Hay
Sign in
Date
May 13, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.093671] ==================================================================
[   19.093758] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.093874] Write of size 1 at addr fff00000c5b13aeb by task kunit_try_catch/156
[   19.093993] 
[   19.094043] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.094138] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.094168] Hardware name: linux,dummy-virt (DT)
[   19.094205] Call trace:
[   19.094232]  show_stack+0x20/0x38 (C)
[   19.094382]  dump_stack_lvl+0x8c/0xd0
[   19.094438]  print_report+0x118/0x608
[   19.094532]  kasan_report+0xdc/0x128
[   19.094583]  __asan_report_store1_noabort+0x20/0x30
[   19.094640]  krealloc_more_oob_helper+0x60c/0x678
[   19.094775]  krealloc_more_oob+0x20/0x38
[   19.094902]  kunit_try_run_case+0x170/0x3f0
[   19.094986]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.095047]  kthread+0x328/0x630
[   19.095101]  ret_from_fork+0x10/0x20
[   19.095155] 
[   19.095300] Allocated by task 156:
[   19.095390]  kasan_save_stack+0x3c/0x68
[   19.095471]  kasan_save_track+0x20/0x40
[   19.095509]  kasan_save_alloc_info+0x40/0x58
[   19.095794]  __kasan_krealloc+0x118/0x178
[   19.096047]  krealloc_noprof+0x128/0x360
[   19.096312]  krealloc_more_oob_helper+0x168/0x678
[   19.096361]  krealloc_more_oob+0x20/0x38
[   19.096400]  kunit_try_run_case+0x170/0x3f0
[   19.096440]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.096485]  kthread+0x328/0x630
[   19.097047]  ret_from_fork+0x10/0x20
[   19.099003] 
[   19.099032] The buggy address belongs to the object at fff00000c5b13a00
[   19.099032]  which belongs to the cache kmalloc-256 of size 256
[   19.099104] The buggy address is located 0 bytes to the right of
[   19.099104]  allocated 235-byte region [fff00000c5b13a00, fff00000c5b13aeb)
[   19.099210] 
[   19.099256] The buggy address belongs to the physical page:
[   19.099301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.099363] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.099416] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.099482] page_type: f5(slab)
[   19.099532] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.099590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.099646] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.099698] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.099751] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.099824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.099867] page dumped because: kasan: bad access detected
[   19.099903] 
[   19.099923] Memory state around the buggy address:
[   19.099963]  fff00000c5b13980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.100023]  fff00000c5b13a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.100070] >fff00000c5b13a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.100110]                                                           ^
[   19.100152]  fff00000c5b13b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.100323]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.100368] ==================================================================
[   19.175173] ==================================================================
[   19.175256] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.175340] Write of size 1 at addr fff00000c65620eb by task kunit_try_catch/160
[   19.175396] 
[   19.175441] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.175535] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.175564] Hardware name: linux,dummy-virt (DT)
[   19.175608] Call trace:
[   19.175660]  show_stack+0x20/0x38 (C)
[   19.175735]  dump_stack_lvl+0x8c/0xd0
[   19.175819]  print_report+0x118/0x608
[   19.175924]  kasan_report+0xdc/0x128
[   19.175985]  __asan_report_store1_noabort+0x20/0x30
[   19.176099]  krealloc_more_oob_helper+0x60c/0x678
[   19.176197]  krealloc_large_more_oob+0x20/0x38
[   19.176296]  kunit_try_run_case+0x170/0x3f0
[   19.176397]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.176506]  kthread+0x328/0x630
[   19.176606]  ret_from_fork+0x10/0x20
[   19.176704] 
[   19.176748] The buggy address belongs to the physical page:
[   19.176831] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.176891] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.176941] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.177014] page_type: f8(unknown)
[   19.177064] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.177118] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.177254] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.177387] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.177443] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.177495] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.177537] page dumped because: kasan: bad access detected
[   19.177573] 
[   19.177593] Memory state around the buggy address:
[   19.177630]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.177677]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.177751] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.177796]                                                           ^
[   19.177885]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.177947]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.178013] ==================================================================
