Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.934406] ================================================================== [ 17.934462] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 17.934513] Write of size 1 at addr fff00000c44ecac9 by task kunit_try_catch/158 [ 17.934560] [ 17.934591] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.934671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.934718] Hardware name: linux,dummy-virt (DT) [ 17.934749] Call trace: [ 17.934771] show_stack+0x20/0x38 (C) [ 17.934818] dump_stack_lvl+0x8c/0xd0 [ 17.934862] print_report+0x118/0x608 [ 17.934906] kasan_report+0xdc/0x128 [ 17.934950] __asan_report_store1_noabort+0x20/0x30 [ 17.935008] krealloc_less_oob_helper+0xa48/0xc50 [ 17.935056] krealloc_less_oob+0x20/0x38 [ 17.935099] kunit_try_run_case+0x170/0x3f0 [ 17.935143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.935206] kthread+0x328/0x630 [ 17.935246] ret_from_fork+0x10/0x20 [ 17.935299] [ 17.935317] Allocated by task 158: [ 17.935348] kasan_save_stack+0x3c/0x68 [ 17.935388] kasan_save_track+0x20/0x40 [ 17.935433] kasan_save_alloc_info+0x40/0x58 [ 17.935472] __kasan_krealloc+0x118/0x178 [ 17.935507] krealloc_noprof+0x128/0x360 [ 17.935543] krealloc_less_oob_helper+0x168/0xc50 [ 17.935581] krealloc_less_oob+0x20/0x38 [ 17.935616] kunit_try_run_case+0x170/0x3f0 [ 17.935661] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.935703] kthread+0x328/0x630 [ 17.935743] ret_from_fork+0x10/0x20 [ 17.935787] [ 17.935805] The buggy address belongs to the object at fff00000c44eca00 [ 17.935805] which belongs to the cache kmalloc-256 of size 256 [ 17.935868] The buggy address is located 0 bytes to the right of [ 17.935868] allocated 201-byte region [fff00000c44eca00, fff00000c44ecac9) [ 17.935969] [ 17.935987] The buggy address belongs to the physical page: [ 17.936042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec [ 17.936124] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.936195] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.936244] page_type: f5(slab) [ 17.936280] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.936328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.936375] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.936421] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.936467] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff [ 17.936536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.936600] page dumped because: kasan: bad access detected [ 17.936675] [ 17.936693] Memory state around the buggy address: [ 17.936724] fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.936765] fff00000c44eca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.936825] >fff00000c44eca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.936862] ^ [ 17.936895] fff00000c44ecb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.936942] fff00000c44ecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.936978] ================================================================== [ 17.989652] ================================================================== [ 17.989811] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 17.989866] Write of size 1 at addr fff00000c78360ea by task kunit_try_catch/162 [ 17.989940] [ 17.989998] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.990105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.990131] Hardware name: linux,dummy-virt (DT) [ 17.990189] Call trace: [ 17.990238] show_stack+0x20/0x38 (C) [ 17.990322] dump_stack_lvl+0x8c/0xd0 [ 17.990394] print_report+0x118/0x608 [ 17.990448] kasan_report+0xdc/0x128 [ 17.990500] __asan_report_store1_noabort+0x20/0x30 [ 17.990546] krealloc_less_oob_helper+0xae4/0xc50 [ 17.990592] krealloc_large_less_oob+0x20/0x38 [ 17.990647] kunit_try_run_case+0x170/0x3f0 [ 17.990698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.990750] kthread+0x328/0x630 [ 17.990799] ret_from_fork+0x10/0x20 [ 17.990845] [ 17.990865] The buggy address belongs to the physical page: [ 17.990894] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 17.990943] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.991000] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.991048] page_type: f8(unknown) [ 17.991085] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.991132] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.991190] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.991236] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.991282] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 17.991328] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.991514] page dumped because: kasan: bad access detected [ 17.991591] [ 17.991609] Memory state around the buggy address: [ 17.991703] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.991761] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.991837] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.991883] ^ [ 17.991920] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.991980] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.992037] ================================================================== [ 17.953261] ================================================================== [ 17.953307] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 17.953354] Write of size 1 at addr fff00000c44ecaeb by task kunit_try_catch/158 [ 17.953400] [ 17.953427] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.953504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.953531] Hardware name: linux,dummy-virt (DT) [ 17.953560] Call trace: [ 17.953580] show_stack+0x20/0x38 (C) [ 17.953625] dump_stack_lvl+0x8c/0xd0 [ 17.953669] print_report+0x118/0x608 [ 17.953713] kasan_report+0xdc/0x128 [ 17.953757] __asan_report_store1_noabort+0x20/0x30 [ 17.953802] krealloc_less_oob_helper+0xa58/0xc50 [ 17.953849] krealloc_less_oob+0x20/0x38 [ 17.953892] kunit_try_run_case+0x170/0x3f0 [ 17.953937] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.953987] kthread+0x328/0x630 [ 17.954027] ret_from_fork+0x10/0x20 [ 17.954071] [ 17.954089] Allocated by task 158: [ 17.954114] kasan_save_stack+0x3c/0x68 [ 17.954167] kasan_save_track+0x20/0x40 [ 17.954203] kasan_save_alloc_info+0x40/0x58 [ 17.954241] __kasan_krealloc+0x118/0x178 [ 17.954277] krealloc_noprof+0x128/0x360 [ 17.954312] krealloc_less_oob_helper+0x168/0xc50 [ 17.954350] krealloc_less_oob+0x20/0x38 [ 17.954384] kunit_try_run_case+0x170/0x3f0 [ 17.954419] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.954460] kthread+0x328/0x630 [ 17.954490] ret_from_fork+0x10/0x20 [ 17.954525] [ 17.954543] The buggy address belongs to the object at fff00000c44eca00 [ 17.954543] which belongs to the cache kmalloc-256 of size 256 [ 17.954597] The buggy address is located 34 bytes to the right of [ 17.954597] allocated 201-byte region [fff00000c44eca00, fff00000c44ecac9) [ 17.954658] [ 17.954676] The buggy address belongs to the physical page: [ 17.954705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec [ 17.954753] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.954796] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.954844] page_type: f5(slab) [ 17.954879] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.954926] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.954976] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.955022] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.955068] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff [ 17.955114] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.955185] page dumped because: kasan: bad access detected [ 17.955266] [ 17.955284] Memory state around the buggy address: [ 