Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 24.388718] ================================================================== [ 24.395834] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.403382] Write of size 1 at addr ffff0008033820f0 by task kunit_try_catch/207 [ 24.410760] [ 24.412245] CPU: 7 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.412301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.412316] Hardware name: WinLink E850-96 board (DT) [ 24.412337] Call trace: [ 24.412352] show_stack+0x20/0x38 (C) [ 24.412389] dump_stack_lvl+0x8c/0xd0 [ 24.412423] print_report+0x118/0x608 [ 24.412457] kasan_report+0xdc/0x128 [ 24.412492] __asan_report_store1_noabort+0x20/0x30 [ 24.412524] krealloc_more_oob_helper+0x5c0/0x678 [ 24.412556] krealloc_large_more_oob+0x20/0x38 [ 24.412588] kunit_try_run_case+0x170/0x3f0 [ 24.412624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.412658] kthread+0x328/0x630 [ 24.412686] ret_from_fork+0x10/0x20 [ 24.412720] [ 24.480118] The buggy address belongs to the physical page: [ 24.485676] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883380 [ 24.493658] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.501299] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.508242] page_type: f8(unknown) [ 24.511636] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.519359] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.527085] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.534897] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.542710] head: 0bfffe0000000002 fffffdffe00ce001 00000000ffffffff 00000000ffffffff [ 24.550522] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.558327] page dumped because: kasan: bad access detected [ 24.563883] [ 24.565358] Memory state around the buggy address: [ 24.570139] ffff000803381f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.577341] ffff000803382000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.584546] >ffff000803382080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.591747] ^ [ 24.598608] ffff000803382100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.605813] ffff000803382180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.613014] ================================================================== [ 21.999689] ================================================================== [ 22.008891] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 22.016440] Write of size 1 at addr ffff0008033508eb by task kunit_try_catch/203 [ 22.023818] [ 22.025304] CPU: 7 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.025362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.025381] Hardware name: WinLink E850-96 board (DT) [ 22.025400] Call trace: [ 22.025415] show_stack+0x20/0x38 (C) [ 22.025452] dump_stack_lvl+0x8c/0xd0 [ 22.025487] print_report+0x118/0x608 [ 22.025525] kasan_report+0xdc/0x128 [ 22.025560] __asan_report_store1_noabort+0x20/0x30 [ 22.025594] krealloc_more_oob_helper+0x60c/0x678 [ 22.025628] krealloc_more_oob+0x20/0x38 [ 22.025657] kunit_try_run_case+0x170/0x3f0 [ 22.025695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.025733] kthread+0x328/0x630 [ 22.025761] ret_from_fork+0x10/0x20 [ 22.025798] [ 22.092654] Allocated by task 203: [ 22.096041] kasan_save_stack+0x3c/0x68 [ 22.099857] kasan_save_track+0x20/0x40 [ 22.103677] kasan_save_alloc_info+0x40/0x58 [ 22.107930] __kasan_krealloc+0x118/0x178 [ 22.111923] krealloc_noprof+0x128/0x360 [ 22.115829] krealloc_more_oob_helper+0x168/0x678 [ 22.120517] krealloc_more_oob+0x20/0x38 [ 22.124423] kunit_try_run_case+0x170/0x3f0 [ 22.128591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.134058] kthread+0x328/0x630 [ 22.137270] ret_from_fork+0x10/0x20 [ 22.140829] [ 22.142306] The buggy address belongs to the object at ffff000803350800 [ 22.142306] which belongs to the cache kmalloc-256 of size 256 [ 22.154807] The buggy address is located 0 bytes to the right of [ 22.154807] allocated 235-byte region [ffff000803350800, ffff0008033508eb) [ 22.167738] [ 22.169218] The buggy address belongs to the physical page: [ 22.174774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883350 [ 22.182757] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.190396] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.197341] page_type: f5(slab) [ 22.200477] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.208196] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.215924] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.223734] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.231546] head: 0bfffe0000000002 fffffdffe00cd401 00000000ffffffff 00000000ffffffff [ 22.239359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.247165] page dumped because: kasan: bad access detected [ 22.252721] [ 22.254195] Memory state around the buggy address: [ 22.258976] ffff000803350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.266180] ffff000803350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.273382] >ffff000803350880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.280584] ^ [ 22.287184] ffff000803350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.294389] ffff000803350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.301593] ================================================================== [ 24.155102] ================================================================== [ 24.164500] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.172050] Write of size 1 at addr ffff0008033820eb by task kunit_try_catch/207 [ 24.179427] [ 24.180911] CPU: 7 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.180972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.180989] Hardware name: WinLink E850-96 board (DT) [ 24.181007] Call trace: [ 24.181021] show_stack+0x20/0x38 (C) [ 24.181055] dump_stack_lvl+0x8c/0xd0 [ 24.181091] print_report+0x118/0x608 [ 24.181128] kasan_report+0xdc/0x128 [ 24.181160] __asan_report_store1_noabort+0x20/0x30 [ 24.181194] krealloc_more_oob_helper+0x60c/0x678 [ 24.181232] krealloc_large_more_oob+0x20/0x38 [ 24.181264] kunit_try_run_case+0x170/0x3f0 [ 24.181299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.181336] kthread+0x328/0x630 [ 24.181366] ret_from_fork+0x10/0x20 [ 24.181401] [ 24.248787] The buggy address belongs to the physical page: [ 24.254342] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883380 [ 24.262328] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.269965] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.276909] page_type: f8(unknown) [ 24.280304] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.288026] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.295753] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.303564] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.311377] head: 0bfffe0000000002 fffffdffe00ce001 00000000ffffffff 00000000ffffffff [ 24.319189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.326994] page dumped because: kasan: bad access detected [ 24.332549] [ 24.334025] Memory state around the buggy address: [ 24.338809] ffff000803381f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.346008] ffff000803382000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.353213] >ffff000803382080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.360414] ^ [ 24.367014] ffff000803382100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.374219] ffff000803382180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.381422] ================================================================== [ 22.308913] ================================================================== [ 22.316004] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 22.323552] Write of size 1 at addr ffff0008033508f0 by task kunit_try_catch/203 [ 22.330930] [ 22.332415] CPU: 7 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 22.332470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.332484] Hardware name: WinLink E850-96 board (DT) [ 22.332504] Call trace: [ 22.332518] show_stack+0x20/0x38 (C) [ 22.332552] dump_stack_lvl+0x8c/0xd0 [ 22.332587] print_report+0x118/0x608 [ 22.332623] kasan_report+0xdc/0x128 [ 22.332655] __asan_report_store1_noabort+0x20/0x30 [ 22.332689] krealloc_more_oob_helper+0x5c0/0x678 [ 22.332720] krealloc_more_oob+0x20/0x38 [ 22.332752] kunit_try_run_case+0x170/0x3f0 [ 22.332786] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.332822] kthread+0x328/0x630 [ 22.332850] ret_from_fork+0x10/0x20 [ 22.332884] [ 22.399766] Allocated by task 203: [ 22.403153] kasan_save_stack+0x3c/0x68 [ 22.406971] kasan_save_track+0x20/0x40 [ 22.410790] kasan_save_alloc_info+0x40/0x58 [ 22.415043] __kasan_krealloc+0x118/0x178 [ 22.419036] krealloc_noprof+0x128/0x360 [ 22.422943] krealloc_more_oob_helper+0x168/0x678 [ 22.427630] krealloc_more_oob+0x20/0x38 [ 22.431536] kunit_try_run_case+0x170/0x3f0 [ 22.435704] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.441172] kthread+0x328/0x630 [ 22.444383] ret_from_fork+0x10/0x20 [ 22.447942] [ 22.449419] The buggy address belongs to the object at ffff000803350800 [ 