Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 17.569596] ================================================================== [ 17.569742] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 17.569874] Write of size 1 at addr fff00000c79d60f0 by task kunit_try_catch/162 [ 17.569994] [ 17.570088] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.570253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.570307] Hardware name: linux,dummy-virt (DT) [ 17.570374] Call trace: [ 17.570423] show_stack+0x20/0x38 (C) [ 17.570526] dump_stack_lvl+0x8c/0xd0 [ 17.570638] print_report+0x118/0x608 [ 17.570736] kasan_report+0xdc/0x128 [ 17.570831] __asan_report_store1_noabort+0x20/0x30 [ 17.570941] krealloc_more_oob_helper+0x5c0/0x678 [ 17.571052] krealloc_large_more_oob+0x20/0x38 [ 17.571166] kunit_try_run_case+0x170/0x3f0 [ 17.571270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.571423] kthread+0x328/0x630 [ 17.571553] ret_from_fork+0x10/0x20 [ 17.571653] [ 17.571695] The buggy address belongs to the physical page: [ 17.572137] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4 [ 17.572255] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.572349] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.572988] page_type: f8(unknown) [ 17.573075] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.573180] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.573335] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.573444] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.573581] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff [ 17.573694] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.573789] page dumped because: kasan: bad access detected [ 17.573859] [ 17.573902] Memory state around the buggy address: [ 17.573965] fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.574074] fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.574211] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.574300] ^ [ 17.574389] fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.574489] fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.574626] ================================================================== [ 17.455274] ================================================================== [ 17.455449] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 17.455586] Write of size 1 at addr fff00000c47144eb by task kunit_try_catch/158 [ 17.455693] [ 17.455782] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.455968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.456020] Hardware name: linux,dummy-virt (DT) [ 17.456086] Call trace: [ 17.456136] show_stack+0x20/0x38 (C) [ 17.456232] dump_stack_lvl+0x8c/0xd0 [ 17.456323] print_report+0x118/0x608 [ 17.456412] kasan_report+0xdc/0x128 [ 17.456487] __asan_report_store1_noabort+0x20/0x30 [ 17.456616] krealloc_more_oob_helper+0x60c/0x678 [ 17.456733] krealloc_more_oob+0x20/0x38 [ 17.456899] kunit_try_run_case+0x170/0x3f0 [ 17.456963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.457016] kthread+0x328/0x630 [ 17.457070] ret_from_fork+0x10/0x20 [ 17.457182] [ 17.457224] Allocated by task 158: [ 17.457288] kasan_save_stack+0x3c/0x68 [ 17.457371] kasan_save_track+0x20/0x40 [ 17.457446] kasan_save_alloc_info+0x40/0x58 [ 17.457558] __kasan_krealloc+0x118/0x178 [ 17.457671] krealloc_noprof+0x128/0x360 [ 17.457758] krealloc_more_oob_helper+0x168/0x678 [ 17.457855] krealloc_more_oob+0x20/0x38 [ 17.457944] kunit_try_run_case+0x170/0x3f0 [ 17.458032] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.458153] kthread+0x328/0x630 [ 17.458236] ret_from_fork+0x10/0x20 [ 17.458307] [ 17.458347] The buggy address belongs to the object at fff00000c4714400 [ 17.458347] which belongs to the cache kmalloc-256 of size 256 [ 17.458477] The buggy address is located 0 bytes to the right of [ 17.458477] allocated 235-byte region [fff00000c4714400, fff00000c47144eb) [ 17.458630] [ 17.458676] The buggy address belongs to the physical page: [ 17.458747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714 [ 17.458869] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.458971] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.459090] page_type: f5(slab) [ 17.459174] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.459322] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.459425] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.459529] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.459700] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff [ 17.459797] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.459878] page dumped because: kasan: bad access detected [ 17.459946] [ 17.459987] Memory state around the buggy address: [ 17.460063] fff00000c4714380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.460165] fff00000c4714400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.460274] >fff00000c4714480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.460398] ^ [ 17.460508] fff00000c4714500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.460631] fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.460756] ================================================================== [ 