Hay
Sign in
Date
July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.349892] ==================================================================
[   15.349977] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.350029] Write of size 1 at addr fff00000c4600ceb by task kunit_try_catch/159
[   15.350251] 
[   15.350358] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.350467] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.350494] Hardware name: linux,dummy-virt (DT)
[   15.350524] Call trace:
[   15.350547]  show_stack+0x20/0x38 (C)
[   15.350597]  dump_stack_lvl+0x8c/0xd0
[   15.350644]  print_report+0x118/0x608
[   15.350688]  kasan_report+0xdc/0x128
[   15.351020]  __asan_report_store1_noabort+0x20/0x30
[   15.351246]  krealloc_more_oob_helper+0x60c/0x678
[   15.351546]  krealloc_more_oob+0x20/0x38
[   15.351603]  kunit_try_run_case+0x170/0x3f0
[   15.351879]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.352027]  kthread+0x328/0x630
[   15.352236]  ret_from_fork+0x10/0x20
[   15.352371] 
[   15.352483] Allocated by task 159:
[   15.352517]  kasan_save_stack+0x3c/0x68
[   15.352958]  kasan_save_track+0x20/0x40
[   15.353286]  kasan_save_alloc_info+0x40/0x58
[   15.353405]  __kasan_krealloc+0x118/0x178
[   15.353444]  krealloc_noprof+0x128/0x360
[   15.353683]  krealloc_more_oob_helper+0x168/0x678
[   15.353750]  krealloc_more_oob+0x20/0x38
[   15.354115]  kunit_try_run_case+0x170/0x3f0
[   15.354375]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.354427]  kthread+0x328/0x630
[   15.354463]  ret_from_fork+0x10/0x20
[   15.354497] 
[   15.354519] The buggy address belongs to the object at fff00000c4600c00
[   15.354519]  which belongs to the cache kmalloc-256 of size 256
[   15.354876] The buggy address is located 0 bytes to the right of
[   15.354876]  allocated 235-byte region [fff00000c4600c00, fff00000c4600ceb)
[   15.355060] 
[   15.355186] The buggy address belongs to the physical page:
[   15.355303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.355620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.355827] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.356593] page_type: f5(slab)
[   15.356652] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.356722] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.357141] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.357268] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.357873] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.358122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.358293] page dumped because: kasan: bad access detected
[   15.358462] 
[   15.358590] Memory state around the buggy address:
[   15.358625]  fff00000c4600b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.359038]  fff00000c4600c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.359238] >fff00000c4600c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.359356]                                                           ^
[   15.359445]  fff00000c4600d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.359549]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.359776] ==================================================================
[   15.444869] ==================================================================
[   15.444913] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.444969] Write of size 1 at addr fff00000c786a0f0 by task kunit_try_catch/163
[   15.445419] 
[   15.445466] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.445672] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.445893] Hardware name: linux,dummy-virt (DT)
[   15.445930] Call trace:
[   15.446118]  show_stack+0x20/0x38 (C)
[   15.446230]  dump_stack_lvl+0x8c/0xd0
[   15.446411]  print_report+0x118/0x608
[   15.446730]  kasan_report+0xdc/0x128
[   15.446986]  __asan_report_store1_noabort+0x20/0x30
[   15.447107]  krealloc_more_oob_helper+0x5c0/0x678
[   15.447278]  krealloc_large_more_oob+0x20/0x38
[   15.447545]  kunit_try_run_case+0x170/0x3f0
[   15.447654]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.447890]  kthread+0x328/0x630
[   15.448082]  ret_from_fork+0x10/0x20
[   15.448297] 
[   15.448418] The buggy address belongs to the physical page:
[   15.448455] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107868
[   15.448528] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.448909] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.449042] page_type: f8(unknown)
[   15.449144] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.449573] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.449909] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.450175] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.450406] head: 0bfffe0000000002 ffffc1ffc31e1a01 00000000ffffffff 00000000ffffffff
[   15.450572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.450923] page dumped because: kasan: bad access detected
[   15.451247] 
[   15.451374] Memory state around the buggy address:
[   15.451407]  fff00000c7869f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.451514]  fff00000c786a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.451836] >fff00000c786a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.452036]                                                              ^
[   15.452190]  fff00000c786a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.452304]  fff00000c786a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.452566] ==================================================================
