Date
July 24, 2025, 4:41 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.376631] ================================================================== [ 32.377078] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.377284] Write of size 1 at addr fff00000c99620d0 by task kunit_try_catch/193 [ 32.377345] [ 32.377381] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.377986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.378074] Hardware name: linux,dummy-virt (DT) [ 32.378115] Call trace: [ 32.378148] show_stack+0x20/0x38 (C) [ 32.378218] dump_stack_lvl+0x8c/0xd0 [ 32.378552] print_report+0x118/0x5e8 [ 32.378623] kasan_report+0xdc/0x128 [ 32.378667] __asan_report_store1_noabort+0x20/0x30 [ 32.378716] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.378775] krealloc_large_less_oob+0x20/0x38 [ 32.378823] kunit_try_run_case+0x170/0x3f0 [ 32.378869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.379198] kthread+0x328/0x630 [ 32.379856] ret_from_fork+0x10/0x20 [ 32.380001] [ 32.380125] The buggy address belongs to the physical page: [ 32.380197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960 [ 32.380607] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.380664] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.380941] page_type: f8(unknown) [ 32.381027] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.381216] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.381495] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.381650] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.381871] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff [ 32.381923] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.381971] page dumped because: kasan: bad access detected [ 32.382002] [ 32.382021] Memory state around the buggy address: [ 32.382064] fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.382113] fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.382154] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.382191] ^ [ 32.382227] fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.382270] fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.382324] ================================================================== [ 32.316959] ================================================================== [ 32.317191] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.317466] Write of size 1 at addr fff00000c8575ec9 by task kunit_try_catch/189 [ 32.317559] [ 32.317681] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.317778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.317805] Hardware name: linux,dummy-virt (DT) [ 32.317838] Call trace: [ 32.317924] show_stack+0x20/0x38 (C) [ 32.318001] dump_stack_lvl+0x8c/0xd0 [ 32.318047] print_report+0x118/0x5e8 [ 32.318151] kasan_report+0xdc/0x128 [ 32.318194] __asan_report_store1_noabort+0x20/0x30 [ 32.318262] krealloc_less_oob_helper+0xa48/0xc50 [ 32.318338] krealloc_less_oob+0x20/0x38 [ 32.318595] kunit_try_run_case+0x170/0x3f0 [ 32.318657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.318788] kthread+0x328/0x630 [ 32.318856] ret_from_fork+0x10/0x20 [ 32.318911] [ 32.318940] Allocated by task 189: [ 32.318968] kasan_save_stack+0x3c/0x68 [ 32.319013] kasan_save_track+0x20/0x40 [ 32.319070] kasan_save_alloc_info+0x40/0x58 [ 32.319156] __kasan_krealloc+0x118/0x178 [ 32.319202] krealloc_noprof+0x128/0x360 [ 32.319259] krealloc_less_oob_helper+0x168/0xc50 [ 32.319349] krealloc_less_oob+0x20/0x38 [ 32.319440] kunit_try_run_case+0x170/0x3f0 [ 32.319476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.319517] kthread+0x328/0x630 [ 32.319548] ret_from_fork+0x10/0x20 [ 32.319582] [ 32.319601] The buggy address belongs to the object at fff00000c8575e00 [ 32.319601] which belongs to the cache kmalloc-256 of size 256 [ 32.319657] The buggy address is located 0 bytes to the right of [ 32.319657] allocated 201-byte region [fff00000c8575e00, fff00000c8575ec9) [ 32.319975] [ 32.320146] The buggy address belongs to the physical page: [ 32.320239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574 [ 32.320380] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.320455] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.320530] page_type: f5(slab) [ 32.320657] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.320786] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.320918] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.320965] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.321338] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff [ 32.321440] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.321573] page dumped because: kasan: bad access detected [ 32.321640] [ 32.321667] Memory state around the buggy address: [ 32.321776] fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.321853] fff00000c8575e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.321946] >fff00000c8575e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.322083] ^ [ 32.322142] fff00000c8575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.322190] fff00000c8575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.322398] ================================================================== [ 32.396741] ================================================================== [ 32.396971] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.397041] Write of size 1 at addr fff00000c99620eb by task kunit_try_catch/193 [ 32.397142] [ 32.397178] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.397281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.397315] Hardware name: linux,dummy-virt (DT) [ 32.397499] Call trace: [ 32.397533] show_stack+0x20/0x38 (C) [ 32.397760] dump_stack_lvl+0x8c/0xd0 [ 32.397823] print_report+0x118/0x5e8 [ 32.398075] kasan_report+0xdc/0x128 [ 32.398280] __asan_report_store1_noabort+0x20/0x30 [ 32.398343] krealloc_less_oob_helper+0xa58/0xc50 [ 32.398510] krealloc_large_less_oob+0x20/0x38 [ 32.398607] kunit_try_run_case+0x170/0x3f0 [ 32.398663] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.398714] kthread+0x328/0x630 [ 32.399041] ret_from_fork+0x10/0x20 [ 32.399236] [ 32.399332] The buggy address belongs to the physical page: [ 32.399412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960 [ 32.399523] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.399706] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.399991] page_type: f8(unknown) [ 32.400059] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.400203] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.400309] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.400445] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.400559] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff [ 32.400608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.400819] page dumped because: kasan: bad access detected [ 32.401060] [ 32.401103] Memory state around the buggy address: [ 32.401149] fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.401986] fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.402058] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.402149] ^ [ 32.402211] fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.402278] fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.402453] ================================================================== [ 32.368095] ================================================================== [ 32.368474] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.368537] Write of size 1 at addr fff00000c99620c9 by task kunit_try_catch/193 [ 32.368690] [ 32.368776] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.369210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.369290] Hardware name: linux,dummy-virt (DT) [ 32.369325] Call trace: [ 32.369393] show_stack+0x20/0x38 (C) [ 