Date
July 1, 2025, 11:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.337277] ================================================================== [ 18.337336] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 18.337388] Write of size 1 at addr fff00000c64b60eb by task kunit_try_catch/163 [ 18.337456] [ 18.337489] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.337576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.337606] Hardware name: linux,dummy-virt (DT) [ 18.337639] Call trace: [ 18.337661] show_stack+0x20/0x38 (C) [ 18.337709] dump_stack_lvl+0x8c/0xd0 [ 18.337757] print_report+0x118/0x608 [ 18.337824] kasan_report+0xdc/0x128 [ 18.337873] __asan_report_store1_noabort+0x20/0x30 [ 18.337933] krealloc_less_oob_helper+0xa58/0xc50 [ 18.337994] krealloc_large_less_oob+0x20/0x38 [ 18.338045] kunit_try_run_case+0x170/0x3f0 [ 18.338094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.338162] kthread+0x328/0x630 [ 18.338206] ret_from_fork+0x10/0x20 [ 18.338256] [ 18.338287] The buggy address belongs to the physical page: [ 18.338321] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4 [ 18.338378] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.338439] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.338506] page_type: f8(unknown) [ 18.338547] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.338600] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.338660] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.338712] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.338764] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff [ 18.338815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.338858] page dumped because: kasan: bad access detected [ 18.338891] [ 18.338909] Memory state around the buggy address: [ 18.338950] fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.338996] fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.339051] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.339092] ^ [ 18.339142] fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.339186] fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.339227] ================================================================== [ 18.321142] ================================================================== [ 18.321221] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 18.321476] Write of size 1 at addr fff00000c64b60c9 by task kunit_try_catch/163 [ 18.321613] [ 18.321659] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.321753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.321788] Hardware name: linux,dummy-virt (DT) [ 18.321831] Call trace: [ 18.321865] show_stack+0x20/0x38 (C) [ 18.321922] dump_stack_lvl+0x8c/0xd0 [ 18.321984] print_report+0x118/0x608 [ 18.322035] kasan_report+0xdc/0x128 [ 18.322083] __asan_report_store1_noabort+0x20/0x30 [ 18.322146] krealloc_less_oob_helper+0xa48/0xc50 [ 18.322200] krealloc_large_less_oob+0x20/0x38 [ 18.322251] kunit_try_run_case+0x170/0x3f0 [ 18.322304] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.322585] kthread+0x328/0x630 [ 18.322648] ret_from_fork+0x10/0x20 [ 18.322701] [ 18.322725] The buggy address belongs to the physical page: [ 18.322762] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4 [ 18.322845] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.322915] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.322978] page_type: f8(unknown) [ 18.323061] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.323282] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.323344] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.323397] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.323574] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff [ 18.323756] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.323849] page dumped because: kasan: bad access detected [ 18.323953] [ 18.324092] Memory state around the buggy address: [ 18.324245] fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.324315] fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.324390] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.324534] ^ [ 18.324574] fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.324619] fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.324661] ================================================================== [ 18.261569] ================================================================== [ 18.261661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 18.261732] Write of size 1 at addr fff00000c0b9b8c9 by task kunit_try_catch/159 [ 18.261788] [ 18.261832] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.261924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.261953] Hardware name: linux,dummy-virt (DT) [ 18.261989] Call trace: [ 18.262013] show_stack+0x20/0x38 (C) [ 18.262068] dump_stack_lvl+0x8c/0xd0 [ 18.262502] print_report+0x118/0x608 [ 18.262620] kasan_report+0xdc/0x128 [ 18.262672] __asan_report_store1_noabort+0x20/0x30 [ 18.262725] krealloc_less_oob_helper+0xa48/0xc50 [ 18.262777] krealloc_less_oob+0x20/0x38 [ 18.263042] kunit_try_run_case+0x170/0x3f0 [ 18.263162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.263225] kthread+0x328/0x630 [ 18.263432] ret_from_fork+0x10/0x20 [ 18.263539] [ 18.263655] Allocated by task 159: [ 18.263718] kasan_save_stack+0x3c/0x68 [ 18.263852] kasan_save_track+0x20/0x40 [ 18.263937] kasan_save_alloc_info+0x40/0x58 [ 18.264064] __kasan_krealloc+0x118/0x178 [ 18.264199] krealloc_noprof+0x128/0x360 [ 18.264326] krealloc_less_oob_helper+0x168/0xc50 [ 18.264448] krealloc_less_oob+0x20/0x38 [ 18.264787] kunit_try_run_case+0x170/0x3f0 [ 18.264929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.265056] kthread+0x328/0x630 [ 18.265192] ret_from_fork+0x10/0x20 [ 18.265284] [ 18.265326] The buggy address belongs to the object at fff00000c0b9b800 [ 18.265326] which belongs to the cache kmalloc-256 of size 256 [ 18.265394] The buggy address is located 0 bytes to the right of [ 18.265394] allocated 201-byte region [fff00000c0b9b800, fff00000c0b9b8c9) [ 18.265494] [ 18.265519] The buggy address belongs to the physical page: [ 18.265556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 18.265620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.265674] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.266058] page_type: f5(slab) [ 18.266158] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.266359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.266499] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.266686] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.266742] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 18.266807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.266857] page dumped because: kasan: bad access detected [ 18.266891] [ 18.266911] Memory state around the buggy address: [ 18.266949] fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.267012] fff00000c0b9b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.267070] >fff00000c0b9b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.267160] ^ [ 18.267201] fff00000c0b9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.267479] fff00000c0b9b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.267534] ================================================================== [ 18.332224] ================================================================== [ 18.332271] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 18.332318] Write of size 1 at addr fff00000c64b60ea by task kunit_try_catch/163 [ 18.332844] [ 18.332882] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.332968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.332996] Hardware name: linux,dummy-virt (DT) [ 18.333121] Call trace: [ 18.333195] show_stack+0x20/0x38 (C) [ 18.333248] dump_stack_lvl+0x8c/0xd0 [ 18.333346] print_report+0x118/0x608 [ 18.333426] kasan_report+0xdc/0x128 [ 