Hay
Date
July 4, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.416116] ==================================================================
[   29.416267] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.416503] Write of size 1 at addr fff00000c907f0ea by task kunit_try_catch/191
[   29.416558] 
[   29.416596] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.416678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.416703] Hardware name: linux,dummy-virt (DT)
[   29.416733] Call trace:
[   29.416963]  show_stack+0x20/0x38 (C)
[   29.417092]  dump_stack_lvl+0x8c/0xd0
[   29.417170]  print_report+0x118/0x608
[   29.417244]  kasan_report+0xdc/0x128
[   29.417380]  __asan_report_store1_noabort+0x20/0x30
[   29.417436]  krealloc_less_oob_helper+0xae4/0xc50
[   29.417503]  krealloc_less_oob+0x20/0x38
[   29.417556]  kunit_try_run_case+0x170/0x3f0
[   29.417723]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.418004]  kthread+0x328/0x630
[   29.418292]  ret_from_fork+0x10/0x20
[   29.418389] 
[   29.418539] Allocated by task 191:
[   29.418626]  kasan_save_stack+0x3c/0x68
[   29.418751]  kasan_save_track+0x20/0x40
[   29.418851]  kasan_save_alloc_info+0x40/0x58
[   29.419027]  __kasan_krealloc+0x118/0x178
[   29.419066]  krealloc_noprof+0x128/0x360
[   29.419133]  krealloc_less_oob_helper+0x168/0xc50
[   29.419326]  krealloc_less_oob+0x20/0x38
[   29.419512]  kunit_try_run_case+0x170/0x3f0
[   29.419675]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.419744]  kthread+0x328/0x630
[   29.419875]  ret_from_fork+0x10/0x20
[   29.419982] 
[   29.420096] The buggy address belongs to the object at fff00000c907f000
[   29.420096]  which belongs to the cache kmalloc-256 of size 256
[   29.420538] The buggy address is located 33 bytes to the right of
[   29.420538]  allocated 201-byte region [fff00000c907f000, fff00000c907f0c9)
[   29.420716] 
[   29.420777] The buggy address belongs to the physical page:
[   29.420849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.420995] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.421094] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.421157] page_type: f5(slab)
[   29.421412] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.421492] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.421661] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.421830] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.421908] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.421966] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.422015] page dumped because: kasan: bad access detected
[   29.422047] 
[   29.422065] Memory state around the buggy address:
[   29.422112]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.422169]  fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.422220] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.422256]                                                           ^
[   29.422293]  fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.422340]  fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.422378] ==================================================================
[   29.487405] ==================================================================
[   29.487461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.487515] Write of size 1 at addr fff00000c9a5a0c9 by task kunit_try_catch/195
[   29.487564] 
[   29.488131] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.488229] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.488255] Hardware name: linux,dummy-virt (DT)
[   29.488456] Call trace:
[   29.488484]  show_stack+0x20/0x38 (C)
[   29.488537]  dump_stack_lvl+0x8c/0xd0
[   29.488629]  print_report+0x118/0x608
[   29.488706]  kasan_report+0xdc/0x128
[   29.488752]  __asan_report_store1_noabort+0x20/0x30
[   29.489154]  krealloc_less_oob_helper+0xa48/0xc50
[   29.489205]  krealloc_large_less_oob+0x20/0x38
[   29.489625]  kunit_try_run_case+0x170/0x3f0
[   29.489702]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.489805]  kthread+0x328/0x630
[   29.489846]  ret_from_fork+0x10/0x20
[   29.490350] 
[   29.490387] The buggy address belongs to the physical page:
[   29.490419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   29.490473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.490520] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.490570] page_type: f8(unknown)
[   29.490609] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.490968] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.491021] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.491068] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.491247] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   29.491632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.491688] page dumped because: kasan: bad access detected
[   29.492049] 
[   29.492189] Memory state around the buggy address:
[   29.492332]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.492378]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.492421] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.492960]                                               ^
[   29.493033]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.493508]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.493651] ==================================================================
[   29.422824] ==================================================================
[   29.422869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.423259] Write of size 1 at addr fff00000c907f0eb by task kunit_try_catch/191
[   29.423645] 
[   29.423689] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.423772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.423807] Hardware name: linux,dummy-virt (DT)
[   29.423910] Call trace:
[   29.424063]  show_stack+0x20/0x38 (C)
[   29.424117]  dump_stack_lvl+0x8c/0xd0
[   29.424161]  print_report+0x118/0x608
[   29.424214]  kasan_report+0xdc/0x128
[   29.424260]  __asan_report_store1_noabort+0x20/0x30
[   29.424306]  krealloc_less_oob_helper+0xa58/0xc50
[   29.424496]  krealloc_less_oob+0x20/0x38
[   29.424583]  kunit_try_run_case+0x170/0x3f0
[   29.424681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.424767]  kthread+0x328/0x630
[   29.424978]  ret_from_fork+0x10/0x20
[   29.425035] 
[   29.425219] Allocated by task 191:
[   29.425314]  kasan_save_stack+0x3c/0x68
[   29.425367]  kasan_save_track+0x20/0x40
[   29.425463]  kasan_save_alloc_info+0x40/0x58
[   29.425504]  __kasan_krealloc+0x118/0x178
[   29.425542]  krealloc_noprof+0x128/0x360
[   29.425580]  krealloc_less_oob_helper+0x168/0xc50
[   29.425781]  krealloc_less_oob+0x20/0x38
[   29.425933]  kunit_try_run_case+0x170/0x3f0
[   29.426002]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.426241]  kthread+0x328/0x630
[   29.426560]  ret_from_fork+0x10/0x20
[   29.426706] 
[   29.426777] The buggy address belongs to the object at fff00000c907f000
[   29.426777]  which belongs to the cache kmalloc-256 of size 256
[   29.426972] The buggy address is located 34 bytes to the right of
[   29.426972]  allocated 201-byte region [fff00000c907f000, fff00000c907f0c9)
[   29.427042] 
[   29.427063] The buggy address belongs to the physical page:
[   29.427094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.427268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.427565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.427739] page_type: f5(slab)
[   29.427982] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.428086] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.428194] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.428347] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.428481] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.428621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.428777] page dumped because: kasan: bad access detected
[   29.429022] 
[   29.429112] Memory state around the buggy address:
[   29.429273]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.429440]  fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.429581] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.429620]                                                           ^
