Hay
Date
June 5, 2025, 7:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   24.866296] ==================================================================
[   24.866430] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   24.866690] Write of size 1 at addr fff00000c19db6da by task kunit_try_catch/158
[   24.867039] 
[   24.867121] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.867349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.867435] Hardware name: linux,dummy-virt (DT)
[   24.867529] Call trace:
[   24.867589]  show_stack+0x20/0x38 (C)
[   24.867926]  dump_stack_lvl+0x8c/0xd0
[   24.868096]  print_report+0x118/0x608
[   24.868313]  kasan_report+0xdc/0x128
[   24.868612]  __asan_report_store1_noabort+0x20/0x30
[   24.868773]  krealloc_less_oob_helper+0xa80/0xc50
[   24.868914]  krealloc_less_oob+0x20/0x38
[   24.869098]  kunit_try_run_case+0x170/0x3f0
[   24.869234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.869502]  kthread+0x328/0x630
[   24.869842]  ret_from_fork+0x10/0x20
[   24.870109] 
[   24.870155] Allocated by task 158:
[   24.870263]  kasan_save_stack+0x3c/0x68
[   24.870434]  kasan_save_track+0x20/0x40
[   24.870530]  kasan_save_alloc_info+0x40/0x58
[   24.870632]  __kasan_krealloc+0x118/0x178
[   24.870757]  krealloc_noprof+0x128/0x360
[   24.870949]  krealloc_less_oob_helper+0x168/0xc50
[   24.871112]  krealloc_less_oob+0x20/0x38
[   24.871206]  kunit_try_run_case+0x170/0x3f0
[   24.871298]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.871429]  kthread+0x328/0x630
[   24.871526]  ret_from_fork+0x10/0x20
[   24.871630] 
[   24.871684] The buggy address belongs to the object at fff00000c19db600
[   24.871684]  which belongs to the cache kmalloc-256 of size 256
[   24.871847] The buggy address is located 17 bytes to the right of
[   24.871847]  allocated 201-byte region [fff00000c19db600, fff00000c19db6c9)
[   24.872112] 
[   24.872240] The buggy address belongs to the physical page:
[   24.872324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.872479] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.872602] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.872844] page_type: f5(slab)
[   24.873004] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.873222] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.873449] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.873574] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.873785] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.874149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.874294] page dumped because: kasan: bad access detected
[   24.874388] 
[   24.874436] Memory state around the buggy address:
[   24.874544]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.874756]  fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.875034] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.875272]                                                     ^
[   24.875991]  fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.876054]  fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.876101] ==================================================================
[   24.877908] ==================================================================
[   24.878007] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   24.878117] Write of size 1 at addr fff00000c19db6ea by task kunit_try_catch/158
[   24.878232] 
[   24.878298] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.878525] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.878589] Hardware name: linux,dummy-virt (DT)
[   24.878675] Call trace:
[   24.878814]  show_stack+0x20/0x38 (C)
[   24.879095]  dump_stack_lvl+0x8c/0xd0
[   24.879270]  print_report+0x118/0x608
[   24.880087]  kasan_report+0xdc/0x128
[   24.880282]  __asan_report_store1_noabort+0x20/0x30
[   24.880420]  krealloc_less_oob_helper+0xae4/0xc50
[   24.880487]  krealloc_less_oob+0x20/0x38
[   24.880550]  kunit_try_run_case+0x170/0x3f0
[   24.881913]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.882021]  kthread+0x328/0x630
[   24.882121]  ret_from_fork+0x10/0x20
[   24.882185] 
[   24.882207] Allocated by task 158:
[   24.882241]  kasan_save_stack+0x3c/0x68
[   24.882291]  kasan_save_track+0x20/0x40
[   24.882370]  kasan_save_alloc_info+0x40/0x58
[   24.882651]  __kasan_krealloc+0x118/0x178
[   24.882773]  krealloc_noprof+0x128/0x360
[   24.882885]  krealloc_less_oob_helper+0x168/0xc50
[   24.883051]  krealloc_less_oob+0x20/0x38
[   24.883194]  kunit_try_run_case+0x170/0x3f0
[   24.883667]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.883972]  kthread+0x328/0x630
[   24.884063]  ret_from_fork+0x10/0x20
[   24.885157] 
[   24.885208] The buggy address belongs to the object at fff00000c19db600
[   24.885208]  which belongs to the cache kmalloc-256 of size 256
[   24.885396] The buggy address is located 33 bytes to the right of
[   24.885396]  allocated 201-byte region [fff00000c19db600, fff00000c19db6c9)
[   24.885633] 
[   24.885690] The buggy address belongs to the physical page:
[   24.885844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.886012] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.886131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.886368] page_type: f5(slab)
[   24.886505] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.887047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.887223] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.887361] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.887483] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.888860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.889221] page dumped because: kasan: bad access detected
[   24.889312] 
[   24.889901] Memory state around the buggy address:
[   24.890201]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.890361]  fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.890880] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.891571]                                                           ^
[   24.891806]  fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.891949]  fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.892051] ==================================================================
[   24.962550] ==================================================================
[   24.962670] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   24.962800] Write of size 1 at addr fff00000c64660c9 by task kunit_try_catch/162
[   24.962920] 
[   24.962998] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.963194] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.963259] Hardware name: linux,dummy-virt (DT)
[   24.963458] Call trace:
[   24.963518]  show_stack+0x20/0x38 (C)
[   24.963644]  dump_stack_lvl+0x8c/0xd0
[   24.963772]  print_report+0x118/0x608
[   24.964988]  kasan_report+0xdc/0x128
[   24.966028]  __asan_report_store1_noabort+0x20/0x30
[   24.966440]  krealloc_less_oob_helper+0xa48/0xc50
[   24.966654]  krealloc_large_less_oob+0x20/0x38
[   24.966855]  kunit_try_run_case+0x170/0x3f0
[   24.966996]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.967225]  kthread+0x328/0x630
[   24.967369]  ret_from_fork+0x10/0x20
[   24.967496] 
[   24.967548] The buggy address belongs to the physical page:
[   24.967634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464
[   24.967862] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.967989] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.968142] page_type: f8(unknown)
[   24.968244] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.968400] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.968818] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.969065] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.969311] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff
[   24.969521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.969852] page dumped because: kasan: bad access detected
[   24.969970] 
[   24.970020] Memory state around the buggy address:
[   24.970092]  fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.970201]  fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.970433] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.970528]                                               ^
