Date
July 4, 2025, 11:10 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 29.416116] ================================================================== [ 29.416267] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.416503] Write of size 1 at addr fff00000c907f0ea by task kunit_try_catch/191 [ 29.416558] [ 29.416596] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.416678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.416703] Hardware name: linux,dummy-virt (DT) [ 29.416733] Call trace: [ 29.416963] show_stack+0x20/0x38 (C) [ 29.417092] dump_stack_lvl+0x8c/0xd0 [ 29.417170] print_report+0x118/0x608 [ 29.417244] kasan_report+0xdc/0x128 [ 29.417380] __asan_report_store1_noabort+0x20/0x30 [ 29.417436] krealloc_less_oob_helper+0xae4/0xc50 [ 29.417503] krealloc_less_oob+0x20/0x38 [ 29.417556] kunit_try_run_case+0x170/0x3f0 [ 29.417723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.418004] kthread+0x328/0x630 [ 29.418292] ret_from_fork+0x10/0x20 [ 29.418389] [ 29.418539] Allocated by task 191: [ 29.418626] kasan_save_stack+0x3c/0x68 [ 29.418751] kasan_save_track+0x20/0x40 [ 29.418851] kasan_save_alloc_info+0x40/0x58 [ 29.419027] __kasan_krealloc+0x118/0x178 [ 29.419066] krealloc_noprof+0x128/0x360 [ 29.419133] krealloc_less_oob_helper+0x168/0xc50 [ 29.419326] krealloc_less_oob+0x20/0x38 [ 29.419512] kunit_try_run_case+0x170/0x3f0 [ 29.419675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.419744] kthread+0x328/0x630 [ 29.419875] ret_from_fork+0x10/0x20 [ 29.419982] [ 29.420096] The buggy address belongs to the object at fff00000c907f000 [ 29.420096] which belongs to the cache kmalloc-256 of size 256 [ 29.420538] The buggy address is located 33 bytes to the right of [ 29.420538] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.420716] [ 29.420777] The buggy address belongs to the physical page: [ 29.420849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.420995] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.421094] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.421157] page_type: f5(slab) [ 29.421412] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.421492] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.421661] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.421830] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.421908] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.421966] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.422015] page dumped because: kasan: bad access detected [ 29.422047] [ 29.422065] Memory state around the buggy address: [ 29.422112] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422169] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.422220] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.422256] ^ [ 29.422293] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422340] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422378] ================================================================== [ 29.487405] ================================================================== [ 29.487461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.487515] Write of size 1 at addr fff00000c9a5a0c9 by task kunit_try_catch/195 [ 29.487564] [ 29.488131] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.488229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.488255] Hardware name: linux,dummy-virt (DT) [ 29.488456] Call trace: [ 29.488484] show_stack+0x20/0x38 (C) [ 29.488537] dump_stack_lvl+0x8c/0xd0 [ 29.488629] print_report+0x118/0x608 [ 29.488706] kasan_report+0xdc/0x128 [ 29.488752] __asan_report_store1_noabort+0x20/0x30 [ 29.489154] krealloc_less_oob_helper+0xa48/0xc50 [ 29.489205] krealloc_large_less_oob+0x20/0x38 [ 29.489625] kunit_try_run_case+0x170/0x3f0 [ 29.489702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.489805] kthread+0x328/0x630 [ 29.489846] ret_from_fork+0x10/0x20 [ 29.490350] [ 29.490387] The buggy address belongs to the physical page: [ 29.490419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.490473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.490520] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.490570] page_type: f8(unknown) [ 29.490609] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.490968] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.491021] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.491068] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.491247] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.491632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.491688] page dumped because: kasan: bad access detected [ 29.492049] [ 29.492189] Memory state around the buggy address: [ 29.492332] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.492378] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.492421] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.492960] ^ [ 29.493033] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.493508] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.493651] ================================================================== [ 29.422824] ================================================================== [ 29.422869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.423259] Write of size 1 at addr fff00000c907f0eb by task kunit_try_catch/191 [ 29.423645] [ 29.423689] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.423772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.423807] Hardware name: linux,dummy-virt (DT) [ 29.423910] Call trace: [ 29.424063] show_stack+0x20/0x38 (C) [ 29.424117] dump_stack_lvl+0x8c/0xd0 [ 29.424161] print_report+0x118/0x608 [ 29.424214] kasan_report+0xdc/0x128 [ 29.424260] __asan_report_store1_noabort+0x20/0x30 [ 29.424306] krealloc_less_oob_helper+0xa58/0xc50 [ 29.424496] krealloc_less_oob+0x20/0x38 [ 29.424583] kunit_try_run_case+0x170/0x3f0 [ 29.424681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.424767] kthread+0x328/0x630 [ 29.424978] ret_from_fork+0x10/0x20 [ 29.425035] [ 29.425219] Allocated by task 191: [ 29.425314] kasan_save_stack+0x3c/0x68 [ 29.425367] kasan_save_track+0x20/0x40 [ 29.425463] kasan_save_alloc_info+0x40/0x58 [ 29.425504] __kasan_krealloc+0x118/0x178 [ 29.425542] krealloc_noprof+0x128/0x360 [ 29.425580] krealloc_less_oob_helper+0x168/0xc50 [ 29.425781] krealloc_less_oob+0x20/0x38 [ 29.425933] kunit_try_run_case+0x170/0x3f0 [ 29.426002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.426241] kthread+0x328/0x630 [ 29.426560] ret_from_fork+0x10/0x20 [ 29.426706] [ 29.426777] The buggy address belongs to the object at fff00000c907f000 [ 29.426777] which belongs to the cache kmalloc-256 of size 256 [ 29.426972] The buggy address is located 34 bytes to the right of [ 29.426972] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.427042] [ 29.427063] The buggy address belongs to the physical page: [ 29.427094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.427268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.427565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.427739] page_type: f5(slab) [ 29.427982] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.428086] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.428194] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.428347] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.428481] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.428621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.428777] page dumped because: kasan: bad access detected [ 29.429022] [ 29.429112] Memory state around the buggy address: [ 29.429273] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.429440] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.429581] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.429620] ^ [ 