[   29.429808]  fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.432793]  fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.433748] ==================================================================
[   29.411018] ==================================================================
[   29.411260] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.411345] Write of size 1 at addr fff00000c907f0da by task kunit_try_catch/191
[   29.411439] 
[   29.411486] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.411576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.411602] Hardware name: linux,dummy-virt (DT)
[   29.411632] Call trace:
[   29.411654]  show_stack+0x20/0x38 (C)
[   29.411723]  dump_stack_lvl+0x8c/0xd0
[   29.411768]  print_report+0x118/0x608
[   29.411814]  kasan_report+0xdc/0x128
[   29.411858]  __asan_report_store1_noabort+0x20/0x30
[   29.411972]  krealloc_less_oob_helper+0xa80/0xc50
[   29.412051]  krealloc_less_oob+0x20/0x38
[   29.412135]  kunit_try_run_case+0x170/0x3f0
[   29.412221]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.412274]  kthread+0x328/0x630
[   29.412374]  ret_from_fork+0x10/0x20
[   29.412470] 
[   29.412489] Allocated by task 191:
[   29.412589]  kasan_save_stack+0x3c/0x68
[   29.412646]  kasan_save_track+0x20/0x40
[   29.412703]  kasan_save_alloc_info+0x40/0x58
[   29.412840]  __kasan_krealloc+0x118/0x178
[   29.412916]  krealloc_noprof+0x128/0x360
[   29.412982]  krealloc_less_oob_helper+0x168/0xc50
[   29.413071]  krealloc_less_oob+0x20/0x38
[   29.413108]  kunit_try_run_case+0x170/0x3f0
[   29.413171]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.413235]  kthread+0x328/0x630
[   29.413472]  ret_from_fork+0x10/0x20
[   29.413548] 
[   29.413596] The buggy address belongs to the object at fff00000c907f000
[   29.413596]  which belongs to the cache kmalloc-256 of size 256
[   29.413653] The buggy address is located 17 bytes to the right of
[   29.413653]  allocated 201-byte region [fff00000c907f000, fff00000c907f0c9)
[   29.414003] 
[   29.414036] The buggy address belongs to the physical page:
[   29.414106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.414281] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.414375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.414432] page_type: f5(slab)
[   29.414469] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.414517] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.414964] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.415060] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.415175] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.415226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.415265] page dumped because: kasan: bad access detected
[   29.415305] 
[   29.415323] Memory state around the buggy address:
[   29.415355]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.415405]  fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.415460] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.415498]                                                     ^
[   29.415535]  fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.415577]  fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.415626] ==================================================================
[   29.502475] ==================================================================
[   29.502524] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.502832] Write of size 1 at addr fff00000c9a5a0da by task kunit_try_catch/195
[   29.503116] 
[   29.503388] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.503571] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.503598] Hardware name: linux,dummy-virt (DT)
[   29.503627] Call trace:
[   29.503648]  show_stack+0x20/0x38 (C)
[   29.503697]  dump_stack_lvl+0x8c/0xd0
[   29.504226]  print_report+0x118/0x608
[   29.504292]  kasan_report+0xdc/0x128
[   29.504339]  __asan_report_store1_noabort+0x20/0x30
[   29.504398]  krealloc_less_oob_helper+0xa80/0xc50
[   29.504791]  krealloc_large_less_oob+0x20/0x38
[   29.505086]  kunit_try_run_case+0x170/0x3f0
[   29.505142]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.505201]  kthread+0x328/0x630
[   29.505518]  ret_from_fork+0x10/0x20
[   29.505781] 
[   29.505814] The buggy address belongs to the physical page:
[   29.505844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   29.505913] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.505968] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.506018] page_type: f8(unknown)
[   29.506055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.506646] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.506997] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.507047] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.507275] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   29.507328] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.507389] page dumped because: kasan: bad access detected
[   29.507542] 
[   29.507561] Memory state around the buggy address:
[   29.507917]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.508190]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.508235] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.508272]                                                     ^
[   29.508376]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.508418]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.508456] ==================================================================
[   29.510111] ==================================================================
[   29.510167] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.510215] Write of size 1 at addr fff00000c9a5a0ea by task kunit_try_catch/195
[   29.510263] 
[   29.510378] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.510529] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.510838] Hardware name: linux,dummy-virt (DT)
[   29.511018] Call trace:
[   29.511074]  show_stack+0x20/0x38 (C)
[   29.511262]  dump_stack_lvl+0x8c/0xd0
[   29.511312]  print_report+0x118/0x608
[   29.511604]  kasan_report+0xdc/0x128
[   29.511653]  __asan_report_store1_noabort+0x20/0x30
[   29.511700]  krealloc_less_oob_helper+0xae4/0xc50
[   29.511749]  krealloc_large_less_oob+0x20/0x38
[   29.511795]  kunit_try_run_case+0x170/0x3f0
[   29.511845]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.512246]  kthread+0x328/0x630
[   29.512307]  ret_from_fork+0x10/0x20
[   29.512355] 
[   29.512375] The buggy address belongs to the physical page:
[   29.512539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   29.513075] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.513122] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.513659] page_type: f8(unknown)
[   29.513845] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.513905] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.514038] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.514099] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.514147] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   29.514661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.514744] page dumped because: kasan: bad access detected
[   29.514775] 
[   29.514793] Memory state around the buggy address:
[   29.514823]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.514865]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.514915] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.514954]                                                           ^
[   29.514991]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.515031]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.515408] ==================================================================
[   29.399214] ==================================================================
[   29.399293] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.399381] Write of size 1 at addr fff00000c907f0c9 by task kunit_try_catch/191
[   29.399432] 
[   29.399461] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.399570] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.399598] Hardware name: linux,dummy-virt (DT)
[   29.399627] Call trace:
[   29.399649]  show_stack+0x20/0x38 (C)
[   29.399697]  dump_stack_lvl+0x8c/0xd0
[   29.399741]  print_report+0x118/0x608
[   29.399808]  kasan_report+0xdc/0x128
[   29.399853]  __asan_report_store1_noabort+0x20/0x30
