Hay
Date
July 16, 2025, 12:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.499758] ==================================================================
[   30.500186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.500256] Write of size 1 at addr fff00000c9b260da by task kunit_try_catch/193
[   30.500314] 
[   30.500345] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.500427] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.500454] Hardware name: linux,dummy-virt (DT)
[   30.500486] Call trace:
[   30.500819]  show_stack+0x20/0x38 (C)
[   30.500920]  dump_stack_lvl+0x8c/0xd0
[   30.500982]  print_report+0x118/0x5d0
[   30.501027]  kasan_report+0xdc/0x128
[   30.501079]  __asan_report_store1_noabort+0x20/0x30
[   30.501130]  krealloc_less_oob_helper+0xa80/0xc50
[   30.501180]  krealloc_large_less_oob+0x20/0x38
[   30.501230]  kunit_try_run_case+0x170/0x3f0
[   30.501287]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.501339]  kthread+0x328/0x630
[   30.501380]  ret_from_fork+0x10/0x20
[   30.501440] 
[   30.501480] The buggy address belongs to the physical page:
[   30.501522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   30.501576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.501622] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.501672] page_type: f8(unknown)
[   30.501720] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.501786] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.501844] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.501921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.501980] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   30.502037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.502077] page dumped because: kasan: bad access detected
[   30.502115] 
[   30.502138] Memory state around the buggy address:
[   30.502175]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.502232]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.502273] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.502310]                                                     ^
[   30.502346]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.502393]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.502432] ==================================================================
[   30.455469] ==================================================================
[   30.455632] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.455694] Write of size 1 at addr fff00000c1d5d2ea by task kunit_try_catch/189
[   30.455743] 
[   30.455821] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.455945] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.455972] Hardware name: linux,dummy-virt (DT)
[   30.456002] Call trace:
[   30.456023]  show_stack+0x20/0x38 (C)
[   30.456214]  dump_stack_lvl+0x8c/0xd0
[   30.456401]  print_report+0x118/0x5d0
[   30.456591]  kasan_report+0xdc/0x128
[   30.456799]  __asan_report_store1_noabort+0x20/0x30
[   30.456880]  krealloc_less_oob_helper+0xae4/0xc50
[   30.456930]  krealloc_less_oob+0x20/0x38
[   30.456998]  kunit_try_run_case+0x170/0x3f0
[   30.457051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.457103]  kthread+0x328/0x630
[   30.457143]  ret_from_fork+0x10/0x20
[   30.457203] 
[   30.457222] Allocated by task 189:
[   30.457249]  kasan_save_stack+0x3c/0x68
[   30.457314]  kasan_save_track+0x20/0x40
[   30.457361]  kasan_save_alloc_info+0x40/0x58
[   30.457398]  __kasan_krealloc+0x118/0x178
[   30.457460]  krealloc_noprof+0x128/0x360
[   30.458008]  krealloc_less_oob_helper+0x168/0xc50
[   30.458128]  krealloc_less_oob+0x20/0x38
[   30.458168]  kunit_try_run_case+0x170/0x3f0
[   30.458205]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.458247]  kthread+0x328/0x630
[   30.458421]  ret_from_fork+0x10/0x20
[   30.458550] 
[   30.458607] The buggy address belongs to the object at fff00000c1d5d200
[   30.458607]  which belongs to the cache kmalloc-256 of size 256
[   30.458707] The buggy address is located 33 bytes to the right of
[   30.458707]  allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9)
[   30.458834] 
[   30.458854] The buggy address belongs to the physical page:
[   30.458885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.458955] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.459001] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.459052] page_type: f5(slab)
[   30.459134] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.459362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.459468] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.459617] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.459695] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.459744] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.459783] page dumped because: kasan: bad access detected
[   30.459814] 
[   30.459867] Memory state around the buggy address:
[   30.460032]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.460107]  fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.460206] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.460323]                                                           ^
[   30.460445]  fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.460527]  fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.460565] ==================================================================
[   30.483738] ==================================================================
[   30.483834] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.483906] Write of size 1 at addr fff00000c9b260c9 by task kunit_try_catch/193
[   30.484021] 
[   30.484132] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.484254] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.484281] Hardware name: linux,dummy-virt (DT)
[   30.484311] Call trace:
[   30.484332]  show_stack+0x20/0x38 (C)
[   30.484378]  dump_stack_lvl+0x8c/0xd0
[   30.484646]  print_report+0x118/0x5d0
[   30.484752]  kasan_report+0xdc/0x128
[   30.484923]  __asan_report_store1_noabort+0x20/0x30
[   30.484994]  krealloc_less_oob_helper+0xa48/0xc50
[   30.485080]  krealloc_large_less_oob+0x20/0x38
[   30.485147]  kunit_try_run_case+0x170/0x3f0
[   30.485376]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.485533]  kthread+0x328/0x630
[   30.485680]  ret_from_fork+0x10/0x20
[   30.485795] 
[   30.485943] The buggy address belongs to the physical page:
[   30.486068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   30.486209] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.486291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.486343] page_type: f8(unknown)
[   30.486664] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.486817] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.486904] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.486977] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.487153] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   30.487256] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.487416] page dumped because: kasan: bad access detected
[   30.487469] 
[   30.487487] Memory state around the buggy address:
[   30.487531]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.487696]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.487947] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.488048]                                               ^
[   30.488168]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.488262]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.488315] ==================================================================
[   30.503544] ==================================================================
[   30.503846] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.503934] Write of size 1 at addr fff00000c9b260ea by task kunit_try_catch/193
[   30.504005] 
[   30.504054] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.504173] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.504356] Hardware name: linux,dummy-virt (DT)
[   30.504391] Call trace:
[   30.504414]  show_stack+0x20/0x38 (C)
[   30.504629]  dump_stack_lvl+0x8c/0xd0
[   30.504847]  print_report+0x118/0x5d0
[   30.505229]  kasan_report+0xdc/0x128
[   30.505599]  __asan_report_store1_noabort+0x20/0x30
