Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.185015] ================================================================== [ 30.185370] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.185889] Write of size 1 at addr fff00000c81a4eda by task kunit_try_catch/189 [ 30.186266] [ 30.186920] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.187291] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.187344] Hardware name: linux,dummy-virt (DT) [ 30.187456] Call trace: [ 30.187515] show_stack+0x20/0x38 (C) [ 30.187618] dump_stack_lvl+0x8c/0xd0 [ 30.187705] print_report+0x118/0x5e8 [ 30.188060] kasan_report+0xdc/0x128 [ 30.188495] __asan_report_store1_noabort+0x20/0x30 [ 30.188575] krealloc_less_oob_helper+0xa80/0xc50 [ 30.188748] krealloc_less_oob+0x20/0x38 [ 30.188878] kunit_try_run_case+0x170/0x3f0 [ 30.189230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.189611] kthread+0x328/0x630 [ 30.189850] ret_from_fork+0x10/0x20 [ 30.189907] [ 30.189925] Allocated by task 189: [ 30.190197] kasan_save_stack+0x3c/0x68 [ 30.190559] kasan_save_track+0x20/0x40 [ 30.190792] kasan_save_alloc_info+0x40/0x58 [ 30.190874] __kasan_krealloc+0x118/0x178 [ 30.190943] krealloc_noprof+0x128/0x360 [ 30.190978] krealloc_less_oob_helper+0x168/0xc50 [ 30.191177] krealloc_less_oob+0x20/0x38 [ 30.191261] kunit_try_run_case+0x170/0x3f0 [ 30.191393] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.191455] kthread+0x328/0x630 [ 30.191488] ret_from_fork+0x10/0x20 [ 30.191739] [ 30.192160] The buggy address belongs to the object at fff00000c81a4e00 [ 30.192160] which belongs to the cache kmalloc-256 of size 256 [ 30.192375] The buggy address is located 17 bytes to the right of [ 30.192375] allocated 201-byte region [fff00000c81a4e00, fff00000c81a4ec9) [ 30.192583] [ 30.192640] The buggy address belongs to the physical page: [ 30.192682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4 [ 30.193035] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.193199] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.193279] page_type: f5(slab) [ 30.193316] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.193526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.193763] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.193877] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.194008] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff [ 30.194282] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.194449] page dumped because: kasan: bad access detected [ 30.194539] [ 30.194558] Memory state around the buggy address: [ 30.194708] fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.194848] fff00000c81a4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.195012] >fff00000c81a4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.195053] ^ [ 30.195132] fff00000c81a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.195398] fff00000c81a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.195634] ================================================================== [ 30.161397] ================================================================== [ 30.161793] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.162341] Write of size 1 at addr fff00000c81a4ec9 by task kunit_try_catch/189 [ 30.162445] [ 30.162492] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.162827] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.162923] Hardware name: linux,dummy-virt (DT) [ 30.163250] Call trace: [ 30.163322] show_stack+0x20/0x38 (C) [ 30.163447] dump_stack_lvl+0x8c/0xd0 [ 30.163694] print_report+0x118/0x5e8 [ 30.163872] kasan_report+0xdc/0x128 [ 30.163948] __asan_report_store1_noabort+0x20/0x30 [ 30.164103] krealloc_less_oob_helper+0xa48/0xc50 [ 30.164215] krealloc_less_oob+0x20/0x38 [ 30.164366] kunit_try_run_case+0x170/0x3f0 [ 30.164563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.165201] kthread+0x328/0x630 [ 30.165311] ret_from_fork+0x10/0x20 [ 30.165441] [ 30.165508] Allocated by task 189: [ 30.165633] kasan_save_stack+0x3c/0x68 [ 30.165955] kasan_save_track+0x20/0x40 [ 30.166126] kasan_save_alloc_info+0x40/0x58 [ 30.166206] __kasan_krealloc+0x118/0x178 [ 30.166250] krealloc_noprof+0x128/0x360 [ 30.166578] krealloc_less_oob_helper+0x168/0xc50 [ 30.166763] krealloc_less_oob+0x20/0x38 [ 30.166859] kunit_try_run_case+0x170/0x3f0 [ 30.167068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.167222] kthread+0x328/0x630 [ 30.167362] ret_from_fork+0x10/0x20 [ 30.167531] [ 30.167858] The buggy address belongs to the object at fff00000c81a4e00 [ 30.167858] which belongs to the cache kmalloc-256 of size 256 [ 30.168110] The buggy address is located 0 bytes to the right of [ 30.168110] allocated 201-byte region [fff00000c81a4e00, fff00000c81a4ec9) [ 30.168410] [ 30.168447] The buggy address belongs to the physical page: [ 30.168484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4 [ 30.168552] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.168596] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.168646] page_type: f5(slab) [ 30.168684] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.168733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.168780] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.168846] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.169304] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff [ 30.169568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.169714] page dumped because: kasan: bad access detected [ 30.169801] [ 30.170132] Memory state around the buggy address: [ 30.170400] fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.170522] fff00000c81a4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.170708] >fff00000c81a4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.170754] ^ [ 30.170986] fff00000c81a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.171195] fff00000c81a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.171399] ================================================================== [ 30.178292] ================================================================== [ 30.178656] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.178739] Write of size 1 at addr fff00000c81a4ed0 by task kunit_try_catch/189 [ 30.178796] [ 30.178979] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.179088] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.179312] Hardware name: linux,dummy-virt (DT) [ 30.179356] Call trace: [ 30.179705] show_stack+0x20/0x38 (C) [ 30.179848] dump_stack_lvl+0x8c/0xd0 [ 30.179903] print_report+0x118/0x5e8 [ 30.179947] kasan_report+0xdc/0x128 [ 30.180034] __asan_report_store1_noabort+0x20/0x30 [ 30.180085] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.180160] krealloc_less_oob+0x20/0x38 [ 30.180522] kunit_try_run_case+0x170/0x3f0 [ 30.180662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.180793] kthread+0x328/0x630 [ 30.180880] ret_from_fork+0x10/0x20 [ 30.181153] [ 30.181270] Allocated by task 189: [ 30.181458] kasan_save_stack+0x3c/0x68 [ 30.181520] kasan_save_track+0x20/0x40 [ 30.181577] kasan_save_alloc_info+0x40/0x58 [ 30.181613] __kasan_krealloc+0x118/0x178 [ 30.181840] krealloc_noprof+0x128/0x360 [ 30.181933] krealloc_less_oob_helper+0x168/0xc50 [ 30.182169] krealloc_less_oob+0x20/0x38 [ 30.182281] kunit_try_run_case+0x170/0x3f0 [ 30.182378] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.182541] kthread+0x328/0x630 [ 30.182579] ret_from_fork+0x10/0x20 [ 30.182792] [ 30.182984] The buggy address belongs to the object at fff00000c81a4e00 [ 30.182984] which belongs to the cache kmalloc-256 of size 256 [ 30.183194] The buggy address is located 7 bytes to the right of [ 30.183194] allocated 201-byte region [fff00000c81a4e00, fff00000c81a4ec9) [ 30.183265] [ 30.183284] The buggy address belongs to the physical page: [ 