Hay
Date
July 17, 2025, 10:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.412251] ==================================================================
[   29.412312] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.412632] Write of size 1 at addr fff00000c78096c9 by task kunit_try_catch/189
[   29.412744] 
[   29.412902] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.413032] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.413181] Hardware name: linux,dummy-virt (DT)
[   29.413250] Call trace:
[   29.413382]  show_stack+0x20/0x38 (C)
[   29.413439]  dump_stack_lvl+0x8c/0xd0
[   29.413507]  print_report+0x118/0x5d0
[   29.413551]  kasan_report+0xdc/0x128
[   29.413595]  __asan_report_store1_noabort+0x20/0x30
[   29.413797]  krealloc_less_oob_helper+0xa48/0xc50
[   29.414069]  krealloc_less_oob+0x20/0x38
[   29.414211]  kunit_try_run_case+0x170/0x3f0
[   29.414275]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.414558]  kthread+0x328/0x630
[   29.414658]  ret_from_fork+0x10/0x20
[   29.414858] 
[   29.414925] Allocated by task 189:
[   29.415039]  kasan_save_stack+0x3c/0x68
[   29.415137]  kasan_save_track+0x20/0x40
[   29.415275]  kasan_save_alloc_info+0x40/0x58
[   29.415382]  __kasan_krealloc+0x118/0x178
[   29.415522]  krealloc_noprof+0x128/0x360
[   29.415582]  krealloc_less_oob_helper+0x168/0xc50
[   29.415622]  krealloc_less_oob+0x20/0x38
[   29.415694]  kunit_try_run_case+0x170/0x3f0
[   29.416138]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.416294]  kthread+0x328/0x630
[   29.416403]  ret_from_fork+0x10/0x20
[   29.416524] 
[   29.416602] The buggy address belongs to the object at fff00000c7809600
[   29.416602]  which belongs to the cache kmalloc-256 of size 256
[   29.416753] The buggy address is located 0 bytes to the right of
[   29.416753]  allocated 201-byte region [fff00000c7809600, fff00000c78096c9)
[   29.416840] 
[   29.416879] The buggy address belongs to the physical page:
[   29.416910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.416984] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.417030] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.417090] page_type: f5(slab)
[   29.417129] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.417177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.417279] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.417526] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.417598] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.417656] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.417709] page dumped because: kasan: bad access detected
[   29.417745] 
[   29.417764] Memory state around the buggy address:
[   29.417798]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.417850]  fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.417891] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.417938]                                               ^
[   29.417986]  fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.418029]  fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.418085] ==================================================================
[   29.436268] ==================================================================
[   29.436317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.436396] Write of size 1 at addr fff00000c78096ea by task kunit_try_catch/189
[   29.436445] 
[   29.436478] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.436559] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.436584] Hardware name: linux,dummy-virt (DT)
[   29.436785] Call trace:
[   29.436813]  show_stack+0x20/0x38 (C)
[   29.436865]  dump_stack_lvl+0x8c/0xd0
[   29.436913]  print_report+0x118/0x5d0
[   29.436957]  kasan_report+0xdc/0x128
[   29.436999]  __asan_report_store1_noabort+0x20/0x30
[   29.437047]  krealloc_less_oob_helper+0xae4/0xc50
[   29.437111]  krealloc_less_oob+0x20/0x38
[   29.437159]  kunit_try_run_case+0x170/0x3f0
[   29.437203]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.437254]  kthread+0x328/0x630
[   29.437295]  ret_from_fork+0x10/0x20
[   29.437341] 
[   29.437359] Allocated by task 189:
[   29.437386]  kasan_save_stack+0x3c/0x68
[   29.437423]  kasan_save_track+0x20/0x40
[   29.437457]  kasan_save_alloc_info+0x40/0x58
[   29.437494]  __kasan_krealloc+0x118/0x178
[   29.437528]  krealloc_noprof+0x128/0x360
[   29.437566]  krealloc_less_oob_helper+0x168/0xc50
[   29.437605]  krealloc_less_oob+0x20/0x38
[   29.437642]  kunit_try_run_case+0x170/0x3f0
[   29.437678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.437719]  kthread+0x328/0x630
[   29.437750]  ret_from_fork+0x10/0x20
[   29.437783] 
[   29.437801] The buggy address belongs to the object at fff00000c7809600
[   29.437801]  which belongs to the cache kmalloc-256 of size 256
[   29.437855] The buggy address is located 33 bytes to the right of
[   29.437855]  allocated 201-byte region [fff00000c7809600, fff00000c78096c9)
[   29.437916] 
[   29.437935] The buggy address belongs to the physical page:
[   29.437964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.438015] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.439564] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.439730] page_type: f5(slab)
[   29.439783] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.439866] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.440193] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.440290] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.440408] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.440484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.440630] page dumped because: kasan: bad access detected
[   29.440667] 
[   29.440684] Memory state around the buggy address:
[   29.440716]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.440757]  fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.440827] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.440863]                                                           ^
[   29.440900]  fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.440966]  fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.441003] ==================================================================
[   29.487464] ==================================================================
[   29.487661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.487740] Write of size 1 at addr fff00000c646a0eb by task kunit_try_catch/193
[   29.487808] 
[   29.487838] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.487925] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.487952] Hardware name: linux,dummy-virt (DT)
[   29.488170] Call trace:
[   29.488238]  show_stack+0x20/0x38 (C)
[   29.488357]  dump_stack_lvl+0x8c/0xd0
[   29.488410]  print_report+0x118/0x5d0
[   29.488453]  kasan_report+0xdc/0x128
[   29.488501]  __asan_report_store1_noabort+0x20/0x30
[   29.488645]  krealloc_less_oob_helper+0xa58/0xc50
[   29.488758]  krealloc_large_less_oob+0x20/0x38
[   29.488919]  kunit_try_run_case+0x170/0x3f0
[   29.488995]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.489156]  kthread+0x328/0x630
[   29.489227]  ret_from_fork+0x10/0x20
[   29.489274] 
[   29.489490] The buggy address belongs to the physical page:
[   29.489581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468
[   29.489673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.489830] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.489881] page_type: f8(unknown)
[   29.489936] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.490146] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.490304] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.490370] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.490498] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff
[   29.490546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.490603] page dumped because: kasan: bad access detected
[   29.490804] 
[   29.490974] Memory state around the buggy address:
[   29.491065]  fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.491212]  fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.491273] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.491493]                                                           ^
