Date
July 6, 2025, 11:09 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 | |
x86 |
[ 16.782585] ================================================================== [ 16.782691] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.782845] Write of size 1 at addr fff00000c78420eb by task kunit_try_catch/161 [ 16.782943] [ 16.783024] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.783128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.783162] Hardware name: linux,dummy-virt (DT) [ 16.783191] Call trace: [ 16.783238] show_stack+0x20/0x38 (C) [ 16.783287] dump_stack_lvl+0x8c/0xd0 [ 16.783333] print_report+0x118/0x608 [ 16.783523] kasan_report+0xdc/0x128 [ 16.783756] __asan_report_store1_noabort+0x20/0x30 [ 16.783857] krealloc_more_oob_helper+0x60c/0x678 [ 16.784047] krealloc_large_more_oob+0x20/0x38 [ 16.784159] kunit_try_run_case+0x170/0x3f0 [ 16.784260] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.784342] kthread+0x328/0x630 [ 16.784382] ret_from_fork+0x10/0x20 [ 16.784712] [ 16.784744] The buggy address belongs to the physical page: [ 16.784775] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.785125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.785292] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.785387] page_type: f8(unknown) [ 16.785501] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.785563] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.785628] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.785705] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.785770] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.785837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.785894] page dumped because: kasan: bad access detected [ 16.785939] [ 16.785966] Memory state around the buggy address: [ 16.786259] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.786308] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.786349] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.786385] ^ [ 16.786577] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.787040] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.787129] ================================================================== [ 16.730892] ================================================================== [ 16.731057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.731175] Write of size 1 at addr fff00000c45a88f0 by task kunit_try_catch/157 [ 16.731257] [ 16.731294] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.731370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.731395] Hardware name: linux,dummy-virt (DT) [ 16.731545] Call trace: [ 16.731610] show_stack+0x20/0x38 (C) [ 16.731707] dump_stack_lvl+0x8c/0xd0 [ 16.731772] print_report+0x118/0x608 [ 16.731850] kasan_report+0xdc/0x128 [ 16.731933] __asan_report_store1_noabort+0x20/0x30 [ 16.732038] krealloc_more_oob_helper+0x5c0/0x678 [ 16.732141] krealloc_more_oob+0x20/0x38 [ 16.732238] kunit_try_run_case+0x170/0x3f0 [ 16.732332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.732417] kthread+0x328/0x630 [ 16.732515] ret_from_fork+0x10/0x20 [ 16.732560] [ 16.732577] Allocated by task 157: [ 16.732603] kasan_save_stack+0x3c/0x68 [ 16.732789] kasan_save_track+0x20/0x40 [ 16.732851] kasan_save_alloc_info+0x40/0x58 [ 16.732950] __kasan_krealloc+0x118/0x178 [ 16.733071] krealloc_noprof+0x128/0x360 [ 16.733147] krealloc_more_oob_helper+0x168/0x678 [ 16.733193] krealloc_more_oob+0x20/0x38 [ 16.733280] kunit_try_run_case+0x170/0x3f0 [ 16.733404] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.733489] kthread+0x328/0x630 [ 16.733595] ret_from_fork+0x10/0x20 [ 16.733639] [ 16.733659] The buggy address belongs to the object at fff00000c45a8800 [ 16.733659] which belongs to the cache kmalloc-256 of size 256 [ 16.734043] The buggy address is located 5 bytes to the right of [ 16.734043] allocated 235-byte region [fff00000c45a8800, fff00000c45a88eb) [ 16.734167] [ 16.734318] The buggy address belongs to the physical page: [ 16.734358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.734534] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.734804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.734884] page_type: f5(slab) [ 16.734948] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.735009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.735068] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.735115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.735288] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.735453] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.735550] page dumped because: kasan: bad access detected [ 16.735667] [ 16.735743] Memory state around the buggy address: [ 16.735864] fff00000c45a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.735927] fff00000c45a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.736006] >fff00000c45a8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.736144] ^ [ 16.736215] fff00000c45a8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.736316] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.736381] ================================================================== [ 16.725782] ================================================================== [ 16.725854] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.725924] Write of size 1 at addr fff00000c45a88eb by task kunit_try_catch/157 [ 16.725987] [ 16.726018] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.726095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.726119] Hardware name: linux,dummy-virt (DT) [ 16.726148] Call trace: [ 16.726315] show_stack+0x20/0x38 (C) [ 16.726445] dump_stack_lvl+0x8c/0xd0 [ 16.726518] print_report+0x118/0x608 [ 16.726674] kasan_report+0xdc/0x128 [ 16.726730] __asan_report_store1_noabort+0x20/0x30 [ 16.726779] krealloc_more_oob_helper+0x60c/0x678 [ 16.726825] krealloc_more_oob+0x20/0x38 [ 16.726868] kunit_try_run_case+0x170/0x3f0 [ 16.726942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.727092] kthread+0x328/0x630 [ 16.727313] ret_from_fork+0x10/0x20 [ 16.727443] [ 16.727494] Allocated by task 157: [ 16.727566] kasan_save_stack+0x3c/0x68 [ 16.727622] kasan_save_track+0x20/0x40 [ 16.727659] kasan_save_alloc_info+0x40/0x58 [ 16.727697] __kasan_krealloc+0x118/0x178 [ 16.727753] krealloc_noprof+0x128/0x360 [ 16.727789] krealloc_more_oob_helper+0x168/0x678 [ 16.727826] krealloc_more_oob+0x20/0x38 [ 16.728088] kunit_try_run_case+0x170/0x3f0 [ 16.728231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.728287] kthread+0x328/0x630 [ 16.728326] ret_from_fork+0x10/0x20 [ 16.728372] [ 16.728392] The buggy address belongs to the object at fff00000c45a8800 [ 16.728392] which belongs to the cache kmalloc-256 of size 256 [ 16.728458] The buggy address is located 0 bytes to the right of [ 16.728458] allocated 235-byte region [fff00000c45a8800, fff00000c45a88eb) [ 16.728534] [ 16.728561] The buggy address belongs to the physical page: [ 16.728592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045a8 [ 16.728644] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.728690] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.728746] page_type: f5(slab) [ 16.728787] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.728846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.728900] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.728949] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.729017] head: 0bfffe0000000001 ffffc1ffc3116a01 00000000ffffffff 00000000ffffffff [ 16.729063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.729101] page dumped because: kasan: bad access detected [ 16.729136] [ 16.729158] Memory state around the buggy address: [ 16.729189] fff00000c45a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.729244] fff00000c45a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.729292] >fff00000c45a8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.729328] ^ [ 16.729373] fff00000c45a8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.729422] fff00000c45a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.729472] ================================================================== [ 16.788247] ================================================================== [ 16.788317] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.788415] Write of size 1 at addr fff00000c78420f0 by task kunit_try_catch/161 [ 16.788493] [ 16.788540] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.788617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.788670] Hardware name: linux,dummy-virt (DT) [ 16.788719] Call trace: [ 16.788757] show_stack+0x20/0x38 (C) [ 16.788827] dump_stack_lvl+0x8c/0xd0 [ 16.788933] print_report+0x118/0x608 [ 16.788994] kasan_report+0xdc/0x128 [ 16.789056] __asan_report_store1_noabort+0x20/0x30 [ 16.789106] krealloc_more_oob_helper+0x5c0/0x678 [ 16.789424] krealloc_large_more_oob+0x20/0x38 [ 16.789524] kunit_try_run_case+0x170/0x3f0 [ 16.789570] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.789839] kthread+0x328/0x630 [ 16.789933] ret_from_fork+0x10/0x20 [ 16.790025] [ 16.790075] The buggy address belongs to the physical page: [ 16.790112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840 [ 16.790165] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.790217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.790307] page_type: f8(unknown) [ 16.790382] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.790441] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.790495] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.790542] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.790589] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff [ 16.790642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.790680] page dumped because: kasan: bad access detected [ 16.790730] [ 16.790749] Memory state around the buggy address: [ 16.790780] fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.790821] fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.791085] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.791162] ^ [ 16.791212] fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.791281] fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.791330] ==================================================================
[ 16.676493] ================================================================== [ 16.676548] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.676599] Write of size 1 at addr fff00000c172deeb by task kunit_try_catch/157 [ 16.677016] [ 16.677112] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.677199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.677238] Hardware name: linux,dummy-virt (DT) [ 16.677268] Call trace: [ 16.677288] show_stack+0x20/0x38 (C) [ 16.677356] dump_stack_lvl+0x8c/0xd0 [ 16.677625] print_report+0x118/0x608 [ 16.677678] kasan_report+0xdc/0x128 [ 16.677733] __asan_report_store1_noabort+0x20/0x30 [ 16.677851] krealloc_more_oob_helper+0x60c/0x678 [ 16.677904] krealloc_more_oob+0x20/0x38 [ 16.677958] kunit_try_run_case+0x170/0x3f0 [ 16.678293] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.678403] kthread+0x328/0x630 [ 16.678483] ret_from_fork+0x10/0x20 [ 16.678599] [ 16.678629] Allocated by task 157: [ 16.678667] kasan_save_stack+0x3c/0x68 [ 16.678706] kasan_save_track+0x20/0x40 [ 16.678742] kasan_save_alloc_info+0x40/0x58 [ 16.678921] __kasan_krealloc+0x118/0x178 [ 16.678964] krealloc_noprof+0x128/0x360 [ 16.679032] krealloc_more_oob_helper+0x168/0x678 [ 16.679070] krealloc_more_oob+0x20/0x38 [ 16.679144] kunit_try_run_case+0x170/0x3f0 [ 16.679187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.679310] kthread+0x328/0x630 [ 16.679343] ret_from_fork+0x10/0x20 [ 16.679377] [ 16.679396] The buggy address belongs to the object at fff00000c172de00 [ 16.679396] which belongs to the cache kmalloc-256 of size 256 [ 16.679540] The buggy address is located 0 bytes to the right of [ 16.679540] allocated 235-byte region [fff00000c172de00, fff00000c172deeb) [ 16.679813] [ 16.679836] The buggy address belongs to the physical page: [ 16.679868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172c [ 16.680055] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.680136] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.680188] page_type: f5(slab) [ 16.680225] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.680274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.680669] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.680721] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.680821] head: 0bfffe0000000001 ffffc1ffc305cb01 00000000ffffffff 00000000ffffffff [ 16.680920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.680960] page dumped because: kasan: bad access detected [ 16.680989] [ 16.681156] Memory state around the buggy address: [ 16.681268] fff00000c172dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.681310] fff00000c172de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.681351] >fff00000c172de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.681397] ^ [ 16.681540] fff00000c172df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.681580] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.681615] ================================================================== [ 16.755448] ================================================================== [ 16.755575] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.755669] Write of size 1 at addr fff00000c770e0f0 by task kunit_try_catch/161 [ 16.755717] [ 16.755746] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.755822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.755847] Hardware name: linux,dummy-virt (DT) [ 16.755886] Call trace: [ 16.755907] show_stack+0x20/0x38 (C) [ 16.755966] dump_stack_lvl+0x8c/0xd0 [ 16.756351] print_report+0x118/0x608 [ 16.756584] kasan_report+0xdc/0x128 [ 16.756696] __asan_report_store1_noabort+0x20/0x30 [ 16.756746] krealloc_more_oob_helper+0x5c0/0x678 [ 16.756985] krealloc_large_more_oob+0x20/0x38 [ 16.757082] kunit_try_run_case+0x170/0x3f0 [ 16.757161] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.757213] kthread+0x328/0x630 [ 16.757253] ret_from_fork+0x10/0x20 [ 16.757299] [ 16.757320] The buggy address belongs to the physical page: [ 16.757350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10770c [ 16.757401] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.757449] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.757499] page_type: f8(unknown) [ 16.757536] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.757595] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.757644] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.757842] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.758133] head: 0bfffe0000000002 ffffc1ffc31dc301 00000000ffffffff 00000000ffffffff [ 16.758433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.758542] page dumped because: kasan: bad access detected [ 16.758625] [ 16.758761] Memory state around the buggy address: [ 16.758796] fff00000c770df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.758838] fff00000c770e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.758879] >fff00000c770e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.758948] ^ [ 16.759028] fff00000c770e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.759211] fff00000c770e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.759368] ================================================================== [ 16.748976] ================================================================== [ 16.749033] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.749149] Write of size 1 at addr fff00000c770e0eb by task kunit_try_catch/161 [ 16.749531] [ 16.749568] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.749647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.749887] Hardware name: linux,dummy-virt (DT) [ 16.749963] Call trace: [ 16.750080] show_stack+0x20/0x38 (C) [ 16.750135] dump_stack_lvl+0x8c/0xd0 [ 16.750182] print_report+0x118/0x608 [ 16.750245] kasan_report+0xdc/0x128 [ 16.750289] __asan_report_store1_noabort+0x20/0x30 [ 16.750383] krealloc_more_oob_helper+0x60c/0x678 [ 16.750606] krealloc_large_more_oob+0x20/0x38 [ 16.750680] kunit_try_run_case+0x170/0x3f0 [ 16.750729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.750785] kthread+0x328/0x630 [ 16.750832] ret_from_fork+0x10/0x20 [ 16.751050] [ 16.751127] The buggy address belongs to the physical page: [ 16.751178] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10770c [ 16.751306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.751407] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.751458] page_type: f8(unknown) [ 