[   15.440970] ==================================================================
[   15.441029] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.441463] Write of size 1 at addr fff00000c786a0eb by task kunit_try_catch/163
[   15.441587] 
[   15.441688] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.441778] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.441864] Hardware name: linux,dummy-virt (DT)
[   15.441897] Call trace:
[   15.441918]  show_stack+0x20/0x38 (C)
[   15.441980]  dump_stack_lvl+0x8c/0xd0
[   15.442029]  print_report+0x118/0x608
[   15.442468]  kasan_report+0xdc/0x128
[   15.442635]  __asan_report_store1_noabort+0x20/0x30
[   15.442816]  krealloc_more_oob_helper+0x60c/0x678
[   15.442867]  krealloc_large_more_oob+0x20/0x38
[   15.442914]  kunit_try_run_case+0x170/0x3f0
[   15.442981]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.443149]  kthread+0x328/0x630
[   15.443233]  ret_from_fork+0x10/0x20
[   15.443296] 
[   15.443322] The buggy address belongs to the physical page:
[   15.443359] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107868
[   15.443431] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.443478] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.443530] page_type: f8(unknown)
[   15.443569] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.443642] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.443690] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.443736] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.443798] head: 0bfffe0000000002 ffffc1ffc31e1a01 00000000ffffffff 00000000ffffffff
[   15.443844] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.443882] page dumped because: kasan: bad access detected
[   15.443928] 
[   15.443957] Memory state around the buggy address:
[   15.443996]  fff00000c7869f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.444048]  fff00000c786a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.444088] >fff00000c786a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.444132]                                                           ^
[   15.444169]  fff00000c786a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.444209]  fff00000c786a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.444245] ==================================================================
[   15.361840] ==================================================================
[   15.361899] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.362128] Write of size 1 at addr fff00000c4600cf0 by task kunit_try_catch/159
[   15.362228] 
[   15.362262] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.362349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.362375] Hardware name: linux,dummy-virt (DT)
[   15.362404] Call trace:
[   15.362841]  show_stack+0x20/0x38 (C)
[   15.362909]  dump_stack_lvl+0x8c/0xd0
[   15.363218]  print_report+0x118/0x608
[   15.363354]  kasan_report+0xdc/0x128
[   15.363445]  __asan_report_store1_noabort+0x20/0x30
[   15.363699]  krealloc_more_oob_helper+0x5c0/0x678
[   15.363925]  krealloc_more_oob+0x20/0x38
[   15.364455]  kunit_try_run_case+0x170/0x3f0
[   15.364596]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.364822]  kthread+0x328/0x630
[   15.364900]  ret_from_fork+0x10/0x20
[   15.365242] 
[   15.365285] Allocated by task 159:
[   15.365318]  kasan_save_stack+0x3c/0x68
[   15.365514]  kasan_save_track+0x20/0x40
[   15.365651]  kasan_save_alloc_info+0x40/0x58
[   15.365872]  __kasan_krealloc+0x118/0x178
[   15.366131]  krealloc_noprof+0x128/0x360
[   15.366342]  krealloc_more_oob_helper+0x168/0x678
[   15.366713]  krealloc_more_oob+0x20/0x38
[   15.366967]  kunit_try_run_case+0x170/0x3f0
[   15.367051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.367234]  kthread+0x328/0x630
[   15.367273]  ret_from_fork+0x10/0x20
[   15.367487] 
[   15.367663] The buggy address belongs to the object at fff00000c4600c00
[   15.367663]  which belongs to the cache kmalloc-256 of size 256
[   15.367731] The buggy address is located 5 bytes to the right of
[   15.367731]  allocated 235-byte region [fff00000c4600c00, fff00000c4600ceb)
[   15.368001] 
[   15.368027] The buggy address belongs to the physical page:
[   15.368271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.368427] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.368830] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.369088] page_type: f5(slab)
[   15.369450] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.369725] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.369910] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.369980] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.370028] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.370092] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.370133] page dumped because: kasan: bad access detected
[   15.370324] 
[   15.370357] Memory state around the buggy address:
[   15.370402]  fff00000c4600b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.370450]  fff00000c4600c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.370702] >fff00000c4600c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.370972]                                                              ^
[   15.371109]  fff00000c4600d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.371183]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.371247] ==================================================================