29.429808] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.432793] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.433748] ================================================================== [ 29.411018] ================================================================== [ 29.411260] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.411345] Write of size 1 at addr fff00000c907f0da by task kunit_try_catch/191 [ 29.411439] [ 29.411486] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.411576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.411602] Hardware name: linux,dummy-virt (DT) [ 29.411632] Call trace: [ 29.411654] show_stack+0x20/0x38 (C) [ 29.411723] dump_stack_lvl+0x8c/0xd0 [ 29.411768] print_report+0x118/0x608 [ 29.411814] kasan_report+0xdc/0x128 [ 29.411858] __asan_report_store1_noabort+0x20/0x30 [ 29.411972] krealloc_less_oob_helper+0xa80/0xc50 [ 29.412051] krealloc_less_oob+0x20/0x38 [ 29.412135] kunit_try_run_case+0x170/0x3f0 [ 29.412221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.412274] kthread+0x328/0x630 [ 29.412374] ret_from_fork+0x10/0x20 [ 29.412470] [ 29.412489] Allocated by task 191: [ 29.412589] kasan_save_stack+0x3c/0x68 [ 29.412646] kasan_save_track+0x20/0x40 [ 29.412703] kasan_save_alloc_info+0x40/0x58 [ 29.412840] __kasan_krealloc+0x118/0x178 [ 29.412916] krealloc_noprof+0x128/0x360 [ 29.412982] krealloc_less_oob_helper+0x168/0xc50 [ 29.413071] krealloc_less_oob+0x20/0x38 [ 29.413108] kunit_try_run_case+0x170/0x3f0 [ 29.413171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.413235] kthread+0x328/0x630 [ 29.413472] ret_from_fork+0x10/0x20 [ 29.413548] [ 29.413596] The buggy address belongs to the object at fff00000c907f000 [ 29.413596] which belongs to the cache kmalloc-256 of size 256 [ 29.413653] The buggy address is located 17 bytes to the right of [ 29.413653] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.414003] [ 29.414036] The buggy address belongs to the physical page: [ 29.414106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.414281] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.414375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.414432] page_type: f5(slab) [ 29.414469] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.414517] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.414964] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.415060] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.415175] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.415226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.415265] page dumped because: kasan: bad access detected [ 29.415305] [ 29.415323] Memory state around the buggy address: [ 29.415355] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415405] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.415460] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.415498] ^ [ 29.415535] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415577] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415626] ================================================================== [ 29.502475] ================================================================== [ 29.502524] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.502832] Write of size 1 at addr fff00000c9a5a0da by task kunit_try_catch/195 [ 29.503116] [ 29.503388] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.503571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.503598] Hardware name: linux,dummy-virt (DT) [ 29.503627] Call trace: [ 29.503648] show_stack+0x20/0x38 (C) [ 29.503697] dump_stack_lvl+0x8c/0xd0 [ 29.504226] print_report+0x118/0x608 [ 29.504292] kasan_report+0xdc/0x128 [ 29.504339] __asan_report_store1_noabort+0x20/0x30 [ 29.504398] krealloc_less_oob_helper+0xa80/0xc50 [ 29.504791] krealloc_large_less_oob+0x20/0x38 [ 29.505086] kunit_try_run_case+0x170/0x3f0 [ 29.505142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.505201] kthread+0x328/0x630 [ 29.505518] ret_from_fork+0x10/0x20 [ 29.505781] [ 29.505814] The buggy address belongs to the physical page: [ 29.505844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.505913] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.505968] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.506018] page_type: f8(unknown) [ 29.506055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.506646] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.506997] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.507047] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.507275] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.507328] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.507389] page dumped because: kasan: bad access detected [ 29.507542] [ 29.507561] Memory state around the buggy address: [ 29.507917] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.508190] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.508235] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.508272] ^ [ 29.508376] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.508418] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.508456] ================================================================== [ 29.510111] ================================================================== [ 29.510167] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.510215] Write of size 1 at addr fff00000c9a5a0ea by task kunit_try_catch/195 [ 29.510263] [ 29.510378] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.510529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.510838] Hardware name: linux,dummy-virt (DT) [ 29.511018] Call trace: [ 29.511074] show_stack+0x20/0x38 (C) [ 29.511262] dump_stack_lvl+0x8c/0xd0 [ 29.511312] print_report+0x118/0x608 [ 29.511604] kasan_report+0xdc/0x128 [ 29.511653] __asan_report_store1_noabort+0x20/0x30 [ 29.511700] krealloc_less_oob_helper+0xae4/0xc50 [ 29.511749] krealloc_large_less_oob+0x20/0x38 [ 29.511795] kunit_try_run_case+0x170/0x3f0 [ 29.511845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.512246] kthread+0x328/0x630 [ 29.512307] ret_from_fork+0x10/0x20 [ 29.512355] [ 29.512375] The buggy address belongs to the physical page: [ 29.512539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.513075] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.513122] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.513659] page_type: f8(unknown) [ 29.513845] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.513905] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.514038] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.514099] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.514147] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.514661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.514744] page dumped because: kasan: bad access detected [ 29.514775] [ 29.514793] Memory state around the buggy address: [ 29.514823] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.514865] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.514915] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.514954] ^ [ 29.514991] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.515031] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.515408] ================================================================== [ 29.399214] ================================================================== [ 29.399293] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.399381] Write of size 1 at addr fff00000c907f0c9 by task kunit_try_catch/191 [ 29.399432] [ 29.399461] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.399570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.399598] Hardware name: linux,dummy-virt (DT) [ 29.399627] Call trace: [ 29.399649] show_stack+0x20/0x38 (C) [ 29.399697] dump_stack_lvl+0x8c/0xd0 [ 