Date
July 20, 2025, 11:12 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 16.460498] ================================================================== [ 16.460545] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.460592] Write of size 1 at addr fff00000c653c4eb by task kunit_try_catch/158 [ 16.460642] [ 16.460671] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.460749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.460775] Hardware name: linux,dummy-virt (DT) [ 16.460804] Call trace: [ 16.460834] show_stack+0x20/0x38 (C) [ 16.461134] dump_stack_lvl+0x8c/0xd0 [ 16.461416] print_report+0x118/0x5d0 [ 16.461490] kasan_report+0xdc/0x128 [ 16.461536] __asan_report_store1_noabort+0x20/0x30 [ 16.462184] krealloc_less_oob_helper+0xa58/0xc50 [ 16.462665] krealloc_less_oob+0x20/0x38 [ 16.462720] kunit_try_run_case+0x170/0x3f0 [ 16.462871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.462951] kthread+0x328/0x630 [ 16.463065] ret_from_fork+0x10/0x20 [ 16.463113] [ 16.463140] Allocated by task 158: [ 16.463225] kasan_save_stack+0x3c/0x68 [ 16.463365] kasan_save_track+0x20/0x40 [ 16.463423] kasan_save_alloc_info+0x40/0x58 [ 16.463549] __kasan_krealloc+0x118/0x178 [ 16.463586] krealloc_noprof+0x128/0x360 [ 16.463654] krealloc_less_oob_helper+0x168/0xc50 [ 16.463692] krealloc_less_oob+0x20/0x38 [ 16.463727] kunit_try_run_case+0x170/0x3f0 [ 16.463926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.464053] kthread+0x328/0x630 [ 16.464086] ret_from_fork+0x10/0x20 [ 16.464120] [ 16.464139] The buggy address belongs to the object at fff00000c653c400 [ 16.464139] which belongs to the cache kmalloc-256 of size 256 [ 16.464199] The buggy address is located 34 bytes to the right of [ 16.464199] allocated 201-byte region [fff00000c653c400, fff00000c653c4c9) [ 16.464345] [ 16.464366] The buggy address belongs to the physical page: [ 16.465018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653c [ 16.465123] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.465187] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.465237] page_type: f5(slab) [ 16.465353] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.465404] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.465460] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.465642] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.465691] head: 0bfffe0000000001 ffffc1ffc3194f01 00000000ffffffff 00000000ffffffff [ 16.466253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.466305] page dumped because: kasan: bad access detected [ 16.466335] [ 16.466353] Memory state around the buggy address: [ 16.466385] fff00000c653c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.466484] fff00000c653c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.466526] >fff00000c653c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.466804] ^ [ 16.466925] fff00000c653c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.467063] fff00000c653c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.467187] ================================================================== [ 16.400722] ================================================================== [ 16.401106] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.401519] Write of size 1 at addr fff00000c653c4c9 by task kunit_try_catch/158 [ 16.401572] [ 16.402001] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.402120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.402147] Hardware name: linux,dummy-virt (DT) [ 16.402178] Call trace: [ 16.402214] show_stack+0x20/0x38 (C) [ 16.402266] dump_stack_lvl+0x8c/0xd0 [ 16.402506] print_report+0x118/0x5d0 [ 16.402853] kasan_report+0xdc/0x128 [ 16.402911] __asan_report_store1_noabort+0x20/0x30 [ 16.403198] krealloc_less_oob_helper+0xa48/0xc50 [ 16.403425] krealloc_less_oob+0x20/0x38 [ 16.403556] kunit_try_run_case+0x170/0x3f0 [ 16.403634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.403687] kthread+0x328/0x630 [ 16.403728] ret_from_fork+0x10/0x20 [ 16.403775] [ 16.403793] Allocated by task 158: [ 16.403821] kasan_save_stack+0x3c/0x68 [ 16.403862] kasan_save_track+0x20/0x40 [ 16.403916] kasan_save_alloc_info+0x40/0x58 [ 16.403956] __kasan_krealloc+0x118/0x178 [ 16.404125] krealloc_noprof+0x128/0x360 [ 16.404289] krealloc_less_oob_helper+0x168/0xc50 [ 16.404340] krealloc_less_oob+0x20/0x38 [ 16.404377] kunit_try_run_case+0x170/0x3f0 [ 16.404416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.404546] kthread+0x328/0x630 [ 16.404594] ret_from_fork+0x10/0x20 [ 16.404629] [ 16.404649] The buggy address belongs to the object at fff00000c653c400 [ 16.404649] which belongs to the cache kmalloc-256 of size 256 [ 16.404705] The buggy address is located 0 bytes to the right of [ 16.404705] allocated 201-byte region [fff00000c653c400, fff00000c653c4c9) [ 16.405204] [ 16.405249] The buggy address belongs to the physical