32.369446] dump_stack_lvl+0x8c/0xd0 [ 32.369503] print_report+0x118/0x5e8 [ 32.369736] kasan_report+0xdc/0x128 [ 32.369818] __asan_report_store1_noabort+0x20/0x30 [ 32.369868] krealloc_less_oob_helper+0xa48/0xc50 [ 32.369917] krealloc_large_less_oob+0x20/0x38 [ 32.370302] kunit_try_run_case+0x170/0x3f0 [ 32.370697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.370786] kthread+0x328/0x630 [ 32.370830] ret_from_fork+0x10/0x20 [ 32.371019] [ 32.371070] The buggy address belongs to the physical page: [ 32.371379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960 [ 32.371699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.372242] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.372364] page_type: f8(unknown) [ 32.372440] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.372762] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.373003] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.373260] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.373356] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff [ 32.373598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.373675] page dumped because: kasan: bad access detected [ 32.374044] [ 32.374169] Memory state around the buggy address: [ 32.374226] fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.374375] fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.374421] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.374507] ^ [ 32.374723] fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.374852] fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.375048] ================================================================== [ 32.328497] ================================================================== [ 32.328700] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.328782] Write of size 1 at addr fff00000c8575eda by task kunit_try_catch/189 [ 32.328832] [ 32.328971] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.329056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.329083] Hardware name: linux,dummy-virt (DT) [ 32.329114] Call trace: [ 32.329137] show_stack+0x20/0x38 (C) [ 32.329333] dump_stack_lvl+0x8c/0xd0 [ 32.329398] print_report+0x118/0x5e8 [ 32.329442] kasan_report+0xdc/0x128 [ 32.329502] __asan_report_store1_noabort+0x20/0x30 [ 32.329557] krealloc_less_oob_helper+0xa80/0xc50 [ 32.329622] krealloc_less_oob+0x20/0x38 [ 32.329679] kunit_try_run_case+0x170/0x3f0 [ 32.329733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.329824] kthread+0x328/0x630 [ 32.329882] ret_from_fork+0x10/0x20 [ 32.329949] [ 32.329988] Allocated by task 189: [ 32.330035] kasan_save_stack+0x3c/0x68 [ 32.330137] kasan_save_track+0x20/0x40 [ 32.330174] kasan_save_alloc_info+0x40/0x58 [ 32.330241] __kasan_krealloc+0x118/0x178 [ 32.330293] krealloc_noprof+0x128/0x360 [ 32.330327] krealloc_less_oob_helper+0x168/0xc50 [ 32.330366] krealloc_less_oob+0x20/0x38 [ 32.330402] kunit_try_run_case+0x170/0x3f0 [ 32.330546] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.330685] kthread+0x328/0x630 [ 32.330730] ret_from_fork+0x10/0x20 [ 32.330776] [ 32.330795] The buggy address belongs to the object at fff00000c8575e00 [ 32.330795] which belongs to the cache kmalloc-256 of size 256 [ 32.330937] The buggy address is located 17 bytes to the right of [ 32.330937] allocated 201-byte region [fff00000c8575e00, fff00000c8575ec9) [ 32.331131] [ 32.331152] The buggy address belongs to the physical page: [ 32.331186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574 [ 32.331252] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.331307] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.331357] page_type: f5(slab) [ 32.331579] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.331665] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.331784] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.331903] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.332001] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff [ 32.332106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.332158] page dumped because: kasan: bad access detected [ 32.332226] [ 32.332244] Memory state around the buggy address: [ 32.332274] fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.332369] fff00000c8575e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.332414] >fff00000c8575e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.332572] ^ [ 32.332610] fff00000c8575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.332651] fff00000c8575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.332688] ================================================================== [ 32.389870] ================================================================== [ 32.390119] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.390361] Write of size 1 at addr fff00000c99620ea by task kunit_try_catch/193 [ 32.390423] [ 32.390459] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.390543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.390570] Hardware name: linux,dummy-virt (DT) [ 32.390691] Call trace: [ 32.390718] show_stack+0x20/0x38 (C) [ 32.390900] dump_stack_lvl+0x8c/0xd0 [ 32.391024] print_report+0x118/0x5e8 [ 32.391306] kasan_report+0xdc/0x128 [ 32.391577] __asan_report_store1_noabort+0x20/0x30 [ 32.391685] krealloc_less_oob_helper+0xae4/0xc50 [ 32.391832] krealloc_large_less_oob+0x20/0x38 [ 32.391895] kunit_try_run_case+0x170/0x3f0 [ 32.391941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.392442] kthread+0x328/0x630 [ 32.392520] ret_from_fork+0x10/0x20 [ 32.392718] [ 32.392815] The buggy address belongs to the physical page: [ 32.392873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960 [ 32.393006] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.393237] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.393407] page_type: f8(unknown) [ 32.393468] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.393533] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.393592] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.393648] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.393705] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff [ 32.393781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.393827] page dumped because: kasan: bad access detected [ 32.393862] [ 32.393880] Memory state around the buggy address: [ 32.393925] fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.393968] fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.394022] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.394061] ^ [ 32.394098] fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.394146] fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.394183] ================================================================== [ 32.339155] ================================================================== [ 32.339203] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.339249] Write of size 1 at addr fff00000c8575eeb by task kunit_try_catch/189 [ 32.339324] [ 32.339352] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.339434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.339459] Hardware name: linux,dummy-virt (DT) [ 32.339625] Call trace: [ 32.339658] show_stack+0x20/0x38 (C) [ 32.339706] dump_stack_lvl+0x8c/0xd0 [ 32.339762] print_report+0x118/0x5e8 [ 32.340036] kasan_report+0xdc/0x128 [ 32.340093] __asan_report_store1_noabort+0x20/0x30 [ 32.340141] krealloc_less_oob_helper+0xa58/0xc50 [ 32.340208] krealloc_less_oob+0x20/0x38 [ 32.340271] kunit_try_run_case+0x170/0x3f0 [ 32.340351] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.340403] kthread+0x328/0x630 [ 32.340647] ret_from_fork+0x10/0x20 [ 32.340777] [ 32.340816] Allocated by task 189: [ 32.340863] kasan_save_stack+0x3c/0x68 [ 32.340902] kasan_save_track+0x20/0x40 [ 