Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.800838] ================================================================== [ 15.800886] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 15.800932] Write of size 1 at addr fff00000c66b60d0 by task kunit_try_catch/163 [ 15.801150] [ 15.801336] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.801427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.801453] Hardware name: linux,dummy-virt (DT) [ 15.801489] Call trace: [ 15.801607] show_stack+0x20/0x38 (C) [ 15.801682] dump_stack_lvl+0x8c/0xd0 [ 15.801737] print_report+0x118/0x5d0 [ 15.802024] kasan_report+0xdc/0x128 [ 15.802112] __asan_report_store1_noabort+0x20/0x30 [ 15.802165] krealloc_less_oob_helper+0xb9c/0xc50 [ 15.802314] krealloc_large_less_oob+0x20/0x38 [ 15.802382] kunit_try_run_case+0x170/0x3f0 [ 15.802437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.802544] kthread+0x328/0x630 [ 15.802599] ret_from_fork+0x10/0x20 [ 15.802647] [ 15.802685] The buggy address belongs to the physical page: [ 15.802724] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4 [ 15.803021] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.803097] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.803238] page_type: f8(unknown) [ 15.803286] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.803351] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.803461] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.803517] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.803573] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff [ 15.803639] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.803679] page dumped because: kasan: bad access detected [ 15.803878] [ 15.803905] Memory state around the buggy address: [ 15.803949] fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.804001] fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.804521] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.804577] ^ [ 15.804631] fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.804966] fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.805042] ================================================================== [ 15.759656] ================================================================== [ 15.759893] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 15.760033] Write of size 1 at addr fff00000c171e0eb by task kunit_try_catch/159 [ 15.760097] [ 15.760134] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.760297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.760335] Hardware name: linux,dummy-virt (DT) [ 15.760402] Call trace: [ 15.760551] show_stack+0x20/0x38 (C) [ 15.760782] dump_stack_lvl+0x8c/0xd0 [ 15.760852] print_report+0x118/0x5d0 [ 15.761012] kasan_report+0xdc/0x128 [ 15.761090] __asan_report_store1_noabort+0x20/0x30 [ 15.761220] krealloc_less_oob_helper+0xa58/0xc50 [ 15.761306] krealloc_less_oob+0x20/0x38 [ 15.761358] kunit_try_run_case+0x170/0x3f0 [ 15.761650] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.761749] kthread+0x328/0x630 [ 15.762165] ret_from_fork+0x10/0x20 [ 15.762352] [ 15.762372] Allocated by task 159: [ 15.762400] kasan_save_stack+0x3c/0x68 [ 15.762769] kasan_save_track+0x20/0x40 [ 15.762883] kasan_save_alloc_info+0x40/0x58 [ 15.762951] __kasan_krealloc+0x118/0x178 [ 15.763060] krealloc_noprof+0x128/0x360 [ 15.763140] krealloc_less_oob_helper+0x168/0xc50 [ 15.763215] krealloc_less_oob+0x20/0x38 [ 15.763330] kunit_try_run_case+0x170/0x3f0 [ 15.763370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.763544] kthread+0x328/0x630 [ 15.763778] ret_from_fork+0x10/0x20 [ 15.763894] [ 15.763942] The buggy address belongs to the object at fff00000c171e000 [ 15.763942] which belongs to the cache kmalloc-256 of size 256 [ 15.764078] The buggy address is located 34 bytes to the right of [ 15.764078] allocated 201-byte region [fff00000c171e000, fff00000c171e0c9) [ 15.764160] [ 15.764248] The buggy address belongs to the physical page: [ 15.764568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171e [ 15.764662] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.764796] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.764899] page_type: f5(slab) [ 15.765026] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.765094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.765276] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.765345] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.765747] head: 0bfffe0000000001 ffffc1ffc305c781 00000000ffffffff 00000000ffffffff [ 15.765844] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.765959] page dumped because: kasan: bad access detected [ 15.766064] [ 15.766095] Memory state around the buggy address: [ 15.766251] fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766329] fff00000c171e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.766371] >fff00000c171e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.766408] ^ [ 15.766452] fff00000c171e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766493] fff00000c171e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766531] ================================================================== [ 15.727597] ================================================================== [ 15.727658] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 15.727736] Write of size 1 at addr fff00000c171e0c9 by task kunit_try_catch/159 [ 15.728000] [ 15.728174] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.728336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.728479] Hardware name: linux,dummy-virt (DT) [ 15.728538] Call trace: [ 15.728577] show_stack+0x20/0x38 (C) [ 15.728721] dump_stack_lvl+0x8c/0xd0 [ 15.728817] print_report+0x118/0x5d0 [ 15.728871] kasan_report+0xdc/0x128 [ 15.728916] __asan_report_store1_noabort+0x20/0x30 [ 15.728966] krealloc_less_oob_helper+0xa48/0xc50 [ 15.729179] krealloc_less_oob+0x20/0x38 [ 15.729515] kunit_try_run_case+0x170/0x3f0 [ 15.729612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.729686] kthread+0x328/0x630 [ 15.729857] ret_from_fork+0x10/0x20 [ 15.729925] [ 15.729944] Allocated by task 159: [ 15.730146] kasan_save_stack+0x3c/0x68 [ 15.730437] kasan_save_track+0x20/0x40 [ 15.730478] kasan_save_alloc_info+0x40/0x58 [ 15.730863] __kasan_krealloc+0x118/0x178 [ 15.730928] krealloc_noprof+0x128/0x360 [ 15.731046] krealloc_less_oob_helper+0x168/0xc50 [ 15.731104] krealloc_less_oob+0x20/0x38 [ 15.731173] kunit_try_run_case+0x170/0x3f0 [ 15.731255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.731378] kthread+0x328/0x630 [ 15.731409] ret_from_fork+0x10/0x20 [ 15.731476] [ 15.731781] The buggy address belongs to the object at fff00000c171e000 [ 15.731781] which belongs to the cache kmalloc-256 of size 256 [ 15.731883] The buggy address is located 0 bytes to the right of [ 15.731883] allocated 201-byte region [fff00000c171e000, fff00000c171e0c9) [ 15.732072] [ 15.732130] The buggy address belongs to the physical page: [ 15.732174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171e [ 15.732361] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.732410] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.732473] page_type: f5(slab) [ 15.732517] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.732842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.733028] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.733099] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.733174] head: 0bfffe0000000001 ffffc1ffc305c781 00000000ffffffff 00000000ffffffff [ 15.733350] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.733424] page dumped because: kasan: bad access detected [ 15.733462] [ 15.733479] Memory state around the buggy address: [ 15.733646] fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.733692] fff00000c171e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.733733] >fff00000c171e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.733778] ^ [ 15.733814] fff00000c171e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.733855] fff00000c171e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.733893] ================================================================== [ 15.742544] ================================================================== [ 15.742627] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 15.742812] Write of size 1 at addr fff00000c171e0da by task kunit_try_catch/159 [ 15.742899] [ 15.742955] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.743175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.743230] Hardware name: linux,dummy-virt (DT) [ 15.743374] Call trace: [ 15.743438] show_stack+0x20/0x38 (C) [ 15.743490] dump_stack_lvl+0x8c/0xd0 [ 15.743538] print_report+0x118/0x5d0 [ 15.743583] kasan_report+0xdc/0x128 [ 15.743765] __asan_report_store1_noabort+0x20/0x30 [ 15.743952] krealloc_less_oob_helper+0xa80/0xc50 [ 15.744065] krealloc_less_oob+0x20/0x38 [ 15.744119] kunit_try_run_case+0x170/0x3f0 [ 15.744264] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.744320] kthread+0x328/0x630 [ 15.744496] ret_from_fork+0x10/0x20 [ 15.744703] [ 15.744786] Allocated by task 159: [ 15.744857] kasan_save_stack+0x3c/0x68 [ 15.745164] kasan_save_track+0x20/0x40 [ 15.745244] kasan_save_alloc_info+0x40/0x58 [ 15.745373] __kasan_krealloc+0x118/0x178 [ 15.745446] krealloc_noprof+0x128/0x360 [ 15.745725] krealloc_less_oob_helper+0x168/0xc50 [ 15.746004] krealloc_less_oob+0x20/0x38 [ 15.746125] kunit_try_run_case+0x170/0x3f0 [ 15.746183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.746262] kthread+0x328/0x630 [ 15.746538] ret_from_fork+0x10/0x20 [ 15.746653] [ 15.746726] The buggy address belongs to the object at fff00000c171e000 [ 15.746726] which belongs to the cache kmalloc-256 of size 256 [ 15.746787] The buggy address is located 17 bytes to the right of [ 15.746787] allocated 201-byte region [fff00000c171e000, fff00000c171e0c9) [ 15.747092] [ 15.747144] The buggy address belongs to the physical page: [ 15.747240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171e [ 15.747318] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.747380] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.747454] page_type: f5(slab) [ 15.747843] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.747909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.747959] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.748016] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.748064] head: 0bfffe0000000001 ffffc1ffc305c781 00000000ffffffff 00000000ffffffff [ 15.748122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.748162] page dumped because: kasan: bad access detected [ 15.748608] [ 15.748665] Memory state around the buggy address: [ 15.748746] fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.748808] fff00000c171e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.748874] >fff00000c171e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.749045] ^ [ 15.749089] fff00000c171e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.749277] fff00000c171e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.749371] ================================================================== [ 15.794377] ================================================================== [ 15.794757] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 15.795015] Write of size 1 at addr fff00000c66b60c9 by task kunit_try_catch/163 [ 15.795380] [ 15.795430] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.795512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.795538] Hardware name: linux,dummy-virt (DT) [ 15.795625] Call trace: [ 15.795648] show_stack+0x20/0x38 (C) [ 15.795698] dump_stack_lvl+0x8c/0xd0 [ 15.795745] print_report+0x118/0x5d0 [ 15.796158] kasan_report+0xdc/0x128 [ 15.796274] __asan_report_store1_noabort+0x20/0x30 [ 15.796433] krealloc_less_oob_helper+0xa48/0xc50 [ 15.796512] krealloc_large_less_oob+0x20/0x38 [ 15.796700] kunit_try_run_case+0x170/0x3f0 [ 15.796900] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.797029] kthread+0x328/0x630 [ 15.797106] ret_from_fork+0x10/0x20 [ 15.797189] [ 15.797319] The buggy address belongs to the physical page: [ 15.797368] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4 [ 15.797445] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.797576] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.797659] page_type: f8(unknown) [ 15.797721] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.797771] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.798094] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.798256] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.798333] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff [ 15.798463] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.798545] page dumped because: kasan: bad access detected [ 15.798700] [ 15.798964] Memory state around the buggy address: [ 15.799035] fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.799169] fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.799280] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.799420] ^ [ 15.799491] fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.799583] fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.799728] ================================================================== [ 15.735575] ================================================================== [ 15.735841] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 15.736119] Write of size 1 at addr fff00000c171e0d0 by task kunit_try_catch/159 [ 15.736177] [ 15.736220] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.736409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.736456] Hardware name: linux,dummy-virt (DT) [ 15.736553] Call trace: [ 15.736593] show_stack+0x20/0x38 (C) [ 15.736703] dump_stack_lvl+0x8c/0xd0 [ 15.736840] print_report+0x118/0x5d0 [ 15.736887] kasan_report+0xdc/0x128 [ 15.737216] __asan_report_store1_noabort+0x20/0x30 [ 15.737284] krealloc_less_oob_helper+0xb9c/0xc50 [ 15.737386] krealloc_less_oob+0x20/0x38 [ 15.737432] kunit_try_run_case+0x170/0x3f0 [ 15.737478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.737528] kthread+0x328/0x630 [ 15.737577] ret_from_fork+0x10/0x20 [ 15.737643] [ 15.737660] Allocated by task 159: [ 15.737718] kasan_save_stack+0x3c/0x68 [ 15.737759] kasan_save_track+0x20/0x40 [ 15.737794] kasan_save_alloc_info+0x40/0x58 [ 15.737832] __kasan_krealloc+0x118/0x178 [ 15.737868] krealloc_noprof+0x128/0x360 [ 15.737905] krealloc_less_oob_helper+0x168/0xc50 [ 15.737943] krealloc_less_oob+0x20/0x38 [ 15.737979] kunit_try_run_case+0x170/0x3f0 [ 15.738016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.738058] kthread+0x328/0x630 [ 15.738098] ret_from_fork+0x10/0x20 [ 15.738142] [ 15.738160] The buggy address belongs to the object at fff00000c171e000 [ 15.738160] which belongs to the cache kmalloc-256 of size 256 [ 15.738469] The buggy address is located 7 bytes to the right of [ 15.738469] allocated 201-byte region [fff00000c171e000, fff00000c171e0c9) [ 15.738744] [ 15.738788] The buggy address belongs to the physical page: [ 15.738820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171e [ 15.739019] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.739093] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.739475] page_type: f5(slab) [ 15.739553] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.739659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.739726] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.739792] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.740142] head: 0bfffe0000000001 ffffc1ffc305c781 00000000ffffffff 00000000ffffffff [ 15.740220] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.740338] page dumped because: kasan: bad access detected [ 15.740370] [ 15.740387] Memory state around the buggy address: [ 