Date
July 16, 2025, 12:11 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 30.499758] ================================================================== [ 30.500186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.500256] Write of size 1 at addr fff00000c9b260da by task kunit_try_catch/193 [ 30.500314] [ 30.500345] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.500427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.500454] Hardware name: linux,dummy-virt (DT) [ 30.500486] Call trace: [ 30.500819] show_stack+0x20/0x38 (C) [ 30.500920] dump_stack_lvl+0x8c/0xd0 [ 30.500982] print_report+0x118/0x5d0 [ 30.501027] kasan_report+0xdc/0x128 [ 30.501079] __asan_report_store1_noabort+0x20/0x30 [ 30.501130] krealloc_less_oob_helper+0xa80/0xc50 [ 30.501180] krealloc_large_less_oob+0x20/0x38 [ 30.501230] kunit_try_run_case+0x170/0x3f0 [ 30.501287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.501339] kthread+0x328/0x630 [ 30.501380] ret_from_fork+0x10/0x20 [ 30.501440] [ 30.501480] The buggy address belongs to the physical page: [ 30.501522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 30.501576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.501622] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.501672] page_type: f8(unknown) [ 30.501720] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.501786] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.501844] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.501921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.501980] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 30.502037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.502077] page dumped because: kasan: bad access detected [ 30.502115] [ 30.502138] Memory state around the buggy address: [ 30.502175] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.502232] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.502273] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.502310] ^ [ 30.502346] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.502393] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.502432] ================================================================== [ 30.455469] ================================================================== [ 30.455632] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.455694] Write of size 1 at addr fff00000c1d5d2ea by task kunit_try_catch/189 [ 30.455743] [ 30.455821] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.455945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.455972] Hardware name: linux,dummy-virt (DT) [ 30.456002] Call trace: [ 30.456023] show_stack+0x20/0x38 (C) [ 30.456214] dump_stack_lvl+0x8c/0xd0 [ 30.456401] print_report+0x118/0x5d0 [ 30.456591] kasan_report+0xdc/0x128 [ 30.456799] __asan_report_store1_noabort+0x20/0x30 [ 30.456880] krealloc_less_oob_helper+0xae4/0xc50 [ 30.456930] krealloc_less_oob+0x20/0x38 [ 30.456998] kunit_try_run_case+0x170/0x3f0 [ 30.457051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.457103] kthread+0x328/0x630 [ 30.457143] ret_from_fork+0x10/0x20 [ 30.457203] [ 30.457222] Allocated by task 189: [ 30.457249] kasan_save_stack+0x3c/0x68 [ 30.457314] kasan_save_track+0x20/0x40 [ 30.457361] kasan_save_alloc_info+0x40/0x58 [ 30.457398] __kasan_krealloc+0x118/0x178 [ 30.457460] krealloc_noprof+0x128/0x360 [ 30.458008] krealloc_less_oob_helper+0x168/0xc50 [ 30.458128] krealloc_less_oob+0x20/0x38 [ 30.458168] kunit_try_run_case+0x170/0x3f0 [ 30.458205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.458247] kthread+0x328/0x630 [ 30.458421] ret_from_fork+0x10/0x20 [ 30.458550] [ 30.458607] The buggy address belongs to the object at fff00000c1d5d200 [ 30.458607] which belongs to the cache kmalloc-256 of size 256 [ 30.458707] The buggy address is located 33 bytes to the right of [ 30.458707] allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9) [ 30.458834] [ 30.458854] The buggy address belongs to the physical page: [ 30.458885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c [ 30.458955] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.459001] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.459052] page_type: f5(slab) [ 30.459134] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.459362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.459468] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.459617] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.459695] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff [ 30.459744] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.459783] page dumped because: kasan: bad access detected [ 30.459814] [ 30.459867] Memory state around the buggy address: [ 30.460032] fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.460107] fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.460206] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.460323] ^ [ 30.460445] fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.460527] fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.460565] ================================================================== [ 30.483738] ================================================================== [ 30.483834] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.483906] Write of size 1 at addr fff00000c9b260c9 by task kunit_try_catch/193 [ 30.484021] [ 30.484132] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.484254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.484281] Hardware name: linux,dummy-virt (DT) [ 30.484311] Call trace: [ 30.484332] show_stack+0x20/0x38 (C) [ 30.484378] dump_stack_lvl+0x8c/0xd0 [ 30.484646] print_report+0x118/0x5d0 [ 30.484752] kasan_report+0xdc/0x128 [ 30.484923] __asan_report_store1_noabort+0x20/0x30 [ 30.484994] krealloc_less_oob_helper+0xa48/0xc50 [ 30.485080] krealloc_large_less_oob+0x20/0x38 [ 30.485147] kunit_try_run_case+0x170/0x3f0 [ 30.485376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.485533] kthread+0x328/0x630 [ 30.485680] ret_from_fork+0x10/0x20 [ 30.485795] [ 30.485943] The buggy address belongs to the physical page: [ 30.486068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 30.486209] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.486291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.486343] page_type: f8(unknown) [ 30.486664] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.486817] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.486904] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.486977] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.487153] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 30.487256] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.487416] page dumped because: kasan: bad access detected [ 30.487469] [ 30.487487] Memory state around the buggy address: [ 30.487531] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.487696] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.487947] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.488048] ^ [ 30.488168] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.488262] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.488315] ================================================================== [ 30.503544] ================================================================== [ 30.503846] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.503934] Write of size 1 at addr fff00000c9b260ea by task kunit_try_catch/193 [ 30.504005] [ 30.504054] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.504173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.504356] Hardware name: linux,dummy-virt (DT) [ 30.504391] Call trace: [ 30.504414] show_stack+0x20/0x38 (C) [ 30.504629] dump_stack_lvl+0x8c/0xd0 [ 30.504847] print_report+0x118/0x5d0 [ 30.505229] kasan_report+0xdc/0x128 [ 30.505599] __asan_report_store1_noabort+0x20/0x30 [ 30.505802] krealloc_less_oob_helper+0xae4/0xc50 [ 30.506247] krealloc_large_less_oob+0x20/0x38 [ 30.507052] kunit_try_run_case+0x170/0x3f0 [ 30.507608] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.507911] kthread+0x328/0x630 [ 30.508021] ret_from_fork+0x10/0x20 [ 30.508107] [ 30.508288] The buggy address belongs to the physical page: [ 30.508561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 30.508752] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.508824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.509181] page_type: f8(unknown) [ 30.509382] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.509448] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.509799] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.509893] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.510343] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 30.510497] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.510613] page dumped because: kasan: bad access detected [ 30.510746] [ 30.510825] Memory state around the buggy address: [ 30.511069] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.511405] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.511518] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.511653] ^ [ 30.511739] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.511912] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.512178] ================================================================== [ 30.513020] ================================================================== [ 30.513104] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.513393] Write of size 1 at addr fff00000c9b260eb by task kunit_try_catch/193 [ 30.513501] [ 30.513545] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.513800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.513885] Hardware name: linux,dummy-virt (DT) [ 30.513922] Call trace: [ 30.514028] show_stack+0x20/0x38 (C) [ 30.514081] dump_stack_lvl+0x8c/0xd0 [ 30.514313] print_report+0x118/0x5d0 [ 30.514496] kasan_report+0xdc/0x128 [ 30.514565] __asan_report_store1_noabort+0x20/0x30 [ 30.514713] krealloc_less_oob_helper+0xa58/0xc50 [ 30.514818] krealloc_large_less_oob+0x20/0x38 [ 30.515043] kunit_try_run_case+0x170/0x3f0 [ 30.515098] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.515446] kthread+0x328/0x630 [ 30.515526] ret_from_fork+0x10/0x20 [ 30.515875] [ 30.515986] The buggy address belongs to the physical page: [ 30.516142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 30.516356] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.516540] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.516624] page_type: f8(unknown) [ 30.516663] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.516714] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.516764] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.517204] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.517357] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 30.517504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.517615] page dumped because: kasan: bad access detected [ 30.517647] [ 30.517792] Memory state around the buggy address: [ 30.518006] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.518296] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.518435] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.518517] ^ [ 30.518557] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.518772] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.519033] ================================================================== [ 30.461400] ================================================================== [ 30.461447] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.461496] Write of size 1 at addr fff00000c1d5d2eb by task kunit_try_catch/189 [ 30.461689] [ 30.461751] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.461839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.461865] Hardware name: linux,dummy-virt (DT) [ 30.461979] Call trace: [ 30.462008] show_stack+0x20/0x38 (C) [ 30.462072] dump_stack_lvl+0x8c/0xd0 [ 30.462136] print_report+0x118/0x5d0 [ 30.462179] kasan_report+0xdc/0x128 [ 30.462238] __asan_report_store1_noabort+0x20/0x30 [ 30.462287] krealloc_less_oob_helper+0xa58/0xc50 [ 30.462336] krealloc_less_oob+0x20/0x38 [ 30.462594] kunit_try_run_case+0x170/0x3f0 [ 30.462694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.462779] kthread+0x328/0x630 [ 30.462845] ret_from_fork+0x10/0x20 [ 30.462893] [ 30.462937] Allocated by task 189: [ 30.463074] kasan_save_stack+0x3c/0x68 [ 30.463116] kasan_save_track+0x20/0x40 [ 30.463234] kasan_save_alloc_info+0x40/0x58 [ 30.463278] __kasan_krealloc+0x118/0x178 [ 30.463313] krealloc_noprof+0x128/0x360 [ 30.463351] krealloc_less_oob_helper+0x168/0xc50 [ 30.463420] krealloc_less_oob+0x20/0x38 [ 30.463458] kunit_try_run_case+0x170/0x3f0 [ 30.463494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.463659] kthread+0x328/0x630 [ 30.463694] ret_from_fork+0x10/0x20 [ 30.463729] [ 30.463747] The buggy address belongs to the object at fff00000c1d5d200 [ 30.463747] which belongs to the cache kmalloc-256 of size 256 [ 30.463914] The buggy address is located 34 bytes to the right of [ 30.463914] allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9) [ 30.463985] [ 30.464004] The buggy address belongs to the physical page: [ 30.464035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c [ 30.464284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.464475] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.464619] page_type: f5(slab) [ 30.464739] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.464836] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.464960] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.465024] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.465347] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff [ 30.465417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.465521] page dumped because: kasan: bad access detected [ 30.465589] [ 30.465652] Memory state around the buggy address: [ 30.465783] fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.465839] fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.465881] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.465919] ^ [ 30.465957] fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.466010] fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.466047] ================================================================== [ 30.445578] ================================================================== [ 30.445681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.445833] Write of size 1 at addr fff00000c1d5d2da by task kunit_try_catch/189 [ 30.445890] [ 30.445919] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.446209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.446256] Hardware name: linux,dummy-virt (DT) [ 30.446294] Call trace: [ 30.446332] show_stack+0x20/0x38 (C) [ 30.446414] dump_stack_lvl+0x8c/0xd0 [ 30.446479] print_report+0x118/0x5d0 [ 30.446539] kasan_report+0xdc/0x128 [ 30.446582] __asan_report_store1_noabort+0x20/0x30 [ 30.446660] krealloc_less_oob_helper+0xa80/0xc50 [ 30.446712] krealloc_less_oob+0x20/0x38 [ 30.446775] kunit_try_run_case+0x170/0x3f0 [ 30.446840] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.446902] kthread+0x328/0x630 [ 30.446964] ret_from_fork+0x10/0x20 [ 30.447030] [ 30.447049] Allocated by task 189: [ 30.447119] kasan_save_stack+0x3c/0x68 [ 30.447185] kasan_save_track+0x20/0x40 [ 30.447242] kasan_save_alloc_info+0x40/0x58 [ 30.447282] __kasan_krealloc+0x118/0x178 [ 30.447337] krealloc_noprof+0x128/0x360 [ 30.447381] krealloc_less_oob_helper+0x168/0xc50 [ 