17.561920] ================================================================== [ 17.562254] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 17.562596] Write of size 1 at addr fff00000c79d60eb by task kunit_try_catch/162 [ 17.562935] [ 17.563042] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.563231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.563309] Hardware name: linux,dummy-virt (DT) [ 17.563413] Call trace: [ 17.563523] show_stack+0x20/0x38 (C) [ 17.563716] dump_stack_lvl+0x8c/0xd0 [ 17.563805] print_report+0x118/0x608 [ 17.563895] kasan_report+0xdc/0x128 [ 17.563990] __asan_report_store1_noabort+0x20/0x30 [ 17.564328] krealloc_more_oob_helper+0x60c/0x678 [ 17.564544] krealloc_large_more_oob+0x20/0x38 [ 17.565012] kunit_try_run_case+0x170/0x3f0 [ 17.565142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.565514] kthread+0x328/0x630 [ 17.565786] ret_from_fork+0x10/0x20 [ 17.565949] [ 17.566012] The buggy address belongs to the physical page: [ 17.566087] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4 [ 17.566254] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.566400] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.566548] page_type: f8(unknown) [ 17.566635] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.566792] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.566950] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.567086] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.567198] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff [ 17.567343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.567428] page dumped because: kasan: bad access detected [ 17.567517] [ 17.567578] Memory state around the buggy address: [ 17.567735] fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.567944] fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.568212] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.568304] ^ [ 17.568390] fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.568469] fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.568550] ================================================================== [ 17.462483] ================================================================== [ 17.463075] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 17.463191] Write of size 1 at addr fff00000c47144f0 by task kunit_try_catch/158 [ 17.463288] [ 17.463749] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.463909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.464210] Hardware name: linux,dummy-virt (DT) [ 17.464464] Call trace: [ 17.464546] show_stack+0x20/0x38 (C) [ 17.464721] dump_stack_lvl+0x8c/0xd0 [ 17.464865] print_report+0x118/0x608 [ 17.464967] kasan_report+0xdc/0x128 [ 17.465054] __asan_report_store1_noabort+0x20/0x30 [ 17.465166] krealloc_more_oob_helper+0x5c0/0x678 [ 17.465281] krealloc_more_oob+0x20/0x38 [ 17.465390] kunit_try_run_case+0x170/0x3f0 [ 17.465564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.465733] kthread+0x328/0x630 [ 17.465838] ret_from_fork+0x10/0x20 [ 17.465944] [ 17.465985] Allocated by task 158: [ 17.466047] kasan_save_stack+0x3c/0x68 [ 17.466133] kasan_save_track+0x20/0x40 [ 17.466210] kasan_save_alloc_info+0x40/0x58 [ 17.466294] __kasan_krealloc+0x118/0x178 [ 17.466371] krealloc_noprof+0x128/0x360 [ 17.466490] krealloc_more_oob_helper+0x168/0x678 [ 17.466800] krealloc_more_oob+0x20/0x38 [ 17.466888] kunit_try_run_case+0x170/0x3f0 [ 17.466969] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.467057] kthread+0x328/0x630 [ 17.467210] ret_from_fork+0x10/0x20 [ 17.467333] [ 17.467400] The buggy address belongs to the object at fff00000c4714400 [ 17.467400] which belongs to the cache kmalloc-256 of size 256 [ 17.467837] The buggy address is located 5 bytes to the right of [ 17.467837] allocated 235-byte region [fff00000c4714400, fff00000c47144eb) [ 17.468053] [ 17.468159] The buggy address belongs to the physical page: [ 17.468291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714 [ 17.468527] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.468776] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.469000] page_type: f5(slab) [ 17.469211] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.469507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.469725] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.469850] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.470065] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff [ 17.470196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.470651] page dumped because: kasan: bad access detected [ 17.470725] [ 17.470769] Memory state around the buggy address: [ 17.470925] fff00000c4714380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.471162] fff00000c4714400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.471404] >fff00000c4714480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.471943] ^ [ 17.472149] fff00000c4714500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.472266] fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.472436] ==================================================================
