name: Thundercomm Dragonboard 845c (DT) [ 36.376948] Call trace: [ 36.376955] show_stack+0x20/0x38 (C) [ 36.376973] dump_stack_lvl+0x8c/0xd0 [ 36.376992] print_report+0x118/0x608 [ 36.377012] kasan_report+0xdc/0x128 [ 36.377030] __asan_report_store1_noabort+0x20/0x30 [ 36.377048] krealloc_more_oob_helper+0x5c0/0x678 [ 36.377066] krealloc_large_more_oob+0x20/0x38 [ 36.377086] kunit_try_run_case+0x170/0x3f0 [ 36.377105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.377126] kthread+0x328/0x630 [ 36.377140] ret_from_fork+0x10/0x20 [ 36.377158] [ 36.447972] The buggy address belongs to the physical page: [ 36.453623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106190 [ 36.461729] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.469487] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.476545] page_type: f8(unknown) [ 36.480010] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.487857] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 36.495705] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.503639] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 36.511573] head: 0bfffe0000000002 fffffdffc2186401 00000000ffffffff 00000000ffffffff [ 36.519504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.527432] page dumped because: kasan: bad access detected [ 36.533080] [ 36.534610] Memory state around the buggy address: [ 36.539471] ffff000086191f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.546787] ffff000086192000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.554102] >ffff000086192080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 36.561416] ^ [ 36.568383] ffff000086192100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.575700] ffff000086192180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.583016] ================================================================== [ 33.896092] ================================================================== [ 33.907040] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 33.914710] Write of size 1 at addr ffff0000861896eb by task kunit_try_catch/265 [ 33.922205] [ 33.923745] CPU: 3 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.923773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.923780] Hardware name: Thundercomm Dragonboard 845c (DT) [ 33.923791] Call trace: [ 33.923797] show_stack+0x20/0x38 (C) [ 33.923815] dump_stack_lvl+0x8c/0xd0 [ 33.923835] print_report+0x118/0x608 [ 33.923855] kasan_report+0xdc/0x128 [ 33.923873] __asan_report_store1_noabort+0x20/0x30 [ 33.923890] krealloc_more_oob_helper+0x60c/0x678 [ 33.923909] krealloc_more_oob+0x20/0x38 [ 33.923928] kunit_try_run_case+0x170/0x3f0 [ 33.923946] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.923967] kthread+0x328/0x630 [ 33.923981] ret_from_fork+0x10/0x20 [ 33.923998] [ 33.994280] Allocated by task 265: [ 33.997736] kasan_save_stack+0x3c/0x68 [ 34.001646] kasan_save_track+0x20/0x40 [ 34.005555] kasan_save_alloc_info+0x40/0x58 [ 34.009892] __kasan_krealloc+0x118/0x178 [ 34.013973] krealloc_noprof+0x128/0x360 [ 34.017969] krealloc_more_oob_helper+0x168/0x678 [ 34.022753] krealloc_more_oob+0x20/0x38 [ 34.026747] kunit_try_run_case+0x170/0x3f0 [ 34.030998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.036564] kthread+0x328/0x630 [ 34.039856] ret_from_fork+0x10/0x20 [ 34.043495] [ 34.045032] The buggy address belongs to the object at ffff000086189600 [ 34.045032] which belongs to the cache kmalloc-256 of size 256 [ 34.057695] The buggy address is located 0 bytes to the right of [ 34.057695] allocated 235-byte region [ffff000086189600, ffff0000861896eb) [ 34.070799] [ 34.072334] The buggy address belongs to the physical page: [ 34.077983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106188 [ 34.086093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.093848] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.100910] page_type: f5(slab) [ 34.104113] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 34.111955] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.119799] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 34.127727] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.135655] head: 0bfffe0000000002 fffffdffc2186201 00000000ffffffff 00000000ffffffff [ 34.143583] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.151507] page dumped because: kasan: bad access detected [ 34.157150] [ 34.158679] Memory state around the buggy address: [ 34.163538] ffff000086189580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.170860] ffff000086189600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.178180] >ffff000086189680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 34.185498] ^ [ 34.192201] ffff000086189700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.199517] ffff000086189780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.206836] ================================================================== [ 36.111747] ================================================================== [ 36.122953] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 36.130631] Write of size 1 at addr ffff0000861920eb