Date
July 17, 2025, 10:12 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 29.412251] ================================================================== [ 29.412312] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.412632] Write of size 1 at addr fff00000c78096c9 by task kunit_try_catch/189 [ 29.412744] [ 29.412902] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.413032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.413181] Hardware name: linux,dummy-virt (DT) [ 29.413250] Call trace: [ 29.413382] show_stack+0x20/0x38 (C) [ 29.413439] dump_stack_lvl+0x8c/0xd0 [ 29.413507] print_report+0x118/0x5d0 [ 29.413551] kasan_report+0xdc/0x128 [ 29.413595] __asan_report_store1_noabort+0x20/0x30 [ 29.413797] krealloc_less_oob_helper+0xa48/0xc50 [ 29.414069] krealloc_less_oob+0x20/0x38 [ 29.414211] kunit_try_run_case+0x170/0x3f0 [ 29.414275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.414558] kthread+0x328/0x630 [ 29.414658] ret_from_fork+0x10/0x20 [ 29.414858] [ 29.414925] Allocated by task 189: [ 29.415039] kasan_save_stack+0x3c/0x68 [ 29.415137] kasan_save_track+0x20/0x40 [ 29.415275] kasan_save_alloc_info+0x40/0x58 [ 29.415382] __kasan_krealloc+0x118/0x178 [ 29.415522] krealloc_noprof+0x128/0x360 [ 29.415582] krealloc_less_oob_helper+0x168/0xc50 [ 29.415622] krealloc_less_oob+0x20/0x38 [ 29.415694] kunit_try_run_case+0x170/0x3f0 [ 29.416138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.416294] kthread+0x328/0x630 [ 29.416403] ret_from_fork+0x10/0x20 [ 29.416524] [ 29.416602] The buggy address belongs to the object at fff00000c7809600 [ 29.416602] which belongs to the cache kmalloc-256 of size 256 [ 29.416753] The buggy address is located 0 bytes to the right of [ 29.416753] allocated 201-byte region [fff00000c7809600, fff00000c78096c9) [ 29.416840] [ 29.416879] The buggy address belongs to the physical page: [ 29.416910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808 [ 29.416984] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.417030] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.417090] page_type: f5(slab) [ 29.417129] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.417177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.417279] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.417526] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.417598] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff [ 29.417656] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.417709] page dumped because: kasan: bad access detected [ 29.417745] [ 29.417764] Memory state around the buggy address: [ 29.417798] fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.417850] fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.417891] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.417938] ^ [ 29.417986] fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418029] fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418085] ================================================================== [ 29.436268] ================================================================== [ 29.436317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.436396] Write of size 1 at addr fff00000c78096ea by task kunit_try_catch/189 [ 29.436445] [ 29.436478] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.436559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.436584] Hardware name: linux,dummy-virt (DT) [ 29.436785] Call trace: [ 29.436813] show_stack+0x20/0x38 (C) [ 29.436865] dump_stack_lvl+0x8c/0xd0 [ 29.436913] print_report+0x118/0x5d0 [ 29.436957] kasan_report+0xdc/0x128 [ 29.436999] __asan_report_store1_noabort+0x20/0x30 [ 29.437047] krealloc_less_oob_helper+0xae4/0xc50 [ 29.437111] krealloc_less_oob+0x20/0x38 [ 29.437159] kunit_try_run_case+0x170/0x3f0 [ 29.437203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.437254] kthread+0x328/0x630 [ 29.437295] ret_from_fork+0x10/0x20 [ 29.437341] [ 29.437359] Allocated by task 189: [ 29.437386] kasan_save_stack+0x3c/0x68 [ 29.437423] kasan_save_track+0x20/0x40 [ 29.437457] kasan_save_alloc_info+0x40/0x58 [ 29.437494] __kasan_krealloc+0x118/0x178 [ 29.437528] krealloc_noprof+0x128/0x360 [ 29.437566] krealloc_less_oob_helper+0x168/0xc50 [ 29.437605] krealloc_less_oob+0x20/0x38 [ 29.437642] kunit_try_run_case+0x170/0x3f0 [ 29.437678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.437719] kthread+0x328/0x630 [ 29.437750] ret_from_fork+0x10/0x20 [ 29.437783] [ 29.437801] The buggy address belongs to the object at fff00000c7809600 [ 29.437801] which belongs to the cache kmalloc-256 of size 256 [ 29.437855] The buggy address is located 33 bytes to the right of [ 29.437855] allocated 201-byte region [fff00000c7809600, fff00000c78096c9) [ 29.437916] [ 29.437935] The buggy address belongs to the physical page: [ 29.437964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808 [ 29.438015] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.439564] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.439730] page_type: f5(slab) [ 29.439783] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.439866] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.440193] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.440290] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.440408] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff [ 29.440484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.440630] page dumped because: kasan: bad access detected [ 29.440667] [ 29.440684] Memory state around the buggy address: [ 29.440716] fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.440757] fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.440827] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.440863] ^ [ 29.440900] fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.440966] fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.441003] ================================================================== [ 29.487464] ================================================================== [ 29.487661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.487740] Write of size 1 at addr fff00000c646a0eb by task kunit_try_catch/193 [ 29.487808] [ 29.487838] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.487925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.487952] Hardware name: linux,dummy-virt (DT) [ 29.488170] Call trace: [ 29.488238] show_stack+0x20/0x38 (C) [ 29.488357] dump_stack_lvl+0x8c/0xd0 [ 29.488410] print_report+0x118/0x5d0 [ 29.488453] kasan_report+0xdc/0x128 [ 29.488501] __asan_report_store1_noabort+0x20/0x30 [ 29.488645] krealloc_less_oob_helper+0xa58/0xc50 [ 29.488758] krealloc_large_less_oob+0x20/0x38 [ 29.488919] kunit_try_run_case+0x170/0x3f0 [ 29.488995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.489156] kthread+0x328/0x630 [ 29.489227] ret_from_fork+0x10/0x20 [ 29.489274] [ 29.489490] The buggy address belongs to the physical page: [ 29.489581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468 [ 29.489673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.489830] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.489881] page_type: f8(unknown) [ 29.489936] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.490146] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.490304] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.490370] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.490498] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff [ 29.490546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.490603] page dumped because: kasan: bad access detected [ 29.490804] [ 29.490974] Memory state around the buggy address: [ 29.491065] fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.491212] fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.491273] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.491493] ^ [ 29.491642] fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.491706] fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.491807] ================================================================== [ 29.479317] ================================================================== [ 29.479391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.479441] Write of size 1 at addr fff00000c646a0da by task kunit_try_catch/193 [ 29.479542] [ 29.479579] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.479697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.479723] Hardware name: linux,dummy-virt (DT) [ 29.479773] Call trace: [ 29.479821] show_stack+0x20/0x38 (C) [ 29.479872] dump_stack_lvl+0x8c/0xd0 [ 29.479973] print_report+0x118/0x5d0 [ 29.480036] kasan_report+0xdc/0x128 [ 29.480186] __asan_report_store1_noabort+0x20/0x30 [ 29.480238] krealloc_less_oob_helper+0xa80/0xc50 [ 29.480295] krealloc_large_less_oob+0x20/0x38 [ 29.480436] kunit_try_run_case+0x170/0x3f0 [ 29.480483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.480541] kthread+0x328/0x630 [ 29.480586] ret_from_fork+0x10/0x20 [ 29.480977] [ 29.481017] The buggy address belongs to the physical page: [ 29.481130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468 [ 29.481203] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.481412] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.481569] page_type: f8(unknown) [ 29.481645] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.481709] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.481790] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.481855] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.481940] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff [ 29.482026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.482084] page dumped because: kasan: bad access detected [ 29.482272] [ 29.482350] Memory state around the buggy address: [ 29.482471] fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.482525] fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.482571] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.482837] ^ [ 29.482930] fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.482993] fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.483109] ================================================================== [ 29.473391] ================================================================== [ 29.473434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.473482] Write of size 1 at addr fff00000c646a0d0 by task kunit_try_catch/193 [ 29.473529] [ 29.473557] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.473641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.473850] Hardware name: linux,dummy-virt (DT) [ 29.474338] Call trace: [ 29.474560] show_stack+0x20/0x38 (C) [ 29.474661] dump_stack_lvl+0x8c/0xd0 [ 29.474711] print_report+0x118/0x5d0 [ 29.474762] kasan_report+0xdc/0x128 [ 29.474929] __asan_report_store1_noabort+0x20/0x30 [ 29.475004] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.475165] krealloc_large_less_oob+0x20/0x38 [ 29.475244] kunit_try_run_case+0x170/0x3f0 [ 29.475371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.475458] kthread+0x328/0x630 [ 29.475587] ret_from_fork+0x10/0x20 [ 29.475680] [ 29.475864] The buggy address belongs to the physical page: [ 29.475898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468 [ 29.476014] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.476112] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.476244] page_type: f8(unknown) [ 29.476320] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.476607] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.476760] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.476841] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.476968] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff [ 29.477040] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.477146] page dumped because: kasan: bad access detected [ 29.477177] [ 29.477194] Memory state around the buggy address: [ 29.477245] fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.477286] fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.477487] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.477542] ^ [ 29.478013] fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.478077] fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.478179] ================================================================== [ 29.483652] ================================================================== [ 29.483715] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.483771] Write of size 1 at addr fff00000c646a0ea by task kunit_try_catch/193 [ 29.483827] [ 29.483958] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.484162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.484201] Hardware name: linux,dummy-virt (DT) [ 29.484238] Call trace: [ 29.484277] show_stack+0x20/0x38 (C) [ 29.484330] dump_stack_lvl+0x8c/0xd0 [ 29.484376] print_report+0x118/0x5d0 [ 29.484728] kasan_report+0xdc/0x128 [ 29.484814] __asan_report_store1_noabort+0x20/0x30 [ 29.484946] krealloc_less_oob_helper+0xae4/0xc50 [ 29.485021] krealloc_large_less_oob+0x20/0x38 [ 29.485117] kunit_try_run_case+0x170/0x3f0 [ 29.485163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.485213] kthread+0x328/0x630 [ 29.485256] ret_from_fork+0x10/0x20 [ 29.485307] [ 29.485342] The buggy address belongs to the physical page: [ 29.485381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468 [ 29.485439] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.485484] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.485538] page_type: f8(unknown) [ 29.485586] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.485653] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.485701] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.485747] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.485804] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff [ 29.485860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.485898] page dumped because: kasan: bad access detected [ 29.485941] [ 29.485959] Memory state around the buggy address: [ 29.485988] fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.486030] fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.486082] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.486117] ^ [ 29.486153] fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.486200] fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.486251] ================================================================== [ 29.442130] ================================================================== [ 29.442206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.442269] Write of size 1 at addr fff00000c78096eb by task kunit_try_catch/189 [ 29.442349] [ 29.442410] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.442493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.442713] Hardware name: linux,dummy-virt (DT) [ 29.442817] Call trace: [ 29.442842] show_stack+0x20/0x38 (C) [ 29.442895] dump_stack_lvl+0x8c/0xd0 [ 29.442984] print_report+0x118/0x5d0 [ 29.443037] kasan_report+0xdc/0x128 [ 29.443325] __asan_report_store1_noabort+0x20/0x30 [ 29.443446] krealloc_less_oob_helper+0xa58/0xc50 [ 29.443501] krealloc_less_oob+0x20/0x38 [ 29.443547] kunit_try_run_case+0x170/0x3f0 [ 29.443630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.443707] kthread+0x328/0x630 [ 29.443749] ret_from_fork+0x10/0x20 [ 29.444018] [ 29.444101] Allocated by task 189: [ 29.444134] kasan_save_stack+0x3c/0x68 [ 29.444177] kasan_save_track+0x20/0x40 [ 29.444211] kasan_save_alloc_info+0x40/0x58 [ 29.444262] __kasan_krealloc+0x118/0x178 [ 29.444300] krealloc_noprof+0x128/0x360 [ 29.444439] krealloc_less_oob_helper+0x168/0xc50 [ 