30.447423] krealloc_less_oob+0x20/0x38 [ 30.447459] kunit_try_run_case+0x170/0x3f0 [ 30.447495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.447547] kthread+0x328/0x630 [ 30.447579] ret_from_fork+0x10/0x20 [ 30.447658] [ 30.447676] The buggy address belongs to the object at fff00000c1d5d200 [ 30.447676] which belongs to the cache kmalloc-256 of size 256 [ 30.447885] The buggy address is located 17 bytes to the right of [ 30.447885] allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9) [ 30.448012] [ 30.448092] The buggy address belongs to the physical page: [ 30.448132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c [ 30.448184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.448375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.449632] page_type: f5(slab) [ 30.449681] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.449847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.449905] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.450404] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.450548] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff [ 30.450618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.451720] page dumped because: kasan: bad access detected [ 30.452050] [ 30.452361] Memory state around the buggy address: [ 30.452401] fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.453472] fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.453859] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.454179] ^ [ 30.454231] fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.454363] fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.454498] ================================================================== [ 30.489813] ================================================================== [ 30.489865] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.489995] Write of size 1 at addr fff00000c9b260d0 by task kunit_try_catch/193 [ 30.490255] [ 30.490300] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.490610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.490718] Hardware name: linux,dummy-virt (DT) [ 30.490753] Call trace: [ 30.490808] show_stack+0x20/0x38 (C) [ 30.490859] dump_stack_lvl+0x8c/0xd0 [ 30.491109] print_report+0x118/0x5d0 [ 30.491177] kasan_report+0xdc/0x128 [ 30.491221] __asan_report_store1_noabort+0x20/0x30 [ 30.491270] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.491320] krealloc_large_less_oob+0x20/0x38 [ 30.491368] kunit_try_run_case+0x170/0x3f0 [ 30.491415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.491467] kthread+0x328/0x630 [ 30.491606] ret_from_fork+0x10/0x20 [ 30.491661] [ 30.491692] The buggy address belongs to the physical page: [ 30.491723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 30.491907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.492082] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.492413] page_type: f8(unknown) [ 30.492496] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.493049] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.493342] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.493499] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.493622] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 30.493692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.493752] page dumped because: kasan: bad access detected [ 30.493928] [ 30.494233] Memory state around the buggy address: [ 30.494600] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.494669] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.494792] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.494866] ^ [ 30.495087] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.495425] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.495484] ================================================================== [ 30.431756] ================================================================== [ 30.431935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.431991] Write of size 1 at addr fff00000c1d5d2c9 by task kunit_try_catch/189 [ 30.432113] [ 30.432163] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.432248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.432421] Hardware name: linux,dummy-virt (DT) [ 30.432453] Call trace: [ 30.432474] show_stack+0x20/0x38 (C) [ 30.432606] dump_stack_lvl+0x8c/0xd0 [ 30.432784] print_report+0x118/0x5d0 [ 30.432829] kasan_report+0xdc/0x128 [ 30.433170] __asan_report_store1_noabort+0x20/0x30 [ 30.433312] krealloc_less_oob_helper+0xa48/0xc50 [ 30.433467] krealloc_less_oob+0x20/0x38 [ 30.433578] kunit_try_run_case+0x170/0x3f0 [ 30.433637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.433822] kthread+0x328/0x630 [ 30.434067] ret_from_fork+0x10/0x20 [ 30.434192] [ 30.434262] Allocated by task 189: [ 30.434357] kasan_save_stack+0x3c/0x68 [ 30.434456] kasan_save_track+0x20/0x40 [ 30.434542] kasan_save_alloc_info+0x40/0x58 [ 30.434616] __kasan_krealloc+0x118/0x178 [ 30.434717] krealloc_noprof+0x128/0x360 [ 30.434814] krealloc_less_oob_helper+0x168/0xc50 [ 30.434875] krealloc_less_oob+0x20/0x38 [ 30.434912] kunit_try_run_case+0x170/0x3f0 [ 30.435243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.435395] kthread+0x328/0x630 [ 30.435465] ret_from_fork+0x10/0x20 [ 30.435576] [ 30.435721] The buggy address belongs to the object at fff00000c1d5d200 [ 30.435721] which belongs to the cache kmalloc-256 of size 256 [ 30.435875] The buggy address is located 0 bytes to the right of [ 30.435875] allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9) [ 30.436007] [ 30.436098] The buggy address belongs to the physical page: [ 30.436146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c [ 30.436210] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.436257] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.436311] page_type: f5(slab) [ 30.436523] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.436620] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.436840] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.436957] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.437114] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff [ 30.437230] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.437405] page dumped because: kasan: bad access detected [ 30.437484] [ 30.437540] Memory state around the buggy address: [ 30.437573] fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.437956] fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.438011] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.438144] ^ [ 30.438250] fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.438399] fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.438481] ================================================================== [ 30.439466] ================================================================== [ 30.439527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.439575] Write of size 1 at addr fff00000c1d5d2d0 by task kunit_try_catch/189 [ 30.439627] [ 30.439783] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 30.440077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.440135] Hardware name: linux,dummy-virt (DT) [ 30.440237] Call trace: [ 30.440350] show_stack+0x20/0x38 (C) [ 30.440470] dump_stack_lvl+0x8c/0xd0 [ 30.440654] print_report+0x118/0x5d0 [ 30.440717] kasan_report+0xdc/0x128 [ 30.440784] __asan_report_store1_noabort+0x20/0x30 [ 30.440833] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.441179] krealloc_less_oob+0x20/0x38 [ 30.441294] kunit_try_run_case+0x170/0x3f0 [ 30.441436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.441625] kthread+0x328/0x630 [ 30.441758] ret_from_fork+0x10/0x20 [ 30.441892] [ 30.442033] Allocated by task 189: [ 30.442071] kasan_save_stack+0x3c/0x68 [ 30.442108] kasan_save_track+0x20/0x40 [ 30.442187] kasan_save_alloc_info+0x40/0x58 [ 30.442420] __kasan_krealloc+0x118/0x178 [ 30.442684] krealloc_noprof+0x128/0x360 [ 30.442796] krealloc_less_oob_helper+0x168/0xc50 [ 30.442857] krealloc_less_oob+0x20/0x38 [ 30.442935] kunit_try_run_case+0x170/0x3f0 [ 30.442972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.443014] kthread+0x328/0x630 [ 30.443058] ret_from_fork+0x10/0x20 [ 30.443093] [ 30.443112] The buggy address belongs to the object at fff00000c1d5d200 [ 30.443112] which belongs to the cache kmalloc-256 of size 256 [ 30.443180] The buggy address is located 7 bytes to the right of [ 30.443180] allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9) [ 30.443244] [ 30.443263] The buggy address belongs to the physical page: [ 30.443294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c [ 30.443346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.443393] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.443443] page_type: f5(slab) [ 30.443478] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.443540] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.443591] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.443656] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.443715] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff [ 30.443772] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.443811] page dumped because: kasan: bad access detected [ 30.443841] [ 30.443858] Memory state around the buggy address: [ 30.443889] fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.443931] fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.444400] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.444456] ^ [ 30.444668] fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.444791] fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.444889] ==================================================================
[ 23.130671] ================================================================== [ 23.131041] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.131370] Write of size 1 at addr ffff8881050f20d0 by task kunit_try_catch/211 [ 23.131878] [ 23.132264] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.132438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.132453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.132473] Call Trace: [ 23.132487] <TASK> [ 23.132502] dump_stack_lvl+0x73/0xb0 [ 23.132533] print_report+0xd1/0x610 [ 23.132563] ? __virt_addr_valid+0x1db/0x2d0 [ 23.132586] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132608] ? kasan_addr_to_slab+0x11/0xa0 [ 23.132628] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132651] kasan_report+0x141/0x180 [ 23.132672] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132699] __asan_report_store1_noabort+0x1b/0x30 [ 23.132722] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132747] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.132769] ? finish_task_switch.isra.0+0x153/0x700 [ 23.132790] ? __switch_to+0x47/0xf80 [ 23.132815] ? __schedule+0x10c6/0x2b60 [ 23.132836] ? __pfx_read_tsc+0x10/0x10 [ 23.132862] krealloc_large_less_oob+0x1c/0x30 [ 23.132886] kunit_try_run_case+0x1a5/0x480 [ 23.132910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.132931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.132952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.132974] ? __kthread_parkme+0x82/0x180 [ 23.132993] ? preempt_count_sub+0x50/0x80 [ 23.133015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.133064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.133089] kthread+0x337/0x6f0 [ 23.133108] ? trace_preempt_on+0x20/0xc0 [ 23.133131] ? __pfx_kthread+0x10/0x10 [ 23.133151] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.133171] ? calculate_sigpending+0x7b/0xa0 [ 23.133194] ? __pfx_kthread+0x10/0x10 [ 23.133214] ret_from_fork+0x116/0x1d0 [ 23.133233] ? __pfx_kthread+0x10/0x10 [ 23.133255] ret_from_fork_asm+0x1a/0x30 [ 23.133300] </TASK> [ 23.133310] [ 23.145381] The buggy address belongs to the physical page: [ 23.145876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.146471] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.146986] flags: 0x200000000000040(head|node=0|zone=2) [ 23.147319] page_type: f8(unknown) [ 23.147454] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.147881] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.148289] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.148770] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.149305] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.149820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.150308] page dumped because: kasan: bad access detected [ 23.150682] [ 23.150860] Memory state around the buggy address: [ 23.151205] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.151520] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.152074] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.152377] ^ [ 23.152994] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.153463] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.153949] ================================================================== [ 22.931752] ================================================================== [ 22.932717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.933413] Write of size 1 at addr ffff888100aa1ec9 by task kunit_try_catch/207 [ 22.933871] [ 22.933965] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.934015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.934027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.934048] Call Trace: [ 22.934060] <TASK> [ 22.934076] dump_stack_lvl+0x73/0xb0 [ 22.934106] print_report+0xd1/0x610 [ 22.934127] ? __virt_addr_valid+0x1db/0x2d0 [ 22.934150] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.934197] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934220] kasan_report+0x141/0x180 [ 22.934240] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934280] __asan_report_store1_noabort+0x1b/0x30 [ 22.934451] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934477] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.934500] ? finish_task_switch.isra.0+0x153/0x700 [ 22.934521] ? __switch_to+0x47/0xf80 [ 22.934548] ? __schedule+0x10c6/0x2b60 [ 22.934578] ? __pfx_read_tsc+0x10/0x10 [ 22.934602] krealloc_less_oob+0x1c/0x30 [ 22.934623] kunit_try_run_case+0x1a5/0x480 [ 22.934645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.934688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.934710] ? __kthread_parkme+0x82/0x180 [ 22.934729] ? preempt_count_sub+0x50/0x80 [ 22.934750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.934808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.934835] kthread+0x337/0x6f0 [ 22.934853] ? trace_preempt_on+0x20/0xc0 [ 22.934900] ? __pfx_kthread+0x10/0x10 [ 22.934920] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.934940] ? calculate_sigpending+0x7b/0xa0 [ 22.934964] ? __pfx_kthread+0x10/0x10 [ 22.934984] ret_from_fork+0x116/0x1d0 [ 22.935002] ? __pfx_kthread+0x10/0x10 [ 22.935021] ret_from_fork_asm+0x1a/0x30 [ 22.935051] </TASK> [ 22.935062] [ 22.946049] Allocated by task 207: [ 22.946327] kasan_save_stack+0x45/0x70 [ 22.946527] kasan_save_track+0x18/0x40 [ 22.946738] kasan_save_alloc_info+0x3b/0x50 [ 22.947204] __kasan_krealloc+0x190/0x1f0 [ 22.947369] krealloc_noprof+0xf3/0x340 [ 22.947697] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.948166] krealloc_less_oob+0x1c/0x30 [ 22.948510] kunit_try_run_case+0x1a5/0x480 [ 22.948797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.949040] kthread+0x337/0x6f0 [ 22.949217] ret_from_fork+0x116/0x1d0 [ 22.949397] ret_from_fork_asm+0x1a/0x30 [ 22.949961] [ 22.950060] The buggy address belongs to the object at ffff888100aa1e00 [ 22.950060] which belongs to the cache kmalloc-256 of size 256 [ 22.950742] The buggy address is located 0 bytes to the right of [ 22.950742] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 22.951502] [ 22.951628] The buggy address belongs to the physical page: [ 22.952298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 22.952785] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.953196] anon flags: 0x200000000000040(head|node=0|zone=2) [ 22.953424] page_type: f5(slab) [ 22.953826] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.954173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.954589] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.955241] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.955657] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 22.956080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.956410] page dumped because: kasan: bad access detected [ 22.957015] [ 22.957107] Memory state around the buggy address: [ 22.957280] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.957980] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.958409] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.958931] ^ [ 22.959273] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.959682] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.960198] ================================================================== [ 23.104441] ================================================================== [ 23.104998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.105317] Write of size 1 at addr ffff8881050f20c9 by task kunit_try_catch/211 [ 23.105678] [ 23.105783] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.105830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.105842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.105862] Call Trace: [ 23.105873] <TASK> [ 23.105890] dump_stack_lvl+0x73/0xb0 [ 23.105918] print_report+0xd1/0x610 [ 23.105939] ? __virt_addr_valid+0x1db/0x2d0 [ 23.105961] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.105984] ? kasan_addr_to_slab+0x11/0xa0 [ 23.106003] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106026] kasan_report+0x141/0x180 [ 23.106047] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106074] __asan_report_store1_noabort+0x1b/0x30 [ 23.106098] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106122] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.106145] ? finish_task_switch.isra.0+0x153/0x700 [ 23.106165] ? __switch_to+0x47/0xf80 [ 23.106191] ? __schedule+0x10c6/0x2b60 [ 23.106212] ? __pfx_read_tsc+0x10/0x10 [ 23.106237] krealloc_large_less_oob+0x1c/0x30 [ 23.106258] kunit_try_run_case+0x1a5/0x480 [ 23.106294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.106316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.106337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.106359] ? __kthread_parkme+0x82/0x180 [ 23.106379] ? preempt_count_sub+0x50/0x80 [ 23.106401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.106423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.106449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.106474] kthread+0x337/0x6f0 [ 23.106493] ? trace_preempt_on+0x20/0xc0 [ 23.106517] ? __pfx_kthread+0x10/0x10 [ 23.106537] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.106752] ? calculate_sigpending+0x7b/0xa0 [ 23.106777] ? __pfx_kthread+0x10/0x10 [ 23.106813] ret_from_fork+0x116/0x1d0 [ 23.106833] ? __pfx_kthread+0x10/0x10 [ 23.106853] ret_from_fork_asm+0x1a/0x30 [ 23.106883] </TASK> [ 23.106894] [ 23.119847] The buggy address belongs to the physical page: [ 23.120333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.120818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.121381] flags: 0x200000000000040(head|node=0|zone=2) [ 23.121861] page_type: f8(unknown) [ 23.122331] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.122783] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.123303] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.123836] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.124318] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.124735] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.125377] page dumped because: kasan: bad access detected [ 23.125666] [ 23.125903] Memory state around the buggy address: [ 23.126307] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.126816] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.127522] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.128037] ^ [ 23.128421] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.128769] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.129240] ================================================================== [ 23.040407] ================================================================== [ 23.040729] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041071] Write of size 1 at addr ffff888100aa1eeb by task kunit_try_catch/207 [ 23.041416] [ 23.041493] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.041538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.041550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.041573] Call Trace: [ 23.041588] <TASK> [ 23.041604] dump_stack_lvl+0x73/0xb0 [ 23.041631] print_report+0xd1/0x610 [ 23.041652] ? __virt_addr_valid+0x1db/0x2d0 [ 23.041675] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.041722] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041745] kasan_report+0x141/0x180 [ 23.041766] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041793] __asan_report_store1_noabort+0x1b/0x30 [ 23.041817] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041841] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.041864] ? finish_task_switch.isra.0+0x153/0x700 [ 23.041885] ? __switch_to+0x47/0xf80 [ 23.041910] ? __schedule+0x10c6/0x2b60 [ 23.041931] ? __pfx_read_tsc+0x10/0x10 [ 23.041957] krealloc_less_oob+0x1c/0x30 [ 23.041978] kunit_try_run_case+0x1a5/0x480 [ 23.042002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.042046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.042232] ? __kthread_parkme+0x82/0x180 [ 23.042257] ? preempt_count_sub+0x50/0x80 [ 23.042293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.042342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.042368] kthread+0x337/0x6f0 [ 23.042387] ? trace_preempt_on+0x20/0xc0 [ 23.042410] ? __pfx_kthread+0x10/0x10 [ 23.042429] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.042449] ? calculate_sigpending+0x7b/0xa0 [ 23.042472] ? __pfx_kthread+0x10/0x10 [ 23.042493] ret_from_fork+0x116/0x1d0 [ 23.042512] ? __pfx_kthread+0x10/0x10 [ 23.042532] ret_from_fork_asm+0x1a/0x30 [ 23.042574] </TASK> [ 23.042584] [ 23.050386] Allocated by task 207: [ 23.050717] kasan_save_stack+0x45/0x70 [ 23.050967] kasan_save_track+0x18/0x40 [ 23.051132] kasan_save_alloc_info+0x3b/0x50 [ 23.051322] __kasan_krealloc+0x190/0x1f0 [ 23.051459] krealloc_noprof+0xf3/0x340 [ 23.051707] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.052026] krealloc_less_oob+0x1c/0x30 [ 23.052165] kunit_try_run_case+0x1a5/0x480 [ 23.052340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.052590] kthread+0x337/0x6f0 [ 23.052880] ret_from_fork+0x116/0x1d0 [ 23.053076] ret_from_fork_asm+0x1a/0x30 [ 23.053277] [ 23.053341] The buggy address belongs to the object at ffff888100aa1e00 [ 23.053341] which belongs to the cache kmalloc-256 of size 256 [ 23.053725] The buggy address is located 34 bytes to the right of [ 23.053725] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.054388] [ 23.054458] The buggy address belongs to the physical page: [ 23.054623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.054856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.055160] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.055693] page_type: f5(slab) [ 23.055859] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.056259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.056675] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.057044] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.057293] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.057599] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.058211] page dumped because: kasan: bad access detected [ 23.058514] [ 23.058578] Memory state around the buggy address: [ 23.058724] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.058928] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.059132] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.059343] ^ [ 23.059535] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.059860] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.060150] ================================================================== [ 22.989466] ================================================================== [ 22.989802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.990239] Write of size 1 at addr ffff888100aa1eda by task kunit_try_catch/207 [ 22.991189] [ 22.991453] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.991505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.991518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.991537] Call Trace: [ 22.991555] <TASK> [ 22.991570] dump_stack_lvl+0x73/0xb0 [ 22.991600] print_report+0xd1/0x610 [ 22.991622] ? __virt_addr_valid+0x1db/0x2d0 [ 22.991645] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.991692] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991715] kasan_report+0x141/0x180 [ 22.991736] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991763] __asan_report_store1_noabort+0x1b/0x30 [ 22.991787] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991811] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.991834] ? finish_task_switch.isra.0+0x153/0x700 [ 22.991855] ? __switch_to+0x47/0xf80 [ 22.991964] ? __schedule+0x10c6/0x2b60 [ 22.991986] ? __pfx_read_tsc+0x10/0x10 [ 22.992013] krealloc_less_oob+0x1c/0x30 [ 22.992035] kunit_try_run_case+0x1a5/0x480 [ 22.992058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.992080] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.992101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.992123] ? __kthread_parkme+0x82/0x180 [ 22.992142] ? preempt_count_sub+0x50/0x80 [ 22.992164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.992187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.992212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.992238] kthread+0x337/0x6f0 [ 22.992256] ? trace_preempt_on+0x20/0xc0 [ 22.992294] ? __pfx_kthread+0x10/0x10 [ 22.992315] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.992334] ? calculate_sigpending+0x7b/0xa0 [ 22.992357] ? __pfx_kthread+0x10/0x10 [ 22.992378] ret_from_fork+0x116/0x1d0 [ 22.992397] ? __pfx_kthread+0x10/0x10 [ 22.992416] ret_from_fork_asm+0x1a/0x30 [ 22.992446] </TASK> [ 22.992456] [ 23.003489] Allocated by task 207: [ 23.003968] kasan_save_stack+0x45/0x70 [ 23.004131] kasan_save_track+0x18/0x40 [ 23.004461] kasan_save_alloc_info+0x3b/0x50 [ 23.004779] __kasan_krealloc+0x190/0x1f0 [ 23.005131] krealloc_noprof+0xf3/0x340 [ 23.005335] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.005537] krealloc_less_oob+0x1c/0x30 [ 23.006087] kunit_try_run_case+0x1a5/0x480 [ 23.006261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.006661] kthread+0x337/0x6f0 [ 23.006957] ret_from_fork+0x116/0x1d0 [ 23.007313] ret_from_fork_asm+0x1a/0x30 [ 23.007641] [ 23.007716] The buggy address belongs to the object at ffff888100aa1e00 [ 23.007716] which belongs to the cache kmalloc-256 of size 256 [ 23.008390] The buggy address is located 17 bytes to the right of [ 23.008390] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.009371] [ 23.009466] The buggy address belongs to the physical page: [ 23.010057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.010494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.011091] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.011355] page_type: f5(slab) [ 23.011626] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.012169] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.012514] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.013225] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.013704] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.014187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.014698] page dumped because: kasan: bad access detected [ 23.015018] [ 23.015105] Memory state around the buggy address: [ 23.015308] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.015977] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.016277] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.016567] ^ [ 23.017292] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.017607] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.018015] ================================================================== [ 23.178279] ================================================================== [ 23.178863] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.179325] Write of size 1 at addr ffff8881050f20ea by task kunit_try_catch/211 [ 23.179813] [ 23.180206] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.180381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.180396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.180416] Call Trace: [ 23.180433] <TASK> [ 23.180449] dump_stack_lvl+0x73/0xb0 [ 23.180479] print_report+0xd1/0x610 [ 23.180500] ? __virt_addr_valid+0x1db/0x2d0 [ 23.180523] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180545] ? kasan_addr_to_slab+0x11/0xa0 [ 23.180565] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180587] kasan_report+0x141/0x180 [ 23.180608] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180635] __asan_report_store1_noabort+0x1b/0x30 [ 23.180658] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180683] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.180706] ? finish_task_switch.isra.0+0x153/0x700 [ 23.180726] ? __switch_to+0x47/0xf80 [ 23.180751] ? __schedule+0x10c6/0x2b60 [ 23.180772] ? __pfx_read_tsc+0x10/0x10 [ 23.180798] krealloc_large_less_oob+0x1c/0x30 [ 23.180820] kunit_try_run_case+0x1a5/0x480 [ 23.180845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.180917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.180941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.180963] ? __kthread_parkme+0x82/0x180 [ 23.180982] ? preempt_count_sub+0x50/0x80 [ 23.181004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.181027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.181052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.181079] kthread+0x337/0x6f0 [ 23.181097] ? trace_preempt_on+0x20/0xc0 [ 23.181119] ? __pfx_kthread+0x10/0x10 [ 23.181139] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.181159] ? calculate_sigpending+0x7b/0xa0 [ 23.181182] ? __pfx_kthread+0x10/0x10 [ 23.181203] ret_from_fork+0x116/0x1d0 [ 23.181222] ? __pfx_kthread+0x10/0x10 [ 23.181241] ret_from_fork_asm+0x1a/0x30 [ 23.181285] </TASK> [ 23.181295] [ 23.193278] The buggy address belongs to the physical page: [ 23.193713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.194315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.194801] flags: 0x200000000000040(head|node=0|zone=2) [ 23.195166] page_type: f8(unknown) [ 23.195504] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.195964] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.196434] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.196998] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.197454] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.197853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.198361] page