Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 50.434387] ================================================================== [ 50.441650] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd58/0xea4 [ 50.449279] Write of size 1 at addr cb2d1aea by task kunit_try_catch/214 [ 50.456024] [ 50.457519] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 50.457550] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.457550] Hardware name: Generic DRA74X (Flattened Device Tree) [ 50.457580] Call trace: [ 50.457580] unwind_backtrace from show_stack+0x18/0x1c [ 50.457611] show_stack from dump_stack_lvl+0x70/0x90 [ 50.457611] dump_stack_lvl from print_report+0x158/0x528 [ 50.457641] print_report from kasan_report+0xdc/0x118 [ 50.457672] kasan_report from krealloc_less_oob_helper+0xd58/0xea4 [ 50.457702] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 50.457702] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.457733] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 50.457763] kthread from ret_from_fork+0x14/0x20 [ 50.457794] Exception stack(0xf23cbfb0 to 0xf23cbff8) [ 50.457794] bfa0: 00000000 00000000 00000000 00000000 [ 50.457824] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 50.457824] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 50.457855] [ 50.563934] Allocated by task 214: [ 50.567352] kasan_save_track+0x30/0x5c [ 50.571228] __kasan_krealloc+0xf4/0x140 [ 50.575195] krealloc_noprof+0x104/0x2e4 [ 50.579132] krealloc_less_oob_helper+0x1d8/0xea4 [ 50.583892] kunit_try_run_case+0x22c/0x5a8 [ 50.588104] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.593627] kthread+0x464/0x810 [ 50.596893] ret_from_fork+0x14/0x20 [ 50.600494] [ 50.601989] The buggy address belongs to the object at cb2d1a00 [ 50.601989] which belongs to the cache kmalloc-256 of size 256 [ 50.613891] The buggy address is located 33 bytes to the right of [ 50.613891] allocated 201-byte region [cb2d1a00, cb2d1ac9) [ 50.625610] [ 50.627105] The buggy address belongs to the physical page: [ 50.632720] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 50.639984] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.647705] flags: 0x40(head|zone=0) [ 50.651306] page_type: f5(slab) [ 50.654479] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.662597] raw: 00000000 [ 50.665252] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.673492] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 50.681732] head: 00000000 00000002 [ 50.685241] page dumped because: kasan: bad access detected [ 50.690826] [ 50.692321] Memory state around the buggy address: [ 50.697143] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.703735] cb2d1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.710296] >cb2d1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 50.716857] ^ [ 50.722839] cb2d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.729400] cb2d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.735961] ================================================================== [ 50.743286] ================================================================== [ 50.750549] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd00/0xea4 [ 50.758178] Write of size 1 at addr cb2d1aeb by task kunit_try_catch/214 [ 50.764923] [ 50.766448] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 50.766448] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.766479] Hardware name: Generic DRA74X (Flattened Device Tree) [ 50.766479] Call trace: [ 50.766479] unwind_backtrace from show_stack+0x18/0x1c [ 50.766510] show_stack from dump_stack_lvl+0x70/0x90 [ 50.766540] dump_stack_lvl from print_report+0x158/0x528 [ 50.766571] print_report from kasan_report+0xdc/0x118 [ 50.766571] kasan_report from krealloc_less_oob_helper+0xd00/0xea4 [ 50.766601] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 50.766632] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.766662] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 50.766693] kthread from ret_from_fork+0x14/0x20 [ 50.766693] Exception stack(0xf23cbfb0 to 0xf23cbff8) [ 50.766723] bfa0: 00000000 00000000 00000000 00000000 [ 50.766723] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 50.766754] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 50.766754] [ 50.872863] Allocated by task 214: [ 50.876281] kasan_save_track+0x30/0x5c [ 50.880157] __kasan_krealloc+0xf4/0x140 [ 50.884094] krealloc_noprof+0x104/0x2e4 [ 50.888061] krealloc_less_oob_helper+0x1d8/0xea4 [ 50.892791] kunit_try_run_case+0x22c/0x5a8 [ 50.897003] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.902526] kthread+0x464/0x810 [ 50.905792] ret_from_fork+0x14/0x20 [ 50.909393] [ 50.910919] The buggy address belongs to the object at cb2d1a00 [ 50.910919] which belongs to the cache kmalloc-256 of size 256 [ 50.922790] The buggy address is located 34 bytes to the right of [ 50.922790] allocated 201-byte region [cb2d1a00, cb2d1ac9) [ 50.934539] [ 50.936035] The buggy address belongs to the physical page: [ 50.941650] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 50.948913] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.956604] flags: 0x40(head|zone=0) [ 50.960205] page_type: f5(slab) [ 50.963378] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.971527] raw: 00000000 [ 50.974182] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.982421] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 50.990631] head: 00000000 00000002 [ 50.994140] page dumped because: kasan: bad access detected [ 50.999755] [ 51.001251] Memory state around the buggy address: [ 51.006072] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.012664] cb2d1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.019226] >cb2d1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 51.025787] ^ [ 51.031738] cb2d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.038330] cb2d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.044891] ================================================================== [ 52.044830] ================================================================== [ 52.052124] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd18/0xea4 [ 52.059722] Write of size 1 at addr ccb3a0da by task kunit_try_catch/218 [ 52.066467] [ 52.067993] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 52.068023] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 52.068023] Hardware name: Generic DRA74X (Flattened Device Tree) [ 52.068023] Call trace: [ 52.068054] unwind_backtrace from show_stack+0x18/0x1c [ 52.068054] show_stack from dump_stack_lvl+0x70/0x90 [ 52.068084] dump_stack_lvl from print_report+0x158/0x528 [ 52.068115] print_report from kasan_report+0xdc/0x118 [ 52.068145] kasan_report from krealloc_less_oob_helper+0xd18/0xea4 [ 52.068145] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 52.068176] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 52.068206] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 52.068237] kthread from ret_from_fork+0x14/0x20 [ 52.068237] Exception stack(0xf23ebfb0 to 0xf23ebff8) [ 52.068267] bfa0: 00000000 00000000 00000000 00000000 [ 52.068267] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 52.068298] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 52.068298] [ 52.174407] The buggy address belongs to the physical page: [ 52.180023] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 52.187286] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 52.194976] flags: 0x40(head|zone=0) [ 52.198577] page_type: f8(unknown) [ 52.202026] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.210174] raw: 00000000 [ 52.212799] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.221038] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 52.229278] head: 00000000 00000004 [ 52.232788] page dumped because: kasan: bad access detected [ 52.238372] [ 52.239898] Memory state around the buggy address: [ 52.244720] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.251281] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.257843] >ccb3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 52.264434] ^ [ 