16.751585] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.751706] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.751755] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.751814] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.751902] head: 0bfffe0000000002 ffffc1ffc31dc301 00000000ffffffff 00000000ffffffff [ 16.751964] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.752004] page dumped because: kasan: bad access detected [ 16.752033] [ 16.752050] Memory state around the buggy address: [ 16.752080] fff00000c770df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.752121] fff00000c770e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.752161] >fff00000c770e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.752613] ^ [ 16.752660] fff00000c770e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.752701] fff00000c770e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.752738] ================================================================== [ 16.685453] ================================================================== [ 16.685585] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.685660] Write of size 1 at addr fff00000c172def0 by task kunit_try_catch/157 [ 16.686021] [ 16.686171] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.686263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.686288] Hardware name: linux,dummy-virt (DT) [ 16.686363] Call trace: [ 16.686403] show_stack+0x20/0x38 (C) [ 16.686454] dump_stack_lvl+0x8c/0xd0 [ 16.686633] print_report+0x118/0x608 [ 16.686803] kasan_report+0xdc/0x128 [ 16.686952] __asan_report_store1_noabort+0x20/0x30 [ 16.687073] krealloc_more_oob_helper+0x5c0/0x678 [ 16.687121] krealloc_more_oob+0x20/0x38 [ 16.687167] kunit_try_run_case+0x170/0x3f0 [ 16.687212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.687263] kthread+0x328/0x630 [ 16.687313] ret_from_fork+0x10/0x20 [ 16.687359] [ 16.687376] Allocated by task 157: [ 16.687530] kasan_save_stack+0x3c/0x68 [ 16.687676] kasan_save_track+0x20/0x40 [ 16.687797] kasan_save_alloc_info+0x40/0x58 [ 16.687875] __kasan_krealloc+0x118/0x178 [ 16.687945] krealloc_noprof+0x128/0x360 [ 16.688047] krealloc_more_oob_helper+0x168/0x678 [ 16.688098] krealloc_more_oob+0x20/0x38 [ 16.688132] kunit_try_run_case+0x170/0x3f0 [ 16.688168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.688210] kthread+0x328/0x630 [ 16.688242] ret_from_fork+0x10/0x20 [ 16.688286] [ 16.688306] The buggy address belongs to the object at fff00000c172de00 [ 16.688306] which belongs to the cache kmalloc-256 of size 256 [ 16.688950] The buggy address is located 5 bytes to the right of [ 16.688950] allocated 235-byte region [fff00000c172de00, fff00000c172deeb) [ 16.689029] [ 16.689055] The buggy address belongs to the physical page: [ 16.689085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10172c [ 16.689138] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.689184] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.689234] page_type: f5(slab) [ 16.689271] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.689321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.689369] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.689416] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.689464] head: 0bfffe0000000001 ffffc1ffc305cb01 00000000ffffffff 00000000ffffffff [ 16.689511] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.689549] page dumped because: kasan: bad access detected [ 16.689578] [ 16.689596] Memory state around the buggy address: [ 16.689625] fff00000c172dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.689666] fff00000c172de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.689707] >fff00000c172de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.689743] ^ [ 16.689780] fff00000c172df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.689820] fff00000c172df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.689856] ==================================================================
[ 12.809959] ================================================================== [ 12.810419] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.811148] Write of size 1 at addr ffff88810034cceb by task kunit_try_catch/174 [ 12.811579] [ 12.811774] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.811860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.811881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.811915] Call Trace: [ 12.811940] <TASK> [ 12.811963] dump_stack_lvl+0x73/0xb0 [ 12.812015] print_report+0xd1/0x650 [ 12.812052] ? __virt_addr_valid+0x1db/0x2d0 [ 12.812090] ? krealloc_more_oob_helper+0x821/0x930 [ 12.812127] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.812167] ? krealloc_more_oob_helper+0x821/0x930 [ 12.812202] kasan_report+0x141/0x180 [ 12.812287] ? krealloc_more_oob_helper+0x821/0x930 [ 12.812342] __asan_report_store1_noabort+0x1b/0x30 [ 12.812384] krealloc_more_oob_helper+0x821/0x930 [ 12.812425] ? __schedule+0x10cc/0x2b60 [ 12.812461] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.812496] ? finish_task_switch.isra.0+0x153/0x700 [ 12.812528] ? __switch_to+0x47/0xf50 [ 12.812570] ? __schedule+0x10cc/0x2b60 [ 12.812606] ? __pfx_read_tsc+0x10/0x10 [ 12.812691] krealloc_more_oob+0x1c/0x30 [ 12.812731] kunit_try_run_case+0x1a5/0x480 [ 12.812782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.812814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.812851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.812888] ? __kthread_parkme+0x82/0x180 [ 12.812923] ? preempt_count_sub+0x50/0x80 [ 12.812966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.813007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.813029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.813050] kthread+0x337/0x6f0 [ 12.813068] ? trace_preempt_on+0x20/0xc0 [ 12.813089] ? __pfx_kthread+0x10/0x10 [ 12.813113] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.813138] ? calculate_sigpending+0x7b/0xa0 [ 12.813160] ? __pfx_kthread+0x10/0x10 [ 12.813179] ret_from_fork+0x116/0x1d0 [ 12.813196] ? __pfx_kthread+0x10/0x10 [ 12.813214] ret_from_fork_asm+0x1a/0x30 [ 12.813243] </TASK> [ 12.813254] [ 12.825088] Allocated by task 174: [ 12.825546] kasan_save_stack+0x45/0x70 [ 12.825758] kasan_save_track+0x18/0x40 [ 12.825947] kasan_save_alloc_info+0x3b/0x50 [ 12.826505] __kasan_krealloc+0x190/0x1f0 [ 12.826878] krealloc_noprof+0xf3/0x340 [ 12.827145] krealloc_more_oob_helper+0x1a9/0x930 [ 12.827400] krealloc_more_oob+0x1c/0x30 [ 12.827672] kunit_try_run_case+0x1a5/0x480 [ 12.827896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.828199] kthread+0x337/0x6f0 [ 12.828475] ret_from_fork+0x116/0x1d0 [ 12.829022] ret_from_fork_asm+0x1a/0x30 [ 12.829416] [ 12.829675] The buggy address belongs to the object at ffff88810034cc00 [ 12.829675] which belongs to the cache kmalloc-256 of size 256 [ 12.830393] The buggy address is located 0 bytes to the right of [ 12.830393] allocated 235-byte region [ffff88810034cc00, ffff88810034cceb) [ 12.830959] [ 12.831142] The buggy address belongs to the physical page: [ 12.831531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.831926] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.832257] flags: 0x200000000000040(head|node=0|zone=2) [ 12.832640] page_type: f5(slab) [ 12.832899] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.833288] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.833538] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.833904] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.834423] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.834824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.835190] page dumped because: kasan: bad access detected [ 12.835430] [ 12.835571] Memory state around the buggy address: [ 12.835822] ffff88810034cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.836167] ffff88810034cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.836549] >ffff88810034cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.836991] ^ [ 12.837311] ffff88810034cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.837770] ffff88810034cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.838042] ================================================================== [ 13.037058] ================================================================== [ 13.037510] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.038032] Write