[   30.505802]  krealloc_less_oob_helper+0xae4/0xc50
[   30.506247]  krealloc_large_less_oob+0x20/0x38
[   30.507052]  kunit_try_run_case+0x170/0x3f0
[   30.507608]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.507911]  kthread+0x328/0x630
[   30.508021]  ret_from_fork+0x10/0x20
[   30.508107] 
[   30.508288] The buggy address belongs to the physical page:
[   30.508561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   30.508752] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.508824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.509181] page_type: f8(unknown)
[   30.509382] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.509448] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.509799] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.509893] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.510343] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   30.510497] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.510613] page dumped because: kasan: bad access detected
[   30.510746] 
[   30.510825] Memory state around the buggy address:
[   30.511069]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.511405]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.511518] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.511653]                                                           ^
[   30.511739]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.511912]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.512178] ==================================================================
[   30.513020] ==================================================================
[   30.513104] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.513393] Write of size 1 at addr fff00000c9b260eb by task kunit_try_catch/193
[   30.513501] 
[   30.513545] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.513800] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.513885] Hardware name: linux,dummy-virt (DT)
[   30.513922] Call trace:
[   30.514028]  show_stack+0x20/0x38 (C)
[   30.514081]  dump_stack_lvl+0x8c/0xd0
[   30.514313]  print_report+0x118/0x5d0
[   30.514496]  kasan_report+0xdc/0x128
[   30.514565]  __asan_report_store1_noabort+0x20/0x30
[   30.514713]  krealloc_less_oob_helper+0xa58/0xc50
[   30.514818]  krealloc_large_less_oob+0x20/0x38
[   30.515043]  kunit_try_run_case+0x170/0x3f0
[   30.515098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.515446]  kthread+0x328/0x630
[   30.515526]  ret_from_fork+0x10/0x20
[   30.515875] 
[   30.515986] The buggy address belongs to the physical page:
[   30.516142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   30.516356] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.516540] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.516624] page_type: f8(unknown)
[   30.516663] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.516714] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.516764] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.517204] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.517357] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   30.517504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.517615] page dumped because: kasan: bad access detected
[   30.517647] 
[   30.517792] Memory state around the buggy address:
[   30.518006]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.518296]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.518435] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.518517]                                                           ^
[   30.518557]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.518772]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.519033] ==================================================================
[   30.461400] ==================================================================
[   30.461447] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.461496] Write of size 1 at addr fff00000c1d5d2eb by task kunit_try_catch/189
[   30.461689] 
[   30.461751] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.461839] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.461865] Hardware name: linux,dummy-virt (DT)
[   30.461979] Call trace:
[   30.462008]  show_stack+0x20/0x38 (C)
[   30.462072]  dump_stack_lvl+0x8c/0xd0
[   30.462136]  print_report+0x118/0x5d0
[   30.462179]  kasan_report+0xdc/0x128
[   30.462238]  __asan_report_store1_noabort+0x20/0x30
[   30.462287]  krealloc_less_oob_helper+0xa58/0xc50
[   30.462336]  krealloc_less_oob+0x20/0x38
[   30.462594]  kunit_try_run_case+0x170/0x3f0
[   30.462694]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.462779]  kthread+0x328/0x630
[   30.462845]  ret_from_fork+0x10/0x20
[   30.462893] 
[   30.462937] Allocated by task 189:
[   30.463074]  kasan_save_stack+0x3c/0x68
[   30.463116]  kasan_save_track+0x20/0x40
[   30.463234]  kasan_save_alloc_info+0x40/0x58
[   30.463278]  __kasan_krealloc+0x118/0x178
[   30.463313]  krealloc_noprof+0x128/0x360
[   30.463351]  krealloc_less_oob_helper+0x168/0xc50
[   30.463420]  krealloc_less_oob+0x20/0x38
[   30.463458]  kunit_try_run_case+0x170/0x3f0
[   30.463494]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.463659]  kthread+0x328/0x630
[   30.463694]  ret_from_fork+0x10/0x20
[   30.463729] 
[   30.463747] The buggy address belongs to the object at fff00000c1d5d200
[   30.463747]  which belongs to the cache kmalloc-256 of size 256
[   30.463914] The buggy address is located 34 bytes to the right of
[   30.463914]  allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9)
[   30.463985] 
[   30.464004] The buggy address belongs to the physical page:
[   30.464035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.464284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.464475] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.464619] page_type: f5(slab)
[   30.464739] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.464836] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.464960] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.465024] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.465347] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.465417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.465521] page dumped because: kasan: bad access detected
[   30.465589] 
[   30.465652] Memory state around the buggy address:
[   30.465783]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.465839]  fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.465881] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.465919]                                                           ^
[   30.465957]  fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.466010]  fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.466047] ==================================================================
[   30.445578] ==================================================================
[   30.445681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.445833] Write of size 1 at addr fff00000c1d5d2da by task kunit_try_catch/189
[   30.445890] 
[   30.445919] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.446209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.446256] Hardware name: linux,dummy-virt (DT)
[   30.446294] Call trace:
[   30.446332]  show_stack+0x20/0x38 (C)
[   30.446414]  dump_stack_lvl+0x8c/0xd0
[   30.446479]  print_report+0x118/0x5d0
[   30.446539]  kasan_report+0xdc/0x128
[   30.446582]  __asan_report_store1_noabort+0x20/0x30
[   30.446660]  krealloc_less_oob_helper+0xa80/0xc50
[   30.446712]  krealloc_less_oob+0x20/0x38
[   30.446775]  kunit_try_run_case+0x170/0x3f0
[   30.446840]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.446902]  kthread+0x328/0x630
[   30.446964]  ret_from_fork+0x10/0x20
[   30.447030] 
[   30.447049] Allocated by task 189:
[   30.447119]  kasan_save_stack+0x3c/0x68
[   30.447185]  kasan_save_track+0x20/0x40
[   30.447242]  kasan_save_alloc_info+0x40/0x58
[   30.447282]  __kasan_krealloc+0x118/0x178
[   30.447337]  krealloc_noprof+0x128/0x360
[   30.447381]  krealloc_less_oob_helper+0x168/0xc50
[   30.447423]  krealloc_less_oob+0x20/0x38
[   30.447459]  kunit_try_run_case+0x170/0x3f0
[   30.447495]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.447547]  kthread+0x328/0x630
