Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 16.744481] ================================================================== [ 16.744564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.744625] Write of size 1 at addr fff00000c45a8ac9 by task kunit_try_catch/159 [ 16.744710] [ 16.744779] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.744858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.744884] Hardware name: linux,dummy-virt (DT) [ 16.745042] Call trace: [ 16.745244] show_stack+0x20/0x38 (C) [ 16.745304] dump_stack_lvl+0x8c/0xd0 [ 16.745397] print_report+0x118/0x608 [ 16.745441] kasan_report+0xdc/0x128 [ 16.745484] __asan_report_store1_noabort+0x20/0x30 [ 16.745544] krealloc_less_oob_helper+0xa48/0xc50 [ 16.745591] krealloc_less_oob+0x20/0x38 [ 16.745665] kunit_try_run_case+0x170/0x3f0 [ 16.745730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.745781] kthread+0x328/0x630 [ 16.745868] ret_from_fork+0x10/0x20 [ 16.745915] [ 16.745932] Allocated by task 159: [ 16.745959] kasan_save_stack+0x3c/0x68 [ 16.746009] kasan_save_track+0x20/0x40 [ 16.746044] kasan_save_alloc_info+0x40/0x58 [ 16.746099] __kasan_krealloc+0x118/0x178 [ 16.746238] krealloc_noprof+0x128/0x360 [ 16.746287] krealloc_less_oob_helper+0x168/0xc50 [ 16.746418] krealloc_less_oob+0x20/0x38 [ 16.746462] kunit_try_run_case+0x170/0x3f0 [ 16.746499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.746590] kthread+0x328/0x630 [ 16.746716] ret_from_fork+0x10/0x20 [ 16.746762] [ 16.746788] The buggy address belongs to the object at fff00000c45a8a00 [ 16.746788] which belongs to the cache kmalloc-256 of size 256 [ 16.746854] The buggy address is located 0 bytes to the right of [ 16.746854] allocated 201-byte region [fff00000c45a8a00, fff00000c45a8ac9) [ 16.746915] [ 16.747222] The buggy address belongs to the physical page: [ 16.747260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.747367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.747443] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.747566] page_type: f5(slab) [ 16.747666] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.747801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.747904] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.748012] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.748103] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.748150] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.748202] page dumped because: kasan: bad access detected [ 16.748231] [ 16.748248] Memory state around the buggy address: [ 16.748278] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.748332] fff00000c45a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.748373] >fff00000c45a8a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.748424] ^ [ 16.748463] fff00000c45a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.748504] fff00000c45a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.748549] ================================================================== [ 16.810912] ================================================================== [ 16.811112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.811176] Write of size 1 at addr fff00000c78420ea by task kunit_try_catch/163 [ 16.811284] [ 16.811385] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.811461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.811486] Hardware name: linux,dummy-virt (DT) [ 16.811515] Call trace: [ 16.811759] show_stack+0x20/0x38 (C) [ 16.811817] dump_stack_lvl+0x8c/0xd0 [ 16.811864] print_report+0x118/0x608 [ 16.811926] kasan_report+0xdc/0x128 [ 16.811970] __asan_report_store1_noabort+0x20/0x30 [ 16.812032] krealloc_less_oob_helper+0xae4/0xc50 [ 16.812261] krealloc_large_less_oob+0x20/0x38 [ 16.812477] kunit_try_run_case+0x170/0x3f0 [ 16.812656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.812767] kthread+0x328/0x630 [ 16.812806] ret_from_fork+0x10/0x20 [ 16.813182] [ 16.813213] The buggy address belongs to the physical page: [ 16.813244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.813295] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.813514] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.813744] page_type: f8(unknown) [ 16.813783] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.813832] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.813879] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.813936] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.813996] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.814456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.814579] page dumped because: kasan: bad access detected [ 16.814640] [ 16.814658] Memory state around the buggy address: [ 16.814743] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.814785] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.814826] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.814916] ^ [ 16.815116] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.815291] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.815374] ================================================================== [ 16.797026] ================================================================== [ 16.797271] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.797324] Write of size 1 at addr fff00000c78420c9 by task kunit_try_catch/163 [ 16.797456] [ 16.797569] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.797661] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.797686] Hardware name: linux,dummy-virt (DT) [ 16.797715] Call trace: [ 16.797805] show_stack+0x20/0x38 (C) [ 16.797863] dump_stack_lvl+0x8c/0xd0 [ 16.797907] print_report+0x118/0x608 [ 16.797951] kasan_report+0xdc/0x128 [ 16.798042] __asan_report_store1_noabort+0x20/0x30 [ 16.798093] krealloc_less_oob_helper+0xa48/0xc50 [ 16.798139] krealloc_large_less_oob+0x20/0x38 [ 16.798209] kunit_try_run_case+0x170/0x3f0 [ 16.798284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.798335] kthread+0x328/0x630 [ 16.798395] ret_from_fork+0x10/0x20 [ 16.798460] [ 16.798497] The buggy address belongs to the physical page: [ 16.798551] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.798602] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.798685] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.798736] page_type: f8(unknown) [ 16.798791] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.798840] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.798887] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.798934] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.798993] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.799236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.799345] page dumped because: kasan: bad access detected [ 16.799414] [ 16.799476] Memory state around the buggy address: [ 16.799596] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.799638] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.799687] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.799858] ^ [ 16.800077] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.800205] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.800308] ================================================================== [ 16.756112] ================================================================== [ 16.756200] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.756265] Write of size 1 at addr fff00000c45a8ada by task kunit_try_catch/159 [ 16.756329] [ 16.756369] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.756460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.756486] Hardware name: linux,dummy-virt (DT) [ 16.756517] Call trace: [ 16.756638] show_stack+0x20/0x38 (C) [ 16.756844] dump_stack_lvl+0x8c/0xd0 [ 16.756890] print_report+0x118/0x608 [ 16.756933] kasan_report+0xdc/0x128 [ 16.756989] __asan_report_store1_noabort+0x20/0x30 [ 16.757057] krealloc_less_oob_helper+0xa80/0xc50 [ 16.757137] krealloc_less_oob+0x20/0x38 [ 16.757181] kunit_try_run_case+0x170/0x3f0 [ 16.757225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.757275] kthread+0x328/0x630 [ 16.757406] ret_from_fork+0x10/0x20 [ 16.757601] [ 16.757646] Allocated by task 159: [ 16.757675] kasan_save_stack+0x3c/0x68 [ 16.757717] kasan_save_track+0x20/0x40 [ 16.757761] kasan_save_alloc_info+0x40/0x58 [ 16.757800] __kasan_krealloc+0x118/0x178 [ 16.757835] krealloc_noprof+0x128/0x360 [ 16.757870] krealloc_less_oob_helper+0x168/0xc50 [ 16.757907] krealloc_less_oob+0x20/0x38 [ 16.757942] kunit_try_run_case+0x170/0x3f0 [ 16.757988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.758029] kthread+0x328/0x630 [ 16.758059] ret_from_fork+0x10/0x20 [ 16.758095] [ 16.758113] The buggy address belongs to the object at fff00000c45a8a00 [ 16.758113] which belongs to the cache kmalloc-256 of size 256 [ 16.758167] The buggy address is located 17 bytes to the right of [ 16.758167] allocated 201-byte region [fff00000c45a8a00, fff00000c45a8ac9) [ 16.758441] [ 16.758485] The buggy address belongs to the physical page: [ 16.758533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.758585] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.758657] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.758715] page_type: f5(slab) [ 16.758761] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.758827] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.758875] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.759091] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.759188] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.759254] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.759338] page dumped because: kasan: bad access detected [ 16.759408] [ 16.759486] Memory state around the buggy address: [ 16.759552] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.759593] fff00000c45a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.759750] >fff00000c45a8a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.759871] ^ [ 16.760072] fff00000c45a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.760135] fff00000c45a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.760210] ================================================================== [ 16.816426] ================================================================== [ 16.816472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.816584] Write of size 1 at addr fff00000c78420eb by task kunit_try_catch/163 [ 16.816781] [ 16.816867] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.817010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.817035] Hardware name: linux,dummy-virt (DT) [ 16.817064] Call trace: [ 16.817254] show_stack+0x20/0x38 (C) [ 16.817303] dump_stack_lvl+0x8c/0xd0 [ 16.817348] print_report+0x118/0x608 [ 16.817513] kasan_report+0xdc/0x128 [ 16.817650] __asan_report_store1_noabort+0x20/0x30 [ 16.817837] krealloc_less_oob_helper+0xa58/0xc50 [ 16.817885] krealloc_large_less_oob+0x20/0x38 [ 16.817930] kunit_try_run_case+0x170/0x3f0 [ 16.817987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.818038] kthread+0x328/0x630 [ 16.818078] ret_from_fork+0x10/0x20 [ 16.818123] [ 16.818153] The buggy address belongs to the physical page: [ 16.818182] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.818564] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.818620] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.819070] page_type: f8(unknown) [ 16.819115] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.819180] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.819321] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.819367] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.819414] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.819461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.819499] page dumped because: kasan: bad access detected [ 16.819567] [ 16.819621] Memory state around the buggy address: [ 16.819651] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.819692] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.819732] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.819768] ^ [ 16.819805] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.819847] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.819927] ================================================================== [ 16.806016] ================================================================== [ 16.806074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.806120] Write of size 1 at addr fff00000c78420da by task kunit_try_catch/163 [ 16.806168] [ 16.806197] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.806273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.806299] Hardware name: linux,dummy-virt (DT) [ 16.806328] Call trace: [ 16.806348] show_stack+0x20/0x38 (C) [ 16.806401] dump_stack_lvl+0x8c/0xd0 [ 16.806446] print_report+0x118/0x608 [ 16.806490] kasan_report+0xdc/0x128 [ 16.806532] __asan_report_store1_noabort+0x20/0x30 [ 16.806593] krealloc_less_oob_helper+0xa80/0xc50 [ 16.806680] krealloc_large_less_oob+0x20/0x38 [ 16.806725] kunit_try_run_case+0x170/0x3f0 [ 16.806927] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.806987] kthread+0x328/0x630 [ 16.807027] ret_from_fork+0x10/0x20 [ 16.807717] [ 16.807745] The buggy address belongs to the physical page: [ 16.807783] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.807857] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.807902] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.807951] page_type: f8(unknown) [ 16.808244] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.808424] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.808476] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.808650] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.808723] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.808852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.808890] page dumped because: kasan: bad access detected [ 16.808939] [ 16.809021] Memory state around the buggy address: [ 16.809051] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.809172] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.809216] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.809252] ^ [ 16.809288] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.809328] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.809391] ================================================================== [ 16.766767] ================================================================== [ 16.766850] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.767167] Write of size 1 at addr fff00000c45a8aeb by task kunit_try_catch/159 [ 16.767603] [ 16.767650] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.767729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.767754] Hardware name: linux,dummy-virt (DT) [ 16.768109] Call trace: [ 16.768218] show_stack+0x20/0x38 (C) [ 16.768297] dump_stack_lvl+0x8c/0xd0 [ 16.768484] print_report+0x118/0x608 [ 16.768894] kasan_report+0xdc/0x128 [ 16.769092] __asan_report_store1_noabort+0x20/0x30 [ 16.769157] krealloc_less_oob_helper+0xa58/0xc50 [ 16.769291] krealloc_less_oob+0x20/0x38 [ 16.769384] kunit_try_run_case+0x170/0x3f0 [ 16.769632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.769896] kthread+0x328/0x630 [ 16.770148] ret_from_fork+0x10/0x20 [ 16.770385] [ 16.770457] Allocated by task 159: [ 16.770525] kasan_save_stack+0x3c/0x68 [ 16.770689] kasan_save_track+0x20/0x40 [ 16.771076] kasan_save_alloc_info+0x40/0x58 [ 16.771309] __kasan_krealloc+0x118/0x178 [ 16.771467] krealloc_noprof+0x128/0x360 [ 16.771553] krealloc_less_oob_helper+0x168/0xc50 [ 16.771632] krealloc_less_oob+0x20/0x38 [ 16.771762] kunit_try_run_case+0x170/0x3f0 [ 16.772036] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.772118] kthread+0x328/0x630 [ 16.772175] ret_from_fork+0x10/0x20 [ 16.772355] [ 16.772533] The buggy address belongs to the object at fff00000c45a8a00 [ 16.772533] which belongs to the cache kmalloc-256 of size 256 [ 16.772678] The buggy address is located 34 bytes to the right of [ 16.772678] allocated 201-byte region [fff00000c45a8a00, fff00000c45a8ac9) [ 16.772777] [ 16.772797] The buggy address belongs to the physical page: [ 16.772847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.773056] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.773252] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.773348] page_type: f5(slab) [ 16.773396] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.773554] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.773713] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.773775] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.773997] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.774241] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.774316] page dumped because: kasan: bad access detected [ 16.774451] [ 16.774519] Memory state around the buggy address: [ 16.774638] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.774749] fff00000c45a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.774791] >fff00000c45a8a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.774826] ^ [ 16.775283] fff00000c45a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.775424] fff00000c45a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.775505] ================================================================== [ 16.801388] ================================================================== [ 16.801452] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.801514] Write of size 1 at addr fff00000c78420d0 by task kunit_try_catch/163 [ 16.801563] [ 16.801713] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.801939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.802028] Hardware name: linux,dummy-virt (DT) [ 16.802064] Call trace: [ 16.802085] show_stack+0x20/0x38 (C) [ 16.802151] dump_stack_lvl+0x8c/0xd0 [ 16.802197] print_report+0x118/0x608 [ 16.802241] kasan_report+0xdc/0x128 [ 16.802284] __asan_report_store1_noabort+0x20/0x30 [ 16.802332] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.802378] krealloc_large_less_oob+0x20/0x38 [ 16.802424] kunit_try_run_case+0x170/0x3f0 [ 16.802468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.802528] kthread+0x328/0x630 [ 16.802569] ret_from_fork+0x10/0x20 [ 16.802642] [ 16.802661] The buggy address belongs to the physical page: [ 16.802690] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.802972] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.803032] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.803145] page_type: f8(unknown) [ 16.803220] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.803370] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.803447] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.803551] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.803637] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.803757] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.803842] page dumped because: kasan: bad access detected [ 16.803943] [ 16.803961] Memory state around the buggy address: [ 16.804004] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.804082] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.804339] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.804484] ^ [ 16.804550] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.804617] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.804731] ================================================================== [ 16.749496] ================================================================== [ 16.750047] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.750148] Write of size 1 at addr fff00000c45a8ad0 by task kunit_try_catch/159 [ 16.750214] [ 16.750263] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.750368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.750394] Hardware name: linux,dummy-virt (DT) [ 16.750423] Call trace: [ 16.750443] show_stack+0x20/0x38 (C) [ 16.750488] dump_stack_lvl+0x8c/0xd0 [ 16.750532] print_report+0x118/0x608 [ 16.750577] kasan_report+0xdc/0x128 [ 16.750690] __asan_report_store1_noabort+0x20/0x30 [ 16.750881] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.750970] krealloc_less_oob+0x20/0x38 [ 16.751078] kunit_try_run_case+0x170/0x3f0 [ 16.751226] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.751331] kthread+0x328/0x630 [ 16.751432] ret_from_fork+0x10/0x20 [ 16.751519] [ 16.751548] Allocated by task 159: [ 16.751575] kasan_save_stack+0x3c/0x68 [ 16.751636] kasan_save_track+0x20/0x40 [ 16.751672] kasan_save_alloc_info+0x40/0x58 [ 16.751745] __kasan_krealloc+0x118/0x178 [ 16.751782] krealloc_noprof+0x128/0x360 [ 16.751909] krealloc_less_oob_helper+0x168/0xc50 [ 16.751950] krealloc_less_oob+0x20/0x38 [ 16.751997] kunit_try_run_case+0x170/0x3f0 [ 16.752100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.752186] kthread+0x328/0x630 [ 16.752282] ret_from_fork+0x10/0x20 [ 16.752380] [ 16.752445] The buggy address belongs to the object at fff00000c45a8a00 [ 16.752445] which belongs to the cache kmalloc-256 of size 256 [ 16.752798] The buggy address is located 7 bytes to the right of [ 16.752798] allocated 201-byte region [fff00000c45a8a00, fff00000c45a8ac9) [ 16.752986] [ 16.753120] The buggy address belongs to the physical page: [ 16.753223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.753285] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.753331] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.753422] page_type: f5(slab) [ 16.753762] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.753869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.754010] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.754090] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.754196] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.754289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.754383] page dumped because: kasan: bad access detected [ 16.754420] [ 16.754437] Memory state around the buggy address: [ 16.754467] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.754644] fff00000c45a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.754847] >fff00000c45a8a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.754884] ^ [ 16.754920] fff00000c45a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.754961] fff00000c45a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.755008] ================================================================== [ 16.761332] ================================================================== [ 16.761378] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.761423] Write of size 1 at addr fff00000c45a8aea by task kunit_try_catch/159 [ 16.761470] [ 16.761499] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.761575] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.761630] Hardware name: linux,dummy-virt (DT) [ 16.761669] Call trace: [ 16.761702] show_stack+0x20/0x38 (C) [ 16.761831] dump_stack_lvl+0x8c/0xd0 [ 16.761890] print_report+0x118/0x608 [ 16.761934] kasan_report+0xdc/0x128 [ 16.761989] __asan_report_store1_noabort+0x20/0x30 [ 16.762039] krealloc_less_oob_helper+0xae4/0xc50 [ 16.762086] krealloc_less_oob+0x20/0x38 [ 16.763068] kunit_try_run_case+0x170/0x3f0 [ 16.763187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.763242] kthread+0x328/0x630 [ 16.763290] ret_from_fork+0x10/0x20 [ 16.763338] [ 16.763356] Allocated by task 159: [ 16.763400] kasan_save_stack+0x3c/0x68 [ 16.763445] kasan_save_track+0x20/0x40 [ 16.763489] kasan_save_alloc_info+0x40/0x58 [ 16.763538] __kasan_krealloc+0x118/0x178 [ 16.763574] krealloc_noprof+0x128/0x360 [ 16.763611] krealloc_less_oob_helper+0x168/0xc50 [ 16.763648] krealloc_less_oob+0x20/0x38 [ 16.763682] kunit_try_run_case+0x170/0x3f0 [ 16.763718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.763768] kthread+0x328/0x630 [ 16.763807] ret_from_fork+0x10/0x20 [ 16.763850] [ 16.763868] The buggy address belongs to the object at fff00000c45a8a00 [ 16.763868] which belongs to the cache kmalloc-256 of size 256 [ 16.763923] The buggy address is located 33 bytes to the right of [ 16.763923] allocated 201-byte region [fff00000c45a8a00, fff00000c45a8ac9) [ 16.764011] [ 16.764054] The buggy address belongs to the physical page: [ 16.764092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.764143] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.764196] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.764246] page_type: f5(slab) [ 16.764291] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.764355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.764412] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.764468] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.764515] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.764570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.764623] page dumped because: kasan: bad access detected [ 16.764658] [ 16.764675] Memory state around the buggy address: [ 16.764705] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764746] fff00000c45a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.764786] >fff00000c45a8a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.764822] ^ [ 16.764857] fff00000c45a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764899] fff00000c45a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764944] ==================================================================
[ 16.735766] ================================================================== [ 16.735814] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.735861] Write of size 1 at addr fff00000c172e0eb by task kunit_try_catch/159 [ 16.735924] [ 16.736157] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.736611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.736687] Hardware name: linux,dummy-virt (DT) [ 16.736799] Call trace: [ 16.736827] show_stack+0x20/0x38 (C) [ 16.736926] dump_stack_lvl+0x8c/0xd0 [ 16.736983] print_report+0x118/0x608 [ 16.737131] kasan_report+0xdc/0x128 [ 16.737175] __asan_report_store1_noabort+0x20/0x30 [ 16.737325] krealloc_less_oob_helper+0xa58/0xc50 [ 16.737536] krealloc_less_oob+0x20/0x38 [ 16.737583] kunit_try_run_case+0x170/0x3f0 [ 16.737637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.737711] kthread+0x328/0x630 [ 16.737934] ret_from_fork+0x10/0x20 [ 16.738259] [ 16.738307] Allocated by task 159: [ 16.738334] kasan_save_stack+0x3c/0x68 [ 16.738375] kasan_save_track+0x20/0x40 [ 16.738431] kasan_save_alloc_info+0x40/0x58 [ 16.738470] __kasan_krealloc+0x118/0x178 [ 16.738505] krealloc_noprof+0x128/0x360 [ 16.738541] krealloc_less_oob_helper+0x168/0xc50 [ 16.738807] krealloc_less_oob+0x20/0x38 [ 16.738947] kunit_try_run_case+0x170/0x3f0 [ 16.739007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.739048] kthread+0x328/0x630 [ 16.739079] ret_from_fork+0x10/0x20 [ 16.739418] [ 16.739441] The buggy address belongs to the object at fff00000c172e000 [ 16.739441] which belongs to the cache kmalloc-256 of size 256 [ 16.739499] The buggy address is located 34 bytes to the right of [ 16.739499] allocated 201-byte region [fff00000c172e000, fff00000c172e0c9) [ 16.739755] [ 16.739786] The buggy address belongs to the physical page: [ 16.739888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172e [ 16.739953] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.740019] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.740091] page_type: f5(slab) [ 16.740440] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.740560] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.740780] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.741015] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.741068] head: 0bfffe0000000001 ffffc1ffc305cb81 00000000ffffffff 00000000ffffffff [ 16.741162] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.741224] page dumped because: kasan: bad access detected [ 16.741253] [ 16.741271] Memory state around the buggy address: [ 16.741301] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.741343] fff00000c172e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.741586] >fff00000c172e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.741624] ^ [ 16.741698] fff00000c172e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.741979] fff00000c172e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.742161] ================================================================== [ 16.773191] ================================================================== [ 16.773226] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.773269] Write of size 1 at addr fff00000c77120da by task kunit_try_catch/163 [ 16.773344] [ 16.773479] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.773600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.773626] Hardware name: linux,dummy-virt (DT) [ 16.773655] Call trace: [ 16.773681] show_stack+0x20/0x38 (C) [ 16.773732] dump_stack_lvl+0x8c/0xd0 [ 16.773851] print_report+0x118/0x608 [ 16.774049] kasan_report+0xdc/0x128 [ 16.774094] __asan_report_store1_noabort+0x20/0x30 [ 16.774199] krealloc_less_oob_helper+0xa80/0xc50 [ 16.774247] krealloc_large_less_oob+0x20/0x38 [ 16.774292] kunit_try_run_case+0x170/0x3f0 [ 16.774337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.774388] kthread+0x328/0x630 [ 16.774428] ret_from_fork+0x10/0x20 [ 16.774474] [ 16.774493] The buggy address belongs to the physical page: [ 16.774521] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107710 [ 16.774572] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.774618] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.774666] page_type: f8(unknown) [ 16.774744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.774794] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.774842] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.774891] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.774954] head: 0bfffe0000000002 ffffc1ffc31dc401 00000000ffffffff 00000000ffffffff [ 16.775001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.775039] page dumped because: kasan: bad access detected [ 16.775091] [ 16.775114] Memory state around the buggy address: [ 16.775228] fff00000c7711f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.775270] fff00000c7712000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.775373] >fff00000c7712080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.775476] ^ [ 16.775529] fff00000c7712100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.775569] fff00000c7712180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.775606] ================================================================== [ 16.708847] ================================================================== [ 16.708940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.708999] Write of size 1 at addr fff00000c172e0c9 by task kunit_try_catch/159 [ 16.709184] [ 16.709321] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.709401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.709426] Hardware name: linux,dummy-virt (DT) [ 16.709456] Call trace: [ 16.709864] show_stack+0x20/0x38 (C) [ 16.709955] dump_stack_lvl+0x8c/0xd0 [ 16.710278] print_report+0x118/0x608 [ 16.710333] kasan_report+0xdc/0x128 [ 16.710475] __asan_report_store1_noabort+0x20/0x30 [ 16.710529] krealloc_less_oob_helper+0xa48/0xc50 [ 16.710576] krealloc_less_oob+0x20/0x38 [ 16.710619] kunit_try_run_case+0x170/0x3f0 [ 16.710668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.710815] kthread+0x328/0x630 [ 16.710983] ret_from_fork+0x10/0x20 [ 16.711090] [ 16.711110] Allocated by task 159: [ 16.711137] kasan_save_stack+0x3c/0x68 [ 16.711177] kasan_save_track+0x20/0x40 [ 16.711384] kasan_save_alloc_info+0x40/0x58 [ 16.711468] __kasan_krealloc+0x118/0x178 [ 16.711608] krealloc_noprof+0x128/0x360 [ 16.711644] krealloc_less_oob_helper+0x168/0xc50 [ 16.711682] krealloc_less_oob+0x20/0x38 [ 16.711718] kunit_try_run_case+0x170/0x3f0 [ 16.711755] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.711797] kthread+0x328/0x630 [ 16.711870] ret_from_fork+0x10/0x20 [ 16.711946] [ 16.711989] The buggy address belongs to the object at fff00000c172e000 [ 16.711989] which belongs to the cache kmalloc-256 of size 256 [ 16.712046] The buggy address is located 0 bytes to the right of [ 16.712046] allocated 201-byte region [fff00000c172e000, fff00000c172e0c9) [ 16.712146] [ 16.712240] The buggy address belongs to the physical page: [ 16.712314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172e [ 16.712471] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.712598] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.712667] page_type: f5(slab) [ 16.712706] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.712805] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.712949] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.712996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.713083] head: 0bfffe0000000001 ffffc1ffc305cb81 00000000ffffffff 00000000ffffffff [ 16.713131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.713512] page dumped because: kasan: bad access detected [ 16.713546] [ 16.713657] Memory state around the buggy address: [ 16.713932] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714109] fff00000c172e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.714182] >fff00000c172e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.714218] ^ [ 16.714252] fff00000c172e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714293] fff00000c172e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714330] ================================================================== [ 16.766211] ================================================================== [ 16.766333] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.766387] Write of size 1 at addr fff00000c77120c9 by task kunit_try_catch/163 [ 16.766434] [ 16.766465] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.766543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.766568] Hardware name: linux,dummy-virt (DT) [ 16.766597] Call trace: [ 16.766943] show_stack+0x20/0x38 (C) [ 16.767048] dump_stack_lvl+0x8c/0xd0 [ 16.767272] print_report+0x118/0x608 [ 16.767336] kasan_report+0xdc/0x128 [ 16.767397] __asan_report_store1_noabort+0x20/0x30 [ 16.767447] krealloc_less_oob_helper+0xa48/0xc50 [ 16.767494] krealloc_large_less_oob+0x20/0x38 [ 16.767699] kunit_try_run_case+0x170/0x3f0 [ 16.767759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.767935] kthread+0x328/0x630 [ 16.767993] ret_from_fork+0x10/0x20 [ 16.768050] [ 16.768077] The buggy address belongs to the physical page: [ 16.768136] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107710 [ 16.768188] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.768234] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.768535] page_type: f8(unknown) [ 16.768643] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.768755] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.768811] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.768925] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.768974] head: 0bfffe0000000002 ffffc1ffc31dc401 00000000ffffffff 00000000ffffffff [ 16.769021] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.769064] page dumped because: kasan: bad access detected [ 16.769106] [ 16.769124] Memory state around the buggy address: [ 16.769154] fff00000c7711f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.769568] fff00000c7712000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.769615] >fff00000c7712080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.769652] ^ [ 16.769713] fff00000c7712100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.769753] fff00000c7712180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.769845] ================================================================== [ 16.776474] ================================================================== [ 16.776601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.776763] Write of size 1 at addr fff00000c77120ea by task kunit_try_catch/163 [ 16.776929] [ 16.777013] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.777114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.777236] Hardware name: linux,dummy-virt (DT) [ 16.777281] Call trace: [ 16.777302] show_stack+0x20/0x38 (C) [ 16.777388] dump_stack_lvl+0x8c/0xd0 [ 16.777436] print_report+0x118/0x608 [ 16.777480] kasan_report+0xdc/0x128 [ 16.777524] __asan_report_store1_noabort+0x20/0x30 [ 16.777599] krealloc_less_oob_helper+0xae4/0xc50 [ 16.777779] krealloc_large_less_oob+0x20/0x38 [ 16.777832] kunit_try_run_case+0x170/0x3f0 [ 16.777878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.777939] kthread+0x328/0x630 [ 16.777979] ret_from_fork+0x10/0x20 [ 16.778068] [ 16.778087] The buggy address belongs to the physical page: [ 16.778262] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107710 [ 16.778405] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.778593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.778682] page_type: f8(unknown) [ 16.778718] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.778781] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.778899] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.779018] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.779089] head: 0bfffe0000000002 ffffc1ffc31dc401 00000000ffffffff 00000000ffffffff [ 16.779233] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.779272] page dumped because: kasan: bad access detected [ 16.779340] [ 16.779363] Memory state around the buggy address: [ 16.779392] fff00000c7711f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.779575] fff00000c7712000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.779671] >fff00000c7712080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.779707] ^ [ 16.779744] fff00000c7712100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.779841] fff00000c7712180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.779939] ================================================================== [ 16.722066] ================================================================== [ 16.722112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.722209] Write of size 1 at addr fff00000c172e0da by task kunit_try_catch/159 [ 16.722529] [ 16.722565] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.722645] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.722670] Hardware name: linux,dummy-virt (DT) [ 16.722862] Call trace: [ 16.722897] show_stack+0x20/0x38 (C) [ 16.723052] dump_stack_lvl+0x8c/0xd0 [ 16.723184] print_report+0x118/0x608 [ 16.723233] kasan_report+0xdc/0x128 [ 16.723278] __asan_report_store1_noabort+0x20/0x30 [ 16.723327] krealloc_less_oob_helper+0xa80/0xc50 [ 16.723374] krealloc_less_oob+0x20/0x38 [ 16.723642] kunit_try_run_case+0x170/0x3f0 [ 16.723730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.723874] kthread+0x328/0x630 [ 16.723946] ret_from_fork+0x10/0x20 [ 16.724042] [ 16.724071] Allocated by task 159: [ 16.724099] kasan_save_stack+0x3c/0x68 [ 16.724138] kasan_save_track+0x20/0x40 [ 16.724174] kasan_save_alloc_info+0x40/0x58 [ 16.724481] __kasan_krealloc+0x118/0x178 [ 16.724593] krealloc_noprof+0x128/0x360 [ 16.724629] krealloc_less_oob_helper+0x168/0xc50 [ 16.724687] krealloc_less_oob+0x20/0x38 [ 16.724850] kunit_try_run_case+0x170/0x3f0 [ 16.724943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.724984] kthread+0x328/0x630 [ 16.725015] ret_from_fork+0x10/0x20 [ 16.725056] [ 16.725074] The buggy address belongs to the object at fff00000c172e000 [ 16.725074] which belongs to the cache kmalloc-256 of size 256 [ 16.725357] The buggy address is located 17 bytes to the right of [ 16.725357] allocated 201-byte region [fff00000c172e000, fff00000c172e0c9) [ 16.725473] [ 16.725492] The buggy address belongs to the physical page: [ 16.725528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172e [ 16.725620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.725683] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.725760] page_type: f5(slab) [ 16.725795] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.726033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.726087] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.726135] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.726341] head: 0bfffe0000000001 ffffc1ffc305cb81 00000000ffffffff 00000000ffffffff [ 16.726509] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.726548] page dumped because: kasan: bad access detected [ 16.726618] [ 16.726694] Memory state around the buggy address: [ 16.726726] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.726834] fff00000c172e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.727090] >fff00000c172e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.727276] ^ [ 16.727468] fff00000c172e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.727555] fff00000c172e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.727617] ================================================================== [ 16.770429] ================================================================== [ 16.770474] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.770523] Write of size 1 at addr fff00000c77120d0 by task kunit_try_catch/163 [ 16.770571] [ 16.770613] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.770834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.770860] Hardware name: linux,dummy-virt (DT) [ 16.770889] Call trace: [ 