Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.186963] ================================================================== [ 18.187056] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 18.187242] Write of size 1 at addr fff00000c18286eb by task kunit_try_catch/156 [ 18.187295] [ 18.187344] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.187515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.187587] Hardware name: linux,dummy-virt (DT) [ 18.187634] Call trace: [ 18.187666] show_stack+0x20/0x38 (C) [ 18.187716] dump_stack_lvl+0x8c/0xd0 [ 18.187799] print_report+0x118/0x608 [ 18.187846] kasan_report+0xdc/0x128 [ 18.187891] __asan_report_store1_noabort+0x20/0x30 [ 18.187944] krealloc_more_oob_helper+0x60c/0x678 [ 18.187992] krealloc_more_oob+0x20/0x38 [ 18.188048] kunit_try_run_case+0x170/0x3f0 [ 18.188105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.188163] kthread+0x328/0x630 [ 18.188216] ret_from_fork+0x10/0x20 [ 18.188279] [ 18.188311] Allocated by task 156: [ 18.188339] kasan_save_stack+0x3c/0x68 [ 18.188379] kasan_save_track+0x20/0x40 [ 18.188415] kasan_save_alloc_info+0x40/0x58 [ 18.188471] __kasan_krealloc+0x118/0x178 [ 18.188508] krealloc_noprof+0x128/0x360 [ 18.188560] krealloc_more_oob_helper+0x168/0x678 [ 18.188608] krealloc_more_oob+0x20/0x38 [ 18.188652] kunit_try_run_case+0x170/0x3f0 [ 18.188688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.188744] kthread+0x328/0x630 [ 18.188789] ret_from_fork+0x10/0x20 [ 18.188843] [ 18.188874] The buggy address belongs to the object at fff00000c1828600 [ 18.188874] which belongs to the cache kmalloc-256 of size 256 [ 18.188957] The buggy address is located 0 bytes to the right of [ 18.188957] allocated 235-byte region [fff00000c1828600, fff00000c18286eb) [ 18.189033] [ 18.189053] The buggy address belongs to the physical page: [ 18.189085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.189136] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.189182] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.189235] page_type: f5(slab) [ 18.189273] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.189330] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.189388] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.190011] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.190084] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.190199] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.190437] page dumped because: kasan: bad access detected [ 18.190535] [ 18.190555] Memory state around the buggy address: [ 18.190587] fff00000c1828580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.190669] fff00000c1828600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.190952] >fff00000c1828680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 18.191018] ^ [ 18.191068] fff00000c1828700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.191164] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.191224] ================================================================== [ 18.192542] ================================================================== [ 18.192684] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 18.192738] Write of size 1 at addr fff00000c18286f0 by task kunit_try_catch/156 [ 18.192881] [ 18.192929] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.193060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.193107] Hardware name: linux,dummy-virt (DT) [ 18.193137] Call trace: [ 18.193157] show_stack+0x20/0x38 (C) [ 18.193492] dump_stack_lvl+0x8c/0xd0 [ 18.193549] print_report+0x118/0x608 [ 18.193595] kasan_report+0xdc/0x128 [ 18.193702] __asan_report_store1_noabort+0x20/0x30 [ 18.193755] krealloc_more_oob_helper+0x5c0/0x678 [ 18.193803] krealloc_more_oob+0x20/0x38 [ 18.193898] kunit_try_run_case+0x170/0x3f0 [ 18.193974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.194028] kthread+0x328/0x630 [ 18.194091] ret_from_fork+0x10/0x20 [ 18.194289] [ 18.194351] Allocated by task 156: [ 18.194379] kasan_save_stack+0x3c/0x68 [ 18.194468] kasan_save_track+0x20/0x40 [ 18.194527] kasan_save_alloc_info+0x40/0x58 [ 18.194562] __kasan_krealloc+0x118/0x178 [ 18.194599] krealloc_noprof+0x128/0x360 [ 18.194741] krealloc_more_oob_helper+0x168/0x678 [ 18.194839] krealloc_more_oob+0x20/0x38 [ 18.194967] kunit_try_run_case+0x170/0x3f0 [ 18.195016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.195081] kthread+0x328/0x630 [ 18.195266] ret_from_fork+0x10/0x20 [ 18.195315] [ 18.195334] The buggy address belongs to the object at fff00000c1828600 [ 18.195334] which belongs to the cache kmalloc-256 of size 256 [ 18.195441] The buggy address is located 5 bytes to the right of [ 18.195441] allocated 235-byte region [fff00000c1828600, fff00000c18286eb) [ 18.195595] [ 18.195625] The buggy address belongs to the physical page: [ 18.195655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101828 [ 18.195867] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.195942] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.196004] page_type: f5(slab) [ 