[   29.491642]  fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.491706]  fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.491807] ==================================================================
[   29.479317] ==================================================================
[   29.479391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.479441] Write of size 1 at addr fff00000c646a0da by task kunit_try_catch/193
[   29.479542] 
[   29.479579] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.479697] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.479723] Hardware name: linux,dummy-virt (DT)
[   29.479773] Call trace:
[   29.479821]  show_stack+0x20/0x38 (C)
[   29.479872]  dump_stack_lvl+0x8c/0xd0
[   29.479973]  print_report+0x118/0x5d0
[   29.480036]  kasan_report+0xdc/0x128
[   29.480186]  __asan_report_store1_noabort+0x20/0x30
[   29.480238]  krealloc_less_oob_helper+0xa80/0xc50
[   29.480295]  krealloc_large_less_oob+0x20/0x38
[   29.480436]  kunit_try_run_case+0x170/0x3f0
[   29.480483]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.480541]  kthread+0x328/0x630
[   29.480586]  ret_from_fork+0x10/0x20
[   29.480977] 
[   29.481017] The buggy address belongs to the physical page:
[   29.481130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468
[   29.481203] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.481412] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.481569] page_type: f8(unknown)
[   29.481645] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.481709] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.481790] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.481855] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.481940] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff
[   29.482026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.482084] page dumped because: kasan: bad access detected
[   29.482272] 
[   29.482350] Memory state around the buggy address:
[   29.482471]  fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.482525]  fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.482571] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.482837]                                                     ^
[   29.482930]  fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.482993]  fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.483109] ==================================================================
[   29.473391] ==================================================================
[   29.473434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.473482] Write of size 1 at addr fff00000c646a0d0 by task kunit_try_catch/193
[   29.473529] 
[   29.473557] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.473641] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.473850] Hardware name: linux,dummy-virt (DT)
[   29.474338] Call trace:
[   29.474560]  show_stack+0x20/0x38 (C)
[   29.474661]  dump_stack_lvl+0x8c/0xd0
[   29.474711]  print_report+0x118/0x5d0
[   29.474762]  kasan_report+0xdc/0x128
[   29.474929]  __asan_report_store1_noabort+0x20/0x30
[   29.475004]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.475165]  krealloc_large_less_oob+0x20/0x38
[   29.475244]  kunit_try_run_case+0x170/0x3f0
[   29.475371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.475458]  kthread+0x328/0x630
[   29.475587]  ret_from_fork+0x10/0x20
[   29.475680] 
[   29.475864] The buggy address belongs to the physical page:
[   29.475898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468
[   29.476014] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.476112] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.476244] page_type: f8(unknown)
[   29.476320] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.476607] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.476760] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.476841] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.476968] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff
[   29.477040] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.477146] page dumped because: kasan: bad access detected
[   29.477177] 
[   29.477194] Memory state around the buggy address:
[   29.477245]  fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.477286]  fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.477487] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.477542]                                                  ^
[   29.478013]  fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.478077]  fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.478179] ==================================================================
[   29.483652] ==================================================================
[   29.483715] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.483771] Write of size 1 at addr fff00000c646a0ea by task kunit_try_catch/193
[   29.483827] 
[   29.483958] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.484162] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.484201] Hardware name: linux,dummy-virt (DT)
[   29.484238] Call trace:
[   29.484277]  show_stack+0x20/0x38 (C)
[   29.484330]  dump_stack_lvl+0x8c/0xd0
[   29.484376]  print_report+0x118/0x5d0
[   29.484728]  kasan_report+0xdc/0x128
[   29.484814]  __asan_report_store1_noabort+0x20/0x30
[   29.484946]  krealloc_less_oob_helper+0xae4/0xc50
[   29.485021]  krealloc_large_less_oob+0x20/0x38
[   29.485117]  kunit_try_run_case+0x170/0x3f0
[   29.485163]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.485213]  kthread+0x328/0x630
[   29.485256]  ret_from_fork+0x10/0x20
[   29.485307] 
[   29.485342] The buggy address belongs to the physical page:
[   29.485381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468
[   29.485439] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.485484] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.485538] page_type: f8(unknown)
[   29.485586] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.485653] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.485701] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.485747] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.485804] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff
[   29.485860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.485898] page dumped because: kasan: bad access detected
[   29.485941] 
[   29.485959] Memory state around the buggy address:
[   29.485988]  fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.486030]  fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.486082] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.486117]                                                           ^
[   29.486153]  fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.486200]  fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.486251] ==================================================================
[   29.442130] ==================================================================
[   29.442206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.442269] Write of size 1 at addr fff00000c78096eb by task kunit_try_catch/189
[   29.442349] 
[   29.442410] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.442493] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.442713] Hardware name: linux,dummy-virt (DT)
[   29.442817] Call trace:
[   29.442842]  show_stack+0x20/0x38 (C)
[   29.442895]  dump_stack_lvl+0x8c/0xd0
[   29.442984]  print_report+0x118/0x5d0
[   29.443037]  kasan_report+0xdc/0x128
[   29.443325]  __asan_report_store1_noabort+0x20/0x30
[   29.443446]  krealloc_less_oob_helper+0xa58/0xc50
[   29.443501]  krealloc_less_oob+0x20/0x38
[   29.443547]  kunit_try_run_case+0x170/0x3f0
[   29.443630]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.443707]  kthread+0x328/0x630
[   29.443749]  ret_from_fork+0x10/0x20
[   29.444018] 
[   29.444101] Allocated by task 189:
[   29.444134]  kasan_save_stack+0x3c/0x68
[   29.444177]  kasan_save_track+0x20/0x40
[   29.444211]  kasan_save_alloc_info+0x40/0x58
[   29.444262]  __kasan_krealloc+0x118/0x178
[   29.444300]  krealloc_noprof+0x128/0x360
[   29.444439]  krealloc_less_oob_helper+0x168/0xc50
[   29.444494]  krealloc_less_oob+0x20/0x38