16.770920] show_stack+0x20/0x38 (C) [ 16.770989] dump_stack_lvl+0x8c/0xd0 [ 16.771035] print_report+0x118/0x608 [ 16.771080] kasan_report+0xdc/0x128 [ 16.771124] __asan_report_store1_noabort+0x20/0x30 [ 16.771174] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.771308] krealloc_large_less_oob+0x20/0x38 [ 16.771355] kunit_try_run_case+0x170/0x3f0 [ 16.771425] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.771523] kthread+0x328/0x630 [ 16.771564] ret_from_fork+0x10/0x20 [ 16.771608] [ 16.771627] The buggy address belongs to the physical page: [ 16.771656] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107710 [ 16.771706] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.771751] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.771871] page_type: f8(unknown) [ 16.772054] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.772142] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.772222] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.772269] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.772315] head: 0bfffe0000000002 ffffc1ffc31dc401 00000000ffffffff 00000000ffffffff [ 16.772362] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.772407] page dumped because: kasan: bad access detected [ 16.772542] [ 16.772623] Memory state around the buggy address: [ 16.772703] fff00000c7711f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.772789] fff00000c7712000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.772933] >fff00000c7712080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.772970] ^ [ 16.773005] fff00000c7712100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.773045] fff00000c7712180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.773086] ================================================================== [ 16.728409] ================================================================== [ 16.728457] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.728585] Write of size 1 at addr fff00000c172e0ea by task kunit_try_catch/159 [ 16.728823] [ 16.729290] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.729383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.729408] Hardware name: linux,dummy-virt (DT) [ 16.729437] Call trace: [ 16.729458] show_stack+0x20/0x38 (C) [ 16.729697] dump_stack_lvl+0x8c/0xd0 [ 16.729744] print_report+0x118/0x608 [ 16.729789] kasan_report+0xdc/0x128 [ 16.729843] __asan_report_store1_noabort+0x20/0x30 [ 16.730062] krealloc_less_oob_helper+0xae4/0xc50 [ 16.730113] krealloc_less_oob+0x20/0x38 [ 16.730156] kunit_try_run_case+0x170/0x3f0 [ 16.730620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.730782] kthread+0x328/0x630 [ 16.730858] ret_from_fork+0x10/0x20 [ 16.730974] [ 16.730999] Allocated by task 159: [ 16.731026] kasan_save_stack+0x3c/0x68 [ 16.731119] kasan_save_track+0x20/0x40 [ 16.731156] kasan_save_alloc_info+0x40/0x58 [ 16.731331] __kasan_krealloc+0x118/0x178 [ 16.731370] krealloc_noprof+0x128/0x360 [ 16.731655] krealloc_less_oob_helper+0x168/0xc50 [ 16.731698] krealloc_less_oob+0x20/0x38 [ 16.731733] kunit_try_run_case+0x170/0x3f0 [ 16.731808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.731972] kthread+0x328/0x630 [ 16.732005] ret_from_fork+0x10/0x20 [ 16.732149] [ 16.732203] The buggy address belongs to the object at fff00000c172e000 [ 16.732203] which belongs to the cache kmalloc-256 of size 256 [ 16.732259] The buggy address is located 33 bytes to the right of [ 16.732259] allocated 201-byte region [fff00000c172e000, fff00000c172e0c9) [ 16.732361] [ 16.732448] The buggy address belongs to the physical page: [ 16.732598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172e [ 16.732668] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.732714] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.732802] page_type: f5(slab) [ 16.732973] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.733083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.733196] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.733250] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.733297] head: 0bfffe0000000001 ffffc1ffc305cb81 00000000ffffffff 00000000ffffffff [ 16.733414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.733584] page dumped because: kasan: bad access detected [ 16.733657] [ 16.733675] Memory state around the buggy address: [ 16.733754] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.733796] fff00000c172e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.733892] >fff00000c172e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.734272] ^ [ 16.734950] fff00000c172e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.735013] fff00000c172e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.735051] ================================================================== [ 16.715196] ================================================================== [ 16.715243] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.715290] Write of size 1 at addr fff00000c172e0d0 by task kunit_try_catch/159 [ 16.715337] [ 16.715365] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.715696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.715942] Hardware name: linux,dummy-virt (DT) [ 16.715980] Call trace: [ 16.716001] show_stack+0x20/0x38 (C) [ 16.716294] dump_stack_lvl+0x8c/0xd0 [ 16.716463] print_report+0x118/0x608 [ 16.716550] kasan_report+0xdc/0x128 [ 16.716595] __asan_report_store1_noabort+0x20/0x30 [ 16.716778] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.716827] krealloc_less_oob+0x20/0x38 [ 16.716872] kunit_try_run_case+0x170/0x3f0 [ 16.717288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.717444] kthread+0x328/0x630 [ 16.717580] ret_from_fork+0x10/0x20 [ 16.717741] [ 16.717759] Allocated by task 159: [ 16.717786] kasan_save_stack+0x3c/0x68 [ 16.717985] kasan_save_track+0x20/0x40 [ 16.718158] kasan_save_alloc_info+0x40/0x58 [ 16.718198] __kasan_krealloc+0x118/0x178 [ 16.718287] krealloc_noprof+0x128/0x360 [ 16.718325] krealloc_less_oob_helper+0x168/0xc50 [ 16.718363] krealloc_less_oob+0x20/0x38 [ 16.718397] kunit_try_run_case+0x170/0x3f0 [ 16.718466] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.718510] kthread+0x328/0x630 [ 16.718540] ret_from_fork+0x10/0x20 [ 16.718880] [ 16.718973] The buggy address belongs to the object at fff00000c172e000 [ 16.718973] which belongs to the cache kmalloc-256 of size 256 [ 16.719120] The buggy address is located 7 bytes to the right of [ 16.719120] allocated 201-byte region [fff00000c172e000, fff00000c172e0c9) [ 16.719230] [ 16.719249] The buggy address belongs to the physical page: [ 16.719278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172e [ 16.719554] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.719643] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.719747] page_type: f5(slab) [ 16.719783] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.719831] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.719878] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.719969] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.720017] head: 0bfffe0000000001 ffffc1ffc305cb81 00000000ffffffff 00000000ffffffff [ 16.720113] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.720154] page dumped because: kasan: bad access detected [ 16.720225] [ 16.720336] Memory state around the buggy address: [ 16.720368] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720410] fff00000c172e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.720451] >fff00000c172e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.720486] ^ [ 16.720865] fff00000c172e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720908] fff00000c172e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720965] ================================================================== [ 16.780169] ================================================================== [ 16.780210] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.780252] Write of size 1 at addr fff00000c77120eb by task kunit_try_catch/163 [ 16.780298] [ 16.780325] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.780399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.780423] Hardware name: linux,dummy-virt (DT) [ 16.780484] Call trace: [ 16.780584] show_stack+0x20/0x38 (C) [ 16.780629] dump_stack_lvl+0x8c/0xd0 [ 16.780673] print_report+0x118/0x608 [ 16.780752] kasan_report+0xdc/0x128 [ 16.780796] __asan_report_store1_noabort+0x20/0x30 [ 16.780846] krealloc_less_oob_helper+0xa58/0xc50 [ 16.780892] krealloc_large_less_oob+0x20/0x38 [ 16.781038] kunit_try_run_case+0x170/0x3f0 [ 16.781152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.781264] kthread+0x328/0x630 [ 16.781304] ret_from_fork+0x10/0x20 [ 16.781348] [ 16.781402] The buggy address belongs to the physical page: [ 16.781430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107710 [ 16.781480] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.781524] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.781635] page_type: f8(unknown) [ 16.781672] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.781726] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.781842] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.782028] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.782104] head: 0bfffe0000000002 ffffc1ffc31dc401 00000000ffffffff 00000000ffffffff [ 16.782151] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.782219] page dumped because: kasan: bad access detected [ 16.782249] [ 16.782265] Memory state around the buggy address: [ 16.782295] fff00000c7711f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.782336] fff00000c7712000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.782375] >fff00000c7712080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.782411] ^ [ 16.782447] fff00000c7712100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.782591] fff00000c7712180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.782636] ==================================================================
[ 12.904207] ================================================================== [ 12.905231] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.905962] Write of size 1 at addr ffff888100aa58d0 by task kunit_try_catch/176 [ 12.906942] [ 12.907416] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.907472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.907483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.907504] Call Trace: [ 12.907766] <TASK> [ 12.907799] dump_stack_lvl+0x73/0xb0 [ 12.907837] print_report+0xd1/0x650 [ 12.907857] ? __virt_addr_valid+0x1db/0x2d0 [ 12.907876] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.907896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.907917] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.907937] kasan_report+0x141/0x180 [ 12.907956] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.907980] __asan_report_store1_noabort+0x1b/0x30 [ 12.908000] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.908021] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.908041] ? finish_task_switch.isra.0+0x153/0x700 [ 12.908060] ? __switch_to+0x47/0xf50 [ 12.908082] ? __schedule+0x10cc/0x2b60 [ 12.908101] ? __pfx_read_tsc+0x10/0x10 [ 12.908134] krealloc_less_oob+0x1c/0x30 [ 12.908161] kunit_try_run_case+0x1a5/0x480 [ 12.908196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.908231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.908272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.908313] ? __kthread_parkme+0x82/0x180 [ 12.908348] ? preempt_count_sub+0x50/0x80 [ 12.908385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.908423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.908459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.908495] kthread+0x337/0x6f0 [ 12.908526] ? trace_preempt_on+0x20/0xc0 [ 12.908567] ? __pfx_kthread+0x10/0x10 [ 12.908604] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.908657] ? calculate_sigpending+0x7b/0xa0 [ 12.908715] ? __pfx_kthread+0x10/0x10 [ 12.908750] ret_from_fork+0x116/0x1d0 [ 12.908782] ? __pfx_kthread+0x10/0x10 [ 12.908819] ret_from_fork_asm+0x1a/0x30 [ 12.908877] </TASK> [ 12.908900] [ 12.921491] Allocated by task 176: [ 12.921793] kasan_save_stack+0x45/0x70 [ 12.922416] kasan_save_track+0x18/0x40 [ 12.922921] kasan_save_alloc_info+0x3b/0x50 [ 12.923537] __kasan_krealloc+0x190/0x1f0 [ 12.924019] krealloc_noprof+0xf3/0x340 [ 12.924368] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.924674] krealloc_less_oob+0x1c/0x30 [ 12.925071] kunit_try_run_case+0x1a5/0x480 [ 12.925423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.925794] kthread+0x337/0x6f0 [ 12.926134] ret_from_fork+0x116/0x1d0 [ 12.926761] ret_from_fork_asm+0x1a/0x30 [ 12.927277] [ 12.927424] The buggy address belongs to the object at ffff888100aa5800 [ 12.927424] which belongs to the cache kmalloc-256 of size 256 [ 12.927941] The buggy address is located 7 bytes to the right of [ 12.927941] allocated 201-byte region [ffff888100aa5800, ffff888100aa58c9) [ 12.928532] [ 12.928953] The buggy address belongs to the physical page: [ 12.929263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa4 [ 12.929880] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.930368] flags: 0x200000000000040(head|node=0|zone=2) [ 12.931021] page_type: f5(slab) [ 12.931304] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.931882] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.932328] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.933020] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.933446] head: 0200000000000001 ffffea000402a901 00000000ffffffff 00000000ffffffff [ 12.933931] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.934297] page dumped because: kasan: bad access detected [ 12.934645] [ 12.934803] Memory state around the buggy address: [ 12.935122] ffff888100aa5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.935456] ffff888100aa5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.936354] >ffff888100aa5880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.936843] ^ [ 12.937422] ffff888100aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.937701] ffff888100aa5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.938141] ================================================================== [ 13.153854] ================================================================== [ 13.154421] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.155051] Write of size 1 at addr ffff888102b320da by task kunit_try_catch/180 [ 13.155579] [ 13.155782] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.155990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.156019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.156054] Call Trace: [ 13.156094] <TASK> [ 13.156118] dump_stack_lvl+0x73/0xb0 [ 13.156173] print_report+0xd1/0x650 [ 13.156222] ? __virt_addr_valid+0x1db/0x2d0 [ 13.156262] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.156313] ? kasan_addr_to_slab+0x11/0xa0 [ 13.156360] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.156403] kasan_report+0x141/0x180 [ 13.156455] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.156499] __asan_report_store1_noabort+0x1b/0x30 [ 13.156930] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.157006] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.157047] ? finish_task_switch.isra.0+0x153/0x700 [ 13.157115] ? __switch_to+0x47/0xf50 [ 13.157158] ? __schedule+0x10cc/0x2b60 [ 13.157195] ? __pfx_read_tsc+0x10/0x10 [ 13.157247] krealloc_large_less_oob+0x1c/0x30 [ 13.157281] kunit_try_run_case+0x1a5/0x480 [ 13.157315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.157345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.157380] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.157417] ? __kthread_parkme+0x82/0x180 [ 13.157455] ? preempt_count_sub+0x50/0x80 [ 13.157498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.157537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.157566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.157586] kthread+0x337/0x6f0 [ 13.157604] ? trace_preempt_on+0x20/0xc0 [ 13.157642] ? __pfx_kthread+0x10/0x10 [ 13.157662] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.157680] ? calculate_sigpending+0x7b/0xa0 [ 13.157701] ? __pfx_kthread+0x10/0x10 [ 13.157720] ret_from_fork+0x116/0x1d0 [ 13.157736] ? __pfx_kthread+0x10/0x10 [ 13.157754] ret_from_fork_asm+0x1a/0x30 [ 13.157781] </TASK> [ 13.157793] [ 13.169553] The buggy address belongs to the physical page: [ 13.170663] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30 [ 13.171249] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.171673] flags: 0x200000000000040(head|node=0|zone=2) [ 13.172040] page_type: f8(unknown) [ 13.172686] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.172995] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.173408] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.174513] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.174964] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff [ 13.175426] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.175991] page dumped because: kasan: bad access detected [ 13.176237] [ 13.176342] Memory state around the buggy address: [ 13.176662] ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.177399] ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.177750] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.177990] ^ [ 13.178487] ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.178950] ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.179232] ================================================================== [ 13.005844] ================================================================== [ 13.006219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.006460] Write of size 1 at addr ffff888100aa58eb by task kunit_try_catch/176 [ 13.007700] [ 13.007857] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.007929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.007945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.007975] Call Trace: [ 13.007992] <TASK> [ 13.008018] dump_stack_lvl+0x73/0xb0 [ 13.008063] print_report+0xd1/0x650 [ 13.008096] ? __virt_addr_valid+0x1db/0x2d0 [ 13.008206] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.008244] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.008300] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.008340] kasan_report+0x141/0x180 [ 13.008392] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.008436] __asan_report_store1_noabort+0x1b/0x30 [ 13.008461] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.008484] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.008504] ? finish_task_switch.isra.0+0x153/0x700 [ 13.008524] ? __switch_to+0x47/0xf50 [ 13.008546] ? __schedule+0x10cc/0x2b60 [ 13.008565] ? __pfx_read_tsc+0x10/0x10 [ 13.008587] krealloc_less_oob+0x1c/0x30 [ 13.008605] kunit_try_run_case+0x1a5/0x480 [ 13.008643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.008663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.008684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.008704] ? __kthread_parkme+0x82/0x180 [ 13.008721] ? preempt_count_sub+0x50/0x80 [ 13.008741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.008760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.008780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.008799] kthread+0x337/0x6f0 [ 13.008816] ? trace_preempt_on+0x20/0xc0 [ 13.008837] ? __pfx_kthread+0x10/0x10 [ 13.008854] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.008872] ? calculate_sigpending+0x7b/0xa0 [ 13.008892] ? __pfx_kthread+0x10/0x10 [ 13.008910] ret_from_fork+0x116/0x1d0 [ 13.008926] ? __pfx_kthread+0x10/0x10 [ 13.008943] ret_from_fork_asm+0x1a/0x30 [ 13.008971] </TASK> [ 13.008983] [ 13.017596] Allocated by task 176: [ 13.017893] kasan_save_stack+0x45/0x70 [ 13.018326] kasan_save_track+0x18/0x40 [ 13.018592] kasan_save_alloc_info+0x3b/0x50 [ 13.018784] __kasan_krealloc+0x190/0x1f0 [ 13.018953] krealloc_noprof+0xf3/0x340 [ 13.019115] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.019476] krealloc_less_oob+0x1c/0x30 [ 13.019869] kunit_try_run_case+0x1a5/0x480 [ 13.020216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.020595] kthread+0x337/0x6f0 [ 13.020877] ret_from_fork+0x116/0x1d0 [ 13.021178] ret_from_fork_asm+0x1a/0x30 [ 13.021422] [ 13.021587] The buggy address belongs to the object at ffff888100aa5800 [ 13.021587] which belongs to the cache kmalloc-256 of size 256 [ 13.021968] The buggy address is located 34 bytes to the right of [ 13.021968] allocated 201-byte region [ffff888100aa5800, ffff888100aa58c9) [ 13.022656] [ 13.022829] The buggy address belongs to the