Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 23.022527] ================================================================== [ 23.022619] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 23.022724] Write of size 1 at addr fff00000c76ce0f0 by task kunit_try_catch/162 [ 23.022837] [ 23.022899] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.025000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.025131] Hardware name: linux,dummy-virt (DT) [ 23.025237] Call trace: [ 23.025379] show_stack+0x20/0x38 (C) [ 23.025825] dump_stack_lvl+0x8c/0xd0 [ 23.026272] print_report+0x118/0x608 [ 23.026427] kasan_report+0xdc/0x128 [ 23.026636] __asan_report_store1_noabort+0x20/0x30 [ 23.027100] krealloc_more_oob_helper+0x5c0/0x678 [ 23.027228] krealloc_large_more_oob+0x20/0x38 [ 23.030196] kunit_try_run_case+0x170/0x3f0 [ 23.030376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.030511] kthread+0x328/0x630 [ 23.032490] ret_from_fork+0x10/0x20 [ 23.033810] [ 23.033886] The buggy address belongs to the physical page: [ 23.034247] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076cc [ 23.035369] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.035504] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.036479] page_type: f8(unknown) [ 23.037494] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.037989] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.038676] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.038801] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.038923] head: 0bfffe0000000002 ffffc1ffc31db301 00000000ffffffff 00000000ffffffff [ 23.040352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.040448] page dumped because: kasan: bad access detected [ 23.040519] [ 23.040563] Memory state around the buggy address: [ 23.042335] fff00000c76cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.043089] fff00000c76ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.043265] >fff00000c76ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.043738] ^ [ 23.044374] fff00000c76ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.045073] fff00000c76ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.045548] ================================================================== [ 22.886067] ================================================================== [ 22.886160] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 22.886263] Write of size 1 at addr fff00000c67390f0 by task kunit_try_catch/158 [ 22.886390] [ 22.886465] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.886864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.887014] Hardware name: linux,dummy-virt (DT) [ 22.887100] Call trace: [ 22.887165] show_stack+0x20/0x38 (C) [ 22.887287] dump_stack_lvl+0x8c/0xd0 [ 22.887599] print_report+0x118/0x608 [ 22.888018] kasan_report+0xdc/0x128 [ 22.888312] __asan_report_store1_noabort+0x20/0x30 [ 22.888642] krealloc_more_oob_helper+0x5c0/0x678 [ 22.889048] krealloc_more_oob+0x20/0x38 [ 22.889209] kunit_try_run_case+0x170/0x3f0 [ 22.889373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.889621] kthread+0x328/0x630 [ 22.889759] ret_from_fork+0x10/0x20 [ 22.890871] [ 22.891123] Allocated by task 158: [ 22.892189] kasan_save_stack+0x3c/0x68 [ 22.892332] kasan_save_track+0x20/0x40 [ 22.892551] kasan_save_alloc_info+0x40/0x58 [ 22.892653] __kasan_krealloc+0x118/0x178 [ 22.892779] krealloc_noprof+0x128/0x360 [ 22.893033] krealloc_more_oob_helper+0x168/0x678 [ 22.893137] krealloc_more_oob+0x20/0x38 [ 22.893225] kunit_try_run_case+0x170/0x3f0 [ 22.893315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.893414] kthread+0x328/0x630 [ 22.893495] ret_from_fork+0x10/0x20 [ 22.893578] [ 22.893622] The buggy address belongs to the object at fff00000c6739000 [ 22.893622] which belongs to the cache kmalloc-256 of size 256 [ 22.893799] The buggy address is located 5 bytes to the right of [ 22.893799] allocated 235-byte region [fff00000c6739000, fff00000c67390eb) [ 22.894405] [ 22.894662] The buggy address belongs to the physical page: [ 22.895124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106738 [ 22.895335] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.895460] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.896030] page_type: f5(slab) [ 22.896182] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 22.896311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.896438] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 22.896974] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.897190] head: 0bfffe0000000001 ffffc1ffc319ce01 