[   24.970647]  fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.970750]  fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.970890] ==================================================================
[   24.852732] ==================================================================
[   24.852843] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   24.852964] Write of size 1 at addr fff00000c19db6d0 by task kunit_try_catch/158
[   24.853092] 
[   24.853162] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.853549] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.853660] Hardware name: linux,dummy-virt (DT)
[   24.853772] Call trace:
[   24.853899]  show_stack+0x20/0x38 (C)
[   24.854037]  dump_stack_lvl+0x8c/0xd0
[   24.854346]  print_report+0x118/0x608
[   24.854482]  kasan_report+0xdc/0x128
[   24.854598]  __asan_report_store1_noabort+0x20/0x30
[   24.854747]  krealloc_less_oob_helper+0xb9c/0xc50
[   24.854873]  krealloc_less_oob+0x20/0x38
[   24.854992]  kunit_try_run_case+0x170/0x3f0
[   24.855116]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.855246]  kthread+0x328/0x630
[   24.855369]  ret_from_fork+0x10/0x20
[   24.855485] 
[   24.855528] Allocated by task 158:
[   24.855592]  kasan_save_stack+0x3c/0x68
[   24.855686]  kasan_save_track+0x20/0x40
[   24.855774]  kasan_save_alloc_info+0x40/0x58
[   24.856958]  __kasan_krealloc+0x118/0x178
[   24.857079]  krealloc_noprof+0x128/0x360
[   24.857297]  krealloc_less_oob_helper+0x168/0xc50
[   24.857572]  krealloc_less_oob+0x20/0x38
[   24.857666]  kunit_try_run_case+0x170/0x3f0
[   24.858673]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.858792]  kthread+0x328/0x630
[   24.858874]  ret_from_fork+0x10/0x20
[   24.859700] 
[   24.859784] The buggy address belongs to the object at fff00000c19db600
[   24.859784]  which belongs to the cache kmalloc-256 of size 256
[   24.860097] The buggy address is located 7 bytes to the right of
[   24.860097]  allocated 201-byte region [fff00000c19db600, fff00000c19db6c9)
[   24.860274] 
[   24.860742] The buggy address belongs to the physical page:
[   24.860964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.861270] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.861413] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.861535] page_type: f5(slab)
[   24.861619] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.861737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.861878] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.862155] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.862737] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.862867] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.862978] page dumped because: kasan: bad access detected
[   24.863237] 
[   24.863310] Memory state around the buggy address:
[   24.863413]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.863694]  fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.863975] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.864124]                                                  ^
[   24.864358]  fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.864471]  fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.864570] ==================================================================
[   24.986286] ==================================================================
[   24.986398] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   24.986503] Write of size 1 at addr fff00000c64660da by task kunit_try_catch/162
[   24.986650] 
[   24.986720] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.986914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.986978] Hardware name: linux,dummy-virt (DT)
[   24.987049] Call trace:
[   24.987096]  show_stack+0x20/0x38 (C)
[   24.987209]  dump_stack_lvl+0x8c/0xd0
[   24.987345]  print_report+0x118/0x608
[   24.987485]  kasan_report+0xdc/0x128
[   24.987619]  __asan_report_store1_noabort+0x20/0x30
[   24.987849]  krealloc_less_oob_helper+0xa80/0xc50
[   24.988002]  krealloc_large_less_oob+0x20/0x38
[   24.988143]  kunit_try_run_case+0x170/0x3f0
[   24.988315]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.988505]  kthread+0x328/0x630
[   24.988619]  ret_from_fork+0x10/0x20
[   24.988743] 
[   24.988789] The buggy address belongs to the physical page:
[   24.988879] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464
[   24.989150] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.989566] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.989709] page_type: f8(unknown)
[   24.989801] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.989920] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.990309] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.991720] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.991937] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff
[   24.992134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.992684] page dumped because: kasan: bad access detected
[   24.992795] 
[   24.992941] Memory state around the buggy address:
[   24.993053]  fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.993287]  fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.993418] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.993926]                                                     ^
[   24.994074]  fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.994624]  fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.995105] ==================================================================
[   24.838742] ==================================================================
[   24.838856] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   24.838965] Write of size 1 at addr fff00000c19db6c9 by task kunit_try_catch/158
[   24.839080] 
[   24.839145] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.839362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.839430] Hardware name: linux,dummy-virt (DT)
[   24.839507] Call trace:
[   24.839557]  show_stack+0x20/0x38 (C)
[   24.839670]  dump_stack_lvl+0x8c/0xd0
[   24.839797]  print_report+0x118/0x608
[   24.839996]  kasan_report+0xdc/0x128
[   24.840186]  __asan_report_store1_noabort+0x20/0x30
[   24.840347]  krealloc_less_oob_helper+0xa48/0xc50
[   24.840491]  krealloc_less_oob+0x20/0x38
[   24.841432]  kunit_try_run_case+0x170/0x3f0
[   24.841723]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.841875]  kthread+0x328/0x630
[   24.842207]  ret_from_fork+0x10/0x20
[   24.842349] 
[   24.842396] Allocated by task 158:
[   24.842463]  kasan_save_stack+0x3c/0x68
[   24.842559]  kasan_save_track+0x20/0x40
[   24.842668]  kasan_save_alloc_info+0x40/0x58
[   24.842785]  __kasan_krealloc+0x118/0x178
[   24.843122]  krealloc_noprof+0x128/0x360
[   24.843508]  krealloc_less_oob_helper+0x168/0xc50
[   24.843806]  krealloc_less_oob+0x20/0x38
[   24.844009]  kunit_try_run_case+0x170/0x3f0
[   24.844569]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.844688]  kthread+0x328/0x630
[   24.845039]  ret_from_fork+0x10/0x20
[   24.845146] 
[   24.845257] The buggy address belongs to the object at fff00000c19db600
[   24.845257]  which belongs to the cache kmalloc-256 of size 256
[   24.845463] The buggy address is located 0 bytes to the right of
[   24.845463]  allocated 201-byte region [fff00000c19db600, fff00000c19db6c9)
[   24.845638] 
[   24.845684] The buggy address belongs to the physical page:
[   24.845755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.846203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.846364] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.846497] page_type: f5(slab)
[   24.846585] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.846703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.847722] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.848434] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.848784] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.848995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.849102] page dumped because: kasan: bad access detected
[   24.849182] 
[   24.849239] Memory state around the buggy address:
[   24.849361]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.849507]  fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.849801] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.849898]                                               ^