52.269866] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.276428] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.282989] ================================================================== [ 52.536315] ================================================================== [ 52.543579] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd00/0xea4 [ 52.551208] Write of size 1 at addr ccb3a0eb by task kunit_try_catch/218 [ 52.557952] [ 52.559448] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 52.559478] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 52.559509] Hardware name: Generic DRA74X (Flattened Device Tree) [ 52.559509] Call trace: [ 52.559509] unwind_backtrace from show_stack+0x18/0x1c [ 52.559539] show_stack from dump_stack_lvl+0x70/0x90 [ 52.559570] dump_stack_lvl from print_report+0x158/0x528 [ 52.559600] print_report from kasan_report+0xdc/0x118 [ 52.559600] kasan_report from krealloc_less_oob_helper+0xd00/0xea4 [ 52.559631] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 52.559661] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 52.559692] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 52.559722] kthread from ret_from_fork+0x14/0x20 [ 52.559722] Exception stack(0xf23ebfb0 to 0xf23ebff8) [ 52.559753] bfa0: 00000000 00000000 00000000 00000000 [ 52.559753] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 52.559783] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 52.559783] [ 52.665893] The buggy address belongs to the physical page: [ 52.671478] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 52.678771] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 52.686462] flags: 0x40(head|zone=0) [ 52.690063] page_type: f8(unknown) [ 52.693511] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.701660] raw: 00000000 [ 52.704284] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.712524] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 52.720764] head: 00000000 00000004 [ 52.724273] page dumped because: kasan: bad access detected [ 52.729858] [ 52.731384] Memory state around the buggy address: [ 52.736206] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.742767] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.749328] >ccb3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 52.755920] ^ [ 52.761871] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.768432] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.774993] ================================================================== [ 51.550170] ================================================================== [ 51.561798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xcf4/0xea4 [ 51.569427] Write of size 1 at addr ccb3a0c9 by task kunit_try_catch/218 [ 51.576171] [ 51.577697] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 51.577728] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 51.577728] Hardware name: Generic DRA74X (Flattened Device Tree) [ 51.577728] Call trace: [ 51.577728] unwind_backtrace from show_stack+0x18/0x1c [ 51.577758] show_stack from dump_stack_lvl+0x70/0x90 [ 51.577789] dump_stack_lvl from print_report+0x158/0x528 [ 51.577819] print_report from kasan_report+0xdc/0x118 [ 51.577850] kasan_report from krealloc_less_oob_helper+0xcf4/0xea4 [ 51.577850] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 51.577880] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 51.577911] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 51.577941] kthread from ret_from_fork+0x14/0x20 [ 51.577941] Exception stack(0xf23ebfb0 to 0xf23ebff8) [ 51.577972] bfa0: 00000000 00000000 00000000 00000000 [ 51.577972] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 51.578002] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 51.578002] [ 51.684112] The buggy address belongs to the physical page: [ 51.689727] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 51.696990] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.704711] flags: 0x40(head|zone=0) [ 51.708312] page_type: f8(unknown) [ 51.711730] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.719879] raw: 00000000 [ 51.722534] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.730743] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 51.738983] head: 00000000 00000004 [ 51.742492] page dumped because: kasan: bad access detected [ 51.748107] [ 51.749603] Memory state around the buggy address: [ 51.754425] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.760986] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.767578] >ccb3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 51.774139] ^ [ 51.779052] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.785614] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.792175] ================================================================== [ 52.290313] ================================================================== [ 52.297576] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd58/0xea4 [ 52.305206] Write of size 1 at addr ccb3a0ea by task kunit_try_catch/218 [ 52.311950] [ 52.313476] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 52.313476] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 52.313507] Hardware name: Generic DRA74X (Flattened Device Tree) [ 52.313507] Call trace: [ 52.313507] unwind_backtrace from show_stack+0x18/0x1c [ 52.313537] show_stack from dump_stack_lvl+0x70/0x90 [ 52.313568] dump_stack_lvl from print_report+0x158/0x528 [ 52.313598] print_report from kasan_report+0xdc/0x118 [ 52.313598] kasan_report from krealloc_less_oob_helper+0xd58/0xea4 [ 52.313629] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 52.313659] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 52.313690] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 52.313720] kthread from ret_from_fork+0x14/0x20 [ 52.313720] Exception stack(0xf23ebfb0 to 0xf23ebff8) [ 52.313751] bfa0: 00000000 00000000 00000000 00000000 [ 52.313751] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 52.313781] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 52.313781] [ 52.419891] The buggy address belongs to the physical page: [ 52.425476] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 52.432769] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 52.440460] flags: 0x40(head|zone=0) [ 52.444061] page_type: f8(unknown) [ 52.447509] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.455627] raw: 00000000 [ 52.458282] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 52.466522] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 52.474761] head: 00000000 00000004 [ 52.478271] page dumped because: kasan: bad access detected [ 52.483856] [ 52.485382] Memory state around the buggy address: [ 52.490203] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.496765] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.503326] >ccb3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 52.509918] ^ [ 52.515869] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.522430] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.528991] ================================================================== [ 49.506317] ================================================================== [ 49.517425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xcf4/0xea4 [ 49.525054] Write of size 1 at addr cb2d1ac9 by task kunit_try_catch/214 [ 49.531799] [ 49.533325] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 49.533355] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 49.533355] Hardware name: Generic DRA74X (Flattened Device Tree) [ 49.533355] Call trace: [ 49.533355] unwind_backtrace from show_stack+0x18/0x1c [ 49.533386] show_stack from dump_stack_lvl+0x70/0x90 [ 49.533416] dump_stack_lvl from print_report+0x158/0x528 [ 49.533447] print_report from kasan_report+0xdc/0x118 [ 49.533477] kasan_report from krealloc_less_oob_helper+0xcf4/0xea4 [ 49.533477] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 49.533508] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.533538] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 49.533569] kthread from ret_from_fork+0x14/0x20 [ 49.533569] Exception stack(0xf23cbfb0 to 