00000000ffffffff 00000000ffffffff [ 22.897489] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.897674] page dumped because: kasan: bad access detected [ 22.897747] [ 22.897789] Memory state around the buggy address: [ 22.897859] fff00000c6738f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.897979] fff00000c6739000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.899347] >fff00000c6739080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.899617] ^ [ 22.899737] fff00000c6739100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.899846] fff00000c6739180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.900024] ================================================================== [ 22.873834] ================================================================== [ 22.874424] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 22.874545] Write of size 1 at addr fff00000c67390eb by task kunit_try_catch/158 [ 22.874818] [ 22.874898] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.875137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.875223] Hardware name: linux,dummy-virt (DT) [ 22.875294] Call trace: [ 22.875344] show_stack+0x20/0x38 (C) [ 22.875459] dump_stack_lvl+0x8c/0xd0 [ 22.875586] print_report+0x118/0x608 [ 22.875709] kasan_report+0xdc/0x128 [ 22.875817] __asan_report_store1_noabort+0x20/0x30 [ 22.875951] krealloc_more_oob_helper+0x60c/0x678 [ 22.876075] krealloc_more_oob+0x20/0x38 [ 22.876191] kunit_try_run_case+0x170/0x3f0 [ 22.876306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.876431] kthread+0x328/0x630 [ 22.876536] ret_from_fork+0x10/0x20 [ 22.876651] [ 22.876693] Allocated by task 158: [ 22.876754] kasan_save_stack+0x3c/0x68 [ 22.876841] kasan_save_track+0x20/0x40 [ 22.878659] kasan_save_alloc_info+0x40/0x58 [ 22.878782] __kasan_krealloc+0x118/0x178 [ 22.878885] krealloc_noprof+0x128/0x360 [ 22.879011] krealloc_more_oob_helper+0x168/0x678 [ 22.879124] krealloc_more_oob+0x20/0x38 [ 22.879229] kunit_try_run_case+0x170/0x3f0 [ 22.879391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.879534] kthread+0x328/0x630 [ 22.879767] ret_from_fork+0x10/0x20 [ 22.879859] [ 22.879909] The buggy address belongs to the object at fff00000c6739000 [ 22.879909] which belongs to the cache kmalloc-256 of size 256 [ 22.880098] The buggy address is located 0 bytes to the right of [ 22.880098] allocated 235-byte region [fff00000c6739000, fff00000c67390eb) [ 22.880475] [ 22.880574] The buggy address belongs to the physical page: [ 22.880670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106738 [ 22.880790] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.880896] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.881212] page_type: f5(slab) [ 22.881388] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 22.881523] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.881695] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 22.881966] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.882085] head: 0bfffe0000000001 ffffc1ffc319ce01 00000000ffffffff 00000000ffffffff [ 22.882267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.882394] page dumped because: kasan: bad access detected [ 22.882467] [ 22.882560] Memory state around the buggy address: [ 22.882754] fff00000c6738f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.882907] fff00000c6739000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.883125] >fff00000c6739080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.883268] ^ [ 22.883406] fff00000c6739100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.883658] fff00000c6739180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.883916] ================================================================== [ 23.013736] ================================================================== [ 23.014025] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 23.014277] Write of size 1 at addr fff00000c76ce0eb by task kunit_try_catch/162 [ 23.014459] [ 23.014653] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.014837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.014899] Hardware name: linux,dummy-virt (DT) [ 23.014987] Call trace: [ 23.015038] show_stack+0x20/0x38 (C) [ 23.015157] dump_stack_lvl+0x8c/0xd0 [ 23.015269] print_report+0x118/0x608 [ 23.015374] kasan_report+0xdc/0x128 [ 23.015478] __asan_report_store1_noabort+0x20/0x30 [ 23.015612] krealloc_more_oob_helper+0x60c/0x678 [ 23.015746] krealloc_large_more_oob+0x20/0x38 [ 23.015869] kunit_try_run_case+0x170/0x3f0 [ 23.016722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.016927] kthread+0x328/0x630 [ 23.017080] ret_from_fork+0x10/0x20 [ 23.017211] [ 23.017266] The buggy address belongs to the physical page: [ 23.017343] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076cc [ 23.017480] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.017606] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.017727] page_type: f8(unknown) [ 23.018028] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.018156] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.018284] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.018595] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.018765] head: 0bfffe0000000002 ffffc1ffc31db301 00000000ffffffff 00000000ffffffff [ 23.018990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.019086] page dumped because: kasan: bad access detected [ 23.019208] [ 23.019286] Memory state around the buggy address: [ 23.019357] fff00000c76cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.019621] fff00000c76ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.019751] >fff00000c76ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.019854] ^ [ 23.019979] fff00000c76ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.020093] fff00000c76ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.020196] ==================================================================
[ 11.152181] ================================================================== [ 11.152744] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.153090] Write of size 1 at addr ffff8881003510eb by task kunit_try_catch/176 [ 11.153448] [ 11.153612] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.153658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.153669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.153688] Call Trace: [ 11.153710] <TASK> [ 11.153724] dump_stack_lvl+0x73/0xb0 [ 11.153751] print_report+0xd1/0x650 [ 11.153791] ? __virt_addr_valid+0x1db/0x2d0 [ 11.153813] ? krealloc_more_oob_helper+0x821/0x930 [ 11.153836] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.153858] ? krealloc_more_oob_helper+0x821/0x930 [ 11.153882] kasan_report+0x141/0x180 [ 11.153904] ? krealloc_more_oob_helper+0x821/0x930 [ 11.153932] __asan_report_store1_noabort+0x1b/0x30 [ 11.153961] krealloc_more_oob_helper+0x821/0x930 [ 11.153983] ? __schedule+0x10cc/0x2b30 [ 11.154006] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.154040] ? finish_task_switch.isra.0+0x153/0x700 [ 11.154063] ? __switch_to+0x5d9/0xf60 [ 11.154084] ? dequeue_task_fair+0x166/0x4e0 [ 11.154121] ? __schedule+0x10cc/0x2b30 [ 11.154162] ? __pfx_read_tsc+0x10/0x10 [ 11.154185] krealloc_more_oob+0x1c/0x30 [ 11.154216] kunit_try_run_case+0x1a5/0x480 [ 11.154239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.154260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.154282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.154306] ? __kthread_parkme+0x82/0x180 [ 11.154336] ? preempt_count_sub+0x50/0x80 [ 11.154359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.154382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.154443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.154466] kthread+0x337/0x6f0 [ 11.154485] ? trace_preempt_on+0x20/0xc0 [ 11.154507] ? __pfx_kthread+0x10/0x10 [ 11.154529] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.154550] ? calculate_sigpending+0x7b/0xa0 [ 11.154571] ? __pfx_kthread+0x10/0x10 [ 11.154592] ret_from_fork+0x41/0x80 [ 11.154612] ? __pfx_kthread+0x10/0x10 [ 11.154633] ret_from_fork_asm+0x1a/0x30 [ 11.154664] </TASK> [ 11.154674] [ 11.166697] Allocated by task 176: [ 11.166865] kasan_save_stack+0x45/0x70 [ 11.167100] kasan_save_track+0x18/0x40 [ 11.167339] kasan_save_alloc_info+0x3b/0x50 [ 11.167669] __kasan_krealloc+0x190/0x1f0 [ 11.167906] krealloc_noprof+0xf3/0x340 [ 11.168097] krealloc_more_oob_helper+0x1a9/0x930 [ 11.168312] krealloc_more_oob+0x1c/0x30 [ 11.168604] kunit_try_run_case+0x1a5/0x480 [ 11.168807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.169059] kthread+0x337/0x6f0 [ 11.169250] ret_from_fork+0x41/0x80 [ 11.169416] ret_from_fork_asm+0x1a/0x30 [ 11.169638] [ 11.169710] The buggy address belongs to the object at ffff888100351000 [ 11.169710] which belongs to the cache kmalloc-256 of size 256 [ 11.170316] The buggy address is located 0 bytes to the right of [ 11.170316] allocated 235-byte region [ffff888100351000, ffff8881003510eb) [ 11.170896] [ 11.170995] The buggy address belongs to the physical page: [ 11.171240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.171604] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.171828] flags: 