17.955341] fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.955383] fff00000c44eca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.955423] >fff00000c44eca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.955458] ^ [ 17.955494] fff00000c44ecb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.955560] fff00000c44ecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.955618] ================================================================== [ 17.943236] ================================================================== [ 17.943321] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 17.943370] Write of size 1 at addr fff00000c44ecada by task kunit_try_catch/158 [ 17.943418] [ 17.943445] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.943593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.943669] Hardware name: linux,dummy-virt (DT) [ 17.943742] Call trace: [ 17.943800] show_stack+0x20/0x38 (C) [ 17.943846] dump_stack_lvl+0x8c/0xd0 [ 17.943933] print_report+0x118/0x608 [ 17.944003] kasan_report+0xdc/0x128 [ 17.944050] __asan_report_store1_noabort+0x20/0x30 [ 17.944619] krealloc_less_oob_helper+0xa80/0xc50 [ 17.944681] krealloc_less_oob+0x20/0x38 [ 17.944727] kunit_try_run_case+0x170/0x3f0 [ 17.944772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.944822] kthread+0x328/0x630 [ 17.944862] ret_from_fork+0x10/0x20 [ 17.944907] [ 17.944926] Allocated by task 158: [ 17.944952] kasan_save_stack+0x3c/0x68 [ 17.944991] kasan_save_track+0x20/0x40 [ 17.945027] kasan_save_alloc_info+0x40/0x58 [ 17.945064] __kasan_krealloc+0x118/0x178 [ 17.945100] krealloc_noprof+0x128/0x360 [ 17.945135] krealloc_less_oob_helper+0x168/0xc50 [ 17.945324] krealloc_less_oob+0x20/0x38 [ 17.945483] kunit_try_run_case+0x170/0x3f0 [ 17.945560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.945601] kthread+0x328/0x630 [ 17.945632] ret_from_fork+0x10/0x20 [ 17.945667] [ 17.945687] The buggy address belongs to the object at fff00000c44eca00 [ 17.945687] which belongs to the cache kmalloc-256 of size 256 [ 17.945756] The buggy address is located 17 bytes to the right of [ 17.945756] allocated 201-byte region [fff00000c44eca00, fff00000c44ecac9) [ 17.945817] [ 17.945836] The buggy address belongs to the physical page: [ 17.945865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec [ 17.945923] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.945968] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.946016] page_type: f5(slab) [ 17.946051] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.946109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.946177] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.946224] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.946271] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff [ 17.946325] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.946374] page dumped because: kasan: bad access detected [ 17.946432] [ 17.946463] Memory state around the buggy address: [ 17.946493] fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.946533] fff00000c44eca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.946576] >fff00000c44eca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.946621] ^ [ 17.946672] fff00000c44ecb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.946721] fff00000c44ecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.946765] ================================================================== [ 17.983345] ================================================================== [ 17.983622] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 17.983700] Write of size 1 at addr fff00000c78360da by task kunit_try_catch/162 [ 17.983785] [ 17.983813] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.983946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.983972] Hardware name: linux,dummy-virt (DT) [ 17.984023] Call trace: [ 17.984045] show_stack+0x20/0x38 (C) [ 17.984092] dump_stack_lvl+0x8c/0xd0 [ 17.984136] print_report+0x118/0x608 [ 17.984219] kasan_report+0xdc/0x128 [ 17.984265] __asan_report_store1_noabort+0x20/0x30 [ 17.984312] krealloc_less_oob_helper+0xa80/0xc50 [ 17.984547] krealloc_large_less_oob+0x20/0x38 [ 17.984613] kunit_try_run_case+0x170/0x3f0 [ 17.984842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.984953] kthread+0x328/0x630 [ 17.985126] ret_from_fork+0x10/0x20 [ 17.985288] [ 17.985346] The buggy address belongs to the physical page: [ 17.985402] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 17.985451] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.985844] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.985954] page_type: f8(unknown) [ 17.986050] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.986270] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.986356] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.986513] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.986663] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 17.986753] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.987187] page dumped because: kasan: bad access detected [ 17.987313] [ 17.987468] Memory state around the buggy address: [ 17.987544] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.987637] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.987756] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.988051] ^ [ 17.988094] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.988134] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.988178] ================================================================== [ 17.947566] ================================================================== [ 17.947739] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 17.947834] Write of size 1 at addr fff00000c44ecaea by task kunit_try_catch/158 [ 17.947913] [ 17.947972] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.948097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.948122] Hardware name: linux,dummy-virt (DT) [ 17.948196] Call trace: [ 17.948268] show_stack+0x20/0x38 (C) [ 17.948366] dump_stack_lvl+0x8c/0xd0 [ 17.948468] print_report+0x118/0x608 [ 17.948522] kasan_report+0xdc/0x128 [ 17.948663] __asan_report_store1_noabort+0x20/0x30 [ 17.948727] krealloc_less_oob_helper+0xae4/0xc50 [ 17.948774] krealloc_less_oob+0x20/0x38 [ 17.948835] kunit_try_run_case+0x170/0x3f0 [ 17.948881] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.948933] kthread+0x328/0x630 [ 17.948974] ret_from_fork+0x10/0x20 [ 17.949047] [ 17.949103] Allocated by task 158: [ 17.949129] kasan_save_stack+0x3c/0x68 [ 17.949180] kasan_save_track+0x20/0x40 [ 17.949216] kasan_save_alloc_info+0x40/0x58 [ 17.949253] __kasan_krealloc+0x118/0x178 [ 17.949289] krealloc_noprof+0x128/0x360 [ 17.949324] krealloc_less_oob_helper+0x168/0xc50 [ 17.949361] krealloc_less_oob+0x20/0x38 [ 17.949396] kunit_try_run_case+0x170/0x3f0 [ 17.949731] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.949811] kthread+0x328/0x630 [ 17.949885] ret_from_fork+0x10/0x20 [ 17.949920] [ 17.949939] The buggy address belongs to the object at fff00000c44eca00 [ 17.949939] which belongs to the cache kmalloc-256 of size 256 [ 17.950014] The buggy address is located 33 bytes to the right of [ 17.950014] allocated 201-byte region [fff00000c44eca00, fff00000c44ecac9) [ 17.950277] [ 17.950375] The buggy address belongs to the physical page: [ 17.950451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec [ 17.950584] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.950725] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.950809] page_type: f5(slab) [ 17.950851] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.951001] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.951096] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.951145] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.951202] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff [ 17.951274] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.951442] page dumped because: kasan: bad access detected [ 17.951554] [ 17.951628] Memory state around the buggy address: [ 17.951778] fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.952355] fff00000c44eca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.952440] >fff00000c44eca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.952553] ^ [ 17.952591] fff00000c44ecb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.952632] fff00000c44ecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.952667] ================================================================== [ 17.937960] ================================================================== [ 17.938008] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 17.938054] Write of size 1 at addr fff00000c44ecad0 by task kunit_try_catch/158 [ 17.938139] [ 17.938185] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.938316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.938342] Hardware name: linux,dummy-virt (DT) [ 17.938371] Call trace: [ 17.938391] show_stack+0x20/0x38 (C) [ 17.938438] dump_stack_lvl+0x8c/0xd0 [ 17.938514] print_report+0x118/0x608 [ 17.938559] kasan_report+0xdc/0x128 [ 17.938602] __asan_report_store1_noabort+0x20/0x30 [ 17.938648] krealloc_less_oob_helper+0xb9c/0xc50 [ 17.938697] krealloc_less_oob+0x20/0x38 [ 17.938741] kunit_try_run_case+0x170/0x3f0 [ 17.938815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.938868] kthread+0x328/0x630 [ 17.938926] ret_from_fork+0x10/0x20 [ 17.938995] [ 17.939014] Allocated by task 158: [ 17.939041] kasan_save_stack+0x3c/0x68 [ 17.939119] kasan_save_track+0x20/0x40 [ 17.939175] kasan_save_alloc_info+0x40/0x58 [ 17.939252] __kasan_krealloc+0x118/0x178 [ 17.939305] krealloc_noprof+0x128/0x360 [ 17.939341] krealloc_less_oob_helper+0x168/0xc50 [ 17.939407] krealloc_less_oob+0x20/0x38 [ 17.939443] kunit_try_run_case+0x170/0x3f0 [ 17.939494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.939535] kthread+0x328/0x630 [ 17.939565] ret_from_fork+0x10/0x20 [ 17.939626] [ 17.939936] The buggy address belongs to the object at fff00000c44eca00 [ 17.939936] which belongs to the cache kmalloc-256 of size 256 [ 17.940012] The buggy address is located 7 bytes to the right of [ 17.940012] allocated 201-byte region [fff00000c44eca00, fff00000c44ecac9) [ 17.940139] [ 17.940178] The buggy address belongs to the physical page: [ 17.940207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ec [ 17.940276] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.940321] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.940368] page_type: f5(slab) [ 17.940403] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.940451] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.940769] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.940843] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.940958] head: 0bfffe0000000001 ffffc1ffc3113b01 00000000ffffffff 00000000ffffffff [ 17.941062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.941140] page dumped because: kasan: bad access detected [ 17.941200] [ 17.941277] Memory state around the buggy address: [ 17.941308] fff00000c44ec980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.941349] fff00000c44eca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.941390] >fff00000c44eca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.941425] ^ [ 17.941487] fff00000c44ecb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.941655] fff00000c44ecb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.941764] ================================================================== [ 17.981399] ================================================================== [ 17.981465] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 17.981512] Write of size 1 at addr fff00000c78360d0 by task kunit_try_catch/162 [ 17.981580] [ 17.981618] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.981694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.981719] Hardware name: linux,dummy-virt (DT) [ 17.981797] Call trace: [ 17.981853] show_stack+0x20/0x38 (C) [ 17.981922] dump_stack_lvl+0x8c/0xd0 [ 17.981967] print_report+0x118/0x608 [ 17.982011] kasan_report+0xdc/0x128 [ 17.982054] __asan_report_store1_noabort+0x20/0x30 [ 17.982162] krealloc_less_oob_helper+0xb9c/0xc50 [ 17.982210] krealloc_large_less_oob+0x20/0x38 [ 17.982255] kunit_try_run_case+0x170/0x3f0 [ 17.982300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.982350] kthread+0x328/0x630 [ 17.982399] ret_from_fork+0x10/0x20 [ 17.982445] [ 17.982463] The buggy address belongs to the physical page: [ 17.982492] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 17.982548] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.982597] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.982650] page_type: f8(unknown) [ 17.982686] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.982733] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.982780] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.982826] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.982872] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 17.982926] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.982964] page dumped because: kasan: bad access detected [ 17.983006] [ 17.983024] Memory state around the buggy address: [ 17.983052] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.983100] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.983143] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.983187] ^ [ 17.983221] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.983260] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.983296] ================================================================== [ 17.992223] ================================================================== [ 17.992264] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 17.992394] Write of size 1 at addr fff00000c78360eb by task kunit_try_catch/162 [ 17.992449] [ 17.992476] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.992597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.992625] Hardware name: linux,dummy-virt (DT) [ 17.992653] Call trace: [ 17.992724] show_stack+0x20/0x38 (C) [ 17.992995] dump_stack_lvl+0x8c/0xd0 [ 17.993080] print_report+0x118/0x608 [ 17.993213] kasan_report+0xdc/0x128 [ 17.993258] __asan_report_store1_noabort+0x20/0x30 [ 17.993343] krealloc_less_oob_helper+0xa58/0xc50 [ 17.993416] krealloc_large_less_oob+0x20/0x38 [ 17.993497] kunit_try_run_case+0x170/0x3f0 [ 17.993543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.993616] kthread+0x328/0x630 [ 17.993910] ret_from_fork+0x10/0x20 [ 17.993967] [ 17.993986] The buggy address belongs to the physical page: [ 17.994066] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 17.994117] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.994197] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.994282] page_type: f8(unknown) [ 17.994354] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.994410] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.994481] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.994546] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.994611] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 17.994658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.994698] page dumped because: kasan: bad access detected [ 17.994861] [ 17.994880] Memory state around the buggy address: [ 17.994989] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.995102] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.995194] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.995250] ^ [ 17.995322] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.995369] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.995421] ================================================================== [ 