by task kunit_try_catch/269 [ 36.138133] [ 36.139675] CPU: 3 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.139703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.139712] Hardware name: Thundercomm Dragonboard 845c (DT) [ 36.139723] Call trace: [ 36.139729] show_stack+0x20/0x38 (C) [ 36.139746] dump_stack_lvl+0x8c/0xd0 [ 36.139767] print_report+0x118/0x608 [ 36.139787] kasan_report+0xdc/0x128 [ 36.139806] __asan_report_store1_noabort+0x20/0x30 [ 36.139823] krealloc_more_oob_helper+0x60c/0x678 [ 36.139843] krealloc_large_more_oob+0x20/0x38 [ 36.139861] kunit_try_run_case+0x170/0x3f0 [ 36.139880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.139901] kthread+0x328/0x630 [ 36.139917] ret_from_fork+0x10/0x20 [ 36.139934] [ 36.210731] The buggy address belongs to the physical page: [ 36.216378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106190 [ 36.224484] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.232241] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.239300] page_type: f8(unknown) [ 36.242767] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.250614] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 36.258462] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.266395] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 36.274328] head: 0bfffe0000000002 fffffdffc2186401 00000000ffffffff 00000000ffffffff [ 36.282261] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.290189] page dumped because: kasan: bad access detected [ 36.295834] [ 36.297364] Memory state around the buggy address: [ 36.302227] ffff000086191f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.309540] ffff000086192000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.316855] >ffff000086192080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 36.324167] ^ [ 36.330870] ffff000086192100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.338185] ffff000086192180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 36.345497] ================================================================== [ 34.214270] ================================================================== [ 34.221593] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 34.229264] Write of size 1 at addr ffff0000861896f0 by task kunit_try_catch/265 [ 34.236761] [ 34.238295] CPU: 3 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.238324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.238333] Hardware name: Thundercomm Dragonboard 845c (DT) [ 34.238343] Call trace: [ 34.238350] show_stack+0x20/0x38 (C) [ 34.238369] dump_stack_lvl+0x8c/0xd0 [ 34.238389] print_report+0x118/0x608 [ 34.238408] kasan_report+0xdc/0x128 [ 34.238427] __asan_report_store1_noabort+0x20/0x30 [ 34.238444] krealloc_more_oob_helper+0x5c0/0x678 [ 34.238464] krealloc_more_oob+0x20/0x38 [ 34.238482] kunit_try_run_case+0x170/0x3f0 [ 34.238501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.238522] kthread+0x328/0x630 [ 34.238537] ret_from_fork+0x10/0x20 [ 34.238555] [ 34.308868] Allocated by task 265: [ 34.312326] kasan_save_stack+0x3c/0x68 [ 34.316236] kasan_save_track+0x20/0x40 [ 34.320144] kasan_save_alloc_info+0x40/0x58 [ 34.324481] __kasan_krealloc+0x118/0x178 [ 34.328561] krealloc_noprof+0x128/0x360 [ 34.332556] krealloc_more_oob_helper+0x168/0x678 [ 34.337339] krealloc_more_oob+0x20/0x38 [ 34.341333] kunit_try_run_case+0x170/0x3f0 [ 34.345585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.351155] kthread+0x328/0x630 [ 34.354445] ret_from_fork+0x10/0x20 [ 34.358092] [ 34.359618] The buggy address belongs to the object at ffff000086189600 [ 34.359618] which belongs to the cache kmalloc-256 of size 256 [ 34.372272] The buggy address is located 5 bytes to the right of [ 34.372272] allocated 235-byte region [ffff000086189600, ffff0000861896eb) [ 34.385376] [ 34.386905] The buggy address belongs to the physical page: [ 34.392556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106188 [ 34.400667] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.408420] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.415475] page_type: f5(slab) [ 34.418681] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 34.426531] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.434373] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000 [ 34.442311] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.450250] head: 0bfffe0000000002 fffffdffc2186201 00000000ffffffff 00000000ffffffff [ 34.458189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.466123] page dumped because: kasan: bad access detected [ 34.471777] [ 34.473304] Memory state around the buggy address: [ 34.478164] ffff000086189580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.485487] ffff000086189600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.492807] >ffff000086189680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 34.500126] ^ [ 34.507094] ffff000086189700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.514416] ffff000086189780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.521734] ==================================================================