[   29.444532]  kunit_try_run_case+0x170/0x3f0
[   29.444642]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.444707]  kthread+0x328/0x630
[   29.444874]  ret_from_fork+0x10/0x20
[   29.444920] 
[   29.444940] The buggy address belongs to the object at fff00000c7809600
[   29.444940]  which belongs to the cache kmalloc-256 of size 256
[   29.444996] The buggy address is located 34 bytes to the right of
[   29.444996]  allocated 201-byte region [fff00000c7809600, fff00000c78096c9)
[   29.445076] 
[   29.445095] The buggy address belongs to the physical page:
[   29.445126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.445222] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.445270] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.445320] page_type: f5(slab)
[   29.445357] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.445424] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.445472] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.445519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.445566] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.445612] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.445651] page dumped because: kasan: bad access detected
[   29.445680] 
[   29.445697] Memory state around the buggy address:
[   29.445736]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.445777]  fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.445826] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.445862]                                                           ^
[   29.445898]  fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.445947]  fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.445982] ==================================================================
[   29.419696] ==================================================================
[   29.419746] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.419796] Write of size 1 at addr fff00000c78096d0 by task kunit_try_catch/189
[   29.419992] 
[   29.420033] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.420350] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.420438] Hardware name: linux,dummy-virt (DT)
[   29.420520] Call trace:
[   29.420628]  show_stack+0x20/0x38 (C)
[   29.420726]  dump_stack_lvl+0x8c/0xd0
[   29.420819]  print_report+0x118/0x5d0
[   29.420908]  kasan_report+0xdc/0x128
[   29.420951]  __asan_report_store1_noabort+0x20/0x30
[   29.420999]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.421047]  krealloc_less_oob+0x20/0x38
[   29.421495]  kunit_try_run_case+0x170/0x3f0
[   29.421655]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.421770]  kthread+0x328/0x630
[   29.421919]  ret_from_fork+0x10/0x20
[   29.422026] 
[   29.422142] Allocated by task 189:
[   29.422233]  kasan_save_stack+0x3c/0x68
[   29.422283]  kasan_save_track+0x20/0x40
[   29.422317]  kasan_save_alloc_info+0x40/0x58
[   29.422567]  __kasan_krealloc+0x118/0x178
[   29.422720]  krealloc_noprof+0x128/0x360
[   29.422878]  krealloc_less_oob_helper+0x168/0xc50
[   29.423002]  krealloc_less_oob+0x20/0x38
[   29.423187]  kunit_try_run_case+0x170/0x3f0
[   29.423243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.423342]  kthread+0x328/0x630
[   29.423724]  ret_from_fork+0x10/0x20
[   29.423889] 
[   29.423981] The buggy address belongs to the object at fff00000c7809600
[   29.423981]  which belongs to the cache kmalloc-256 of size 256
[   29.424189] The buggy address is located 7 bytes to the right of
[   29.424189]  allocated 201-byte region [fff00000c7809600, fff00000c78096c9)
[   29.424290] 
[   29.424336] The buggy address belongs to the physical page:
[   29.424433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.424488] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.424533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.424597] page_type: f5(slab)
[   29.424635] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.424842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.425012] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.425105] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.425164] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.425212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.425249] page dumped because: kasan: bad access detected
[   29.425288] 
[   29.425306] Memory state around the buggy address:
[   29.425336]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.425376]  fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.425415] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.425451]                                                  ^
[   29.425485]  fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.425535]  fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.425572] ==================================================================
[   29.427256] ==================================================================
[   29.427305] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.427354] Write of size 1 at addr fff00000c78096da by task kunit_try_catch/189
[   29.427402] 
[   29.427648] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.428127] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.428427] Hardware name: linux,dummy-virt (DT)
[   29.428459] Call trace:
[   29.428481]  show_stack+0x20/0x38 (C)
[   29.428531]  dump_stack_lvl+0x8c/0xd0
[   29.429201]  print_report+0x118/0x5d0
[   29.429536]  kasan_report+0xdc/0x128
[   29.430321]  __asan_report_store1_noabort+0x20/0x30
[   29.432740]  krealloc_less_oob_helper+0xa80/0xc50
[   29.432804]  krealloc_less_oob+0x20/0x38
[   29.432851]  kunit_try_run_case+0x170/0x3f0
[   29.432899]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.432949]  kthread+0x328/0x630
[   29.432991]  ret_from_fork+0x10/0x20
[   29.433038] 
[   29.433067] Allocated by task 189:
[   29.433096]  kasan_save_stack+0x3c/0x68
[   29.433135]  kasan_save_track+0x20/0x40
[   29.433169]  kasan_save_alloc_info+0x40/0x58
[   29.433205]  __kasan_krealloc+0x118/0x178
[   29.433267]  krealloc_noprof+0x128/0x360
[   29.433305]  krealloc_less_oob_helper+0x168/0xc50
[   29.433344]  krealloc_less_oob+0x20/0x38
[   29.433380]  kunit_try_run_case+0x170/0x3f0
[   29.433870]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.433926]  kthread+0x328/0x630
[   29.433959]  ret_from_fork+0x10/0x20
[   29.433994] 
[   29.434014] The buggy address belongs to the object at fff00000c7809600
[   29.434014]  which belongs to the cache kmalloc-256 of size 256
[   29.434085] The buggy address is located 17 bytes to the right of
[   29.434085]  allocated 201-byte region [fff00000c7809600, fff00000c78096c9)
[   29.434147] 
[   29.434167] The buggy address belongs to the physical page:
[   29.434198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.434252] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.434298] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.434349] page_type: f5(slab)
[   29.434389] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.434437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.434486] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.434533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.434579] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.434626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.434664] page dumped because: kasan: bad access detected
[   29.434693] 
[   29.434711] Memory state around the buggy address:
[   29.434741]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.434788]  fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.434828] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.434864]                                                     ^
[   29.434899]  fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.434938]  fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.434973] ==================================================================
[   29.469897] ==================================================================
[   29.469966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.470025] Write of size 1 at addr fff00000c646a0c9 by task kunit_try_catch/193
[   29.470087] 
[   29.470120] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.470201] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.470236] Hardware name: linux,dummy-virt (DT)