[   29.399969]  krealloc_less_oob_helper+0xa48/0xc50
[   29.400056]  krealloc_less_oob+0x20/0x38
[   29.400103]  kunit_try_run_case+0x170/0x3f0
[   29.400176]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.400230]  kthread+0x328/0x630
[   29.400309]  ret_from_fork+0x10/0x20
[   29.400355] 
[   29.400373] Allocated by task 191:
[   29.400400]  kasan_save_stack+0x3c/0x68
[   29.400593]  kasan_save_track+0x20/0x40
[   29.400698]  kasan_save_alloc_info+0x40/0x58
[   29.400850]  __kasan_krealloc+0x118/0x178
[   29.400888]  krealloc_noprof+0x128/0x360
[   29.400936]  krealloc_less_oob_helper+0x168/0xc50
[   29.401029]  krealloc_less_oob+0x20/0x38
[   29.401105]  kunit_try_run_case+0x170/0x3f0
[   29.401143]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.401185]  kthread+0x328/0x630
[   29.401310]  ret_from_fork+0x10/0x20
[   29.401347] 
[   29.401373] The buggy address belongs to the object at fff00000c907f000
[   29.401373]  which belongs to the cache kmalloc-256 of size 256
[   29.401448] The buggy address is located 0 bytes to the right of
[   29.401448]  allocated 201-byte region [fff00000c907f000, fff00000c907f0c9)
[   29.401577] 
[   29.401657] The buggy address belongs to the physical page:
[   29.401947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.402008] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.402072] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.402121] page_type: f5(slab)
[   29.402351] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.402526] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.402729] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.402829] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.403096] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.403196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.403320] page dumped because: kasan: bad access detected
[   29.403412] 
[   29.403465] Memory state around the buggy address:
[   29.403549]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.403643]  fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.403732] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.403785]                                               ^
[   29.403913]  fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.403962]  fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.404146] ==================================================================
[   29.406065] ==================================================================
[   29.406112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.406398] Write of size 1 at addr fff00000c907f0d0 by task kunit_try_catch/191
[   29.406462] 
[   29.406492] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.406595] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.406621] Hardware name: linux,dummy-virt (DT)
[   29.406650] Call trace:
[   29.406672]  show_stack+0x20/0x38 (C)
[   29.406720]  dump_stack_lvl+0x8c/0xd0
[   29.406955]  print_report+0x118/0x608
[   29.407035]  kasan_report+0xdc/0x128
[   29.407142]  __asan_report_store1_noabort+0x20/0x30
[   29.407208]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.407321]  krealloc_less_oob+0x20/0x38
[   29.407396]  kunit_try_run_case+0x170/0x3f0
[   29.407509]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.407562]  kthread+0x328/0x630
[   29.407609]  ret_from_fork+0x10/0x20
[   29.407655] 
[   29.407673] Allocated by task 191:
[   29.407709]  kasan_save_stack+0x3c/0x68
[   29.407749]  kasan_save_track+0x20/0x40
[   29.407823]  kasan_save_alloc_info+0x40/0x58
[   29.407974]  __kasan_krealloc+0x118/0x178
[   29.408017]  krealloc_noprof+0x128/0x360
[   29.408054]  krealloc_less_oob_helper+0x168/0xc50
[   29.408092]  krealloc_less_oob+0x20/0x38
[   29.408152]  kunit_try_run_case+0x170/0x3f0
[   29.408257]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.408301]  kthread+0x328/0x630
[   29.408333]  ret_from_fork+0x10/0x20
[   29.408367] 
[   29.408385] The buggy address belongs to the object at fff00000c907f000
[   29.408385]  which belongs to the cache kmalloc-256 of size 256
[   29.408478] The buggy address is located 7 bytes to the right of
[   29.408478]  allocated 201-byte region [fff00000c907f000, fff00000c907f0c9)
[   29.408586] 
[   29.408634] The buggy address belongs to the physical page:
[   29.408672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.408727] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.408772] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.408979] page_type: f5(slab)
[   29.409016] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.409090] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.409139] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.409201] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.409287] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.409337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.409376] page dumped because: kasan: bad access detected
[   29.409624] 
[   29.409663] Memory state around the buggy address:
[   29.409789]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.409859]  fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.410004] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.410085]                                                  ^
[   29.410190]  fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.410313]  fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.410398] ==================================================================
[   29.516531] ==================================================================
[   29.516578] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.516626] Write of size 1 at addr fff00000c9a5a0eb by task kunit_try_catch/195
[   29.516675] 
[   29.516703] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.517050] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.517685] Hardware name: linux,dummy-virt (DT)
[   29.517736] Call trace:
[   29.517758]  show_stack+0x20/0x38 (C)
[   29.517816]  dump_stack_lvl+0x8c/0xd0
[   29.517861]  print_report+0x118/0x608
[   29.518238]  kasan_report+0xdc/0x128
[   29.518510]  __asan_report_store1_noabort+0x20/0x30
[   29.518559]  krealloc_less_oob_helper+0xa58/0xc50
[   29.519079]  krealloc_large_less_oob+0x20/0x38
[   29.519251]  kunit_try_run_case+0x170/0x3f0
[   29.519301]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.519353]  kthread+0x328/0x630
[   29.519394]  ret_from_fork+0x10/0x20
[   29.519944] 
[   29.520209] The buggy address belongs to the physical page:
[   29.520241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   29.520547] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.520594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.520646] page_type: f8(unknown)
[   29.520683] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.521188] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.521663] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.521933] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.522199] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   29.522250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.522289] page dumped because: kasan: bad access detected
[   29.522319] 
[   29.522446] Memory state around the buggy address:
[   29.522489]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.522532]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.522847] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.523110]                                                           ^
[   29.523253]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.523554]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.523603] ==================================================================
[   29.495562] ==================================================================
[   29.495609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.495658] Write of size 1 at addr fff00000c9a5a0d0 by task kunit_try_catch/195
[   29.495705] 
[   29.495734] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.495814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.495841] Hardware name: linux,dummy-virt (DT)
[   29.496331] Call trace:
[   29.496518]  show_stack+0x20/0x38 (C)
[   29.496570]  dump_stack_lvl+0x8c/0xd0
[   29.497005]  print_report+0x118/0x608
[   29.497063]  kasan_report+0xdc/0x128