22.449419] which belongs to the cache kmalloc-256 of size 256 [ 22.461918] The buggy address is located 5 bytes to the right of [ 22.461918] allocated 235-byte region [ffff000803350800, ffff0008033508eb) [ 22.474852] [ 22.476329] The buggy address belongs to the physical page: [ 22.481888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883350 [ 22.489870] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.497509] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.504452] page_type: f5(slab) [ 22.507588] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.515309] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.523036] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.530847] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.538660] head: 0bfffe0000000002 fffffdffe00cd401 00000000ffffffff 00000000ffffffff [ 22.546472] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.554278] page dumped because: kasan: bad access detected [ 22.559833] [ 22.561308] Memory state around the buggy address: [ 22.566087] ffff000803350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.573294] ffff000803350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.580496] >ffff000803350880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.587697] ^ [ 22.594558] ffff000803350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.601763] ffff000803350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608965] ==================================================================
[ 24.881699] ================================================================== [ 24.881928] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.882471] Write of size 1 at addr fff00000c178baf0 by task kunit_try_catch/156 [ 24.882878] [ 24.883161] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.883374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.883486] Hardware name: linux,dummy-virt (DT) [ 24.883565] Call trace: [ 24.883614] show_stack+0x20/0x38 (C) [ 24.883747] dump_stack_lvl+0x8c/0xd0 [ 24.883869] print_report+0x118/0x608 [ 24.884051] kasan_report+0xdc/0x128 [ 24.884189] __asan_report_store1_noabort+0x20/0x30 [ 24.884317] krealloc_more_oob_helper+0x5c0/0x678 [ 24.884500] krealloc_more_oob+0x20/0x38 [ 24.884632] kunit_try_run_case+0x170/0x3f0 [ 24.884797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.885265] kthread+0x328/0x630 [ 24.885756] ret_from_fork+0x10/0x20 [ 24.885876] [ 24.886406] Allocated by task 156: [ 24.886614] kasan_save_stack+0x3c/0x68 [ 24.887064] kasan_save_track+0x20/0x40 [ 24.887168] kasan_save_alloc_info+0x40/0x58 [ 24.887759] __kasan_krealloc+0x118/0x178 [ 24.887870] krealloc_noprof+0x128/0x360 [ 24.889227] krealloc_more_oob_helper+0x168/0x678 [ 24.889337] krealloc_more_oob+0x20/0x38 [ 24.889430] kunit_try_run_case+0x170/0x3f0 [ 24.889534] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.889827] kthread+0x328/0x630 [ 24.890053] ret_from_fork+0x10/0x20 [ 24.890147] [ 24.890191] The buggy address belongs to the object at fff00000c178ba00 [ 24.890191] which belongs to the cache kmalloc-256 of size 256 [ 24.890328] The buggy address is located 5 bytes to the right of [ 24.890328] allocated 235-byte region [fff00000c178ba00, fff00000c178baeb) [ 24.890897] [ 24.890991] The buggy address belongs to the physical page: [ 24.891075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.891376] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.891510] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.892325] page_type: f5(slab) [ 24.892465] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.892799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.893060] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.893188] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.893313] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.893482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.893580] page dumped because: kasan: bad access detected [ 24.893689] [ 24.893797] Memory state around the buggy address: [ 24.893881] fff00000c178b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.894173] fff00000c178ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.894346] >fff00000c178ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.894436] ^ [ 24.894685] fff00000c178bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.894988] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.895157] ================================================================== [ 25.020689] ================================================================== [ 25.020783] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 25.020925] Write of size 1 at addr fff00000c64be0f0 by task kunit_try_catch/160 [ 25.021066] [ 25.021288] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.021481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.021545] Hardware name: linux,dummy-virt (DT) [ 25.022050] Call trace: [ 25.022193] show_stack+0x20/0x38 (C) [ 25.022982] dump_stack_lvl+0x8c/0xd0 [ 25.023101] print_report+0x118/0x608 [ 25.023233] kasan_report+0xdc/0x128 [ 25.023348] __asan_report_store1_noabort+0x20/0x30 [ 25.023470] krealloc_more_oob_helper+0x5c0/0x678 [ 25.023588] krealloc_large_more_oob+0x20/0x38 [ 25.023704] kunit_try_run_case+0x170/0x3f0 [ 25.023821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.026270] kthread+0x328/0x630 [ 25.026412] ret_from_fork+0x10/0x20 [ 25.026544] [ 25.026636] The buggy address belongs to the physical page: [ 25.026720] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.026857] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.026995] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.027990] page_type: f8(unknown) [ 25.028289] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.028549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.028669] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.028785] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.028902] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.030167] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.031348] page dumped because: kasan: bad access detected [ 25.031540] [ 25.031613] Memory state around the buggy address: [ 25.031689] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.031796] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.032878] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.032988] ^ [ 25.033088] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033838] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.034115] ================================================================== [ 24.867428] ================================================================== [ 24.867557] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.867671] Write of size 1 at addr fff00000c178baeb by task kunit_try_catch/156 [ 24.867784] [ 24.867849] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.868057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.868133] Hardware name: linux,dummy-virt (DT) [ 24.868218] Call trace: [ 24.868298] show_stack+0x20/0x38 (C) [ 24.868441] dump_stack_lvl+0x8c/0xd0 [ 24.868575] print_report+0x118/0x608 [ 24.868716] kasan_report+0xdc/0x128 [ 24.868884] __asan_report_store1_noabort+0x20/0x30 [ 24.869136] krealloc_more_oob_helper+0x60c/0x678 [ 24.870207] krealloc_more_oob+0x20/0x38 [ 24.870688] kunit_try_run_case+0x170/0x3f0 [ 24.870814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.873848] kthread+0x328/0x630 [ 24.874183] ret_from_fork+0x10/0x20 [ 24.874515] [ 24.874590] Allocated by task 156: [ 24.874663] kasan_save_stack+0x3c/0x68 [ 24.874818] kasan_save_track+0x20/0x40 [ 24.874948] kasan_save_alloc_info+0x40/0x58 [ 24.875200] __kasan_krealloc+0x118/0x178 [ 24.875311] krealloc_noprof+0x128/0x360 [ 24.875903] krealloc_more_oob_helper+0x168/0x678 [ 24.876029] krealloc_more_oob+0x20/0x38 [ 24.876134] kunit_try_run_case+0x170/0x3f0 [ 24.876332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.876459] kthread+0x328/0x630 [ 24.876582] ret_from_fork+0x10/0x20 [ 24.876679] [ 24.876733] The buggy address belongs to the object at fff00000c178ba00 [ 24.876733] which belongs to the cache kmalloc-256 of size 256 [ 24.877149] The buggy address is located 0 bytes to the right of [ 24.877149] allocated 235-byte region [fff00000c178ba00, fff00000c178baeb) [ 24.877232] [ 24.877258] The buggy address belongs to the physical page: [ 24.877298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.877362] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.877420] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.877487] page_type: f5(slab) [ 24.877533] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.877595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.877656] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.877714] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.877772] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.877833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.877881] page dumped because: kasan: bad access detected [ 24.877918] [ 24.877972] Memory state around the buggy address: [ 