Date
July 25, 2025, 3:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.255845] ================================================================== [ 32.255898] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.256043] Write of size 1 at addr fff00000c8754eeb by task kunit_try_catch/190 [ 32.256112] [ 32.256170] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.256298] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.256327] Hardware name: linux,dummy-virt (DT) [ 32.256357] Call trace: [ 32.256685] show_stack+0x20/0x38 (C) [ 32.256807] dump_stack_lvl+0x8c/0xd0 [ 32.256860] print_report+0x118/0x5e8 [ 32.256948] kasan_report+0xdc/0x128 [ 32.256993] __asan_report_store1_noabort+0x20/0x30 [ 32.257070] krealloc_less_oob_helper+0xa58/0xc50 [ 32.257167] krealloc_less_oob+0x20/0x38 [ 32.257214] kunit_try_run_case+0x170/0x3f0 [ 32.257260] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.257616] kthread+0x328/0x630 [ 32.257688] ret_from_fork+0x10/0x20 [ 32.257734] [ 32.257826] Allocated by task 190: [ 32.257886] kasan_save_stack+0x3c/0x68 [ 32.257932] kasan_save_track+0x20/0x40 [ 32.257967] kasan_save_alloc_info+0x40/0x58 [ 32.258011] __kasan_krealloc+0x118/0x178 [ 32.258205] krealloc_noprof+0x128/0x360 [ 32.258388] krealloc_less_oob_helper+0x168/0xc50 [ 32.258443] krealloc_less_oob+0x20/0x38 [ 32.258973] kunit_try_run_case+0x170/0x3f0 [ 32.259046] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.259460] kthread+0x328/0x630 [ 32.259533] ret_from_fork+0x10/0x20 [ 32.259570] [ 32.259614] The buggy address belongs to the object at fff00000c8754e00 [ 32.259614] which belongs to the cache kmalloc-256 of size 256 [ 32.259900] The buggy address is located 34 bytes to the right of [ 32.259900] allocated 201-byte region [fff00000c8754e00, fff00000c8754ec9) [ 32.260243] [ 32.260295] The buggy address belongs to the physical page: [ 32.260614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754 [ 32.260868] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.260967] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.261033] page_type: f5(slab) [ 32.261069] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.261126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.261172] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.261227] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.261274] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff [ 32.261320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.261358] page dumped because: kasan: bad access detected [ 32.261397] [ 32.261415] Memory state around the buggy address: [ 32.261454] fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.261498] fff00000c8754e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.261540] >fff00000c8754e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.261590] ^ [ 32.261628] fff00000c8754f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.261690] fff00000c8754f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.261726] ================================================================== [ 32.244783] ================================================================== [ 32.245169] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.245236] Write of size 1 at addr fff00000c8754eea by task kunit_try_catch/190 [ 32.245649] [ 32.245721] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.245811] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.245974] Hardware name: linux,dummy-virt (DT) [ 32.246108] Call trace: [ 32.246155] show_stack+0x20/0x38 (C) [ 32.246208] dump_stack_lvl+0x8c/0xd0 [ 32.246398] print_report+0x118/0x5e8 [ 32.246612] kasan_report+0xdc/0x128 [ 32.246683] __asan_report_store1_noabort+0x20/0x30 [ 32.246795] krealloc_less_oob_helper+0xae4/0xc50 [ 32.246849] krealloc_less_oob+0x20/0x38 [ 32.246895] kunit_try_run_case+0x170/0x3f0 [ 32.247002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.247102] kthread+0x328/0x630 [ 32.247302] ret_from_fork+0x10/0x20 [ 32.247361] [ 32.247380] Allocated by task 190: [ 32.247633] kasan_save_stack+0x3c/0x68 [ 32.247849] kasan_save_track+0x20/0x40 [ 32.247969] kasan_save_alloc_info+0x40/0x58 [ 32.248137] __kasan_krealloc+0x118/0x178 [ 32.248483] krealloc_noprof+0x128/0x360 [ 32.248560] krealloc_less_oob_helper+0x168/0xc50 [ 32.248702] krealloc_less_oob+0x20/0x38 [ 32.248845] kunit_try_run_case+0x170/0x3f0 [ 32.248976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.249137] kthread+0x328/0x630 [ 32.249205] ret_from_fork+0x10/0x20 [ 32.249371] [ 32.249435] The buggy address belongs to the object at fff00000c8754e00 [ 32.249435] which belongs to the cache kmalloc-256 of size 256 [ 32.249761] The buggy address is located 33 bytes to the right of [ 32.249761] allocated 201-byte region [fff00000c8754e00, fff00000c8754ec9) [ 32.249948] [ 32.250024] The buggy address belongs to the physical page: [ 32.250131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754 [ 32.250194] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.250406] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.250509] page_type: f5(slab) [ 32.250712] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.250867] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.250947] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.251002] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.251049] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff [ 32.251219] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.251271] page dumped because: kasan: bad access detected [ 32.251301] [ 32.251585] Memory state around the buggy address: [ 32.251809] fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.251905] fff00000c8754e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.251950] >fff00000c8754e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.252145] ^ [ 32.252291] fff00000c8754f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.252531] fff00000c8754f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.252600] ================================================================== [ 32.300865] ================================================================== [ 32.301019] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.301135] Write of size 1 at addr fff00000c9b260d0 by task kunit_try_catch/194 [ 32.301187] [ 32.301216] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.301381] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.301427] Hardware name: linux,dummy-virt (DT) [ 32.301457] Call trace: [ 32.301495] show_stack+0x20/0x38 (C) [ 32.301724] dump_stack_lvl+0x8c/0xd0 [ 32.301838] print_report+0x118/0x5e8 [ 32.302183] kasan_report+0xdc/0x128 [ 32.302455] __asan_report_store1_noabort+0x20/0x30 [ 32.302557] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.302673] krealloc_large_less_oob+0x20/0x38 [ 32.302727] kunit_try_run_case+0x170/0x3f0 [ 32.302772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.302861] kthread+0x328/0x630 [ 32.303115] ret_from_fork+0x10/0x20 [ 32.303186] [ 32.303349] The buggy address belongs to the physical page: [ 32.303407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 32.303459] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.303570] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.303735] page_type: f8(unknown) [ 32.303828] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.304255] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.304358] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.304438] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.304611] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 32.305006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.305234] page dumped because: kasan: bad access detected [ 32.305594] [ 32.305985] Memory state around the buggy address: [ 