physical page: [ 13.023226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa4 [ 13.023790] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.024419] flags: 0x200000000000040(head|node=0|zone=2) [ 13.024687] page_type: f5(slab) [ 13.024848] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.025090] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.025736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.026306] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.026800] head: 0200000000000001 ffffea000402a901 00000000ffffffff 00000000ffffffff [ 13.027076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.027335] page dumped because: kasan: bad access detected [ 13.027584] [ 13.027752] Memory state around the buggy address: [ 13.028191] ffff888100aa5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.028662] ffff888100aa5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.029147] >ffff888100aa5880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.029445] ^ [ 13.029687] ffff888100aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.030167] ffff888100aa5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.030658] ================================================================== [ 13.179800] ================================================================== [ 13.180279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.181149] Write of size 1 at addr ffff888102b320ea by task kunit_try_catch/180 [ 13.181614] [ 13.181948] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.182027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.182050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.182078] Call Trace: [ 13.182112] <TASK> [ 13.182137] dump_stack_lvl+0x73/0xb0 [ 13.182219] print_report+0xd1/0x650 [ 13.182254] ? __virt_addr_valid+0x1db/0x2d0 [ 13.182284] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.182322] ? kasan_addr_to_slab+0x11/0xa0 [ 13.182353] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.182399] kasan_report+0x141/0x180 [ 13.182437] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.182500] __asan_report_store1_noabort+0x1b/0x30 [ 13.182536] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.182578] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.182635] ? finish_task_switch.isra.0+0x153/0x700 [ 13.182672] ? __switch_to+0x47/0xf50 [ 13.182717] ? __schedule+0x10cc/0x2b60 [ 13.182755] ? __pfx_read_tsc+0x10/0x10 [ 13.182798] krealloc_large_less_oob+0x1c/0x30 [ 13.182836] kunit_try_run_case+0x1a5/0x480 [ 13.182879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.182917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.182958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.183004] ? __kthread_parkme+0x82/0x180 [ 13.183037] ? preempt_count_sub+0x50/0x80 [ 13.183093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.183133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.183174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.183215] kthread+0x337/0x6f0 [ 13.183252] ? trace_preempt_on+0x20/0xc0 [ 13.183294] ? __pfx_kthread+0x10/0x10 [ 13.183331] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.183368] ? calculate_sigpending+0x7b/0xa0 [ 13.183408] ? __pfx_kthread+0x10/0x10 [ 13.183516] ret_from_fork+0x116/0x1d0 [ 13.183560] ? __pfx_kthread+0x10/0x10 [ 13.183590] ret_from_fork_asm+0x1a/0x30 [ 13.183636] </TASK> [ 13.183651] [ 13.195095] The buggy address belongs to the physical page: [ 13.195487] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30 [ 13.196214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.197149] flags: 0x200000000000040(head|node=0|zone=2) [ 13.197408] page_type: f8(unknown) [ 13.197734] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.198273] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.198961] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.199361] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.199993] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff [ 13.200425] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.201373] page dumped because: kasan: bad access detected [ 13.201781] [ 13.201897] Memory state around the buggy address: [ 13.202254] ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.202842] ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.203375] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.203850] ^ [ 13.204219] ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.204816] ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.205101] ================================================================== [ 12.939402] ================================================================== [ 12.939927] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.940386] Write of size 1 at addr ffff888100aa58da by task kunit_try_catch/176 [ 12.940603] [ 12.940879] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.940956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.940976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.941010] Call Trace: [ 12.941045] <TASK> [ 12.941074] dump_stack_lvl+0x73/0xb0 [ 12.941123] print_report+0xd1/0x650 [ 12.941156] ? __virt_addr_valid+0x1db/0x2d0 [ 12.941190] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.941227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.941336] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.941391] kasan_report+0x141/0x180 [ 12.941431] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.941484] __asan_report_store1_noabort+0x1b/0x30 [ 12.941524] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.941712] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.941772] ? finish_task_switch.isra.0+0x153/0x700 [ 12.941808] ? __switch_to+0x47/0xf50 [ 12.941847] ? __schedule+0x10cc/0x2b60 [ 12.941885] ? __pfx_read_tsc+0x10/0x10 [ 12.941935] krealloc_less_oob+0x1c/0x30 [ 12.941972] kunit_try_run_case+0x1a5/0x480 [ 12.942011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.942043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.942075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.942142] ? __kthread_parkme+0x82/0x180 [ 12.942182] ? preempt_count_sub+0x50/0x80 [ 12.942224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.942286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.942309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.942329] kthread+0x337/0x6f0 [ 12.942347] ? trace_preempt_on+0x20/0xc0 [ 12.942369] ? __pfx_kthread+0x10/0x10 [ 12.942387] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.942405] ? calculate_sigpending+0x7b/0xa0 [ 12.942425] ? __pfx_kthread+0x10/0x10 [ 12.942443] ret_from_fork+0x116/0x1d0 [ 12.942460] ? __pfx_kthread+0x10/0x10 [ 12.942477] ret_from_fork_asm+0x1a/0x30 [ 12.942519] </TASK> [ 12.942539] [ 12.954463] Allocated by task 176: [ 12.954893] kasan_save_stack+0x45/0x70 [ 12.955212] kasan_save_track+0x18/0x40 [ 12.955380] kasan_save_alloc_info+0x3b/0x50 [ 12.955805] __kasan_krealloc+0x190/0x1f0 [ 12.956155] krealloc_noprof+0xf3/0x340 [ 12.956449] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.957176] krealloc_less_oob+0x1c/0x30 [ 12.957538] kunit_try_run_case+0x1a5/0x480 [ 12.957864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.958068] kthread+0x337/0x6f0 [ 12.958348] ret_from_fork+0x116/0x1d0 [ 12.958654] ret_from_fork_asm+0x1a/0x30 [ 12.958999] [ 12.959201] The buggy address belongs to the object at ffff888100aa5800 [ 12.959201] which belongs to the cache kmalloc-256 of size 256 [ 12.959891] The buggy address is located 17 bytes to the right of [ 12.959891] allocated 201-byte region [ffff888100aa5800, ffff888100aa58c9) [ 12.960960] [ 12.961130] The buggy address belongs to the physical page: [ 12.961331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa4 [ 12.962015] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.962348] flags: 0x200000000000040(head|node=0|zone=2) [ 12.962819] page_type: f5(slab) [ 12.963076] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.963720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.964020] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.964898] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.965395] head: 0200000000000001 ffffea000402a901 00000000ffffffff 00000000ffffffff [ 12.965738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.966007] page dumped because: kasan: bad access detected [ 12.966603] [ 12.966744] Memory state around the buggy address: [ 12.967027] ffff888100aa5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.967406] ffff888100aa5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.967818] >ffff888100aa5880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.968218] ^ [ 12.969043] ffff888100aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.969353] ffff888100aa5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.969886] ================================================================== [ 13.099910] ================================================================== [ 13.100362] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.101379] Write of size 1 at addr ffff888102b320c9 by task kunit_try_catch/180 [ 13.102330] [ 13.102528] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.102607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.102645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.102683] Call Trace: [ 13.102708] <TASK> [ 13.102734] dump_stack_lvl+0x73/0xb0 [ 13.102789] print_report+0xd1/0x650 [ 13.102828] ? __virt_addr_valid+0x1db/0x2d0 [ 13.102869] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.102902] ? kasan_addr_to_slab+0x11/0xa0 [ 13.102929] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.102967] kasan_report+0x141/0x180 [ 13.103004] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.103050] __asan_report_store1_noabort+0x1b/0x30 [ 13.103085] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.103138] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.103176] ? finish_task_switch.isra.0+0x153/0x700 [ 13.103217] ? __switch_to+0x47/0xf50 [ 13.103266] ? __schedule+0x10cc/0x2b60 [ 13.103307] ? __pfx_read_tsc+0x10/0x10 [ 13.103337] krealloc_large_less_oob+0x1c/0x30 [ 13.103357] kunit_try_run_case+0x1a5/0x480 [ 13.103380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.103398] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.103419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.103439] ? __kthread_parkme+0x82/0x180 [ 13.103457] ? preempt_count_sub+0x50/0x80 [ 13.103477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.103497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.103533] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.103562] kthread+0x337/0x6f0 [ 13.103587] ? trace_preempt_on+0x20/0xc0 [ 13.103635] ? __pfx_kthread+0x10/0x10 [ 13.103666] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.103693] ? calculate_sigpending+0x7b/0xa0 [ 13.103725] ? __pfx_kthread+0x10/0x10 [ 13.103754] ret_from_fork+0x116/0x1d0 [ 13.103779] ? __pfx_kthread+0x10/0x10 [ 13.103806] ret_from_fork_asm+0x1a/0x30 [ 13.103852] </TASK> [ 13.103871] [ 13.115194] The buggy address belongs to the physical page: [ 13.115868] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30 [ 13.116796] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.117323] flags: 0x200000000000040(head|node=0|zone=2) [ 13.117542] page_type: f8(unknown) [ 13.117710] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.117945] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.118165] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.118381] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.119787] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff [ 13.120743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.121241] page dumped because: kasan: bad access detected [ 13.121829] [ 13.121997] Memory state around the buggy address: [ 13.122731] ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.123247] ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.123475] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.124064] ^ [ 13.125223] ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.125476] ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.126375] ================================================================== [ 13.206062] ================================================================== [ 13.206580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.206960] Write of size 1 at addr ffff888102b320eb by task kunit_try_catch/180 [ 13.207238] [ 13.207359] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.207436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.207459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.207484] Call Trace: [ 13.207502] <TASK> [ 13.207521] dump_stack_lvl+0x73/0xb0 [ 13.207554] print_report+0xd1/0x650 [ 13.207578] ? __virt_addr_valid+0x1db/0x2d0 [ 13.207603] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.208188] ? kasan_addr_to_slab+0x11/0xa0 [ 13.208233] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.208275] kasan_report+0x141/0x180 [ 13.208318] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.208372] __asan_report_store1_noabort+0x1b/0x30 [ 13.208416] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.208464] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.208916] ? finish_task_switch.isra.0+0x153/0x700 [ 13.208965] ? __switch_to+0x47/0xf50 [ 13.208990] ? __schedule+0x10cc/0x2b60 [ 13.209010] ? __pfx_read_tsc+0x10/0x10 [ 13.209031] krealloc_large_less_oob+0x1c/0x30 [ 13.209053] kunit_try_run_case+0x1a5/0x480 [ 13.209074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.209092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.209134] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.209154] ? __kthread_parkme+0x82/0x180 [ 13.209171] ? preempt_count_sub+0x50/0x80 [ 13.209191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.209211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.209230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.209250] kthread+0x337/0x6f0 [ 13.209267] ? trace_preempt_on+0x20/0xc0 [ 13.209287] ? __pfx_kthread+0x10/0x10 [ 13.209305] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.209323] ? calculate_sigpending+0x7b/0xa0 [ 13.209343] ? __pfx_kthread+0x10/0x10 [ 13.209361] ret_from_fork+0x116/0x1d0 [ 13.209378] ? __pfx_kthread+0x10/0x10 [ 13.209395] ret_from_fork_asm+0x1a/0x30 [ 13.209423] </TASK> [ 13.209434] [ 13.221015] The buggy address belongs to the physical page: [ 13.221353] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30 [ 13.222343] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.222929] flags: 0x200000000000040(head|node=0|zone=2) [ 13.223164] page_type: f8(unknown) [ 13.223459] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.224098] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.224492] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.225093] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.225492] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff [ 13.226274] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.226614] page dumped because: kasan: bad access detected [ 13.227247] [ 13.227406] Memory state around the buggy address: [ 13.227700] ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.228308] ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.228536] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.229258] ^ [ 13.230070] ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.230307] ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.230935] ================================================================== [ 12.971730] ================================================================== [ 12.972181] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.972903] Write of size 1 at addr ffff888100aa58ea by task kunit_try_catch/176 [ 12.973148] [ 12.973287] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.973370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.973393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.973422] Call Trace: [ 12.973442] <TASK> [ 12.973462] dump_stack_lvl+0x73/0xb0 [ 12.973494] print_report+0xd1/0x650 [ 12.973514] ? __virt_addr_valid+0x1db/0x2d0 [ 12.973533] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.973557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.973590] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.973611] kasan_report+0x141/0x180 [ 12.973656] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.973693] __asan_report_store1_noabort+0x1b/0x30 [ 12.973724] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.973760] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.973790] ? finish_task_switch.isra.0+0x153/0x700 [ 12.973820] ? __switch_to+0x47/0xf50 [ 12.973855] ? __schedule+0x10cc/0x2b60 [ 12.973883] ? __pfx_read_tsc+0x10/0x10 [ 12.973925] krealloc_less_oob+0x1c/0x30 [ 12.973957] kunit_try_run_case+0x1a5/0x480 [ 12.973990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.974014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.974036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.974055] ? __kthread_parkme+0x82/0x180 [ 12.974073] ? preempt_count_sub+0x50/0x80 [ 12.974092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.974150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.974194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.974228] kthread+0x337/0x6f0 [ 12.974259] ? trace_preempt_on+0x20/0xc0 [ 12.974299] ? __pfx_kthread+0x10/0x10 [ 12.974336] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.974374] ? calculate_sigpending+0x7b/0xa0 [ 12.974417] ? __pfx_kthread+0x10/0x10 [ 12.974455] ret_from_fork+0x116/0x1d0 [ 12.974488] ? __pfx_kthread+0x10/0x10 [ 12.974539] ret_from_fork_asm+0x1a/0x30 [ 12.974600] </TASK> [ 12.974639] [ 12.986657] Allocated by task 176: [ 12.987462] kasan_save_stack+0x45/0x70 [ 12.987851] kasan_save_track+0x18/0x40 [ 12.987966] kasan_save_alloc_info+0x3b/0x50 [ 12.988058] __kasan_krealloc+0x190/0x1f0 [ 12.988274] krealloc_noprof+0xf3/0x340 [ 12.988660] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.989272] krealloc_less_oob+0x1c/0x30 [ 12.989754] kunit_try_run_case+0x1a5/0x480 [ 12.989951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.990414] kthread+0x337/0x6f0 [ 12.991082] ret_from_fork+0x116/0x1d0 [ 12.991447] ret_from_fork_asm+0x1a/0x30 [ 12.991840] [ 12.992080] The buggy address belongs to the object at ffff888100aa5800 [ 12.992080] which belongs to the cache kmalloc-256 of size 256 [ 12.992827] The buggy address is located 33 bytes to the right of [ 12.992827] allocated 201-byte region [ffff888100aa5800, ffff888100aa58c9) [ 12.993506] [ 12.993768] The buggy address belongs to the physical page: [ 12.994354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa4 [ 12.994866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.995533] flags: 0x200000000000040(head|node=0|zone=2) [ 12.996285] page_type: f5(slab) [ 12.996483] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.996824] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.997681] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.998130] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.998693] head: 0200000000000001 ffffea000402a901 00000000ffffffff 00000000ffffffff [ 12.999052] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.999493] page dumped because: kasan: bad access detected [ 12.999981] [ 13.000139] Memory state around the buggy address: [ 13.000568] ffff888100aa5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.000907] ffff888100aa5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.001358] >ffff888100aa5880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.002376] ^ [ 13.002674] ffff888100aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.003667] ffff888100aa5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.004179] ================================================================== [ 13.126823] ================================================================== [ 13.127425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.128098] Write of size 1 at addr ffff888102b320d0 by task kunit_try_catch/180 [ 13.128471] [ 13.129154] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.129247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.129271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.129308] Call Trace: [ 13.129335] <TASK> [ 13.129362] dump_stack_lvl+0x73/0xb0 [ 13.129424] print_report+0xd1/0x650 [ 13.129463] ? __virt_addr_valid+0x1db/0x2d0 [ 13.129670] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.129715] ? kasan_addr_to_slab+0x11/0xa0 [ 13.129747] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.129784] kasan_report+0x141/0x180 [ 13.129821] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.129864] __asan_report_store1_noabort+0x1b/0x30 [ 13.129922] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.129983] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.130021] ? finish_task_switch.isra.0+0x153/0x700 [ 13.130060] ? __switch_to+0x47/0xf50 [ 13.130131] ? __schedule+0x10cc/0x2b60 [ 13.130172] ? __pfx_read_tsc+0x10/0x10 [ 13.130230] krealloc_large_less_oob+0x1c/0x30 [ 13.130270] kunit_try_run_case+0x1a5/0x480 [ 13.130293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.130312] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.130333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.130353] ? __kthread_parkme+0x82/0x180 [ 13.130371] ? preempt_count_sub+0x50/0x80 [ 13.130391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.130410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.130430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.130449] kthread+0x337/0x6f0 [ 13.130466] ? trace_preempt_on+0x20/0xc0 [ 13.130487] ? __pfx_kthread+0x10/0x10 [ 13.130544] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.130585] ? calculate_sigpending+0x7b/0xa0 [ 13.130632] ? __pfx_kthread+0x10/0x10 [ 13.130664] ret_from_fork+0x116/0x1d0 [ 13.130691] ? __pfx_kthread+0x10/0x10 [ 13.130709] ret_from_fork_asm+0x1a/0x30 [ 13.130736] </TASK> [ 13.130748] [ 13.142990] The buggy address belongs to the physical page: [ 13.143401] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30 [ 13.143873] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.144396] flags: 0x200000000000040(head|node=0|zone=2) [ 13.145159] page_type: f8(unknown) [ 13.145334] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.145980] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.146442] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.147141] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.147695] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff [ 13.148173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.148923] page dumped because: kasan: bad access detected [ 13.149265] [ 13.149411] Memory state around the buggy address: [ 13.149735] ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.150190] ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.150877] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.151343] ^ [ 13.151872] ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.152475] ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.153374] ================================================================== [ 12.871297] ================================================================== [ 12.872556] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.872912] Write of size 1 at addr ffff888100aa58c9 by task kunit_try_catch/176 [ 12.873816] [ 12.873979] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.874054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.874076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.874109] Call Trace: [ 12.874552] <TASK> [ 12.874602] dump_stack_lvl+0x73/0xb0 [ 12.874679] print_report+0xd1/0x650 [ 12.874713] ? __virt_addr_valid+0x1db/0x2d0 [ 12.874746] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.874768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.874789] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.874809] kasan_report+0x141/0x180 [ 12.874828] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.874853] __asan_report_store1_noabort+0x1b/0x30 [ 12.874873] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.874895] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.874915] ? finish_task_switch.isra.0+0x153/0x700 [ 12.874935] ? __switch_to+0x47/0xf50 [ 12.874958] ? __schedule+0x10cc/0x2b60 [ 12.874978] ? __pfx_read_tsc+0x10/0x10 [ 12.874999] krealloc_less_oob+0x1c/0x30 [ 12.875017] kunit_try_run_case+0x1a5/0x480 [ 12.875039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.875057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.875077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.875096] ? __kthread_parkme+0x82/0x180 [ 12.875123] ? preempt_count_sub+0x50/0x80 [ 12.875145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.875164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.875183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.875202] kthread+0x337/0x6f0 [ 12.875219] ? trace_preempt_on+0x20/0xc0 [ 12.875240] ? __pfx_kthread+0x10/0x10 [ 12.875258] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.875275] ? calculate_sigpending+0x7b/0xa0 [ 12.875297] ? __pfx_kthread+0x10/0x10 [ 12.875315] ret_from_fork+0x116/0x1d0 [ 12.875331] ? __pfx_kthread+0x10/0x10 [ 12.875349] ret_from_fork_asm+0x1a/0x30 [ 12.875376] </TASK> [ 12.875387] [ 12.886256] Allocated by task 176: [ 12.886727] kasan_save_stack+0x45/0x70 [ 12.887037] kasan_save_track+0x18/0x40 [ 12.887261] kasan_save_alloc_info+0x3b/0x50 [ 12.887423] __kasan_krealloc+0x190/0x1f0 [ 12.888352] krealloc_noprof+0xf3/0x340 [ 12.888659] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.889114] krealloc_less_oob+0x1c/0x30 [ 12.889298] kunit_try_run_case+0x1a5/0x480 [ 12.889788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.890257] kthread+0x337/0x6f0 [ 12.890690] ret_from_fork+0x116/0x1d0 [ 12.890937] ret_from_fork_asm+0x1a/0x30 [ 12.891088] [ 12.891488] The buggy address belongs to the object at ffff888100aa5800 [ 12.891488] which belongs to the cache kmalloc-256 of size 256 [ 12.891824] The buggy address is located 0 bytes to the right of [ 12.891824] allocated 201-byte region [ffff888100aa5800, ffff888100aa58c9) [ 12.892805] [ 12.893009] The buggy address belongs to the physical page: [ 12.893843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa4 [ 12.894188] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.895071] flags: 0x200000000000040(head|node=0|zone=2) [ 12.895348] page_type: f5(slab) [ 12.895487] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.896114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.896420] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.897584] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.897953] head: 0200000000000001 ffffea000402a901 00000000ffffffff 00000000ffffffff [ 12.898953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.899286] page dumped because: kasan: bad access detected [ 12.899812] [ 12.899928] Memory state around the buggy address: [ 12.900137] ffff888100aa5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.900855] ffff888100aa5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.901145] >ffff888100aa5880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.901696] ^ [ 12.902031] ffff888100aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.902770] ffff888100aa5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.903388] ==================================================================
[ 13.215442] ================================================================== [ 13.215798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.216150] Write of size 1 at addr ffff888100a302ea by task kunit_try_catch/175 [ 13.216428] [ 13.216542] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.216583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.216594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.216613] Call Trace: [ 13.216628] <TASK> [ 13.216644] dump_stack_lvl+0x73/0xb0 [ 13.216669] print_report+0xd1/0x650 [ 13.216690] ? __virt_addr_valid+0x1db/0x2d0 [ 13.216711] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.216733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.216757] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.216780] kasan_report+0x141/0x180 [ 13.216801] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.216828] __asan_report_store1_noabort+0x1b/0x30 [ 13.216851] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.216875] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.216896] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.216924] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.216950] krealloc_less_oob+0x1c/0x30 [ 13.216971] kunit_try_run_case+0x1a5/0x480 [ 13.216993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.217013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.217036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.217097] ? __kthread_parkme+0x82/0x180 [ 13.217117] ? preempt_count_sub+0x50/0x80 [ 13.217140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.217162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.217184] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.217205] kthread+0x337/0x6f0 [ 13.217224] ? trace_preempt_on+0x20/0xc0 [ 13.217246] ? __pfx_kthread+0x10/0x10 [ 13.217266] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.217286] ? calculate_sigpending+0x7b/0xa0 [ 13.217308] ? __pfx_kthread+0x10/0x10 [ 13.217345] ret_from_fork+0x116/0x1d0 [ 13.217362] ? __pfx_kthread+0x10/0x10 [ 13.217382] ret_from_fork_asm+0x1a/0x30 [ 13.217412] </TASK> [ 13.217422] [ 13.224764] Allocated by task 175: [ 13.224945] kasan_save_stack+0x45/0x70 [ 13.225151] kasan_save_track+0x18/0x40 [ 13.225344] kasan_save_alloc_info+0x3b/0x50 [ 13.225566] __kasan_krealloc+0x190/0x1f0 [ 13.225759] krealloc_noprof+0xf3/0x340 [ 13.225953] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.226135] krealloc_less_oob+0x1c/0x30 [ 13.226284] kunit_try_run_case+0x1a5/0x480 [ 13.226495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.226750] kthread+0x337/0x6f0 [ 13.226915] ret_from_fork+0x116/0x1d0 [ 13.227133] ret_from_fork_asm+0x1a/0x30 [ 13.227337] [ 13.227435] The buggy address belongs to the object at ffff888100a30200 [ 13.227435] which belongs to the cache kmalloc-256 of size 256 [ 13.227891] The buggy address is located 33 bytes to the right of [ 13.227891] allocated 201-byte region [ffff888100a30200, ffff888100a302c9) [ 13.228447] [ 13.228522] The buggy address belongs to the physical page: [ 13.228696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.228959] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.229455] flags: 0x200000000000040(head|node=0|zone=2) [ 13.229790] page_type: f5(slab) [ 13.229976] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.230327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.230662] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.231058] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.231413] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.231763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.232139] page dumped because: kasan: bad access detected [ 13.232314] [ 13.232386] Memory state around the buggy address: [ 13.232543] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.232809] ffff888100a30200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.233145] >ffff888100a30280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.233463] ^ [ 13.233866] ffff888100a30300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.234249] ffff888100a30380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.234467] ================================================================== [ 13.234883] ================================================================== [ 13.235244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.235783] Write of size 1 at addr ffff888100a302eb by task kunit_try_catch/175 [ 13.236387] [ 13.236473] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.236513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.236524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.236543] Call Trace: [ 13.236558] <TASK> [ 13.236574] dump_stack_lvl+0x73/0xb0 [ 13.236600] print_report+0xd1/0x650 [ 13.236621] ? __virt_addr_valid+0x1db/0x2d0 [ 13.236642] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.236664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.236689] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.236730] kasan_report+0x141/0x180 [ 13.236751] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.236779] __asan_report_store1_noabort+0x1b/0x30 [ 13.236802] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.236827] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.236848] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.236877] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.236903] krealloc_less_oob+0x1c/0x30 [ 13.236924] kunit_try_run_case+0x1a5/0x480 [ 13.236946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.236966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.236989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.237010] ? __kthread_parkme+0x82/0x180 [ 13.237029] ? preempt_count_sub+0x50/0x80 [ 13.237062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.237084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.237105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.237127] kthread+0x337/0x6f0 [ 13.237149] ? trace_preempt_on+0x20/0xc0 [ 13.237172] ? __pfx_kthread+0x10/0x10 [ 13.237210] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.237230] ? calculate_sigpending+0x7b/0xa0 [ 13.237253] ? __pfx_kthread+0x10/0x10 [ 13.237293] ret_from_fork+0x116/0x1d0 [ 13.237313] ? __pfx_kthread+0x10/0x10 [ 13.237332] ret_from_fork_asm+0x1a/0x30 [ 13.237363] </TASK> [ 13.237374] [ 13.249480] Allocated by task 175: [ 13.249667] kasan_save_stack+0x45/0x70 [ 13.250262] kasan_save_track+0x18/0x40 [ 13.250574] kasan_save_alloc_info+0x3b/0x50 [ 13.251067] __kasan_krealloc+0x190/0x1f0 [ 13.251389] krealloc_noprof+0xf3/0x340 [ 13.251584] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.252259] krealloc_less_oob+0x1c/0x30 [ 13.252640] kunit_try_run_case+0x1a5/0x480 [ 13.253175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.253449] kthread+0x337/0x6f0 [ 13.253616] ret_from_fork+0x116/0x1d0 [ 13.254036] ret_from_fork_asm+0x1a/0x30 [ 13.254447] [ 13.254554] The buggy address belongs to the object at ffff888100a30200 [ 13.254554] which belongs to the cache kmalloc-256 of size 256 [ 13.255387] The buggy address is located 34 bytes to the right of [ 13.255387] allocated 201-byte region [ffff888100a30200, ffff888100a302c9) [ 13.256606] [ 13.256928] The buggy address belongs to the physical page: [ 13.257267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.257613] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.257937] flags: 0x200000000000040(head|node=0|zone=2) [ 13.258191] page_type: f5(slab) [ 13.258352] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.258675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.258992] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.260076] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.260396] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.260796] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.261083] page dumped because: kasan: bad access detected [ 13.261348] [ 13.261447] Memory state around the buggy address: [ 13.261651] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.262023] ffff888100a30200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.262358] >ffff888100a30280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.262652] ^ [ 13.263025] ffff888100a30300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.263307] ffff888100a30380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.263645] ================================================================== [ 13.308886] ================================================================== [ 13.310744] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.312005] Write of size 1 at addr ffff8881031d60c9 by task kunit_try_catch/179 [ 13.313100] [ 13.313612] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.313955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.313971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.313993] Call Trace: [ 13.314007] <TASK> [ 13.314021] dump_stack_lvl+0x73/0xb0 [ 13.314067] print_report+0xd1/0x650 [ 13.314088] ? __virt_addr_valid+0x1db/0x2d0 [ 13.314110] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.314132] ? kasan_addr_to_slab+0x11/0xa0 [ 13.314151] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.314174] kasan_report+0x141/0x180 [ 13.314195] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.314223] __asan_report_store1_noabort+0x1b/0x30 [ 13.314246] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.314276] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.314297] ? irqentry_exit+0x2a/0x60 [ 13.314318] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.314346] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 13.314371] krealloc_large_less_oob+0x1c/0x30 [ 13.314393] kunit_try_run_case+0x1a5/0x480 [ 13.314416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.314437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.314458] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.314480] ? __kthread_parkme+0x82/0x180 [ 13.314499] ? preempt_count_sub+0x50/0x80 [ 13.314521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.314544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.314565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.314586] kthread+0x337/0x6f0 [ 13.314605] ? trace_preempt_on+0x20/0xc0 [ 13.314626] ? __pfx_kthread+0x10/0x10 [ 13.314646] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.314665] ? calculate_sigpending+0x7b/0xa0 [ 13.314687] ? __pfx_kthread+0x10/0x10 [ 13.314716] ret_from_fork+0x116/0x1d0 [ 13.314734] ? __pfx_kthread+0x10/0x10 [ 13.314765] ret_from_fork_asm+0x1a/0x30 [ 13.314796] </TASK> [ 13.314807] [ 13.334189] The buggy address belongs to the physical page: [ 13.334497] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 13.334918] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.335303] flags: 0x200000000000040(head|node=0|zone=2) [ 13.335568] page_type: f8(unknown) [ 13.335753] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.336549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.336913] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.337629] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.338227] head: 0200000000000002 ffffea00040c7501 00000000ffffffff 00000000ffffffff [ 13.338669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.339212] page dumped because: kasan: bad access detected [ 13.339587] [ 13.339673] Memory state around the buggy address: [ 13.340136] ffff8881031d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.340542] ffff8881031d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.341259] >ffff8881031d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.341680] ^ [ 13.342165] ffff8881031d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.342561] ffff8881031d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.343106] ================================================================== [ 13.396787] ================================================================== [ 13.397130] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.397396] Write of size 1 at addr ffff8881031d60eb by task kunit_try_catch/179 [ 13.397676] [ 13.398098] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.398145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.398157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.398177] Call Trace: [ 13.398190] <TASK> [ 13.398204] dump_stack_lvl+0x73/0xb0 [ 13.398232] print_report+0xd1/0x650 [ 13.398254] ? __virt_addr_valid+0x1db/0x2d0 [ 13.398275] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.398298] ? kasan_addr_to_slab+0x11/0xa0 [ 13.398318] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.398342] kasan_report+0x141/0x180 [ 13.398364] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.398394] __asan_report_store1_noabort+0x1b/0x30 [ 13.398418] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.398444] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.398467] ? irqentry_exit+0x2a/0x60 [ 13.398488] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.398517] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 13.398544] krealloc_large_less_oob+0x1c/0x30 [ 13.398566] kunit_try_run_case+0x1a5/0x480 [ 13.398590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.398611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.398634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.398657] ? __kthread_parkme+0x82/0x180 [ 13.398677] ? preempt_count_sub+0x50/0x80 [ 13.398798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.398827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.398850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.398873] kthread+0x337/0x6f0 [ 13.398893] ? trace_preempt_on+0x20/0xc0 [ 13.398916] ? __pfx_kthread+0x10/0x10 [ 13.398937] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.398957] ? calculate_sigpending+0x7b/0xa0 [ 13.398980] ? __pfx_kthread+0x10/0x10 [ 13.399002] ret_from_fork+0x116/0x1d0 [ 13.399020] ? __pfx_kthread+0x10/0x10 [ 13.399041] ret_from_fork_asm+0x1a/0x30 [ 13.399084] </TASK> [ 13.399096] [ 13.407221] The buggy address belongs to the physical page: [ 13.407442] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 13.407789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.408150] flags: 0x200000000000040(head|node=0|zone=2) [ 13.408407] page_type: f8(unknown) [ 13.408555] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.408951] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.409207] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.409567] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.410132] head: 0200000000000002 ffffea00040c7501 00000000ffffffff 00000000ffffffff [ 13.410466] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.410809] page dumped because: kasan: bad access detected [ 13.411030] [ 13.411139] Memory state around the buggy address: [ 13.411369] ffff8881031d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.411785] ffff8881031d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.412085] >ffff8881031d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.412398] ^ [ 13.412613] ffff8881031d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.413039] ffff8881031d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.413377] ================================================================== [ 13.173378] ================================================================== [ 13.174213] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.175066] Write of size 1 at addr ffff888100a302d0 by task kunit_try_catch/175 [ 13.176107] [ 13.176245] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.176295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.176307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.176328] Call Trace: [ 13.176347] <TASK> [ 13.176365] dump_stack_lvl+0x73/0xb0 [ 13.176397] print_report+0xd1/0x650 [ 13.176419] ? __virt_addr_valid+0x1db/0x2d0 [ 13.176441] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.176464] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.176490] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.176512] kasan_report+0x141/0x180 [ 13.176533] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.176561] __asan_report_store1_noabort+0x1b/0x30 [ 13.176584] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.176609] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.176631] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.176660] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.176688] krealloc_less_oob+0x1c/0x30 [ 13.176720] kunit_try_run_case+0x1a5/0x480 [ 13.176744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.176764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.176788] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.176809] ? __kthread_parkme+0x82/0x180 [ 13.176828] ? preempt_count_sub+0x50/0x80 [ 13.176853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.176875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.176896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.176917] kthread+0x337/0x6f0 [ 13.176936] ? trace_preempt_on+0x20/0xc0 [ 13.176958] ? __pfx_kthread+0x10/0x10 [ 13.176978] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.176998] ? calculate_sigpending+0x7b/0xa0 [ 13.177021] ? __pfx_kthread+0x10/0x10 [ 13.177042] ret_from_fork+0x116/0x1d0 [ 13.177070] ? __pfx_kthread+0x10/0x10 [ 13.177090] ret_from_fork_asm+0x1a/0x30 [ 13.177121] </TASK> [ 13.177132] [ 13.185461] Allocated by task 175: [ 13.185607] kasan_save_stack+0x45/0x70 [ 13.185764] kasan_save_track+0x18/0x40 [ 13.185962] kasan_save_alloc_info+0x3b/0x50 [ 13.186190] __kasan_krealloc+0x190/0x1f0 [ 13.186394] krealloc_noprof+0xf3/0x340 [ 13.186592] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.186829] krealloc_less_oob+0x1c/0x30 [ 13.187032] kunit_try_run_case+0x1a5/0x480 [ 13.187198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.187377] kthread+0x337/0x6f0 [ 13.187500] ret_from_fork+0x116/0x1d0 [ 13.187634] ret_from_fork_asm+0x1a/0x30 [ 13.187801] [ 13.187876] The buggy address belongs to the object at ffff888100a30200 [ 13.187876] which belongs to the cache kmalloc-256 of size 256 [ 13.188434] The buggy address is located 7 bytes to the right of [ 13.188434] allocated 201-byte region [ffff888100a30200, ffff888100a302c9) [ 13.189383] [ 13.189481] The buggy address belongs to the physical page: [ 13.189778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.190026] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.190657] flags: 0x200000000000040(head|node=0|zone=2) [ 13.190910] page_type: f5(slab) [ 13.191045] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.191404] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.191801] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.192096] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.192334] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.192571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.192859] page dumped because: kasan: bad access detected [ 13.193139] [ 13.193240] Memory state around the buggy address: [ 13.193443] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.193774] ffff888100a30200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.194152] >ffff888100a30280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.194418] ^ [ 13.194689] ffff888100a30300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.195003] ffff888100a30380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.195235] ================================================================== [ 13.361585] ================================================================== [ 13.362047] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.362399] Write of size 1 at addr ffff8881031d60da by task kunit_try_catch/179 [ 13.362661] [ 13.362866] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.362909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.362921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.362940] Call Trace: [ 13.362953] <TASK> [ 13.362967] dump_stack_lvl+0x73/0xb0 [ 13.362994] print_report+0xd1/0x650 [ 13.363016] ? __virt_addr_valid+0x1db/0x2d0 [ 13.363037] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.363072] ? kasan_addr_to_slab+0x11/0xa0 [ 13.363092] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.363115] kasan_report+0x141/0x180 [ 13.363136] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.363164] __asan_report_store1_noabort+0x1b/0x30 [ 13.363188] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.363213] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.363235] ? irqentry_exit+0x2a/0x60 [ 13.363256] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.363284] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 13.363310] krealloc_large_less_oob+0x1c/0x30 [ 13.363332] kunit_try_run_case+0x1a5/0x480 [ 13.363354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.363375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.363397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.363419] ? __kthread_parkme+0x82/0x180 [ 13.363438] ? preempt_count_sub+0x50/0x80 [ 13.363461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.363484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.363505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.363527] kthread+0x337/0x6f0 [ 13.363545] ? trace_preempt_on+0x20/0xc0 [ 13.363567] ? __pfx_kthread+0x10/0x10 [ 13.363587] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.363607] ? calculate_sigpending+0x7b/0xa0 [ 13.363630] ? __pfx_kthread+0x10/0x10 [ 13.363650] ret_from_fork+0x116/0x1d0 [ 13.363668] ? __pfx_kthread+0x10/0x10 [ 13.363687] ret_from_fork_asm+0x1a/0x30 [ 13.363796] </TASK> [ 13.363806] [ 13.371498] The buggy address belongs to the physical page: [ 13.371739] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 13.372045] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.372940] flags: 0x200000000000040(head|node=0|zone=2) [ 13.373225] page_type: f8(unknown) [ 13.373413] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.373869] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.374221] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.374548] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.374935] head: 0200000000000002 ffffea00040c7501 00000000ffffffff 00000000ffffffff [ 13.375232] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.375471] page dumped because: kasan: bad access detected [ 13.375805] [ 13.375909] Memory state around the buggy address: [ 13.376161] ffff8881031d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376494] ffff8881031d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376905] >ffff8881031d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.377265] ^ [ 13.377566] ffff8881031d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.377964] ffff8881031d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.378298] ================================================================== [ 13.195817] ================================================================== [ 13.196141] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.196392] Write of size 1 at addr ffff888100a302da by task kunit_try_catch/175 [ 13.196729] [ 13.196838] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.196878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.196889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.196907] Call Trace: [ 13.196922] <TASK> [ 13.196938] dump_stack_lvl+0x73/0xb0 [ 13.196964] print_report+0xd1/0x650 [ 13.196985] ? __virt_addr_valid+0x1db/0x2d0 [ 13.197007] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.197029] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.197090] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.197114] kasan_report+0x141/0x180 [ 13.197135] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.197162] __asan_report_store1_noabort+0x1b/0x30 [ 13.197185] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.197210] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.197231] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.197260] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.197285] krealloc_less_oob+0x1c/0x30 [ 13.197305] kunit_try_run_case+0x1a5/0x480 [ 13.197328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.197348] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.197371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.197392] ? __kthread_parkme+0x82/0x180 [ 13.197411] ? preempt_count_sub+0x50/0x80 [ 13.197434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.197456] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.197477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.197500] kthread+0x337/0x6f0 [ 13.197518] ? trace_preempt_on+0x20/0xc0 [ 13.197544] ? __pfx_kthread+0x10/0x10 [ 13.197580] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.197600] ? calculate_sigpending+0x7b/0xa0 [ 13.197623] ? __pfx_kthread+0x10/0x10 [ 13.197643] ret_from_fork+0x116/0x1d0 [ 13.197661] ? __pfx_kthread+0x10/0x10 [ 13.197680] ret_from_fork_asm+0x1a/0x30 [ 13.197744] </TASK> [ 13.197754] [ 13.205031] Allocated by task 175: [ 13.205201] kasan_save_stack+0x45/0x70 [ 13.205407] kasan_save_track+0x18/0x40 [ 13.205598] kasan_save_alloc_info+0x3b/0x50 [ 13.205780] __kasan_krealloc+0x190/0x1f0 [ 13.206087] krealloc_noprof+0xf3/0x340 [ 13.206324] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.206530] krealloc_less_oob+0x1c/0x30 [ 13.206701] kunit_try_run_case+0x1a5/0x480 [ 13.206908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.207141] kthread+0x337/0x6f0 [ 13.207312] ret_from_fork+0x116/0x1d0 [ 13.207477] ret_from_fork_asm+0x1a/0x30 [ 13.207658] [ 13.207748] The buggy address belongs to the object at ffff888100a30200 [ 13.207748] which belongs to the cache kmalloc-256 of size 256 [ 13.208332] The buggy address is located 17 bytes to the right of [ 13.208332] allocated 201-byte region [ffff888100a30200, ffff888100a302c9) [ 13.208901] [ 13.208979] The buggy address belongs to the physical page: [ 13.209270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.209621] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.209954] flags: 0x200000000000040(head|node=0|zone=2) [ 13.210227] page_type: f5(slab) [ 13.210391] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.210755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.211156] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.211491] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.211745] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.211980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.212533] page dumped because: kasan: bad access detected [ 13.212808] [ 13.212937] Memory state around the buggy address: [ 13.213126] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.213399] ffff888100a30200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.213620] >ffff888100a30280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.213860] ^ [ 13.214157] ffff888100a30300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.214474] ffff888100a30380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.214915] ================================================================== [ 13.343564] ================================================================== [ 13.344108] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.345046] Write of size 1 at addr ffff8881031d60d0 by task kunit_try_catch/179 [ 13.345679] [ 13.345903] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.345952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.345965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.345985] Call Trace: [ 13.346002] <TASK> [ 13.346019] dump_stack_lvl+0x73/0xb0 [ 13.346062] print_report+0xd1/0x650 [ 13.346086] ? __virt_addr_valid+0x1db/0x2d0 [ 13.346109] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.346132] ? kasan_addr_to_slab+0x11/0xa0 [ 13.346152] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.346176] kasan_report+0x141/0x180 [ 13.346198] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.346227] __asan_report_store1_noabort+0x1b/0x30 [ 13.346252] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.346277] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.346300] ? irqentry_exit+0x2a/0x60 [ 13.346321] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.346350] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 13.346378] krealloc_large_less_oob+0x1c/0x30 [ 13.346400] kunit_try_run_case+0x1a5/0x480 [ 13.346424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.346445] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.346469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.346492] ? __kthread_parkme+0x82/0x180 [ 13.346511] ? preempt_count_sub+0x50/0x80 [ 13.346536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.346559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.346581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.346603] kthread+0x337/0x6f0 [ 13.346623] ? trace_preempt_on+0x20/0xc0 [ 13.346646] ? __pfx_kthread+0x10/0x10 [ 13.346666] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.346687] ? calculate_sigpending+0x7b/0xa0 [ 13.346800] ? __pfx_kthread+0x10/0x10 [ 13.346823] ret_from_fork+0x116/0x1d0 [ 13.346842] ? __pfx_kthread+0x10/0x10 [ 13.346863] ret_from_fork_asm+0x1a/0x30 [ 13.346897] </TASK> [ 13.346907] [ 13.354992] The buggy address belongs to the physical page: [ 13.355281] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 13.355612] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.355973] flags: 0x200000000000040(head|node=0|zone=2) [ 13.356220] page_type: f8(unknown) [ 13.356353] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.356880] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.357184] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.357547] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.357963] head: 0200000000000002 ffffea00040c7501 00000000ffffffff 00000000ffffffff [ 13.358250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.358603] page dumped because: kasan: bad access detected [ 13.358883] [ 13.358960] Memory state around the buggy address: [ 13.359211] ffff8881031d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.359545] ffff8881031d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.359932] >ffff8881031d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.360244] ^ [ 13.360484] ffff8881031d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.360929] ffff8881031d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.361250] ================================================================== [ 13.130406] ================================================================== [ 13.131999] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.133670] Write of size 1 at addr ffff888100a302c9 by task kunit_try_catch/175 [ 13.135159] [ 13.135280] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.135327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.135339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.135359] Call Trace: [ 13.135371] <TASK> [ 13.135386] dump_stack_lvl+0x73/0xb0 [ 13.135415] print_report+0xd1/0x650 [ 13.135436] ? __virt_addr_valid+0x1db/0x2d0 [ 13.135458] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135482] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.135507] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135531] kasan_report+0x141/0x180 [ 13.135552] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135581] __asan_report_store1_noabort+0x1b/0x30 [ 13.135605] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135631] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.135653] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.135683] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.135709] krealloc_less_oob+0x1c/0x30 [ 13.135730] kunit_try_run_case+0x1a5/0x480 [ 13.135754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.135799] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.135821] ? __kthread_parkme+0x82/0x180 [ 13.135840] ? preempt_count_sub+0x50/0x80 [ 13.135865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.135909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.135931] kthread+0x337/0x6f0 [ 13.135951] ? trace_preempt_on+0x20/0xc0 [ 13.135975] ? __pfx_kthread+0x10/0x10 [ 13.135995] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.136015] ? calculate_sigpending+0x7b/0xa0 [ 13.136415] ? __pfx_kthread+0x10/0x10 [ 13.136450] ret_from_fork+0x116/0x1d0 [ 13.136471] ? __pfx_kthread+0x10/0x10 [ 13.136492] ret_from_fork_asm+0x1a/0x30 [ 13.136523] </TASK> [ 13.136535] [ 13.153491] Allocated by task 175: [ 13.153641] kasan_save_stack+0x45/0x70 [ 13.154475] kasan_save_track+0x18/0x40 [ 13.155008] kasan_save_alloc_info+0x3b/0x50 [ 13.155519] __kasan_krealloc+0x190/0x1f0 [ 13.156020] krealloc_noprof+0xf3/0x340 [ 13.156644] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.157303] krealloc_less_oob+0x1c/0x30 [ 13.157846] kunit_try_run_case+0x1a5/0x480 [ 13.158013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.158210] kthread+0x337/0x6f0 [ 13.158334] ret_from_fork+0x116/0x1d0 [ 13.158469] ret_from_fork_asm+0x1a/0x30 [ 13.158609] [ 13.158685] The buggy address belongs to the object at ffff888100a30200 [ 13.158685] which belongs to the cache kmalloc-256 of size 256 [ 13.160458] The buggy address is located 0 bytes to the right of [ 13.160458] allocated 201-byte region [ffff888100a30200, ffff888100a302c9) [ 13.161698] [ 13.161890] The buggy address belongs to the physical page: [ 13.162436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.163260] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.163557] flags: 0x200000000000040(head|node=0|zone=2) [ 13.164267] page_type: f5(slab) [ 13.164406] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.164639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.164870] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.165115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.165350] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.166564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.167605] page dumped because: kasan: bad access detected [ 13.168407] [ 13.168580] Memory state around the buggy address: [ 13.169009] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.169961] ffff888100a30200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.170584] >ffff888100a30280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.171084] ^ [ 13.171265] ffff888100a30300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.172248] ffff888100a30380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.172483] ================================================================== [ 13.378657] ================================================================== [ 