30.183318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4 [ 30.183381] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.183434] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.183491] page_type: f5(slab) [ 30.183529] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.183576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.183623] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.183669] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.183716] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff [ 30.183762] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.183800] page dumped because: kasan: bad access detected [ 30.183841] [ 30.183867] Memory state around the buggy address: [ 30.183907] fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.183949] fff00000c81a4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.183990] >fff00000c81a4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.184025] ^ [ 30.184070] fff00000c81a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.184121] fff00000c81a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.184156] ================================================================== [ 30.240306] ================================================================== [ 30.240369] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.240423] Write of size 1 at addr fff00000c9aea0c9 by task kunit_try_catch/193 [ 30.240471] [ 30.240502] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.240586] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.240616] Hardware name: linux,dummy-virt (DT) [ 30.240645] Call trace: [ 30.240667] show_stack+0x20/0x38 (C) [ 30.240714] dump_stack_lvl+0x8c/0xd0 [ 30.240758] print_report+0x118/0x5e8 [ 30.240801] kasan_report+0xdc/0x128 [ 30.241662] __asan_report_store1_noabort+0x20/0x30 [ 30.241786] krealloc_less_oob_helper+0xa48/0xc50 [ 30.241949] krealloc_large_less_oob+0x20/0x38 [ 30.242050] kunit_try_run_case+0x170/0x3f0 [ 30.242147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.242299] kthread+0x328/0x630 [ 30.242342] ret_from_fork+0x10/0x20 [ 30.242725] [ 30.242831] The buggy address belongs to the physical page: [ 30.242983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 30.243141] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.243237] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.243625] page_type: f8(unknown) [ 30.243732] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.243834] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.243976] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.244048] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.244351] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 30.244789] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.244936] page dumped because: kasan: bad access detected [ 30.244988] [ 30.245007] Memory state around the buggy address: [ 30.245045] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.245099] fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.245446] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.245615] ^ [ 30.245694] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.245900] fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.246306] ================================================================== [ 30.247608] ================================================================== [ 30.247692] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.247747] Write of size 1 at addr fff00000c9aea0d0 by task kunit_try_catch/193 [ 30.247897] [ 30.247928] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.248157] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.248313] Hardware name: linux,dummy-virt (DT) [ 30.248348] Call trace: [ 30.248369] show_stack+0x20/0x38 (C) [ 30.248648] dump_stack_lvl+0x8c/0xd0 [ 30.248792] print_report+0x118/0x5e8 [ 30.248944] kasan_report+0xdc/0x128 [ 30.249065] __asan_report_store1_noabort+0x20/0x30 [ 30.249251] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.249314] krealloc_large_less_oob+0x20/0x38 [ 30.249656] kunit_try_run_case+0x170/0x3f0 [ 30.249765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.250005] kthread+0x328/0x630 [ 30.250093] ret_from_fork+0x10/0x20 [ 30.250268] [ 30.250363] The buggy address belongs to the physical page: [ 30.250407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 30.250835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.250931] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.251031] page_type: f8(unknown) [ 30.251237] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.251331] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.251647] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.251723] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.251867] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 30.252312] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.252654] page dumped because: kasan: bad access detected [ 30.252715] [ 30.252763] Memory state around the buggy address: [ 30.252889] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.252951] fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.252992] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.253038] ^ [ 30.253074] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.253479] fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.253877] ================================================================== [ 30.262647] ================================================================== [ 30.262736] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.263052] Write of size 1 at addr fff00000c9aea0ea by task kunit_try_catch/193 [ 30.263120] [ 30.263151] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.263236] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.263264] Hardware name: linux,dummy-virt (DT) [ 30.263348] Call trace: [ 30.263374] show_stack+0x20/0x38 (C) [ 30.263425] dump_stack_lvl+0x8c/0xd0 [ 30.263471] print_report+0x118/0x5e8 [ 30.263515] kasan_report+0xdc/0x128 [ 30.263558] __asan_report_store1_noabort+0x20/0x30 [ 30.263611] krealloc_less_oob_helper+0xae4/0xc50 [ 30.263679] krealloc_large_less_oob+0x20/0x38 [ 30.263736] kunit_try_run_case+0x170/0x3f0 [ 30.263789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.263852] kthread+0x328/0x630 [ 30.263893] ret_from_fork+0x10/0x20 [ 30.263938] [ 30.263967] The buggy address belongs to the physical page: [ 30.263998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 30.264048] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.264105] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.264152] page_type: f8(unknown) [ 30.264196] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.264244] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.264290] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.264344] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.264391] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 30.264436] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.264472] page dumped because: kasan: bad access detected [ 30.264501] [ 30.264526] Memory state around the buggy address: [ 30.264555] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.264596] fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.264645] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.264687] ^ [ 30.264723] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.264771] fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.265215] ================================================================== [ 30.266094] ================================================================== [ 30.266138] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.266210] Write of size 1 at addr fff00000c9aea0eb by task kunit_try_catch/193 [ 30.266267] [ 