Date
May 29, 2025, 7:10 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 21.249300] ================================================================== [ 21.249506] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 21.249942] Write of size 1 at addr fff00000c47296d0 by task kunit_try_catch/158 [ 21.250160] [ 21.250302] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.250546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.250609] Hardware name: linux,dummy-virt (DT) [ 21.250679] Call trace: [ 21.250733] show_stack+0x20/0x38 (C) [ 21.251048] dump_stack_lvl+0x8c/0xd0 [ 21.251175] print_report+0x118/0x608 [ 21.251301] kasan_report+0xdc/0x128 [ 21.251433] __asan_report_store1_noabort+0x20/0x30 [ 21.251565] krealloc_less_oob_helper+0xb9c/0xc50 [ 21.251839] krealloc_less_oob+0x20/0x38 [ 21.252041] kunit_try_run_case+0x170/0x3f0 [ 21.252253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.253600] kthread+0x328/0x630 [ 21.253679] ret_from_fork+0x10/0x20 [ 21.253745] [ 21.253768] Allocated by task 158: [ 21.253802] kasan_save_stack+0x3c/0x68 [ 21.253853] kasan_save_track+0x20/0x40 [ 21.253896] kasan_save_alloc_info+0x40/0x58 [ 21.253936] __kasan_krealloc+0x118/0x178 [ 21.253977] krealloc_noprof+0x128/0x360 [ 21.254019] krealloc_less_oob_helper+0x168/0xc50 [ 21.254061] krealloc_less_oob+0x20/0x38 [ 21.254101] kunit_try_run_case+0x170/0x3f0 [ 21.254143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.254190] kthread+0x328/0x630 [ 21.254226] ret_from_fork+0x10/0x20 [ 21.254265] [ 21.254289] The buggy address belongs to the object at fff00000c4729600 [ 21.254289] which belongs to the cache kmalloc-256 of size 256 [ 21.254386] The buggy address is located 7 bytes to the right of [ 21.254386] allocated 201-byte region [fff00000c4729600, fff00000c47296c9) [ 21.254624] [ 21.254674] The buggy address belongs to the physical page: [ 21.254743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728 [ 21.254857] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.254967] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.255105] page_type: f5(slab) [ 21.255208] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.255410] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.255599] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.255725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.255849] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff [ 21.255975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.256078] page dumped because: kasan: bad access detected [ 21.256154] [ 21.256197] Memory state around the buggy address: [ 21.256291] fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.256436] fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.256537] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.256628] ^ [ 21.257262] fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.257910] fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.258029] ================================================================== [ 21.380150] ================================================================== [ 21.380265] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 21.380383] Write of size 1 at addr fff00000c65ea0eb by task kunit_try_catch/162 [ 21.380520] [ 21.380615] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.380828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.380884] Hardware name: linux,dummy-virt (DT) [ 21.380955] Call trace: [ 21.381009] show_stack+0x20/0x38 (C) [ 21.381155] dump_stack_lvl+0x8c/0xd0 [ 21.381279] print_report+0x118/0x608 [ 21.381392] kasan_report+0xdc/0x128 [ 21.381521] __asan_report_store1_noabort+0x20/0x30 [ 21.381658] krealloc_less_oob_helper+0xa58/0xc50 [ 21.381789] krealloc_large_less_oob+0x20/0x38 [ 21.381923] kunit_try_run_case+0x170/0x3f0 [ 21.382037] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.382160] kthread+0x328/0x630 [ 21.382271] ret_from_fork+0x10/0x20 [ 21.382447] [ 21.382541] The buggy address belongs to the physical page: [ 21.382621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 21.382751] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.382860] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.382966] page_type: f8(unknown) [ 21.383055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.383178] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.383303] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.383458] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.383586] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 21.383745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.383863] page dumped because: kasan: bad access detected [ 21.383970] [ 21.384033] Memory state around the buggy address: [ 21.384143] fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.384288] fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.384392] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.384481] ^ [ 21.384572] fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.384717] fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.384812] ================================================================== [ 21.352816] ================================================================== [ 21.353548] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 21.353739] Write of size 1 at addr fff00000c65ea0d0 by task kunit_try_catch/162 [ 21.353869] [ 21.353961] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.354172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.354235] Hardware name: linux,dummy-virt (DT) [ 21.354313] Call trace: [ 21.354968] show_stack+0x20/0x38 (C) [ 21.355210] dump_stack_lvl+0x8c/0xd0 [ 21.356027] print_report+0x118/0x608 [ 21.356429] kasan_report+0xdc/0x128 [ 21.356650] __asan_report_store1_noabort+0x20/0x30 [ 21.356863] krealloc_less_oob_helper+0xb9c/0xc50 [ 21.357217] krealloc_large_less_oob+0x20/0x38 [ 21.357562] kunit_try_run_case+0x170/0x3f0 [ 21.357699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.358125] kthread+0x328/0x630 [ 21.358799] ret_from_fork+0x10/0x20 [ 21.358972] [ 21.359019] The buggy address belongs to the physical page: [ 21.359083] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 21.359205] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.360007] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.360607] page_type: f8(unknown) [ 21.360725] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.360922] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.361134] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.361269] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.361609] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 21.362048] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.362179] page dumped because: kasan: bad access detected [ 21.362495] [ 21.362561] Memory state around the buggy address: [ 21.362638] fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.362721] fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.362797] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.362885] ^ [ 21.363217] fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.363496] fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.363593] ================================================================== [ 21.239289] ================================================================== [ 21.239483] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 21.239639] Write of size 1 at addr fff00000c47296c9 by task kunit_try_catch/158 [ 21.240077] [ 21.240347] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.240656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.240742] Hardware name: linux,dummy-virt (DT) [ 21.240830] Call trace: [ 21.240889] show_stack+0x20/0x38 (C) [ 21.241023] dump_stack_lvl+0x8c/0xd0 [ 21.241149] print_report+0x118/0x608 [ 21.241246] kasan_report+0xdc/0x128 [ 21.241331] __asan_report_store1_noabort+0x20/0x30 [ 