Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 23.283866] ================================================================== [ 23.290956] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 23.298505] Write of size 1 at addr ffff00080348ceda by task kunit_try_catch/203 [ 23.305883] [ 23.307366] CPU: 6 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 23.307418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.307435] Hardware name: WinLink E850-96 board (DT) [ 23.307453] Call trace: [ 23.307465] show_stack+0x20/0x38 (C) [ 23.307499] dump_stack_lvl+0x8c/0xd0 [ 23.307529] print_report+0x118/0x608 [ 23.307562] kasan_report+0xdc/0x128 [ 23.307590] __asan_report_store1_noabort+0x20/0x30 [ 23.307624] krealloc_less_oob_helper+0xa80/0xc50 [ 23.307653] krealloc_less_oob+0x20/0x38 [ 23.307681] kunit_try_run_case+0x170/0x3f0 [ 23.307712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.307749] kthread+0x328/0x630 [ 23.307784] ret_from_fork+0x10/0x20 [ 23.307815] [ 23.375934] Allocated by task 203: [ 23.379321] kasan_save_stack+0x3c/0x68 [ 23.383139] kasan_save_track+0x20/0x40 [ 23.386960] kasan_save_alloc_info+0x40/0x58 [ 23.391212] __kasan_krealloc+0x118/0x178 [ 23.395205] krealloc_noprof+0x128/0x360 [ 23.399111] krealloc_less_oob_helper+0x168/0xc50 [ 23.403798] krealloc_less_oob+0x20/0x38 [ 23.407704] kunit_try_run_case+0x170/0x3f0 [ 23.411871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.417339] kthread+0x328/0x630 [ 23.420553] ret_from_fork+0x10/0x20 [ 23.424109] [ 23.425587] The buggy address belongs to the object at ffff00080348ce00 [ 23.425587] which belongs to the cache kmalloc-256 of size 256 [ 23.438088] The buggy address is located 17 bytes to the right of [ 23.438088] allocated 201-byte region [ffff00080348ce00, ffff00080348cec9) [ 23.451106] [ 23.452584] The buggy address belongs to the physical page: [ 23.458141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88348c [ 23.466125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.473764] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.480709] page_type: f5(slab) [ 23.483845] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.491564] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.499290] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.507102] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.514915] head: 0bfffe0000000002 fffffdffe00d2301 00000000ffffffff 00000000ffffffff [ 23.522727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.530532] page dumped because: kasan: bad access detected [ 23.536088] [ 23.537563] Memory state around the buggy address: [ 23.542345] ffff00080348cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.549546] ffff00080348ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.556753] >ffff00080348ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.563952] ^ [ 23.570032] ffff00080348cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.577237] ffff00080348cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.584438] ================================================================== [ 25.145382] ================================================================== [ 25.152475] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 25.160022] Write of size 1 at addr ffff00080349a0da by task kunit_try_catch/207 [ 25.167400] [ 25.168884] CPU: 6 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 25.168936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.168950] Hardware name: WinLink E850-96 board (DT) [ 25.168967] Call trace: [ 25.168979] show_stack+0x20/0x38 (C) [ 25.169012] dump_stack_lvl+0x8c/0xd0 [ 25.169043] print_report+0x118/0x608 [ 25.169076] kasan_report+0xdc/0x128 [ 25.169105] __asan_report_store1_noabort+0x20/0x30 [ 25.169139] krealloc_less_oob_helper+0xa80/0xc50 [ 25.169170] krealloc_large_less_oob+0x20/0x38 [ 25.169199] kunit_try_run_case+0x170/0x3f0 [ 25.169230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.169263] kthread+0x328/0x630 [ 25.169296] ret_from_fork+0x10/0x20 [ 25.169329] [ 25.237974] The buggy address belongs to the physical page: [ 25.243531] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883498 [ 25.251515] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.259155] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.266097] page_type: f8(unknown) [ 25.269491] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.277214] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.284940] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.292752] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.300565] head: 0bfffe0000000002 fffffdffe00d2601 00000000ffffffff 00000000ffffffff [ 25.308377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.316183] page dumped because: kasan: bad access detected [ 25.321738] [ 25.323214] Memory state around the buggy address: [ 25.327994] ffff000803499f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.335197] ffff00080349a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.342401] >ffff00080349a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.349602] ^ [ 25.355682] ffff00080349a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.362887] ffff00080349a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.370088] ================================================================== [ 