of size 1 at addr ffff88810263e0eb by task kunit_try_catch/178 [ 13.038231] [ 13.038423] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.038501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.038522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.038561] Call Trace: [ 13.038587] <TASK> [ 13.038634] dump_stack_lvl+0x73/0xb0 [ 13.038697] print_report+0xd1/0x650 [ 13.038739] ? __virt_addr_valid+0x1db/0x2d0 [ 13.039388] ? krealloc_more_oob_helper+0x821/0x930 [ 13.039470] ? kasan_addr_to_slab+0x11/0xa0 [ 13.039503] ? krealloc_more_oob_helper+0x821/0x930 [ 13.039536] kasan_report+0x141/0x180 [ 13.039569] ? krealloc_more_oob_helper+0x821/0x930 [ 13.039636] __asan_report_store1_noabort+0x1b/0x30 [ 13.039679] krealloc_more_oob_helper+0x821/0x930 [ 13.039845] ? __schedule+0x10cc/0x2b60 [ 13.039873] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.039896] ? finish_task_switch.isra.0+0x153/0x700 [ 13.039918] ? __switch_to+0x47/0xf50 [ 13.039944] ? __schedule+0x10cc/0x2b60 [ 13.039962] ? __pfx_read_tsc+0x10/0x10 [ 13.039985] krealloc_large_more_oob+0x1c/0x30 [ 13.040006] kunit_try_run_case+0x1a5/0x480 [ 13.040029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.040049] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.040071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.040090] ? __kthread_parkme+0x82/0x180 [ 13.040113] ? preempt_count_sub+0x50/0x80 [ 13.040154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.040187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.040217] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.040246] kthread+0x337/0x6f0 [ 13.040273] ? trace_preempt_on+0x20/0xc0 [ 13.040306] ? __pfx_kthread+0x10/0x10 [ 13.040334] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.040362] ? calculate_sigpending+0x7b/0xa0 [ 13.040396] ? __pfx_kthread+0x10/0x10 [ 13.040428] ret_from_fork+0x116/0x1d0 [ 13.040454] ? __pfx_kthread+0x10/0x10 [ 13.040484] ret_from_fork_asm+0x1a/0x30 [ 13.040531] </TASK> [ 13.040551] [ 13.054281] The buggy address belongs to the physical page: [ 13.054689] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10263c [ 13.055507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.056113] flags: 0x200000000000040(head|node=0|zone=2) [ 13.056309] page_type: f8(unknown) [ 13.056636] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.057258] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.057563] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.057787] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.059946] head: 0200000000000002 ffffea0004098f01 00000000ffffffff 00000000ffffffff [ 13.060480] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.060992] page dumped because: kasan: bad access detected [ 13.061498] [ 13.061676] Memory state around the buggy address: [ 13.062839] ffff88810263df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.064917] ffff88810263e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.065363] >ffff88810263e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.065593] ^ [ 13.066029] ffff88810263e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.066584] ffff88810263e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.066870] ================================================================== [ 12.841012] ================================================================== [ 12.841407] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.841755] Write of size 1 at addr ffff88810034ccf0 by task kunit_try_catch/174 [ 12.842212] [ 12.842337] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.842407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.842426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.842456] Call Trace: [ 12.842478] <TASK> [ 12.842503] dump_stack_lvl+0x73/0xb0 [ 12.842557] print_report+0xd1/0x650 [ 12.842594] ? __virt_addr_valid+0x1db/0x2d0 [ 12.842644] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.842686] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.842730] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.842772] kasan_report+0x141/0x180 [ 12.842806] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.842847] __asan_report_store1_noabort+0x1b/0x30 [ 12.842884] krealloc_more_oob_helper+0x7eb/0x930 [ 12.842918] ? __schedule+0x10cc/0x2b60 [ 12.842958] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.842999] ? finish_task_switch.isra.0+0x153/0x700 [ 12.843037] ? __switch_to+0x47/0xf50 [ 12.843079] ? __schedule+0x10cc/0x2b60 [ 12.843148] ? __pfx_read_tsc+0x10/0x10 [ 12.843190] krealloc_more_oob+0x1c/0x30 [ 12.843229] kunit_try_run_case+0x1a5/0x480 [ 12.843268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.843302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.843337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.843375] ? __kthread_parkme+0x82/0x180 [ 12.843408] ? preempt_count_sub+0x50/0x80 [ 12.843449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.843484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.843505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.843526] kthread+0x337/0x6f0 [ 12.843544] ? trace_preempt_on+0x20/0xc0 [ 12.843565] ? __pfx_kthread+0x10/0x10 [ 12.843584] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.843602] ? calculate_sigpending+0x7b/0xa0 [ 12.843641] ? __pfx_kthread+0x10/0x10 [ 12.843662] ret_from_fork+0x116/0x1d0 [ 12.843680] ? __pfx_kthread+0x10/0x10 [ 12.843698] ret_from_fork_asm+0x1a/0x30 [ 12.843726] </TASK> [ 12.843738] [ 12.851837] Allocated by task 174: [ 12.852005] kasan_save_stack+0x45/0x70 [ 12.852297] kasan_save_track+0x18/0x40 [ 12.852556] kasan_save_alloc_info+0x3b/0x50 [ 12.852862] __kasan_krealloc+0x190/0x1f0 [ 12.853147] krealloc_noprof+0xf3/0x340 [ 12.853373] krealloc_more_oob_helper+0x1a9/0x930 [ 12.853562] krealloc_more_oob+0x1c/0x30 [ 12.853751] kunit_try_run_case+0x1a5/0x480 [ 12.854046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.854418] kthread+0x337/0x6f0 [ 12.854667] ret_from_fork+0x116/0x1d0 [ 12.854949] ret_from_fork_asm+0x1a/0x30 [ 12.855266] [ 12.855424] The buggy address belongs to the object at ffff88810034cc00 [ 12.855424] which belongs to the cache kmalloc-256 of size 256 [ 12.855943] The buggy address is located 5 bytes to the right of [ 12.855943] allocated 235-byte region [ffff88810034cc00, ffff88810034cceb) [ 12.856658] [ 12.856788] The buggy address belongs to the physical page: [ 12.857007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.857298] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.857540] flags: 0x200000000000040(head|node=0|zone=2) [ 12.857919] page_type: f5(slab) [ 12.858232] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.858720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.860279] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.860774] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.861076] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.862507] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.862800] page dumped because: kasan: bad access detected [ 12.862995] [ 12.863092] Memory state around the buggy address: [ 12.863585] ffff88810034cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.864441] ffff88810034cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.864907] >ffff88810034cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.865178] ^ [ 12.865609] ffff88810034cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.865968] ffff88810034cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.866218] ================================================================== [ 13.067557] ================================================================== [ 13.068499] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.068940] Write of size 1 at addr ffff88810263e0f0 by task kunit_try_catch/178 [ 13.069279] [ 13.069403] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.069473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.069489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.069521] Call Trace: [ 13.069545] <TASK> [ 13.069572] dump_stack_lvl+0x73/0xb0 [ 13.069613] print_report+0xd1/0x650 [ 13.071552] ? __virt_addr_valid+0x1db/0x2d0 [ 13.071665] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.071706] ? kasan_addr_to_slab+0x11/0xa0 [ 13.071739] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.071774] kasan_report+0x141/0x180 [ 