dumped because: kasan: bad access detected [ 23.198659] [ 23.198728] Memory state around the buggy address: [ 23.198930] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.199750] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.200212] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.200583] ^ [ 23.200860] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.201282] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.201575] ================================================================== [ 23.202194] ================================================================== [ 23.202593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.202926] Write of size 1 at addr ffff8881050f20eb by task kunit_try_catch/211 [ 23.203205] [ 23.203321] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.203366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.203379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.203398] Call Trace: [ 23.203413] <TASK> [ 23.203427] dump_stack_lvl+0x73/0xb0 [ 23.203453] print_report+0xd1/0x610 [ 23.203474] ? __virt_addr_valid+0x1db/0x2d0 [ 23.203496] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203519] ? kasan_addr_to_slab+0x11/0xa0 [ 23.203539] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203561] kasan_report+0x141/0x180 [ 23.203584] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203612] __asan_report_store1_noabort+0x1b/0x30 [ 23.203636] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203662] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.203686] ? finish_task_switch.isra.0+0x153/0x700 [ 23.203707] ? __switch_to+0x47/0xf80 [ 23.203732] ? __schedule+0x10c6/0x2b60 [ 23.203752] ? __pfx_read_tsc+0x10/0x10 [ 23.203779] krealloc_large_less_oob+0x1c/0x30 [ 23.203801] kunit_try_run_case+0x1a5/0x480 [ 23.203825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.203846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.203868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.203891] ? __kthread_parkme+0x82/0x180 [ 23.203911] ? preempt_count_sub+0x50/0x80 [ 23.203932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.203955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.203981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.204006] kthread+0x337/0x6f0 [ 23.204025] ? trace_preempt_on+0x20/0xc0 [ 23.204047] ? __pfx_kthread+0x10/0x10 [ 23.204067] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.204087] ? calculate_sigpending+0x7b/0xa0 [ 23.204109] ? __pfx_kthread+0x10/0x10 [ 23.204129] ret_from_fork+0x116/0x1d0 [ 23.204148] ? __pfx_kthread+0x10/0x10 [ 23.204168] ret_from_fork_asm+0x1a/0x30 [ 23.204198] </TASK> [ 23.204208] [ 23.211535] The buggy address belongs to the physical page: [ 23.211761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.211997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.212342] flags: 0x200000000000040(head|node=0|zone=2) [ 23.212658] page_type: f8(unknown) [ 23.212902] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.213247] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.213648] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.214045] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.214371] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.214728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.215010] page dumped because: kasan: bad access detected [ 23.215409] [ 23.215508] Memory state around the buggy address: [ 23.215771] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.216098] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.216329] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.216537] ^ [ 23.216909] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.217219] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.217482] ================================================================== [ 23.154549] ================================================================== [ 23.154986] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.155567] Write of size 1 at addr ffff8881050f20da by task kunit_try_catch/211 [ 23.155882] [ 23.156212] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.156504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.156519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.156539] Call Trace: [ 23.156567] <TASK> [ 23.156583] dump_stack_lvl+0x73/0xb0 [ 23.156613] print_report+0xd1/0x610 [ 23.156635] ? __virt_addr_valid+0x1db/0x2d0 [ 23.156657] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156679] ? kasan_addr_to_slab+0x11/0xa0 [ 23.156698] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156721] kasan_report+0x141/0x180 [ 23.156742] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156769] __asan_report_store1_noabort+0x1b/0x30 [ 23.156792] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156817] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.156839] ? finish_task_switch.isra.0+0x153/0x700 [ 23.156860] ? __switch_to+0x47/0xf80 [ 23.156902] ? __schedule+0x10c6/0x2b60 [ 23.156923] ? __pfx_read_tsc+0x10/0x10 [ 23.156949] krealloc_large_less_oob+0x1c/0x30 [ 23.156972] kunit_try_run_case+0x1a5/0x480 [ 23.156996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.157017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.157040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.157062] ? __kthread_parkme+0x82/0x180 [ 23.157081] ? preempt_count_sub+0x50/0x80 [ 23.157102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.157125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.157150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.157176] kthread+0x337/0x6f0 [ 23.157195] ? trace_preempt_on+0x20/0xc0 [ 23.157217] ? __pfx_kthread+0x10/0x10 [ 23.157236] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.157256] ? calculate_sigpending+0x7b/0xa0 [ 23.157290] ? __pfx_kthread+0x10/0x10 [ 23.157311] ret_from_fork+0x116/0x1d0 [ 23.157330] ? __pfx_kthread+0x10/0x10 [ 23.157349] ret_from_fork_asm+0x1a/0x30 [ 23.157379] </TASK> [ 23.157389] [ 23.168870] The buggy address belongs to the physical page: [ 23.169441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.169916] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.170406] flags: 0x200000000000040(head|node=0|zone=2) [ 23.170853] page_type: f8(unknown) [ 23.171116] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.171462] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.172209] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.172571] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.173097] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.173531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.174120] page dumped because: kasan: bad access detected [ 23.174492] [ 23.174688] Memory state around the buggy address: [ 23.174867] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.175185] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.175503] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.176181] ^ [ 23.176572] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.177319] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.177615] ================================================================== [ 22.960678] ================================================================== [ 22.960931] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962083] Write of size 1 at addr ffff888100aa1ed0 by task kunit_try_catch/207 [ 22.962415] [ 22.962669] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.962721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.962733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.962752] Call Trace: [ 22.962767] <TASK> [ 22.962783] dump_stack_lvl+0x73/0xb0 [ 22.962813] print_report+0xd1/0x610 [ 