21.241452] krealloc_less_oob_helper+0xa48/0xc50 [ 21.241586] krealloc_less_oob+0x20/0x38 [ 21.241696] kunit_try_run_case+0x170/0x3f0 [ 21.241978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.242309] kthread+0x328/0x630 [ 21.242528] ret_from_fork+0x10/0x20 [ 21.242663] [ 21.242709] Allocated by task 158: [ 21.242772] kasan_save_stack+0x3c/0x68 [ 21.242866] kasan_save_track+0x20/0x40 [ 21.242951] kasan_save_alloc_info+0x40/0x58 [ 21.243062] __kasan_krealloc+0x118/0x178 [ 21.243164] krealloc_noprof+0x128/0x360 [ 21.243258] krealloc_less_oob_helper+0x168/0xc50 [ 21.243358] krealloc_less_oob+0x20/0x38 [ 21.243465] kunit_try_run_case+0x170/0x3f0 [ 21.243561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.243665] kthread+0x328/0x630 [ 21.243744] ret_from_fork+0x10/0x20 [ 21.243831] [ 21.243883] The buggy address belongs to the object at fff00000c4729600 [ 21.243883] which belongs to the cache kmalloc-256 of size 256 [ 21.244029] The buggy address is located 0 bytes to the right of [ 21.244029] allocated 201-byte region [fff00000c4729600, fff00000c47296c9) [ 21.244197] [ 21.244274] The buggy address belongs to the physical page: [ 21.244378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728 [ 21.244508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.244618] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.244760] page_type: f5(slab) [ 21.245081] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.245498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.245653] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.245772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.246106] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff [ 21.246259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.246381] page dumped because: kasan: bad access detected [ 21.246484] [ 21.246534] Memory state around the buggy address: [ 21.246616] fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.246721] fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.246836] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.246934] ^ [ 21.247020] fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.247112] fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.247180] ================================================================== [ 21.365566] ================================================================== [ 21.365684] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 21.365821] Write of size 1 at addr fff00000c65ea0da by task kunit_try_catch/162 [ 21.366134] [ 21.366238] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.366867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.366975] Hardware name: linux,dummy-virt (DT) [ 21.367187] Call trace: [ 21.367272] show_stack+0x20/0x38 (C) [ 21.367623] dump_stack_lvl+0x8c/0xd0 [ 21.367703] print_report+0x118/0x608 [ 21.367760] kasan_report+0xdc/0x128 [ 21.367835] __asan_report_store1_noabort+0x20/0x30 [ 21.367919] krealloc_less_oob_helper+0xa80/0xc50 [ 21.367974] krealloc_large_less_oob+0x20/0x38 [ 21.368027] kunit_try_run_case+0x170/0x3f0 [ 21.368081] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.368139] kthread+0x328/0x630 [ 21.368188] ret_from_fork+0x10/0x20 [ 21.368247] [ 21.368274] The buggy address belongs to the physical page: [ 21.368312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 21.368373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.368444] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.368509] page_type: f8(unknown) [ 21.368557] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.368612] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.368666] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.368718] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.368770] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 21.368821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.368864] page dumped because: kasan: bad access detected [ 21.368898] [ 21.368918] Memory state around the buggy address: [ 21.368955] fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.369001] fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.369047] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.369088] ^ [ 21.369130] fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.369175] fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.369216] ================================================================== [ 21.260054] ================================================================== [ 21.260639] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 21.260805] Write of size 1 at addr fff00000c47296da by task kunit_try_catch/158 [ 21.260926] [ 21.261376] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.261619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.261688] Hardware name: linux,dummy-virt (DT) [ 21.261767] Call trace: [ 21.261836] show_stack+0x20/0x38 (C) [ 21.261973] dump_stack_lvl+0x8c/0xd0 [ 21.262088] print_report+0x118/0x608 [ 21.262205] kasan_report+0xdc/0x128 [ 21.262321] __asan_report_store1_noabort+0x20/0x30 [ 21.262706] krealloc_less_oob_helper+0xa80/0xc50 [ 21.262862] krealloc_less_oob+0x20/0x38 [ 21.263634] kunit_try_run_case+0x170/0x3f0 [ 21.263829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.264030] kthread+0x328/0x630 [ 21.264136] ret_from_fork+0x10/0x20 [ 21.264250] [ 21.264301] Allocated by task 158: [ 21.264370] kasan_save_stack+0x3c/0x68 [ 21.264482] kasan_save_track+0x20/0x40 [ 21.264574] kasan_save_alloc_info+0x40/0x58 [ 21.264661] __kasan_krealloc+0x118/0x178 [ 21.264749] krealloc_noprof+0x128/0x360 [ 21.264841] krealloc_less_oob_helper+0x168/0xc50 [ 21.264937] krealloc_less_oob+0x20/0x38 [ 21.265023] kunit_try_run_case+0x170/0x3f0 [ 21.265126] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.265269] kthread+0x328/0x630 [ 21.265353] ret_from_fork+0x10/0x20 [ 21.265448] [ 21.265513] The buggy address belongs to the object at fff00000c4729600 [ 21.265513] which belongs to the cache kmalloc-256 of size 256 [ 21.265704] The buggy address is located 17 bytes to the right of [ 21.265704] allocated 201-byte region [fff00000c4729600, fff00000c47296c9) [ 21.265861] [ 21.265911] The buggy address belongs to the physical page: [ 21.265992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728 [ 21.266138] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.266297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.266470] page_type: f5(slab) [ 21.266561] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.266687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.266825] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.266927] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.267033] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff [ 21.267146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.267251] page dumped because: kasan: bad access detected [ 21.267332] [ 21.267380] Memory state around the buggy address: [ 21.267472] fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.267588] fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.267670] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.267764] ^ [ 21.267849] fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.267928] fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.267999] ================================================================== [ 21.277507] ================================================================== [ 21.277625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 21.277753] Write of size 1 at addr fff00000c47296eb by task kunit_try_catch/158 [ 21.277878] [ 21.277999] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.278189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.278246] Hardware name: linux,dummy-virt (DT) [ 21.278311] Call trace: [ 21.278372] show_stack+0x20/0x38 (C) [ 21.278500] dump_stack_lvl+0x8c/0xd0 [ 21.278609] print_report+0x118/0x608 [ 21.278711] kasan_report+0xdc/0x128 [ 