32.306042] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.306152] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.306226] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.306323] ^ [ 32.306389] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.306454] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.306545] ================================================================== [ 32.308119] ================================================================== [ 32.308186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.308239] Write of size 1 at addr fff00000c9b260da by task kunit_try_catch/194 [ 32.308375] [ 32.308446] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.308581] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.308611] Hardware name: linux,dummy-virt (DT) [ 32.308702] Call trace: [ 32.309027] show_stack+0x20/0x38 (C) [ 32.309105] dump_stack_lvl+0x8c/0xd0 [ 32.309310] print_report+0x118/0x5e8 [ 32.309508] kasan_report+0xdc/0x128 [ 32.309607] __asan_report_store1_noabort+0x20/0x30 [ 32.309712] krealloc_less_oob_helper+0xa80/0xc50 [ 32.309850] krealloc_large_less_oob+0x20/0x38 [ 32.309905] kunit_try_run_case+0x170/0x3f0 [ 32.309958] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.310266] kthread+0x328/0x630 [ 32.310403] ret_from_fork+0x10/0x20 [ 32.310497] [ 32.310696] The buggy address belongs to the physical page: [ 32.310759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 32.311095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.311171] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.311284] page_type: f8(unknown) [ 32.311394] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.311524] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.311630] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.311751] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.311800] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 32.311873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.312098] page dumped because: kasan: bad access detected [ 32.312273] [ 32.312626] Memory state around the buggy address: [ 32.312725] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.313072] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.313130] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.313184] ^ [ 32.313484] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.314357] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.314431] ================================================================== [ 32.218940] ================================================================== [ 32.219000] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.219056] Write of size 1 at addr fff00000c8754ec9 by task kunit_try_catch/190 [ 32.219104] [ 32.219136] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.219231] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.219261] Hardware name: linux,dummy-virt (DT) [ 32.219301] Call trace: [ 32.219323] show_stack+0x20/0x38 (C) [ 32.219371] dump_stack_lvl+0x8c/0xd0 [ 32.219416] print_report+0x118/0x5e8 [ 32.219459] kasan_report+0xdc/0x128 [ 32.219506] __asan_report_store1_noabort+0x20/0x30 [ 32.219562] krealloc_less_oob_helper+0xa48/0xc50 [ 32.219616] krealloc_less_oob+0x20/0x38 [ 32.220487] kunit_try_run_case+0x170/0x3f0 [ 32.220626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.220774] kthread+0x328/0x630 [ 32.220831] ret_from_fork+0x10/0x20 [ 32.221140] [ 32.221202] Allocated by task 190: [ 32.221306] kasan_save_stack+0x3c/0x68 [ 32.221490] kasan_save_track+0x20/0x40 [ 32.221675] kasan_save_alloc_info+0x40/0x58 [ 32.221774] __kasan_krealloc+0x118/0x178 [ 32.222235] krealloc_noprof+0x128/0x360 [ 32.222349] krealloc_less_oob_helper+0x168/0xc50 [ 32.222417] krealloc_less_oob+0x20/0x38 [ 32.222590] kunit_try_run_case+0x170/0x3f0 [ 32.222793] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.223159] kthread+0x328/0x630 [ 32.223302] ret_from_fork+0x10/0x20 [ 32.223411] [ 32.223514] The buggy address belongs to the object at fff00000c8754e00 [ 32.223514] which belongs to the cache kmalloc-256 of size 256 [ 32.223676] The buggy address is located 0 bytes to the right of [ 32.223676] allocated 201-byte region [fff00000c8754e00, fff00000c8754ec9) [ 32.223821] [ 32.223909] The buggy address belongs to the physical page: [ 32.223943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754 [ 32.223999] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.224044] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.224401] page_type: f5(slab) [ 32.224568] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.224762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.224968] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.225048] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.225100] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff [ 32.225494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.225625] page dumped because: kasan: bad access detected [ 32.225724] [ 32.225869] Memory state around the buggy address: [ 32.225977] fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.226046] fff00000c8754e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.226298] >fff00000c8754e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.226469] ^ [ 32.226535] fff00000c8754f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.226730] fff00000c8754f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.226979] ================================================================== [ 32.293375] ================================================================== [ 32.293564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.293657] Write of size 1 at addr fff00000c9b260c9 by task kunit_try_catch/194 [ 32.293820] [ 32.293859] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.293945] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.294247] Hardware name: linux,dummy-virt (DT) [ 32.294423] Call trace: [ 32.294602] show_stack+0x20/0x38 (C) [ 32.294763] dump_stack_lvl+0x8c/0xd0 [ 32.294816] print_report+0x118/0x5e8 [ 32.294860] kasan_report+0xdc/0x128 [ 32.295218] __asan_report_store1_noabort+0x20/0x30 [ 32.295351] krealloc_less_oob_helper+0xa48/0xc50 [ 32.295574] krealloc_large_less_oob+0x20/0x38 [ 32.295651] kunit_try_run_case+0x170/0x3f0 [ 32.295874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.295987] kthread+0x328/0x630 [ 32.296102] ret_from_fork+0x10/0x20 [ 32.296205] [ 32.296226] The buggy address belongs to the physical page: [ 32.296538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 32.296621] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.296766] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.296873] page_type: f8(unknown) [ 32.297162] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.297316] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.297441] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.297506] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.297725] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 32.297983] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.298204] page dumped because: kasan: bad access detected [ 32.298417] [ 32.298462] Memory state around the buggy address: [ 32.298654] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.298724] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.299189] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.299360] ^ [ 32.299446] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.299490] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.299923] ================================================================== [ 32.228611] ================================================================== [ 32.228725] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.228777] Write of size 1 at addr fff00000c8754ed0 by task kunit_try_catch/190 [ 32.229065] [ 32.229112] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.229342] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.229439] Hardware name: linux,dummy-virt (DT) [ 32.229555] Call trace: [ 32.229603] show_stack+0x20/0x38 (C) [ 32.229667] dump_stack_lvl+0x8c/0xd0 [ 32.229945] print_report+0x118/0x5e8 [ 32.230014] kasan_report+0xdc/0x128 [ 32.230061] __asan_report_store1_noabort+0x20/0x30 [ 32.230222] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.230306] krealloc_less_oob+0x20/0x38 [ 32.230354] kunit_try_run_case+0x170/0x3f0 [ 32.230475] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.230527] kthread+0x328/0x630 [ 32.230921] ret_from_fork+0x10/0x20 [ 32.231011] [ 32.231174] Allocated by task 190: [ 32.231210] kasan_save_stack+0x3c/0x68 [ 32.231393] kasan_save_track+0x20/0x40 [ 32.231469] kasan_save_alloc_info+0x40/0x58 [ 32.231608] __kasan_krealloc+0x118/0x178 [ 32.231718] krealloc_noprof+0x128/0x360 [ 32.231867] krealloc_less_oob_helper+0x168/0xc50 [ 32.232101] krealloc_less_oob+0x20/0x38 [ 32.232165] kunit_try_run_case+0x170/0x3f0 [ 32.232235] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.232468] kthread+0x328/0x630 [ 32.232806] ret_from_fork+0x10/0x20 [ 32.232897] [ 32.232972] The buggy address belongs to the object at fff00000c8754e00 [ 32.232972] which belongs to the cache kmalloc-256 of size 256 [ 32.233086] The buggy address is located 7 bytes to the right of [ 32.233086] allocated 201-byte region [fff00000c8754e00, fff00000c8754ec9) [ 32.233448] [ 32.233579] The buggy address belongs to the physical page: [ 32.233728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754 [ 32.233814] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.234022] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.234098] page_type: f5(slab) [ 32.234368] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.234667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.235158] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.235516] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.235572] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff [ 32.235619] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.235668] page dumped because: kasan: bad access detected [ 32.235698] [ 32.235716] Memory state around the buggy address: [ 32.235748] fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.235791] fff00000c8754e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.235833] >fff00000c8754e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.236088] ^ [ 32.236939] fff00000c8754f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.237131] fff00000c8754f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.237314] ================================================================== [ 32.238732] ================================================================== [ 32.238827] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.238938] Write of size 1 at addr fff00000c8754eda by task kunit_try_catch/190 [ 32.239033] [ 32.239130] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.239326] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.239356] Hardware name: linux,dummy-virt (DT) [ 32.239387] Call trace: [ 32.239408] show_stack+0x20/0x38 (C) [ 32.239456] dump_stack_lvl+0x8c/0xd0 [ 32.239502] print_report+0x118/0x5e8 [ 32.239545] kasan_report+0xdc/0x128 [ 32.239896] __asan_report_store1_noabort+0x20/0x30 [ 32.239968] krealloc_less_oob_helper+0xa80/0xc50 [ 32.240018] krealloc_less_oob+0x20/0x38 [ 32.240091] kunit_try_run_case+0x170/0x3f0 [ 32.240160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.240221] kthread+0x328/0x630 [ 32.240273] ret_from_fork+0x10/0x20 [ 32.240333] [ 32.240359] Allocated by task 190: [ 32.240395] kasan_save_stack+0x3c/0x68 [ 32.240433] kasan_save_track+0x20/0x40 [ 32.240483] kasan_save_alloc_info+0x40/0x58 [ 32.240519] __kasan_krealloc+0x118/0x178 [ 32.240553] krealloc_noprof+0x128/0x360 [ 32.240591] krealloc_less_oob_helper+0x168/0xc50 [ 32.240630] krealloc_less_oob+0x20/0x38 [ 32.240679] kunit_try_run_case+0x170/0x3f0 [ 32.240721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.240768] kthread+0x328/0x630 [ 32.240799] ret_from_fork+0x10/0x20 [ 32.240833] [ 32.240852] The buggy address belongs to the object at fff00000c8754e00 [ 32.240852] which belongs to the cache kmalloc-256 of size 256 [ 32.240906] The buggy address is located 17 bytes to the right of [ 32.240906] allocated 201-byte region [fff00000c8754e00, fff00000c8754ec9) [ 32.240968] [ 32.240987] The buggy address belongs to the physical page: [ 32.241019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754 [ 32.241088] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.241133] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.241183] page_type: f5(slab) [ 32.241231] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.241287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.241334] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002 [ 32.241380] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.241426] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff [ 32.241471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.241509] page dumped because: kasan: bad access detected [ 32.241537] [ 32.241554] Memory state around the buggy address: [ 32.241585] fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.241626] fff00000c8754e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.242426] >fff00000c8754e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.242538] ^ [ 32.242968] fff00000c8754f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.243408] fff00000c8754f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.243454] ================================================================== [ 32.315908] ================================================================== [ 32.316032] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.316086] Write of size 1 at addr fff00000c9b260ea by task kunit_try_catch/194 [ 32.316171] [ 32.316277] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.316398] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.316478] Hardware name: linux,dummy-virt (DT) [ 32.316516] Call trace: [ 32.316537] show_stack+0x20/0x38 (C) [ 32.316584] dump_stack_lvl+0x8c/0xd0 [ 32.316669] print_report+0x118/0x5e8 [ 32.316727] kasan_report+0xdc/0x128 [ 32.316777] __asan_report_store1_noabort+0x20/0x30 [ 32.316834] krealloc_less_oob_helper+0xae4/0xc50 [ 32.316882] krealloc_large_less_oob+0x20/0x38 [ 32.316938] kunit_try_run_case+0x170/0x3f0 [ 32.316983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.317032] kthread+0x328/0x630 [ 32.317073] ret_from_fork+0x10/0x20 [ 32.317117] [ 32.317137] The buggy address belongs to the physical page: [ 32.317168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 32.317217] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.317260] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.317309] page_type: f8(unknown) [ 32.317345] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.317401] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.317449] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.317494] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.317540] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 32.317586] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.317625] page dumped because: kasan: bad access detected [ 32.317979] [ 32.318311] Memory state around the buggy address: [ 32.318695] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.318776] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.318820] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.318856] ^ [ 32.319347] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.319594] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.319727] ================================================================== [ 