24.878047] fff00000c178b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.878201] fff00000c178ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.878634] >fff00000c178ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.879178] ^ [ 24.879550] fff00000c178bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.879868] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.880114] ================================================================== [ 25.013055] ================================================================== [ 25.013173] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 25.013330] Write of size 1 at addr fff00000c64be0eb by task kunit_try_catch/160 [ 25.013533] [ 25.013739] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.014159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.014354] Hardware name: linux,dummy-virt (DT) [ 25.014432] Call trace: [ 25.014484] show_stack+0x20/0x38 (C) [ 25.014605] dump_stack_lvl+0x8c/0xd0 [ 25.014734] print_report+0x118/0x608 [ 25.014894] kasan_report+0xdc/0x128 [ 25.015167] __asan_report_store1_noabort+0x20/0x30 [ 25.015318] krealloc_more_oob_helper+0x60c/0x678 [ 25.015458] krealloc_large_more_oob+0x20/0x38 [ 25.015599] kunit_try_run_case+0x170/0x3f0 [ 25.015746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.016056] kthread+0x328/0x630 [ 25.016224] ret_from_fork+0x10/0x20 [ 25.016444] [ 25.016602] The buggy address belongs to the physical page: [ 25.016709] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.016859] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.017039] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.017183] page_type: f8(unknown) [ 25.017304] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.017635] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.017958] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.018092] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.018230] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.018423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.018541] page dumped because: kasan: bad access detected [ 25.018648] [ 25.018769] Memory state around the buggy address: [ 25.018959] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.019067] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.019235] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.019339] ^ [ 25.019444] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.019562] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.019722] ==================================================================
[ 25.249507] ================================================================== [ 25.249633] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 25.249756] Write of size 1 at addr fff00000c65020eb by task kunit_try_catch/160 [ 25.249900] [ 25.249981] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.250173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.250238] Hardware name: linux,dummy-virt (DT) [ 25.250313] Call trace: [ 25.250415] show_stack+0x20/0x38 (C) [ 25.250544] dump_stack_lvl+0x8c/0xd0 [ 25.250690] print_report+0x118/0x608 [ 25.251170] kasan_report+0xdc/0x128 [ 25.251665] __asan_report_store1_noabort+0x20/0x30 [ 25.251826] krealloc_more_oob_helper+0x60c/0x678 [ 25.251989] krealloc_large_more_oob+0x20/0x38 [ 25.252128] kunit_try_run_case+0x170/0x3f0 [ 25.252329] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.252520] kthread+0x328/0x630 [ 25.252624] ret_from_fork+0x10/0x20 [ 25.253215] [ 25.253277] The buggy address belongs to the physical page: [ 25.253357] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106500 [ 25.253493] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.253614] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.253803] page_type: f8(unknown) [ 25.254205] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.254330] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.254450] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.255667] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.256150] head: 0bfffe0000000002 ffffc1ffc3194001 00000000ffffffff 00000000ffffffff [ 25.256273] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.256370] page dumped because: kasan: bad access detected [ 25.256442] [ 25.257016] Memory state around the buggy address: [ 25.257231] fff00000c6501f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.257611] fff00000c6502000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.258042] >fff00000c6502080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.258205] ^ [ 25.258392] fff00000c6502100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.258503] fff00000c6502180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.258863] ================================================================== [ 25.112160] ================================================================== [ 25.112253] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 25.112935] Write of size 1 at addr fff00000c17ed2f0 by task kunit_try_catch/156 [ 25.113070] [ 25.113252] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.113516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.114199] Hardware name: linux,dummy-virt (DT) [ 25.114381] Call trace: [ 25.114465] show_stack+0x20/0x38 (C) [ 25.114664] dump_stack_lvl+0x8c/0xd0 [ 25.114780] print_report+0x118/0x608 [ 25.114918] kasan_report+0xdc/0x128 [ 25.115086] __asan_report_store1_noabort+0x20/0x30 [ 25.115242] krealloc_more_oob_helper+0x5c0/0x678 [ 25.115362] krealloc_more_oob+0x20/0x38 [ 25.115478] kunit_try_run_case+0x170/0x3f0 [ 25.115595] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.115722] kthread+0x328/0x630 [ 25.115865] ret_from_fork+0x10/0x20 [ 25.116006] [ 25.116059] Allocated by task 156: [ 25.116136] kasan_save_stack+0x3c/0x68 [ 25.116758] kasan_save_track+0x20/0x40 [ 25.117413] kasan_save_alloc_info+0x40/0x58 [ 25.117703] __kasan_krealloc+0x118/0x178 [ 25.118040] krealloc_noprof+0x128/0x360 [ 25.118231] krealloc_more_oob_helper+0x168/0x678 [ 25.118873] krealloc_more_oob+0x20/0x38 [ 25.118973] kunit_try_run_case+0x170/0x3f0 [ 25.119070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.119171] kthread+0x328/0x630 [ 25.119250] ret_from_fork+0x10/0x20 [ 25.119335] [ 25.119858] The buggy address belongs to the object at fff00000c17ed200 [ 25.119858] which belongs to the cache kmalloc-256 of size 256 [ 25.120175] The buggy address is located 5 bytes to the right of [ 25.120175] allocated 235-byte region [fff00000c17ed200, fff00000c17ed2eb) [ 25.120879] [ 25.120994] The buggy address belongs to the physical page: [ 25.121071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017ec [ 25.121554] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.122030] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.122389] page_type: f5(slab) [ 25.122587] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.122713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.122833] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.122969] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.123166] head: 0bfffe0000000001 ffffc1ffc305fb01 00000000ffffffff 00000000ffffffff [ 25.123610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.123981] page dumped because: kasan: bad access detected [ 25.124311] [ 25.124447] Memory state around the buggy address: [ 25.124827] fff00000c17ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.125064] fff00000c17ed200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.125184] >fff00000c17ed280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.125287] ^ [ 25.125769] fff00000c17ed300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.125902] fff00000c17ed380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.126218] ================================================================== [ 25.098483] ================================================================== [ 25.098616] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 25.098744] Write of size 1 at addr fff00000c17ed2eb by task kunit_try_catch/156 [ 25.099062] [ 25.099162] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.099640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.099722] Hardware name: linux,dummy-virt (DT) [ 25.099965] Call trace: [ 25.100031] show_stack+0x20/0x38 (C) [ 25.100225] dump_stack_lvl+0x8c/0xd0 [ 25.100354] print_report+0x118/0x608 [ 25.100525] kasan_report+0xdc/0x128 [ 25.100671] __asan_report_store1_noabort+0x20/0x30 [ 25.101007] krealloc_more_oob_helper+0x60c/0x678 [ 25.101243] krealloc_more_oob+0x20/0x38 [ 25.101419] kunit_try_run_case+0x170/0x3f0 [ 25.101622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.101857] kthread+0x328/0x630 [ 25.102173] ret_from_fork+0x10/0x20 [ 25.102493] [ 25.102755] Allocated by task 156: [ 25.103169] kasan_save_stack+0x3c/0x68 [ 25.103293] kasan_save_track+0x20/0x40 [ 25.103515] kasan_save_alloc_info+0x40/0x58 [ 25.103994] __kasan_krealloc+0x118/0x178 [ 25.104101] krealloc_noprof+0x128/0x360 [ 25.104212] krealloc_more_oob_helper+0x168/0x678 [ 25.104310] krealloc_more_oob+0x20/0x38 [ 25.104406] kunit_try_run_case+0x170/0x3f0 [ 