[ 30.843253] ================================================================== [ 30.843304] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.843356] Write of size 1 at addr fff00000c872c4f0 by task kunit_try_catch/188 [ 30.843686] [ 30.843733] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.844128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.844237] Hardware name: linux,dummy-virt (DT) [ 30.844271] Call trace: [ 30.844373] show_stack+0x20/0x38 (C) [ 30.844426] dump_stack_lvl+0x8c/0xd0 [ 30.844483] print_report+0x118/0x608 [ 30.844529] kasan_report+0xdc/0x128 [ 30.844870] __asan_report_store1_noabort+0x20/0x30 [ 30.844934] krealloc_more_oob_helper+0x5c0/0x678 [ 30.844986] krealloc_more_oob+0x20/0x38 [ 30.845067] kunit_try_run_case+0x170/0x3f0 [ 30.845132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.845187] kthread+0x328/0x630 [ 30.845228] ret_from_fork+0x10/0x20 [ 30.845286] [ 30.845306] Allocated by task 188: [ 30.845345] kasan_save_stack+0x3c/0x68 [ 30.845390] kasan_save_track+0x20/0x40 [ 30.845428] kasan_save_alloc_info+0x40/0x58 [ 30.845465] __kasan_krealloc+0x118/0x178 [ 30.845504] krealloc_noprof+0x128/0x360 [ 30.845548] krealloc_more_oob_helper+0x168/0x678 [ 30.845595] krealloc_more_oob+0x20/0x38 [ 30.845632] kunit_try_run_case+0x170/0x3f0 [ 30.845680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.845725] kthread+0x328/0x630 [ 30.845766] ret_from_fork+0x10/0x20 [ 30.845810] [ 30.845829] The buggy address belongs to the object at fff00000c872c400 [ 30.845829] which belongs to the cache kmalloc-256 of size 256 [ 30.845906] The buggy address is located 5 bytes to the right of [ 30.845906] allocated 235-byte region [fff00000c872c400, fff00000c872c4eb) [ 30.845976] [ 30.845995] The buggy address belongs to the physical page: [ 30.846030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.846086] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.846131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.846181] page_type: f5(slab) [ 30.846219] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.846279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.846336] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.846385] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.846444] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.846520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.846568] page dumped because: kasan: bad access detected [ 30.846598] [ 30.846615] Memory state around the buggy address: [ 30.846655] fff00000c872c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.846697] fff00000c872c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.846738] >fff00000c872c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.846774] ^ [ 30.846823] fff00000c872c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847375] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847420] ================================================================== [ 30.831912] ================================================================== [ 30.832036] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.832144] Write of size 1 at addr fff00000c872c4eb by task kunit_try_catch/188 [ 30.832370] [ 30.832406] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.832882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.832959] Hardware name: linux,dummy-virt (DT) [ 30.833052] Call trace: [ 30.833152] show_stack+0x20/0x38 (C) [ 30.833290] dump_stack_lvl+0x8c/0xd0 [ 30.833453] print_report+0x118/0x608 [ 30.833504] kasan_report+0xdc/0x128 [ 30.833817] __asan_report_store1_noabort+0x20/0x30 [ 30.833935] krealloc_more_oob_helper+0x60c/0x678 [ 30.834150] krealloc_more_oob+0x20/0x38 [ 30.834327] kunit_try_run_case+0x170/0x3f0 [ 30.834459] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.834808] kthread+0x328/0x630 [ 30.834985] ret_from_fork+0x10/0x20 [ 30.835206] [ 30.835319] Allocated by task 188: [ 30.835370] kasan_save_stack+0x3c/0x68 [ 30.835771] kasan_save_track+0x20/0x40 [ 30.836289] kasan_save_alloc_info+0x40/0x58 [ 30.836416] __kasan_krealloc+0x118/0x178 [ 30.836619] krealloc_noprof+0x128/0x360 [ 30.836852] krealloc_more_oob_helper+0x168/0x678 [ 30.836990] krealloc_more_oob+0x20/0x38 [ 30.837100] kunit_try_run_case+0x170/0x3f0 [ 30.837269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.837323] kthread+0x328/0x630 [ 30.837499] ret_from_fork+0x10/0x20 [ 30.837630] [ 30.837802] The buggy address belongs to the object at fff00000c872c400 [ 30.837802] which belongs to the cache kmalloc-256 of size 256 [ 30.837907] The buggy address is located 0 bytes to the right of [ 30.837907] allocated 235-byte region [fff00000c872c400, fff00000c872c4eb) [ 30.838337] [ 30.838392] The buggy address belongs to the physical page: [ 30.838428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.838493] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.839060] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.839151] page_type: f5(slab) [ 