32.320426] ================================================================== [ 32.320483] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.320678] Write of size 1 at addr fff00000c9b260eb by task kunit_try_catch/194 [ 32.320741] [ 32.320811] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.321232] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.321424] Hardware name: linux,dummy-virt (DT) [ 32.321477] Call trace: [ 32.321516] show_stack+0x20/0x38 (C) [ 32.321574] dump_stack_lvl+0x8c/0xd0 [ 32.321620] print_report+0x118/0x5e8 [ 32.322081] kasan_report+0xdc/0x128 [ 32.322161] __asan_report_store1_noabort+0x20/0x30 [ 32.322437] krealloc_less_oob_helper+0xa58/0xc50 [ 32.322717] krealloc_large_less_oob+0x20/0x38 [ 32.322791] kunit_try_run_case+0x170/0x3f0 [ 32.322967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.323090] kthread+0x328/0x630 [ 32.323285] ret_from_fork+0x10/0x20 [ 32.323496] [ 32.323551] The buggy address belongs to the physical page: [ 32.323914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24 [ 32.324135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.324349] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.324526] page_type: f8(unknown) [ 32.324673] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.324884] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.325016] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.325169] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.325295] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff [ 32.325491] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.325697] page dumped because: kasan: bad access detected [ 32.325737] [ 32.325755] Memory state around the buggy address: [ 32.326096] fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.326318] fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.326392] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.326666] ^ [ 32.326815] fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.327121] fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.327240] ==================================================================
[ 25.640255] ================================================================== [ 25.640849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.641135] Write of size 1 at addr ffff88810612e0eb by task kunit_try_catch/211 [ 25.641931] [ 25.642111] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.642156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.642168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.642188] Call Trace: [ 25.642203] <TASK> [ 25.642218] dump_stack_lvl+0x73/0xb0 [ 25.642245] print_report+0xd1/0x640 [ 25.642267] ? __virt_addr_valid+0x1db/0x2d0 [ 25.642291] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642315] ? kasan_addr_to_slab+0x11/0xa0 [ 25.642336] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642360] kasan_report+0x141/0x180 [ 25.642383] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642412] __asan_report_store1_noabort+0x1b/0x30 [ 25.642437] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642463] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.642488] ? finish_task_switch.isra.0+0x153/0x700 [ 25.642510] ? __switch_to+0x47/0xf80 [ 25.642536] ? __schedule+0x10da/0x2b60 [ 25.642558] ? __pfx_read_tsc+0x10/0x10 [ 25.642582] krealloc_large_less_oob+0x1c/0x30 [ 25.642605] kunit_try_run_case+0x1a5/0x480 [ 25.642664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.642726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.642766] ? __kthread_parkme+0x82/0x180 [ 25.642786] ? preempt_count_sub+0x50/0x80 [ 25.642809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.642857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.642882] kthread+0x337/0x6f0 [ 25.642902] ? trace_preempt_on+0x20/0xc0 [ 25.642926] ? __pfx_kthread+0x10/0x10 [ 25.642957] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.642981] ? calculate_sigpending+0x7b/0xa0 [ 25.643017] ? __pfx_kthread+0x10/0x10 [ 25.643039] ret_from_fork+0x116/0x1d0 [ 25.643059] ? __pfx_kthread+0x10/0x10 [ 25.643079] ret_from_fork_asm+0x1a/0x30 [ 25.643112] </TASK> [ 25.643122] [ 25.657443] The buggy address belongs to the physical page: [ 25.657873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.658623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.659000] flags: 0x200000000000040(head|node=0|zone=2) [ 25.659517] page_type: f8(unknown) [ 25.660013] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.660551] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.660790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.661395] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.662220] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.663034] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.663913] page dumped because: kasan: bad access detected [ 25.664500] [ 25.664653] Memory state around the buggy address: [ 25.665024] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.665296] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.666299] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.667179] ^ [ 25.667407] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.668093] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.668480] ================================================================== [ 25.353471] ================================================================== [ 25.353779] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.354528] Write of size 1 at addr ffff8881049ae0d0 by task kunit_try_catch/207 [ 25.355326] [ 25.355434] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.355481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355512] Call Trace: [ 25.355523] <TASK> [ 25.355538] dump_stack_lvl+0x73/0xb0 [ 25.355565] print_report+0xd1/0x640 [ 25.355588] ? __virt_addr_valid+0x1db/0x2d0 [ 25.355612] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.355662] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355686] kasan_report+0x141/0x180 [ 25.355709] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355738] __asan_report_store1_noabort+0x1b/0x30 [ 25.355763] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.356071] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.356104] ? finish_task_switch.isra.0+0x153/0x700 [ 25.356127] ? __switch_to+0x47/0xf80 [ 25.356153] ? __schedule+0x10da/0x2b60 [ 25.356175] ? __pfx_read_tsc+0x10/0x10 [ 25.356201] krealloc_less_oob+0x1c/0x30 [ 25.356223] kunit_try_run_case+0x1a5/0x480 [ 25.356248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356320] ? __kthread_parkme+0x82/0x180 [ 25.356340] ? preempt_count_sub+0x50/0x80 [ 25.356363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356412] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356436] kthread+0x337/0x6f0 [ 25.356456] ? trace_preempt_on+0x20/0xc0 [ 25.356479] ? __pfx_kthread+0x10/0x10 [ 25.356500] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356525] ? calculate_sigpending+0x7b/0xa0 [ 25.356549] ? __pfx_kthread+0x10/0x10 [ 25.356571] ret_from_fork+0x116/0x1d0 [ 25.356591] ? __pfx_kthread+0x10/0x10 [ 25.356612] ret_from_fork_asm+0x1a/0x30 [ 25.356644] </TASK> [ 25.356654] [ 25.367780] Allocated by task 207: [ 25.368014] kasan_save_stack+0x45/0x70 [ 25.368328] kasan_save_track+0x18/0x40 [ 25.368496] kasan_save_alloc_info+0x3b/0x50 [ 25.368681] __kasan_krealloc+0x190/0x1f0 [ 25.369217] krealloc_noprof+0xf3/0x340 [ 25.369399] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.369700] krealloc_less_oob+0x1c/0x30 [ 25.370174] kunit_try_run_case+0x1a5/0x480 [ 25.370354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.370726] kthread+0x337/0x6f0 [ 25.370936] ret_from_fork+0x116/0x1d0 [ 25.371320] ret_from_fork_asm+0x1a/0x30 [ 25.371478] [ 25.371571] The buggy address belongs to the object at ffff8881049ae000 [ 25.371571] which belongs to the cache kmalloc-256 of size 256 [ 25.372362] The buggy address is located 7 bytes to the right of [ 25.372362] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.373019] [ 25.373155] The buggy address belongs to the physical page: [ 25.373382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.373736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.374385] flags: 0x200000000000040(head|node=0|zone=2) [ 25.374613] page_type: f5(slab) [ 25.375144] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.375483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.375994] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.376479] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.376775] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.377441] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.377738] page dumped because: kasan: bad access detected [ 25.378168] [ 25.378271] Memory state around the buggy address: [ 25.378442] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.378763] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.379385] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.379755] ^ [ 25.380204] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.380476] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.380790] ================================================================== [ 25.325331] ================================================================== [ 25.326168] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.326520] Write of size 1 at addr ffff8881049ae0c9 by task kunit_try_catch/207 [ 25.326966] [ 25.327056] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.327104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.327116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.327248] Call Trace: [ 25.327264] <TASK> [ 25.327280] dump_stack_lvl+0x73/0xb0 [ 25.327309] print_report+0xd1/0x640 [ 25.327332] ? __virt_addr_valid+0x1db/0x2d0 [ 25.327357] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327381] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.327407] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327432] kasan_report+0x141/0x180 [ 25.327454] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327484] __asan_report_store1_noabort+0x1b/0x30 [ 25.327509] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327536] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.327561] ? finish_task_switch.isra.0+0x153/0x700 [ 25.327582] ? __switch_to+0x47/0xf80 [ 25.327609] ? __schedule+0x10da/0x2b60 [ 25.327631] ? __pfx_read_tsc+0x10/0x10 [ 25.327656] krealloc_less_oob+0x1c/0x30 [ 25.327678] kunit_try_run_case+0x1a5/0x480 [ 25.327702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.327747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.327773] ? __kthread_parkme+0x82/0x180 [ 25.327793] ? preempt_count_sub+0x50/0x80 [ 25.327817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.327865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.327889] kthread+0x337/0x6f0 [ 25.327909] ? trace_preempt_on+0x20/0xc0 [ 25.327932] ? __pfx_kthread+0x10/0x10 [ 25.327965] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.327989] ? calculate_sigpending+0x7b/0xa0 [ 25.328013] ? __pfx_kthread+0x10/0x10 [ 25.328035] ret_from_fork+0x116/0x1d0 [ 25.328258] ? __pfx_kthread+0x10/0x10 [ 25.328288] ret_from_fork_asm+0x1a/0x30 [ 25.328321] </TASK> [ 25.328332] [ 25.339025] Allocated by task 207: [ 25.339390] kasan_save_stack+0x45/0x70 [ 25.339592] kasan_save_track+0x18/0x40 [ 25.339765] kasan_save_alloc_info+0x3b/0x50 [ 25.340189] __kasan_krealloc+0x190/0x1f0 [ 25.340399] krealloc_noprof+0xf3/0x340 [ 25.340569] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.340790] krealloc_less_oob+0x1c/0x30 [ 25.341044] kunit_try_run_case+0x1a5/0x480 [ 25.341250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.341781] kthread+0x337/0x6f0 [ 25.342234] ret_from_fork+0x116/0x1d0 [ 25.342386] ret_from_fork_asm+0x1a/0x30 [ 25.342585] [ 25.342678] The buggy address belongs to the object at ffff8881049ae000 [ 25.342678] which belongs to the cache kmalloc-256 of size 256 [ 25.343517] The buggy address is located 0 bytes to the right of [ 25.343517] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.344157] [ 25.344264] The buggy address belongs to the physical page: [ 25.344486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.345156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.345467] flags: 0x200000000000040(head|node=0|zone=2) [ 25.345714] page_type: f5(slab) [ 25.346017] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.346538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.347092] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.347540] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.347998] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.348558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.348871] page dumped because: kasan: bad access detected [ 25.349273] [ 25.349378] Memory state around the buggy address: [ 25.349577] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.350254] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.350644] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.351070] ^ [ 25.351377] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.351760] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.352408] ================================================================== [ 25.409204] ================================================================== [ 25.409507] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.410157] Write of size 1 at addr ffff8881049ae0ea by task kunit_try_catch/207 [ 25.410707] [ 25.410888] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.410936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.410958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.410978] Call Trace: [ 25.410993] <TASK> [ 25.411008] dump_stack_lvl+0x73/0xb0 [ 25.411035] print_report+0xd1/0x640 [ 25.411218] ? __virt_addr_valid+0x1db/0x2d0 [ 25.411251] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.411303] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411327] kasan_report+0x141/0x180 [ 25.411350] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411379] __asan_report_store1_noabort+0x1b/0x30 [ 25.411404] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411431] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.411456] ? finish_task_switch.isra.0+0x153/0x700 [ 25.411477] ? __switch_to+0x47/0xf80 [ 25.411503] ? __schedule+0x10da/0x2b60 [ 25.411525] ? __pfx_read_tsc+0x10/0x10 [ 25.411550] krealloc_less_oob+0x1c/0x30 [ 25.411572] kunit_try_run_case+0x1a5/0x480 [ 25.411596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.411619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.411641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.411667] ? __kthread_parkme+0x82/0x180 [ 25.411687] ? preempt_count_sub+0x50/0x80 [ 25.411710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.411735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.411759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.411825] kthread+0x337/0x6f0 [ 25.411849] ? trace_preempt_on+0x20/0xc0 [ 25.411872] ? __pfx_kthread+0x10/0x10 [ 25.411893] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.411917] ? calculate_sigpending+0x7b/0xa0 [ 25.411953] ? __pfx_kthread+0x10/0x10 [ 25.411975] ret_from_fork+0x116/0x1d0 [ 25.411994] ? __pfx_kthread+0x10/0x10 [ 25.412015] ret_from_fork_asm+0x1a/0x30 [ 25.412047] </TASK> [ 25.412069] [ 25.422459] Allocated by task 207: [ 25.422640] kasan_save_stack+0x45/0x70 [ 25.422970] kasan_save_track+0x18/0x40 [ 