Hay
Date
May 29, 2025, 7:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.249300] ==================================================================
[   21.249506] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   21.249942] Write of size 1 at addr fff00000c47296d0 by task kunit_try_catch/158
[   21.250160] 
[   21.250302] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.250546] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.250609] Hardware name: linux,dummy-virt (DT)
[   21.250679] Call trace:
[   21.250733]  show_stack+0x20/0x38 (C)
[   21.251048]  dump_stack_lvl+0x8c/0xd0
[   21.251175]  print_report+0x118/0x608
[   21.251301]  kasan_report+0xdc/0x128
[   21.251433]  __asan_report_store1_noabort+0x20/0x30
[   21.251565]  krealloc_less_oob_helper+0xb9c/0xc50
[   21.251839]  krealloc_less_oob+0x20/0x38
[   21.252041]  kunit_try_run_case+0x170/0x3f0
[   21.252253]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.253600]  kthread+0x328/0x630
[   21.253679]  ret_from_fork+0x10/0x20
[   21.253745] 
[   21.253768] Allocated by task 158:
[   21.253802]  kasan_save_stack+0x3c/0x68
[   21.253853]  kasan_save_track+0x20/0x40
[   21.253896]  kasan_save_alloc_info+0x40/0x58
[   21.253936]  __kasan_krealloc+0x118/0x178
[   21.253977]  krealloc_noprof+0x128/0x360
[   21.254019]  krealloc_less_oob_helper+0x168/0xc50
[   21.254061]  krealloc_less_oob+0x20/0x38
[   21.254101]  kunit_try_run_case+0x170/0x3f0
[   21.254143]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.254190]  kthread+0x328/0x630
[   21.254226]  ret_from_fork+0x10/0x20
[   21.254265] 
[   21.254289] The buggy address belongs to the object at fff00000c4729600
[   21.254289]  which belongs to the cache kmalloc-256 of size 256
[   21.254386] The buggy address is located 7 bytes to the right of
[   21.254386]  allocated 201-byte region [fff00000c4729600, fff00000c47296c9)
[   21.254624] 
[   21.254674] The buggy address belongs to the physical page:
[   21.254743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.254857] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.254967] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.255105] page_type: f5(slab)
[   21.255208] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.255410] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.255599] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.255725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.255849] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.255975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.256078] page dumped because: kasan: bad access detected
[   21.256154] 
[   21.256197] Memory state around the buggy address:
[   21.256291]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.256436]  fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.256537] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.256628]                                                  ^
[   21.257262]  fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.257910]  fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.258029] ==================================================================
[   21.380150] ==================================================================
[   21.380265] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   21.380383] Write of size 1 at addr fff00000c65ea0eb by task kunit_try_catch/162
[   21.380520] 
[   21.380615] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.380828] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.380884] Hardware name: linux,dummy-virt (DT)
[   21.380955] Call trace:
[   21.381009]  show_stack+0x20/0x38 (C)
[   21.381155]  dump_stack_lvl+0x8c/0xd0
[   21.381279]  print_report+0x118/0x608
[   21.381392]  kasan_report+0xdc/0x128
[   21.381521]  __asan_report_store1_noabort+0x20/0x30
[   21.381658]  krealloc_less_oob_helper+0xa58/0xc50
[   21.381789]  krealloc_large_less_oob+0x20/0x38
[   21.381923]  kunit_try_run_case+0x170/0x3f0
[   21.382037]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.382160]  kthread+0x328/0x630
[   21.382271]  ret_from_fork+0x10/0x20
[   21.382447] 
[   21.382541] The buggy address belongs to the physical page:
[   21.382621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.382751] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.382860] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.382966] page_type: f8(unknown)
[   21.383055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.383178] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.383303] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.383458] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.383586] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.383745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.383863] page dumped because: kasan: bad access detected
[   21.383970] 
[   21.384033] Memory state around the buggy address:
[   21.384143]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.384288]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.384392] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.384481]                                                           ^
[   21.384572]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.384717]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.384812] ==================================================================
[   21.352816] ==================================================================
[   21.353548] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   21.353739] Write of size 1 at addr fff00000c65ea0d0 by task kunit_try_catch/162
[   21.353869] 
[   21.353961] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.354172] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.354235] Hardware name: linux,dummy-virt (DT)
[   21.354313] Call trace:
[   21.354968]  show_stack+0x20/0x38 (C)
[   21.355210]  dump_stack_lvl+0x8c/0xd0
[   21.356027]  print_report+0x118/0x608
[   21.356429]  kasan_report+0xdc/0x128
[   21.356650]  __asan_report_store1_noabort+0x20/0x30
[   21.356863]  krealloc_less_oob_helper+0xb9c/0xc50
[   21.357217]  krealloc_large_less_oob+0x20/0x38
[   21.357562]  kunit_try_run_case+0x170/0x3f0
[   21.357699]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.358125]  kthread+0x328/0x630
[   21.358799]  ret_from_fork+0x10/0x20
[   21.358972] 
[   21.359019] The buggy address belongs to the physical page:
[   21.359083] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.359205] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.360007] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.360607] page_type: f8(unknown)
[   21.360725] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.360922] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.361134] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.361269] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.361609] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.362048] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.362179] page dumped because: kasan: bad access detected
[   21.362495] 
[   21.362561] Memory state around the buggy address:
[   21.362638]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.362721]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.362797] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.362885]                                                  ^
[   21.363217]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.363496]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.363593] ==================================================================
[   21.239289] ==================================================================
[   21.239483] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   21.239639] Write of size 1 at addr fff00000c47296c9 by task kunit_try_catch/158
[   21.240077] 
[   21.240347] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.240656] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.240742] Hardware name: linux,dummy-virt (DT)
[   21.240830] Call trace:
[   21.240889]  show_stack+0x20/0x38 (C)
[   21.241023]  dump_stack_lvl+0x8c/0xd0
[   21.241149]  print_report+0x118/0x608
[   21.241246]  kasan_report+0xdc/0x128
[   21.241331]  __asan_report_store1_noabort+0x20/0x30