[   24.850014]  fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.850131]  fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.850300] ==================================================================
[   24.972671] ==================================================================
[   24.972777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   24.972880] Write of size 1 at addr fff00000c64660d0 by task kunit_try_catch/162
[   24.972997] 
[   24.973058] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.973251] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.973347] Hardware name: linux,dummy-virt (DT)
[   24.973426] Call trace:
[   24.975969]  show_stack+0x20/0x38 (C)
[   24.976633]  dump_stack_lvl+0x8c/0xd0
[   24.976758]  print_report+0x118/0x608
[   24.978105]  kasan_report+0xdc/0x128
[   24.978399]  __asan_report_store1_noabort+0x20/0x30
[   24.979302]  krealloc_less_oob_helper+0xb9c/0xc50
[   24.980056]  krealloc_large_less_oob+0x20/0x38
[   24.980209]  kunit_try_run_case+0x170/0x3f0
[   24.980763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.981024]  kthread+0x328/0x630
[   24.981720]  ret_from_fork+0x10/0x20
[   24.981904] 
[   24.981962] The buggy address belongs to the physical page:
[   24.982135] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464
[   24.982267] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.982402] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.982524] page_type: f8(unknown)
[   24.982613] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.982729] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.982845] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.982962] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.983083] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff
[   24.983226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.983426] page dumped because: kasan: bad access detected
[   24.983509] 
[   24.983553] Memory state around the buggy address:
[   24.983629]  fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.983925]  fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.984074] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.984204]                                                  ^
[   24.984311]  fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.984452]  fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.984555] ==================================================================
[   24.893423] ==================================================================
[   24.893519] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   24.893625] Write of size 1 at addr fff00000c19db6eb by task kunit_try_catch/158
[   24.893740] 
[   24.893804] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.894001] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.894064] Hardware name: linux,dummy-virt (DT)
[   24.894137] Call trace:
[   24.894186]  show_stack+0x20/0x38 (C)
[   24.894295]  dump_stack_lvl+0x8c/0xd0
[   24.894449]  print_report+0x118/0x608
[   24.895288]  kasan_report+0xdc/0x128
[   24.895536]  __asan_report_store1_noabort+0x20/0x30
[   24.895781]  krealloc_less_oob_helper+0xa58/0xc50
[   24.895994]  krealloc_less_oob+0x20/0x38
[   24.896078]  kunit_try_run_case+0x170/0x3f0
[   24.896139]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.896251]  kthread+0x328/0x630
[   24.896324]  ret_from_fork+0x10/0x20
[   24.896561] 
[   24.896753] Allocated by task 158:
[   24.896988]  kasan_save_stack+0x3c/0x68
[   24.897087]  kasan_save_track+0x20/0x40
[   24.897191]  kasan_save_alloc_info+0x40/0x58
[   24.897308]  __kasan_krealloc+0x118/0x178
[   24.897424]  krealloc_noprof+0x128/0x360
[   24.899170]  krealloc_less_oob_helper+0x168/0xc50
[   24.900042]  krealloc_less_oob+0x20/0x38
[   24.900165]  kunit_try_run_case+0x170/0x3f0
[   24.900316]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.900450]  kthread+0x328/0x630
[   24.900532]  ret_from_fork+0x10/0x20
[   24.900698] 
[   24.900776] The buggy address belongs to the object at fff00000c19db600
[   24.900776]  which belongs to the cache kmalloc-256 of size 256
[   24.900915] The buggy address is located 34 bytes to the right of
[   24.900915]  allocated 201-byte region [fff00000c19db600, fff00000c19db6c9)
[   24.901068] 
[   24.901143] The buggy address belongs to the physical page:
[   24.901217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.901367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.901512] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.901659] page_type: f5(slab)
[   24.901768] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.901887] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.902003] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.902118] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.902239] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.903220] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.903352] page dumped because: kasan: bad access detected
[   24.903689] 
[   24.903804] Memory state around the buggy address:
[   24.904309]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.904473]  fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.905077] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.905555]                                                           ^
[   24.906073]  fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.906224]  fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.906646] ==================================================================
[   25.003005] ==================================================================
[   25.003228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   25.003350] Write of size 1 at addr fff00000c64660ea by task kunit_try_catch/162
[   25.003472] 
[   25.003538] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   25.003728] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.003790] Hardware name: linux,dummy-virt (DT)
[   25.003877] Call trace:
[   25.003927]  show_stack+0x20/0x38 (C)
[   25.004042]  dump_stack_lvl+0x8c/0xd0
[   25.004153]  print_report+0x118/0x608
[   25.004264]  kasan_report+0xdc/0x128
[   25.010235]  __asan_report_store1_noabort+0x20/0x30
[   25.010641]  krealloc_less_oob_helper+0xae4/0xc50
[   25.013160]  krealloc_large_less_oob+0x20/0x38
[   25.013298]  kunit_try_run_case+0x170/0x3f0
[   25.013445]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.016934]  kthread+0x328/0x630
[   25.018151]  ret_from_fork+0x10/0x20
[   25.018280] 
[   25.018346] The buggy address belongs to the physical page:
[   25.018421] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464
[   25.018544] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.018655] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   25.018781] page_type: f8(unknown)
[   25.018871] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.022446] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.022581] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.022720] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.022852] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff
[   25.022927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.022979] page dumped because: kasan: bad access detected
[   25.023019] 
[   25.023041] Memory state around the buggy address:
[   25.023079]  fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.023133]  fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.023184] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.023231]                                                           ^
[   25.023279]  fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.023358]  fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.023457] ==================================================================
[   25.024883] ==================================================================
[   25.025012] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   25.025213] Write of size 1 at addr fff00000c64660eb by task kunit_try_catch/162
[   25.025442] 
[   25.025663] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   25.026023] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.026098] Hardware name: linux,dummy-virt (DT)