22.976557] ================================================================== [ 22.983410] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 22.990958] Write of size 1 at addr ffff00080348ced0 by task kunit_try_catch/203 [ 22.998336] [ 22.999820] CPU: 6 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 22.999877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.999894] Hardware name: WinLink E850-96 board (DT) [ 22.999912] Call trace: [ 22.999925] show_stack+0x20/0x38 (C) [ 22.999959] dump_stack_lvl+0x8c/0xd0 [ 22.999990] print_report+0x118/0x608 [ 23.000021] kasan_report+0xdc/0x128 [ 23.000049] __asan_report_store1_noabort+0x20/0x30 [ 23.000085] krealloc_less_oob_helper+0xb9c/0xc50 [ 23.000115] krealloc_less_oob+0x20/0x38 [ 23.000142] kunit_try_run_case+0x170/0x3f0 [ 23.000177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.000210] kthread+0x328/0x630 [ 23.000244] ret_from_fork+0x10/0x20 [ 23.000275] [ 23.068386] Allocated by task 203: [ 23.071774] kasan_save_stack+0x3c/0x68 [ 23.075591] kasan_save_track+0x20/0x40 [ 23.079412] kasan_save_alloc_info+0x40/0x58 [ 23.083664] __kasan_krealloc+0x118/0x178 [ 23.087657] krealloc_noprof+0x128/0x360 [ 23.091563] krealloc_less_oob_helper+0x168/0xc50 [ 23.096251] krealloc_less_oob+0x20/0x38 [ 23.100157] kunit_try_run_case+0x170/0x3f0 [ 23.104323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.109792] kthread+0x328/0x630 [ 23.113005] ret_from_fork+0x10/0x20 [ 23.116563] [ 23.118040] The buggy address belongs to the object at ffff00080348ce00 [ 23.118040] which belongs to the cache kmalloc-256 of size 256 [ 23.130541] The buggy address is located 7 bytes to the right of [ 23.130541] allocated 201-byte region [ffff00080348ce00, ffff00080348cec9) [ 23.143472] [ 23.144950] The buggy address belongs to the physical page: [ 23.150507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88348c [ 23.158491] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.166128] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.173074] page_type: f5(slab) [ 23.176208] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.183930] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.191656] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.199467] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.207280] head: 0bfffe0000000002 fffffdffe00d2301 00000000ffffffff 00000000ffffffff [ 23.215092] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.222898] page dumped because: kasan: bad access detected [ 23.228453] [ 23.229929] Memory state around the buggy address: [ 23.234709] ffff00080348cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.241912] ffff00080348ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.249117] >ffff00080348ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.256318] ^ [ 23.262137] ffff00080348cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.269342] ffff00080348cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.276543] ================================================================== [ 23.900260] ================================================================== [ 23.907267] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 23.914815] Write of size 1 at addr ffff00080348ceeb by task kunit_try_catch/203 [ 23.922193] [ 23.923676] CPU: 6 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 23.923729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.923743] Hardware name: WinLink E850-96 board (DT) [ 23.923761] Call trace: [ 23.923775] show_stack+0x20/0x38 (C) [ 23.923808] dump_stack_lvl+0x8c/0xd0 [ 23.923840] print_report+0x118/0x608 [ 23.923872] kasan_report+0xdc/0x128 [ 23.923900] __asan_report_store1_noabort+0x20/0x30 [ 23.923937] krealloc_less_oob_helper+0xa58/0xc50 [ 23.923968] krealloc_less_oob+0x20/0x38 [ 23.923998] kunit_try_run_case+0x170/0x3f0 [ 23.924028] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.924062] kthread+0x328/0x630 [ 23.924093] ret_from_fork+0x10/0x20 [ 23.924123] [ 23.992244] Allocated by task 203: [ 23.995632] kasan_save_stack+0x3c/0x68 [ 23.999449] kasan_save_track+0x20/0x40 [ 24.003268] kasan_save_alloc_info+0x40/0x58 [ 24.007522] __kasan_krealloc+0x118/0x178 [ 24.011515] krealloc_noprof+0x128/0x360 [ 24.015421] krealloc_less_oob_helper+0x168/0xc50 [ 24.020108] krealloc_less_oob+0x20/0x38 [ 24.024015] kunit_try_run_case+0x170/0x3f0 [ 24.028181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.033650] kthread+0x328/0x630 [ 24.036861] ret_from_fork+0x10/0x20 [ 24.040420] [ 24.041898] The buggy address belongs to the object at ffff00080348ce00 [ 24.041898] which belongs to the cache kmalloc-256 of size 256 [ 24.054399] The buggy address is located 34 bytes to the right of [ 24.054399] allocated 201-byte region [ffff00080348ce00, ffff00080348cec9) [ 24.067417] [ 24.068894] The buggy address belongs to the physical page: [ 24.074452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88348c [ 24.082436] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.090076] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.097018] page_type: f5(slab) [ 24.100155] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 24.107874] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.115600] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 