29.399741] print_report+0x118/0x608 [ 29.399808] kasan_report+0xdc/0x128 [ 29.399853] __asan_report_store1_noabort+0x20/0x30 [ 29.399969] krealloc_less_oob_helper+0xa48/0xc50 [ 29.400056] krealloc_less_oob+0x20/0x38 [ 29.400103] kunit_try_run_case+0x170/0x3f0 [ 29.400176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.400230] kthread+0x328/0x630 [ 29.400309] ret_from_fork+0x10/0x20 [ 29.400355] [ 29.400373] Allocated by task 191: [ 29.400400] kasan_save_stack+0x3c/0x68 [ 29.400593] kasan_save_track+0x20/0x40 [ 29.400698] kasan_save_alloc_info+0x40/0x58 [ 29.400850] __kasan_krealloc+0x118/0x178 [ 29.400888] krealloc_noprof+0x128/0x360 [ 29.400936] krealloc_less_oob_helper+0x168/0xc50 [ 29.401029] krealloc_less_oob+0x20/0x38 [ 29.401105] kunit_try_run_case+0x170/0x3f0 [ 29.401143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.401185] kthread+0x328/0x630 [ 29.401310] ret_from_fork+0x10/0x20 [ 29.401347] [ 29.401373] The buggy address belongs to the object at fff00000c907f000 [ 29.401373] which belongs to the cache kmalloc-256 of size 256 [ 29.401448] The buggy address is located 0 bytes to the right of [ 29.401448] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.401577] [ 29.401657] The buggy address belongs to the physical page: [ 29.401947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.402008] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.402072] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.402121] page_type: f5(slab) [ 29.402351] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.402526] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.402729] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.402829] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.403096] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.403196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.403320] page dumped because: kasan: bad access detected [ 29.403412] [ 29.403465] Memory state around the buggy address: [ 29.403549] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.403643] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.403732] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.403785] ^ [ 29.403913] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.403962] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.404146] ================================================================== [ 29.406065] ================================================================== [ 29.406112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.406398] Write of size 1 at addr fff00000c907f0d0 by task kunit_try_catch/191 [ 29.406462] [ 29.406492] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.406595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.406621] Hardware name: linux,dummy-virt (DT) [ 29.406650] Call trace: [ 29.406672] show_stack+0x20/0x38 (C) [ 29.406720] dump_stack_lvl+0x8c/0xd0 [ 29.406955] print_report+0x118/0x608 [ 29.407035] kasan_report+0xdc/0x128 [ 29.407142] __asan_report_store1_noabort+0x20/0x30 [ 29.407208] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.407321] krealloc_less_oob+0x20/0x38 [ 29.407396] kunit_try_run_case+0x170/0x3f0 [ 29.407509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.407562] kthread+0x328/0x630 [ 29.407609] ret_from_fork+0x10/0x20 [ 29.407655] [ 29.407673] Allocated by task 191: [ 29.407709] kasan_save_stack+0x3c/0x68 [ 29.407749] kasan_save_track+0x20/0x40 [ 29.407823] kasan_save_alloc_info+0x40/0x58 [ 29.407974] __kasan_krealloc+0x118/0x178 [ 29.408017] krealloc_noprof+0x128/0x360 [ 29.408054] krealloc_less_oob_helper+0x168/0xc50 [ 29.408092] krealloc_less_oob+0x20/0x38 [ 29.408152] kunit_try_run_case+0x170/0x3f0 [ 29.408257] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.408301] kthread+0x328/0x630 [ 29.408333] ret_from_fork+0x10/0x20 [ 29.408367] [ 29.408385] The buggy address belongs to the object at fff00000c907f000 [ 29.408385] which belongs to the cache kmalloc-256 of size 256 [ 29.408478] The buggy address is located 7 bytes to the right of [ 29.408478] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.408586] [ 29.408634] The buggy address belongs to the physical page: [ 29.408672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.408727] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.408772] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.408979] page_type: f5(slab) [ 29.409016] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.409090] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.409139] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.409201] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.409287] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.409337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.409376] page dumped because: kasan: bad access detected [ 29.409624] [ 29.409663] Memory state around the buggy address: [ 29.409789] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.409859] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.410004] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.410085] ^ [ 29.410190] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.410313] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.410398] ================================================================== [ 29.516531] ================================================================== [ 29.516578] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.516626] Write of size 1 at addr fff00000c9a5a0eb by task kunit_try_catch/195 [ 29.516675] [ 29.516703] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.517050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.517685] Hardware name: linux,dummy-virt (DT) [ 29.517736] Call trace: [ 29.517758] show_stack+0x20/0x38 (C) [ 29.517816] dump_stack_lvl+0x8c/0xd0 [ 29.517861] print_report+0x118/0x608 [ 29.518238] kasan_report+0xdc/0x128 [ 29.518510] __asan_report_store1_noabort+0x20/0x30 [ 29.518559] krealloc_less_oob_helper+0xa58/0xc50 [ 29.519079] krealloc_large_less_oob+0x20/0x38 [ 29.519251] kunit_try_run_case+0x170/0x3f0 [ 29.519301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.519353] kthread+0x328/0x630 [ 29.519394] ret_from_fork+0x10/0x20 [ 29.519944] [ 29.520209] The buggy address belongs to the physical page: [ 29.520241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.520547] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.520594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.520646] page_type: f8(unknown) [ 29.520683] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.521188] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.521663] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.521933] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.522199] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.522250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.522289] page dumped because: kasan: bad access detected [ 29.522319] [ 29.522446] Memory state around the buggy address: [ 29.522489] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.522532] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.522847] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.523110] ^ [ 29.523253] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.523554] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.523603] ================================================================== [ 29.495562] ================================================================== [ 29.495609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.495658] Write of size 1 at addr fff00000c9a5a0d0 by task kunit_try_catch/195 [ 29.495705] [ 29.495734] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.495814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.495841] Hardware name: linux,dummy-virt (DT) [ 29.496331] Call