0x200000000000040(head|node=0|zone=2) [ 11.172111] page_type: f5(slab) [ 11.172277] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.172902] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.173430] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.173780] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.174066] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.174487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.174813] page dumped because: kasan: bad access detected [ 11.174990] [ 11.175083] Memory state around the buggy address: [ 11.175570] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.175916] ffff888100351000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.176181] >ffff888100351080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.176597] ^ [ 11.176799] ffff888100351100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.177112] ffff888100351180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.177672] ================================================================== [ 11.178516] ================================================================== [ 11.178812] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.179125] Write of size 1 at addr ffff8881003510f0 by task kunit_try_catch/176 [ 11.179651] [ 11.179771] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.179816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.179826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.179846] Call Trace: [ 11.179857] <TASK> [ 11.179872] dump_stack_lvl+0x73/0xb0 [ 11.179897] print_report+0xd1/0x650 [ 11.179919] ? __virt_addr_valid+0x1db/0x2d0 [ 11.179940] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.179963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.179985] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.180008] kasan_report+0x141/0x180 [ 11.180030] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.180059] __asan_report_store1_noabort+0x1b/0x30 [ 11.180079] krealloc_more_oob_helper+0x7eb/0x930 [ 11.180101] ? __schedule+0x10cc/0x2b30 [ 11.180123] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.180147] ? finish_task_switch.isra.0+0x153/0x700 [ 11.180169] ? __switch_to+0x5d9/0xf60 [ 11.180189] ? dequeue_task_fair+0x166/0x4e0 [ 11.180213] ? __schedule+0x10cc/0x2b30 [ 11.180247] ? __pfx_read_tsc+0x10/0x10 [ 11.180270] krealloc_more_oob+0x1c/0x30 [ 11.180291] kunit_try_run_case+0x1a5/0x480 [ 11.180334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.180355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.180379] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.180402] ? __kthread_parkme+0x82/0x180 [ 11.180422] ? preempt_count_sub+0x50/0x80 [ 11.180446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.180468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.180489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.180511] kthread+0x337/0x6f0 [ 11.180531] ? trace_preempt_on+0x20/0xc0 [ 11.180554] ? __pfx_kthread+0x10/0x10 [ 11.180575] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.180596] ? calculate_sigpending+0x7b/0xa0 [ 11.180815] ? __pfx_kthread+0x10/0x10 [ 11.180837] ret_from_fork+0x41/0x80 [ 11.180858] ? __pfx_kthread+0x10/0x10 [ 11.180879] ret_from_fork_asm+0x1a/0x30 [ 11.180910] </TASK> [ 11.180921] [ 11.189194] Allocated by task 176: [ 11.189620] kasan_save_stack+0x45/0x70 [ 11.189852] kasan_save_track+0x18/0x40 [ 11.190099] kasan_save_alloc_info+0x3b/0x50 [ 11.190294] __kasan_krealloc+0x190/0x1f0 [ 11.190481] krealloc_noprof+0xf3/0x340 [ 11.190690] krealloc_more_oob_helper+0x1a9/0x930 [ 11.190964] krealloc_more_oob+0x1c/0x30 [ 11.191161] kunit_try_run_case+0x1a5/0x480 [ 11.191396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.191569] kthread+0x337/0x6f0 [ 11.191687] ret_from_fork+0x41/0x80 [ 11.191813] ret_from_fork_asm+0x1a/0x30 [ 11.192087] [ 11.192238] The buggy address belongs to the object at ffff888100351000 [ 11.192238] which belongs to the cache kmalloc-256 of size 256 [ 11.192962] The buggy address is located 5 bytes to the right of [ 11.192962] allocated 235-byte region [ffff888100351000, ffff8881003510eb) [ 11.193388] [ 11.193496] The buggy address belongs to the physical page: [ 11.193811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.194293] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.194789] flags: 0x200000000000040(head|node=0|zone=2) [ 11.195166] page_type: f5(slab) [ 