24.123412] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.131225] head: 0bfffe0000000002 fffffdffe00d2301 00000000ffffffff 00000000ffffffff [ 24.139037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.146842] page dumped because: kasan: bad access detected [ 24.152398] [ 24.153874] Memory state around the buggy address: [ 24.158653] ffff00080348cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.165857] ffff00080348ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.173063] >ffff00080348ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.180262] ^ [ 24.186863] ffff00080348cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.194068] ffff00080348cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.201269] ================================================================== [ 24.679225] ================================================================== [ 24.689200] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 24.696751] Write of size 1 at addr ffff00080349a0c9 by task kunit_try_catch/207 [ 24.704126] [ 24.705612] CPU: 6 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 24.705672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.705688] Hardware name: WinLink E850-96 board (DT) [ 24.705708] Call trace: [ 24.705720] show_stack+0x20/0x38 (C) [ 24.705755] dump_stack_lvl+0x8c/0xd0 [ 24.705788] print_report+0x118/0x608 [ 24.705821] kasan_report+0xdc/0x128 [ 24.705852] __asan_report_store1_noabort+0x20/0x30 [ 24.705890] krealloc_less_oob_helper+0xa48/0xc50 [ 24.705920] krealloc_large_less_oob+0x20/0x38 [ 24.705949] kunit_try_run_case+0x170/0x3f0 [ 24.705982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.706016] kthread+0x328/0x630 [ 24.706051] ret_from_fork+0x10/0x20 [ 24.706085] [ 24.774699] The buggy address belongs to the physical page: [ 24.780257] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883498 [ 24.788241] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.795882] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.802824] page_type: f8(unknown) [ 24.806222] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.813939] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.821666] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.829478] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.837291] head: 0bfffe0000000002 fffffdffe00d2601 00000000ffffffff 00000000ffffffff [ 24.845102] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.852910] page dumped because: kasan: bad access detected [ 24.858464] [ 24.859939] Memory state around the buggy address: [ 24.864719] ffff000803499f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.871923] ffff00080349a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.879127] >ffff00080349a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.886328] ^ [ 24.891887] ffff00080349a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.899092] ffff00080349a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.906295] ================================================================== [ 25.609947] ================================================================== [ 25.617050] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 25.624598] Write of size 1 at addr ffff00080349a0eb by task kunit_try_catch/207 [ 25.631976] [ 25.633458] CPU: 6 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 25.633505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.633520] Hardware name: WinLink E850-96 board (DT) [ 25.633537] Call trace: [ 25.633549] show_stack+0x20/0x38 (C) [ 25.633581] dump_stack_lvl+0x8c/0xd0 [ 25.633611] print_report+0x118/0x608 [ 25.633643] kasan_report+0xdc/0x128 [ 25.633672] __asan_report_store1_noabort+0x20/0x30 [ 25.633705] krealloc_less_oob_helper+0xa58/0xc50 [ 25.633738] krealloc_large_less_oob+0x20/0x38 [ 25.633767] kunit_try_run_case+0x170/0x3f0 [ 25.633797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.633833] kthread+0x328/0x630 [ 25.633868] ret_from_fork+0x10/0x20 [ 25.633900] [ 25.702550] The buggy address belongs to the physical page: [ 25.708107] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883498 [ 25.716092] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.723729] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.730673] page_type: f8(unknown) [ 25.734069] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.741790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.749517] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.757328] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.765142] head: 0bfffe0000000002 fffffdffe00d2601 00000000ffffffff 00000000ffffffff [ 25.772953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.780759] page dumped because: kasan: bad access detected [ 25.786314] [ 25.787790] Memory state around the buggy address: [ 25.792574] ffff000803499f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.799773] ffff00080349a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.806980] >ffff00080349a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.814178] ^ [ 25.820779] ffff00080349a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.827984] ffff00080349a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.835186] ================================================================== [ 