17.977329] ================================================================== [ 17.977385] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 17.977568] Write of size 1 at addr fff00000c78360c9 by task kunit_try_catch/162 [ 17.977694] [ 17.977767] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.977873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.977899] Hardware name: linux,dummy-virt (DT) [ 17.977954] Call trace: [ 17.978003] show_stack+0x20/0x38 (C) [ 17.978078] dump_stack_lvl+0x8c/0xd0 [ 17.978131] print_report+0x118/0x608 [ 17.978194] kasan_report+0xdc/0x128 [ 17.978237] __asan_report_store1_noabort+0x20/0x30 [ 17.978515] krealloc_less_oob_helper+0xa48/0xc50 [ 17.978578] krealloc_large_less_oob+0x20/0x38 [ 17.978624] kunit_try_run_case+0x170/0x3f0 [ 17.978670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.978721] kthread+0x328/0x630 [ 17.978797] ret_from_fork+0x10/0x20 [ 17.978863] [ 17.978921] The buggy address belongs to the physical page: [ 17.978989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 17.979093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.979195] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.979247] page_type: f8(unknown) [ 17.979284] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.979340] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.979502] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.979551] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.979704] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 17.979760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.979799] page dumped because: kasan: bad access detected [ 17.979828] [ 17.979846] Memory state around the buggy address: [ 17.980050] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.980329] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.980450] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.980578] ^ [ 17.980698] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.980767] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.980834] ==================================================================
[ 13.380953] ================================================================== [ 13.381710] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.382021] Write of size 1 at addr ffff8881028ee0d0 by task kunit_try_catch/180 [ 13.382925] [ 13.383233] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.383299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.383315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.383348] Call Trace: [ 13.383365] <TASK> [ 13.383412] dump_stack_lvl+0x73/0xb0 [ 13.383453] print_report+0xd1/0x650 [ 13.383480] ? __virt_addr_valid+0x1db/0x2d0 [ 13.383508] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383537] ? kasan_addr_to_slab+0x11/0xa0 [ 13.383563] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383592] kasan_report+0x141/0x180 [ 13.383618] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383652] __asan_report_store1_noabort+0x1b/0x30 [ 13.383677] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383708] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.383737] ? finish_task_switch.isra.0+0x153/0x700 [ 13.383764] ? __switch_to+0x47/0xf50 [ 13.383807] ? __schedule+0x10cc/0x2b60 [ 13.383836] ? __pfx_read_tsc+0x10/0x10 [ 13.383865] krealloc_large_less_oob+0x1c/0x30 [ 13.383892] kunit_try_run_case+0x1a5/0x480 [ 13.383921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.383948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.383976] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.384004] ? __kthread_parkme+0x82/0x180 [ 13.384029] ? preempt_count_sub+0x50/0x80 [ 13.384056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.384131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.384381] kthread+0x337/0x6f0 [ 13.384410] ? trace_preempt_on+0x20/0xc0 [ 13.384439] ? __pfx_kthread+0x10/0x10 [ 13.384463] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.384489] ? calculate_sigpending+0x7b/0xa0 [ 13.384518] ? __pfx_kthread+0x10/0x10 [ 13.384543] ret_from_fork+0x116/0x1d0 [ 13.384567] ? __pfx_kthread+0x10/0x10 [ 13.384591] ret_from_fork_asm+0x1a/0x30 [ 13.384627] </TASK> [ 13.384642] [ 13.399884] The buggy address belongs to the physical page: [ 13.400486] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.401034] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.401973] flags: 0x200000000000040(head|node=0|zone=2) [ 13.402838] page_type: f8(unknown) [ 13.403225] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.403603] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.403885] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.404173] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.404728] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.405553] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.406351] page dumped because: kasan: bad access detected [ 13.406980] [ 13.407188] Memory state around the buggy address: [ 13.407387] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407639] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407908] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.408537] ^ [ 13.408823] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.409163] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.409487] ================================================================== [ 13.229111] ================================================================== [ 13.229459] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.229905] Write of size 1 at addr ffff88810033a2ea by task kunit_try_catch/176 [ 13.230418] [ 13.230579] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.230643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.230657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.230681] Call Trace: [ 13.230702] <TASK> [ 13.230722] dump_stack_lvl+0x73/0xb0 [ 13.230759] print_report+0xd1/0x650 [ 13.230785] ? __virt_addr_valid+0x1db/0x2d0 [ 13.230820] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230855] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.230880] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230906] kasan_report+0x141/0x180 [ 13.230953] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230985] __asan_report_store1_noabort+0x1b/0x30 [ 13.231007] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.231047] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.231071] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.231105] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.231135] krealloc_less_oob+0x1c/0x30 [ 13.231274] kunit_try_run_case+0x1a5/0x480 [ 13.231316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.231341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.231367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.231392] ? __kthread_parkme+0x82/0x180 [ 13.231415] ? preempt_count_sub+0x50/0x80 [ 13.231442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.231478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.231502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.231539] kthread+0x337/0x6f0 [ 13.231560] ? trace_preempt_on+0x20/0xc0 [ 13.231586] ? __pfx_kthread+0x10/0x10 [ 13.231609] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.231632] ? calculate_sigpending+0x7b/0xa0 [ 13.231658] ? __pfx_kthread+0x10/0x10 [ 13.231681] ret_from_fork+0x116/0x1d0 [ 13.231704] ? __pfx_kthread+0x10/0x10 [ 13.231726] ret_from_fork_asm+0x1a/0x30 [ 13.231761] </TASK> [ 13.231775] [ 13.241102] Allocated by task 176: [ 13.241387] kasan_save_stack+0x45/0x70 [ 13.241639] kasan_save_track+0x18/0x40 [ 13.241869] kasan_save_alloc_info+0x3b/0x50 [ 13.242038] __kasan_krealloc+0x190/0x1f0 [ 