25.104613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.104756] kthread+0x328/0x630 [ 25.105011] ret_from_fork+0x10/0x20 [ 25.105184] [ 25.105239] The buggy address belongs to the object at fff00000c17ed200 [ 25.105239] which belongs to the cache kmalloc-256 of size 256 [ 25.105946] The buggy address is located 0 bytes to the right of [ 25.105946] allocated 235-byte region [fff00000c17ed200, fff00000c17ed2eb) [ 25.106245] [ 25.106303] The buggy address belongs to the physical page: [ 25.106539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017ec [ 25.106720] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.106904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.107070] page_type: f5(slab) [ 25.107248] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.107466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.107628] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.107824] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.108353] head: 0bfffe0000000001 ffffc1ffc305fb01 00000000ffffffff 00000000ffffffff [ 25.108560] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.108767] page dumped because: kasan: bad access detected [ 25.108859] [ 25.108967] Memory state around the buggy address: [ 25.109148] fff00000c17ed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.109398] fff00000c17ed200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.109861] >fff00000c17ed280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.110019] ^ [ 25.110129] fff00000c17ed300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.110245] fff00000c17ed380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.110516] ================================================================== [ 25.261051] ================================================================== [ 25.261142] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 25.261244] Write of size 1 at addr fff00000c65020f0 by task kunit_try_catch/160 [ 25.261360] [ 25.261424] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.261604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.261665] Hardware name: linux,dummy-virt (DT) [ 25.261734] Call trace: [ 25.261783] show_stack+0x20/0x38 (C) [ 25.264137] dump_stack_lvl+0x8c/0xd0 [ 25.264281] print_report+0x118/0x608 [ 25.264411] kasan_report+0xdc/0x128 [ 25.264538] __asan_report_store1_noabort+0x20/0x30 [ 25.264663] krealloc_more_oob_helper+0x5c0/0x678 [ 25.264826] krealloc_large_more_oob+0x20/0x38 [ 25.265033] kunit_try_run_case+0x170/0x3f0 [ 25.265355] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.265828] kthread+0x328/0x630 [ 25.265973] ret_from_fork+0x10/0x20 [ 25.266103] [ 25.266151] The buggy address belongs to the physical page: [ 25.266659] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106500 [ 25.266962] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.267090] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.267273] page_type: f8(unknown) [ 25.267369] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.267485] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.267631] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.267754] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.267907] head: 0bfffe0000000002 ffffc1ffc3194001 00000000ffffffff 00000000ffffffff [ 25.268027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.268179] page dumped because: kasan: bad access detected [ 25.268327] [ 25.268375] Memory state around the buggy address: [ 25.268577] fff00000c6501f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.268700] fff00000c6502000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.268912] >fff00000c6502080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.269016] ^ [ 25.269165] fff00000c6502100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.269716] fff00000c6502180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.269928] ==================================================================
[ 18.264034] ================================================================== [ 18.264988] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 18.265939] Write of size 1 at addr ffff88810261e0eb by task kunit_try_catch/178 [ 18.266462] [ 18.266857] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 18.266966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.266997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.267048] Call Trace: [ 18.267089] <TASK> [ 18.267132] dump_stack_lvl+0x73/0xb0 [ 18.267374] print_report+0xd1/0x650 [ 18.267457] ? __virt_addr_valid+0x1db/0x2d0 [ 18.267598] ? krealloc_more_oob_helper+0x821/0x930 [ 18.267681] ? kasan_addr_to_slab+0x11/0xa0 [ 18.267751] ? krealloc_more_oob_helper+0x821/0x930 [ 18.267828] kasan_report+0x141/0x180 [ 18.267900] ? krealloc_more_oob_helper+0x821/0x930 [ 18.267983] __asan_report_store1_noabort+0x1b/0x30 [ 18.268061] krealloc_more_oob_helper+0x821/0x930 [ 18.268128] ? __schedule+0x10cc/0x2b60 [ 18.268200] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 18.268404] ? finish_task_switch.isra.0+0x153/0x700 [ 18.268482] ? __switch_to+0x47/0xf50 [ 18.268627] ? __schedule+0x10cc/0x2b60 [ 18.268701] ? __pfx_read_tsc+0x10/0x10 [ 18.268778] krealloc_large_more_oob+0x1c/0x30 [ 18.268853] kunit_try_run_case+0x1a5/0x480 [ 18.268939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.269009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.269047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.269081] ? __kthread_parkme+0x82/0x180 [ 18.269111] ? preempt_count_sub+0x50/0x80 [ 18.269144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.269179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.269212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.269292] kthread+0x337/0x6f0 [ 18.269324] ? trace_preempt_on+0x20/0xc0 [ 18.269360] ? __pfx_kthread+0x10/0x10 [ 18.269388] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.269420] ? calculate_sigpending+0x7b/0xa0 [ 18.269456] ? __pfx_kthread+0x10/0x10 [ 18.269485] ret_from_fork+0x116/0x1d0 [ 18.269548] ? __pfx_kthread+0x10/0x10 [ 18.269680] ret_from_fork_asm+0x1a/0x30 [ 18.269762] </TASK> [ 18.269782] [ 18.292209] The buggy address belongs to the physical page: [ 18.293160] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10261c [ 18.294130] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.295079] flags: 0x200000000000040(head|node=0|zone=2) [ 18.295854] page_type: f8(unknown) [ 18.296341] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.297170] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.298123] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.299146] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.300495] head: 0200000000000002 ffffea0004098701 00000000ffffffff 00000000ffffffff [ 18.301349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.302173] page dumped because: kasan: bad access detected [ 18.303000] [ 18.303197] Memory state around the buggy address: [ 18.303994] ffff88810261df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.304742] ffff88810261e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.305449] >ffff88810261e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 18.306184] ^ [ 18.306944] ffff88810261e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.307833] ffff88810261e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.308487] ================================================================== [ 17.886165] ================================================================== [ 17.887007] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.887738] Write of size 1 at addr ffff8881003492f0 by task kunit_try_catch/174 [ 17.888437] [ 17.889019] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.889151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.889192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.889378] Call Trace: [ 17.889460] <TASK> [ 17.889534] dump_stack_lvl+0x73/0xb0 [ 17.889660] print_report+0xd1/0x650 [ 17.889735] ? __virt_addr_valid+0x1db/0x2d0 [ 17.889798] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.889858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.889919] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.889981] kasan_report+0x141/0x180 [ 17.890040] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.890110] __asan_report_store1_noabort+0x1b/0x30 [ 17.890188] krealloc_more_oob_helper+0x7eb/0x930 [ 17.890257] ? __schedule+0x10cc/0x2b60 [ 17.890328] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.890397] ? finish_task_switch.isra.0+0x153/0x700 [ 17.890466] ? __switch_to+0x47/0xf50 [ 17.890571] ? __schedule+0x10cc/0x2b60 [ 17.890643] ? __pfx_read_tsc+0x10/0x10 [ 17.890715] krealloc_more_oob+0x1c/0x30 [ 17.890806] kunit_try_run_case+0x1a5/0x480 [ 17.890911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.890983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.891054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.891126] ? __kthread_parkme+0x82/0x180 [ 17.891191] ? preempt_count_sub+0x50/0x80 [ 17.891285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.891362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.891434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.891476] kthread+0x337/0x6f0 [ 17.891541] ? trace_preempt_on+0x20/0xc0 [ 17.891627] ? __pfx_kthread+0x10/0x10 [ 17.891683] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.891745] ? calculate_sigpending+0x7b/0xa0 [ 17.891810] ? __pfx_kthread+0x10/0x10 [ 17.891869] ret_from_fork+0x116/0x1d0 [ 17.891926] ? __pfx_kthread+0x10/0x10 [ 17.891983] ret_from_fork_asm+0x1a/0x30 [ 17.892061] </TASK> [ 17.892092] [ 17.924274] Allocated by task 174: [ 17.924940] kasan_save_stack+0x45/0x70 [ 17.925923] kasan_save_track+0x18/0x40 [ 17.926761] kasan_save_alloc_info+0x3b/0x50 [ 17.927598] __kasan_krealloc+0x190/0x1f0 [ 17.928447] krealloc_noprof+0xf3/0x340 [ 17.928803] krealloc_more_oob_helper+0x1a9/0x930 [ 17.929755] krealloc_more_oob+0x1c/0x30 [ 17.930031] kunit_try_run_case+0x1a5/0x480 [ 17.930321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.931922] kthread+0x337/0x6f0 [ 17.932459] ret_from_fork+0x116/0x1d0 [ 17.933341] ret_from_fork_asm+0x1a/0x30 [ 17.933763] [ 17.934606] The buggy address belongs to the object at ffff888100349200 [ 17.934606] which belongs to the cache kmalloc-256 of size 256 [ 17.936046] The buggy address is located 5 bytes to the right of [ 17.936046] allocated 235-byte region [ffff888100349200, ffff8881003492eb) [ 17.938203] [ 17.938445] The buggy address belongs to the physical page: [ 17.938989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348 [ 17.939823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.940394] flags: 0x200000000000040(head|node=0|zone=2) [ 17.941888] page_type: f5(slab) [ 17.942250] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.942912] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.943785] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.944514] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.946099] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff [ 17.947366] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.948196] page dumped because: kasan: bad access detected [ 17.948981] [ 17.949138] Memory state around the buggy address: [ 17.949653] ffff888100349180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.951015] ffff888100349200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.952318] >ffff888100349280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.953271] ^ [ 17.954637] ffff888100349300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.955429] ffff888100349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.956190] ================================================================== [ 17.828348] ================================================================== [ 17.829351] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.830866] Write of size 1 at addr ffff8881003492eb by task kunit_try_catch/174 [ 17.832093] [ 17.832814] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.832960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.832998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.833044] Call Trace: [ 17.833068] <TASK> [ 17.833092] dump_stack_lvl+0x73/0xb0 [ 17.833147] print_report+0xd1/0x650 [ 17.833180] ? __virt_addr_valid+0x1db/0x2d0 [ 17.833213] ? krealloc_more_oob_helper+0x821/0x930 [ 17.833288] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.833321] ? krealloc_more_oob_helper+0x821/0x930 [ 17.833355] kasan_report+0x141/0x180 [ 17.833385] ? krealloc_more_oob_helper+0x821/0x930 [ 17.833424] __asan_report_store1_noabort+0x1b/0x30 [ 17.833460] krealloc_more_oob_helper+0x821/0x930 [ 17.833491] ? __schedule+0x10cc/0x2b60 [ 17.833612] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.833709] ? finish_task_switch.isra.0+0x153/0x700 [ 17.833745] ? __switch_to+0x47/0xf50 [ 17.833783] ? __schedule+0x10cc/0x2b60 [ 17.833813] ? __pfx_read_tsc+0x10/0x10 [ 17.833847] krealloc_more_oob+0x1c/0x30 [ 17.833879] kunit_try_run_case+0x1a5/0x480 [ 17.833918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.833953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.833986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.834018] ? __kthread_parkme+0x82/0x180 [ 17.834044] ? preempt_count_sub+0x50/0x80 [ 17.834074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.834107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.834140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.834173] kthread+0x337/0x6f0 [ 17.834199] ? trace_preempt_on+0x20/0xc0 [ 17.834243] ? __pfx_kthread+0x10/0x10 [ 17.834293] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.834325] ? calculate_sigpending+0x7b/0xa0 [ 17.834359] ? __pfx_kthread+0x10/0x10 [ 17.834389] ret_from_fork+0x116/0x1d0 [ 17.834415] ? __pfx_kthread+0x10/0x10 [ 17.834443] ret_from_fork_asm+0x1a/0x30 [ 17.834484] </TASK> [ 17.834524] [ 17.854157] Allocated by task 174: [ 17.854942] kasan_save_stack+0x45/0x70 [ 17.855705] kasan_save_track+0x18/0x40 [ 17.856041] kasan_save_alloc_info+0x3b/0x50 [ 17.856481] __kasan_krealloc+0x190/0x1f0 [ 17.857044] krealloc_noprof+0xf3/0x340 [ 17.858077] krealloc_more_oob_helper+0x1a9/0x930 [ 17.858915] krealloc_more_oob+0x1c/0x30 [ 17.859477] kunit_try_run_case+0x1a5/0x480 [ 17.860169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.861011] kthread+0x337/0x6f0 [ 17.861454] ret_from_fork+0x116/0x1d0 [ 17.862201] ret_from_fork_asm+0x1a/0x30 [ 17.862869] [ 17.863552] The buggy address belongs to the object at ffff888100349200 [ 17.863552] which belongs to the cache kmalloc-256 of size 256 [ 17.865236] The buggy address is located 0 bytes to the right of [ 17.865236] allocated 235-byte region [ffff888100349200, ffff8881003492eb) [ 17.866240] [ 17.866573] The buggy address belongs to the physical page: [ 17.867063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348 [ 17.867695] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.869321] flags: 0x200000000000040(head|node=0|zone=2) [ 17.869999] page_type: f5(slab) [ 17.870869] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.871430] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.872293] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.873033] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.874370] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff [ 17.875722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.876295] page dumped because: kasan: bad access detected [ 17.876968] [ 17.877185] Memory state around the buggy address: [ 17.877786] ffff888100349180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.878773] ffff888100349200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.879225] >ffff888100349280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.880161] ^ [ 17.880650] ffff888100349300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.881919] ffff888100349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.882841] ================================================================== [ 18.309924] ================================================================== [ 18.311387] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 18.312367] Write of size 1 at addr ffff88810261e0f0 by task kunit_try_catch/178 [ 18.314131] [ 18.314682] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 18.314802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.314836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.314894] Call Trace: [ 18.314938] <TASK> [ 18.314989] dump_stack_lvl+0x73/0xb0 [ 18.315059] print_report+0xd1/0x650 [ 18.315095] ? __virt_addr_valid+0x1db/0x2d0 [ 18.315129] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.315164] ? kasan_addr_to_slab+0x11/0xa0 [ 18.315193] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.315237] kasan_report+0x141/0x180 [ 18.315309] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.315353] __asan_report_store1_noabort+0x1b/0x30 [ 18.315390] krealloc_more_oob_helper+0x7eb/0x930 [ 18.315422] ? __schedule+0x10cc/0x2b60 [ 18.315457] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 18.315493] ? finish_task_switch.isra.0+0x153/0x700 [ 18.315591] ? __switch_to+0x47/0xf50 [ 18.315675] ? __schedule+0x10cc/0x2b60 [ 18.315735] ? __pfx_read_tsc+0x10/0x10 [ 18.315796] krealloc_large_more_oob+0x1c/0x30 [ 18.315832] kunit_try_run_case+0x1a5/0x480 [ 18.315873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.315908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.315941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.315974] ? __kthread_parkme+0x82/0x180 [ 18.316001] ? preempt_count_sub+0x50/0x80 [ 18.316031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.316067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.316099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.316133] kthread+0x337/0x6f0 [ 18.316159] ? trace_preempt_on+0x20/0xc0 [ 18.316191] ? __pfx_kthread+0x10/0x10 [ 18.316219] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.316278] ? calculate_sigpending+0x7b/0xa0 [ 18.316315] ? __pfx_kthread+0x10/0x10 [ 18.316345] ret_from_fork+0x116/0x1d0 [ 18.316370] ? __pfx_kthread+0x10/0x10 [ 18.316399] ret_from_fork_asm+0x1a/0x30 [ 18.316441] </TASK> [ 18.316455] [ 18.339336] The buggy address belongs to the physical page: [ 18.339889] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10261c [ 18.340905] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.342031] flags: 0x200000000000040(head|node=0|zone=2) [ 18.343427] page_type: f8(unknown) [ 18.344147] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.345542] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.346484] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.347627] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.348734] head: 0200000000000002 ffffea0004098701 00000000ffffffff 00000000ffffffff [ 18.349702] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.351215] page dumped because: kasan: bad access detected [ 18.352014] [ 18.352384] Memory state around the buggy address: [ 18.352910] ffff88810261df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.354521] ffff88810261e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.355535] >ffff88810261e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 18.356438] ^ [ 18.357050] ffff88810261e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.357987] ffff88810261e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.358378] ==================================================================