25.423319] kasan_save_alloc_info+0x3b/0x50 [ 25.423490] __kasan_krealloc+0x190/0x1f0 [ 25.423690] krealloc_noprof+0xf3/0x340 [ 25.423859] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.424388] krealloc_less_oob+0x1c/0x30 [ 25.424649] kunit_try_run_case+0x1a5/0x480 [ 25.425008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.425305] kthread+0x337/0x6f0 [ 25.425553] ret_from_fork+0x116/0x1d0 [ 25.425736] ret_from_fork_asm+0x1a/0x30 [ 25.426260] [ 25.426353] The buggy address belongs to the object at ffff8881049ae000 [ 25.426353] which belongs to the cache kmalloc-256 of size 256 [ 25.427024] The buggy address is located 33 bytes to the right of [ 25.427024] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.427708] [ 25.427796] The buggy address belongs to the physical page: [ 25.428370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.428715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.429308] flags: 0x200000000000040(head|node=0|zone=2) [ 25.429559] page_type: f5(slab) [ 25.429713] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.430305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.430704] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.431383] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.431685] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.432401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.432861] page dumped because: kasan: bad access detected [ 25.433214] [ 25.433309] Memory state around the buggy address: [ 25.433500] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.434083] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.434351] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.434659] ^ [ 25.434931] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.435497] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.435963] ================================================================== [ 25.578529] ================================================================== [ 25.578755] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.580125] Write of size 1 at addr ffff88810612e0da by task kunit_try_catch/211 [ 25.581261] [ 25.581622] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.581672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.581684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.581823] Call Trace: [ 25.581840] <TASK> [ 25.581855] dump_stack_lvl+0x73/0xb0 [ 25.581958] print_report+0xd1/0x640 [ 25.581987] ? __virt_addr_valid+0x1db/0x2d0 [ 25.582011] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582035] ? kasan_addr_to_slab+0x11/0xa0 [ 25.582056] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582080] kasan_report+0x141/0x180 [ 25.582103] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582147] __asan_report_store1_noabort+0x1b/0x30 [ 25.582172] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582198] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.582235] ? finish_task_switch.isra.0+0x153/0x700 [ 25.582257] ? __switch_to+0x47/0xf80 [ 25.582295] ? __schedule+0x10da/0x2b60 [ 25.582317] ? __pfx_read_tsc+0x10/0x10 [ 25.582342] krealloc_large_less_oob+0x1c/0x30 [ 25.582376] kunit_try_run_case+0x1a5/0x480 [ 25.582401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.582424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.582457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.582484] ? __kthread_parkme+0x82/0x180 [ 25.582504] ? preempt_count_sub+0x50/0x80 [ 25.582538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.582563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.582586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.582622] kthread+0x337/0x6f0 [ 25.582643] ? trace_preempt_on+0x20/0xc0 [ 25.582666] ? __pfx_kthread+0x10/0x10 [ 25.582699] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.582723] ? calculate_sigpending+0x7b/0xa0 [ 25.582747] ? __pfx_kthread+0x10/0x10 [ 25.582824] ret_from_fork+0x116/0x1d0 [ 25.582855] ? __pfx_kthread+0x10/0x10 [ 25.582876] ret_from_fork_asm+0x1a/0x30 [ 25.582908] </TASK> [ 25.582918] [ 25.598507] The buggy address belongs to the physical page: [ 25.599446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.600453] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.601366] flags: 0x200000000000040(head|node=0|zone=2) [ 25.602033] page_type: f8(unknown) [ 25.602199] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.603179] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.603453] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.603691] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.604534] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.605438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.606419] page dumped because: kasan: bad access detected [ 25.607161] [ 25.607395] Memory state around the buggy address: [ 25.607565] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.607791] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.608201] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.608903] ^ [ 25.609572] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.610347] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.611167] ================================================================== [ 25.611879] ================================================================== [ 25.612441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.612690] Write of size 1 at addr ffff88810612e0ea by task kunit_try_catch/211 [ 25.613185] [ 25.613450] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.613497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.613509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.613529] Call Trace: [ 25.613546] <TASK> [ 25.613563] dump_stack_lvl+0x73/0xb0 [ 25.613592] print_report+0xd1/0x640 [ 25.613615] ? __virt_addr_valid+0x1db/0x2d0 [ 25.613640] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613664] ? kasan_addr_to_slab+0x11/0xa0 [ 25.613685] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613710] kasan_report+0x141/0x180 [ 25.613732] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613761] __asan_report_store1_noabort+0x1b/0x30 [ 25.613786] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613812] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.613838] ? finish_task_switch.isra.0+0x153/0x700 [ 25.613862] ? __switch_to+0x47/0xf80 [ 25.613889] ? __schedule+0x10da/0x2b60 [ 25.613910] ? __pfx_read_tsc+0x10/0x10 [ 25.613936] krealloc_large_less_oob+0x1c/0x30 [ 25.614011] kunit_try_run_case+0x1a5/0x480 [ 25.614040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.614070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.614105] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.614132] ? __kthread_parkme+0x82/0x180 [ 25.614153] ? preempt_count_sub+0x50/0x80 [ 25.614177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.614201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.614225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.614250] kthread+0x337/0x6f0 [ 25.614271] ? trace_preempt_on+0x20/0xc0 [ 25.614296] ? __pfx_kthread+0x10/0x10 [ 25.614318] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.614343] ? calculate_sigpending+0x7b/0xa0 [ 25.614367] ? __pfx_kthread+0x10/0x10 [ 25.614389] ret_from_fork+0x116/0x1d0 [ 25.614409] ? __pfx_kthread+0x10/0x10 [ 25.614430] ret_from_fork_asm+0x1a/0x30 [ 25.614462] </TASK> [ 25.614473] [ 25.629279] The buggy address belongs to the physical page: [ 25.629971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.630623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.630881] flags: 0x200000000000040(head|node=0|zone=2) [ 25.631374] page_type: f8(unknown) [ 