Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 24.290698] ================================================================== [ 24.300116] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.307666] Write of size 1 at addr ffff000801bba0eb by task kunit_try_catch/204 [ 24.315043] [ 24.316527] CPU: 3 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.316578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.316595] Hardware name: WinLink E850-96 board (DT) [ 24.316617] Call trace: [ 24.316629] show_stack+0x20/0x38 (C) [ 24.316665] dump_stack_lvl+0x8c/0xd0 [ 24.316701] print_report+0x118/0x608 [ 24.316737] kasan_report+0xdc/0x128 [ 24.316767] __asan_report_store1_noabort+0x20/0x30 [ 24.316796] krealloc_more_oob_helper+0x60c/0x678 [ 24.316829] krealloc_large_more_oob+0x20/0x38 [ 24.316859] kunit_try_run_case+0x170/0x3f0 [ 24.316895] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.316935] kthread+0x328/0x630 [ 24.316962] ret_from_fork+0x10/0x20 [ 24.316995] [ 24.385269] The buggy address belongs to the physical page: [ 24.390827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881bb8 [ 24.398810] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.406451] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.413393] page_type: f8(unknown) [ 24.416789] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.424509] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.432235] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.440047] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.447860] head: 0bfffe0000000002 fffffdffe006ee01 00000000ffffffff 00000000ffffffff [ 24.455672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.463477] page dumped because: kasan: bad access detected [ 24.469034] [ 24.470508] Memory state around the buggy address: [ 24.475291] ffff000801bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.482491] ffff000801bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.489696] >ffff000801bba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.496897] ^ [ 24.503498] ffff000801bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.510703] ffff000801bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.517904] ================================================================== [ 22.129293] ================================================================== [ 22.138430] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 22.145980] Write of size 1 at addr ffff0008030ff2eb by task kunit_try_catch/200 [ 22.153356] [ 22.154843] CPU: 2 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 22.154898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.154914] Hardware name: WinLink E850-96 board (DT) [ 22.154935] Call trace: [ 22.154949] show_stack+0x20/0x38 (C) [ 22.154989] dump_stack_lvl+0x8c/0xd0 [ 22.155030] print_report+0x118/0x608 [ 22.155067] kasan_report+0xdc/0x128 [ 22.155097] __asan_report_store1_noabort+0x20/0x30 [ 22.155129] krealloc_more_oob_helper+0x60c/0x678 [ 22.155161] krealloc_more_oob+0x20/0x38 [ 22.155190] kunit_try_run_case+0x170/0x3f0 [ 22.155226] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.155265] kthread+0x328/0x630 [ 22.155293] ret_from_fork+0x10/0x20 [ 22.155328] [ 22.223061] Allocated by task 200: [ 22.226448] kasan_save_stack+0x3c/0x68 [ 22.230264] kasan_save_track+0x20/0x40 [ 22.234084] kasan_save_alloc_info+0x40/0x58 [ 22.238337] __kasan_krealloc+0x118/0x178 [ 22.242330] krealloc_noprof+0x128/0x360 [ 22.246236] krealloc_more_oob_helper+0x168/0x678 [ 22.250924] krealloc_more_oob+0x20/0x38 [ 22.254830] kunit_try_run_case+0x170/0x3f0 [ 22.258997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.264465] kthread+0x328/0x630 [ 22.267677] ret_from_fork+0x10/0x20 [ 22.271236] [ 22.272714] The buggy address belongs to the object at ffff0008030ff200 [ 22.272714] which belongs to the cache kmalloc-256 of size 256 [ 22.285215] The buggy address is located 0 bytes to the right of [ 22.285215] allocated 235-byte region [ffff0008030ff200, ffff0008030ff2eb) [ 22.298145] [ 22.299623] The buggy address belongs to the physical page: [ 22.305182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830fc [ 22.313166] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.320805] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.327747] page_type: f5(slab) [ 22.330884] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.338603] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.346330] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.354140] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.361953] head: 0bfffe0000000002 fffffdffe00c3f01 00000000ffffffff 00000000ffffffff [ 22.369765] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.377571] page dumped because: kasan: bad access detected [ 22.383128] [ 22.384602] Memory state around the buggy address: [ 22.389384] ffff0008030ff180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.396585] ffff0008030ff200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.403791] >ffff0008030ff280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.410991] ^ [ 22.417592] ffff0008030ff300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.424795] ffff0008030ff380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.431998] ================================================================== [ 22.439400] ================================================================== [ 22.446415] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 22.453961] Write of size 1 at addr ffff0008030ff2f0 by task kunit_try_catch/200 [ 22.461337] [ 22.462822] CPU: 2 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 22.462876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.462892] Hardware name: WinLink E850-96 board (DT) [ 22.462911] Call trace: [ 22.462922] show_stack+0x20/0x38 (C) [ 22.462958] dump_stack_lvl+0x8c/0xd0 [ 22.462998] print_report+0x118/0x608 [ 22.463034] kasan_report+0xdc/0x128 [ 22.463064] __asan_report_store1_noabort+0x20/0x30 [ 22.463094] krealloc_more_oob_helper+0x5c0/0x678 [ 22.463128] krealloc_more_oob+0x20/0x38 [ 22.463156] kunit_try_run_case+0x170/0x3f0 [ 22.463194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.463233] kthread+0x328/0x630 [ 22.463262] ret_from_fork+0x10/0x20 [ 22.463298] [ 22.531041] Allocated by task 200: [ 22.534428] kasan_save_stack+0x3c/0x68 [ 22.538246] kasan_save_track+0x20/0x40 [ 22.542065] kasan_save_alloc_info+0x40/0x58 [ 22.546319] __kasan_krealloc+0x118/0x178 [ 22.550313] krealloc_noprof+0x128/0x360 [ 22.554218] krealloc_more_oob_helper+0x168/0x678 [ 22.558905] krealloc_more_oob+0x20/0x38 [ 22.562812] kunit_try_run_case+0x170/0x3f0 [ 22.566978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.572447] kthread+0x328/0x630 [ 22.575659] ret_from_fork+0x10/0x20 [ 22.579218] [ 22.580696] The buggy address belongs to the object at ffff0008030ff200 [ 22.580696] which belongs to the cache kmalloc-256 of size 256 [ 22.593196] The buggy address is located 5 bytes to the right of [ 22.593196] allocated 235-byte region [ffff0008030ff200, ffff0008030ff2eb) [ 22.606127] [ 22.607606] The buggy address belongs to the physical page: [ 22.613162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830fc [ 22.621148] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.628786] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.635729] page_type: f5(slab) [ 22.638863] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.646584] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.654312] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.662122] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.669935] head: 0bfffe0000000002 fffffdffe00c3f01 00000000ffffffff 00000000ffffffff [ 22.677747] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.685553] page dumped because: kasan: bad access detected [ 22.691109] [ 22.692584] Memory state around the buggy address: [ 22.697365] ffff0008030ff180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.704568] ffff0008030ff200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.711773] >ffff0008030ff280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.718972] ^ [ 22.725833] ffff0008030ff300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.733038] ffff0008030ff380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.740240] ================================================================== [ 24.525204] ================================================================== [ 24.532318] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.539865] Write of size 1 at addr ffff000801bba0f0 by task kunit_try_catch/204 [ 24.547244] [ 24.548726] CPU: 3 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.548777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.548791] Hardware name: WinLink E850-96 board (DT) [ 24.548810] Call trace: [ 24.548823] show_stack+0x20/0x38 (C) [ 24.548858] dump_stack_lvl+0x8c/0xd0 [ 24.548895] print_report+0x118/0x608 [ 24.548930] kasan_report+0xdc/0x128 [ 24.548960] __asan_report_store1_noabort+0x20/0x30 [ 24.548990] krealloc_more_oob_helper+0x5c0/0x678 [ 24.549021] krealloc_large_more_oob+0x20/0x38 [ 24.549052] kunit_try_run_case+0x170/0x3f0 [ 24.549089] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.549128] kthread+0x328/0x630 [ 24.549155] ret_from_fork+0x10/0x20 [ 24.549188] [ 24.617471] The buggy address belongs to the physical page: [ 24.623025] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881bb8 [ 24.631010] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.638652] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.645593] page_type: f8(unknown) [ 24.648986] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.656710] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.664436] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.672248] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.680061] head: 0bfffe0000000002 fffffdffe006ee01 00000000ffffffff 00000000ffffffff [ 24.687873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.695679] page dumped because: kasan: bad access detected [ 24.701236] [ 24.702710] Memory state around the buggy address: [ 24.707491] ffff000801bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.714692] ffff000801bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.721899] >ffff000801bba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.729099] ^ [ 24.735960] ffff000801bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.743165] ffff000801bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.750366] ==================================================================
[ 24.541552] ================================================================== [ 24.541653] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.541791] Write of size 1 at addr fff00000c77b60f0 by task kunit_try_catch/161 [ 24.541902] [ 24.541978] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.542165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.542225] Hardware name: linux,dummy-virt (DT) [ 24.542296] Call trace: [ 24.542345] show_stack+0x20/0x38 (C) [ 24.542461] dump_stack_lvl+0x8c/0xd0 [ 24.542578] print_report+0x118/0x608 [ 24.546554] kasan_report+0xdc/0x128 [ 24.547443] __asan_report_store1_noabort+0x20/0x30 [ 24.547718] krealloc_more_oob_helper+0x5c0/0x678 [ 24.547856] krealloc_large_more_oob+0x20/0x38 [ 24.547977] kunit_try_run_case+0x170/0x3f0 [ 24.548170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.548355] kthread+0x328/0x630 [ 24.548622] ret_from_fork+0x10/0x20 [ 24.548799] [ 24.548924] The buggy address belongs to the physical page: [ 24.549062] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077b4 [ 24.549187] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.549350] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.550709] page_type: f8(unknown) [ 