13.071811] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.071856] __asan_report_store1_noabort+0x1b/0x30 [ 13.071896] krealloc_more_oob_helper+0x7eb/0x930 [ 13.071932] ? __schedule+0x10cc/0x2b60 [ 13.071969] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.072005] ? finish_task_switch.isra.0+0x153/0x700 [ 13.072041] ? __switch_to+0x47/0xf50 [ 13.072082] ? __schedule+0x10cc/0x2b60 [ 13.072400] ? __pfx_read_tsc+0x10/0x10 [ 13.072458] krealloc_large_more_oob+0x1c/0x30 [ 13.072530] kunit_try_run_case+0x1a5/0x480 [ 13.072568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.072598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.072662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.072690] ? __kthread_parkme+0x82/0x180 [ 13.072721] ? preempt_count_sub+0x50/0x80 [ 13.072758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.072790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.072828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.072862] kthread+0x337/0x6f0 [ 13.072892] ? trace_preempt_on+0x20/0xc0 [ 13.072928] ? __pfx_kthread+0x10/0x10 [ 13.072950] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.072968] ? calculate_sigpending+0x7b/0xa0 [ 13.072990] ? __pfx_kthread+0x10/0x10 [ 13.073009] ret_from_fork+0x116/0x1d0 [ 13.073026] ? __pfx_kthread+0x10/0x10 [ 13.073061] ret_from_fork_asm+0x1a/0x30 [ 13.073139] </TASK> [ 13.073161] [ 13.084458] The buggy address belongs to the physical page: [ 13.085301] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10263c [ 13.085987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.086410] flags: 0x200000000000040(head|node=0|zone=2) [ 13.086879] page_type: f8(unknown) [ 13.087172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.087436] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.088131] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.088952] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.089350] head: 0200000000000002 ffffea0004098f01 00000000ffffffff 00000000ffffffff [ 13.089945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.090351] page dumped because: kasan: bad access detected [ 13.090836] [ 13.091004] Memory state around the buggy address: [ 13.091246] ffff88810263df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.091847] ffff88810263e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.092408] >ffff88810263e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.093219] ^ [ 13.093425] ffff88810263e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.093942] ffff88810263e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.094495] ==================================================================
[ 13.288793] ================================================================== [ 13.289096] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.289357] Write of size 1 at addr ffff8881029f20f0 by task kunit_try_catch/177 [ 13.289665] [ 13.289833] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.289877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.289889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.289909] Call Trace: [ 13.289920] <TASK> [ 13.289935] dump_stack_lvl+0x73/0xb0 [ 13.289964] print_report+0xd1/0x650 [ 13.289986] ? __virt_addr_valid+0x1db/0x2d0 [ 13.290008] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.290032] ? kasan_addr_to_slab+0x11/0xa0 [ 13.290066] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.290091] kasan_report+0x141/0x180 [ 13.290113] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.290143] __asan_report_store1_noabort+0x1b/0x30 [ 13.290168] krealloc_more_oob_helper+0x7eb/0x930 [ 13.290191] ? __schedule+0x10cc/0x2b60 [ 13.290213] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.290240] ? __kasan_check_write+0x18/0x20 [ 13.290259] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.290285] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.290309] ? __pfx_read_tsc+0x10/0x10 [ 13.290334] krealloc_large_more_oob+0x1c/0x30 [ 13.290356] kunit_try_run_case+0x1a5/0x480 [ 13.290381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.290403] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.290425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.290448] ? __kthread_parkme+0x82/0x180 [ 13.290469] ? preempt_count_sub+0x50/0x80 [ 13.290494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.290517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.290540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.290563] kthread+0x337/0x6f0 [ 13.290582] ? trace_preempt_on+0x20/0xc0 [ 13.290606] ? __pfx_kthread+0x10/0x10 [ 13.290628] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.290649] ? calculate_sigpending+0x7b/0xa0 [ 13.290672] ? __pfx_kthread+0x10/0x10 [ 13.290723] ret_from_fork+0x116/0x1d0 [ 13.290743] ? __pfx_kthread+0x10/0x10 [ 13.290777] ret_from_fork_asm+0x1a/0x30 [ 13.290810] </TASK> [ 13.290820] [ 13.299285] The buggy address belongs to the physical page: [ 13.299523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f0 [ 13.299939] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.300226] flags: 0x200000000000040(head|node=0|zone=2) [ 13.300545] page_type: f8(unknown) [ 13.300804] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.301092] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.301407] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.301742] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.302112] head: 0200000000000002 ffffea00040a7c01 00000000ffffffff 00000000ffffffff [ 13.302463] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.302794] page dumped because: kasan: bad access detected [ 13.303008] [ 13.303118] Memory state around the buggy address: [ 13.303288] ffff8881029f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.303510] ffff8881029f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.303732] >ffff8881029f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.303950] ^ [ 13.304299] ffff8881029f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.304625] ffff8881029f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.304964] ================================================================== [ 13.100933] ================================================================== [ 13.101320] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.101735] Write of size 1 at addr ffff888100a300f0 by task kunit_try_catch/173 [ 13.102205] [ 13.102300] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.102341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.102353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.102372] Call Trace: [ 13.102385] <TASK> [ 13.102399] dump_stack_lvl+0x73/0xb0 [ 13.102425] print_report+0xd1/0x650 [ 13.102491] ? __virt_addr_valid+0x1db/0x2d0 [ 13.102512] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.102536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.102561] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.102584] kasan_report+0x141/0x180 [ 13.102639] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.102670] __asan_report_store1_noabort+0x1b/0x30 [ 13.102701] krealloc_more_oob_helper+0x7eb/0x930 [ 13.102723] ? __schedule+0x10cc/0x2b60 [ 13.102744] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.102816] ? finish_task_switch.isra.0+0x153/0x700 [ 13.102838] ? __switch_to+0x47/0xf50 [ 13.102864] ? __schedule+0x10cc/0x2b60 [ 13.102884] ? __pfx_read_tsc+0x10/0x10 [ 13.102937] krealloc_more_oob+0x1c/0x30 [ 13.102958] kunit_try_run_case+0x1a5/0x480 [ 13.102981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.103002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.103024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.103046] ? __kthread_parkme+0x82/0x180 [ 13.103077] ? preempt_count_sub+0x50/0x80 [ 13.103099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.103122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.103143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.103166] kthread+0x337/0x6f0 [ 13.103185] ? trace_preempt_on+0x20/0xc0 [ 13.103208] ? __pfx_kthread+0x10/0x10 [ 13.103228] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.103250] ? calculate_sigpending+0x7b/0xa0 [ 13.103273] ? __pfx_kthread+0x10/0x10 [ 13.103293] ret_from_fork+0x116/0x1d0 [ 13.103311] ? __pfx_kthread+0x10/0x10 [ 13.103331] ret_from_fork_asm+0x1a/0x30 [ 13.103362] </TASK> [ 13.103372] [ 13.112702] Allocated by