0xf23cbff8) [ 49.533599] bfa0: 00000000 00000000 00000000 00000000 [ 49.533599] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 49.533630] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 49.533630] [ 49.639739] Allocated by task 214: [ 49.643157] kasan_save_track+0x30/0x5c [ 49.647033] __kasan_krealloc+0xf4/0x140 [ 49.650970] krealloc_noprof+0x104/0x2e4 [ 49.654937] krealloc_less_oob_helper+0x1d8/0xea4 [ 49.659667] kunit_try_run_case+0x22c/0x5a8 [ 49.663909] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.669433] kthread+0x464/0x810 [ 49.672668] ret_from_fork+0x14/0x20 [ 49.676300] [ 49.677795] The buggy address belongs to the object at cb2d1a00 [ 49.677795] which belongs to the cache kmalloc-256 of size 256 [ 49.689697] The buggy address is located 0 bytes to the right of [ 49.689697] allocated 201-byte region [cb2d1a00, cb2d1ac9) [ 49.701324] [ 49.702819] The buggy address belongs to the physical page: [ 49.708435] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 49.715698] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.723419] flags: 0x40(head|zone=0) [ 49.727020] page_type: f5(slab) [ 49.730194] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.738342] raw: 00000000 [ 49.740966] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.749206] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 49.757446] head: 00000000 00000002 [ 49.760955] page dumped because: kasan: bad access detected [ 49.766571] [ 49.768066] Memory state around the buggy address: [ 49.772888] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.779449] cb2d1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.786041] >cb2d1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 49.792602] ^ [ 49.797515] cb2d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.804077] cb2d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.810638] ================================================================== [ 50.125976] ================================================================== [ 50.133270] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd18/0xea4 [ 50.140899] Write of size 1 at addr cb2d1ada by task kunit_try_catch/214 [ 50.147644] [ 50.149139] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 50.149169] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.149169] Hardware name: Generic DRA74X (Flattened Device Tree) [ 50.149169] Call trace: [ 50.149200] unwind_backtrace from show_stack+0x18/0x1c [ 50.149200] show_stack from dump_stack_lvl+0x70/0x90 [ 50.149230] dump_stack_lvl from print_report+0x158/0x528 [ 50.149261] print_report from kasan_report+0xdc/0x118 [ 50.149291] kasan_report from krealloc_less_oob_helper+0xd18/0xea4 [ 50.149291] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 50.149322] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.149353] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 50.149383] kthread from ret_from_fork+0x14/0x20 [ 50.149414] Exception stack(0xf23cbfb0 to 0xf23cbff8) [ 50.149414] bfa0: 00000000 00000000 00000000 00000000 [ 50.149444] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 50.149444] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 50.149475] [ 50.255554] Allocated by task 214: [ 50.258972] kasan_save_track+0x30/0x5c [ 50.262847] __kasan_krealloc+0xf4/0x140 [ 50.266815] krealloc_noprof+0x104/0x2e4 [ 50.270751] krealloc_less_oob_helper+0x1d8/0xea4 [ 50.275512] kunit_try_run_case+0x22c/0x5a8 [ 50.279724] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 50.285247] kthread+0x464/0x810 [ 50.288513] ret_from_fork+0x14/0x20 [ 50.292114] [ 50.293609] The buggy address belongs to the object at cb2d1a00 [ 50.293609] which belongs to the cache kmalloc-256 of size 256 [ 50.305511] The buggy address is located 17 bytes to the right of [ 50.305511] allocated 201-byte region [cb2d1a00, cb2d1ac9) [ 50.317230] [ 50.318725] The buggy address belongs to the physical page: [ 50.324340] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 50.331604] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.339324] flags: 0x40(head|zone=0) [ 50.342926] page_type: f5(slab) [ 50.346099] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.354217] raw: 00000000 [ 50.356872] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.365112] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 50.373352] head: 00000000 00000002 [ 50.376861] page dumped because: kasan: bad access detected [ 50.382446] [ 50.383972] Memory state around the buggy address: [ 50.388793] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.395355] cb2d1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.401916] >cb2d1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 50.408477] ^ [ 50.413940] cb2d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.420501] cb2d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.427062] ================================================================== [ 51.799621] ================================================================== [ 51.806884] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xdd0/0xea4 [ 51.814514] Write of size 1 at addr ccb3a0d0 by task kunit_try_catch/218 [ 51.821258] [ 51.822784] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 51.822814] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 51.822814] Hardware name: Generic DRA74X (Flattened Device Tree) [ 51.822814] Call trace: [ 51.822814] unwind_backtrace from show_stack+0x18/0x1c [ 51.822845] show_stack from dump_stack_lvl+0x70/0x90 [ 51.822875] dump_stack_lvl from print_report+0x158/0x528 [ 51.822906] print_report from kasan_report+0xdc/0x118 [ 51.822937] kasan_report from krealloc_less_oob_helper+0xdd0/0xea4 [ 51.822937] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 51.822967] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 51.822998] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 51.823028] kthread from ret_from_fork+0x14/0x20 [ 51.823028] Exception stack(0xf23ebfb0 to 0xf23ebff8) [ 51.823059] bfa0: 00000000 00000000 00000000 00000000 [ 51.823059] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 51.823089] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 51.823089] [ 51.929199] The buggy address belongs to the physical page: [ 51.934814] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 51.942077] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.949768] flags: 0x40(head|zone=0) [ 51.953369] page_type: f8(unknown) [ 51.956817] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.964965] raw: 00000000 [ 51.967590] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.975830] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 51.984069] head: 00000000 00000004 [ 51.987579] page dumped because: kasan: bad access detected [ 51.993194] [ 51.994689] Memory state around the buggy address: [ 51.999511] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.006072] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.012634] >ccb3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 52.019226] ^ [ 52.024383] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.030975] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 52.037536] ================================================================== [ 49.817962] ================================================================== [ 49.825225] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xdd0/0xea4 [ 49.832855] Write of size 1 at addr cb2d1ad0 by task kunit_try_catch/214 [ 49.839599] [ 49.841094] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 49.841125] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 49.841125] Hardware name: Generic DRA74X (Flattened Device Tree) [ 49.841156] Call trace: [ 49.841156] unwind_backtrace from show_stack+0x18/0x1c [ 49.841186] show_stack from dump_stack_lvl+0x70/0x90 [ 49.841186] dump_stack_lvl from print_report+0x158/0x528 [ 49.841217] print_report from kasan_report+0xdc/0x118 [ 49.841247] kasan_report from krealloc_less_oob_helper+0xdd0/0xea4 [ 49.841278] krealloc_less_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 49.841308] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.841308] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 