30.839258] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.839470] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.839582] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.839752] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.839962] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.840148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.840355] page dumped because: kasan: bad access detected [ 30.840490] [ 30.840582] Memory state around the buggy address: [ 30.840618] fff00000c872c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.840665] fff00000c872c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.840713] >fff00000c872c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.841027] ^ [ 30.841210] fff00000c872c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.841355] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.841396] ================================================================== [ 30.928211] ================================================================== [ 30.928372] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.928521] Write of size 1 at addr fff00000c9bc60f0 by task kunit_try_catch/192 [ 30.928681] [ 30.928712] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.928795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.928827] Hardware name: linux,dummy-virt (DT) [ 30.928868] Call trace: [ 30.929038] show_stack+0x20/0x38 (C) [ 30.929260] dump_stack_lvl+0x8c/0xd0 [ 30.929334] print_report+0x118/0x608 [ 30.929382] kasan_report+0xdc/0x128 [ 30.929445] __asan_report_store1_noabort+0x20/0x30 [ 30.929506] krealloc_more_oob_helper+0x5c0/0x678 [ 30.929566] krealloc_large_more_oob+0x20/0x38 [ 30.929617] kunit_try_run_case+0x170/0x3f0 [ 30.929681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.929736] kthread+0x328/0x630 [ 30.929778] ret_from_fork+0x10/0x20 [ 30.929826] [ 30.930097] The buggy address belongs to the physical page: [ 30.930507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.930742] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.930792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.930948] page_type: f8(unknown) [ 30.931334] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.931584] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.931761] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.932178] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.932322] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.932394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.932605] page dumped because: kasan: bad access detected [ 30.932704] [ 30.932728] Memory state around the buggy address: [ 30.932761] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.932803] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.932854] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.932892] ^ [ 30.932930] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.932971] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.933008] ================================================================== [ 30.921521] ================================================================== [ 30.921616] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.921823] Write of size 1 at addr fff00000c9bc60eb by task kunit_try_catch/192 [ 30.921890] [ 30.921926] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.922021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.922233] Hardware name: linux,dummy-virt (DT) [ 30.922582] Call trace: [ 30.922624] show_stack+0x20/0x38 (C) [ 30.922771] dump_stack_lvl+0x8c/0xd0 [ 30.923086] print_report+0x118/0x608 [ 30.923193] kasan_report+0xdc/0x128 [ 30.923280] __asan_report_store1_noabort+0x20/0x30 [ 30.923389] krealloc_more_oob_helper+0x60c/0x678 [ 30.923445] krealloc_large_more_oob+0x20/0x38 [ 30.923607] kunit_try_run_case+0x170/0x3f0 [ 30.923700] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.923763] kthread+0x328/0x630 [ 30.923805] ret_from_fork+0x10/0x20 [ 30.923862] [ 30.924245] The buggy address belongs to the physical page: [ 30.924298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.924442] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.924496] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.924623] page_type: f8(unknown) [ 30.924675] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.924727] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.924919] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.925219] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.925317] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.925439] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.925531] page dumped because: kasan: bad access detected [ 30.925667] [ 30.925776] Memory state around the buggy address: [ 30.925830] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.926096] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.926275] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.926527] ^ [ 30.926594] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.926663] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.926703] ==================================================================