18.196074] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.196187] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.196274] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.196374] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.196584] head: 0bfffe0000000001 ffffc1ffc3060a01 00000000ffffffff 00000000ffffffff [ 18.196687] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.196808] page dumped because: kasan: bad access detected [ 18.196893] [ 18.197013] Memory state around the buggy address: [ 18.197046] fff00000c1828580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.197203] fff00000c1828600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.197290] >fff00000c1828680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 18.197414] ^ [ 18.197504] fff00000c1828700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.197614] fff00000c1828780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.197685] ================================================================== [ 18.258903] ================================================================== [ 18.259035] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 18.259090] Write of size 1 at addr fff00000c647a0f0 by task kunit_try_catch/160 [ 18.259934] [ 18.260047] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.260229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.260295] Hardware name: linux,dummy-virt (DT) [ 18.260326] Call trace: [ 18.260348] show_stack+0x20/0x38 (C) [ 18.260433] dump_stack_lvl+0x8c/0xd0 [ 18.260506] print_report+0x118/0x608 [ 18.260841] kasan_report+0xdc/0x128 [ 18.260995] __asan_report_store1_noabort+0x20/0x30 [ 18.261093] krealloc_more_oob_helper+0x5c0/0x678 [ 18.261528] krealloc_large_more_oob+0x20/0x38 [ 18.261620] kunit_try_run_case+0x170/0x3f0 [ 18.261914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.262032] kthread+0x328/0x630 [ 18.262112] ret_from_fork+0x10/0x20 [ 18.262200] [ 18.262279] The buggy address belongs to the physical page: [ 18.262318] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106478 [ 18.262391] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.262533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.262632] page_type: f8(unknown) [ 18.262914] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.262997] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.263325] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.263499] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.263659] head: 0bfffe0000000002 ffffc1ffc3191e01 00000000ffffffff 00000000ffffffff [ 18.263745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.263840] page dumped because: kasan: bad access detected [ 18.263920] [ 18.263995] Memory state around the buggy address: [ 18.264096] fff00000c6479f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.264211] fff00000c647a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.264255] >fff00000c647a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 18.264310] ^ [ 18.264358] fff00000c647a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.264527] fff00000c647a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.264721] ================================================================== [ 18.251224] ================================================================== [ 18.251278] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 18.251332] Write of size 1 at addr fff00000c647a0eb by task kunit_try_catch/160 [ 18.251718] [ 18.251754] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.252158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.252197] Hardware name: linux,dummy-virt (DT) [ 18.252228] Call trace: [ 18.252249] show_stack+0x20/0x38 (C) [ 18.252674] dump_stack_lvl+0x8c/0xd0 [ 18.252794] print_report+0x118/0x608 [ 18.252898] kasan_report+0xdc/0x128 [ 18.253060] __asan_report_store1_noabort+0x20/0x30 [ 18.253338] krealloc_more_oob_helper+0x60c/0x678 [ 18.253411] krealloc_large_more_oob+0x20/0x38 [ 18.253623] kunit_try_run_case+0x170/0x3f0 [ 18.253749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.253937] kthread+0x328/0x630 [ 18.254028] ret_from_fork+0x10/0x20 [ 18.254154] [ 18.254176] The buggy address belongs to the physical page: [ 18.254438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106478 [ 18.254621] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.254687] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.254781] page_type: f8(unknown) [ 18.254872] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.254959] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.255209] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.255534] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.255617] head: 0bfffe0000000002 ffffc1ffc3191e01 00000000ffffffff 00000000ffffffff [ 18.255873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.256064] page dumped because: kasan: bad access detected [ 18.256163] [ 18.256205] Memory state around the buggy address: [ 18.256278] fff00000c6479f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.256350] fff00000c647a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.256517] >fff00000c647a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 18.256605] ^ [ 18.256966] fff00000c647a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.257118] fff00000c647a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.257209] ==================================================================