[ 17.575771] ================================================================== [ 17.577051] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.577768] Write of size 1 at addr ffff8881028a20f0 by task kunit_try_catch/180 [ 17.578372] [ 17.579766] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.579893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.579929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.579982] Call Trace: [ 17.580024] <TASK> [ 17.580070] dump_stack_lvl+0x73/0xb0 [ 17.580566] print_report+0xd1/0x650 [ 17.580626] ? __virt_addr_valid+0x1db/0x2d0 [ 17.580658] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.580692] ? kasan_addr_to_slab+0x11/0xa0 [ 17.580720] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.580754] kasan_report+0x141/0x180 [ 17.580784] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.580824] __asan_report_store1_noabort+0x1b/0x30 [ 17.580851] krealloc_more_oob_helper+0x7eb/0x930 [ 17.580882] ? __schedule+0x10cc/0x2b30 [ 17.580917] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.580953] ? finish_task_switch.isra.0+0x153/0x700 [ 17.580984] ? __switch_to+0x5d9/0xf60 [ 17.581011] ? dequeue_task_fair+0x166/0x4e0 [ 17.581043] ? __schedule+0x10cc/0x2b30 [ 17.581075] ? __pfx_read_tsc+0x10/0x10 [ 17.581106] krealloc_large_more_oob+0x1c/0x30 [ 17.581140] kunit_try_run_case+0x1a5/0x480 [ 17.581172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.581200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.581233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.581266] ? __kthread_parkme+0x82/0x180 [ 17.581295] ? preempt_count_sub+0x50/0x80 [ 17.581327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.581358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.581387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.581417] kthread+0x337/0x6f0 [ 17.581553] ? trace_preempt_on+0x20/0xc0 [ 17.581635] ? __pfx_kthread+0x10/0x10 [ 17.581669] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.581700] ? calculate_sigpending+0x7b/0xa0 [ 17.581729] ? __pfx_kthread+0x10/0x10 [ 17.581759] ret_from_fork+0x41/0x80 [ 17.581788] ? __pfx_kthread+0x10/0x10 [ 17.581817] ret_from_fork_asm+0x1a/0x30 [ 17.581858] </TASK> [ 17.581871] [ 17.602911] The buggy address belongs to the physical page: [ 17.603475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a0 [ 17.604444] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.605351] flags: 0x200000000000040(head|node=0|zone=2) [ 17.605926] page_type: f8(unknown) [ 17.606228] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.607079] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.607993] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.608848] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.609687] head: 0200000000000002 ffffea00040a2801 00000000ffffffff 00000000ffffffff [ 17.610427] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.610986] page dumped because: kasan: bad access detected [ 17.611675] [ 17.612137] Memory state around the buggy address: [ 17.612841] ffff8881028a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.613698] ffff8881028a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.614759] >ffff8881028a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.615337] ^ [ 17.616339] ffff8881028a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.617099] ffff8881028a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.618283] ================================================================== [ 17.530186] ================================================================== [ 17.531081] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.532527] Write of size 1 at addr ffff8881028a20eb by task kunit_try_catch/180 [ 17.533297] [ 17.533788] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.533908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.533944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.534004] Call Trace: [ 17.534046] <TASK> [ 17.534099] dump_stack_lvl+0x73/0xb0 [ 17.534185] print_report+0xd1/0x650 [ 17.534265] ? __virt_addr_valid+0x1db/0x2d0 [ 17.534321] ? krealloc_more_oob_helper+0x821/0x930 [ 17.534365] ? kasan_addr_to_slab+0x11/0xa0 [ 17.534410] ? krealloc_more_oob_helper+0x821/0x930 [ 17.534490] kasan_report+0x141/0x180 [ 17.534589] ? krealloc_more_oob_helper+0x821/0x930 [ 17.534637] __asan_report_store1_noabort+0x1b/0x30 [ 17.534667] krealloc_more_oob_helper+0x821/0x930 [ 17.534700] ? __schedule+0x10cc/0x2b30 [ 17.534735] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.534769] ? finish_task_switch.isra.0+0x153/0x700 [ 17.534801] ? __switch_to+0x5d9/0xf60 [ 17.534830] ? dequeue_task_fair+0x166/0x4e0 [ 17.534864] ? __schedule+0x10cc/0x2b30 [ 17.534894] ? __pfx_read_tsc+0x10/0x10 [ 17.534925] krealloc_large_more_oob+0x1c/0x30 [ 17.534957] kunit_try_run_case+0x1a5/0x480 [ 17.534991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.535021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.535052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.535084] ? __kthread_parkme+0x82/0x180 [ 17.535114] ? preempt_count_sub+0x50/0x80 [ 17.535146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.535176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.535206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.535236] kthread+0x337/0x6f0 [ 