24.550826] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.550959] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.551097] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.551227] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.551360] head: 0bfffe0000000002 ffffc1ffc31ded01 00000000ffffffff 00000000ffffffff [ 24.551500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.552381] page dumped because: kasan: bad access detected [ 24.552469] [ 24.552519] Memory state around the buggy address: [ 24.552592] fff00000c77b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.552697] fff00000c77b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.552799] >fff00000c77b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.553777] ^ [ 24.553876] fff00000c77b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.553980] fff00000c77b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.554127] ================================================================== [ 24.525336] ================================================================== [ 24.526320] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.527917] Write of size 1 at addr fff00000c77b60eb by task kunit_try_catch/161 [ 24.528041] [ 24.528960] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.529660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.529769] Hardware name: linux,dummy-virt (DT) [ 24.529986] Call trace: [ 24.530099] show_stack+0x20/0x38 (C) [ 24.530787] dump_stack_lvl+0x8c/0xd0 [ 24.531417] print_report+0x118/0x608 [ 24.531790] kasan_report+0xdc/0x128 [ 24.532509] __asan_report_store1_noabort+0x20/0x30 [ 24.532937] krealloc_more_oob_helper+0x60c/0x678 [ 24.533063] krealloc_large_more_oob+0x20/0x38 [ 24.534488] kunit_try_run_case+0x170/0x3f0 [ 24.534800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.535262] kthread+0x328/0x630 [ 24.535382] ret_from_fork+0x10/0x20 [ 24.535514] [ 24.535565] The buggy address belongs to the physical page: [ 24.535640] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077b4 [ 24.535789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.536345] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.536503] page_type: f8(unknown) [ 24.536626] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.536769] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.536901] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.537027] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.537158] head: 0bfffe0000000002 ffffc1ffc31ded01 00000000ffffffff 00000000ffffffff [ 24.537934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.538095] page dumped because: kasan: bad access detected [ 24.538214] [ 24.538291] Memory state around the buggy address: [ 24.538368] fff00000c77b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.538471] fff00000c77b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.538568] >fff00000c77b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.538743] ^ [ 24.538851] fff00000c77b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.538964] fff00000c77b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.539065] ================================================================== [ 24.364218] ================================================================== [ 24.364362] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.364496] Write of size 1 at addr fff00000c5fb1eeb by task kunit_try_catch/157 [ 24.364607] [ 24.364705] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.364898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.364959] Hardware name: linux,dummy-virt (DT) [ 24.365030] Call trace: [ 24.365094] show_stack+0x20/0x38 (C) [ 24.365482] dump_stack_lvl+0x8c/0xd0 [ 24.365964] print_report+0x118/0x608 [ 24.366604] kasan_report+0xdc/0x128 [ 24.366822] __asan_report_store1_noabort+0x20/0x30 [ 24.366975] krealloc_more_oob_helper+0x60c/0x678 [ 24.367135] krealloc_more_oob+0x20/0x38 [ 24.367413] kunit_try_run_case+0x170/0x3f0 [ 24.367548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.367847] kthread+0x328/0x630 [ 24.368063] ret_from_fork+0x10/0x20 [ 24.368384] [ 24.368449] Allocated by task 157: [ 24.368641] kasan_save_stack+0x3c/0x68 [ 24.368968] kasan_save_track+0x20/0x40 [ 24.369071] kasan_save_alloc_info+0x40/0x58 [ 24.369633] __kasan_krealloc+0x118/0x178 [ 24.369777] krealloc_noprof+0x128/0x360 [ 24.369889] krealloc_more_oob_helper+0x168/0x678 [ 24.370002] krealloc_more_oob+0x20/0x38 [ 24.370554] kunit_try_run_case+0x170/0x3f0 [ 24.370783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.371161] kthread+0x328/0x630 [ 24.371241] ret_from_fork+0x10/0x20 [ 24.371333] [ 24.371382] The buggy address belongs to the object at fff00000c5fb1e00 [ 24.371382] which belongs to the cache kmalloc-256 of size 256 [ 24.371570] The buggy address is located 0 bytes to the right of [ 24.371570] allocated 235-byte region [fff00000c5fb1e00, fff00000c5fb1eeb) [ 24.371751] [ 24.371806] The buggy address belongs to the physical page: [ 24.371873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb0 [ 24.371993] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.372229] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.372361] page_type: f5(slab) [ 24.372457] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.372591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.372802] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.372983] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.373282] head: 0bfffe0000000001 ffffc1ffc317ec01 00000000ffffffff 00000000ffffffff [ 24.373604] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.373750] page dumped because: kasan: bad access detected [ 24.373834] [ 24.373886] Memory state around the buggy address: [ 24.373971] fff00000c5fb1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.374083] fff00000c5fb1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.374197] >fff00000c5fb1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.374299] ^ [ 24.374401] fff00000c5fb1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.374513] fff00000c5fb1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.374604] ================================================================== [ 24.375995] ================================================================== [ 24.376092] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.376201] Write of size 1 at addr fff00000c5fb1ef0 by task kunit_try_catch/157 [ 24.376315] [ 24.376380] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.376564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.376625] Hardware name: linux,dummy-virt (DT) [ 24.376716] Call trace: [ 24.376769] show_stack+0x20/0x38 (C) [ 24.376886] dump_stack_lvl+0x8c/0xd0 [ 24.377030] print_report+0x118/0x608 [ 24.377169] kasan_report+0xdc/0x128 [ 24.377323] __asan_report_store1_noabort+0x20/0x30 [ 24.377463] krealloc_more_oob_helper+0x5c0/0x678 [ 24.377606] krealloc_more_oob+0x20/0x38 [ 24.377759] kunit_try_run_case+0x170/0x3f0 [ 24.377901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.378047] kthread+0x328/0x630 [ 24.378165] ret_from_fork+0x10/0x20 [ 24.378292] [ 24.378337] Allocated by task 157: [ 24.378458] kasan_save_stack+0x3c/0x68 [ 24.379289] kasan_save_track+0x20/0x40 [ 24.379482] kasan_save_alloc_info+0x40/0x58 [ 24.380116] __kasan_krealloc+0x118/0x178 [ 24.381021] krealloc_noprof+0x128/0x360 [ 24.381591] krealloc_more_oob_helper+0x168/0x678 [ 24.382978] krealloc_more_oob+0x20/0x38 [ 24.383462] kunit_try_run_case+0x170/0x3f0 [ 24.384592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.384739] kthread+0x328/0x630 [ 24.384842] ret_from_fork+0x10/0x20 [ 24.385465] [ 24.385934] The buggy address belongs to the object at fff00000c5fb1e00 [ 24.385934] which belongs to the cache kmalloc-256 of size 256 [ 24.386606] The buggy address is located 5 bytes to the right of [ 24.386606] allocated 235-byte region [fff00000c5fb1e00, fff00000c5fb1eeb) [ 24.387109] [ 24.387350] The buggy address belongs to the physical page: [ 24.387433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb0 [ 24.387558] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.388041] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.388237] page_type: f5(slab) [ 24.388333] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.388445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.388559] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.388670] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.388809] head: 0bfffe0000000001 ffffc1ffc317ec01 00000000ffffffff 00000000ffffffff [ 24.388920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.389027] page dumped because: kasan: bad access detected [ 24.389124] [ 24.389170] Memory state around the buggy address: [ 24.389274] fff00000c5fb1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.389375] fff00000c5fb1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.389473] >fff00000c5fb1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.389563] ^ [ 24.389664] fff00000c5fb1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.389783] fff00000c5fb1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.390343] ==================================================================
[ 17.615857] ================================================================== [ 17.617653] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.618617] Write of size 1 at addr ffff8881024ce0eb by task kunit_try_catch/177 [ 17.619628] [ 17.619835] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 17.619901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.619917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.619945] Call Trace: [ 17.619963] <TASK> [ 17.619983] dump_stack_lvl+0x73/0xb0 [ 17.620020] print_report+0xd1/0x650 [ 17.620077] ? __virt_addr_valid+0x1db/0x2d0 [ 17.620114] ? krealloc_more_oob_helper+0x821/0x930 [ 17.620148] ? kasan_addr_to_slab+0x11/0xa0 [ 17.621264] ? krealloc_more_oob_helper+0x821/0x930 [ 17.621314] kasan_report+0x141/0x180 [ 17.621349] ? krealloc_more_oob_helper+0x821/0x930 [ 17.621390] __asan_report_store1_noabort+0x1b/0x30 [ 17.621420] krealloc_more_oob_helper+0x821/0x930 [ 17.621453] ? __schedule+0x10cc/0x2b60 [ 17.621488] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.621524] ? finish_task_switch.isra.0+0x153/0x700 [ 17.621555] ? __switch_to+0x47/0xf50 [ 17.621590] ? __schedule+0x10cc/0x2b60 [ 17.621622] ? __pfx_read_tsc+0x10/0x10 [ 17.621655] krealloc_large_more_oob+0x1c/0x30 [ 17.621688] kunit_try_run_case+0x1a5/0x480 [ 17.621716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.621743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.621796] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.621840] ? __kthread_parkme+0x82/0x180 [ 17.621869] ? preempt_count_sub+0x50/0x80 [ 17.621899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.621927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.621963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.621997] kthread+0x337/0x6f0 [ 17.622024] ? trace_preempt_on+0x20/0xc0 [ 17.622085] ? __pfx_kthread+0x10/0x10 [ 17.622116] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.622148] ? calculate_sigpending+0x7b/0xa0 [ 17.622272] ? __pfx_kthread+0x10/0x10 [ 17.622320] ret_from_fork+0x116/0x1d0 [ 17.622347] ? __pfx_kthread+0x10/0x10 [ 17.622376] ret_from_fork_asm+0x1a/0x30 [ 17.622417] </TASK> [ 17.622432] [ 17.642588] The buggy address belongs to the physical page: [ 17.643274] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024cc [ 17.644029] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.644895] flags: 0x200000000000040(head|node=0|zone=2) [ 17.645474] page_type: f8(unknown) [ 17.645880] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.646927] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.647535] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.648092] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.649365] head: 