page: [ 16.405397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653c [ 16.405732] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.406029] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.406553] page_type: f5(slab) [ 16.406779] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.407366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.408118] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.408393] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.409018] head: 0bfffe0000000001 ffffc1ffc3194f01 00000000ffffffff 00000000ffffffff [ 16.409212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.409714] page dumped because: kasan: bad access detected [ 16.409864] [ 16.409918] Memory state around the buggy address: [ 16.410175] fff00000c653c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.410991] fff00000c653c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.411650] >fff00000c653c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.411704] ^ [ 16.412376] fff00000c653c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.412602] fff00000c653c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.412975] ================================================================== [ 16.440755] ================================================================== [ 16.441471] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.441581] Write of size 1 at addr fff00000c653c4da by task kunit_try_catch/158 [ 16.441635] [ 16.441667] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.441748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.441775] Hardware name: linux,dummy-virt (DT) [ 16.443935] Call trace: [ 16.444120] show_stack+0x20/0x38 (C) [ 16.444441] dump_stack_lvl+0x8c/0xd0 [ 16.445405] print_report+0x118/0x5d0 [ 16.445612] kasan_report+0xdc/0x128 [ 16.445671] __asan_report_store1_noabort+0x20/0x30 [ 16.445722] krealloc_less_oob_helper+0xa80/0xc50 [ 16.445856] krealloc_less_oob+0x20/0x38 [ 16.446390] kunit_try_run_case+0x170/0x3f0 [ 16.446454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.446540] kthread+0x328/0x630 [ 16.446583] ret_from_fork+0x10/0x20 [ 16.446635] [ 16.446728] Allocated by task 158: [ 16.446987] kasan_save_stack+0x3c/0x68 [ 16.447033] kasan_save_track+0x20/0x40 [ 16.447242] kasan_save_alloc_info+0x40/0x58 [ 16.447386] __kasan_krealloc+0x118/0x178 [ 16.447698] krealloc_noprof+0x128/0x360 [ 16.447830] krealloc_less_oob_helper+0x168/0xc50 [ 16.448184] krealloc_less_oob+0x20/0x38 [ 16.448468] kunit_try_run_case+0x170/0x3f0 [ 16.448558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.448603] kthread+0x328/0x630 [ 16.448634] ret_from_fork+0x10/0x20 [ 16.448669] [ 16.448688] The buggy address belongs to the object at fff00000c653c400 [ 16.448688] which belongs to the cache kmalloc-256 of size 256 [ 16.448746] The buggy address is located 17 bytes to the right of [ 16.448746] allocated 201-byte region [fff00000c653c400, fff00000c653c4c9) [ 16.448814] [ 16.448847] The buggy address belongs to the physical page: [ 16.448879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653c [ 16.449105] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.449280] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.449502] page_type: f5(slab) [ 16.449541] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.449591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.449940] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.450099] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.450208] head: 0bfffe0000000001 ffffc1ffc3194f01 00000000ffffffff 00000000ffffffff [ 16.450348] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.450388] page dumped because: kasan: bad access detected [ 16.450420] [ 16.450437] Memory state around the buggy address: [ 16.450658] fff00000c653c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.450803] fff00000c653c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.450849] >fff00000c653c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.450885] ^ [ 16.450934] fff00000c653c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.450978] fff00000c653c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.451015] ================================================================== [ 16.517056] ================================================================== [ 16.517097] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.517580] Write of size 1 at addr fff00000c78c20eb by task kunit_try_catch/162 [ 16.517708] [ 16.517743] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.517913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.517939] Hardware name: linux,dummy-virt (DT) [ 16.517969] Call trace: [ 16.518015] show_stack+0x20/0x38 (C) [ 16.518064] dump_stack_lvl+0x8c/0xd0 [ 16.518394] print_report+0x118/0x5d0 [ 16.518465] kasan_report+0xdc/0x128 [ 16.518600] __asan_report_store1_noabort+0x20/0x30 [ 