trace: [ 29.496518] show_stack+0x20/0x38 (C) [ 29.496570] dump_stack_lvl+0x8c/0xd0 [ 29.497005] print_report+0x118/0x608 [ 29.497063] kasan_report+0xdc/0x128 [ 29.497337] __asan_report_store1_noabort+0x20/0x30 [ 29.497406] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.497454] krealloc_large_less_oob+0x20/0x38 [ 29.497501] kunit_try_run_case+0x170/0x3f0 [ 29.497550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.497809] kthread+0x328/0x630 [ 29.497868] ret_from_fork+0x10/0x20 [ 29.497929] [ 29.497951] The buggy address belongs to the physical page: [ 29.498023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.498093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.498139] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.498188] page_type: f8(unknown) [ 29.498398] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.498884] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.498947] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.498994] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.499506] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.499975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.500026] page dumped because: kasan: bad access detected [ 29.500352] [ 29.500372] Memory state around the buggy address: [ 29.500533] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.500686] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.500728] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.500766] ^ [ 29.500809] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.500851] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.501430] ==================================================================
[ 24.785465] ================================================================== [ 24.785790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786107] Write of size 1 at addr ffff8881060720eb by task kunit_try_catch/211 [ 24.786349] [ 24.786493] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.786546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.786559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.786582] Call Trace: [ 24.786618] <TASK> [ 24.786639] dump_stack_lvl+0x73/0xb0 [ 24.786667] print_report+0xd1/0x650 [ 24.786692] ? __virt_addr_valid+0x1db/0x2d0 [ 24.786717] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786742] ? kasan_addr_to_slab+0x11/0xa0 [ 24.786769] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786795] kasan_report+0x141/0x180 [ 24.786819] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786849] __asan_report_store1_noabort+0x1b/0x30 [ 24.786876] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786971] ? __perf_event_task_sched_in+0x151/0x360 [ 24.787003] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.787028] ? finish_task_switch.isra.0+0x153/0x700 [ 24.787053] ? __switch_to+0x47/0xf50 [ 24.787081] ? __schedule+0x10cc/0x2b60 [ 24.787107] ? __pfx_read_tsc+0x10/0x10 [ 24.787135] krealloc_large_less_oob+0x1c/0x30 [ 24.787214] kunit_try_run_case+0x1a5/0x480 [ 24.787246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.787272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.787298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.787325] ? __kthread_parkme+0x82/0x180 [ 24.787347] ? preempt_count_sub+0x50/0x80 [ 24.787372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.787422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.787449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.787475] kthread+0x337/0x6f0 [ 24.787497] ? trace_preempt_on+0x20/0xc0 [ 24.787523] ? __pfx_kthread+0x10/0x10 [ 24.787545] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.787569] ? calculate_sigpending+0x7b/0xa0 [ 24.787595] ? __pfx_kthread+0x10/0x10 [ 24.787618] ret_from_fork+0x116/0x1d0 [ 24.787640] ? __pfx_kthread+0x10/0x10 [ 24.787662] ret_from_fork_asm+0x1a/0x30 [ 24.787696] </TASK> [ 24.787710] [ 24.796373] The buggy address belongs to the physical page: [ 24.796585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.796984] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.797756] flags: 0x200000000000040(head|node=0|zone=2) [ 24.798239] page_type: f8(unknown) [ 24.798435] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.798753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.799120] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.799471] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.799722] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.800007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.800376] page dumped because: kasan: bad access detected [ 24.800650] [ 24.800724] Memory state around the buggy address: [ 24.800886] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.801117] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.801823] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.802430] ^ [ 24.802766] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.803109] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.803450] ================================================================== [ 24.761732] ================================================================== [ 24.762075] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.762469] Write of size 1 at addr ffff8881060720ea by task kunit_try_catch/211 [ 24.762751] [ 24.762865] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.762914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.762927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.762949] Call Trace: [ 24.762965] <TASK> [ 24.762983] dump_stack_lvl+0x73/0xb0 [ 24.763010] print_report+0xd1/0x650 [ 24.763033] ? __virt_addr_valid+0x1db/0x2d0 [ 24.763057] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763081] ? kasan_addr_to_slab+0x11/0xa0 [ 24.763107] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763131] kasan_report+0x141/0x180 [ 24.763155] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763184] __asan_report_store1_noabort+0x1b/0x30 [ 24.763210] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763233] ? __perf_event_task_sched_in+0x151/0x360 [ 24.763261] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.763286] ? finish_task_switch.isra.0+0x153/0x700 [ 24.763308] ? __switch_to+0x47/0xf50 [ 24.763348] ? __schedule+0x10cc/0x2b60 [ 24.763373] ? __pfx_read_tsc+0x10/0x10 [ 24.763408] krealloc_large_less_oob+0x1c/0x30 [ 24.763432] kunit_try_run_case+0x1a5/0x480 [ 24.763459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.763509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.763534] ? __kthread_parkme+0x82/0x180 [ 24.763556] ? preempt_count_sub+0x50/0x80 [ 24.763580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.763632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.763658] kthread+0x337/0x6f0 [ 24.763678] ? trace_preempt_on+0x20/0xc0 [ 24.763703] ? __pfx_kthread+0x10/0x10 [ 24.763725] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.763749] ? calculate_sigpending+0x7b/0xa0 [ 24.763774] ? __pfx_kthread+0x10/0x10 [ 24.763797] ret_from_fork+0x116/0x1d0 [ 24.763817] ? __pfx_kthread+0x10/0x10 [ 24.763839] ret_from_fork_asm+0x1a/0x30 [ 24.763872] </TASK> [ 24.763886] [ 24.777504] The buggy address belongs to the physical page: [ 24.777717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.778255] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.778535] flags: 0x200000000000040(head|node=0|zone=2) [ 24.778758] page_type: f8(unknown) [ 24.778943] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.779311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.779700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.780020] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.780367] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.781769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.782031] page