22.962835] ? __virt_addr_valid+0x1db/0x2d0 [ 22.962858] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.962968] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962991] kasan_report+0x141/0x180 [ 22.963012] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.963039] __asan_report_store1_noabort+0x1b/0x30 [ 22.963063] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.963087] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.963110] ? finish_task_switch.isra.0+0x153/0x700 [ 22.963131] ? __switch_to+0x47/0xf80 [ 22.963156] ? __schedule+0x10c6/0x2b60 [ 22.963178] ? __pfx_read_tsc+0x10/0x10 [ 22.963204] krealloc_less_oob+0x1c/0x30 [ 22.963225] kunit_try_run_case+0x1a5/0x480 [ 22.963248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.963283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.963305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.963327] ? __kthread_parkme+0x82/0x180 [ 22.963347] ? preempt_count_sub+0x50/0x80 [ 22.963369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.963391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.963417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.963442] kthread+0x337/0x6f0 [ 22.963461] ? trace_preempt_on+0x20/0xc0 [ 22.963484] ? __pfx_kthread+0x10/0x10 [ 22.963504] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.963524] ? calculate_sigpending+0x7b/0xa0 [ 22.963546] ? __pfx_kthread+0x10/0x10 [ 22.963566] ret_from_fork+0x116/0x1d0 [ 22.963584] ? __pfx_kthread+0x10/0x10 [ 22.963605] ret_from_fork_asm+0x1a/0x30 [ 22.963634] </TASK> [ 22.963644] [ 22.974387] Allocated by task 207: [ 22.974814] kasan_save_stack+0x45/0x70 [ 22.975147] kasan_save_track+0x18/0x40 [ 22.975335] kasan_save_alloc_info+0x3b/0x50 [ 22.975539] __kasan_krealloc+0x190/0x1f0 [ 22.976143] krealloc_noprof+0xf3/0x340 [ 22.976346] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.976757] krealloc_less_oob+0x1c/0x30 [ 22.977061] kunit_try_run_case+0x1a5/0x480 [ 22.977447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.977721] kthread+0x337/0x6f0 [ 22.977892] ret_from_fork+0x116/0x1d0 [ 22.978475] ret_from_fork_asm+0x1a/0x30 [ 22.978657] [ 22.978912] The buggy address belongs to the object at ffff888100aa1e00 [ 22.978912] which belongs to the cache kmalloc-256 of size 256 [ 22.979388] The buggy address is located 7 bytes to the right of [ 22.979388] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 22.980306] [ 22.980609] The buggy address belongs to the physical page: [ 22.980844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 22.981520] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.982054] anon flags: 0x200000000000040(head|node=0|zone=2) [ 22.982424] page_type: f5(slab) [ 22.982616] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.983160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.983560] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.984043] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.984404] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 22.984861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.985398] page dumped because: kasan: bad access detected [ 22.985827] [ 22.985902] Memory state around the buggy address: [ 22.986253] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.986739] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.987040] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.987537] ^ [ 22.987930] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.988351] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.988750] ================================================================== [ 23.018846] ================================================================== [ 23.019453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.020004] Write of size 1 at addr ffff888100aa1eea by task kunit_try_catch/207 [ 23.020636] [ 23.020742] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.020792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.020805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.020825] Call Trace: [ 23.020847] <TASK> [ 23.020864] dump_stack_lvl+0x73/0xb0 [ 23.020894] print_report+0xd1/0x610 [ 23.020916] ? __virt_addr_valid+0x1db/0x2d0 [ 23.020939] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.020962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.020987] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021010] kasan_report+0x141/0x180 [ 23.021031] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021058] __asan_report_store1_noabort+0x1b/0x30 [ 23.021082] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021106] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.021129] ? finish_task_switch.isra.0+0x153/0x700 [ 23.021150] ? __switch_to+0x47/0xf80 [ 23.021175] ? __schedule+0x10c6/0x2b60 [ 23.021196] ? __pfx_read_tsc+0x10/0x10 [ 23.021223] krealloc_less_oob+0x1c/0x30 [ 23.021244] kunit_try_run_case+0x1a5/0x480 [ 23.021280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.021302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.021324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.021346] ? __kthread_parkme+0x82/0x180 [ 23.021366] ? preempt_count_sub+0x50/0x80 [ 23.021387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.021409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.021435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.021461] kthread+0x337/0x6f0 [ 23.021480] ? trace_preempt_on+0x20/0xc0 [ 23.021502] ? __pfx_kthread+0x10/0x10 [ 23.021522] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.021542] ? calculate_sigpending+0x7b/0xa0 [ 23.021766] ? __pfx_kthread+0x10/0x10 [ 23.021789] ret_from_fork+0x116/0x1d0 [ 23.021809] ? __pfx_kthread+0x10/0x10 [ 23.021830] ret_from_fork_asm+0x1a/0x30 [ 23.021861] </TASK> [ 23.021925] [ 23.029627] Allocated by task 207: [ 23.029794] kasan_save_stack+0x45/0x70 [ 23.030104] kasan_save_track+0x18/0x40 [ 23.030262] kasan_save_alloc_info+0x3b/0x50 [ 23.030417] __kasan_krealloc+0x190/0x1f0 [ 23.030560] krealloc_noprof+0xf3/0x340 [ 23.030759] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.030981] krealloc_less_oob+0x1c/0x30 [ 23.031274] kunit_try_run_case+0x1a5/0x480 [ 23.031495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.031747] kthread+0x337/0x6f0 [ 23.031862] ret_from_fork+0x116/0x1d0 [ 23.032036] ret_from_fork_asm+0x1a/0x30 [ 23.032227] [ 23.032331] The buggy address belongs to the object at ffff888100aa1e00 [ 23.032331] which belongs to the cache kmalloc-256 of size 256 [ 23.032754] The buggy address is located 33 bytes to the right of [ 23.032754] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.033115] [ 23.033180] The buggy address belongs to the physical page: [ 23.033755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.034115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.034574] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.034820] page_type: f5(slab) [ 23.035127] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.035446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.035782] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.036139] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.036460] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.036835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.037054] page dumped because: kasan: bad access detected [ 23.037318] [ 23.037459] Memory state around the buggy address: [ 23.037852] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.038121] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.038346] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.038652] ^ [ 23.039208] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.039541] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.039836] ==================================================================