Date
June 5, 2025, 7:08 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 24.866296] ================================================================== [ 24.866430] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 24.866690] Write of size 1 at addr fff00000c19db6da by task kunit_try_catch/158 [ 24.867039] [ 24.867121] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.867349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.867435] Hardware name: linux,dummy-virt (DT) [ 24.867529] Call trace: [ 24.867589] show_stack+0x20/0x38 (C) [ 24.867926] dump_stack_lvl+0x8c/0xd0 [ 24.868096] print_report+0x118/0x608 [ 24.868313] kasan_report+0xdc/0x128 [ 24.868612] __asan_report_store1_noabort+0x20/0x30 [ 24.868773] krealloc_less_oob_helper+0xa80/0xc50 [ 24.868914] krealloc_less_oob+0x20/0x38 [ 24.869098] kunit_try_run_case+0x170/0x3f0 [ 24.869234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.869502] kthread+0x328/0x630 [ 24.869842] ret_from_fork+0x10/0x20 [ 24.870109] [ 24.870155] Allocated by task 158: [ 24.870263] kasan_save_stack+0x3c/0x68 [ 24.870434] kasan_save_track+0x20/0x40 [ 24.870530] kasan_save_alloc_info+0x40/0x58 [ 24.870632] __kasan_krealloc+0x118/0x178 [ 24.870757] krealloc_noprof+0x128/0x360 [ 24.870949] krealloc_less_oob_helper+0x168/0xc50 [ 24.871112] krealloc_less_oob+0x20/0x38 [ 24.871206] kunit_try_run_case+0x170/0x3f0 [ 24.871298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.871429] kthread+0x328/0x630 [ 24.871526] ret_from_fork+0x10/0x20 [ 24.871630] [ 24.871684] The buggy address belongs to the object at fff00000c19db600 [ 24.871684] which belongs to the cache kmalloc-256 of size 256 [ 24.871847] The buggy address is located 17 bytes to the right of [ 24.871847] allocated 201-byte region [fff00000c19db600, fff00000c19db6c9) [ 24.872112] [ 24.872240] The buggy address belongs to the physical page: [ 24.872324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da [ 24.872479] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.872602] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.872844] page_type: f5(slab) [ 24.873004] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.873222] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.873449] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.873574] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.873785] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff [ 24.874149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.874294] page dumped because: kasan: bad access detected [ 24.874388] [ 24.874436] Memory state around the buggy address: [ 24.874544] fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.874756] fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.875034] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.875272] ^ [ 24.875991] fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.876054] fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.876101] ================================================================== [ 24.877908] ================================================================== [ 24.878007] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 24.878117] Write of size 1 at addr fff00000c19db6ea by task kunit_try_catch/158 [ 24.878232] [ 24.878298] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.878525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.878589] Hardware name: linux,dummy-virt (DT) [ 24.878675] Call trace: [ 24.878814] show_stack+0x20/0x38 (C) [ 24.879095] dump_stack_lvl+0x8c/0xd0 [ 24.879270] print_report+0x118/0x608 [ 24.880087] kasan_report+0xdc/0x128 [ 24.880282] __asan_report_store1_noabort+0x20/0x30 [ 24.880420] krealloc_less_oob_helper+0xae4/0xc50 [ 24.880487] krealloc_less_oob+0x20/0x38 [ 24.880550] kunit_try_run_case+0x170/0x3f0 [ 24.881913] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.882021] kthread+0x328/0x630 [ 24.882121] ret_from_fork+0x10/0x20 [ 24.882185] [ 24.882207] Allocated by task 158: [ 24.882241] kasan_save_stack+0x3c/0x68 [ 24.882291] kasan_save_track+0x20/0x40 [ 24.882370] kasan_save_alloc_info+0x40/0x58 [ 24.882651] __kasan_krealloc+0x118/0x178 [ 24.882773] krealloc_noprof+0x128/0x360 [ 24.882885] krealloc_less_oob_helper+0x168/0xc50 [ 24.883051] krealloc_less_oob+0x20/0x38 [ 24.883194] kunit_try_run_case+0x170/0x3f0 [ 24.883667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.883972] kthread+0x328/0x630 [ 24.884063] ret_from_fork+0x10/0x20 [ 24.885157] [ 24.885208] The buggy address belongs to the object at fff00000c19db600 [ 24.885208] which belongs to the cache kmalloc-256 of size 256 [ 24.885396] The buggy address is located 33 bytes to the right of [ 24.885396] allocated 201-byte region [fff00000c19db600, fff00000c19db6c9) [ 24.885633] [ 24.885690] The buggy address belongs to the physical page: [ 24.885844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da [ 24.886012] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.886131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.886368] page_type: f5(slab) [ 24.886505] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.887047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.887223] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.887361] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.887483] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff [ 24.888860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.889221] page dumped because: kasan: bad access detected [ 24.889312] [ 24.889901] Memory state around the buggy address: [ 24.890201] fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.890361] fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.890880] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.891571] ^ [ 24.891806] fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.891949] fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.892051] ================================================================== [ 24.962550] ================================================================== [ 24.962670] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 24.962800] Write of size 1 at addr fff00000c64660c9 by task kunit_try_catch/162 [ 24.962920] [ 24.962998] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.963194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.963259] Hardware name: linux,dummy-virt (DT) [ 24.963458] Call trace: [ 24.963518] show_stack+0x20/0x38 (C) [ 24.963644] dump_stack_lvl+0x8c/0xd0 [ 24.963772] print_report+0x118/0x608 [ 24.964988] kasan_report+0xdc/0x128 [ 24.966028] __asan_report_store1_noabort+0x20/0x30 [ 24.966440] krealloc_less_oob_helper+0xa48/0xc50 [ 24.966654] krealloc_large_less_oob+0x20/0x38 [ 24.966855] kunit_try_run_case+0x170/0x3f0 [ 24.966996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.967225] kthread+0x328/0x630 [ 24.967369] ret_from_fork+0x10/0x20 [ 24.967496] [ 24.967548] The buggy address belongs to the physical page: [ 24.967634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 24.967862] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.967989] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.968142] page_type: f8(unknown) [ 24.968244] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.968400] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.968818] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.969065] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.969311] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff [ 24.969521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.969852] page dumped because: kasan: bad access detected [ 24.969970] [ 24.970020] Memory state around the buggy address: [ 24.970092] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.970201] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.970433] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.970528] ^ [ 