dumped because: kasan: bad access detected [ 24.782328] [ 24.782413] Memory state around the buggy address: [ 24.782679] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.783077] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.783492] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.783850] ^ [ 24.784147] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.784512] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.784840] ================================================================== [ 24.743638] ================================================================== [ 24.743895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.744271] Write of size 1 at addr ffff8881060720da by task kunit_try_catch/211 [ 24.744633] [ 24.744923] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.744976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.744990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.745012] Call Trace: [ 24.745031] <TASK> [ 24.745048] dump_stack_lvl+0x73/0xb0 [ 24.745077] print_report+0xd1/0x650 [ 24.745101] ? __virt_addr_valid+0x1db/0x2d0 [ 24.745126] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745150] ? kasan_addr_to_slab+0x11/0xa0 [ 24.745177] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745202] kasan_report+0x141/0x180 [ 24.745225] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745254] __asan_report_store1_noabort+0x1b/0x30 [ 24.745344] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745369] ? __perf_event_task_sched_in+0x151/0x360 [ 24.745412] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.745437] ? finish_task_switch.isra.0+0x153/0x700 [ 24.745461] ? __switch_to+0x47/0xf50 [ 24.745488] ? __schedule+0x10cc/0x2b60 [ 24.745514] ? __pfx_read_tsc+0x10/0x10 [ 24.745541] krealloc_large_less_oob+0x1c/0x30 [ 24.745564] kunit_try_run_case+0x1a5/0x480 [ 24.745592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.745642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.745669] ? __kthread_parkme+0x82/0x180 [ 24.745690] ? preempt_count_sub+0x50/0x80 [ 24.745715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.745768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.745794] kthread+0x337/0x6f0 [ 24.745815] ? trace_preempt_on+0x20/0xc0 [ 24.745841] ? __pfx_kthread+0x10/0x10 [ 24.745864] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.745901] ? calculate_sigpending+0x7b/0xa0 [ 24.745927] ? __pfx_kthread+0x10/0x10 [ 24.745951] ret_from_fork+0x116/0x1d0 [ 24.745971] ? __pfx_kthread+0x10/0x10 [ 24.745994] ret_from_fork_asm+0x1a/0x30 [ 24.746027] </TASK> [ 24.746040] [ 24.754830] The buggy address belongs to the physical page: [ 24.755079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.755448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.755810] flags: 0x200000000000040(head|node=0|zone=2) [ 24.756065] page_type: f8(unknown) [ 24.756196] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.756693] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.757106] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.757498] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.757840] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.758301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.758610] page dumped because: kasan: bad access detected [ 24.758834] [ 24.758955] Memory state around the buggy address: [ 24.759257] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.759576] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.759817] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.760404] ^ [ 24.760681] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.761025] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.761308] ================================================================== [ 24.725901] ================================================================== [ 24.726147] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.726744] Write of size 1 at addr ffff8881060720d0 by task kunit_try_catch/211 [ 24.727083] [ 24.727175] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.727225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.727238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.727332] Call Trace: [ 24.727352] <TASK> [ 24.727371] dump_stack_lvl+0x73/0xb0 [ 24.727411] print_report+0xd1/0x650 [ 24.727435] ? __virt_addr_valid+0x1db/0x2d0 [ 24.727460] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727484] ? kasan_addr_to_slab+0x11/0xa0 [ 24.727509] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727533] kasan_report+0x141/0x180 [ 24.727557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727586] __asan_report_store1_noabort+0x1b/0x30 [ 24.727611] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727634] ? __perf_event_task_sched_in+0x151/0x360 [ 24.727662] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.727686] ? finish_task_switch.isra.0+0x153/0x700 [ 24.727708] ? __switch_to+0x47/0xf50 [ 24.727735] ? __schedule+0x10cc/0x2b60 [ 24.727760] ? __pfx_read_tsc+0x10/0x10 [ 24.727786] krealloc_large_less_oob+0x1c/0x30 [ 24.727809] kunit_try_run_case+0x1a5/0x480 [ 24.727835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.727884] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.727909] ? __kthread_parkme+0x82/0x180 [ 24.727940] ? preempt_count_sub+0x50/0x80 [ 24.727964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.728015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.728041] kthread+0x337/0x6f0 [ 24.728062] ? trace_preempt_on+0x20/0xc0 [ 24.728087] ? __pfx_kthread+0x10/0x10 [ 24.728110] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.728134] ? calculate_sigpending+0x7b/0xa0 [ 24.728159] ? __pfx_kthread+0x10/0x10 [ 24.728182] ret_from_fork+0x116/0x1d0 [ 24.728203] ? __pfx_kthread+0x10/0x10 [ 24.728232] ret_from_fork_asm+0x1a/0x30 [ 24.728266] </TASK> [ 24.728278] [ 24.736631] The buggy address belongs to the physical page: [ 24.736863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.737289] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.737825] flags: 0x200000000000040(head|node=0|zone=2) [ 24.738022] page_type: f8(unknown) [ 24.738226] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.738605] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.738894] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.739353] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.739683] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.739949] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.740511] page dumped because: kasan: bad access detected [ 24.740776] [ 24.740858] Memory state around the buggy address: [ 24.741045] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.741405] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.741752] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.742089] ^ [ 24.742472] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.742732] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.743284] ================================================================== [ 24.624740] ================================================================== [ 24.625116] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.625568] Write of size 1 at addr ffff888105d7e8eb by task kunit_try_catch/207 [ 24.625804] [ 24.625890] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.625938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.625950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.625971] Call Trace: [ 24.625989] <TASK> [ 24.626007] dump_stack_lvl+0x73/0xb0 [ 24.626034] print_report+0xd1/0x650 [ 24.626057] ? __virt_addr_valid+0x1db/0x2d0 [ 24.626081] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626104] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.626130] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626154] kasan_report+0x141/0x180 [ 24.626176] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626205] __asan_report_store1_noabort+0x1b/0x30 [ 24.626230] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626255] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.626279] ? finish_task_switch.isra.0+0x153/0x700 [ 24.626302] ? __switch_to+0x47/0xf50 [ 24.626329] ? __schedule+0x10cc/0x2b60 [ 24.626432] ? __pfx_read_tsc+0x10/0x10 [ 24.626459] krealloc_less_oob+0x1c/0x30 [ 24.626481] kunit_try_run_case+0x1a5/0x480 [ 24.626507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.626531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.626555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.626580] ? __kthread_parkme+0x82/0x180 [ 24.626601] ? preempt_count_sub+0x50/0x80 [ 24.626624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.626650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.626675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.626700] kthread+0x337/0x6f0 [ 24.626720] ? trace_preempt_on+0x20/0xc0 [ 24.626745] ? __pfx_kthread+0x10/0x10 [ 24.626766] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.626790] ? calculate_sigpending+0x7b/0xa0 [ 24.626814] ? __pfx_kthread+0x10/0x10 [ 24.626836] ret_from_fork+0x116/0x1d0 [ 24.626855] ? __pfx_kthread+0x10/0x10 [ 24.626878] ret_from_fork_asm+0x1a/0x30 [ 24.626909] </TASK> [ 24.626921] [ 24.634968] Allocated by task 207: [ 24.635152] kasan_save_stack+0x45/0x70 [ 24.635297] kasan_save_track+0x18/0x40 [ 24.635441] kasan_save_alloc_info+0x3b/0x50 [ 24.635815] __kasan_krealloc+0x190/0x1f0 [ 24.636036] krealloc_noprof+0xf3/0x340 [ 24.636235] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.636588] krealloc_less_oob+0x1c/0x30 [ 24.636790] kunit_try_run_case+0x1a5/0x480 [ 24.637200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.637407] kthread+0x337/0x6f0 [ 24.637580] ret_from_fork+0x116/0x1d0 [ 24.637751] ret_from_fork_asm+0x1a/0x30 [ 24.637993] [ 24.638062] The buggy address belongs to the object at ffff888105d7e800 [ 24.638062] which belongs to the cache kmalloc-256 of size 256 [ 24.638721] The buggy address is located 34 bytes to the right of [ 24.638721] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.639499] [ 24.639586] The buggy address belongs to the physical page: [ 24.639827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.640134] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.640512] flags: 0x200000000000040(head|node=0|zone=2) [ 24.640746] page_type: f5(slab) [ 24.640899] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.641202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.641536] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.641809] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.642222] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.642596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.642888] page dumped because: kasan: bad access detected [ 24.643120] [ 24.643492] Memory state around the buggy address: [ 24.643662] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.643881] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.644212] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.644560] ^ [ 24.645000] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.645428] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.645708] ================================================================== [ 24.699298] ================================================================== [ 24.699823] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.700274] Write of size 1 at addr ffff8881060720c9 by task kunit_try_catch/211 [ 24.701380] [ 24.701529] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.701589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.701604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.701630] Call Trace: [ 24.701645] <TASK> [ 24.701665] dump_stack_lvl+0x73/0xb0 [ 24.701829] print_report+0xd1/0x650 [ 24.701862] ? __virt_addr_valid+0x1db/0x2d0 [ 24.701908] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.701934] ? kasan_addr_to_slab+0x11/0xa0 [ 24.701962] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.701988] kasan_report+0x141/0x180 [ 24.702013] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.702044] __asan_report_store1_noabort+0x1b/0x30 [ 24.702071] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.702095] ? __perf_event_task_sched_in+0x151/0x360 [ 24.702127] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.702153] ? finish_task_switch.isra.0+0x153/0x700 [ 24.702180] ? __switch_to+0x47/0xf50 [ 24.702210] ? __schedule+0x10cc/0x2b60 [ 24.702238] ? __pfx_read_tsc+0x10/0x10 [ 24.702267] krealloc_large_less_oob+0x1c/0x30 [ 24.702292] kunit_try_run_case+0x1a5/0x480 [ 24.702321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.702347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.702373] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.702414] ? __kthread_parkme+0x82/0x180 [ 24.702437] ? preempt_count_sub+0x50/0x80 [ 24.702463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.702492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.702520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.702547] kthread+0x337/0x6f0 [ 24.702569] ? trace_preempt_on+0x20/0xc0 [ 24.702596] ? __pfx_kthread+0x10/0x10 [ 24.702620] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.702645] ? calculate_sigpending+0x7b/0xa0 [ 24.702672] ? __pfx_kthread+0x10/0x10 [ 24.702697] ret_from_fork+0x116/0x1d0 [ 24.702718] ? __pfx_kthread+0x10/0x10 [ 24.702741] ret_from_fork_asm+0x1a/0x30 [ 24.702775] </TASK> [ 24.702790] [ 24.715778] The buggy address belongs to the physical page: [ 24.716364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.716835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.717415] flags: 0x200000000000040(head|node=0|zone=2) [ 24.717803] page_type: f8(unknown) [ 24.718089] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.718537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.718849] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.719536] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.720018] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.720671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.721294] page dumped because: kasan: bad access detected [ 24.721650] [ 24.721741] Memory state around the buggy address: [ 24.722049] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722621] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.723046] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.723616] ^ [ 24.723995] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.724565] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.725049] ================================================================== [ 24.519096] ================================================================== [ 24.519975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.520371] Write of size 1 at addr ffff888105d7e8c9 by task kunit_try_catch/207 [ 24.520784] [ 24.520961] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.521021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.521036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.521089] Call Trace: [ 24.521105] <TASK> [ 24.521128] dump_stack_lvl+0x73/0xb0 [ 24.521162] print_report+0xd1/0x650 [ 24.521188] ? __virt_addr_valid+0x1db/0x2d0 [ 24.521425] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.521485] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521512] kasan_report+0x141/0x180 [ 24.521536] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521567] __asan_report_store1_noabort+0x1b/0x30 [ 24.521594] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521623] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.521650] ? finish_task_switch.isra.0+0x153/0x700 [ 24.521676] ? __switch_to+0x47/0xf50 [ 24.521706] ? __schedule+0x10cc/0x2b60 [ 24.521734] ? __pfx_read_tsc+0x10/0x10 [ 24.521763] krealloc_less_oob+0x1c/0x30 [ 24.521787] kunit_try_run_case+0x1a5/0x480 [ 24.521817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.521844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.521870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.521914] ? __kthread_parkme+0x82/0x180 [ 24.521938] ? preempt_count_sub+0x50/0x80 [ 24.521963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.521991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.522018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.522045] kthread+0x337/0x6f0 [ 24.522067] ? trace_preempt_on+0x20/0xc0 [ 24.522095] ? __pfx_kthread+0x10/0x10 [ 24.522118] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.522143] ? calculate_sigpending+0x7b/0xa0 [ 24.522179] ? __pfx_kthread+0x10/0x10 [ 24.522204] ret_from_fork+0x116/0x1d0 [ 24.522225] ? __pfx_kthread+0x10/0x10 [ 24.522248] ret_from_fork_asm+0x1a/0x30 [ 24.522283] </TASK> [ 24.522298] [ 24.530756] Allocated by task 207: [ 24.531047] kasan_save_stack+0x45/0x70 [ 24.531254] kasan_save_track+0x18/0x40 [ 24.531406] kasan_save_alloc_info+0x3b/0x50 [ 24.531559] __kasan_krealloc+0x190/0x1f0 [ 24.531702] krealloc_noprof+0xf3/0x340 [ 24.531844] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.532008] krealloc_less_oob+0x1c/0x30 [ 24.532462] kunit_try_run_case+0x1a5/0x480 [ 24.532882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.533185] kthread+0x337/0x6f0 [ 24.533450] ret_from_fork+0x116/0x1d0 [ 24.533660] ret_from_fork_asm+0x1a/0x30 [ 24.533852] [ 24.533950] The buggy address belongs to the object at ffff888105d7e800 [ 24.533950] which belongs to the cache kmalloc-256 of size 256 [ 24.534518] The buggy address is located 0 bytes to the right of [ 24.534518] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.534894] [ 24.534965] The buggy address belongs to the physical page: [ 24.535143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.535770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.536319] flags: 0x200000000000040(head|node=0|zone=2) [ 24.536514] page_type: f5(slab) [ 24.536638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.536871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.537103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.537411] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.537784] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.538289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.538765] page dumped because: kasan: bad access detected [ 24.539258] [ 24.539334] Memory state around the buggy address: [ 24.539511] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539765] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.540085] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.540420] ^ [ 24.540741] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.541066] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.541770] ================================================================== [ 24.542341] ================================================================== [ 24.542667] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543211] Write of size 1 at addr ffff888105d7e8d0 by task kunit_try_catch/207 [ 24.543544] [ 24.543662] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.543712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.543725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.543749] Call Trace: [ 24.543767] <TASK> [ 24.543785] dump_stack_lvl+0x73/0xb0 [ 24.543813] print_report+0xd1/0x650 [ 24.543837] ? __virt_addr_valid+0x1db/0x2d0 [ 24.543862] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.543913] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543938] kasan_report+0x141/0x180 [ 24.543961] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543991] __asan_report_store1_noabort+0x1b/0x30 [ 24.544017] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.544043] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.544068] ? finish_task_switch.isra.0+0x153/0x700 [ 24.544091] ? __switch_to+0x47/0xf50 [ 24.544118] ? __schedule+0x10cc/0x2b60 [ 24.544144] ? __pfx_read_tsc+0x10/0x10 [ 24.544229] krealloc_less_oob+0x1c/0x30 [ 24.544252] kunit_try_run_case+0x1a5/0x480 [ 24.544279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.544304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.544330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.544357] ? __kthread_parkme+0x82/0x180 [ 24.544378] ? preempt_count_sub+0x50/0x80 [ 24.544413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.544440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.544466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.544492] kthread+0x337/0x6f0 [ 24.544513] ? trace_preempt_on+0x20/0xc0 [ 24.544538] ? __pfx_kthread+0x10/0x10 [ 24.544560] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.544584] ? calculate_sigpending+0x7b/0xa0 [ 24.544609] ? __pfx_kthread+0x10/0x10 [ 24.544632] ret_from_fork+0x116/0x1d0 [ 24.544652] ? __pfx_kthread+0x10/0x10 [ 24.544674] ret_from_fork_asm+0x1a/0x30 [ 24.544707] </TASK> [ 24.544720] [ 24.555927] Allocated by task 207: [ 24.556359] kasan_save_stack+0x45/0x70 [ 24.556579] kasan_save_track+0x18/0x40 [ 24.556784] kasan_save_alloc_info+0x3b/0x50 [ 24.557263] __kasan_krealloc+0x190/0x1f0 [ 24.557481] krealloc_noprof+0xf3/0x340 [ 24.557820] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.558147] krealloc_less_oob+0x1c/0x30 [ 24.558638] kunit_try_run_case+0x1a5/0x480 [ 24.558959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.559277] kthread+0x337/0x6f0 [ 24.559602] ret_from_fork+0x116/0x1d0 [ 24.559756] ret_from_fork_asm+0x1a/0x30 [ 24.559970] [ 24.560190] The buggy address belongs to the object at ffff888105d7e800 [ 24.560190] which belongs to the cache kmalloc-256 of size 256 [ 24.561075] The buggy address is located 7 bytes to the right of [ 24.561075] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.561764] [ 24.561872] The buggy address belongs to the physical page: [ 24.562197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.562677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.563036] flags: 0x200000000000040(head|node=0|zone=2) [ 24.563594] page_type: f5(slab) [ 24.563753] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.564258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.564697] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.565093] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.565608] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.565914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.566252] page dumped because: kasan: bad access detected [ 24.566660] [ 24.566755] Memory state around the buggy address: [ 24.567003] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.567463] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.568169] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.568589] ^ [ 24.568831] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.569514] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.569805] ================================================================== [ 24.602524] ================================================================== [ 24.602864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.603676] Write of size 1 at addr ffff888105d7e8ea by task kunit_try_catch/207 [ 24.604214] [ 24.604460] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.604513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.604527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.604549] Call Trace: [ 24.604569] <TASK> [ 24.604588] dump_stack_lvl+0x73/0xb0 [ 24.604617] print_report+0xd1/0x650 [ 24.604640] ? __virt_addr_valid+0x1db/0x2d0 [ 24.604665] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.604716] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604741] kasan_report+0x141/0x180 [ 24.604764] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604793] __asan_report_store1_noabort+0x1b/0x30 [ 24.604818] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604845] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.604871] ? finish_task_switch.isra.0+0x153/0x700 [ 24.604894] ? __switch_to+0x47/0xf50 [ 24.604921] ? __schedule+0x10cc/0x2b60 [ 24.604947] ? __pfx_read_tsc+0x10/0x10 [ 24.604972] krealloc_less_oob+0x1c/0x30 [ 24.604995] kunit_try_run_case+0x1a5/0x480 [ 24.605021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.605046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.605071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.605097] ? __kthread_parkme+0x82/0x180 [ 24.605121] ? preempt_count_sub+0x50/0x80 [ 24.605145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.605195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.605221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.605246] kthread+0x337/0x6f0 [ 24.605267] ? trace_preempt_on+0x20/0xc0 [ 24.605292] ? __pfx_kthread+0x10/0x10 [ 24.605314] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.605338] ? calculate_sigpending+0x7b/0xa0 [ 24.605363] ? __pfx_kthread+0x10/0x10 [ 24.605387] ret_from_fork+0x116/0x1d0 [ 24.605418] ? __pfx_kthread+0x10/0x10 [ 24.605440] ret_from_fork_asm+0x1a/0x30 [ 24.605473] </TASK> [ 24.605485] [ 24.613681] Allocated by task 207: [ 24.613832] kasan_save_stack+0x45/0x70 [ 24.614165] kasan_save_track+0x18/0x40 [ 24.614410] kasan_save_alloc_info+0x3b/0x50 [ 24.614588] __kasan_krealloc+0x190/0x1f0 [ 24.614731] krealloc_noprof+0xf3/0x340 [ 24.614944] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.615379] krealloc_less_oob+0x1c/0x30 [ 24.615614] kunit_try_run_case+0x1a5/0x480 [ 24.615915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.616160] kthread+0x337/0x6f0 [ 24.616342] ret_from_fork+0x116/0x1d0 [ 24.616492] ret_from_fork_asm+0x1a/0x30 [ 24.616634] [ 24.616703] The buggy address belongs to the object at ffff888105d7e800 [ 24.616703] which belongs to the cache kmalloc-256 of size 256 [ 24.617149] The buggy address is located 33 bytes to the right of [ 24.617149] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.617782] [ 24.617874] The buggy address belongs to the physical page: [ 24.618185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.618521] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.618758] flags: 0x200000000000040(head|node=0|zone=2) [ 24.618940] page_type: f5(slab) [ 24.619065] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.619727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.620104] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.620719] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.621028] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.621270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.621522] page dumped because: kasan: bad access detected [ 24.621980] [ 24.622102] Memory state around the buggy address: [ 24.622336] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.622686] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.623117] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.623407] ^ [ 24.623628] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.623873] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.624206] ================================================================== [ 24.570526] ================================================================== [ 24.570990] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.571250] Write of size 1 at addr ffff888105d7e8da by task kunit_try_catch/207 [ 24.571663] [ 24.571781] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.571831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.571844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.571865] Call Trace: [ 24.571882] <TASK> [ 24.571901] dump_stack_lvl+0x73/0xb0 [ 24.571928] print_report+0xd1/0x650 [ 24.571951] ? __virt_addr_valid+0x1db/0x2d0 [ 24.571976] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572000] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.572027] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572051] kasan_report+0x141/0x180 [ 24.572073] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572103] __asan_report_store1_noabort+0x1b/0x30 [ 24.572128] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572155] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.572179] ? finish_task_switch.isra.0+0x153/0x700 [ 24.572202] ? __switch_to+0x47/0xf50 [ 24.572236] ? __schedule+0x10cc/0x2b60 [ 24.572262] ? __pfx_read_tsc+0x10/0x10 [ 24.572289] krealloc_less_oob+0x1c/0x30 [ 24.572311] kunit_try_run_case+0x1a5/0x480 [ 24.572338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.572363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.572388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.572424] ? __kthread_parkme+0x82/0x180 [ 24.572446] ? preempt_count_sub+0x50/0x80 [ 24.572470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.572496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.572521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.572546] kthread+0x337/0x6f0 [ 24.572567] ? trace_preempt_on+0x20/0xc0 [ 24.572591] ? __pfx_kthread+0x10/0x10 [ 24.572612] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.572636] ? calculate_sigpending+0x7b/0xa0 [ 24.572660] ? __pfx_kthread+0x10/0x10 [ 24.572683] ret_from_fork+0x116/0x1d0 [ 24.572702] ? __pfx_kthread+0x10/0x10 [ 24.572724] ret_from_fork_asm+0x1a/0x30 [ 24.572756] </TASK> [ 24.572768] [ 24.583864] Allocated by task 207: [ 24.584218] kasan_save_stack+0x45/0x70 [ 24.584637] kasan_save_track+0x18/0x40 [ 24.585032] kasan_save_alloc_info+0x3b/0x50 [ 24.585361] __kasan_krealloc+0x190/0x1f0 [ 24.585705] krealloc_noprof+0xf3/0x340 [ 24.586082] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.586504] krealloc_less_oob+0x1c/0x30 [ 24.586704] kunit_try_run_case+0x1a5/0x480 [ 24.587090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.587463] kthread+0x337/0x6f0 [ 24.587828] ret_from_fork+0x116/0x1d0 [ 24.588147] ret_from_fork_asm+0x1a/0x30 [ 24.588447] [ 24.588543] The buggy address belongs to the object at ffff888105d7e800 [ 24.588543] which belongs to the cache kmalloc-256 of size 256 [ 24.589468] The buggy address is located 17 bytes to the right of [ 24.589468] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.590401] [ 24.590506] The buggy address belongs to the physical page: [ 24.590754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.591944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.592631] flags: 0x200000000000040(head|node=0|zone=2) [ 24.593084] page_type: f5(slab) [ 24.593480] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.594110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.595022] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.595708] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.596269] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.596863] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.597353] page dumped because: kasan: bad access detected [ 24.597806] [ 24.598054] Memory state around the buggy address: [ 24.598400] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.598716] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.599367] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.599884] ^ [ 24.600375] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.600838] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.601465] ==================================================================