[ 17.419048] ================================================================== [ 17.419509] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.420868] Write of size 1 at addr ffff888102a2e0f0 by task kunit_try_catch/178 [ 17.422161] [ 17.422749] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.422860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.422914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.422970] Call Trace: [ 17.423009] <TASK> [ 17.423048] dump_stack_lvl+0x73/0xb0 [ 17.423132] print_report+0xd1/0x650 [ 17.423210] ? __virt_addr_valid+0x1db/0x2d0 [ 17.423317] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.423400] ? kasan_addr_to_slab+0x11/0xa0 [ 17.423471] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.423549] kasan_report+0x141/0x180 [ 17.423630] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.423719] __asan_report_store1_noabort+0x1b/0x30 [ 17.423779] krealloc_more_oob_helper+0x7eb/0x930 [ 17.423814] ? __schedule+0x10cc/0x2b60 [ 17.423849] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.423909] ? finish_task_switch.isra.0+0x153/0x700 [ 17.423944] ? __switch_to+0x47/0xf50 [ 17.423978] ? __schedule+0x10cc/0x2b60 [ 17.424009] ? __pfx_read_tsc+0x10/0x10 [ 17.424041] krealloc_large_more_oob+0x1c/0x30 [ 17.424074] kunit_try_run_case+0x1a5/0x480 [ 17.424129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.424174] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.424209] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.424243] ? __kthread_parkme+0x82/0x180 [ 17.424271] ? preempt_count_sub+0x50/0x80 [ 17.424301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.424335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.424368] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.424401] kthread+0x337/0x6f0 [ 17.424427] ? trace_preempt_on+0x20/0xc0 [ 17.424457] ? __pfx_kthread+0x10/0x10 [ 17.424485] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.424514] ? calculate_sigpending+0x7b/0xa0 [ 17.424547] ? __pfx_kthread+0x10/0x10 [ 17.424576] ret_from_fork+0x116/0x1d0 [ 17.424600] ? __pfx_kthread+0x10/0x10 [ 17.424628] ret_from_fork_asm+0x1a/0x30 [ 17.424667] </TASK> [ 17.424680] [ 17.445942] The buggy address belongs to the physical page: [ 17.446765] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 17.447645] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.448491] flags: 0x200000000000040(head|node=0|zone=2) [ 17.448909] page_type: f8(unknown) [ 17.449202] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.450271] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.450901] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.451618] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.452192] head: 0200000000000002 ffffea00040a8b01 00000000ffffffff 00000000ffffffff [ 17.453134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.454051] page dumped because: kasan: bad access detected [ 17.454850] [ 17.455058] Memory state around the buggy address: [ 17.455870] ffff888102a2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.456764] ffff888102a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.457592] >ffff888102a2e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.458197] ^ [ 17.458912] ffff888102a2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.459532] ffff888102a2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.460124] ================================================================== [ 17.038400] ================================================================== [ 17.038946] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.039691] Write of size 1 at addr ffff888100aa6ef0 by task kunit_try_catch/174 [ 17.040433] [ 17.040806] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.040934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.040971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.041017] Call Trace: [ 17.041046] <TASK> [ 17.041084] dump_stack_lvl+0x73/0xb0 [ 17.041160] print_report+0xd1/0x650 [ 17.041224] ? __virt_addr_valid+0x1db/0x2d0 [ 17.041291] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.041367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.041443] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.041521] kasan_report+0x141/0x180 [ 17.041620] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.041716] __asan_report_store1_noabort+0x1b/0x30 [ 17.041794] krealloc_more_oob_helper+0x7eb/0x930 [ 17.041865] ? __schedule+0x10cc/0x2b60 [ 17.041966] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.042046] ? finish_task_switch.isra.0+0x153/0x700 [ 17.042119] ? __switch_to+0x47/0xf50 [ 17.042205] ? __schedule+0x10cc/0x2b60 [ 17.042289] ? __pfx_read_tsc+0x10/0x10 [ 17.042368] krealloc_more_oob+0x1c/0x30 [ 17.042443] kunit_try_run_case+0x1a5/0x480 [ 17.042523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.042594] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.042665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.042721] ? __kthread_parkme+0x82/0x180 [ 17.042781] ? preempt_count_sub+0x50/0x80 [ 17.042853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.042953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.043033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.043113] kthread+0x337/0x6f0 [ 17.043184] ? trace_preempt_on+0x20/0xc0 [ 17.043263] ? __pfx_kthread+0x10/0x10 [ 17.043336] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.043410] ? calculate_sigpending+0x7b/0xa0 [ 17.043482] ? __pfx_kthread+0x10/0x10 [ 17.043556] ret_from_fork+0x116/0x1d0 [ 17.043621] ? __pfx_kthread+0x10/0x10 [ 17.043695] ret_from_fork_asm+0x1a/0x30 [ 17.043788] </TASK> [ 17.043825] [ 17.060647] Allocated by task 174: [ 17.061041] kasan_save_stack+0x45/0x70 [ 17.061508] kasan_save_track+0x18/0x40 [ 17.061873] kasan_save_alloc_info+0x3b/0x50 [ 17.062528] __kasan_krealloc+0x190/0x1f0 [ 17.062944] krealloc_noprof+0xf3/0x340 [ 17.063528] krealloc_more_oob_helper+0x1a9/0x930 [ 17.064076] krealloc_more_oob+0x1c/0x30 [ 17.064457] kunit_try_run_case+0x1a5/0x480 [ 17.064973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.065516] kthread+0x337/0x6f0 [ 17.065929] ret_from_fork+0x116/0x1d0 [ 17.066449] ret_from_fork_asm+0x1a/0x30 [ 17.066872] [ 17.067157] The buggy address belongs to the object at ffff888100aa6e00 [ 17.067157] which belongs to the cache kmalloc-256 of size 256 [ 17.068037] The buggy address is located 5 bytes to the right of [ 17.068037] allocated 235-byte region [ffff888100aa6e00, ffff888100aa6eeb) [ 17.069004] [ 17.069297] The buggy address belongs to the physical page: [ 17.069820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa6 [ 17.070547] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.071238] flags: 0x200000000000040(head|node=0|zone=2) [ 17.071804] page_type: f5(slab) [ 17.072320] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.072977] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.073652] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.074478] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.075135] head: 0200000000000001 ffffea000402a981 00000000ffffffff 00000000ffffffff [ 17.075829] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.076473] page dumped because: kasan: bad access detected [ 17.076970] [ 17.077248] Memory state around the buggy address: [ 17.077734] ffff888100aa6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.078626] ffff888100aa6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.079157] >ffff888100aa6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.079775] ^ [ 17.080328] ffff888100aa6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.081034] ffff888100aa6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.081716] ================================================================== [ 16.992362] ================================================================== [ 