Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.229614] ================================================================== [ 18.229674] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 18.229941] Write of size 1 at addr fff00000c18288ea by task kunit_try_catch/158 [ 18.230039] [ 18.230094] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.230205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.230235] Hardware name: linux,dummy-virt (DT) [ 18.230381] Call trace: [ 18.230437] show_stack+0x20/0x38 (C) [ 18.230578] dump_stack_lvl+0x8c/0xd0 [ 18.230634] print_report+0x118/0x608 [ 18.230763] kasan_report+0xdc/0x128 [ 18.230816] __asan_report_store1_noabort+0x20/0x30 [ 18.230863] krealloc_less_oob_helper+0xae4/0xc50 [ 18.231144] krealloc_less_oob+0x20/0x38 [ 18.231230] kunit_try_run_case+0x170/0x3f0 [ 18.231319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.231470] kthread+0x328/0x630 [ 18.231515] ret_from_fork+0x10/0x20 [ 18.231826] [ 18.231892] Allocated by task 158: [ 18.231977] kasan_save_stack+0x3c/0x68 [ 18.232107] kasan_save_track+0x20/0x40 [ 18.232185] kasan_save_alloc_info+0x40/0x58 [ 18.232362] __kasan_krealloc+0x118/0x178 [ 18.232542] krealloc_noprof+0x128/0x360 [ 18.232607] krealloc_less_oob_helper+0x168/0xc50 [ 18.232728] krealloc_less_oob+0x20/0x38 [ 18.232776] kunit_try_run_case+0x170/0x3f0 [ 18.233048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.233144] kthread+0x328/0x630 [ 18.233477] ret_from_fork+0x10/0x20 [ 18.233555] [ 18.233594] The buggy address belongs to the object at fff00000c1828800 [ 18.233594] which belongs to the cache kmalloc-256 of size 256 [ 18.233818] The buggy address is located 33 bytes to the right of [ 18.233818] allocated 201-byte region [fff00000c1828800, fff00000c18288c9) [ 18.234012] [ 18.234091] The buggy address belongs to the physical page: [ 18.234169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.234221] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.234525] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.234619] page_type: f5(slab) [ 18.234709] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.234761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.235097] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.235182] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.235296] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.235405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.235458] page dumped because: kasan: bad access detected [ 18.235489] [ 18.235863] Memory state around the buggy address: [ 18.236220] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.236302] fff00000c1828800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.236405] >fff00000c1828880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.236492] ^ [ 18.236617] fff00000c1828900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.236669] fff00000c1828980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.236725] ================================================================== [ 18.290061] ================================================================== [ 18.290106] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 18.290155] Write of size 1 at addr fff00000c647e0ea by task kunit_try_catch/162 [ 18.290205] [ 18.290269] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.290353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.290385] Hardware name: linux,dummy-virt (DT) [ 18.290417] Call trace: [ 18.290789] show_stack+0x20/0x38 (C) [ 18.290880] dump_stack_lvl+0x8c/0xd0 [ 18.290968] print_report+0x118/0x608 [ 18.291036] kasan_report+0xdc/0x128 [ 18.291083] __asan_report_store1_noabort+0x20/0x30 [ 18.291131] krealloc_less_oob_helper+0xae4/0xc50 [ 18.291181] krealloc_large_less_oob+0x20/0x38 [ 18.291228] kunit_try_run_case+0x170/0x3f0 [ 18.291276] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.291846] kthread+0x328/0x630 [ 18.291957] ret_from_fork+0x10/0x20 [ 18.292100] [ 18.292150] The buggy address belongs to the physical page: [ 18.292209] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10647c [ 18.292299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.292399] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.292465] page_type: f8(unknown) [ 18.292503] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.292553] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.292603] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.292991] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.293061] head: 0bfffe0000000002 ffffc1ffc3191f01 00000000ffffffff 00000000ffffffff [ 18.293134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.293213] page dumped because: kasan: bad access detected [ 18.293279] [ 18.293343] Memory state around the buggy address: [ 18.293442] fff00000c647df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.293523] fff00000c647e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.293627] >fff00000c647e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.293719] ^ [ 18.293801] fff00000c647e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.293869] fff00000c647e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.293907] ================================================================== [ 18.214003] ================================================================== [ 18.214051] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 18.214282] Write of size 1 at addr fff00000c18288d0 by task kunit_try_catch/158 [ 18.214366] [ 18.214506] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.214677] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.214725] Hardware name: linux,dummy-virt (DT) [ 18.214773] Call trace: [ 18.214913] show_stack+0x20/0x38 (C) [ 18.214967] dump_stack_lvl+0x8c/0xd0 [ 18.215045] print_report+0x118/0x608 [ 18.215093] kasan_report+0xdc/0x128 [ 18.215138] __asan_report_store1_noabort+0x20/0x30 [ 18.215314] krealloc_less_oob_helper+0xb9c/0xc50 [ 18.215413] krealloc_less_oob+0x20/0x38 [ 18.215582] kunit_try_run_case+0x170/0x3f0 [ 18.215736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.215846] kthread+0x328/0x630 [ 18.215939] ret_from_fork+0x10/0x20 [ 18.216067] [ 18.216115] Allocated by task 158: [ 18.216143] kasan_save_stack+0x3c/0x68 [ 18.216230] kasan_save_track+0x20/0x40 [ 18.216480] kasan_save_alloc_info+0x40/0x58 [ 18.216744] __kasan_krealloc+0x118/0x178 [ 18.216896] krealloc_noprof+0x128/0x360 [ 18.217061] krealloc_less_oob_helper+0x168/0xc50 [ 18.217151] krealloc_less_oob+0x20/0x38 [ 18.217213] kunit_try_run_case+0x170/0x3f0 [ 18.217251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.217572] kthread+0x328/0x630 [ 18.217711] ret_from_fork+0x10/0x20 [ 18.217803] [ 18.217858] The buggy address belongs to the object at fff00000c1828800 [ 18.217858] which belongs to the cache kmalloc-256 of size 256 [ 18.218025] The buggy address is located 7 bytes to the right of [ 18.218025] allocated 201-byte region [fff00000c1828800, fff00000c18288c9) [ 18.218416] [ 18.218472] The buggy address belongs to the physical page: [ 18.218537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.218670] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.218760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.218916] page_type: f5(slab) [ 18.218984] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.219111] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.219160] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.219239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.219468] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.219641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.219714] page dumped because: kasan: bad access detected [ 18.219771] [ 18.219858] Memory state around the buggy address: [ 18.219918] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.219981] fff00000c1828800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.220093] >fff00000c1828880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.220137] ^ [ 18.220173] fff00000c1828900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.220477] fff00000c1828980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.220592] ================================================================== [ 18.209022] ================================================================== [ 18.209084] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 18.209378] Write of size 1 at addr fff00000c18288c9 by task kunit_try_catch/158 [ 18.209526] [ 18.209612] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.209779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.209807] Hardware name: linux,dummy-virt (DT) [ 18.209855] Call trace: [ 18.209884] show_stack+0x20/0x38 (C) [ 18.209981] dump_stack_lvl+0x8c/0xd0 [ 18.210031] print_report+0x118/0x608 [ 18.210228] kasan_report+0xdc/0x128 [ 18.210308] __asan_report_store1_noabort+0x20/0x30 [ 18.210452] krealloc_less_oob_helper+0xa48/0xc50 [ 18.210505] krealloc_less_oob+0x20/0x38 [ 18.210550] kunit_try_run_case+0x170/0x3f0 [ 18.210645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.210709] kthread+0x328/0x630 [ 18.210756] ret_from_fork+0x10/0x20 [ 18.210806] [ 18.210824] Allocated by task 158: [ 18.210852] kasan_save_stack+0x3c/0x68 [ 18.210902] kasan_save_track+0x20/0x40 [ 18.210938] kasan_save_alloc_info+0x40/0x58 [ 18.210977] __kasan_krealloc+0x118/0x178 [ 18.211014] krealloc_noprof+0x128/0x360 [ 18.211059] krealloc_less_oob_helper+0x168/0xc50 [ 18.211097] krealloc_less_oob+0x20/0x38 [ 18.211132] kunit_try_run_case+0x170/0x3f0 [ 18.211183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.211225] kthread+0x328/0x630 [ 18.211264] ret_from_fork+0x10/0x20 [ 18.211298] [ 18.211322] The buggy address belongs to the object at fff00000c1828800 [ 18.211322] which belongs to the cache kmalloc-256 of size 256 [ 18.211828] The buggy address is located 0 bytes to the right of [ 18.211828] allocated 201-byte region [fff00000c1828800, fff00000c18288c9) [ 18.211898] [ 18.211952] The buggy address belongs to the physical page: [ 18.211984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.212212] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.212327] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.212384] page_type: f5(slab) [ 18.212482] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.212543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.212602] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.212656] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.212714] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.212767] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.212805] page dumped because: kasan: bad access detected [ 18.212858] [ 18.212876] Memory state around the buggy address: [ 18.212920] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.212962] fff00000c1828800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.213003] >fff00000c1828880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.213054] ^ [ 18.213102] fff00000c1828900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.213158] fff00000c1828980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.213194] ================================================================== [ 18.221721] ================================================================== [ 18.222122] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 18.222177] Write of size 1 at addr fff00000c18288da by task kunit_try_catch/158 [ 18.222227] [ 18.222256] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.222336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.222371] Hardware name: linux,dummy-virt (DT) [ 18.222401] Call trace: [ 18.222438] show_stack+0x20/0x38 (C) [ 18.222497] dump_stack_lvl+0x8c/0xd0 [ 18.222554] print_report+0x118/0x608 [ 18.222600] kasan_report+0xdc/0x128 [ 18.222654] __asan_report_store1_noabort+0x20/0x30 [ 18.222703] krealloc_less_oob_helper+0xa80/0xc50 [ 18.222751] krealloc_less_oob+0x20/0x38 [ 18.222805] kunit_try_run_case+0x170/0x3f0 [ 18.222852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.222913] kthread+0x328/0x630 [ 18.222954] ret_from_fork+0x10/0x20 [ 18.223001] [ 18.223019] Allocated by task 158: [ 18.223052] kasan_save_stack+0x3c/0x68 [ 18.223101] kasan_save_track+0x20/0x40 [ 18.223137] kasan_save_alloc_info+0x40/0x58 [ 18.223181] __kasan_krealloc+0x118/0x178 [ 18.223217] krealloc_noprof+0x128/0x360 [ 18.223262] krealloc_less_oob_helper+0x168/0xc50 [ 18.223300] krealloc_less_oob+0x20/0x38 [ 18.223343] kunit_try_run_case+0x170/0x3f0 [ 18.223413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.223596] kthread+0x328/0x630 [ 18.224472] ret_from_fork+0x10/0x20 [ 18.224924] [ 18.224959] The buggy address belongs to the object at fff00000c1828800 [ 18.224959] which belongs to the cache kmalloc-256 of size 256 [ 18.225233] The buggy