13.379040] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.379396] Write of size 1 at addr ffff8881031d60ea by task kunit_try_catch/179 [ 13.379657] [ 13.379881] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.379926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.379938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.379958] Call Trace: [ 13.379972] <TASK> [ 13.379986] dump_stack_lvl+0x73/0xb0 [ 13.380013] print_report+0xd1/0x650 [ 13.380036] ? __virt_addr_valid+0x1db/0x2d0 [ 13.380072] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.380096] ? kasan_addr_to_slab+0x11/0xa0 [ 13.380116] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.380140] kasan_report+0x141/0x180 [ 13.380162] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.380192] __asan_report_store1_noabort+0x1b/0x30 [ 13.380216] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.380242] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.380265] ? irqentry_exit+0x2a/0x60 [ 13.380286] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.380315] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 13.380342] krealloc_large_less_oob+0x1c/0x30 [ 13.380365] kunit_try_run_case+0x1a5/0x480 [ 13.380389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.380410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.380433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.380456] ? __kthread_parkme+0x82/0x180 [ 13.380475] ? preempt_count_sub+0x50/0x80 [ 13.380500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.380523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.380545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.380568] kthread+0x337/0x6f0 [ 13.380588] ? trace_preempt_on+0x20/0xc0 [ 13.380612] ? __pfx_kthread+0x10/0x10 [ 13.380633] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.380653] ? calculate_sigpending+0x7b/0xa0 [ 13.380677] ? __pfx_kthread+0x10/0x10 [ 13.380861] ret_from_fork+0x116/0x1d0 [ 13.380889] ? __pfx_kthread+0x10/0x10 [ 13.380910] ret_from_fork_asm+0x1a/0x30 [ 13.380942] </TASK> [ 13.380952] [ 13.389283] The buggy address belongs to the physical page: [ 13.389568] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 13.389979] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.390371] flags: 0x200000000000040(head|node=0|zone=2) [ 13.390638] page_type: f8(unknown) [ 13.390879] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.391230] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.391566] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.392020] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.392365] head: 0200000000000002 ffffea00040c7501 00000000ffffffff 00000000ffffffff [ 13.392680] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.393269] page dumped because: kasan: bad access detected [ 13.393499] [ 13.393580] Memory state around the buggy address: [ 13.393830] ffff8881031d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.394182] ffff8881031d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.394521] >ffff8881031d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.394861] ^ [ 13.395109] ffff8881031d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.395448] ffff8881031d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.395890] ==================================================================
[ 21.282185] ================================================================== [ 21.293768] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.301428] Write of size 1 at addr ffff888104eb20c9 by task kunit_try_catch/203 [ 21.308822] [ 21.310343] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 21.310353] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 21.310356] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.310359] Call Trace: [ 21.310373] <TASK> [ 21.310375] dump_stack_lvl+0x73/0xb0 [ 21.310380] print_report+0xd1/0x650 [ 21.310397] ? __virt_addr_valid+0x1db/0x2d0 [ 21.310401] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.310405] ? kasan_addr_to_slab+0x11/0xa0 [ 21.310409] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.310413] kasan_report+0x141/0x180 [ 21.310417] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.310422] __asan_report_store1_noabort+0x1b/0x30 [ 21.310427] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.310432] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.310437] ? finish_task_switch.isra.0+0x153/0x700 [ 21.310441] ? __switch_to+0x544/0xf50 [ 21.310445] ? __schedule+0x10cc/0x2b60 [ 21.310450] krealloc_large_less_oob+0x1c/0x30 [ 21.310454] kunit_try_run_case+0x1a2/0x480 [ 21.310459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.310463] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.310467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.310471] ? __kthread_parkme+0x82/0x180 [ 21.310475] ? preempt_count_sub+0x50/0x80 [ 21.310479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.310483] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.310487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.310491] kthread+0x334/0x6f0 [ 21.310495] ? trace_preempt_on+0x20/0xc0 [ 21.310499] ? __pfx_kthread+0x10/0x10 [ 21.310503] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.310506] ? calculate_sigpending+0x7b/0xa0 [ 21.310511] ? __pfx_kthread+0x10/0x10 [ 21.310514] ret_from_fork+0x113/0x1d0 [ 21.310518] ? __pfx_kthread+0x10/0x10 [ 21.310521] ret_from_fork_asm+0x1a/0x30 [ 21.310527] </TASK> [ 21.310529] [ 21.486859] The buggy address belongs to the physical page: [ 21.492434] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104eb0 [ 21.500439] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.508094] flags: 0x200000000000040(head|node=0|zone=2) [ 21.513423] page_type: f8(unknown) [ 21.516830] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.524569] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.532309] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.540168] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.547996] head: 0200000000000002 ffffea000413ac01 00000000ffffffff 00000000ffffffff [ 21.555829] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.563655] page dumped because: kasan: bad access detected [ 21.569229] [ 21.570725] Memory state around the buggy address: [ 21.575520] ffff888104eb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.582738] ffff888104eb2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.589957] >ffff888104eb2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.597177] ^ [ 21.602751] ffff888104eb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.609969] ffff888104eb2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.617188] ================================================================== [ 22.301071] ================================================================== [ 22.308317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.316006] Write of size 1 at addr ffff888104eb20ea by task kunit_try_catch/203 [ 22.323430] [ 22.324923] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 22.324931] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 22.324933] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.324936] Call Trace: [ 22.324938] <TASK> [ 22.324940] dump_stack_lvl+0x73/0xb0 [ 22.324944] print_report+0xd1/0x650 [ 22.324948] ? __virt_addr_valid+0x1db/0x2d0 [ 22.324951] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.324956] ? kasan_addr_to_slab+0x11/0xa0 [ 22.324959] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.324964] kasan_report+0x141/0x180 [ 22.324968] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.324973] __asan_report_store1_noabort+0x1b/0x30 [ 22.324978] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.324982] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.324987] ? finish_task_switch.isra.0+0x153/0x700 [ 22.324991] ? __switch_to+0x544/0xf50 [ 22.324996] ? __schedule+0x10cc/0x2b60 [ 22.325000] krealloc_large_less_oob+0x1c/0x30 [ 22.325004] kunit_try_run_case+0x1a2/0x480 [ 22.325009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.325013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.325017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.325021] ? __kthread_parkme+0x82/0x180 [ 22.325024] ? preempt_count_sub+0x50/0x80 [ 22.325028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.325033] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.325037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.325041] kthread+0x334/0x6f0 [ 22.325044] ? trace_preempt_on+0x20/0xc0 [ 22.325048] ? __pfx_kthread+0x10/0x10 [ 22.325052] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.325056] ? calculate_sigpending+0x7b/0xa0 [ 22.325060] ? __pfx_kthread+0x10/0x10 [ 22.325064] ret_from_fork+0x113/0x1d0 [ 22.325067] ? __pfx_kthread+0x10/0x10 [ 22.325071] ret_from_fork_asm+0x1a/0x30 [ 22.325076] </TASK> [ 22.325078] [ 22.501418] The buggy address belongs to the physical page: [ 22.506991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104eb0 [ 22.514991] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.522643] flags: 0x200000000000040(head|node=0|zone=2) [ 22.527954] page_type: f8(unknown) [ 22.531363] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.539128] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.546869] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.554701] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.562527] head: 0200000000000002 ffffea000413ac01 00000000ffffffff 00000000ffffffff [ 22.570361] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.578240] page dumped because: kasan: bad access detected [ 22.583813] [ 22.585311] Memory state around the buggy address: [ 22.590138] ffff888104eb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.597375] ffff888104eb2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.604629] >ffff888104eb2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.611847] ^ [ 22.618461] ffff888104eb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.625682] ffff888104eb2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.632909] ================================================================== [ 18.905164] ================================================================== [ 18.912403] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 18.920057] Write of size 1 at addr ffff88810561ced0 by task kunit_try_catch/199 [ 18.927457] [ 18.928959] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.928967] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 18.928970] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.928973] Call Trace: [ 18.928974] <TASK> [ 18.928976] dump_stack_lvl+0x73/0xb0 [ 18.928980] print_report+0xd1/0x650 [ 18.928984] ? __virt_addr_valid+0x1db/0x2d0 [ 18.928988] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.928992] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.928997] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.929002] kasan_report+0x141/0x180 [ 18.929006] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 18.929011] __asan_report_store1_noabort+0x1b/0x30 [ 18.929016] krealloc_less_oob_helper+0xe23/0x11d0 [ 18.929020] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 18.929025] ? finish_task_switch.isra.0+0x153/0x700 [ 18.929029] ? __switch_to+0x544/0xf50 [ 18.929033] ? __schedule+0x10cc/0x2b60 [ 18.929038] krealloc_less_oob+0x1c/0x30 [ 18.929042] kunit_try_run_case+0x1a2/0x480 [ 18.929046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.929050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.929054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.929059] ? __kthread_parkme+0x82/0x180 [ 18.929062] ? preempt_count_sub+0x50/0x80 [ 18.929066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.929070] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.929075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.929079] kthread+0x334/0x6f0 [ 18.929082] ? trace_preempt_on+0x20/0xc0 [ 18.929086] ? __pfx_kthread+0x10/0x10 [ 18.929090] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.929093] ? calculate_sigpending+0x7b/0xa0 [ 18.929098] ? __pfx_kthread+0x10/0x10 [ 18.929102] ret_from_fork+0x113/0x1d0 [ 18.929105] ? __pfx_kthread+0x10/0x10 [ 18.929109] ret_from_fork_asm+0x1a/0x30 [ 18.929114] </TASK> [ 18.929116] [ 19.106093] Allocated by task 199: [ 19.109500] kasan_save_stack+0x45/0x70 [ 19.113361] kasan_save_track+0x18/0x40 [ 19.117223] kasan_save_alloc_info+0x3b/0x50 [ 19.121504] __kasan_krealloc+0x190/0x1f0 [ 19.125524] krealloc_noprof+0xf3/0x340 [ 19.129367] krealloc_less_oob_helper+0x1aa/0x11d0 [ 19.134182] krealloc_less_oob+0x1c/0x30 [ 19.138107] kunit_try_run_case+0x1a2/0x480 [ 19.142293] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.147695] kthread+0x334/0x6f0 [ 19.150925] ret_from_fork+0x113/0x1d0 [ 19.154678] ret_from_fork_asm+0x1a/0x30 [ 19.158605] [ 19.160105] The buggy address belongs to the object at ffff88810561ce00 [ 19.160105] which belongs to the cache kmalloc-256 of size 256 [ 19.172620] The buggy address is located 7 bytes to the right of [ 19.172620] allocated 201-byte region [ffff88810561ce00, ffff88810561cec9) [ 19.185566] [ 19.187067] The buggy address belongs to the physical page: [ 19.192638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 19.200638] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.208291] flags: 0x200000000000040(head|node=0|zone=2) [ 19.213604] page_type: f5(slab) [ 19.216750] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.224499] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.232246] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.240073] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.247907] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 19.255741] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.263566] page dumped because: kasan: bad access detected [ 19.269138] [ 19.270630] Memory state around the buggy address: [ 19.275423] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.282641] ffff88810561ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.289862] >ffff88810561ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.297079] ^ [ 19.302912] ffff88810561cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.310132] ffff88810561cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.317362] ================================================================== [ 19.324613] ================================================================== [ 19.331861] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 19.339520] Write of size 1 at addr ffff88810561ceda by task kunit_try_catch/199 [ 19.346913] [ 19.348413] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 19.348421] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 19.348423] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.348426] Call Trace: [ 19.348428] <TASK> [ 19.348429] dump_stack_lvl+0x73/0xb0 [ 19.348434] print_report+0xd1/0x650 [ 19.348438] ? __virt_addr_valid+0x1db/0x2d0 [ 19.348441] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.348446] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.348451] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.348455] kasan_report+0x141/0x180 [ 19.348459] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 19.348465] __asan_report_store1_noabort+0x1b/0x30 [ 19.348469] krealloc_less_oob_helper+0xec6/0x11d0 [ 19.348474] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.348479] ? finish_task_switch.isra.0+0x153/0x700 [ 19.348482] ? __switch_to+0x544/0xf50 [ 19.348487] ? __schedule+0x10cc/0x2b60 [ 19.348492] krealloc_less_oob+0x1c/0x30 [ 19.348496] kunit_try_run_case+0x1a2/0x480 [ 19.348500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.348504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.348508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.348512] ? __kthread_parkme+0x82/0x180 [ 19.348516] ? preempt_count_sub+0x50/0x80 [ 19.348520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.348524] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.348528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.348532] kthread+0x334/0x6f0 [ 19.348536] ? trace_preempt_on+0x20/0xc0 [ 19.348540] ? __pfx_kthread+0x10/0x10 [ 19.348543] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.348547] ? calculate_sigpending+0x7b/0xa0 [ 19.348551] ? __pfx_kthread+0x10/0x10 [ 19.348555] ret_from_fork+0x113/0x1d0 [ 19.348558] ? __pfx_kthread+0x10/0x10 [ 19.348562] ret_from_fork_asm+0x1a/0x30 [ 19.348567] </TASK> [ 19.348569] [ 19.525560] Allocated by task 199: [ 19.528965] kasan_save_stack+0x45/0x70 [ 19.532805] kasan_save_track+0x18/0x40 [ 19.536644] kasan_save_alloc_info+0x3b/0x50 [ 19.540926] __kasan_krealloc+0x190/0x1f0 [ 19.544938] krealloc_noprof+0xf3/0x340 [ 19.548776] krealloc_less_oob_helper+0x1aa/0x11d0 [ 19.553570] krealloc_less_oob+0x1c/0x30 [ 19.557504] kunit_try_run_case+0x1a2/0x480 [ 19.561691] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.567099] kthread+0x334/0x6f0 [ 19.570348] ret_from_fork+0x113/0x1d0 [ 19.574109] ret_from_fork_asm+0x1a/0x30 [ 19.578036] [ 19.579534] The buggy address belongs to the object at ffff88810561ce00 [ 19.579534] which belongs to the cache kmalloc-256 of size 256 [ 19.592050] The buggy address is located 17 bytes to the right of [ 19.592050] allocated 201-byte region [ffff88810561ce00, ffff88810561cec9) [ 19.605093] [ 19.606591] The buggy address belongs to the physical page: [ 19.612164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 19.620163] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.627816] flags: 0x200000000000040(head|node=0|zone=2) [ 19.633128] page_type: f5(slab) [ 19.636276] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.644023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.651764] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 19.659588] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.667420] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 19.675248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.683075] page dumped because: kasan: bad access detected [ 19.688647] [ 19.690147] Memory state around the buggy address: [ 19.694938] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.702159] ffff88810561ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.709389] >ffff88810561ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.716614] ^ [ 19.722709] ffff88810561cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.729935] ffff88810561cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.737154] ================================================================== [ 21.962657] ================================================================== [ 21.969902] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.977554] Write of size 1 at addr ffff888104eb20da by task kunit_try_catch/203 [ 21.984947] [ 21.986448] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 21.986456] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 21.986458] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.986461] Call Trace: [ 21.986463] <TASK> [ 21.986465] dump_stack_lvl+0x73/0xb0 [ 21.986469] print_report+0xd1/0x650 [ 21.986473] ? __virt_addr_valid+0x1db/0x2d0 [ 21.986477] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.986481] ? kasan_addr_to_slab+0x11/0xa0 [ 21.986485] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.986489] kasan_report+0x141/0x180 [ 21.986493] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.986498] __asan_report_store1_noabort+0x1b/0x30 [ 21.986503] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.986508] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.986512] ? finish_task_switch.isra.0+0x153/0x700 [ 21.986516] ? __switch_to+0x544/0xf50 [ 21.986521] ? __schedule+0x10cc/0x2b60 [ 21.986525] krealloc_large_less_oob+0x1c/0x30 [ 21.986529] kunit_try_run_case+0x1a2/0x480 [ 21.986534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.986538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.986542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.986546] ? __kthread_parkme+0x82/0x180 [ 21.986550] ? preempt_count_sub+0x50/0x80 [ 21.986554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.986558] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.986562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.986566] kthread+0x334/0x6f0 [ 21.986570] ? trace_preempt_on+0x20/0xc0 [ 21.986574] ? __pfx_kthread+0x10/0x10 [ 21.986577] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.986581] ? calculate_sigpending+0x7b/0xa0 [ 21.986585] ? __pfx_kthread+0x10/0x10 [ 21.986589] ret_from_fork+0x113/0x1d0 [ 21.986592] ? __pfx_kthread+0x10/0x10 [ 21.986596] ret_from_fork_asm+0x1a/0x30 [ 21.986602] </TASK> [ 21.986603] [ 22.162979] The buggy address