[   29.470267] Call trace:
[   29.470290]  show_stack+0x20/0x38 (C)
[   29.470338]  dump_stack_lvl+0x8c/0xd0
[   29.470386]  print_report+0x118/0x5d0
[   29.470430]  kasan_report+0xdc/0x128
[   29.470473]  __asan_report_store1_noabort+0x20/0x30
[   29.470530]  krealloc_less_oob_helper+0xa48/0xc50
[   29.470587]  krealloc_large_less_oob+0x20/0x38
[   29.470635]  kunit_try_run_case+0x170/0x3f0
[   29.470691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.470744]  kthread+0x328/0x630
[   29.470799]  ret_from_fork+0x10/0x20
[   29.470847] 
[   29.470875] The buggy address belongs to the physical page:
[   29.470906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468
[   29.470958] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.471005] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.471394] page_type: f8(unknown)
[   29.471623] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.471753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.471805] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.471868] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.471934] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff
[   29.471988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.472122] page dumped because: kasan: bad access detected
[   29.472191] 
[   29.472219] Memory state around the buggy address:
[   29.472274]  fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.472544]  fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.472632] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.472762]                                               ^
[   29.472819]  fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.472873]  fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.473023] ==================================================================

[   25.585625] ==================================================================
[   25.585982] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   25.586323] Write of size 1 at addr ffff88810602e0da by task kunit_try_catch/211
[   25.586646] 
[   25.586722] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.586766] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.586777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.586797] Call Trace:
[   25.586811]  <TASK>
[   25.586825]  dump_stack_lvl+0x73/0xb0
[   25.586851]  print_report+0xd1/0x610
[   25.586871]  ? __virt_addr_valid+0x1db/0x2d0
[   25.586959]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.586986]  ? kasan_addr_to_slab+0x11/0xa0
[   25.587006]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.587029]  kasan_report+0x141/0x180
[   25.587050]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.587088]  __asan_report_store1_noabort+0x1b/0x30
[   25.587111]  krealloc_less_oob_helper+0xec6/0x11d0
[   25.587136]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.587159]  ? finish_task_switch.isra.0+0x153/0x700
[   25.587179]  ? __switch_to+0x47/0xf80
[   25.587203]  ? __schedule+0x10c6/0x2b60
[   25.587225]  ? __pfx_read_tsc+0x10/0x10
[   25.587248]  krealloc_large_less_oob+0x1c/0x30
[   25.587270]  kunit_try_run_case+0x1a5/0x480
[   25.587293]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.587314]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.587335]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.587358]  ? __kthread_parkme+0x82/0x180
[   25.587381]  ? preempt_count_sub+0x50/0x80
[   25.587403]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.587425]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.587447]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.587469]  kthread+0x337/0x6f0
[   25.587487]  ? trace_preempt_on+0x20/0xc0
[   25.587510]  ? __pfx_kthread+0x10/0x10
[   25.587529]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.587550]  ? calculate_sigpending+0x7b/0xa0
[   25.587572]  ? __pfx_kthread+0x10/0x10
[   25.587592]  ret_from_fork+0x116/0x1d0
[   25.587610]  ? __pfx_kthread+0x10/0x10
[   25.587630]  ret_from_fork_asm+0x1a/0x30
[   25.587661]  </TASK>
[   25.587670] 
[   25.594977] The buggy address belongs to the physical page:
[   25.595235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.595522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.595789] flags: 0x200000000000040(head|node=0|zone=2)
[   25.596024] page_type: f8(unknown)
[   25.596197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.596504] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.596789] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.597004] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.597250] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.597754] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.598113] page dumped because: kasan: bad access detected
[   25.598547] 
[   25.598641] Memory state around the buggy address:
[   25.598857]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.599106]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.599304] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.599498]                                                     ^
[   25.599692]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.599988]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.600484] ==================================================================
[   25.542160] ==================================================================
[   25.543219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   25.543966] Write of size 1 at addr ffff88810602e0c9 by task kunit_try_catch/211
[   25.544837] 
[   25.545005] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.545052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.545063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.545094] Call Trace:
[   25.545106]  <TASK>
[   25.545122]  dump_stack_lvl+0x73/0xb0
[   25.545151]  print_report+0xd1/0x610
[   25.545172]  ? __virt_addr_valid+0x1db/0x2d0
[   25.545196]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.545218]  ? kasan_addr_to_slab+0x11/0xa0
[   25.545237]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.545260]  kasan_report+0x141/0x180
[   25.545291]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.545320]  __asan_report_store1_noabort+0x1b/0x30
[   25.545344]  krealloc_less_oob_helper+0xd70/0x11d0
[   25.545368]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.545390]  ? finish_task_switch.isra.0+0x153/0x700
[   25.545412]  ? __switch_to+0x47/0xf80
[   25.545437]  ? __schedule+0x10c6/0x2b60
[   25.545459]  ? __pfx_read_tsc+0x10/0x10
[   25.545483]  krealloc_large_less_oob+0x1c/0x30
[   25.545532]  kunit_try_run_case+0x1a5/0x480
[   25.545557]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.545589]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.545619]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.545642]  ? __kthread_parkme+0x82/0x180
[   25.545665]  ? preempt_count_sub+0x50/0x80
[   25.545688]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.545711]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.545733]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.545755]  kthread+0x337/0x6f0
[   25.545773]  ? trace_preempt_on+0x20/0xc0
[   25.545796]  ? __pfx_kthread+0x10/0x10
[   25.545816]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.545836]  ? calculate_sigpending+0x7b/0xa0
[   25.545859]  ? __pfx_kthread+0x10/0x10
[   25.545879]  ret_from_fork+0x116/0x1d0
[   25.545897]  ? __pfx_kthread+0x10/0x10
[   25.545916]  ret_from_fork_asm+0x1a/0x30
[   25.545952]  </TASK>
[   25.545962] 
[   25.558271] The buggy address belongs to the physical page:
[   25.558787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.559709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.560373] flags: 0x200000000000040(head|node=0|zone=2)
[   25.560970] page_type: f8(unknown)
[   25.561339] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.561984] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.562371] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.563090] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.563803] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.564033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.564456] page dumped because: kasan: bad access detected