30.266597] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.266832] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.266870] Hardware name: linux,dummy-virt (DT) [ 30.266938] Call trace: [ 30.267000] show_stack+0x20/0x38 (C) [ 30.267054] dump_stack_lvl+0x8c/0xd0 [ 30.267100] print_report+0x118/0x5e8 [ 30.267423] kasan_report+0xdc/0x128 [ 30.267535] __asan_report_store1_noabort+0x20/0x30 [ 30.267588] krealloc_less_oob_helper+0xa58/0xc50 [ 30.267653] krealloc_large_less_oob+0x20/0x38 [ 30.267729] kunit_try_run_case+0x170/0x3f0 [ 30.267783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.268005] kthread+0x328/0x630 [ 30.268048] ret_from_fork+0x10/0x20 [ 30.268435] [ 30.268478] The buggy address belongs to the physical page: [ 30.268512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 30.268915] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.269034] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.269211] page_type: f8(unknown) [ 30.269287] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.269382] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.269479] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.269548] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.269753] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 30.270030] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.270141] page dumped because: kasan: bad access detected [ 30.270218] [ 30.270330] Memory state around the buggy address: [ 30.270408] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.270539] fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.270595] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.270692] ^ [ 30.270731] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.271064] fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.271146] ================================================================== [ 30.255904] ================================================================== [ 30.256075] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.256137] Write of size 1 at addr fff00000c9aea0da by task kunit_try_catch/193 [ 30.256203] [ 30.256317] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.256433] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.256464] Hardware name: linux,dummy-virt (DT) [ 30.256504] Call trace: [ 30.256533] show_stack+0x20/0x38 (C) [ 30.256585] dump_stack_lvl+0x8c/0xd0 [ 30.256635] print_report+0x118/0x5e8 [ 30.256688] kasan_report+0xdc/0x128 [ 30.256732] __asan_report_store1_noabort+0x20/0x30 [ 30.256779] krealloc_less_oob_helper+0xa80/0xc50 [ 30.257288] krealloc_large_less_oob+0x20/0x38 [ 30.257539] kunit_try_run_case+0x170/0x3f0 [ 30.257710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.257904] kthread+0x328/0x630 [ 30.257962] ret_from_fork+0x10/0x20 [ 30.258346] [ 30.258486] The buggy address belongs to the physical page: [ 30.258531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 30.258907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.259049] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.259401] page_type: f8(unknown) [ 30.259483] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.259584] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.260027] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.260111] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.260280] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 30.260445] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.260559] page dumped because: kasan: bad access detected [ 30.260690] [ 30.260754] Memory state around the buggy address: [ 30.260786] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.260847] fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.261191] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.261343] ^ [ 30.261382] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.261423] fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.261466] ================================================================== [ 30.196794] ================================================================== [ 30.197180] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.197371] Write of size 1 at addr fff00000c81a4eea by task kunit_try_catch/189 [ 30.197552] [ 30.197636] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.197950] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.197986] Hardware name: linux,dummy-virt (DT) [ 30.198056] Call trace: [ 30.198581] show_stack+0x20/0x38 (C) [ 30.198644] dump_stack_lvl+0x8c/0xd0 [ 30.198691] print_report+0x118/0x5e8 [ 30.198744] kasan_report+0xdc/0x128 [ 30.198786] __asan_report_store1_noabort+0x20/0x30 [ 30.198846] krealloc_less_oob_helper+0xae4/0xc50 [ 30.198919] krealloc_less_oob+0x20/0x38 [ 30.198965] kunit_try_run_case+0x170/0x3f0 [ 30.199011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.199062] kthread+0x328/0x630 [ 30.199121] ret_from_fork+0x10/0x20 [ 30.199199] [ 30.199217] Allocated by task 189: [ 30.199258] kasan_save_stack+0x3c/0x68 [ 30.199308] kasan_save_track+0x20/0x40 [ 30.199348] kasan_save_alloc_info+0x40/0x58 [ 30.199384] __kasan_krealloc+0x118/0x178 [ 30.199433] krealloc_noprof+0x128/0x360 [ 30.199476] krealloc_less_oob_helper+0x168/0xc50 [ 30.199524] krealloc_less_oob+0x20/0x38 [ 30.199561] kunit_try_run_case+0x170/0x3f0 [ 30.199596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.199636] kthread+0x328/0x630 [ 30.199673] ret_from_fork+0x10/0x20 [ 30.199713] [ 30.199746] The buggy address belongs to the object at fff00000c81a4e00 [ 30.199746] which belongs to the cache kmalloc-256 of size 256 [ 30.199800] The buggy address is located 33 bytes to the right of [ 30.199800] allocated 201-byte region [fff00000c81a4e00, fff00000c81a4ec9) [ 30.199871] [ 30.199898] The buggy address belongs to the physical page: [ 30.199930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4 [ 30.199988] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.200041] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.200088] page_type: f5(slab) [ 30.200124] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.200186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.200234] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.200291] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.200338] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff [ 30.200384] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.200421] page dumped because: kasan: bad access detected [ 30.200450] [ 30.200475] Memory state around the buggy address: [ 30.200505] fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.200545] fff00000c81a4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.200595] >fff00000c81a4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.200630] ^ [ 30.200666] fff00000c81a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.200721] fff00000c81a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.200766] ================================================================== [ 30.202449] ================================================================== [ 30.202941] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.203026] Write of size 1 at addr fff00000c81a4eeb by task kunit_try_catch/189 [ 30.203103] [ 30.203145] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.203231] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.203516] Hardware name: linux,dummy-virt (DT) [ 30.203563] Call trace: [ 30.203760] show_stack+0x20/0x38 (C) [ 30.203856] dump_stack_lvl+0x8c/0xd0 [ 30.203911] print_report+0x118/0x5e8 [ 30.203954] kasan_report+0xdc/0x128 [ 30.203998] __asan_report_store1_noabort+0x20/0x30 [ 30.204233] krealloc_less_oob_helper+0xa58/0xc50 [ 30.204339] krealloc_less_oob+0x20/0x38 [ 30.204541] kunit_try_run_case+0x170/0x3f0 [ 30.204605] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.204659] kthread+0x328/0x630 [ 30.204880] ret_from_fork+0x10/0x20 [ 30.204942] [ 