16.518718] krealloc_less_oob_helper+0xa58/0xc50 [ 16.518767] krealloc_large_less_oob+0x20/0x38 [ 16.518821] kunit_try_run_case+0x170/0x3f0 [ 16.518947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.519002] kthread+0x328/0x630 [ 16.519045] ret_from_fork+0x10/0x20 [ 16.519091] [ 16.519346] The buggy address belongs to the physical page: [ 16.519494] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 16.519607] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.519653] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.519703] page_type: f8(unknown) [ 16.519797] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.519907] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.519957] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.520005] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.520275] head: 0bfffe0000000002 ffffc1ffc31e3001 00000000ffffffff 00000000ffffffff [ 16.520386] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.520492] page dumped because: kasan: bad access detected [ 16.520555] [ 16.520581] Memory state around the buggy address: [ 16.520612] fff00000c78c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.520654] fff00000c78c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.520696] >fff00000c78c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.520733] ^ [ 16.520801] fff00000c78c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.520849] fff00000c78c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.521174] ================================================================== [ 16.508068] ================================================================== [ 16.508393] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.508443] Write of size 1 at addr fff00000c78c20da by task kunit_try_catch/162 [ 16.508490] [ 16.508518] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.508777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.508809] Hardware name: linux,dummy-virt (DT) [ 16.508838] Call trace: [ 16.508859] show_stack+0x20/0x38 (C) [ 16.508920] dump_stack_lvl+0x8c/0xd0 [ 16.508967] print_report+0x118/0x5d0 [ 16.509013] kasan_report+0xdc/0x128 [ 16.509059] __asan_report_store1_noabort+0x20/0x30 [ 16.509109] krealloc_less_oob_helper+0xa80/0xc50 [ 16.509157] krealloc_large_less_oob+0x20/0x38 [ 16.509204] kunit_try_run_case+0x170/0x3f0 [ 16.509260] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.509313] kthread+0x328/0x630 [ 16.509377] ret_from_fork+0x10/0x20 [ 16.509661] [ 16.509806] The buggy address belongs to the physical page: [ 16.509871] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 16.509935] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.510134] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.510205] page_type: f8(unknown) [ 16.510354] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.510403] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.510468] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.510567] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.510742] head: 0bfffe0000000002 ffffc1ffc31e3001 00000000ffffffff 00000000ffffffff [ 16.510818] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.511170] page dumped because: kasan: bad access detected [ 16.511281] [ 16.511322] Memory state around the buggy address: [ 16.511353] fff00000c78c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.511419] fff00000c78c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.511461] >fff00000c78c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.511498] ^ [ 16.511537] fff00000c78c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.511584] fff00000c78c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.511650] ================================================================== [ 16.417812] ================================================================== [ 16.418563] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.418858] Write of size 1 at addr fff00000c653c4d0 by task kunit_try_catch/158 [ 16.418931] [ 16.419936] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.420675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.420881] Hardware name: linux,dummy-virt (DT) [ 16.421128] Call trace: [ 16.421379] show_stack+0x20/0x38 (C) [ 16.421434] dump_stack_lvl+0x8c/0xd0 [ 16.421481] print_report+0x118/0x5d0 [ 16.421526] kasan_report+0xdc/0x128 [ 16.421571] __asan_report_store1_noabort+0x20/0x30 [ 16.422774] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.423298] krealloc_less_oob+0x20/0x38 [ 16.423345] kunit_try_run_case+0x170/0x3f0 [ 16.423397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.424374] kthread+0x328/0x630 [ 16.424430] ret_from_fork+0x10/0x20 [ 16.425280] [ 16.425656] Allocated by task 158: [ 16.425813] kasan_save_stack+0x3c/0x68 [ 16.426177] kasan_save_track+0x20/0x40 [ 16.426471] kasan_save_alloc_info+0x40/0x58 [ 16.426860] __kasan_krealloc+0x118/0x178 [ 