32.340937] kasan_save_alloc_info+0x40/0x58 [ 32.340973] __kasan_krealloc+0x118/0x178 [ 32.341032] krealloc_noprof+0x128/0x360 [ 32.341067] krealloc_less_oob_helper+0x168/0xc50 [ 32.341107] krealloc_less_oob+0x20/0x38 [ 32.341143] kunit_try_run_case+0x170/0x3f0 [ 32.341178] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.341385] kthread+0x328/0x630 [ 32.341439] ret_from_fork+0x10/0x20 [ 32.341474] [ 32.341520] The buggy address belongs to the object at fff00000c8575e00 [ 32.341520] which belongs to the cache kmalloc-256 of size 256 [ 32.341590] The buggy address is located 34 bytes to the right of [ 32.341590] allocated 201-byte region [fff00000c8575e00, fff00000c8575ec9) [ 32.341654] [ 32.341692] The buggy address belongs to the physical page: [ 32.341726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574 [ 32.341904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.342043] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.342103] page_type: f5(slab) [ 32.342150] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.342198] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.342247] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.342296] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.342344] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff [ 32.342391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.342430] page dumped because: kasan: bad access detected [ 32.342460] [ 32.342478] Memory state around the buggy address: [ 32.342507] fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.342549] fff00000c8575e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.342659] >fff00000c8575e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.342705] ^ [ 32.342883] fff00000c8575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.342924] fff00000c8575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.342967] ================================================================== [ 32.333682] ================================================================== [ 32.333767] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.333831] Write of size 1 at addr fff00000c8575eea by task kunit_try_catch/189 [ 32.333880] [ 32.333915] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.334148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.334186] Hardware name: linux,dummy-virt (DT) [ 32.334229] Call trace: [ 32.334251] show_stack+0x20/0x38 (C) [ 32.334299] dump_stack_lvl+0x8c/0xd0 [ 32.334343] print_report+0x118/0x5e8 [ 32.334386] kasan_report+0xdc/0x128 [ 32.334428] __asan_report_store1_noabort+0x20/0x30 [ 32.334475] krealloc_less_oob_helper+0xae4/0xc50 [ 32.334524] krealloc_less_oob+0x20/0x38 [ 32.334569] kunit_try_run_case+0x170/0x3f0 [ 32.334620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.334671] kthread+0x328/0x630 [ 32.334711] ret_from_fork+0x10/0x20 [ 32.334767] [ 32.334785] Allocated by task 189: [ 32.334813] kasan_save_stack+0x3c/0x68 [ 32.334850] kasan_save_track+0x20/0x40 [ 32.335061] kasan_save_alloc_info+0x40/0x58 [ 32.335113] __kasan_krealloc+0x118/0x178 [ 32.335273] krealloc_noprof+0x128/0x360 [ 32.335429] krealloc_less_oob_helper+0x168/0xc50 [ 32.335500] krealloc_less_oob+0x20/0x38 [ 32.335596] kunit_try_run_case+0x170/0x3f0 [ 32.335682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.335735] kthread+0x328/0x630 [ 32.335806] ret_from_fork+0x10/0x20 [ 32.335884] [ 32.335981] The buggy address belongs to the object at fff00000c8575e00 [ 32.335981] which belongs to the cache kmalloc-256 of size 256 [ 32.336112] The buggy address is located 33 bytes to the right of [ 32.336112] allocated 201-byte region [fff00000c8575e00, fff00000c8575ec9) [ 32.336177] [ 32.336233] The buggy address belongs to the physical page: [ 32.336269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574 [ 32.336319] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.336588] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.336729] page_type: f5(slab) [ 32.336806] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.336873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.336921] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.337002] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.337242] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff [ 32.337351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.337459] page dumped because: kasan: bad access detected [ 32.337537] [ 32.337588] Memory state around the buggy address: [ 32.337691] fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.337786] fff00000c8575e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.337828] >fff00000c8575e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.338138] ^ [ 32.338285] fff00000c8575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.338359] fff00000c8575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.338408] ================================================================== [ 32.382458] ================================================================== [ 32.382508] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.382564] Write of size 1 at addr fff00000c99620da by task kunit_try_catch/193 [ 32.382612] [ 32.382653] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.382735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.383219] Hardware name: linux,dummy-virt (DT) [ 32.383270] Call trace: [ 32.383315] show_stack+0x20/0x38 (C) [ 32.383571] dump_stack_lvl+0x8c/0xd0 [ 32.383624] print_report+0x118/0x5e8 [ 32.383856] kasan_report+0xdc/0x128 [ 32.383916] __asan_report_store1_noabort+0x20/0x30 [ 32.384285] krealloc_less_oob_helper+0xa80/0xc50 [ 32.384501] krealloc_large_less_oob+0x20/0x38 [ 32.384741] kunit_try_run_case+0x170/0x3f0 [ 32.384950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.385146] kthread+0x328/0x630 [ 32.385277] ret_from_fork+0x10/0x20 [ 32.385495] [ 32.385564] The buggy address belongs to the physical page: [ 32.385616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960 [ 32.385987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.386242] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.386413] page_type: f8(unknown) [ 32.386488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.386575] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.386775] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.386875] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.387155] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff [ 32.387240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.387405] page dumped because: kasan: bad access detected [ 32.387457] [ 32.387475] Memory state around the buggy address: [ 32.387512] fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.387555] fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.388017] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.388206] ^ [ 32.388536] fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.388611] fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.388739] ================================================================== [ 32.323622] ================================================================== [ 32.323681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.323733] Write of size 1 at addr fff00000c8575ed0 by task kunit_try_catch/189 [ 32.323799] [ 32.323832] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.323923] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.323950] Hardware name: linux,dummy-virt (DT) [ 32.323981] Call trace: [ 32.324012] show_stack+0x20/0x38 (C) [ 32.324060] dump_stack_lvl+0x8c/0xd0 [ 32.324111] print_report+0x118/0x5e8 [ 32.324155] kasan_report+0xdc/0x128 [ 32.324206] __asan_report_store1_noabort+0x20/0x30 [ 32.324255] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.324303] krealloc_less_oob+0x20/0x38 [ 