[ 14.145353] ================================================================== [ 14.145814] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 14.146261] Write of size 1 at addr ffff8881038ba0f0 by task kunit_try_catch/177 [ 14.146832] [ 14.147055] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.147154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.147182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.148231] Call Trace: [ 14.148293] <TASK> [ 14.148336] dump_stack_lvl+0x73/0xb0 [ 14.148414] print_report+0xd1/0x650 [ 14.148479] ? __virt_addr_valid+0x1db/0x2d0 [ 14.148535] ? krealloc_more_oob_helper+0x7eb/0x930 [ 14.148589] ? kasan_addr_to_slab+0x11/0xa0 [ 14.148637] ? krealloc_more_oob_helper+0x7eb/0x930 [ 14.148677] kasan_report+0x141/0x180 [ 14.148719] ? krealloc_more_oob_helper+0x7eb/0x930 [ 14.148784] __asan_report_store1_noabort+0x1b/0x30 [ 14.148833] krealloc_more_oob_helper+0x7eb/0x930 [ 14.148884] ? __schedule+0x10cc/0x2b60 [ 14.148938] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 14.148994] ? finish_task_switch.isra.0+0x153/0x700 [ 14.149074] ? __switch_to+0x47/0xf50 [ 14.149129] ? __schedule+0x10cc/0x2b60 [ 14.149170] ? __pfx_read_tsc+0x10/0x10 [ 14.149230] krealloc_large_more_oob+0x1c/0x30 [ 14.149273] kunit_try_run_case+0x1a5/0x480 [ 14.149299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.149321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.149349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.149375] ? __kthread_parkme+0x82/0x180 [ 14.149398] ? preempt_count_sub+0x50/0x80 [ 14.149424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.149446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.149500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.149528] kthread+0x337/0x6f0 [ 14.149551] ? trace_preempt_on+0x20/0xc0 [ 14.149576] ? __pfx_kthread+0x10/0x10 [ 14.149599] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.149623] ? calculate_sigpending+0x7b/0xa0 [ 14.149648] ? __pfx_kthread+0x10/0x10 [ 14.149669] ret_from_fork+0x116/0x1d0 [ 14.149695] ? __pfx_kthread+0x10/0x10 [ 14.149751] ret_from_fork_asm+0x1a/0x30 [ 14.149808] </TASK> [ 14.149824] [ 14.159086] The buggy address belongs to the physical page: [ 14.159516] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038b8 [ 14.160115] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.160691] flags: 0x200000000000040(head|node=0|zone=2) [ 14.160959] page_type: f8(unknown) [ 14.161159] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.161498] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.162094] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.162879] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.163506] head: 0200000000000002 ffffea00040e2e01 00000000ffffffff 00000000ffffffff [ 14.163925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.164249] page dumped because: kasan: bad access detected [ 14.164502] [ 14.164687] Memory state around the buggy address: [ 14.165162] ffff8881038b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.165692] ffff8881038ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.166351] >ffff8881038ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 14.166557] ^ [ 14.166770] ffff8881038ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.166971] ffff8881038ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.167502] ================================================================== [ 13.823255] ================================================================== [ 13.823991] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.825515] Write of size 1 at addr ffff888100ab46eb by task kunit_try_catch/173 [ 13.826275] [ 13.826474] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.826618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.826663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.826868] Call Trace: [ 13.826953] <TASK> [ 13.826996] dump_stack_lvl+0x73/0xb0 [ 13.827047] print_report+0xd1/0x650 [ 13.827075] ? __virt_addr_valid+0x1db/0x2d0 [ 13.827103] ? krealloc_more_oob_helper+0x821/0x930 [ 13.827137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.827175] ? krealloc_more_oob_helper+0x821/0x930 [ 13.827245] kasan_report+0x141/0x180 [ 13.827273] ? krealloc_more_oob_helper+0x821/0x930 [ 13.827303] __asan_report_store1_noabort+0x1b/0x30 [ 13.827325] krealloc_more_oob_helper+0x821/0x930 [ 13.827362] ? trace_hardirqs_on+0x37/0xe0 [ 13.827398] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.827423] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.827472] ? __pfx_krealloc_more_oob+0x10/0x10 [ 13.827506] krealloc_more_oob+0x1c/0x30 [ 13.827530] kunit_try_run_case+0x1a5/0x480 [ 13.827556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.827577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.827605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.827631] ? __kthread_parkme+0x82/0x180 [ 13.827655] ? preempt_count_sub+0x50/0x80 [ 