16.993340] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 16.994091] Write of size 1 at addr ffff888100aa6eeb by task kunit_try_catch/174 [ 16.995039] [ 16.995642] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.995722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.995741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.995770] Call Trace: [ 16.995785] <TASK> [ 16.995803] dump_stack_lvl+0x73/0xb0 [ 16.995844] print_report+0xd1/0x650 [ 16.995894] ? __virt_addr_valid+0x1db/0x2d0 [ 16.995970] ? krealloc_more_oob_helper+0x821/0x930 [ 16.996046] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.996226] ? krealloc_more_oob_helper+0x821/0x930 [ 16.996309] kasan_report+0x141/0x180 [ 16.996347] ? krealloc_more_oob_helper+0x821/0x930 [ 16.996433] __asan_report_store1_noabort+0x1b/0x30 [ 16.996475] krealloc_more_oob_helper+0x821/0x930 [ 16.996508] ? __schedule+0x10cc/0x2b60 [ 16.996542] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 16.996576] ? finish_task_switch.isra.0+0x153/0x700 [ 16.996605] ? __switch_to+0x47/0xf50 [ 16.996641] ? __schedule+0x10cc/0x2b60 [ 16.996670] ? __pfx_read_tsc+0x10/0x10 [ 16.996702] krealloc_more_oob+0x1c/0x30 [ 16.996732] kunit_try_run_case+0x1a5/0x480 [ 16.996766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.996798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.996830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.996862] ? __kthread_parkme+0x82/0x180 [ 16.996914] ? preempt_count_sub+0x50/0x80 [ 16.996947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.996981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.997013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.997046] kthread+0x337/0x6f0 [ 16.997072] ? trace_preempt_on+0x20/0xc0 [ 16.997114] ? __pfx_kthread+0x10/0x10 [ 16.997174] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.997207] ? calculate_sigpending+0x7b/0xa0 [ 16.997241] ? __pfx_kthread+0x10/0x10 [ 16.997271] ret_from_fork+0x116/0x1d0 [ 16.997295] ? __pfx_kthread+0x10/0x10 [ 16.997323] ret_from_fork_asm+0x1a/0x30 [ 16.997364] </TASK> [ 16.997378] [ 17.013974] Allocated by task 174: [ 17.014472] kasan_save_stack+0x45/0x70 [ 17.014926] kasan_save_track+0x18/0x40 [ 17.015244] kasan_save_alloc_info+0x3b/0x50 [ 17.015726] __kasan_krealloc+0x190/0x1f0 [ 17.016346] krealloc_noprof+0xf3/0x340 [ 17.016775] krealloc_more_oob_helper+0x1a9/0x930 [ 17.017417] krealloc_more_oob+0x1c/0x30 [ 17.017916] kunit_try_run_case+0x1a5/0x480 [ 17.018452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.019114] kthread+0x337/0x6f0 [ 17.019480] ret_from_fork+0x116/0x1d0 [ 17.019953] ret_from_fork_asm+0x1a/0x30 [ 17.020555] [ 17.020822] The buggy address belongs to the object at ffff888100aa6e00 [ 17.020822] which belongs to the cache kmalloc-256 of size 256 [ 17.023331] The buggy address is located 0 bytes to the right of [ 17.023331] allocated 235-byte region [ffff888100aa6e00, ffff888100aa6eeb) [ 17.024631] [ 17.024917] The buggy address belongs to the physical page: [ 17.025989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa6 [ 17.026925] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.027545] flags: 0x200000000000040(head|node=0|zone=2) [ 17.028057] page_type: f5(slab) [ 17.028446] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.029049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.029624] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.030298] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.030928] head: 0200000000000001 ffffea000402a981 00000000ffffffff 00000000ffffffff [ 17.031833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.032423] page dumped because: kasan: bad access detected [ 17.032872] [ 17.033153] Memory state around the buggy address: [ 17.033557] ffff888100aa6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.034165] ffff888100aa6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.034748] >ffff888100aa6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.035273] ^ [ 17.035867] ffff888100aa6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.036440] ffff888100aa6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.037027] ================================================================== [ 17.379403] ================================================================== [ 17.380353] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.381031] Write of size 1 at addr ffff888102a2e0eb by task kunit_try_catch/178 [ 17.381632] [ 17.381900] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.382023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.382063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.382165] Call Trace: [ 17.382207] <TASK> [ 17.382267] dump_stack_lvl+0x73/0xb0 [ 17.382358] print_report+0xd1/0x650 [ 17.382437] ? __virt_addr_valid+0x1db/0x2d0 [ 17.382516] ? krealloc_more_oob_helper+0x821/0x930 [ 17.382595] ? kasan_addr_to_slab+0x11/0xa0 [ 17.382666] ? krealloc_more_oob_helper+0x821/0x930 [ 17.382746] kasan_report+0x141/0x180 [ 17.382823] ? krealloc_more_oob_helper+0x821/0x930 [ 17.382927] __asan_report_store1_noabort+0x1b/0x30 [ 17.383008] krealloc_more_oob_helper+0x821/0x930 [ 17.383079] ? __schedule+0x10cc/0x2b60 [ 17.383174] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.383214] ? finish_task_switch.isra.0+0x153/0x700 [ 17.383248] ? __switch_to+0x47/0xf50 [ 17.383284] ? __schedule+0x10cc/0x2b60 [ 17.383315] ? __pfx_read_tsc+0x10/0x10 [ 17.383350] krealloc_large_more_oob+0x1c/0x30 [ 17.383382] kunit_try_run_case+0x1a5/0x480 [ 17.383419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.383452] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.383485] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.383517] ? __kthread_parkme+0x82/0x180 [ 17.383544] ? preempt_count_sub+0x50/0x80 [ 17.383573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.383608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.383640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.383673] kthread+0x337/0x6f0 [ 17.383699] ? trace_preempt_on+0x20/0xc0 [ 17.383732] ? __pfx_kthread+0x10/0x10 [ 17.383759] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.383789] ? calculate_sigpending+0x7b/0xa0 [ 17.383823] ? __pfx_kthread+0x10/0x10 [ 17.383852] ret_from_fork+0x116/0x1d0 [ 17.383896] ? __pfx_kthread+0x10/0x10 [ 17.383933] ret_from_fork_asm+0x1a/0x30 [ 17.383977] </TASK> [ 17.383993] [ 17.404439] The buggy address belongs to the physical page: [ 17.404890] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 17.405900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.406747] flags: 0x200000000000040(head|node=0|zone=2) [ 17.407589] page_type: f8(unknown) [ 17.408099] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.408930] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.409649] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.410515] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.411583] head: 0200000000000002 ffffea00040a8b01 00000000ffffffff 00000000ffffffff [ 17.412145] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.412983] page dumped because: kasan: bad access detected [ 17.413449] [ 17.413679] Memory state around the buggy address: [ 17.414127] ffff888102a2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.415117] ffff888102a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.415932] >ffff888102a2e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.416708] ^ [ 17.417529] ffff888102a2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.418236] ffff888102a2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.418486] ==================================================================
[ 20.213369] ================================================================== [ 20.214429] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 20.215171] Write of size 1 at addr ffff00000dafa0eb by task kunit_try_catch/213 [ 20.215883] [ 20.216062] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.216138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.216161] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.216187] Call trace: [ 20.216204] show_stack+0x20/0x38 (C) [ 20.216256] dump_stack_lvl+0x8c/0xd0 [ 20.216310] print_report+0x118/0x608 [ 20.216365] kasan_report+0xdc/0x128 [ 20.216417] __asan_report_store1_noabort+0x20/0x30 [ 20.216466] krealloc_more_oob_helper+0x60c/0x678 [ 20.216520] krealloc_large_more_oob+0x20/0x38 [ 20.216572] kunit_try_run_case+0x170/0x3f0 [ 20.216627] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.216689] kthread+0x328/0x630 [ 20.216732] ret_from_fork+0x10/0x20 [ 20.216783] [ 20.222925] The buggy address belongs to the physical page: [ 20.223459] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaf8 [ 20.224211] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.224942] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.225621] page_type: f8(unknown) [ 20.225981] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.226726] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.227470] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.228223] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.228976] head: 