[   30.447579]  ret_from_fork+0x10/0x20
[   30.447658] 
[   30.447676] The buggy address belongs to the object at fff00000c1d5d200
[   30.447676]  which belongs to the cache kmalloc-256 of size 256
[   30.447885] The buggy address is located 17 bytes to the right of
[   30.447885]  allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9)
[   30.448012] 
[   30.448092] The buggy address belongs to the physical page:
[   30.448132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.448184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.448375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.449632] page_type: f5(slab)
[   30.449681] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.449847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.449905] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.450404] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.450548] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.450618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.451720] page dumped because: kasan: bad access detected
[   30.452050] 
[   30.452361] Memory state around the buggy address:
[   30.452401]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.453472]  fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.453859] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.454179]                                                     ^
[   30.454231]  fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.454363]  fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.454498] ==================================================================
[   30.489813] ==================================================================
[   30.489865] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.489995] Write of size 1 at addr fff00000c9b260d0 by task kunit_try_catch/193
[   30.490255] 
[   30.490300] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.490610] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.490718] Hardware name: linux,dummy-virt (DT)
[   30.490753] Call trace:
[   30.490808]  show_stack+0x20/0x38 (C)
[   30.490859]  dump_stack_lvl+0x8c/0xd0
[   30.491109]  print_report+0x118/0x5d0
[   30.491177]  kasan_report+0xdc/0x128
[   30.491221]  __asan_report_store1_noabort+0x20/0x30
[   30.491270]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.491320]  krealloc_large_less_oob+0x20/0x38
[   30.491368]  kunit_try_run_case+0x170/0x3f0
[   30.491415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.491467]  kthread+0x328/0x630
[   30.491606]  ret_from_fork+0x10/0x20
[   30.491661] 
[   30.491692] The buggy address belongs to the physical page:
[   30.491723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   30.491907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.492082] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.492413] page_type: f8(unknown)
[   30.492496] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.493049] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.493342] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.493499] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.493622] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   30.493692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.493752] page dumped because: kasan: bad access detected
[   30.493928] 
[   30.494233] Memory state around the buggy address:
[   30.494600]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.494669]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.494792] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.494866]                                                  ^
[   30.495087]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.495425]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.495484] ==================================================================
[   30.431756] ==================================================================
[   30.431935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.431991] Write of size 1 at addr fff00000c1d5d2c9 by task kunit_try_catch/189
[   30.432113] 
[   30.432163] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.432248] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.432421] Hardware name: linux,dummy-virt (DT)
[   30.432453] Call trace:
[   30.432474]  show_stack+0x20/0x38 (C)
[   30.432606]  dump_stack_lvl+0x8c/0xd0
[   30.432784]  print_report+0x118/0x5d0
[   30.432829]  kasan_report+0xdc/0x128
[   30.433170]  __asan_report_store1_noabort+0x20/0x30
[   30.433312]  krealloc_less_oob_helper+0xa48/0xc50
[   30.433467]  krealloc_less_oob+0x20/0x38
[   30.433578]  kunit_try_run_case+0x170/0x3f0
[   30.433637]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.433822]  kthread+0x328/0x630
[   30.434067]  ret_from_fork+0x10/0x20
[   30.434192] 
[   30.434262] Allocated by task 189:
[   30.434357]  kasan_save_stack+0x3c/0x68
[   30.434456]  kasan_save_track+0x20/0x40
[   30.434542]  kasan_save_alloc_info+0x40/0x58
[   30.434616]  __kasan_krealloc+0x118/0x178
[   30.434717]  krealloc_noprof+0x128/0x360
[   30.434814]  krealloc_less_oob_helper+0x168/0xc50
[   30.434875]  krealloc_less_oob+0x20/0x38
[   30.434912]  kunit_try_run_case+0x170/0x3f0
[   30.435243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.435395]  kthread+0x328/0x630
[   30.435465]  ret_from_fork+0x10/0x20
[   30.435576] 
[   30.435721] The buggy address belongs to the object at fff00000c1d5d200
[   30.435721]  which belongs to the cache kmalloc-256 of size 256
[   30.435875] The buggy address is located 0 bytes to the right of
[   30.435875]  allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9)
[   30.436007] 
[   30.436098] The buggy address belongs to the physical page:
[   30.436146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.436210] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.436257] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.436311] page_type: f5(slab)
[   30.436523] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.436620] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.436840] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.436957] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.437114] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.437230] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.437405] page dumped because: kasan: bad access detected
[   30.437484] 
[   30.437540] Memory state around the buggy address:
[   30.437573]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.437956]  fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.438011] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.438144]                                               ^
[   30.438250]  fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.438399]  fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.438481] ==================================================================
[   30.439466] ==================================================================
[   30.439527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.439575] Write of size 1 at addr fff00000c1d5d2d0 by task kunit_try_catch/189
[   30.439627] 
[   30.439783] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.440077] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.440135] Hardware name: linux,dummy-virt (DT)
[   30.440237] Call trace:
[   30.440350]  show_stack+0x20/0x38 (C)
[   30.440470]  dump_stack_lvl+0x8c/0xd0
[   30.440654]  print_report+0x118/0x5d0
[   30.440717]  kasan_report+0xdc/0x128
[   30.440784]  __asan_report_store1_noabort+0x20/0x30
[   30.440833]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.441179]  krealloc_less_oob+0x20/0x38
[   30.441294]  kunit_try_run_case+0x170/0x3f0
[   30.441436]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.441625]  kthread+0x328/0x630
[   30.441758]  ret_from_fork+0x10/0x20
[   30.441892] 
[   30.442033] Allocated by task 189:
[   30.442071]  kasan_save_stack+0x3c/0x68
[   30.442108]  kasan_save_track+0x20/0x40
[   30.442187]  kasan_save_alloc_info+0x40/0x58
[   30.442420]  __kasan_krealloc+0x118/0x178
[   30.442684]  krealloc_noprof+0x128/0x360
[   30.442796]  krealloc_less_oob_helper+0x168/0xc50
[   30.442857]  krealloc_less_oob+0x20/0x38