18.333504] __asan_report_store1_noabort+0x20/0x30 [ 18.333633] krealloc_less_oob_helper+0xae4/0xc50 [ 18.333723] krealloc_large_less_oob+0x20/0x38 [ 18.333774] kunit_try_run_case+0x170/0x3f0 [ 18.333992] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.334109] kthread+0x328/0x630 [ 18.334185] ret_from_fork+0x10/0x20 [ 18.334235] [ 18.334256] The buggy address belongs to the physical page: [ 18.334545] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4 [ 18.334637] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.334742] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.334835] page_type: f8(unknown) [ 18.334877] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.334977] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.335053] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.335117] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.335250] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff [ 18.335389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.335455] page dumped because: kasan: bad access detected [ 18.335489] [ 18.335509] Memory state around the buggy address: [ 18.335742] fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.335795] fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.335840] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.336043] ^ [ 18.336205] fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.336288] fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.336503] ================================================================== [ 18.325054] ================================================================== [ 18.325105] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 18.325250] Write of size 1 at addr fff00000c64b60d0 by task kunit_try_catch/163 [ 18.325358] [ 18.325444] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.325574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.325643] Hardware name: linux,dummy-virt (DT) [ 18.325710] Call trace: [ 18.325784] show_stack+0x20/0x38 (C) [ 18.325843] dump_stack_lvl+0x8c/0xd0 [ 18.325896] print_report+0x118/0x608 [ 18.325974] kasan_report+0xdc/0x128 [ 18.326023] __asan_report_store1_noabort+0x20/0x30 [ 18.326104] krealloc_less_oob_helper+0xb9c/0xc50 [ 18.326235] krealloc_large_less_oob+0x20/0x38 [ 18.326293] kunit_try_run_case+0x170/0x3f0 [ 18.326345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.326401] kthread+0x328/0x630 [ 18.326458] ret_from_fork+0x10/0x20 [ 18.326509] [ 18.326536] The buggy address belongs to the physical page: [ 18.326571] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4 [ 18.326630] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.326681] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.326739] page_type: f8(unknown) [ 18.326787] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.326841] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.326894] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.326951] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.327005] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff [ 18.327068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.327151] page dumped because: kasan: bad access detected [ 18.327187] [ 18.327206] Memory state around the buggy address: [ 18.327241] fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.327315] fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.327381] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.327422] ^ [ 18.327460] fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.327506] fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.327547] ================================================================== [ 18.282398] ================================================================== [ 18.282457] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 18.282521] Write of size 1 at addr fff00000c0b9b8ea by task kunit_try_catch/159 [ 18.282577] [ 18.282625] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.282715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.282752] Hardware name: linux,dummy-virt (DT) [ 18.282788] Call trace: [ 18.282821] show_stack+0x20/0x38 (C) [ 18.282881] dump_stack_lvl+0x8c/0xd0 [ 18.282933] print_report+0x118/0x608 [ 18.282983] kasan_report+0xdc/0x128 [ 18.283031] __asan_report_store1_noabort+0x20/0x30 [ 18.283083] krealloc_less_oob_helper+0xae4/0xc50 [ 18.283199] krealloc_less_oob+0x20/0x38 [ 18.283248] kunit_try_run_case+0x170/0x3f0 [ 18.283549] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.283717] kthread+0x328/0x630 [ 18.283860] ret_from_fork+0x10/0x20 [ 18.284151] [ 18.284216] Allocated by task 159: [ 18.284254] kasan_save_stack+0x3c/0x68 [ 18.284299] kasan_save_track+0x20/0x40 [ 18.284339] kasan_save_alloc_info+0x40/0x58 [ 18.284381] __kasan_krealloc+0x118/0x178 [ 18.284421] krealloc_noprof+0x128/0x360 [ 18.284660] krealloc_less_oob_helper+0x168/0xc50 [ 18.284711] krealloc_less_oob+0x20/0x38 [ 18.284750] kunit_try_run_case+0x170/0x3f0 [ 18.284790] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.284837] kthread+0x328/0x630 [ 18.284871] ret_from_fork+0x10/0x20 [ 18.284910] [ 18.285219] The buggy address belongs to the object at fff00000c0b9b800 [ 18.285219] which belongs to the cache kmalloc-256 of size 256 [ 18.285358] The buggy address is located 33 bytes to the right of [ 18.285358] allocated 201-byte region [fff00000c0b9b800, fff00000c0b9b8c9) [ 18.285431] [ 18.285453] The buggy address belongs to the physical page: [ 18.285842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 18.285944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.286074] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.286221] page_type: f5(slab) [ 18.286328] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.286413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.286522] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.286633] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.286689] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 18.286889] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.287186] page dumped because: kasan: bad access detected [ 18.287292] [ 18.287758] Memory state around the buggy address: [ 18.287864] fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.287945] fff00000c0b9b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.288016] >fff00000c0b9b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.288058] ^ [ 18.288101] fff00000c0b9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.288186] fff00000c0b9b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.288229] ================================================================== [ 18.277223] ================================================================== [ 18.277332] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 18.277414] Write of size 1 at addr fff00000c0b9b8da by task kunit_try_catch/159 [ 18.277478] [ 18.277517] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.277607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.277639] Hardware name: linux,dummy-virt (DT) [ 18.277850] Call trace: [ 18.277905] show_stack+0x20/0x38 (C) [ 18.277985] dump_stack_lvl+0x8c/0xd0 [ 18.278062] print_report+0x118/0x608 [ 18.278186] kasan_report+0xdc/0x128 [ 18.278238] __asan_report_store1_noabort+0x20/0x30 [ 18.278309] krealloc_less_oob_helper+0xa80/0xc50 [ 18.278369] krealloc_less_oob+0x20/0x38 [ 18.278457] kunit_try_run_case+0x170/0x3f0 [ 18.278528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.278585] kthread+0x328/0x630 [ 18.278657] ret_from_fork+0x10/0x20 [ 18.278731] [ 18.278758] Allocated by task 159: [ 18.278790] kasan_save_stack+0x3c/0x68 [ 18.278834] kasan_save_track+0x20/0x40 [ 18.278873] kasan_save_alloc_info+0x40/0x58 [ 18.278915] __kasan_krealloc+0x118/0x178 [ 18.278954] krealloc_noprof+0x128/0x360 [ 18.278994] krealloc_less_oob_helper+0x168/0xc50 [ 18.279037] krealloc_less_oob+0x20/0x38 [ 18.279236] kunit_try_run_case+0x170/0x3f0 [ 18.279429] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.279489] kthread+0x328/0x630 [ 18.279524] ret_from_fork+0x10/0x20 [ 18.279593] [ 18.279674] The buggy address belongs to the object at fff00000c0b9b800 [ 18.279674] which belongs to the cache kmalloc-256 of size 256 [ 18.279774] The buggy address is located 17 bytes to the right of [ 18.279774] allocated 201-byte region [fff00000c0b9b800, fff00000c0b9b8c9) [ 18.279864] [ 18.279887] The buggy address belongs to the physical page: [ 18.279922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 18.279992] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.280225] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.280289] page_type: f5(slab) [ 18.280334] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.280389] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.280443] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.280747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.280899] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 18.280992] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.281066] page dumped because: kasan: bad access detected [ 18.281101] [ 18.281191] Memory state around the buggy address: [ 18.281249] fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.281303] fff00000c0b9b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.281353] >fff00000c0b9b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.281395] ^ [ 18.281558] fff00000c0b9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.281664] fff00000c0b9b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.281814] ================================================================== [ 18.270486] ================================================================== [ 18.270569] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 18.270636] Write of size 1 at addr fff00000c0b9b8d0 by task kunit_try_catch/159 [ 18.270776] [ 18.270824] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.270917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.270946] Hardware name: linux,dummy-virt (DT) [ 18.271029] Call trace: [ 18.271055] show_stack+0x20/0x38 (C) [ 18.271171] dump_stack_lvl+0x8c/0xd0 [ 18.271230] print_report+0x118/0x608 [ 18.271321] kasan_report+0xdc/0x128 [ 18.271370] __asan_report_store1_noabort+0x20/0x30 [ 18.271421] krealloc_less_oob_helper+0xb9c/0xc50 [ 18.271473] krealloc_less_oob+0x20/0x38 [ 18.271521] kunit_try_run_case+0x170/0x3f0 [ 18.271574] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.271808] kthread+0x328/0x630 [ 18.271932] ret_from_fork+0x10/0x20 [ 18.272009] [ 18.272049] Allocated by task 159: [ 18.272511] kasan_save_stack+0x3c/0x68 [ 18.272577] kasan_save_track+0x20/0x40 [ 18.272617] kasan_save_alloc_info+0x40/0x58 [ 18.272660] __kasan_krealloc+0x118/0x178 [ 18.272700] krealloc_noprof+0x128/0x360 [ 18.272740] krealloc_less_oob_helper+0x168/0xc50 [ 18.272782] krealloc_less_oob+0x20/0x38 [ 18.272820] kunit_try_run_case+0x170/0x3f0 [ 18.272861] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.272907] kthread+0x328/0x630 [ 18.272942] ret_from_fork+0x10/0x20 [ 18.272979] [ 18.273001] The buggy address belongs to the object at fff00000c0b9b800 [ 18.273001] which belongs to the cache kmalloc-256 of size 256 [ 18.273066] The buggy address is located 7 bytes to the right of [ 18.273066] allocated 201-byte region [fff00000c0b9b800, fff00000c0b9b8c9) [ 18.273150] [ 18.273194] The buggy address belongs to the physical page: [ 18.273239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 18.273415] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.273563] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.273705] page_type: f5(slab) [ 18.273752] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.273806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.273862] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.273916] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.274069] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 18.274376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.274428] page dumped because: kasan: bad access detected [ 18.274561] [ 18.274675] Memory state around the buggy address: [ 18.274815] fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.274863] fff00000c0b9b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.274930] >fff00000c0b9b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.274986] ^ [ 18.275167] fff00000c0b9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.275213] fff00000c0b9b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.275544] ================================================================== [ 18.290043] ================================================================== [ 18.290109] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 18.290247] Write of size 1 at addr fff00000c0b9b8eb by task kunit_try_catch/159 [ 18.290302] [ 18.290342] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.290434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.290463] Hardware name: linux,dummy-virt (DT) [ 18.290499] Call trace: [ 18.290522] show_stack+0x20/0x38 (C) [ 18.290573] dump_stack_lvl+0x8c/0xd0 [ 18.290623] print_report+0x118/0x608 [ 18.290674] kasan_report+0xdc/0x128 [ 18.290732] __asan_report_store1_noabort+0x20/0x30 [ 18.291042] krealloc_less_oob_helper+0xa58/0xc50 [ 18.291222] krealloc_less_oob+0x20/0x38 [ 18.291644] kunit_try_run_case+0x170/0x3f0 [ 18.291980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.292213] kthread+0x328/0x630 [ 18.292262] ret_from_fork+0x10/0x20 [ 18.292315] [ 18.292336] Allocated by task 159: [ 18.292367] kasan_save_stack+0x3c/0x68 [ 18.292898] kasan_save_track+0x20/0x40 [ 18.293192] kasan_save_alloc_info+0x40/0x58 [ 18.293284] __kasan_krealloc+0x118/0x178 [ 18.293330] krealloc_noprof+0x128/0x360 [ 18.293381] krealloc_less_oob_helper+0x168/0xc50 [ 18.293424] krealloc_less_oob+0x20/0x38 [ 18.293838] kunit_try_run_case+0x170/0x3f0 [ 18.293928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.294001] kthread+0x328/0x630 [ 18.294035] ret_from_fork+0x10/0x20 [ 18.294298] [ 18.294361] The buggy address belongs to the object at fff00000c0b9b800 [ 18.294361] which belongs to the cache kmalloc-256 of size 256 [ 18.294497] The buggy address is located 34 bytes to the right of [ 18.294497] allocated 201-byte region [fff00000c0b9b800, fff00000c0b9b8c9) [ 18.294780] [ 18.294827] The buggy address belongs to the physical page: [ 18.294979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 18.295063] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.295162] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.295284] page_type: f5(slab) [ 18.295338] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.295395] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.295563] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 18.295777] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.295923] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 18.296007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.296051] page dumped because: kasan: bad access detected [ 18.296323] [ 18.296490] Memory state around the buggy address: [ 18.296570] fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.296630] fff00000c0b9b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.296689] >fff00000c0b9b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.296737] ^ [ 18.296781] fff00000c0b9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.296835] fff00000c0b9b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.296877] ================================================================== [ 18.328379] ================================================================== [ 18.328436] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 18.328513] Write of size 1 at addr fff00000c64b60da by task kunit_try_catch/163 [ 18.328567] [ 