15.740696] fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.740772] fff00000c171e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.740825] >fff00000c171e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.740909] ^ [ 15.740978] fff00000c171e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.741020] fff00000c171e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.741237] ================================================================== [ 15.805408] ================================================================== [ 15.805452] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 15.805497] Write of size 1 at addr fff00000c66b60da by task kunit_try_catch/163 [ 15.805544] [ 15.805573] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.805899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.806315] Hardware name: linux,dummy-virt (DT) [ 15.806357] Call trace: [ 15.806378] show_stack+0x20/0x38 (C) [ 15.806427] dump_stack_lvl+0x8c/0xd0 [ 15.806474] print_report+0x118/0x5d0 [ 15.806519] kasan_report+0xdc/0x128 [ 15.806563] __asan_report_store1_noabort+0x20/0x30 [ 15.806613] krealloc_less_oob_helper+0xa80/0xc50 [ 15.806661] krealloc_large_less_oob+0x20/0x38 [ 15.806734] kunit_try_run_case+0x170/0x3f0 [ 15.806796] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.806847] kthread+0x328/0x630 [ 15.806896] ret_from_fork+0x10/0x20 [ 15.806947] [ 15.806966] The buggy address belongs to the physical page: [ 15.806995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4 [ 15.807046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.807104] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.807154] page_type: f8(unknown) [ 15.807190] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.807883] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.807935] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.808273] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.808571] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff [ 15.808651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.808749] page dumped because: kasan: bad access detected [ 15.808799] [ 15.808816] Memory state around the buggy address: [ 15.808849] fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.808891] fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.809131] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.809258] ^ [ 15.809391] fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.809457] fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.809514] ================================================================== [ 15.815482] ================================================================== [ 15.815572] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 15.815622] Write of size 1 at addr fff00000c66b60eb by task kunit_try_catch/163 [ 15.815892] [ 15.815946] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.816027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.816053] Hardware name: linux,dummy-virt (DT) [ 15.816083] Call trace: [ 15.816103] show_stack+0x20/0x38 (C) [ 15.816312] dump_stack_lvl+0x8c/0xd0 [ 15.816734] print_report+0x118/0x5d0 [ 15.816854] kasan_report+0xdc/0x128 [ 15.816913] __asan_report_store1_noabort+0x20/0x30 [ 15.816963] krealloc_less_oob_helper+0xa58/0xc50 [ 15.817011] krealloc_large_less_oob+0x20/0x38 [ 15.817065] kunit_try_run_case+0x170/0x3f0 [ 15.817112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.817187] kthread+0x328/0x630 [ 15.817238] ret_from_fork+0x10/0x20 [ 15.817299] [ 15.817334] The buggy address belongs to the physical page: [ 15.817371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4 [ 15.817424] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.817469] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.817520] page_type: f8(unknown) [ 15.817557] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.817616] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.817681] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.817738] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.817803] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff [ 15.817861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.817930] page dumped because: kasan: bad access detected [ 15.817960] [ 15.817977] Memory state around the buggy address: [ 15.818006] fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.818047] fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.818090] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.818135] ^ [ 15.818182] fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.818238] fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.818276] ================================================================== [ 15.810699] ================================================================== [ 15.810750] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 15.810806] Write of size 1 at addr fff00000c66b60ea by task kunit_try_catch/163 [ 15.810954] [ 15.811010] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.811091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.811363] Hardware name: linux,dummy-virt (DT) [ 15.811430] Call trace: [ 15.811462] show_stack+0x20/0x38 (C) [ 15.811566] dump_stack_lvl+0x8c/0xd0 [ 15.811620] print_report+0x118/0x5d0 [ 15.811666] kasan_report+0xdc/0x128 [ 15.811910] __asan_report_store1_noabort+0x20/0x30 [ 15.811990] krealloc_less_oob_helper+0xae4/0xc50 [ 15.812117] krealloc_large_less_oob+0x20/0x38 [ 15.812171] kunit_try_run_case+0x170/0x3f0 [ 15.812237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.812582] kthread+0x328/0x630 [ 15.812681] ret_from_fork+0x10/0x20 [ 15.812772] [ 15.812798] The buggy address belongs to the physical page: [ 15.812843] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4 [ 15.812937] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.813005] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.813059] page_type: f8(unknown) [ 15.813362] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.813485] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.813580] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.813647] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.813942] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff [ 15.814066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.814136] page dumped because: kasan: bad access detected [ 15.814194] [ 15.814317] Memory state around the buggy address: [ 15.814351] fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.814645] fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.814782] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.814839] ^ [ 15.814886] fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.814984] fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.815041] ================================================================== [ 15.750412] ================================================================== [ 15.750466] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 15.750746] Write of size 1 at addr fff00000c171e0ea by task kunit_try_catch/159 [ 15.750856] [ 15.750891] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.750970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.751210] Hardware name: linux,dummy-virt (DT) [ 15.751352] Call trace: [ 15.751385] show_stack+0x20/0x38 (C) [ 15.751479] dump_stack_lvl+0x8c/0xd0 [ 15.751530] print_report+0x118/0x5d0 [ 15.751576] kasan_report+0xdc/0x128 [ 15.751620] __asan_report_store1_noabort+0x20/0x30 [ 15.751798] krealloc_less_oob_helper+0xae4/0xc50 [ 15.751868] krealloc_less_oob+0x20/0x38 [ 15.751912] kunit_try_run_case+0x170/0x3f0 [ 15.751957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.752008] kthread+0x328/0x630 [ 15.752048] ret_from_fork+0x10/0x20 [ 15.752094] [ 15.752111] Allocated by task 159: [ 15.752509] kasan_save_stack+0x3c/0x68 [ 15.752661] kasan_save_track+0x20/0x40 [ 15.752716] kasan_save_alloc_info+0x40/0x58 [ 15.752832] __kasan_krealloc+0x118/0x178 [ 15.752898] krealloc_noprof+0x128/0x360 [ 15.752965] krealloc_less_oob_helper+0x168/0xc50 [ 15.753247] krealloc_less_oob+0x20/0x38 [ 15.753322] kunit_try_run_case+0x170/0x3f0 [ 15.753420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.753500] kthread+0x328/0x630 [ 15.753559] ret_from_fork+0x10/0x20 [ 15.753682] [ 15.753731] The buggy address belongs to the object at fff00000c171e000 [ 15.753731] which belongs to the cache kmalloc-256 of size 256 [ 15.753797] The buggy address is located 33 bytes to the right of [ 15.753797] allocated 201-byte region [fff00000c171e000, fff00000c171e0c9) [ 15.753864] [ 15.753883] The buggy address belongs to the physical page: [ 15.753912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171e [ 15.754262] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.754337] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.754425] page_type: f5(slab) [ 15.754484] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.754624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.754932] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.755009] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.755867] head: 0bfffe0000000001 ffffc1ffc305c781 00000000ffffffff 00000000ffffffff [ 15.756528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.757167] page dumped because: kasan: bad access detected [ 15.757243] [ 15.757279] Memory state around the buggy address: [ 15.757613] fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.757674] fff00000c171e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.757822] >fff00000c171e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.757878] ^ [ 15.757916] fff00000c171e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.758194] fff00000c171e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.758598] ==================================================================
[ 16.620931] ================================================================== [ 16.621046] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.621123] Write of size 1 at addr fff00000c78360d0 by task kunit_try_catch/163 [ 16.621176] [ 16.621217] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.621544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.621583] Hardware name: linux,dummy-virt (DT) [ 16.621642] Call trace: [ 16.621664] show_stack+0x20/0x38 (C) [ 16.621740] dump_stack_lvl+0x8c/0xd0 [ 16.621805] print_report+0x118/0x5d0 [ 16.621887] kasan_report+0xdc/0x128 [ 16.621958] __asan_report_store1_noabort+0x20/0x30 [ 16.622017] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.622091] krealloc_large_less_oob+0x20/0x38 [ 16.622140] kunit_try_run_case+0x170/0x3f0 [ 16.622233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.622286] kthread+0x328/0x630 [ 16.622413] ret_from_fork+0x10/0x20 [ 16.622467] [ 16.622487] The buggy address belongs to the physical page: [ 16.622518] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 16.622590] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.622939] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.623008] page_type: f8(unknown) [ 16.623076] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.623127] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.623196] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.623278] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.623365] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 16.623592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.623685] page dumped because: kasan: bad access detected [ 16.623794] [ 16.623821] Memory state around the buggy address: [ 16.623852] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.623892] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.623955] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.623993] ^ [ 16.624028] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.624072] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.624109] ================================================================== [ 16.625019] ================================================================== [ 16.625081] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.625387] Write of size 1 at addr fff00000c78360da by task kunit_try_catch/163 [ 16.625454] [ 16.625484] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.625563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.625600] Hardware name: linux,dummy-virt (DT) [ 16.625630] Call trace: [ 16.625650] show_stack+0x20/0x38 (C) [ 16.625699] dump_stack_lvl+0x8c/0xd0 [ 16.625745] print_report+0x118/0x5d0 [ 16.625789] kasan_report+0xdc/0x128 [ 16.625849] __asan_report_store1_noabort+0x20/0x30 [ 16.625900] krealloc_less_oob_helper+0xa80/0xc50 [ 16.625948] krealloc_large_less_oob+0x20/0x38 [ 16.625999] kunit_try_run_case+0x170/0x3f0 [ 16.626045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.626096] kthread+0x328/0x630 [ 16.626136] ret_from_fork+0x10/0x20 [ 16.626192] [ 16.626211] The buggy address belongs to the physical page: [ 16.626244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 16.626296] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.626342] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.626392] page_type: f8(unknown) [ 16.626429] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.626478] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.626543] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.626601] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.626652] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 16.626700] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.626739] page dumped because: kasan: bad access detected [ 16.626769] [ 16.626786] Memory state around the buggy address: [ 16.626820] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.626863] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.626910] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.626947] ^ [ 16.626982] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.627031] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.627068] ================================================================== [ 16.566768] ================================================================== [ 16.566821] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.566870] Write of size 1 at addr fff00000c4518ec9 by task kunit_try_catch/159 [ 16.566920] [ 16.567076] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.567302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.567369] Hardware name: linux,dummy-virt (DT) [ 16.567436] Call trace: [ 16.567564] show_stack+0x20/0x38 (C) [ 16.567708] dump_stack_lvl+0x8c/0xd0 [ 16.567844] print_report+0x118/0x5d0 [ 16.567891] kasan_report+0xdc/0x128 [ 16.567935] __asan_report_store1_noabort+0x20/0x30 [ 16.568170] krealloc_less_oob_helper+0xa48/0xc50 [ 16.568244] krealloc_less_oob+0x20/0x38 [ 16.568370] kunit_try_run_case+0x170/0x3f0 [ 16.568482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.568622] kthread+0x328/0x630 [ 16.568706] ret_from_fork+0x10/0x20 [ 16.568813] [ 16.568832] Allocated by task 159: [ 16.568863] kasan_save_stack+0x3c/0x68 [ 16.568936] kasan_save_track+0x20/0x40 [ 16.569281] kasan_save_alloc_info+0x40/0x58 [ 16.569397] __kasan_krealloc+0x118/0x178 [ 16.569491] krealloc_noprof+0x128/0x360 [ 16.569529] krealloc_less_oob_helper+0x168/0xc50 [ 16.569823] krealloc_less_oob+0x20/0x38 [ 16.569895] kunit_try_run_case+0x170/0x3f0 [ 16.569931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.570258] kthread+0x328/0x630 [ 16.570313] ret_from_fork+0x10/0x20 [ 16.570349] [ 16.570368] The buggy address belongs to the object at fff00000c4518e00 [ 16.570368] which belongs to the cache kmalloc-256 of size 256 [ 16.570436] The buggy address is located 0 bytes to the right of [ 16.570436] allocated 201-byte region [fff00000c4518e00, fff00000c4518ec9) [ 16.570499] [ 16.570538] The buggy address belongs to the physical page: [ 16.570569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.570633] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.570689] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.570752] page_type: f5(slab) [ 16.570789] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.570865] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.570914] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.570962] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.571034] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.571090] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.571145] page dumped because: kasan: bad access detected [ 16.571175] [ 16.571439] Memory state around the buggy address: [ 16.571600] fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.571664] fff00000c4518e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.571707] >fff00000c4518e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.571746] ^ [ 16.571929] fff00000c4518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.572027] fff00000c4518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.572208] ================================================================== [ 16.592140] ================================================================== [ 16.592199] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.592246] Write of size 1 at addr fff00000c4518eeb by task kunit_try_catch/159 [ 16.592294] [ 16.592322] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.592446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.592473] Hardware name: linux,dummy-virt (DT) [ 16.592637] Call trace: [ 16.592663] show_stack+0x20/0x38 (C) [ 16.592748] dump_stack_lvl+0x8c/0xd0 [ 16.592834] print_report+0x118/0x5d0 [ 16.592908] kasan_report+0xdc/0x128 [ 16.592971] __asan_report_store1_noabort+0x20/0x30 [ 16.593022] krealloc_less_oob_helper+0xa58/0xc50 [ 16.593069] krealloc_less_oob+0x20/0x38 [ 16.593253] kunit_try_run_case+0x170/0x3f0 [ 16.593330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.593394] kthread+0x328/0x630 [ 16.593436] ret_from_fork+0x10/0x20 [ 16.593482] [ 16.593500] Allocated by task 159: [ 16.593527] kasan_save_stack+0x3c/0x68 [ 16.593566] kasan_save_track+0x20/0x40 [ 16.593602] kasan_save_alloc_info+0x40/0x58 [ 16.593641] __kasan_krealloc+0x118/0x178 [ 16.593677] krealloc_noprof+0x128/0x360 [ 16.593713] krealloc_less_oob_helper+0x168/0xc50 [ 16.593750] krealloc_less_oob+0x20/0x38 [ 16.593785] kunit_try_run_case+0x170/0x3f0 [ 16.593820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.593861] kthread+0x328/0x630 [ 16.593892] ret_from_fork+0x10/0x20 [ 16.593936] [ 16.593954] The buggy address belongs to the object at fff00000c4518e00 [ 16.593954] which belongs to the cache kmalloc-256 of size 256 [ 16.594014] The buggy address is located 34 bytes to the right of [ 16.594014] allocated 201-byte region [fff00000c4518e00, fff00000c4518ec9) [ 16.594078] [ 16.594097] The buggy address belongs to the physical page: [ 16.594126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.594509] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.594570] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.594669] page_type: f5(slab) [ 16.594786] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.594853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.594930] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.594979] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.595034] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.595087] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.595137] page dumped because: kasan: bad access detected [ 16.595167] [ 16.595195] Memory state around the buggy address: [ 16.595230] fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.595273] fff00000c4518e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.595320] >fff00000c4518e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.595428] ^ [ 16.595489] fff00000c4518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.595530] fff00000c4518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.595570] ================================================================== [ 16.632706] ================================================================== [ 16.632771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.632825] Write of size 1 at addr fff00000c78360eb by task kunit_try_catch/163 [ 16.632925] [ 16.632992] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.633071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.633097] Hardware name: linux,dummy-virt (DT) [ 16.633460] Call trace: [ 16.633556] show_stack+0x20/0x38 (C) [ 16.633634] dump_stack_lvl+0x8c/0xd0 [ 16.633718] print_report+0x118/0x5d0 [ 16.633789] kasan_report+0xdc/0x128 [ 16.633854] __asan_report_store1_noabort+0x20/0x30 [ 16.633906] krealloc_less_oob_helper+0xa58/0xc50 [ 16.634017] krealloc_large_less_oob+0x20/0x38 [ 16.634101] kunit_try_run_case+0x170/0x3f0 [ 16.634163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.634226] kthread+0x328/0x630 [ 16.634280] ret_from_fork+0x10/0x20 [ 16.634327] [ 16.634346] The buggy address belongs to the physical page: [ 16.634488] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 16.634543] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.634589] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.634788] page_type: f8(unknown) [ 16.634850] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.634901] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.634978] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.635027] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.635246] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 16.635306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.635508] page dumped because: kasan: bad access detected [ 16.635651] [ 16.635672] Memory state around the buggy address: [ 16.635705] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.635764] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.636000] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.636146] ^ [ 16.636245] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.636371] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.636477] ================================================================== [ 16.580581] ================================================================== [ 16.580628] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.580674] Write of size 1 at addr fff00000c4518eda by task kunit_try_catch/159 [ 16.580723] [ 16.580751] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.580829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.580855] Hardware name: linux,dummy-virt (DT) [ 16.580884] Call trace: [ 16.580926] show_stack+0x20/0x38 (C) [ 16.580975] dump_stack_lvl+0x8c/0xd0 [ 16.581025] print_report+0x118/0x5d0 [ 16.581071] kasan_report+0xdc/0x128 [ 16.581120] __asan_report_store1_noabort+0x20/0x30 [ 16.581170] krealloc_less_oob_helper+0xa80/0xc50 [ 16.581478] krealloc_less_oob+0x20/0x38 [ 16.581664] kunit_try_run_case+0x170/0x3f0 [ 16.581718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.581789] kthread+0x328/0x630 [ 16.581831] ret_from_fork+0x10/0x20 [ 16.581881] [ 16.581899] Allocated by task 159: [ 16.582151] kasan_save_stack+0x3c/0x68 [ 16.582245] kasan_save_track+0x20/0x40 [ 16.582351] kasan_save_alloc_info+0x40/0x58 [ 16.582437] __kasan_krealloc+0x118/0x178 [ 16.582504] krealloc_noprof+0x128/0x360 [ 16.582560] krealloc_less_oob_helper+0x168/0xc50 [ 16.582637] krealloc_less_oob+0x20/0x38 [ 16.582672] kunit_try_run_case+0x170/0x3f0 [ 16.582708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.582775] kthread+0x328/0x630 [ 16.582809] ret_from_fork+0x10/0x20 [ 16.582863] [ 16.582911] The buggy address belongs to the object at fff00000c4518e00 [ 16.582911] which belongs to the cache kmalloc-256 of size 256 [ 16.583053] The buggy address is located 17 bytes to the right of [ 16.583053] allocated 201-byte region [fff00000c4518e00, fff00000c4518ec9) [ 16.583153] [ 16.583172] The buggy address belongs to the physical page: [ 16.583213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.583265] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.583312] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.583477] page_type: f5(slab) [ 16.583555] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.583724] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.583838] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.583998] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.584144] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.584289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.584427] page dumped because: kasan: bad access detected [ 16.584522] [ 16.584541] Memory state around the buggy address: [ 16.584572] fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.584763] fff00000c4518e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.584810] >fff00000c4518e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.584848] ^ [ 16.585105] fff00000c4518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.585246] fff00000c4518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.585372] ================================================================== [ 16.627121] ================================================================== [ 16.627155] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.627467] Write of size 1 at addr fff00000c78360ea by task kunit_try_catch/163 [ 16.627787] [ 16.627816] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.627970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.628015] Hardware name: linux,dummy-virt (DT) [ 16.628046] Call trace: [ 16.628066] show_stack+0x20/0x38 (C) [ 16.628152] dump_stack_lvl+0x8c/0xd0 [ 16.628238] print_report+0x118/0x5d0 [ 16.628285] kasan_report+0xdc/0x128 [ 16.628330] __asan_report_store1_noabort+0x20/0x30 [ 16.628380] krealloc_less_oob_helper+0xae4/0xc50 [ 16.628532] krealloc_large_less_oob+0x20/0x38 [ 16.628654] kunit_try_run_case+0x170/0x3f0 [ 16.628809] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.628895] kthread+0x328/0x630 [ 16.628963] ret_from_fork+0x10/0x20 [ 16.629085] [ 16.629142] The buggy address belongs to the physical page: [ 16.629263] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 16.629347] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.629436] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.629517] page_type: f8(unknown) [ 16.629553] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.629603] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.629652] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.629901] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.630069] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 16.630236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.630337] page dumped because: kasan: bad access detected [ 16.630502] [ 16.630630] Memory state around the buggy address: [ 16.630728] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.630848] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.630890] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.631339] ^ [ 16.631443] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.631488] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.631573] ================================================================== [ 16.573910] ================================================================== [ 16.574051] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.574106] Write of size 1 at addr fff00000c4518ed0 by task kunit_try_catch/159 [ 16.574161] [ 16.574230] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.574310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.574336] Hardware name: linux,dummy-virt (DT) [ 16.574374] Call trace: [ 16.574395] show_stack+0x20/0x38 (C) [ 16.574441] dump_stack_lvl+0x8c/0xd0 [ 16.574486] print_report+0x118/0x5d0 [ 16.574530] kasan_report+0xdc/0x128 [ 16.574862] __asan_report_store1_noabort+0x20/0x30 [ 16.574971] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.575022] krealloc_less_oob+0x20/0x38 [ 16.575067] kunit_try_run_case+0x170/0x3f0 [ 16.575114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.575272] kthread+0x328/0x630 [ 16.575316] ret_from_fork+0x10/0x20 [ 16.575362] [ 16.575428] Allocated by task 159: [ 16.575536] kasan_save_stack+0x3c/0x68 [ 16.575661] kasan_save_track+0x20/0x40 [ 16.575810] kasan_save_alloc_info+0x40/0x58 [ 16.575902] __kasan_krealloc+0x118/0x178 [ 16.575939] krealloc_noprof+0x128/0x360 [ 16.575975] krealloc_less_oob_helper+0x168/0xc50 [ 16.576012] krealloc_less_oob+0x20/0x38 [ 16.576047] kunit_try_run_case+0x170/0x3f0 [ 16.576083] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.576124] kthread+0x328/0x630 [ 16.576154] ret_from_fork+0x10/0x20 [ 16.576197] [ 16.576215] The buggy address belongs to the object at fff00000c4518e00 [ 16.576215] which belongs to the cache kmalloc-256 of size 256 [ 16.576427] The buggy address is located 7 bytes to the right of [ 16.576427] allocated 201-byte region [fff00000c4518e00, fff00000c4518ec9) [ 16.576583] [ 16.576686] The buggy address belongs to the physical page: [ 16.576734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.576840] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.576957] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.577073] page_type: f5(slab) [ 16.577176] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.577261] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.577353] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.577604] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.577799] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.577920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.578086] page dumped because: kasan: bad access detected [ 16.578224] [ 16.578325] Memory state around the buggy address: [ 16.578402] fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.578544] fff00000c4518e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.578587] >fff00000c4518e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.578667] ^ [ 16.579025] fff00000c4518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.579116] fff00000c4518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.579166] ================================================================== [ 16.585961] ================================================================== [ 16.586029] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.586078] Write of size 1 at addr fff00000c4518eea by task kunit_try_catch/159 [ 16.586423] [ 16.586466] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.586547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.586575] Hardware name: linux,dummy-virt (DT) [ 16.586655] Call trace: [ 16.586693] show_stack+0x20/0x38 (C) [ 16.586792] dump_stack_lvl+0x8c/0xd0 [ 16.586867] print_report+0x118/0x5d0 [ 16.586932] kasan_report+0xdc/0x128 [ 16.586977] __asan_report_store1_noabort+0x20/0x30 [ 16.587026] krealloc_less_oob_helper+0xae4/0xc50 [ 16.587073] krealloc_less_oob+0x20/0x38 [ 16.587118] kunit_try_run_case+0x170/0x3f0 [ 16.587164] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.587227] kthread+0x328/0x630 [ 16.587268] ret_from_fork+0x10/0x20 [ 16.587314] [ 16.587476] Allocated by task 159: [ 16.587563] kasan_save_stack+0x3c/0x68 [ 16.587618] kasan_save_track+0x20/0x40 [ 16.587654] kasan_save_alloc_info+0x40/0x58 [ 16.587701] __kasan_krealloc+0x118/0x178 [ 16.587737] krealloc_noprof+0x128/0x360 [ 16.588040] krealloc_less_oob_helper+0x168/0xc50 [ 16.588158] krealloc_less_oob+0x20/0x38 [ 16.588302] kunit_try_run_case+0x170/0x3f0 [ 16.588436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.588589] kthread+0x328/0x630 [ 16.588622] ret_from_fork+0x10/0x20 [ 16.588656] [ 16.588675] The buggy address belongs to the object at fff00000c4518e00 [ 16.588675] which belongs to the cache kmalloc-256 of size 256 [ 16.589012] The buggy address is located 33 bytes to the right of [ 16.589012] allocated 201-byte region [fff00000c4518e00, fff00000c4518ec9) [ 16.589257] [ 16.589333] The buggy address belongs to the physical page: [ 