[   30.442935]  kunit_try_run_case+0x170/0x3f0
[   30.442972]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.443014]  kthread+0x328/0x630
[   30.443058]  ret_from_fork+0x10/0x20
[   30.443093] 
[   30.443112] The buggy address belongs to the object at fff00000c1d5d200
[   30.443112]  which belongs to the cache kmalloc-256 of size 256
[   30.443180] The buggy address is located 7 bytes to the right of
[   30.443180]  allocated 201-byte region [fff00000c1d5d200, fff00000c1d5d2c9)
[   30.443244] 
[   30.443263] The buggy address belongs to the physical page:
[   30.443294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.443346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.443393] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.443443] page_type: f5(slab)
[   30.443478] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.443540] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.443591] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.443656] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.443715] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.443772] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.443811] page dumped because: kasan: bad access detected
[   30.443841] 
[   30.443858] Memory state around the buggy address:
[   30.443889]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.443931]  fff00000c1d5d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.444400] >fff00000c1d5d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.444456]                                                  ^
[   30.444668]  fff00000c1d5d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.444791]  fff00000c1d5d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.444889] ==================================================================

[   23.130671] ==================================================================
[   23.131041] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   23.131370] Write of size 1 at addr ffff8881050f20d0 by task kunit_try_catch/211
[   23.131878] 
[   23.132264] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.132438] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.132453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.132473] Call Trace:
[   23.132487]  <TASK>
[   23.132502]  dump_stack_lvl+0x73/0xb0
[   23.132533]  print_report+0xd1/0x610
[   23.132563]  ? __virt_addr_valid+0x1db/0x2d0
[   23.132586]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.132608]  ? kasan_addr_to_slab+0x11/0xa0
[   23.132628]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.132651]  kasan_report+0x141/0x180
[   23.132672]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   23.132699]  __asan_report_store1_noabort+0x1b/0x30
[   23.132722]  krealloc_less_oob_helper+0xe23/0x11d0
[   23.132747]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.132769]  ? finish_task_switch.isra.0+0x153/0x700
[   23.132790]  ? __switch_to+0x47/0xf80
[   23.132815]  ? __schedule+0x10c6/0x2b60
[   23.132836]  ? __pfx_read_tsc+0x10/0x10
[   23.132862]  krealloc_large_less_oob+0x1c/0x30
[   23.132886]  kunit_try_run_case+0x1a5/0x480
[   23.132910]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.132931]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.132952]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.132974]  ? __kthread_parkme+0x82/0x180
[   23.132993]  ? preempt_count_sub+0x50/0x80
[   23.133015]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.133038]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.133064]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.133089]  kthread+0x337/0x6f0
[   23.133108]  ? trace_preempt_on+0x20/0xc0
[   23.133131]  ? __pfx_kthread+0x10/0x10
[   23.133151]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.133171]  ? calculate_sigpending+0x7b/0xa0
[   23.133194]  ? __pfx_kthread+0x10/0x10
[   23.133214]  ret_from_fork+0x116/0x1d0
[   23.133233]  ? __pfx_kthread+0x10/0x10
[   23.133255]  ret_from_fork_asm+0x1a/0x30
[   23.133300]  </TASK>
[   23.133310] 
[   23.145381] The buggy address belongs to the physical page:
[   23.145876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.146471] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.146986] flags: 0x200000000000040(head|node=0|zone=2)
[   23.147319] page_type: f8(unknown)
[   23.147454] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.147881] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.148289] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.148770] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.149305] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.149820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.150308] page dumped because: kasan: bad access detected
[   23.150682] 
[   23.150860] Memory state around the buggy address:
[   23.151205]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.151520]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.152074] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.152377]                                                  ^
[   23.152994]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.153463]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.153949] ==================================================================
[   22.931752] ==================================================================
[   22.932717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   22.933413] Write of size 1 at addr ffff888100aa1ec9 by task kunit_try_catch/207
[   22.933871] 
[   22.933965] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   22.934015] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.934027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.934048] Call Trace:
[   22.934060]  <TASK>
[   22.934076]  dump_stack_lvl+0x73/0xb0
[   22.934106]  print_report+0xd1/0x610
[   22.934127]  ? __virt_addr_valid+0x1db/0x2d0
[   22.934150]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.934172]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.934197]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.934220]  kasan_report+0x141/0x180
[   22.934240]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   22.934280]  __asan_report_store1_noabort+0x1b/0x30
[   22.934451]  krealloc_less_oob_helper+0xd70/0x11d0
[   22.934477]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.934500]  ? finish_task_switch.isra.0+0x153/0x700
[   22.934521]  ? __switch_to+0x47/0xf80
[   22.934548]  ? __schedule+0x10c6/0x2b60
[   22.934578]  ? __pfx_read_tsc+0x10/0x10
[   22.934602]  krealloc_less_oob+0x1c/0x30
[   22.934623]  kunit_try_run_case+0x1a5/0x480
[   22.934645]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.934667]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.934688]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.934710]  ? __kthread_parkme+0x82/0x180
[   22.934729]  ? preempt_count_sub+0x50/0x80
[   22.934750]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.934773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.934808]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.934835]  kthread+0x337/0x6f0
[   22.934853]  ? trace_preempt_on+0x20/0xc0
[   22.934900]  ? __pfx_kthread+0x10/0x10
[   22.934920]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.934940]  ? calculate_sigpending+0x7b/0xa0
[   22.934964]  ? __pfx_kthread+0x10/0x10
[   22.934984]  ret_from_fork+0x116/0x1d0
[   22.935002]  ? __pfx_kthread+0x10/0x10
[   22.935021]  ret_from_fork_asm+0x1a/0x30
[   22.935051]  </TASK>
[   22.935062] 
[   22.946049] Allocated by task 207:
[   22.946327]  kasan_save_stack+0x45/0x70
[   22.946527]  kasan_save_track+0x18/0x40
[   22.946738]  kasan_save_alloc_info+0x3b/0x50
[   22.947204]  __kasan_krealloc+0x190/0x1f0
[   22.947369]  krealloc_noprof+0xf3/0x340
[   22.947697]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.948166]  krealloc_less_oob+0x1c/0x30
[   22.948510]  kunit_try_run_case+0x1a5/0x480
[   22.948797]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.949040]  kthread+0x337/0x6f0
[   22.949217]  ret_from_fork+0x116/0x1d0
[   22.949397]  ret_from_fork_asm+0x1a/0x30
[   22.949961] 
[   22.950060] The buggy address belongs to the object at ffff888100aa1e00
[   22.950060]  which belongs to the cache kmalloc-256 of size 256