[   25.026313] Call trace:
[   25.026390]  show_stack+0x20/0x38 (C)
[   25.026663]  dump_stack_lvl+0x8c/0xd0
[   25.027000]  print_report+0x118/0x608
[   25.027502]  kasan_report+0xdc/0x128
[   25.027622]  __asan_report_store1_noabort+0x20/0x30
[   25.027745]  krealloc_less_oob_helper+0xa58/0xc50
[   25.027879]  krealloc_large_less_oob+0x20/0x38
[   25.027999]  kunit_try_run_case+0x170/0x3f0
[   25.028115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.028241]  kthread+0x328/0x630
[   25.028359]  ret_from_fork+0x10/0x20
[   25.028475] 
[   25.028520] The buggy address belongs to the physical page:
[   25.028589] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464
[   25.028709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.028819] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   25.028935] page_type: f8(unknown)
[   25.029022] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.029139] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.029254] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.031435] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.031881] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff
[   25.032195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.032719] page dumped because: kasan: bad access detected
[   25.032833] 
[   25.033137] Memory state around the buggy address:
[   25.033452]  fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.033618]  fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.033725] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.034319]                                                           ^
[   25.034653]  fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.035048]  fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.035368] ==================================================================


[   11.091904] ==================================================================
[   11.092279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.092596] Write of size 1 at addr ffff888100a27eda by task kunit_try_catch/175
[   11.092888] 
[   11.092982] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.093023] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.093034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.093057] Call Trace:
[   11.093072]  <TASK>
[   11.093085]  dump_stack_lvl+0x73/0xb0
[   11.093110]  print_report+0xd1/0x650
[   11.093132]  ? __virt_addr_valid+0x1db/0x2d0
[   11.093155]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.093179]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.093201]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.093226]  kasan_report+0x141/0x180
[   11.093247]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.093276]  __asan_report_store1_noabort+0x1b/0x30
[   11.093297]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.093322]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.093346]  ? finish_task_switch.isra.0+0x153/0x700
[   11.093367]  ? __switch_to+0x47/0xf50
[   11.093392]  ? __schedule+0x10cc/0x2b60
[   11.093414]  ? __pfx_read_tsc+0x10/0x10
[   11.093438]  krealloc_less_oob+0x1c/0x30
[   11.093459]  kunit_try_run_case+0x1a5/0x480
[   11.093480]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.093499]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.093523]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.093547]  ? __kthread_parkme+0x82/0x180
[   11.093566]  ? preempt_count_sub+0x50/0x80
[   11.093588]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.093608]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.093632]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.093655]  kthread+0x337/0x6f0
[   11.093732]  ? trace_preempt_on+0x20/0xc0
[   11.093754]  ? __pfx_kthread+0x10/0x10
[   11.093774]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.093796]  ? calculate_sigpending+0x7b/0xa0
[   11.093820]  ? __pfx_kthread+0x10/0x10
[   11.093841]  ret_from_fork+0x116/0x1d0
[   11.093858]  ? __pfx_kthread+0x10/0x10
[   11.093878]  ret_from_fork_asm+0x1a/0x30
[   11.093917]  </TASK>
[   11.093927] 
[   11.101325] Allocated by task 175:
[   11.101505]  kasan_save_stack+0x45/0x70
[   11.101704]  kasan_save_track+0x18/0x40
[   11.101984]  kasan_save_alloc_info+0x3b/0x50
[   11.102181]  __kasan_krealloc+0x190/0x1f0
[   11.102383]  krealloc_noprof+0xf3/0x340
[   11.102517]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.102703]  krealloc_less_oob+0x1c/0x30
[   11.102917]  kunit_try_run_case+0x1a5/0x480
[   11.103166]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.103363]  kthread+0x337/0x6f0
[   11.103481]  ret_from_fork+0x116/0x1d0
[   11.103611]  ret_from_fork_asm+0x1a/0x30
[   11.103745] 
[   11.103827] The buggy address belongs to the object at ffff888100a27e00
[   11.103827]  which belongs to the cache kmalloc-256 of size 256
[   11.104376] The buggy address is located 17 bytes to the right of
[   11.104376]  allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9)
[   11.105231] 
[   11.105346] The buggy address belongs to the physical page:
[   11.105575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26
[   11.105933] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.106160] flags: 0x200000000000040(head|node=0|zone=2)
[   11.106390] page_type: f5(slab)
[   11.106662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.107011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.107281] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.107511] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.107887] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff
[   11.108238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.108682] page dumped because: kasan: bad access detected
[   11.108847] 
[   11.109222] Memory state around the buggy address:
[   11.109464]  ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.110289]  ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.110636] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.111202]                                                     ^
[   11.111543]  ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.112175]  ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.112477] ==================================================================
[   11.278392] ==================================================================
[   11.278719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.279140] Write of size 1 at addr ffff888102c2e0ea by task kunit_try_catch/179
[   11.279487] 
[   11.279581] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.279641] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.279652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.279692] Call Trace:
[   11.279705]  <TASK>
[   11.279718]  dump_stack_lvl+0x73/0xb0
[   11.279757]  print_report+0xd1/0x650
[   11.279778]  ? __virt_addr_valid+0x1db/0x2d0
[   11.279801]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.279823]  ? kasan_addr_to_slab+0x11/0xa0
[   11.279843]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.279867]  kasan_report+0x141/0x180
[   11.279888]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.279924]  __asan_report_store1_noabort+0x1b/0x30
[   11.280008]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.280054]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.280079]  ? finish_task_switch.isra.0+0x153/0x700
[   11.280102]  ? __switch_to+0x47/0xf50
[   11.280126]  ? __schedule+0x10cc/0x2b60
[   11.280148]  ? __pfx_read_tsc+0x10/0x10
[   11.280171]  krealloc_large_less_oob+0x1c/0x30
[   11.280210]  kunit_try_run_case+0x1a5/0x480
[   11.280231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.280250]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.280289]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.280312]  ? __kthread_parkme+0x82/0x180
[   11.280344]  ? preempt_count_sub+0x50/0x80
[   11.280367]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.280400]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.280424]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.280460]  kthread+0x337/0x6f0
[   11.280479]  ? trace_preempt_on+0x20/0xc0
[   11.280501]  ? __pfx_kthread+0x10/0x10
[   11.280520]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.280541]  ? calculate_sigpending+0x7b/0xa0