32.324349] kunit_try_run_case+0x170/0x3f0 [ 32.324394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.324444] kthread+0x328/0x630 [ 32.324485] ret_from_fork+0x10/0x20 [ 32.324532] [ 32.324550] Allocated by task 189: [ 32.324583] kasan_save_stack+0x3c/0x68 [ 32.324620] kasan_save_track+0x20/0x40 [ 32.324659] kasan_save_alloc_info+0x40/0x58 [ 32.324695] __kasan_krealloc+0x118/0x178 [ 32.324731] krealloc_noprof+0x128/0x360 [ 32.324775] krealloc_less_oob_helper+0x168/0xc50 [ 32.324815] krealloc_less_oob+0x20/0x38 [ 32.324851] kunit_try_run_case+0x170/0x3f0 [ 32.324886] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.324993] kthread+0x328/0x630 [ 32.325034] ret_from_fork+0x10/0x20 [ 32.325566] [ 32.325600] The buggy address belongs to the object at fff00000c8575e00 [ 32.325600] which belongs to the cache kmalloc-256 of size 256 [ 32.325659] The buggy address is located 7 bytes to the right of [ 32.325659] allocated 201-byte region [fff00000c8575e00, fff00000c8575ec9) [ 32.325928] [ 32.325976] The buggy address belongs to the physical page: [ 32.326042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574 [ 32.326096] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.326165] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.326218] page_type: f5(slab) [ 32.326275] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.326482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.326662] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.326737] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.326841] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff [ 32.326908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.326948] page dumped because: kasan: bad access detected [ 32.326978] [ 32.327041] Memory state around the buggy address: [ 32.327072] fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.327114] fff00000c8575e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.327155] >fff00000c8575e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.327193] ^ [ 32.327227] fff00000c8575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.327308] fff00000c8575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.327472] ==================================================================
[ 26.678806] ================================================================== [ 26.679272] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.679829] Write of size 1 at addr ffff88810616e0c9 by task kunit_try_catch/210 [ 26.680262] [ 26.680354] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.680403] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.680416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.680438] Call Trace: [ 26.680450] <TASK> [ 26.680466] dump_stack_lvl+0x73/0xb0 [ 26.680495] print_report+0xd1/0x640 [ 26.680517] ? __virt_addr_valid+0x1db/0x2d0 [ 26.680541] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680563] ? kasan_addr_to_slab+0x11/0xa0 [ 26.680596] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680619] kasan_report+0x141/0x180 [ 26.680641] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680668] __asan_report_store1_noabort+0x1b/0x30 [ 26.680692] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680716] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.680739] ? finish_task_switch.isra.0+0x153/0x700 [ 26.680760] ? __switch_to+0x47/0xf80 [ 26.681176] ? __schedule+0x10da/0x2b60 [ 26.681216] ? __pfx_read_tsc+0x10/0x10 [ 26.681243] krealloc_large_less_oob+0x1c/0x30 [ 26.681266] kunit_try_run_case+0x1a5/0x480 [ 26.681292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.681314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.681338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.681362] ? __kthread_parkme+0x82/0x180 [ 26.681381] ? preempt_count_sub+0x50/0x80 [ 26.681403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.681425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.681447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.681470] kthread+0x337/0x6f0 [ 26.681489] ? trace_preempt_on+0x20/0xc0 [ 26.681513] ? __pfx_kthread+0x10/0x10 [ 26.681532] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.681554] ? calculate_sigpending+0x7b/0xa0 [ 26.681591] ? __pfx_kthread+0x10/0x10 [ 26.681612] ret_from_fork+0x116/0x1d0 [ 26.681631] ? __pfx_kthread+0x10/0x10 [ 26.681651] ret_from_fork_asm+0x1a/0x30 [ 26.681681] </TASK> [ 26.681691] [ 26.692357] The buggy address belongs to the physical page: [ 26.692636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.693353] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.693668] flags: 0x200000000000040(head|node=0|zone=2) [ 26.694132] page_type: f8(unknown) [ 26.694334] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.694667] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.695198] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.695607] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.695964] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.696390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.696715] page dumped because: kasan: bad access detected [ 26.697210] [ 26.697290] Memory state around the buggy address: [ 26.697494] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.697775] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.698356] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.698658] ^ [ 26.698893] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.699424] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.699878] ================================================================== [ 26.554656] ================================================================== [ 26.555303] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.555627] Write of size 1 at addr ffff888104a4cada by task kunit_try_catch/206 [ 26.556035] [ 26.556214] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.556543] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.556557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.556590] Call Trace: [ 26.556607] <TASK> [ 26.556624] dump_stack_lvl+0x73/0xb0 [ 26.556651] print_report+0xd1/0x640 [ 26.556672] ? __virt_addr_valid+0x1db/0x2d0 [ 26.556695] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.556742] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556765] kasan_report+0x141/0x180 [ 26.556845] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556874] __asan_report_store1_noabort+0x1b/0x30 [ 26.556897] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556922] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.556945] ? finish_task_switch.isra.0+0x153/0x700 [ 26.556965] ? __switch_to+0x47/0xf80 [ 26.556990] ? __schedule+0x10da/0x2b60 [ 26.557015] ? __pfx_read_tsc+0x10/0x10 [ 26.557038] krealloc_less_oob+0x1c/0x30 [ 26.557058] kunit_try_run_case+0x1a5/0x480 [ 26.557082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.557103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.557126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.557151] ? __kthread_parkme+0x82/0x180 [ 26.557170] ? preempt_count_sub+0x50/0x80 [ 26.557191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.557214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.557236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.557258] kthread+0x337/0x6f0 [ 26.557278] ? trace_preempt_on+0x20/0xc0 [ 26.557302] ? __pfx_kthread+0x10/0x10 [ 26.557322] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.557344] ? calculate_sigpending+0x7b/0xa0 [ 26.557367] ? __pfx_kthread+0x10/0x10 [ 26.557387] ret_from_fork+0x116/0x1d0 [ 26.557406] ? __pfx_kthread+0x10/0x10 [ 26.557425] ret_from_fork_asm+0x1a/0x30 [ 26.557456] </TASK> [ 26.557466] [ 26.568759] Allocated by task 206: [ 26.569118] kasan_save_stack+0x45/0x70 [ 26.569383] kasan_save_track+0x18/0x40 [ 