[   22.950742] The buggy address is located 0 bytes to the right of
[   22.950742]  allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9)
[   22.951502] 
[   22.951628] The buggy address belongs to the physical page:
[   22.952298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   22.952785] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.953196] anon flags: 0x200000000000040(head|node=0|zone=2)
[   22.953424] page_type: f5(slab)
[   22.953826] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   22.954173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.954589] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   22.955241] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.955657] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   22.956080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.956410] page dumped because: kasan: bad access detected
[   22.957015] 
[   22.957107] Memory state around the buggy address:
[   22.957280]  ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.957980]  ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.958409] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.958931]                                               ^
[   22.959273]  ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.959682]  ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.960198] ==================================================================
[   23.104441] ==================================================================
[   23.104998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   23.105317] Write of size 1 at addr ffff8881050f20c9 by task kunit_try_catch/211
[   23.105678] 
[   23.105783] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.105830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.105842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.105862] Call Trace:
[   23.105873]  <TASK>
[   23.105890]  dump_stack_lvl+0x73/0xb0
[   23.105918]  print_report+0xd1/0x610
[   23.105939]  ? __virt_addr_valid+0x1db/0x2d0
[   23.105961]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.105984]  ? kasan_addr_to_slab+0x11/0xa0
[   23.106003]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.106026]  kasan_report+0x141/0x180
[   23.106047]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   23.106074]  __asan_report_store1_noabort+0x1b/0x30
[   23.106098]  krealloc_less_oob_helper+0xd70/0x11d0
[   23.106122]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.106145]  ? finish_task_switch.isra.0+0x153/0x700
[   23.106165]  ? __switch_to+0x47/0xf80
[   23.106191]  ? __schedule+0x10c6/0x2b60
[   23.106212]  ? __pfx_read_tsc+0x10/0x10
[   23.106237]  krealloc_large_less_oob+0x1c/0x30
[   23.106258]  kunit_try_run_case+0x1a5/0x480
[   23.106294]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.106316]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.106337]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.106359]  ? __kthread_parkme+0x82/0x180
[   23.106379]  ? preempt_count_sub+0x50/0x80
[   23.106401]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.106423]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.106449]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.106474]  kthread+0x337/0x6f0
[   23.106493]  ? trace_preempt_on+0x20/0xc0
[   23.106517]  ? __pfx_kthread+0x10/0x10
[   23.106537]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.106752]  ? calculate_sigpending+0x7b/0xa0
[   23.106777]  ? __pfx_kthread+0x10/0x10
[   23.106813]  ret_from_fork+0x116/0x1d0
[   23.106833]  ? __pfx_kthread+0x10/0x10
[   23.106853]  ret_from_fork_asm+0x1a/0x30
[   23.106883]  </TASK>
[   23.106894] 
[   23.119847] The buggy address belongs to the physical page:
[   23.120333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.120818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.121381] flags: 0x200000000000040(head|node=0|zone=2)
[   23.121861] page_type: f8(unknown)
[   23.122331] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.122783] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.123303] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.123836] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.124318] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.124735] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.125377] page dumped because: kasan: bad access detected
[   23.125666] 
[   23.125903] Memory state around the buggy address:
[   23.126307]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.126816]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.127522] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.128037]                                               ^
[   23.128421]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.128769]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.129240] ==================================================================
[   23.040407] ==================================================================
[   23.040729] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.041071] Write of size 1 at addr ffff888100aa1eeb by task kunit_try_catch/207
[   23.041416] 
[   23.041493] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.041538] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.041550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.041573] Call Trace:
[   23.041588]  <TASK>
[   23.041604]  dump_stack_lvl+0x73/0xb0
[   23.041631]  print_report+0xd1/0x610
[   23.041652]  ? __virt_addr_valid+0x1db/0x2d0
[   23.041675]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.041698]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.041722]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.041745]  kasan_report+0x141/0x180
[   23.041766]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.041793]  __asan_report_store1_noabort+0x1b/0x30
[   23.041817]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.041841]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.041864]  ? finish_task_switch.isra.0+0x153/0x700
[   23.041885]  ? __switch_to+0x47/0xf80
[   23.041910]  ? __schedule+0x10c6/0x2b60
[   23.041931]  ? __pfx_read_tsc+0x10/0x10
[   23.041957]  krealloc_less_oob+0x1c/0x30
[   23.041978]  kunit_try_run_case+0x1a5/0x480
[   23.042002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.042024]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.042046]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.042232]  ? __kthread_parkme+0x82/0x180
[   23.042257]  ? preempt_count_sub+0x50/0x80
[   23.042293]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.042316]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.042342]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.042368]  kthread+0x337/0x6f0
[   23.042387]  ? trace_preempt_on+0x20/0xc0
[   23.042410]  ? __pfx_kthread+0x10/0x10
[   23.042429]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.042449]  ? calculate_sigpending+0x7b/0xa0
[   23.042472]  ? __pfx_kthread+0x10/0x10
[   23.042493]  ret_from_fork+0x116/0x1d0
[   23.042512]  ? __pfx_kthread+0x10/0x10
[   23.042532]  ret_from_fork_asm+0x1a/0x30
[   23.042574]  </TASK>
[   23.042584] 
[   23.050386] Allocated by task 207:
[   23.050717]  kasan_save_stack+0x45/0x70
[   23.050967]  kasan_save_track+0x18/0x40
[   23.051132]  kasan_save_alloc_info+0x3b/0x50
[   23.051322]  __kasan_krealloc+0x190/0x1f0
[   23.051459]  krealloc_noprof+0xf3/0x340
[   23.051707]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.052026]  krealloc_less_oob+0x1c/0x30
[   23.052165]  kunit_try_run_case+0x1a5/0x480
[   23.052340]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.052590]  kthread+0x337/0x6f0
[   23.052880]  ret_from_fork+0x116/0x1d0
[   23.053076]  ret_from_fork_asm+0x1a/0x30
[   23.053277] 
[   23.053341] The buggy address belongs to the object at ffff888100aa1e00
[   23.053341]  which belongs to the cache kmalloc-256 of size 256
[   23.053725] The buggy address is located 34 bytes to the right of
[   23.053725]  allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9)
[   23.054388] 
[   23.054458] The buggy address belongs to the physical page:
[   23.054623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   23.054856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.055160] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.055693] page_type: f5(slab)