13.242418] krealloc_noprof+0xf3/0x340 [ 13.242674] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.242915] krealloc_less_oob+0x1c/0x30 [ 13.243094] kunit_try_run_case+0x1a5/0x480 [ 13.243365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.243588] kthread+0x337/0x6f0 [ 13.243748] ret_from_fork+0x116/0x1d0 [ 13.246501] ret_from_fork_asm+0x1a/0x30 [ 13.247293] [ 13.247816] The buggy address belongs to the object at ffff88810033a200 [ 13.247816] which belongs to the cache kmalloc-256 of size 256 [ 13.248544] The buggy address is located 33 bytes to the right of [ 13.248544] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.250959] [ 13.252200] The buggy address belongs to the physical page: [ 13.252417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.252781] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.253644] flags: 0x200000000000040(head|node=0|zone=2) [ 13.254337] page_type: f5(slab) [ 13.254482] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.255338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.255843] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.256356] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.256949] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.257304] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.257680] page dumped because: kasan: bad access detected [ 13.258045] [ 13.258272] Memory state around the buggy address: [ 13.258461] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.258858] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.259239] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.259741] ^ [ 13.260835] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.261218] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.261764] ================================================================== [ 13.345431] ================================================================== [ 13.347166] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.347848] Write of size 1 at addr ffff8881028ee0c9 by task kunit_try_catch/180 [ 13.348501] [ 13.348720] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.348802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.348819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.348885] Call Trace: [ 13.348903] <TASK> [ 13.348958] dump_stack_lvl+0x73/0xb0 [ 13.349003] print_report+0xd1/0x650 [ 13.349044] ? __virt_addr_valid+0x1db/0x2d0 [ 13.349097] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349127] ? kasan_addr_to_slab+0x11/0xa0 [ 13.349151] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349180] kasan_report+0x141/0x180 [ 13.349205] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349239] __asan_report_store1_noabort+0x1b/0x30 [ 13.349264] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349294] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.349323] ? finish_task_switch.isra.0+0x153/0x700 [ 13.349377] ? __switch_to+0x47/0xf50 [ 13.349409] ? __schedule+0x10cc/0x2b60 [ 13.349436] ? __pfx_read_tsc+0x10/0x10 [ 13.349466] krealloc_large_less_oob+0x1c/0x30 [ 13.349493] kunit_try_run_case+0x1a5/0x480 [ 13.349525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.349580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.349608] ? __kthread_parkme+0x82/0x180 [ 13.349634] ? preempt_count_sub+0x50/0x80 [ 13.349660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.349716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.349745] kthread+0x337/0x6f0 [ 13.349767] ? trace_preempt_on+0x20/0xc0 [ 13.349805] ? __pfx_kthread+0x10/0x10 [ 13.349829] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.349854] ? calculate_sigpending+0x7b/0xa0 [ 13.349884] ? __pfx_kthread+0x10/0x10 [ 13.349909] ret_from_fork+0x116/0x1d0 [ 13.349931] ? __pfx_kthread+0x10/0x10 [ 13.349955] ret_from_fork_asm+0x1a/0x30 [ 13.349992] </TASK> [ 13.350006] [ 13.367335] The buggy address belongs to the physical page: [ 13.368555] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.369540] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.370683] flags: 0x200000000000040(head|node=0|zone=2) [ 13.371172] page_type: f8(unknown) [ 13.371519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.372250] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.372775] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.373062] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.374089] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.374942] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.375575] page dumped because: kasan: bad access detected [ 13.375781] [ 13.375879] Memory state around the buggy address: [ 13.376057] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376305] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.377184] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.377529] ^ [ 13.378075] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.378633] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.379521] ================================================================== [ 13.409947] ================================================================== [ 13.410328] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.410679] Write of size 1 at addr ffff8881028ee0da by task kunit_try_catch/180 [ 13.411068] [ 13.411224] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.411283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.411299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.411332] Call Trace: [ 13.411354] <TASK> [ 13.411482] dump_stack_lvl+0x73/0xb0 [ 13.411525] print_report+0xd1/0x650 [ 13.411553] ? __virt_addr_valid+0x1db/0x2d0 [ 13.411581] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411609] ? kasan_addr_to_slab+0x11/0xa0 [ 13.411634] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411662] kasan_report+0x141/0x180 [ 13.411688] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411721] __asan_report_store1_noabort+0x1b/0x30 [ 13.411746] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411777] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.411822] ? finish_task_switch.isra.0+0x153/0x700 [ 13.411848] ? __switch_to+0x47/0xf50 [ 13.411878] ? __schedule+0x10cc/0x2b60 [ 13.411904] ? __pfx_read_tsc+0x10/0x10 [ 13.411933] krealloc_large_less_oob+0x1c/0x30 [ 13.411959] kunit_try_run_case+0x1a5/0x480 [ 13.411989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.412016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.412043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.412070] ? __kthread_parkme+0x82/0x180 [ 13.412095] ? preempt_count_sub+0x50/0x80 [ 13.412121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.412149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.412363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.412403] kthread+0x337/0x6f0 [ 13.412426] ? trace_preempt_on+0x20/0xc0 [ 13.412456] ? __pfx_kthread+0x10/0x10 [ 13.412480] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.412506] ? calculate_sigpending+0x7b/0xa0 [ 13.412535] ? __pfx_kthread+0x10/0x10 [ 13.412559] ret_from_fork+0x116/0x1d0 [ 13.412582] ? __pfx_kthread+0x10/0x10 [ 13.412606] ret_from_fork_asm+0x1a/0x30 [ 13.412642] </TASK> [ 13.412657] [ 13.421742] The buggy address belongs to the physical page: [ 13.421986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.422457] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.422881] flags: 0x200000000000040(head|node=0|zone=2) [ 13.423241] page_type: f8(unknown) [ 13.423402] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.423675] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.424064] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.424470] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.425278] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.425570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.425949] page