16.427020] krealloc_noprof+0x128/0x360 [ 16.427741] krealloc_less_oob_helper+0x168/0xc50 [ 16.428378] krealloc_less_oob+0x20/0x38 [ 16.428665] kunit_try_run_case+0x170/0x3f0 [ 16.429011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.429225] kthread+0x328/0x630 [ 16.429746] ret_from_fork+0x10/0x20 [ 16.430511] [ 16.430685] The buggy address belongs to the object at fff00000c653c400 [ 16.430685] which belongs to the cache kmalloc-256 of size 256 [ 16.430778] The buggy address is located 7 bytes to the right of [ 16.430778] allocated 201-byte region [fff00000c653c400, fff00000c653c4c9) [ 16.430953] [ 16.430975] The buggy address belongs to the physical page: [ 16.431007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653c [ 16.431063] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.432133] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.432634] page_type: f5(slab) [ 16.433251] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.433358] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.434194] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.434261] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.434311] head: 0bfffe0000000001 ffffc1ffc3194f01 00000000ffffffff 00000000ffffffff [ 16.434684] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.435698] page dumped because: kasan: bad access detected [ 16.435940] [ 16.436045] Memory state around the buggy address: [ 16.436119] fff00000c653c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.436314] fff00000c653c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.436465] >fff00000c653c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.436504] ^ [ 16.436541] fff00000c653c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.436582] fff00000c653c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.437469] ================================================================== [ 16.512652] ================================================================== [ 16.512730] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.512998] Write of size 1 at addr fff00000c78c20ea by task kunit_try_catch/162 [ 16.513223] [ 16.513280] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.513367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.513501] Hardware name: linux,dummy-virt (DT) [ 16.513607] Call trace: [ 16.513656] show_stack+0x20/0x38 (C) [ 16.513732] dump_stack_lvl+0x8c/0xd0 [ 16.513786] print_report+0x118/0x5d0 [ 16.513832] kasan_report+0xdc/0x128 [ 16.513878] __asan_report_store1_noabort+0x20/0x30 [ 16.513938] krealloc_less_oob_helper+0xae4/0xc50 [ 16.513986] krealloc_large_less_oob+0x20/0x38 [ 16.514033] kunit_try_run_case+0x170/0x3f0 [ 16.514368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.514733] kthread+0x328/0x630 [ 16.514817] ret_from_fork+0x10/0x20 [ 16.514864] [ 16.514884] The buggy address belongs to the physical page: [ 16.514924] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 16.515240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.515291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.515395] page_type: f8(unknown) [ 16.515486] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.515536] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.515598] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.515714] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.516054] head: 0bfffe0000000002 ffffc1ffc31e3001 00000000ffffffff 00000000ffffffff [ 16.516118] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.516158] page dumped because: kasan: bad access detected [ 16.516188] [ 16.516206] Memory state around the buggy address: [ 16.516505] fff00000c78c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.516577] fff00000c78c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.516660] >fff00000c78c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.516725] ^ [ 16.516818] fff00000c78c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.516860] fff00000c78c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.516907] ================================================================== [ 16.497049] ================================================================== [ 16.497108] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.497177] Write of size 1 at addr fff00000c78c20c9 by task kunit_try_catch/162 [ 16.497400] [ 16.497434] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.497765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.498146] Hardware name: linux,dummy-virt (DT) [ 16.498220] Call trace: [ 16.498344] show_stack+0x20/0x38 (C) [ 16.498397] dump_stack_lvl+0x8c/0xd0 [ 16.498447] print_report+0x118/0x5d0 [ 16.498494] kasan_report+0xdc/0x128 [ 16.499095] __asan_report_store1_noabort+0x20/0x30 [ 16.499222] krealloc_less_oob_helper+0xa48/0xc50 [ 16.499330] krealloc_large_less_oob+0x20/0x38 [ 16.499379] kunit_try_run_case+0x170/0x3f0 [ 