25.631718] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.632307] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.632588] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.632827] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.633664] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.634598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.635433] page dumped because: kasan: bad access detected [ 25.635875] [ 25.635965] Memory state around the buggy address: [ 25.636476] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.637278] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.637675] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.637896] ^ [ 25.638211] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.638858] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.639448] ================================================================== [ 25.381727] ================================================================== [ 25.382137] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.382959] Write of size 1 at addr ffff8881049ae0da by task kunit_try_catch/207 [ 25.383445] [ 25.383607] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.383657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.383669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.383689] Call Trace: [ 25.383704] <TASK> [ 25.383719] dump_stack_lvl+0x73/0xb0 [ 25.383866] print_report+0xd1/0x640 [ 25.383892] ? __virt_addr_valid+0x1db/0x2d0 [ 25.383916] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.383940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.383980] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384005] kasan_report+0x141/0x180 [ 25.384028] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384057] __asan_report_store1_noabort+0x1b/0x30 [ 25.384082] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384109] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.384133] ? finish_task_switch.isra.0+0x153/0x700 [ 25.384155] ? __switch_to+0x47/0xf80 [ 25.384180] ? __schedule+0x10da/0x2b60 [ 25.384201] ? __pfx_read_tsc+0x10/0x10 [ 25.384227] krealloc_less_oob+0x1c/0x30 [ 25.384248] kunit_try_run_case+0x1a5/0x480 [ 25.384274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.384319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.384346] ? __kthread_parkme+0x82/0x180 [ 25.384366] ? preempt_count_sub+0x50/0x80 [ 25.384389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.384438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.384462] kthread+0x337/0x6f0 [ 25.384482] ? trace_preempt_on+0x20/0xc0 [ 25.384505] ? __pfx_kthread+0x10/0x10 [ 25.384526] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.384550] ? calculate_sigpending+0x7b/0xa0 [ 25.384574] ? __pfx_kthread+0x10/0x10 [ 25.384596] ret_from_fork+0x116/0x1d0 [ 25.384615] ? __pfx_kthread+0x10/0x10 [ 25.384636] ret_from_fork_asm+0x1a/0x30 [ 25.384668] </TASK> [ 25.384680] [ 25.395256] Allocated by task 207: [ 25.395402] kasan_save_stack+0x45/0x70 [ 25.395704] kasan_save_track+0x18/0x40 [ 25.395910] kasan_save_alloc_info+0x3b/0x50 [ 25.396388] __kasan_krealloc+0x190/0x1f0 [ 25.396554] krealloc_noprof+0xf3/0x340 [ 25.396954] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.397437] krealloc_less_oob+0x1c/0x30 [ 25.397648] kunit_try_run_case+0x1a5/0x480 [ 25.398042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.398321] kthread+0x337/0x6f0 [ 25.398475] ret_from_fork+0x116/0x1d0 [ 25.398648] ret_from_fork_asm+0x1a/0x30 [ 25.398834] [ 25.399293] The buggy address belongs to the object at ffff8881049ae000 [ 25.399293] which belongs to the cache kmalloc-256 of size 256 [ 25.399783] The buggy address is located 17 bytes to the right of [ 25.399783] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.400641] [ 25.400739] The buggy address belongs to the physical page: [ 25.401025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.401372] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.401693] flags: 0x200000000000040(head|node=0|zone=2) [ 25.402325] page_type: f5(slab) [ 25.402463] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.403058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.403508] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.403975] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.404438] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.404749] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.405321] page dumped because: kasan: bad access detected [ 25.405523] [ 25.405686] Memory state around the buggy address: [ 25.406125] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.406432] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.406735] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.407036] ^ [ 25.407543] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.407859] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.408439] ================================================================== [ 25.437389] ================================================================== [ 25.437709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.438183] Write of size 1 at addr ffff8881049ae0eb by task kunit_try_catch/207 [ 25.438751] [ 25.439006] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.439113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.439126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.439146] Call Trace: [ 25.439162] <TASK> [ 25.439178] dump_stack_lvl+0x73/0xb0 [ 25.439206] print_report+0xd1/0x640 [ 25.439230] ? __virt_addr_valid+0x1db/0x2d0 [ 25.439253] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.439303] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439327] kasan_report+0x141/0x180 [ 25.439350] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439378] __asan_report_store1_noabort+0x1b/0x30 [ 25.439403] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439430] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.439455] ? finish_task_switch.isra.0+0x153/0x700 [ 25.439477] ? __switch_to+0x47/0xf80 [ 25.439503] ? __schedule+0x10da/0x2b60 [ 25.439524] ? __pfx_read_tsc+0x10/0x10 [ 25.439549] krealloc_less_oob+0x1c/0x30 [ 25.439571] kunit_try_run_case+0x1a5/0x480 [ 25.439596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.439619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.439641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.439667] ? __kthread_parkme+0x82/0x180 [ 25.439687] ? preempt_count_sub+0x50/0x80 [ 25.439710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.439735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.439759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.439784] kthread+0x337/0x6f0 [ 25.439804] ? trace_preempt_on+0x20/0xc0 [ 25.439827] ? __pfx_kthread+0x10/0x10 [ 25.439848] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.439872] ? calculate_sigpending+0x7b/0xa0 [ 25.439896] ? __pfx_kthread+0x10/0x10 [ 25.439918] ret_from_fork+0x116/0x1d0 [ 25.439938] ? __pfx_kthread+0x10/0x10 [ 25.439969] ret_from_fork_asm+0x1a/0x30 [ 25.440002] </TASK> [ 25.440013] [ 25.450489] Allocated by task 207: [ 25.450750] kasan_save_stack+0x45/0x70 [ 25.451208] kasan_save_track+0x18/0x40 [ 25.451377] kasan_save_alloc_info+0x3b/0x50 [ 25.451589] __kasan_krealloc+0x190/0x1f0 [ 25.451761] krealloc_noprof+0xf3/0x340 [ 25.451936] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.452180] krealloc_less_oob+0x1c/0x30 [ 25.452672] kunit_try_run_case+0x1a5/0x480 [ 25.453001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.453408] kthread+0x337/0x6f0 [ 25.453575] ret_from_fork+0x116/0x1d0 [ 25.454033] ret_from_fork_asm+0x1a/0x30 [ 25.454206] [ 25.454290] The buggy address belongs to the object at ffff8881049ae000 [ 25.454290] which belongs to the cache kmalloc-256 of size 256 [ 25.455222] The buggy address is located 34 bytes to the right of [ 25.455222] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.455836] [ 25.455936] The