[   21.241452]  krealloc_less_oob_helper+0xa48/0xc50
[   21.241586]  krealloc_less_oob+0x20/0x38
[   21.241696]  kunit_try_run_case+0x170/0x3f0
[   21.241978]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.242309]  kthread+0x328/0x630
[   21.242528]  ret_from_fork+0x10/0x20
[   21.242663] 
[   21.242709] Allocated by task 158:
[   21.242772]  kasan_save_stack+0x3c/0x68
[   21.242866]  kasan_save_track+0x20/0x40
[   21.242951]  kasan_save_alloc_info+0x40/0x58
[   21.243062]  __kasan_krealloc+0x118/0x178
[   21.243164]  krealloc_noprof+0x128/0x360
[   21.243258]  krealloc_less_oob_helper+0x168/0xc50
[   21.243358]  krealloc_less_oob+0x20/0x38
[   21.243465]  kunit_try_run_case+0x170/0x3f0
[   21.243561]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.243665]  kthread+0x328/0x630
[   21.243744]  ret_from_fork+0x10/0x20
[   21.243831] 
[   21.243883] The buggy address belongs to the object at fff00000c4729600
[   21.243883]  which belongs to the cache kmalloc-256 of size 256
[   21.244029] The buggy address is located 0 bytes to the right of
[   21.244029]  allocated 201-byte region [fff00000c4729600, fff00000c47296c9)
[   21.244197] 
[   21.244274] The buggy address belongs to the physical page:
[   21.244378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.244508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.244618] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.244760] page_type: f5(slab)
[   21.245081] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.245498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.245653] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.245772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.246106] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.246259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.246381] page dumped because: kasan: bad access detected
[   21.246484] 
[   21.246534] Memory state around the buggy address:
[   21.246616]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.246721]  fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.246836] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.246934]                                               ^
[   21.247020]  fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.247112]  fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.247180] ==================================================================
[   21.365566] ==================================================================
[   21.365684] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   21.365821] Write of size 1 at addr fff00000c65ea0da by task kunit_try_catch/162
[   21.366134] 
[   21.366238] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.366867] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.366975] Hardware name: linux,dummy-virt (DT)
[   21.367187] Call trace:
[   21.367272]  show_stack+0x20/0x38 (C)
[   21.367623]  dump_stack_lvl+0x8c/0xd0
[   21.367703]  print_report+0x118/0x608
[   21.367760]  kasan_report+0xdc/0x128
[   21.367835]  __asan_report_store1_noabort+0x20/0x30
[   21.367919]  krealloc_less_oob_helper+0xa80/0xc50
[   21.367974]  krealloc_large_less_oob+0x20/0x38
[   21.368027]  kunit_try_run_case+0x170/0x3f0
[   21.368081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.368139]  kthread+0x328/0x630
[   21.368188]  ret_from_fork+0x10/0x20
[   21.368247] 
[   21.368274] The buggy address belongs to the physical page:
[   21.368312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.368373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.368444] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.368509] page_type: f8(unknown)
[   21.368557] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.368612] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.368666] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.368718] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.368770] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.368821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.368864] page dumped because: kasan: bad access detected
[   21.368898] 
[   21.368918] Memory state around the buggy address:
[   21.368955]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.369001]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.369047] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.369088]                                                     ^
[   21.369130]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.369175]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.369216] ==================================================================
[   21.260054] ==================================================================
[   21.260639] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   21.260805] Write of size 1 at addr fff00000c47296da by task kunit_try_catch/158
[   21.260926] 
[   21.261376] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.261619] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.261688] Hardware name: linux,dummy-virt (DT)
[   21.261767] Call trace:
[   21.261836]  show_stack+0x20/0x38 (C)
[   21.261973]  dump_stack_lvl+0x8c/0xd0
[   21.262088]  print_report+0x118/0x608
[   21.262205]  kasan_report+0xdc/0x128
[   21.262321]  __asan_report_store1_noabort+0x20/0x30
[   21.262706]  krealloc_less_oob_helper+0xa80/0xc50
[   21.262862]  krealloc_less_oob+0x20/0x38
[   21.263634]  kunit_try_run_case+0x170/0x3f0
[   21.263829]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.264030]  kthread+0x328/0x630
[   21.264136]  ret_from_fork+0x10/0x20
[   21.264250] 
[   21.264301] Allocated by task 158:
[   21.264370]  kasan_save_stack+0x3c/0x68
[   21.264482]  kasan_save_track+0x20/0x40
[   21.264574]  kasan_save_alloc_info+0x40/0x58
[   21.264661]  __kasan_krealloc+0x118/0x178
[   21.264749]  krealloc_noprof+0x128/0x360
[   21.264841]  krealloc_less_oob_helper+0x168/0xc50
[   21.264937]  krealloc_less_oob+0x20/0x38
[   21.265023]  kunit_try_run_case+0x170/0x3f0
[   21.265126]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.265269]  kthread+0x328/0x630
[   21.265353]  ret_from_fork+0x10/0x20
[   21.265448] 
[   21.265513] The buggy address belongs to the object at fff00000c4729600
[   21.265513]  which belongs to the cache kmalloc-256 of size 256
[   21.265704] The buggy address is located 17 bytes to the right of
[   21.265704]  allocated 201-byte region [fff00000c4729600, fff00000c47296c9)
[   21.265861] 
[   21.265911] The buggy address belongs to the physical page:
[   21.265992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.266138] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.266297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.266470] page_type: f5(slab)
[   21.266561] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.266687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.266825] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.266927] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.267033] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.267146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.267251] page dumped because: kasan: bad access detected
[   21.267332] 
[   21.267380] Memory state around the buggy address:
[   21.267472]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.267588]  fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.267670] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.267764]                                                     ^
[   21.267849]  fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.267928]  fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.267999] ==================================================================
[   21.277507] ==================================================================
[   21.277625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   21.277753] Write of size 1 at addr fff00000c47296eb by task kunit_try_catch/158
[   21.277878] 
[   21.277999] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.278189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.278246] Hardware name: linux,dummy-virt (DT)
[   21.278311] Call trace:
[   21.278372]  show_stack+0x20/0x38 (C)
[   21.278500]  dump_stack_lvl+0x8c/0xd0
[   21.278609]  print_report+0x118/0x608