11.195366] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.195788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.196121] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.196552] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.196903] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.197254] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.197645] page dumped because: kasan: bad access detected [ 11.197888] [ 11.197957] Memory state around the buggy address: [ 11.198111] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.198453] ffff888100351000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.198697] >ffff888100351080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.199272] ^ [ 11.199795] ffff888100351100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.200119] ffff888100351180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.200555] ================================================================== [ 11.349076] ================================================================== [ 11.349451] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.350040] Write of size 1 at addr ffff888102c5a0f0 by task kunit_try_catch/180 [ 11.350446] [ 11.350563] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.350606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.350617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.350638] Call Trace: [ 11.350653] <TASK> [ 11.350667] dump_stack_lvl+0x73/0xb0 [ 11.350690] print_report+0xd1/0x650 [ 11.350712] ? __virt_addr_valid+0x1db/0x2d0 [ 11.350734] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.350757] ? kasan_addr_to_slab+0x11/0xa0 [ 11.350778] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.350802] kasan_report+0x141/0x180 [ 11.350824] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.350853] __asan_report_store1_noabort+0x1b/0x30 [ 11.350873] krealloc_more_oob_helper+0x7eb/0x930 [ 11.350895] ? __schedule+0x10cc/0x2b30 [ 11.350918] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.350942] ? finish_task_switch.isra.0+0x153/0x700 [ 11.350963] ? __switch_to+0x5d9/0xf60 [ 11.350983] ? dequeue_task_fair+0x166/0x4e0 [ 11.351007] ? __schedule+0x10cc/0x2b30 [ 11.351029] ? __pfx_read_tsc+0x10/0x10 [ 11.351052] krealloc_large_more_oob+0x1c/0x30 [ 11.351075] kunit_try_run_case+0x1a5/0x480 [ 11.351098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.351118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.351152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.351175] ? __kthread_parkme+0x82/0x180 [ 11.351196] ? preempt_count_sub+0x50/0x80 [ 11.351220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.351242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.351264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.351287] kthread+0x337/0x6f0 [ 11.351307] ? trace_preempt_on+0x20/0xc0 [ 11.351342] ? __pfx_kthread+0x10/0x10 [ 11.351364] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.351385] ? calculate_sigpending+0x7b/0xa0 [ 11.351407] ? __pfx_kthread+0x10/0x10 [ 11.351429] ret_from_fork+0x41/0x80 [ 11.351449] ? __pfx_kthread+0x10/0x10 [ 11.351470] ret_from_fork_asm+0x1a/0x30 [ 11.351501] </TASK> [ 11.351511] [ 11.359846] The buggy address belongs to the physical page: [ 11.360236] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58 [ 11.360710] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.360986] flags: 0x200000000000040(head|node=0|zone=2) [ 11.361174] page_type: f8(unknown) [ 11.361379] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.361883] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.362237] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.362593] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.362934] head: 0200000000000002 ffffea00040b1601 00000000ffffffff 00000000ffffffff [ 11.363226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.363592] page dumped because: kasan: bad access detected [ 11.363765] [ 11.363833] Memory state around the buggy address: [ 11.364031] ffff888102c59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.364350] ffff888102c5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.364711] >ffff888102c5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.364925] ^ [ 11.365127] ffff888102c5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.365757] ffff888102c5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.366100] ================================================================== [ 11.320860] ================================================================== [ 11.321911] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.322168] Write of size 1 at addr ffff888102c5a0eb by task kunit_try_catch/180 [ 11.323085] [ 