16.589420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.589565] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.589716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.589855] page_type: f5(slab) [ 16.589891] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.590230] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.590375] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.590524] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.590750] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.590836] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.591018] page dumped because: kasan: bad access detected [ 16.591086] [ 16.591103] Memory state around the buggy address: [ 16.591133] fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.591221] fff00000c4518e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.591275] >fff00000c4518e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.591323] ^ [ 16.591362] fff00000c4518f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.591414] fff00000c4518f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.591451] ================================================================== [ 16.616924] ================================================================== [ 16.617045] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.617097] Write of size 1 at addr fff00000c78360c9 by task kunit_try_catch/163 [ 16.617146] [ 16.617192] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.617272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.617441] Hardware name: linux,dummy-virt (DT) [ 16.617474] Call trace: [ 16.617495] show_stack+0x20/0x38 (C) [ 16.617560] dump_stack_lvl+0x8c/0xd0 [ 16.617675] print_report+0x118/0x5d0 [ 16.617751] kasan_report+0xdc/0x128 [ 16.617815] __asan_report_store1_noabort+0x20/0x30 [ 16.617883] krealloc_less_oob_helper+0xa48/0xc50 [ 16.617958] krealloc_large_less_oob+0x20/0x38 [ 16.618055] kunit_try_run_case+0x170/0x3f0 [ 16.618119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.618171] kthread+0x328/0x630 [ 16.618223] ret_from_fork+0x10/0x20 [ 16.618268] [ 16.618316] The buggy address belongs to the physical page: [ 16.618353] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 16.618427] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.618474] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.618542] page_type: f8(unknown) [ 16.618582] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.618630] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.618833] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.618887] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.618974] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 16.619064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.619124] page dumped because: kasan: bad access detected [ 16.619172] [ 16.619229] Memory state around the buggy address: [ 16.619282] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.619344] fff00000c7836000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.619493] >fff00000c7836080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.619611] ^ [ 16.619728] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.619771] fff00000c7836180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.619808] ==================================================================
[ 12.396063] ================================================================== [ 12.396424] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.397299] Write of size 1 at addr ffff888103a0e0d0 by task kunit_try_catch/179 [ 12.397662] [ 12.397963] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.398014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.398026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.398045] Call Trace: [ 12.398059] <TASK> [ 12.398075] dump_stack_lvl+0x73/0xb0 [ 12.398103] print_report+0xd1/0x610 [ 12.398126] ? __virt_addr_valid+0x1db/0x2d0 [ 12.398149] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.398173] ? kasan_addr_to_slab+0x11/0xa0 [ 12.398194] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.398219] kasan_report+0x141/0x180 [ 12.398240] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.398270] __asan_report_store1_noabort+0x1b/0x30 [ 12.398295] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.398322] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.398347] ? finish_task_switch.isra.0+0x153/0x700 [ 12.398370] ? __switch_to+0x47/0xf50 [ 12.398396] ? __schedule+0x10cc/0x2b60 [ 12.398434] ? __pfx_read_tsc+0x10/0x10 [ 12.398470] krealloc_large_less_oob+0x1c/0x30 [ 12.398493] kunit_try_run_case+0x1a5/0x480 [ 12.398518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.398541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.398565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.398588] ? __kthread_parkme+0x82/0x180 [ 12.398609] ? preempt_count_sub+0x50/0x80 [ 12.398632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.398656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.398681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.398714] kthread+0x337/0x6f0 [ 12.398733] ? trace_preempt_on+0x20/0xc0 [ 12.398756] ? __pfx_kthread+0x10/0x10 [ 12.398777] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.398798] ? calculate_sigpending+0x7b/0xa0 [ 12.398822] ? __pfx_kthread+0x10/0x10 [ 12.398843] ret_from_fork+0x116/0x1d0 [ 12.398861] ? __pfx_kthread+0x10/0x10 [ 12.398881] ret_from_fork_asm+0x1a/0x30 [ 12.398911] </TASK> [ 12.398920] [ 12.410061] The buggy address belongs to the physical page: [ 12.410407] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.411010] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.411582] flags: 0x200000000000040(head|node=0|zone=2) [ 12.411932] page_type: f8(unknown) [ 12.412223] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.412735] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.413179] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.413696] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.414183] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 12.414680] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.415079] page dumped because: kasan: bad access detected [ 12.415422] [ 12.415566] Memory state around the buggy address: [ 12.415916] ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.416248] ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.416795] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.417143] ^ [ 12.417483] ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.417913] ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.418221] ================================================================== [ 12.465013] ================================================================== [ 12.465611] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.466062] Write of size 1 at addr ffff888103a0e0eb by task kunit_try_catch/179 [ 12.466426] [ 12.466875] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.466921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.466932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.466951] Call Trace: [ 12.466966] <TASK> [ 12.466981] dump_stack_lvl+0x73/0xb0 [ 12.467009] print_report+0xd1/0x610 [ 12.467032] ? __virt_addr_valid+0x1db/0x2d0 [ 12.467054] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.467079] ? kasan_addr_to_slab+0x11/0xa0 [ 12.467099] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.467124] kasan_report+0x141/0x180 [ 12.467145] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.467174] __asan_report_store1_noabort+0x1b/0x30 [ 12.467200] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.467226] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.467252] ? finish_task_switch.isra.0+0x153/0x700 [ 12.467275] ? __switch_to+0x47/0xf50 [ 12.467300] ? __schedule+0x10cc/0x2b60 [ 12.467321] ? __pfx_read_tsc+0x10/0x10 [ 12.467345] krealloc_large_less_oob+0x1c/0x30 [ 12.467368] kunit_try_run_case+0x1a5/0x480 [ 12.467392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.467439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.467475] ? __kthread_parkme+0x82/0x180 [ 12.467496] ? preempt_count_sub+0x50/0x80 [ 12.467518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.467581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.467608] kthread+0x337/0x6f0 [ 12.467627] ? trace_preempt_on+0x20/0xc0 [ 12.467649] ? __pfx_kthread+0x10/0x10 [ 12.467670] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.467691] ? calculate_sigpending+0x7b/0xa0 [ 12.467715] ? __pfx_kthread+0x10/0x10 [ 12.467737] ret_from_fork+0x116/0x1d0 [ 12.467755] ? __pfx_kthread+0x10/0x10 [ 12.467775] ret_from_fork_asm+0x1a/0x30 [ 12.467806] </TASK> [ 12.467816] [ 12.480088] The buggy address belongs to the physical page: [ 12.480553] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.481153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.481717] flags: 0x200000000000040(head|node=0|zone=2) [ 12.482181] page_type: f8(unknown) [ 12.482344] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.482914] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.483304] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.483844] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.484318] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 12.484643] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.484978] page dumped because: kasan: bad access detected [ 12.485216] [ 12.485303] Memory state around the buggy address: [ 12.485529] ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.485805] ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.486119] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.486433] ^ [ 12.487202] ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.487673] ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.488075] ================================================================== [ 12.184531] ================================================================== [ 12.185027] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.185386] Write of size 1 at addr ffff8881003474c9 by task kunit_try_catch/175 [ 12.186033] [ 12.186136] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.186327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.186341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.186362] Call Trace: [ 12.186376] <TASK> [ 12.186393] dump_stack_lvl+0x73/0xb0 [ 12.186439] print_report+0xd1/0x610 [ 12.186474] ? __virt_addr_valid+0x1db/0x2d0 [ 12.186497] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.186520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.186544] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.186568] kasan_report+0x141/0x180 [ 12.186589] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.186619] __asan_report_store1_noabort+0x1b/0x30 [ 12.186644] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.186670] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.186695] ? finish_task_switch.isra.0+0x153/0x700 [ 12.186719] ? __switch_to+0x47/0xf50 [ 12.186745] ? __schedule+0x10cc/0x2b60 [ 12.186767] ? __pfx_read_tsc+0x10/0x10 [ 12.186791] krealloc_less_oob+0x1c/0x30 [ 12.186814] kunit_try_run_case+0x1a5/0x480 [ 12.186839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.186862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.186885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.186909] ? __kthread_parkme+0x82/0x180 [ 12.186929] ? preempt_count_sub+0x50/0x80 [ 12.186952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.186976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.187000] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.187025] kthread+0x337/0x6f0 [ 12.187044] ? trace_preempt_on+0x20/0xc0 [ 12.187068] ? __pfx_kthread+0x10/0x10 [ 12.187088] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.187109] ? calculate_sigpending+0x7b/0xa0 [ 12.187133] ? __pfx_kthread+0x10/0x10 [ 12.187154] ret_from_fork+0x116/0x1d0 [ 12.187172] ? __pfx_kthread+0x10/0x10 [ 12.187193] ret_from_fork_asm+0x1a/0x30 [ 12.187223] </TASK> [ 12.187232] [ 12.196773] Allocated by task 175: [ 12.197060] kasan_save_stack+0x45/0x70 [ 12.197375] kasan_save_track+0x18/0x40 [ 12.197733] kasan_save_alloc_info+0x3b/0x50 [ 12.198101] __kasan_krealloc+0x190/0x1f0 [ 12.198288] krealloc_noprof+0xf3/0x340 [ 12.198441] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.198840] krealloc_less_oob+0x1c/0x30 [ 12.199106] kunit_try_run_case+0x1a5/0x480 [ 12.199466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.199712] kthread+0x337/0x6f0 [ 12.199954] ret_from_fork+0x116/0x1d0 [ 12.200092] ret_from_fork_asm+0x1a/0x30 [ 12.200393] [ 12.200643] The buggy address belongs to the object at ffff888100347400 [ 12.200643] which belongs to the cache kmalloc-256 of size 256 [ 12.201146] The buggy address is located 0 bytes to the right of [ 12.201146] allocated 201-byte region [ffff888100347400, ffff8881003474c9) [ 12.201927] [ 12.202008] The buggy address belongs to the physical page: [ 12.202315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346 [ 12.202753] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.203129] flags: 0x200000000000040(head|node=0|zone=2) [ 12.203492] page_type: f5(slab) [ 12.203661] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.203987] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.204307] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.204879] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.205276] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff [ 12.205698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.206070] page dumped because: kasan: bad access detected [ 12.206393] [ 12.206496] Memory state around the buggy address: [ 12.206796] ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.207050] ffff888100347400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.207355] >ffff888100347480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.207905] ^ [ 12.208221] ffff888100347500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.208676] ffff888100347580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.209002] ================================================================== [ 12.261982] ================================================================== [ 12.262307] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.263470] Write of size 1 at addr ffff8881003474ea by task kunit_try_catch/175 [ 12.263911] [ 12.264109] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.264154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.264166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.264186] Call Trace: [ 12.264202] <TASK> [ 12.264218] dump_stack_lvl+0x73/0xb0 [ 12.264370] print_report+0xd1/0x610 [ 12.264396] ? __virt_addr_valid+0x1db/0x2d0 [ 12.264435] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.264472] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.264496] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.264523] kasan_report+0x141/0x180 [ 12.264545] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.264574] __asan_report_store1_noabort+0x1b/0x30 [ 12.264600] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.264626] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.264652] ? finish_task_switch.isra.0+0x153/0x700 [ 12.264675] ? __switch_to+0x47/0xf50 [ 12.264701] ? __schedule+0x10cc/0x2b60 [ 12.264723] ? __pfx_read_tsc+0x10/0x10 [ 12.264747] krealloc_less_oob+0x1c/0x30 [ 12.264769] kunit_try_run_case+0x1a5/0x480 [ 12.264794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.264817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.264841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.264865] ? __kthread_parkme+0x82/0x180 [ 12.264885] ? preempt_count_sub+0x50/0x80 [ 12.264908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.264933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.264959] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.264984] kthread+0x337/0x6f0 [ 12.265003] ? trace_preempt_on+0x20/0xc0 [ 