18.328599] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.328686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.328714] Hardware name: linux,dummy-virt (DT) [ 18.328747] Call trace: [ 18.328769] show_stack+0x20/0x38 (C) [ 18.328853] dump_stack_lvl+0x8c/0xd0 [ 18.328902] print_report+0x118/0x608 [ 18.328951] kasan_report+0xdc/0x128 [ 18.328999] __asan_report_store1_noabort+0x20/0x30 [ 18.329049] krealloc_less_oob_helper+0xa80/0xc50 [ 18.329101] krealloc_large_less_oob+0x20/0x38 [ 18.329165] kunit_try_run_case+0x170/0x3f0 [ 18.329323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.329410] kthread+0x328/0x630 [ 18.329506] ret_from_fork+0x10/0x20 [ 18.329597] [ 18.329638] The buggy address belongs to the physical page: [ 18.329672] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4 [ 18.329745] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.329825] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.329910] page_type: f8(unknown) [ 18.329991] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.330078] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.330165] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 18.330267] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 18.330321] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff [ 18.330448] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 18.330494] page dumped because: kasan: bad access detected [ 18.330535] [ 18.330554] Memory state around the buggy address: [ 18.330586] fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.330915] fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.331062] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 18.331212] ^ [ 18.331345] fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.331491] fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 18.331635] ==================================================================
[ 11.304033] ================================================================== [ 11.304389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.304755] Write of size 1 at addr ffff888100ab6eeb by task kunit_try_catch/175 [ 11.305311] [ 11.305425] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.305468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.305479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.305499] Call Trace: [ 11.305518] <TASK> [ 11.305539] dump_stack_lvl+0x73/0xb0 [ 11.305578] print_report+0xd1/0x650 [ 11.305602] ? __virt_addr_valid+0x1db/0x2d0 [ 11.305623] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.305665] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305687] kasan_report+0x141/0x180 [ 11.305708] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305735] __asan_report_store1_noabort+0x1b/0x30 [ 11.305754] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305775] ? __perf_event_task_sched_in+0x151/0x360 [ 11.305801] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.305824] ? finish_task_switch.isra.0+0x153/0x700 [ 11.305845] ? __switch_to+0x47/0xf50 [ 11.305870] ? __schedule+0x10cc/0x2b60 [ 11.305891] ? __pfx_read_tsc+0x10/0x10 [ 11.305914] krealloc_less_oob+0x1c/0x30 [ 11.305934] kunit_try_run_case+0x1a5/0x480 [ 11.305958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.305978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.306000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.306021] ? __kthread_parkme+0x82/0x180 [ 11.306041] ? preempt_count_sub+0x50/0x80 [ 11.306062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.306084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.306105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.306126] kthread+0x337/0x6f0 [ 11.306144] ? trace_preempt_on+0x20/0xc0 [ 11.306166] ? __pfx_kthread+0x10/0x10 [ 11.306185] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.306206] ? calculate_sigpending+0x7b/0xa0 [ 11.306229] ? __pfx_kthread+0x10/0x10 [ 11.306248] ret_from_fork+0x116/0x1d0 [ 11.306265] ? __pfx_kthread+0x10/0x10 [ 11.306284] ret_from_fork_asm+0x1a/0x30 [ 11.306314] </TASK> [ 11.306324] [ 11.315221] Allocated by task 175: [ 11.315485] kasan_save_stack+0x45/0x70 [ 11.315720] kasan_save_track+0x18/0x40 [ 11.315906] kasan_save_alloc_info+0x3b/0x50 [ 11.316120] __kasan_krealloc+0x190/0x1f0 [ 11.316311] krealloc_noprof+0xf3/0x340 [ 11.316516] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.316748] krealloc_less_oob+0x1c/0x30 [ 11.316882] kunit_try_run_case+0x1a5/0x480 [ 11.317022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.317228] kthread+0x337/0x6f0 [ 11.317571] ret_from_fork+0x116/0x1d0 [ 11.317785] ret_from_fork_asm+0x1a/0x30 [ 11.318285] [ 11.318402] The buggy address belongs to the object at ffff888100ab6e00 [ 11.318402] which belongs to the cache kmalloc-256 of size 256 [ 11.319086] The buggy address is located 34 bytes to the right of [ 11.319086] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.319657] [ 11.319747] The buggy address belongs to the physical page: [ 11.319922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.320310] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.320772] flags: 0x200000000000040(head|node=0|zone=2) [ 11.321230] page_type: f5(slab) [ 11.321453] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.321796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.322129] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.322365] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.323120] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.323846] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.324266] page dumped because: kasan: bad access detected [ 11.324478] [ 11.324564] Memory state around the buggy address: [ 11.324828] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.325305] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.325596] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.326077] ^ [ 11.326590] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.327220] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.327550] ================================================================== [ 11.259216] ================================================================== [ 11.259544] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.259922] Write of size 1 at addr ffff888100ab6eda by task kunit_try_catch/175 [ 11.260249] [ 11.260355] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.260414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.260425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.260446] Call Trace: [ 11.260465] <TASK> [ 11.260485] dump_stack_lvl+0x73/0xb0 [ 11.260515] print_report+0xd1/0x650 [ 11.260539] ? __virt_addr_valid+0x1db/0x2d0 [ 11.260561] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.260604] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260626] kasan_report+0x141/0x180 [ 11.260646] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260673] __asan_report_store1_noabort+0x1b/0x30 [ 11.260692] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260713] ? __perf_event_task_sched_in+0x151/0x360 [ 11.260739] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.260761] ? finish_task_switch.isra.0+0x153/0x700 [ 11.260782] ? __switch_to+0x47/0xf50 [ 11.260806] ? __schedule+0x10cc/0x2b60 [ 11.260827] ? __pfx_read_tsc+0x10/0x10 [ 11.260850] krealloc_less_oob+0x1c/0x30 [ 11.260870] kunit_try_run_case+0x1a5/0x480 [ 11.260893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.260914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.260936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.260957] ? __kthread_parkme+0x82/0x180 [ 11.260977] ? preempt_count_sub+0x50/0x80 [ 11.260998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.261020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.261041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.261062] kthread+0x337/0x6f0 [ 11.261080] ? trace_preempt_on+0x20/0xc0 [ 11.261102] ? __pfx_kthread+0x10/0x10 [ 11.261121] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.261140] ? calculate_sigpending+0x7b/0xa0 [ 11.261163] ? __pfx_kthread+0x10/0x10 [ 11.261182] ret_from_fork+0x116/0x1d0 [ 11.261199] ? __pfx_kthread+0x10/0x10 [ 11.261218] ret_from_fork_asm+0x1a/0x30 [ 11.261247] </TASK> [ 11.261258] [ 11.269833] Allocated by task 175: [ 11.269990] kasan_save_stack+0x45/0x70 [ 11.270172] kasan_save_track+0x18/0x40 [ 11.270367] kasan_save_alloc_info+0x3b/0x50 [ 11.270649] __kasan_krealloc+0x190/0x1f0 [ 11.270954] krealloc_noprof+0xf3/0x340 [ 11.271131] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.271290] krealloc_less_oob+0x1c/0x30 [ 11.271535] kunit_try_run_case+0x1a5/0x480 [ 11.271755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.272289] kthread+0x337/0x6f0 [ 11.272496] ret_from_fork+0x116/0x1d0 [ 11.272712] ret_from_fork_asm+0x1a/0x30 [ 11.272853] [ 11.272974] The buggy address belongs to the object at ffff888100ab6e00 [ 11.272974] which belongs to the cache kmalloc-256 of size 256 [ 11.273539] The buggy address is located 17 bytes to the right of [ 11.273539] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.274082] [ 11.274159] The buggy address belongs to the physical page: [ 11.274350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.274912] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.275213] flags: 0x200000000000040(head|node=0|zone=2) [ 11.275424] page_type: f5(slab) [ 11.275629] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.276233] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.276495] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.276725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.277033] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.277648] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.278068] page dumped because: kasan: bad access detected [ 11.278240] [ 11.278310] Memory state around the buggy address: [ 11.278525] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.279183] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.279487] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.279811] ^ [ 11.280431] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.280675] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.280895] ================================================================== [ 11.281536] ================================================================== [ 11.281900] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282356] Write of size 1 at addr ffff888100ab6eea by task kunit_try_catch/175 [ 11.282599] [ 11.282690] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.282733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.282744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.282764] Call Trace: [ 11.282783] <TASK> [ 11.282803] dump_stack_lvl+0x73/0xb0 [ 11.282831] print_report+0xd1/0x650 [ 11.282854] ? __virt_addr_valid+0x1db/0x2d0 [ 11.282876] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.282919] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282941] kasan_report+0x141/0x180 [ 11.282962] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282988] __asan_report_store1_noabort+0x1b/0x30 [ 11.283007] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.283028] ? __perf_event_task_sched_in+0x151/0x360 [ 11.283055] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.283077] ? finish_task_switch.isra.0+0x153/0x700 [ 11.283097] ? __switch_to+0x47/0xf50 [ 11.283122] ? __schedule+0x10cc/0x2b60 [ 11.283143] ? __pfx_read_tsc+0x10/0x10 [ 11.283166] krealloc_less_oob+0x1c/0x30 [ 11.283186] kunit_try_run_case+0x1a5/0x480 [ 11.283210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.283231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.283253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.283274] ? __kthread_parkme+0x82/0x180 [ 11.283294] ? preempt_count_sub+0x50/0x80 [ 11.283315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.283337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.283358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.283389] kthread+0x337/0x6f0 [ 11.283407] ? trace_preempt_on+0x20/0xc0 [ 11.283429] ? __pfx_kthread+0x10/0x10 [ 11.283448] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.283468] ? calculate_sigpending+0x7b/0xa0 [ 11.283490] ? __pfx_kthread+0x10/0x10 [ 11.283510] ret_from_fork+0x116/0x1d0 [ 11.283528] ? __pfx_kthread+0x10/0x10 [ 11.283546] ret_from_fork_asm+0x1a/0x30 [ 11.283576] </TASK> [ 11.283587] [ 11.292361] Allocated by task 175: [ 11.292537] kasan_save_stack+0x45/0x70 [ 11.292754] kasan_save_track+0x18/0x40 [ 11.292943] kasan_save_alloc_info+0x3b/0x50 [ 11.293147] __kasan_krealloc+0x190/0x1f0 [ 11.293338] krealloc_noprof+0xf3/0x340 [ 11.293560] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.293721] krealloc_less_oob+0x1c/0x30 [ 11.293858] kunit_try_run_case+0x1a5/0x480 [ 11.294442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.294894] kthread+0x337/0x6f0 [ 11.295105] ret_from_fork+0x116/0x1d0 [ 11.295298] ret_from_fork_asm+0x1a/0x30 [ 11.295511] [ 11.295621] The buggy address belongs to the object at ffff888100ab6e00 [ 11.295621] which belongs to the cache kmalloc-256 of size 256 [ 11.296277] The buggy address is located 33 bytes to the right of [ 11.296277] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.296683] [ 11.296758] The buggy address belongs to the physical page: [ 11.297180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.297557] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.298179] flags: 0x200000000000040(head|node=0|zone=2) [ 11.298421] page_type: f5(slab) [ 11.298547] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.299177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.299512] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.299745] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.299975] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.300408] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.300752] page dumped because: kasan: bad access detected [ 11.300981] [ 11.301051] Memory state around the buggy address: [ 11.301270] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.301573] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.302301] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.302565] ^ [ 11.302912] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.303263] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.303601] ================================================================== [ 11.213270] ================================================================== [ 11.213735] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.214558] Write of size 1 at addr ffff888100ab6ec9 by task kunit_try_catch/175 [ 11.214859] [ 11.215286] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.215338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.215350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.215387] Call Trace: [ 11.215400] <TASK> [ 11.215420] dump_stack_lvl+0x73/0xb0 [ 11.215453] print_report+0xd1/0x650 [ 11.215477] ? __virt_addr_valid+0x1db/0x2d0 [ 11.215501] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215523] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.215544] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215566] kasan_report+0x141/0x180 [ 11.215586] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215613] __asan_report_store1_noabort+0x1b/0x30 [ 11.215632] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215653] ? __perf_event_task_sched_in+0x151/0x360 [ 11.215681] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.215703] ? finish_task_switch.isra.0+0x153/0x700 [ 11.215725] ? __switch_to+0x47/0xf50 [ 11.215751] ? __schedule+0x10cc/0x2b60 [ 11.215772] ? __pfx_read_tsc+0x10/0x10 [ 11.215796] krealloc_less_oob+0x1c/0x30 [ 11.215818] kunit_try_run_case+0x1a5/0x480 [ 