Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 49.196197] ================================================================== [ 49.203491] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x72c/0x808 [ 49.211120] Write of size 1 at addr cb2d18f0 by task kunit_try_catch/212 [ 49.217864] [ 49.219360] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 49.219390] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 49.219390] Hardware name: Generic DRA74X (Flattened Device Tree) [ 49.219421] Call trace: [ 49.219421] unwind_backtrace from show_stack+0x18/0x1c [ 49.219451] show_stack from dump_stack_lvl+0x70/0x90 [ 49.219451] dump_stack_lvl from print_report+0x158/0x528 [ 49.219482] print_report from kasan_report+0xdc/0x118 [ 49.219512] kasan_report from krealloc_more_oob_helper+0x72c/0x808 [ 49.219543] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 49.219543] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.219573] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 49.219604] kthread from ret_from_fork+0x14/0x20 [ 49.219635] Exception stack(0xf23c3fb0 to 0xf23c3ff8) [ 49.219635] 3fa0: 00000000 00000000 00000000 00000000 [ 49.219665] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 49.219665] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 49.219696] [ 49.325775] Allocated by task 212: [ 49.329193] kasan_save_track+0x30/0x5c [ 49.333068] __kasan_krealloc+0xf4/0x140 [ 49.337005] krealloc_noprof+0x104/0x2e4 [ 49.340972] krealloc_more_oob_helper+0x1e0/0x808 [ 49.345733] kunit_try_run_case+0x22c/0x5a8 [ 49.349945] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.355468] kthread+0x464/0x810 [ 49.358734] ret_from_fork+0x14/0x20 [ 49.362335] [ 49.363830] The buggy address belongs to the object at cb2d1800 [ 49.363830] which belongs to the cache kmalloc-256 of size 256 [ 49.375732] The buggy address is located 5 bytes to the right of [ 49.375732] allocated 235-byte region [cb2d1800, cb2d18eb) [ 49.387359] [ 49.388854] The buggy address belongs to the physical page: [ 49.394470] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 49.401733] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.409454] flags: 0x40(head|zone=0) [ 49.413055] page_type: f5(slab) [ 49.416229] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.424377] raw: 00000000 [ 49.427001] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.435241] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 49.443481] head: 00000000 00000002 [ 49.446990] page dumped because: kasan: bad access detected [ 49.452575] [ 49.454101] Memory state around the buggy address: [ 49.458923] cb2d1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.465484] cb2d1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.472045] >cb2d1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 49.478637] ^ [ 49.484832] cb2d1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.491424] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.497985] ================================================================== [ 48.883544] ================================================================== [ 48.894409] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x77c/0x808 [ 48.902038] Write of size 1 at addr cb2d18eb by task kunit_try_catch/212 [ 48.908782] [ 48.910278] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 48.910308] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 48.910339] Hardware name: Generic DRA74X (Flattened Device Tree) [ 48.910339] Call trace: [ 48.910339] unwind_backtrace from show_stack+0x18/0x1c [ 48.910369] show_stack from dump_stack_lvl+0x70/0x90 [ 48.910400] dump_stack_lvl from print_report+0x158/0x528 [ 48.910430] print_report from kasan_report+0xdc/0x118 [ 48.910430] kasan_report from krealloc_more_oob_helper+0x77c/0x808 [ 48.910461] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 48.910491] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 48.910522] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 48.910552] kthread from ret_from_fork+0x14/0x20 [ 48.910552] Exception stack(0xf23c3fb0 to 0xf23c3ff8) [ 48.910583] 3fa0: 00000000 00000000 00000000 00000000 [ 48.910583] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 48.910614] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 48.910614] [ 49.016723] Allocated by task 212: [ 49.020141] kasan_save_track+0x30/0x5c [ 49.024017] __kasan_krealloc+0xf4/0x140 [ 49.027954] krealloc_noprof+0x104/0x2e4 [ 49.031921] krealloc_more_oob_helper+0x1e0/0x808 [ 49.036651] kunit_try_run_case+0x22c/0x5a8 [ 49.040893] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 49.046417] kthread+0x464/0x810 [ 49.049652] ret_from_fork+0x14/0x20 [ 49.053253] [ 49.054779] The buggy address belongs to the object at cb2d1800 [ 49.054779] which belongs to the cache kmalloc-256 of size 256 [ 49.066680] The buggy address is located 0 bytes to the right of [ 49.066680] allocated 235-byte region [cb2d1800, cb2d18eb) [ 49.078308] [ 49.079803] The buggy address belongs to the physical page: [ 49.085418] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8b2d0 [ 49.092681] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.100402] flags: 0x40(head|zone=0) [ 49.104003] page_type: f5(slab) [ 49.107177] raw: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.115325] raw: 