13.827681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.827703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.827729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.827791] kthread+0x337/0x6f0 [ 13.827826] ? trace_preempt_on+0x20/0xc0 [ 13.827862] ? __pfx_kthread+0x10/0x10 [ 13.827896] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.827932] ? calculate_sigpending+0x7b/0xa0 [ 13.827968] ? __pfx_kthread+0x10/0x10 [ 13.827991] ret_from_fork+0x116/0x1d0 [ 13.828014] ? __pfx_kthread+0x10/0x10 [ 13.828036] ret_from_fork_asm+0x1a/0x30 [ 13.828069] </TASK> [ 13.828082] [ 13.839683] Allocated by task 173: [ 13.840088] kasan_save_stack+0x45/0x70 [ 13.840629] kasan_save_track+0x18/0x40 [ 13.841082] kasan_save_alloc_info+0x3b/0x50 [ 13.841317] __kasan_krealloc+0x190/0x1f0 [ 13.841731] krealloc_noprof+0xf3/0x340 [ 13.842171] krealloc_more_oob_helper+0x1a9/0x930 [ 13.842365] krealloc_more_oob+0x1c/0x30 [ 13.842608] kunit_try_run_case+0x1a5/0x480 [ 13.843000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.843496] kthread+0x337/0x6f0 [ 13.843813] ret_from_fork+0x116/0x1d0 [ 13.844143] ret_from_fork_asm+0x1a/0x30 [ 13.844603] [ 13.844805] The buggy address belongs to the object at ffff888100ab4600 [ 13.844805] which belongs to the cache kmalloc-256 of size 256 [ 13.845619] The buggy address is located 0 bytes to the right of [ 13.845619] allocated 235-byte region [ffff888100ab4600, ffff888100ab46eb) [ 13.846078] [ 13.846237] The buggy address belongs to the physical page: [ 13.846559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 13.847148] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.847769] flags: 0x200000000000040(head|node=0|zone=2) [ 13.848245] page_type: f5(slab) [ 13.848439] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.849263] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.849831] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.850130] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.852200] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 13.852747] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.853079] page dumped because: kasan: bad access detected [ 13.853351] [ 13.853483] Memory state around the buggy address: [ 13.853716] ffff888100ab4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.853988] ffff888100ab4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.854307] >ffff888100ab4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.854823] ^ [ 13.855385] ffff888100ab4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.855919] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.856509] ================================================================== [ 14.114116] ================================================================== [ 14.114738] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 14.115616] Write of size 1 at addr ffff8881038ba0eb by task kunit_try_catch/177 [ 14.116250] [ 14.116413] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.116522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.116548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.116591] Call Trace: [ 14.116620] <TASK> [ 14.116663] dump_stack_lvl+0x73/0xb0 [ 14.116732] print_report+0xd1/0x650 [ 14.116775] ? __virt_addr_valid+0x1db/0x2d0 [ 14.116815] ? krealloc_more_oob_helper+0x821/0x930 [ 14.116853] ? kasan_addr_to_slab+0x11/0xa0 [ 14.116889] ? krealloc_more_oob_helper+0x821/0x930 [ 14.116928] kasan_report+0x141/0x180 [ 14.116972] ? krealloc_more_oob_helper+0x821/0x930 [ 14.117028] __asan_report_store1_noabort+0x1b/0x30 [ 14.117072] krealloc_more_oob_helper+0x821/0x930 [ 14.117118] ? __schedule+0x10cc/0x2b60 [ 14.117166] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 14.117760] ? finish_task_switch.isra.0+0x153/0x700 [ 14.117851] ? __switch_to+0x47/0xf50 [ 14.117893] ? __schedule+0x10cc/0x2b60 [ 14.117931] ? __pfx_read_tsc+0x10/0x10 [ 14.117971] krealloc_large_more_oob+0x1c/0x30 [ 14.118010] kunit_try_run_case+0x1a5/0x480 [ 14.118047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.118078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.118117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.118156] ? __kthread_parkme+0x82/0x180 [ 14.118240] ? preempt_count_sub+0x50/0x80 [ 14.118296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.118354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.118385] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.118411] kthread+0x337/0x6f0 [ 14.118434] ? trace_preempt_on+0x20/0xc0 [ 14.118483] ? __pfx_kthread+0x10/0x10 [ 14.118509] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.118533] ? calculate_sigpending+0x7b/0xa0 [ 14.118560] ? __pfx_kthread+0x10/0x10 [ 14.118583] ret_from_fork+0x116/0x1d0 [ 14.118605] ? __pfx_kthread+0x10/0x10 [ 14.118627] ret_from_fork_asm+0x1a/0x30 [ 14.118661] </TASK> [ 14.118676] [ 14.134481] The buggy address belongs to the physical page: [ 14.135518] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038b8 [ 14.136507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.137084] flags: 0x200000000000040(head|node=0|zone=2) [ 14.137495] page_type: f8(unknown) [ 