12.265025] ? __pfx_kthread+0x10/0x10 [ 12.265046] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.265068] ? calculate_sigpending+0x7b/0xa0 [ 12.265093] ? __pfx_kthread+0x10/0x10 [ 12.265114] ret_from_fork+0x116/0x1d0 [ 12.265132] ? __pfx_kthread+0x10/0x10 [ 12.265153] ret_from_fork_asm+0x1a/0x30 [ 12.265184] </TASK> [ 12.265193] [ 12.275075] Allocated by task 175: [ 12.275315] kasan_save_stack+0x45/0x70 [ 12.275635] kasan_save_track+0x18/0x40 [ 12.275946] kasan_save_alloc_info+0x3b/0x50 [ 12.276262] __kasan_krealloc+0x190/0x1f0 [ 12.276422] krealloc_noprof+0xf3/0x340 [ 12.276809] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.277128] krealloc_less_oob+0x1c/0x30 [ 12.277331] kunit_try_run_case+0x1a5/0x480 [ 12.277748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.277990] kthread+0x337/0x6f0 [ 12.278234] ret_from_fork+0x116/0x1d0 [ 12.278379] ret_from_fork_asm+0x1a/0x30 [ 12.278609] [ 12.278699] The buggy address belongs to the object at ffff888100347400 [ 12.278699] which belongs to the cache kmalloc-256 of size 256 [ 12.279205] The buggy address is located 33 bytes to the right of [ 12.279205] allocated 201-byte region [ffff888100347400, ffff8881003474c9) [ 12.279997] [ 12.280252] The buggy address belongs to the physical page: [ 12.280465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346 [ 12.281087] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.281486] flags: 0x200000000000040(head|node=0|zone=2) [ 12.281818] page_type: f5(slab) [ 12.281990] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.282428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.282871] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.283269] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.283797] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff [ 12.284202] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.284620] page dumped because: kasan: bad access detected [ 12.284956] [ 12.285048] Memory state around the buggy address: [ 12.285365] ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.285760] ffff888100347400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.286118] >ffff888100347480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.286501] ^ [ 12.286876] ffff888100347500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.287147] ffff888100347580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.287593] ================================================================== [ 12.370817] ================================================================== [ 12.371320] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.371845] Write of size 1 at addr ffff888103a0e0c9 by task kunit_try_catch/179 [ 12.372406] [ 12.372703] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.372752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.372764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.372786] Call Trace: [ 12.372799] <TASK> [ 12.372817] dump_stack_lvl+0x73/0xb0 [ 12.372851] print_report+0xd1/0x610 [ 12.372875] ? __virt_addr_valid+0x1db/0x2d0 [ 12.372900] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372925] ? kasan_addr_to_slab+0x11/0xa0 [ 12.372945] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372970] kasan_report+0x141/0x180 [ 12.372991] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.373020] __asan_report_store1_noabort+0x1b/0x30 [ 12.373046] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.373072] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.373097] ? finish_task_switch.isra.0+0x153/0x700 [ 12.373122] ? __switch_to+0x47/0xf50 [ 12.373148] ? __schedule+0x10cc/0x2b60 [ 12.373171] ? __pfx_read_tsc+0x10/0x10 [ 12.373195] krealloc_large_less_oob+0x1c/0x30 [ 12.373218] kunit_try_run_case+0x1a5/0x480 [ 12.373246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.373269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.373293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.373317] ? __kthread_parkme+0x82/0x180 [ 12.373338] ? preempt_count_sub+0x50/0x80 [ 12.373361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.373385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.373726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.373762] kthread+0x337/0x6f0 [ 12.373783] ? trace_preempt_on+0x20/0xc0 [ 12.373808] ? __pfx_kthread+0x10/0x10 [ 12.373829] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.373851] ? calculate_sigpending+0x7b/0xa0 [ 12.373876] ? __pfx_kthread+0x10/0x10 [ 12.373897] ret_from_fork+0x116/0x1d0 [ 12.373916] ? __pfx_kthread+0x10/0x10 [ 12.373936] ret_from_fork_asm+0x1a/0x30 [ 12.373969] </TASK> [ 12.373980] [ 12.386375] The buggy address belongs to the physical page: [ 12.386854] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.387301] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.387793] flags: 0x200000000000040(head|node=0|zone=2) [ 12.388151] page_type: f8(unknown) [ 12.388348] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.388848] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.389271] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.389875] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.390403] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 12.390988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.391407] page dumped because: kasan: bad access detected [ 12.391953] [ 12.392225] Memory state around the buggy address: [ 12.392491] ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.393041] ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.393324] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.393954] ^ [ 12.394345] ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.395036] ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.395330] ================================================================== [ 12.209695] ================================================================== [ 12.210422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.210996] Write of size 1 at addr ffff8881003474d0 by task kunit_try_catch/175 [ 12.211369] [ 12.211533] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.211576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.211610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.211629] Call Trace: [ 12.211642] <TASK> [ 12.211655] dump_stack_lvl+0x73/0xb0 [ 12.211819] print_report+0xd1/0x610 [ 12.211846] ? __virt_addr_valid+0x1db/0x2d0 [ 12.211868] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.211892] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.211915] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.211960] kasan_report+0x141/0x180 [ 12.211981] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.212010] __asan_report_store1_noabort+0x1b/0x30 [ 12.212138] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.212166] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.212191] ? finish_task_switch.isra.0+0x153/0x700 [ 12.212215] ? __switch_to+0x47/0xf50 [ 12.212239] ? __schedule+0x10cc/0x2b60 [ 12.212261] ? __pfx_read_tsc+0x10/0x10 [ 12.212295] krealloc_less_oob+0x1c/0x30 [ 12.212316] kunit_try_run_case+0x1a5/0x480 [ 12.212341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.212363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.212386] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.212420] ? __kthread_parkme+0x82/0x180 [ 12.212440] ? preempt_count_sub+0x50/0x80 [ 12.212475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.212499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.212523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.212548] kthread+0x337/0x6f0 [ 12.212567] ? trace_preempt_on+0x20/0xc0 [ 12.212589] ? __pfx_kthread+0x10/0x10 [ 12.212609] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.212631] ? calculate_sigpending+0x7b/0xa0 [ 12.212654] ? __pfx_kthread+0x10/0x10 [ 12.212675] ret_from_fork+0x116/0x1d0 [ 12.212693] ? __pfx_kthread+0x10/0x10 [ 12.212713] ret_from_fork_asm+0x1a/0x30 [ 12.212743] </TASK> [ 12.212753] [ 12.222372] Allocated by task 175: [ 12.222711] kasan_save_stack+0x45/0x70 [ 12.222988] kasan_save_track+0x18/0x40 [ 12.223277] kasan_save_alloc_info+0x3b/0x50 [ 12.223598] __kasan_krealloc+0x190/0x1f0 [ 12.223799] krealloc_noprof+0xf3/0x340 [ 12.223980] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.224199] krealloc_less_oob+0x1c/0x30 [ 12.224399] kunit_try_run_case+0x1a5/0x480 [ 12.224892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.225190] kthread+0x337/0x6f0 [ 12.225318] ret_from_fork+0x116/0x1d0 [ 12.225744] ret_from_fork_asm+0x1a/0x30 [ 12.225987] [ 12.226225] The buggy address belongs to the object at ffff888100347400 [ 12.226225] which belongs to the cache kmalloc-256 of size 256 [ 12.226871] The buggy address is located 7 bytes to the right of [ 12.226871] allocated 201-byte region [ffff888100347400, ffff8881003474c9) [ 12.227421] [ 12.227819] The buggy address belongs to the physical page: [ 12.228080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346 [ 12.228520] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.228938] flags: 0x200000000000040(head|node=0|zone=2) [ 12.229262] page_type: f5(slab) [ 12.229458] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.229781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.230103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.230694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.230990] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff [ 12.231391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.231820] page dumped because: kasan: bad access detected [ 12.232149] [ 12.232246] Memory state around the buggy address: [ 12.232470] ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.232976] ffff888100347400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.233331] >ffff888100347480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.233789] ^ [ 12.234141] ffff888100347500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.234593] ffff888100347580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.234896] ================================================================== [ 12.418950] ================================================================== [ 12.419585] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.420033] Write of size 1 at addr ffff888103a0e0da by task kunit_try_catch/179 [ 12.420353] [ 12.420680] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.420725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.420908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.420929] Call Trace: [ 12.420945] <TASK> [ 12.420960] dump_stack_lvl+0x73/0xb0 [ 12.420989] print_report+0xd1/0x610 [ 12.421014] ? __virt_addr_valid+0x1db/0x2d0 [ 12.421039] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.421064] ? kasan_addr_to_slab+0x11/0xa0 [ 12.421085] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.421110] kasan_report+0x141/0x180 [ 12.421131] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.421161] __asan_report_store1_noabort+0x1b/0x30 [ 12.421186] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.421212] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.421237] ? finish_task_switch.isra.0+0x153/0x700 [ 12.421260] ? __switch_to+0x47/0xf50 [ 12.421285] ? __schedule+0x10cc/0x2b60 [ 12.421307] ? __pfx_read_tsc+0x10/0x10 [ 12.421331] krealloc_large_less_oob+0x1c/0x30 [ 12.421354] kunit_try_run_case+0x1a5/0x480 [ 12.421378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.421410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.421435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.421473] ? __kthread_parkme+0x82/0x180 [ 12.421494] ? preempt_count_sub+0x50/0x80 [ 12.421517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.421541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.421574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.421600] kthread+0x337/0x6f0 [ 12.421620] ? trace_preempt_on+0x20/0xc0 [ 12.421643] ? __pfx_kthread+0x10/0x10 [ 12.421664] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.421685] ? calculate_sigpending+0x7b/0xa0 [ 12.421709] ? __pfx_kthread+0x10/0x10 [ 12.421730] ret_from_fork+0x116/0x1d0 [ 12.421749] ? __pfx_kthread+0x10/0x10 [ 12.421769] ret_from_fork_asm+0x1a/0x30 [ 12.421799] </TASK> [ 12.421808] [ 12.432932] The buggy address belongs to the physical page: [ 12.433309] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.433858] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.434350] flags: 0x200000000000040(head|node=0|zone=2) [ 12.434772] page_type: f8(unknown) [ 12.434911] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.435228] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.435830] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.436159] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.436637] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 12.437080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.437546] page dumped because: kasan: bad access detected [ 12.437951] [ 12.438035] Memory state around the buggy address: [ 12.438323] ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.438898] ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.439319] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.439846] ^ [ 12.440083] ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.440533] ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.441034] ================================================================== [ 12.441532] ================================================================== [ 12.441946] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.442282] Write of size 1 at addr ffff888103a0e0ea by task kunit_try_catch/179 [ 12.442802] [ 12.442935] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.442991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.443390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.443413] Call Trace: [ 12.443429] <TASK> [ 12.443443] dump_stack_lvl+0x73/0xb0 [ 12.443484] print_report+0xd1/0x610 [ 12.443506] ? __virt_addr_valid+0x1db/0x2d0 [ 12.443529] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.443553] ? kasan_addr_to_slab+0x11/0xa0 [ 12.443592] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.443616] kasan_report+0x141/0x180 [ 12.443638] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.443667] __asan_report_store1_noabort+0x1b/0x30 [ 12.443692] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.443719] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.443744] ? finish_task_switch.isra.0+0x153/0x700 [ 12.443767] ? __switch_to+0x47/0xf50 [ 12.443792] ? __schedule+0x10cc/0x2b60 [ 12.443814] ? __pfx_read_tsc+0x10/0x10 [ 12.443838] krealloc_large_less_oob+0x1c/0x30 [ 12.443861] kunit_try_run_case+0x1a5/0x480 [ 12.443886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.443909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.443933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.443957] ? __kthread_parkme+0x82/0x180 [ 12.443977] ? preempt_count_sub+0x50/0x80 [ 12.444000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.444024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.444048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.444076] kthread+0x337/0x6f0 [ 12.444094] ? trace_preempt_on+0x20/0xc0 [ 12.444117] ? __pfx_kthread+0x10/0x10 [ 12.444138] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.444159] ? calculate_sigpending+0x7b/0xa0 [ 12.444183] ? __pfx_kthread+0x10/0x10 [ 12.444204] ret_from_fork+0x116/0x1d0 [ 12.444223] ? __pfx_kthread+0x10/0x10 [ 12.444243] ret_from_fork_asm+0x1a/0x30 [ 12.444274] </TASK> [ 12.444287] [ 12.455807] The buggy address belongs to the physical page: [ 12.456144] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.456627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.457164] flags: 0x200000000000040(head|node=0|zone=2) [ 12.457403] page_type: f8(unknown) [ 