address is located 17 bytes to the right of [ 18.225233] allocated 201-byte region [fff00000c1828800, fff00000c18288c9) [ 18.225330] [ 18.225360] The buggy address belongs to the physical page: [ 18.225402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.225519] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.225565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.225656] page_type: f5(slab) [ 18.225913] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.226003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.226174] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.226224] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.226556] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.226739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.226908] page dumped because: kasan: bad access detected [ 18.227053] [ 18.227126] Memory state around the buggy address: [ 18.227176] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.227525] fff00000c1828800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.227688] >fff00000c1828880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.227743] ^ [ 18.227780] fff00000c1828900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.228124] fff00000c1828980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.228213] ================================================================== [ 18.280341] ================================================================== [ 18.280385] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 18.280453] Write of size 1 at addr fff00000c647e0d0 by task kunit_try_catch/162 [ 18.280586] [ 18.280667] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.280833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.280862] Hardware name: linux,dummy-virt (DT) [ 18.280911] Call trace: [ 18.281067] show_stack+0x20/0x38 (C) [ 18.281121] dump_stack_lvl+0x8c/0xd0 [ 18.281170] print_report+0x118/0x608 [ 18.281348] kasan_report+0xdc/0x128 [ 18.281406] __asan_report_store1_noabort+0x20/0x30 [ 18.281690] krealloc_less_oob_helper+0xb9c/0xc50 [ 18.282017] krealloc_large_less_oob+0x20/0x38 [ 18.282075] kunit_try_run_case+0x170/0x3f0 [ 18.282151] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.282255] kthread+0x328/0x630 [ 18.282298] ret_from_fork+0x10/0x20 [ 18.282346] [ 18.282717] The buggy address belongs to the physical page: [ 18.282761] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10647c [ 18.282814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.282860] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.282915] page_type: f8(unknown) [ 18.282972] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.283052] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.283117] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.283355] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.283756] head: 0bfffe0000000002 ffffc1ffc3191f01 00000000ffffffff 00000000ffffffff [ 18.283886] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.283998] page dumped because: kasan: bad access detected [ 18.284070] [ 18.284181] Memory state around the buggy address: [ 18.284270] fff00000c647df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.284583] fff00000c647e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.284688] >fff00000c647e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.284848] ^ [ 18.284950] fff00000c647e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.285116] fff00000c647e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.285196] ================================================================== [ 18.294162] ================================================================== [ 18.294209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 18.294257] Write of size 1 at addr fff00000c647e0eb by task kunit_try_catch/162 [ 18.294326] [ 18.294375] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.294498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.294526] Hardware name: linux,dummy-virt (DT) [ 18.294566] Call trace: [ 18.294606] show_stack+0x20/0x38 (C) [ 18.294795] dump_stack_lvl+0x8c/0xd0 [ 18.294856] print_report+0x118/0x608 [ 18.295104] kasan_report+0xdc/0x128 [ 18.295161] __asan_report_store1_noabort+0x20/0x30 [ 18.295210] krealloc_less_oob_helper+0xa58/0xc50 [ 18.295403] krealloc_large_less_oob+0x20/0x38 [ 18.295549] kunit_try_run_case+0x170/0x3f0 [ 18.295649] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.295742] kthread+0x328/0x630 [ 18.295877] ret_from_fork+0x10/0x20 [ 18.296001] [ 18.296072] The buggy address belongs to the physical page: [ 18.296113] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10647c [ 18.296206] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.296308] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.296399] page_type: f8(unknown) [ 18.296481] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.296542] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.296591] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.296640] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.296690] head: 0bfffe0000000002 ffffc1ffc3191f01 00000000ffffffff 00000000ffffffff [ 18.296738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.296778] page dumped because: kasan: bad access detected [ 18.296808] [ 18.296831] Memory state around the buggy address: [ 18.296861] fff00000c647df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.296903] fff00000c647e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.297161] >fff00000c647e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.297240] ^ [ 18.297299] fff00000c647e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.297340] fff00000c647e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.297380] ================================================================== [ 18.237987] ================================================================== [ 18.238245] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 18.238544] Write of size 1 at addr fff00000c18288eb by task kunit_try_catch/158 [ 18.238652] [ 18.238724] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.238809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.238834] Hardware name: linux,dummy-virt (DT) [ 18.239121] Call trace: [ 18.239154] show_stack+0x20/0x38 (C) [ 18.239214] dump_stack_lvl+0x8c/0xd0 [ 18.239262] print_report+0x118/0x608 [ 18.239308] kasan_report+0xdc/0x128 [ 18.239360] __asan_report_store1_noabort+0x20/0x30 [ 18.239406] krealloc_less_oob_helper+0xa58/0xc50 [ 18.239802] krealloc_less_oob+0x20/0x38 [ 18.240018] kunit_try_run_case+0x170/0x3f0 [ 18.240191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.240355] kthread+0x328/0x630 [ 18.240414] ret_from_fork+0x10/0x20 [ 18.240616] [ 18.240688] Allocated by task 158: [ 18.240870] kasan_save_stack+0x3c/0x68 [ 18.241279] kasan_save_track+0x20/0x40 [ 18.241405] kasan_save_alloc_info+0x40/0x58 [ 18.241601] __kasan_krealloc+0x118/0x178 [ 18.241667] krealloc_noprof+0x128/0x360 [ 18.241705] krealloc_less_oob_helper+0x168/0xc50 [ 18.242077] krealloc_less_oob+0x20/0x38 [ 18.242195] kunit_try_run_case+0x170/0x3f0 [ 18.242350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.242448] kthread+0x328/0x630 [ 18.242496] ret_from_fork+0x10/0x20 [ 18.242557] [ 18.242576] The buggy address belongs to the object at fff00000c1828800 [ 18.242576] which belongs to the cache kmalloc-256 of size 256 [ 18.242643] The buggy address is located 34 bytes to the right of [ 18.242643] allocated 201-byte region [fff00000c1828800, fff00000c18288c9) [ 18.242706] [ 18.242740] The buggy address belongs to the physical page: [ 18.242783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.242842] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.242887] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.242949] page_type: f5(slab) [ 18.242987] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.243035] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.243098] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.243155] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.243202] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.243248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.243298] page dumped because: kasan: bad access detected [ 18.243337] [ 18.243630] Memory state around the buggy address: [ 18.244007] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.244064] fff00000c1828800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.244114] >fff00000c1828880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.244291] ^ [ 18.244447] fff00000c1828900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.244499] fff00000c1828980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.244537] ================================================================== [ 18.274744] ================================================================== [ 18.274841] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 18.274904] Write of size 1 at addr fff00000c647e0c9 by task kunit_try_catch/162 [ 18.274954] [ 18.275212] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.275510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.275580] Hardware name: linux,dummy-virt (DT) [ 18.275696] Call trace: [ 18.275764] show_stack+0x20/0x38 (C) [ 18.275897] dump_stack_lvl+0x8c/0xd0 [ 18.275951] print_report+0x118/0x608 [ 18.276122] kasan_report+0xdc/0x128 [ 18.276352] __asan_report_store1_noabort+0x20/0x30 [ 18.276491] krealloc_less_oob_helper+0xa48/0xc50 [ 18.276582] krealloc_large_less_oob+0x20/0x38 [ 18.276726] kunit_try_run_case+0x170/0x3f0 [ 18.276878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.276995] kthread+0x328/0x630 [ 18.277134] ret_from_fork+0x10/0x20 [ 18.277186] [ 18.277377] The buggy address belongs to the physical page: [ 18.277639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10647c [ 18.277728] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.277844] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.277931] page_type: f8(unknown) [ 18.278098] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.278213] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.278510] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.278633] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.278731] head: 0bfffe0000000002 ffffc1ffc3191f01 00000000ffffffff 00000000ffffffff [ 18.278870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.278950] page dumped because: kasan: bad access detected [ 18.279060] [ 18.279131] Memory state around the buggy address: [ 18.279221] fff00000c647df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.279666] fff00000c647e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.279710] >fff00000c647e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.279754] ^ [ 18.279790] fff00000c647e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.279831] fff00000c647e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.279869] ================================================================== [ 18.286186] ================================================================== [ 18.286235] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 18.286315] Write of size 1 at addr fff00000c647e0da by task kunit_try_catch/162 [ 18.286366] [ 18.286415] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.286589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.286624] Hardware name: linux,dummy-virt (DT) [ 18.286665] Call trace: [ 18.286703] show_stack+0x20/0x38 (C) [ 18.286763] dump_stack_lvl+0x8c/0xd0 [ 18.286957] print_report+0x118/0x608 [ 18.287035] kasan_report+0xdc/0x128 [ 18.287100] __asan_report_store1_noabort+0x20/0x30 [ 18.287168] krealloc_less_oob_helper+0xa80/0xc50 [ 18.287236] krealloc_large_less_oob+0x20/0x38 [ 18.287305] kunit_try_run_case+0x170/0x3f0 [ 18.287371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.287465] kthread+0x328/0x630 [ 18.287546] ret_from_fork+0x10/0x20 [ 18.287702] [ 18.287724] The buggy address belongs to the physical page: [ 18.287756] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10647c [ 18.287816] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.287862] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.288063] page_type: f8(unknown) [ 18.288270] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.288375] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.288489] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.288632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.288681] head: 0bfffe0000000002 ffffc1ffc3191f01 00000000ffffffff 00000000ffffffff [ 18.288753] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.288956] page dumped because: kasan: bad access detected [ 18.289057] [ 18.289223] Memory state around the buggy address: [ 18.289331] fff00000c647df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.289386] fff00000c647e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.289459] >fff00000c647e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.289506] ^ [ 18.289543] fff00000c647e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.289594] fff00000c647e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.289631] ==================================================================