Metadata Full log Test run details 

[   10.787427] ==================================================================
[   10.787804] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.788050] Write of size 1 at addr ffff888100348aeb by task kunit_try_catch/175
[   10.788291] 
[   10.788377] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.788420] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.788431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.788451] Call Trace:
[   10.788462]  <TASK>
[   10.788476]  dump_stack_lvl+0x73/0xb0
[   10.788499]  print_report+0xd1/0x650
[   10.788522]  ? __virt_addr_valid+0x1db/0x2d0
[   10.788543]  ? krealloc_more_oob_helper+0x821/0x930
[   10.788563]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.788585]  ? krealloc_more_oob_helper+0x821/0x930
[   10.788605]  kasan_report+0x141/0x180
[   10.788626]  ? krealloc_more_oob_helper+0x821/0x930
[   10.788651]  __asan_report_store1_noabort+0x1b/0x30
[   10.788671]  krealloc_more_oob_helper+0x821/0x930
[   10.788690]  ? __schedule+0x10cc/0x2b60
[   10.788712]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.788732]  ? finish_task_switch.isra.0+0x153/0x700
[   10.788754]  ? __switch_to+0x5d9/0xf60
[   10.788776]  ? dequeue_task_fair+0x166/0x4e0
[   10.788799]  ? __schedule+0x10cc/0x2b60
[   10.788821]  ? __pfx_read_tsc+0x10/0x10
[   10.788843]  krealloc_more_oob+0x1c/0x30
[   10.788861]  kunit_try_run_case+0x1a5/0x480
[   10.788884]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.788905]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.788929]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.788951]  ? __kthread_parkme+0x82/0x180
[   10.788972]  ? preempt_count_sub+0x50/0x80
[   10.788995]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.789018]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.789040]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.789062]  kthread+0x337/0x6f0
[   10.789078]  ? trace_preempt_on+0x20/0xc0
[   10.789100]  ? __pfx_kthread+0x10/0x10
[   10.789117]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.789138]  ? calculate_sigpending+0x7b/0xa0
[   10.789159]  ? __pfx_kthread+0x10/0x10
[   10.789176]  ret_from_fork+0x41/0x80
[   10.789196]  ? __pfx_kthread+0x10/0x10
[   10.789213]  ret_from_fork_asm+0x1a/0x30
[   10.789601]  </TASK>
[   10.789620] 
[   10.806322] Allocated by task 175:
[   10.806857]  kasan_save_stack+0x45/0x70
[   10.807180]  kasan_save_track+0x18/0x40
[   10.807339]  kasan_save_alloc_info+0x3b/0x50
[   10.807487]  __kasan_krealloc+0x190/0x1f0
[   10.807733]  krealloc_noprof+0xf3/0x340
[   10.808417]  krealloc_more_oob_helper+0x1a9/0x930
[   10.808854]  krealloc_more_oob+0x1c/0x30
[   10.809347]  kunit_try_run_case+0x1a5/0x480
[   10.809792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.810357]  kthread+0x337/0x6f0
[   10.810771]  ret_from_fork+0x41/0x80
[   10.811076]  ret_from_fork_asm+0x1a/0x30
[   10.811212] 
[   10.811317] The buggy address belongs to the object at ffff888100348a00
[   10.811317]  which belongs to the cache kmalloc-256 of size 256
[   10.812249] The buggy address is located 0 bytes to the right of
[   10.812249]  allocated 235-byte region [ffff888100348a00, ffff888100348aeb)
[   10.812984] 
[   10.813080] The buggy address belongs to the physical page:
[   10.813721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348
[   10.814367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.814598] flags: 0x200000000000040(head|node=0|zone=2)
[   10.814874] page_type: f5(slab)
[   10.815174] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.815918] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.816720] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.817316] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.817917] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff
[   10.818531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.819316] page dumped because: kasan: bad access detected
[   10.819812] 
[   10.819968] Memory state around the buggy address:
[   10.820258]  ffff888100348980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.820570]  ffff888100348a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.820841] >ffff888100348a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.821701]                                                           ^
[   10.822313]  ffff888100348b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.823069]  ffff888100348b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.823554] ==================================================================
[   10.991329] ==================================================================
[   10.991658] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.991932] Write of size 1 at addr ffff8881039120f0 by task kunit_try_catch/179
[   10.992181] 
[   10.992356] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.992400] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.992411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.992443] Call Trace:
[   10.992463]  <TASK>
[   10.992476]  dump_stack_lvl+0x73/0xb0
[   10.992500]  print_report+0xd1/0x650
[   10.992534]  ? __virt_addr_valid+0x1db/0x2d0
[   10.992555]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.992575]  ? kasan_addr_to_slab+0x11/0xa0
[   10.992596]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.992616]  kasan_report+0x141/0x180