17.535264] ? trace_preempt_on+0x20/0xc0 [ 17.535297] ? __pfx_kthread+0x10/0x10 [ 17.535327] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.535356] ? calculate_sigpending+0x7b/0xa0 [ 17.535385] ? __pfx_kthread+0x10/0x10 [ 17.535416] ret_from_fork+0x41/0x80 [ 17.535460] ? __pfx_kthread+0x10/0x10 [ 17.535555] ret_from_fork_asm+0x1a/0x30 [ 17.535642] </TASK> [ 17.535660] [ 17.558081] The buggy address belongs to the physical page: [ 17.560731] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a0 [ 17.561887] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.562775] flags: 0x200000000000040(head|node=0|zone=2) [ 17.563280] page_type: f8(unknown) [ 17.563870] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.564877] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.565474] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.566326] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.567246] head: 0200000000000002 ffffea00040a2801 00000000ffffffff 00000000ffffffff [ 17.567951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.568733] page dumped because: kasan: bad access detected [ 17.569217] [ 17.569438] Memory state around the buggy address: [ 17.570025] ffff8881028a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.570695] ffff8881028a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.571421] >ffff8881028a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.572158] ^ [ 17.572972] ffff8881028a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.573608] ffff8881028a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.574447] ================================================================== [ 17.130404] ================================================================== [ 17.131398] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.132160] Write of size 1 at addr ffff8881003414eb by task kunit_try_catch/176 [ 17.133259] [ 17.134052] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.134181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.134223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.134281] Call Trace: [ 17.134321] <TASK> [ 17.134370] dump_stack_lvl+0x73/0xb0 [ 17.134600] print_report+0xd1/0x650 [ 17.134685] ? __virt_addr_valid+0x1db/0x2d0 [ 17.134761] ? krealloc_more_oob_helper+0x821/0x930 [ 17.134834] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.134874] ? krealloc_more_oob_helper+0x821/0x930 [ 17.134909] kasan_report+0x141/0x180 [ 17.134941] ? krealloc_more_oob_helper+0x821/0x930 [ 17.134981] __asan_report_store1_noabort+0x1b/0x30 [ 17.135009] krealloc_more_oob_helper+0x821/0x930 [ 17.135041] ? __schedule+0x10cc/0x2b30 [ 17.135074] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.135108] ? finish_task_switch.isra.0+0x153/0x700 [ 17.135141] ? __switch_to+0x5d9/0xf60 [ 17.135170] ? dequeue_task_fair+0x166/0x4e0 [ 17.135204] ? __schedule+0x10cc/0x2b30 [ 17.135235] ? __pfx_read_tsc+0x10/0x10 [ 17.135266] krealloc_more_oob+0x1c/0x30 [ 17.135297] kunit_try_run_case+0x1a5/0x480 [ 17.135332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.135362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.135394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.135427] ? __kthread_parkme+0x82/0x180 [ 17.135596] ? preempt_count_sub+0x50/0x80 [ 17.135675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.135741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.135811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.135885] kthread+0x337/0x6f0 [ 17.135932] ? trace_preempt_on+0x20/0xc0 [ 17.135967] ? __pfx_kthread+0x10/0x10 [ 17.136000] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.136032] ? calculate_sigpending+0x7b/0xa0 [ 17.136061] ? __pfx_kthread+0x10/0x10 [ 17.136093] ret_from_fork+0x41/0x80 [ 17.136122] ? __pfx_kthread+0x10/0x10 [ 17.136153] ret_from_fork_asm+0x1a/0x30 [ 17.136197] </TASK> [ 17.136212] [ 17.161400] Allocated by task 176: [ 17.162748] kasan_save_stack+0x45/0x70 [ 17.163162] kasan_save_track+0x18/0x40 [ 17.163864] kasan_save_alloc_info+0x3b/0x50 [ 17.164212] __kasan_krealloc+0x190/0x1f0 [ 17.164841] krealloc_noprof+0xf3/0x340 [ 17.165337] krealloc_more_oob_helper+0x1a9/0x930 [ 17.166302] krealloc_more_oob+0x1c/0x30 [ 17.166777] kunit_try_run_case+0x1a5/0x480 [ 17.167252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.168561] kthread+0x337/0x6f0 [ 17.169430] ret_from_fork+0x41/0x80 [ 17.169918] ret_from_fork_asm+0x1a/0x30 [ 17.170311] [ 17.170989] The buggy address belongs to the object at ffff888100341400 [ 17.170989] which belongs to the cache kmalloc-256 of size 256 [ 17.172127] The buggy address is located 0 bytes to the right of [ 17.172127] allocated 235-byte region [ffff888100341400, ffff8881003414eb) [ 17.173488] [ 17.173982] The buggy address belongs to the physical page: [ 17.174450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 17.175657] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.176425] flags: 0x200000000000040(head|node=0|zone=2) [ 17.177242] page_type: f5(slab) [ 17.177942] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.179061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.179787] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.180453] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.181389] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 