[ 14.217514] ================================================================== [ 14.217803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 14.218144] Write of size 1 at addr ffff88810394e0d0 by task kunit_try_catch/179 [ 14.219593] [ 14.220263] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.220408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.220441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.220499] Call Trace: [ 14.220542] <TASK> [ 14.220584] dump_stack_lvl+0x73/0xb0 [ 14.220639] print_report+0xd1/0x650 [ 14.220666] ? __virt_addr_valid+0x1db/0x2d0 [ 14.220700] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 14.220779] ? kasan_addr_to_slab+0x11/0xa0 [ 14.220816] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 14.220853] kasan_report+0x141/0x180 [ 14.220886] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 14.220926] __asan_report_store1_noabort+0x1b/0x30 [ 14.220958] krealloc_less_oob_helper+0xe23/0x11d0 [ 14.220999] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.221033] ? finish_task_switch.isra.0+0x153/0x700 [ 14.221068] ? __switch_to+0x47/0xf50 [ 14.221109] ? __schedule+0x10cc/0x2b60 [ 14.221145] ? __pfx_read_tsc+0x10/0x10 [ 14.221182] krealloc_large_less_oob+0x1c/0x30 [ 14.221250] kunit_try_run_case+0x1a5/0x480 [ 14.221277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.221297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.221324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.221348] ? __kthread_parkme+0x82/0x180 [ 14.221371] ? preempt_count_sub+0x50/0x80 [ 14.221394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.221415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.221440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.221487] kthread+0x337/0x6f0 [ 14.221511] ? trace_preempt_on+0x20/0xc0 [ 14.221536] ? __pfx_kthread+0x10/0x10 [ 14.221557] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.221580] ? calculate_sigpending+0x7b/0xa0 [ 14.221605] ? __pfx_kthread+0x10/0x10 [ 14.221627] ret_from_fork+0x116/0x1d0 [ 14.221646] ? __pfx_kthread+0x10/0x10 [ 14.221666] ret_from_fork_asm+0x1a/0x30 [ 14.221714] </TASK> [ 14.221740] [ 14.234995] The buggy address belongs to the physical page: [ 14.235244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c [ 14.236694] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.237873] flags: 0x200000000000040(head|node=0|zone=2) [ 14.238292] page_type: f8(unknown) [ 14.238470] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.238733] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.239019] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.239283] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.239553] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff [ 14.239811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.240062] page dumped because: kasan: bad access detected [ 14.240255] [ 14.240351] Memory state around the buggy address: [ 14.242320] ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.242595] ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.243394] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.243808] ^ [ 14.244448] ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.244769] ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.245566] ================================================================== [ 13.939106] ================================================================== [ 13.940785] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.941805] Write of size 1 at addr ffff888100ab48d0 by task kunit_try_catch/175 [ 13.942697] [ 13.942864] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.942957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.942981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.943023] Call Trace: [ 13.943061] <TASK> [ 13.943098] dump_stack_lvl+0x73/0xb0 [ 13.943165] print_report+0xd1/0x650 [ 13.943209] ? __virt_addr_valid+0x1db/0x2d0 [ 13.943255] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.943299] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.943340] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.943404] kasan_report+0x141/0x180 [ 13.943441] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.944229] __asan_report_store1_noabort+0x1b/0x30 [ 13.944312] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.944358] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.944395] ? finish_task_switch.isra.0+0x153/0x700 [ 13.944434] ? __switch_to+0x47/0xf50 [ 13.944546] ? __schedule+0x10cc/0x2b60 [ 13.944587] ? __pfx_read_tsc+0x10/0x10 [ 13.944624] krealloc_less_oob+0x1c/0x30 [ 13.944657] kunit_try_run_case+0x1a5/0x480 [ 13.944695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.944755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.944800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.944840] ? __kthread_parkme+0x82/0x180 [ 13.944874] ? preempt_count_sub+0x50/0x80 [ 13.944914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.944940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.944966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.944991] kthread+0x337/0x6f0 [ 13.945012] ? trace_preempt_on+0x20/0xc0 [ 13.945037] ? __pfx_kthread+0x10/0x10 [ 13.945059] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.945082] ? calculate_sigpending+0x7b/0xa0 [ 13.945107] ? __pfx_kthread+0x10/0x10 [ 13.945129] ret_from_fork+0x116/0x1d0 [ 13.945150] ? __pfx_kthread+0x10/0x10 [ 13.945171] ret_from_fork_asm+0x1a/0x30 [ 13.945226] </TASK> [ 13.945248] [ 13.959684] Allocated by task 175: [ 13.960061] kasan_save_stack+0x45/0x70 [ 13.960385] kasan_save_track+0x18/0x40 [ 13.961747] kasan_save_alloc_info+0x3b/0x50 [ 13.961974] __kasan_krealloc+0x190/0x1f0 [ 13.962120] krealloc_noprof+0xf3/0x340 [ 13.962258] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.963465] krealloc_less_oob+0x1c/0x30 [ 13.964050] kunit_try_run_case+0x1a5/0x480 [ 13.964493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.964803] kthread+0x337/0x6f0 [ 13.965358] ret_from_fork+0x116/0x1d0 [ 13.966161] ret_from_fork_asm+0x1a/0x30 [ 13.966635] [ 13.966839] The buggy address belongs to the object at ffff888100ab4800 [ 13.966839] which belongs to the cache kmalloc-256 of size 256 [ 13.967854] The buggy address is located 7 bytes to the right of [ 13.967854] allocated 201-byte region [ffff888100ab4800, ffff888100ab48c9) [ 13.968751] [ 13.968994] The buggy address belongs to the physical page: [ 13.970281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 13.970616] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.971588] flags: 0x200000000000040(head|node=0|zone=2) [ 13.972346] page_type: f5(slab) [ 13.972775] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.973185] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.974087] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.975298] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.975917] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 13.977001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.977355] page dumped because: kasan: bad access detected [ 13.977575] [ 13.977719] Memory state around the buggy address: [ 13.978554] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.979175] ffff888100ab4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.979607] >ffff888100ab4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.980820] ^ [ 13.981159] ffff888100ab4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.982211] ffff888100ab4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.982515] ================================================================== [ 13.983860] ================================================================== [ 13.984357] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.985539] Write of size 1 at addr ffff888100ab48da by task kunit_try_catch/175 [ 13.986680] [ 13.986925] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.987024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.987045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.987079] Call Trace: [ 13.987116] <TASK> [ 13.987153] dump_stack_lvl+0x73/0xb0 [ 13.987217] print_report+0xd1/0x650 [ 13.987254] ? __virt_addr_valid+0x1db/0x2d0 [ 13.987291] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.987327] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.987375] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.987695] kasan_report+0x141/0x180 [ 13.987827] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.987896] __asan_report_store1_noabort+0x1b/0x30 [ 13.987936] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.987981] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.988015] ? finish_task_switch.isra.0+0x153/0x700 [ 13.988041] ? __switch_to+0x47/0xf50 [ 13.988069] ? __schedule+0x10cc/0x2b60 [ 13.988095] ? __pfx_read_tsc+0x10/0x10 [ 13.988121] krealloc_less_oob+0x1c/0x30 [ 13.988144] kunit_try_run_case+0x1a5/0x480 [ 13.988168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.988189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.988243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.988271] ? __kthread_parkme+0x82/0x180 [ 13.988293] ? preempt_count_sub+0x50/0x80 [ 13.988317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.988339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.988365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.988390] kthread+0x337/0x6f0 [ 13.988411] ? trace_preempt_on+0x20/0xc0 [ 13.988436] ? __pfx_kthread+0x10/0x10 [ 13.988478] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.988506] ? calculate_sigpending+0x7b/0xa0 [ 13.988532] ? __pfx_kthread+0x10/0x10 [ 13.988554] ret_from_fork+0x116/0x1d0 [ 13.988575] ? __pfx_kthread+0x10/0x10 [ 13.988597] ret_from_fork_asm+0x1a/0x30 [ 13.988632] </TASK> [ 13.988645] [ 14.004392] Allocated by task 175: [ 14.005008] kasan_save_stack+0x45/0x70 [ 14.006254] kasan_save_track+0x18/0x40 [ 14.006548] kasan_save_alloc_info+0x3b/0x50 [ 14.006733] __kasan_krealloc+0x190/0x1f0 [ 14.007231] krealloc_noprof+0xf3/0x340 [ 14.007569] krealloc_less_oob_helper+0x1aa/0x11d0 [ 14.007964] krealloc_less_oob+0x1c/0x30 [ 14.008201] kunit_try_run_case+0x1a5/0x480 [ 14.008443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.009018] kthread+0x337/0x6f0 [ 14.009301] ret_from_fork+0x116/0x1d0 [ 14.009501] ret_from_fork_asm+0x1a/0x30 [ 14.010606] [ 14.010979] The buggy address belongs to the object at ffff888100ab4800 [ 14.010979] which belongs to the cache kmalloc-256 of size 256 [ 14.011778] The buggy address is located 17 bytes to the right of [ 14.011778] allocated 201-byte region [ffff888100ab4800, ffff888100ab48c9) [ 14.012809] [ 14.012947] The buggy address belongs to the physical page: [ 14.013254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 14.013779] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.014185] flags: 0x200000000000040(head|node=0|zone=2) [ 14.014719] page_type: f5(slab) [ 14.015027] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.015312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.016689] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.017316] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.017821] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 14.018340] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 14.018736] page dumped because: kasan: bad access detected [ 14.019169] [ 14.019387] Memory state around the buggy address: [ 14.019815] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.020287] ffff888100ab4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.020578] >ffff888100ab4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 14.021097] ^ [ 14.021625] ffff888100ab4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.022097] ffff888100ab4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.023647] ================================================================== [ 14.024922] ================================================================== [ 14.026013] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 14.026502] Write of size 1 at addr ffff888100ab48ea by task kunit_try_catch/175 [ 14.027553] [ 14.028091] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.028194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.028234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.028283] Call Trace: [ 14.028326] <TASK> [ 14.028404] dump_stack_lvl+0x73/0xb0 [ 14.028505] print_report+0xd1/0x650 [ 14.028556] ? __virt_addr_valid+0x1db/0x2d0 [ 14.028599] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.028628] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.028651] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.028676] kasan_report+0x141/0x180 [ 14.028699] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.028747] __asan_report_store1_noabort+0x1b/0x30 [ 14.028812] krealloc_less_oob_helper+0xe90/0x11d0 [ 14.028857] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.028900] ? finish_task_switch.isra.0+0x153/0x700 [ 14.028925] ? __switch_to+0x47/0xf50 [ 14.028952] ? __schedule+0x10cc/0x2b60 [ 14.028977] ? __pfx_read_tsc+0x10/0x10 [ 14.029002] krealloc_less_oob+0x1c/0x30 [ 14.029025] kunit_try_run_case+0x1a5/0x480 [ 14.029049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.029069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.029094] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.029118] ? __kthread_parkme+0x82/0x180 [ 14.029139] ? preempt_count_sub+0x50/0x80 [ 14.029162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.029183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.029246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.029275] kthread+0x337/0x6f0 [ 14.029295] ? trace_preempt_on+0x20/0xc0 [ 14.029320] ? __pfx_kthread+0x10/0x10 [ 14.029341] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.029363] ? calculate_sigpending+0x7b/0xa0 [ 14.029389] ? __pfx_kthread+0x10/0x10 [ 14.029411] ret_from_fork+0x116/0x1d0 [ 14.029430] ? __pfx_kthread+0x10/0x10 [ 14.029451] ret_from_fork_asm+0x1a/0x30 [ 14.029504] </TASK> [ 14.029517] [ 14.045243] Allocated by task 175: [ 14.045514] kasan_save_stack+0x45/0x70 [ 14.046204] kasan_save_track+0x18/0x40 [ 14.046595] kasan_save_alloc_info+0x3b/0x50 [ 14.047166] __kasan_krealloc+0x190/0x1f0 [ 14.047515] krealloc_noprof+0xf3/0x340 [ 14.047973] krealloc_less_oob_helper+0x1aa/0x11d0 [ 14.048405] krealloc_less_oob+0x1c/0x30 [ 14.048622] kunit_try_run_case+0x1a5/0x480 [ 14.049285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.049635] kthread+0x337/0x6f0 [ 14.050019] ret_from_fork+0x116/0x1d0 [ 14.050376] ret_from_fork_asm+0x1a/0x30 [ 14.050637] [ 14.051003] The buggy address belongs to the object at ffff888100ab4800 [ 14.051003] which belongs to the cache kmalloc-256 of size 256 [ 14.052070] The buggy address is located 33 bytes to the right of [ 14.052070] allocated 201-byte region [ffff888100ab4800, ffff888100ab48c9) [ 14.053081] [ 14.053258] The buggy address belongs to the physical page: [ 14.053577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 14.054329] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.055265] flags: 0x200000000000040(head|node=0|zone=2) [ 14.055521] page_type: f5(slab) [ 14.055973] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.056492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.057088] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.057946] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.058599] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 14.059192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 14.059825] page dumped because: kasan: bad access detected [ 14.060134] [ 14.061303] Memory state around the buggy address: [ 14.061550] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.061804] ffff888100ab4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.062447] >ffff888100ab4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 14.062983] ^ [ 14.063405] ffff888100ab4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.063945] ffff888100ab4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.065266] ================================================================== [ 14.246592] ================================================================== [ 14.247034] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 14.247361] Write of size 1 at addr ffff88810394e0da by task kunit_try_catch/179 [ 14.248687] [ 14.249469] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.249565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.249587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.249622] Call Trace: [ 14.249660] <TASK> [ 14.249696] dump_stack_lvl+0x73/0xb0 [ 14.249758] print_report+0xd1/0x650 [ 14.249798] ? __virt_addr_valid+0x1db/0x2d0 [ 14.249835] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.249873] ? kasan_addr_to_slab+0x11/0xa0 [ 14.249907] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.249952] kasan_report+0x141/0x180 [ 14.249999] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.250059] __asan_report_store1_noabort+0x1b/0x30 [ 14.250105] krealloc_less_oob_helper+0xec6/0x11d0 [ 14.250347] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.250412] ? finish_task_switch.isra.0+0x153/0x700 [ 14.250520] ? __switch_to+0x47/0xf50 [ 14.250560] ? __schedule+0x10cc/0x2b60 [ 14.250589] ? __pfx_read_tsc+0x10/0x10 [ 14.250615] krealloc_large_less_oob+0x1c/0x30 [ 14.250640] kunit_try_run_case+0x1a5/0x480 [ 14.250664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.250688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.250751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.250791] ? __kthread_parkme+0x82/0x180 [ 14.250827] ? preempt_count_sub+0x50/0x80 [ 14.250857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.250880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.250904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.250927] kthread+0x337/0x6f0 [ 14.250946] ? trace_preempt_on+0x20/0xc0 [ 14.250970] ? __pfx_kthread+0x10/0x10 [ 14.250990] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.251011] ? calculate_sigpending+0x7b/0xa0 [ 14.251036] ? __pfx_kthread+0x10/0x10 [ 14.251058] ret_from_fork+0x116/0x1d0 [ 14.251076] ? __pfx_kthread+0x10/0x10 [ 14.251096] ret_from_fork_asm+0x1a/0x30 [ 14.251128] </TASK> [ 14.251141] [ 14.267092] The buggy address belongs to the physical page: [ 14.268046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c [ 14.268666] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.269144] flags: 0x200000000000040(head|node=0|zone=2) [ 14.269407] page_type: f8(unknown) [ 14.269727] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.270125] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.270724] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.271090] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.271714] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff [ 14.272083] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.272554] page dumped because: kasan: bad access detected [ 14.273035] [ 14.273224] Memory state around the buggy address: [ 14.273479] ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.273766] ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.274040] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.274646] ^ [ 14.275903] ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.276688] ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.277182] ================================================================== [ 13.897505] ================================================================== [ 13.898625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.899541] Write of size 1 at addr ffff888100ab48c9 by task kunit_try_catch/175 [ 13.900776] [ 13.901172] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.901369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.901400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.901441] Call Trace: [ 13.901490] <TASK> [ 13.901519] dump_stack_lvl+0x73/0xb0 [ 13.901570] print_report+0xd1/0x650 [ 13.901597] ? __virt_addr_valid+0x1db/0x2d0 [ 13.901623] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.901649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.901673] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.901752] kasan_report+0x141/0x180 [ 13.901798] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.901846] __asan_report_store1_noabort+0x1b/0x30 [ 13.901871] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.901898] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.901924] ? finish_task_switch.isra.0+0x153/0x700 [ 13.901950] ? __switch_to+0x47/0xf50 [ 13.901979] ? __schedule+0x10cc/0x2b60 [ 13.902005] ? __pfx_read_tsc+0x10/0x10 [ 13.902031] krealloc_less_oob+0x1c/0x30 [ 13.902054] kunit_try_run_case+0x1a5/0x480 [ 13.902078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.902099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.902125] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.902150] ? __kthread_parkme+0x82/0x180 [ 13.902172] ? preempt_count_sub+0x50/0x80 [ 13.902211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.902261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.902288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.902314] kthread+0x337/0x6f0 [ 13.902335] ? trace_preempt_on+0x20/0xc0 [ 13.902362] ? __pfx_kthread+0x10/0x10 [ 13.902384] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.902408] ? calculate_sigpending+0x7b/0xa0 [ 13.902434] ? __pfx_kthread+0x10/0x10 [ 13.902472] ret_from_fork+0x116/0x1d0 [ 13.902498] ? __pfx_kthread+0x10/0x10 [ 13.902521] ret_from_fork_asm+0x1a/0x30 [ 13.902555] </TASK> [ 13.902569] [ 13.914941] Allocated by task 175: [ 13.915340] kasan_save_stack+0x45/0x70 [ 13.915758] kasan_save_track+0x18/0x40 [ 13.916197] kasan_save_alloc_info+0x3b/0x50 [ 13.916387] __kasan_krealloc+0x190/0x1f0 [ 13.917237] krealloc_noprof+0xf3/0x340 [ 13.917539] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.918626] krealloc_less_oob+0x1c/0x30 [ 13.919086] kunit_try_run_case+0x1a5/0x480 [ 13.919432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.919864] kthread+0x337/0x6f0 [ 13.920223] ret_from_fork+0x116/0x1d0 [ 13.920496] ret_from_fork_asm+0x1a/0x30 [ 13.920957] [ 13.921179] The buggy address belongs to the object at ffff888100ab4800 [ 13.921179] which belongs to the cache kmalloc-256 of size 256 [ 13.922371] The buggy address is located 0 bytes to the right of [ 13.922371] allocated 201-byte region [ffff888100ab4800, ffff888100ab48c9) [ 13.923141] [ 13.923387] The buggy address belongs to the physical page: [ 13.924268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 13.924897] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.925757] flags: 0x200000000000040(head|node=0|zone=2) [ 13.926548] page_type: f5(slab) [ 13.926837] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.927086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.927362] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.928317] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.928571] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 13.928789] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.931079] page dumped because: kasan: bad access detected [ 13.931509] [ 13.931615] Memory state around the buggy address: [ 13.931825] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.932095] ffff888100ab4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.932350] >ffff888100ab4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.932618] ^ [ 13.932859] ffff888100ab4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.933135] ffff888100ab4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.933414] ================================================================== [ 14.278248] ================================================================== [ 14.278774] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 14.279645] Write of size 1 at addr ffff88810394e0ea by task kunit_try_catch/179 [ 14.280768] [ 14.281487] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.281563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.281577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.281601] Call Trace: [ 14.281625] <TASK> [ 14.281649] dump_stack_lvl+0x73/0xb0 [ 14.281702] print_report+0xd1/0x650 [ 14.281775] ? __virt_addr_valid+0x1db/0x2d0 [ 14.281818] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.281856] ? kasan_addr_to_slab+0x11/0xa0 [ 14.281887] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.281925] kasan_report+0x141/0x180 [ 14.281959] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.282002] __asan_report_store1_noabort+0x1b/0x30 [ 14.282033] krealloc_less_oob_helper+0xe90/0x11d0 [ 14.282071] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.282107] ? finish_task_switch.isra.0+0x153/0x700 [ 14.282143] ? __switch_to+0x47/0xf50 [ 14.282183] ? __schedule+0x10cc/0x2b60 [ 14.282241] ? __pfx_read_tsc+0x10/0x10 [ 14.282284] krealloc_large_less_oob+0x1c/0x30 [ 14.282321] kunit_try_run_case+0x1a5/0x480 [ 14.282348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.282368] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.282394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.282419] ? __kthread_parkme+0x82/0x180 [ 14.282441] ? preempt_count_sub+0x50/0x80 [ 14.282491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.282516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.282541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.282565] kthread+0x337/0x6f0 [ 14.282585] ? trace_preempt_on+0x20/0xc0 [ 14.282610] ? __pfx_kthread+0x10/0x10 [ 14.282631] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.282654] ? calculate_sigpending+0x7b/0xa0 [ 14.282679] ? __pfx_kthread+0x10/0x10 [ 14.282810] ret_from_fork+0x116/0x1d0 [ 14.282835] ? __pfx_kthread+0x10/0x10 [ 14.282856] ret_from_fork_asm+0x1a/0x30 [ 14.282890] </TASK> [ 14.282903] [ 14.294536] The buggy address belongs to the physical page: [ 14.295065] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c [ 14.295747] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.296261] flags: 0x200000000000040(head|node=0|zone=2) [ 14.297419] page_type: f8(unknown) [ 14.298259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.299556] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.300178] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.300860] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.301389] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff [ 14.301970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.302426] page dumped because: kasan: bad access detected [ 14.302898] [ 14.303040] Memory state around the buggy address: [ 14.303440] ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.303814] ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.304032] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.304232] ^ [ 14.304792] ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.305378] ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.305887] ================================================================== [ 14.066028] ================================================================== [ 14.066352] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 14.067208] Write of size 1 at addr ffff888100ab48eb by task kunit_try_catch/175 [ 14.068241] [ 14.068539] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.068643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.068670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.068721] Call Trace: [ 14.068768] <TASK> [ 14.068825] dump_stack_lvl+0x73/0xb0 [ 14.068897] print_report+0xd1/0x650 [ 14.068947] ? __virt_addr_valid+0x1db/0x2d0 [ 14.068995] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.069384] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.069439] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.069495] kasan_report+0x141/0x180 [ 14.069524] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.069555] __asan_report_store1_noabort+0x1b/0x30 [ 14.069586] krealloc_less_oob_helper+0xd47/0x11d0 [ 14.069630] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.069676] ? finish_task_switch.isra.0+0x153/0x700 [ 14.069723] ? __switch_to+0x47/0xf50 [ 14.069771] ? __schedule+0x10cc/0x2b60 [ 14.069821] ? __pfx_read_tsc+0x10/0x10 [ 14.069873] krealloc_less_oob+0x1c/0x30 [ 14.069916] kunit_try_run_case+0x1a5/0x480 [ 14.070325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.070370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.070398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.070424] ? __kthread_parkme+0x82/0x180 [ 14.070447] ? preempt_count_sub+0x50/0x80 [ 14.070488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.070512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.070539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.070565] kthread+0x337/0x6f0 [ 14.070586] ? trace_preempt_on+0x20/0xc0 [ 14.070613] ? __pfx_kthread+0x10/0x10 [ 14.070635] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.070659] ? calculate_sigpending+0x7b/0xa0 [ 14.070688] ? __pfx_kthread+0x10/0x10 [ 14.070760] ret_from_fork+0x116/0x1d0 [ 14.070804] ? __pfx_kthread+0x10/0x10 [ 14.070835] ret_from_fork_asm+0x1a/0x30 [ 14.070871] </TASK> [ 14.070884] [ 14.087173] Allocated by task 175: [ 14.087581] kasan_save_stack+0x45/0x70 [ 14.088480] kasan_save_track+0x18/0x40 [ 14.089036] kasan_save_alloc_info+0x3b/0x50 [ 14.089314] __kasan_krealloc+0x190/0x1f0 [ 14.089537] krealloc_noprof+0xf3/0x340 [ 14.090196] krealloc_less_oob_helper+0x1aa/0x11d0 [ 14.090499] krealloc_less_oob+0x1c/0x30 [ 14.090839] kunit_try_run_case+0x1a5/0x480 [ 14.091368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.091727] kthread+0x337/0x6f0 [ 14.091934] ret_from_fork+0x116/0x1d0 [ 14.092213] ret_from_fork_asm+0x1a/0x30 [ 14.093035] [ 14.093394] The buggy address belongs to the object at ffff888100ab4800 [ 14.093394] which belongs to the cache kmalloc-256 of size 256 [ 14.094033] The buggy address is located 34 bytes to the right of [ 14.094033] allocated 201-byte region [ffff888100ab4800, ffff888100ab48c9) [ 14.094679] [ 14.094891] The buggy address belongs to the physical page: [ 14.095449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 14.096283] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.096965] flags: 0x200000000000040(head|node=0|zone=2) [ 14.097216] page_type: f5(slab) [ 14.097576] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.098470] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.099023] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.099623] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.100280] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 14.100641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 14.100872] page dumped because: kasan: bad access detected [ 14.101572] [ 14.102044] Memory state around the buggy address: [ 14.103051] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.103892] ffff888100ab4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.104794] >ffff888100ab4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 14.105173] ^ [ 14.105995] ffff888100ab4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.107053] ffff888100ab4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.107560] ================================================================== [ 14.178331] ================================================================== [ 14.179265] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 14.179645] Write of size 1 at addr ffff88810394e0c9 by task kunit_try_catch/179 [ 14.180072] [ 14.180496] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.180613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.180643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.180687] Call Trace: [ 14.180716] <TASK> [ 14.180753] dump_stack_lvl+0x73/0xb0 [ 14.180819] print_report+0xd1/0x650 [ 14.180891] ? __virt_addr_valid+0x1db/0x2d0 [ 14.180939] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 14.181121] ? kasan_addr_to_slab+0x11/0xa0 [ 14.181161] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 14.181203] kasan_report+0x141/0x180 [ 14.181262] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 14.181314] __asan_report_store1_noabort+0x1b/0x30 [ 14.181355] krealloc_less_oob_helper+0xd70/0x11d0 [ 14.181405] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.181469] ? finish_task_switch.isra.0+0x153/0x700 [ 14.181517] ? __switch_to+0x47/0xf50 [ 14.181570] ? __schedule+0x10cc/0x2b60 [ 14.181621] ? __pfx_read_tsc+0x10/0x10 [ 14.181672] krealloc_large_less_oob+0x1c/0x30 [ 14.181870] kunit_try_run_case+0x1a5/0x480 [ 14.181929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.181974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.182035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.182076] ? __kthread_parkme+0x82/0x180 [ 14.182111] ? preempt_count_sub+0x50/0x80 [ 14.182147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.182178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.182243] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.182287] kthread+0x337/0x6f0 [ 14.182311] ? trace_preempt_on+0x20/0xc0 [ 14.182337] ? __pfx_kthread+0x10/0x10 [ 14.182358] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.182382] ? calculate_sigpending+0x7b/0xa0 [ 14.182407] ? __pfx_kthread+0x10/0x10 [ 14.182429] ret_from_fork+0x116/0x1d0 [ 14.182449] ? __pfx_kthread+0x10/0x10 [ 14.182497] ret_from_fork_asm+0x1a/0x30 [ 14.182531] </TASK> [ 14.182545] [ 14.198929] The buggy address belongs to the physical page: [ 14.199442] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c [ 14.200075] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.203847] flags: 0x200000000000040(head|node=0|zone=2) [ 14.204573] page_type: f8(unknown) [ 14.205728] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.207303] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.207700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.207996] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.209373] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff [ 14.209636] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.210180] page dumped because: kasan: bad access detected [ 14.211235] [ 14.211437] Memory state around the buggy address: [ 14.211744] ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.212403] ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.213698] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.214079] ^ [ 14.214794] ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.215360] ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.216119] ================================================================== [ 14.306539] ================================================================== [ 14.307280] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 14.307787] Write of size 1 at addr ffff88810394e0eb by task kunit_try_catch/179 [ 14.308214] [ 14.308439] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.308539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.308558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.308594] Call Trace: [ 14.308632] <TASK> [ 14.308666] dump_stack_lvl+0x73/0xb0 [ 14.308755] print_report+0xd1/0x650 [ 14.308802] ? __virt_addr_valid+0x1db/0x2d0 [ 14.308850] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.308897] ? kasan_addr_to_slab+0x11/0xa0 [ 14.308944] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.308998] kasan_report+0x141/0x180 [ 14.309050] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.309114] __asan_report_store1_noabort+0x1b/0x30 [ 14.309168] krealloc_less_oob_helper+0xd47/0x11d0 [ 14.309256] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.309318] ? finish_task_switch.isra.0+0x153/0x700 [ 14.309365] ? __switch_to+0x47/0xf50 [ 14.309421] ? __schedule+0x10cc/0x2b60 [ 14.309487] ? __pfx_read_tsc+0x10/0x10 [ 14.309538] krealloc_large_less_oob+0x1c/0x30 [ 14.309594] kunit_try_run_case+0x1a5/0x480 [ 14.309646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.309691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.309746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.309800] ? __kthread_parkme+0x82/0x180 [ 14.309849] ? preempt_count_sub+0x50/0x80 [ 14.309900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.309956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.309993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.310029] kthread+0x337/0x6f0 [ 14.310068] ? trace_preempt_on+0x20/0xc0 [ 14.310105] ? __pfx_kthread+0x10/0x10 [ 14.310137] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.310173] ? calculate_sigpending+0x7b/0xa0 [ 14.310224] ? __pfx_kthread+0x10/0x10 [ 14.310259] ret_from_fork+0x116/0x1d0 [ 14.310289] ? __pfx_kthread+0x10/0x10 [ 14.310325] ret_from_fork_asm+0x1a/0x30 [ 14.310386] </TASK> [ 14.310408] [ 14.319870] The buggy address belongs to the physical page: [ 14.320435] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c [ 14.321101] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.321740] flags: 0x200000000000040(head|node=0|zone=2) [ 14.322171] page_type: f8(unknown) [ 14.322523] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.323306] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.323984] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.324344] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.325024] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff [ 14.325516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.325987] page dumped because: kasan: bad access detected [ 14.326222] [ 14.326343] Memory state around the buggy address: [ 14.326575] ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.327138] ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.327791] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.328232] ^ [ 14.328564] ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.329056] ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.329561] ==================================================================