29.444494] krealloc_less_oob+0x20/0x38 [ 29.444532] kunit_try_run_case+0x170/0x3f0 [ 29.444642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.444707] kthread+0x328/0x630 [ 29.444874] ret_from_fork+0x10/0x20 [ 29.444920] [ 29.444940] The buggy address belongs to the object at fff00000c7809600 [ 29.444940] which belongs to the cache kmalloc-256 of size 256 [ 29.444996] The buggy address is located 34 bytes to the right of [ 29.444996] allocated 201-byte region [fff00000c7809600, fff00000c78096c9) [ 29.445076] [ 29.445095] The buggy address belongs to the physical page: [ 29.445126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808 [ 29.445222] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.445270] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.445320] page_type: f5(slab) [ 29.445357] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.445424] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.445472] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.445519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.445566] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff [ 29.445612] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.445651] page dumped because: kasan: bad access detected [ 29.445680] [ 29.445697] Memory state around the buggy address: [ 29.445736] fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.445777] fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.445826] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.445862] ^ [ 29.445898] fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.445947] fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.445982] ================================================================== [ 29.419696] ================================================================== [ 29.419746] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.419796] Write of size 1 at addr fff00000c78096d0 by task kunit_try_catch/189 [ 29.419992] [ 29.420033] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.420350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.420438] Hardware name: linux,dummy-virt (DT) [ 29.420520] Call trace: [ 29.420628] show_stack+0x20/0x38 (C) [ 29.420726] dump_stack_lvl+0x8c/0xd0 [ 29.420819] print_report+0x118/0x5d0 [ 29.420908] kasan_report+0xdc/0x128 [ 29.420951] __asan_report_store1_noabort+0x20/0x30 [ 29.420999] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.421047] krealloc_less_oob+0x20/0x38 [ 29.421495] kunit_try_run_case+0x170/0x3f0 [ 29.421655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.421770] kthread+0x328/0x630 [ 29.421919] ret_from_fork+0x10/0x20 [ 29.422026] [ 29.422142] Allocated by task 189: [ 29.422233] kasan_save_stack+0x3c/0x68 [ 29.422283] kasan_save_track+0x20/0x40 [ 29.422317] kasan_save_alloc_info+0x40/0x58 [ 29.422567] __kasan_krealloc+0x118/0x178 [ 29.422720] krealloc_noprof+0x128/0x360 [ 29.422878] krealloc_less_oob_helper+0x168/0xc50 [ 29.423002] krealloc_less_oob+0x20/0x38 [ 29.423187] kunit_try_run_case+0x170/0x3f0 [ 29.423243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.423342] kthread+0x328/0x630 [ 29.423724] ret_from_fork+0x10/0x20 [ 29.423889] [ 29.423981] The buggy address belongs to the object at fff00000c7809600 [ 29.423981] which belongs to the cache kmalloc-256 of size 256 [ 29.424189] The buggy address is located 7 bytes to the right of [ 29.424189] allocated 201-byte region [fff00000c7809600, fff00000c78096c9) [ 29.424290] [ 29.424336] The buggy address belongs to the physical page: [ 29.424433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808 [ 29.424488] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.424533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.424597] page_type: f5(slab) [ 29.424635] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.424842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.425012] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.425105] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.425164] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff [ 29.425212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.425249] page dumped because: kasan: bad access detected [ 29.425288] [ 29.425306] Memory state around the buggy address: [ 29.425336] fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.425376] fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.425415] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.425451] ^ [ 29.425485] fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.425535] fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.425572] ================================================================== [ 29.427256] ================================================================== [ 29.427305] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.427354] Write of size 1 at addr fff00000c78096da by task kunit_try_catch/189 [ 29.427402] [ 29.427648] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.428127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.428427] Hardware name: linux,dummy-virt (DT) [ 29.428459] Call trace: [ 29.428481] show_stack+0x20/0x38 (C) [ 29.428531] dump_stack_lvl+0x8c/0xd0 [ 29.429201] print_report+0x118/0x5d0 [ 29.429536] kasan_report+0xdc/0x128 [ 29.430321] __asan_report_store1_noabort+0x20/0x30 [ 29.432740] krealloc_less_oob_helper+0xa80/0xc50 [ 29.432804] krealloc_less_oob+0x20/0x38 [ 29.432851] kunit_try_run_case+0x170/0x3f0 [ 29.432899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.432949] kthread+0x328/0x630 [ 29.432991] ret_from_fork+0x10/0x20 [ 29.433038] [ 29.433067] Allocated by task 189: [ 29.433096] kasan_save_stack+0x3c/0x68 [ 29.433135] kasan_save_track+0x20/0x40 [ 29.433169] kasan_save_alloc_info+0x40/0x58 [ 29.433205] __kasan_krealloc+0x118/0x178 [ 29.433267] krealloc_noprof+0x128/0x360 [ 29.433305] krealloc_less_oob_helper+0x168/0xc50 [ 29.433344] krealloc_less_oob+0x20/0x38 [ 29.433380] kunit_try_run_case+0x170/0x3f0 [ 29.433870] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.433926] kthread+0x328/0x630 [ 29.433959] ret_from_fork+0x10/0x20 [ 29.433994] [ 29.434014] The buggy address belongs to the object at fff00000c7809600 [ 29.434014] which belongs to the cache kmalloc-256 of size 256 [ 29.434085] The buggy address is located 17 bytes to the right of [ 29.434085] allocated 201-byte region [fff00000c7809600, fff00000c78096c9) [ 29.434147] [ 29.434167] The buggy address belongs to the physical page: [ 29.434198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808 [ 29.434252] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.434298] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.434349] page_type: f5(slab) [ 29.434389] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.434437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.434486] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 29.434533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.434579] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff [ 29.434626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.434664] page dumped because: kasan: bad access detected [ 29.434693] [ 29.434711] Memory state around the buggy address: [ 29.434741] fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.434788] fff00000c7809600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.434828] >fff00000c7809680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.434864] ^ [ 29.434899] fff00000c7809700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.434938] fff00000c7809780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.434973] ================================================================== [ 29.469897] ================================================================== [ 29.469966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.470025] Write of size 1 at