[   21.278711]  kasan_report+0xdc/0x128
[   21.278913]  __asan_report_store1_noabort+0x20/0x30
[   21.279068]  krealloc_less_oob_helper+0xa58/0xc50
[   21.279213]  krealloc_less_oob+0x20/0x38
[   21.279350]  kunit_try_run_case+0x170/0x3f0
[   21.279503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.279621]  kthread+0x328/0x630
[   21.279709]  ret_from_fork+0x10/0x20
[   21.279818] 
[   21.279866] Allocated by task 158:
[   21.279926]  kasan_save_stack+0x3c/0x68
[   21.280008]  kasan_save_track+0x20/0x40
[   21.280082]  kasan_save_alloc_info+0x40/0x58
[   21.280185]  __kasan_krealloc+0x118/0x178
[   21.280271]  krealloc_noprof+0x128/0x360
[   21.280437]  krealloc_less_oob_helper+0x168/0xc50
[   21.280537]  krealloc_less_oob+0x20/0x38
[   21.280630]  kunit_try_run_case+0x170/0x3f0
[   21.280778]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.280883]  kthread+0x328/0x630
[   21.280965]  ret_from_fork+0x10/0x20
[   21.281051] 
[   21.281100] The buggy address belongs to the object at fff00000c4729600
[   21.281100]  which belongs to the cache kmalloc-256 of size 256
[   21.281240] The buggy address is located 34 bytes to the right of
[   21.281240]  allocated 201-byte region [fff00000c4729600, fff00000c47296c9)
[   21.281407] 
[   21.281462] The buggy address belongs to the physical page:
[   21.281539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.281672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.281787] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.281913] page_type: f5(slab)
[   21.282008] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.282131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.282253] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.282406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.282518] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.282640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.282745] page dumped because: kasan: bad access detected
[   21.282811] 
[   21.282857] Memory state around the buggy address:
[   21.282926]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.283019]  fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.283128] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.283227]                                                           ^
[   21.283330]  fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.283439]  fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.283631] ==================================================================
[   21.372862] ==================================================================
[   21.373673] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   21.373856] Write of size 1 at addr fff00000c65ea0ea by task kunit_try_catch/162
[   21.374270] 
[   21.374540] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.374735] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.374792] Hardware name: linux,dummy-virt (DT)
[   21.374872] Call trace:
[   21.374931]  show_stack+0x20/0x38 (C)
[   21.375054]  dump_stack_lvl+0x8c/0xd0
[   21.375176]  print_report+0x118/0x608
[   21.375287]  kasan_report+0xdc/0x128
[   21.375378]  __asan_report_store1_noabort+0x20/0x30
[   21.375485]  krealloc_less_oob_helper+0xae4/0xc50
[   21.375590]  krealloc_large_less_oob+0x20/0x38
[   21.375707]  kunit_try_run_case+0x170/0x3f0
[   21.375824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.375958]  kthread+0x328/0x630
[   21.376066]  ret_from_fork+0x10/0x20
[   21.376184] 
[   21.376233] The buggy address belongs to the physical page:
[   21.376310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.376481] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.376600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.376730] page_type: f8(unknown)
[   21.376825] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.376947] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.377071] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.377192] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.377313] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.377436] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.377518] page dumped because: kasan: bad access detected
[   21.377587] 
[   21.377647] Memory state around the buggy address:
[   21.377738]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.377845]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.377939] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.378031]                                                           ^
[   21.378131]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.378243]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.378342] ==================================================================
[   21.269478] ==================================================================
[   21.269597] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   21.269715] Write of size 1 at addr fff00000c47296ea by task kunit_try_catch/158
[   21.269835] 
[   21.269917] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.270122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.270200] Hardware name: linux,dummy-virt (DT)
[   21.270269] Call trace:
[   21.270321]  show_stack+0x20/0x38 (C)
[   21.270449]  dump_stack_lvl+0x8c/0xd0
[   21.270568]  print_report+0x118/0x608
[   21.270676]  kasan_report+0xdc/0x128
[   21.270777]  __asan_report_store1_noabort+0x20/0x30
[   21.270912]  krealloc_less_oob_helper+0xae4/0xc50
[   21.271071]  krealloc_less_oob+0x20/0x38
[   21.271177]  kunit_try_run_case+0x170/0x3f0
[   21.271302]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.271418]  kthread+0x328/0x630
[   21.271535]  ret_from_fork+0x10/0x20
[   21.271644] 
[   21.271686] Allocated by task 158:
[   21.271753]  kasan_save_stack+0x3c/0x68
[   21.271839]  kasan_save_track+0x20/0x40
[   21.271921]  kasan_save_alloc_info+0x40/0x58
[   21.272006]  __kasan_krealloc+0x118/0x178
[   21.272084]  krealloc_noprof+0x128/0x360
[   21.272171]  krealloc_less_oob_helper+0x168/0xc50
[   21.272298]  krealloc_less_oob+0x20/0x38
[   21.272392]  kunit_try_run_case+0x170/0x3f0
[   21.272499]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.272605]  kthread+0x328/0x630
[   21.272683]  ret_from_fork+0x10/0x20
[   21.272763] 
[   21.272813] The buggy address belongs to the object at fff00000c4729600
[   21.272813]  which belongs to the cache kmalloc-256 of size 256
[   21.272961] The buggy address is located 33 bytes to the right of
[   21.272961]  allocated 201-byte region [fff00000c4729600, fff00000c47296c9)
[   21.273197] 
[   21.273253] The buggy address belongs to the physical page:
[   21.273348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.273510] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.273674] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.273859] page_type: f5(slab)
[   21.273973] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.274147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.274283] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.274466] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.274582] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.274707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.274800] page dumped because: kasan: bad access detected
[   21.274886] 
[   21.274927] Memory state around the buggy address:
[   21.275002]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.275111]  fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.275222] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.275337]                                                           ^
[   21.275469]  fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.275599]  fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.275695] ==================================================================
[   21.334944] ==================================================================
[   21.335547] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   21.335745] Write of size 1 at addr fff00000c65ea0c9 by task kunit_try_catch/162
[   21.335855] 
[   21.335942] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.336121] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.336180] Hardware name: linux,dummy-virt (DT)
[   21.336254] Call trace:
[   21.336304]  show_stack+0x20/0x38 (C)
[   21.336428]  dump_stack_lvl+0x8c/0xd0
[   21.336535]  print_report+0x118/0x608
[   21.336690]  kasan_report+0xdc/0x128
[   21.336942]  __asan_report_store1_noabort+0x20/0x30
[   21.337071]  krealloc_less_oob_helper+0xa48/0xc50
[   21.337193]  krealloc_large_less_oob+0x20/0x38
[   21.337319]  kunit_try_run_case+0x170/0x3f0
[   21.337458]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.337609]  kthread+0x328/0x630
[   21.337949]  ret_from_fork+0x10/0x20
[   21.338972] 
[   21.339235] The buggy address belongs to the physical page:
[   21.339626] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.340550] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.340724] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.341963] page_type: f8(unknown)
[   21.342076] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.342205] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.342334] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.343423] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.344391] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.344693] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.345196] page dumped because: kasan: bad access detected
[   21.345342] 
[   21.345392] Memory state around the buggy address:
[   21.345550]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.345754]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.345918] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.346011]                                               ^
[   21.346352]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.346796]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.346966] ==================================================================


[   10.781587] ==================================================================
[   10.781857] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.782166] Write of size 1 at addr ffff888102a720eb by task kunit_try_catch/179
[   10.782491] 
[   10.782580] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.782633] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.782645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.782718] Call Trace:
[   10.782763]  <TASK>
[   10.782778]  dump_stack_lvl+0x73/0xb0
[   10.782834]  print_report+0xd1/0x650
[   10.782856]  ? __virt_addr_valid+0x1db/0x2d0
[   10.782878]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.782902]  ? kasan_addr_to_slab+0x11/0xa0
[   10.782923]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.782948]  kasan_report+0x141/0x180
[   10.782971]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.783002]  __asan_report_store1_noabort+0x1b/0x30
[   10.783023]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.783050]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.783075]  ? finish_task_switch.isra.0+0x153/0x700
[   10.783096]  ? __switch_to+0x47/0xf50
[   10.783122]  ? __schedule+0x10cc/0x2b60
[   10.783147]  ? __pfx_read_tsc+0x10/0x10
[   10.783172]  krealloc_large_less_oob+0x1c/0x30
[   10.783195]  kunit_try_run_case+0x1a5/0x480
[   10.783217]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.783236]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.783260]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.783284]  ? __kthread_parkme+0x82/0x180
[   10.783304]  ? preempt_count_sub+0x50/0x80
[   10.783328]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.783350]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.783374]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.783398]  kthread+0x337/0x6f0
[   10.783417]  ? trace_preempt_on+0x20/0xc0
[   10.783440]  ? __pfx_kthread+0x10/0x10
[   10.783460]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.783483]  ? calculate_sigpending+0x7b/0xa0
[   10.783506]  ? __pfx_kthread+0x10/0x10
[   10.783529]  ret_from_fork+0x116/0x1d0
[   10.783547]  ? __pfx_kthread+0x10/0x10
[   10.783567]  ret_from_fork_asm+0x1a/0x30
[   10.783601]  </TASK>
[   10.783621] 
[   10.794321] The buggy address belongs to the physical page:
[   10.794586] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70
[   10.795078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.795365] flags: 0x200000000000040(head|node=0|zone=2)
[   10.795641] page_type: f8(unknown)
[   10.795876] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.796162] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.796469] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.796761] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.797145] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff
[   10.797460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.797729] page dumped because: kasan: bad access detected
[   10.798036] 
[   10.798132] Memory state around the buggy address:
[   10.798336]  ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.798586]  ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.798929] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.799266]                                                           ^
[   10.799538]  ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.799996]  ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.800349] ==================================================================
[   10.701237] ==================================================================
[   10.701744] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.702316] Write of size 1 at addr ffff888102a720c9 by task kunit_try_catch/179
[   10.702620] 
[   10.702743] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.702787] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.702799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.702821] Call Trace:
[   10.702833]  <TASK>
[   10.702849]  dump_stack_lvl+0x73/0xb0
[   10.702876]  print_report+0xd1/0x650
[   10.702899]  ? __virt_addr_valid+0x1db/0x2d0
[   10.702923]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.702946]  ? kasan_addr_to_slab+0x11/0xa0
[   10.702968]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.702992]  kasan_report+0x141/0x180
[   10.703016]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.703047]  __asan_report_store1_noabort+0x1b/0x30
[   10.703068]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.703097]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.703122]  ? finish_task_switch.isra.0+0x153/0x700
[   10.703144]  ? __switch_to+0x47/0xf50
[   10.703172]  ? __schedule+0x10cc/0x2b60
[   10.703197]  ? __pfx_read_tsc+0x10/0x10
[   10.703223]  krealloc_large_less_oob+0x1c/0x30
[   10.703246]  kunit_try_run_case+0x1a5/0x480
[   10.703270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.703289]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.703313]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.703338]  ? __kthread_parkme+0x82/0x180
[   10.703359]  ? preempt_count_sub+0x50/0x80
[   10.703383]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.703404]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.703429]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.703453]  kthread+0x337/0x6f0
[   10.703473]  ? trace_preempt_on+0x20/0xc0
[   10.703497]  ? __pfx_kthread+0x10/0x10
[   10.703518]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.703541]  ? calculate_sigpending+0x7b/0xa0
[   10.703565]  ? __pfx_kthread+0x10/0x10
[   10.703593]  ret_from_fork+0x116/0x1d0
[   10.703619]  ? __pfx_kthread+0x10/0x10
[   10.703641]  ret_from_fork_asm+0x1a/0x30
[   10.703693]  </TASK>
[   10.703703] 
[   10.713549] The buggy address belongs to the physical page:
[   10.714027] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70
[   10.714483] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.714978] flags: 0x200000000000040(head|node=0|zone=2)
[   10.715329] page_type: f8(unknown)
[   10.715693] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.716183] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.716501] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.717110] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.717493] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff
[   10.718173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.718734] page dumped because: kasan: bad access detected
[   10.719255] 