[   29.497337]  __asan_report_store1_noabort+0x20/0x30
[   29.497406]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.497454]  krealloc_large_less_oob+0x20/0x38
[   29.497501]  kunit_try_run_case+0x170/0x3f0
[   29.497550]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.497809]  kthread+0x328/0x630
[   29.497868]  ret_from_fork+0x10/0x20
[   29.497929] 
[   29.497951] The buggy address belongs to the physical page:
[   29.498023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   29.498093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.498139] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.498188] page_type: f8(unknown)
[   29.498398] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.498884] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.498947] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.498994] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.499506] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   29.499975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.500026] page dumped because: kasan: bad access detected
[   29.500352] 
[   29.500372] Memory state around the buggy address:
[   29.500533]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.500686]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.500728] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.500766]                                                  ^
[   29.500809]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.500851]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.501430] ==================================================================

[   24.785465] ==================================================================
[   24.785790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.786107] Write of size 1 at addr ffff8881060720eb by task kunit_try_catch/211
[   24.786349] 
[   24.786493] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.786546] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.786559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.786582] Call Trace:
[   24.786618]  <TASK>
[   24.786639]  dump_stack_lvl+0x73/0xb0
[   24.786667]  print_report+0xd1/0x650
[   24.786692]  ? __virt_addr_valid+0x1db/0x2d0
[   24.786717]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.786742]  ? kasan_addr_to_slab+0x11/0xa0
[   24.786769]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.786795]  kasan_report+0x141/0x180
[   24.786819]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.786849]  __asan_report_store1_noabort+0x1b/0x30
[   24.786876]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.786971]  ? __perf_event_task_sched_in+0x151/0x360
[   24.787003]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.787028]  ? finish_task_switch.isra.0+0x153/0x700
[   24.787053]  ? __switch_to+0x47/0xf50
[   24.787081]  ? __schedule+0x10cc/0x2b60
[   24.787107]  ? __pfx_read_tsc+0x10/0x10
[   24.787135]  krealloc_large_less_oob+0x1c/0x30
[   24.787214]  kunit_try_run_case+0x1a5/0x480
[   24.787246]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.787272]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.787298]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.787325]  ? __kthread_parkme+0x82/0x180
[   24.787347]  ? preempt_count_sub+0x50/0x80
[   24.787372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.787422]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.787449]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.787475]  kthread+0x337/0x6f0
[   24.787497]  ? trace_preempt_on+0x20/0xc0
[   24.787523]  ? __pfx_kthread+0x10/0x10
[   24.787545]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.787569]  ? calculate_sigpending+0x7b/0xa0
[   24.787595]  ? __pfx_kthread+0x10/0x10
[   24.787618]  ret_from_fork+0x116/0x1d0
[   24.787640]  ? __pfx_kthread+0x10/0x10
[   24.787662]  ret_from_fork_asm+0x1a/0x30
[   24.787696]  </TASK>
[   24.787710] 
[   24.796373] The buggy address belongs to the physical page:
[   24.796585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   24.796984] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.797756] flags: 0x200000000000040(head|node=0|zone=2)
[   24.798239] page_type: f8(unknown)
[   24.798435] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.798753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.799120] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.799471] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.799722] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff
[   24.800007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.800376] page dumped because: kasan: bad access detected
[   24.800650] 
[   24.800724] Memory state around the buggy address:
[   24.800886]  ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.801117]  ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.801823] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.802430]                                                           ^
[   24.802766]  ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.803109]  ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.803450] ==================================================================
[   24.761732] ==================================================================
[   24.762075] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.762469] Write of size 1 at addr ffff8881060720ea by task kunit_try_catch/211
[   24.762751] 
[   24.762865] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.762914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.762927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.762949] Call Trace:
[   24.762965]  <TASK>
[   24.762983]  dump_stack_lvl+0x73/0xb0
[   24.763010]  print_report+0xd1/0x650
[   24.763033]  ? __virt_addr_valid+0x1db/0x2d0
[   24.763057]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.763081]  ? kasan_addr_to_slab+0x11/0xa0
[   24.763107]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.763131]  kasan_report+0x141/0x180
[   24.763155]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.763184]  __asan_report_store1_noabort+0x1b/0x30
[   24.763210]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.763233]  ? __perf_event_task_sched_in+0x151/0x360
[   24.763261]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.763286]  ? finish_task_switch.isra.0+0x153/0x700
[   24.763308]  ? __switch_to+0x47/0xf50
[   24.763348]  ? __schedule+0x10cc/0x2b60
[   24.763373]  ? __pfx_read_tsc+0x10/0x10
[   24.763408]  krealloc_large_less_oob+0x1c/0x30
[   24.763432]  kunit_try_run_case+0x1a5/0x480
[   24.763459]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.763484]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.763509]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.763534]  ? __kthread_parkme+0x82/0x180
[   24.763556]  ? preempt_count_sub+0x50/0x80
[   24.763580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.763606]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.763632]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.763658]  kthread+0x337/0x6f0
[   24.763678]  ? trace_preempt_on+0x20/0xc0
[   24.763703]  ? __pfx_kthread+0x10/0x10
[   24.763725]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.763749]  ? calculate_sigpending+0x7b/0xa0
[   24.763774]  ? __pfx_kthread+0x10/0x10
[   24.763797]  ret_from_fork+0x116/0x1d0
[   24.763817]  ? __pfx_kthread+0x10/0x10
[   24.763839]  ret_from_fork_asm+0x1a/0x30
[   24.763872]  </TASK>
[   24.763886] 
[   24.777504] The buggy address belongs to the physical page:
[   24.777717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   24.778255] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.778535] flags: 0x200000000000040(head|node=0|zone=2)
[   24.778758] page_type: f8(unknown)
[   24.778943] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.779311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.779700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.780020] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.780367] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff
[   24.781769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.782031] page dumped because: kasan: bad access detected
[   24.782328] 
[   24.782413] Memory state around the buggy address:
[   24.782679]  ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.783077]  ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.783492] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.783850]                                                           ^
[   24.784147]  ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.784512]  ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.784840] ==================================================================
[   24.743638] ==================================================================
[   24.743895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.744271] Write of size 1 at addr ffff8881060720da by task kunit_try_catch/211
[   24.744633] 
[   24.744923] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.744976] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.744990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.745012] Call Trace:
[   24.745031]  <TASK>
[   24.745048]  dump_stack_lvl+0x73/0xb0
[   24.745077]  print_report+0xd1/0x650
[   24.745101]  ? __virt_addr_valid+0x1db/0x2d0
[   24.745126]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.745150]  ? kasan_addr_to_slab+0x11/0xa0
[   24.745177]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.745202]  kasan_report+0x141/0x180
[   24.745225]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.745254]  __asan_report_store1_noabort+0x1b/0x30
[   24.745344]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.745369]  ? __perf_event_task_sched_in+0x151/0x360
[   24.745412]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.745437]  ? finish_task_switch.isra.0+0x153/0x700
[   24.745461]  ? __switch_to+0x47/0xf50
[   24.745488]  ? __schedule+0x10cc/0x2b60
[   24.745514]  ? __pfx_read_tsc+0x10/0x10
[   24.745541]  krealloc_large_less_oob+0x1c/0x30
[   24.745564]  kunit_try_run_case+0x1a5/0x480
[   24.745592]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.745617]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.745642]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.745669]  ? __kthread_parkme+0x82/0x180
[   24.745690]  ? preempt_count_sub+0x50/0x80
[   24.745715]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.745741]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.745768]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.745794]  kthread+0x337/0x6f0
[   24.745815]  ? trace_preempt_on+0x20/0xc0
[   24.745841]  ? __pfx_kthread+0x10/0x10
[   24.745864]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.745901]  ? calculate_sigpending+0x7b/0xa0
[   24.745927]  ? __pfx_kthread+0x10/0x10
[   24.745951]  ret_from_fork+0x116/0x1d0
[   24.745971]  ? __pfx_kthread+0x10/0x10
[   24.745994]  ret_from_fork_asm+0x1a/0x30
[   24.746027]  </TASK>
[   24.746040] 
[   24.754830] The buggy address belongs to the physical page:
[   24.755079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   24.755448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.755810] flags: 0x200000000000040(head|node=0|zone=2)
[   24.756065] page_type: f8(unknown)
[   24.756196] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.756693] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.757106] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.757498] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.757840] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff
[   24.758301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.758610] page dumped because: kasan: bad access detected
[   24.758834] 
[   24.758955] Memory state around the buggy address:
[   24.759257]  ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.759576]  ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.759817] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.760404]                                                     ^
[   24.760681]  ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.761025]  ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.761308] ==================================================================
[   24.725901] ==================================================================
[   24.726147] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.726744] Write of size 1 at addr ffff8881060720d0 by task kunit_try_catch/211
[   24.727083] 
[   24.727175] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.727225] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.727238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.727332] Call Trace:
[   24.727352]  <TASK>
[   24.727371]  dump_stack_lvl+0x73/0xb0
[   24.727411]  print_report+0xd1/0x650
[   24.727435]  ? __virt_addr_valid+0x1db/0x2d0
[   24.727460]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.727484]  ? kasan_addr_to_slab+0x11/0xa0
[   24.727509]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.727533]  kasan_report+0x141/0x180
[   24.727557]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.727586]  __asan_report_store1_noabort+0x1b/0x30
[   24.727611]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.727634]  ? __perf_event_task_sched_in+0x151/0x360
[   24.727662]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.727686]  ? finish_task_switch.isra.0+0x153/0x700
[   24.727708]  ? __switch_to+0x47/0xf50
[   24.727735]  ? __schedule+0x10cc/0x2b60
[   24.727760]  ? __pfx_read_tsc+0x10/0x10
[   24.727786]  krealloc_large_less_oob+0x1c/0x30
[   24.727809]  kunit_try_run_case+0x1a5/0x480
[   24.727835]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.727859]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.727884]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.727909]  ? __kthread_parkme+0x82/0x180
[   24.727940]  ? preempt_count_sub+0x50/0x80
[   24.727964]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.727990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.728015]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.728041]  kthread+0x337/0x6f0
[   24.728062]  ? trace_preempt_on+0x20/0xc0
[   24.728087]  ? __pfx_kthread+0x10/0x10
[   24.728110]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.728134]  ? calculate_sigpending+0x7b/0xa0
[   24.728159]  ? __pfx_kthread+0x10/0x10
[   24.728182]  ret_from_fork+0x116/0x1d0
[   24.728203]  ? __pfx_kthread+0x10/0x10
[   24.728232]  ret_from_fork_asm+0x1a/0x30
[   24.728266]  </TASK>
[   24.728278] 
[   24.736631] The buggy address belongs to the physical page:
[   24.736863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   24.737289] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.737825] flags: 0x200000000000040(head|node=0|zone=2)
[   24.738022] page_type: f8(unknown)
[   24.738226] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.738605] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.738894] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.739353] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.739683] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff
[   24.739949] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.740511] page dumped because: kasan: bad access detected
[   24.740776] 
[   24.740858] Memory state around the buggy address:
[   24.741045]  ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.741405]  ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.741752] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.742089]                                                  ^
[   24.742472]  ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.742732]  ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.743284] ==================================================================
[   24.624740] ==================================================================
[   24.625116] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.625568] Write of size 1 at addr ffff888105d7e8eb by task kunit_try_catch/207
[   24.625804] 
[   24.625890] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.625938] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.625950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.625971] Call Trace:
[   24.625989]  <TASK>
[   24.626007]  dump_stack_lvl+0x73/0xb0
[   24.626034]  print_report+0xd1/0x650
[   24.626057]  ? __virt_addr_valid+0x1db/0x2d0
[   24.626081]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.626104]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.626130]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.626154]  kasan_report+0x141/0x180