21.278913] __asan_report_store1_noabort+0x20/0x30 [ 21.279068] krealloc_less_oob_helper+0xa58/0xc50 [ 21.279213] krealloc_less_oob+0x20/0x38 [ 21.279350] kunit_try_run_case+0x170/0x3f0 [ 21.279503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.279621] kthread+0x328/0x630 [ 21.279709] ret_from_fork+0x10/0x20 [ 21.279818] [ 21.279866] Allocated by task 158: [ 21.279926] kasan_save_stack+0x3c/0x68 [ 21.280008] kasan_save_track+0x20/0x40 [ 21.280082] kasan_save_alloc_info+0x40/0x58 [ 21.280185] __kasan_krealloc+0x118/0x178 [ 21.280271] krealloc_noprof+0x128/0x360 [ 21.280437] krealloc_less_oob_helper+0x168/0xc50 [ 21.280537] krealloc_less_oob+0x20/0x38 [ 21.280630] kunit_try_run_case+0x170/0x3f0 [ 21.280778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.280883] kthread+0x328/0x630 [ 21.280965] ret_from_fork+0x10/0x20 [ 21.281051] [ 21.281100] The buggy address belongs to the object at fff00000c4729600 [ 21.281100] which belongs to the cache kmalloc-256 of size 256 [ 21.281240] The buggy address is located 34 bytes to the right of [ 21.281240] allocated 201-byte region [fff00000c4729600, fff00000c47296c9) [ 21.281407] [ 21.281462] The buggy address belongs to the physical page: [ 21.281539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728 [ 21.281672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.281787] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.281913] page_type: f5(slab) [ 21.282008] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.282131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.282253] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.282406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.282518] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff [ 21.282640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.282745] page dumped because: kasan: bad access detected [ 21.282811] [ 21.282857] Memory state around the buggy address: [ 21.282926] fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.283019] fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.283128] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.283227] ^ [ 21.283330] fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.283439] fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.283631] ================================================================== [ 21.372862] ================================================================== [ 21.373673] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 21.373856] Write of size 1 at addr fff00000c65ea0ea by task kunit_try_catch/162 [ 21.374270] [ 21.374540] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.374735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.374792] Hardware name: linux,dummy-virt (DT) [ 21.374872] Call trace: [ 21.374931] show_stack+0x20/0x38 (C) [ 21.375054] dump_stack_lvl+0x8c/0xd0 [ 21.375176] print_report+0x118/0x608 [ 21.375287] kasan_report+0xdc/0x128 [ 21.375378] __asan_report_store1_noabort+0x20/0x30 [ 21.375485] krealloc_less_oob_helper+0xae4/0xc50 [ 21.375590] krealloc_large_less_oob+0x20/0x38 [ 21.375707] kunit_try_run_case+0x170/0x3f0 [ 21.375824] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.375958] kthread+0x328/0x630 [ 21.376066] ret_from_fork+0x10/0x20 [ 21.376184] [ 21.376233] The buggy address belongs to the physical page: [ 21.376310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 21.376481] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.376600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.376730] page_type: f8(unknown) [ 21.376825] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.376947] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.377071] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.377192] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.377313] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 21.377436] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.377518] page dumped because: kasan: bad access detected [ 21.377587] [ 21.377647] Memory state around the buggy address: [ 21.377738] fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.377845] fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.377939] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.378031] ^ [ 21.378131] fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.378243] fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.378342] ================================================================== [ 21.269478] ================================================================== [ 21.269597] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 21.269715] Write of size 1 at addr fff00000c47296ea by task kunit_try_catch/158 [ 21.269835] [ 21.269917] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.270122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.270200] Hardware name: linux,dummy-virt (DT) [ 21.270269] Call trace: [ 21.270321] show_stack+0x20/0x38 (C) [ 21.270449] dump_stack_lvl+0x8c/0xd0 [ 21.270568] print_report+0x118/0x608 [ 21.270676] kasan_report+0xdc/0x128 [ 21.270777] __asan_report_store1_noabort+0x20/0x30 [ 21.270912] krealloc_less_oob_helper+0xae4/0xc50 [ 21.271071] krealloc_less_oob+0x20/0x38 [ 21.271177] kunit_try_run_case+0x170/0x3f0 [ 21.271302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.271418] kthread+0x328/0x630 [ 21.271535] ret_from_fork+0x10/0x20 [ 21.271644] [ 21.271686] Allocated by task 158: [ 21.271753] kasan_save_stack+0x3c/0x68 [ 21.271839] kasan_save_track+0x20/0x40 [ 21.271921] kasan_save_alloc_info+0x40/0x58 [ 21.272006] __kasan_krealloc+0x118/0x178 [ 21.272084] krealloc_noprof+0x128/0x360 [ 21.272171] krealloc_less_oob_helper+0x168/0xc50 [ 21.272298] krealloc_less_oob+0x20/0x38 [ 21.272392] kunit_try_run_case+0x170/0x3f0 [ 21.272499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.272605] kthread+0x328/0x630 [ 21.272683] ret_from_fork+0x10/0x20 [ 21.272763] [ 21.272813] The buggy address belongs to the object at fff00000c4729600 [ 21.272813] which belongs to the cache kmalloc-256 of size 256 [ 21.272961] The buggy address is located 33 bytes to the right of [ 21.272961] allocated 201-byte region [fff00000c4729600, fff00000c47296c9) [ 21.273197] [ 21.273253] The buggy address belongs to the physical page: [ 21.273348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728 [ 21.273510] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.273674] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.273859] page_type: f5(slab) [ 21.273973] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.274147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.274283] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 21.274466] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.274582] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff [ 21.274707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.274800] page dumped because: kasan: bad access detected [ 21.274886] [ 21.274927] Memory state around the buggy address: [ 21.275002] fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.275111] fff00000c4729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.275222] >fff00000c4729680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.275337] ^ [ 21.275469] fff00000c4729700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.275599] fff00000c4729780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.275695] ================================================================== [ 21.334944] ================================================================== [ 21.335547] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 21.335745] Write of size 1 at addr fff00000c65ea0c9 by task kunit_try_catch/162 [ 21.335855] [ 21.335942] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 21.336121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.336180] Hardware name: linux,dummy-virt (DT) [ 21.336254] Call trace: [ 