[   10.719478] Memory state around the buggy address:
[   10.719709]  ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.720284]  ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.720594] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.721164]                                               ^
[   10.721496]  ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.722122]  ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.722723] ==================================================================
[   10.636958] ==================================================================
[   10.637317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.637657] Write of size 1 at addr ffff888100a1dceb by task kunit_try_catch/175
[   10.638029] 
[   10.638135] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.638178] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.638190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.638211] Call Trace:
[   10.638226]  <TASK>
[   10.638242]  dump_stack_lvl+0x73/0xb0
[   10.638266]  print_report+0xd1/0x650
[   10.638289]  ? __virt_addr_valid+0x1db/0x2d0
[   10.638311]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.638334]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.638357]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.638382]  kasan_report+0x141/0x180
[   10.638405]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.638437]  __asan_report_store1_noabort+0x1b/0x30
[   10.638458]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.638486]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.638510]  ? finish_task_switch.isra.0+0x153/0x700
[   10.638532]  ? __switch_to+0x47/0xf50
[   10.638563]  ? __schedule+0x10cc/0x2b60
[   10.638587]  ? __pfx_read_tsc+0x10/0x10
[   10.638623]  krealloc_less_oob+0x1c/0x30
[   10.638645]  kunit_try_run_case+0x1a5/0x480
[   10.638667]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.638687]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.638711]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.638735]  ? __kthread_parkme+0x82/0x180
[   10.638756]  ? preempt_count_sub+0x50/0x80
[   10.638797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.638819]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.638843]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.638868]  kthread+0x337/0x6f0
[   10.638888]  ? trace_preempt_on+0x20/0xc0
[   10.638911]  ? __pfx_kthread+0x10/0x10
[   10.638933]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.638955]  ? calculate_sigpending+0x7b/0xa0
[   10.638979]  ? __pfx_kthread+0x10/0x10
[   10.639002]  ret_from_fork+0x116/0x1d0
[   10.639019]  ? __pfx_kthread+0x10/0x10
[   10.639041]  ret_from_fork_asm+0x1a/0x30
[   10.639076]  </TASK>
[   10.639086] 
[   10.647170] Allocated by task 175:
[   10.647344]  kasan_save_stack+0x45/0x70
[   10.647551]  kasan_save_track+0x18/0x40
[   10.647734]  kasan_save_alloc_info+0x3b/0x50
[   10.647949]  __kasan_krealloc+0x190/0x1f0
[   10.648130]  krealloc_noprof+0xf3/0x340
[   10.648314]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.648518]  krealloc_less_oob+0x1c/0x30
[   10.648722]  kunit_try_run_case+0x1a5/0x480
[   10.648908]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.649165]  kthread+0x337/0x6f0
[   10.649290]  ret_from_fork+0x116/0x1d0
[   10.649426]  ret_from_fork_asm+0x1a/0x30
[   10.649570] 
[   10.649651] The buggy address belongs to the object at ffff888100a1dc00
[   10.649651]  which belongs to the cache kmalloc-256 of size 256
[   10.650302] The buggy address is located 34 bytes to the right of
[   10.650302]  allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9)
[   10.650914] 
[   10.651014] The buggy address belongs to the physical page:
[   10.651208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.651454] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.652008] flags: 0x200000000000040(head|node=0|zone=2)
[   10.652262] page_type: f5(slab)
[   10.652434] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.652798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.653039] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.653359] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.653712] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.654046] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.654282] page dumped because: kasan: bad access detected
[   10.654460] 
[   10.654554] Memory state around the buggy address:
[   10.654797]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.655128]  ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.655453] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.655784]                                                           ^
[   10.656082]  ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.656383]  ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.656675] ==================================================================
[   10.593873] ==================================================================
[   10.594346] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.594690] Write of size 1 at addr ffff888100a1dcda by task kunit_try_catch/175
[   10.595046] 
[   10.595180] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.595223] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.595235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.595254] Call Trace:
[   10.595269]  <TASK>
[   10.595283]  dump_stack_lvl+0x73/0xb0
[   10.595307]  print_report+0xd1/0x650
[   10.595329]  ? __virt_addr_valid+0x1db/0x2d0
[   10.595352]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.595375]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.595398]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.595423]  kasan_report+0x141/0x180
[   10.595446]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.595478]  __asan_report_store1_noabort+0x1b/0x30
[   10.595500]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.595527]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.595552]  ? finish_task_switch.isra.0+0x153/0x700
[   10.595574]  ? __switch_to+0x47/0xf50
[   10.595602]  ? __schedule+0x10cc/0x2b60
[   10.595638]  ? __pfx_read_tsc+0x10/0x10
[   10.595663]  krealloc_less_oob+0x1c/0x30
[   10.595685]  kunit_try_run_case+0x1a5/0x480
[   10.595706]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.595725]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.595749]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.595774]  ? __kthread_parkme+0x82/0x180
[   10.595794]  ? preempt_count_sub+0x50/0x80
[   10.595819]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.595841]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.595865]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.595889]  kthread+0x337/0x6f0
[   10.595909]  ? trace_preempt_on+0x20/0xc0
[   10.595932]  ? __pfx_kthread+0x10/0x10
[   10.595953]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.595976]  ? calculate_sigpending+0x7b/0xa0
[   10.595999]  ? __pfx_kthread+0x10/0x10
[   10.596021]  ret_from_fork+0x116/0x1d0
[   10.596040]  ? __pfx_kthread+0x10/0x10
[   10.596061]  ret_from_fork_asm+0x1a/0x30
[   10.596096]  </TASK>
[   10.596106] 
[   10.603914] Allocated by task 175:
[   10.604099]  kasan_save_stack+0x45/0x70
[   10.604304]  kasan_save_track+0x18/0x40
[   10.604503]  kasan_save_alloc_info+0x3b/0x50
[   10.604726]  __kasan_krealloc+0x190/0x1f0
[   10.604932]  krealloc_noprof+0xf3/0x340
[   10.605107]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.605344]  krealloc_less_oob+0x1c/0x30
[   10.605513]  kunit_try_run_case+0x1a5/0x480
[   10.605727]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.606019]  kthread+0x337/0x6f0
[   10.606147]  ret_from_fork+0x116/0x1d0
[   10.606283]  ret_from_fork_asm+0x1a/0x30
[   10.606475] 
[   10.606580] The buggy address belongs to the object at ffff888100a1dc00
[   10.606580]  which belongs to the cache kmalloc-256 of size 256
[   10.607369] The buggy address is located 17 bytes to the right of
[   10.607369]  allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9)
[   10.607759] 
[   10.607857] The buggy address belongs to the physical page:
[   10.608112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.608677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.608915] flags: 0x200000000000040(head|node=0|zone=2)