[   24.626176]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.626205]  __asan_report_store1_noabort+0x1b/0x30
[   24.626230]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.626255]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.626279]  ? finish_task_switch.isra.0+0x153/0x700
[   24.626302]  ? __switch_to+0x47/0xf50
[   24.626329]  ? __schedule+0x10cc/0x2b60
[   24.626432]  ? __pfx_read_tsc+0x10/0x10
[   24.626459]  krealloc_less_oob+0x1c/0x30
[   24.626481]  kunit_try_run_case+0x1a5/0x480
[   24.626507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.626531]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.626555]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.626580]  ? __kthread_parkme+0x82/0x180
[   24.626601]  ? preempt_count_sub+0x50/0x80
[   24.626624]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.626650]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.626675]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.626700]  kthread+0x337/0x6f0
[   24.626720]  ? trace_preempt_on+0x20/0xc0
[   24.626745]  ? __pfx_kthread+0x10/0x10
[   24.626766]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.626790]  ? calculate_sigpending+0x7b/0xa0
[   24.626814]  ? __pfx_kthread+0x10/0x10
[   24.626836]  ret_from_fork+0x116/0x1d0
[   24.626855]  ? __pfx_kthread+0x10/0x10
[   24.626878]  ret_from_fork_asm+0x1a/0x30
[   24.626909]  </TASK>
[   24.626921] 
[   24.634968] Allocated by task 207:
[   24.635152]  kasan_save_stack+0x45/0x70
[   24.635297]  kasan_save_track+0x18/0x40
[   24.635441]  kasan_save_alloc_info+0x3b/0x50
[   24.635815]  __kasan_krealloc+0x190/0x1f0
[   24.636036]  krealloc_noprof+0xf3/0x340
[   24.636235]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.636588]  krealloc_less_oob+0x1c/0x30
[   24.636790]  kunit_try_run_case+0x1a5/0x480
[   24.637200]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.637407]  kthread+0x337/0x6f0
[   24.637580]  ret_from_fork+0x116/0x1d0
[   24.637751]  ret_from_fork_asm+0x1a/0x30
[   24.637993] 
[   24.638062] The buggy address belongs to the object at ffff888105d7e800
[   24.638062]  which belongs to the cache kmalloc-256 of size 256
[   24.638721] The buggy address is located 34 bytes to the right of
[   24.638721]  allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9)
[   24.639499] 
[   24.639586] The buggy address belongs to the physical page:
[   24.639827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e
[   24.640134] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.640512] flags: 0x200000000000040(head|node=0|zone=2)
[   24.640746] page_type: f5(slab)
[   24.640899] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.641202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.641536] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.641809] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.642222] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff
[   24.642596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.642888] page dumped because: kasan: bad access detected
[   24.643120] 
[   24.643492] Memory state around the buggy address:
[   24.643662]  ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.643881]  ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.644212] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.644560]                                                           ^
[   24.645000]  ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.645428]  ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.645708] ==================================================================
[   24.699298] ==================================================================
[   24.699823] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.700274] Write of size 1 at addr ffff8881060720c9 by task kunit_try_catch/211
[   24.701380] 
[   24.701529] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.701589] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.701604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.701630] Call Trace:
[   24.701645]  <TASK>
[   24.701665]  dump_stack_lvl+0x73/0xb0
[   24.701829]  print_report+0xd1/0x650
[   24.701862]  ? __virt_addr_valid+0x1db/0x2d0
[   24.701908]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.701934]  ? kasan_addr_to_slab+0x11/0xa0
[   24.701962]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.701988]  kasan_report+0x141/0x180
[   24.702013]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.702044]  __asan_report_store1_noabort+0x1b/0x30
[   24.702071]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.702095]  ? __perf_event_task_sched_in+0x151/0x360
[   24.702127]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.702153]  ? finish_task_switch.isra.0+0x153/0x700
[   24.702180]  ? __switch_to+0x47/0xf50
[   24.702210]  ? __schedule+0x10cc/0x2b60
[   24.702238]  ? __pfx_read_tsc+0x10/0x10
[   24.702267]  krealloc_large_less_oob+0x1c/0x30
[   24.702292]  kunit_try_run_case+0x1a5/0x480
[   24.702321]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.702347]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.702373]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.702414]  ? __kthread_parkme+0x82/0x180
[   24.702437]  ? preempt_count_sub+0x50/0x80
[   24.702463]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.702492]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.702520]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.702547]  kthread+0x337/0x6f0
[   24.702569]  ? trace_preempt_on+0x20/0xc0
[   24.702596]  ? __pfx_kthread+0x10/0x10
[   24.702620]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.702645]  ? calculate_sigpending+0x7b/0xa0
[   24.702672]  ? __pfx_kthread+0x10/0x10
[   24.702697]  ret_from_fork+0x116/0x1d0
[   24.702718]  ? __pfx_kthread+0x10/0x10
[   24.702741]  ret_from_fork_asm+0x1a/0x30
[   24.702775]  </TASK>
[   24.702790] 
[   24.715778] The buggy address belongs to the physical page:
[   24.716364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   24.716835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.717415] flags: 0x200000000000040(head|node=0|zone=2)
[   24.717803] page_type: f8(unknown)
[   24.718089] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.718537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.718849] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.719536] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.720018] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff
[   24.720671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.721294] page dumped because: kasan: bad access detected
[   24.721650] 
[   24.721741] Memory state around the buggy address:
[   24.722049]  ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.722621]  ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.723046] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.723616]                                               ^
[   24.723995]  ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.724565]  ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.725049] ==================================================================
[   24.519096] ==================================================================
[   24.519975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.520371] Write of size 1 at addr ffff888105d7e8c9 by task kunit_try_catch/207
[   24.520784] 
[   24.520961] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.521021] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.521036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.521089] Call Trace:
[   24.521105]  <TASK>
[   24.521128]  dump_stack_lvl+0x73/0xb0
[   24.521162]  print_report+0xd1/0x650
[   24.521188]  ? __virt_addr_valid+0x1db/0x2d0
[   24.521425]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.521456]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.521485]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.521512]  kasan_report+0x141/0x180
[   24.521536]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.521567]  __asan_report_store1_noabort+0x1b/0x30
[   24.521594]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.521623]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.521650]  ? finish_task_switch.isra.0+0x153/0x700