03fffe0000000002 fffffdffc036be01 00000000ffffffff 00000000ffffffff [ 20.229726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.230466] page dumped because: kasan: bad access detected [ 20.230999] [ 20.231166] Memory state around the buggy address: [ 20.231636] ffff00000daf9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.232327] ffff00000dafa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.233019] >ffff00000dafa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 20.233704] ^ [ 20.234338] ffff00000dafa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.235030] ffff00000dafa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.235714] ================================================================== [ 20.236734] ================================================================== [ 20.237431] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 20.238170] Write of size 1 at addr ffff00000dafa0f0 by task kunit_try_catch/213 [ 20.238855] [ 20.239017] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.239065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.239079] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.239095] Call trace: [ 20.239106] show_stack+0x20/0x38 (C) [ 20.239139] dump_stack_lvl+0x8c/0xd0 [ 20.239174] print_report+0x118/0x608 [ 20.239207] kasan_report+0xdc/0x128 [ 20.239238] __asan_report_store1_noabort+0x20/0x30 [ 20.239268] krealloc_more_oob_helper+0x5c0/0x678 [ 20.239300] krealloc_large_more_oob+0x20/0x38 [ 20.239330] kunit_try_run_case+0x170/0x3f0 [ 20.239364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.239401] kthread+0x328/0x630 [ 20.239427] ret_from_fork+0x10/0x20 [ 20.239459] [ 20.245484] The buggy address belongs to the physical page: [ 20.245999] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaf8 [ 20.246722] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.247426] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.248075] page_type: f8(unknown) [ 20.248410] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.249124] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.249837] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.250557] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.251279] head: 03fffe0000000002 fffffdffc036be01 00000000ffffffff 00000000ffffffff [ 20.252001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.252715] page dumped because: kasan: bad access detected [ 20.253228] [ 20.253382] Memory state around the buggy address: [ 20.253829] ffff00000daf9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.254494] ffff00000dafa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.255158] >ffff00000dafa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 20.255818] ^ [ 20.256451] ffff00000dafa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.257115] ffff00000dafa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.257776] ================================================================== [ 20.005702] ================================================================== [ 20.006738] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 20.007456] Write of size 1 at addr ffff00000daa04eb by task kunit_try_catch/209 [ 20.008139] [ 20.008303] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.008352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.008366] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.008383] Call trace: [ 20.008395] show_stack+0x20/0x38 (C) [ 20.008429] dump_stack_lvl+0x8c/0xd0 [ 20.008465] print_report+0x118/0x608 [ 20.008498] kasan_report+0xdc/0x128 [ 20.008530] __asan_report_store1_noabort+0x20/0x30 [ 20.008560] krealloc_more_oob_helper+0x60c/0x678 [ 20.008592] krealloc_more_oob+0x20/0x38 [ 20.008621] kunit_try_run_case+0x170/0x3f0 [ 20.008654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.008691] kthread+0x328/0x630 [ 20.008717] ret_from_fork+0x10/0x20 [ 20.008749] [ 20.014727] Allocated by task 209: [ 20.015052] kasan_save_stack+0x3c/0x68 [ 20.015428] kasan_save_track+0x20/0x40 [ 20.015803] kasan_save_alloc_info+0x40/0x58 [ 20.016218] __kasan_krealloc+0x118/0x178 [ 20.016608] krealloc_noprof+0x128/0x360 [ 20.016992] krealloc_more_oob_helper+0x168/0x678 [ 20.017442] krealloc_more_oob+0x20/0x38 [ 20.017823] kunit_try_run_case+0x170/0x3f0 [ 20.018227] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.018750] kthread+0x328/0x630 [ 20.019065] ret_from_fork+0x10/0x20 [ 20.019415] [ 20.019567] The buggy address belongs to the object at ffff00000daa0400 [ 20.019567] which belongs to the cache kmalloc-256 of size 256 [ 20.020697] The buggy address is located 0 bytes to the right of [ 20.020697] allocated 235-byte region [ffff00000daa0400, ffff00000daa04eb) [ 20.021870] [ 20.022023] The buggy address belongs to the physical page: [ 20.022537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaa0 [ 20.023259] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.023964] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.024613] page_type: f5(slab) [ 20.024926] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.025640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.026354] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.027075] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.027797] head: 03fffe0000000001 fffffdffc036a801 00000000ffffffff 00000000ffffffff [ 20.028519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.029238] page dumped because: kasan: bad access detected [ 20.029775] [ 20.029942] Memory state around the buggy address: [ 20.030412] ffff00000daa0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.031103] ffff00000daa0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.031796] >ffff00000daa0480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 20.032480] ^ [ 20.033114] ffff00000daa0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.033806] ffff00000daa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.034491] ================================================================== [ 20.035439] ================================================================== [ 20.036133] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 20.036857] Write of size 1 at addr ffff00000daa04f0 by task kunit_try_catch/209 [ 20.037552] [ 20.037722] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.037780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.037797] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.037817] Call trace: [ 20.037830] show_stack+0x20/0x38 (C) [ 20.037869] dump_stack_lvl+0x8c/0xd0 [ 20.037911] print_report+0x118/0x608 [ 20.037950] kasan_report+0xdc/0x128 [ 20.037988] __asan_report_store1_noabort+0x20/0x30 [ 20.038025] krealloc_more_oob_helper+0x5c0/0x678 [ 20.038064] krealloc_more_oob+0x20/0x38 [ 20.038100] kunit_try_run_case+0x170/0x3f0 [ 20.038140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.038184] kthread+0x328/0x630 [ 20.038216] ret_from_fork+0x10/0x20 [ 20.038254] [ 20.044268] Allocated by task 209: [ 20.044598] kasan_save_stack+0x3c/0x68 [ 20.044984] kasan_save_track+0x20/0x40 [ 20.045368] kasan_save_alloc_info+0x40/0x58 [ 20.045795] __kasan_krealloc+0x118/0x178 [ 20.046195] krealloc_noprof+0x128/0x360 [ 20.046589] krealloc_more_oob_helper+0x168/0x678 [ 20.047049] krealloc_more_oob+0x20/0x38 [ 20.047438] kunit_try_run_case+0x170/0x3f0 [ 20.047854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.048386] kthread+0x328/0x630 [ 20.048712] ret_from_fork+0x10/0x20 [ 20.049071] [ 20.049228] The buggy address belongs to the object at ffff00000daa0400 [ 20.049228] which belongs to the cache kmalloc-256 of size 256 [ 20.050370] The buggy address is located 5 bytes to the right of [ 20.050370] allocated 235-byte region [ffff00000daa0400, ffff00000daa04eb) [ 20.051553] [ 20.051712] The buggy address belongs to the physical page: [ 20.052232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xdaa0 [ 20.052963] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.053677] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.054336] page_type: f5(slab) [ 20.054656] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.055380] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.056104] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000 [ 20.056836] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.057568] head: 03fffe0000000001 fffffdffc036a801 00000000ffffffff 00000000ffffffff [ 20.058300] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.059022] page dumped because: kasan: bad access detected [ 20.059542] [ 20.059700] Memory state around the buggy address: [ 20.060154] ffff00000daa0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.060828] ffff00000daa0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.061501] >ffff00000daa0480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 20.062170] ^ [ 20.062810] ffff00000daa0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.063483] ffff00000daa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.064151] ==================================================================