[ 22.754526] ================================================================== [ 22.754819] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.755097] Write of size 1 at addr ffff888100a900f0 by task kunit_try_catch/205 [ 22.755321] [ 22.755401] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.755444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.755466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.755486] Call Trace: [ 22.755497] <TASK> [ 22.755510] dump_stack_lvl+0x73/0xb0 [ 22.755536] print_report+0xd1/0x650 [ 22.755556] ? __virt_addr_valid+0x1db/0x2d0 [ 22.755578] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.755624] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755646] kasan_report+0x141/0x180 [ 22.755667] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755694] __asan_report_store1_noabort+0x1b/0x30 [ 22.755717] krealloc_more_oob_helper+0x7eb/0x930 [ 22.755738] ? __schedule+0x10cc/0x2b60 [ 22.755765] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.755789] ? __kasan_check_write+0x18/0x20 [ 22.755811] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.755831] ? irqentry_exit+0x2a/0x60 [ 22.755851] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.755873] ? trace_hardirqs_on+0x37/0xe0 [ 22.755894] ? __pfx_read_tsc+0x10/0x10 [ 22.755917] krealloc_more_oob+0x1c/0x30 [ 22.755938] kunit_try_run_case+0x1a5/0x480 [ 22.755961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.755985] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.756006] ? __kthread_parkme+0x82/0x180 [ 22.756025] ? preempt_count_sub+0x50/0x80 [ 22.756047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.756071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.756093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.756116] kthread+0x337/0x6f0 [ 22.756135] ? trace_preempt_on+0x20/0xc0 [ 22.756156] ? __pfx_kthread+0x10/0x10 [ 22.756176] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.756202] ? calculate_sigpending+0x7b/0xa0 [ 22.756225] ? __pfx_kthread+0x10/0x10 [ 22.756246] ret_from_fork+0x116/0x1d0 [ 22.756264] ? __pfx_kthread+0x10/0x10 [ 22.756284] ret_from_fork_asm+0x1a/0x30 [ 22.756314] </TASK> [ 22.756324] [ 22.764297] Allocated by task 205: [ 22.764481] kasan_save_stack+0x45/0x70 [ 22.764679] kasan_save_track+0x18/0x40 [ 22.764863] kasan_save_alloc_info+0x3b/0x50 [ 22.765065] __kasan_krealloc+0x190/0x1f0 [ 22.765495] krealloc_noprof+0xf3/0x340 [ 22.765694] krealloc_more_oob_helper+0x1a9/0x930 [ 22.765911] krealloc_more_oob+0x1c/0x30 [ 22.766079] kunit_try_run_case+0x1a5/0x480 [ 22.766343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.766573] kthread+0x337/0x6f0 [ 22.766688] ret_from_fork+0x116/0x1d0 [ 22.766865] ret_from_fork_asm+0x1a/0x30 [ 22.767049] [ 22.767120] The buggy address belongs to the object at ffff888100a90000 [ 22.767120] which belongs to the cache kmalloc-256 of size 256 [ 22.767550] The buggy address is located 5 bytes to the right of [ 22.767550] allocated 235-byte region [ffff888100a90000, ffff888100a900eb) [ 22.768039] [ 22.768198] The buggy address belongs to the physical page: [ 22.768448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a90 [ 22.768797] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.769044] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 22.769452] page_type: f5(slab) [ 22.769638] raw: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.769973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.770403] head: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.770735] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.771038] head: 0200000000000001 ffffea000402a401 00000000ffffffff 00000000ffffffff [ 22.771414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.771734] page dumped because: kasan: bad access detected [ 22.771954] [ 22.772037] Memory state around the buggy address: [ 22.772318] ffff888100a8ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.772607] ffff888100a90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.772881] >ffff888100a90080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.773336] ^ [ 22.773623] ffff888100a90100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773910] ffff888100a90180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.774255] ================================================================== [ 22.919811] ================================================================== [ 22.920279] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.920536] Write of size 1 at addr ffff888105eae0eb by task kunit_try_catch/209 [ 22.922018] [ 22.922201] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.922253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.922266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.922288] Call Trace: [ 22.922301] <TASK> [ 22.922318] dump_stack_lvl+0x73/0xb0 [ 22.922348] print_report+0xd1/0x650 [ 22.922394] ? __virt_addr_valid+0x1db/0x2d0 [ 22.922433] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922475] ? kasan_addr_to_slab+0x11/0xa0 [ 22.922499] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922656] kasan_report+0x141/0x180 [ 22.922684] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922713] __asan_report_store1_noabort+0x1b/0x30 [ 22.922736] krealloc_more_oob_helper+0x821/0x930 [ 22.922758] ? __schedule+0x10cc/0x2b60 [ 22.922784] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.922807] ? finish_task_switch.isra.0+0x153/0x700 [ 22.922830] ? __switch_to+0x47/0xf50 [ 22.922856] ? __schedule+0x10cc/0x2b60 [ 22.922880] ? __pfx_read_tsc+0x10/0x10 [ 22.922920] krealloc_large_more_oob+0x1c/0x30 [ 22.922942] kunit_try_run_case+0x1a5/0x480 [ 22.922990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.923013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.923034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.923058] ? __kthread_parkme+0x82/0x180 [ 22.923079] ? preempt_count_sub+0x50/0x80 [ 22.923101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.923125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.923148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.923172] kthread+0x337/0x6f0 [ 22.923192] ? trace_preempt_on+0x20/0xc0 [ 22.923215] ? __pfx_kthread+0x10/0x10 [ 22.923236] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.923259] ? calculate_sigpending+0x7b/0xa0 [ 22.923282] ? __pfx_kthread+0x10/0x10 [ 22.923303] ret_from_fork+0x116/0x1d0 [ 22.923322] ? __pfx_kthread+0x10/0x10 [ 22.923343] ret_from_fork_asm+0x1a/0x30 [ 22.923374] </TASK> [ 22.923385] [ 22.937587] The buggy address belongs to the physical page: [ 22.937832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac [ 22.938072] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.938772] flags: 0x200000000000040(head|node=0|zone=2) [ 22.939345] page_type: f8(unknown) [ 22.939686] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.940357] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.940822] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.941055] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.941320] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff [ 22.942096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.942700] page dumped because: kasan: bad access detected [ 22.942878] [ 22.942944] Memory state around the buggy address: [ 22.943094] ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.943745] ffff888105eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.944472] >ffff888105eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.945086] ^ [ 22.945733] ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.946083] ffff888105eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.946666] ================================================================== [ 22.947034] ================================================================== [ 22.947304] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.948039] Write of size 1 at addr ffff888105eae0f0 by task kunit_try_catch/209 [ 22.948406] [ 22.948723] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.948775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.948787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.948808] Call Trace: [ 22.948823] <TASK> [ 22.948840] dump_stack_lvl+0x73/0xb0 [ 22.948868] print_report+0xd1/0x650 [ 22.948890] ? __virt_addr_valid+0x1db/0x2d0 [ 22.948928] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.948950] ? kasan_addr_to_slab+0x11/0xa0 [ 22.948986] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.949009] kasan_report+0x141/0x180 [ 22.949031] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.949058] __asan_report_store1_noabort+0x1b/0x30 [ 22.949091] krealloc_more_oob_helper+0x7eb/0x930 [ 22.949112] ? __schedule+0x10cc/0x2b60 [ 22.949137] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.949180] ? finish_task_switch.isra.0+0x153/0x700 [ 22.949594] ? __switch_to+0x47/0xf50 [ 22.949622] ? __schedule+0x10cc/0x2b60 [ 22.949646] ? __pfx_read_tsc+0x10/0x10 [ 22.949682] krealloc_large_more_oob+0x1c/0x30 [ 22.949704] kunit_try_run_case+0x1a5/0x480 [ 22.949731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.949754] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.949775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.949800] ? __kthread_parkme+0x82/0x180 [ 22.949819] ? preempt_count_sub+0x50/0x80 [ 22.949846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.949870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.949894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.949917] kthread+0x337/0x6f0 [ 22.949936] ? trace_preempt_on+0x20/0xc0 [ 22.949959] ? __pfx_kthread+0x10/0x10 [ 22.949979] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.950002] ? calculate_sigpending+0x7b/0xa0 [ 22.950025] ? __pfx_kthread+0x10/0x10 [ 22.950046] ret_from_fork+0x116/0x1d0 [ 22.950065] ? __pfx_kthread+0x10/0x10 [ 22.950085] ret_from_fork_asm+0x1a/0x30 [ 22.950116] </TASK> [ 22.950127] [ 22.959934] The buggy address belongs to the physical page: [ 22.960552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac [ 22.961016] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.961640] flags: 0x200000000000040(head|node=0|zone=2) [ 22.962094] page_type: f8(unknown) [ 