24.970647] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.970750] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.970890] ================================================================== [ 24.852732] ================================================================== [ 24.852843] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 24.852964] Write of size 1 at addr fff00000c19db6d0 by task kunit_try_catch/158 [ 24.853092] [ 24.853162] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.853549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.853660] Hardware name: linux,dummy-virt (DT) [ 24.853772] Call trace: [ 24.853899] show_stack+0x20/0x38 (C) [ 24.854037] dump_stack_lvl+0x8c/0xd0 [ 24.854346] print_report+0x118/0x608 [ 24.854482] kasan_report+0xdc/0x128 [ 24.854598] __asan_report_store1_noabort+0x20/0x30 [ 24.854747] krealloc_less_oob_helper+0xb9c/0xc50 [ 24.854873] krealloc_less_oob+0x20/0x38 [ 24.854992] kunit_try_run_case+0x170/0x3f0 [ 24.855116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.855246] kthread+0x328/0x630 [ 24.855369] ret_from_fork+0x10/0x20 [ 24.855485] [ 24.855528] Allocated by task 158: [ 24.855592] kasan_save_stack+0x3c/0x68 [ 24.855686] kasan_save_track+0x20/0x40 [ 24.855774] kasan_save_alloc_info+0x40/0x58 [ 24.856958] __kasan_krealloc+0x118/0x178 [ 24.857079] krealloc_noprof+0x128/0x360 [ 24.857297] krealloc_less_oob_helper+0x168/0xc50 [ 24.857572] krealloc_less_oob+0x20/0x38 [ 24.857666] kunit_try_run_case+0x170/0x3f0 [ 24.858673] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.858792] kthread+0x328/0x630 [ 24.858874] ret_from_fork+0x10/0x20 [ 24.859700] [ 24.859784] The buggy address belongs to the object at fff00000c19db600 [ 24.859784] which belongs to the cache kmalloc-256 of size 256 [ 24.860097] The buggy address is located 7 bytes to the right of [ 24.860097] allocated 201-byte region [fff00000c19db600, fff00000c19db6c9) [ 24.860274] [ 24.860742] The buggy address belongs to the physical page: [ 24.860964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da [ 24.861270] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.861413] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.861535] page_type: f5(slab) [ 24.861619] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.861737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.861878] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.862155] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.862737] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff [ 24.862867] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.862978] page dumped because: kasan: bad access detected [ 24.863237] [ 24.863310] Memory state around the buggy address: [ 24.863413] fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863694] fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.863975] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.864124] ^ [ 24.864358] fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.864471] fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.864570] ================================================================== [ 24.986286] ================================================================== [ 24.986398] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 24.986503] Write of size 1 at addr fff00000c64660da by task kunit_try_catch/162 [ 24.986650] [ 24.986720] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.986914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.986978] Hardware name: linux,dummy-virt (DT) [ 24.987049] Call trace: [ 24.987096] show_stack+0x20/0x38 (C) [ 24.987209] dump_stack_lvl+0x8c/0xd0 [ 24.987345] print_report+0x118/0x608 [ 24.987485] kasan_report+0xdc/0x128 [ 24.987619] __asan_report_store1_noabort+0x20/0x30 [ 24.987849] krealloc_less_oob_helper+0xa80/0xc50 [ 24.988002] krealloc_large_less_oob+0x20/0x38 [ 24.988143] kunit_try_run_case+0x170/0x3f0 [ 24.988315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.988505] kthread+0x328/0x630 [ 24.988619] ret_from_fork+0x10/0x20 [ 24.988743] [ 24.988789] The buggy address belongs to the physical page: [ 24.988879] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 24.989150] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.989566] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.989709] page_type: f8(unknown) [ 24.989801] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.989920] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.990309] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.991720] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.991937] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff [ 24.992134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.992684] page dumped because: kasan: bad access detected [ 24.992795] [ 24.992941] Memory state around the buggy address: [ 24.993053] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.993287] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.993418] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.993926] ^ [ 24.994074] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.994624] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.995105] ================================================================== [ 24.838742] ================================================================== [ 24.838856] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 24.838965] Write of size 1 at addr fff00000c19db6c9 by task kunit_try_catch/158 [ 24.839080] [ 24.839145] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.839362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.839430] Hardware name: linux,dummy-virt (DT) [ 24.839507] Call trace: [ 24.839557] show_stack+0x20/0x38 (C) [ 24.839670] dump_stack_lvl+0x8c/0xd0 [ 24.839797] print_report+0x118/0x608 [ 24.839996] kasan_report+0xdc/0x128 [ 24.840186] __asan_report_store1_noabort+0x20/0x30 [ 24.840347] krealloc_less_oob_helper+0xa48/0xc50 [ 24.840491] krealloc_less_oob+0x20/0x38 [ 24.841432] kunit_try_run_case+0x170/0x3f0 [ 24.841723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.841875] kthread+0x328/0x630 [ 24.842207] ret_from_fork+0x10/0x20 [ 24.842349] [ 24.842396] Allocated by task 158: [ 24.842463] kasan_save_stack+0x3c/0x68 [ 24.842559] kasan_save_track+0x20/0x40 [ 24.842668] kasan_save_alloc_info+0x40/0x58 [ 24.842785] __kasan_krealloc+0x118/0x178 [ 24.843122] krealloc_noprof+0x128/0x360 [ 24.843508] krealloc_less_oob_helper+0x168/0xc50 [ 24.843806] krealloc_less_oob+0x20/0x38 [ 24.844009] kunit_try_run_case+0x170/0x3f0 [ 24.844569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.844688] kthread+0x328/0x630 [ 24.845039] ret_from_fork+0x10/0x20 [ 24.845146] [ 24.845257] The buggy address belongs to the object at fff00000c19db600 [ 24.845257] which belongs to the cache kmalloc-256 of size 256 [ 24.845463] The buggy address is located 0 bytes to the right of [ 24.845463] allocated 201-byte region [fff00000c19db600, fff00000c19db6c9) [ 24.845638] [ 24.845684] The buggy address belongs to the physical page: [ 24.845755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da [ 24.846203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.846364] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.846497] page_type: f5(slab) [ 24.846585] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.846703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.847722] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.848434] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.848784] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff [ 24.848995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.849102] page dumped because: kasan: bad access detected [ 24.849182] [ 24.849239] Memory state around the buggy address: [ 24.849361] fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.849507] fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.849801] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.849898] ^ [ 