[   10.992638]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.992673]  __asan_report_store1_noabort+0x1b/0x30
[   10.992694]  krealloc_more_oob_helper+0x7eb/0x930
[   10.992713]  ? __schedule+0x10cc/0x2b60
[   10.992735]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.992765]  ? finish_task_switch.isra.0+0x153/0x700
[   10.992787]  ? __switch_to+0x5d9/0xf60
[   10.992807]  ? dequeue_task_fair+0x166/0x4e0
[   10.992840]  ? __schedule+0x10cc/0x2b60
[   10.992862]  ? __pfx_read_tsc+0x10/0x10
[   10.992885]  krealloc_large_more_oob+0x1c/0x30
[   10.992904]  kunit_try_run_case+0x1a5/0x480
[   10.992928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.992949]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.992972]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.992995]  ? __kthread_parkme+0x82/0x180
[   10.993016]  ? preempt_count_sub+0x50/0x80
[   10.993040]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.993064]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.993086]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.993109]  kthread+0x337/0x6f0
[   10.993125]  ? trace_preempt_on+0x20/0xc0
[   10.993148]  ? __pfx_kthread+0x10/0x10
[   10.993165]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.993187]  ? calculate_sigpending+0x7b/0xa0
[   10.993208]  ? __pfx_kthread+0x10/0x10
[   10.993226]  ret_from_fork+0x41/0x80
[   10.993273]  ? __pfx_kthread+0x10/0x10
[   10.993291]  ret_from_fork_asm+0x1a/0x30
[   10.993407]  </TASK>
[   10.993421] 
[   11.002890] The buggy address belongs to the physical page:
[   11.003159] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.003455] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.003898] flags: 0x200000000000040(head|node=0|zone=2)
[   11.004134] page_type: f8(unknown)
[   11.004556] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.004938] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.005261] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.005660] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.006005] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.006352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.006716] page dumped because: kasan: bad access detected
[   11.006969] 
[   11.007073] Memory state around the buggy address:
[   11.007224]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.007450]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.007911] >ffff888103912080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.008223]                                                              ^
[   11.008831]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.009152]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.009581] ==================================================================
[   10.824174] ==================================================================
[   10.824936] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.825576] Write of size 1 at addr ffff888100348af0 by task kunit_try_catch/175
[   10.825841] 
[   10.826095] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.826140] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.826151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.826171] Call Trace:
[   10.826186]  <TASK>
[   10.826201]  dump_stack_lvl+0x73/0xb0
[   10.826225]  print_report+0xd1/0x650
[   10.826257]  ? __virt_addr_valid+0x1db/0x2d0
[   10.826278]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.826297]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.826330]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.826350]  kasan_report+0x141/0x180
[   10.826373]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.826408]  __asan_report_store1_noabort+0x1b/0x30
[   10.826430]  krealloc_more_oob_helper+0x7eb/0x930
[   10.826495]  ? __schedule+0x10cc/0x2b60
[   10.826521]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.826542]  ? finish_task_switch.isra.0+0x153/0x700
[   10.826571]  ? __switch_to+0x5d9/0xf60
[   10.826591]  ? dequeue_task_fair+0x166/0x4e0
[   10.826614]  ? __schedule+0x10cc/0x2b60
[   10.826636]  ? __pfx_read_tsc+0x10/0x10
[   10.826820]  krealloc_more_oob+0x1c/0x30
[   10.826843]  kunit_try_run_case+0x1a5/0x480
[   10.826867]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.826888]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.826912]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.826935]  ? __kthread_parkme+0x82/0x180
[   10.826956]  ? preempt_count_sub+0x50/0x80
[   10.826980]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.827003]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.827025]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.827048]  kthread+0x337/0x6f0
[   10.827064]  ? trace_preempt_on+0x20/0xc0
[   10.827087]  ? __pfx_kthread+0x10/0x10
[   10.827105]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.827126]  ? calculate_sigpending+0x7b/0xa0
[   10.827147]  ? __pfx_kthread+0x10/0x10
[   10.827165]  ret_from_fork+0x41/0x80
[   10.827185]  ? __pfx_kthread+0x10/0x10
[   10.827203]  ret_from_fork_asm+0x1a/0x30
[   10.827232]  </TASK>
[   10.827255] 
[   10.842486] Allocated by task 175:
[   10.842926]  kasan_save_stack+0x45/0x70
[   10.843303]  kasan_save_track+0x18/0x40
[   10.843777]  kasan_save_alloc_info+0x3b/0x50
[   10.844216]  __kasan_krealloc+0x190/0x1f0
[   10.844399]  krealloc_noprof+0xf3/0x340
[   10.844844]  krealloc_more_oob_helper+0x1a9/0x930
[   10.845381]  krealloc_more_oob+0x1c/0x30
[   10.845876]  kunit_try_run_case+0x1a5/0x480