task 173: [ 13.112910] kasan_save_stack+0x45/0x70 [ 13.113204] kasan_save_track+0x18/0x40 [ 13.113364] kasan_save_alloc_info+0x3b/0x50 [ 13.113583] __kasan_krealloc+0x190/0x1f0 [ 13.113821] krealloc_noprof+0xf3/0x340 [ 13.114068] krealloc_more_oob_helper+0x1a9/0x930 [ 13.114300] krealloc_more_oob+0x1c/0x30 [ 13.114520] kunit_try_run_case+0x1a5/0x480 [ 13.114759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.114957] kthread+0x337/0x6f0 [ 13.115092] ret_from_fork+0x116/0x1d0 [ 13.115232] ret_from_fork_asm+0x1a/0x30 [ 13.115429] [ 13.115530] The buggy address belongs to the object at ffff888100a30000 [ 13.115530] which belongs to the cache kmalloc-256 of size 256 [ 13.116148] The buggy address is located 5 bytes to the right of [ 13.116148] allocated 235-byte region [ffff888100a30000, ffff888100a300eb) [ 13.116866] [ 13.116960] The buggy address belongs to the physical page: [ 13.117278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.117623] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.117880] flags: 0x200000000000040(head|node=0|zone=2) [ 13.118368] page_type: f5(slab) [ 13.118602] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.119234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.119968] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.120388] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.120749] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.120990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.121369] page dumped because: kasan: bad access detected [ 13.121786] [ 13.121906] Memory state around the buggy address: [ 13.122134] ffff888100a2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.122521] ffff888100a30000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.123026] >ffff888100a30080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.123277] ^ [ 13.123492] ffff888100a30100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.123722] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.124026] ================================================================== [ 13.271267] ================================================================== [ 13.271775] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.272122] Write of size 1 at addr ffff8881029f20eb by task kunit_try_catch/177 [ 13.272459] [ 13.272584] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.272629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.272640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.272661] Call Trace: [ 13.272674] <TASK> [ 13.272690] dump_stack_lvl+0x73/0xb0 [ 13.272749] print_report+0xd1/0x650 [ 13.272771] ? __virt_addr_valid+0x1db/0x2d0 [ 13.272795] ? krealloc_more_oob_helper+0x821/0x930 [ 13.272818] ? kasan_addr_to_slab+0x11/0xa0 [ 13.272837] ? krealloc_more_oob_helper+0x821/0x930 [ 13.272860] kasan_report+0x141/0x180 [ 13.272882] ? krealloc_more_oob_helper+0x821/0x930 [ 13.272911] __asan_report_store1_noabort+0x1b/0x30 [ 13.272936] krealloc_more_oob_helper+0x821/0x930 [ 13.272958] ? __schedule+0x10cc/0x2b60 [ 13.272993] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.273019] ? __kasan_check_write+0x18/0x20 [ 13.273037] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.273072] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.273096] ? __pfx_read_tsc+0x10/0x10 [ 13.273121] krealloc_large_more_oob+0x1c/0x30 [ 13.273143] kunit_try_run_case+0x1a5/0x480 [ 13.273169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273190] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.273212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.273235] ? __kthread_parkme+0x82/0x180 [ 13.273256] ? preempt_count_sub+0x50/0x80 [ 13.273281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.273327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.273349] kthread+0x337/0x6f0 [ 13.273369] ? trace_preempt_on+0x20/0xc0 [ 13.273392] ? __pfx_kthread+0x10/0x10 [ 13.273413] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.273434] ? calculate_sigpending+0x7b/0xa0 [ 13.273458] ? __pfx_kthread+0x10/0x10 [ 13.273479] ret_from_fork+0x116/0x1d0 [ 13.273497] ? __pfx_kthread+0x10/0x10 [ 13.273517] ret_from_fork_asm+0x1a/0x30 [ 13.273553] </TASK> [ 13.273564] [ 13.281773] The buggy address belongs to the physical page: [ 13.282097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f0 [ 13.282443] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.282892] flags: 0x200000000000040(head|node=0|zone=2) [ 13.283140] page_type: f8(unknown) [ 13.283401] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.283842] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.284224] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.284490] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.284858] head: 0200000000000002 ffffea00040a7c01 00000000ffffffff 00000000ffffffff [ 13.285237] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.285824] page dumped because: kasan: bad access detected [ 13.286070] [ 13.286177] Memory state around the buggy address: [ 13.286362] ffff8881029f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.286666] ffff8881029f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.287091] >ffff8881029f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.287407] ^ [ 13.287639] ffff8881029f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.287993] ffff8881029f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.288259] ================================================================== [ 13.076586] ================================================================== [ 13.077377] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.077795] Write of size 1 at addr ffff888100a300eb by task kunit_try_catch/173 [ 13.078215] [ 13.078376] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.078450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.078463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.078485] Call Trace: [ 13.078498] <TASK> [ 13.078514] dump_stack_lvl+0x73/0xb0 [ 13.078547] print_report+0xd1/0x650 [ 13.078570] ? __virt_addr_valid+0x1db/0x2d0 [ 13.078595] ? krealloc_more_oob_helper+0x821/0x930 [ 13.078618] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.078684] ? krealloc_more_oob_helper+0x821/0x930 [ 13.078759] kasan_report+0x141/0x180 [ 13.078795] ? krealloc_more_oob_helper+0x821/0x930 [ 13.078824] __asan_report_store1_noabort+0x1b/0x30 [ 13.078849] krealloc_more_oob_helper+0x821/0x930 [ 13.078871] ? __schedule+0x10cc/0x2b60 [ 13.078894] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.078917] ? finish_task_switch.isra.0+0x153/0x700 [ 13.078941] ? __switch_to+0x47/0xf50 [ 13.078968] ? __schedule+0x10cc/0x2b60 [ 13.078989] ? __pfx_read_tsc+0x10/0x10 [ 13.079015] krealloc_more_oob+0x1c/0x30 [ 13.079036] kunit_try_run_case+0x1a5/0x480 [ 13.079072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.079094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.079119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.079141] ? __kthread_parkme+0x82/0x180 [ 13.079162] ? preempt_count_sub+0x50/0x80 [ 13.079185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.079208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.079230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.079253] kthread+0x337/0x6f0 [ 13.079272] ? trace_preempt_on+0x20/0xc0 [ 13.079296] ? __pfx_kthread+0x10/0x10 [ 13.079316] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.079337] ? calculate_sigpending+0x7b/0xa0 [ 13.079361] ? __pfx_kthread+0x10/0x10 [ 13.079383] ret_from_fork+0x116/0x1d0 [ 13.079401] ? __pfx_kthread+0x10/0x10 [ 13.079421] ret_from_fork_asm+0x1a/0x30 [ 13.079454] </TASK> [ 13.079466] [ 13.088549] Allocated by task 173: [ 13.088814] kasan_save_stack+0x45/0x70 [ 13.088997] kasan_save_track+0x18/0x40 [ 13.089211] kasan_save_alloc_info+0x3b/0x50 [ 13.089420] __kasan_krealloc+0x190/0x1f0 [ 13.089574] krealloc_noprof+0xf3/0x340 [ 13.089800] krealloc_more_oob_helper+0x1a9/0x930 [ 13.090047] krealloc_more_oob+0x1c/0x30 [ 13.090282] kunit_try_run_case+0x1a5/0x480 [ 13.090576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.090792] kthread+0x337/0x6f0 [ 13.090923] ret_from_fork+0x116/0x1d0 [ 13.091097] ret_from_fork_asm+0x1a/0x30 [ 13.091353] [ 13.091492] The buggy address belongs to the object at ffff888100a30000 [ 13.091492] which belongs to the cache kmalloc-256 of size 256 [ 13.092544] The buggy address is located 