21.336304] show_stack+0x20/0x38 (C) [ 21.336428] dump_stack_lvl+0x8c/0xd0 [ 21.336535] print_report+0x118/0x608 [ 21.336690] kasan_report+0xdc/0x128 [ 21.336942] __asan_report_store1_noabort+0x20/0x30 [ 21.337071] krealloc_less_oob_helper+0xa48/0xc50 [ 21.337193] krealloc_large_less_oob+0x20/0x38 [ 21.337319] kunit_try_run_case+0x170/0x3f0 [ 21.337458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.337609] kthread+0x328/0x630 [ 21.337949] ret_from_fork+0x10/0x20 [ 21.338972] [ 21.339235] The buggy address belongs to the physical page: [ 21.339626] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 21.340550] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.340724] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.341963] page_type: f8(unknown) [ 21.342076] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.342205] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.342334] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.343423] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.344391] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 21.344693] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.345196] page dumped because: kasan: bad access detected [ 21.345342] [ 21.345392] Memory state around the buggy address: [ 21.345550] fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.345754] fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.345918] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.346011] ^ [ 21.346352] fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.346796] fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.346966] ==================================================================
[ 10.781587] ================================================================== [ 10.781857] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 10.782166] Write of size 1 at addr ffff888102a720eb by task kunit_try_catch/179 [ 10.782491] [ 10.782580] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.782633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.782645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.782718] Call Trace: [ 10.782763] <TASK> [ 10.782778] dump_stack_lvl+0x73/0xb0 [ 10.782834] print_report+0xd1/0x650 [ 10.782856] ? __virt_addr_valid+0x1db/0x2d0 [ 10.782878] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.782902] ? kasan_addr_to_slab+0x11/0xa0 [ 10.782923] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.782948] kasan_report+0x141/0x180 [ 10.782971] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.783002] __asan_report_store1_noabort+0x1b/0x30 [ 10.783023] krealloc_less_oob_helper+0xd47/0x11d0 [ 10.783050] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.783075] ? finish_task_switch.isra.0+0x153/0x700 [ 10.783096] ? __switch_to+0x47/0xf50 [ 10.783122] ? __schedule+0x10cc/0x2b60 [ 10.783147] ? __pfx_read_tsc+0x10/0x10 [ 10.783172] krealloc_large_less_oob+0x1c/0x30 [ 10.783195] kunit_try_run_case+0x1a5/0x480 [ 10.783217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.783236] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.783260] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.783284] ? __kthread_parkme+0x82/0x180 [ 10.783304] ? preempt_count_sub+0x50/0x80 [ 10.783328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.783350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.783374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.783398] kthread+0x337/0x6f0 [ 10.783417] ? trace_preempt_on+0x20/0xc0 [ 10.783440] ? __pfx_kthread+0x10/0x10 [ 10.783460] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.783483] ? calculate_sigpending+0x7b/0xa0 [ 10.783506] ? __pfx_kthread+0x10/0x10 [ 10.783529] ret_from_fork+0x116/0x1d0 [ 10.783547] ? __pfx_kthread+0x10/0x10 [ 10.783567] ret_from_fork_asm+0x1a/0x30 [ 10.783601] </TASK> [ 10.783621] [ 10.794321] The buggy address belongs to the physical page: [ 10.794586] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70 [ 10.795078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.795365] flags: 0x200000000000040(head|node=0|zone=2) [ 10.795641] page_type: f8(unknown) [ 10.795876] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.796162] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.796469] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.796761] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.797145] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff [ 10.797460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.797729] page dumped because: kasan: bad access detected [ 10.798036] [ 10.798132] Memory state around the buggy address: [ 10.798336] ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.798586] ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.798929] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.799266] ^ [ 10.799538] ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.799996] ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.800349] ================================================================== [ 10.701237] ================================================================== [ 10.701744] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.702316] Write of size 1 at addr ffff888102a720c9 by task kunit_try_catch/179 [ 10.702620] [ 10.702743] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.702787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.702799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.702821] Call Trace: [ 10.702833] <TASK> [ 10.702849] dump_stack_lvl+0x73/0xb0 [ 10.702876] print_report+0xd1/0x650 [ 10.702899] ? __virt_addr_valid+0x1db/0x2d0 [ 10.702923] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.702946] ? kasan_addr_to_slab+0x11/0xa0 [ 10.702968] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.702992] kasan_report+0x141/0x180 [ 10.703016] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.703047] __asan_report_store1_noabort+0x1b/0x30 [ 10.703068] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.703097] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.703122] ? finish_task_switch.isra.0+0x153/0x700 [ 10.703144] ? __switch_to+0x47/0xf50 [ 10.703172] ? __schedule+0x10cc/0x2b60 [ 10.703197] ? __pfx_read_tsc+0x10/0x10 [ 10.703223] krealloc_large_less_oob+0x1c/0x30 [ 10.703246] kunit_try_run_case+0x1a5/0x480 [ 10.703270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.703289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.703313] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.703338] ? __kthread_parkme+0x82/0x180 [ 10.703359] ? preempt_count_sub+0x50/0x80 [ 10.703383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.703404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.703429] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.703453] kthread+0x337/0x6f0 [ 10.703473] ? trace_preempt_on+0x20/0xc0 [ 10.703497] ? __pfx_kthread+0x10/0x10 [ 10.703518] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.703541] ? calculate_sigpending+0x7b/0xa0 [ 10.703565] ? __pfx_kthread+0x10/0x10 [ 10.703593] ret_from_fork+0x116/0x1d0 [ 10.703619] ? __pfx_kthread+0x10/0x10 [ 10.703641] ret_from_fork_asm+0x1a/0x30 [ 10.703693] </TASK> [ 10.703703] [ 10.713549] The buggy address belongs to the physical page: [ 10.714027] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70 [ 10.714483] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.714978] flags: 0x200000000000040(head|node=0|zone=2) [ 10.715329] page_type: f8(unknown) [ 10.715693] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.716183] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.716501] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.717110] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.717493] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff [ 10.718173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.718734] page dumped because: kasan: bad access detected [ 10.719255] [ 10.719478] Memory