12.457779] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.458189] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.458724] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.459225] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.459688] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 12.460281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.460768] page dumped because: kasan: bad access detected [ 12.461102] [ 12.461179] Memory state around the buggy address: [ 12.461462] ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.462072] ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.462490] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.462998] ^ [ 12.463502] ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.463969] ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.464274] ================================================================== [ 12.236172] ================================================================== [ 12.236553] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.237095] Write of size 1 at addr ffff8881003474da by task kunit_try_catch/175 [ 12.237474] [ 12.237877] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.237925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.237937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.237958] Call Trace: [ 12.237972] <TASK> [ 12.237987] dump_stack_lvl+0x73/0xb0 [ 12.238018] print_report+0xd1/0x610 [ 12.238040] ? __virt_addr_valid+0x1db/0x2d0 [ 12.238063] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.238087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.238111] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.238135] kasan_report+0x141/0x180 [ 12.238157] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.238186] __asan_report_store1_noabort+0x1b/0x30 [ 12.238211] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.238238] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.238263] ? finish_task_switch.isra.0+0x153/0x700 [ 12.238287] ? __switch_to+0x47/0xf50 [ 12.238311] ? __schedule+0x10cc/0x2b60 [ 12.238333] ? __pfx_read_tsc+0x10/0x10 [ 12.238357] krealloc_less_oob+0x1c/0x30 [ 12.238379] kunit_try_run_case+0x1a5/0x480 [ 12.238413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.238475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.238498] ? __kthread_parkme+0x82/0x180 [ 12.238520] ? preempt_count_sub+0x50/0x80 [ 12.238543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.238592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.238617] kthread+0x337/0x6f0 [ 12.238636] ? trace_preempt_on+0x20/0xc0 [ 12.238659] ? __pfx_kthread+0x10/0x10 [ 12.238679] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.238700] ? calculate_sigpending+0x7b/0xa0 [ 12.238724] ? __pfx_kthread+0x10/0x10 [ 12.238746] ret_from_fork+0x116/0x1d0 [ 12.238764] ? __pfx_kthread+0x10/0x10 [ 12.238784] ret_from_fork_asm+0x1a/0x30 [ 12.238815] </TASK> [ 12.238825] [ 12.248719] Allocated by task 175: [ 12.248904] kasan_save_stack+0x45/0x70 [ 12.249098] kasan_save_track+0x18/0x40 [ 12.249281] kasan_save_alloc_info+0x3b/0x50 [ 12.249484] __kasan_krealloc+0x190/0x1f0 [ 12.250022] krealloc_noprof+0xf3/0x340 [ 12.250313] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.250603] krealloc_less_oob+0x1c/0x30 [ 12.250887] kunit_try_run_case+0x1a5/0x480 [ 12.251152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.251528] kthread+0x337/0x6f0 [ 12.251716] ret_from_fork+0x116/0x1d0 [ 12.251987] ret_from_fork_asm+0x1a/0x30 [ 12.252137] [ 12.252373] The buggy address belongs to the object at ffff888100347400 [ 12.252373] which belongs to the cache kmalloc-256 of size 256 [ 12.253134] The buggy address is located 17 bytes to the right of [ 12.253134] allocated 201-byte region [ffff888100347400, ffff8881003474c9) [ 12.253769] [ 12.253852] The buggy address belongs to the physical page: [ 12.254180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346 [ 12.254687] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.254987] flags: 0x200000000000040(head|node=0|zone=2) [ 12.255358] page_type: f5(slab) [ 12.255652] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.256024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.256412] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.256826] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.257133] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff [ 12.257692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.258027] page dumped because: kasan: bad access detected [ 12.258337] [ 12.258459] Memory state around the buggy address: [ 12.258828] ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.259219] ffff888100347400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.259652] >ffff888100347480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.259945] ^ [ 12.260218] ffff888100347500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.260705] ffff888100347580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.261067] ================================================================== [ 12.288409] ================================================================== [ 12.289294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.290078] Write of size 1 at addr ffff8881003474eb by task kunit_try_catch/175 [ 12.290472] [ 12.290991] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.291044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.291056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.291077] Call Trace: [ 12.291094] <TASK> [ 12.291111] dump_stack_lvl+0x73/0xb0 [ 12.291141] print_report+0xd1/0x610 [ 12.291166] ? __virt_addr_valid+0x1db/0x2d0 [ 12.291191] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.291215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.291239] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.291264] kasan_report+0x141/0x180 [ 12.291285] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.291314] __asan_report_store1_noabort+0x1b/0x30 [ 12.291340] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.291366] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.291391] ? finish_task_switch.isra.0+0x153/0x700 [ 12.291432] ? __switch_to+0x47/0xf50 [ 12.291471] ? __schedule+0x10cc/0x2b60 [ 12.291493] ? __pfx_read_tsc+0x10/0x10 [ 12.291517] krealloc_less_oob+0x1c/0x30 [ 12.291539] kunit_try_run_case+0x1a5/0x480 [ 12.291564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.291586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.291610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.291634] ? __kthread_parkme+0x82/0x180 [ 12.291654] ? preempt_count_sub+0x50/0x80 [ 12.291892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.291921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.291946] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.291997] kthread+0x337/0x6f0 [ 12.292017] ? trace_preempt_on+0x20/0xc0 [ 12.292041] ? __pfx_kthread+0x10/0x10 [ 12.292122] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.292160] ? calculate_sigpending+0x7b/0xa0 [ 12.292185] ? __pfx_kthread+0x10/0x10 [ 12.292206] ret_from_fork+0x116/0x1d0 [ 12.292236] ? __pfx_kthread+0x10/0x10 [ 12.292257] ret_from_fork_asm+0x1a/0x30 [ 12.292308] </TASK> [ 12.292317] [ 12.301156] Allocated by task 175: [ 12.301478] kasan_save_stack+0x45/0x70 [ 12.301795] kasan_save_track+0x18/0x40 [ 12.302047] kasan_save_alloc_info+0x3b/0x50 [ 12.302230] __kasan_krealloc+0x190/0x1f0 [ 12.302553] krealloc_noprof+0xf3/0x340 [ 12.302752] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.302916] krealloc_less_oob+0x1c/0x30 [ 12.303055] kunit_try_run_case+0x1a5/0x480 [ 12.303201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.303375] kthread+0x337/0x6f0 [ 12.303527] ret_from_fork+0x116/0x1d0 [ 12.303660] ret_from_fork_asm+0x1a/0x30 [ 12.303839] [ 12.303940] The buggy address belongs to the object at ffff888100347400 [ 12.303940] which belongs to the cache kmalloc-256 of size 256 [ 12.305839] The buggy address is located 34 bytes to the right of [ 12.305839] allocated 201-byte region [ffff888100347400, ffff8881003474c9) [ 12.306303] [ 12.306541] The buggy address belongs to the physical page: [ 12.307250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346 [ 12.307959] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.308480] flags: 0x200000000000040(head|node=0|zone=2) [ 12.308939] page_type: f5(slab) [ 12.309111] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.309639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.310173] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.310658] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.310989] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff [ 12.311306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.312002] page dumped because: kasan: bad access detected [ 12.312333] [ 12.312573] Memory state around the buggy address: [ 12.313048] ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.313332] ffff888100347400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.313867] >ffff888100347480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.314284] ^ [ 12.314758] ffff888100347500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.315055] ffff888100347580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.315339] ==================================================================
[ 12.584394] ================================================================== [ 12.585017] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.585877] Write of size 1 at addr ffff8881003438eb by task kunit_try_catch/176 [ 12.586261] [ 12.586351] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.586393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.586405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.586425] Call Trace: [ 12.586441] <TASK> [ 12.586457] dump_stack_lvl+0x73/0xb0 [ 12.586486] print_report+0xd1/0x610 [ 12.586508] ? __virt_addr_valid+0x1db/0x2d0 [ 12.586531] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.586555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.586578] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.586603] kasan_report+0x141/0x180 [ 12.586624] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.586666] __asan_report_store1_noabort+0x1b/0x30 [ 12.586691] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.586723] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.586748] ? finish_task_switch.isra.0+0x153/0x700 [ 12.586772] ? __switch_to+0x47/0xf50 [ 12.586797] ? __schedule+0x10cc/0x2b60 [ 12.586819] ? __pfx_read_tsc+0x10/0x10 [ 12.586843] krealloc_less_oob+0x1c/0x30 [ 12.586865] kunit_try_run_case+0x1a5/0x480 [ 12.586888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.586912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.586935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.586959] ? __kthread_parkme+0x82/0x180 [ 12.586978] ? preempt_count_sub+0x50/0x80 [ 12.587001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.587026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.587060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.587086] kthread+0x337/0x6f0 [ 12.587104] ? trace_preempt_on+0x20/0xc0 [ 12.587141] ? __pfx_kthread+0x10/0x10 [ 12.587162] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.587183] ? calculate_sigpending+0x7b/0xa0 [ 12.587207] ? __pfx_kthread+0x10/0x10 [ 12.587229] ret_from_fork+0x116/0x1d0 [ 12.587247] ? __pfx_kthread+0x10/0x10 [ 12.587268] ret_from_fork_asm+0x1a/0x30 [ 12.587299] </TASK> [ 12.587308] [ 12.600731] Allocated by task 176: [ 12.600862] kasan_save_stack+0x45/0x70 [ 12.601010] kasan_save_track+0x18/0x40 [ 12.601404] kasan_save_alloc_info+0x3b/0x50 [ 12.601946] __kasan_krealloc+0x190/0x1f0 [ 12.602314] krealloc_noprof+0xf3/0x340 [ 12.602864] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.603413] krealloc_less_oob+0x1c/0x30 [ 12.603839] kunit_try_run_case+0x1a5/0x480 [ 12.604254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.604814] kthread+0x337/0x6f0 [ 12.605148] ret_from_fork+0x116/0x1d0 [ 12.605491] ret_from_fork_asm+0x1a/0x30 [ 12.605946] [ 12.606121] The buggy address belongs to the object at ffff888100343800 [ 12.606121] which belongs to the cache kmalloc-256 of size 256 [ 12.607454] The buggy address is located 34 bytes to the right of [ 12.607454] allocated 201-byte region [ffff888100343800, ffff8881003438c9) [ 12.608235] [ 12.608399] The buggy address belongs to the physical page: [ 12.608987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342 [ 12.609749] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.610311] flags: 0x200000000000040(head|node=0|zone=2) [ 12.610493] page_type: f5(slab) [ 12.610614] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.611558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.612360] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.613239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.613736] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff [ 12.613977] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.614266] page dumped because: kasan: bad access detected [ 12.614746] [ 12.615150] Memory state around the buggy address: [ 12.615592] ffff888100343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.616294] ffff888100343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.617182] >ffff888100343880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.617810] ^ [ 12.618382] ffff888100343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.618601] ffff888100343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.618834] ================================================================== [ 12.736125] ================================================================== [ 12.736445] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.737285] Write of size 1 at addr ffff888102cae0da by task kunit_try_catch/180 [ 12.737806] [ 12.737914] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.738117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.738131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.738237] Call Trace: [ 12.738252] <TASK> [ 12.738267] dump_stack_lvl+0x73/0xb0 [ 12.738298] print_report+0xd1/0x610 [ 12.738319] ? __virt_addr_valid+0x1db/0x2d0 [ 12.738342] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.738367] ? kasan_addr_to_slab+0x11/0xa0 [ 12.738388] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.738413] kasan_report+0x141/0x180 [ 12.738434] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.738463] __asan_report_store1_noabort+0x1b/0x30 [ 12.738489] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.738516] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.738541] ? finish_task_switch.isra.0+0x153/0x700 [ 12.738565] ? __switch_to+0x47/0xf50 [ 12.738592] ? __schedule+0x10cc/0x2b60 [ 12.738615] ? __pfx_read_tsc+0x10/0x10 [ 12.738653] krealloc_large_less_oob+0x1c/0x30 [ 12.738677] kunit_try_run_case+0x1a5/0x480 [ 12.738709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.738733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.738757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.738781] ? __kthread_parkme+0x82/0x180 [ 12.738801] ? preempt_count_sub+0x50/0x80 [ 12.738824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.738849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.738874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.738900] kthread+0x337/0x6f0 [ 12.738918] ? trace_preempt_on+0x20/0xc0 [ 12.738942] ? __pfx_kthread+0x10/0x10 [ 12.738962] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.738985] ? calculate_sigpending+0x7b/0xa0 [ 12.739009] ? __pfx_kthread+0x10/0x10 [ 12.739030] ret_from_fork+0x116/0x1d0 [ 12.739049] ? __pfx_kthread+0x10/0x10 [ 12.739079] ret_from_fork_asm+0x1a/0x30 [ 12.739110] </TASK> [ 12.739119] [ 12.749960] The buggy address belongs to the physical page: [ 12.750499] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cac [ 12.751214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.752031] flags: 0x200000000000040(head|node=0|zone=2) [ 12.752539] page_type: f8(unknown) [ 12.752927] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.753600] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.754336] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.754891] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.755196] head: 0200000000000002 ffffea00040b2b01 00000000ffffffff 00000000ffffffff [ 12.756023] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.756622] page dumped because: kasan: bad access detected [ 12.757065] [ 12.757138] Memory state around the buggy address: [ 12.757572] ffff888102cadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.758094] ffff888102cae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.758752] >ffff888102cae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.759048] ^ [ 12.759479] ffff888102cae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.760307] ffff888102cae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.760597] ================================================================== [ 12.761393] ================================================================== [ 12.761842] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.762107] Write of size 1 at addr ffff888102cae0ea by task kunit_try_catch/180 [ 12.762815] [ 12.762990] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.763033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.763045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.763074] Call Trace: [ 12.763088] <TASK> [ 12.763103] dump_stack_lvl+0x73/0xb0 [ 12.763130] print_report+0xd1/0x610 [ 12.763159] ? __virt_addr_valid+0x1db/0x2d0 [ 12.763181] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.763206] ? kasan_addr_to_slab+0x11/0xa0 [ 12.763226] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.763252] kasan_report+0x141/0x180 [ 12.763274] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.763303] __asan_report_store1_noabort+0x1b/0x30 [ 12.763328] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.763355] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.763381] ? finish_task_switch.isra.0+0x153/0x700 [ 12.763404] ? __switch_to+0x47/0xf50 [ 12.763430] ? __schedule+0x10cc/0x2b60 [ 12.763452] ? __pfx_read_tsc+0x10/0x10 [ 12.763476] krealloc_large_less_oob+0x1c/0x30 [ 12.763499] kunit_try_run_case+0x1a5/0x480 [ 12.763524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.763547] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.763570] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.763594] ? __kthread_parkme+0x82/0x180 [ 12.763615] ? preempt_count_sub+0x50/0x80 [ 12.763637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.763662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.763686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.763712] kthread+0x337/0x6f0 [ 12.763731] ? trace_preempt_on+0x20/0xc0 [ 12.763754] ? __pfx_kthread+0x10/0x10 [ 12.763775] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.763797] ? calculate_sigpending+0x7b/0xa0 [ 12.763821] ? __pfx_kthread+0x10/0x10 [ 12.763843] ret_from_fork+0x116/0x1d0 [ 12.763862] ? __pfx_kthread+0x10/0x10 [ 12.763882] ret_from_fork_asm+0x1a/0x30 [ 12.763913] </TASK> [ 12.763922] [ 12.778184] The buggy address belongs to the physical page: [ 12.778797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cac [ 12.779603] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.780316] flags: 0x200000000000040(head|node=0|zone=2) [ 12.780818] page_type: f8(unknown) [ 12.780952] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.781231] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.782081] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.782898] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.783349] head: 0200000000000002 ffffea00040b2b01 00000000ffffffff 00000000ffffffff [ 12.783598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.783830] page dumped because: kasan: bad access detected [ 12.784003] [ 12.784715] Memory state around the buggy address: [ 12.785033] ffff888102cadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.785725] ffff888102cae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.786359] >ffff888102cae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.787060] ^ [ 12.787791] ffff888102cae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.788699] ffff888102cae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.789029] ================================================================== [ 12.485285] ================================================================== [ 12.485618] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.486011] Write of size 1 at addr ffff8881003438d0 by task kunit_try_catch/176 [ 12.486364] [ 12.486451] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.486494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.486505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.486525] Call Trace: [ 12.486540] <TASK> [ 12.486556] dump_stack_lvl+0x73/0xb0 [ 12.486585] print_report+0xd1/0x610 [ 12.486607] ? __virt_addr_valid+0x1db/0x2d0 [ 12.486630] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.486655] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.486678] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.486703] kasan_report+0x141/0x180 [ 12.486802] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.486832] __asan_report_store1_noabort+0x1b/0x30 [ 12.486858] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.486885] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.486928] ? finish_task_switch.isra.0+0x153/0x700 [ 12.486954] ? __switch_to+0x47/0xf50 [ 12.486994] ? __schedule+0x10cc/0x2b60 [ 12.487016] ? __pfx_read_tsc+0x10/0x10 [ 12.487041] krealloc_less_oob+0x1c/0x30 [ 12.487076] kunit_try_run_case+0x1a5/0x480 [ 12.487100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.487134] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.487157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.487182] ? __kthread_parkme+0x82/0x180 [ 12.487202] ? preempt_count_sub+0x50/0x80 [ 12.487225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.487250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.487275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.487318] kthread+0x337/0x6f0 [ 12.487350] ? trace_preempt_on+0x20/0xc0 [ 12.487374] ? __pfx_kthread+0x10/0x10 [ 12.487395] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.487416] ? calculate_sigpending+0x7b/0xa0 [ 12.487441] ? __pfx_kthread+0x10/0x10 [ 12.487462] ret_from_fork+0x116/0x1d0 [ 12.487482] ? __pfx_kthread+0x10/0x10 [ 12.487504] ret_from_fork_asm+0x1a/0x30 [ 12.487535] </TASK> [ 12.487544] [ 12.496189] Allocated by task 176: [ 12.496348] kasan_save_stack+0x45/0x70 [ 12.496501] kasan_save_track+0x18/0x40 [ 12.496721] kasan_save_alloc_info+0x3b/0x50 [ 12.497004] __kasan_krealloc+0x190/0x1f0 [ 12.497188] krealloc_noprof+0xf3/0x340 [ 12.497354] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.497579] krealloc_less_oob+0x1c/0x30 [ 12.497871] kunit_try_run_case+0x1a5/0x480 [ 12.498048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.498464] kthread+0x337/0x6f0 [ 12.498645] ret_from_fork+0x116/0x1d0 [ 12.498862] ret_from_fork_asm+0x1a/0x30 [ 12.498999] [ 12.499079] The buggy address belongs to the object at ffff888100343800 [ 12.499079] which belongs to the cache kmalloc-256 of size 256 [ 12.500024] The buggy address is located 7 bytes to the right of [ 12.500024] allocated 201-byte region [ffff888100343800, ffff8881003438c9) [ 12.500861] [ 12.500958] The buggy address belongs to the physical page: [ 12.501302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342 [ 12.501540] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.501833] flags: 0x200000000000040(head|node=0|zone=2) [ 12.502119] page_type: f5(slab) [ 12.502385] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.502830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.503105] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.503351] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.504105] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff [ 12.504483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.505294] page dumped because: kasan: bad access detected [ 12.505961] [ 12.506182] Memory state around the buggy address: [ 12.506621] ffff888100343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.507369] ffff888100343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.508225] >ffff888100343880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.509005] ^ [ 12.509616] ffff888100343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.510074] ffff888100343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.510694] ================================================================== [ 12.549087] ================================================================== [ 12.549504] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.550105] Write of size 1 at addr ffff8881003438ea by task kunit_try_catch/176 [ 12.550808] [ 12.551048] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.551107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.551119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.551140] Call Trace: [ 12.551155] <TASK> [ 12.551170] dump_stack_lvl+0x73/0xb0 [ 12.551199] print_report+0xd1/0x610 [ 12.551221] ? __virt_addr_valid+0x1db/0x2d0 [ 12.551244] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.551268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.551291] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.551316] kasan_report+0x141/0x180 [ 12.551338] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.551368] __asan_report_store1_noabort+0x1b/0x30 [ 12.551393] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.551420] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.551445] ? finish_task_switch.isra.0+0x153/0x700 [ 12.551469] ? __switch_to+0x47/0xf50 [ 12.551493] ? __schedule+0x10cc/0x2b60 [ 12.551515] ? __pfx_read_tsc+0x10/0x10 [ 12.551539] krealloc_less_oob+0x1c/0x30 [ 12.551561] kunit_try_run_case+0x1a5/0x480 [ 12.551586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.551609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.551633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.551659] ? __kthread_parkme+0x82/0x180 [ 12.551680] ? preempt_count_sub+0x50/0x80 [ 12.551703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.551727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.551752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.551778] kthread+0x337/0x6f0 [ 12.551796] ? trace_preempt_on+0x20/0xc0 [ 12.551820] ? __pfx_kthread+0x10/0x10 [ 12.551841] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.551862] ? calculate_sigpending+0x7b/0xa0 [ 12.551887] ? __pfx_kthread+0x10/0x10 [ 12.551908] ret_from_fork+0x116/0x1d0 [ 12.551927] ? __pfx_kthread+0x10/0x10 [ 12.551948] ret_from_fork_asm+0x1a/0x30 [ 12.551979] </TASK> [ 12.551989] [ 12.566130] Allocated by task 176: [ 12.566451] kasan_save_stack+0x45/0x70 [ 12.566611] kasan_save_track+0x18/0x40 [ 12.566750] kasan_save_alloc_info+0x3b/0x50 [ 12.566901] __kasan_krealloc+0x190/0x1f0 [ 12.567041] krealloc_noprof+0xf3/0x340 [ 12.567192] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.567356] krealloc_less_oob+0x1c/0x30 [ 12.567496] kunit_try_run_case+0x1a5/0x480 [ 12.567644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.567820] kthread+0x337/0x6f0 [ 12.567942] ret_from_fork+0x116/0x1d0 [ 12.568116] ret_from_fork_asm+0x1a/0x30 [ 12.568491] [ 12.568682] The buggy address belongs to the object at ffff888100343800 [ 12.568682] which belongs to the cache kmalloc-256 of size 256 [ 12.569848] The buggy address is located 33 bytes to the right of [ 12.569848] allocated 201-byte region [ffff888100343800, ffff8881003438c9) [ 12.570931] [ 12.571469] The buggy address belongs to the physical page: [ 12.572021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342 [ 12.574297] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.574926] flags: 0x200000000000040(head|node=0|zone=2) [ 12.575353] page_type: f5(slab) [ 12.575483] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.575716] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.575948] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.576410] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.577035] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff [ 12.577678] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.578449] page dumped because: kasan: bad access detected [ 12.579016] [ 12.579343] Memory state around the buggy address: [ 12.579825] ffff888100343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.580516] ffff888100343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.581302] >ffff888100343880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.582028] ^ [ 12.582817] ffff888100343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.583067] ffff888100343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.583496] ================================================================== [ 12.709554] ================================================================== [ 12.710426] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.711154] Write of size 1 at addr ffff888102cae0d0 by task kunit_try_catch/180 [ 12.712093] [ 12.712395] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.712567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.712580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.712600] Call Trace: [ 12.712613] <TASK> [ 12.712627] dump_stack_lvl+0x73/0xb0 [ 12.712657] print_report+0xd1/0x610 [ 12.712680] ? __virt_addr_valid+0x1db/0x2d0 [ 12.712702] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.712726] ? kasan_addr_to_slab+0x11/0xa0 [ 12.712747] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.712772] kasan_report+0x141/0x180 [ 12.712793] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.712822] __asan_report_store1_noabort+0x1b/0x30 [ 12.712848] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.712875] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.712900] ? finish_task_switch.isra.0+0x153/0x700 [ 12.712922] ? __switch_to+0x47/0xf50 [ 12.712946] ? __schedule+0x10cc/0x2b60 [ 12.712969] ? __pfx_read_tsc+0x10/0x10 [ 12.712993] krealloc_large_less_oob+0x1c/0x30 [ 12.713016] kunit_try_run_case+0x1a5/0x480 [ 12.713040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.713073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.713097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.713190] ? __kthread_parkme+0x82/0x180 [ 12.713214] ? preempt_count_sub+0x50/0x80 [ 12.713237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.713262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.713287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.713312] kthread+0x337/0x6f0 [ 12.713332] ? trace_preempt_on+0x20/0xc0 [ 12.713354] ? __pfx_kthread+0x10/0x10 [ 12.713375] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.713397] ? calculate_sigpending+0x7b/0xa0 [ 12.713421] ? __pfx_kthread+0x10/0x10 [ 12.713442] ret_from_fork+0x116/0x1d0 [ 12.713461] ? __pfx_kthread+0x10/0x10 [ 12.713481] ret_from_fork_asm+0x1a/0x30 [ 12.713512] </TASK> [ 12.713521] [ 12.725920] The buggy address belongs to the physical page: [ 12.726400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cac [ 12.727044] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.727550] flags: 0x200000000000040(head|node=0|zone=2) [ 12.727982] page_type: f8(unknown) [ 12.728398] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.728973] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.729404] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.729808] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.730113] head: 0200000000000002 ffffea00040b2b01 00000000ffffffff 00000000ffffffff [ 12.730919] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.731318] page dumped because: kasan: bad access detected [ 12.731655] [ 12.731790] Memory