[   11.280565]  ? __pfx_kthread+0x10/0x10
[   11.280585]  ret_from_fork+0x116/0x1d0
[   11.280603]  ? __pfx_kthread+0x10/0x10
[   11.280622]  ret_from_fork_asm+0x1a/0x30
[   11.280669]  </TASK>
[   11.280679] 
[   11.288498] The buggy address belongs to the physical page:
[   11.288786] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c
[   11.289064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.289338] flags: 0x200000000000040(head|node=0|zone=2)
[   11.289591] page_type: f8(unknown)
[   11.289767] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.290356] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.290588] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.291098] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.291471] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff
[   11.291774] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.292228] page dumped because: kasan: bad access detected
[   11.292462] 
[   11.292555] Memory state around the buggy address:
[   11.292719]  ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.293176]  ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.293495] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.293758]                                                           ^
[   11.294054]  ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.294365]  ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.294647] ==================================================================
[   11.056803] ==================================================================
[   11.057619] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.058794] Write of size 1 at addr ffff888100a27ed0 by task kunit_try_catch/175
[   11.059762] 
[   11.060056] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.060136] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.060148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.060169] Call Trace:
[   11.060180]  <TASK>
[   11.060205]  dump_stack_lvl+0x73/0xb0
[   11.060232]  print_report+0xd1/0x650
[   11.060254]  ? __virt_addr_valid+0x1db/0x2d0
[   11.060276]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.060299]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.060321]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.060345]  kasan_report+0x141/0x180
[   11.060366]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.060394]  __asan_report_store1_noabort+0x1b/0x30
[   11.060415]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.060440]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.060464]  ? finish_task_switch.isra.0+0x153/0x700
[   11.060485]  ? __switch_to+0x47/0xf50
[   11.060510]  ? __schedule+0x10cc/0x2b60
[   11.060533]  ? __pfx_read_tsc+0x10/0x10
[   11.060556]  krealloc_less_oob+0x1c/0x30
[   11.060577]  kunit_try_run_case+0x1a5/0x480
[   11.060598]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.060617]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.060641]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.060664]  ? __kthread_parkme+0x82/0x180
[   11.060683]  ? preempt_count_sub+0x50/0x80
[   11.060705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.060725]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.060749]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.060773]  kthread+0x337/0x6f0
[   11.060791]  ? trace_preempt_on+0x20/0xc0
[   11.060813]  ? __pfx_kthread+0x10/0x10
[   11.060833]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.060855]  ? calculate_sigpending+0x7b/0xa0
[   11.060877]  ? __pfx_kthread+0x10/0x10
[   11.060909]  ret_from_fork+0x116/0x1d0
[   11.060927]  ? __pfx_kthread+0x10/0x10
[   11.060962]  ret_from_fork_asm+0x1a/0x30
[   11.060992]  </TASK>
[   11.061002] 
[   11.074936] Allocated by task 175:
[   11.075314]  kasan_save_stack+0x45/0x70
[   11.075808]  kasan_save_track+0x18/0x40
[   11.076280]  kasan_save_alloc_info+0x3b/0x50
[   11.076739]  __kasan_krealloc+0x190/0x1f0
[   11.077243]  krealloc_noprof+0xf3/0x340
[   11.077389]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.077551]  krealloc_less_oob+0x1c/0x30
[   11.077790]  kunit_try_run_case+0x1a5/0x480
[   11.078079]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.078279]  kthread+0x337/0x6f0
[   11.078402]  ret_from_fork+0x116/0x1d0
[   11.078533]  ret_from_fork_asm+0x1a/0x30
[   11.078670] 
[   11.078743] The buggy address belongs to the object at ffff888100a27e00
[   11.078743]  which belongs to the cache kmalloc-256 of size 256
[   11.079119] The buggy address is located 7 bytes to the right of
[   11.079119]  allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9)
[   11.080274] 
[   11.080478] The buggy address belongs to the physical page:
[   11.080962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26
[   11.081480] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.082270] flags: 0x200000000000040(head|node=0|zone=2)
[   11.082619] page_type: f5(slab)
[   11.083005] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.083561] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.084205] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.084683] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.085263] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff
[   11.085774] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.086382] page dumped because: kasan: bad access detected
[   11.086621] 
[   11.086874] Memory state around the buggy address:
[   11.087525]  ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.088006]  ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.088440] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.088864]                                                  ^
[   11.089416]  ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.089905]  ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.090499] ==================================================================
[   11.295030] ==================================================================
[   11.295298] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.295580] Write of size 1 at addr ffff888102c2e0eb by task kunit_try_catch/179
[   11.295821] 
[   11.296178] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.296224] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.296234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.296253] Call Trace:
[   11.296265]  <TASK>
[   11.296278]  dump_stack_lvl+0x73/0xb0
[   11.296301]  print_report+0xd1/0x650
[   11.296343]  ? __virt_addr_valid+0x1db/0x2d0
[   11.296365]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.296388]  ? kasan_addr_to_slab+0x11/0xa0
[   11.296408]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.296431]  kasan_report+0x141/0x180
[   11.296452]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.296480]  __asan_report_store1_noabort+0x1b/0x30
[   11.296500]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.296525]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.296548]  ? finish_task_switch.isra.0+0x153/0x700
[   11.296571]  ? __switch_to+0x47/0xf50
[   11.296595]  ? __schedule+0x10cc/0x2b60
[   11.296637]  ? __pfx_read_tsc+0x10/0x10
[   11.296660]  krealloc_large_less_oob+0x1c/0x30
[   11.296682]  kunit_try_run_case+0x1a5/0x480
[   11.296702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.296721]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.296744]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.296768]  ? __kthread_parkme+0x82/0x180
[   11.296786]  ? preempt_count_sub+0x50/0x80
[   11.296809]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.296829]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.296852]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.296875]  kthread+0x337/0x6f0
[   11.296902]  ? trace_preempt_on+0x20/0xc0
[   11.296924]  ? __pfx_kthread+0x10/0x10
[   11.297004]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.297026]  ? calculate_sigpending+0x7b/0xa0
[   11.297054]  ? __pfx_kthread+0x10/0x10
[   11.297074]  ret_from_fork+0x116/0x1d0
[   11.297092]  ? __pfx_kthread+0x10/0x10
[   11.297134]  ret_from_fork_asm+0x1a/0x30
[   11.297163]  </TASK>
[   11.297173] 
[   11.305398] The buggy address belongs to the physical page:
[   11.305644] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c