belongs to the physical page: [ 22.168552] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104eb0 [ 22.176559] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.184210] flags: 0x200000000000040(head|node=0|zone=2) [ 22.189523] page_type: f8(unknown) [ 22.192930] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.200669] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.208416] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.216244] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.224078] head: 0200000000000002 ffffea000413ac01 00000000ffffffff 00000000ffffffff [ 22.231906] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.239737] page dumped because: kasan: bad access detected [ 22.245309] [ 22.246809] Memory state around the buggy address: [ 22.251604] ffff888104eb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.258823] ffff888104eb2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.266041] >ffff888104eb2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.273260] ^ [ 22.279359] ffff888104eb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.286626] ffff888104eb2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.293844] ================================================================== [ 19.744392] ================================================================== [ 19.751636] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 19.759290] Write of size 1 at addr ffff88810561ceea by task kunit_try_catch/199 [ 19.766691] [ 19.768191] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 19.768199] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 19.768201] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.768204] Call Trace: [ 19.768206] <TASK> [ 19.768207] dump_stack_lvl+0x73/0xb0 [ 19.768212] print_report+0xd1/0x650 [ 19.768215] ? __virt_addr_valid+0x1db/0x2d0 [ 19.768219] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.768224] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.768229] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.768233] kasan_report+0x141/0x180 [ 19.768237] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 19.768242] __asan_report_store1_noabort+0x1b/0x30 [ 19.768247] krealloc_less_oob_helper+0xe90/0x11d0 [ 19.768252] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.768256] ? finish_task_switch.isra.0+0x153/0x700 [ 19.768260] ? __switch_to+0x544/0xf50 [ 19.768265] ? __schedule+0x10cc/0x2b60 [ 19.768269] krealloc_less_oob+0x1c/0x30 [ 19.768273] kunit_try_run_case+0x1a2/0x480 [ 19.768277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.768282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.768286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.768290] ? __kthread_parkme+0x82/0x180 [ 19.768293] ? preempt_count_sub+0x50/0x80 [ 19.768297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.768302] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.768306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.768310] kthread+0x334/0x6f0 [ 19.768313] ? trace_preempt_on+0x20/0xc0 [ 19.768317] ? __pfx_kthread+0x10/0x10 [ 19.768321] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.768324] ? calculate_sigpending+0x7b/0xa0 [ 19.768346] ? __pfx_kthread+0x10/0x10 [ 19.768350] ret_from_fork+0x113/0x1d0 [ 19.768353] ? __pfx_kthread+0x10/0x10 [ 19.768357] ret_from_fork_asm+0x1a/0x30 [ 19.768363] </TASK> [ 19.768364] [ 19.945275] Allocated by task 199: [ 19.948682] kasan_save_stack+0x45/0x70 [ 19.952521] kasan_save_track+0x18/0x40 [ 19.956359] kasan_save_alloc_info+0x3b/0x50 [ 19.960657] __kasan_krealloc+0x190/0x1f0 [ 19.964669] krealloc_noprof+0xf3/0x340 [ 19.968510] krealloc_less_oob_helper+0x1aa/0x11d0 [ 19.973303] krealloc_less_oob+0x1c/0x30 [ 19.977229] kunit_try_run_case+0x1a2/0x480 [ 19.981415] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.986814] kthread+0x334/0x6f0 [ 19.990046] ret_from_fork+0x113/0x1d0 [ 19.993798] ret_from_fork_asm+0x1a/0x30 [ 19.997726] [ 19.999224] The buggy address belongs to the object at ffff88810561ce00 [ 19.999224] which belongs to the cache kmalloc-256 of size 256 [ 20.011730] The buggy address is located 33 bytes to the right of [ 20.011730] allocated 201-byte region [ffff88810561ce00, ffff88810561cec9) [ 20.024764] [ 20.026264] The buggy address belongs to the physical page: [ 20.031839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 20.039845] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.047496] flags: 0x200000000000040(head|node=0|zone=2) [ 20.052811] page_type: f5(slab) [ 20.055958] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.063706] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.071454] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.079287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.087114] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 20.094939] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.102765] page dumped because: kasan: bad access detected [ 20.108363] [ 20.109862] Memory state around the buggy address: [ 20.114655] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.121874] ffff88810561ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.129095] >ffff88810561ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 20.136312] ^ [ 20.142927] ffff88810561cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.150144] ffff88810561cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.157366] ================================================================== [ 21.624478] ================================================================== [ 21.631723] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.639399] Write of size 1 at addr ffff888104eb20d0 by task kunit_try_catch/203 [ 21.646793] [ 21.648295] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 21.648303] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 21.648306] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 21.648309] Call Trace: [ 21.648311] <TASK> [ 21.648313] dump_stack_lvl+0x73/0xb0 [ 21.648317] print_report+0xd1/0x650 [ 21.648321] ? __virt_addr_valid+0x1db/0x2d0 [ 21.648344] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.648349] ? kasan_addr_to_slab+0x11/0xa0 [ 21.648353] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.648357] kasan_report+0x141/0x180 [ 21.648374] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.648379] __asan_report_store1_noabort+0x1b/0x30 [ 21.648396] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.648401] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.648406] ? finish_task_switch.isra.0+0x153/0x700 [ 21.648410] ? __switch_to+0x544/0xf50 [ 21.648414] ? __schedule+0x10cc/0x2b60 [ 21.648419] krealloc_large_less_oob+0x1c/0x30 [ 21.648423] kunit_try_run_case+0x1a2/0x480 [ 21.648428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.648432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.648436] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.648440] ? __kthread_parkme+0x82/0x180 [ 21.648444] ? preempt_count_sub+0x50/0x80 [ 21.648448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.648452] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 21.648456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.648460] kthread+0x334/0x6f0 [ 21.648464] ? trace_preempt_on+0x20/0xc0 [ 21.648468] ? __pfx_kthread+0x10/0x10 [ 21.648471] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.648475] ? calculate_sigpending+0x7b/0xa0 [ 21.648479] ? __pfx_kthread+0x10/0x10 [ 21.648483] ret_from_fork+0x113/0x1d0 [ 21.648486] ? __pfx_kthread+0x10/0x10 [ 21.648490] ret_from_fork_asm+0x1a/0x30 [ 21.648496] </TASK> [ 21.648497] [ 21.824849] The buggy address belongs to the physical page: [ 21.830428] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104eb0 [ 21.838430] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.846084] flags: 0x200000000000040(head|node=0|zone=2) [ 21.851417] page_type: f8(unknown) [ 21.854820] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.862559] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.870299] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.878133] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.885960] head: 0200000000000002 ffffea000413ac01 00000000ffffffff 00000000ffffffff [ 21.893793] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.901620] page dumped because: kasan: bad access detected [ 21.907191] [ 21.908689] Memory state around the buggy address: [ 21.913485] ffff888104eb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.920704] ffff888104eb2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.927922] >ffff888104eb2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.935140] ^ [ 21.940975] ffff888104eb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.948194] ffff888104eb2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.955429] ================================================================== [ 18.482195] ================================================================== [ 18.493250] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 18.500903] Write of size 1 at addr ffff88810561cec9 by task kunit_try_catch/199 [ 18.508295] [ 18.509798] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.509806] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 18.509809] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.509812] Call Trace: [ 18.509813] <TASK> [ 18.509815] dump_stack_lvl+0x73/0xb0 [ 18.509819] print_report+0xd1/0x650 [ 18.509823] ? __virt_addr_valid+0x1db/0x2d0 [ 18.509827] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.509832] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.509837] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.509841] kasan_report+0x141/0x180 [ 18.509845] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 18.509850] __asan_report_store1_noabort+0x1b/0x30 [ 18.509855] krealloc_less_oob_helper+0xd70/0x11d0 [ 18.509860] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 18.509864] ? finish_task_switch.isra.0+0x153/0x700 [ 18.509868] ? __switch_to+0x544/0xf50 [ 18.509873] ? __schedule+0x10cc/0x2b60 [ 18.509877] krealloc_less_oob+0x1c/0x30 [ 18.509881] kunit_try_run_case+0x1a2/0x480 [ 18.509886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.509890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.509894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.509898] ? __kthread_parkme+0x82/0x180 [ 18.509902] ? preempt_count_sub+0x50/0x80 [ 18.509906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.509910] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.509914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.509918] kthread+0x334/0x6f0 [ 18.509922] ? trace_preempt_on+0x20/0xc0 [ 18.509926] ? __pfx_kthread+0x10/0x10 [ 18.509929] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.509933] ? calculate_sigpending+0x7b/0xa0 [ 18.509938] ? __pfx_kthread+0x10/0x10 [ 18.509941] ret_from_fork+0x113/0x1d0 [ 18.509945] ? __pfx_kthread+0x10/0x10 [ 18.509948] ret_from_fork_asm+0x1a/0x30 [ 18.509954] </TASK> [ 18.509955] [ 18.686899] Allocated by task 199: [ 18.690305] kasan_save_stack+0x45/0x70 [ 18.694142] kasan_save_track+0x18/0x40 [ 18.697983] kasan_save_alloc_info+0x3b/0x50 [ 18.702254] __kasan_krealloc+0x190/0x1f0 [ 18.706268] krealloc_noprof+0xf3/0x340 [ 18.710108] krealloc_less_oob_helper+0x1aa/0x11d0 [ 18.714909] krealloc_less_oob+0x1c/0x30 [ 18.718836] kunit_try_run_case+0x1a2/0x480 [ 18.723029] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.728428] kthread+0x334/0x6f0 [ 18.731661] ret_from_fork+0x113/0x1d0 [ 18.735414] ret_from_fork_asm+0x1a/0x30 [ 18.739364] [ 18.740866] The buggy address belongs to the object at ffff88810561ce00 [ 18.740866] which belongs to the cache kmalloc-256 of size 256 [ 18.753403] The buggy address is located 0 bytes to the right of [ 18.753403] allocated 201-byte region [ffff88810561ce00, ffff88810561cec9) [ 18.766364] [ 18.767863] The buggy address belongs to the physical page: [ 18.773435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 18.781441] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.789095] flags: 0x200000000000040(head|node=0|zone=2) [ 18.794409] page_type: f5(slab) [ 18.797556] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.805302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.813040] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.820866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.828693] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 18.836520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.844364] page dumped because: kasan: bad access detected [ 18.849960] [ 18.851460] Memory state around the buggy address: [ 18.856253] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.863471] ffff88810561ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.870690] >ffff88810561ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 18.877911] ^ [ 18.883482] ffff88810561cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.890701] ffff88810561cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.897923] ================================================================== [ 20.164615] ================================================================== [ 20.171854] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 20.179509] Write of size 1 at addr ffff88810561ceeb by task kunit_try_catch/199 [ 20.186909] [ 20.188411] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 20.188418] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 20.188421] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.188424] Call Trace: [ 20.188426] <TASK> [ 20.188427] dump_stack_lvl+0x73/0xb0 [ 20.188431] print_report+0xd1/0x650 [ 20.188435] ? __virt_addr_valid+0x1db/0x2d0 [ 20.188439] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 20.188443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.188448] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 20.188453] kasan_report+0x141/0x180 [ 20.188457] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 20.188462] __asan_report_store1_noabort+0x1b/0x30 [ 20.188467] krealloc_less_oob_helper+0xd47/0x11d0 [ 20.188472] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.188476] ? finish_task_switch.isra.0+0x153/0x700 [ 20.188480] ? __switch_to+0x544/0xf50 [ 20.188484] ? __schedule+0x10cc/0x2b60 [ 20.188489] krealloc_less_oob+0x1c/0x30 [ 20.188493] kunit_try_run_case+0x1a2/0x480 [ 20.188497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.188501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.188505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.188509] ? __kthread_parkme+0x82/0x180 [ 20.188513] ? preempt_count_sub+0x50/0x80 [ 20.188517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.188521] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.188525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.188529] kthread+0x334/0x6f0 [ 20.188533] ? trace_preempt_on+0x20/0xc0 [ 20.188537] ? __pfx_kthread+0x10/0x10 [ 20.188540] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.188544] ? calculate_sigpending+0x7b/0xa0 [ 20.188548] ? __pfx_kthread+0x10/0x10 [ 20.188552] ret_from_fork+0x113/0x1d0 [ 20.188556] ? __pfx_kthread+0x10/0x10 [ 20.188559] ret_from_fork_asm+0x1a/0x30 [ 20.188565] </TASK> [ 20.188566] [ 20.365572] Allocated by task 199: [ 20.368976] kasan_save_stack+0x45/0x70 [ 20.372817] kasan_save_track+0x18/0x40 [ 20.376658] kasan_save_alloc_info+0x3b/0x50 [ 20.380938] __kasan_krealloc+0x190/0x1f0 [ 20.384950] krealloc_noprof+0xf3/0x340 [ 20.388790] krealloc_less_oob_helper+0x1aa/0x11d0 [ 20.393583] krealloc_less_oob+0x1c/0x30 [ 20.397516] kunit_try_run_case+0x1a2/0x480 [ 20.401704] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.407112] kthread+0x334/0x6f0 [ 20.410363] ret_from_fork+0x113/0x1d0 [ 20.414138] ret_from_fork_asm+0x1a/0x30 [ 20.418064] [ 20.419565] The buggy address belongs to the object at ffff88810561ce00 [ 20.419565] which belongs to the cache kmalloc-256 of size 256 [ 20.432080] The buggy address is located 34 bytes to the right of [ 20.432080] allocated 201-byte region [ffff88810561ce00, ffff88810561cec9) [ 20.445114] [ 20.446612] The buggy address belongs to the physical page: [ 20.452186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 20.460192] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.467845] flags: 0x200000000000040(head|node=0|zone=2) [ 20.473159] page_type: f5(slab) [ 20.476306] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.484044] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.491786] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 20.499619] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.507444] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 20.515271] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.523096] page dumped because: kasan: bad access detected [ 20.528667] [ 20.530160] Memory state around the buggy address: [ 20.534953] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.542171] ffff88810561ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.549403] >ffff88810561ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 20.556628] ^ [ 20.563240] ffff88810561cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.570459] ffff88810561cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.577678] ================================================================== [ 22.640133] ================================================================== [ 22.647414] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.655069] Write of size 1 at addr ffff888104eb20eb by task kunit_try_catch/203 [ 22.662462] [ 22.663962] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 22.663969] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 22.663972] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.663975] Call Trace: [ 22.663977] <TASK> [ 22.663978] dump_stack_lvl+0x73/0xb0 [ 22.663982] print_report+0xd1/0x650 [ 22.663986] ? __virt_addr_valid+0x1db/0x2d0 [ 22.663990] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.663994] ? kasan_addr_to_slab+0x11/0xa0 [ 22.663998] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.664002] kasan_report+0x141/0x180 [ 22.664006] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.664011] __asan_report_store1_noabort+0x1b/0x30 [ 22.664016] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.664021] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.664025] ? finish_task_switch.isra.0+0x153/0x700 [ 22.664029] ? __switch_to+0x544/0xf50 [ 22.664034] ? __schedule+0x10cc/0x2b60 [ 22.664038] krealloc_large_less_oob+0x1c/0x30 [ 22.664043] kunit_try_run_case+0x1a2/0x480 [ 22.664047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.664051] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.664055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.664059] ? __kthread_parkme+0x82/0x180 [ 22.664063] ? preempt_count_sub+0x50/0x80 [ 22.664067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.664071] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.664075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.664079] kthread+0x334/0x6f0 [ 22.664083] ? trace_preempt_on+0x20/0xc0 [ 22.664087] ? __pfx_kthread+0x10/0x10 [ 22.664090] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.664094] ? calculate_sigpending+0x7b/0xa0 [ 22.664098] ? __pfx_kthread+0x10/0x10 [ 22.664102] ret_from_fork+0x113/0x1d0 [ 22.664105] ? __pfx_kthread+0x10/0x10 [ 22.664109] ret_from_fork_asm+0x1a/0x30 [ 22.664115] </TASK> [ 22.664116] [ 22.840449] The buggy address belongs to the physical page: [ 22.846020] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104eb0 [ 22.854020] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.861674] flags: 0x200000000000040(head|node=0|zone=2) [ 22.866985] page_type: f8(unknown) [ 22.870421] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.878165] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.885904] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.893733] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.901565] head: 0200000000000002 ffffea000413ac01 00000000ffffffff 00000000ffffffff [ 22.909415] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.917244] page dumped because: kasan: bad access detected [ 22.922817] [ 22.924315] Memory state around the buggy address: [ 22.929143] ffff888104eb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.936365] ffff888104eb2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.943607] >ffff888104eb2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.950828] ^ [ 22.957439] ffff888104eb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.964659] ffff888104eb2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.971878] ==================================================================