0200000000000002 ffffea0004093301 00000000ffffffff 00000000ffffffff [ 17.650840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.651637] page dumped because: kasan: bad access detected [ 17.652128] [ 17.652374] Memory state around the buggy address: [ 17.652930] ffff8881024cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.653642] ffff8881024ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.654661] >ffff8881024ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.655316] ^ [ 17.656061] ffff8881024ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.656900] ffff8881024ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.657669] ================================================================== [ 17.226083] ================================================================== [ 17.226711] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.227624] Write of size 1 at addr ffff8881003564f0 by task kunit_try_catch/173 [ 17.228406] [ 17.228759] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 17.228882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.228918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.228975] Call Trace: [ 17.229012] <TASK> [ 17.229091] dump_stack_lvl+0x73/0xb0 [ 17.229292] print_report+0xd1/0x650 [ 17.229373] ? __virt_addr_valid+0x1db/0x2d0 [ 17.229452] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.229549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.229656] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.229741] kasan_report+0x141/0x180 [ 17.229818] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.229910] __asan_report_store1_noabort+0x1b/0x30 [ 17.229945] krealloc_more_oob_helper+0x7eb/0x930 [ 17.229979] ? __schedule+0x10cc/0x2b60 [ 17.230014] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.230074] ? finish_task_switch.isra.0+0x153/0x700 [ 17.230110] ? __switch_to+0x47/0xf50 [ 17.230146] ? __schedule+0x10cc/0x2b60 [ 17.230261] ? __pfx_read_tsc+0x10/0x10 [ 17.230315] krealloc_more_oob+0x1c/0x30 [ 17.230348] kunit_try_run_case+0x1a5/0x480 [ 17.230378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.230404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.230439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.230474] ? __kthread_parkme+0x82/0x180 [ 17.230502] ? preempt_count_sub+0x50/0x80 [ 17.230533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.230561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.230595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.230629] kthread+0x337/0x6f0 [ 17.230655] ? trace_preempt_on+0x20/0xc0 [ 17.230687] ? __pfx_kthread+0x10/0x10 [ 17.230715] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.230746] ? calculate_sigpending+0x7b/0xa0 [ 17.230798] ? __pfx_kthread+0x10/0x10 [ 17.230837] ret_from_fork+0x116/0x1d0 [ 17.230861] ? __pfx_kthread+0x10/0x10 [ 17.230889] ret_from_fork_asm+0x1a/0x30 [ 17.230930] </TASK> [ 17.230944] [ 17.248737] Allocated by task 173: [ 17.249027] kasan_save_stack+0x45/0x70 [ 17.249486] kasan_save_track+0x18/0x40 [ 17.249924] kasan_save_alloc_info+0x3b/0x50 [ 17.251126] __kasan_krealloc+0x190/0x1f0 [ 17.251635] krealloc_noprof+0xf3/0x340 [ 17.252075] krealloc_more_oob_helper+0x1a9/0x930 [ 17.252994] krealloc_more_oob+0x1c/0x30 [ 17.253499] kunit_try_run_case+0x1a5/0x480 [ 17.253835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.254308] kthread+0x337/0x6f0 [ 17.254776] ret_from_fork+0x116/0x1d0 [ 17.255688] ret_from_fork_asm+0x1a/0x30 [ 17.256899] [ 17.257662] The buggy address belongs to the object at ffff888100356400 [ 17.257662] which belongs to the cache kmalloc-256 of size 256 [ 17.260066] The buggy address is located 5 bytes to the right of [ 17.260066] allocated 235-byte region [ffff888100356400, ffff8881003564eb) [ 17.261116] [ 17.261466] The buggy address belongs to the physical page: [ 17.262127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 17.262866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.263504] flags: 0x200000000000040(head|node=0|zone=2) [ 17.264303] page_type: f5(slab) [ 17.264679] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.265370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.266461] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.267426] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.268164] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 17.268891] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.269602] page dumped because: kasan: bad access detected [ 17.270687] [ 17.270940] Memory state around the buggy address: [ 17.271342] ffff888100356380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.272023] ffff888100356400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.272956] >ffff888100356480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.273664] ^ [ 17.274289] ffff888100356500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.274976] ffff888100356580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.275878] ================================================================== [ 17.658994] ================================================================== [ 17.659595] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.660343] Write of size 1 at addr ffff8881024ce0f0 by task kunit_try_catch/177 [ 17.661176] [ 17.661398] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 17.661522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.661687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.661779] Call Trace: [ 17.661821] <TASK> [ 17.661868] dump_stack_lvl+0x73/0xb0 [ 17.661948] print_report+0xd1/0x650 [ 17.662081] ? __virt_addr_valid+0x1db/0x2d0 [ 17.662162] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.662241] ? kasan_addr_to_slab+0x11/0xa0 [ 17.662319] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.662399] kasan_report+0x141/0x180 [ 