14.137697] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.138499] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.139158] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.139505] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.140205] head: 0200000000000002 ffffea00040e2e01 00000000ffffffff 00000000ffffffff [ 14.140495] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.140744] page dumped because: kasan: bad access detected [ 14.140928] [ 14.141022] Memory state around the buggy address: [ 14.141199] ffff8881038b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.141429] ffff8881038ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.141703] >ffff8881038ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 14.141971] ^ [ 14.142228] ffff8881038ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.143405] ffff8881038ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.144063] ================================================================== [ 13.857524] ================================================================== [ 13.858377] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.859148] Write of size 1 at addr ffff888100ab46f0 by task kunit_try_catch/173 [ 13.859730] [ 13.859892] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.859992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.860052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.860090] Call Trace: [ 13.860129] <TASK> [ 13.860167] dump_stack_lvl+0x73/0xb0 [ 13.860253] print_report+0xd1/0x650 [ 13.860293] ? __virt_addr_valid+0x1db/0x2d0 [ 13.860332] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.860368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.860402] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.860440] kasan_report+0x141/0x180 [ 13.860495] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.860545] __asan_report_store1_noabort+0x1b/0x30 [ 13.860586] krealloc_more_oob_helper+0x7eb/0x930 [ 13.860629] ? trace_hardirqs_on+0x37/0xe0 [ 13.860678] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.860740] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.860810] ? __pfx_krealloc_more_oob+0x10/0x10 [ 13.860871] krealloc_more_oob+0x1c/0x30 [ 13.860913] kunit_try_run_case+0x1a5/0x480 [ 13.860954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.860994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.861044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.861092] ? __kthread_parkme+0x82/0x180 [ 13.861138] ? preempt_count_sub+0x50/0x80 [ 13.861189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.861236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.861291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.861344] kthread+0x337/0x6f0 [ 13.861390] ? trace_preempt_on+0x20/0xc0 [ 13.861439] ? __pfx_kthread+0x10/0x10 [ 13.861499] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.861549] ? calculate_sigpending+0x7b/0xa0 [ 13.861602] ? __pfx_kthread+0x10/0x10 [ 13.861652] ret_from_fork+0x116/0x1d0 [ 13.861698] ? __pfx_kthread+0x10/0x10 [ 13.861746] ret_from_fork_asm+0x1a/0x30 [ 13.861820] </TASK> [ 13.861848] [ 13.871586] Allocated by task 173: [ 13.871844] kasan_save_stack+0x45/0x70 [ 13.872090] kasan_save_track+0x18/0x40 [ 13.872324] kasan_save_alloc_info+0x3b/0x50 [ 13.872601] __kasan_krealloc+0x190/0x1f0 [ 13.872950] krealloc_noprof+0xf3/0x340 [ 13.873333] krealloc_more_oob_helper+0x1a9/0x930 [ 13.873790] krealloc_more_oob+0x1c/0x30 [ 13.874118] kunit_try_run_case+0x1a5/0x480 [ 13.874472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.874900] kthread+0x337/0x6f0 [ 13.875240] ret_from_fork+0x116/0x1d0 [ 13.875600] ret_from_fork_asm+0x1a/0x30 [ 13.876016] [ 13.876222] The buggy address belongs to the object at ffff888100ab4600 [ 13.876222] which belongs to the cache kmalloc-256 of size 256 [ 13.876725] The buggy address is located 5 bytes to the right of [ 13.876725] allocated 235-byte region [ffff888100ab4600, ffff888100ab46eb) [ 13.877725] [ 13.877890] The buggy address belongs to the physical page: [ 13.878128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 13.878470] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.879063] flags: 0x200000000000040(head|node=0|zone=2) [ 13.879593] page_type: f5(slab) [ 13.879894] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.880343] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.880574] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.881055] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.881689] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 13.882101] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.883443] page dumped because: kasan: bad access detected [ 13.883930] [ 13.884052] Memory state around the buggy address: [ 13.884334] ffff888100ab4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.885056] ffff888100ab4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.885641] >ffff888100ab4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.886912] ^ [ 13.887553] ffff888100ab4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.888235] ffff888100ab4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.888548] ==================================================================