[ 24.750618] ================================================================== [ 24.757840] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.765499] Write of size 1 at addr ffff8881069f60d0 by task kunit_try_catch/202 [ 24.772891] [ 24.774415] CPU: 2 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 24.774424] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 24.774426] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 24.774430] Call Trace: [ 24.774431] <TASK> [ 24.774433] dump_stack_lvl+0x73/0xb0 [ 24.774437] print_report+0xd1/0x650 [ 24.774441] ? __virt_addr_valid+0x1db/0x2d0 [ 24.774445] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.774450] ? kasan_addr_to_slab+0x11/0xa0 [ 24.774453] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.774458] kasan_report+0x141/0x180 [ 24.774462] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.774467] __asan_report_store1_noabort+0x1b/0x30 [ 24.774471] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.774476] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.774480] ? finish_task_switch.isra.0+0x153/0x700 [ 24.774484] ? __switch_to+0x544/0xf50 [ 24.774489] ? __schedule+0x10cc/0x2b60 [ 24.774494] krealloc_large_less_oob+0x1c/0x30 [ 24.774498] kunit_try_run_case+0x1a2/0x480 [ 24.774502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.774505] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.774509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.774514] ? __kthread_parkme+0x82/0x180 [ 24.774517] ? preempt_count_sub+0x50/0x80 [ 24.774521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.774525] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.774529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.774534] kthread+0x334/0x6f0 [ 24.774537] ? trace_preempt_on+0x20/0xc0 [ 24.774541] ? __pfx_kthread+0x10/0x10 [ 24.774545] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.774549] ? calculate_sigpending+0x7b/0xa0 [ 24.774553] ? __pfx_kthread+0x10/0x10 [ 24.774557] ret_from_fork+0x113/0x1d0 [ 24.774560] ? __pfx_kthread+0x10/0x10 [ 24.774564] ret_from_fork_asm+0x1a/0x30 [ 24.774569] </TASK> [ 24.774571] [ 24.951768] The buggy address belongs to the physical page: [ 24.957343] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4 [ 24.965402] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.973064] flags: 0x200000000000040(head|node=0|zone=2) [ 24.978397] page_type: f8(unknown) [ 24.981809] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.989555] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.997294] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.005123] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.012956] head: 0200000000000002 ffffea00041a7d01 00000000ffffffff 00000000ffffffff [ 25.020790] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.028615] page dumped because: kasan: bad access detected [ 25.034187] [ 25.035688] Memory state around the buggy address: [ 25.040480] ffff8881069f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.047700] ffff8881069f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.054920] >ffff8881069f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.062138] ^ [ 25.067969] ffff8881069f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.075190] ffff8881069f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.082413] ================================================================== [ 24.407548] ================================================================== [ 24.419142] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.426804] Write of size 1 at addr ffff8881069f60c9 by task kunit_try_catch/202 [ 24.434196] [ 24.435699] CPU: 2 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 24.435708] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 24.435711] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 24.435714] Call Trace: [ 24.435716] <TASK> [ 24.435718] dump_stack_lvl+0x73/0xb0 [ 24.435722] print_report+0xd1/0x650 [ 24.435726] ? __virt_addr_valid+0x1db/0x2d0 [ 24.435730] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.435734] ? kasan_addr_to_slab+0x11/0xa0 [ 24.435738] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.435743] kasan_report+0x141/0x180 [ 24.435747] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.435752] __asan_report_store1_noabort+0x1b/0x30 [ 24.435756] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.435761] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.435765] ? finish_task_switch.isra.0+0x153/0x700 [ 24.435769] ? __switch_to+0x544/0xf50 [ 24.435774] ? __schedule+0x10cc/0x2b60 [ 24.435779] krealloc_large_less_oob+0x1c/0x30 [ 24.435783] kunit_try_run_case+0x1a2/0x480 [ 24.435787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.435790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.435795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.435799] ? __kthread_parkme+0x82/0x180 [ 24.435803] ? preempt_count_sub+0x50/0x80 [ 24.435807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.435810] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.435815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.435819] kthread+0x334/0x6f0 [ 24.435823] ? trace_preempt_on+0x20/0xc0 [ 24.435827] ? __pfx_kthread+0x10/0x10 [ 24.435831] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.435835] ? calculate_sigpending+0x7b/0xa0 [ 24.435839] ? __pfx_kthread+0x10/0x10 [ 24.435843] ret_from_fork+0x113/0x1d0 [ 24.435846] ? __pfx_kthread+0x10/0x10 [ 24.435850] ret_from_fork_asm+0x1a/0x30 [ 24.435855] </TASK> [ 24.435857] [ 24.612994] The buggy address belongs to the physical page: [ 24.618567] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4 [ 24.626567] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.634220] flags: 0x200000000000040(head|node=0|zone=2) [ 24.639532] page_type: f8(unknown) [ 24.642939] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.650679] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.658425] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.666253] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.674087] head: 0200000000000002 ffffea00041a7d01 00000000ffffffff 00000000ffffffff [ 24.681919] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.689746] page dumped because: kasan: bad access detected [ 24.695318] [ 24.696818] Memory state around the buggy address: [ 24.701612] ffff8881069f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.708838] ffff8881069f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.716058] >ffff8881069f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.723276] ^ [ 24.728848] ffff8881069f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.736069] ffff8881069f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.743287] ================================================================== [ 22.444956] ================================================================== [ 22.452183] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.459842] Write of size 1 at addr ffff888102b0f6da by task kunit_try_catch/198 [ 22.467236] [ 22.468736] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 22.468745] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 22.468747] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.468750] Call Trace: [ 22.468752] <TASK> [ 22.468753] dump_stack_lvl+0x73/0xb0 [ 22.468757] print_report+0xd1/0x650 [ 22.468761] ? __virt_addr_valid+0x1db/0x2d0 [ 22.468765] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.468769] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.468773] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.468778] kasan_report+0x141/0x180 [ 22.468782] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.468787] __asan_report_store1_noabort+0x1b/0x30 [ 22.468791] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.468796] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.468800] ? finish_task_switch.isra.0+0x153/0x700 [ 22.468804] ? __switch_to+0x544/0xf50 [ 22.468809] ? __schedule+0x10cc/0x2b60 [ 22.468814] krealloc_less_oob+0x1c/0x30 [ 22.468818] kunit_try_run_case+0x1a2/0x480 [ 22.468821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.468825] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.468829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.468834] ? __kthread_parkme+0x82/0x180 [ 22.468837] ? preempt_count_sub+0x50/0x80 [ 22.468841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.468845] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.468849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.468854] kthread+0x334/0x6f0 [ 22.468857] ? trace_preempt_on+0x20/0xc0 [ 22.468861] ? __pfx_kthread+0x10/0x10 [ 22.468865] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.468869] ? calculate_sigpending+0x7b/0xa0 [ 22.468873] ? __pfx_kthread+0x10/0x10 [ 22.468877] ret_from_fork+0x113/0x1d0 [ 22.468880] ? __pfx_kthread+0x10/0x10 [ 22.468884] ret_from_fork_asm+0x1a/0x30 [ 22.468889] </TASK> [ 22.468891] [ 22.646796] Allocated by task 198: [ 22.650202] kasan_save_stack+0x45/0x70 [ 22.654041] kasan_save_track+0x18/0x40 [ 22.657882] kasan_save_alloc_info+0x3b/0x50 [ 22.662153] __kasan_krealloc+0x190/0x1f0 [ 22.666166] krealloc_noprof+0xf3/0x340 [ 22.670007] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.674807] krealloc_less_oob+0x1c/0x30 [ 22.678733] kunit_try_run_case+0x1a2/0x480 [ 22.682919] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.688326] kthread+0x334/0x6f0 [ 22.691559] ret_from_fork+0x113/0x1d0 [ 22.695311] ret_from_fork_asm+0x1a/0x30 [ 22.699239] [ 22.700738] The buggy address belongs to the object at ffff888102b0f600 [ 22.700738] which belongs to the cache kmalloc-256 of size 256 [ 22.713252] The buggy address is located 17 bytes to the right of [ 22.713252] allocated 201-byte region [ffff888102b0f600, ffff888102b0f6c9) [ 22.726284] [ 22.727784] The buggy address belongs to the physical page: [ 22.733381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 22.741449] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.749104] flags: 0x200000000000040(head|node=0|zone=2) [ 22.754442] page_type: f5(slab) [ 22.757591] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 22.765337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.773113] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 22.780946] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.788771] head: 0200000000000001 ffffea00040ac381 00000000ffffffff 00000000ffffffff [ 22.796598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.804422] page dumped because: kasan: bad access detected [ 22.809997] [ 22.811495] Memory state around the buggy address: [ 22.816289] ffff888102b0f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.823515] ffff888102b0f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.830736] >ffff888102b0f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.837953] ^ [ 22.844047] ffff888102b0f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.851267] ffff888102b0f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.858493] ================================================================== [ 23.287114] ================================================================== [ 23.294333] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.302019] Write of size 1 at addr ffff888102b0f6eb by task kunit_try_catch/198 [ 23.309425] [ 23.310932] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 23.310940] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 23.310943] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 23.310946] Call Trace: [ 23.310948] <TASK> [ 23.310949] dump_stack_lvl+0x73/0xb0 [ 23.310953] print_report+0xd1/0x650 [ 23.310957] ? __virt_addr_valid+0x1db/0x2d0 [ 23.310961] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.310966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.310970] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.310975] kasan_report+0x141/0x180 [ 23.310979] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.310985] __asan_report_store1_noabort+0x1b/0x30 [ 23.310988] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.310993] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.310998] ? finish_task_switch.isra.0+0x153/0x700 [ 23.311002] ? __switch_to+0x544/0xf50 [ 23.311007] ? __schedule+0x10cc/0x2b60 [ 23.311012] krealloc_less_oob+0x1c/0x30 [ 23.311016] kunit_try_run_case+0x1a2/0x480 [ 23.311020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.311023] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.311028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.311033] ? __kthread_parkme+0x82/0x180 [ 23.311036] ? preempt_count_sub+0x50/0x80 [ 23.311040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.311044] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.311048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.311053] kthread+0x334/0x6f0 [ 23.311057] ? trace_preempt_on+0x20/0xc0 [ 23.311061] ? __pfx_kthread+0x10/0x10 [ 23.311064] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.311069] ? calculate_sigpending+0x7b/0xa0 [ 23.311073] ? __pfx_kthread+0x10/0x10 [ 23.311077] ret_from_fork+0x113/0x1d0 [ 23.311080] ? __pfx_kthread+0x10/0x10 [ 23.311084] ret_from_fork_asm+0x1a/0x30 [ 23.311090] </TASK> [ 23.311092] [ 23.488984] Allocated by task 198: [ 23.492402] kasan_save_stack+0x45/0x70 [ 23.496270] kasan_save_track+0x18/0x40 [ 23.500110] kasan_save_alloc_info+0x3b/0x50 [ 23.504388] __kasan_krealloc+0x190/0x1f0 [ 23.508429] krealloc_noprof+0xf3/0x340 [ 23.512268] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.517063] krealloc_less_oob+0x1c/0x30 [ 23.520989] kunit_try_run_case+0x1a2/0x480 [ 23.525173] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.530575] kthread+0x334/0x6f0 [ 23.533807] ret_from_fork+0x113/0x1d0 [ 23.537559] ret_from_fork_asm+0x1a/0x30 [ 23.541485] [ 23.542984] The buggy address belongs to the object at ffff888102b0f600 [ 23.542984] which belongs to the cache kmalloc-256 of size 256 [ 23.555498] The buggy address is located 34 bytes to the right of [ 23.555498] allocated 201-byte region [ffff888102b0f600, ffff888102b0f6c9) [ 23.568533] [ 23.570033] The buggy address belongs to the physical page: [ 23.575606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 23.583611] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.591266] flags: 0x200000000000040(head|node=0|zone=2) [ 23.596586] page_type: f5(slab) [ 23.599733] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.607481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.615220] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.623045] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.630870] head: 0200000000000001 ffffea00040ac381 00000000ffffffff 00000000ffffffff [ 23.638698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.646522] page dumped because: kasan: bad access detected [ 23.652095] [ 23.653594] Memory state around the buggy address: [ 23.658388] ffff888102b0f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.665650] ffff888102b0f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.672869] >ffff888102b0f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.680087] ^ [ 23.686701] ffff888102b0f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.693919] ffff888102b0f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.701138] ================================================================== [ 25.089666] ================================================================== [ 25.096891] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.104550] Write of size 1 at addr ffff8881069f60da by task kunit_try_catch/202 [ 25.111945] [ 25.113445] CPU: 2 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 25.113454] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 25.113456] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 25.113460] Call Trace: [ 25.113461] <TASK> [ 25.113463] dump_stack_lvl+0x73/0xb0 [ 25.113466] print_report+0xd1/0x650 [ 25.113470] ? __virt_addr_valid+0x1db/0x2d0 [ 25.113474] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.113479] ? kasan_addr_to_slab+0x11/0xa0 [ 25.113482] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.113487] kasan_report+0x141/0x180 [ 25.113491] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.113496] __asan_report_store1_noabort+0x1b/0x30 [ 25.113500] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.113505] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.113509] ? finish_task_switch.isra.0+0x153/0x700 [ 25.113513] ? __switch_to+0x544/0xf50 [ 25.113518] ? __schedule+0x10cc/0x2b60 [ 25.113523] krealloc_large_less_oob+0x1c/0x30 [ 25.113527] kunit_try_run_case+0x1a2/0x480 [ 25.113531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.113534] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.113538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.113543] ? __kthread_parkme+0x82/0x180 [ 25.113546] ? preempt_count_sub+0x50/0x80 [ 25.113550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.113554] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 25.113558] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.113563] kthread+0x334/0x6f0 [ 25.113566] ? trace_preempt_on+0x20/0xc0 [ 25.113570] ? __pfx_kthread+0x10/0x10 [ 25.113574] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.113578] ? calculate_sigpending+0x7b/0xa0 [ 25.113582] ? __pfx_kthread+0x10/0x10 [ 25.113586] ret_from_fork+0x113/0x1d0 [ 25.113589] ? __pfx_kthread+0x10/0x10 [ 25.113593] ret_from_fork_asm+0x1a/0x30 [ 25.113598] </TASK> [ 25.113600] [ 25.290760] The buggy address belongs to the physical page: [ 25.296332] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4 [ 25.304331] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.311985] flags: 0x200000000000040(head|node=0|zone=2) [ 25.317296] page_type: f8(unknown) [ 25.320705] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.328450] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.336191] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.344017] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.351843] head: 0200000000000002 ffffea00041a7d01 00000000ffffffff 00000000ffffffff [ 25.359668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.367495] page dumped because: kasan: bad access detected [ 25.373065] [ 25.374564] Memory state around the buggy address: [ 25.379400] ffff8881069f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.386630] ffff8881069f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.393850] >ffff8881069f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.401068] ^ [ 25.407161] ffff8881069f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.414398] ffff8881069f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.421624] ================================================================== [ 25.768614] ================================================================== [ 25.775844] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.783502] Write of size 1 at addr ffff8881069f60eb by task kunit_try_catch/202 [ 25.790897] [ 25.792412] CPU: 2 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 25.792420] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 25.792423] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 25.792426] Call Trace: [ 25.792427] <TASK> [ 25.792429] dump_stack_lvl+0x73/0xb0 [ 25.792432] print_report+0xd1/0x650 [ 25.792436] ? __virt_addr_valid+0x1db/0x2d0 [ 25.792440] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.792445] ? kasan_addr_to_slab+0x11/0xa0 [ 25.792448] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.792453] kasan_report+0x141/0x180 [ 25.792457] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.792462] __asan_report_store1_noabort+0x1b/0x30 [ 25.792466] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.792471] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.792475] ? finish_task_switch.isra.0+0x153/0x700 [ 25.792479] ? __switch_to+0x544/0xf50 [ 25.792484] ? __schedule+0x10cc/0x2b60 [ 25.792489] krealloc_large_less_oob+0x1c/0x30 [ 25.792493] kunit_try_run_case+0x1a2/0x480 [ 25.792497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.792500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.792504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.792509] ? __kthread_parkme+0x82/0x180 [ 25.792512] ? preempt_count_sub+0x50/0x80 [ 25.792516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.792520] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 25.792524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.792529] kthread+0x334/0x6f0 [ 25.792532] ? trace_preempt_on+0x20/0xc0 [ 25.792536] ? __pfx_kthread+0x10/0x10 [ 25.792540] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.792544] ? calculate_sigpending+0x7b/0xa0 [ 25.792548] ? __pfx_kthread+0x10/0x10 [ 25.792552] ret_from_fork+0x113/0x1d0 [ 25.792555] ? __pfx_kthread+0x10/0x10 [ 25.792559] ret_from_fork_asm+0x1a/0x30 [ 25.792564] </TASK> [ 25.792566] [ 25.969757] The buggy address belongs to the physical page: [ 25.975328] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4 [ 25.983329] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.990987] flags: 0x200000000000040(head|node=0|zone=2) [ 25.996302] page_type: f8(unknown) [ 25.999707] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.007448] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.015196] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.023030] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.030857] head: 0200000000000002 ffffea00041a7d01 00000000ffffffff 00000000ffffffff [ 26.038691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.046523] page dumped because: kasan: bad access detected [ 26.052095] [ 26.053586] Memory state around the buggy address: [ 26.058383] ffff8881069f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.065625] ffff8881069f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.072844] >ffff8881069f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.080065] ^ [ 26.086676] ffff8881069f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.093896] ffff8881069f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.101113] ================================================================== [ 22.024505] ================================================================== [ 22.031735] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.039406] Write of size 1 at addr ffff888102b0f6d0 by task kunit_try_catch/198 [ 22.046831] [ 22.048332] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 22.048341] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 22.048344] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.048347] Call Trace: [ 22.048348] <TASK> [ 22.048370] dump_stack_lvl+0x73/0xb0 [ 22.048374] print_report+0xd1/0x650 [ 22.048378] ? __virt_addr_valid+0x1db/0x2d0 [ 22.048382] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.048387] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.048391] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.048409] kasan_report+0x141/0x180 [ 22.048414] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.048419] __asan_report_store1_noabort+0x1b/0x30 [ 22.048423] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.048428] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.048433] ? finish_task_switch.isra.0+0x153/0x700 [ 22.048437] ? __switch_to+0x544/0xf50 [ 22.048441] ? __schedule+0x10cc/0x2b60 [ 22.048447] krealloc_less_oob+0x1c/0x30 [ 22.048451] kunit_try_run_case+0x1a2/0x480 [ 22.048454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.048458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.048463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.048467] ? __kthread_parkme+0x82/0x180 [ 22.048471] ? preempt_count_sub+0x50/0x80 [ 22.048475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.048479] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.048483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.048488] kthread+0x334/0x6f0 [ 22.048491] ? trace_preempt_on+0x20/0xc0 [ 22.048496] ? __pfx_kthread+0x10/0x10 [ 22.048499] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.048504] ? calculate_sigpending+0x7b/0xa0 [ 22.048508] ? __pfx_kthread+0x10/0x10 [ 22.048512] ret_from_fork+0x113/0x1d0 [ 22.048515] ? __pfx_kthread+0x10/0x10 [ 22.048519] ret_from_fork_asm+0x1a/0x30 [ 22.048525] </TASK> [ 22.048527] [ 22.226385] Allocated by task 198: [ 22.229806] kasan_save_stack+0x45/0x70 [ 22.233646] kasan_save_track+0x18/0x40 [ 22.237486] kasan_save_alloc_info+0x3b/0x50 [ 22.241758] __kasan_krealloc+0x190/0x1f0 [ 22.245769] krealloc_noprof+0xf3/0x340 [ 22.249610] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.254441] krealloc_less_oob+0x1c/0x30 [ 22.258384] kunit_try_run_case+0x1a2/0x480 [ 22.262617] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.268018] kthread+0x334/0x6f0 [ 22.271251] ret_from_fork+0x113/0x1d0 [ 22.275003] ret_from_fork_asm+0x1a/0x30 [ 22.278930] [ 22.280429] The buggy address belongs to the object at ffff888102b0f600 [ 22.280429] which belongs to the cache kmalloc-256 of size 256 [ 22.292942] The buggy address is located 7 bytes to the right of [ 22.292942] allocated 201-byte region [ffff888102b0f600, ffff888102b0f6c9) [ 22.305890] [ 22.307389] The buggy address belongs to the physical page: [ 22.312990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 22.320997] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.328658] flags: 0x200000000000040(head|node=0|zone=2) [ 22.333969] page_type: f5(slab) [ 22.337118] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 22.344863] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.352605] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 