24.913812] ================================================================== [ 24.920708] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 24.928255] Write of size 1 at addr ffff00080349a0d0 by task kunit_try_catch/207 [ 24.935633] [ 24.937117] CPU: 6 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 24.937173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.937190] Hardware name: WinLink E850-96 board (DT) [ 24.937208] Call trace: [ 24.937222] show_stack+0x20/0x38 (C) [ 24.937253] dump_stack_lvl+0x8c/0xd0 [ 24.937283] print_report+0x118/0x608 [ 24.937315] kasan_report+0xdc/0x128 [ 24.937347] __asan_report_store1_noabort+0x20/0x30 [ 24.937384] krealloc_less_oob_helper+0xb9c/0xc50 [ 24.937414] krealloc_large_less_oob+0x20/0x38 [ 24.937444] kunit_try_run_case+0x170/0x3f0 [ 24.937474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.937506] kthread+0x328/0x630 [ 24.937538] ret_from_fork+0x10/0x20 [ 24.937571] [ 25.006205] The buggy address belongs to the physical page: [ 25.011764] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883498 [ 25.019748] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.027387] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.034331] page_type: f8(unknown) [ 25.037727] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.045447] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.053173] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.060985] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.068798] head: 0bfffe0000000002 fffffdffe00d2601 00000000ffffffff 00000000ffffffff [ 25.076610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.084418] page dumped because: kasan: bad access detected [ 25.089970] [ 25.091446] Memory state around the buggy address: [ 25.096224] ffff000803499f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.103429] ffff00080349a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.110634] >ffff00080349a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.117835] ^ [ 25.123655] ffff00080349a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.130859] ffff00080349a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.138062] ================================================================== [ 23.591776] ================================================================== [ 23.598849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 23.606400] Write of size 1 at addr ffff00080348ceea by task kunit_try_catch/203 [ 23.613778] [ 23.615261] CPU: 6 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 23.615310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.615324] Hardware name: WinLink E850-96 board (DT) [ 23.615342] Call trace: [ 23.615352] show_stack+0x20/0x38 (C) [ 23.615382] dump_stack_lvl+0x8c/0xd0 [ 23.615413] print_report+0x118/0x608 [ 23.615444] kasan_report+0xdc/0x128 [ 23.615473] __asan_report_store1_noabort+0x20/0x30 [ 23.615511] krealloc_less_oob_helper+0xae4/0xc50 [ 23.615542] krealloc_less_oob+0x20/0x38 [ 23.615569] kunit_try_run_case+0x170/0x3f0 [ 23.615599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.615630] kthread+0x328/0x630 [ 23.615664] ret_from_fork+0x10/0x20 [ 23.615696] [ 23.683828] Allocated by task 203: [ 23.687216] kasan_save_stack+0x3c/0x68 [ 23.691034] kasan_save_track+0x20/0x40 [ 23.694853] kasan_save_alloc_info+0x40/0x58 [ 23.699107] __kasan_krealloc+0x118/0x178 [ 23.703099] krealloc_noprof+0x128/0x360 [ 23.707006] krealloc_less_oob_helper+0x168/0xc50 [ 23.711693] krealloc_less_oob+0x20/0x38 [ 23.715599] kunit_try_run_case+0x170/0x3f0 [ 23.719766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.725234] kthread+0x328/0x630 [ 23.728446] ret_from_fork+0x10/0x20 [ 23.732005] [ 23.733480] The buggy address belongs to the object at ffff00080348ce00 [ 23.733480] which belongs to the cache kmalloc-256 of size 256 [ 23.745981] The buggy address is located 33 bytes to the right of [ 23.745981] allocated 201-byte region [ffff00080348ce00, ffff00080348cec9) [ 23.759001] [ 23.760477] The buggy address belongs to the physical page: [ 23.766037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88348c [ 23.774020] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.781657] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.788602] page_type: f5(slab) [ 23.791736] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.799459] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.807185] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 23.814997] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.822810] head: 0bfffe0000000002 fffffdffe00d2301 00000000ffffffff 00000000ffffffff [ 23.830621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.838429] page dumped because: kasan: bad access detected [ 23.843983] [ 23.845458] Memory state around the buggy address: [ 23.850238] ffff00080348cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.857441] ffff00080348ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.864647] >ffff00080348ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.871847] ^ [ 23.878448] ffff00080348cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.885652] ffff00080348cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.892854] ================================================================== [ 