49.841339] kthread from ret_from_fork+0x14/0x20 [ 49.841369] Exception stack(0xf23cbfb0 to 0xf23cbff8) [ 49.841369] bfa0: 00000000 00000000 00000000 00000000 [ 49.841400] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 49.841400] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 49.841430] [ 49.947509] Allocated by task 214: [ 49.950927] kasan_save_track+0x30/0x5c [ 49.954803] __kasan_krealloc+0xf4/0x140 [ 49.958770] krealloc_noprof+0x104/0x2e4 [ 49.962707] krealloc_less_oob_helper+0x1d8/0xea4 [ 49.967468] kunit_try_run_case+0x22c/0x5a8 [ 49.971679] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.977203] kthread+0x464/0x810 [ 49.980468] ret_from_fork+0x14/0x20 [ 49.984069] [ 49.985565] The buggy address belongs to the object at cb2d1a00 [ 49.985565] which belongs to the cache kmalloc-256 of size 256 [ 49.997467] The buggy address is located 7 bytes to the right of [ 49.997467] allocated 201-byte region [cb2d1a00, cb2d1ac9) [ 50.009094] [ 50.010589] The buggy address belongs to the physical page: [ 50.016204] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 50.023468] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.031188] flags: 0x40(head|zone=0) [ 50.034790] page_type: f5(slab) [ 50.037963] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.046112] raw: 00000000 [ 50.048736] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 50.056976] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 50.065216] head: 00000000 00000002 [ 50.068725] page dumped because: kasan: bad access detected [ 50.074310] [ 50.075836] Memory state around the buggy address: [ 50.080657] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.087219] cb2d1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.093780] >cb2d1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 50.100372] ^ [ 50.105529] cb2d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.112091] cb2d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.118682] ==================================================================
[ 18.220783] ================================================================== [ 18.231855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 18.239516] Write of size 1 at addr ffff888100350ec9 by task kunit_try_catch/201 [ 18.246909] [ 18.248410] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 18.248418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.248420] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.248423] Call Trace: [ 18.248425] <TASK> [ 18.248427] dump_stack_lvl+0x73/0xb0 [ 18.248431] print_report+0xd1/0x650 [ 18.248435] ? __virt_addr_valid+0x1db/0x2d0 [ 18.248439] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.248444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.248448] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.248452] kasan_report+0x141/0x180 [ 18.248457] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.248462] __asan_report_store1_noabort+0x1b/0x30 [ 18.248466] krealloc_less_oob_helper+0xd70/0x11d0 [ 18.248471] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 18.248476] ? finish_task_switch.isra.0+0x153/0x700 [ 18.248480] ? __switch_to+0x5d9/0xf60 [ 18.248484] ? dequeue_task_fair+0x166/0x4e0 [ 18.248488] ? __schedule+0x10cc/0x2b30 [ 18.248493] krealloc_less_oob+0x1c/0x30 [ 18.248497] kunit_try_run_case+0x1a2/0x480 [ 18.248502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.248506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.248510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.248515] ? __kthread_parkme+0x82/0x180 [ 18.248519] ? preempt_count_sub+0x50/0x80 [ 18.248523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.248527] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.248532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.248536] kthread+0x334/0x6f0 [ 18.248540] ? trace_preempt_on+0x20/0xc0 [ 18.248544] ? __pfx_kthread+0x10/0x10 [ 18.248548] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.248552] ? calculate_sigpending+0x7b/0xa0 [ 18.248556] ? __pfx_kthread+0x10/0x10 [ 18.248560] ret_from_fork+0x3e/0x80 [ 18.248564] ? __pfx_kthread+0x10/0x10 [ 18.248568] ret_from_fork_asm+0x1a/0x30 [ 18.248574] </TASK> [ 18.248576] [ 18.427853] Allocated by task 201: [ 18.431259] kasan_save_stack+0x45/0x70 [ 18.435106] kasan_save_track+0x18/0x40 [ 18.438944] kasan_save_alloc_info+0x3b/0x50 [ 18.443219] __kasan_krealloc+0x190/0x1f0 [ 18.447237] krealloc_noprof+0xf3/0x340 [ 18.451079] krealloc_less_oob_helper+0x1aa/0x11d0 [ 18.455878] krealloc_less_oob+0x1c/0x30 [ 18.459806] kunit_try_run_case+0x1a2/0x480 [ 18.463998] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.469397] kthread+0x334/0x6f0 [ 18.472631] ret_from_fork+0x3e/0x80 [ 18.476210] ret_from_fork_asm+0x1a/0x30 [ 18.480135] [ 18.481635] The buggy address belongs to the object at ffff888100350e00 [ 18.481635] which belongs to the cache kmalloc-256 of size 256 [ 18.494150] The buggy address is located 0 bytes to the right of [ 18.494150] allocated 201-byte region [ffff888100350e00, ffff888100350ec9) [ 18.507104] [ 18.508603] The buggy address belongs to the physical page: [ 18.514177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 18.522183] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.529836] flags: 0x200000000000040(head|node=0|zone=2) [ 18.535149] page_type: f5(slab) [ 18.538296] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.546043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.553784] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.561617] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.569450] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 18.577275] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.585102] page dumped because: kasan: bad access detected [ 18.590689] [ 18.592215] Memory state around the buggy address: [ 18.597008] ffff888100350d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.604227] ffff888100350e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.611449] >ffff888100350e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.618684] ^ [ 18.624292] ffff888100350f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.631519] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.638738] ================================================================== [ 19.489501] ================================================================== [ 19.496735] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 19.504393] Write of size 1 at addr ffff888100350eea by task kunit_try_catch/201 [ 19.511784] [ 19.513278] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 19.513285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.513287] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.513290] Call Trace: [ 19.513292] <TASK> [ 19.513293] dump_stack_lvl+0x73/0xb0 [ 19.513297] print_report+0xd1/0x650 [ 19.513301] ? __virt_addr_valid+0x1db/0x2d0 [ 19.513304] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.513309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.513313] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.513317] kasan_report+0x141/0x180 [ 19.513321] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.513327] __asan_report_store1_noabort+0x1b/0x30 [ 19.513331] krealloc_less_oob_helper+0xe90/0x11d0 [ 19.513336] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.513340] ? finish_task_switch.isra.0+0x153/0x700 [ 19.513345] ? __switch_to+0x5d9/0xf60 [ 19.513348] ? dequeue_task_fair+0x166/0x4e0 [ 19.513352] ? __schedule+0x10cc/0x2b30 [ 19.513357] krealloc_less_oob+0x1c/0x30 [ 19.513362] kunit_try_run_case+0x1a2/0x480 [ 19.513366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.513370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.513374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.513378] ? __kthread_parkme+0x82/0x180 [ 19.513382] ? preempt_count_sub+0x50/0x80 [ 19.513387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.513391] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.513395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.513399] kthread+0x334/0x6f0 [ 