30.205369] Allocated by task 189: [ 30.205537] kasan_save_stack+0x3c/0x68 [ 30.205628] kasan_save_track+0x20/0x40 [ 30.205748] kasan_save_alloc_info+0x40/0x58 [ 30.205846] __kasan_krealloc+0x118/0x178 [ 30.205964] krealloc_noprof+0x128/0x360 [ 30.206004] krealloc_less_oob_helper+0x168/0xc50 [ 30.206092] krealloc_less_oob+0x20/0x38 [ 30.206440] kunit_try_run_case+0x170/0x3f0 [ 30.206639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.206759] kthread+0x328/0x630 [ 30.206889] ret_from_fork+0x10/0x20 [ 30.207087] [ 30.207337] The buggy address belongs to the object at fff00000c81a4e00 [ 30.207337] which belongs to the cache kmalloc-256 of size 256 [ 30.207591] The buggy address is located 34 bytes to the right of [ 30.207591] allocated 201-byte region [fff00000c81a4e00, fff00000c81a4ec9) [ 30.207719] [ 30.207919] The buggy address belongs to the physical page: [ 30.207987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4 [ 30.208061] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.208197] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.208304] page_type: f5(slab) [ 30.208490] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.208624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.208861] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 30.208989] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.209142] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff [ 30.209238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.209331] page dumped because: kasan: bad access detected [ 30.209363] [ 30.209396] Memory state around the buggy address: [ 30.209606] fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.209703] fff00000c81a4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.209759] >fff00000c81a4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.210019] ^ [ 30.210086] fff00000c81a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.210182] fff00000c81a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.210263] ==================================================================
[ 24.796932] ================================================================== [ 24.797212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.797543] Write of size 1 at addr ffff888104a83cd0 by task kunit_try_catch/206 [ 24.798053] [ 24.798211] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.798272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.798298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.798318] Call Trace: [ 24.798330] <TASK> [ 24.798343] dump_stack_lvl+0x73/0xb0 [ 24.798385] print_report+0xd1/0x640 [ 24.798420] ? __virt_addr_valid+0x1db/0x2d0 [ 24.798502] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.798557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798580] kasan_report+0x141/0x180 [ 24.798603] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798630] __asan_report_store1_noabort+0x1b/0x30 [ 24.798654] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798680] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.798703] ? irqentry_exit+0x2a/0x60 [ 24.798723] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.798753] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.798779] krealloc_less_oob+0x1c/0x30 [ 24.798800] kunit_try_run_case+0x1a5/0x480 [ 24.798824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.798882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.798907] ? __kthread_parkme+0x82/0x180 [ 24.798926] ? preempt_count_sub+0x50/0x80 [ 24.798949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.798995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.799019] kthread+0x337/0x6f0 [ 24.799038] ? trace_preempt_on+0x20/0xc0 [ 24.799060] ? __pfx_kthread+0x10/0x10 [ 24.799081] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.799104] ? calculate_sigpending+0x7b/0xa0 [ 24.799127] ? __pfx_kthread+0x10/0x10 [ 24.799167] ret_from_fork+0x116/0x1d0 [ 24.799188] ? __pfx_kthread+0x10/0x10 [ 24.799208] ret_from_fork_asm+0x1a/0x30 [ 24.799239] </TASK> [ 24.799250] [ 24.807236] Allocated by task 206: [ 24.807433] kasan_save_stack+0x45/0x70 [ 24.807840] kasan_save_track+0x18/0x40 [ 24.808029] kasan_save_alloc_info+0x3b/0x50 [ 24.808213] __kasan_krealloc+0x190/0x1f0 [ 24.808429] krealloc_noprof+0xf3/0x340 [ 24.808619] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.808839] krealloc_less_oob+0x1c/0x30 [ 24.809143] kunit_try_run_case+0x1a5/0x480 [ 24.809377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.809668] kthread+0x337/0x6f0 [ 24.809879] ret_from_fork+0x116/0x1d0 [ 24.810069] ret_from_fork_asm+0x1a/0x30 [ 24.810287] [ 24.810354] The buggy address belongs to the object at ffff888104a83c00 [ 24.810354] which belongs to the cache kmalloc-256 of size 256 [ 24.810954] The buggy address is located 7 bytes to the right of [ 24.810954] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.811552] [ 24.811665] The buggy address belongs to the physical page: [ 24.811904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.812274] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.812870] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.813179] page_type: f5(slab) [ 24.813376] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.813747] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.814097] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.814443] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.814750] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.815057] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.815338] page dumped because: kasan: bad access detected [ 24.815661] [ 24.815754] Memory state around the buggy address: [ 24.815987] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816344] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.816734] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.817067] ^ [ 24.817369] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.817697] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.818032] ================================================================== [ 24.951955] ================================================================== [ 24.952190] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.952432] Write of size 1 at addr ffff888104aba0d0 by task kunit_try_catch/210 [ 24.953116] [ 24.953292] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.953338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.953350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.953371] Call Trace: [ 24.953382] <TASK> [ 24.953396] dump_stack_lvl+0x73/0xb0 [ 24.953422] print_report+0xd1/0x640 [ 24.953445] ? __virt_addr_valid+0x1db/0x2d0 [ 24.953468] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953491] ? kasan_addr_to_slab+0x11/0xa0 [ 24.953511] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953535] kasan_report+0x141/0x180 [ 24.953557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953584] __asan_report_store1_noabort+0x1b/0x30 [ 24.953609] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953634] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.953658] ? finish_task_switch.isra.0+0x153/0x700 [ 24.953679] ? __switch_to+0x47/0xf80 [ 24.953704] ? __schedule+0x10da/0x2b60 [ 24.953778] ? __pfx_read_tsc+0x10/0x10 [ 24.953803] krealloc_large_less_oob+0x1c/0x30 [ 24.953826] kunit_try_run_case+0x1a5/0x480 [ 24.953863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.953885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.953909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.953934] ? __kthread_parkme+0x82/0x180 [ 24.953954] ? preempt_count_sub+0x50/0x80 [ 24.953976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.954047] kthread+0x337/0x6f0 [ 24.954066] ? trace_preempt_on+0x20/0xc0 [ 24.954088] ? __pfx_kthread+0x10/0x10 [ 