17.182356] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.183194] page dumped because: kasan: bad access detected [ 17.183969] [ 17.184143] Memory state around the buggy address: [ 17.184864] ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.185451] ffff888100341400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.186616] >ffff888100341480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.187302] ^ [ 17.188126] ffff888100341500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.189079] ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.189882] ================================================================== [ 17.191198] ================================================================== [ 17.192286] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.193942] Write of size 1 at addr ffff8881003414f0 by task kunit_try_catch/176 [ 17.194704] [ 17.194869] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 17.194934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.194950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.194980] Call Trace: [ 17.194996] <TASK> [ 17.195019] dump_stack_lvl+0x73/0xb0 [ 17.195059] print_report+0xd1/0x650 [ 17.195092] ? __virt_addr_valid+0x1db/0x2d0 [ 17.195123] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.195158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.195189] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.195224] kasan_report+0x141/0x180 [ 17.195255] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.195296] __asan_report_store1_noabort+0x1b/0x30 [ 17.195325] krealloc_more_oob_helper+0x7eb/0x930 [ 17.195358] ? __schedule+0x10cc/0x2b30 [ 17.195393] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.195429] ? finish_task_switch.isra.0+0x153/0x700 [ 17.195517] ? __switch_to+0x5d9/0xf60 [ 17.195590] ? dequeue_task_fair+0x166/0x4e0 [ 17.195676] ? __schedule+0x10cc/0x2b30 [ 17.195752] ? __pfx_read_tsc+0x10/0x10 [ 17.195906] krealloc_more_oob+0x1c/0x30 [ 17.195983] kunit_try_run_case+0x1a5/0x480 [ 17.196063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.196132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.196206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.196254] ? __kthread_parkme+0x82/0x180 [ 17.196287] ? preempt_count_sub+0x50/0x80 [ 17.196321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.196354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.196386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.196418] kthread+0x337/0x6f0 [ 17.196528] ? trace_preempt_on+0x20/0xc0 [ 17.196596] ? __pfx_kthread+0x10/0x10 [ 17.196629] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.196661] ? calculate_sigpending+0x7b/0xa0 [ 17.196692] ? __pfx_kthread+0x10/0x10 [ 17.196724] ret_from_fork+0x41/0x80 [ 17.196755] ? __pfx_kthread+0x10/0x10 [ 17.196786] ret_from_fork_asm+0x1a/0x30 [ 17.196830] </TASK> [ 17.196843] [ 17.219437] Allocated by task 176: [ 17.220186] kasan_save_stack+0x45/0x70 [ 17.220980] kasan_save_track+0x18/0x40 [ 17.221284] kasan_save_alloc_info+0x3b/0x50 [ 17.221944] __kasan_krealloc+0x190/0x1f0 [ 17.222651] krealloc_noprof+0xf3/0x340 [ 17.223084] krealloc_more_oob_helper+0x1a9/0x930 [ 17.223553] krealloc_more_oob+0x1c/0x30 [ 17.224449] kunit_try_run_case+0x1a5/0x480 [ 17.224992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.225804] kthread+0x337/0x6f0 [ 17.226392] ret_from_fork+0x41/0x80 [ 17.227018] ret_from_fork_asm+0x1a/0x30 [ 17.227789] [ 17.227970] The buggy address belongs to the object at ffff888100341400 [ 17.227970] which belongs to the cache kmalloc-256 of size 256 [ 17.229780] The buggy address is located 5 bytes to the right of [ 17.229780] allocated 235-byte region [ffff888100341400, ffff8881003414eb) [ 17.231161] [ 17.231324] The buggy address belongs to the physical page: [ 17.232483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 17.233066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.234053] flags: 0x200000000000040(head|node=0|zone=2) [ 17.235140] page_type: f5(slab) [ 17.235856] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.236397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.237362] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.238374] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.239349] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 17.240094] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.240788] page dumped because: kasan: bad access detected [ 17.241821] [ 17.241994] Memory state around the buggy address: [ 17.242351] ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.243687] ffff888100341400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.244339] >ffff888100341480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.245016] ^ [ 17.246171] ffff888100341500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.246627] ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.247434] ==================================================================