[   10.609092] page_type: f5(slab)
[   10.609231] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.609583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.610109] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.610440] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.610767] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.611137] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.611428] page dumped because: kasan: bad access detected
[   10.611664] 
[   10.611736] Memory state around the buggy address:
[   10.612140]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.612427]  ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.612750] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.613031]                                                     ^
[   10.613283]  ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.613577]  ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.613925] ==================================================================
[   10.723469] ==================================================================
[   10.723766] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.724033] Write of size 1 at addr ffff888102a720d0 by task kunit_try_catch/179
[   10.724401] 
[   10.724533] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.724578] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.724590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.724623] Call Trace:
[   10.724635]  <TASK>
[   10.724649]  dump_stack_lvl+0x73/0xb0
[   10.724674]  print_report+0xd1/0x650
[   10.724697]  ? __virt_addr_valid+0x1db/0x2d0
[   10.724720]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.724744]  ? kasan_addr_to_slab+0x11/0xa0
[   10.724776]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.724801]  kasan_report+0x141/0x180
[   10.724830]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.724862]  __asan_report_store1_noabort+0x1b/0x30
[   10.724884]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.724912]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.724936]  ? finish_task_switch.isra.0+0x153/0x700
[   10.724958]  ? __switch_to+0x47/0xf50
[   10.724984]  ? __schedule+0x10cc/0x2b60
[   10.725008]  ? __pfx_read_tsc+0x10/0x10
[   10.725033]  krealloc_large_less_oob+0x1c/0x30
[   10.725056]  kunit_try_run_case+0x1a5/0x480
[   10.725079]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.725098]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.725122]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.725146]  ? __kthread_parkme+0x82/0x180
[   10.725166]  ? preempt_count_sub+0x50/0x80
[   10.725191]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.725212]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.725236]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.725260]  kthread+0x337/0x6f0
[   10.725280]  ? trace_preempt_on+0x20/0xc0
[   10.725303]  ? __pfx_kthread+0x10/0x10
[   10.725324]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.725346]  ? calculate_sigpending+0x7b/0xa0
[   10.725370]  ? __pfx_kthread+0x10/0x10
[   10.725392]  ret_from_fork+0x116/0x1d0
[   10.725411]  ? __pfx_kthread+0x10/0x10
[   10.725432]  ret_from_fork_asm+0x1a/0x30
[   10.725467]  </TASK>
[   10.725477] 
[   10.735737] The buggy address belongs to the physical page:
[   10.736312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70
[   10.736683] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.737195] flags: 0x200000000000040(head|node=0|zone=2)
[   10.737447] page_type: f8(unknown)
[   10.737766] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.738151] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.738598] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.739047] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.739419] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff
[   10.739746] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.740141] page dumped because: kasan: bad access detected
[   10.740607] 
[   10.740790] Memory state around the buggy address:
[   10.741028]  ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.741421]  ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.741742] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.742190]                                                  ^
[   10.742516]  ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.742970]  ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.743450] ==================================================================
[   10.744006] ==================================================================
[   10.744456] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.745092] Write of size 1 at addr ffff888102a720da by task kunit_try_catch/179
[   10.745408] 
[   10.745502] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.745547] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.745558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.745578] Call Trace:
[   10.745592]  <TASK>
[   10.745607]  dump_stack_lvl+0x73/0xb0
[   10.745644]  print_report+0xd1/0x650
[   10.745668]  ? __virt_addr_valid+0x1db/0x2d0
[   10.745690]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.745714]  ? kasan_addr_to_slab+0x11/0xa0
[   10.745735]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.745760]  kasan_report+0x141/0x180
[   10.745783]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.745815]  __asan_report_store1_noabort+0x1b/0x30
[   10.745837]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.745865]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.745904]  ? finish_task_switch.isra.0+0x153/0x700
[   10.745952]  ? __switch_to+0x47/0xf50
[   10.745979]  ? __schedule+0x10cc/0x2b60
[   10.746003]  ? __pfx_read_tsc+0x10/0x10
[   10.746028]  krealloc_large_less_oob+0x1c/0x30
[   10.746051]  kunit_try_run_case+0x1a5/0x480
[   10.746073]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.746092]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.746117]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.746142]  ? __kthread_parkme+0x82/0x180
[   10.746163]  ? preempt_count_sub+0x50/0x80
[   10.746187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.746209]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.746233]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.746257]  kthread+0x337/0x6f0
[   10.746277]  ? trace_preempt_on+0x20/0xc0
[   10.746300]  ? __pfx_kthread+0x10/0x10
[   10.746321]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.746344]  ? calculate_sigpending+0x7b/0xa0
[   10.746368]  ? __pfx_kthread+0x10/0x10
[   10.746390]  ret_from_fork+0x116/0x1d0
[   10.746408]  ? __pfx_kthread+0x10/0x10
[   10.746430]  ret_from_fork_asm+0x1a/0x30
[   10.746465]  </TASK>
[   10.746475] 
[   10.754651] The buggy address belongs to the physical page:
[   10.755003] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70
[   10.755364] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.755718] flags: 0x200000000000040(head|node=0|zone=2)
[   10.755910] page_type: f8(unknown)
[   10.756132] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.756480] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.756846] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.757119] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.757479] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff
[   10.757800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.758049] page dumped because: kasan: bad access detected
[   10.758224] 
[   10.758321] Memory state around the buggy address:
[   10.758554]  ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.759010]  ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.759376] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.759595]                                                     ^
[   10.759839]  ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.760434]  ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.760762] ==================================================================
[   10.761130] ==================================================================
[   10.761357] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.761708] Write of size 1 at addr ffff888102a720ea by task kunit_try_catch/179