[ 21.175467] ================================================================== [ 21.182720] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.190294] Write of size 1 at addr ffff8881044764f0 by task kunit_try_catch/196 [ 21.197695] [ 21.199193] CPU: 2 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 21.199202] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 21.199205] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.199208] Call Trace: [ 21.199210] <TASK> [ 21.199211] dump_stack_lvl+0x73/0xb0 [ 21.199215] print_report+0xd1/0x650 [ 21.199219] ? __virt_addr_valid+0x1db/0x2d0 [ 21.199223] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.199227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.199231] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.199236] kasan_report+0x141/0x180 [ 21.199240] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.199245] __asan_report_store1_noabort+0x1b/0x30 [ 21.199249] krealloc_more_oob_helper+0x7eb/0x930 [ 21.199253] ? __schedule+0x10cc/0x2b60 [ 21.199258] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.199262] ? finish_task_switch.isra.0+0x153/0x700 [ 21.199266] ? __switch_to+0x544/0xf50 [ 21.199271] ? __schedule+0x10cc/0x2b60 [ 21.199276] krealloc_more_oob+0x1c/0x30 [ 21.199280] kunit_try_run_case+0x1a2/0x480 [ 21.199283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.199287] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.199291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.199296] ? __kthread_parkme+0x82/0x180 [ 21.199299] ? preempt_count_sub+0x50/0x80 [ 21.199303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.199307] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.199311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.199316] kthread+0x334/0x6f0 [ 21.199319] ? trace_preempt_on+0x20/0xc0 [ 21.199323] ? __pfx_kthread+0x10/0x10 [ 21.199327] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.199331] ? calculate_sigpending+0x7b/0xa0 [ 21.199335] ? __pfx_kthread+0x10/0x10 [ 21.199339] ret_from_fork+0x113/0x1d0 [ 21.199342] ? __pfx_kthread+0x10/0x10 [ 21.199366] ret_from_fork_asm+0x1a/0x30 [ 21.199372] </TASK> [ 21.199374] [ 21.380792] Allocated by task 196: [ 21.384197] kasan_save_stack+0x45/0x70 [ 21.388037] kasan_save_track+0x18/0x40 [ 21.391875] kasan_save_alloc_info+0x3b/0x50 [ 21.396150] __kasan_krealloc+0x190/0x1f0 [ 21.400161] krealloc_noprof+0xf3/0x340 [ 21.404002] krealloc_more_oob_helper+0x1a9/0x930 [ 21.408714] krealloc_more_oob+0x1c/0x30 [ 21.412642] kunit_try_run_case+0x1a2/0x480 [ 21.416826] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.422227] kthread+0x334/0x6f0 [ 21.425459] ret_from_fork+0x113/0x1d0 [ 21.429211] ret_from_fork_asm+0x1a/0x30 [ 21.433136] [ 21.434638] The buggy address belongs to the object at ffff888104476400 [ 21.434638] which belongs to the cache kmalloc-256 of size 256 [ 21.447152] The buggy address is located 5 bytes to the right of [ 21.447152] allocated 235-byte region [ffff888104476400, ffff8881044764eb) [ 21.460098] [ 21.461598] The buggy address belongs to the physical page: [ 21.467172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104476 [ 21.475180] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.482841] flags: 0x200000000000040(head|node=0|zone=2) [ 21.488161] page_type: f5(slab) [ 21.491308] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.499055] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.506794] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.514621] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.522448] head: 0200000000000001 ffffea0004111d81 00000000ffffffff 00000000ffffffff [ 21.530282] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.538116] page dumped because: kasan: bad access detected [ 21.543688] [ 21.545187] Memory state around the buggy address: [ 21.549980] ffff888104476380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.557198] ffff888104476400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.564441] >ffff888104476480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.571663] ^ [ 21.578535] ffff888104476500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.585755] ffff888104476580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.592974] ================================================================== [ 24.063799] ================================================================== [ 24.071053] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.078628] Write of size 1 at addr ffff888107a520f0 by task kunit_try_catch/200 [ 24.086027] [ 24.087528] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 24.087536] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 24.087539] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 24.087542] Call Trace: [ 24.087543] <TASK> [ 24.087545] dump_stack_lvl+0x73/0xb0 [ 24.087549] print_report+0xd1/0x650 [ 24.087553] ? __virt_addr_valid+0x1db/0x2d0 [ 24.087557] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.087561] ? kasan_addr_to_slab+0x11/0xa0 [ 24.087565] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.087569] kasan_report+0x141/0x180 [ 