22.962721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.963429] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.964022] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.964903] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.965739] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff [ 22.966392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.967053] page dumped because: kasan: bad access detected [ 22.967483] [ 22.967579] Memory state around the buggy address: [ 22.967794] ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.968078] ffff888105eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.968736] >ffff888105eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.969357] ^ [ 22.969868] ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.970655] ffff888105eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.971163] ================================================================== [ 22.733518] ================================================================== [ 22.734041] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.734508] Write of size 1 at addr ffff888100a900eb by task kunit_try_catch/205 [ 22.734814] [ 22.734918] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.734965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.734977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.734998] Call Trace: [ 22.735012] <TASK> [ 22.735028] dump_stack_lvl+0x73/0xb0 [ 22.735058] print_report+0xd1/0x650 [ 22.735080] ? __virt_addr_valid+0x1db/0x2d0 [ 22.735106] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.735244] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735267] kasan_report+0x141/0x180 [ 22.735289] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735317] __asan_report_store1_noabort+0x1b/0x30 [ 22.735340] krealloc_more_oob_helper+0x821/0x930 [ 22.735361] ? __schedule+0x10cc/0x2b60 [ 22.735390] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.735415] ? __kasan_check_write+0x18/0x20 [ 22.735437] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.735467] ? irqentry_exit+0x2a/0x60 [ 22.735488] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.735510] ? trace_hardirqs_on+0x37/0xe0 [ 22.735531] ? __pfx_read_tsc+0x10/0x10 [ 22.735556] krealloc_more_oob+0x1c/0x30 [ 22.735576] kunit_try_run_case+0x1a5/0x480 [ 22.735602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735627] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.735647] ? __kthread_parkme+0x82/0x180 [ 22.735667] ? preempt_count_sub+0x50/0x80 [ 22.735690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.735737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.735761] kthread+0x337/0x6f0 [ 22.735781] ? trace_preempt_on+0x20/0xc0 [ 22.735803] ? __pfx_kthread+0x10/0x10 [ 22.735823] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.735848] ? calculate_sigpending+0x7b/0xa0 [ 22.735872] ? __pfx_kthread+0x10/0x10 [ 22.735894] ret_from_fork+0x116/0x1d0 [ 22.735912] ? __pfx_kthread+0x10/0x10 [ 22.735933] ret_from_fork_asm+0x1a/0x30 [ 22.735963] </TASK> [ 22.735974] [ 22.743959] Allocated by task 205: [ 22.744114] kasan_save_stack+0x45/0x70 [ 22.744343] kasan_save_track+0x18/0x40 [ 22.744485] kasan_save_alloc_info+0x3b/0x50 [ 22.744645] __kasan_krealloc+0x190/0x1f0 [ 22.744832] krealloc_noprof+0xf3/0x340 [ 22.745023] krealloc_more_oob_helper+0x1a9/0x930 [ 22.745404] krealloc_more_oob+0x1c/0x30 [ 22.745617] kunit_try_run_case+0x1a5/0x480 [ 22.745797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.746004] kthread+0x337/0x6f0 [ 22.746118] ret_from_fork+0x116/0x1d0 [ 22.746424] ret_from_fork_asm+0x1a/0x30 [ 22.746633] [ 22.746725] The buggy address belongs to the object at ffff888100a90000 [ 22.746725] which belongs to the cache kmalloc-256 of size 256 [ 22.747287] The buggy address is located 0 bytes to the right of [ 22.747287] allocated 235-byte region [ffff888100a90000, ffff888100a900eb) [ 22.747799] [ 22.747888] The buggy address belongs to the physical page: [ 22.748100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a90 [ 22.748497] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.748720] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 22.748899] page_type: f5(slab) [ 22.749013] raw: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.749469] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.749807] head: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.750255] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.750556] head: 0200000000000001 ffffea000402a401 00000000ffffffff 00000000ffffffff [ 22.750783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.751073] page dumped because: kasan: bad access detected [ 22.751398] [ 22.751503] Memory state around the buggy address: [ 22.751729] ffff888100a8ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.752039] ffff888100a90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.752396] >ffff888100a90080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.752653] ^ [ 22.752940] ffff888100a90100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.753365] ffff888100a90180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.753640] ==================================================================