state around the buggy address: [ 10.719709] ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.720284] ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.720594] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.721164] ^ [ 10.721496] ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.722122] ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.722723] ================================================================== [ 10.636958] ================================================================== [ 10.637317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 10.637657] Write of size 1 at addr ffff888100a1dceb by task kunit_try_catch/175 [ 10.638029] [ 10.638135] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.638178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.638190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.638211] Call Trace: [ 10.638226] <TASK> [ 10.638242] dump_stack_lvl+0x73/0xb0 [ 10.638266] print_report+0xd1/0x650 [ 10.638289] ? __virt_addr_valid+0x1db/0x2d0 [ 10.638311] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.638334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.638357] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.638382] kasan_report+0x141/0x180 [ 10.638405] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.638437] __asan_report_store1_noabort+0x1b/0x30 [ 10.638458] krealloc_less_oob_helper+0xd47/0x11d0 [ 10.638486] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.638510] ? finish_task_switch.isra.0+0x153/0x700 [ 10.638532] ? __switch_to+0x47/0xf50 [ 10.638563] ? __schedule+0x10cc/0x2b60 [ 10.638587] ? __pfx_read_tsc+0x10/0x10 [ 10.638623] krealloc_less_oob+0x1c/0x30 [ 10.638645] kunit_try_run_case+0x1a5/0x480 [ 10.638667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.638687] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.638711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.638735] ? __kthread_parkme+0x82/0x180 [ 10.638756] ? preempt_count_sub+0x50/0x80 [ 10.638797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.638819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.638843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.638868] kthread+0x337/0x6f0 [ 10.638888] ? trace_preempt_on+0x20/0xc0 [ 10.638911] ? __pfx_kthread+0x10/0x10 [ 10.638933] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.638955] ? calculate_sigpending+0x7b/0xa0 [ 10.638979] ? __pfx_kthread+0x10/0x10 [ 10.639002] ret_from_fork+0x116/0x1d0 [ 10.639019] ? __pfx_kthread+0x10/0x10 [ 10.639041] ret_from_fork_asm+0x1a/0x30 [ 10.639076] </TASK> [ 10.639086] [ 10.647170] Allocated by task 175: [ 10.647344] kasan_save_stack+0x45/0x70 [ 10.647551] kasan_save_track+0x18/0x40 [ 10.647734] kasan_save_alloc_info+0x3b/0x50 [ 10.647949] __kasan_krealloc+0x190/0x1f0 [ 10.648130] krealloc_noprof+0xf3/0x340 [ 10.648314] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.648518] krealloc_less_oob+0x1c/0x30 [ 10.648722] kunit_try_run_case+0x1a5/0x480 [ 10.648908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.649165] kthread+0x337/0x6f0 [ 10.649290] ret_from_fork+0x116/0x1d0 [ 10.649426] ret_from_fork_asm+0x1a/0x30 [ 10.649570] [ 10.649651] The buggy address belongs to the object at ffff888100a1dc00 [ 10.649651] which belongs to the cache kmalloc-256 of size 256 [ 10.650302] The buggy address is located 34 bytes to the right of [ 10.650302] allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9) [ 10.650914] [ 10.651014] The buggy address belongs to the physical page: [ 10.651208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 10.651454] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.652008] flags: 0x200000000000040(head|node=0|zone=2) [ 10.652262] page_type: f5(slab) [ 10.652434] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.652798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.653039] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.653359] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.653712] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 10.654046] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.654282] page dumped because: kasan: bad access detected [ 10.654460] [ 10.654554] Memory state around the buggy address: [ 10.654797] ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.655128] ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.655453] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.655784] ^ [ 10.656082] ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.656383] ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.656675] ================================================================== [ 10.593873] ================================================================== [ 10.594346] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 10.594690] Write of size 1 at addr ffff888100a1dcda by task kunit_try_catch/175 [ 10.595046] [ 10.595180] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.595223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.595235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.595254] Call Trace: [ 10.595269] <TASK> [ 10.595283] dump_stack_lvl+0x73/0xb0 [ 10.595307] print_report+0xd1/0x650 [ 10.595329] ? __virt_addr_valid+0x1db/0x2d0 [ 10.595352] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.595375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.595398] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.595423] kasan_report+0x141/0x180 [ 10.595446] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.595478] __asan_report_store1_noabort+0x1b/0x30 [ 10.595500] krealloc_less_oob_helper+0xec6/0x11d0 [ 10.595527] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.595552] ? finish_task_switch.isra.0+0x153/0x700 [ 10.595574] ? __switch_to+0x47/0xf50 [ 10.595602] ? __schedule+0x10cc/0x2b60 [ 10.595638] ? __pfx_read_tsc+0x10/0x10 [ 10.595663] krealloc_less_oob+0x1c/0x30 [ 10.595685] kunit_try_run_case+0x1a5/0x480 [ 10.595706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.595725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.595749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.595774] ? __kthread_parkme+0x82/0x180 [ 10.595794] ? preempt_count_sub+0x50/0x80 [ 10.595819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.595841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.595865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.595889] kthread+0x337/0x6f0 [ 10.595909] ? trace_preempt_on+0x20/0xc0 [ 10.595932] ? __pfx_kthread+0x10/0x10 [ 10.595953] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.595976] ? calculate_sigpending+0x7b/0xa0 [ 10.595999] ? __pfx_kthread+0x10/0x10 [ 10.596021] ret_from_fork+0x116/0x1d0 [ 10.596040] ? __pfx_kthread+0x10/0x10 [ 10.596061] ret_from_fork_asm+0x1a/0x30 [ 10.596096] </TASK> [ 10.596106] [ 10.603914] Allocated by task 175: [ 10.604099] kasan_save_stack+0x45/0x70 [ 10.604304] kasan_save_track+0x18/0x40 [ 10.604503] kasan_save_alloc_info+0x3b/0x50 [ 10.604726] __kasan_krealloc+0x190/0x1f0 [ 10.604932] krealloc_noprof+0xf3/0x340 [ 10.605107] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.605344] krealloc_less_oob+0x1c/0x30 [ 10.605513] kunit_try_run_case+0x1a5/0x480 [ 10.605727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.606019] kthread+0x337/0x6f0 [ 10.606147] ret_from_fork+0x116/0x1d0 [ 10.606283] ret_from_fork_asm+0x1a/0x30 [ 10.606475] [ 10.606580] The buggy address belongs to the object at ffff888100a1dc00 [ 10.606580] which belongs to the cache kmalloc-256 of size 256 [ 10.607369] The buggy address is located 17 bytes to the right of [ 10.607369] allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9) [ 10.607759] [ 10.607857] The buggy address belongs to the physical page: [ 10.608112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 10.608677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.608915] flags: 0x200000000000040(head|node=0|zone=2) [ 