25.377378] ================================================================== [ 25.384499] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 25.392050] Write of size 1 at addr ffff00080349a0ea by task kunit_try_catch/207 [ 25.399428] [ 25.400909] CPU: 6 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 25.400956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.400971] Hardware name: WinLink E850-96 board (DT) [ 25.400987] Call trace: [ 25.400997] show_stack+0x20/0x38 (C) [ 25.401030] dump_stack_lvl+0x8c/0xd0 [ 25.401061] print_report+0x118/0x608 [ 25.401093] kasan_report+0xdc/0x128 [ 25.401122] __asan_report_store1_noabort+0x20/0x30 [ 25.401159] krealloc_less_oob_helper+0xae4/0xc50 [ 25.401188] krealloc_large_less_oob+0x20/0x38 [ 25.401217] kunit_try_run_case+0x170/0x3f0 [ 25.401247] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.401283] kthread+0x328/0x630 [ 25.401317] ret_from_fork+0x10/0x20 [ 25.401348] [ 25.470001] The buggy address belongs to the physical page: [ 25.475559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883498 [ 25.483542] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.491183] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.498124] page_type: f8(unknown) [ 25.501519] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.509242] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.516968] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.524781] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.532593] head: 0bfffe0000000002 fffffdffe00d2601 00000000ffffffff 00000000ffffffff [ 25.540405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.548211] page dumped because: kasan: bad access detected [ 25.553766] [ 25.555241] Memory state around the buggy address: [ 25.560019] ffff000803499f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.567224] ffff00080349a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.574429] >ffff00080349a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.581630] ^ [ 25.588231] ffff00080349a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.595436] ffff00080349a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.602637] ================================================================== [ 22.666757] ================================================================== [ 22.676124] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 22.683674] Write of size 1 at addr ffff00080348cec9 by task kunit_try_catch/203 [ 22.691051] [ 22.692536] CPU: 6 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 22.692599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.692617] Hardware name: WinLink E850-96 board (DT) [ 22.692638] Call trace: [ 22.692650] show_stack+0x20/0x38 (C) [ 22.692688] dump_stack_lvl+0x8c/0xd0 [ 22.692721] print_report+0x118/0x608 [ 22.692757] kasan_report+0xdc/0x128 [ 22.692790] __asan_report_store1_noabort+0x20/0x30 [ 22.692828] krealloc_less_oob_helper+0xa48/0xc50 [ 22.692860] krealloc_less_oob+0x20/0x38 [ 22.692888] kunit_try_run_case+0x170/0x3f0 [ 22.692922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.692955] kthread+0x328/0x630 [ 22.692988] ret_from_fork+0x10/0x20 [ 22.693024] [ 22.761101] Allocated by task 203: [ 22.764489] kasan_save_stack+0x3c/0x68 [ 22.768305] kasan_save_track+0x20/0x40 [ 22.772125] kasan_save_alloc_info+0x40/0x58 [ 22.776377] __kasan_krealloc+0x118/0x178 [ 22.780370] krealloc_noprof+0x128/0x360 [ 22.784276] krealloc_less_oob_helper+0x168/0xc50 [ 22.788964] krealloc_less_oob+0x20/0x38 [ 22.792870] kunit_try_run_case+0x170/0x3f0 [ 22.797037] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.802505] kthread+0x328/0x630 [ 22.805718] ret_from_fork+0x10/0x20 [ 22.809276] [ 22.810753] The buggy address belongs to the object at ffff00080348ce00 [ 22.810753] which belongs to the cache kmalloc-256 of size 256 [ 22.823254] The buggy address is located 0 bytes to the right of [ 22.823254] allocated 201-byte region [ffff00080348ce00, ffff00080348cec9) [ 22.836185] [ 22.837665] The buggy address belongs to the physical page: [ 22.843220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88348c [ 22.851204] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.858843] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.865787] page_type: f5(slab) [ 22.868925] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.876643] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.884369] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.892180] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.899993] head: 0bfffe0000000002 fffffdffe00d2301 00000000ffffffff 00000000ffffffff [ 22.907805] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.915611] page dumped because: kasan: bad access detected [ 22.921166] [ 22.922642] Memory state around the buggy address: [ 22.927425] ffff00080348cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.934627] ffff00080348ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.941831] >ffff00080348ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.949031] ^ [ 22.954590] ffff00080348cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.961797] ffff00080348cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.968998] ==================================================================