24.954109] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.954132] ? calculate_sigpending+0x7b/0xa0 [ 24.954154] ? __pfx_kthread+0x10/0x10 [ 24.954176] ret_from_fork+0x116/0x1d0 [ 24.954208] ? __pfx_kthread+0x10/0x10 [ 24.954228] ret_from_fork_asm+0x1a/0x30 [ 24.954258] </TASK> [ 24.954269] [ 24.964373] The buggy address belongs to the physical page: [ 24.964563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.965301] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.965920] flags: 0x200000000000040(head|node=0|zone=2) [ 24.966158] page_type: f8(unknown) [ 24.966314] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.967188] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.967942] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.968359] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.968846] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.969151] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.969433] page dumped because: kasan: bad access detected [ 24.970131] [ 24.970447] Memory state around the buggy address: [ 24.970726] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.971021] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.971803] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.972274] ^ [ 24.972699] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.973040] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.973586] ================================================================== [ 24.819909] ================================================================== [ 24.820244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820663] Write of size 1 at addr ffff888104a83cda by task kunit_try_catch/206 [ 24.821009] [ 24.821121] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.821206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.821220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.821240] Call Trace: [ 24.821253] <TASK> [ 24.821267] dump_stack_lvl+0x73/0xb0 [ 24.821294] print_report+0xd1/0x640 [ 24.821316] ? __virt_addr_valid+0x1db/0x2d0 [ 24.821339] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.821405] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821514] kasan_report+0x141/0x180 [ 24.821543] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821572] __asan_report_store1_noabort+0x1b/0x30 [ 24.821596] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821621] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.821644] ? irqentry_exit+0x2a/0x60 [ 24.821665] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.821696] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.821721] krealloc_less_oob+0x1c/0x30 [ 24.821743] kunit_try_run_case+0x1a5/0x480 [ 24.821767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.821789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.821813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.821849] ? __kthread_parkme+0x82/0x180 [ 24.821887] ? preempt_count_sub+0x50/0x80 [ 24.821910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.821934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.821957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.821997] kthread+0x337/0x6f0 [ 24.822017] ? trace_preempt_on+0x20/0xc0 [ 24.822039] ? __pfx_kthread+0x10/0x10 [ 24.822060] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.822083] ? calculate_sigpending+0x7b/0xa0 [ 24.822105] ? __pfx_kthread+0x10/0x10 [ 24.822127] ret_from_fork+0x116/0x1d0 [ 24.822165] ? __pfx_kthread+0x10/0x10 [ 24.822186] ret_from_fork_asm+0x1a/0x30 [ 24.822217] </TASK> [ 24.822228] [ 24.830232] Allocated by task 206: [ 24.830434] kasan_save_stack+0x45/0x70 [ 24.830845] kasan_save_track+0x18/0x40 [ 24.831065] kasan_save_alloc_info+0x3b/0x50 [ 24.831276] __kasan_krealloc+0x190/0x1f0 [ 24.831568] krealloc_noprof+0xf3/0x340 [ 24.831729] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.831994] krealloc_less_oob+0x1c/0x30 [ 24.832214] kunit_try_run_case+0x1a5/0x480 [ 24.832430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.832744] kthread+0x337/0x6f0 [ 24.832926] ret_from_fork+0x116/0x1d0 [ 24.833128] ret_from_fork_asm+0x1a/0x30 [ 24.833336] [ 24.833437] The buggy address belongs to the object at ffff888104a83c00 [ 24.833437] which belongs to the cache kmalloc-256 of size 256 [ 24.834090] The buggy address is located 17 bytes to the right of [ 24.834090] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.834729] [ 24.834825] The buggy address belongs to the physical page: [ 24.835081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.835400] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.835918] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.836251] page_type: f5(slab) [ 24.836456] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.836855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.837206] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.837648] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.838013] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.838382] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.838797] page dumped because: kasan: bad access detected [ 24.839069] [ 24.839183] Memory state around the buggy address: [ 24.839406] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.839782] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.840015] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.840378] ^ [ 24.840874] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.841109] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.841477] ================================================================== [ 24.842246] ================================================================== [ 24.842683] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843030] Write of size 1 at addr ffff888104a83cea by task kunit_try_catch/206 [ 24.843386] [ 24.843576] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.843642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.843655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.843675] Call Trace: [ 24.843689] <TASK> [ 24.843704] dump_stack_lvl+0x73/0xb0 [ 24.843731] print_report+0xd1/0x640 [ 24.843754] ? __virt_addr_valid+0x1db/0x2d0 [ 24.843777] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843800] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.843825] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843879] kasan_report+0x141/0x180 [ 24.843901] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843929] __asan_report_store1_noabort+0x1b/0x30 [ 24.843971] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843997] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.844020] ? irqentry_exit+0x2a/0x60 [ 24.844040] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.844070] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.844096] krealloc_less_oob+0x1c/0x30 [ 24.844117] kunit_try_run_case+0x1a5/0x480 [ 24.844141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.844164] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.844188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.844232] ? __kthread_parkme+0x82/0x180 [ 24.844252] ? preempt_count_sub+0x50/0x80 [ 24.844275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.844299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.844322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.844345] kthread+0x337/0x6f0 [ 24.844365] ? trace_preempt_on+0x20/0xc0 [ 24.844406] ? __pfx_kthread+0x10/0x10 [ 24.844448] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.844551] ? calculate_sigpending+0x7b/0xa0 [ 24.844581] ? __pfx_kthread+0x10/0x10 [ 24.844618] ret_from_fork+0x116/0x1d0 [ 24.844638] ? __pfx_kthread+0x10/0x10 [ 24.844672] ret_from_fork_asm+0x1a/0x30 [ 24.844704] </TASK> [ 24.844715] [ 24.852614] Allocated by task 206: [ 24.852745] kasan_save_stack+0x45/0x70 [ 24.853227] kasan_save_track+0x18/0x40 [ 