addr fff00000c646a0c9 by task kunit_try_catch/193 [ 29.470087] [ 29.470120] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.470201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.470236] Hardware name: linux,dummy-virt (DT) [ 29.470267] Call trace: [ 29.470290] show_stack+0x20/0x38 (C) [ 29.470338] dump_stack_lvl+0x8c/0xd0 [ 29.470386] print_report+0x118/0x5d0 [ 29.470430] kasan_report+0xdc/0x128 [ 29.470473] __asan_report_store1_noabort+0x20/0x30 [ 29.470530] krealloc_less_oob_helper+0xa48/0xc50 [ 29.470587] krealloc_large_less_oob+0x20/0x38 [ 29.470635] kunit_try_run_case+0x170/0x3f0 [ 29.470691] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.470744] kthread+0x328/0x630 [ 29.470799] ret_from_fork+0x10/0x20 [ 29.470847] [ 29.470875] The buggy address belongs to the physical page: [ 29.470906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106468 [ 29.470958] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.471005] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.471394] page_type: f8(unknown) [ 29.471623] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.471753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.471805] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.471868] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.471934] head: 0bfffe0000000002 ffffc1ffc3191a01 00000000ffffffff 00000000ffffffff [ 29.471988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.472122] page dumped because: kasan: bad access detected [ 29.472191] [ 29.472219] Memory state around the buggy address: [ 29.472274] fff00000c6469f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.472544] fff00000c646a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.472632] >fff00000c646a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.472762] ^ [ 29.472819] fff00000c646a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.472873] fff00000c646a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.473023] ==================================================================
[ 25.585625] ================================================================== [ 25.585982] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.586323] Write of size 1 at addr ffff88810602e0da by task kunit_try_catch/211 [ 25.586646] [ 25.586722] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.586766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.586777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.586797] Call Trace: [ 25.586811] <TASK> [ 25.586825] dump_stack_lvl+0x73/0xb0 [ 25.586851] print_report+0xd1/0x610 [ 25.586871] ? __virt_addr_valid+0x1db/0x2d0 [ 25.586959] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.586986] ? kasan_addr_to_slab+0x11/0xa0 [ 25.587006] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587029] kasan_report+0x141/0x180 [ 25.587050] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587088] __asan_report_store1_noabort+0x1b/0x30 [ 25.587111] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587136] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.587159] ? finish_task_switch.isra.0+0x153/0x700 [ 25.587179] ? __switch_to+0x47/0xf80 [ 25.587203] ? __schedule+0x10c6/0x2b60 [ 25.587225] ? __pfx_read_tsc+0x10/0x10 [ 25.587248] krealloc_large_less_oob+0x1c/0x30 [ 25.587270] kunit_try_run_case+0x1a5/0x480 [ 25.587293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.587314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.587335] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.587358] ? __kthread_parkme+0x82/0x180 [ 25.587381] ? preempt_count_sub+0x50/0x80 [ 25.587403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.587425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.587447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.587469] kthread+0x337/0x6f0 [ 25.587487] ? trace_preempt_on+0x20/0xc0 [ 25.587510] ? __pfx_kthread+0x10/0x10 [ 25.587529] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.587550] ? calculate_sigpending+0x7b/0xa0 [ 25.587572] ? __pfx_kthread+0x10/0x10 [ 25.587592] ret_from_fork+0x116/0x1d0 [ 25.587610] ? __pfx_kthread+0x10/0x10 [ 25.587630] ret_from_fork_asm+0x1a/0x30 [ 25.587661] </TASK> [ 25.587670] [ 25.594977] The buggy address belongs to the physical page: [ 25.595235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.595522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.595789] flags: 0x200000000000040(head|node=0|zone=2) [ 25.596024] page_type: f8(unknown) [ 25.596197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.596504] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.596789] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.597004] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.597250] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.597754] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.598113] page dumped because: kasan: bad access detected [ 25.598547] [ 25.598641] Memory state around the buggy address: [ 25.598857] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.599106] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.599304] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.599498] ^ [ 25.599692] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.599988] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.600484] ================================================================== [ 25.542160] ================================================================== [ 25.543219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.543966] Write of size 1 at addr ffff88810602e0c9 by task kunit_try_catch/211 [ 25.544837] [ 25.545005] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.545052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.545063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.545094] Call Trace: [ 25.545106] <TASK> [ 25.545122] dump_stack_lvl+0x73/0xb0 [ 25.545151] print_report+0xd1/0x610 [ 25.545172] ? __virt_addr_valid+0x1db/0x2d0 [ 25.545196] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545218] ? kasan_addr_to_slab+0x11/0xa0 [ 25.545237] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545260] kasan_report+0x141/0x180 [ 25.545291] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545320] __asan_report_store1_noabort+0x1b/0x30 [ 25.545344] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545368] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.545390] ? finish_task_switch.isra.0+0x153/0x700 [ 25.545412] ? __switch_to+0x47/0xf80 [ 25.545437] ? __schedule+0x10c6/0x2b60 [ 25.545459] ? __pfx_read_tsc+0x10/0x10 [ 25.545483] krealloc_large_less_oob+0x1c/0x30 [ 25.545532] kunit_try_run_case+0x1a5/0x480 [ 25.545557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.545589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.545619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.545642] ? __kthread_parkme+0x82/0x180 [ 25.545665] ? preempt_count_sub+0x50/0x80 [ 25.545688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.545711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.545733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.545755] kthread+0x337/0x6f0 [ 25.545773] ? trace_preempt_on+0x20/0xc0 [ 25.545796] ? __pfx_kthread+0x10/0x10 [ 25.545816] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.545836] ? calculate_sigpending+0x7b/0xa0 [ 25.545859] ? __pfx_kthread+0x10/0x10 [ 25.545879] ret_from_fork+0x116/0x1d0 [ 25.545897] ? __pfx_kthread+0x10/0x10 [ 25.545916] ret_from_fork_asm+0x1a/0x30 [ 25.545952] </TASK> [ 25.545962] [ 25.558271] The buggy address belongs to the physical page: [ 25.558787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.559709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.560373] flags: 0x200000000000040(head|node=0|zone=2) [ 25.560970] page_type: f8(unknown) [ 