[   19.101618] ==================================================================
[   19.101767] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.101869] Write of size 1 at addr fff00000c5b13af0 by task kunit_try_catch/156
[   19.101940] 
[   19.102501] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.102633] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.102668] Hardware name: linux,dummy-virt (DT)
[   19.102705] Call trace:
[   19.102732]  show_stack+0x20/0x38 (C)
[   19.102800]  dump_stack_lvl+0x8c/0xd0
[   19.102852]  print_report+0x118/0x608
[   19.102903]  kasan_report+0xdc/0x128
[   19.102952]  __asan_report_store1_noabort+0x20/0x30
[   19.103024]  krealloc_more_oob_helper+0x5c0/0x678
[   19.103078]  krealloc_more_oob+0x20/0x38
[   19.103126]  kunit_try_run_case+0x170/0x3f0
[   19.103177]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.104782]  kthread+0x328/0x630
[   19.105410]  ret_from_fork+0x10/0x20
[   19.105938] 
[   19.105966] Allocated by task 156:
[   19.106483]  kasan_save_stack+0x3c/0x68
[   19.106551]  kasan_save_track+0x20/0x40
[   19.106594]  kasan_save_alloc_info+0x40/0x58
[   19.107690]  __kasan_krealloc+0x118/0x178
[   19.107751]  krealloc_noprof+0x128/0x360
[   19.107797]  krealloc_more_oob_helper+0x168/0x678
[   19.107841]  krealloc_more_oob+0x20/0x38
[   19.107881]  kunit_try_run_case+0x170/0x3f0
[   19.107922]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.107977]  kthread+0x328/0x630
[   19.108031]  ret_from_fork+0x10/0x20
[   19.108072] 
[   19.108096] The buggy address belongs to the object at fff00000c5b13a00
[   19.108096]  which belongs to the cache kmalloc-256 of size 256
[   19.109700] The buggy address is located 5 bytes to the right of
[   19.109700]  allocated 235-byte region [fff00000c5b13a00, fff00000c5b13aeb)
[   19.109824] 
[   19.109860] The buggy address belongs to the physical page:
[   19.109901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.112917] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.113024] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.113100] page_type: f5(slab)
[   19.113157] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.114332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.114528] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.114587] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.114641] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.115266] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.115679] page dumped because: kasan: bad access detected
[   19.115851] 
[   19.115874] Memory state around the buggy address:
[   19.115916]  fff00000c5b13980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.115965]  fff00000c5b13a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.116627] >fff00000c5b13a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.116671]                                                              ^
[   19.116731]  fff00000c5b13b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.116782]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.116824] ==================================================================
[   19.180551] ==================================================================
[   19.180631] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.180705] Write of size 1 at addr fff00000c65620f0 by task kunit_try_catch/160
[   19.180759] 
[   19.180799] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.180890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.180919] Hardware name: linux,dummy-virt (DT)
[   19.180954] Call trace:
[   19.180991]  show_stack+0x20/0x38 (C)
[   19.182417]  dump_stack_lvl+0x8c/0xd0
[   19.182566]  print_report+0x118/0x608
[   19.182630]  kasan_report+0xdc/0x128
[   19.182682]  __asan_report_store1_noabort+0x20/0x30
[   19.182772]  krealloc_more_oob_helper+0x5c0/0x678
[   19.182827]  krealloc_large_more_oob+0x20/0x38
[   19.182879]  kunit_try_run_case+0x170/0x3f0
[   19.182932]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.183003]  kthread+0x328/0x630
[   19.183094]  ret_from_fork+0x10/0x20
[   19.183187] 
[   19.183735] The buggy address belongs to the physical page:
[   19.183860] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.183928] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.184145] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.184296] page_type: f8(unknown)
[   19.184396] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.184454] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.184508] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.184559] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.184611] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.184662] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.184714] page dumped because: kasan: bad access detected
[   19.184767] 
[   19.184788] Memory state around the buggy address:
[   19.184826]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.184873]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.184918] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.184958]                                                              ^
[   19.185019]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.185066]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.185107] ==================================================================
Metadata Full log Test run details 