[   10.846035]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.846212]  kthread+0x337/0x6f0
[   10.846377]  ret_from_fork+0x41/0x80
[   10.846545]  ret_from_fork_asm+0x1a/0x30
[   10.846715] 
[   10.846789] The buggy address belongs to the object at ffff888100348a00
[   10.846789]  which belongs to the cache kmalloc-256 of size 256
[   10.847292] The buggy address is located 5 bytes to the right of
[   10.847292]  allocated 235-byte region [ffff888100348a00, ffff888100348aeb)
[   10.848195] 
[   10.848285] The buggy address belongs to the physical page:
[   10.848682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348
[   10.849142] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.849744] flags: 0x200000000000040(head|node=0|zone=2)
[   10.850066] page_type: f5(slab)
[   10.850270] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.850677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.850977] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.851441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.851867] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff
[   10.852192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.852576] page dumped because: kasan: bad access detected
[   10.852888] 
[   10.852979] Memory state around the buggy address:
[   10.853232]  ffff888100348980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.853755]  ffff888100348a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.854376] >ffff888100348a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.854723]                                                              ^
[   10.854980]  ffff888100348b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.855339]  ffff888100348b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.855667] ==================================================================
[   10.972445] ==================================================================
[   10.972983] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.973350] Write of size 1 at addr ffff8881039120eb by task kunit_try_catch/179
[   10.973740] 
[   10.973925] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.973973] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.973984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.974006] Call Trace:
[   10.974020]  <TASK>
[   10.974036]  dump_stack_lvl+0x73/0xb0
[   10.974063]  print_report+0xd1/0x650
[   10.974085]  ? __virt_addr_valid+0x1db/0x2d0
[   10.974108]  ? krealloc_more_oob_helper+0x821/0x930
[   10.974127]  ? kasan_addr_to_slab+0x11/0xa0
[   10.974148]  ? krealloc_more_oob_helper+0x821/0x930
[   10.974184]  kasan_report+0x141/0x180
[   10.974207]  ? krealloc_more_oob_helper+0x821/0x930
[   10.974232]  __asan_report_store1_noabort+0x1b/0x30
[   10.974264]  krealloc_more_oob_helper+0x821/0x930
[   10.974283]  ? __schedule+0x10cc/0x2b60
[   10.974306]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.974327]  ? finish_task_switch.isra.0+0x153/0x700
[   10.974350]  ? __switch_to+0x5d9/0xf60
[   10.974371]  ? dequeue_task_fair+0x166/0x4e0
[   10.974396]  ? __schedule+0x10cc/0x2b60
[   10.974418]  ? __pfx_read_tsc+0x10/0x10
[   10.974451]  krealloc_large_more_oob+0x1c/0x30
[   10.974470]  kunit_try_run_case+0x1a5/0x480
[   10.974495]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.974527]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.974551]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.974574]  ? __kthread_parkme+0x82/0x180
[   10.974596]  ? preempt_count_sub+0x50/0x80
[   10.974620]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.974643]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.974666]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.974688]  kthread+0x337/0x6f0
[   10.974705]  ? trace_preempt_on+0x20/0xc0
[   10.974728]  ? __pfx_kthread+0x10/0x10
[   10.974746]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.974767]  ? calculate_sigpending+0x7b/0xa0
[   10.974789]  ? __pfx_kthread+0x10/0x10
[   10.974807]  ret_from_fork+0x41/0x80
[   10.974826]  ? __pfx_kthread+0x10/0x10
[   10.974844]  ret_from_fork_asm+0x1a/0x30
[   10.974874]  </TASK>
[   10.974894] 
[   10.984128] The buggy address belongs to the physical page:
[   10.984473] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   10.984752] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.985062] flags: 0x200000000000040(head|node=0|zone=2)
[   10.985340] page_type: f8(unknown)
[   10.985778] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.986125] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.986593] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.987034] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.987383] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   10.987807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.988147] page dumped because: kasan: bad access detected
[   10.988513] 
[   10.988610] Memory state around the buggy address:
[   10.988857]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.989071]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.989453] >ffff888103912080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.989956]                                                           ^
[   10.990263]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.990633]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.990903] ==================================================================
Metadata Full log Test run details