0 bytes to the right of [ 13.092544] allocated 235-byte region [ffff888100a30000, ffff888100a300eb) [ 13.093167] [ 13.093252] The buggy address belongs to the physical page: [ 13.093506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.094039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.094347] flags: 0x200000000000040(head|node=0|zone=2) [ 13.094620] page_type: f5(slab) [ 13.094772] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.095083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.095526] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.095905] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.096353] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.096696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.097126] page dumped because: kasan: bad access detected [ 13.097454] [ 13.097551] Memory state around the buggy address: [ 13.097806] ffff888100a2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.098290] ffff888100a30000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.098657] >ffff888100a30080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.099192] ^ [ 13.099532] ffff888100a30100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.099949] ffff888100a30180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.100308] ==================================================================
[ 20.939434] ================================================================== [ 20.946661] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 20.954235] Write of size 1 at addr ffff888104ffa0f0 by task kunit_try_catch/201 [ 20.961628] [ 20.963127] CPU: 3 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 20.963135] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 20.963138] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.963141] Call Trace: [ 20.963143] <TASK> [ 20.963144] dump_stack_lvl+0x73/0xb0 [ 20.963149] print_report+0xd1/0x650 [ 20.963152] ? __virt_addr_valid+0x1db/0x2d0 [ 20.963156] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.963161] ? kasan_addr_to_slab+0x11/0xa0 [ 20.963164] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.963168] kasan_report+0x141/0x180 [ 20.963172] ? krealloc_more_oob_helper+0x7eb/0x930 [ 20.963178] __asan_report_store1_noabort+0x1b/0x30 [ 20.963182] krealloc_more_oob_helper+0x7eb/0x930 [ 20.963186] ? __schedule+0x10cc/0x2b60 [ 20.963190] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 20.963195] ? finish_task_switch.isra.0+0x153/0x700 [ 20.963199] ? __switch_to+0x544/0xf50 [ 20.963203] ? __schedule+0x10cc/0x2b60 [ 20.963208] krealloc_large_more_oob+0x1c/0x30 [ 20.963212] kunit_try_run_case+0x1a2/0x480 [ 20.963216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.963220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.963224] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.963229] ? __kthread_parkme+0x82/0x180 [ 20.963232] ? preempt_count_sub+0x50/0x80 [ 20.963236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.963240] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.963244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.963249] kthread+0x334/0x6f0 [ 20.963252] ? trace_preempt_on+0x20/0xc0 [ 20.963256] ? __pfx_kthread+0x10/0x10 [ 20.963260] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.963263] ? calculate_sigpending+0x7b/0xa0 [ 20.963268] ? __pfx_kthread+0x10/0x10 [ 20.963272] ret_from_fork+0x113/0x1d0 [ 20.963275] ? __pfx_kthread+0x10/0x10 [ 20.963278] ret_from_fork_asm+0x1a/0x30 [ 20.963284] </TASK> [ 20.963286] [ 21.143063] The buggy address belongs to the physical page: [ 21.148636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ff8 [ 21.156644] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.164298] flags: 0x200000000000040(head|node=0|zone=2) [ 21.169617] page_type: f8(unknown) [ 21.173025] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.180765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.188513] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.196365] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 21.204215] head: 0200000000000002 ffffea000413fe01 00000000ffffffff 00000000ffffffff [ 21.212041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.219867] page dumped because: kasan: bad access detected [ 21.225440] [ 21.226939] Memory state around the buggy address: [ 21.231733] ffff888104ff9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.238959] ffff888104ffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.246181] >ffff888104ffa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.253407] ^ [ 21.260279] ffff888104ffa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.267498] ffff888104ffa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.274717] ================================================================== [ 18.058241] ================================================================== [ 18.065465] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 18.073032] Write of size 1 at addr ffff88810561ccf0 by task kunit_try_catch/197 [ 18.080425] [ 18.081926] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.081934] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 18.081937] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.081940] Call Trace: [ 18.081941] <TASK> [ 18.081943] dump_stack_lvl+0x73/0xb0 [ 18.081948] print_report+0xd1/0x650 [ 18.081952] ? __virt_addr_valid+0x1db/0x2d0 [ 18.081955] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.081960] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.081965] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.081969] kasan_report+0x141/0x180 [ 18.081973] ? krealloc_more_oob_helper+0x7eb/0x930 [ 18.081978] __asan_report_store1_noabort+0x1b/0x30 [ 18.081983] krealloc_more_oob_helper+0x7eb/0x930 [ 18.081987] ? __schedule+0x10cc/0x2b60 [ 18.081991] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 18.081996] ? finish_task_switch.isra.0+0x153/0x700 [ 18.082000] ? __switch_to+0x544/0xf50 [ 18.082004] ? __schedule+0x10cc/0x2b60 [ 18.082009] krealloc_more_oob+0x1c/0x30 [ 18.082013] kunit_try_run_case+0x1a2/0x480 [ 18.082017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.082021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.082025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.082029] ? __kthread_parkme+0x82/0x180 [ 18.082033] ? preempt_count_sub+0x50/0x80 [ 18.082037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.082041] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.082045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.082050] kthread+0x334/0x6f0 [ 18.082053] ? trace_preempt_on+0x20/0xc0 [ 18.082057] ? __pfx_kthread+0x10/0x10 [ 18.082061] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.082064] ? calculate_sigpending+0x7b/0xa0 [ 18.082069] ? __pfx_kthread+0x10/0x10 [ 18.082073] ret_from_fork+0x113/0x1d0 [ 18.082076] ? __pfx_kthread+0x10/0x10 [ 18.082080] ret_from_fork_asm+0x1a/0x30 [ 18.082085] </TASK> [ 18.082087] [ 18.262509] Allocated by task 197: [ 18.265917] kasan_save_stack+0x45/0x70 [ 18.269756] kasan_save_track+0x18/0x40 [ 18.273595] kasan_save_alloc_info+0x3b/0x50 [ 18.277866] __kasan_krealloc+0x190/0x1f0 [ 18.281880] krealloc_noprof+0xf3/0x340 [ 18.285719] krealloc_more_oob_helper+0x1a9/0x930 [ 18.290425] krealloc_more_oob+0x1c/0x30 [ 18.294363] kunit_try_run_case+0x1a2/0x480 [ 18.298572] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.303971] kthread+0x334/0x6f0 [ 18.307205] ret_from_fork+0x113/0x1d0 [ 18.310956] ret_from_fork_asm+0x1a/0x30 [ 18.314882] [ 18.316394] The buggy address belongs to the object at ffff88810561cc00 [ 18.316394] which belongs to the cache kmalloc-256 of size 256 [ 18.328914] The buggy address is located 5 bytes to the right of [ 18.328914] allocated 235-byte region [ffff88810561cc00, ffff88810561cceb) [ 18.341861] [ 18.343364] The buggy address belongs to the physical page: [ 18.348942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 18.356941] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.364593] flags: 0x200000000000040(head|node=0|zone=2) [ 18.369908] page_type: f5(slab) [ 18.373054] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.380792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.388534] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 18.396367] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.404220] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 