24.087573] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.087579] __asan_report_store1_noabort+0x1b/0x30 [ 24.087582] krealloc_more_oob_helper+0x7eb/0x930 [ 24.087586] ? __schedule+0x10cc/0x2b60 [ 24.087591] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.087596] ? finish_task_switch.isra.0+0x153/0x700 [ 24.087599] ? __switch_to+0x544/0xf50 [ 24.087604] ? __schedule+0x10cc/0x2b60 [ 24.087609] krealloc_large_more_oob+0x1c/0x30 [ 24.087613] kunit_try_run_case+0x1a2/0x480 [ 24.087617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.087620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.087625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.087629] ? __kthread_parkme+0x82/0x180 [ 24.087632] ? preempt_count_sub+0x50/0x80 [ 24.087636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.087640] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.087644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.087649] kthread+0x334/0x6f0 [ 24.087652] ? trace_preempt_on+0x20/0xc0 [ 24.087656] ? __pfx_kthread+0x10/0x10 [ 24.087660] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.087664] ? calculate_sigpending+0x7b/0xa0 [ 24.087669] ? __pfx_kthread+0x10/0x10 [ 24.087672] ret_from_fork+0x113/0x1d0 [ 24.087675] ? __pfx_kthread+0x10/0x10 [ 24.087679] ret_from_fork_asm+0x1a/0x30 [ 24.087685] </TASK> [ 24.087686] [ 24.268309] The buggy address belongs to the physical page: [ 24.273882] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a50 [ 24.281883] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.289534] flags: 0x200000000000040(head|node=0|zone=2) [ 24.294848] page_type: f8(unknown) [ 24.298253] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.305995] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.313741] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.321566] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.329392] head: 0200000000000002 ffffea00041e9401 00000000ffffffff 00000000ffffffff [ 24.337245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.345071] page dumped because: kasan: bad access detected [ 24.350641] [ 24.352142] Memory state around the buggy address: [ 24.356936] ffff888107a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.364164] ffff888107a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.371390] >ffff888107a52080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.378636] ^ [ 24.385507] ffff888107a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.392728] ffff888107a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.399947] ================================================================== [ 23.716775] ================================================================== [ 23.727850] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.735428] Write of size 1 at addr ffff888107a520eb by task kunit_try_catch/200 [ 23.742825] [ 23.744325] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 23.744334] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 23.744336] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 23.744340] Call Trace: [ 23.744342] <TASK> [ 23.744343] dump_stack_lvl+0x73/0xb0 [ 23.744347] print_report+0xd1/0x650 [ 23.744369] ? __virt_addr_valid+0x1db/0x2d0 [ 23.744373] ? krealloc_more_oob_helper+0x821/0x930 [ 23.744378] ? kasan_addr_to_slab+0x11/0xa0 [ 23.744381] ? krealloc_more_oob_helper+0x821/0x930 [ 23.744386] kasan_report+0x141/0x180 [ 23.744390] ? krealloc_more_oob_helper+0x821/0x930 [ 23.744396] __asan_report_store1_noabort+0x1b/0x30 [ 23.744412] krealloc_more_oob_helper+0x821/0x930 [ 23.744416] ? __schedule+0x10cc/0x2b60 [ 23.744421] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.744425] ? finish_task_switch.isra.0+0x153/0x700 [ 23.744429] ? __switch_to+0x544/0xf50 [ 23.744434] ? __schedule+0x10cc/0x2b60 [ 23.744439] krealloc_large_more_oob+0x1c/0x30 [ 23.744443] kunit_try_run_case+0x1a2/0x480 [ 23.744447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.744450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.744455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.744459] ? __kthread_parkme+0x82/0x180 [ 23.744463] ? preempt_count_sub+0x50/0x80 [ 23.744467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.744471] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.744475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.744480] kthread+0x334/0x6f0 [ 23.744483] ? trace_preempt_on+0x20/0xc0 [ 23.744487] ? __pfx_kthread+0x10/0x10 [ 23.744491] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.744495] ? calculate_sigpending+0x7b/0xa0 [ 23.744499] ? __pfx_kthread+0x10/0x10 [ 23.744503] ret_from_fork+0x113/0x1d0 [ 23.744506] ? __pfx_kthread+0x10/0x10 [ 23.744510] ret_from_fork_asm+0x1a/0x30 [ 23.744516] </TASK> [ 23.744517] [ 23.925142] The buggy address belongs to the physical page: [ 23.930716] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a50 [ 23.938724] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.946424] flags: 0x200000000000040(head|node=0|zone=2) [ 23.951748] page_type: f8(unknown) [ 