buggy address belongs to the physical page: [ 25.456398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.456751] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.457170] flags: 0x200000000000040(head|node=0|zone=2) [ 25.457406] page_type: f5(slab) [ 25.457561] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.458171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.458451] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.458996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.459443] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.460104] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.460399] page dumped because: kasan: bad access detected [ 25.460770] [ 25.460927] Memory state around the buggy address: [ 25.461218] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.461540] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.462080] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.462635] ^ [ 25.462974] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.463434] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.463745] ================================================================== [ 25.549657] ================================================================== [ 25.550230] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551206] Write of size 1 at addr ffff88810612e0d0 by task kunit_try_catch/211 [ 25.551479] [ 25.551675] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.551723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.551735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.551756] Call Trace: [ 25.551772] <TASK> [ 25.551789] dump_stack_lvl+0x73/0xb0 [ 25.551816] print_report+0xd1/0x640 [ 25.551839] ? __virt_addr_valid+0x1db/0x2d0 [ 25.551864] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551888] ? kasan_addr_to_slab+0x11/0xa0 [ 25.551909] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551993] kasan_report+0x141/0x180 [ 25.552030] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.552071] __asan_report_store1_noabort+0x1b/0x30 [ 25.552098] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.552124] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.552149] ? finish_task_switch.isra.0+0x153/0x700 [ 25.552171] ? __switch_to+0x47/0xf80 [ 25.552197] ? __schedule+0x10da/0x2b60 [ 25.552218] ? __pfx_read_tsc+0x10/0x10 [ 25.552256] krealloc_large_less_oob+0x1c/0x30 [ 25.552279] kunit_try_run_case+0x1a5/0x480 [ 25.552305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.552328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.552350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.552377] ? __kthread_parkme+0x82/0x180 [ 25.552398] ? preempt_count_sub+0x50/0x80 [ 25.552421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.552446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.552470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.552494] kthread+0x337/0x6f0 [ 25.552514] ? trace_preempt_on+0x20/0xc0 [ 25.552538] ? __pfx_kthread+0x10/0x10 [ 25.552560] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.552584] ? calculate_sigpending+0x7b/0xa0 [ 25.552608] ? __pfx_kthread+0x10/0x10 [ 25.552630] ret_from_fork+0x116/0x1d0 [ 25.552650] ? __pfx_kthread+0x10/0x10 [ 25.552670] ret_from_fork_asm+0x1a/0x30 [ 25.552703] </TASK> [ 25.552714] [ 25.568867] The buggy address belongs to the physical page: [ 25.569512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.569757] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.570274] flags: 0x200000000000040(head|node=0|zone=2) [ 25.570521] page_type: f8(unknown) [ 25.570685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.570980] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.571276] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.571570] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.571867] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.573103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.573536] page dumped because: kasan: bad access detected [ 25.574123] [ 25.574220] Memory state around the buggy address: [ 25.574660] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.575271] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.575753] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.576413] ^ [ 25.576616] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.577304] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.577752] ================================================================== [ 25.516627] ================================================================== [ 25.517531] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.518084] Write of size 1 at addr ffff88810612e0c9 by task kunit_try_catch/211 [ 25.519105] [ 25.519461] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.519515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.519537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.519559] Call Trace: [ 25.519574] <TASK> [ 25.519590] dump_stack_lvl+0x73/0xb0 [ 25.519621] print_report+0xd1/0x640 [ 25.519768] ? __virt_addr_valid+0x1db/0x2d0 [ 25.519823] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519850] ? kasan_addr_to_slab+0x11/0xa0 [ 25.519872] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519897] kasan_report+0x141/0x180 [ 25.519920] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519962] __asan_report_store1_noabort+0x1b/0x30 [ 25.519989] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.520017] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.520042] ? finish_task_switch.isra.0+0x153/0x700 [ 25.520073] ? __switch_to+0x47/0xf80 [ 25.520100] ? __schedule+0x10da/0x2b60 [ 25.520121] ? __pfx_read_tsc+0x10/0x10 [ 25.520148] krealloc_large_less_oob+0x1c/0x30 [ 25.520171] kunit_try_run_case+0x1a5/0x480 [ 25.520196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.520220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.520241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.520267] ? __kthread_parkme+0x82/0x180 [ 25.520287] ? preempt_count_sub+0x50/0x80 [ 25.520310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.520334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.520358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.520383] kthread+0x337/0x6f0 [ 25.520403] ? trace_preempt_on+0x20/0xc0 [ 25.520427] ? __pfx_kthread+0x10/0x10 [ 25.520448] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.520473] ? calculate_sigpending+0x7b/0xa0 [ 25.520498] ? __pfx_kthread+0x10/0x10 [ 25.520520] ret_from_fork+0x116/0x1d0 [ 25.520539] ? __pfx_kthread+0x10/0x10 [ 25.520560] ret_from_fork_asm+0x1a/0x30 [ 25.520593] </TASK> [ 25.520604] [ 25.537324] The buggy address belongs to the physical page: [ 25.537869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.538306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.539108] flags: 0x200000000000040(head|node=0|zone=2) [ 25.539753] page_type: f8(unknown) [ 25.540159] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.540460] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.540700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.541418] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.542172] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.542972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.543732] page dumped because: kasan: bad access detected [ 25.544347] [ 25.544509] Memory state around the buggy address: [ 25.545154] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.545735] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.546435] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.547039] ^ [ 25.547627] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.548072] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.548796] ==================================================================