19.513403] ? trace_preempt_on+0x20/0xc0 [ 19.513407] ? __pfx_kthread+0x10/0x10 [ 19.513411] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.513415] ? calculate_sigpending+0x7b/0xa0 [ 19.513419] ? __pfx_kthread+0x10/0x10 [ 19.513423] ret_from_fork+0x3e/0x80 [ 19.513427] ? __pfx_kthread+0x10/0x10 [ 19.513431] ret_from_fork_asm+0x1a/0x30 [ 19.513437] </TASK> [ 19.513438] [ 19.692745] Allocated by task 201: [ 19.696150] kasan_save_stack+0x45/0x70 [ 19.699990] kasan_save_track+0x18/0x40 [ 19.703828] kasan_save_alloc_info+0x3b/0x50 [ 19.708104] __kasan_krealloc+0x190/0x1f0 [ 19.712116] krealloc_noprof+0xf3/0x340 [ 19.715962] krealloc_less_oob_helper+0x1aa/0x11d0 [ 19.720756] krealloc_less_oob+0x1c/0x30 [ 19.724704] kunit_try_run_case+0x1a2/0x480 [ 19.728908] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.734310] kthread+0x334/0x6f0 [ 19.737543] ret_from_fork+0x3e/0x80 [ 19.741130] ret_from_fork_asm+0x1a/0x30 [ 19.745064] [ 19.746563] The buggy address belongs to the object at ffff888100350e00 [ 19.746563] which belongs to the cache kmalloc-256 of size 256 [ 19.759077] The buggy address is located 33 bytes to the right of [ 19.759077] allocated 201-byte region [ffff888100350e00, ffff888100350ec9) [ 19.772111] [ 19.773611] The buggy address belongs to the physical page: [ 19.779182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 19.787181] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.794834] flags: 0x200000000000040(head|node=0|zone=2) [ 19.800145] page_type: f5(slab) [ 19.803292] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.811032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.818773] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.826607] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.834439] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 19.842266] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.850098] page dumped because: kasan: bad access detected [ 19.855689] [ 19.857214] Memory state around the buggy address: [ 19.862005] ffff888100350d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.869225] ffff888100350e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.876445] >ffff888100350e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.883664] ^ [ 19.890309] ffff888100350f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.897530] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.904749] ================================================================== [ 19.911990] ================================================================== [ 19.919220] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 19.926875] Write of size 1 at addr ffff888100350eeb by task kunit_try_catch/201 [ 19.934275] [ 19.935776] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 19.935784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.935785] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.935788] Call Trace: [ 19.935790] <TASK> [ 19.935791] dump_stack_lvl+0x73/0xb0 [ 19.935795] print_report+0xd1/0x650 [ 19.935799] ? __virt_addr_valid+0x1db/0x2d0 [ 19.935802] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 19.935807] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.935811] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 19.935815] kasan_report+0x141/0x180 [ 19.935820] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 19.935825] __asan_report_store1_noabort+0x1b/0x30 [ 19.935829] krealloc_less_oob_helper+0xd47/0x11d0 [ 19.935834] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.935838] ? finish_task_switch.isra.0+0x153/0x700 [ 19.935843] ? __switch_to+0x5d9/0xf60 [ 19.935846] ? dequeue_task_fair+0x166/0x4e0 [ 19.935850] ? __schedule+0x10cc/0x2b30 [ 19.935855] krealloc_less_oob+0x1c/0x30 [ 19.935859] kunit_try_run_case+0x1a2/0x480 [ 19.935864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.935868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.935872] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.935876] ? __kthread_parkme+0x82/0x180 [ 19.935880] ? preempt_count_sub+0x50/0x80 [ 19.935885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.935889] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.935893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.935897] kthread+0x334/0x6f0 [ 19.935901] ? trace_preempt_on+0x20/0xc0 [ 19.935905] ? __pfx_kthread+0x10/0x10 [ 19.935909] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.935913] ? calculate_sigpending+0x7b/0xa0 [ 19.935917] ? __pfx_kthread+0x10/0x10 [ 19.935921] ret_from_fork+0x3e/0x80 [ 19.935925] ? __pfx_kthread+0x10/0x10 [ 19.935929] ret_from_fork_asm+0x1a/0x30 [ 19.935935] </TASK> [ 19.935936] [ 20.115147] Allocated by task 201: [ 20.118555] kasan_save_stack+0x45/0x70 [ 20.122401] kasan_save_track+0x18/0x40 [ 20.126241] kasan_save_alloc_info+0x3b/0x50 [ 20.130513] __kasan_krealloc+0x190/0x1f0 [ 20.134526] krealloc_noprof+0xf3/0x340 [ 20.138365] krealloc_less_oob_helper+0x1aa/0x11d0 [ 20.143156] krealloc_less_oob+0x1c/0x30 [ 20.147083] kunit_try_run_case+0x1a2/0x480 [ 20.151269] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.156667] kthread+0x334/0x6f0 [ 20.159953] ret_from_fork+0x3e/0x80 [ 20.163533] ret_from_fork_asm+0x1a/0x30 [ 20.167456] [ 20.168957] The buggy address belongs to the object at ffff888100350e00 [ 20.168957] which belongs to the cache kmalloc-256 of size 256 [ 20.181470] The buggy address is located 34 bytes to the right of [ 20.181470] allocated 201-byte region [ffff888100350e00, ffff888100350ec9) [ 20.194504] [ 20.196005] The buggy address belongs to the physical page: [ 20.201577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 20.209577] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.217236] flags: 0x200000000000040(head|node=0|zone=2) [ 20.222549] page_type: f5(slab) [ 20.225715] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.233461] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.241201] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.249033] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.256860] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 20.264717] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.272555] page dumped because: kasan: bad access detected [ 20.278126] [ 20.279626] Memory state around the buggy address: [ 20.284419] ffff888100350d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.291646] ffff888100350e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.298865] >ffff888100350e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 20.306084] ^ [ 20.312700] ffff888100350f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.319942] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.327160] ================================================================== [ 18.645988] ================================================================== [ 18.653218] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 18.660881] Write of size 1 at addr ffff888100350ed0 by task kunit_try_catch/201 [ 18.668279] [ 18.669781] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 18.669789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.669791] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.669794] Call Trace: [ 18.669796] <TASK> [ 18.669797] dump_stack_lvl+0x73/0xb0 [ 18.669801] print_report+0xd1/0x650 [ 18.669805] ? __virt_addr_valid+0x1db/0x2d0 [ 18.669809] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.669813] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.669817] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.669822] kasan_report+0x141/0x180 [ 18.669826] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.669832] __asan_report_store1_noabort+0x1b/0x30 [ 18.669835] krealloc_less_oob_helper+0xe23/0x11d0 [ 18.669840] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 18.669845] ? finish_task_switch.isra.0+0x153/0x700 [ 18.669850] ? __switch_to+0x5d9/0xf60 [ 18.669853] ? dequeue_task_fair+0x166/0x4e0 [ 18.669858] ? __schedule+0x10cc/0x2b30 [ 18.669863] krealloc_less_oob+0x1c/0x30 [ 18.669867] kunit_try_run_case+0x1a2/0x480 [ 