25.561339] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.561984] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.562371] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.563090] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.563803] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.564033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.564456] page dumped because: kasan: bad access detected [ 25.564954] [ 25.565143] Memory state around the buggy address: [ 25.565639] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.566329] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.567215] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.567693] ^ [ 25.567862] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.568063] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.568273] ================================================================== [ 25.364446] ================================================================== [ 25.364909] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.365257] Write of size 1 at addr ffff8881060c48c9 by task kunit_try_catch/207 [ 25.365638] [ 25.365741] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.365894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.366022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.366044] Call Trace: [ 25.366056] <TASK> [ 25.366074] dump_stack_lvl+0x73/0xb0 [ 25.366192] print_report+0xd1/0x610 [ 25.366216] ? __virt_addr_valid+0x1db/0x2d0 [ 25.366262] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366295] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.366321] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366344] kasan_report+0x141/0x180 [ 25.366365] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366392] __asan_report_store1_noabort+0x1b/0x30 [ 25.366416] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366440] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.366463] ? finish_task_switch.isra.0+0x153/0x700 [ 25.366484] ? __switch_to+0x47/0xf80 [ 25.366509] ? __schedule+0x10c6/0x2b60 [ 25.366532] ? __pfx_read_tsc+0x10/0x10 [ 25.366556] krealloc_less_oob+0x1c/0x30 [ 25.366576] kunit_try_run_case+0x1a5/0x480 [ 25.366600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.366620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.366642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.366664] ? __kthread_parkme+0x82/0x180 [ 25.366688] ? preempt_count_sub+0x50/0x80 [ 25.366709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.366732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.366775] kthread+0x337/0x6f0 [ 25.366793] ? trace_preempt_on+0x20/0xc0 [ 25.366818] ? __pfx_kthread+0x10/0x10 [ 25.366837] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.366858] ? calculate_sigpending+0x7b/0xa0 [ 25.366881] ? __pfx_kthread+0x10/0x10 [ 25.366901] ret_from_fork+0x116/0x1d0 [ 25.366919] ? __pfx_kthread+0x10/0x10 [ 25.366938] ret_from_fork_asm+0x1a/0x30 [ 25.366970] </TASK> [ 25.366980] [ 25.375667] Allocated by task 207: [ 25.375922] kasan_save_stack+0x45/0x70 [ 25.376062] kasan_save_track+0x18/0x40 [ 25.376346] kasan_save_alloc_info+0x3b/0x50 [ 25.377058] __kasan_krealloc+0x190/0x1f0 [ 25.377229] krealloc_noprof+0xf3/0x340 [ 25.377516] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.377795] krealloc_less_oob+0x1c/0x30 [ 25.377989] kunit_try_run_case+0x1a5/0x480 [ 25.378159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.378489] kthread+0x337/0x6f0 [ 25.378690] ret_from_fork+0x116/0x1d0 [ 25.378816] ret_from_fork_asm+0x1a/0x30 [ 25.379004] [ 25.379103] The buggy address belongs to the object at ffff8881060c4800 [ 25.379103] which belongs to the cache kmalloc-256 of size 256 [ 25.379893] The buggy address is located 0 bytes to the right of [ 25.379893] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.380854] [ 25.380928] The buggy address belongs to the physical page: [ 25.381463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.381929] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.382378] flags: 0x200000000000040(head|node=0|zone=2) [ 25.382682] page_type: f5(slab) [ 25.382842] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.383323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.383618] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.383933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.384368] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.384668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.384960] page dumped because: kasan: bad access detected [ 25.385347] [ 25.385432] Memory state around the buggy address: [ 25.385672] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.385950] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.386450] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.386750] ^ [ 25.386948] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.387454] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.387726] ================================================================== [ 25.413408] ================================================================== [ 25.413916] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414334] Write of size 1 at addr ffff8881060c48da by task kunit_try_catch/207 [ 25.414638] [ 25.414730] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.414777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.414788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.414808] Call Trace: [ 25.414824] <TASK> [ 25.414840] dump_stack_lvl+0x73/0xb0 [ 25.414868] print_report+0xd1/0x610 [ 25.414891] ? __virt_addr_valid+0x1db/0x2d0 [ 25.414913] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.414960] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414983] kasan_report+0x141/0x180 [ 25.415004] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.415032] __asan_report_store1_noabort+0x1b/0x30 [ 25.415059] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.415093] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.415116] ? finish_task_switch.isra.0+0x153/0x700 [ 25.415137] ? __switch_to+0x47/0xf80 [ 25.415162] ? __schedule+0x10c6/0x2b60 [ 25.415184] ? __pfx_read_tsc+0x10/0x10 [ 25.415207] krealloc_less_oob+0x1c/0x30 [ 25.415228] kunit_try_run_case+0x1a5/0x480 [ 25.415250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.415272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.415342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.415364] ? __kthread_parkme+0x82/0x180 [ 25.415398] ? preempt_count_sub+0x50/0x80 [ 25.415420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.415443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.415464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.415486] kthread+0x337/0x6f0 [ 25.415847] ? trace_preempt_on+0x20/0xc0 [ 25.415874] ? __pfx_kthread+0x10/0x10 [ 25.415894] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.415915] ? calculate_sigpending+0x7b/0xa0 [ 25.415938] ? __pfx_kthread+0x10/0x10 [ 25.415958] ret_from_fork+0x116/0x1d0 [ 25.415976] ? __pfx_kthread+0x10/0x10 [ 25.415996] ret_from_fork_asm+0x1a/0x30 [ 25.416026] </TASK> [ 25.416037] [ 25.425915] Allocated by task 207: [ 25.426253] kasan_save_stack+0x45/0x70 [ 25.426599] kasan_save_track+0x18/0x40 [ 25.426892] kasan_save_alloc_info+0x3b/0x50 [ 25.427222] __kasan_krealloc+0x190/0x1f0 [ 25.427564] krealloc_noprof+0xf3/0x340 [ 25.427801] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.428130] krealloc_less_oob+0x1c/0x30 [ 25.428588] kunit_try_run_case+0x1a5/0x480 [ 25.428787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.429113] kthread+0x337/0x6f0 [ 25.429497] ret_from_fork+0x116/0x1d0 [ 25.429699] ret_from_fork_asm+0x1a/0x30 [ 25.430113] [ 25.430210] The buggy address belongs to the object at ffff8881060c4800 [ 25.430210] which belongs to the cache kmalloc-256 of size 256 [ 25.430978] The buggy address is located 