16.499426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.499480] kthread+0x328/0x630 [ 16.499522] ret_from_fork+0x10/0x20 [ 16.499570] [ 16.499591] The buggy address belongs to the physical page: [ 16.499622] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 16.500106] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.500194] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.500332] page_type: f8(unknown) [ 16.500418] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.500469] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.500833] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.500979] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.501030] head: 0bfffe0000000002 ffffc1ffc31e3001 00000000ffffffff 00000000ffffffff [ 16.501078] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.501128] page dumped because: kasan: bad access detected [ 16.501160] [ 16.501178] Memory state around the buggy address: [ 16.501730] fff00000c78c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.501807] fff00000c78c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.501850] >fff00000c78c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.501888] ^ [ 16.502314] fff00000c78c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.502372] fff00000c78c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.502416] ================================================================== [ 16.452876] ================================================================== [ 16.453055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.453107] Write of size 1 at addr fff00000c653c4ea by task kunit_try_catch/158 [ 16.453155] [ 16.453680] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.453769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.453912] Hardware name: linux,dummy-virt (DT) [ 16.453979] Call trace: [ 16.454063] show_stack+0x20/0x38 (C) [ 16.454136] dump_stack_lvl+0x8c/0xd0 [ 16.454183] print_report+0x118/0x5d0 [ 16.454229] kasan_report+0xdc/0x128 [ 16.454274] __asan_report_store1_noabort+0x20/0x30 [ 16.454325] krealloc_less_oob_helper+0xae4/0xc50 [ 16.454833] krealloc_less_oob+0x20/0x38 [ 16.454908] kunit_try_run_case+0x170/0x3f0 [ 16.455049] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.455101] kthread+0x328/0x630 [ 16.455142] ret_from_fork+0x10/0x20 [ 16.455200] [ 16.455234] Allocated by task 158: [ 16.455261] kasan_save_stack+0x3c/0x68 [ 16.455355] kasan_save_track+0x20/0x40 [ 16.455392] kasan_save_alloc_info+0x40/0x58 [ 16.455430] __kasan_krealloc+0x118/0x178 [ 16.455835] krealloc_noprof+0x128/0x360 [ 16.456112] krealloc_less_oob_helper+0x168/0xc50 [ 16.456223] krealloc_less_oob+0x20/0x38 [ 16.456321] kunit_try_run_case+0x170/0x3f0 [ 16.456358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.456418] kthread+0x328/0x630 [ 16.456450] ret_from_fork+0x10/0x20 [ 16.456514] [ 16.456540] The buggy address belongs to the object at fff00000c653c400 [ 16.456540] which belongs to the cache kmalloc-256 of size 256 [ 16.456625] The buggy address is located 33 bytes to the right of [ 16.456625] allocated 201-byte region [fff00000c653c400, fff00000c653c4c9) [ 16.456688] [ 16.456708] The buggy address belongs to the physical page: [ 16.456744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653c [ 16.456856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.457051] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.457209] page_type: f5(slab) [ 16.457263] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.457325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.457458] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.457516] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.457644] head: 0bfffe0000000001 ffffc1ffc3194f01 00000000ffffffff 00000000ffffffff [ 16.457764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.457810] page dumped because: kasan: bad access detected [ 16.457840] [ 16.457857] Memory state around the buggy address: [ 16.457950] fff00000c653c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.458196] fff00000c653c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.458409] >fff00000c653c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.458543] ^ [ 16.458955] fff00000c653c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.459101] fff00000c653c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.459507] ================================================================== [ 16.503322] ================================================================== [ 16.503380] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.503504] Write of size 1 at addr fff00000c78c20d0 by task kunit_try_catch/162 [ 16.503753] [ 16.503815] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.503895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.503930] Hardware name: linux,dummy-virt (DT) [ 16.504439] Call trace: [ 16.504473] show_stack+0x20/0x38 (C) [ 