24.853436] kasan_save_alloc_info+0x3b/0x50 [ 24.853739] __kasan_krealloc+0x190/0x1f0 [ 24.853937] krealloc_noprof+0xf3/0x340 [ 24.854120] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.854396] krealloc_less_oob+0x1c/0x30 [ 24.854656] kunit_try_run_case+0x1a5/0x480 [ 24.854877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.855128] kthread+0x337/0x6f0 [ 24.855310] ret_from_fork+0x116/0x1d0 [ 24.855553] ret_from_fork_asm+0x1a/0x30 [ 24.855767] [ 24.855877] The buggy address belongs to the object at ffff888104a83c00 [ 24.855877] which belongs to the cache kmalloc-256 of size 256 [ 24.856413] The buggy address is located 33 bytes to the right of [ 24.856413] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.857056] [ 24.857148] The buggy address belongs to the physical page: [ 24.857419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.857975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.858260] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.858538] page_type: f5(slab) [ 24.858713] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.859066] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.859536] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.859881] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.860239] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.860654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.861013] page dumped because: kasan: bad access detected [ 24.861248] [ 24.861341] Memory state around the buggy address: [ 24.861643] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861992] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.862304] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.862806] ^ [ 24.863110] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863536] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863872] ================================================================== [ 25.017155] ================================================================== [ 25.017416] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.017768] Write of size 1 at addr ffff888104aba0eb by task kunit_try_catch/210 [ 25.018006] [ 25.018086] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.018130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.018142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.018162] Call Trace: [ 25.018175] <TASK> [ 25.018189] dump_stack_lvl+0x73/0xb0 [ 25.018217] print_report+0xd1/0x640 [ 25.018240] ? __virt_addr_valid+0x1db/0x2d0 [ 25.018263] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018286] ? kasan_addr_to_slab+0x11/0xa0 [ 25.018307] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018330] kasan_report+0x141/0x180 [ 25.018353] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018425] __asan_report_store1_noabort+0x1b/0x30 [ 25.018451] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018506] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.018530] ? finish_task_switch.isra.0+0x153/0x700 [ 25.018551] ? __switch_to+0x47/0xf80 [ 25.018576] ? __schedule+0x10da/0x2b60 [ 25.018601] ? __pfx_read_tsc+0x10/0x10 [ 25.018626] krealloc_large_less_oob+0x1c/0x30 [ 25.018648] kunit_try_run_case+0x1a5/0x480 [ 25.018672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.018695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.018719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.018744] ? __kthread_parkme+0x82/0x180 [ 25.018766] ? preempt_count_sub+0x50/0x80 [ 25.018790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.018816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.018853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.018877] kthread+0x337/0x6f0 [ 25.018897] ? trace_preempt_on+0x20/0xc0 [ 25.018920] ? __pfx_kthread+0x10/0x10 [ 25.018940] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.018963] ? calculate_sigpending+0x7b/0xa0 [ 25.018986] ? __pfx_kthread+0x10/0x10 [ 25.019007] ret_from_fork+0x116/0x1d0 [ 25.019027] ? __pfx_kthread+0x10/0x10 [ 25.019047] ret_from_fork_asm+0x1a/0x30 [ 25.019077] </TASK> [ 25.019088] [ 25.027394] The buggy address belongs to the physical page: [ 25.027698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 25.028026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.028401] flags: 0x200000000000040(head|node=0|zone=2) [ 25.028672] page_type: f8(unknown) [ 25.028800] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.029485] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.029791] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.030041] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.030571] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 25.030806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.031156] page dumped because: kasan: bad access detected [ 25.031404] [ 25.031494] Memory state around the buggy address: [ 25.031687] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.031915] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.032511] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.032874] ^ [ 25.033182] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033504] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033738] ================================================================== [ 24.999822] ================================================================== [ 25.000683] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.001355] Write of size 1 at addr ffff888104aba0ea by task kunit_try_catch/210 [ 25.001713] [ 25.001821] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.001880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.001893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.001913] Call Trace: [ 25.001929] <TASK> [ 25.001944] dump_stack_lvl+0x73/0xb0 [ 25.001974] print_report+0xd1/0x640 [ 25.001997] ? __virt_addr_valid+0x1db/0x2d0 [ 25.002021] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002045] ? kasan_addr_to_slab+0x11/0xa0 [ 25.002066] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002090] kasan_report+0x141/0x180 [ 25.002112] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002139] __asan_report_store1_noabort+0x1b/0x30 [ 25.002164] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002200] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.002224] ? finish_task_switch.isra.0+0x153/0x700 [ 25.002246] ? __switch_to+0x47/0xf80 [ 25.002271] ? __schedule+0x10da/0x2b60 [ 25.002297] ? __pfx_read_tsc+0x10/0x10 [ 25.002322] krealloc_large_less_oob+0x1c/0x30 [ 25.002345] kunit_try_run_case+0x1a5/0x480 [ 25.002370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.002392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.002416] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.002441] ? __kthread_parkme+0x82/0x180 [ 25.002504] ? preempt_count_sub+0x50/0x80 [ 25.002530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.002554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.002578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.002601] kthread+0x337/0x6f0 [ 25.002621] ? trace_preempt_on+0x20/0xc0 [ 25.002644] ? __pfx_kthread+0x10/0x10 [ 25.002664] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.002688] ? calculate_sigpending+0x7b/0xa0 [ 25.002711] ? __pfx_kthread+0x10/0x10 [ 25.002733] ret_from_fork+0x116/0x1d0 [ 25.002753] ? __pfx_kthread+0x10/0x10 [ 25.002773] ret_from_fork_asm+0x1a/0x30 [ 25.002804] </TASK> [ 25.002814] [ 25.010600] The buggy address belongs to the physical page: [ 25.011065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 25.011357] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.011583] flags: 0x200000000000040(head|node=0|zone=2) [ 25.011756] page_type: f8(unknown) [ 25.012173] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.012527] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.012883] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.013284] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.013692] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 