17 bytes to the right of [ 25.430978] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.431713] [ 25.431814] The buggy address belongs to the physical page: [ 25.432170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.432733] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.433201] flags: 0x200000000000040(head|node=0|zone=2) [ 25.433579] page_type: f5(slab) [ 25.433849] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.434317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.434926] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.435435] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.435900] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.436369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.436775] page dumped because: kasan: bad access detected [ 25.437109] [ 25.437205] Memory state around the buggy address: [ 25.437673] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.437970] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.438278] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.438568] ^ [ 25.438823] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.439479] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.439941] ================================================================== [ 25.388597] ================================================================== [ 25.389021] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.389518] Write of size 1 at addr ffff8881060c48d0 by task kunit_try_catch/207 [ 25.389961] [ 25.390050] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.390108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.390157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.390199] Call Trace: [ 25.390212] <TASK> [ 25.390238] dump_stack_lvl+0x73/0xb0 [ 25.390380] print_report+0xd1/0x610 [ 25.390415] ? __virt_addr_valid+0x1db/0x2d0 [ 25.390438] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.390485] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390507] kasan_report+0x141/0x180 [ 25.390528] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390556] __asan_report_store1_noabort+0x1b/0x30 [ 25.390579] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390604] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.390628] ? finish_task_switch.isra.0+0x153/0x700 [ 25.390648] ? __switch_to+0x47/0xf80 [ 25.390674] ? __schedule+0x10c6/0x2b60 [ 25.390696] ? __pfx_read_tsc+0x10/0x10 [ 25.390721] krealloc_less_oob+0x1c/0x30 [ 25.390741] kunit_try_run_case+0x1a5/0x480 [ 25.390764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.390784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.390806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.390828] ? __kthread_parkme+0x82/0x180 [ 25.390851] ? preempt_count_sub+0x50/0x80 [ 25.390873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.390895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.390916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.390938] kthread+0x337/0x6f0 [ 25.390957] ? trace_preempt_on+0x20/0xc0 [ 25.390981] ? __pfx_kthread+0x10/0x10 [ 25.391000] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.391021] ? calculate_sigpending+0x7b/0xa0 [ 25.391043] ? __pfx_kthread+0x10/0x10 [ 25.391063] ret_from_fork+0x116/0x1d0 [ 25.391089] ? __pfx_kthread+0x10/0x10 [ 25.391108] ret_from_fork_asm+0x1a/0x30 [ 25.391139] </TASK> [ 25.391149] [ 25.399802] Allocated by task 207: [ 25.400010] kasan_save_stack+0x45/0x70 [ 25.400229] kasan_save_track+0x18/0x40 [ 25.400472] kasan_save_alloc_info+0x3b/0x50 [ 25.400709] __kasan_krealloc+0x190/0x1f0 [ 25.400908] krealloc_noprof+0xf3/0x340 [ 25.401170] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.401433] krealloc_less_oob+0x1c/0x30 [ 25.401788] kunit_try_run_case+0x1a5/0x480 [ 25.401938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.402116] kthread+0x337/0x6f0 [ 25.402228] ret_from_fork+0x116/0x1d0 [ 25.402378] ret_from_fork_asm+0x1a/0x30 [ 25.402565] [ 25.402761] The buggy address belongs to the object at ffff8881060c4800 [ 25.402761] which belongs to the cache kmalloc-256 of size 256 [ 25.404105] The buggy address is located 7 bytes to the right of [ 25.404105] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.404874] [ 25.404986] The buggy address belongs to the physical page: [ 25.405188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.405532] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.406111] flags: 0x200000000000040(head|node=0|zone=2) [ 25.406472] page_type: f5(slab) [ 25.406603] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.407148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.407369] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.407864] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.408602] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.408937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.409449] page dumped because: kasan: bad access detected [ 25.409714] [ 25.409815] Memory state around the buggy address: [ 25.410054] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.410642] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.410988] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.411394] ^ [ 25.411723] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412021] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412271] ================================================================== [ 25.568987] ================================================================== [ 25.569399] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.569857] Write of size 1 at addr ffff88810602e0d0 by task kunit_try_catch/211 [ 25.570088] [ 25.570294] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.570342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.570353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.570372] Call Trace: [ 25.570384] <TASK> [ 25.570397] dump_stack_lvl+0x73/0xb0 [ 25.570425] print_report+0xd1/0x610 [ 25.570446] ? __virt_addr_valid+0x1db/0x2d0 [ 25.570469] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570491] ? kasan_addr_to_slab+0x11/0xa0 [ 25.570510] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570533] kasan_report+0x141/0x180 [ 25.570554] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570581] __asan_report_store1_noabort+0x1b/0x30 [ 25.570604] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570628] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.570651] ? finish_task_switch.isra.0+0x153/0x700 [ 25.570672] ? __switch_to+0x47/0xf80 [ 25.570698] ? __schedule+0x10c6/0x2b60 [ 25.570720] ? __pfx_read_tsc+0x10/0x10 [ 25.570743] krealloc_large_less_oob+0x1c/0x30 [ 25.570765] kunit_try_run_case+0x1a5/0x480 [ 25.570787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.570829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.570851] ? __kthread_parkme+0x82/0x180 [ 25.570874] ? preempt_count_sub+0x50/0x80 [ 25.570896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.570940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.570962] kthread+0x337/0x6f0 [ 25.570980] ? trace_preempt_on+0x20/0xc0 [ 25.571004] ? __pfx_kthread+0x10/0x10 [ 25.571024] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.571044] ? calculate_sigpending+0x7b/0xa0 [ 25.571067] ? __pfx_kthread+0x10/0x10 [ 25.571100] ret_from_fork+0x116/0x1d0 [ 25.571117] ? __pfx_kthread+0x10/0x10 [ 25.571137] ret_from_fork_asm+0x1a/0x30 [ 25.571167] </TASK> [ 25.571176] [ 25.578817] The buggy address belongs to the physical page: [ 25.579209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.579622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.579945] flags: 0x200000000000040(head|node=0|zone=2) [ 25.580182] page_type: f8(unknown) [ 