26.569637] kasan_save_alloc_info+0x3b/0x50 [ 26.570141] __kasan_krealloc+0x190/0x1f0 [ 26.570341] krealloc_noprof+0xf3/0x340 [ 26.570488] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.570730] krealloc_less_oob+0x1c/0x30 [ 26.570920] kunit_try_run_case+0x1a5/0x480 [ 26.571376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.571619] kthread+0x337/0x6f0 [ 26.571949] ret_from_fork+0x116/0x1d0 [ 26.572149] ret_from_fork_asm+0x1a/0x30 [ 26.572319] [ 26.572409] The buggy address belongs to the object at ffff888104a4ca00 [ 26.572409] which belongs to the cache kmalloc-256 of size 256 [ 26.573239] The buggy address is located 17 bytes to the right of [ 26.573239] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.573738] [ 26.574046] The buggy address belongs to the physical page: [ 26.574353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.574683] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.575050] flags: 0x200000000000040(head|node=0|zone=2) [ 26.575473] page_type: f5(slab) [ 26.575662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.576050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.576407] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.576688] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.577030] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.577353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.577671] page dumped because: kasan: bad access detected [ 26.577959] [ 26.578029] Memory state around the buggy address: [ 26.578177] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.578491] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.578723] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.579154] ^ [ 26.579423] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.579711] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.579963] ================================================================== [ 26.600905] ================================================================== [ 26.601228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.601502] Write of size 1 at addr ffff888104a4caeb by task kunit_try_catch/206 [ 26.601731] [ 26.601897] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.601945] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.601958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.601977] Call Trace: [ 26.601992] <TASK> [ 26.602007] dump_stack_lvl+0x73/0xb0 [ 26.602033] print_report+0xd1/0x640 [ 26.602055] ? __virt_addr_valid+0x1db/0x2d0 [ 26.602078] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.602126] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602148] kasan_report+0x141/0x180 [ 26.602169] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602197] __asan_report_store1_noabort+0x1b/0x30 [ 26.602220] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602245] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.602268] ? finish_task_switch.isra.0+0x153/0x700 [ 26.602288] ? __switch_to+0x47/0xf80 [ 26.602313] ? __schedule+0x10da/0x2b60 [ 26.602337] ? __pfx_read_tsc+0x10/0x10 [ 26.602361] krealloc_less_oob+0x1c/0x30 [ 26.602381] kunit_try_run_case+0x1a5/0x480 [ 26.602405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602427] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.602450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.602474] ? __kthread_parkme+0x82/0x180 [ 26.602493] ? preempt_count_sub+0x50/0x80 [ 26.602514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.602559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.602593] kthread+0x337/0x6f0 [ 26.602612] ? trace_preempt_on+0x20/0xc0 [ 26.602635] ? __pfx_kthread+0x10/0x10 [ 26.602655] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.602677] ? calculate_sigpending+0x7b/0xa0 [ 26.602699] ? __pfx_kthread+0x10/0x10 [ 26.602720] ret_from_fork+0x116/0x1d0 [ 26.602738] ? __pfx_kthread+0x10/0x10 [ 26.602758] ret_from_fork_asm+0x1a/0x30 [ 26.602822] </TASK> [ 26.602836] [ 26.614400] Allocated by task 206: [ 26.614557] kasan_save_stack+0x45/0x70 [ 26.614766] kasan_save_track+0x18/0x40 [ 26.614937] kasan_save_alloc_info+0x3b/0x50 [ 26.615570] __kasan_krealloc+0x190/0x1f0 [ 26.615740] krealloc_noprof+0xf3/0x340 [ 26.616005] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.616264] krealloc_less_oob+0x1c/0x30 [ 26.616443] kunit_try_run_case+0x1a5/0x480 [ 26.616661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.616850] kthread+0x337/0x6f0 [ 26.617553] ret_from_fork+0x116/0x1d0 [ 26.617706] ret_from_fork_asm+0x1a/0x30 [ 26.617937] [ 26.618262] The buggy address belongs to the object at ffff888104a4ca00 [ 26.618262] which belongs to the cache kmalloc-256 of size 256 [ 26.618822] The buggy address is located 34 bytes to the right of [ 26.618822] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.619564] [ 26.619682] The buggy address belongs to the physical page: [ 26.619958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.620550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.621090] flags: 0x200000000000040(head|node=0|zone=2) [ 26.621403] page_type: f5(slab) [ 26.621530] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.622137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.622460] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.622788] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.623349] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.623731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.624204] page dumped because: kasan: bad access detected [ 26.624430] [ 26.624526] Memory state around the buggy address: [ 26.624745] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.625290] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.625704] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.626138] ^ [ 26.626361] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.626702] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.627348] ================================================================== [ 26.724705] ================================================================== [ 26.725085] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.725550] Write of size 1 at addr ffff88810616e0da by task kunit_try_catch/210 [ 26.726027] [ 26.726156] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.726208] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.726221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.726242] Call Trace: [ 26.726255] <TASK> [ 26.726273] dump_stack_lvl+0x73/0xb0 [ 26.726301] print_report+0xd1/0x640 [ 26.726342] ? __virt_addr_valid+0x1db/0x2d0 [ 26.726367] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726404] ? kasan_addr_to_slab+0x11/0xa0 [ 26.726437] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726460] kasan_report+0x141/0x180 [ 26.726481] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726508] __asan_report_store1_noabort+0x1b/0x30 [ 26.726533] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726558] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.726593] ? finish_task_switch.isra.0+0x153/0x700 [ 26.726614] ? __switch_to+0x47/0xf80 [ 26.726640] ? __schedule+0x10da/0x2b60 [ 26.726664] ? __pfx_read_tsc+0x10/0x10 [ 26.726688] krealloc_large_less_oob+0x1c/0x30 [ 26.726710] kunit_try_run_case+0x1a5/0x480 [ 26.726735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.726779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.726866] ? __kthread_parkme+0x82/0x180 [ 26.726886] ? preempt_count_sub+0x50/0x80 [ 26.726908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.726960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.726983] kthread+0x337/0x6f0 [ 26.727003] ? trace_preempt_on+0x20/0xc0 [ 26.727027] ? __pfx_kthread+0x10/0x10 [ 26.727046] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.727069] ? calculate_sigpending+0x7b/0xa0 [ 