16.504609] dump_stack_lvl+0x8c/0xd0 [ 16.504657] print_report+0x118/0x5d0 [ 16.504718] kasan_report+0xdc/0x128 [ 16.504764] __asan_report_store1_noabort+0x20/0x30 [ 16.504822] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.505057] krealloc_large_less_oob+0x20/0x38 [ 16.505155] kunit_try_run_case+0x170/0x3f0 [ 16.505208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.505423] kthread+0x328/0x630 [ 16.505465] ret_from_fork+0x10/0x20 [ 16.505511] [ 16.505531] The buggy address belongs to the physical page: [ 16.505560] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c0 [ 16.505618] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.505817] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.505868] page_type: f8(unknown) [ 16.506271] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.506710] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.506813] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.506862] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.506922] head: 0bfffe0000000002 ffffc1ffc31e3001 00000000ffffffff 00000000ffffffff [ 16.506970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.507183] page dumped because: kasan: bad access detected [ 16.507217] [ 16.507235] Memory state around the buggy address: [ 16.507266] fff00000c78c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.507308] fff00000c78c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.507446] >fff00000c78c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.507666] ^ [ 16.507725] fff00000c78c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.507768] fff00000c78c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.507804] ==================================================================
[ 16.490387] ================================================================== [ 16.490437] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.490512] Write of size 1 at addr fff00000c790a0eb by task kunit_try_catch/162 [ 16.490567] [ 16.490601] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.490702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.490729] Hardware name: linux,dummy-virt (DT) [ 16.490759] Call trace: [ 16.490780] show_stack+0x20/0x38 (C) [ 16.490981] dump_stack_lvl+0x8c/0xd0 [ 16.491029] print_report+0x118/0x5d0 [ 16.491075] kasan_report+0xdc/0x128 [ 16.491247] __asan_report_store1_noabort+0x20/0x30 [ 16.491363] krealloc_less_oob_helper+0xa58/0xc50 [ 16.491419] krealloc_large_less_oob+0x20/0x38 [ 16.491473] kunit_try_run_case+0x170/0x3f0 [ 16.491521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.491582] kthread+0x328/0x630 [ 16.491656] ret_from_fork+0x10/0x20 [ 16.491721] [ 16.491748] The buggy address belongs to the physical page: [ 16.491815] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908 [ 16.491870] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.491923] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.491973] page_type: f8(unknown) [ 16.492119] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.492278] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.492340] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.492434] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.492504] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff [ 16.492559] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.492615] page dumped because: kasan: bad access detected [ 16.492705] [ 16.492743] Memory state around the buggy address: [ 16.492791] fff00000c7909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.492849] fff00000c790a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.492891] >fff00000c790a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.492928] ^ [ 16.493026] fff00000c790a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.493089] fff00000c790a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.493126] ================================================================== [ 16.484798] ================================================================== [ 16.484965] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.485021] Write of size 1 at addr fff00000c790a0ea by task kunit_try_catch/162 [ 16.485347] [ 16.485408] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.485513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.485596] Hardware name: linux,dummy-virt (DT) [ 16.485642] Call trace: [ 16.485665] show_stack+0x20/0x38 (C) [ 16.485736] dump_stack_lvl+0x8c/0xd0 [ 16.485782] print_report+0x118/0x5d0 [ 16.486099] kasan_report+0xdc/0x128 [ 16.486285] __asan_report_store1_noabort+0x20/0x30 [ 16.486399] krealloc_less_oob_helper+0xae4/0xc50 [ 16.486527] krealloc_large_less_oob+0x20/0x38 [ 16.486616] kunit_try_run_case+0x170/0x3f0 [ 16.486723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.486794] kthread+0x328/0x630 [ 16.486879] ret_from_fork+0x10/0x20 [ 16.487227] [ 16.487343] The buggy address belongs to the physical