00000000 [ 49.117950] head: 00000040 c7001500 00000122 00000000 00000000 80100010 f5000000 00000000 [ 49.126190] head: 00000000 00000001 eeb91541 ffffffff 00000000 ffffffff 00000000 ffffffff [ 49.134429] head: 00000000 00000002 [ 49.137939] page dumped because: kasan: bad access detected [ 49.143554] [ 49.145050] Memory state around the buggy address: [ 49.149871] cb2d1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.156433] cb2d1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.163024] >cb2d1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 49.169586] ^ [ 49.175537] cb2d1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.182098] cb2d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.188690] ================================================================== [ 51.052917] ================================================================== [ 51.064056] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x77c/0x808 [ 51.071685] Write of size 1 at addr ccb3a0eb by task kunit_try_catch/216 [ 51.078430] [ 51.079925] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 51.079956] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 51.079956] Hardware name: Generic DRA74X (Flattened Device Tree) [ 51.079986] Call trace: [ 51.079986] unwind_backtrace from show_stack+0x18/0x1c [ 51.080017] show_stack from dump_stack_lvl+0x70/0x90 [ 51.080017] dump_stack_lvl from print_report+0x158/0x528 [ 51.080047] print_report from kasan_report+0xdc/0x118 [ 51.080078] kasan_report from krealloc_more_oob_helper+0x77c/0x808 [ 51.080108] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 51.080139] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 51.080139] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 51.080169] kthread from ret_from_fork+0x14/0x20 [ 51.080200] Exception stack(0xf23dbfb0 to 0xf23dbff8) [ 51.080200] bfa0: 00000000 00000000 00000000 00000000 [ 51.080230] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 51.080230] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 51.080261] [ 51.186340] The buggy address belongs to the physical page: [ 51.191955] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 51.199218] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.206939] flags: 0x40(head|zone=0) [ 51.210540] page_type: f8(unknown) [ 51.213958] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.222106] raw: 00000000 [ 51.224761] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.233001] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 51.241241] head: 00000000 00000004 [ 51.244750] page dumped because: kasan: bad access detected [ 51.250335] [ 51.251831] Memory state around the buggy address: [ 51.256652] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.263244] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.269805] >ccb3a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 51.276367] ^ [ 51.282348] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.288909] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.295471] ================================================================== [ 51.302978] ================================================================== [ 51.310272] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x72c/0x808 [ 51.317871] Write of size 1 at addr ccb3a0f0 by task kunit_try_catch/216 [ 51.324645] [ 51.326141] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 51.326171] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 51.326171] Hardware name: Generic DRA74X (Flattened Device Tree) [ 51.326171] Call trace: [ 51.326202] unwind_backtrace from show_stack+0x18/0x1c [ 51.326202] show_stack from dump_stack_lvl+0x70/0x90 [ 51.326232] dump_stack_lvl from print_report+0x158/0x528 [ 51.326263] print_report from kasan_report+0xdc/0x118 [ 51.326293] kasan_report from krealloc_more_oob_helper+0x72c/0x808 [ 51.326293] krealloc_more_oob_helper from kunit_try_run_case+0x22c/0x5a8 [ 51.326324] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 51.326354] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 51.326385] kthread from ret_from_fork+0x14/0x20 [ 51.326416] Exception stack(0xf23dbfb0 to 0xf23dbff8) [ 51.326416] bfa0: 00000000 00000000 00000000 00000000 [ 51.326446] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 51.326446] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 51.326446] [ 51.432556] The buggy address belongs to the physical page: [ 51.438171] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x8cb38 [ 51.445434] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.453155] flags: 0x40(head|zone=0) [ 51.456756] page_type: f8(unknown) [ 51.460174] raw: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.468322] raw: 00000000 [ 51.470977] head: 00000040 00000000 00000122 00000000 00000000 00000000 f8000000 00000001 [ 51.479217] head: 00000000 00000002 eebc83e1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 51.487426] head: 00000000 00000004 [ 51.490936] page dumped because: kasan: bad access detected [ 51.496551] [ 51.498046] Memory state around the buggy address: [ 51.502868] ccb39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.509460] ccb3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.516021] >ccb3a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 51.522583] ^ [ 51.528808] ccb3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.535369] ccb3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 51.541961] ==================================================================