11.323354] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.323687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.323699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.323720] Call Trace: [ 11.323733] <TASK> [ 11.323749] dump_stack_lvl+0x73/0xb0 [ 11.323776] print_report+0xd1/0x650 [ 11.323810] ? __virt_addr_valid+0x1db/0x2d0 [ 11.323832] ? krealloc_more_oob_helper+0x821/0x930 [ 11.323855] ? kasan_addr_to_slab+0x11/0xa0 [ 11.323887] ? krealloc_more_oob_helper+0x821/0x930 [ 11.323911] kasan_report+0x141/0x180 [ 11.323934] ? krealloc_more_oob_helper+0x821/0x930 [ 11.323963] __asan_report_store1_noabort+0x1b/0x30 [ 11.323984] krealloc_more_oob_helper+0x821/0x930 [ 11.324006] ? __schedule+0x10cc/0x2b30 [ 11.324030] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.324054] ? finish_task_switch.isra.0+0x153/0x700 [ 11.324077] ? __switch_to+0x5d9/0xf60 [ 11.324096] ? dequeue_task_fair+0x166/0x4e0 [ 11.324122] ? __schedule+0x10cc/0x2b30 [ 11.324152] ? __pfx_read_tsc+0x10/0x10 [ 11.324175] krealloc_large_more_oob+0x1c/0x30 [ 11.324198] kunit_try_run_case+0x1a5/0x480 [ 11.324221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.324242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.324266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.324289] ? __kthread_parkme+0x82/0x180 [ 11.324310] ? preempt_count_sub+0x50/0x80 [ 11.324343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.324367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.324410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.324432] kthread+0x337/0x6f0 [ 11.324453] ? trace_preempt_on+0x20/0xc0 [ 11.324475] ? __pfx_kthread+0x10/0x10 [ 11.324497] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.324518] ? calculate_sigpending+0x7b/0xa0 [ 11.324539] ? __pfx_kthread+0x10/0x10 [ 11.324562] ret_from_fork+0x41/0x80 [ 11.324582] ? __pfx_kthread+0x10/0x10 [ 11.324603] ret_from_fork_asm+0x1a/0x30 [ 11.324635] </TASK> [ 11.324645] [ 11.338045] The buggy address belongs to the physical page: [ 11.338583] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58 [ 11.339189] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.339660] flags: 0x200000000000040(head|node=0|zone=2) [ 11.340136] page_type: f8(unknown) [ 11.340320] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.341011] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.341737] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.342071] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.342974] head: 0200000000000002 ffffea00040b1601 00000000ffffffff 00000000ffffffff [ 11.343845] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.344400] page dumped because: kasan: bad access detected [ 11.344773] [ 11.344867] Memory state around the buggy address: [ 11.345070] ffff888102c59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.346078] ffff888102c5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.346668] >ffff888102c5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.347046] ^ [ 11.347757] ffff888102c5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.348168] ffff888102c5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.348696] ==================================================================
[ 20.946348] ================================================================== [ 20.947383] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 20.948105] Write of size 1 at addr ffff00000240faeb by task kunit_try_catch/210 [ 20.948789] [ 20.948954] CPU: 2 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.949002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.949015] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.949033] Call trace: [ 20.949044] show_stack+0x20/0x38 (C) [ 20.949076] dump_stack_lvl+0x8c/0xd0 [ 20.949107] print_report+0x118/0x608 [ 20.949136] kasan_report+0xdc/0x128 [ 20.949164] __asan_report_store1_noabort+0x20/0x30 [ 20.949198] krealloc_more_oob_helper+0x60c/0x678 [ 20.949234] krealloc_more_oob+0x20/0x38 [ 20.949267] kunit_try_run_case+0x170/0x3f0 [ 20.949302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.949340] kthread+0x328/0x630 [ 20.949374] ret_from_fork+0x10/0x20 [ 20.949407] [ 20.955392] Allocated by task 210: [ 20.955722] kasan_save_stack+0x3c/0x68 [ 20.956096] kasan_save_track+0x20/0x40 [ 20.956468] kasan_save_alloc_info+0x40/0x58 [ 20.956880] __kasan_krealloc+0x118/0x178 [ 20.957267] krealloc_noprof+0x128/0x360 [ 20.957648] krealloc_more_oob_helper+0x168/0x678 [ 20.958102] krealloc_more_oob+0x20/0x38 [ 20.958486] kunit_try_run_case+0x170/0x3f0 [ 20.958892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.959416] kthread+0x328/0x630 [ 20.959739] ret_from_fork+0x10/0x20 [ 20.960090] [ 20.960243] The buggy address belongs to the object at ffff00000240fa00 [ 20.960243] which belongs to the cache kmalloc-256 of size 256 [ 20.961376] The buggy address is located 0 bytes to the right of [ 20.961376] allocated 235-byte region [ffff00000240fa00, ffff00000240faeb) [ 20.962549] [ 20.962704] The buggy address belongs to the physical page: [ 20.963220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x240e [ 20.963945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.964650] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.965301] page_type: f5(slab) [ 20.965615] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.966330] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.967046] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.967768] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.968491] head: 03fffe0000000001 fffffdffc0090381 00000000ffffffff 00000000ffffffff [ 20.969213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.969928] page dumped because: kasan: bad access detected [ 20.970443] [ 20.970595] Memory state around the buggy address: [ 20.971044] ffff00000240f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.971708] ffff00000240fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.972373] >ffff00000240fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 20.973034] ^ [ 20.973643] ffff00000240fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.974308] ffff00000240fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.974969] ================================================================== [ 20.976293] ================================================================== [ 20.976969] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 20.977674] Write of size 1 at addr ffff00000240faf0 by task kunit_try_catch/210 [ 20.978347] [ 20.978501] CPU: 4 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.978537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.978547] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.978558] Call trace: [ 20.978567] show_stack+0x20/0x38 (C) [ 20.978590] dump_stack_lvl+0x8c/0xd0 [ 20.978610] print_report+0x118/0x608 [ 20.978629] kasan_report+0xdc/0x128 [ 20.978647] __asan_report_store1_noabort+0x20/0x30 [ 20.978670] krealloc_more_oob_helper+0x5c0/0x678 [ 20.978693] krealloc_more_oob+0x20/0x38 [ 20.978715] kunit_try_run_case+0x170/0x3f0 [ 20.978738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.978763] kthread+0x328/0x630 [ 20.978785] ret_from_fork+0x10/0x20 [ 20.978806] [ 20.984739] Allocated by task 210: [ 20.985055] kasan_save_stack+0x3c/0x68 [ 20.985416] kasan_save_track+0x20/0x40 [ 20.985774] kasan_save_alloc_info+0x40/0x58 [ 20.986172] __kasan_krealloc+0x118/0x178 [ 20.986546] krealloc_noprof+0x128/0x360 [ 20.986913] krealloc_more_oob_helper+0x168/0x678 [ 20.987351] krealloc_more_oob+0x20/0x38 [ 20.987721] kunit_try_run_case+0x170/0x3f0 [ 20.988112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.988620] kthread+0x328/0x630 [ 20.988928] ret_from_fork+0x10/0x20 [ 20.989265] [ 20.989410] The buggy address belongs to the object at ffff00000240fa00 [ 20.989410] which belongs to the cache kmalloc-256 of size 256 [ 20.990528] The buggy address is located 5 bytes to the right of [ 20.990528] allocated 235-byte region [ffff00000240fa00, ffff00000240faeb) [ 20.991685] [ 20.991831] The buggy address belongs to the physical page: [ 20.992336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x240e [ 20.993044] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.993734] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.994370] page_type: f5(slab) [ 20.994669] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.995368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.996068] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.996773] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.997479] head: 03fffe0000000001 fffffdffc0090381 00000000ffffffff 00000000ffffffff [ 20.998185] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.998886] page dumped because: kasan: bad access detected [ 20.999388] [ 20.999533] Memory state around the buggy address: [ 20.999971] ffff00000240f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.000623] ffff00000240fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.001274] >ffff00000240fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.001923] ^ [ 21.002544] ffff00000240fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.003194] ffff00000240fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.003842] ================================================================== [ 