[   11.306247] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.306596] flags: 0x200000000000040(head|node=0|zone=2)
[   11.306859] page_type: f8(unknown)
[   11.307113] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.307382] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.307784] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.308181] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.308522] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff
[   11.308884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.309271] page dumped because: kasan: bad access detected
[   11.309526] 
[   11.309636] Memory state around the buggy address:
[   11.309827]  ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.310277]  ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.310556] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.311115]                                                           ^
[   11.311416]  ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.311728]  ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.312162] ==================================================================
[   11.113336] ==================================================================
[   11.114052] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.114376] Write of size 1 at addr ffff888100a27eea by task kunit_try_catch/175
[   11.114856] 
[   11.115251] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.115300] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.115312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.115332] Call Trace:
[   11.115345]  <TASK>
[   11.115358]  dump_stack_lvl+0x73/0xb0
[   11.115418]  print_report+0xd1/0x650
[   11.115441]  ? __virt_addr_valid+0x1db/0x2d0
[   11.115463]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115487]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.115509]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115533]  kasan_report+0x141/0x180
[   11.115555]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115582]  __asan_report_store1_noabort+0x1b/0x30
[   11.115602]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.115627]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.115651]  ? finish_task_switch.isra.0+0x153/0x700
[   11.115673]  ? __switch_to+0x47/0xf50
[   11.115697]  ? __schedule+0x10cc/0x2b60
[   11.115720]  ? __pfx_read_tsc+0x10/0x10
[   11.115742]  krealloc_less_oob+0x1c/0x30
[   11.115763]  kunit_try_run_case+0x1a5/0x480
[   11.115783]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.115802]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.115825]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.115848]  ? __kthread_parkme+0x82/0x180
[   11.115867]  ? preempt_count_sub+0x50/0x80
[   11.115888]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.115918]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.115992]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.116018]  kthread+0x337/0x6f0
[   11.116037]  ? trace_preempt_on+0x20/0xc0
[   11.116059]  ? __pfx_kthread+0x10/0x10
[   11.116078]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.116100]  ? calculate_sigpending+0x7b/0xa0
[   11.116123]  ? __pfx_kthread+0x10/0x10
[   11.116143]  ret_from_fork+0x116/0x1d0
[   11.116161]  ? __pfx_kthread+0x10/0x10
[   11.116181]  ret_from_fork_asm+0x1a/0x30
[   11.116209]  </TASK>
[   11.116219] 
[   11.124589] Allocated by task 175:
[   11.124928]  kasan_save_stack+0x45/0x70
[   11.125126]  kasan_save_track+0x18/0x40
[   11.125380]  kasan_save_alloc_info+0x3b/0x50
[   11.125572]  __kasan_krealloc+0x190/0x1f0
[   11.125754]  krealloc_noprof+0xf3/0x340
[   11.125945]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.126136]  krealloc_less_oob+0x1c/0x30
[   11.126330]  kunit_try_run_case+0x1a5/0x480
[   11.126533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.126905]  kthread+0x337/0x6f0
[   11.127033]  ret_from_fork+0x116/0x1d0
[   11.127166]  ret_from_fork_asm+0x1a/0x30
[   11.127305] 
[   11.127375] The buggy address belongs to the object at ffff888100a27e00
[   11.127375]  which belongs to the cache kmalloc-256 of size 256
[   11.127861] The buggy address is located 33 bytes to the right of
[   11.127861]  allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9)
[   11.128466] 
[   11.128537] The buggy address belongs to the physical page:
[   11.128914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26
[   11.129216] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.129440] flags: 0x200000000000040(head|node=0|zone=2)
[   11.129829] page_type: f5(slab)
[   11.130147] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.130489] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.131124] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.131418] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.131653] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff
[   11.131890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.132425] page dumped because: kasan: bad access detected
[   11.132677] 
[   11.132816] Memory state around the buggy address:
[   11.133013]  ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.133262]  ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.133473] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.134031]                                                           ^
[   11.134340]  ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.134615]  ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.134864] ==================================================================
[   11.241330] ==================================================================
[   11.241828] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.242190] Write of size 1 at addr ffff888102c2e0d0 by task kunit_try_catch/179
[   11.242472] 
[   11.242582] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.242625] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.242636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.242655] Call Trace:
[   11.242667]  <TASK>
[   11.242679]  dump_stack_lvl+0x73/0xb0
[   11.242702]  print_report+0xd1/0x650
[   11.242723]  ? __virt_addr_valid+0x1db/0x2d0
[   11.242745]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.242768]  ? kasan_addr_to_slab+0x11/0xa0
[   11.242789]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.242812]  kasan_report+0x141/0x180
[   11.242833]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.242861]  __asan_report_store1_noabort+0x1b/0x30
[   11.242882]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.242919]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.242942]  ? finish_task_switch.isra.0+0x153/0x700
[   11.242966]  ? __switch_to+0x47/0xf50
[   11.242989]  ? __schedule+0x10cc/0x2b60
[   11.243011]  ? __pfx_read_tsc+0x10/0x10
[   11.243034]  krealloc_large_less_oob+0x1c/0x30
[   11.243056]  kunit_try_run_case+0x1a5/0x480
[   11.243076]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.243106]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.243130]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.243153]  ? __kthread_parkme+0x82/0x180
[   11.243172]  ? preempt_count_sub+0x50/0x80
[   11.243195]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.243215]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.243238]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.243261]  kthread+0x337/0x6f0
[   11.243279]  ? trace_preempt_on+0x20/0xc0
[   11.243302]  ? __pfx_kthread+0x10/0x10
[   11.243322]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.243343]  ? calculate_sigpending+0x7b/0xa0
[   11.243366]  ? __pfx_kthread+0x10/0x10
[   11.243387]  ret_from_fork+0x116/0x1d0
[   11.243404]  ? __pfx_kthread+0x10/0x10
[   11.243424]  ret_from_fork_asm+0x1a/0x30
[   11.243453]  </TASK>
[   11.243462] 
[   11.250666] The buggy address belongs to the physical page:
[   11.250944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c
[   11.251308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.251646] flags: 0x200000000000040(head|node=0|zone=2)
[   11.251846] page_type: f8(unknown)
[   11.252023] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.252546] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.252851] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.253388] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.253740] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff
[   11.254088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.254317] page dumped because: kasan: bad access detected
[   11.254486] 
[   11.254553] Memory state around the buggy address:
[   11.254747]  ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.255078]  ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.255389] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.255740]                                                  ^
[   11.256007]  ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.256241]  ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.256452] ==================================================================
[   11.135327] ==================================================================
[   11.135651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.136229] Write of size 1 at addr ffff888100a27eeb by task kunit_try_catch/175
[   11.136509] 
[   11.136615] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.136654] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.136665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.136683] Call Trace:
[   11.136695]  <TASK>
[   11.136706]  dump_stack_lvl+0x73/0xb0
[   11.136730]  print_report+0xd1/0x650
[   11.136752]  ? __virt_addr_valid+0x1db/0x2d0
[   11.136773]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.136796]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.136817]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.136840]  kasan_report+0x141/0x180
[   11.136861]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.136889]  __asan_report_store1_noabort+0x1b/0x30
[   11.136985]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.137011]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.137035]  ? finish_task_switch.isra.0+0x153/0x700
[   11.137065]  ? __switch_to+0x47/0xf50
[   11.137089]  ? __schedule+0x10cc/0x2b60
[   11.137111]  ? __pfx_read_tsc+0x10/0x10
[   11.137134]  krealloc_less_oob+0x1c/0x30
[   11.137156]  kunit_try_run_case+0x1a5/0x480
[   11.137176]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.137196]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.137219]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.137242]  ? __kthread_parkme+0x82/0x180
[   11.137262]  ? preempt_count_sub+0x50/0x80
[   11.137283]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.137304]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.137327]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.137350]  kthread+0x337/0x6f0
[   11.137369]  ? trace_preempt_on+0x20/0xc0
[   11.137390]  ? __pfx_kthread+0x10/0x10
[   11.137410]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.137431]  ? calculate_sigpending+0x7b/0xa0
[   11.137454]  ? __pfx_kthread+0x10/0x10
[   11.137474]  ret_from_fork+0x116/0x1d0
[   11.137492]  ? __pfx_kthread+0x10/0x10
[   11.137511]  ret_from_fork_asm+0x1a/0x30
[   11.137540]  </TASK>
[   11.137550] 
[   11.151140] Allocated by task 175:
[   11.151329]  kasan_save_stack+0x45/0x70
[   11.151669]  kasan_save_track+0x18/0x40
[   11.152010]  kasan_save_alloc_info+0x3b/0x50
[   11.152177]  __kasan_krealloc+0x190/0x1f0
[   11.152645]  krealloc_noprof+0xf3/0x340
[   11.152941]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.153460]  krealloc_less_oob+0x1c/0x30
[   11.153680]  kunit_try_run_case+0x1a5/0x480
[   11.153877]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.154348]  kthread+0x337/0x6f0
[   11.154682]  ret_from_fork+0x116/0x1d0
[   11.155053]  ret_from_fork_asm+0x1a/0x30
[   11.155235] 
[   11.155511] The buggy address belongs to the object at ffff888100a27e00
[   11.155511]  which belongs to the cache kmalloc-256 of size 256
[   11.156370] The buggy address is located 34 bytes to the right of
[   11.156370]  allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9)
[   11.157240] 
[   11.157356] The buggy address belongs to the physical page:
[   11.157597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26
[   11.158582] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.159074] flags: 0x200000000000040(head|node=0|zone=2)
[   11.159339] page_type: f5(slab)
[   11.159513] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.160183] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.160588] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.161284] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.161676] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff
[   11.162222] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.162573] page dumped because: kasan: bad access detected
[   11.163292] 
[   11.163395] Memory state around the buggy address:
[   11.163588]  ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.164263]  ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.164638] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.165121]                                                           ^
[   11.165427]  ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.166035]  ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.166318] ==================================================================
[   11.019120] ==================================================================
[   11.020467] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.020906] Write of size 1 at addr ffff888100a27ec9 by task kunit_try_catch/175
[   11.021135] 
[   11.021219] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.021290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.021301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.021321] Call Trace:
[   11.021450]  <TASK>
[   11.021469]  dump_stack_lvl+0x73/0xb0
[   11.021499]  print_report+0xd1/0x650
[   11.021520]  ? __virt_addr_valid+0x1db/0x2d0
[   11.021543]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.021566]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.021591]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.021921]  kasan_report+0x141/0x180
[   11.021975]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.022003]  __asan_report_store1_noabort+0x1b/0x30
[   11.022023]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.022048]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.022071]  ? finish_task_switch.isra.0+0x153/0x700
[   11.022094]  ? __switch_to+0x47/0xf50
[   11.022120]  ? __schedule+0x10cc/0x2b60
[   11.022143]  ? __pfx_read_tsc+0x10/0x10
[   11.022166]  krealloc_less_oob+0x1c/0x30
[   11.022187]  kunit_try_run_case+0x1a5/0x480
[   11.022207]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.022226]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.022249]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.022273]  ? __kthread_parkme+0x82/0x180
[   11.022292]  ? preempt_count_sub+0x50/0x80
[   11.022314]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.022334]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.022358]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.022382]  kthread+0x337/0x6f0
[   11.022400]  ? trace_preempt_on+0x20/0xc0
[   11.022423]  ? __pfx_kthread+0x10/0x10
[   11.022442]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.022464]  ? calculate_sigpending+0x7b/0xa0
[   11.022487]  ? __pfx_kthread+0x10/0x10
[   11.022507]  ret_from_fork+0x116/0x1d0
[   11.022525]  ? __pfx_kthread+0x10/0x10
[   11.022544]  ret_from_fork_asm+0x1a/0x30
[   11.022573]  </TASK>
[   11.022583] 
[   11.037738] Allocated by task 175:
[   11.037874]  kasan_save_stack+0x45/0x70
[   11.038317]  kasan_save_track+0x18/0x40
[   11.038778]  kasan_save_alloc_info+0x3b/0x50
[   11.039370]  __kasan_krealloc+0x190/0x1f0
[   11.039916]  krealloc_noprof+0xf3/0x340
[   11.040341]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.040510]  krealloc_less_oob+0x1c/0x30
[   11.040925]  kunit_try_run_case+0x1a5/0x480
[   11.041562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.042300]  kthread+0x337/0x6f0
[   11.042757]  ret_from_fork+0x116/0x1d0
[   11.042906]  ret_from_fork_asm+0x1a/0x30
[   11.043502] 
[   11.043808] The buggy address belongs to the object at ffff888100a27e00
[   11.043808]  which belongs to the cache kmalloc-256 of size 256
[   11.044411] The buggy address is located 0 bytes to the right of
[   11.044411]  allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9)