[   23.055859] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.056259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.056675] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.057044] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.057293] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   23.057599] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.058211] page dumped because: kasan: bad access detected
[   23.058514] 
[   23.058578] Memory state around the buggy address:
[   23.058724]  ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.058928]  ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.059132] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.059343]                                                           ^
[   23.059535]  ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.059860]  ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.060150] ==================================================================
[   22.989466] ==================================================================
[   22.989802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   22.990239] Write of size 1 at addr ffff888100aa1eda by task kunit_try_catch/207
[   22.991189] 
[   22.991453] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   22.991505] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.991518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.991537] Call Trace:
[   22.991555]  <TASK>
[   22.991570]  dump_stack_lvl+0x73/0xb0
[   22.991600]  print_report+0xd1/0x610
[   22.991622]  ? __virt_addr_valid+0x1db/0x2d0
[   22.991645]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.991667]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.991692]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.991715]  kasan_report+0x141/0x180
[   22.991736]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   22.991763]  __asan_report_store1_noabort+0x1b/0x30
[   22.991787]  krealloc_less_oob_helper+0xec6/0x11d0
[   22.991811]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.991834]  ? finish_task_switch.isra.0+0x153/0x700
[   22.991855]  ? __switch_to+0x47/0xf80
[   22.991964]  ? __schedule+0x10c6/0x2b60
[   22.991986]  ? __pfx_read_tsc+0x10/0x10
[   22.992013]  krealloc_less_oob+0x1c/0x30
[   22.992035]  kunit_try_run_case+0x1a5/0x480
[   22.992058]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.992080]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.992101]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.992123]  ? __kthread_parkme+0x82/0x180
[   22.992142]  ? preempt_count_sub+0x50/0x80
[   22.992164]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.992187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.992212]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.992238]  kthread+0x337/0x6f0
[   22.992256]  ? trace_preempt_on+0x20/0xc0
[   22.992294]  ? __pfx_kthread+0x10/0x10
[   22.992315]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.992334]  ? calculate_sigpending+0x7b/0xa0
[   22.992357]  ? __pfx_kthread+0x10/0x10
[   22.992378]  ret_from_fork+0x116/0x1d0
[   22.992397]  ? __pfx_kthread+0x10/0x10
[   22.992416]  ret_from_fork_asm+0x1a/0x30
[   22.992446]  </TASK>
[   22.992456] 
[   23.003489] Allocated by task 207:
[   23.003968]  kasan_save_stack+0x45/0x70
[   23.004131]  kasan_save_track+0x18/0x40
[   23.004461]  kasan_save_alloc_info+0x3b/0x50
[   23.004779]  __kasan_krealloc+0x190/0x1f0
[   23.005131]  krealloc_noprof+0xf3/0x340
[   23.005335]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.005537]  krealloc_less_oob+0x1c/0x30
[   23.006087]  kunit_try_run_case+0x1a5/0x480
[   23.006261]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.006661]  kthread+0x337/0x6f0
[   23.006957]  ret_from_fork+0x116/0x1d0
[   23.007313]  ret_from_fork_asm+0x1a/0x30
[   23.007641] 
[   23.007716] The buggy address belongs to the object at ffff888100aa1e00
[   23.007716]  which belongs to the cache kmalloc-256 of size 256
[   23.008390] The buggy address is located 17 bytes to the right of
[   23.008390]  allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9)
[   23.009371] 
[   23.009466] The buggy address belongs to the physical page:
[   23.010057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   23.010494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.011091] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.011355] page_type: f5(slab)
[   23.011626] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.012169] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.012514] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.013225] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.013704] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   23.014187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.014698] page dumped because: kasan: bad access detected
[   23.015018] 
[   23.015105] Memory state around the buggy address:
[   23.015308]  ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.015977]  ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.016277] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.016567]                                                     ^
[   23.017292]  ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.017607]  ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.018015] ==================================================================
[   23.178279] ==================================================================
[   23.178863] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.179325] Write of size 1 at addr ffff8881050f20ea by task kunit_try_catch/211
[   23.179813] 
[   23.180206] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.180381] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.180396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.180416] Call Trace:
[   23.180433]  <TASK>
[   23.180449]  dump_stack_lvl+0x73/0xb0
[   23.180479]  print_report+0xd1/0x610
[   23.180500]  ? __virt_addr_valid+0x1db/0x2d0
[   23.180523]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.180545]  ? kasan_addr_to_slab+0x11/0xa0
[   23.180565]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.180587]  kasan_report+0x141/0x180
[   23.180608]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.180635]  __asan_report_store1_noabort+0x1b/0x30
[   23.180658]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.180683]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.180706]  ? finish_task_switch.isra.0+0x153/0x700
[   23.180726]  ? __switch_to+0x47/0xf80
[   23.180751]  ? __schedule+0x10c6/0x2b60
[   23.180772]  ? __pfx_read_tsc+0x10/0x10
[   23.180798]  krealloc_large_less_oob+0x1c/0x30
[   23.180820]  kunit_try_run_case+0x1a5/0x480
[   23.180845]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.180917]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.180941]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.180963]  ? __kthread_parkme+0x82/0x180
[   23.180982]  ? preempt_count_sub+0x50/0x80
[   23.181004]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.181027]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.181052]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.181079]  kthread+0x337/0x6f0
[   23.181097]  ? trace_preempt_on+0x20/0xc0
[   23.181119]  ? __pfx_kthread+0x10/0x10
[   23.181139]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.181159]  ? calculate_sigpending+0x7b/0xa0
[   23.181182]  ? __pfx_kthread+0x10/0x10
[   23.181203]  ret_from_fork+0x116/0x1d0
[   23.181222]  ? __pfx_kthread+0x10/0x10
[   23.181241]  ret_from_fork_asm+0x1a/0x30
[   23.181285]  </TASK>
[   23.181295] 
[   23.193278] The buggy address belongs to the physical page:
[   23.193713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.194315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.194801] flags: 0x200000000000040(head|node=0|zone=2)
[   23.195166] page_type: f8(unknown)
[   23.195504] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.195964] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.196434] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.196998] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.197454] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.197853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.198361] page dumped because: kasan: bad access detected