21.180096] ================================================================== [ 21.180790] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 21.181536] Write of size 1 at addr ffff00000d7360f0 by task kunit_try_catch/214 [ 21.182250] [ 21.182432] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.182509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.182532] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.182559] Call trace: [ 21.182577] show_stack+0x20/0x38 (C) [ 21.182626] dump_stack_lvl+0x8c/0xd0 [ 21.182675] print_report+0x118/0x608 [ 21.182723] kasan_report+0xdc/0x128 [ 21.182769] __asan_report_store1_noabort+0x20/0x30 [ 21.182825] krealloc_more_oob_helper+0x5c0/0x678 [ 21.182885] krealloc_large_more_oob+0x20/0x38 [ 21.182943] kunit_try_run_case+0x170/0x3f0 [ 21.182999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.183064] kthread+0x328/0x630 [ 21.183118] ret_from_fork+0x10/0x20 [ 21.183170] [ 21.189314] The buggy address belongs to the physical page: [ 21.189850] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd734 [ 21.190603] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.191336] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 21.192017] page_type: f8(unknown) [ 21.192377] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.193122] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.193869] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.194622] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.195376] head: 03fffe0000000002 fffffdffc035cd01 00000000ffffffff 00000000ffffffff [ 21.196129] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.196870] page dumped because: kasan: bad access detected [ 21.197405] [ 21.197573] Memory state around the buggy address: [ 21.198042] ffff00000d735f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.198735] ffff00000d736000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.199427] >ffff00000d736080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.200113] ^ [ 21.200770] ffff00000d736100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.201462] ffff00000d736180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.202148] ================================================================== [ 21.156729] ================================================================== [ 21.157821] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 21.158582] Write of size 1 at addr ffff00000d7360eb by task kunit_try_catch/214 [ 21.159296] [ 21.159481] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.159559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.159582] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.159609] Call trace: [ 21.159627] show_stack+0x20/0x38 (C) [ 21.159680] dump_stack_lvl+0x8c/0xd0 [ 21.159730] print_report+0x118/0x608 [ 21.159778] kasan_report+0xdc/0x128 [ 21.159826] __asan_report_store1_noabort+0x20/0x30 [ 21.159882] krealloc_more_oob_helper+0x60c/0x678 [ 21.159943] krealloc_large_more_oob+0x20/0x38 [ 21.160002] kunit_try_run_case+0x170/0x3f0 [ 21.160059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.160123] kthread+0x328/0x630 [ 21.160179] ret_from_fork+0x10/0x20 [ 21.160232] [ 21.166379] The buggy address belongs to the physical page: [ 21.166916] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd734 [ 21.167670] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.168403] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 21.169085] page_type: f8(unknown) [ 21.169448] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.170194] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.170941] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.171694] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.172449] head: 03fffe0000000002 fffffdffc035cd01 00000000ffffffff 00000000ffffffff [ 21.173203] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.173944] page dumped because: kasan: bad access detected [ 21.174479] [ 21.174648] Memory state around the buggy address: [ 21.175117] ffff00000d735f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.175810] ffff00000d736000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.176503] >ffff00000d736080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.177188] ^ [ 21.177823] ffff00000d736100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.178515] ffff00000d736180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.179201] ==================================================================