10.609092] page_type: f5(slab) [ 10.609231] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.609583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.610109] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.610440] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.610767] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 10.611137] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.611428] page dumped because: kasan: bad access detected [ 10.611664] [ 10.611736] Memory state around the buggy address: [ 10.612140] ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.612427] ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.612750] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.613031] ^ [ 10.613283] ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.613577] ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.613925] ================================================================== [ 10.723469] ================================================================== [ 10.723766] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.724033] Write of size 1 at addr ffff888102a720d0 by task kunit_try_catch/179 [ 10.724401] [ 10.724533] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.724578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.724590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.724623] Call Trace: [ 10.724635] <TASK> [ 10.724649] dump_stack_lvl+0x73/0xb0 [ 10.724674] print_report+0xd1/0x650 [ 10.724697] ? __virt_addr_valid+0x1db/0x2d0 [ 10.724720] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.724744] ? kasan_addr_to_slab+0x11/0xa0 [ 10.724776] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.724801] kasan_report+0x141/0x180 [ 10.724830] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.724862] __asan_report_store1_noabort+0x1b/0x30 [ 10.724884] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.724912] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.724936] ? finish_task_switch.isra.0+0x153/0x700 [ 10.724958] ? __switch_to+0x47/0xf50 [ 10.724984] ? __schedule+0x10cc/0x2b60 [ 10.725008] ? __pfx_read_tsc+0x10/0x10 [ 10.725033] krealloc_large_less_oob+0x1c/0x30 [ 10.725056] kunit_try_run_case+0x1a5/0x480 [ 10.725079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.725098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.725122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.725146] ? __kthread_parkme+0x82/0x180 [ 10.725166] ? preempt_count_sub+0x50/0x80 [ 10.725191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.725212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.725236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.725260] kthread+0x337/0x6f0 [ 10.725280] ? trace_preempt_on+0x20/0xc0 [ 10.725303] ? __pfx_kthread+0x10/0x10 [ 10.725324] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.725346] ? calculate_sigpending+0x7b/0xa0 [ 10.725370] ? __pfx_kthread+0x10/0x10 [ 10.725392] ret_from_fork+0x116/0x1d0 [ 10.725411] ? __pfx_kthread+0x10/0x10 [ 10.725432] ret_from_fork_asm+0x1a/0x30 [ 10.725467] </TASK> [ 10.725477] [ 10.735737] The buggy address belongs to the physical page: [ 10.736312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70 [ 10.736683] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.737195] flags: 0x200000000000040(head|node=0|zone=2) [ 10.737447] page_type: f8(unknown) [ 10.737766] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.738151] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.738598] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.739047] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.739419] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff [ 10.739746] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.740141] page dumped because: kasan: bad access detected [ 10.740607] [ 10.740790] Memory state around the buggy address: [ 10.741028] ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.741421] ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.741742] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.742190] ^ [ 10.742516] ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.742970] ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.743450] ================================================================== [ 10.744006] ================================================================== [ 10.744456] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 10.745092] Write of size 1 at addr ffff888102a720da by task kunit_try_catch/179 [ 10.745408] [ 10.745502] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.745547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.745558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.745578] Call Trace: [ 10.745592] <TASK> [ 10.745607] dump_stack_lvl+0x73/0xb0 [ 10.745644] print_report+0xd1/0x650 [ 10.745668] ? __virt_addr_valid+0x1db/0x2d0 [ 10.745690] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.745714] ? kasan_addr_to_slab+0x11/0xa0 [ 10.745735] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.745760] kasan_report+0x141/0x180 [ 10.745783] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.745815] __asan_report_store1_noabort+0x1b/0x30 [ 10.745837] krealloc_less_oob_helper+0xec6/0x11d0 [ 10.745865] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.745904] ? finish_task_switch.isra.0+0x153/0x700 [ 10.745952] ? __switch_to+0x47/0xf50 [ 10.745979] ? __schedule+0x10cc/0x2b60 [ 10.746003] ? __pfx_read_tsc+0x10/0x10 [ 10.746028] krealloc_large_less_oob+0x1c/0x30 [ 10.746051] kunit_try_run_case+0x1a5/0x480 [ 10.746073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.746092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.746117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.746142] ? __kthread_parkme+0x82/0x180 [ 10.746163] ? preempt_count_sub+0x50/0x80 [ 10.746187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.746209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.746233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.746257] kthread+0x337/0x6f0 [ 10.746277] ? trace_preempt_on+0x20/0xc0 [ 10.746300] ? __pfx_kthread+0x10/0x10 [ 10.746321] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.746344] ? calculate_sigpending+0x7b/0xa0 [ 10.746368] ? __pfx_kthread+0x10/0x10 [ 10.746390] ret_from_fork+0x116/0x1d0 [ 10.746408] ? __pfx_kthread+0x10/0x10 [ 10.746430] ret_from_fork_asm+0x1a/0x30 [ 10.746465] </TASK> [ 10.746475] [ 10.754651] The buggy address belongs to the physical page: [ 10.755003] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70 [ 10.755364] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.755718] flags: 0x200000000000040(head|node=0|zone=2) [ 10.755910] page_type: f8(unknown) [ 10.756132] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.756480] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.756846] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.757119] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.757479] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff [ 10.757800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.758049] page dumped because: kasan: bad access detected [ 10.758224] [ 10.758321] Memory state around the buggy address: [ 10.758554] ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.759010] ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.759376] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.759595] ^ [ 10.759839] ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.760434] ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.760762] ================================================================== [ 10.761130] ================================================================== [ 10.761357] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 10.761708] Write of size 1 at addr ffff888102a720ea by task kunit_try_catch/179 [ 10.762423] [ 