[   10.762423] 
[   10.762560] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.762603] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.762624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.762643] Call Trace:
[   10.762657]  <TASK>
[   10.762672]  dump_stack_lvl+0x73/0xb0
[   10.762695]  print_report+0xd1/0x650
[   10.762719]  ? __virt_addr_valid+0x1db/0x2d0
[   10.762742]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.762766]  ? kasan_addr_to_slab+0x11/0xa0
[   10.762788]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.762812]  kasan_report+0x141/0x180
[   10.762836]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.762867]  __asan_report_store1_noabort+0x1b/0x30
[   10.762888]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.762915]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.762940]  ? finish_task_switch.isra.0+0x153/0x700
[   10.762962]  ? __switch_to+0x47/0xf50
[   10.762988]  ? __schedule+0x10cc/0x2b60
[   10.763012]  ? __pfx_read_tsc+0x10/0x10
[   10.763037]  krealloc_large_less_oob+0x1c/0x30
[   10.763060]  kunit_try_run_case+0x1a5/0x480
[   10.763082]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.763101]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.763125]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.763150]  ? __kthread_parkme+0x82/0x180
[   10.763170]  ? preempt_count_sub+0x50/0x80
[   10.763195]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.763216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.763240]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.763264]  kthread+0x337/0x6f0
[   10.763284]  ? trace_preempt_on+0x20/0xc0
[   10.763307]  ? __pfx_kthread+0x10/0x10
[   10.763328]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.763350]  ? calculate_sigpending+0x7b/0xa0
[   10.763373]  ? __pfx_kthread+0x10/0x10
[   10.763396]  ret_from_fork+0x116/0x1d0
[   10.763414]  ? __pfx_kthread+0x10/0x10
[   10.763437]  ret_from_fork_asm+0x1a/0x30
[   10.763471]  </TASK>
[   10.763482] 
[   10.772016] The buggy address belongs to the physical page:
[   10.773631] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70
[   10.774159] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.774491] flags: 0x200000000000040(head|node=0|zone=2)
[   10.774753] page_type: f8(unknown)
[   10.775120] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.775462] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.775785] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.776336] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.776680] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff
[   10.777203] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.777530] page dumped because: kasan: bad access detected
[   10.777779] 
[   10.777879] Memory state around the buggy address:
[   10.778414]  ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.778801]  ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.779405] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.779782]                                                           ^
[   10.780118]  ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.780497]  ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.781141] ==================================================================
[   10.553043] ==================================================================
[   10.553514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.554160] Write of size 1 at addr ffff888100a1dcc9 by task kunit_try_catch/175
[   10.554503] 
[   10.554636] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.554684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.554697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.554719] Call Trace:
[   10.554731]  <TASK>
[   10.554748]  dump_stack_lvl+0x73/0xb0
[   10.554790]  print_report+0xd1/0x650
[   10.554813]  ? __virt_addr_valid+0x1db/0x2d0
[   10.554837]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.554861]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.554884]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.554909]  kasan_report+0x141/0x180
[   10.554933]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.554965]  __asan_report_store1_noabort+0x1b/0x30
[   10.554986]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.555014]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.555040]  ? finish_task_switch.isra.0+0x153/0x700
[   10.555062]  ? __switch_to+0x47/0xf50
[   10.555089]  ? __schedule+0x10cc/0x2b60
[   10.555114]  ? __pfx_read_tsc+0x10/0x10
[   10.555139]  krealloc_less_oob+0x1c/0x30
[   10.555161]  kunit_try_run_case+0x1a5/0x480
[   10.555184]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.555203]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.555228]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.555252]  ? __kthread_parkme+0x82/0x180
[   10.555273]  ? preempt_count_sub+0x50/0x80
[   10.555298]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.555320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.555344]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.555368]  kthread+0x337/0x6f0
[   10.555388]  ? trace_preempt_on+0x20/0xc0
[   10.555411]  ? __pfx_kthread+0x10/0x10
[   10.555432]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.555455]  ? calculate_sigpending+0x7b/0xa0
[   10.555479]  ? __pfx_kthread+0x10/0x10
[   10.555502]  ret_from_fork+0x116/0x1d0
[   10.555520]  ? __pfx_kthread+0x10/0x10
[   10.555541]  ret_from_fork_asm+0x1a/0x30
[   10.555577]  </TASK>
[   10.555588] 
[   10.563228] Allocated by task 175:
[   10.563363]  kasan_save_stack+0x45/0x70
[   10.563512]  kasan_save_track+0x18/0x40
[   10.563665]  kasan_save_alloc_info+0x3b/0x50
[   10.564001]  __kasan_krealloc+0x190/0x1f0
[   10.564209]  krealloc_noprof+0xf3/0x340
[   10.564402]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.564653]  krealloc_less_oob+0x1c/0x30
[   10.564827]  kunit_try_run_case+0x1a5/0x480
[   10.565028]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.565281]  kthread+0x337/0x6f0
[   10.565440]  ret_from_fork+0x116/0x1d0
[   10.565596]  ret_from_fork_asm+0x1a/0x30
[   10.565807] 
[   10.565888] The buggy address belongs to the object at ffff888100a1dc00
[   10.565888]  which belongs to the cache kmalloc-256 of size 256
[   10.566282] The buggy address is located 0 bytes to the right of
[   10.566282]  allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9)
[   10.566892] 
[   10.566999] The buggy address belongs to the physical page:
[   10.567262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.567627] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.567926] flags: 0x200000000000040(head|node=0|zone=2)
[   10.568119] page_type: f5(slab)
[   10.568292] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.568644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.568993] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.569292] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.569649] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.570037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.570271] page dumped because: kasan: bad access detected
[   10.570449] 
[   10.570520] Memory state around the buggy address:
[   10.570755]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.571117]  ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.571435] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.571702]                                               ^
[   10.572145]  ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.572384]  ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.572601] ==================================================================
[   10.573956] ==================================================================
[   10.574315] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.574671] Write of size 1 at addr ffff888100a1dcd0 by task kunit_try_catch/175
[   10.575017] 
[   10.575121] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.575164] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.575177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.575197] Call Trace:
[   10.575208]  <TASK>
[   10.575222]  dump_stack_lvl+0x73/0xb0
[   10.575248]  print_report+0xd1/0x650