[ 20.342783] ================================================================== [ 20.353878] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 20.361452] Write of size 1 at addr ffff888105eba0eb by task kunit_try_catch/203 [ 20.368843] [ 20.370344] CPU: 2 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 20.370352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.370354] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.370358] Call Trace: [ 20.370359] <TASK> [ 20.370361] dump_stack_lvl+0x73/0xb0 [ 20.370365] print_report+0xd1/0x650 [ 20.370369] ? __virt_addr_valid+0x1db/0x2d0 [ 20.370373] ? krealloc_more_oob_helper+0x821/0x930 [ 20.370378] ? kasan_addr_to_slab+0x11/0xa0 [ 20.370382] ? krealloc_more_oob_helper+0x821/0x930 [ 20.370386] kasan_report+0x141/0x180 [ 20.370390] ? krealloc_more_oob_helper+0x821/0x930 [ 20.370396] __asan_report_store1_noabort+0x1b/0x30 [ 20.370399] krealloc_more_oob_helper+0x821/0x930 [ 20.370404] ? __schedule+0x10cc/0x2b30 [ 20.370408] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 20.370413] ? finish_task_switch.isra.0+0x153/0x700 [ 20.370417] ? __switch_to+0x5d9/0xf60 [ 20.370421] ? dequeue_task_fair+0x166/0x4e0 [ 20.370425] ? __schedule+0x10cc/0x2b30 [ 20.370430] krealloc_large_more_oob+0x1c/0x30 [ 20.370434] kunit_try_run_case+0x1a2/0x480 [ 20.370439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.370443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.370447] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.370452] ? __kthread_parkme+0x82/0x180 [ 20.370456] ? preempt_count_sub+0x50/0x80 [ 20.370460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.370465] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.370469] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.370473] kthread+0x334/0x6f0 [ 20.370477] ? trace_preempt_on+0x20/0xc0 [ 20.370481] ? __pfx_kthread+0x10/0x10 [ 20.370485] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.370489] ? calculate_sigpending+0x7b/0xa0 [ 20.370493] ? __pfx_kthread+0x10/0x10 [ 20.370497] ret_from_fork+0x3e/0x80 [ 20.370501] ? __pfx_kthread+0x10/0x10 [ 20.370505] ret_from_fork_asm+0x1a/0x30 [ 20.370511] </TASK> [ 20.370512] [ 20.552456] The buggy address belongs to the physical page: [ 20.558029] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eb8 [ 20.566036] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.573688] flags: 0x200000000000040(head|node=0|zone=2) [ 20.579026] page_type: f8(unknown) [ 20.582433] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.590173] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.597912] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.605737] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.613562] head: 0200000000000002 ffffea000417ae01 00000000ffffffff 00000000ffffffff [ 20.621388] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.629213] page dumped because: kasan: bad access detected [ 20.634787] [ 20.636285] Memory state around the buggy address: [ 20.641077] ffff888105eb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.648297] ffff888105eba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.655516] >ffff888105eba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 20.662735] ^ [ 20.669348] ffff888105eba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.676567] ffff888105eba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.683785] ================================================================== [ 20.691069] ================================================================== [ 20.698300] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 20.705867] Write of size 1 at addr ffff888105eba0f0 by task kunit_try_catch/203 [ 20.713260] [ 20.714758] CPU: 2 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 20.714766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.714768] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.714772] Call Trace: [ 20.714773] <TASK> [ 20.714775] dump_stack_lvl+0x73/0xb0 [ 20.714779] print_report+0xd1/0x650 [ 20.714783] ? __virt_addr_valid+0x1db/0x2d0 [ 20.714786] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.714791] ? kasan_addr_to_slab+0x11/0xa0 [ 20.714795] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.714799] kasan_report+0x141/0x180 [ 20.714803] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.714809] __asan_report_store1_noabort+0x1b/0x30 [ 20.714812] krealloc_more_oob_helper+0x7eb/0x930 [ 20.714817] ? __schedule+0x10cc/0x2b30 [ 20.714821] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 20.714826] ? finish_task_switch.isra.0+0x153/0x700 [ 20.714830] ? __switch_to+0x5d9/0xf60 [ 20.714834] ? dequeue_task_fair+0x166/0x4e0 [ 20.714838] ? __schedule+0x10cc/0x2b30 [ 20.714843] krealloc_large_more_oob+0x1c/0x30 [ 20.714847] kunit_try_run_case+0x1a2/0x480 [ 20.714852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.714856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.714860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.714865] ? __kthread_parkme+0x82/0x180 [ 