[   10.692112] ==================================================================
[   10.692734] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.693052] Write of size 1 at addr ffff8881003568f0 by task kunit_try_catch/173
[   10.693344] 
[   10.693457] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.693503] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.693669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.693694] Call Trace:
[   10.693707]  <TASK>
[   10.693722]  dump_stack_lvl+0x73/0xb0
[   10.693751]  print_report+0xd1/0x650
[   10.693773]  ? __virt_addr_valid+0x1db/0x2d0
[   10.693795]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.693818]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.693840]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.693864]  kasan_report+0x141/0x180
[   10.693886]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.693915]  __asan_report_store1_noabort+0x1b/0x30
[   10.693935]  krealloc_more_oob_helper+0x7eb/0x930
[   10.693957]  ? __schedule+0x10cc/0x2b60
[   10.693979]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.694003]  ? finish_task_switch.isra.0+0x153/0x700
[   10.694024]  ? __switch_to+0x47/0xf50
[   10.694050]  ? __schedule+0x10cc/0x2b60
[   10.694070]  ? __pfx_read_tsc+0x10/0x10
[   10.694094]  krealloc_more_oob+0x1c/0x30
[   10.694115]  kunit_try_run_case+0x1a5/0x480
[   10.694138]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.694159]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.694181]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.694203]  ? __kthread_parkme+0x82/0x180
[   10.694223]  ? preempt_count_sub+0x50/0x80
[   10.694246]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.694269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.694291]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.694314]  kthread+0x337/0x6f0
[   10.694333]  ? trace_preempt_on+0x20/0xc0
[   10.694356]  ? __pfx_kthread+0x10/0x10
[   10.694376]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.694398]  ? calculate_sigpending+0x7b/0xa0
[   10.694421]  ? __pfx_kthread+0x10/0x10
[   10.694442]  ret_from_fork+0x116/0x1d0
[   10.694459]  ? __pfx_kthread+0x10/0x10
[   10.694485]  ret_from_fork_asm+0x1a/0x30
[   10.694516]  </TASK>
[   10.694574] 
[   10.702421] Allocated by task 173:
[   10.702815]  kasan_save_stack+0x45/0x70
[   10.703021]  kasan_save_track+0x18/0x40
[   10.703213]  kasan_save_alloc_info+0x3b/0x50
[   10.703423]  __kasan_krealloc+0x190/0x1f0
[   10.703644]  krealloc_noprof+0xf3/0x340
[   10.703880]  krealloc_more_oob_helper+0x1a9/0x930
[   10.704088]  krealloc_more_oob+0x1c/0x30
[   10.704346]  kunit_try_run_case+0x1a5/0x480
[   10.704505]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.704779]  kthread+0x337/0x6f0
[   10.704924]  ret_from_fork+0x116/0x1d0
[   10.705092]  ret_from_fork_asm+0x1a/0x30
[   10.705331] 
[   10.705703] The buggy address belongs to the object at ffff888100356800
[   10.705703]  which belongs to the cache kmalloc-256 of size 256
[   10.706130] The buggy address is located 5 bytes to the right of
[   10.706130]  allocated 235-byte region [ffff888100356800, ffff8881003568eb)
[   10.706816] 
[   10.706892] The buggy address belongs to the physical page:
[   10.707066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.707365] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.707712] flags: 0x200000000000040(head|node=0|zone=2)
[   10.707960] page_type: f5(slab)
[   10.708082] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.708312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.708626] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.708981] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.709327] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.709686] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.710073] page dumped because: kasan: bad access detected
[   10.710314] 
[   10.710408] Memory state around the buggy address:
[   10.710571]  ffff888100356780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.711212]  ffff888100356800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.711444] >ffff888100356880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.711746]                                                              ^
[   10.712192]  ffff888100356900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.712487]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.712795] ==================================================================
[   10.873461] ==================================================================
[   10.873994] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.874372] Write of size 1 at addr ffff8881020160f0 by task kunit_try_catch/177
[   10.874648] 
[   10.874914] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.875031] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.875054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.875073] Call Trace:
[   10.875085]  <TASK>
[   10.875101]  dump_stack_lvl+0x73/0xb0
[   10.875131]  print_report+0xd1/0x650
[   10.875153]  ? __virt_addr_valid+0x1db/0x2d0
[   10.875176]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.875199]  ? kasan_addr_to_slab+0x11/0xa0
[   10.875220]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.875243]  kasan_report+0x141/0x180
[   10.875274]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.875303]  __asan_report_store1_noabort+0x1b/0x30