18.669871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.669875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.669879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.669884] ? __kthread_parkme+0x82/0x180 [ 18.669888] ? preempt_count_sub+0x50/0x80 [ 18.669892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.669896] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.669900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.669904] kthread+0x334/0x6f0 [ 18.669908] ? trace_preempt_on+0x20/0xc0 [ 18.669912] ? __pfx_kthread+0x10/0x10 [ 18.669916] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.669920] ? calculate_sigpending+0x7b/0xa0 [ 18.669924] ? __pfx_kthread+0x10/0x10 [ 18.669928] ret_from_fork+0x3e/0x80 [ 18.669932] ? __pfx_kthread+0x10/0x10 [ 18.669936] ret_from_fork_asm+0x1a/0x30 [ 18.669942] </TASK> [ 18.669944] [ 18.849190] Allocated by task 201: [ 18.852595] kasan_save_stack+0x45/0x70 [ 18.856434] kasan_save_track+0x18/0x40 [ 18.860274] kasan_save_alloc_info+0x3b/0x50 [ 18.864555] __kasan_krealloc+0x190/0x1f0 [ 18.868566] krealloc_noprof+0xf3/0x340 [ 18.872404] krealloc_less_oob_helper+0x1aa/0x11d0 [ 18.877198] krealloc_less_oob+0x1c/0x30 [ 18.881123] kunit_try_run_case+0x1a2/0x480 [ 18.885309] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.890722] kthread+0x334/0x6f0 [ 18.893967] ret_from_fork+0x3e/0x80 [ 18.897545] ret_from_fork_asm+0x1a/0x30 [ 18.901473] [ 18.902970] The buggy address belongs to the object at ffff888100350e00 [ 18.902970] which belongs to the cache kmalloc-256 of size 256 [ 18.915478] The buggy address is located 7 bytes to the right of [ 18.915478] allocated 201-byte region [ffff888100350e00, ffff888100350ec9) [ 18.928432] [ 18.929932] The buggy address belongs to the physical page: [ 18.935506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 18.943512] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.951165] flags: 0x200000000000040(head|node=0|zone=2) [ 18.956477] page_type: f5(slab) [ 18.959622] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.967363] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.975110] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.982935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.990763] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 18.998595] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.006422] page dumped because: kasan: bad access detected [ 19.011993] [ 19.013493] Memory state around the buggy address: [ 19.018284] ffff888100350d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.025503] ffff888100350e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.032731] >ffff888100350e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.039950] ^ [ 19.045784] ffff888100350f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.053011] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.060230] ================================================================== [ 21.036104] ================================================================== [ 21.047720] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.055385] Write of size 1 at addr ffff888106ce20c9 by task kunit_try_catch/205 [ 21.062778] [ 21.064278] CPU: 3 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 21.064287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.064289] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.064292] Call Trace: [ 21.064294] <TASK> [ 21.064296] dump_stack_lvl+0x73/0xb0 [ 21.064300] print_report+0xd1/0x650 [ 21.064304] ? __virt_addr_valid+0x1db/0x2d0 [ 21.064308] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.064312] ? kasan_addr_to_slab+0x11/0xa0 [ 21.064316] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.064320] kasan_report+0x141/0x180 [ 21.064325] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.064330] __asan_report_store1_noabort+0x1b/0x30 [ 21.064334] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.064339] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.064343] ? finish_task_switch.isra.0+0x153/0x700 [ 21.064348] ? __switch_to+0x5d9/0xf60 [ 21.064351] ? dequeue_task_fair+0x166/0x4e0 [ 21.064356] ? __schedule+0x10cc/0x2b30 [ 21.064361] krealloc_large_less_oob+0x1c/0x30 [ 21.064365] kunit_try_run_case+0x1a2/0x480 [ 21.064369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.064373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.064378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.064383] ? __kthread_parkme+0x82/0x180 [ 21.064386] ? preempt_count_sub+0x50/0x80 [ 21.064391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.064395] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.064399] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.064403] kthread+0x334/0x6f0 [ 21.064407] ? trace_preempt_on+0x20/0xc0 [ 21.064411] ? __pfx_kthread+0x10/0x10 [ 21.064416] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.064420] ? calculate_sigpending+0x7b/0xa0 [ 21.064423] ? __pfx_kthread+0x10/0x10 [ 21.064428] ret_from_fork+0x3e/0x80 [ 21.064432] ? __pfx_kthread+0x10/0x10 [ 21.064436] ret_from_fork_asm+0x1a/0x30 [ 21.064442] </TASK> [ 21.064443] [ 21.243070] The buggy address belongs to the physical page: [ 21.248646] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce0 [ 21.256651] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.264305] flags: 0x200000000000040(head|node=0|zone=2) [ 21.269625] page_type: f8(unknown) [ 21.273031] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.280771] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.288517] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.296342] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.304169] head: 0200000000000002 ffffea00041b3801 00000000ffffffff 00000000ffffffff [ 21.311995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.319827] page dumped because: kasan: bad access detected [ 21.325399] [ 21.326901] Memory state around the buggy address: [ 21.331701] ffff888106ce1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.338947] ffff888106ce2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.346167] >ffff888106ce2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.353392] ^ [ 21.358966] ffff888106ce2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.366185] ffff888106ce2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.373404] ================================================================== [ 22.061546] ================================================================== [ 22.068785] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.076446] Write of size 1 at addr ffff888106ce20ea by task kunit_try_catch/205 [ 22.083848] [ 22.085347] CPU: 3 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 22.085354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.085356] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.085359] Call Trace: [ 22.085361] <TASK> [ 22.085362] dump_stack_lvl+0x73/0xb0 [ 22.085366] print_report+0xd1/0x650 [ 22.085370] ? __virt_addr_valid+0x1db/0x2d0 [ 22.085373] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.085378] ? kasan_addr_to_slab+0x11/0xa0 [ 22.085381] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.085386] kasan_report+0x141/0x180 [ 22.085390] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.085396] __asan_report_store1_noabort+0x1b/0x30 [ 22.085399] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.085404] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.085409] ? finish_task_switch.isra.0+0x153/0x700 [ 22.085413] ? __switch_to+0x5d9/0xf60 [ 22.085417] ? dequeue_task_fair+0x166/0x4e0 [ 22.085421] ? __schedule+0x10cc/0x2b30 [ 22.085426] krealloc_large_less_oob+0x1c/0x30 [ 22.085430] kunit_try_run_case+0x1a2/0x480 [ 22.085434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.085438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.085443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.085447] ? __kthread_parkme+0x82/0x180 [ 22.085451] ? preempt_count_sub+0x50/0x80 [ 22.085456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.085460] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.085464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.085468] kthread+0x334/0x6f0 [ 