17.662474] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.662563] __asan_report_store1_noabort+0x1b/0x30 [ 17.662638] krealloc_more_oob_helper+0x7eb/0x930 [ 17.662712] ? __schedule+0x10cc/0x2b60 [ 17.663155] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.663240] ? finish_task_switch.isra.0+0x153/0x700 [ 17.663317] ? __switch_to+0x47/0xf50 [ 17.663397] ? __schedule+0x10cc/0x2b60 [ 17.663477] ? __pfx_read_tsc+0x10/0x10 [ 17.663525] krealloc_large_more_oob+0x1c/0x30 [ 17.663559] kunit_try_run_case+0x1a5/0x480 [ 17.663588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.663616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.663650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.663687] ? __kthread_parkme+0x82/0x180 [ 17.663715] ? preempt_count_sub+0x50/0x80 [ 17.663745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.663803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.663843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.663878] kthread+0x337/0x6f0 [ 17.663905] ? trace_preempt_on+0x20/0xc0 [ 17.663937] ? __pfx_kthread+0x10/0x10 [ 17.663966] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.663998] ? calculate_sigpending+0x7b/0xa0 [ 17.664032] ? __pfx_kthread+0x10/0x10 [ 17.664089] ret_from_fork+0x116/0x1d0 [ 17.664115] ? __pfx_kthread+0x10/0x10 [ 17.664143] ret_from_fork_asm+0x1a/0x30 [ 17.664242] </TASK> [ 17.664286] [ 17.683569] The buggy address belongs to the physical page: [ 17.684678] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024cc [ 17.685576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.686558] flags: 0x200000000000040(head|node=0|zone=2) [ 17.687078] page_type: f8(unknown) [ 17.687792] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.688824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.689707] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.690712] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.691685] head: 0200000000000002 ffffea0004093301 00000000ffffffff 00000000ffffffff [ 17.692533] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.694129] page dumped because: kasan: bad access detected [ 17.694768] [ 17.695082] Memory state around the buggy address: [ 17.695548] ffff8881024cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.696535] ffff8881024ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.697663] >ffff8881024ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.698455] ^ [ 17.698689] ffff8881024ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.699969] ffff8881024ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.700731] ================================================================== [ 17.173903] ================================================================== [ 17.174514] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.174821] Write of size 1 at addr ffff8881003564eb by task kunit_try_catch/173 [ 17.175116] [ 17.175960] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 17.176105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.176144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.176203] Call Trace: [ 17.176242] <TASK> [ 17.176290] dump_stack_lvl+0x73/0xb0 [ 17.176373] print_report+0xd1/0x650 [ 17.176555] ? __virt_addr_valid+0x1db/0x2d0 [ 17.176634] ? krealloc_more_oob_helper+0x821/0x930 [ 17.176708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.176825] ? krealloc_more_oob_helper+0x821/0x930 [ 17.176908] kasan_report+0x141/0x180 [ 17.176982] ? krealloc_more_oob_helper+0x821/0x930 [ 17.177085] __asan_report_store1_noabort+0x1b/0x30 [ 17.177127] krealloc_more_oob_helper+0x821/0x930 [ 17.177165] ? __schedule+0x10cc/0x2b60 [ 17.177297] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.177336] ? finish_task_switch.isra.0+0x153/0x700 [ 17.177369] ? __switch_to+0x47/0xf50 [ 17.177405] ? __schedule+0x10cc/0x2b60 [ 17.177437] ? __pfx_read_tsc+0x10/0x10 [ 17.177472] krealloc_more_oob+0x1c/0x30 [ 17.177505] kunit_try_run_case+0x1a5/0x480 [ 17.177536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.177563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.177598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.177632] ? __kthread_parkme+0x82/0x180 [ 17.177660] ? preempt_count_sub+0x50/0x80 [ 17.177690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.177718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.177752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.177820] kthread+0x337/0x6f0 [ 17.177853] ? trace_preempt_on+0x20/0xc0 [ 17.177889] ? __pfx_kthread+0x10/0x10 [ 17.177919] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.177951] ? calculate_sigpending+0x7b/0xa0 [ 17.177985] ? __pfx_kthread+0x10/0x10 [ 17.178015] ret_from_fork+0x116/0x1d0 [ 17.178039] ? __pfx_kthread+0x10/0x10 [ 17.178095] ret_from_fork_asm+0x1a/0x30 [ 17.178138] </TASK> [ 17.178153] [ 17.196701] Allocated by task 173: [ 17.197110] kasan_save_stack+0x45/0x70 [ 17.197661] kasan_save_track+0x18/0x40 [ 17.199135] kasan_save_alloc_info+0x3b/0x50 [ 17.200108] __kasan_krealloc+0x190/0x1f0 [ 17.200513] krealloc_noprof+0xf3/0x340 [ 17.201424] krealloc_more_oob_helper+0x1a9/0x930 [ 17.201982] krealloc_more_oob+0x1c/0x30 [ 17.202598] kunit_try_run_case+0x1a5/0x480 [ 17.203249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.203823] kthread+0x337/0x6f0 [ 17.204205] ret_from_fork+0x116/0x1d0 [ 17.204728] ret_from_fork_asm+0x1a/0x30 [ 17.205103] [ 17.205754] The buggy address belongs to the object at ffff888100356400 [ 17.205754] which belongs to the cache kmalloc-256 of size 256 [ 17.207114] The buggy address is located 0 bytes to the right of [ 17.207114] allocated 235-byte region [ffff888100356400, ffff8881003564eb) [ 17.208596] [ 17.208767] The buggy address belongs to the physical page: [ 17.209721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 17.210780] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.211412] flags: 