10.762560] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.762603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.762624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.762643] Call Trace: [ 10.762657] <TASK> [ 10.762672] dump_stack_lvl+0x73/0xb0 [ 10.762695] print_report+0xd1/0x650 [ 10.762719] ? __virt_addr_valid+0x1db/0x2d0 [ 10.762742] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.762766] ? kasan_addr_to_slab+0x11/0xa0 [ 10.762788] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.762812] kasan_report+0x141/0x180 [ 10.762836] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.762867] __asan_report_store1_noabort+0x1b/0x30 [ 10.762888] krealloc_less_oob_helper+0xe90/0x11d0 [ 10.762915] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.762940] ? finish_task_switch.isra.0+0x153/0x700 [ 10.762962] ? __switch_to+0x47/0xf50 [ 10.762988] ? __schedule+0x10cc/0x2b60 [ 10.763012] ? __pfx_read_tsc+0x10/0x10 [ 10.763037] krealloc_large_less_oob+0x1c/0x30 [ 10.763060] kunit_try_run_case+0x1a5/0x480 [ 10.763082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.763101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.763125] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.763150] ? __kthread_parkme+0x82/0x180 [ 10.763170] ? preempt_count_sub+0x50/0x80 [ 10.763195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.763216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.763240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.763264] kthread+0x337/0x6f0 [ 10.763284] ? trace_preempt_on+0x20/0xc0 [ 10.763307] ? __pfx_kthread+0x10/0x10 [ 10.763328] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.763350] ? calculate_sigpending+0x7b/0xa0 [ 10.763373] ? __pfx_kthread+0x10/0x10 [ 10.763396] ret_from_fork+0x116/0x1d0 [ 10.763414] ? __pfx_kthread+0x10/0x10 [ 10.763437] ret_from_fork_asm+0x1a/0x30 [ 10.763471] </TASK> [ 10.763482] [ 10.772016] The buggy address belongs to the physical page: [ 10.773631] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a70 [ 10.774159] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.774491] flags: 0x200000000000040(head|node=0|zone=2) [ 10.774753] page_type: f8(unknown) [ 10.775120] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.775462] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.775785] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.776336] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.776680] head: 0200000000000002 ffffea00040a9c01 00000000ffffffff 00000000ffffffff [ 10.777203] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.777530] page dumped because: kasan: bad access detected [ 10.777779] [ 10.777879] Memory state around the buggy address: [ 10.778414] ffff888102a71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.778801] ffff888102a72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.779405] >ffff888102a72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.779782] ^ [ 10.780118] ffff888102a72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.780497] ffff888102a72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.781141] ================================================================== [ 10.553043] ================================================================== [ 10.553514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.554160] Write of size 1 at addr ffff888100a1dcc9 by task kunit_try_catch/175 [ 10.554503] [ 10.554636] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.554684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.554697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.554719] Call Trace: [ 10.554731] <TASK> [ 10.554748] dump_stack_lvl+0x73/0xb0 [ 10.554790] print_report+0xd1/0x650 [ 10.554813] ? __virt_addr_valid+0x1db/0x2d0 [ 10.554837] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.554861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.554884] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.554909] kasan_report+0x141/0x180 [ 10.554933] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.554965] __asan_report_store1_noabort+0x1b/0x30 [ 10.554986] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.555014] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.555040] ? finish_task_switch.isra.0+0x153/0x700 [ 10.555062] ? __switch_to+0x47/0xf50 [ 10.555089] ? __schedule+0x10cc/0x2b60 [ 10.555114] ? __pfx_read_tsc+0x10/0x10 [ 10.555139] krealloc_less_oob+0x1c/0x30 [ 10.555161] kunit_try_run_case+0x1a5/0x480 [ 10.555184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.555203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.555228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.555252] ? __kthread_parkme+0x82/0x180 [ 10.555273] ? preempt_count_sub+0x50/0x80 [ 10.555298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.555320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.555344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.555368] kthread+0x337/0x6f0 [ 10.555388] ? trace_preempt_on+0x20/0xc0 [ 10.555411] ? __pfx_kthread+0x10/0x10 [ 10.555432] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.555455] ? calculate_sigpending+0x7b/0xa0 [ 10.555479] ? __pfx_kthread+0x10/0x10 [ 10.555502] ret_from_fork+0x116/0x1d0 [ 10.555520] ? __pfx_kthread+0x10/0x10 [ 10.555541] ret_from_fork_asm+0x1a/0x30 [ 10.555577] </TASK> [ 10.555588] [ 10.563228] Allocated by task 175: [ 10.563363] kasan_save_stack+0x45/0x70 [ 10.563512] kasan_save_track+0x18/0x40 [ 10.563665] kasan_save_alloc_info+0x3b/0x50 [ 10.564001] __kasan_krealloc+0x190/0x1f0 [ 10.564209] krealloc_noprof+0xf3/0x340 [ 10.564402] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.564653] krealloc_less_oob+0x1c/0x30 [ 10.564827] kunit_try_run_case+0x1a5/0x480 [ 10.565028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.565281] kthread+0x337/0x6f0 [ 10.565440] ret_from_fork+0x116/0x1d0 [ 10.565596] ret_from_fork_asm+0x1a/0x30 [ 10.565807] [ 10.565888] The buggy address belongs to the object at ffff888100a1dc00 [ 10.565888] which belongs to the cache kmalloc-256 of size 256 [ 10.566282] The buggy address is located 0 bytes to the right of [ 10.566282] allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9) [ 10.566892] [ 10.566999] The buggy address belongs to the physical page: [ 10.567262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 10.567627] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.567926] flags: 0x200000000000040(head|node=0|zone=2) [ 10.568119] page_type: f5(slab) [ 10.568292] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.568644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.568993] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.569292] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.569649] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 10.570037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.570271] page dumped because: kasan: bad access detected [ 10.570449] [ 10.570520] Memory state around the buggy address: [ 10.570755] ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.571117] ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.571435] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.571702] ^ [ 10.572145] ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.572384] ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.572601] ================================================================== [ 10.573956] ================================================================== [ 10.574315] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.574671] Write of size 1 at addr ffff888100a1dcd0 by task kunit_try_catch/175 [ 10.575017] [ 10.575121] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.575164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.575177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.575197] Call Trace: [ 10.575208] <TASK> [ 10.575222] dump_stack_lvl+0x73/0xb0 [ 10.575248] print_report+0xd1/0x650 [ 