11.215843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.215863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.215886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.215907] ? __kthread_parkme+0x82/0x180 [ 11.215946] ? preempt_count_sub+0x50/0x80 [ 11.215968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.215990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.216011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.216032] kthread+0x337/0x6f0 [ 11.216050] ? trace_preempt_on+0x20/0xc0 [ 11.216072] ? __pfx_kthread+0x10/0x10 [ 11.216091] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.216111] ? calculate_sigpending+0x7b/0xa0 [ 11.216133] ? __pfx_kthread+0x10/0x10 [ 11.216153] ret_from_fork+0x116/0x1d0 [ 11.216170] ? __pfx_kthread+0x10/0x10 [ 11.216189] ret_from_fork_asm+0x1a/0x30 [ 11.216219] </TASK> [ 11.216230] [ 11.224687] Allocated by task 175: [ 11.224899] kasan_save_stack+0x45/0x70 [ 11.225195] kasan_save_track+0x18/0x40 [ 11.225675] kasan_save_alloc_info+0x3b/0x50 [ 11.225852] __kasan_krealloc+0x190/0x1f0 [ 11.225991] krealloc_noprof+0xf3/0x340 [ 11.226126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.226358] krealloc_less_oob+0x1c/0x30 [ 11.226566] kunit_try_run_case+0x1a5/0x480 [ 11.226778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.227133] kthread+0x337/0x6f0 [ 11.227275] ret_from_fork+0x116/0x1d0 [ 11.227467] ret_from_fork_asm+0x1a/0x30 [ 11.227688] [ 11.227788] The buggy address belongs to the object at ffff888100ab6e00 [ 11.227788] which belongs to the cache kmalloc-256 of size 256 [ 11.228250] The buggy address is located 0 bytes to the right of [ 11.228250] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.229248] [ 11.229367] The buggy address belongs to the physical page: [ 11.229684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.230009] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.230239] flags: 0x200000000000040(head|node=0|zone=2) [ 11.230495] page_type: f5(slab) [ 11.230665] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.231061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.231591] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.231895] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.232164] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.232407] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.232862] page dumped because: kasan: bad access detected [ 11.233525] [ 11.233634] Memory state around the buggy address: [ 11.233808] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.234082] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.234415] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.234729] ^ [ 11.235066] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.235365] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.235697] ================================================================== [ 11.400818] ================================================================== [ 11.401311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.401735] Write of size 1 at addr ffff888102bea0d0 by task kunit_try_catch/179 [ 11.402092] [ 11.402207] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.402250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.402262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.402282] Call Trace: [ 11.402301] <TASK> [ 11.402319] dump_stack_lvl+0x73/0xb0 [ 11.402349] print_report+0xd1/0x650 [ 11.402383] ? __virt_addr_valid+0x1db/0x2d0 [ 11.402405] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402427] ? kasan_addr_to_slab+0x11/0xa0 [ 11.402447] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402470] kasan_report+0x141/0x180 [ 11.402490] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402517] __asan_report_store1_noabort+0x1b/0x30 [ 11.402537] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402561] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.402584] ? finish_task_switch.isra.0+0x153/0x700 [ 11.402606] ? __switch_to+0x47/0xf50 [ 11.402632] ? __schedule+0x10cc/0x2b60 [ 11.402653] ? __pfx_read_tsc+0x10/0x10 [ 11.402676] krealloc_large_less_oob+0x1c/0x30 [ 11.402697] kunit_try_run_case+0x1a5/0x480 [ 11.402722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.402743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.402766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.402787] ? __kthread_parkme+0x82/0x180 [ 11.402807] ? preempt_count_sub+0x50/0x80 [ 11.402829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.402851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.402872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.402894] kthread+0x337/0x6f0 [ 11.402912] ? trace_preempt_on+0x20/0xc0 [ 11.402935] ? __pfx_kthread+0x10/0x10 [ 11.402954] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.402973] ? calculate_sigpending+0x7b/0xa0 [ 11.402997] ? __pfx_kthread+0x10/0x10 [ 11.403017] ret_from_fork+0x116/0x1d0 [ 11.403034] ? __pfx_kthread+0x10/0x10 [ 11.403053] ret_from_fork_asm+0x1a/0x30 [ 11.403083] </TASK> [ 11.403093] [ 11.411602] The buggy address belongs to the physical page: [ 11.411832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.412220] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.412752] flags: 0x200000000000040(head|node=0|zone=2) [ 11.412948] page_type: f8(unknown) [ 11.413176] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.413465] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.413711] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.414341] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.414661] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.414958] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.415337] page dumped because: kasan: bad access detected [ 11.415532] [ 11.415602] Memory state around the buggy address: [ 11.415758] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.416072] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.416417] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.416676] ^ [ 11.416855] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.417451] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.417757] ================================================================== [ 11.436040] ================================================================== [ 11.436433] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437129] Write of size 1 at addr ffff888102bea0ea by task kunit_try_catch/179 [ 11.437391] [ 11.437507] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.437550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.437561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.437580] Call Trace: [ 11.437598] <TASK> [ 11.437617] dump_stack_lvl+0x73/0xb0 [ 11.437645] print_report+0xd1/0x650 [ 11.437668] ? __virt_addr_valid+0x1db/0x2d0 [ 11.437691] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437730] ? kasan_addr_to_slab+0x11/0xa0 [ 11.437750] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437773] kasan_report+0x141/0x180 [ 11.437793] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437820] __asan_report_store1_noabort+0x1b/0x30 [ 11.437839] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437864] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.437886] ? finish_task_switch.isra.0+0x153/0x700 [ 11.437908] ? __switch_to+0x47/0xf50 [ 11.437975] ? __schedule+0x10cc/0x2b60 [ 11.437998] ? __pfx_read_tsc+0x10/0x10 [ 11.438022] krealloc_large_less_oob+0x1c/0x30 [ 11.438043] kunit_try_run_case+0x1a5/0x480 [ 11.438068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.438089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.438112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.438134] ? __kthread_parkme+0x82/0x180 [ 11.438154] ? preempt_count_sub+0x50/0x80 [ 11.438176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.438198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.438219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.438241] kthread+0x337/0x6f0 [ 11.438259] ? trace_preempt_on+0x20/0xc0 [ 11.438282] ? __pfx_kthread+0x10/0x10 [ 11.438302] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.438322] ? calculate_sigpending+0x7b/0xa0 [ 11.438345] ? __pfx_kthread+0x10/0x10 [ 11.438365] ret_from_fork+0x116/0x1d0 [ 11.438395] ? __pfx_kthread+0x10/0x10 [ 11.438414] ret_from_fork_asm+0x1a/0x30 [ 11.438445] </TASK> [ 11.438455] [ 11.446464] The buggy address belongs to the physical page: [ 11.446749] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.446997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.447306] flags: 0x200000000000040(head|node=0|zone=2) [ 11.447576] page_type: f8(unknown) [ 11.447915] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.448177] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.448459] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.448992] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.449311] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.449554] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.449933] page dumped because: kasan: bad access detected [ 11.450178] [ 11.450271] Memory state around the buggy address: [ 11.450700] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.451184] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.451537] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.452022] ^ [ 11.452279] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.452533] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.452777] ================================================================== [ 11.236223] ================================================================== [ 11.236599] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.236885] Write of size 1 at addr ffff888100ab6ed0 by task kunit_try_catch/175 [ 11.237582] [ 11.237709] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.237754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.237766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.237785] Call Trace: [ 11.237804] <TASK> [ 11.237823] dump_stack_lvl+0x73/0xb0 [ 11.237855] print_report+0xd1/0x650 [ 11.237878] ? __virt_addr_valid+0x1db/0x2d0 [ 11.237900] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.237922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.237942] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.237964] kasan_report+0x141/0x180 [ 11.237985] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.238012] __asan_report_store1_noabort+0x1b/0x30 [ 11.238031] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.238052] ? __perf_event_task_sched_in+0x151/0x360 [ 11.238079] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.238102] ? finish_task_switch.isra.0+0x153/0x700 [ 11.238126] ? __switch_to+0x47/0xf50 [ 11.238152] ? __schedule+0x10cc/0x2b60 [ 11.238175] ? __pfx_read_tsc+0x10/0x10 [ 11.238199] krealloc_less_oob+0x1c/0x30 [ 11.238219] kunit_try_run_case+0x1a5/0x480 [ 11.238242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.238262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.238285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.238307] ? __kthread_parkme+0x82/0x180 [ 11.238328] ? preempt_count_sub+0x50/0x80 [ 11.238349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.238384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.238406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.238428] kthread+0x337/0x6f0 [ 11.238446] ? trace_preempt_on+0x20/0xc0 [ 11.238469] ? __pfx_kthread+0x10/0x10 [ 11.238488] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.238508] ? calculate_sigpending+0x7b/0xa0 [ 11.238531] ? __pfx_kthread+0x10/0x10 [ 11.238551] ret_from_fork+0x116/0x1d0 [ 11.238568] ? __pfx_kthread+0x10/0x10 [ 11.238587] ret_from_fork_asm+0x1a/0x30 [ 11.238618] </TASK> [ 11.238629] [ 11.247228] Allocated by task 175: [ 11.247448] kasan_save_stack+0x45/0x70 [ 11.247718] kasan_save_track+0x18/0x40 [ 11.247855] kasan_save_alloc_info+0x3b/0x50 [ 11.248125] __kasan_krealloc+0x190/0x1f0 [ 11.248285] krealloc_noprof+0xf3/0x340 [ 11.248436] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.248750] krealloc_less_oob+0x1c/0x30 [ 11.248957] kunit_try_run_case+0x1a5/0x480 [ 11.249462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.249710] kthread+0x337/0x6f0 [ 11.249855] ret_from_fork+0x116/0x1d0 [ 11.249986] ret_from_fork_asm+0x1a/0x30 [ 11.250124] [ 11.250194] The buggy address belongs to the object at ffff888100ab6e00 [ 11.250194] which belongs to the cache kmalloc-256 of size 256 [ 11.250971] The buggy address is located 7 bytes to the right of [ 11.250971] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.251530] [ 11.251604] The buggy address belongs to the physical page: [ 11.251778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.252039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.252445] flags: 0x200000000000040(head|node=0|zone=2) [ 11.252882] page_type: f5(slab) [ 11.253437] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.253822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.254051] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.254282] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.254774] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.255314] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.255669] page dumped because: kasan: bad access detected [ 11.255877] [ 11.255947] Memory state around the buggy address: [ 11.256213] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.256520] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.256770] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.257742] ^ [ 11.258063] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.258359] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.258673] ================================================================== [ 11.418172] ================================================================== [ 11.418468] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.418767] Write of size 1 at addr ffff888102bea0da by task kunit_try_catch/179 [ 11.419227] [ 11.419363] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.419420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.419431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.419451] Call Trace: [ 11.419468] <TASK> [ 11.419485] dump_stack_lvl+0x73/0xb0 [ 11.419515] print_report+0xd1/0x650 [ 11.419537] ? __virt_addr_valid+0x1db/0x2d0 [ 11.419560] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419582] ? kasan_addr_to_slab+0x11/0xa0 [ 11.419601] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419623] kasan_report+0x141/0x180 [ 11.419644] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419671] __asan_report_store1_noabort+0x1b/0x30 [ 11.419691] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419715] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.419737] ? finish_task_switch.isra.0+0x153/0x700 [ 11.419758] ? __switch_to+0x47/0xf50 [ 11.419783] ? __schedule+0x10cc/0x2b60 [ 11.419804] ? __pfx_read_tsc+0x10/0x10 [ 11.419828] krealloc_large_less_oob+0x1c/0x30 [ 11.419849] kunit_try_run_case+0x1a5/0x480 [ 11.419873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.419894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.419917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.419938] ? __kthread_parkme+0x82/0x180 [ 11.419958] ? preempt_count_sub+0x50/0x80 [ 11.420034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.420059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.420081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.420103] kthread+0x337/0x6f0 [ 11.420122] ? trace_preempt_on+0x20/0xc0 [ 11.420146] ? __pfx_kthread+0x10/0x10 [ 11.420165] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.420185] ? calculate_sigpending+0x7b/0xa0 [ 11.420208] ? __pfx_kthread+0x10/0x10 [ 11.420228] ret_from_fork+0x116/0x1d0 [ 11.420245] ? __pfx_kthread+0x10/0x10 [ 11.420265] ret_from_fork_asm+0x1a/0x30 [ 11.420294] </TASK> [ 11.420304] [ 11.428135] The buggy address belongs to the physical page: [ 11.428420] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.428808] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.429165] flags: 0x200000000000040(head|node=0|zone=2) [ 11.429396] page_type: f8(unknown) [ 11.429578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.429875] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.430410] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.430747] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.431184] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.431488] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.431717] page dumped because: kasan: bad access detected [ 11.431887] [ 11.431957] Memory state around the buggy address: [ 11.432154] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.432549] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.432843] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.433055] ^ [ 11.433242] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.433467] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.434085] ================================================================== [ 11.378273] ================================================================== [ 11.378794] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.379148] Write of size 1 at addr ffff888102bea0c9 by task kunit_try_catch/179 [ 11.379587] [ 11.379691] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.379739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.379751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.379773] Call Trace: [ 11.379879] <TASK> [ 11.379899] dump_stack_lvl+0x73/0xb0 [ 11.379931] print_report+0xd1/0x650 [ 11.379954] ? __virt_addr_valid+0x1db/0x2d0 [ 11.379978] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380000] ? kasan_addr_to_slab+0x11/0xa0 [ 11.380019] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380087] kasan_report+0x141/0x180 [ 11.380109] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380159] __asan_report_store1_noabort+0x1b/0x30 [ 11.380183] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380208] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.380231] ? finish_task_switch.isra.0+0x153/0x700 [ 11.380255] ? __switch_to+0x47/0xf50 [ 11.380281] ? __schedule+0x10cc/0x2b60 [ 11.380304] ? __pfx_read_tsc+0x10/0x10 [ 11.380346] krealloc_large_less_oob+0x1c/0x30 [ 11.380368] kunit_try_run_case+0x1a5/0x480 [ 11.380413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.380434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.380459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.380480] ? __kthread_parkme+0x82/0x180 [ 11.380501] ? preempt_count_sub+0x50/0x80 [ 11.380523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.380545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.380568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.380590] kthread+0x337/0x6f0 [ 11.380608] ? trace_preempt_on+0x20/0xc0 [ 11.380631] ? __pfx_kthread+0x10/0x10 [ 11.380650] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.380671] ? calculate_sigpending+0x7b/0xa0 [ 11.380694] ? __pfx_kthread+0x10/0x10 [ 11.380714] ret_from_fork+0x116/0x1d0 [ 11.380731] ? __pfx_kthread+0x10/0x10 [ 11.380750] ret_from_fork_asm+0x1a/0x30 [ 11.380781] </TASK> [ 11.380792] [ 11.393425] The buggy address belongs to the physical page: [ 11.393706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.394049] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.394474] flags: 0x200000000000040(head|node=0|zone=2) [ 11.394773] page_type: f8(unknown) [ 11.395028] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.395415] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.395692] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.396117] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.396521] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.396890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.397320] page dumped because: kasan: bad access detected [ 11.397601] [ 11.397681] Memory state around the buggy address: [ 11.398027] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398646] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398952] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.399421] ^ [ 11.399697] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.400054] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.400366] ================================================================== [ 11.453334] ================================================================== [ 11.453720] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454073] Write of size 1 at addr ffff888102bea0eb by task kunit_try_catch/179 [ 11.454339] [ 11.454458] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.454500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.454512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.454532] Call Trace: [ 11.454550] <TASK> [ 11.454567] dump_stack_lvl+0x73/0xb0 [ 11.454594] print_report+0xd1/0x650 [ 11.454617] ? __virt_addr_valid+0x1db/0x2d0 [ 11.454639] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454661] ? kasan_addr_to_slab+0x11/0xa0 [ 11.454680] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454703] kasan_report+0x141/0x180 [ 11.454723] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454815] __asan_report_store1_noabort+0x1b/0x30 [ 11.454838] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454862] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.454885] ? finish_task_switch.isra.0+0x153/0x700 [ 11.454906] ? __switch_to+0x47/0xf50 [ 11.454960] ? __schedule+0x10cc/0x2b60 [ 11.454984] ? __pfx_read_tsc+0x10/0x10 [ 11.455007] krealloc_large_less_oob+0x1c/0x30 [ 11.455029] kunit_try_run_case+0x1a5/0x480 [ 11.455053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.455074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.455097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.455118] ? __kthread_parkme+0x82/0x180 [ 11.455138] ? preempt_count_sub+0x50/0x80 [ 11.455160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.455182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.455204] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.455226] kthread+0x337/0x6f0 [ 11.455244] ? trace_preempt_on+0x20/0xc0 [ 11.455268] ? __pfx_kthread+0x10/0x10 [ 11.455287] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.455307] ? calculate_sigpending+0x7b/0xa0 [ 11.455330] ? __pfx_kthread+0x10/0x10 [ 11.455350] ret_from_fork+0x116/0x1d0 [ 11.455367] ? __pfx_kthread+0x10/0x10 [ 11.455397] ret_from_fork_asm+0x1a/0x30 [ 11.455427] </TASK> [ 11.455438] [ 11.463737] The buggy address belongs to the physical page: [ 11.464072] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.464764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.465019] flags: 0x200000000000040(head|node=0|zone=2) [ 11.465391] page_type: f8(unknown) [ 11.465578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.465959] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.466223] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.466520] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.467010] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.467400] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.467629] page dumped because: kasan: bad access detected [ 11.467800] [ 11.467898] Memory state around the buggy address: [ 11.468120] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.468716] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.469073] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.469287] ^ [ 11.469501] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.470033] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.470350] ==================================================================