[   24.521676]  ? __switch_to+0x47/0xf50
[   24.521706]  ? __schedule+0x10cc/0x2b60
[   24.521734]  ? __pfx_read_tsc+0x10/0x10
[   24.521763]  krealloc_less_oob+0x1c/0x30
[   24.521787]  kunit_try_run_case+0x1a5/0x480
[   24.521817]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.521844]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.521870]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.521914]  ? __kthread_parkme+0x82/0x180
[   24.521938]  ? preempt_count_sub+0x50/0x80
[   24.521963]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.521991]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.522018]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.522045]  kthread+0x337/0x6f0
[   24.522067]  ? trace_preempt_on+0x20/0xc0
[   24.522095]  ? __pfx_kthread+0x10/0x10
[   24.522118]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.522143]  ? calculate_sigpending+0x7b/0xa0
[   24.522179]  ? __pfx_kthread+0x10/0x10
[   24.522204]  ret_from_fork+0x116/0x1d0
[   24.522225]  ? __pfx_kthread+0x10/0x10
[   24.522248]  ret_from_fork_asm+0x1a/0x30
[   24.522283]  </TASK>
[   24.522298] 
[   24.530756] Allocated by task 207:
[   24.531047]  kasan_save_stack+0x45/0x70
[   24.531254]  kasan_save_track+0x18/0x40
[   24.531406]  kasan_save_alloc_info+0x3b/0x50
[   24.531559]  __kasan_krealloc+0x190/0x1f0
[   24.531702]  krealloc_noprof+0xf3/0x340
[   24.531844]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.532008]  krealloc_less_oob+0x1c/0x30
[   24.532462]  kunit_try_run_case+0x1a5/0x480
[   24.532882]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.533185]  kthread+0x337/0x6f0
[   24.533450]  ret_from_fork+0x116/0x1d0
[   24.533660]  ret_from_fork_asm+0x1a/0x30
[   24.533852] 
[   24.533950] The buggy address belongs to the object at ffff888105d7e800
[   24.533950]  which belongs to the cache kmalloc-256 of size 256
[   24.534518] The buggy address is located 0 bytes to the right of
[   24.534518]  allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9)
[   24.534894] 
[   24.534965] The buggy address belongs to the physical page:
[   24.535143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e
[   24.535770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.536319] flags: 0x200000000000040(head|node=0|zone=2)
[   24.536514] page_type: f5(slab)
[   24.536638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.536871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.537103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.537411] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.537784] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff
[   24.538289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.538765] page dumped because: kasan: bad access detected
[   24.539258] 
[   24.539334] Memory state around the buggy address:
[   24.539511]  ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.539765]  ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.540085] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.540420]                                               ^
[   24.540741]  ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.541066]  ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.541770] ==================================================================
[   24.542341] ==================================================================
[   24.542667] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.543211] Write of size 1 at addr ffff888105d7e8d0 by task kunit_try_catch/207
[   24.543544] 
[   24.543662] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.543712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.543725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.543749] Call Trace:
[   24.543767]  <TASK>
[   24.543785]  dump_stack_lvl+0x73/0xb0
[   24.543813]  print_report+0xd1/0x650
[   24.543837]  ? __virt_addr_valid+0x1db/0x2d0
[   24.543862]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.543886]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.543913]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.543938]  kasan_report+0x141/0x180
[   24.543961]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.543991]  __asan_report_store1_noabort+0x1b/0x30
[   24.544017]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.544043]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.544068]  ? finish_task_switch.isra.0+0x153/0x700
[   24.544091]  ? __switch_to+0x47/0xf50
[   24.544118]  ? __schedule+0x10cc/0x2b60
[   24.544144]  ? __pfx_read_tsc+0x10/0x10
[   24.544229]  krealloc_less_oob+0x1c/0x30
[   24.544252]  kunit_try_run_case+0x1a5/0x480
[   24.544279]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.544304]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.544330]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.544357]  ? __kthread_parkme+0x82/0x180
[   24.544378]  ? preempt_count_sub+0x50/0x80
[   24.544413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.544440]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.544466]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.544492]  kthread+0x337/0x6f0
[   24.544513]  ? trace_preempt_on+0x20/0xc0
[   24.544538]  ? __pfx_kthread+0x10/0x10
[   24.544560]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.544584]  ? calculate_sigpending+0x7b/0xa0
[   24.544609]  ? __pfx_kthread+0x10/0x10
[   24.544632]  ret_from_fork+0x116/0x1d0
[   24.544652]  ? __pfx_kthread+0x10/0x10
[   24.544674]  ret_from_fork_asm+0x1a/0x30
[   24.544707]  </TASK>
[   24.544720] 
[   24.555927] Allocated by task 207:
[   24.556359]  kasan_save_stack+0x45/0x70
[   24.556579]  kasan_save_track+0x18/0x40
[   24.556784]  kasan_save_alloc_info+0x3b/0x50
[   24.557263]  __kasan_krealloc+0x190/0x1f0
[   24.557481]  krealloc_noprof+0xf3/0x340
[   24.557820]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.558147]  krealloc_less_oob+0x1c/0x30
[   24.558638]  kunit_try_run_case+0x1a5/0x480
[   24.558959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.559277]  kthread+0x337/0x6f0
[   24.559602]  ret_from_fork+0x116/0x1d0
[   24.559756]  ret_from_fork_asm+0x1a/0x30
[   24.559970] 
[   24.560190] The buggy address belongs to the object at ffff888105d7e800
[   24.560190]  which belongs to the cache kmalloc-256 of size 256
[   24.561075] The buggy address is located 7 bytes to the right of
[   24.561075]  allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9)
[   24.561764] 
[   24.561872] The buggy address belongs to the physical page:
[   24.562197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e
[   24.562677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.563036] flags: 0x200000000000040(head|node=0|zone=2)
[   24.563594] page_type: f5(slab)
[   24.563753] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.564258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.564697] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.565093] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.565608] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff
[   24.565914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.566252] page dumped because: kasan: bad access detected
[   24.566660] 
[   24.566755] Memory state around the buggy address:
[   24.567003]  ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.567463]  ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.568169] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.568589]                                                  ^
[   24.568831]  ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.569514]  ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.569805] ==================================================================
[   24.602524] ==================================================================
[   24.602864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.603676] Write of size 1 at addr ffff888105d7e8ea by task kunit_try_catch/207
[   24.604214] 
[   24.604460] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.604513] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.604527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.604549] Call Trace:
[   24.604569]  <TASK>
[   24.604588]  dump_stack_lvl+0x73/0xb0
[   24.604617]  print_report+0xd1/0x650