0x200000000000040(head|node=0|zone=2) [ 17.211941] page_type: f5(slab) [ 17.212490] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.213904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.214740] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.215026] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.215924] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 17.217391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.217977] page dumped because: kasan: bad access detected [ 17.218481] [ 17.218714] Memory state around the buggy address: [ 17.219123] ffff888100356380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.219667] ffff888100356400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.220567] >ffff888100356480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.221454] ^ [ 17.222535] ffff888100356500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.223436] ffff888100356580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.224130] ==================================================================
[ 51.025756] ================================================================== [ 51.033020] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x72c/0x808 [ 51.040649] Write of size 1 at addr cc74e0f0 by task kunit_try_catch/212 [ 51.047393] [ 51.048919] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 51.048919] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 51.048950] Hardware name: Generic DRA74X (Flattened Device Tree) [ 51.048950] Call trace: [ 51.048950] unwind_backtrace from show_stack+0x18/0x1c [ 51.048980] show_stack from dump_stack_lvl+0x70/0x90 [ 51.049011] dump_stack_lvl from print_report+0x158/0x528 [ 51.049041] print_report from kasan_report+0xdc/0x118 [ 51.049041] kasan_report from krealloc_more_oob_helper+0x72c/0x808 [ 51.049072] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 51.049102] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 51.049133] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 51.049163] kthread from ret_from_fork+0x14/0x20 [ 51.049163] Exception stack(0xf222bfb0 to 0xf222bff8) [ 51.049194] bfa0: 00000000 00000000 00000000 00000000 [ 51.049194] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 51.049224] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 51.049224] [ 51.156188] The buggy address belongs to the physical page: [ 51.161804] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c74c [ 51.169067] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.176788] flags: 0x40(head|zone=0) [ 51.180389] page_type: f8(unknown) [ 51.183807] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.191955] raw: 00000000 [ 51.194610] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.202819] head: 00000000 00000002 eebbf6b1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 51.211059] head: 00000000 00000004 [ 51.214569] page dumped because: kasan: bad access detected [ 51.220184] [ 51.221679] Memory state around the buggy address: [ 51.226501] cc74df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.233062] cc74e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.239654] >cc74e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 51.246215] ^ [ 51.252441] cc74e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.259002] cc74e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.265563] ================================================================== [ 48.599609] ================================================================== [ 48.610473] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x77c/0x808 [ 48.618103] Write of size 1 at addr cb2c3ceb by task kunit_try_catch/208 [ 48.624847] [ 48.626373] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 48.626403] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 48.626403] Hardware name: Generic DRA74X (Flattened Device Tree) [ 48.626403] Call trace: [ 48.626403] unwind_backtrace from show_stack+0x18/0x1c [ 48.626434] show_stack from dump_stack_lvl+0x70/0x90 [ 48.626464] dump_stack_lvl from print_report+0x158/0x528 [ 48.626495] print_report from kasan_report+0xdc/0x118 [ 48.626525] kasan_report from krealloc_more_oob_helper+0x77c/0x808 [ 48.626525] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 48.626556] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 48.626586] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 48.626617] kthread from ret_from_fork+0x14/0x20 [ 48.626647] Exception stack(0xf2213fb0 to 0xf2213ff8) [ 48.626647] 3fa0: 00000000 00000000 00000000 00000000 [ 48.626678] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 48.626678] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 48.626678] [ 48.733673] Allocated by task 208: [ 48.737091] kasan_save_track+0x30/0x5c [ 48.740936] __kasan_krealloc+0xf4/0x140 [ 48.744903] krealloc_noprof+0x104/0x2e4 [ 48.748870] krealloc_more_oob_helper+0x1e0/0x808 [ 48.753601] kunit_try_run_case+0x22c/0x5a8 [ 48.757812] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 48.763336] kthread+0x464/0x810 [ 48.766601] ret_from_fork+0x14/0x20 [ 48.770202] [ 48.771697] The buggy address belongs to the object at cb2c3c00 [ 48.771697] which belongs to the cache kmalloc-256 of size 256 [ 48.783599] The buggy address is located 0 bytes to the right of [ 48.783599] allocated 235-byte region [cb2c3c00, cb2c3ceb) [ 48.795227] [ 48.796752] The buggy address belongs to the physical page: [ 48.802337] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2c2 [ 48.809631] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.817321] flags: 0x40(head|zone=0) [ 48.820922] page_type: f5(slab) [ 48.824096] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 48.832244] raw: 00000000 [ 48.834869] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 48.843109] head: 00000000 00000001 eeb91349 ffffffff 00000000 ffffffff 00000000 ffffffff [ 48.851348] head: 00000000 00000002 [ 48.854858] page dumped because: kasan: bad access detected [ 48.860473] [ 48.861968] Memory state around the buggy address: [ 48.866790] cb2c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.873352] cb2c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.879943] >cb2c3c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 48.886505] ^ [ 48.892456] cb2c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.899017] cb2c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.905609] ================================================================== [ 50.774871] ================================================================== [ 50.785980] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x77c/0x808 [ 50.793609] Write of size 1 at addr cc74e0eb by task kunit_try_catch/212 [ 50.800354] [ 50.801879] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 50.801910] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.801910] Hardware name: Generic DRA74X (Flattened Device Tree) [ 50.801910] Call trace: [ 50.801910] unwind_backtrace from show_stack+0x18/0x1c [ 50.801940] show_stack from dump_stack_lvl+0x70/0x90 [ 50.801971] dump_stack_lvl from print_report+0x158/0x528 [ 50.802001] print_report from kasan_report+0xdc/0x118 [ 50.802032] kasan_report from krealloc_more_oob_helper+0x77c/0x808 [ 50.802032] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 50.802062] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.802093] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 50.802124] kthread from ret_from_fork+0x14/0x20 [ 50.802154] Exception stack(0xf222bfb0 to 0xf222bff8) [ 50.802154] bfa0: 00000000 00000000 00000000 00000000 [ 50.802185] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 50.802185] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 50.802185] [ 50.909149] The buggy address belongs to the physical page: [ 50.914764] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c74c [ 50.922027] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.929748] flags: 0x40(head|zone=0) [ 50.933349] page_type: f8(unknown) [ 50.936767] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 50.944915] raw: 00000000 [ 50.947570] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 50.955810] head: 00000000 00000002 eebbf6b1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 50.964019] head: 00000000 00000004 [ 50.967529] page dumped because: kasan: bad access detected [ 50.973144] [ 50.974639] Memory state around the buggy address: [ 50.979461] cc74df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.986022] cc74e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.992614] >cc74e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 50.999176] ^ [ 51.005126] cc74e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.011688] cc74e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.018280] ================================================================== [ 48.913116] ================================================================== [ 48.920379] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x72c/0x808 [ 48.928009] Write of size 1 at addr cb2c3cf0 by task kunit_try_catch/208 [ 48.934753] [ 48.936248] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 48.936279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 48.936279] Hardware name: Generic DRA74X (Flattened Device Tree) [ 48.936309] Call trace: [ 48.936309] unwind_backtrace from show_stack+0x18/0x1c [ 48.936340] show_stack from dump_stack_lvl+0x70/0x90 [ 48.936340] dump_stack_lvl from print_report+0x158/0x528 [ 48.936370] print_report from kasan_report+0xdc/0x118 [ 48.936401] kasan_report from krealloc_more_oob_helper+0x72c/0x808 [ 48.936431] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 48.936462] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 48.936462] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 48.936492] kthread from ret_from_fork+0x14/0x20 [ 48.936523] Exception stack(0xf2213fb0 to 0xf2213ff8) [ 48.936523] 3fa0: 00000000 00000000 00000000 00000000 [ 48.936553] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 48.936553] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 48.936584] [ 49.043548] Allocated by task 208: [ 49.046966] kasan_save_track+0x30/0x5c [ 49.050842] __kasan_krealloc+0xf4/0x140 [ 49.054779] krealloc_noprof+0x104/0x2e4 [ 49.058746] krealloc_more_oob_helper+0x1e0/0x808 [ 49.063476] kunit_try_run_case+0x22c/0x5a8 [ 49.067687] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.073242] kthread+0x464/0x810 [ 49.076477] ret_from_fork+0x14/0x20 [ 49.080078] [ 49.081573] The buggy address belongs to the object at cb2c3c00 [ 49.081573] which belongs to the cache kmalloc-256 of size 256 [ 49.093475] The buggy address is located 5 bytes to the right of [ 49.093475] allocated 235-byte region [cb2c3c00, cb2c3ceb) [ 49.105133] [ 49.106628] The buggy address belongs to the physical page: [ 49.112243] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2c2 [ 49.119506] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.127197] flags: 0x40(head|zone=0) [ 49.130798] page_type: f5(slab) [ 49.133972] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.142120] raw: 00000000 [ 49.144775] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.152984] head: 00000000 00000001 eeb91349 ffffffff 00000000 ffffffff 00000000 ffffffff [ 49.161224] head: 00000000 00000002 [ 49.164733] page dumped because: kasan: bad access detected [ 49.170349] [ 49.171844] Memory state around the buggy address: [ 49.176666] cb2c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.183227] cb2c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.189819] >cb2c3c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 49.196380] ^ [ 49.202606] cb2c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.209167] cb2c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.215728] ==================================================================