[ 19.485032] ================================================================== [ 19.485706] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 19.486433] Write of size 1 at addr ffff000001a960f0 by task kunit_try_catch/218 [ 19.487105] [ 19.487261] CPU: 3 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.487297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.487307] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.487319] Call trace: [ 19.487328] show_stack+0x20/0x38 (C) [ 19.487351] dump_stack_lvl+0x8c/0xd0 [ 19.487373] print_report+0x118/0x608 [ 19.487394] kasan_report+0xdc/0x128 [ 19.487413] __asan_report_store1_noabort+0x20/0x30 [ 19.487438] krealloc_more_oob_helper+0x5c0/0x678 [ 19.487463] krealloc_large_more_oob+0x20/0x38 [ 19.487488] kunit_try_run_case+0x170/0x3f0 [ 19.487514] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.487541] kthread+0x328/0x630 [ 19.487566] ret_from_fork+0x10/0x20 [ 19.487590] [ 19.493575] The buggy address belongs to the physical page: [ 19.494082] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a94 [ 19.494794] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.495487] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 19.496124] page_type: f8(unknown) [ 19.496448] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.497150] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.497851] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.498560] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.499270] head: 03fffe0000000002 fffffdffc006a501 00000000ffffffff 00000000ffffffff [ 19.499979] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.500683] page dumped because: kasan: bad access detected [ 19.501189] [ 19.501334] Memory state around the buggy address: [ 19.501773] ffff000001a95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.502426] ffff000001a96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.503080] >ffff000001a96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 19.503730] ^ [ 19.504351] ffff000001a96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.505005] ffff000001a96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.505656] ================================================================== [ 19.462778] ================================================================== [ 19.463867] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 19.464591] Write of size 1 at addr ffff000001a960eb by task kunit_try_catch/218 [ 19.465275] [ 19.465441] CPU: 3 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.465489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.465503] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.465521] Call trace: [ 19.465533] show_stack+0x20/0x38 (C) [ 19.465568] dump_stack_lvl+0x8c/0xd0 [ 19.465600] print_report+0x118/0x608 [ 19.465630] kasan_report+0xdc/0x128 [ 19.465658] __asan_report_store1_noabort+0x20/0x30 [ 19.465692] krealloc_more_oob_helper+0x60c/0x678 [ 19.465729] krealloc_large_more_oob+0x20/0x38 [ 19.465764] kunit_try_run_case+0x170/0x3f0 [ 19.465799] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.465838] kthread+0x328/0x630 [ 19.465873] ret_from_fork+0x10/0x20 [ 19.465906] [ 19.471939] The buggy address belongs to the physical page: [ 19.472458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a94 [ 19.473181] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.473887] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 19.474538] page_type: f8(unknown) [ 19.474874] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.475590] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.476304] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.477026] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.477749] head: 03fffe0000000002 fffffdffc006a501 00000000ffffffff 00000000ffffffff [ 19.478471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.479186] page dumped because: kasan: bad access detected [ 19.479701] [ 19.479852] Memory state around the buggy address: [ 19.480299] ffff000001a95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.480964] ffff000001a96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.481629] >ffff000001a96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 19.482290] ^ [ 19.482899] ffff000001a96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.483565] ffff000001a96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.484226] ================================================================== [ 19.258095] ================================================================== [ 19.259091] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 19.259797] Write of size 1 at addr ffff00000a9e8aeb by task kunit_try_catch/214 [ 19.260467] [ 19.260614] CPU: 5 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.260639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.260645] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.260653] Call trace: [ 19.260659] show_stack+0x20/0x38 (C) [ 19.260676] dump_stack_lvl+0x8c/0xd0 [ 19.260691] print_report+0x118/0x608 [ 19.260704] kasan_report+0xdc/0x128 [ 19.260717] __asan_report_store1_noabort+0x20/0x30 [ 19.260732] krealloc_more_oob_helper+0x60c/0x678 [ 19.260749] krealloc_more_oob+0x20/0x38 [ 19.260765] kunit_try_run_case+0x170/0x3f0 [ 19.260781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.260798] kthread+0x328/0x630 [ 19.260814] ret_from_fork+0x10/0x20 [ 19.260828] [ 19.266719] Allocated by task 214: [ 19.267028] kasan_save_stack+0x3c/0x68 [ 19.267381] kasan_save_track+0x20/0x40 [ 19.267731] kasan_save_alloc_info+0x40/0x58 [ 19.268121] __kasan_krealloc+0x118/0x178 [ 19.268486] krealloc_noprof+0x128/0x360 [ 19.268844] krealloc_more_oob_helper+0x168/0x678 [ 19.269273] krealloc_more_oob+0x20/0x38 [ 19.269635] kunit_try_run_case+0x170/0x3f0 [ 19.270017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.270514] kthread+0x328/0x630 [ 19.270813] ret_from_fork+0x10/0x20 [ 19.271140] [ 19.271281] The buggy address belongs to the object at ffff00000a9e8a00 [ 19.271281] which belongs to the cache kmalloc-256 of size 256 [ 19.272385] The buggy address is located 0 bytes to the right of [ 19.272385] allocated 235-byte region [ffff00000a9e8a00, ffff00000a9e8aeb) [ 19.273531] [ 19.273671] The buggy address belongs to the physical page: [ 19.274170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa9e8 [ 19.274869] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.275551] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 19.276176] page_type: f5(slab) [ 19.276467] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 19.277158] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.277847] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 19.278545] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.279242] head: 03fffe0000000001 fffffdffc02a7a01 00000000ffffffff 00000000ffffffff [ 19.279938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.280632] page dumped because: kasan: bad access detected [ 19.281129] [ 19.281269] Memory state around the buggy address: [ 19.281699] ffff00000a9e8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.282342] ffff00000a9e8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.282985] >ffff00000a9e8a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 19.283626] ^ [ 19.284214] ffff00000a9e8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.284857] ffff00000a9e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.285498] ================================================================== [ 19.286224] ================================================================== [ 19.286869] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 19.287549] Write of size 1 at addr ffff00000a9e8af0 by task kunit_try_catch/214 [ 19.288208] [ 19.288350] CPU: 5 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.288367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.288371] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.288377] Call trace: [ 19.288380] show_stack+0x20/0x38 (C) [ 19.288392] dump_stack_lvl+0x8c/0xd0 [ 19.288401] print_report+0x118/0x608 [ 19.288411] kasan_report+0xdc/0x128 [ 19.288420] __asan_report_store1_noabort+0x20/0x30 [ 19.288431] krealloc_more_oob_helper+0x5c0/0x678 [ 19.288444] krealloc_more_oob+0x20/0x38 [ 19.288455] kunit_try_run_case+0x170/0x3f0 [ 19.288467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.288480] kthread+0x328/0x630 [ 19.288491] ret_from_fork+0x10/0x20 [ 19.288501] [ 19.294374] Allocated by task 214: [ 19.294679] kasan_save_stack+0x3c/0x68 [ 19.295024] kasan_save_track+0x20/0x40 [ 19.295370] kasan_save_alloc_info+0x40/0x58 [ 19.295755] __kasan_krealloc+0x118/0x178 [ 19.296116] krealloc_noprof+0x128/0x360 [ 19.296469] krealloc_more_oob_helper+0x168/0x678 [ 19.296893] krealloc_more_oob+0x20/0x38 [ 19.297249] kunit_try_run_case+0x170/0x3f0 [ 19.297625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.298117] kthread+0x328/0x630 [ 19.298411] ret_from_fork+0x10/0x20 [ 19.298734] [ 19.298872] The buggy address belongs to the object at ffff00000a9e8a00 [ 19.298872] which belongs to the cache kmalloc-256 of size 256 [ 19.299971] The buggy address is located 5 bytes to the right of [ 19.299971] allocated 235-byte region [ffff00000a9e8a00, ffff00000a9e8aeb) [ 19.301109] [ 19.301246] The buggy address belongs to the physical page: [ 19.301739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa9e8 [ 19.302433] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.303109] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 19.303726] page_type: f5(slab) [ 19.304011] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 19.304696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.305379] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 19.306070] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.306763] head: 03fffe0000000001 fffffdffc02a7a01 00000000ffffffff 00000000ffffffff [ 19.307455] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.308146] page dumped because: kasan: bad access detected [ 19.308638] [ 19.308775] Memory state around the buggy address: [ 19.309201] ffff00000a9e8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.309841] ffff00000a9e8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.310480] >ffff00000a9e8a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 19.311116] ^ [ 19.311723] ffff00000a9e8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.312361] ffff00000a9e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.312997] ==================================================================