25.014004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.014305] page dumped because: kasan: bad access detected [ 25.014591] [ 25.014682] Memory state around the buggy address: [ 25.014873] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.015161] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.015451] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.015918] ^ [ 25.016209] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.016438] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.016807] ================================================================== [ 24.931784] ================================================================== [ 24.932234] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.932719] Write of size 1 at addr ffff888104aba0c9 by task kunit_try_catch/210 [ 24.933027] [ 24.933134] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.933180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.933193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.933213] Call Trace: [ 24.933225] <TASK> [ 24.933240] dump_stack_lvl+0x73/0xb0 [ 24.933269] print_report+0xd1/0x640 [ 24.933292] ? __virt_addr_valid+0x1db/0x2d0 [ 24.933316] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933339] ? kasan_addr_to_slab+0x11/0xa0 [ 24.933360] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933383] kasan_report+0x141/0x180 [ 24.933406] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933435] __asan_report_store1_noabort+0x1b/0x30 [ 24.933503] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933533] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.933557] ? finish_task_switch.isra.0+0x153/0x700 [ 24.933579] ? __switch_to+0x47/0xf80 [ 24.933606] ? __schedule+0x10da/0x2b60 [ 24.933632] ? __pfx_read_tsc+0x10/0x10 [ 24.933656] krealloc_large_less_oob+0x1c/0x30 [ 24.933679] kunit_try_run_case+0x1a5/0x480 [ 24.933704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.933727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.933753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.933778] ? __kthread_parkme+0x82/0x180 [ 24.933798] ? preempt_count_sub+0x50/0x80 [ 24.933821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.933858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.933881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.933905] kthread+0x337/0x6f0 [ 24.933925] ? trace_preempt_on+0x20/0xc0 [ 24.933948] ? __pfx_kthread+0x10/0x10 [ 24.933968] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.933992] ? calculate_sigpending+0x7b/0xa0 [ 24.934016] ? __pfx_kthread+0x10/0x10 [ 24.934037] ret_from_fork+0x116/0x1d0 [ 24.934057] ? __pfx_kthread+0x10/0x10 [ 24.934077] ret_from_fork_asm+0x1a/0x30 [ 24.934110] </TASK> [ 24.934121] [ 24.942154] The buggy address belongs to the physical page: [ 24.942401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.942788] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.943105] flags: 0x200000000000040(head|node=0|zone=2) [ 24.943366] page_type: f8(unknown) [ 24.943699] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.944038] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.944275] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.944593] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.945059] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.945303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.945947] page dumped because: kasan: bad access detected [ 24.946218] [ 24.946305] Memory state around the buggy address: [ 24.946467] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.946686] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.948072] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.949062] ^ [ 24.949790] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.950627] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.951315] ================================================================== [ 24.864342] ================================================================== [ 24.864759] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865097] Write of size 1 at addr ffff888104a83ceb by task kunit_try_catch/206 [ 24.865521] [ 24.865626] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.865693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.865706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.865726] Call Trace: [ 24.865739] <TASK> [ 24.865753] dump_stack_lvl+0x73/0xb0 [ 24.865796] print_report+0xd1/0x640 [ 24.865818] ? __virt_addr_valid+0x1db/0x2d0 [ 24.865851] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865874] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.865900] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865923] kasan_report+0x141/0x180 [ 24.865946] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865975] __asan_report_store1_noabort+0x1b/0x30 [ 24.865999] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.866042] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.866065] ? irqentry_exit+0x2a/0x60 [ 24.866086] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.866117] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.866143] krealloc_less_oob+0x1c/0x30 [ 24.866164] kunit_try_run_case+0x1a5/0x480 [ 24.866207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.866230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.866255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.866280] ? __kthread_parkme+0x82/0x180 [ 24.866300] ? preempt_count_sub+0x50/0x80 [ 24.866341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.866366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.866390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.866413] kthread+0x337/0x6f0 [ 24.866433] ? trace_preempt_on+0x20/0xc0 [ 24.866539] ? __pfx_kthread+0x10/0x10 [ 24.866576] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.866600] ? calculate_sigpending+0x7b/0xa0 [ 24.866636] ? __pfx_kthread+0x10/0x10 [ 24.866657] ret_from_fork+0x116/0x1d0 [ 24.866677] ? __pfx_kthread+0x10/0x10 [ 24.866711] ret_from_fork_asm+0x1a/0x30 [ 24.866755] </TASK> [ 24.866766] [ 24.874550] Allocated by task 206: [ 24.874743] kasan_save_stack+0x45/0x70 [ 24.874961] kasan_save_track+0x18/0x40 [ 24.875126] kasan_save_alloc_info+0x3b/0x50 [ 24.875350] __kasan_krealloc+0x190/0x1f0 [ 24.875761] krealloc_noprof+0xf3/0x340 [ 24.876017] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.876275] krealloc_less_oob+0x1c/0x30 [ 24.876557] kunit_try_run_case+0x1a5/0x480 [ 24.876768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.877041] kthread+0x337/0x6f0 [ 24.877234] ret_from_fork+0x116/0x1d0 [ 24.877418] ret_from_fork_asm+0x1a/0x30 [ 24.877671] [ 24.877759] The buggy address belongs to the object at ffff888104a83c00 [ 24.877759] which belongs to the cache kmalloc-256 of size 256 [ 24.878309] The buggy address is located 34 bytes to the right of [ 24.878309] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.878914] [ 24.879010] The buggy address belongs to the physical page: [ 24.879287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.879683] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.880008] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.880295] page_type: f5(slab) [ 24.880483] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.880771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.881307] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.881759] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.882115] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.882531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.882874] page dumped because: kasan: bad access detected [ 24.883046] [ 24.883112] Memory state around the buggy address: [ 