20.714869] ? preempt_count_sub+0x50/0x80 [ 20.714873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.714877] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.714881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.714885] kthread+0x334/0x6f0 [ 20.714889] ? trace_preempt_on+0x20/0xc0 [ 20.714893] ? __pfx_kthread+0x10/0x10 [ 20.714897] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.714901] ? calculate_sigpending+0x7b/0xa0 [ 20.714905] ? __pfx_kthread+0x10/0x10 [ 20.714909] ret_from_fork+0x3e/0x80 [ 20.714913] ? __pfx_kthread+0x10/0x10 [ 20.714917] ret_from_fork_asm+0x1a/0x30 [ 20.714923] </TASK> [ 20.714925] [ 20.896898] The buggy address belongs to the physical page: [ 20.902469] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eb8 [ 20.910470] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.918128] flags: 0x200000000000040(head|node=0|zone=2) [ 20.923442] page_type: f8(unknown) [ 20.926850] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.934588] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.942335] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.950161] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.957985] head: 0200000000000002 ffffea000417ae01 00000000ffffffff 00000000ffffffff [ 20.965811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.973636] page dumped because: kasan: bad access detected [ 20.979210] [ 20.980731] Memory state around the buggy address: [ 20.985529] ffff888105eb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.992756] ffff888105eba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.999974] >ffff888105eba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.007194] ^ [ 21.014067] ffff888105eba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.021284] ffff888105eba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.028504] ================================================================== [ 17.794697] ================================================================== [ 17.801948] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.809513] Write of size 1 at addr ffff8881038caaf0 by task kunit_try_catch/199 [ 17.816907] [ 17.818408] CPU: 3 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.818416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.818418] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 17.818421] Call Trace: [ 17.818423] <TASK> [ 17.818424] dump_stack_lvl+0x73/0xb0 [ 17.818428] print_report+0xd1/0x650 [ 17.818432] ? __virt_addr_valid+0x1db/0x2d0 [ 17.818436] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.818440] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.818444] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.818449] kasan_report+0x141/0x180 [ 17.818453] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.818459] __asan_report_store1_noabort+0x1b/0x30 [ 17.818462] krealloc_more_oob_helper+0x7eb/0x930 [ 17.818467] ? __schedule+0x10cc/0x2b30 [ 17.818471] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.818476] ? finish_task_switch.isra.0+0x153/0x700 [ 17.818480] ? __switch_to+0x5d9/0xf60 [ 17.818484] ? dequeue_task_fair+0x166/0x4e0 [ 17.818488] ? __schedule+0x10cc/0x2b30 [ 17.818493] krealloc_more_oob+0x1c/0x30 [ 17.818497] kunit_try_run_case+0x1a2/0x480 [ 17.818501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.818505] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.818510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.818514] ? __kthread_parkme+0x82/0x180 [ 17.818518] ? preempt_count_sub+0x50/0x80 [ 17.818523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.818527] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.818531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.818535] kthread+0x334/0x6f0 [ 17.818539] ? trace_preempt_on+0x20/0xc0 [ 17.818543] ? __pfx_kthread+0x10/0x10 [ 17.818547] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.818551] ? calculate_sigpending+0x7b/0xa0 [ 17.818555] ? __pfx_kthread+0x10/0x10 [ 17.818559] ret_from_fork+0x3e/0x80 [ 17.818563] ? __pfx_kthread+0x10/0x10 [ 17.818567] ret_from_fork_asm+0x1a/0x30 [ 17.818573] </TASK> [ 17.818575] [ 18.001227] Allocated by task 199: [ 18.004634] kasan_save_stack+0x45/0x70 [ 18.008473] kasan_save_track+0x18/0x40 [ 18.012314] kasan_save_alloc_info+0x3b/0x50 [ 18.016587] __kasan_krealloc+0x190/0x1f0 [ 18.020599] krealloc_noprof+0xf3/0x340 [ 18.024437] krealloc_more_oob_helper+0x1a9/0x930 [ 18.029143] krealloc_more_oob+0x1c/0x30 [ 18.033068] kunit_try_run_case+0x1a2/0x480 [ 18.037255] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.042654] kthread+0x334/0x6f0 [ 18.045885] ret_from_fork+0x3e/0x80 [ 18.049465] ret_from_fork_asm+0x1a/0x30 [ 18.053391] [ 18.054890] The buggy address belongs to the object at ffff8881038caa00 [ 18.054890] which belongs to the cache kmalloc-256 of size 256 [ 18.067398] The buggy address is located 5 bytes to the right of [ 18.067398] allocated 235-byte region [ffff8881038caa00, ffff8881038caaeb) [ 18.080351] [ 18.081852] The buggy address belongs to the physical page: [ 18.087424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ca [ 18.095431] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.103082] flags: 0x200000000000040(head|node=0|zone=2) [ 18.108396] page_type: f5(slab) [ 