24.850014] fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.850131] fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.850300] ================================================================== [ 24.972671] ================================================================== [ 24.972777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 24.972880] Write of size 1 at addr fff00000c64660d0 by task kunit_try_catch/162 [ 24.972997] [ 24.973058] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.973251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.973347] Hardware name: linux,dummy-virt (DT) [ 24.973426] Call trace: [ 24.975969] show_stack+0x20/0x38 (C) [ 24.976633] dump_stack_lvl+0x8c/0xd0 [ 24.976758] print_report+0x118/0x608 [ 24.978105] kasan_report+0xdc/0x128 [ 24.978399] __asan_report_store1_noabort+0x20/0x30 [ 24.979302] krealloc_less_oob_helper+0xb9c/0xc50 [ 24.980056] krealloc_large_less_oob+0x20/0x38 [ 24.980209] kunit_try_run_case+0x170/0x3f0 [ 24.980763] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.981024] kthread+0x328/0x630 [ 24.981720] ret_from_fork+0x10/0x20 [ 24.981904] [ 24.981962] The buggy address belongs to the physical page: [ 24.982135] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 24.982267] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.982402] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.982524] page_type: f8(unknown) [ 24.982613] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.982729] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.982845] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.982962] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.983083] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff [ 24.983226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.983426] page dumped because: kasan: bad access detected [ 24.983509] [ 24.983553] Memory state around the buggy address: [ 24.983629] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.983925] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.984074] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.984204] ^ [ 24.984311] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.984452] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.984555] ================================================================== [ 24.893423] ================================================================== [ 24.893519] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 24.893625] Write of size 1 at addr fff00000c19db6eb by task kunit_try_catch/158 [ 24.893740] [ 24.893804] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.894001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.894064] Hardware name: linux,dummy-virt (DT) [ 24.894137] Call trace: [ 24.894186] show_stack+0x20/0x38 (C) [ 24.894295] dump_stack_lvl+0x8c/0xd0 [ 24.894449] print_report+0x118/0x608 [ 24.895288] kasan_report+0xdc/0x128 [ 24.895536] __asan_report_store1_noabort+0x20/0x30 [ 24.895781] krealloc_less_oob_helper+0xa58/0xc50 [ 24.895994] krealloc_less_oob+0x20/0x38 [ 24.896078] kunit_try_run_case+0x170/0x3f0 [ 24.896139] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.896251] kthread+0x328/0x630 [ 24.896324] ret_from_fork+0x10/0x20 [ 24.896561] [ 24.896753] Allocated by task 158: [ 24.896988] kasan_save_stack+0x3c/0x68 [ 24.897087] kasan_save_track+0x20/0x40 [ 24.897191] kasan_save_alloc_info+0x40/0x58 [ 24.897308] __kasan_krealloc+0x118/0x178 [ 24.897424] krealloc_noprof+0x128/0x360 [ 24.899170] krealloc_less_oob_helper+0x168/0xc50 [ 24.900042] krealloc_less_oob+0x20/0x38 [ 24.900165] kunit_try_run_case+0x170/0x3f0 [ 24.900316] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.900450] kthread+0x328/0x630 [ 24.900532] ret_from_fork+0x10/0x20 [ 24.900698] [ 24.900776] The buggy address belongs to the object at fff00000c19db600 [ 24.900776] which belongs to the cache kmalloc-256 of size 256 [ 24.900915] The buggy address is located 34 bytes to the right of [ 24.900915] allocated 201-byte region [fff00000c19db600, fff00000c19db6c9) [ 24.901068] [ 24.901143] The buggy address belongs to the physical page: [ 24.901217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da [ 24.901367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.901512] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.901659] page_type: f5(slab) [ 24.901768] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.901887] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.902003] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.902118] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.902239] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff [ 24.903220] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.903352] page dumped because: kasan: bad access detected [ 24.903689] [ 24.903804] Memory state around the buggy address: [ 24.904309] fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.904473] fff00000c19db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.905077] >fff00000c19db680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.905555] ^ [ 24.906073] fff00000c19db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.906224] fff00000c19db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.906646] ================================================================== [ 25.003005] ================================================================== [ 25.003228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 25.003350] Write of size 1 at addr fff00000c64660ea by task kunit_try_catch/162 [ 25.003472] [ 25.003538] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 25.003728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.003790] Hardware name: linux,dummy-virt (DT) [ 25.003877] Call trace: [ 25.003927] show_stack+0x20/0x38 (C) [ 25.004042] dump_stack_lvl+0x8c/0xd0 [ 25.004153] print_report+0x118/0x608 [ 25.004264] kasan_report+0xdc/0x128 [ 25.010235] __asan_report_store1_noabort+0x20/0x30 [ 25.010641] krealloc_less_oob_helper+0xae4/0xc50 [ 25.013160] krealloc_large_less_oob+0x20/0x38 [ 25.013298] kunit_try_run_case+0x170/0x3f0 [ 25.013445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.016934] kthread+0x328/0x630 [ 25.018151] ret_from_fork+0x10/0x20 [ 25.018280] [ 25.018346] The buggy address belongs to the physical page: [ 25.018421] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 25.018544] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.018655] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.018781] page_type: f8(unknown) [ 25.018871] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.022446] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.022581] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.022720] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.022852] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff [ 25.022927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.022979] page dumped because: kasan: bad access detected [ 25.023019] [ 25.023041] Memory state around the buggy address: [ 25.023079] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.023133] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.023184] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.023231] ^ [ 25.023279] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.023358] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.023457] ================================================================== [ 25.024883] ================================================================== [ 25.025012] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 25.025213] Write of size 1 at addr fff00000c64660eb by task kunit_try_catch/162 [ 25.025442] [ 25.025663] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 25.026023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.026098] Hardware name: linux,dummy-virt (DT) [ 25.026313] Call trace: [ 25.026390] show_stack+0x20/0x38 (C) [ 25.026663] dump_stack_lvl+0x8c/0xd0 [ 25.027000] print_report+0x118/0x608 [ 25.027502] kasan_report+0xdc/0x128 [ 25.027622] __asan_report_store1_noabort+0x20/0x30 [ 25.027745] krealloc_less_oob_helper+0xa58/0xc50 [ 25.027879] krealloc_large_less_oob+0x20/0x38 [ 25.027999] kunit_try_run_case+0x170/0x3f0 [ 25.028115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.028241] kthread+0x328/0x630 [ 25.028359] ret_from_fork+0x10/0x20 [ 25.028475] [ 25.028520] The buggy address belongs to the physical page: [ 25.028589] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 25.028709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.028819] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.028935] page_type: f8(unknown) [ 25.029022] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.029139] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.029254] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.031435] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.031881] head: 0bfffe0000000002 ffffc1ffc3191901 00000000ffffffff 00000000ffffffff [ 25.032195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.032719] page dumped because: kasan: bad access detected [ 25.032833] [ 25.033137] Memory state around the buggy address: [ 25.033452] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.033618] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.033725] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.034319] ^ [ 25.034653] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.035048] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.035368] ==================================================================
[ 11.091904] ================================================================== [ 11.092279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.092596] Write of size 1 at addr ffff888100a27eda by task kunit_try_catch/175 [ 11.092888] [ 11.092982] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.093023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.093034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.093057] Call Trace: [ 11.093072] <TASK> [ 11.093085] dump_stack_lvl+0x73/0xb0 [ 11.093110] print_report+0xd1/0x650 [ 11.093132] ? __virt_addr_valid+0x1db/0x2d0 [ 11.093155] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.093179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.093201] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.093226] kasan_report+0x141/0x180 [ 11.093247] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.093276] __asan_report_store1_noabort+0x1b/0x30 [ 11.093297] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.093322] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.093346] ? finish_task_switch.isra.0+0x153/0x700 [ 11.093367] ? __switch_to+0x47/0xf50 [ 11.093392] ? __schedule+0x10cc/0x2b60 [ 11.093414] ? __pfx_read_tsc+0x10/0x10 [ 11.093438] krealloc_less_oob+0x1c/0x30 [ 11.093459] kunit_try_run_case+0x1a5/0x480 [ 11.093480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.093499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.093523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.093547] ? __kthread_parkme+0x82/0x180 [ 11.093566] ? preempt_count_sub+0x50/0x80 [ 11.093588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.093608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.093632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.093655] kthread+0x337/0x6f0 [ 11.093732] ? trace_preempt_on+0x20/0xc0 [ 11.093754] ? __pfx_kthread+0x10/0x10 [ 11.093774] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.093796] ? calculate_sigpending+0x7b/0xa0 [ 11.093820] ? __pfx_kthread+0x10/0x10 [ 11.093841] ret_from_fork+0x116/0x1d0 [ 11.093858] ? __pfx_kthread+0x10/0x10 [ 11.093878] ret_from_fork_asm+0x1a/0x30 [ 11.093917] </TASK> [ 11.093927] [ 11.101325] Allocated by task 175: [ 11.101505] kasan_save_stack+0x45/0x70 [ 11.101704] kasan_save_track+0x18/0x40 [ 11.101984] kasan_save_alloc_info+0x3b/0x50 [ 11.102181] __kasan_krealloc+0x190/0x1f0 [ 11.102383] krealloc_noprof+0xf3/0x340 [ 11.102517] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.102703] krealloc_less_oob+0x1c/0x30 [ 11.102917] kunit_try_run_case+0x1a5/0x480 [ 11.103166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.103363] kthread+0x337/0x6f0 [ 11.103481] ret_from_fork+0x116/0x1d0 [ 11.103611] ret_from_fork_asm+0x1a/0x30 [ 11.103745] [ 11.103827] The buggy address belongs to the object at ffff888100a27e00 [ 11.103827] which belongs to the cache kmalloc-256 of size 256 [ 11.104376] The buggy address is located 17 bytes to the right of [ 11.104376] allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9) [ 11.105231] [ 11.105346] The buggy address belongs to the physical page: [ 11.105575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26 [ 11.105933] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.106160] flags: 0x200000000000040(head|node=0|zone=2) [ 11.106390] page_type: f5(slab) [ 11.106662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.107011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.107281] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.107511] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.107887] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff [ 11.108238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.108682] page dumped because: kasan: bad access detected [ 11.108847] [ 11.109222] Memory state around the buggy address: [ 11.109464] ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.110289] ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.110636] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.111202] ^ [ 11.111543] ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.112175] ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.112477] ================================================================== [ 11.278392] ================================================================== [ 11.278719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279140] Write of size 1 at addr ffff888102c2e0ea by task kunit_try_catch/179 [ 11.279487] [ 11.279581] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.279641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.279652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.279692] Call Trace: [ 11.279705] <TASK> [ 11.279718] dump_stack_lvl+0x73/0xb0 [ 11.279757] print_report+0xd1/0x650 [ 11.279778] ? __virt_addr_valid+0x1db/0x2d0 [ 11.279801] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279823] ? kasan_addr_to_slab+0x11/0xa0 [ 11.279843] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279867] kasan_report+0x141/0x180 [ 11.279888] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279924] __asan_report_store1_noabort+0x1b/0x30 [ 11.280008] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.280054] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.280079] ? finish_task_switch.isra.0+0x153/0x700 [ 11.280102] ? __switch_to+0x47/0xf50 [ 11.280126] ? __schedule+0x10cc/0x2b60 [ 11.280148] ? __pfx_read_tsc+0x10/0x10 [ 11.280171] krealloc_large_less_oob+0x1c/0x30 [ 11.280210] kunit_try_run_case+0x1a5/0x480 [ 11.280231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.280250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.280289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.280312] ? __kthread_parkme+0x82/0x180 [ 11.280344] ? preempt_count_sub+0x50/0x80 [ 11.280367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.280400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.280424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.280460] kthread+0x337/0x6f0 [ 11.280479] ? trace_preempt_on+0x20/0xc0 [ 11.280501] ? __pfx_kthread+0x10/0x10 [ 11.280520] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.280541] ? calculate_sigpending+0x7b/0xa0 [ 11.280565] ? __pfx_kthread+0x10/0x10 [ 11.280585] ret_from_fork+0x116/0x1d0 [ 11.280603] ? __pfx_kthread+0x10/0x10 [ 