26.727092] ? __pfx_kthread+0x10/0x10 [ 26.727112] ret_from_fork+0x116/0x1d0 [ 26.727131] ? __pfx_kthread+0x10/0x10 [ 26.727151] ret_from_fork_asm+0x1a/0x30 [ 26.727182] </TASK> [ 26.727192] [ 26.735958] The buggy address belongs to the physical page: [ 26.736527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.736924] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.737319] flags: 0x200000000000040(head|node=0|zone=2) [ 26.737547] page_type: f8(unknown) [ 26.737683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.738194] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.738536] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.738899] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.739351] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.739588] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.739985] page dumped because: kasan: bad access detected [ 26.740371] [ 26.740516] Memory state around the buggy address: [ 26.740757] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.741133] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.741454] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.741677] ^ [ 26.741853] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.742435] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.742767] ================================================================== [ 26.581030] ================================================================== [ 26.581352] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581676] Write of size 1 at addr ffff888104a4caea by task kunit_try_catch/206 [ 26.582075] [ 26.582185] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.582232] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.582244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.582264] Call Trace: [ 26.582282] <TASK> [ 26.582298] dump_stack_lvl+0x73/0xb0 [ 26.582324] print_report+0xd1/0x640 [ 26.582344] ? __virt_addr_valid+0x1db/0x2d0 [ 26.582367] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.582414] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582436] kasan_report+0x141/0x180 [ 26.582458] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582486] __asan_report_store1_noabort+0x1b/0x30 [ 26.582510] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582534] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.582557] ? finish_task_switch.isra.0+0x153/0x700 [ 26.582591] ? __switch_to+0x47/0xf80 [ 26.582617] ? __schedule+0x10da/0x2b60 [ 26.582641] ? __pfx_read_tsc+0x10/0x10 [ 26.582664] krealloc_less_oob+0x1c/0x30 [ 26.582686] kunit_try_run_case+0x1a5/0x480 [ 26.582709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.582754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.582777] ? __kthread_parkme+0x82/0x180 [ 26.582796] ? preempt_count_sub+0x50/0x80 [ 26.582872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.582925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.582947] kthread+0x337/0x6f0 [ 26.582967] ? trace_preempt_on+0x20/0xc0 [ 26.582990] ? __pfx_kthread+0x10/0x10 [ 26.583010] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.583032] ? calculate_sigpending+0x7b/0xa0 [ 26.583055] ? __pfx_kthread+0x10/0x10 [ 26.583076] ret_from_fork+0x116/0x1d0 [ 26.583094] ? __pfx_kthread+0x10/0x10 [ 26.583113] ret_from_fork_asm+0x1a/0x30 [ 26.583144] </TASK> [ 26.583154] [ 26.590091] Allocated by task 206: [ 26.590257] kasan_save_stack+0x45/0x70 [ 26.590425] kasan_save_track+0x18/0x40 [ 26.590618] kasan_save_alloc_info+0x3b/0x50 [ 26.591034] __kasan_krealloc+0x190/0x1f0 [ 26.591228] krealloc_noprof+0xf3/0x340 [ 26.591402] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.591617] krealloc_less_oob+0x1c/0x30 [ 26.591876] kunit_try_run_case+0x1a5/0x480 [ 26.592072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.592302] kthread+0x337/0x6f0 [ 26.592440] ret_from_fork+0x116/0x1d0 [ 26.592635] ret_from_fork_asm+0x1a/0x30 [ 26.592770] [ 26.592907] The buggy address belongs to the object at ffff888104a4ca00 [ 26.592907] which belongs to the cache kmalloc-256 of size 256 [ 26.593393] The buggy address is located 33 bytes to the right of [ 26.593393] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.593796] [ 26.593862] The buggy address belongs to the physical page: [ 26.594114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.594555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.595001] flags: 0x200000000000040(head|node=0|zone=2) [ 26.595232] page_type: f5(slab) [ 26.595403] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.595707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.595935] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.596160] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.596386] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.596621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.596872] page dumped because: kasan: bad access detected [ 26.597118] [ 26.597204] Memory state around the buggy address: [ 26.597419] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.598309] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.598709] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.599273] ^ [ 26.599474] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.599696] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.600416] ================================================================== [ 26.701006] ================================================================== [ 26.701308] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.701635] Write of size 1 at addr ffff88810616e0d0 by task kunit_try_catch/210 [ 26.702474] [ 26.702615] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.702666] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.702679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.702700] Call Trace: [ 26.702719] <TASK> [ 26.702738] dump_stack_lvl+0x73/0xb0 [ 26.702981] print_report+0xd1/0x640 [ 26.703008] ? __virt_addr_valid+0x1db/0x2d0 [ 26.703032] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703056] ? kasan_addr_to_slab+0x11/0xa0 [ 26.703076] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703098] kasan_report+0x141/0x180 [ 26.703119] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703147] __asan_report_store1_noabort+0x1b/0x30 [ 26.703170] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703195] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.703218] ? finish_task_switch.isra.0+0x153/0x700 [ 26.703240] ? __switch_to+0x47/0xf80 [ 26.703273] ? __schedule+0x10da/0x2b60 [ 26.703297] ? __pfx_read_tsc+0x10/0x10 [ 26.703322] krealloc_large_less_oob+0x1c/0x30 [ 26.703343] kunit_try_run_case+0x1a5/0x480 [ 26.703368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.703413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.703438] ? __kthread_parkme+0x82/0x180 [ 26.703457] ? preempt_count_sub+0x50/0x80 [ 26.703478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.703524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.703546] kthread+0x337/0x6f0 [ 26.703565] ? trace_preempt_on+0x20/0xc0 [ 26.703601] ? __pfx_kthread+0x10/0x10 [ 26.703620] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.703643] ? calculate_sigpending+0x7b/0xa0 [ 26.703665] ? __pfx_kthread+0x10/0x10 [ 26.703686] ret_from_fork+0x116/0x1d0 [ 26.703705] ? __pfx_kthread+0x10/0x10 [ 26.703725] ret_from_fork_asm+0x1a/0x30 [ 26.703756] </TASK> [ 26.703766] [ 26.714649] The buggy address belongs to the physical page: [ 26.714945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.715264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.716199] flags: 0x200000000000040(head|node=0|zone=2) [ 26.716563] page_type: f8(unknown) [ 