[   10.875323]  krealloc_more_oob_helper+0x7eb/0x930
[   10.875345]  ? __schedule+0x10cc/0x2b60
[   10.875367]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.875391]  ? finish_task_switch.isra.0+0x153/0x700
[   10.875413]  ? __switch_to+0x47/0xf50
[   10.875438]  ? __schedule+0x10cc/0x2b60
[   10.875459]  ? __pfx_read_tsc+0x10/0x10
[   10.875484]  krealloc_large_more_oob+0x1c/0x30
[   10.875506]  kunit_try_run_case+0x1a5/0x480
[   10.875547]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.875569]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.875592]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.875624]  ? __kthread_parkme+0x82/0x180
[   10.875645]  ? preempt_count_sub+0x50/0x80
[   10.875668]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.875691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.875714]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.875736]  kthread+0x337/0x6f0
[   10.875756]  ? trace_preempt_on+0x20/0xc0
[   10.875779]  ? __pfx_kthread+0x10/0x10
[   10.875800]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.875820]  ? calculate_sigpending+0x7b/0xa0
[   10.875843]  ? __pfx_kthread+0x10/0x10
[   10.875865]  ret_from_fork+0x116/0x1d0
[   10.875883]  ? __pfx_kthread+0x10/0x10
[   10.875903]  ret_from_fork_asm+0x1a/0x30
[   10.875934]  </TASK>
[   10.875945] 
[   10.886741] The buggy address belongs to the physical page:
[   10.886993] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102014
[   10.887670] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.888118] flags: 0x200000000000040(head|node=0|zone=2)
[   10.888342] page_type: f8(unknown)
[   10.888729] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.889095] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.889544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.889942] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.890375] head: 0200000000000002 ffffea0004080501 00000000ffffffff 00000000ffffffff
[   10.890712] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.891133] page dumped because: kasan: bad access detected
[   10.891520] 
[   10.891705] Memory state around the buggy address:
[   10.891947]  ffff888102015f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.892266]  ffff888102016000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.892558] >ffff888102016080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.893075]                                                              ^
[   10.893399]  ffff888102016100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.893848]  ffff888102016180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.894101] ==================================================================
[   10.667293] ==================================================================
[   10.668429] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.668979] Write of size 1 at addr ffff8881003568eb by task kunit_try_catch/173
[   10.669474] 
[   10.669649] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.669698] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.669710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.669729] Call Trace:
[   10.669741]  <TASK>
[   10.669755]  dump_stack_lvl+0x73/0xb0
[   10.669782]  print_report+0xd1/0x650
[   10.669805]  ? __virt_addr_valid+0x1db/0x2d0
[   10.669827]  ? krealloc_more_oob_helper+0x821/0x930
[   10.669850]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.669872]  ? krealloc_more_oob_helper+0x821/0x930
[   10.669896]  kasan_report+0x141/0x180
[   10.669918]  ? krealloc_more_oob_helper+0x821/0x930
[   10.669947]  __asan_report_store1_noabort+0x1b/0x30
[   10.669967]  krealloc_more_oob_helper+0x821/0x930
[   10.669989]  ? __schedule+0x10cc/0x2b60
[   10.670011]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.670034]  ? finish_task_switch.isra.0+0x153/0x700
[   10.670055]  ? __switch_to+0x47/0xf50
[   10.670082]  ? __schedule+0x10cc/0x2b60
[   10.670102]  ? __pfx_read_tsc+0x10/0x10
[   10.670126]  krealloc_more_oob+0x1c/0x30
[   10.670148]  kunit_try_run_case+0x1a5/0x480
[   10.670172]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.670203]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.670225]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.670247]  ? __kthread_parkme+0x82/0x180
[   10.670268]  ? preempt_count_sub+0x50/0x80
[   10.670291]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.670314]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.670336]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.670358]  kthread+0x337/0x6f0
[   10.670378]  ? trace_preempt_on+0x20/0xc0
[   10.670401]  ? __pfx_kthread+0x10/0x10
[   10.670421]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.670441]  ? calculate_sigpending+0x7b/0xa0
[   10.670468]  ? __pfx_kthread+0x10/0x10
[   10.670490]  ret_from_fork+0x116/0x1d0
[   10.670507]  ? __pfx_kthread+0x10/0x10
[   10.670539]  ret_from_fork_asm+0x1a/0x30
[   10.670572]  </TASK>
[   10.670583] 
[   10.681123] Allocated by task 173:
[   10.681267]  kasan_save_stack+0x45/0x70
[   10.681413]  kasan_save_track+0x18/0x40
[   10.681548]  kasan_save_alloc_info+0x3b/0x50
[   10.681816]  __kasan_krealloc+0x190/0x1f0
[   10.682017]  krealloc_noprof+0xf3/0x340
[   10.682241]  krealloc_more_oob_helper+0x1a9/0x930
[   10.682478]  krealloc_more_oob+0x1c/0x30
[   10.682726]  kunit_try_run_case+0x1a5/0x480
[   10.682903]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.683147]  kthread+0x337/0x6f0