22.085472] ? trace_preempt_on+0x20/0xc0 [ 22.085476] ? __pfx_kthread+0x10/0x10 [ 22.085480] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.085484] ? calculate_sigpending+0x7b/0xa0 [ 22.085488] ? __pfx_kthread+0x10/0x10 [ 22.085492] ret_from_fork+0x3e/0x80 [ 22.085496] ? __pfx_kthread+0x10/0x10 [ 22.085500] ret_from_fork_asm+0x1a/0x30 [ 22.085506] </TASK> [ 22.085507] [ 22.264068] The buggy address belongs to the physical page: [ 22.269642] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce0 [ 22.277642] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.285295] flags: 0x200000000000040(head|node=0|zone=2) [ 22.290613] page_type: f8(unknown) [ 22.294021] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.301759] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.309498] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.317327] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.325151] head: 0200000000000002 ffffea00041b3801 00000000ffffffff 00000000ffffffff [ 22.332986] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.340817] page dumped because: kasan: bad access detected [ 22.346392] [ 22.347891] Memory state around the buggy address: [ 22.352714] ffff888106ce1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.359947] ffff888106ce2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.367165] >ffff888106ce2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.374383] ^ [ 22.380994] ffff888106ce2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.388213] ffff888106ce2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.395433] ================================================================== [ 22.402660] ================================================================== [ 22.409940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.417592] Write of size 1 at addr ffff888106ce20eb by task kunit_try_catch/205 [ 22.424985] [ 22.426487] CPU: 3 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 22.426494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.426496] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.426499] Call Trace: [ 22.426501] <TASK> [ 22.426502] dump_stack_lvl+0x73/0xb0 [ 22.426506] print_report+0xd1/0x650 [ 22.426510] ? __virt_addr_valid+0x1db/0x2d0 [ 22.426513] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.426518] ? kasan_addr_to_slab+0x11/0xa0 [ 22.426521] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.426526] kasan_report+0x141/0x180 [ 22.426530] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.426536] __asan_report_store1_noabort+0x1b/0x30 [ 22.426539] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.426544] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.426549] ? finish_task_switch.isra.0+0x153/0x700 [ 22.426553] ? __switch_to+0x5d9/0xf60 [ 22.426557] ? dequeue_task_fair+0x166/0x4e0 [ 22.426561] ? __schedule+0x10cc/0x2b30 [ 22.426566] krealloc_large_less_oob+0x1c/0x30 [ 22.426570] kunit_try_run_case+0x1a2/0x480 [ 22.426575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.426579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.426583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.426587] ? __kthread_parkme+0x82/0x180 [ 22.426591] ? preempt_count_sub+0x50/0x80 [ 22.426596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.426600] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.426604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.426608] kthread+0x334/0x6f0 [ 22.426612] ? trace_preempt_on+0x20/0xc0 [ 22.426616] ? __pfx_kthread+0x10/0x10 [ 22.426620] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.426624] ? calculate_sigpending+0x7b/0xa0 [ 22.426628] ? __pfx_kthread+0x10/0x10 [ 22.426632] ret_from_fork+0x3e/0x80 [ 22.426636] ? __pfx_kthread+0x10/0x10 [ 22.426640] ret_from_fork_asm+0x1a/0x30 [ 22.426645] </TASK> [ 22.426647] [ 22.605287] The buggy address belongs to the physical page: [ 22.610860] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce0 [ 22.618868] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.626521] flags: 0x200000000000040(head|node=0|zone=2) [ 22.631831] page_type: f8(unknown) [ 22.635238] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.642979] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.650732] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.658559] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.666384] head: 0200000000000002 ffffea00041b3801 00000000ffffffff 00000000ffffffff [ 22.674210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.682036] page dumped because: kasan: bad access detected [ 22.687607] [ 22.689107] Memory state around the buggy address: [ 22.693898] ffff888106ce1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.701120] ffff888106ce2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.708346] >ffff888106ce2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.715565] ^ [ 22.722179] ffff888106ce2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.729404] ffff888106ce2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.736625] ================================================================== [ 21.380660] ================================================================== [ 21.387885] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.395546] Write of size 1 at addr ffff888106ce20d0 by task kunit_try_catch/205 [ 21.402946] [ 21.404446] CPU: 3 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 21.404454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.404456] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.404459] Call Trace: [ 21.404460] <TASK> [ 21.404462] dump_stack_lvl+0x73/0xb0 [ 21.404466] print_report+0xd1/0x650 [ 21.404470] ? __virt_addr_valid+0x1db/0x2d0 [ 21.404474] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.404478] ? kasan_addr_to_slab+0x11/0xa0 [ 21.404482] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.404486] kasan_report+0x141/0x180 [ 21.404490] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.404496] __asan_report_store1_noabort+0x1b/0x30 [ 21.404500] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.404504] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.404509] ? finish_task_switch.isra.0+0x153/0x700 [ 21.404513] ? __switch_to+0x5d9/0xf60 [ 21.404517] ? dequeue_task_fair+0x166/0x4e0 [ 21.404521] ? __schedule+0x10cc/0x2b30 [ 21.404526] krealloc_large_less_oob+0x1c/0x30 [ 21.404531] kunit_try_run_case+0x1a2/0x480 [ 21.404535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.404539] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.404543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.404548] ? __kthread_parkme+0x82/0x180 [ 21.404552] ? preempt_count_sub+0x50/0x80 [ 21.404556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.404560] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.404564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.404568] kthread+0x334/0x6f0 [ 21.404572] ? trace_preempt_on+0x20/0xc0 [ 21.404576] ? __pfx_kthread+0x10/0x10 [ 21.404581] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.404585] ? calculate_sigpending+0x7b/0xa0 [ 21.404588] ? __pfx_kthread+0x10/0x10 [ 21.404593] ret_from_fork+0x3e/0x80 [ 21.404597] ? __pfx_kthread+0x10/0x10 [ 21.404601] ret_from_fork_asm+0x1a/0x30 [ 21.404606] </TASK> [ 21.404608] [ 21.583197] The buggy address belongs to the physical page: [ 21.588767] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce0 [ 21.596766] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.604419] flags: 0x200000000000040(head|node=0|zone=2) [ 21.609732] page_type: f8(unknown) [ 21.613138] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.620878] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.628617] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.636442] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.644268] head: 0200000000000002 ffffea00041b3801 00000000ffffffff 00000000ffffffff [ 21.652093] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.659918] page dumped because: kasan: bad access detected [ 21.665492] [ 21.666989] Memory state around the buggy address: [ 