state around the buggy address: [ 12.732218] ffff888102cadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.732509] ffff888102cae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.732886] >ffff888102cae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.733465] ^ [ 12.733831] ffff888102cae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.734436] ffff888102cae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.734865] ================================================================== [ 12.511838] ================================================================== [ 12.512905] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.513856] Write of size 1 at addr ffff8881003438da by task kunit_try_catch/176 [ 12.514289] [ 12.514377] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.514421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.514433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.514452] Call Trace: [ 12.514463] <TASK> [ 12.514477] dump_stack_lvl+0x73/0xb0 [ 12.514505] print_report+0xd1/0x610 [ 12.514528] ? __virt_addr_valid+0x1db/0x2d0 [ 12.514551] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.514576] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.514600] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.514625] kasan_report+0x141/0x180 [ 12.514720] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.514754] __asan_report_store1_noabort+0x1b/0x30 [ 12.514780] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.514807] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.514852] ? finish_task_switch.isra.0+0x153/0x700 [ 12.514891] ? __switch_to+0x47/0xf50 [ 12.514916] ? __schedule+0x10cc/0x2b60 [ 12.514938] ? __pfx_read_tsc+0x10/0x10 [ 12.514963] krealloc_less_oob+0x1c/0x30 [ 12.514985] kunit_try_run_case+0x1a5/0x480 [ 12.515010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.515033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.515068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.515092] ? __kthread_parkme+0x82/0x180 [ 12.515113] ? preempt_count_sub+0x50/0x80 [ 12.515137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.515162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.515187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.515212] kthread+0x337/0x6f0 [ 12.515231] ? trace_preempt_on+0x20/0xc0 [ 12.515254] ? __pfx_kthread+0x10/0x10 [ 12.515275] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.515296] ? calculate_sigpending+0x7b/0xa0 [ 12.515320] ? __pfx_kthread+0x10/0x10 [ 12.515342] ret_from_fork+0x116/0x1d0 [ 12.515360] ? __pfx_kthread+0x10/0x10 [ 12.515381] ret_from_fork_asm+0x1a/0x30 [ 12.515412] </TASK> [ 12.515422] [ 12.530531] Allocated by task 176: [ 12.530819] kasan_save_stack+0x45/0x70 [ 12.530967] kasan_save_track+0x18/0x40 [ 12.531114] kasan_save_alloc_info+0x3b/0x50 [ 12.531556] __kasan_krealloc+0x190/0x1f0 [ 12.531991] krealloc_noprof+0xf3/0x340 [ 12.532404] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.533040] krealloc_less_oob+0x1c/0x30 [ 12.533516] kunit_try_run_case+0x1a5/0x480 [ 12.533937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.534557] kthread+0x337/0x6f0 [ 12.534845] ret_from_fork+0x116/0x1d0 [ 12.534982] ret_from_fork_asm+0x1a/0x30 [ 12.535142] [ 12.535334] The buggy address belongs to the object at ffff888100343800 [ 12.535334] which belongs to the cache kmalloc-256 of size 256 [ 12.536505] The buggy address is located 17 bytes to the right of [ 12.536505] allocated 201-byte region [ffff888100343800, ffff8881003438c9) [ 12.537498] [ 12.537575] The buggy address belongs to the physical page: [ 12.538066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342 [ 12.538920] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.539832] flags: 0x200000000000040(head|node=0|zone=2) [ 12.540043] page_type: f5(slab) [ 12.540197] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.541025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.541848] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.542212] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.542437] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff [ 12.542758] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.543455] page dumped because: kasan: bad access detected [ 12.544040] [ 12.544260] Memory state around the buggy address: [ 12.544851] ffff888100343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.545506] ffff888100343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.546226] >ffff888100343880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.546437] ^ [ 12.546617] ffff888100343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.547427] ffff888100343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.548112] ================================================================== [ 12.455243] ================================================================== [ 12.456322] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.456575] Write of size 1 at addr ffff8881003438c9 by task kunit_try_catch/176 [ 12.456800] [ 12.456892] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.456937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.456949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.456970] Call Trace: [ 12.456981] <TASK> [ 12.456996] dump_stack_lvl+0x73/0xb0 [ 12.457024] print_report+0xd1/0x610 [ 12.457047] ? __virt_addr_valid+0x1db/0x2d0 [ 12.457097] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.457121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.457145] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.457170] kasan_report+0x141/0x180 [ 12.457193] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.457222] __asan_report_store1_noabort+0x1b/0x30 [ 12.457248] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.457274] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.457300] ? finish_task_switch.isra.0+0x153/0x700 [ 12.457323] ? __switch_to+0x47/0xf50 [ 12.457349] ? __schedule+0x10cc/0x2b60 [ 12.457372] ? __pfx_read_tsc+0x10/0x10 [ 12.457397] krealloc_less_oob+0x1c/0x30 [ 12.457443] kunit_try_run_case+0x1a5/0x480 [ 12.457468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.457492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.457517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.457541] ? __kthread_parkme+0x82/0x180 [ 12.457562] ? preempt_count_sub+0x50/0x80 [ 12.457586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.457610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.457635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.457661] kthread+0x337/0x6f0 [ 12.457679] ? trace_preempt_on+0x20/0xc0 [ 12.457704] ? __pfx_kthread+0x10/0x10 [ 12.457737] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.457759] ? calculate_sigpending+0x7b/0xa0 [ 12.457783] ? __pfx_kthread+0x10/0x10 [ 12.457823] ret_from_fork+0x116/0x1d0 [ 12.457843] ? __pfx_kthread+0x10/0x10 [ 12.457864] ret_from_fork_asm+0x1a/0x30 [ 12.457913] </TASK> [ 12.457925] [ 12.472755] Allocated by task 176: [ 12.473215] kasan_save_stack+0x45/0x70 [ 12.473437] kasan_save_track+0x18/0x40 [ 12.473649] kasan_save_alloc_info+0x3b/0x50 [ 12.473936] __kasan_krealloc+0x190/0x1f0 [ 12.474136] krealloc_noprof+0xf3/0x340 [ 12.474340] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.474567] krealloc_less_oob+0x1c/0x30 [ 12.474782] kunit_try_run_case+0x1a5/0x480 [ 12.474998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.475298] kthread+0x337/0x6f0 [ 12.475444] ret_from_fork+0x116/0x1d0 [ 12.475634] ret_from_fork_asm+0x1a/0x30 [ 12.475865] [ 12.476164] The buggy address belongs to the object at ffff888100343800 [ 12.476164] which belongs to the cache kmalloc-256 of size 256 [ 12.476680] The buggy address is located 0 bytes to the right of [ 12.476680] allocated 201-byte region [ffff888100343800, ffff8881003438c9) [ 12.477263] [ 12.477451] The buggy address belongs to the physical page: [ 12.477831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342 [ 12.478257] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.478578] flags: 0x200000000000040(head|node=0|zone=2) [ 12.478844] page_type: f5(slab) [ 12.479107] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.479427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.480084] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.480473] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.480892] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff [ 12.481351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.481701] page dumped because: kasan: bad access detected [ 12.481936] [ 12.482084] Memory state around the buggy address: [ 12.482366] ffff888100343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.482800] ffff888100343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.483147] >ffff888100343880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.483445] ^ [ 12.483691] ffff888100343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.484024] ffff888100343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.484637] ================================================================== [ 12.790602] ================================================================== [ 12.791165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.792119] Write of size 1 at addr ffff888102cae0eb by task kunit_try_catch/180 [ 12.793222] [ 12.793347] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.793401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.793414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.793436] Call Trace: [ 12.793450] <TASK> [ 12.793466] dump_stack_lvl+0x73/0xb0 [ 12.793498] print_report+0xd1/0x610 [ 12.793521] ? __virt_addr_valid+0x1db/0x2d0 [ 12.793544] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.793568] ? kasan_addr_to_slab+0x11/0xa0 [ 12.793590] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.793615] kasan_report+0x141/0x180 [ 12.793637] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.793670] __asan_report_store1_noabort+0x1b/0x30 [ 12.793696] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.793723] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.793748] ? finish_task_switch.isra.0+0x153/0x700 [ 12.793770] ? __switch_to+0x47/0xf50 [ 12.793795] ? __schedule+0x10cc/0x2b60 [ 12.793817] ? __pfx_read_tsc+0x10/0x10 [ 12.793842] krealloc_large_less_oob+0x1c/0x30 [ 12.793865] kunit_try_run_case+0x1a5/0x480 [ 12.793890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.793913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.793937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.793961] ? __kthread_parkme+0x82/0x180 [ 12.793981] ? preempt_count_sub+0x50/0x80 [ 12.794004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.794029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.794063] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.794089] kthread+0x337/0x6f0 [ 12.794107] ? trace_preempt_on+0x20/0xc0 [ 12.794130] ? __pfx_kthread+0x10/0x10 [ 12.794151] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.794173] ? calculate_sigpending+0x7b/0xa0 [ 12.794197] ? __pfx_kthread+0x10/0x10 [ 12.794218] ret_from_fork+0x116/0x1d0 [ 12.794238] ? __pfx_kthread+0x10/0x10 [ 12.794258] ret_from_fork_asm+0x1a/0x30 [ 12.794289] </TASK> [ 12.794299] [ 12.802343] The buggy address belongs to the physical page: [ 12.802582] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cac [ 12.802910] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.803227] flags: 0x200000000000040(head|node=0|zone=2) [ 12.803457] page_type: f8(unknown) [ 12.803638] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.803913] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.804378] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.804701] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.804983] head: 0200000000000002 ffffea00040b2b01 00000000ffffffff 00000000ffffffff [ 12.805576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.805833] page dumped because: kasan: bad access detected [ 12.806008] [ 12.806108] Memory state around the buggy address: [ 12.806408] ffff888102cadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.806730] ffff888102cae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.807073] >ffff888102cae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.807579] ^ [ 12.807911] ffff888102cae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.808232] ffff888102cae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.808448] ================================================================== [ 12.682495] ================================================================== [ 12.682914] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.683662] Write of size 1 at addr ffff888102cae0c9 by task kunit_try_catch/180 [ 12.684371] [ 12.684472] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.684516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.684528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.684548] Call Trace: [ 12.684561] <TASK> [ 12.684576] dump_stack_lvl+0x73/0xb0 [ 12.684609] print_report+0xd1/0x610 [ 12.684633] ? __virt_addr_valid+0x1db/0x2d0 [ 12.684659] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.684684] ? kasan_addr_to_slab+0x11/0xa0 [ 12.684705] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.684730] kasan_report+0x141/0x180 [ 12.684752] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.684781] __asan_report_store1_noabort+0x1b/0x30 [ 12.684807] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.684833] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.684859] ? finish_task_switch.isra.0+0x153/0x700 [ 12.684883] ? __switch_to+0x47/0xf50 [ 12.684909] ? __schedule+0x10cc/0x2b60 [ 12.684931] ? __pfx_read_tsc+0x10/0x10 [ 12.684955] krealloc_large_less_oob+0x1c/0x30 [ 12.684979] kunit_try_run_case+0x1a5/0x480 [ 12.685004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.685027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.685067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.685091] ? __kthread_parkme+0x82/0x180 [ 12.685112] ? preempt_count_sub+0x50/0x80 [ 12.685148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.685211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.685238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.685263] kthread+0x337/0x6f0 [ 12.685283] ? trace_preempt_on+0x20/0xc0 [ 12.685306] ? __pfx_kthread+0x10/0x10 [ 12.685327] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.685348] ? calculate_sigpending+0x7b/0xa0 [ 12.685373] ? __pfx_kthread+0x10/0x10 [ 12.685394] ret_from_fork+0x116/0x1d0 [ 12.685413] ? __pfx_kthread+0x10/0x10 [ 12.685434] ret_from_fork_asm+0x1a/0x30 [ 12.685465] </TASK> [ 12.685475] [ 12.698618] The buggy address belongs to the physical page: [ 12.699124] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cac [ 12.699904] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.700300] flags: 0x200000000000040(head|node=0|zone=2) [ 12.700907] page_type: f8(unknown) [ 12.701113] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.701650] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.702205] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.702801] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.703398] head: 0200000000000002 ffffea00040b2b01 00000000ffffffff 00000000ffffffff [ 12.703922] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.704319] page dumped because: kasan: bad access detected [ 12.704884] [ 12.705012] Memory state around the buggy address: [ 12.705472] ffff888102cadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.706020] ffff888102cae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.706583] >ffff888102cae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.707181] ^ [ 12.707558] ffff888102cae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.708190] ffff888102cae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.708639] ==================================================================