26.716990] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.717426] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.717923] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.718310] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.718739] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.719292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.719712] page dumped because: kasan: bad access detected [ 26.720247] [ 26.720325] Memory state around the buggy address: [ 26.720762] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.721292] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.721633] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.722244] ^ [ 26.722465] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.722924] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.723474] ================================================================== [ 26.492008] ================================================================== [ 26.493295] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.494429] Write of size 1 at addr ffff888104a4cac9 by task kunit_try_catch/206 [ 26.495341] [ 26.495446] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.495497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.495511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.495532] Call Trace: [ 26.495545] <TASK> [ 26.495564] dump_stack_lvl+0x73/0xb0 [ 26.495605] print_report+0xd1/0x640 [ 26.495626] ? __virt_addr_valid+0x1db/0x2d0 [ 26.495650] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.495696] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495719] kasan_report+0x141/0x180 [ 26.495740] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495774] __asan_report_store1_noabort+0x1b/0x30 [ 26.495797] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495822] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.495845] ? finish_task_switch.isra.0+0x153/0x700 [ 26.495866] ? __switch_to+0x47/0xf80 [ 26.495893] ? __schedule+0x10da/0x2b60 [ 26.495917] ? __pfx_read_tsc+0x10/0x10 [ 26.495941] krealloc_less_oob+0x1c/0x30 [ 26.495961] kunit_try_run_case+0x1a5/0x480 [ 26.495985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.496006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.496031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.496055] ? __kthread_parkme+0x82/0x180 [ 26.496074] ? preempt_count_sub+0x50/0x80 [ 26.496096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.496119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.496141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.496164] kthread+0x337/0x6f0 [ 26.496183] ? trace_preempt_on+0x20/0xc0 [ 26.496207] ? __pfx_kthread+0x10/0x10 [ 26.496226] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.496249] ? calculate_sigpending+0x7b/0xa0 [ 26.496271] ? __pfx_kthread+0x10/0x10 [ 26.496292] ret_from_fork+0x116/0x1d0 [ 26.496311] ? __pfx_kthread+0x10/0x10 [ 26.496331] ret_from_fork_asm+0x1a/0x30 [ 26.496361] </TASK> [ 26.496371] [ 26.509357] Allocated by task 206: [ 26.509707] kasan_save_stack+0x45/0x70 [ 26.510024] kasan_save_track+0x18/0x40 [ 26.510406] kasan_save_alloc_info+0x3b/0x50 [ 26.510786] __kasan_krealloc+0x190/0x1f0 [ 26.510939] krealloc_noprof+0xf3/0x340 [ 26.511130] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.511337] krealloc_less_oob+0x1c/0x30 [ 26.511519] kunit_try_run_case+0x1a5/0x480 [ 26.511721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.512109] kthread+0x337/0x6f0 [ 26.512299] ret_from_fork+0x116/0x1d0 [ 26.512427] ret_from_fork_asm+0x1a/0x30 [ 26.512565] [ 26.512664] The buggy address belongs to the object at ffff888104a4ca00 [ 26.512664] which belongs to the cache kmalloc-256 of size 256 [ 26.513701] The buggy address is located 0 bytes to the right of [ 26.513701] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.514493] [ 26.514629] The buggy address belongs to the physical page: [ 26.515065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.515566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.516151] flags: 0x200000000000040(head|node=0|zone=2) [ 26.516489] page_type: f5(slab) [ 26.516673] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.517337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.517736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.518281] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.518635] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.519173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.519616] page dumped because: kasan: bad access detected [ 26.520245] [ 26.520356] Memory state around the buggy address: [ 26.520555] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.520904] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.521630] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.522187] ^ [ 26.522513] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.523011] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.523461] ================================================================== [ 26.743312] ================================================================== [ 26.743647] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744079] Write of size 1 at addr ffff88810616e0ea by task kunit_try_catch/210 [ 26.744293] [ 26.744371] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.744417] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.744430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.744492] Call Trace: [ 26.744508] <TASK> [ 26.744523] dump_stack_lvl+0x73/0xb0 [ 26.744549] print_report+0xd1/0x640 [ 26.744571] ? __virt_addr_valid+0x1db/0x2d0 [ 26.744607] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744629] ? kasan_addr_to_slab+0x11/0xa0 [ 26.744649] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744672] kasan_report+0x141/0x180 [ 26.744693] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744720] __asan_report_store1_noabort+0x1b/0x30 [ 26.744744] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744768] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.744974] ? finish_task_switch.isra.0+0x153/0x700 [ 26.745020] ? __switch_to+0x47/0xf80 [ 26.745048] ? __schedule+0x10da/0x2b60 [ 26.745073] ? __pfx_read_tsc+0x10/0x10 [ 26.745097] krealloc_large_less_oob+0x1c/0x30 [ 26.745120] kunit_try_run_case+0x1a5/0x480 [ 26.745188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.745234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.745259] ? __kthread_parkme+0x82/0x180 [ 26.745278] ? preempt_count_sub+0x50/0x80 [ 26.745331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.745377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.745400] kthread+0x337/0x6f0 [ 26.745420] ? trace_preempt_on+0x20/0xc0 [ 26.745443] ? __pfx_kthread+0x10/0x10 [ 26.745494] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.745517] ? calculate_sigpending+0x7b/0xa0 [ 26.745540] ? __pfx_kthread+0x10/0x10 [ 26.745561] ret_from_fork+0x116/0x1d0 [ 26.745592] ? __pfx_kthread+0x10/0x10 [ 26.745612] ret_from_fork_asm+0x1a/0x30 [ 26.745675] </TASK> [ 26.745685] [ 26.754811] The buggy address belongs to the physical page: [ 26.755203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.755588] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.756036] flags: 0x200000000000040(head|node=0|zone=2) [ 26.756245] page_type: f8(unknown) [ 26.756379] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.756611] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.757083] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.757437] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.757777] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.758329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.758623] page dumped because: kasan: bad access detected [ 26.759077] [ 26.759182] Memory state around the buggy address: [ 26.759425] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.759740] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.760119] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.760312] ^ [ 26.760898] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.761234] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.761569] ================================================================== [ 26.762086] ================================================================== [ 26.762375] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.762628] Write of size 1 at addr ffff88810616e0eb by task kunit_try_catch/210 [ 26.762986] [ 26.763220] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.763276] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.763289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.763309] Call Trace: [ 26.763324] <TASK> [ 26.763340] dump_stack_lvl+0x73/0xb0 [ 26.763406] print_report+0xd1/0x640 [ 26.763429] ? __virt_addr_valid+0x1db/0x2d0 [ 26.763453] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763476] ? kasan_addr_to_slab+0x11/0xa0 [ 26.763497] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763553] kasan_report+0x141/0x180 [ 26.763587] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763614] __asan_report_store1_noabort+0x1b/0x30 [ 26.763638] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763694] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.763718] ? finish_task_switch.isra.0+0x153/0x700 [ 26.763738] ? __switch_to+0x47/0xf80 [ 26.763763] ? __schedule+0x10da/0x2b60 [ 26.763834] ? __pfx_read_tsc+0x10/0x10 [ 26.763896] krealloc_large_less_oob+0x1c/0x30 [ 26.763919] kunit_try_run_case+0x1a5/0x480 [ 26.763954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.763976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.764002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.764026] ? __kthread_parkme+0x82/0x180 [ 26.764075] ? preempt_count_sub+0x50/0x80 [ 26.764097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.764120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.764142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.764165] kthread+0x337/0x6f0 [ 26.764184] ? trace_preempt_on+0x20/0xc0 [ 26.764207] ? __pfx_kthread+0x10/0x10 [ 26.764227] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.764249] ? calculate_sigpending+0x7b/0xa0 [ 26.764272] ? __pfx_kthread+0x10/0x10 [ 26.764292] ret_from_fork+0x116/0x1d0 [ 26.764336] ? __pfx_kthread+0x10/0x10 [ 26.764356] ret_from_fork_asm+0x1a/0x30 [ 26.764387] </TASK> [ 26.764397] [ 26.772644] The buggy address belongs to the physical page: [ 26.773133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.773404] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.773725] flags: 0x200000000000040(head|node=0|zone=2) [ 26.774219] page_type: f8(unknown) [ 26.774368] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.774732] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.775123] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.775490] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.775851] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.776246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.776595] page dumped because: kasan: bad access detected [ 26.776964] [ 26.777072] Memory state around the buggy address: [ 26.777237] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.777437] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.777649] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.778229] ^ [ 26.778686] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.779112] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.779319] ================================================================== [ 26.524394] ================================================================== [ 26.524739] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.525479] Write of size 1 at addr ffff888104a4cad0 by task kunit_try_catch/206 [ 26.526103] [ 26.526224] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.526506] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.526520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.526540] Call Trace: [ 26.526557] <TASK> [ 26.526587] dump_stack_lvl+0x73/0xb0 [ 26.526618] print_report+0xd1/0x640 [ 26.526640] ? __virt_addr_valid+0x1db/0x2d0 [ 26.526664] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526686] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.526711] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526734] kasan_report+0x141/0x180 [ 26.526755] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526782] __asan_report_store1_noabort+0x1b/0x30 [ 26.526806] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526831] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.526853] ? finish_task_switch.isra.0+0x153/0x700 [ 26.526874] ? __switch_to+0x47/0xf80 [ 26.526899] ? __schedule+0x10da/0x2b60 [ 26.526970] ? __pfx_read_tsc+0x10/0x10 [ 26.526996] krealloc_less_oob+0x1c/0x30 [ 26.527016] kunit_try_run_case+0x1a5/0x480 [ 26.527040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.527062] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.527086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.527110] ? __kthread_parkme+0x82/0x180 [ 26.527129] ? preempt_count_sub+0x50/0x80 [ 26.527150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.527173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.527196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.527219] kthread+0x337/0x6f0 [ 26.527238] ? trace_preempt_on+0x20/0xc0 [ 26.527268] ? __pfx_kthread+0x10/0x10 [ 26.527289] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.527311] ? calculate_sigpending+0x7b/0xa0 [ 26.527334] ? __pfx_kthread+0x10/0x10 [ 26.527354] ret_from_fork+0x116/0x1d0 [ 26.527373] ? __pfx_kthread+0x10/0x10 [ 26.527392] ret_from_fork_asm+0x1a/0x30 [ 26.527423] </TASK> [ 26.527433] [ 26.538765] Allocated by task 206: [ 26.539157] kasan_save_stack+0x45/0x70 [ 26.539537] kasan_save_track+0x18/0x40 [ 26.539851] kasan_save_alloc_info+0x3b/0x50 [ 26.540224] __kasan_krealloc+0x190/0x1f0 [ 26.540415] krealloc_noprof+0xf3/0x340 [ 26.540613] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.541111] krealloc_less_oob+0x1c/0x30 [ 26.541302] kunit_try_run_case+0x1a5/0x480 [ 26.541696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.542066] kthread+0x337/0x6f0 [ 26.542339] ret_from_fork+0x116/0x1d0 [ 26.542694] ret_from_fork_asm+0x1a/0x30 [ 26.543082] [ 26.543280] The buggy address belongs to the object at ffff888104a4ca00 [ 26.543280] which belongs to the cache kmalloc-256 of size 256 [ 26.543984] The buggy address is located 7 bytes to the right of [ 26.543984] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.544518] [ 26.544626] The buggy address belongs to the physical page: [ 26.544870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.545561] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.546135] flags: 0x200000000000040(head|node=0|zone=2) [ 26.546638] page_type: f5(slab) [ 26.546970] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.547462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.547978] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.548319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.548662] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.549302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.549623] page dumped because: kasan: bad access detected [ 26.550012] [ 26.550110] Memory state around the buggy address: [ 26.550548] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.551072] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.551553] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.552266] ^ [ 26.552649] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.553219] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.553690] ==================================================================