23.955156] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.962903] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.970644] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.978477] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.986302] head: 0200000000000002 ffffea00041e9401 00000000ffffffff 00000000ffffffff [ 23.994129] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.001954] page dumped because: kasan: bad access detected [ 24.007527] [ 24.009024] Memory state around the buggy address: [ 24.013820] ffff888107a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.021039] ffff888107a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.028256] >ffff888107a52080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.035475] ^ [ 24.042089] ffff888107a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.049308] ffff888107a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.056528] ================================================================== [ 20.747112] ================================================================== [ 20.757920] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 20.765496] Write of size 1 at addr ffff8881044764eb by task kunit_try_catch/196 [ 20.772897] [ 20.774436] CPU: 2 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 20.774445] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 20.774448] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.774451] Call Trace: [ 20.774453] <TASK> [ 20.774455] dump_stack_lvl+0x73/0xb0 [ 20.774459] print_report+0xd1/0x650 [ 20.774463] ? __virt_addr_valid+0x1db/0x2d0 [ 20.774467] ? krealloc_more_oob_helper+0x821/0x930 [ 20.774471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.774476] ? krealloc_more_oob_helper+0x821/0x930 [ 20.774480] kasan_report+0x141/0x180 [ 20.774484] ? krealloc_more_oob_helper+0x821/0x930 [ 20.774489] __asan_report_store1_noabort+0x1b/0x30 [ 20.774493] krealloc_more_oob_helper+0x821/0x930 [ 20.774497] ? __schedule+0x10cc/0x2b60 [ 20.774502] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 20.774506] ? finish_task_switch.isra.0+0x153/0x700 [ 20.774510] ? __switch_to+0x544/0xf50 [ 20.774515] ? __schedule+0x10cc/0x2b60 [ 20.774520] krealloc_more_oob+0x1c/0x30 [ 20.774524] kunit_try_run_case+0x1a2/0x480 [ 20.774528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.774531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.774536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.774541] ? __kthread_parkme+0x82/0x180 [ 20.774544] ? preempt_count_sub+0x50/0x80 [ 20.774548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.774552] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.774556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.774561] kthread+0x334/0x6f0 [ 20.774564] ? trace_preempt_on+0x20/0xc0 [ 20.774568] ? __pfx_kthread+0x10/0x10 [ 20.774572] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.774576] ? calculate_sigpending+0x7b/0xa0 [ 20.774580] ? __pfx_kthread+0x10/0x10 [ 20.774584] ret_from_fork+0x113/0x1d0 [ 20.774587] ? __pfx_kthread+0x10/0x10 [ 20.774591] ret_from_fork_asm+0x1a/0x30 [ 20.774597] </TASK> [ 20.774598] [ 20.956064] Allocated by task 196: [ 20.959470] kasan_save_stack+0x45/0x70 [ 20.963318] kasan_save_track+0x18/0x40 [ 20.967156] kasan_save_alloc_info+0x3b/0x50 [ 20.971446] __kasan_krealloc+0x190/0x1f0 [ 20.975459] krealloc_noprof+0xf3/0x340 [ 20.979298] krealloc_more_oob_helper+0x1a9/0x930 [ 20.984002] krealloc_more_oob+0x1c/0x30 [ 20.987928] kunit_try_run_case+0x1a2/0x480 [ 20.992117] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.997525] kthread+0x334/0x6f0 [ 21.000756] ret_from_fork+0x113/0x1d0 [ 21.004509] ret_from_fork_asm+0x1a/0x30 [ 21.008439] [ 21.009934] The buggy address belongs to the object at ffff888104476400 [ 21.009934] which belongs to the cache kmalloc-256 of size 256 [ 21.022450] The buggy address is located 0 bytes to the right of [ 21.022450] allocated 235-byte region [ffff888104476400, ffff8881044764eb) [ 21.035433] [ 21.036929] The buggy address belongs to the physical page: [ 21.042502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104476 [ 21.050512] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.058172] flags: 0x200000000000040(head|node=0|zone=2) [ 21.063485] page_type: f5(slab) [ 21.066632] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.074383] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.082170] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 21.089996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.097831] head: 0200000000000001 ffffea0004111d81 00000000ffffffff 00000000ffffffff [ 21.105658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.113491] page dumped because: kasan: bad access detected [ 21.119064] [ 21.120562] Memory state around the buggy address: [ 21.125396] ffff888104476380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.132654] ffff888104476400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.139880] >ffff888104476480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.147098] ^ [ 21.153711] ffff888104476500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.160930] ffff888104476580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.168150] ==================================================================