18.412055] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 18.419888] page dumped because: kasan: bad access detected [ 18.425461] [ 18.426960] Memory state around the buggy address: [ 18.431753] ffff88810561cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.438972] ffff88810561cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.446193] >ffff88810561cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 18.453417] ^ [ 18.460291] ffff88810561cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.467512] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.474729] ================================================================== [ 17.630962] ================================================================== [ 17.641773] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.649363] Write of size 1 at addr ffff88810561cceb by task kunit_try_catch/197 [ 17.656782] [ 17.658282] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.658291] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 17.658294] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 17.658297] Call Trace: [ 17.658299] <TASK> [ 17.658301] dump_stack_lvl+0x73/0xb0 [ 17.658306] print_report+0xd1/0x650 [ 17.658310] ? __virt_addr_valid+0x1db/0x2d0 [ 17.658314] ? krealloc_more_oob_helper+0x821/0x930 [ 17.658318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.658323] ? krealloc_more_oob_helper+0x821/0x930 [ 17.658327] kasan_report+0x141/0x180 [ 17.658348] ? krealloc_more_oob_helper+0x821/0x930 [ 17.658354] __asan_report_store1_noabort+0x1b/0x30 [ 17.658359] krealloc_more_oob_helper+0x821/0x930 [ 17.658363] ? __schedule+0x10cc/0x2b60 [ 17.658367] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.658384] ? finish_task_switch.isra.0+0x153/0x700 [ 17.658388] ? __switch_to+0x544/0xf50 [ 17.658393] ? __schedule+0x10cc/0x2b60 [ 17.658397] krealloc_more_oob+0x1c/0x30 [ 17.658401] kunit_try_run_case+0x1a2/0x480 [ 17.658406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.658410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.658414] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.658418] ? __kthread_parkme+0x82/0x180 [ 17.658422] ? preempt_count_sub+0x50/0x80 [ 17.658426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.658430] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.658434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.658439] kthread+0x334/0x6f0 [ 17.658442] ? trace_preempt_on+0x20/0xc0 [ 17.658446] ? __pfx_kthread+0x10/0x10 [ 17.658450] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.658454] ? calculate_sigpending+0x7b/0xa0 [ 17.658458] ? __pfx_kthread+0x10/0x10 [ 17.658462] ret_from_fork+0x113/0x1d0 [ 17.658465] ? __pfx_kthread+0x10/0x10 [ 17.658469] ret_from_fork_asm+0x1a/0x30 [ 17.658474] </TASK> [ 17.658476] [ 17.838902] Allocated by task 197: [ 17.842309] kasan_save_stack+0x45/0x70 [ 17.846147] kasan_save_track+0x18/0x40 [ 17.849986] kasan_save_alloc_info+0x3b/0x50 [ 17.854259] __kasan_krealloc+0x190/0x1f0 [ 17.858272] krealloc_noprof+0xf3/0x340 [ 17.862113] krealloc_more_oob_helper+0x1a9/0x930 [ 17.866827] krealloc_more_oob+0x1c/0x30 [ 17.870754] kunit_try_run_case+0x1a2/0x480 [ 17.874947] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.880363] kthread+0x334/0x6f0 [ 17.883612] ret_from_fork+0x113/0x1d0 [ 17.887367] ret_from_fork_asm+0x1a/0x30 [ 17.891317] [ 17.892817] The buggy address belongs to the object at ffff88810561cc00 [ 17.892817] which belongs to the cache kmalloc-256 of size 256 [ 17.905323] The buggy address is located 0 bytes to the right of [ 17.905323] allocated 235-byte region [ffff88810561cc00, ffff88810561cceb) [ 17.918288] [ 17.919789] The buggy address belongs to the physical page: [ 17.925364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561c [ 17.933403] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.941057] flags: 0x200000000000040(head|node=0|zone=2) [ 17.946370] page_type: f5(slab) [ 17.949534] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 17.957282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.965031] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 17.972864] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.980697] head: 0200000000000001 ffffea0004158701 00000000ffffffff 00000000ffffffff [ 17.988525] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.996365] page dumped because: kasan: bad access detected [ 18.001964] [ 18.003466] Memory state around the buggy address: [ 18.008256] ffff88810561cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.015478] ffff88810561cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.022698] >ffff88810561cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 18.029922] ^ [ 18.036536] ffff88810561cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.043755] ffff88810561cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.050976] ================================================================== [ 20.593258] ================================================================== [ 20.604329] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 20.611947] Write of size 1 at addr ffff888104ffa0eb by task kunit_try_catch/201 [ 20.619364] [ 20.620891] CPU: 3 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 20.620900] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 20.620902] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.620905] Call Trace: [ 20.620907] <TASK> [ 20.620909] dump_stack_lvl+0x73/0xb0 [ 20.620914] print_report+0xd1/0x650 [ 20.620918] ? __virt_addr_valid+0x1db/0x2d0 [ 20.620922] ? krealloc_more_oob_helper+0x821/0x930 [ 20.620926] ? kasan_addr_to_slab+0x11/0xa0 [ 20.620930] ? krealloc_more_oob_helper+0x821/0x930 [ 20.620934] kasan_report+0x141/0x180 [ 20.620938] ? krealloc_more_oob_helper+0x821/0x930 [ 20.620943] __asan_report_store1_noabort+0x1b/0x30 [ 20.620948] krealloc_more_oob_helper+0x821/0x930 [ 20.620952] ? __schedule+0x10cc/0x2b60 [ 20.620956] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 20.620961] ? finish_task_switch.isra.0+0x153/0x700 [ 20.620965] ? __switch_to+0x544/0xf50 [ 20.620970] ? __schedule+0x10cc/0x2b60 [ 20.620974] krealloc_large_more_oob+0x1c/0x30 [ 20.620978] kunit_try_run_case+0x1a2/0x480 [ 20.620983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.620987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.620991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.620995] ? __kthread_parkme+0x82/0x180 [ 20.620999] ? preempt_count_sub+0x50/0x80 [ 20.621003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.621007] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.621011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.621015] kthread+0x334/0x6f0 [ 20.621019] ? trace_preempt_on+0x20/0xc0 [ 20.621023] ? __pfx_kthread+0x10/0x10 [ 20.621027] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.621030] ? calculate_sigpending+0x7b/0xa0 [ 20.621035] ? __pfx_kthread+0x10/0x10 [ 20.621039] ret_from_fork+0x113/0x1d0 [ 20.621042] ? __pfx_kthread+0x10/0x10 [ 20.621046] ret_from_fork_asm+0x1a/0x30 [ 20.621051] </TASK> [ 20.621053] [ 20.800802] The buggy address belongs to the physical page: [ 20.806395] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ff8 [ 20.814404] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.822060] flags: 0x200000000000040(head|node=0|zone=2) [ 20.827393] page_type: f8(unknown) [ 20.830806] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.838552] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.846294] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.854128] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.861953] head: 0200000000000002 ffffea000413fe01 00000000ffffffff 00000000ffffffff [ 20.869778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.877603] page dumped because: kasan: bad access detected [ 20.883176] [ 20.884675] Memory state around the buggy address: [ 20.889470] ffff888104ff9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.896688] ffff888104ffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.903910] >ffff888104ffa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 20.911137] ^ [ 20.917748] ffff888104ffa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.924969] ffff888104ffa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.932187] ==================================================================