22.360447] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.368273] head: 0200000000000001 ffffea00040ac381 00000000ffffffff 00000000ffffffff [ 22.376099] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.383923] page dumped because: kasan: bad access detected [ 22.389497] [ 22.390994] Memory state around the buggy address: [ 22.395788] ffff888102b0f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.403008] ffff888102b0f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.410229] >ffff888102b0f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.417453] ^ [ 22.423288] ffff888102b0f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.430505] ffff888102b0f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.437726] ================================================================== [ 25.428869] ================================================================== [ 25.436099] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443759] Write of size 1 at addr ffff8881069f60ea by task kunit_try_catch/202 [ 25.451150] [ 25.452653] CPU: 2 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 25.452661] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 25.452663] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 25.452666] Call Trace: [ 25.452668] <TASK> [ 25.452669] dump_stack_lvl+0x73/0xb0 [ 25.452673] print_report+0xd1/0x650 [ 25.452677] ? __virt_addr_valid+0x1db/0x2d0 [ 25.452681] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.452685] ? kasan_addr_to_slab+0x11/0xa0 [ 25.452689] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.452693] kasan_report+0x141/0x180 [ 25.452697] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.452703] __asan_report_store1_noabort+0x1b/0x30 [ 25.452706] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.452711] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.452716] ? finish_task_switch.isra.0+0x153/0x700 [ 25.452720] ? __switch_to+0x544/0xf50 [ 25.452724] ? __schedule+0x10cc/0x2b60 [ 25.452729] krealloc_large_less_oob+0x1c/0x30 [ 25.452734] kunit_try_run_case+0x1a2/0x480 [ 25.452737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.452740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.452745] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.452749] ? __kthread_parkme+0x82/0x180 [ 25.452753] ? preempt_count_sub+0x50/0x80 [ 25.452757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.452760] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 25.452765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.452769] kthread+0x334/0x6f0 [ 25.452773] ? trace_preempt_on+0x20/0xc0 [ 25.452777] ? __pfx_kthread+0x10/0x10 [ 25.452780] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.452785] ? calculate_sigpending+0x7b/0xa0 [ 25.452789] ? __pfx_kthread+0x10/0x10 [ 25.452793] ret_from_fork+0x113/0x1d0 [ 25.452796] ? __pfx_kthread+0x10/0x10 [ 25.452800] ret_from_fork_asm+0x1a/0x30 [ 25.452805] </TASK> [ 25.452807] [ 25.630020] The buggy address belongs to the physical page: [ 25.635593] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4 [ 25.643599] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.651253] flags: 0x200000000000040(head|node=0|zone=2) [ 25.656564] page_type: f8(unknown) [ 25.659973] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.667720] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.675459] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.683283] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.691112] head: 0200000000000002 ffffea00041a7d01 00000000ffffffff 00000000ffffffff [ 25.698937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.706761] page dumped because: kasan: bad access detected [ 25.712333] [ 25.713835] Memory state around the buggy address: [ 25.718628] ffff8881069f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.725856] ffff8881069f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.733074] >ffff8881069f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.740292] ^ [ 25.746904] ffff8881069f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.754126] ffff8881069f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.761343] ================================================================== [ 21.600515] ================================================================== [ 21.611625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.619286] Write of size 1 at addr ffff888102b0f6c9 by task kunit_try_catch/198 [ 21.626679] [ 21.628180] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 21.628189] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 21.628191] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.628195] Call Trace: [ 21.628196] <TASK> [ 21.628198] dump_stack_lvl+0x73/0xb0 [ 21.628202] print_report+0xd1/0x650 [ 21.628206] ? __virt_addr_valid+0x1db/0x2d0 [ 21.628210] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.628215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.628219] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.628224] kasan_report+0x141/0x180 [ 21.628228] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.628233] __asan_report_store1_noabort+0x1b/0x30 [ 21.628237] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.628242] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.628246] ? finish_task_switch.isra.0+0x153/0x700 [ 21.628250] ? __switch_to+0x544/0xf50 [ 21.628255] ? __schedule+0x10cc/0x2b60 [ 21.628260] krealloc_less_oob+0x1c/0x30 [ 21.628264] kunit_try_run_case+0x1a2/0x480 [ 21.628267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.628271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.628275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.628280] ? __kthread_parkme+0x82/0x180 [ 21.628283] ? preempt_count_sub+0x50/0x80 [ 21.628287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.628291] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.628295] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.628300] kthread+0x334/0x6f0 [ 21.628303] ? trace_preempt_on+0x20/0xc0 [ 21.628308] ? __pfx_kthread+0x10/0x10 [ 21.628311] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.628315] ? calculate_sigpending+0x7b/0xa0 [ 21.628320] ? __pfx_kthread+0x10/0x10 [ 21.628324] ret_from_fork+0x113/0x1d0 [ 21.628327] ? __pfx_kthread+0x10/0x10 [ 21.628331] ret_from_fork_asm+0x1a/0x30 [ 21.628336] </TASK> [ 21.628338] [ 21.806161] Allocated by task 198: [ 21.809568] kasan_save_stack+0x45/0x70 [ 21.813429] kasan_save_track+0x18/0x40 [ 21.817273] kasan_save_alloc_info+0x3b/0x50 [ 21.821546] __kasan_krealloc+0x190/0x1f0 [ 21.825567] krealloc_noprof+0xf3/0x340 [ 21.829424] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.834224] krealloc_less_oob+0x1c/0x30 [ 21.838149] kunit_try_run_case+0x1a2/0x480 [ 21.842334] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.847768] kthread+0x334/0x6f0 [ 21.851002] ret_from_fork+0x113/0x1d0 [ 21.854755] ret_from_fork_asm+0x1a/0x30 [ 21.858682] [ 21.860181] The buggy address belongs to the object at ffff888102b0f600 [ 21.860181] which belongs to the cache kmalloc-256 of size 256 [ 21.872694] The buggy address is located 0 bytes to the right of [ 21.872694] allocated 201-byte region [ffff888102b0f600, ffff888102b0f6c9) [ 21.885641] [ 21.887134] The buggy address belongs to the physical page: [ 21.892705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 21.900713] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.908382] flags: 0x200000000000040(head|node=0|zone=2) [ 21.913747] page_type: f5(slab) [ 21.916895] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.924633] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.932387] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.940234] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.948060] head: 0200000000000001 ffffea00040ac381 00000000ffffffff 00000000ffffffff [ 21.955886] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.963712] page dumped because: kasan: bad access detected [ 21.969284] [ 21.970781] Memory state around the buggy address: [ 21.975576] ffff888102b0f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.982795] ffff888102b0f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.990022] >ffff888102b0f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.997241] ^ [ 22.002813] ffff888102b0f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.010033] ffff888102b0f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.017253] ================================================================== [ 22.865723] ================================================================== [ 22.872950] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.880603] Write of size 1 at addr ffff888102b0f6ea by task kunit_try_catch/198 [ 22.888003] [ 22.889503] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 22.889511] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 22.889514] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.889517] Call Trace: [ 22.889519] <TASK> [ 22.889520] dump_stack_lvl+0x73/0xb0 [ 22.889524] print_report+0xd1/0x650 [ 22.889528] ? __virt_addr_valid+0x1db/0x2d0 [ 22.889532] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.889536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.889540] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.889545] kasan_report+0x141/0x180 [ 22.889549] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.889554] __asan_report_store1_noabort+0x1b/0x30 [ 22.889558] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.889563] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.889567] ? finish_task_switch.isra.0+0x153/0x700 [ 22.889571] ? __switch_to+0x544/0xf50 [ 22.889576] ? __schedule+0x10cc/0x2b60 [ 22.889581] krealloc_less_oob+0x1c/0x30 [ 22.889585] kunit_try_run_case+0x1a2/0x480 [ 22.889588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.889592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.889596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.889601] ? __kthread_parkme+0x82/0x180 [ 22.889604] ? preempt_count_sub+0x50/0x80 [ 22.889608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.889612] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.889616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.889621] kthread+0x334/0x6f0 [ 22.889624] ? trace_preempt_on+0x20/0xc0 [ 22.889628] ? __pfx_kthread+0x10/0x10 [ 22.889632] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.889636] ? calculate_sigpending+0x7b/0xa0 [ 22.889640] ? __pfx_kthread+0x10/0x10 [ 22.889644] ret_from_fork+0x113/0x1d0 [ 22.889647] ? __pfx_kthread+0x10/0x10 [ 22.889651] ret_from_fork_asm+0x1a/0x30 [ 22.889657] </TASK> [ 22.889658] [ 23.067590] Allocated by task 198: [ 23.070998] kasan_save_stack+0x45/0x70 [ 23.074844] kasan_save_track+0x18/0x40 [ 23.078685] kasan_save_alloc_info+0x3b/0x50 [ 23.082956] __kasan_krealloc+0x190/0x1f0 [ 23.086970] krealloc_noprof+0xf3/0x340 [ 23.090809] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.095611] krealloc_less_oob+0x1c/0x30 [ 23.099545] kunit_try_run_case+0x1a2/0x480 [ 23.103729] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.109130] kthread+0x334/0x6f0 [ 23.112389] ret_from_fork+0x113/0x1d0 [ 23.116165] ret_from_fork_asm+0x1a/0x30 [ 23.120093] [ 23.121592] The buggy address belongs to the object at ffff888102b0f600 [ 23.121592] which belongs to the cache kmalloc-256 of size 256 [ 23.134099] The buggy address is located 33 bytes to the right of [ 23.134099] allocated 201-byte region [ffff888102b0f600, ffff888102b0f6c9) [ 23.147142] [ 23.148640] The buggy address belongs to the physical page: [ 23.154213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 23.162220] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.169874] flags: 0x200000000000040(head|node=0|zone=2) [ 23.175195] page_type: f5(slab) [ 23.178342] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.186115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.193855] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.201690] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.209523] head: 0200000000000001 ffffea00040ac381 00000000ffffffff 00000000ffffffff [ 23.217380] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.225235] page dumped because: kasan: bad access detected [ 23.230806] [ 23.232307] Memory state around the buggy address: [ 23.237099] ffff888102b0f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.244318] ffff888102b0f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.251538] >ffff888102b0f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.258757] ^ [ 23.265385] ffff888102b0f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.272650] ffff888102b0f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.279868] ==================================================================