dumped because: kasan: bad access detected [ 13.426434] [ 13.426551] Memory state around the buggy address: [ 13.426832] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.427230] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.427567] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.427937] ^ [ 13.428415] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.428761] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.429075] ================================================================== [ 13.201922] ================================================================== [ 13.202432] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.202854] Write of size 1 at addr ffff88810033a2da by task kunit_try_catch/176 [ 13.203380] [ 13.203522] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.203574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.203588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.203612] Call Trace: [ 13.203627] <TASK> [ 13.203649] dump_stack_lvl+0x73/0xb0 [ 13.203686] print_report+0xd1/0x650 [ 13.203712] ? __virt_addr_valid+0x1db/0x2d0 [ 13.203737] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.203799] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203826] kasan_report+0x141/0x180 [ 13.203863] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203895] __asan_report_store1_noabort+0x1b/0x30 [ 13.203918] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203959] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.203984] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.204017] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.204046] krealloc_less_oob+0x1c/0x30 [ 13.204091] kunit_try_run_case+0x1a5/0x480 [ 13.204119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.204317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.204346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.204372] ? __kthread_parkme+0x82/0x180 [ 13.204396] ? preempt_count_sub+0x50/0x80 [ 13.204422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.204448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.204474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.204499] kthread+0x337/0x6f0 [ 13.204520] ? trace_preempt_on+0x20/0xc0 [ 13.204547] ? __pfx_kthread+0x10/0x10 [ 13.204570] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.204593] ? calculate_sigpending+0x7b/0xa0 [ 13.204619] ? __pfx_kthread+0x10/0x10 [ 13.204643] ret_from_fork+0x116/0x1d0 [ 13.204665] ? __pfx_kthread+0x10/0x10 [ 13.204687] ret_from_fork_asm+0x1a/0x30 [ 13.204722] </TASK> [ 13.204736] [ 13.213934] Allocated by task 176: [ 13.214259] kasan_save_stack+0x45/0x70 [ 13.214506] kasan_save_track+0x18/0x40 [ 13.214726] kasan_save_alloc_info+0x3b/0x50 [ 13.214985] __kasan_krealloc+0x190/0x1f0 [ 13.215193] krealloc_noprof+0xf3/0x340 [ 13.215349] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.215608] krealloc_less_oob+0x1c/0x30 [ 13.215920] kunit_try_run_case+0x1a5/0x480 [ 13.216439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.216750] kthread+0x337/0x6f0 [ 13.216929] ret_from_fork+0x116/0x1d0 [ 13.217117] ret_from_fork_asm+0x1a/0x30 [ 13.217468] [ 13.217582] The buggy address belongs to the object at ffff88810033a200 [ 13.217582] which belongs to the cache kmalloc-256 of size 256 [ 13.218714] The buggy address is located 17 bytes to the right of [ 13.218714] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.219335] [ 13.219441] The buggy address belongs to the physical page: [ 13.219708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.220958] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.221636] flags: 0x200000000000040(head|node=0|zone=2) [ 13.222237] page_type: f5(slab) [ 13.222437] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.222818] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.223115] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.223519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.223953] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.224612] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.225030] page dumped because: kasan: bad access detected [ 13.225447] [ 13.225563] Memory state around the buggy address: [ 13.225783] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.226171] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.226662] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.227017] ^ [ 13.227329] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.227807] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.228262] ================================================================== [ 13.262415] ================================================================== [ 13.262808] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.263359] Write of size 1 at addr ffff88810033a2eb by task kunit_try_catch/176 [ 13.263696] [ 13.263849] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.263902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.263916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.263941] Call Trace: [ 13.263963] <TASK> [ 13.263985] dump_stack_lvl+0x73/0xb0 [ 13.264022] print_report+0xd1/0x650 [ 13.264050] ? __virt_addr_valid+0x1db/0x2d0 [ 13.264100] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.264166] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264192] kasan_report+0x141/0x180 [ 13.264216] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264462] __asan_report_store1_noabort+0x1b/0x30 [ 13.264495] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264556] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.264582] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.264632] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.264662] krealloc_less_oob+0x1c/0x30 [ 13.264685] kunit_try_run_case+0x1a5/0x480 [ 13.264712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.264736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.264763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.264804] ? __kthread_parkme+0x82/0x180 [ 13.264833] ? preempt_count_sub+0x50/0x80 [ 13.264861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.264889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.264913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.264938] kthread+0x337/0x6f0 [ 13.264959] ? trace_preempt_on+0x20/0xc0 [ 13.264985] ? __pfx_kthread+0x10/0x10 [ 13.265008] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.265031] ? calculate_sigpending+0x7b/0xa0 [ 13.265058] ? __pfx_kthread+0x10/0x10 [ 13.265082] ret_from_fork+0x116/0x1d0 [ 13.265106] ? __pfx_kthread+0x10/0x10 [ 13.265130] ret_from_fork_asm+0x1a/0x30 [ 13.265167] </TASK> [ 13.265181] [ 13.275732] Allocated by task 176: [ 13.276004] kasan_save_stack+0x45/0x70 [ 13.276188] kasan_save_track+0x18/0x40 [ 13.276527] kasan_save_alloc_info+0x3b/0x50 [ 13.276781] __kasan_krealloc+0x190/0x1f0 [ 13.277015] krealloc_noprof+0xf3/0x340 [ 13.277284] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.277534] krealloc_less_oob+0x1c/0x30 [ 13.277781] kunit_try_run_case+0x1a5/0x480 [ 13.278261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.278707] kthread+0x337/0x6f0 [ 13.278945] ret_from_fork+0x116/0x1d0 [ 13.279293] ret_from_fork_asm+0x1a/0x30 [ 13.279535] [ 13.279645] The buggy address belongs to the object at ffff88810033a200 [ 13.279645] which belongs to the cache kmalloc-256 of size 256 [ 13.280342] The buggy address is located 34 bytes to the right of [ 13.280342] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.280894] [ 13.281031] The buggy address belongs to the physical page: [ 13.281535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.281960] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.282488] flags: 0x200000000000040(head|node=0|zone=2) [ 13.283056] page_type: f5(slab) [ 13.283239] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.283875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.284287] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.284862] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.285513] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.285892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.286733] page dumped because: kasan: bad access detected [ 13.287050] [ 13.287141] Memory state around the buggy address: [ 13.287391] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.287757] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.288564] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.288906] ^ [ 13.289356] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.289640] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.290003] ================================================================== [ 13.132485] ================================================================== [ 13.133568] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.134690] Write of size 1 at addr ffff88810033a2c9 by task kunit_try_catch/176 [ 13.134978] [ 13.135120] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.135220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.135236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.135278] Call Trace: [ 13.135312] <TASK> [ 13.135335] dump_stack_lvl+0x73/0xb0 [ 13.135373] print_report+0xd1/0x650 [ 13.135400] ? __virt_addr_valid+0x1db/0x2d0 [ 13.135427] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.135478] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135504] kasan_report+0x141/0x180 [ 13.135529] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135561] __asan_report_store1_noabort+0x1b/0x30 [ 13.135583] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135613] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.135642] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.135677] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.135706] krealloc_less_oob+0x1c/0x30 [ 13.135730] kunit_try_run_case+0x1a5/0x480 [ 13.135758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.135823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.135849] ? __kthread_parkme+0x82/0x180 [ 13.135874] ? preempt_count_sub+0x50/0x80 [ 13.135901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.135952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.135977] kthread+0x337/0x6f0 [ 13.135998] ? trace_preempt_on+0x20/0xc0 [ 13.136024] ? __pfx_kthread+0x10/0x10 [ 13.136047] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.136091] ? calculate_sigpending+0x7b/0xa0 [ 13.136119] ? __pfx_kthread+0x10/0x10 [ 13.136161] ret_from_fork+0x116/0x1d0 [ 13.136183] ? __pfx_kthread+0x10/0x10 [ 13.136206] ret_from_fork_asm+0x1a/0x30 [ 13.136241] </TASK> [ 13.136254] [ 13.150102] Allocated by task 176: [ 13.150559] kasan_save_stack+0x45/0x70 [ 13.150977] kasan_save_track+0x18/0x40 [ 13.151395] kasan_save_alloc_info+0x3b/0x50 [ 13.151573] __kasan_krealloc+0x190/0x1f0 [ 13.151729] krealloc_noprof+0xf3/0x340 [ 13.151900] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.152085] krealloc_less_oob+0x1c/0x30 [ 13.152517] kunit_try_run_case+0x1a5/0x480 [ 13.152965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.153587] kthread+0x337/0x6f0 [ 13.153948] ret_from_fork+0x116/0x1d0 [ 13.154417] ret_from_fork_asm+0x1a/0x30 [ 13.154829] [ 13.155014] The buggy address belongs to the object at ffff88810033a200 [ 13.155014] which belongs to the cache kmalloc-256 of size 256 [ 13.156352] The buggy address is located 0 bytes to the right of [ 13.156352] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.156833] [ 13.156919] The buggy address belongs to the physical page: [ 13.157284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.158087] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.158898] flags: 0x200000000000040(head|node=0|zone=2) [ 13.159537] page_type: f5(slab) [ 13.159887] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.160495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.161368] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.161741] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.162028] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.162298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.162556] page dumped because: kasan: bad access detected [ 13.162757] [ 13.162848] Memory state around the buggy address: [ 13.163026] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.163266] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.163509] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.163748] ^ [ 13.164262] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.164947] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.165920] ================================================================== [ 13.429843] ================================================================== [ 13.430284] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.430579] Write of size 1 at addr ffff8881028ee0ea by task kunit_try_catch/180 [ 13.430967] [ 13.431103] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.431162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.431177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.431210] Call Trace: [ 13.431231] <TASK> [ 13.431250] dump_stack_lvl+0x73/0xb0 [ 13.431285] print_report+0xd1/0x650 [ 13.431312] ? __virt_addr_valid+0x1db/0x2d0 [ 13.431339] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431368] ? kasan_addr_to_slab+0x11/0xa0 [ 13.431393] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431421] kasan_report+0x141/0x180 [ 13.431447] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431481] __asan_report_store1_noabort+0x1b/0x30 [ 13.431506] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431537] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.431566] ? finish_task_switch.isra.0+0x153/0x700 [ 13.431593] ? __switch_to+0x47/0xf50 [ 13.431624] ? __schedule+0x10cc/0x2b60 [ 13.431651] ? __pfx_read_tsc+0x10/0x10 [ 13.431680] krealloc_large_less_oob+0x1c/0x30 [ 13.431709] kunit_try_run_case+0x1a5/0x480 [ 13.431737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.431764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.432072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.432112] ? __kthread_parkme+0x82/0x180 [ 13.432311] ? preempt_count_sub+0x50/0x80 [ 13.432348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.432378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.432407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.432435] kthread+0x337/0x6f0 [ 13.432458] ? trace_preempt_on+0x20/0xc0 [ 13.432487] ? __pfx_kthread+0x10/0x10 [ 13.432512] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.432540] ? calculate_sigpending+0x7b/0xa0 [ 13.432570] ? __pfx_kthread+0x10/0x10 [ 13.432597] ret_from_fork+0x116/0x1d0 [ 13.432623] ? __pfx_kthread+0x10/0x10 [ 13.432648] ret_from_fork_asm+0x1a/0x30 [ 13.432686] </TASK> [ 13.432700] [ 13.441936] The buggy address belongs to the physical page: [ 13.442327] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.442635] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.443025] flags: 0x200000000000040(head|node=0|zone=2) [ 13.443504] page_type: f8(unknown) [ 13.443668] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.443958] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.444354] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.444749] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.445034] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.445511] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.445913] page dumped because: kasan: bad access detected [ 13.446114] [ 13.446560] Memory state around the buggy address: [ 