[   23.198659] 
[   23.198728] Memory state around the buggy address:
[   23.198930]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.199750]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.200212] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.200583]                                                           ^
[   23.200860]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.201282]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.201575] ==================================================================
[   23.202194] ==================================================================
[   23.202593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   23.202926] Write of size 1 at addr ffff8881050f20eb by task kunit_try_catch/211
[   23.203205] 
[   23.203321] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.203366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.203379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.203398] Call Trace:
[   23.203413]  <TASK>
[   23.203427]  dump_stack_lvl+0x73/0xb0
[   23.203453]  print_report+0xd1/0x610
[   23.203474]  ? __virt_addr_valid+0x1db/0x2d0
[   23.203496]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.203519]  ? kasan_addr_to_slab+0x11/0xa0
[   23.203539]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.203561]  kasan_report+0x141/0x180
[   23.203584]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   23.203612]  __asan_report_store1_noabort+0x1b/0x30
[   23.203636]  krealloc_less_oob_helper+0xd47/0x11d0
[   23.203662]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.203686]  ? finish_task_switch.isra.0+0x153/0x700
[   23.203707]  ? __switch_to+0x47/0xf80
[   23.203732]  ? __schedule+0x10c6/0x2b60
[   23.203752]  ? __pfx_read_tsc+0x10/0x10
[   23.203779]  krealloc_large_less_oob+0x1c/0x30
[   23.203801]  kunit_try_run_case+0x1a5/0x480
[   23.203825]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.203846]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.203868]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.203891]  ? __kthread_parkme+0x82/0x180
[   23.203911]  ? preempt_count_sub+0x50/0x80
[   23.203932]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.203955]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.203981]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.204006]  kthread+0x337/0x6f0
[   23.204025]  ? trace_preempt_on+0x20/0xc0
[   23.204047]  ? __pfx_kthread+0x10/0x10
[   23.204067]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.204087]  ? calculate_sigpending+0x7b/0xa0
[   23.204109]  ? __pfx_kthread+0x10/0x10
[   23.204129]  ret_from_fork+0x116/0x1d0
[   23.204148]  ? __pfx_kthread+0x10/0x10
[   23.204168]  ret_from_fork_asm+0x1a/0x30
[   23.204198]  </TASK>
[   23.204208] 
[   23.211535] The buggy address belongs to the physical page:
[   23.211761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.211997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.212342] flags: 0x200000000000040(head|node=0|zone=2)
[   23.212658] page_type: f8(unknown)
[   23.212902] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.213247] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.213648] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.214045] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.214371] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.214728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.215010] page dumped because: kasan: bad access detected
[   23.215409] 
[   23.215508] Memory state around the buggy address:
[   23.215771]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.216098]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.216329] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.216537]                                                           ^
[   23.216909]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.217219]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.217482] ==================================================================
[   23.154549] ==================================================================
[   23.154986] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   23.155567] Write of size 1 at addr ffff8881050f20da by task kunit_try_catch/211
[   23.155882] 
[   23.156212] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.156504] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.156519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.156539] Call Trace:
[   23.156567]  <TASK>
[   23.156583]  dump_stack_lvl+0x73/0xb0
[   23.156613]  print_report+0xd1/0x610
[   23.156635]  ? __virt_addr_valid+0x1db/0x2d0
[   23.156657]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.156679]  ? kasan_addr_to_slab+0x11/0xa0
[   23.156698]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.156721]  kasan_report+0x141/0x180
[   23.156742]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   23.156769]  __asan_report_store1_noabort+0x1b/0x30
[   23.156792]  krealloc_less_oob_helper+0xec6/0x11d0
[   23.156817]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.156839]  ? finish_task_switch.isra.0+0x153/0x700
[   23.156860]  ? __switch_to+0x47/0xf80
[   23.156902]  ? __schedule+0x10c6/0x2b60
[   23.156923]  ? __pfx_read_tsc+0x10/0x10
[   23.156949]  krealloc_large_less_oob+0x1c/0x30
[   23.156972]  kunit_try_run_case+0x1a5/0x480
[   23.156996]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.157017]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.157040]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.157062]  ? __kthread_parkme+0x82/0x180
[   23.157081]  ? preempt_count_sub+0x50/0x80
[   23.157102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.157125]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.157150]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.157176]  kthread+0x337/0x6f0
[   23.157195]  ? trace_preempt_on+0x20/0xc0
[   23.157217]  ? __pfx_kthread+0x10/0x10
[   23.157236]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.157256]  ? calculate_sigpending+0x7b/0xa0
[   23.157290]  ? __pfx_kthread+0x10/0x10
[   23.157311]  ret_from_fork+0x116/0x1d0
[   23.157330]  ? __pfx_kthread+0x10/0x10
[   23.157349]  ret_from_fork_asm+0x1a/0x30
[   23.157379]  </TASK>
[   23.157389] 
[   23.168870] The buggy address belongs to the physical page:
[   23.169441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.169916] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.170406] flags: 0x200000000000040(head|node=0|zone=2)
[   23.170853] page_type: f8(unknown)
[   23.171116] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.171462] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.172209] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.172571] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.173097] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.173531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.174120] page dumped because: kasan: bad access detected
[   23.174492] 
[   23.174688] Memory state around the buggy address:
[   23.174867]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.175185]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.175503] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.176181]                                                     ^
[   23.176572]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.177319]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.177615] ==================================================================
[   22.960678] ==================================================================
[   22.960931] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   22.962083] Write of size 1 at addr ffff888100aa1ed0 by task kunit_try_catch/207
[   22.962415] 
[   22.962669] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   22.962721] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.962733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.962752] Call Trace:
[   22.962767]  <TASK>
[   22.962783]  dump_stack_lvl+0x73/0xb0
[   22.962813]  print_report+0xd1/0x610