11.280622] ret_from_fork_asm+0x1a/0x30 [ 11.280669] </TASK> [ 11.280679] [ 11.288498] The buggy address belongs to the physical page: [ 11.288786] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c [ 11.289064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.289338] flags: 0x200000000000040(head|node=0|zone=2) [ 11.289591] page_type: f8(unknown) [ 11.289767] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.290356] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.290588] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.291098] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.291471] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff [ 11.291774] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.292228] page dumped because: kasan: bad access detected [ 11.292462] [ 11.292555] Memory state around the buggy address: [ 11.292719] ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.293176] ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.293495] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.293758] ^ [ 11.294054] ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.294365] ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.294647] ================================================================== [ 11.056803] ================================================================== [ 11.057619] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.058794] Write of size 1 at addr ffff888100a27ed0 by task kunit_try_catch/175 [ 11.059762] [ 11.060056] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.060136] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.060148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.060169] Call Trace: [ 11.060180] <TASK> [ 11.060205] dump_stack_lvl+0x73/0xb0 [ 11.060232] print_report+0xd1/0x650 [ 11.060254] ? __virt_addr_valid+0x1db/0x2d0 [ 11.060276] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.060299] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.060321] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.060345] kasan_report+0x141/0x180 [ 11.060366] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.060394] __asan_report_store1_noabort+0x1b/0x30 [ 11.060415] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.060440] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.060464] ? finish_task_switch.isra.0+0x153/0x700 [ 11.060485] ? __switch_to+0x47/0xf50 [ 11.060510] ? __schedule+0x10cc/0x2b60 [ 11.060533] ? __pfx_read_tsc+0x10/0x10 [ 11.060556] krealloc_less_oob+0x1c/0x30 [ 11.060577] kunit_try_run_case+0x1a5/0x480 [ 11.060598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.060617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.060641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.060664] ? __kthread_parkme+0x82/0x180 [ 11.060683] ? preempt_count_sub+0x50/0x80 [ 11.060705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.060725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.060749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.060773] kthread+0x337/0x6f0 [ 11.060791] ? trace_preempt_on+0x20/0xc0 [ 11.060813] ? __pfx_kthread+0x10/0x10 [ 11.060833] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.060855] ? calculate_sigpending+0x7b/0xa0 [ 11.060877] ? __pfx_kthread+0x10/0x10 [ 11.060909] ret_from_fork+0x116/0x1d0 [ 11.060927] ? __pfx_kthread+0x10/0x10 [ 11.060962] ret_from_fork_asm+0x1a/0x30 [ 11.060992] </TASK> [ 11.061002] [ 11.074936] Allocated by task 175: [ 11.075314] kasan_save_stack+0x45/0x70 [ 11.075808] kasan_save_track+0x18/0x40 [ 11.076280] kasan_save_alloc_info+0x3b/0x50 [ 11.076739] __kasan_krealloc+0x190/0x1f0 [ 11.077243] krealloc_noprof+0xf3/0x340 [ 11.077389] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.077551] krealloc_less_oob+0x1c/0x30 [ 11.077790] kunit_try_run_case+0x1a5/0x480 [ 11.078079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.078279] kthread+0x337/0x6f0 [ 11.078402] ret_from_fork+0x116/0x1d0 [ 11.078533] ret_from_fork_asm+0x1a/0x30 [ 11.078670] [ 11.078743] The buggy address belongs to the object at ffff888100a27e00 [ 11.078743] which belongs to the cache kmalloc-256 of size 256 [ 11.079119] The buggy address is located 7 bytes to the right of [ 11.079119] allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9) [ 11.080274] [ 11.080478] The buggy address belongs to the physical page: [ 11.080962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26 [ 11.081480] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.082270] flags: 0x200000000000040(head|node=0|zone=2) [ 11.082619] page_type: f5(slab) [ 11.083005] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.083561] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.084205] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.084683] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.085263] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff [ 11.085774] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.086382] page dumped because: kasan: bad access detected [ 11.086621] [ 11.086874] Memory state around the buggy address: [ 11.087525] ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.088006] ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.088440] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.088864] ^ [ 11.089416] ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.089905] ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.090499] ================================================================== [ 11.295030] ================================================================== [ 11.295298] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.295580] Write of size 1 at addr ffff888102c2e0eb by task kunit_try_catch/179 [ 11.295821] [ 11.296178] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.296224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.296234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.296253] Call Trace: [ 11.296265] <TASK> [ 11.296278] dump_stack_lvl+0x73/0xb0 [ 11.296301] print_report+0xd1/0x650 [ 11.296343] ? __virt_addr_valid+0x1db/0x2d0 [ 11.296365] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.296388] ? kasan_addr_to_slab+0x11/0xa0 [ 11.296408] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.296431] kasan_report+0x141/0x180 [ 11.296452] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.296480] __asan_report_store1_noabort+0x1b/0x30 [ 11.296500] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.296525] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.296548] ? finish_task_switch.isra.0+0x153/0x700 [ 11.296571] ? __switch_to+0x47/0xf50 [ 11.296595] ? __schedule+0x10cc/0x2b60 [ 11.296637] ? __pfx_read_tsc+0x10/0x10 [ 11.296660] krealloc_large_less_oob+0x1c/0x30 [ 11.296682] kunit_try_run_case+0x1a5/0x480 [ 11.296702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.296721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.296744] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.296768] ? __kthread_parkme+0x82/0x180 [ 11.296786] ? preempt_count_sub+0x50/0x80 [ 11.296809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.296829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.296852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.296875] kthread+0x337/0x6f0 [ 11.296902] ? trace_preempt_on+0x20/0xc0 [ 11.296924] ? __pfx_kthread+0x10/0x10 [ 11.297004] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.297026] ? calculate_sigpending+0x7b/0xa0 [ 11.297054] ? __pfx_kthread+0x10/0x10 [ 11.297074] ret_from_fork+0x116/0x1d0 [ 11.297092] ? __pfx_kthread+0x10/0x10 [ 11.297134] ret_from_fork_asm+0x1a/0x30 [ 11.297163] </TASK> [ 11.297173] [ 11.305398] The buggy address belongs to the physical page: [ 11.305644] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c [ 11.306247] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.306596] flags: 0x200000000000040(head|node=0|zone=2) [ 11.306859] page_type: f8(unknown) [ 