[   11.044765] 
[   11.044834] The buggy address belongs to the physical page:
[   11.045280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26
[   11.046172] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.046860] flags: 0x200000000000040(head|node=0|zone=2)
[   11.047439] page_type: f5(slab)
[   11.047782] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.048481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.048936] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.049804] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.050333] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff
[   11.050562] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.051240] page dumped because: kasan: bad access detected
[   11.051792] 
[   11.051961] Memory state around the buggy address:
[   11.052539]  ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.053429]  ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.053663] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.054455]                                               ^
[   11.055088]  ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.055562]  ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.055884] ==================================================================
[   11.256861] ==================================================================
[   11.257661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.258048] Write of size 1 at addr ffff888102c2e0da by task kunit_try_catch/179
[   11.258342] 
[   11.258450] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.258489] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.258500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.258518] Call Trace:
[   11.258531]  <TASK>
[   11.258544]  dump_stack_lvl+0x73/0xb0
[   11.258567]  print_report+0xd1/0x650
[   11.258588]  ? __virt_addr_valid+0x1db/0x2d0
[   11.258610]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.258642]  ? kasan_addr_to_slab+0x11/0xa0
[   11.258662]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.258686]  kasan_report+0x141/0x180
[   11.258707]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.258734]  __asan_report_store1_noabort+0x1b/0x30
[   11.258754]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.258779]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.258802]  ? finish_task_switch.isra.0+0x153/0x700
[   11.258825]  ? __switch_to+0x47/0xf50
[   11.258849]  ? __schedule+0x10cc/0x2b60
[   11.258871]  ? __pfx_read_tsc+0x10/0x10
[   11.258906]  krealloc_large_less_oob+0x1c/0x30
[   11.258928]  kunit_try_run_case+0x1a5/0x480
[   11.258994]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.259014]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.259037]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.259060]  ? __kthread_parkme+0x82/0x180
[   11.259079]  ? preempt_count_sub+0x50/0x80
[   11.259102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.259122]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.259145]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.259169]  kthread+0x337/0x6f0
[   11.259187]  ? trace_preempt_on+0x20/0xc0
[   11.259208]  ? __pfx_kthread+0x10/0x10
[   11.259228]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.259249]  ? calculate_sigpending+0x7b/0xa0
[   11.259272]  ? __pfx_kthread+0x10/0x10
[   11.259292]  ret_from_fork+0x116/0x1d0
[   11.259310]  ? __pfx_kthread+0x10/0x10
[   11.259331]  ret_from_fork_asm+0x1a/0x30
[   11.259360]  </TASK>
[   11.259370] 
[   11.270794] The buggy address belongs to the physical page:
[   11.271219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c
[   11.271678] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.272135] flags: 0x200000000000040(head|node=0|zone=2)
[   11.272452] page_type: f8(unknown)
[   11.272689] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.273132] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.273735] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.274158] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.274496] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff
[   11.274865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.275258] page dumped because: kasan: bad access detected
[   11.275490] 
[   11.275581] Memory state around the buggy address:
[   11.275793]  ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.276189]  ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.276510] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.276859]                                                     ^
[   11.277200]  ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.277492]  ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.277818] ==================================================================
[   11.224712] ==================================================================
[   11.225461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.225789] Write of size 1 at addr ffff888102c2e0c9 by task kunit_try_catch/179
[   11.226095] 
[   11.226443] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.226490] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.226501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.226521] Call Trace:
[   11.226532]  <TASK>
[   11.226546]  dump_stack_lvl+0x73/0xb0
[   11.226574]  print_report+0xd1/0x650
[   11.226595]  ? __virt_addr_valid+0x1db/0x2d0
[   11.226618]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.226641]  ? kasan_addr_to_slab+0x11/0xa0
[   11.226661]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.226695]  kasan_report+0x141/0x180
[   11.226717]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.226744]  __asan_report_store1_noabort+0x1b/0x30
[   11.226764]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.226789]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.226813]  ? finish_task_switch.isra.0+0x153/0x700
[   11.226835]  ? __switch_to+0x47/0xf50
[   11.226861]  ? __schedule+0x10cc/0x2b60
[   11.226883]  ? __pfx_read_tsc+0x10/0x10
[   11.226921]  krealloc_large_less_oob+0x1c/0x30
[   11.226991]  kunit_try_run_case+0x1a5/0x480
[   11.227015]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.227034]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.227058]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.227082]  ? __kthread_parkme+0x82/0x180
[   11.227101]  ? preempt_count_sub+0x50/0x80
[   11.227126]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.227146]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.227170]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.227193]  kthread+0x337/0x6f0
[   11.227211]  ? trace_preempt_on+0x20/0xc0
[   11.227233]  ? __pfx_kthread+0x10/0x10
[   11.227253]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.227274]  ? calculate_sigpending+0x7b/0xa0
[   11.227324]  ? __pfx_kthread+0x10/0x10
[   11.227345]  ret_from_fork+0x116/0x1d0
[   11.227362]  ? __pfx_kthread+0x10/0x10
[   11.227382]  ret_from_fork_asm+0x1a/0x30
[   11.227411]  </TASK>
[   11.227422] 
[   11.235079] The buggy address belongs to the physical page:
[   11.235346] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c
[   11.235715] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.236085] flags: 0x200000000000040(head|node=0|zone=2)
[   11.236283] page_type: f8(unknown)
[   11.236462] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.236799] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.237306] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.237624] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.237961] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff
[   11.238247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.238474] page dumped because: kasan: bad access detected
[   11.238650] 
[   11.238741] Memory state around the buggy address:
[   11.239117]  ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.239436]  ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.239858] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.240228]                                               ^
[   11.240440]  ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.240655]  ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.240950] ==================================================================