21.671784] ffff888106ce1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.679003] ffff888106ce2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.686222] >ffff888106ce2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.693439] ^ [ 21.699272] ffff888106ce2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.706491] ffff888106ce2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.713712] ================================================================== [ 21.720982] ================================================================== [ 21.728208] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.735860] Write of size 1 at addr ffff888106ce20da by task kunit_try_catch/205 [ 21.743253] [ 21.744753] CPU: 3 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 21.744761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.744763] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.744766] Call Trace: [ 21.744768] <TASK> [ 21.744769] dump_stack_lvl+0x73/0xb0 [ 21.744773] print_report+0xd1/0x650 [ 21.744777] ? __virt_addr_valid+0x1db/0x2d0 [ 21.744780] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.744785] ? kasan_addr_to_slab+0x11/0xa0 [ 21.744789] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.744793] kasan_report+0x141/0x180 [ 21.744797] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.744803] __asan_report_store1_noabort+0x1b/0x30 [ 21.744807] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.744811] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.744816] ? finish_task_switch.isra.0+0x153/0x700 [ 21.744820] ? __switch_to+0x5d9/0xf60 [ 21.744824] ? dequeue_task_fair+0x166/0x4e0 [ 21.744828] ? __schedule+0x10cc/0x2b30 [ 21.744833] krealloc_large_less_oob+0x1c/0x30 [ 21.744838] kunit_try_run_case+0x1a2/0x480 [ 21.744842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.744846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.744850] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.744855] ? __kthread_parkme+0x82/0x180 [ 21.744859] ? preempt_count_sub+0x50/0x80 [ 21.744863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.744868] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.744871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.744875] kthread+0x334/0x6f0 [ 21.744879] ? trace_preempt_on+0x20/0xc0 [ 21.744884] ? __pfx_kthread+0x10/0x10 [ 21.744888] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.744892] ? calculate_sigpending+0x7b/0xa0 [ 21.744896] ? __pfx_kthread+0x10/0x10 [ 21.744900] ret_from_fork+0x3e/0x80 [ 21.744904] ? __pfx_kthread+0x10/0x10 [ 21.744908] ret_from_fork_asm+0x1a/0x30 [ 21.744913] </TASK> [ 21.744915] [ 21.923469] The buggy address belongs to the physical page: [ 21.929041] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106ce0 [ 21.937047] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.944704] flags: 0x200000000000040(head|node=0|zone=2) [ 21.950040] page_type: f8(unknown) [ 21.953446] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.961184] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.968925] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.976759] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.984591] head: 0200000000000002 ffffea00041b3801 00000000ffffffff 00000000ffffffff [ 21.992419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.000250] page dumped because: kasan: bad access detected [ 22.005823] [ 22.007323] Memory state around the buggy address: [ 22.012118] ffff888106ce1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.019345] ffff888106ce2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.026572] >ffff888106ce2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.033791] ^ [ 22.039882] ffff888106ce2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.047100] ffff888106ce2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.054322] ================================================================== [ 19.067495] ================================================================== [ 19.074745] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 19.082407] Write of size 1 at addr ffff888100350eda by task kunit_try_catch/201 [ 19.089808] [ 19.091309] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 19.091316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.091318] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.091321] Call Trace: [ 19.091323] <TASK> [ 19.091325] dump_stack_lvl+0x73/0xb0 [ 19.091328] print_report+0xd1/0x650 [ 19.091332] ? __virt_addr_valid+0x1db/0x2d0 [ 19.091336] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.091340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.091344] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.091349] kasan_report+0x141/0x180 [ 19.091353] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.091358] __asan_report_store1_noabort+0x1b/0x30 [ 19.091362] krealloc_less_oob_helper+0xec6/0x11d0 [ 19.091367] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.091372] ? finish_task_switch.isra.0+0x153/0x700 [ 19.091376] ? __switch_to+0x5d9/0xf60 [ 19.091380] ? dequeue_task_fair+0x166/0x4e0 [ 19.091384] ? __schedule+0x10cc/0x2b30 [ 19.091389] krealloc_less_oob+0x1c/0x30 [ 19.091393] kunit_try_run_case+0x1a2/0x480 [ 19.091397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.091401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.091406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.091410] ? __kthread_parkme+0x82/0x180 [ 19.091414] ? preempt_count_sub+0x50/0x80 [ 19.091418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.091423] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.091426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.091430] kthread+0x334/0x6f0 [ 19.091434] ? trace_preempt_on+0x20/0xc0 [ 19.091439] ? __pfx_kthread+0x10/0x10 [ 19.091443] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.091447] ? calculate_sigpending+0x7b/0xa0 [ 19.091450] ? __pfx_kthread+0x10/0x10 [ 19.091455] ret_from_fork+0x3e/0x80 [ 19.091459] ? __pfx_kthread+0x10/0x10 [ 19.091463] ret_from_fork_asm+0x1a/0x30 [ 19.091468] </TASK> [ 19.091470] [ 19.270750] Allocated by task 201: [ 19.274156] kasan_save_stack+0x45/0x70 [ 19.277995] kasan_save_track+0x18/0x40 [ 19.281835] kasan_save_alloc_info+0x3b/0x50 [ 19.286106] __kasan_krealloc+0x190/0x1f0 [ 19.290120] krealloc_noprof+0xf3/0x340 [ 19.293959] krealloc_less_oob_helper+0x1aa/0x11d0 [ 19.298761] krealloc_less_oob+0x1c/0x30 [ 19.302715] kunit_try_run_case+0x1a2/0x480 [ 19.306914] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.312314] kthread+0x334/0x6f0 [ 19.315546] ret_from_fork+0x3e/0x80 [ 19.319126] ret_from_fork_asm+0x1a/0x30 [ 19.323053] [ 19.324552] The buggy address belongs to the object at ffff888100350e00 [ 19.324552] which belongs to the cache kmalloc-256 of size 256 [ 19.337065] The buggy address is located 17 bytes to the right of [ 19.337065] allocated 201-byte region [ffff888100350e00, ffff888100350ec9) [ 19.350100] [ 19.351599] The buggy address belongs to the physical page: [ 19.357170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 19.365169] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.372821] flags: 0x200000000000040(head|node=0|zone=2) [ 19.378135] page_type: f5(slab) [ 19.381282] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.389029] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.396768] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.404603] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.412437] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 19.420272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.428105] page dumped because: kasan: bad access detected [ 19.433716] [ 19.435218] Memory state around the buggy address: [ 19.440011] ffff888100350d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.447232] ffff888100350e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.454459] >ffff888100350e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.461701] ^ [ 19.467822] ffff888100350f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.475041] ffff888100350f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.482261] ==================================================================