11.307113] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.307382] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.307784] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.308181] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.308522] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff [ 11.308884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.309271] page dumped because: kasan: bad access detected [ 11.309526] [ 11.309636] Memory state around the buggy address: [ 11.309827] ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.310277] ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.310556] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.311115] ^ [ 11.311416] ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.311728] ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.312162] ================================================================== [ 11.113336] ================================================================== [ 11.114052] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.114376] Write of size 1 at addr ffff888100a27eea by task kunit_try_catch/175 [ 11.114856] [ 11.115251] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.115300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.115312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.115332] Call Trace: [ 11.115345] <TASK> [ 11.115358] dump_stack_lvl+0x73/0xb0 [ 11.115418] print_report+0xd1/0x650 [ 11.115441] ? __virt_addr_valid+0x1db/0x2d0 [ 11.115463] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.115487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.115509] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.115533] kasan_report+0x141/0x180 [ 11.115555] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.115582] __asan_report_store1_noabort+0x1b/0x30 [ 11.115602] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.115627] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.115651] ? finish_task_switch.isra.0+0x153/0x700 [ 11.115673] ? __switch_to+0x47/0xf50 [ 11.115697] ? __schedule+0x10cc/0x2b60 [ 11.115720] ? __pfx_read_tsc+0x10/0x10 [ 11.115742] krealloc_less_oob+0x1c/0x30 [ 11.115763] kunit_try_run_case+0x1a5/0x480 [ 11.115783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.115802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.115825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.115848] ? __kthread_parkme+0x82/0x180 [ 11.115867] ? preempt_count_sub+0x50/0x80 [ 11.115888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.115918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.115992] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.116018] kthread+0x337/0x6f0 [ 11.116037] ? trace_preempt_on+0x20/0xc0 [ 11.116059] ? __pfx_kthread+0x10/0x10 [ 11.116078] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.116100] ? calculate_sigpending+0x7b/0xa0 [ 11.116123] ? __pfx_kthread+0x10/0x10 [ 11.116143] ret_from_fork+0x116/0x1d0 [ 11.116161] ? __pfx_kthread+0x10/0x10 [ 11.116181] ret_from_fork_asm+0x1a/0x30 [ 11.116209] </TASK> [ 11.116219] [ 11.124589] Allocated by task 175: [ 11.124928] kasan_save_stack+0x45/0x70 [ 11.125126] kasan_save_track+0x18/0x40 [ 11.125380] kasan_save_alloc_info+0x3b/0x50 [ 11.125572] __kasan_krealloc+0x190/0x1f0 [ 11.125754] krealloc_noprof+0xf3/0x340 [ 11.125945] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.126136] krealloc_less_oob+0x1c/0x30 [ 11.126330] kunit_try_run_case+0x1a5/0x480 [ 11.126533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.126905] kthread+0x337/0x6f0 [ 11.127033] ret_from_fork+0x116/0x1d0 [ 11.127166] ret_from_fork_asm+0x1a/0x30 [ 11.127305] [ 11.127375] The buggy address belongs to the object at ffff888100a27e00 [ 11.127375] which belongs to the cache kmalloc-256 of size 256 [ 11.127861] The buggy address is located 33 bytes to the right of [ 11.127861] allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9) [ 11.128466] [ 11.128537] The buggy address belongs to the physical page: [ 11.128914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26 [ 11.129216] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.129440] flags: 0x200000000000040(head|node=0|zone=2) [ 11.129829] page_type: f5(slab) [ 11.130147] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.130489] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.131124] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.131418] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.131653] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff [ 11.131890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.132425] page dumped because: kasan: bad access detected [ 11.132677] [ 11.132816] Memory state around the buggy address: [ 11.133013] ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.133262] ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.133473] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.134031] ^ [ 11.134340] ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.134615] ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.134864] ================================================================== [ 11.241330] ================================================================== [ 11.241828] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.242190] Write of size 1 at addr ffff888102c2e0d0 by task kunit_try_catch/179 [ 11.242472] [ 11.242582] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.242625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.242636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.242655] Call Trace: [ 11.242667] <TASK> [ 11.242679] dump_stack_lvl+0x73/0xb0 [ 11.242702] print_report+0xd1/0x650 [ 11.242723] ? __virt_addr_valid+0x1db/0x2d0 [ 11.242745] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.242768] ? kasan_addr_to_slab+0x11/0xa0 [ 11.242789] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.242812] kasan_report+0x141/0x180 [ 11.242833] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.242861] __asan_report_store1_noabort+0x1b/0x30 [ 11.242882] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.242919] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.242942] ? finish_task_switch.isra.0+0x153/0x700 [ 11.242966] ? __switch_to+0x47/0xf50 [ 11.242989] ? __schedule+0x10cc/0x2b60 [ 11.243011] ? __pfx_read_tsc+0x10/0x10 [ 11.243034] krealloc_large_less_oob+0x1c/0x30 [ 11.243056] kunit_try_run_case+0x1a5/0x480 [ 11.243076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.243106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.243130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.243153] ? __kthread_parkme+0x82/0x180 [ 11.243172] ? preempt_count_sub+0x50/0x80 [ 11.243195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.243215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.243238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.243261] kthread+0x337/0x6f0 [ 11.243279] ? trace_preempt_on+0x20/0xc0 [ 11.243302] ? __pfx_kthread+0x10/0x10 [ 11.243322] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.243343] ? calculate_sigpending+0x7b/0xa0 [ 11.243366] ? __pfx_kthread+0x10/0x10 [ 11.243387] ret_from_fork+0x116/0x1d0 [ 11.243404] ? __pfx_kthread+0x10/0x10 [ 11.243424] ret_from_fork_asm+0x1a/0x30 [ 11.243453] </TASK> [ 11.243462] [ 11.250666] The buggy address belongs to the physical page: [ 11.250944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c [ 11.251308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.251646] flags: 0x200000000000040(head|node=0|zone=2) [ 11.251846] page_type: f8(unknown) [ 11.252023] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.252546] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.252851] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.253388] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.253740] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff [ 11.254088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.254317] page