[   22.962835]  ? __virt_addr_valid+0x1db/0x2d0
[   22.962858]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.962943]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.962968]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.962991]  kasan_report+0x141/0x180
[   22.963012]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   22.963039]  __asan_report_store1_noabort+0x1b/0x30
[   22.963063]  krealloc_less_oob_helper+0xe23/0x11d0
[   22.963087]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.963110]  ? finish_task_switch.isra.0+0x153/0x700
[   22.963131]  ? __switch_to+0x47/0xf80
[   22.963156]  ? __schedule+0x10c6/0x2b60
[   22.963178]  ? __pfx_read_tsc+0x10/0x10
[   22.963204]  krealloc_less_oob+0x1c/0x30
[   22.963225]  kunit_try_run_case+0x1a5/0x480
[   22.963248]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.963283]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.963305]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.963327]  ? __kthread_parkme+0x82/0x180
[   22.963347]  ? preempt_count_sub+0x50/0x80
[   22.963369]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.963391]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.963417]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.963442]  kthread+0x337/0x6f0
[   22.963461]  ? trace_preempt_on+0x20/0xc0
[   22.963484]  ? __pfx_kthread+0x10/0x10
[   22.963504]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.963524]  ? calculate_sigpending+0x7b/0xa0
[   22.963546]  ? __pfx_kthread+0x10/0x10
[   22.963566]  ret_from_fork+0x116/0x1d0
[   22.963584]  ? __pfx_kthread+0x10/0x10
[   22.963605]  ret_from_fork_asm+0x1a/0x30
[   22.963634]  </TASK>
[   22.963644] 
[   22.974387] Allocated by task 207:
[   22.974814]  kasan_save_stack+0x45/0x70
[   22.975147]  kasan_save_track+0x18/0x40
[   22.975335]  kasan_save_alloc_info+0x3b/0x50
[   22.975539]  __kasan_krealloc+0x190/0x1f0
[   22.976143]  krealloc_noprof+0xf3/0x340
[   22.976346]  krealloc_less_oob_helper+0x1aa/0x11d0
[   22.976757]  krealloc_less_oob+0x1c/0x30
[   22.977061]  kunit_try_run_case+0x1a5/0x480
[   22.977447]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.977721]  kthread+0x337/0x6f0
[   22.977892]  ret_from_fork+0x116/0x1d0
[   22.978475]  ret_from_fork_asm+0x1a/0x30
[   22.978657] 
[   22.978912] The buggy address belongs to the object at ffff888100aa1e00
[   22.978912]  which belongs to the cache kmalloc-256 of size 256
[   22.979388] The buggy address is located 7 bytes to the right of
[   22.979388]  allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9)
[   22.980306] 
[   22.980609] The buggy address belongs to the physical page:
[   22.980844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   22.981520] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.982054] anon flags: 0x200000000000040(head|node=0|zone=2)
[   22.982424] page_type: f5(slab)
[   22.982616] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   22.983160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.983560] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   22.984043] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.984404] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   22.984861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.985398] page dumped because: kasan: bad access detected
[   22.985827] 
[   22.985902] Memory state around the buggy address:
[   22.986253]  ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.986739]  ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.987040] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.987537]                                                  ^
[   22.987930]  ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.988351]  ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.988750] ==================================================================
[   23.018846] ==================================================================
[   23.019453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   23.020004] Write of size 1 at addr ffff888100aa1eea by task kunit_try_catch/207
[   23.020636] 
[   23.020742] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.020792] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.020805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.020825] Call Trace:
[   23.020847]  <TASK>
[   23.020864]  dump_stack_lvl+0x73/0xb0
[   23.020894]  print_report+0xd1/0x610
[   23.020916]  ? __virt_addr_valid+0x1db/0x2d0
[   23.020939]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.020962]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.020987]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.021010]  kasan_report+0x141/0x180
[   23.021031]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   23.021058]  __asan_report_store1_noabort+0x1b/0x30
[   23.021082]  krealloc_less_oob_helper+0xe90/0x11d0
[   23.021106]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.021129]  ? finish_task_switch.isra.0+0x153/0x700
[   23.021150]  ? __switch_to+0x47/0xf80
[   23.021175]  ? __schedule+0x10c6/0x2b60
[   23.021196]  ? __pfx_read_tsc+0x10/0x10
[   23.021223]  krealloc_less_oob+0x1c/0x30
[   23.021244]  kunit_try_run_case+0x1a5/0x480
[   23.021280]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.021302]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.021324]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.021346]  ? __kthread_parkme+0x82/0x180
[   23.021366]  ? preempt_count_sub+0x50/0x80
[   23.021387]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.021409]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.021435]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.021461]  kthread+0x337/0x6f0
[   23.021480]  ? trace_preempt_on+0x20/0xc0
[   23.021502]  ? __pfx_kthread+0x10/0x10
[   23.021522]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.021542]  ? calculate_sigpending+0x7b/0xa0
[   23.021766]  ? __pfx_kthread+0x10/0x10
[   23.021789]  ret_from_fork+0x116/0x1d0
[   23.021809]  ? __pfx_kthread+0x10/0x10
[   23.021830]  ret_from_fork_asm+0x1a/0x30
[   23.021861]  </TASK>
[   23.021925] 
[   23.029627] Allocated by task 207:
[   23.029794]  kasan_save_stack+0x45/0x70
[   23.030104]  kasan_save_track+0x18/0x40
[   23.030262]  kasan_save_alloc_info+0x3b/0x50
[   23.030417]  __kasan_krealloc+0x190/0x1f0
[   23.030560]  krealloc_noprof+0xf3/0x340
[   23.030759]  krealloc_less_oob_helper+0x1aa/0x11d0
[   23.030981]  krealloc_less_oob+0x1c/0x30
[   23.031274]  kunit_try_run_case+0x1a5/0x480
[   23.031495]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.031747]  kthread+0x337/0x6f0
[   23.031862]  ret_from_fork+0x116/0x1d0
[   23.032036]  ret_from_fork_asm+0x1a/0x30
[   23.032227] 
[   23.032331] The buggy address belongs to the object at ffff888100aa1e00
[   23.032331]  which belongs to the cache kmalloc-256 of size 256
[   23.032754] The buggy address is located 33 bytes to the right of
[   23.032754]  allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9)
[   23.033115] 
[   23.033180] The buggy address belongs to the physical page:
[   23.033755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   23.034115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.034574] anon flags: 0x200000000000040(head|node=0|zone=2)
[   23.034820] page_type: f5(slab)
[   23.035127] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.035446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.035782] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   23.036139] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.036460] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   23.036835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.037054] page dumped because: kasan: bad access detected
[   23.037318] 
[   23.037459] Memory state around the buggy address:
[   23.037852]  ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.038121]  ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.038346] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.038652]                                                           ^
[   23.039208]  ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.039541]  ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.039836] ==================================================================