24.883353] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.883745] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.884076] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.884397] ^ [ 24.884748] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885540] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885817] ================================================================== [ 24.974412] ================================================================== [ 24.975405] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.975933] Write of size 1 at addr ffff888104aba0da by task kunit_try_catch/210 [ 24.976484] [ 24.976749] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.976809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.976822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.976852] Call Trace: [ 24.976873] <TASK> [ 24.976887] dump_stack_lvl+0x73/0xb0 [ 24.976917] print_report+0xd1/0x640 [ 24.976939] ? __virt_addr_valid+0x1db/0x2d0 [ 24.976963] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.976987] ? kasan_addr_to_slab+0x11/0xa0 [ 24.977007] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977031] kasan_report+0x141/0x180 [ 24.977053] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977082] __asan_report_store1_noabort+0x1b/0x30 [ 24.977109] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977136] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.977283] ? finish_task_switch.isra.0+0x153/0x700 [ 24.977316] ? __switch_to+0x47/0xf80 [ 24.977343] ? __schedule+0x10da/0x2b60 [ 24.977371] ? __pfx_read_tsc+0x10/0x10 [ 24.977398] krealloc_large_less_oob+0x1c/0x30 [ 24.977520] kunit_try_run_case+0x1a5/0x480 [ 24.977553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.977577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.977603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.977629] ? __kthread_parkme+0x82/0x180 [ 24.977648] ? preempt_count_sub+0x50/0x80 [ 24.977671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.977694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.977718] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.977741] kthread+0x337/0x6f0 [ 24.977761] ? trace_preempt_on+0x20/0xc0 [ 24.977783] ? __pfx_kthread+0x10/0x10 [ 24.977804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.977841] ? calculate_sigpending+0x7b/0xa0 [ 24.977864] ? __pfx_kthread+0x10/0x10 [ 24.977886] ret_from_fork+0x116/0x1d0 [ 24.977905] ? __pfx_kthread+0x10/0x10 [ 24.977925] ret_from_fork_asm+0x1a/0x30 [ 24.977956] </TASK> [ 24.977967] [ 24.989926] The buggy address belongs to the physical page: [ 24.990157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.990856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.991613] flags: 0x200000000000040(head|node=0|zone=2) [ 24.991863] page_type: f8(unknown) [ 24.992029] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.992696] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.993347] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.993878] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.994375] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.995111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.995438] page dumped because: kasan: bad access detected [ 24.995877] [ 24.995969] Memory state around the buggy address: [ 24.996159] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.996422] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.996679] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.996967] ^ [ 24.997727] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.998189] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.998767] ================================================================== [ 24.775797] ================================================================== [ 24.776394] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.776922] Write of size 1 at addr ffff888104a83cc9 by task kunit_try_catch/206 [ 24.777285] [ 24.777388] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.777437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.777449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.777470] Call Trace: [ 24.777483] <TASK> [ 24.777497] dump_stack_lvl+0x73/0xb0 [ 24.777526] print_report+0xd1/0x640 [ 24.777549] ? __virt_addr_valid+0x1db/0x2d0 [ 24.777571] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.777620] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777644] kasan_report+0x141/0x180 [ 24.777665] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777693] __asan_report_store1_noabort+0x1b/0x30 [ 24.777717] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777743] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.777766] ? irqentry_exit+0x2a/0x60 [ 24.777786] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.777817] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.777856] krealloc_less_oob+0x1c/0x30 [ 24.777878] kunit_try_run_case+0x1a5/0x480 [ 24.777917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.777949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.777975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.778000] ? __kthread_parkme+0x82/0x180 [ 24.778020] ? preempt_count_sub+0x50/0x80 [ 24.778043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.778067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.778091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.778114] kthread+0x337/0x6f0 [ 24.778133] ? trace_preempt_on+0x20/0xc0 [ 24.778156] ? __pfx_kthread+0x10/0x10 [ 24.778176] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.778199] ? calculate_sigpending+0x7b/0xa0 [ 24.778222] ? __pfx_kthread+0x10/0x10 [ 24.778243] ret_from_fork+0x116/0x1d0 [ 24.778263] ? __pfx_kthread+0x10/0x10 [ 24.778293] ret_from_fork_asm+0x1a/0x30 [ 24.778324] </TASK> [ 24.778336] [ 24.786059] Allocated by task 206: [ 24.786331] kasan_save_stack+0x45/0x70 [ 24.786655] kasan_save_track+0x18/0x40 [ 24.786826] kasan_save_alloc_info+0x3b/0x50 [ 24.787026] __kasan_krealloc+0x190/0x1f0 [ 24.787238] krealloc_noprof+0xf3/0x340 [ 24.787400] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.787661] krealloc_less_oob+0x1c/0x30 [ 24.787805] kunit_try_run_case+0x1a5/0x480 [ 24.787968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.788214] kthread+0x337/0x6f0 [ 24.788426] ret_from_fork+0x116/0x1d0 [ 24.788709] ret_from_fork_asm+0x1a/0x30 [ 24.788915] [ 24.788982] The buggy address belongs to the object at ffff888104a83c00 [ 24.788982] which belongs to the cache kmalloc-256 of size 256 [ 24.789670] The buggy address is located 0 bytes to the right of [ 24.789670] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.790223] [ 24.790318] The buggy address belongs to the physical page: [ 24.790608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.790903] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.791136] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.791320] page_type: f5(slab) [ 24.791439] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.791753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.792335] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.792757] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.793132] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.793493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.793763] page dumped because: kasan: bad access detected [ 24.794023] [ 24.794139] Memory state around the buggy address: [ 24.794405] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.794783] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.795102] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.795408] ^ [ 24.795755] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796082] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796386] ==================================================================