dumped because: kasan: bad access detected [ 11.254486] [ 11.254553] Memory state around the buggy address: [ 11.254747] ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.255078] ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.255389] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.255740] ^ [ 11.256007] ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.256241] ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.256452] ================================================================== [ 11.135327] ================================================================== [ 11.135651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.136229] Write of size 1 at addr ffff888100a27eeb by task kunit_try_catch/175 [ 11.136509] [ 11.136615] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.136654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.136665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.136683] Call Trace: [ 11.136695] <TASK> [ 11.136706] dump_stack_lvl+0x73/0xb0 [ 11.136730] print_report+0xd1/0x650 [ 11.136752] ? __virt_addr_valid+0x1db/0x2d0 [ 11.136773] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.136796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.136817] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.136840] kasan_report+0x141/0x180 [ 11.136861] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.136889] __asan_report_store1_noabort+0x1b/0x30 [ 11.136985] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.137011] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.137035] ? finish_task_switch.isra.0+0x153/0x700 [ 11.137065] ? __switch_to+0x47/0xf50 [ 11.137089] ? __schedule+0x10cc/0x2b60 [ 11.137111] ? __pfx_read_tsc+0x10/0x10 [ 11.137134] krealloc_less_oob+0x1c/0x30 [ 11.137156] kunit_try_run_case+0x1a5/0x480 [ 11.137176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.137196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.137219] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.137242] ? __kthread_parkme+0x82/0x180 [ 11.137262] ? preempt_count_sub+0x50/0x80 [ 11.137283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.137304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.137327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.137350] kthread+0x337/0x6f0 [ 11.137369] ? trace_preempt_on+0x20/0xc0 [ 11.137390] ? __pfx_kthread+0x10/0x10 [ 11.137410] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.137431] ? calculate_sigpending+0x7b/0xa0 [ 11.137454] ? __pfx_kthread+0x10/0x10 [ 11.137474] ret_from_fork+0x116/0x1d0 [ 11.137492] ? __pfx_kthread+0x10/0x10 [ 11.137511] ret_from_fork_asm+0x1a/0x30 [ 11.137540] </TASK> [ 11.137550] [ 11.151140] Allocated by task 175: [ 11.151329] kasan_save_stack+0x45/0x70 [ 11.151669] kasan_save_track+0x18/0x40 [ 11.152010] kasan_save_alloc_info+0x3b/0x50 [ 11.152177] __kasan_krealloc+0x190/0x1f0 [ 11.152645] krealloc_noprof+0xf3/0x340 [ 11.152941] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.153460] krealloc_less_oob+0x1c/0x30 [ 11.153680] kunit_try_run_case+0x1a5/0x480 [ 11.153877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.154348] kthread+0x337/0x6f0 [ 11.154682] ret_from_fork+0x116/0x1d0 [ 11.155053] ret_from_fork_asm+0x1a/0x30 [ 11.155235] [ 11.155511] The buggy address belongs to the object at ffff888100a27e00 [ 11.155511] which belongs to the cache kmalloc-256 of size 256 [ 11.156370] The buggy address is located 34 bytes to the right of [ 11.156370] allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9) [ 11.157240] [ 11.157356] The buggy address belongs to the physical page: [ 11.157597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26 [ 11.158582] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.159074] flags: 0x200000000000040(head|node=0|zone=2) [ 11.159339] page_type: f5(slab) [ 11.159513] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.160183] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.160588] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.161284] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.161676] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff [ 11.162222] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.162573] page dumped because: kasan: bad access detected [ 11.163292] [ 11.163395] Memory state around the buggy address: [ 11.163588] ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.164263] ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.164638] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.165121] ^ [ 11.165427] ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.166035] ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.166318] ================================================================== [ 11.019120] ================================================================== [ 11.020467] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.020906] Write of size 1 at addr ffff888100a27ec9 by task kunit_try_catch/175 [ 11.021135] [ 11.021219] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.021290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.021301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.021321] Call Trace: [ 11.021450] <TASK> [ 11.021469] dump_stack_lvl+0x73/0xb0 [ 11.021499] print_report+0xd1/0x650 [ 11.021520] ? __virt_addr_valid+0x1db/0x2d0 [ 11.021543] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.021566] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.021591] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.021921] kasan_report+0x141/0x180 [ 11.021975] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.022003] __asan_report_store1_noabort+0x1b/0x30 [ 11.022023] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.022048] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.022071] ? finish_task_switch.isra.0+0x153/0x700 [ 11.022094] ? __switch_to+0x47/0xf50 [ 11.022120] ? __schedule+0x10cc/0x2b60 [ 11.022143] ? __pfx_read_tsc+0x10/0x10 [ 11.022166] krealloc_less_oob+0x1c/0x30 [ 11.022187] kunit_try_run_case+0x1a5/0x480 [ 11.022207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.022226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.022249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.022273] ? __kthread_parkme+0x82/0x180 [ 11.022292] ? preempt_count_sub+0x50/0x80 [ 11.022314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.022334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.022358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.022382] kthread+0x337/0x6f0 [ 11.022400] ? trace_preempt_on+0x20/0xc0 [ 11.022423] ? __pfx_kthread+0x10/0x10 [ 11.022442] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.022464] ? calculate_sigpending+0x7b/0xa0 [ 11.022487] ? __pfx_kthread+0x10/0x10 [ 11.022507] ret_from_fork+0x116/0x1d0 [ 11.022525] ? __pfx_kthread+0x10/0x10 [ 11.022544] ret_from_fork_asm+0x1a/0x30 [ 11.022573] </TASK> [ 11.022583] [ 11.037738] Allocated by task 175: [ 11.037874] kasan_save_stack+0x45/0x70 [ 11.038317] kasan_save_track+0x18/0x40 [ 11.038778] kasan_save_alloc_info+0x3b/0x50 [ 11.039370] __kasan_krealloc+0x190/0x1f0 [ 11.039916] krealloc_noprof+0xf3/0x340 [ 11.040341] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.040510] krealloc_less_oob+0x1c/0x30 [ 11.040925] kunit_try_run_case+0x1a5/0x480 [ 11.041562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.042300] kthread+0x337/0x6f0 [ 11.042757] ret_from_fork+0x116/0x1d0 [ 11.042906] ret_from_fork_asm+0x1a/0x30 [ 11.043502] [ 11.043808] The buggy address belongs to the object at ffff888100a27e00 [ 11.043808] which belongs to the cache kmalloc-256 of size 256 [ 11.044411] The buggy address is located 0 bytes to the right of [ 11.044411] allocated 201-byte region [ffff888100a27e00, ffff888100a27ec9) [ 11.044765] [ 11.044834] The buggy address belongs to the physical page: [ 11.045280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a26 [ 11.046172] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.046860] flags: 0x200000000000040(head|node=0|zone=2) [ 11.047439] page_type: f5(slab) [ 11.047782] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.048481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.048936] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.049804] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.050333] head: 0200000000000001 ffffea0004028981 00000000ffffffff 00000000ffffffff [ 11.050562] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.051240] page dumped because: kasan: bad access detected [ 11.051792] [ 11.051961] Memory state around the buggy address: [ 11.052539] ffff888100a27d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.053429] ffff888100a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.053663] >ffff888100a27e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.054455] ^ [ 11.055088] ffff888100a27f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.055562] ffff888100a27f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.055884] ================================================================== [ 11.256861] ================================================================== [ 11.257661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.258048] Write of size 1 at addr ffff888102c2e0da by task kunit_try_catch/179 [ 11.258342] [ 11.258450] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.258489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.258500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.258518] Call Trace: [ 11.258531] <TASK> [ 11.258544] dump_stack_lvl+0x73/0xb0 [ 11.258567] print_report+0xd1/0x650 [ 11.258588] ? __virt_addr_valid+0x1db/0x2d0 [ 11.258610] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.258642] ? kasan_addr_to_slab+0x11/0xa0 [ 11.258662] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.258686] kasan_report+0x141/0x180 [ 11.258707] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.258734] __asan_report_store1_noabort+0x1b/0x30 [ 11.258754] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.258779] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.258802] ? finish_task_switch.isra.0+0x153/0x700 [ 11.258825] ? __switch_to+0x47/0xf50 [ 11.258849] ? __schedule+0x10cc/0x2b60 [ 11.258871] ? __pfx_read_tsc+0x10/0x10 [ 11.258906] krealloc_large_less_oob+0x1c/0x30 [ 11.258928] kunit_try_run_case+0x1a5/0x480 [ 11.258994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.259014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.259037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.259060] ? __kthread_parkme+0x82/0x180 [ 11.259079] ? preempt_count_sub+0x50/0x80 [ 11.259102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.259122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.259145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.259169] kthread+0x337/0x6f0 [ 11.259187] ? trace_preempt_on+0x20/0xc0 [ 11.259208] ? __pfx_kthread+0x10/0x10 [ 11.259228] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.259249] ? calculate_sigpending+0x7b/0xa0 [ 11.259272] ? __pfx_kthread+0x10/0x10 [ 11.259292] ret_from_fork+0x116/0x1d0 [ 11.259310] ? __pfx_kthread+0x10/0x10 [ 11.259331] ret_from_fork_asm+0x1a/0x30 [ 11.259360] </TASK> [ 11.259370] [ 11.270794] The buggy address belongs to the physical page: [ 11.271219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c [ 11.271678] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.272135] flags: 0x200000000000040(head|node=0|zone=2) [ 11.272452] page_type: f8(unknown) [ 11.272689] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.273132] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.273735] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.274158] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.274496] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff [ 11.274865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.275258] page dumped because: kasan: bad access detected [ 11.275490] [ 11.275581] Memory state around the buggy address: [ 11.275793] ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.276189] ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.276510] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.276859] ^ [ 11.277200] ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.277492] ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.277818] ================================================================== [ 11.224712] ================================================================== [ 11.225461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.225789] Write of size 1 at addr ffff888102c2e0c9 by task kunit_try_catch/179 [ 11.226095] [ 11.226443] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 11.226490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.226501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.226521] Call Trace: [ 11.226532] <TASK> [ 11.226546] dump_stack_lvl+0x73/0xb0 [ 11.226574] print_report+0xd1/0x650 [ 11.226595] ? __virt_addr_valid+0x1db/0x2d0 [ 11.226618] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.226641] ? kasan_addr_to_slab+0x11/0xa0 [ 11.226661] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.226695] kasan_report+0x141/0x180 [ 11.226717] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.226744] __asan_report_store1_noabort+0x1b/0x30 [ 11.226764] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.226789] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.226813] ? finish_task_switch.isra.0+0x153/0x700 [ 11.226835] ? __switch_to+0x47/0xf50 [ 11.226861] ? __schedule+0x10cc/0x2b60 [ 11.226883] ? __pfx_read_tsc+0x10/0x10 [ 11.226921] krealloc_large_less_oob+0x1c/0x30 [ 11.226991] kunit_try_run_case+0x1a5/0x480 [ 11.227015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.227034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.227058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.227082] ? __kthread_parkme+0x82/0x180 [ 11.227101] ? preempt_count_sub+0x50/0x80 [ 11.227126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.227146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.227170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.227193] kthread+0x337/0x6f0 [ 11.227211] ? trace_preempt_on+0x20/0xc0 [ 11.227233] ? __pfx_kthread+0x10/0x10 [ 11.227253] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.227274] ? calculate_sigpending+0x7b/0xa0 [ 11.227324] ? __pfx_kthread+0x10/0x10 [ 11.227345] ret_from_fork+0x116/0x1d0 [ 11.227362] ? __pfx_kthread+0x10/0x10 [ 11.227382] ret_from_fork_asm+0x1a/0x30 [ 11.227411] </TASK> [ 11.227422] [ 11.235079] The buggy address belongs to the physical page: [ 11.235346] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c2c [ 11.235715] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.236085] flags: 0x200000000000040(head|node=0|zone=2) [ 11.236283] page_type: f8(unknown) [ 11.236462] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.236799] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.237306] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.237624] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.237961] head: 0200000000000002 ffffea00040b0b01 00000000ffffffff 00000000ffffffff [ 11.238247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.238474] page dumped because: kasan: bad access detected [ 11.238650] [ 11.238741] Memory state around the buggy address: [ 11.239117] ffff888102c2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.239436] ffff888102c2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.239858] >ffff888102c2e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.240228] ^ [ 11.240440] ffff888102c2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.240655] ffff888102c2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.240950] ==================================================================