[   25.564954] 
[   25.565143] Memory state around the buggy address:
[   25.565639]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.566329]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.567215] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.567693]                                               ^
[   25.567862]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.568063]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.568273] ==================================================================
[   25.364446] ==================================================================
[   25.364909] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   25.365257] Write of size 1 at addr ffff8881060c48c9 by task kunit_try_catch/207
[   25.365638] 
[   25.365741] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.365894] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.366022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.366044] Call Trace:
[   25.366056]  <TASK>
[   25.366074]  dump_stack_lvl+0x73/0xb0
[   25.366192]  print_report+0xd1/0x610
[   25.366216]  ? __virt_addr_valid+0x1db/0x2d0
[   25.366262]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.366295]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.366321]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.366344]  kasan_report+0x141/0x180
[   25.366365]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.366392]  __asan_report_store1_noabort+0x1b/0x30
[   25.366416]  krealloc_less_oob_helper+0xd70/0x11d0
[   25.366440]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.366463]  ? finish_task_switch.isra.0+0x153/0x700
[   25.366484]  ? __switch_to+0x47/0xf80
[   25.366509]  ? __schedule+0x10c6/0x2b60
[   25.366532]  ? __pfx_read_tsc+0x10/0x10
[   25.366556]  krealloc_less_oob+0x1c/0x30
[   25.366576]  kunit_try_run_case+0x1a5/0x480
[   25.366600]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.366620]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.366642]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.366664]  ? __kthread_parkme+0x82/0x180
[   25.366688]  ? preempt_count_sub+0x50/0x80
[   25.366709]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.366732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.366753]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.366775]  kthread+0x337/0x6f0
[   25.366793]  ? trace_preempt_on+0x20/0xc0
[   25.366818]  ? __pfx_kthread+0x10/0x10
[   25.366837]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.366858]  ? calculate_sigpending+0x7b/0xa0
[   25.366881]  ? __pfx_kthread+0x10/0x10
[   25.366901]  ret_from_fork+0x116/0x1d0
[   25.366919]  ? __pfx_kthread+0x10/0x10
[   25.366938]  ret_from_fork_asm+0x1a/0x30
[   25.366970]  </TASK>
[   25.366980] 
[   25.375667] Allocated by task 207:
[   25.375922]  kasan_save_stack+0x45/0x70
[   25.376062]  kasan_save_track+0x18/0x40
[   25.376346]  kasan_save_alloc_info+0x3b/0x50
[   25.377058]  __kasan_krealloc+0x190/0x1f0
[   25.377229]  krealloc_noprof+0xf3/0x340
[   25.377516]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.377795]  krealloc_less_oob+0x1c/0x30
[   25.377989]  kunit_try_run_case+0x1a5/0x480
[   25.378159]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.378489]  kthread+0x337/0x6f0
[   25.378690]  ret_from_fork+0x116/0x1d0
[   25.378816]  ret_from_fork_asm+0x1a/0x30
[   25.379004] 
[   25.379103] The buggy address belongs to the object at ffff8881060c4800
[   25.379103]  which belongs to the cache kmalloc-256 of size 256
[   25.379893] The buggy address is located 0 bytes to the right of
[   25.379893]  allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9)
[   25.380854] 
[   25.380928] The buggy address belongs to the physical page:
[   25.381463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.381929] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.382378] flags: 0x200000000000040(head|node=0|zone=2)
[   25.382682] page_type: f5(slab)
[   25.382842] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.383323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.383618] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.383933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.384368] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.384668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.384960] page dumped because: kasan: bad access detected
[   25.385347] 
[   25.385432] Memory state around the buggy address:
[   25.385672]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.385950]  ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.386450] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.386750]                                               ^
[   25.386948]  ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.387454]  ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.387726] ==================================================================
[   25.413408] ==================================================================
[   25.413916] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   25.414334] Write of size 1 at addr ffff8881060c48da by task kunit_try_catch/207
[   25.414638] 
[   25.414730] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.414777] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.414788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.414808] Call Trace:
[   25.414824]  <TASK>
[   25.414840]  dump_stack_lvl+0x73/0xb0
[   25.414868]  print_report+0xd1/0x610
[   25.414891]  ? __virt_addr_valid+0x1db/0x2d0
[   25.414913]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.414935]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.414960]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.414983]  kasan_report+0x141/0x180
[   25.415004]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.415032]  __asan_report_store1_noabort+0x1b/0x30
[   25.415059]  krealloc_less_oob_helper+0xec6/0x11d0
[   25.415093]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.415116]  ? finish_task_switch.isra.0+0x153/0x700
[   25.415137]  ? __switch_to+0x47/0xf80
[   25.415162]  ? __schedule+0x10c6/0x2b60
[   25.415184]  ? __pfx_read_tsc+0x10/0x10
[   25.415207]  krealloc_less_oob+0x1c/0x30
[   25.415228]  kunit_try_run_case+0x1a5/0x480
[   25.415250]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.415272]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.415342]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.415364]  ? __kthread_parkme+0x82/0x180
[   25.415398]  ? preempt_count_sub+0x50/0x80
[   25.415420]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.415443]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.415464]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.415486]  kthread+0x337/0x6f0
[   25.415847]  ? trace_preempt_on+0x20/0xc0
[   25.415874]  ? __pfx_kthread+0x10/0x10
[   25.415894]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.415915]  ? calculate_sigpending+0x7b/0xa0
[   25.415938]  ? __pfx_kthread+0x10/0x10
[   25.415958]  ret_from_fork+0x116/0x1d0
[   25.415976]  ? __pfx_kthread+0x10/0x10
[   25.415996]  ret_from_fork_asm+0x1a/0x30
[   25.416026]  </TASK>
[   25.416037] 
[   25.425915] Allocated by task 207:
[   25.426253]  kasan_save_stack+0x45/0x70
[   25.426599]  kasan_save_track+0x18/0x40
[   25.426892]  kasan_save_alloc_info+0x3b/0x50
[   25.427222]  __kasan_krealloc+0x190/0x1f0
[   25.427564]  krealloc_noprof+0xf3/0x340
[   25.427801]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.428130]  krealloc_less_oob+0x1c/0x30
[   25.428588]  kunit_try_run_case+0x1a5/0x480
[   25.428787]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.429113]  kthread+0x337/0x6f0
[   25.429497]  ret_from_fork+0x116/0x1d0
[   25.429699]  ret_from_fork_asm+0x1a/0x30
[   25.430113] 
[   25.430210] The buggy address belongs to the object at ffff8881060c4800
[   25.430210]  which belongs to the cache kmalloc-256 of size 256
[   25.430978] The buggy address is located 17 bytes to the right of
[   25.430978]  allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9)
[   25.431713] 
[   25.431814] The buggy address belongs to the physical page:
[   25.432170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.432733] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.433201] flags: 0x200000000000040(head|node=0|zone=2)
[   25.433579] page_type: f5(slab)
[   25.433849] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.434317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.434926] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.435435] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.435900] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.436369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.436775] page dumped because: kasan: bad access detected
[   25.437109] 
[   25.437205] Memory state around the buggy address:
[   25.437673]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.437970]  ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.438278] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.438568]                                                     ^
[   25.438823]  ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.439479]  ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.439941] ==================================================================
[   25.388597] ==================================================================
[   25.389021] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   25.389518] Write of size 1 at addr ffff8881060c48d0 by task kunit_try_catch/207
[   25.389961] 
[   25.390050] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.390108] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.390157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.390199] Call Trace:
[   25.390212]  <TASK>
[   25.390238]  dump_stack_lvl+0x73/0xb0
[   25.390380]  print_report+0xd1/0x610
[   25.390415]  ? __virt_addr_valid+0x1db/0x2d0
[   25.390438]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.390460]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.390485]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.390507]  kasan_report+0x141/0x180
[   25.390528]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.390556]  __asan_report_store1_noabort+0x1b/0x30
[   25.390579]  krealloc_less_oob_helper+0xe23/0x11d0
[   25.390604]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.390628]  ? finish_task_switch.isra.0+0x153/0x700
[   25.390648]  ? __switch_to+0x47/0xf80
[   25.390674]  ? __schedule+0x10c6/0x2b60
[   25.390696]  ? __pfx_read_tsc+0x10/0x10
[   25.390721]  krealloc_less_oob+0x1c/0x30
[   25.390741]  kunit_try_run_case+0x1a5/0x480
[   25.390764]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.390784]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.390806]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.390828]  ? __kthread_parkme+0x82/0x180
[   25.390851]  ? preempt_count_sub+0x50/0x80
[   25.390873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.390895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.390916]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.390938]  kthread+0x337/0x6f0
[   25.390957]  ? trace_preempt_on+0x20/0xc0
[   25.390981]  ? __pfx_kthread+0x10/0x10
[   25.391000]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.391021]  ? calculate_sigpending+0x7b/0xa0
[   25.391043]  ? __pfx_kthread+0x10/0x10
[   25.391063]  ret_from_fork+0x116/0x1d0
[   25.391089]  ? __pfx_kthread+0x10/0x10
[   25.391108]  ret_from_fork_asm+0x1a/0x30
[   25.391139]  </TASK>
[   25.391149] 
[   25.399802] Allocated by task 207:
[   25.400010]  kasan_save_stack+0x45/0x70
[   25.400229]  kasan_save_track+0x18/0x40
[   25.400472]  kasan_save_alloc_info+0x3b/0x50
[   25.400709]  __kasan_krealloc+0x190/0x1f0
[   25.400908]  krealloc_noprof+0xf3/0x340
[   25.401170]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.401433]  krealloc_less_oob+0x1c/0x30
[   25.401788]  kunit_try_run_case+0x1a5/0x480
[   25.401938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.402116]  kthread+0x337/0x6f0
[   25.402228]  ret_from_fork+0x116/0x1d0
[   25.402378]  ret_from_fork_asm+0x1a/0x30
[   25.402565] 
[   25.402761] The buggy address belongs to the object at ffff8881060c4800
[   25.402761]  which belongs to the cache kmalloc-256 of size 256
[   25.404105] The buggy address is located 7 bytes to the right of
[   25.404105]  allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9)
[   25.404874] 
[   25.404986] The buggy address belongs to the physical page:
[   25.405188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.405532] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.406111] flags: 0x200000000000040(head|node=0|zone=2)
[   25.406472] page_type: f5(slab)
[   25.406603] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.407148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.407369] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.407864] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.408602] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.408937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.409449] page dumped because: kasan: bad access detected
[   25.409714] 
[   25.409815] Memory state around the buggy address:
[   25.410054]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.410642]  ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.410988] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.411394]                                                  ^
[   25.411723]  ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.412021]  ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.412271] ==================================================================
[   25.568987] ==================================================================
[   25.569399] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   25.569857] Write of size 1 at addr ffff88810602e0d0 by task kunit_try_catch/211
[   25.570088] 
[   25.570294] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.570342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.570353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.570372] Call Trace:
[   25.570384]  <TASK>
[   25.570397]  dump_stack_lvl+0x73/0xb0
[   25.570425]  print_report+0xd1/0x610
[   25.570446]  ? __virt_addr_valid+0x1db/0x2d0
[   25.570469]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.570491]  ? kasan_addr_to_slab+0x11/0xa0
[   25.570510]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.570533]  kasan_report+0x141/0x180
[   25.570554]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.570581]  __asan_report_store1_noabort+0x1b/0x30
[   25.570604]  krealloc_less_oob_helper+0xe23/0x11d0
[   25.570628]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.570651]  ? finish_task_switch.isra.0+0x153/0x700
[   25.570672]  ? __switch_to+0x47/0xf80
[   25.570698]  ? __schedule+0x10c6/0x2b60
[   25.570720]  ? __pfx_read_tsc+0x10/0x10
[   25.570743]  krealloc_large_less_oob+0x1c/0x30
[   25.570765]  kunit_try_run_case+0x1a5/0x480
[   25.570787]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.570808]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.570829]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.570851]  ? __kthread_parkme+0x82/0x180
[   25.570874]  ? preempt_count_sub+0x50/0x80
[   25.570896]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.570918]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.570940]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.570962]  kthread+0x337/0x6f0
[   25.570980]  ? trace_preempt_on+0x20/0xc0
[   25.571004]  ? __pfx_kthread+0x10/0x10
[   25.571024]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.571044]  ? calculate_sigpending+0x7b/0xa0
[   25.571067]  ? __pfx_kthread+0x10/0x10
[   25.571100]  ret_from_fork+0x116/0x1d0
[   25.571117]  ? __pfx_kthread+0x10/0x10
[   25.571137]  ret_from_fork_asm+0x1a/0x30
[   25.571167]  </TASK>
[   25.571176] 
[   25.578817] The buggy address belongs to the physical page:
[   25.579209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.579622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.579945] flags: 0x200000000000040(head|node=0|zone=2)
[   25.580182] page_type: f8(unknown)
[   25.580485] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.580773] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.581002] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.581327] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.581666] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.582001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.582404] page dumped because: kasan: bad access detected