18.111543] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.119282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.127030] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.134865] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.142706] head: 0200000000000001 ffffea00040e3281 00000000ffffffff 00000000ffffffff [ 18.150558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.158382] page dumped because: kasan: bad access detected [ 18.163955] [ 18.165455] Memory state around the buggy address: [ 18.170248] ffff8881038ca980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.177467] ffff8881038caa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.184704] >ffff8881038caa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 18.191921] ^ [ 18.198794] ffff8881038cab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.206013] ffff8881038cab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.213232] ================================================================== [ 17.365445] ================================================================== [ 17.376246] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.383817] Write of size 1 at addr ffff8881038caaeb by task kunit_try_catch/199 [ 17.391211] [ 17.392713] CPU: 3 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.392734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.392736] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 17.392739] Call Trace: [ 17.392741] <TASK> [ 17.392743] dump_stack_lvl+0x73/0xb0 [ 17.392747] print_report+0xd1/0x650 [ 17.392751] ? __virt_addr_valid+0x1db/0x2d0 [ 17.392755] ? krealloc_more_oob_helper+0x821/0x930 [ 17.392759] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.392763] ? krealloc_more_oob_helper+0x821/0x930 [ 17.392768] kasan_report+0x141/0x180 [ 17.392772] ? krealloc_more_oob_helper+0x821/0x930 [ 17.392778] __asan_report_store1_noabort+0x1b/0x30 [ 17.392781] krealloc_more_oob_helper+0x821/0x930 [ 17.392786] ? __schedule+0x10cc/0x2b30 [ 17.392790] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.392795] ? finish_task_switch.isra.0+0x153/0x700 [ 17.392799] ? __switch_to+0x5d9/0xf60 [ 17.392803] ? dequeue_task_fair+0x166/0x4e0 [ 17.392809] ? __schedule+0x10cc/0x2b30 [ 17.392813] krealloc_more_oob+0x1c/0x30 [ 17.392818] kunit_try_run_case+0x1a2/0x480 [ 17.392822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.392826] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.392831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.392835] ? __kthread_parkme+0x82/0x180 [ 17.392839] ? preempt_count_sub+0x50/0x80 [ 17.392843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.392848] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.392852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.392856] kthread+0x334/0x6f0 [ 17.392860] ? trace_preempt_on+0x20/0xc0 [ 17.392864] ? __pfx_kthread+0x10/0x10 [ 17.392868] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.392872] ? calculate_sigpending+0x7b/0xa0 [ 17.392876] ? __pfx_kthread+0x10/0x10 [ 17.392880] ret_from_fork+0x3e/0x80 [ 17.392884] ? __pfx_kthread+0x10/0x10 [ 17.392889] ret_from_fork_asm+0x1a/0x30 [ 17.392894] </TASK> [ 17.392896] [ 17.575567] Allocated by task 199: [ 17.578975] kasan_save_stack+0x45/0x70 [ 17.582821] kasan_save_track+0x18/0x40 [ 17.586660] kasan_save_alloc_info+0x3b/0x50 [ 17.590959] __kasan_krealloc+0x190/0x1f0 [ 17.594972] krealloc_noprof+0xf3/0x340 [ 17.598812] krealloc_more_oob_helper+0x1a9/0x930 [ 17.603525] krealloc_more_oob+0x1c/0x30 [ 17.607451] kunit_try_run_case+0x1a2/0x480 [ 17.611638] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.617035] kthread+0x334/0x6f0 [ 17.620268] ret_from_fork+0x3e/0x80 [ 17.623849] ret_from_fork_asm+0x1a/0x30 [ 17.627774] [ 17.629274] The buggy address belongs to the object at ffff8881038caa00 [ 17.629274] which belongs to the cache kmalloc-256 of size 256 [ 17.641788] The buggy address is located 0 bytes to the right of [ 17.641788] allocated 235-byte region [ffff8881038caa00, ffff8881038caaeb) [ 17.654745] [ 17.656242] The buggy address belongs to the physical page: [ 17.661815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038ca [ 17.669815] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.677475] flags: 0x200000000000040(head|node=0|zone=2) [ 17.682786] page_type: f5(slab) [ 17.685935] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 17.693704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.701464] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 17.709299] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.717131] head: 0200000000000001 ffffea00040e3281 00000000ffffffff 00000000ffffffff [ 17.724959] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.732793] page dumped because: kasan: bad access detected [ 17.738363] [ 17.739862] Memory state around the buggy address: [ 17.744656] ffff8881038ca980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.751901] ffff8881038caa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.759119] >ffff8881038caa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.766339] ^ [ 17.772953] ffff8881038cab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.780178] ffff8881038cab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.787397] ==================================================================