13.446858] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.447155] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.447475] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.448062] ^ [ 13.448556] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.448902] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.449355] ================================================================== [ 13.167156] ================================================================== [ 13.168382] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.169164] Write of size 1 at addr ffff88810033a2d0 by task kunit_try_catch/176 [ 13.169982] [ 13.170309] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.170367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.170381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.170406] Call Trace: [ 13.170430] <TASK> [ 13.170452] dump_stack_lvl+0x73/0xb0 [ 13.170489] print_report+0xd1/0x650 [ 13.170515] ? __virt_addr_valid+0x1db/0x2d0 [ 13.170541] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.170592] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170618] kasan_report+0x141/0x180 [ 13.170642] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170673] __asan_report_store1_noabort+0x1b/0x30 [ 13.170696] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170724] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.170749] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.170782] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.170828] krealloc_less_oob+0x1c/0x30 [ 13.170852] kunit_try_run_case+0x1a5/0x480 [ 13.170880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.170903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.170929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.170954] ? __kthread_parkme+0x82/0x180 [ 13.170977] ? preempt_count_sub+0x50/0x80 [ 13.171003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.171029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.171053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.171078] kthread+0x337/0x6f0 [ 13.171099] ? trace_preempt_on+0x20/0xc0 [ 13.171125] ? __pfx_kthread+0x10/0x10 [ 13.171147] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.171170] ? calculate_sigpending+0x7b/0xa0 [ 13.171196] ? __pfx_kthread+0x10/0x10 [ 13.171220] ret_from_fork+0x116/0x1d0 [ 13.171244] ? __pfx_kthread+0x10/0x10 [ 13.171267] ret_from_fork_asm+0x1a/0x30 [ 13.171305] </TASK> [ 13.171319] [ 13.184526] Allocated by task 176: [ 13.185290] kasan_save_stack+0x45/0x70 [ 13.185603] kasan_save_track+0x18/0x40 [ 13.185844] kasan_save_alloc_info+0x3b/0x50 [ 13.186085] __kasan_krealloc+0x190/0x1f0 [ 13.186926] krealloc_noprof+0xf3/0x340 [ 13.187126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.187317] krealloc_less_oob+0x1c/0x30 [ 13.187476] kunit_try_run_case+0x1a5/0x480 [ 13.187642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.187871] kthread+0x337/0x6f0 [ 13.188067] ret_from_fork+0x116/0x1d0 [ 13.188284] ret_from_fork_asm+0x1a/0x30 [ 13.188513] [ 13.188990] The buggy address belongs to the object at ffff88810033a200 [ 13.188990] which belongs to the cache kmalloc-256 of size 256 [ 13.190522] The buggy address is located 7 bytes to the right of [ 13.190522] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.191463] [ 13.191676] The buggy address belongs to the physical page: [ 13.192063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.192948] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.193632] flags: 0x200000000000040(head|node=0|zone=2) [ 13.194293] page_type: f5(slab) [ 13.194442] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.194703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.194982] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.195505] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.195827] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.196458] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.196818] page dumped because: kasan: bad access detected [ 13.197107] [ 13.197218] Memory state around the buggy address: [ 13.197582] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197951] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.198462] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.198821] ^ [ 13.199132] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.199539] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.199922] ================================================================== [ 13.449804] ================================================================== [ 13.450455] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.450889] Write of size 1 at addr ffff8881028ee0eb by task kunit_try_catch/180 [ 13.451366] [ 13.451498] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.451556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.451571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.451603] Call Trace: [ 13.451624] <TASK> [ 13.451642] dump_stack_lvl+0x73/0xb0 [ 13.451679] print_report+0xd1/0x650 [ 13.451706] ? __virt_addr_valid+0x1db/0x2d0 [ 13.451734] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451763] ? kasan_addr_to_slab+0x11/0xa0 [ 13.451803] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451833] kasan_report+0x141/0x180 [ 13.451859] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451893] __asan_report_store1_noabort+0x1b/0x30 [ 13.451919] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451950] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.451979] ? finish_task_switch.isra.0+0x153/0x700 [ 13.452005] ? __switch_to+0x47/0xf50 [ 13.452034] ? __schedule+0x10cc/0x2b60 [ 13.452060] ? __pfx_read_tsc+0x10/0x10 [ 13.452102] krealloc_large_less_oob+0x1c/0x30 [ 13.452129] kunit_try_run_case+0x1a5/0x480 [ 13.452157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.452183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.452212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.452241] ? __kthread_parkme+0x82/0x180 [ 13.452265] ? preempt_count_sub+0x50/0x80 [ 13.452292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.452320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.452348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.452377] kthread+0x337/0x6f0 [ 13.452399] ? trace_preempt_on+0x20/0xc0 [ 13.452426] ? __pfx_kthread+0x10/0x10 [ 13.452450] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.452476] ? calculate_sigpending+0x7b/0xa0 [ 13.452505] ? __pfx_kthread+0x10/0x10 [ 13.452530] ret_from_fork+0x116/0x1d0 [ 13.452552] ? __pfx_kthread+0x10/0x10 [ 13.452575] ret_from_fork_asm+0x1a/0x30 [ 13.452611] </TASK> [ 13.452624] [ 13.461414] The buggy address belongs to the physical page: [ 13.461630] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.461988] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.462376] flags: 0x200000000000040(head|node=0|zone=2) [ 13.462670] page_type: f8(unknown) [ 13.462884] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.463366] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.463636] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.464042] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.464436] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.465002] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.465618] page dumped because: kasan: bad access detected [ 13.465897] [ 13.466006] Memory state around the buggy address: [ 13.466312] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.466640] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.466930] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.467174] ^ [ 13.467509] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.467906] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.468847] ==================================================================