10.575271] ? __virt_addr_valid+0x1db/0x2d0 [ 10.575293] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.575317] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.575340] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.575366] kasan_report+0x141/0x180 [ 10.575389] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.575421] __asan_report_store1_noabort+0x1b/0x30 [ 10.575442] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.575470] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.575495] ? finish_task_switch.isra.0+0x153/0x700 [ 10.575516] ? __switch_to+0x47/0xf50 [ 10.575543] ? __schedule+0x10cc/0x2b60 [ 10.575567] ? __pfx_read_tsc+0x10/0x10 [ 10.575592] krealloc_less_oob+0x1c/0x30 [ 10.575626] kunit_try_run_case+0x1a5/0x480 [ 10.575649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.575668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.575693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.575718] ? __kthread_parkme+0x82/0x180 [ 10.575739] ? preempt_count_sub+0x50/0x80 [ 10.575763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.575785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.575817] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.575842] kthread+0x337/0x6f0 [ 10.575862] ? trace_preempt_on+0x20/0xc0 [ 10.575885] ? __pfx_kthread+0x10/0x10 [ 10.575906] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.575929] ? calculate_sigpending+0x7b/0xa0 [ 10.575953] ? __pfx_kthread+0x10/0x10 [ 10.575976] ret_from_fork+0x116/0x1d0 [ 10.575994] ? __pfx_kthread+0x10/0x10 [ 10.576015] ret_from_fork_asm+0x1a/0x30 [ 10.576050] </TASK> [ 10.576059] [ 10.583553] Allocated by task 175: [ 10.583742] kasan_save_stack+0x45/0x70 [ 10.583958] kasan_save_track+0x18/0x40 [ 10.584161] kasan_save_alloc_info+0x3b/0x50 [ 10.584358] __kasan_krealloc+0x190/0x1f0 [ 10.584539] krealloc_noprof+0xf3/0x340 [ 10.584744] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.584961] krealloc_less_oob+0x1c/0x30 [ 10.585105] kunit_try_run_case+0x1a5/0x480 [ 10.585274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.585528] kthread+0x337/0x6f0 [ 10.585711] ret_from_fork+0x116/0x1d0 [ 10.586034] ret_from_fork_asm+0x1a/0x30 [ 10.586178] [ 10.586250] The buggy address belongs to the object at ffff888100a1dc00 [ 10.586250] which belongs to the cache kmalloc-256 of size 256 [ 10.586740] The buggy address is located 7 bytes to the right of [ 10.586740] allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9) [ 10.587301] [ 10.587402] The buggy address belongs to the physical page: [ 10.587659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 10.587961] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.588292] flags: 0x200000000000040(head|node=0|zone=2) [ 10.588505] page_type: f5(slab) [ 10.588694] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.589009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.589249] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.589488] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.589794] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 10.590149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.590490] page dumped because: kasan: bad access detected [ 10.590774] [ 10.590870] Memory state around the buggy address: [ 10.591095] ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.591358] ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.591580] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.591808] ^ [ 10.592083] ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.592518] ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.592971] ================================================================== [ 10.614897] ================================================================== [ 10.615244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 10.615573] Write of size 1 at addr ffff888100a1dcea by task kunit_try_catch/175 [ 10.616221] [ 10.616318] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.616362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.616374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.616395] Call Trace: [ 10.616410] <TASK> [ 10.616425] dump_stack_lvl+0x73/0xb0 [ 10.616452] print_report+0xd1/0x650 [ 10.616476] ? __virt_addr_valid+0x1db/0x2d0 [ 10.616498] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.616522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.616545] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.616570] kasan_report+0x141/0x180 [ 10.616593] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.616636] __asan_report_store1_noabort+0x1b/0x30 [ 10.616657] krealloc_less_oob_helper+0xe90/0x11d0 [ 10.616685] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.616709] ? finish_task_switch.isra.0+0x153/0x700 [ 10.616731] ? __switch_to+0x47/0xf50 [ 10.616757] ? __schedule+0x10cc/0x2b60 [ 10.616781] ? __pfx_read_tsc+0x10/0x10 [ 10.616806] krealloc_less_oob+0x1c/0x30 [ 10.616828] kunit_try_run_case+0x1a5/0x480 [ 10.616850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.616869] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.616893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.616918] ? __kthread_parkme+0x82/0x180 [ 10.616938] ? preempt_count_sub+0x50/0x80 [ 10.616962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.616984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.617008] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.617032] kthread+0x337/0x6f0 [ 10.617052] ? trace_preempt_on+0x20/0xc0 [ 10.617075] ? __pfx_kthread+0x10/0x10 [ 10.617097] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.617119] ? calculate_sigpending+0x7b/0xa0 [ 10.617143] ? __pfx_kthread+0x10/0x10 [ 10.617165] ret_from_fork+0x116/0x1d0 [ 10.617183] ? __pfx_kthread+0x10/0x10 [ 10.617204] ret_from_fork_asm+0x1a/0x30 [ 10.617238] </TASK> [ 10.617248] [ 10.624721] Allocated by task 175: [ 10.624854] kasan_save_stack+0x45/0x70 [ 10.625002] kasan_save_track+0x18/0x40 [ 10.625206] kasan_save_alloc_info+0x3b/0x50 [ 10.625416] __kasan_krealloc+0x190/0x1f0 [ 10.625634] krealloc_noprof+0xf3/0x340 [ 10.625892] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.626131] krealloc_less_oob+0x1c/0x30 [ 10.626328] kunit_try_run_case+0x1a5/0x480 [ 10.626535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.626875] kthread+0x337/0x6f0 [ 10.627012] ret_from_fork+0x116/0x1d0 [ 10.627173] ret_from_fork_asm+0x1a/0x30 [ 10.627372] [ 10.627469] The buggy address belongs to the object at ffff888100a1dc00 [ 10.627469] which belongs to the cache kmalloc-256 of size 256 [ 10.627994] The buggy address is located 33 bytes to the right of [ 10.627994] allocated 201-byte region [ffff888100a1dc00, ffff888100a1dcc9) [ 10.628384] [ 10.628458] The buggy address belongs to the physical page: [ 10.628730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 10.629381] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.629734] flags: 0x200000000000040(head|node=0|zone=2) [ 10.630064] page_type: f5(slab) [ 10.630188] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.630427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.630682] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.631217] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.631570] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 10.631944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.632282] page dumped because: kasan: bad access detected [ 10.632563] [ 10.632643] Memory state around the buggy address: [ 10.632805] ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.633059] ffff888100a1dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.633383] >ffff888100a1dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.633718] ^ [ 10.634249] ffff888100a1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.634502] ffff888100a1dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.634741] ==================================================================