25.580485] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.580773] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.581002] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.581327] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.581666] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.582001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.582404] page dumped because: kasan: bad access detected [ 25.582791] [ 25.582884] Memory state around the buggy address: [ 25.583091] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.583508] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.583719] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.583921] ^ [ 25.584196] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.584819] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.585295] ================================================================== [ 25.600816] ================================================================== [ 25.601022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.601257] Write of size 1 at addr ffff88810602e0ea by task kunit_try_catch/211 [ 25.601817] [ 25.601936] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.601982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.601993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.602012] Call Trace: [ 25.602024] <TASK> [ 25.602036] dump_stack_lvl+0x73/0xb0 [ 25.602064] print_report+0xd1/0x610 [ 25.602096] ? __virt_addr_valid+0x1db/0x2d0 [ 25.602118] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602140] ? kasan_addr_to_slab+0x11/0xa0 [ 25.602159] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602182] kasan_report+0x141/0x180 [ 25.602203] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602230] __asan_report_store1_noabort+0x1b/0x30 [ 25.602307] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602334] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.602357] ? finish_task_switch.isra.0+0x153/0x700 [ 25.602377] ? __switch_to+0x47/0xf80 [ 25.602401] ? __schedule+0x10c6/0x2b60 [ 25.602425] ? __pfx_read_tsc+0x10/0x10 [ 25.602449] krealloc_large_less_oob+0x1c/0x30 [ 25.602471] kunit_try_run_case+0x1a5/0x480 [ 25.602494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.602536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.602558] ? __kthread_parkme+0x82/0x180 [ 25.602581] ? preempt_count_sub+0x50/0x80 [ 25.602603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.602647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.602671] kthread+0x337/0x6f0 [ 25.602689] ? trace_preempt_on+0x20/0xc0 [ 25.602713] ? __pfx_kthread+0x10/0x10 [ 25.602733] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.602753] ? calculate_sigpending+0x7b/0xa0 [ 25.602775] ? __pfx_kthread+0x10/0x10 [ 25.602795] ret_from_fork+0x116/0x1d0 [ 25.602814] ? __pfx_kthread+0x10/0x10 [ 25.602833] ret_from_fork_asm+0x1a/0x30 [ 25.602864] </TASK> [ 25.602873] [ 25.610464] The buggy address belongs to the physical page: [ 25.610721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.611074] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.611501] flags: 0x200000000000040(head|node=0|zone=2) [ 25.611721] page_type: f8(unknown) [ 25.611885] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.612134] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.612470] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.612872] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.613093] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.613308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.613515] page dumped because: kasan: bad access detected [ 25.613747] [ 25.613829] Memory state around the buggy address: [ 25.614132] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.614721] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.615038] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.615262] ^ [ 25.615447] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.615645] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.616209] ================================================================== [ 25.470178] ================================================================== [ 25.470696] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471211] Write of size 1 at addr ffff8881060c48eb by task kunit_try_catch/207 [ 25.471591] [ 25.471683] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.471729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.471740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.471759] Call Trace: [ 25.471772] <TASK> [ 25.471787] dump_stack_lvl+0x73/0xb0 [ 25.471816] print_report+0xd1/0x610 [ 25.471837] ? __virt_addr_valid+0x1db/0x2d0 [ 25.471859] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471881] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.471905] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471928] kasan_report+0x141/0x180 [ 25.471948] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471976] __asan_report_store1_noabort+0x1b/0x30 [ 25.471999] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.472024] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.472046] ? finish_task_switch.isra.0+0x153/0x700 [ 25.472066] ? __switch_to+0x47/0xf80 [ 25.472100] ? __schedule+0x10c6/0x2b60 [ 25.472122] ? __pfx_read_tsc+0x10/0x10 [ 25.472144] krealloc_less_oob+0x1c/0x30 [ 25.472165] kunit_try_run_case+0x1a5/0x480 [ 25.472187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.472208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.472229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.472251] ? __kthread_parkme+0x82/0x180 [ 25.472274] ? preempt_count_sub+0x50/0x80 [ 25.472312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.472334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.472356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.472378] kthread+0x337/0x6f0 [ 25.472395] ? trace_preempt_on+0x20/0xc0 [ 25.472419] ? __pfx_kthread+0x10/0x10 [ 25.472438] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.472458] ? calculate_sigpending+0x7b/0xa0 [ 25.472481] ? __pfx_kthread+0x10/0x10 [ 25.472501] ret_from_fork+0x116/0x1d0 [ 25.472518] ? __pfx_kthread+0x10/0x10 [ 25.472537] ret_from_fork_asm+0x1a/0x30 [ 25.472568] </TASK> [ 25.472577] [ 25.479098] Allocated by task 207: [ 25.479262] kasan_save_stack+0x45/0x70 [ 25.479467] kasan_save_track+0x18/0x40 [ 25.479650] kasan_save_alloc_info+0x3b/0x50 [ 25.479852] __kasan_krealloc+0x190/0x1f0 [ 25.480044] krealloc_noprof+0xf3/0x340 [ 25.480241] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.480565] krealloc_less_oob+0x1c/0x30 [ 25.480754] kunit_try_run_case+0x1a5/0x480 [ 25.480929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.481157] kthread+0x337/0x6f0 [ 25.481299] ret_from_fork+0x116/0x1d0 [ 25.481445] ret_from_fork_asm+0x1a/0x30 [ 25.481605] [ 25.481665] The buggy address belongs to the object at ffff8881060c4800 [ 25.481665] which belongs to the cache kmalloc-256 of size 256 [ 25.482137] The buggy address is located 34 bytes to the right of [ 25.482137] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.482603] [ 25.482690] The buggy address belongs to the physical page: [ 25.482934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.483221] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.483607] flags: 0x200000000000040(head|node=0|zone=2) [ 25.483814] page_type: f5(slab) [ 25.483968] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.484250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.484540] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.484755] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.484968] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.485250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.485617] page dumped because: kasan: bad access detected [ 25.485849] [ 25.485941] Memory state around the buggy address: [ 