[   10.683568]  ret_from_fork+0x116/0x1d0
[   10.683779]  ret_from_fork_asm+0x1a/0x30
[   10.683921] 
[   10.683994] The buggy address belongs to the object at ffff888100356800
[   10.683994]  which belongs to the cache kmalloc-256 of size 256
[   10.684476] The buggy address is located 0 bytes to the right of
[   10.684476]  allocated 235-byte region [ffff888100356800, ffff8881003568eb)
[   10.685083] 
[   10.685159] The buggy address belongs to the physical page:
[   10.685337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.685901] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.686243] flags: 0x200000000000040(head|node=0|zone=2)
[   10.686481] page_type: f5(slab)
[   10.686713] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.687102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.687454] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.687937] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.688271] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.688644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.688872] page dumped because: kasan: bad access detected
[   10.689091] 
[   10.689187] Memory state around the buggy address:
[   10.689434]  ffff888100356780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.689710]  ffff888100356800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.689924] >ffff888100356880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.690292]                                                           ^
[   10.690678]  ffff888100356900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.691015]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.691356] ==================================================================
[   10.853495] ==================================================================
[   10.853977] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.854350] Write of size 1 at addr ffff8881020160eb by task kunit_try_catch/177
[   10.854777] 
[   10.854905] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.854954] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.854966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.854986] Call Trace:
[   10.854998]  <TASK>
[   10.855012]  dump_stack_lvl+0x73/0xb0
[   10.855039]  print_report+0xd1/0x650
[   10.855062]  ? __virt_addr_valid+0x1db/0x2d0
[   10.855085]  ? krealloc_more_oob_helper+0x821/0x930
[   10.855120]  ? kasan_addr_to_slab+0x11/0xa0
[   10.855140]  ? krealloc_more_oob_helper+0x821/0x930
[   10.855164]  kasan_report+0x141/0x180
[   10.855198]  ? krealloc_more_oob_helper+0x821/0x930
[   10.855227]  __asan_report_store1_noabort+0x1b/0x30
[   10.855248]  krealloc_more_oob_helper+0x821/0x930
[   10.855281]  ? __schedule+0x10cc/0x2b60
[   10.855360]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.855384]  ? finish_task_switch.isra.0+0x153/0x700
[   10.855405]  ? __switch_to+0x47/0xf50
[   10.855440]  ? __schedule+0x10cc/0x2b60
[   10.855461]  ? __pfx_read_tsc+0x10/0x10
[   10.855484]  krealloc_large_more_oob+0x1c/0x30
[   10.855518]  kunit_try_run_case+0x1a5/0x480
[   10.855542]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.855563]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.855586]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.855630]  ? __kthread_parkme+0x82/0x180
[   10.855651]  ? preempt_count_sub+0x50/0x80
[   10.855674]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.855707]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.855729]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.855751]  kthread+0x337/0x6f0
[   10.855770]  ? trace_preempt_on+0x20/0xc0
[   10.855794]  ? __pfx_kthread+0x10/0x10
[   10.855815]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.855835]  ? calculate_sigpending+0x7b/0xa0
[   10.855860]  ? __pfx_kthread+0x10/0x10
[   10.855882]  ret_from_fork+0x116/0x1d0
[   10.855900]  ? __pfx_kthread+0x10/0x10
[   10.855920]  ret_from_fork_asm+0x1a/0x30
[   10.855951]  </TASK>
[   10.855963] 
[   10.865005] The buggy address belongs to the physical page:
[   10.865268] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102014
[   10.865505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.865825] flags: 0x200000000000040(head|node=0|zone=2)
[   10.866481] page_type: f8(unknown)
[   10.866893] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.867454] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.867842] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.868301] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.868661] head: 0200000000000002 ffffea0004080501 00000000ffffffff 00000000ffffffff
[   10.868980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.869468] page dumped because: kasan: bad access detected
[   10.869775] 
[   10.869858] Memory state around the buggy address:
[   10.870125]  ffff888102015f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.870536]  ffff888102016000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.871195] >ffff888102016080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.871576]                                                           ^
[   10.871976]  ffff888102016100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.872369]  ffff888102016180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.872775] ==================================================================
Metadata Full log Test run details