[   25.582791] 
[   25.582884] Memory state around the buggy address:
[   25.583091]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.583508]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.583719] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.583921]                                                  ^
[   25.584196]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.584819]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.585295] ==================================================================
[   25.600816] ==================================================================
[   25.601022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   25.601257] Write of size 1 at addr ffff88810602e0ea by task kunit_try_catch/211
[   25.601817] 
[   25.601936] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.601982] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.601993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.602012] Call Trace:
[   25.602024]  <TASK>
[   25.602036]  dump_stack_lvl+0x73/0xb0
[   25.602064]  print_report+0xd1/0x610
[   25.602096]  ? __virt_addr_valid+0x1db/0x2d0
[   25.602118]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.602140]  ? kasan_addr_to_slab+0x11/0xa0
[   25.602159]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.602182]  kasan_report+0x141/0x180
[   25.602203]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.602230]  __asan_report_store1_noabort+0x1b/0x30
[   25.602307]  krealloc_less_oob_helper+0xe90/0x11d0
[   25.602334]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.602357]  ? finish_task_switch.isra.0+0x153/0x700
[   25.602377]  ? __switch_to+0x47/0xf80
[   25.602401]  ? __schedule+0x10c6/0x2b60
[   25.602425]  ? __pfx_read_tsc+0x10/0x10
[   25.602449]  krealloc_large_less_oob+0x1c/0x30
[   25.602471]  kunit_try_run_case+0x1a5/0x480
[   25.602494]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.602514]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.602536]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.602558]  ? __kthread_parkme+0x82/0x180
[   25.602581]  ? preempt_count_sub+0x50/0x80
[   25.602603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.602625]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.602647]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.602671]  kthread+0x337/0x6f0
[   25.602689]  ? trace_preempt_on+0x20/0xc0
[   25.602713]  ? __pfx_kthread+0x10/0x10
[   25.602733]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.602753]  ? calculate_sigpending+0x7b/0xa0
[   25.602775]  ? __pfx_kthread+0x10/0x10
[   25.602795]  ret_from_fork+0x116/0x1d0
[   25.602814]  ? __pfx_kthread+0x10/0x10
[   25.602833]  ret_from_fork_asm+0x1a/0x30
[   25.602864]  </TASK>
[   25.602873] 
[   25.610464] The buggy address belongs to the physical page:
[   25.610721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.611074] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.611501] flags: 0x200000000000040(head|node=0|zone=2)
[   25.611721] page_type: f8(unknown)
[   25.611885] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.612134] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.612470] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.612872] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.613093] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.613308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.613515] page dumped because: kasan: bad access detected
[   25.613747] 
[   25.613829] Memory state around the buggy address:
[   25.614132]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.614721]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.615038] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.615262]                                                           ^
[   25.615447]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.615645]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.616209] ==================================================================
[   25.470178] ==================================================================
[   25.470696] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   25.471211] Write of size 1 at addr ffff8881060c48eb by task kunit_try_catch/207
[   25.471591] 
[   25.471683] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.471729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.471740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.471759] Call Trace:
[   25.471772]  <TASK>
[   25.471787]  dump_stack_lvl+0x73/0xb0
[   25.471816]  print_report+0xd1/0x610
[   25.471837]  ? __virt_addr_valid+0x1db/0x2d0
[   25.471859]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.471881]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.471905]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.471928]  kasan_report+0x141/0x180
[   25.471948]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.471976]  __asan_report_store1_noabort+0x1b/0x30
[   25.471999]  krealloc_less_oob_helper+0xd47/0x11d0
[   25.472024]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.472046]  ? finish_task_switch.isra.0+0x153/0x700
[   25.472066]  ? __switch_to+0x47/0xf80
[   25.472100]  ? __schedule+0x10c6/0x2b60
[   25.472122]  ? __pfx_read_tsc+0x10/0x10
[   25.472144]  krealloc_less_oob+0x1c/0x30
[   25.472165]  kunit_try_run_case+0x1a5/0x480
[   25.472187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.472208]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.472229]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.472251]  ? __kthread_parkme+0x82/0x180
[   25.472274]  ? preempt_count_sub+0x50/0x80
[   25.472312]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.472334]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.472356]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.472378]  kthread+0x337/0x6f0
[   25.472395]  ? trace_preempt_on+0x20/0xc0
[   25.472419]  ? __pfx_kthread+0x10/0x10
[   25.472438]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.472458]  ? calculate_sigpending+0x7b/0xa0
[   25.472481]  ? __pfx_kthread+0x10/0x10
[   25.472501]  ret_from_fork+0x116/0x1d0
[   25.472518]  ? __pfx_kthread+0x10/0x10
[   25.472537]  ret_from_fork_asm+0x1a/0x30
[   25.472568]  </TASK>
[   25.472577] 
[   25.479098] Allocated by task 207:
[   25.479262]  kasan_save_stack+0x45/0x70
[   25.479467]  kasan_save_track+0x18/0x40
[   25.479650]  kasan_save_alloc_info+0x3b/0x50
[   25.479852]  __kasan_krealloc+0x190/0x1f0
[   25.480044]  krealloc_noprof+0xf3/0x340
[   25.480241]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.480565]  krealloc_less_oob+0x1c/0x30
[   25.480754]  kunit_try_run_case+0x1a5/0x480
[   25.480929]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.481157]  kthread+0x337/0x6f0
[   25.481299]  ret_from_fork+0x116/0x1d0
[   25.481445]  ret_from_fork_asm+0x1a/0x30
[   25.481605] 
[   25.481665] The buggy address belongs to the object at ffff8881060c4800
[   25.481665]  which belongs to the cache kmalloc-256 of size 256
[   25.482137] The buggy address is located 34 bytes to the right of
[   25.482137]  allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9)
[   25.482603] 
[   25.482690] The buggy address belongs to the physical page:
[   25.482934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.483221] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.483607] flags: 0x200000000000040(head|node=0|zone=2)
[   25.483814] page_type: f5(slab)
[   25.483968] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.484250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.484540] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.484755] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.484968] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.485250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.485617] page dumped because: kasan: bad access detected
[   25.485849] 
[   25.485941] Memory state around the buggy address:
[   25.486138]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.486336]  ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.486531] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.486722]                                                           ^
[   25.487148]  ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.487709]  ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.488022] ==================================================================
[   25.616630] ==================================================================
[   25.616963] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   25.617419] Write of size 1 at addr ffff88810602e0eb by task kunit_try_catch/211
[   25.617703] 
[   25.617802] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.617846] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.617857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.617876] Call Trace:
[   25.617889]  <TASK>
[   25.617903]  dump_stack_lvl+0x73/0xb0
[   25.617934]  print_report+0xd1/0x610
[   25.617955]  ? __virt_addr_valid+0x1db/0x2d0
[   25.617977]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.617999]  ? kasan_addr_to_slab+0x11/0xa0
[   25.618018]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.618041]  kasan_report+0x141/0x180
[   25.618061]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.618098]  __asan_report_store1_noabort+0x1b/0x30
[   25.618121]  krealloc_less_oob_helper+0xd47/0x11d0
[   25.618146]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.618169]  ? finish_task_switch.isra.0+0x153/0x700
[   25.618188]  ? __switch_to+0x47/0xf80
[   25.618213]  ? __schedule+0x10c6/0x2b60
[   25.618235]  ? __pfx_read_tsc+0x10/0x10
[   25.618258]  krealloc_large_less_oob+0x1c/0x30
[   25.618414]  kunit_try_run_case+0x1a5/0x480
[   25.618446]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.618467]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.618490]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.618512]  ? __kthread_parkme+0x82/0x180
[   25.618535]  ? preempt_count_sub+0x50/0x80
[   25.618556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.618578]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.618600]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.618622]  kthread+0x337/0x6f0
[   25.618640]  ? trace_preempt_on+0x20/0xc0
[   25.618663]  ? __pfx_kthread+0x10/0x10
[   25.618682]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.618703]  ? calculate_sigpending+0x7b/0xa0
[   25.618724]  ? __pfx_kthread+0x10/0x10
[   25.618744]  ret_from_fork+0x116/0x1d0
[   25.618762]  ? __pfx_kthread+0x10/0x10
[   25.618781]  ret_from_fork_asm+0x1a/0x30
[   25.618812]  </TASK>
[   25.618821] 
[   25.625700] The buggy address belongs to the physical page:
[   25.625959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.626371] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.626664] flags: 0x200000000000040(head|node=0|zone=2)
[   25.626876] page_type: f8(unknown)
[   25.627032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.627394] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.627643] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.627980] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.628308] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.628672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.629000] page dumped because: kasan: bad access detected
[   25.629222] 
[   25.629314] Memory state around the buggy address:
[   25.629461]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.629672]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.629881] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.630108]                                                           ^
[   25.630735]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.631045]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.631327] ==================================================================
[   25.441389] ==================================================================
[   25.441678] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   25.442187] Write of size 1 at addr ffff8881060c48ea by task kunit_try_catch/207
[   25.442904] 
[   25.443146] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.443198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.443336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.443360] Call Trace:
[   25.443372]  <TASK>
[   25.443388]  dump_stack_lvl+0x73/0xb0
[   25.443418]  print_report+0xd1/0x610
[   25.443439]  ? __virt_addr_valid+0x1db/0x2d0
[   25.443463]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.443485]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.443510]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.443533]  kasan_report+0x141/0x180
[   25.443555]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.443582]  __asan_report_store1_noabort+0x1b/0x30
[   25.443605]  krealloc_less_oob_helper+0xe90/0x11d0
[   25.443629]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.443652]  ? finish_task_switch.isra.0+0x153/0x700
[   25.443673]  ? __switch_to+0x47/0xf80
[   25.443697]  ? __schedule+0x10c6/0x2b60
[   25.443719]  ? __pfx_read_tsc+0x10/0x10
[   25.443745]  krealloc_less_oob+0x1c/0x30
[   25.443766]  kunit_try_run_case+0x1a5/0x480
[   25.443789]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.443810]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.443831]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.443853]  ? __kthread_parkme+0x82/0x180
[   25.443876]  ? preempt_count_sub+0x50/0x80
[   25.443898]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.443920]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.443942]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.443964]  kthread+0x337/0x6f0
[   25.443982]  ? trace_preempt_on+0x20/0xc0
[   25.444006]  ? __pfx_kthread+0x10/0x10
[   25.444026]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.444047]  ? calculate_sigpending+0x7b/0xa0
[   25.444069]  ? __pfx_kthread+0x10/0x10
[   25.444101]  ret_from_fork+0x116/0x1d0
[   25.444119]  ? __pfx_kthread+0x10/0x10
[   25.444138]  ret_from_fork_asm+0x1a/0x30
[   25.444169]  </TASK>
[   25.444179] 
[   25.455049] Allocated by task 207:
[   25.455231]  kasan_save_stack+0x45/0x70
[   25.455887]  kasan_save_track+0x18/0x40
[   25.456065]  kasan_save_alloc_info+0x3b/0x50
[   25.456495]  __kasan_krealloc+0x190/0x1f0
[   25.456809]  krealloc_noprof+0xf3/0x340
[   25.457126]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.457454]  krealloc_less_oob+0x1c/0x30
[   25.457647]  kunit_try_run_case+0x1a5/0x480
[   25.457836]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.458071]  kthread+0x337/0x6f0
[   25.458230]  ret_from_fork+0x116/0x1d0
[   25.458697]  ret_from_fork_asm+0x1a/0x30
[   25.458865] 
[   25.459137] The buggy address belongs to the object at ffff8881060c4800
[   25.459137]  which belongs to the cache kmalloc-256 of size 256
[   25.460014] The buggy address is located 33 bytes to the right of
[   25.460014]  allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9)
[   25.460805] 
[   25.460922] The buggy address belongs to the physical page:
[   25.461132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.461823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.462145] flags: 0x200000000000040(head|node=0|zone=2)
[   25.462580] page_type: f5(slab)
[   25.462884] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.463326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.463787] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.464287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.464707] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.465015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.465558] page dumped because: kasan: bad access detected
[   25.465873] 
[   25.465975] Memory state around the buggy address:
[   25.466430]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.466845]  ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.467243] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.467685]                                                           ^
[   25.468063]  ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.468592]  ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.469015] ==================================================================