25.486138] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.486336] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.486531] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.486722] ^ [ 25.487148] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487709] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.488022] ================================================================== [ 25.616630] ================================================================== [ 25.616963] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.617419] Write of size 1 at addr ffff88810602e0eb by task kunit_try_catch/211 [ 25.617703] [ 25.617802] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.617846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.617857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.617876] Call Trace: [ 25.617889] <TASK> [ 25.617903] dump_stack_lvl+0x73/0xb0 [ 25.617934] print_report+0xd1/0x610 [ 25.617955] ? __virt_addr_valid+0x1db/0x2d0 [ 25.617977] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.617999] ? kasan_addr_to_slab+0x11/0xa0 [ 25.618018] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618041] kasan_report+0x141/0x180 [ 25.618061] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618098] __asan_report_store1_noabort+0x1b/0x30 [ 25.618121] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618146] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.618169] ? finish_task_switch.isra.0+0x153/0x700 [ 25.618188] ? __switch_to+0x47/0xf80 [ 25.618213] ? __schedule+0x10c6/0x2b60 [ 25.618235] ? __pfx_read_tsc+0x10/0x10 [ 25.618258] krealloc_large_less_oob+0x1c/0x30 [ 25.618414] kunit_try_run_case+0x1a5/0x480 [ 25.618446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.618467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.618490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.618512] ? __kthread_parkme+0x82/0x180 [ 25.618535] ? preempt_count_sub+0x50/0x80 [ 25.618556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.618578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.618600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.618622] kthread+0x337/0x6f0 [ 25.618640] ? trace_preempt_on+0x20/0xc0 [ 25.618663] ? __pfx_kthread+0x10/0x10 [ 25.618682] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.618703] ? calculate_sigpending+0x7b/0xa0 [ 25.618724] ? __pfx_kthread+0x10/0x10 [ 25.618744] ret_from_fork+0x116/0x1d0 [ 25.618762] ? __pfx_kthread+0x10/0x10 [ 25.618781] ret_from_fork_asm+0x1a/0x30 [ 25.618812] </TASK> [ 25.618821] [ 25.625700] The buggy address belongs to the physical page: [ 25.625959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.626371] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.626664] flags: 0x200000000000040(head|node=0|zone=2) [ 25.626876] page_type: f8(unknown) [ 25.627032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.627394] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.627643] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.627980] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.628308] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.628672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.629000] page dumped because: kasan: bad access detected [ 25.629222] [ 25.629314] Memory state around the buggy address: [ 25.629461] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.629672] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.629881] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.630108] ^ [ 25.630735] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.631045] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.631327] ================================================================== [ 25.441389] ================================================================== [ 25.441678] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.442187] Write of size 1 at addr ffff8881060c48ea by task kunit_try_catch/207 [ 25.442904] [ 25.443146] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.443198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.443336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.443360] Call Trace: [ 25.443372] <TASK> [ 25.443388] dump_stack_lvl+0x73/0xb0 [ 25.443418] print_report+0xd1/0x610 [ 25.443439] ? __virt_addr_valid+0x1db/0x2d0 [ 25.443463] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443485] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.443510] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443533] kasan_report+0x141/0x180 [ 25.443555] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443582] __asan_report_store1_noabort+0x1b/0x30 [ 25.443605] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443629] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.443652] ? finish_task_switch.isra.0+0x153/0x700 [ 25.443673] ? __switch_to+0x47/0xf80 [ 25.443697] ? __schedule+0x10c6/0x2b60 [ 25.443719] ? __pfx_read_tsc+0x10/0x10 [ 25.443745] krealloc_less_oob+0x1c/0x30 [ 25.443766] kunit_try_run_case+0x1a5/0x480 [ 25.443789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.443810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.443831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.443853] ? __kthread_parkme+0x82/0x180 [ 25.443876] ? preempt_count_sub+0x50/0x80 [ 25.443898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.443920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.443942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.443964] kthread+0x337/0x6f0 [ 25.443982] ? trace_preempt_on+0x20/0xc0 [ 25.444006] ? __pfx_kthread+0x10/0x10 [ 25.444026] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.444047] ? calculate_sigpending+0x7b/0xa0 [ 25.444069] ? __pfx_kthread+0x10/0x10 [ 25.444101] ret_from_fork+0x116/0x1d0 [ 25.444119] ? __pfx_kthread+0x10/0x10 [ 25.444138] ret_from_fork_asm+0x1a/0x30 [ 25.444169] </TASK> [ 25.444179] [ 25.455049] Allocated by task 207: [ 25.455231] kasan_save_stack+0x45/0x70 [ 25.455887] kasan_save_track+0x18/0x40 [ 25.456065] kasan_save_alloc_info+0x3b/0x50 [ 25.456495] __kasan_krealloc+0x190/0x1f0 [ 25.456809] krealloc_noprof+0xf3/0x340 [ 25.457126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.457454] krealloc_less_oob+0x1c/0x30 [ 25.457647] kunit_try_run_case+0x1a5/0x480 [ 25.457836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.458071] kthread+0x337/0x6f0 [ 25.458230] ret_from_fork+0x116/0x1d0 [ 25.458697] ret_from_fork_asm+0x1a/0x30 [ 25.458865] [ 25.459137] The buggy address belongs to the object at ffff8881060c4800 [ 25.459137] which belongs to the cache kmalloc-256 of size 256 [ 25.460014] The buggy address is located 33 bytes to the right of [ 25.460014] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.460805] [ 25.460922] The buggy address belongs to the physical page: [ 25.461132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.461823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.462145] flags: 0x200000000000040(head|node=0|zone=2) [ 25.462580] page_type: f5(slab) [ 25.462884] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.463326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.463787] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.464287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.464707] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.465015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.465558] page dumped because: kasan: bad access detected [ 25.465873] [ 25.465975] Memory state around the buggy address: [ 25.466430] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.466845] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.467243] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.467685] ^ [ 25.468063] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.468592] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.469015] ==================================================================