[   24.604640]  ? __virt_addr_valid+0x1db/0x2d0
[   24.604665]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.604689]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.604716]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.604741]  kasan_report+0x141/0x180
[   24.604764]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.604793]  __asan_report_store1_noabort+0x1b/0x30
[   24.604818]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.604845]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.604871]  ? finish_task_switch.isra.0+0x153/0x700
[   24.604894]  ? __switch_to+0x47/0xf50
[   24.604921]  ? __schedule+0x10cc/0x2b60
[   24.604947]  ? __pfx_read_tsc+0x10/0x10
[   24.604972]  krealloc_less_oob+0x1c/0x30
[   24.604995]  kunit_try_run_case+0x1a5/0x480
[   24.605021]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.605046]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.605071]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.605097]  ? __kthread_parkme+0x82/0x180
[   24.605121]  ? preempt_count_sub+0x50/0x80
[   24.605145]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.605195]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.605221]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.605246]  kthread+0x337/0x6f0
[   24.605267]  ? trace_preempt_on+0x20/0xc0
[   24.605292]  ? __pfx_kthread+0x10/0x10
[   24.605314]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.605338]  ? calculate_sigpending+0x7b/0xa0
[   24.605363]  ? __pfx_kthread+0x10/0x10
[   24.605387]  ret_from_fork+0x116/0x1d0
[   24.605418]  ? __pfx_kthread+0x10/0x10
[   24.605440]  ret_from_fork_asm+0x1a/0x30
[   24.605473]  </TASK>
[   24.605485] 
[   24.613681] Allocated by task 207:
[   24.613832]  kasan_save_stack+0x45/0x70
[   24.614165]  kasan_save_track+0x18/0x40
[   24.614410]  kasan_save_alloc_info+0x3b/0x50
[   24.614588]  __kasan_krealloc+0x190/0x1f0
[   24.614731]  krealloc_noprof+0xf3/0x340
[   24.614944]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.615379]  krealloc_less_oob+0x1c/0x30
[   24.615614]  kunit_try_run_case+0x1a5/0x480
[   24.615915]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.616160]  kthread+0x337/0x6f0
[   24.616342]  ret_from_fork+0x116/0x1d0
[   24.616492]  ret_from_fork_asm+0x1a/0x30
[   24.616634] 
[   24.616703] The buggy address belongs to the object at ffff888105d7e800
[   24.616703]  which belongs to the cache kmalloc-256 of size 256
[   24.617149] The buggy address is located 33 bytes to the right of
[   24.617149]  allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9)
[   24.617782] 
[   24.617874] The buggy address belongs to the physical page:
[   24.618185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e
[   24.618521] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.618758] flags: 0x200000000000040(head|node=0|zone=2)
[   24.618940] page_type: f5(slab)
[   24.619065] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.619727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.620104] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.620719] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.621028] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff
[   24.621270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.621522] page dumped because: kasan: bad access detected
[   24.621980] 
[   24.622102] Memory state around the buggy address:
[   24.622336]  ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.622686]  ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.623117] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.623407]                                                           ^
[   24.623628]  ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.623873]  ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.624206] ==================================================================
[   24.570526] ==================================================================
[   24.570990] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.571250] Write of size 1 at addr ffff888105d7e8da by task kunit_try_catch/207
[   24.571663] 
[   24.571781] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.571831] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.571844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.571865] Call Trace:
[   24.571882]  <TASK>
[   24.571901]  dump_stack_lvl+0x73/0xb0
[   24.571928]  print_report+0xd1/0x650
[   24.571951]  ? __virt_addr_valid+0x1db/0x2d0
[   24.571976]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.572000]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.572027]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.572051]  kasan_report+0x141/0x180
[   24.572073]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.572103]  __asan_report_store1_noabort+0x1b/0x30
[   24.572128]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.572155]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.572179]  ? finish_task_switch.isra.0+0x153/0x700
[   24.572202]  ? __switch_to+0x47/0xf50
[   24.572236]  ? __schedule+0x10cc/0x2b60
[   24.572262]  ? __pfx_read_tsc+0x10/0x10
[   24.572289]  krealloc_less_oob+0x1c/0x30
[   24.572311]  kunit_try_run_case+0x1a5/0x480
[   24.572338]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.572363]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.572388]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.572424]  ? __kthread_parkme+0x82/0x180
[   24.572446]  ? preempt_count_sub+0x50/0x80
[   24.572470]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.572496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.572521]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.572546]  kthread+0x337/0x6f0
[   24.572567]  ? trace_preempt_on+0x20/0xc0
[   24.572591]  ? __pfx_kthread+0x10/0x10
[   24.572612]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.572636]  ? calculate_sigpending+0x7b/0xa0
[   24.572660]  ? __pfx_kthread+0x10/0x10
[   24.572683]  ret_from_fork+0x116/0x1d0
[   24.572702]  ? __pfx_kthread+0x10/0x10
[   24.572724]  ret_from_fork_asm+0x1a/0x30
[   24.572756]  </TASK>
[   24.572768] 
[   24.583864] Allocated by task 207:
[   24.584218]  kasan_save_stack+0x45/0x70
[   24.584637]  kasan_save_track+0x18/0x40
[   24.585032]  kasan_save_alloc_info+0x3b/0x50
[   24.585361]  __kasan_krealloc+0x190/0x1f0
[   24.585705]  krealloc_noprof+0xf3/0x340
[   24.586082]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.586504]  krealloc_less_oob+0x1c/0x30
[   24.586704]  kunit_try_run_case+0x1a5/0x480
[   24.587090]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.587463]  kthread+0x337/0x6f0
[   24.587828]  ret_from_fork+0x116/0x1d0
[   24.588147]  ret_from_fork_asm+0x1a/0x30
[   24.588447] 
[   24.588543] The buggy address belongs to the object at ffff888105d7e800
[   24.588543]  which belongs to the cache kmalloc-256 of size 256
[   24.589468] The buggy address is located 17 bytes to the right of
[   24.589468]  allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9)
[   24.590401] 
[   24.590506] The buggy address belongs to the physical page:
[   24.590754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e
[   24.591944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.592631] flags: 0x200000000000040(head|node=0|zone=2)
[   24.593084] page_type: f5(slab)
[   24.593480] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.594110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.595022] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.595708] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.596269] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff
[   24.596863] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.597353] page dumped because: kasan: bad access detected
[   24.597806] 
[   24.598054] Memory state around the buggy address:
[   24.598400]  ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.598716]  ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.599367] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.599884]                                                     ^
[   24.600375]  ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.600838]  ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.601465] ==================================================================