[   10.575271]  ? __virt_addr_valid+0x1db/0x2d0
[   10.575293]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.575317]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.575340]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.575366]  kasan_report+0x141/0x180
[   10.575389]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.575421]  __asan_report_store1_noabort+0x1b/0x30
[   10.575442]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.575470]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.575495]  ? finish_task_switch.isra.0+0x153/0x700
[   10.575516]  ? __switch_to+0x47/0xf50
[   10.575543]  ? __schedule+0x10cc/0x2b60
[   10.575567]  ? __pfx_read_tsc+0x10/0x10
[   10.575592]  krealloc_less_oob+0x1c/0x30
[   10.575626]  kunit_try_run_case+0x1a5/0x480
[   10.575649]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.575668]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.575693]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.575718]  ? __kthread_parkme+0x82/0x180
[   10.575739]  ? preempt_count_sub+0x50/0x80
[   10.575763]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.575785]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.575817]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.575842]  kthread+0x337/0x6f0
[   10.575862]  ? trace_preempt_on+0x20/0xc0
[   10.575885]  ? __pfx_kthread+0x10/0x10
[   10.575906]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.575929]  ? calculate_sigpending+0x7b/0xa0
[   10.575953]  ? __pfx_kthread+0x10/0x10
[   10.575976]  ret_from_fork+0x116/0x1d0
[   10.575994]  ? __pfx_kthread+0x10/0x10
[   10.576015]  ret_from_fork_asm+0x1a/0x30
[   10.576050]  </TASK>
[   10.576059] 
[   10.583553] Allocated by task 175:
[   10.583742]  kasan_save_stack+0x45/0x70
[   10.583958]  kasan_save_track+0x18/0x40
[   10.584161]  kasan_save_alloc_info+0x3b/0x50
[   10.584358]  __kasan_krealloc+0x190/0x1f0
[   10.584539]  krealloc_noprof+0xf3/0x340
[   10.584744]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.584961]  krealloc_less_oob+0x1c/0x30
[   10.585105]  kunit_try_run_case+0x1a5/0x480
[   10.585274]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.585528]  kthread+0x337/0x6f0
[   10.585711]  ret_from_fork+0x116/0x1d0
[   10.586034]  ret_from_fork_asm+0x1a/0x30
[   10.586178] 
[   10.586250] The buggy address belongs to the object at ffff888100a1dc00
[   10.586250]  which belongs to the cache kmalloc-256 of size 256
[   10.586740] The buggy address is located 7 bytes to the right of
[   10.586740]  allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9)
[   10.587301] 
[   10.587402] The buggy address belongs to the physical page:
[   10.587659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.587961] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.588292] flags: 0x200000000000040(head|node=0|zone=2)
[   10.588505] page_type: f5(slab)
[   10.588694] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.589009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.589249] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.589488] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.589794] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.590149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.590490] page dumped because: kasan: bad access detected
[   10.590774] 
[   10.590870] Memory state around the buggy address:
[   10.591095]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.591358]  ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.591580] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.591808]                                                  ^
[   10.592083]  ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.592518]  ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.592971] ==================================================================
[   10.614897] ==================================================================
[   10.615244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.615573] Write of size 1 at addr ffff888100a1dcea by task kunit_try_catch/175
[   10.616221] 
[   10.616318] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.616362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.616374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.616395] Call Trace:
[   10.616410]  <TASK>
[   10.616425]  dump_stack_lvl+0x73/0xb0
[   10.616452]  print_report+0xd1/0x650
[   10.616476]  ? __virt_addr_valid+0x1db/0x2d0
[   10.616498]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.616522]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.616545]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.616570]  kasan_report+0x141/0x180
[   10.616593]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.616636]  __asan_report_store1_noabort+0x1b/0x30
[   10.616657]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.616685]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.616709]  ? finish_task_switch.isra.0+0x153/0x700
[   10.616731]  ? __switch_to+0x47/0xf50
[   10.616757]  ? __schedule+0x10cc/0x2b60
[   10.616781]  ? __pfx_read_tsc+0x10/0x10
[   10.616806]  krealloc_less_oob+0x1c/0x30
[   10.616828]  kunit_try_run_case+0x1a5/0x480
[   10.616850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.616869]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.616893]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.616918]  ? __kthread_parkme+0x82/0x180
[   10.616938]  ? preempt_count_sub+0x50/0x80
[   10.616962]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.616984]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.617008]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.617032]  kthread+0x337/0x6f0
[   10.617052]  ? trace_preempt_on+0x20/0xc0
[   10.617075]  ? __pfx_kthread+0x10/0x10
[   10.617097]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.617119]  ? calculate_sigpending+0x7b/0xa0
[   10.617143]  ? __pfx_kthread+0x10/0x10
[   10.617165]  ret_from_fork+0x116/0x1d0
[   10.617183]  ? __pfx_kthread+0x10/0x10
[   10.617204]  ret_from_fork_asm+0x1a/0x30
[   10.617238]  </TASK>
[   10.617248] 
[   10.624721] Allocated by task 175:
[   10.624854]  kasan_save_stack+0x45/0x70
[   10.625002]  kasan_save_track+0x18/0x40
[   10.625206]  kasan_save_alloc_info+0x3b/0x50
[   10.625416]  __kasan_krealloc+0x190/0x1f0
[   10.625634]  krealloc_noprof+0xf3/0x340
[   10.625892]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.626131]  krealloc_less_oob+0x1c/0x30
[   10.626328]  kunit_try_run_case+0x1a5/0x480
[   10.626535]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.626875]  kthread+0x337/0x6f0
[   10.627012]  ret_from_fork+0x116/0x1d0
[   10.627173]  ret_from_fork_asm+0x1a/0x30
[   10.627372] 
[   10.627469] The buggy address belongs to the object at ffff888100a1dc00
[   10.627469]  which belongs to the cache kmalloc-256 of size 256
[   10.627994] The buggy address is located 33 bytes to the right of
[   10.627994]  allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9)
[   10.628384] 
[   10.628458] The buggy address belongs to the physical page:
[   10.628730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.629381] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.629734] flags: 0x200000000000040(head|node=0|zone=2)
[   10.630064] page_type: f5(slab)
[   10.630188] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.630427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.630682] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.631217] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.631570] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.631944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.632282] page dumped because: kasan: bad access detected
[   10.632563] 
[   10.632643] Memory state around the buggy address:
[   10.632805]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.633059]  ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.633383] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.633718]                                                           ^
[   10.634249]  ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.634502]  ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.634741] ==================================================================