page: [ 16.487391] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908 [ 16.487465] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.487571] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.487703] page_type: f8(unknown) [ 16.487802] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.487881] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.487930] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.488278] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.488358] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff [ 16.488755] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.488895] page dumped because: kasan: bad access detected [ 16.488942] [ 16.489020] Memory state around the buggy address: [ 16.489112] fff00000c7909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.489195] fff00000c790a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.489268] >fff00000c790a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.489306] ^ [ 16.489344] fff00000c790a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.489385] fff00000c790a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.489719] ================================================================== [ 16.450225] ================================================================== [ 16.450292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.450340] Write of size 1 at addr fff00000c5b4fceb by task kunit_try_catch/158 [ 16.450389] [ 16.450443] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.450638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.450668] Hardware name: linux,dummy-virt (DT) [ 16.450698] Call trace: [ 16.450738] show_stack+0x20/0x38 (C) [ 16.450789] dump_stack_lvl+0x8c/0xd0 [ 16.450886] print_report+0x118/0x5d0 [ 16.450953] kasan_report+0xdc/0x128 [ 16.451009] __asan_report_store1_noabort+0x20/0x30 [ 16.451060] krealloc_less_oob_helper+0xa58/0xc50 [ 16.451146] krealloc_less_oob+0x20/0x38 [ 16.451246] kunit_try_run_case+0x170/0x3f0 [ 16.451294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.451355] kthread+0x328/0x630 [ 16.451534] ret_from_fork+0x10/0x20 [ 16.451582] [ 16.451600] Allocated by task 158: [ 16.451750] kasan_save_stack+0x3c/0x68 [ 16.451803] kasan_save_track+0x20/0x40 [ 16.451952] kasan_save_alloc_info+0x40/0x58 [ 16.451992] __kasan_krealloc+0x118/0x178 [ 16.452155] krealloc_noprof+0x128/0x360 [ 16.452232] krealloc_less_oob_helper+0x168/0xc50 [ 16.452272] krealloc_less_oob+0x20/0x38 [ 16.452355] kunit_try_run_case+0x170/0x3f0 [ 16.452421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.452464] kthread+0x328/0x630 [ 16.452509] ret_from_fork+0x10/0x20 [ 16.452544] [ 16.452564] The buggy address belongs to the object at fff00000c5b4fc00 [ 16.452564] which belongs to the cache kmalloc-256 of size 256 [ 16.452817] The buggy address is located 34 bytes to the right of [ 16.452817] allocated 201-byte region [fff00000c5b4fc00, fff00000c5b4fcc9) [ 16.452899] [ 16.452961] The buggy address belongs to the physical page: [ 16.453005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4e [ 16.453114] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.453203] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.453288] page_type: f5(slab) [ 16.453416] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.453504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.453628] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.453714] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.453774] head: 0bfffe0000000001 ffffc1ffc316d381 00000000ffffffff 00000000ffffffff [ 16.453822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.454008] page dumped because: kasan: bad access detected [ 16.454039] [ 16.454056] Memory state around the buggy address: [ 16.454222] fff00000c5b4fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.454394] fff00000c5b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.454510] >fff00000c5b4fc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.454698] ^ [ 16.454781] fff00000c5b4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.454937] fff00000c5b4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.455031] ================================================================== [ 16.439835] ================================================================== [ 16.439880] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.439927] Write of size 1 at addr fff00000c5b4fcda by task kunit_try_catch/158 [ 16.440344] [ 16.440402] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.440482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.440525] Hardware name: linux,dummy-virt (DT) [ 16.440582] Call trace: [ 16.440611] show_stack+0x20/0x38 (C) [ 16.440704] dump_stack_lvl+0x8c/0xd0 [ 16.440768] print_report+0x118/0x5d0 [ 16.440852] kasan_report+0xdc/0x128 [ 16.440915] __asan_report_store1_noabort+0x20/0x30 [ 16.441002] krealloc_less_oob_helper+0xa80/0xc50 [ 16.441050] krealloc_less_oob+0x20/0x38 [ 16.441095] kunit_try_run_case+0x170/0x3f0 [ 16.441234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.441454] kthread+0x328/0x630 [ 16.441570] ret_from_fork+0x10/0x20 [ 16.441640] [ 16.441658] Allocated by task 158: [ 16.441719] kasan_save_stack+0x3c/0x68 [ 16.441807] kasan_save_track+0x20/0x40 [ 16.441844] kasan_save_alloc_info+0x40/0x58 [ 16.441945] __kasan_krealloc+0x118/0x178 [ 16.441983] krealloc_noprof+0x128/0x360 [ 16.442020] krealloc_less_oob_helper+0x168/0xc50 [ 16.442058] krealloc_less_oob+0x20/0x38 [ 16.442095] kunit_try_run_case+0x170/0x3f0 [ 16.442246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.442320] kthread+0x328/0x630 [ 16.442363] ret_from_fork+0x10/0x20 [ 16.442398] [ 16.442493] The buggy address belongs to the object at fff00000c5b4fc00 [ 16.442493] which belongs to the cache kmalloc-256 of size 256 [ 16.442578] The buggy address is located 17 bytes to the right of [ 16.442578] allocated 201-byte region [fff00000c5b4fc00, fff00000c5b4fcc9) [ 16.442721] [ 16.442768] The buggy address belongs to the physical page: [ 16.442823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4e [ 16.442952] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.443031] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.443158] page_type: f5(slab) [ 16.443211] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.443304] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.443660] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.443734] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.443904] head: 0bfffe0000000001 ffffc1ffc316d381 00000000ffffffff 00000000ffffffff [ 16.444027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.444151] page dumped because: kasan: bad access detected [ 16.444227] [ 16.444245] Memory state around the buggy address: [ 16.444275] fff00000c5b4fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.444649] fff00000c5b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.444723] >fff00000c5b4fc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.444916] ^ [ 16.445067] fff00000c5b4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.445140] fff00000c5b4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.445264] ================================================================== [ 16.427889] ================================================================== [ 16.427970] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.428045] Write of size 1 at addr fff00000c5b4fcc9 by task kunit_try_catch/158 [ 16.428124] [ 16.428172] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.428252] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.428293] Hardware name: linux,dummy-virt (DT) [ 16.428331] Call trace: [ 16.428359] show_stack+0x20/0x38 (C) [ 16.428408] dump_stack_lvl+0x8c/0xd0 [ 16.428455] print_report+0x118/0x5d0 [ 16.428501] kasan_report+0xdc/0x128 [ 16.428546] __asan_report_store1_noabort+0x20/0x30 [ 16.428632] krealloc_less_oob_helper+0xa48/0xc50 [ 16.428821] krealloc_less_oob+0x20/0x38 [ 16.428919] kunit_try_run_case+0x170/0x3f0 [ 16.429049] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.429209] kthread+0x328/0x630 [ 16.429301] ret_from_fork+0x10/0x20 [ 16.429418] [ 16.429466] Allocated by task 158: [ 16.429494] kasan_save_stack+0x3c/0x68 [ 16.429705] kasan_save_track+0x20/0x40 [ 16.429742] kasan_save_alloc_info+0x40/0x58 [ 16.429781] __kasan_krealloc+0x118/0x178 [ 16.429819] krealloc_noprof+0x128/0x360 [ 16.429855] krealloc_less_oob_helper+0x168/0xc50 [ 16.429994] krealloc_less_oob+0x20/0x38 [ 16.430113] kunit_try_run_case+0x170/0x3f0 [ 16.430210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.430310] kthread+0x328/0x630 [ 16.430356] ret_from_fork+0x10/0x20 [ 16.430391] [ 16.430432] The buggy address belongs to the object at fff00000c5b4fc00 [ 16.430432] which belongs to the cache kmalloc-256 of size 256 [ 16.430771] The buggy address is located 0 bytes to the right of [ 16.430771] allocated 201-byte region [fff00000c5b4fc00, fff00000c5b4fcc9) [ 16.430940] [ 16.431038] The buggy address belongs to the physical page: [ 16.431074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4e [ 16.431144] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.431190] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.431490] page_type: f5(slab) [ 16.431596] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.431702] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.431791] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.431840] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.431925] head: 0bfffe0000000001 ffffc1ffc316d381 00000000ffffffff 00000000ffffffff [ 16.432250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.432318] page dumped because: kasan: bad access detected [ 16.432389] [ 16.432426] Memory state around the buggy address: [ 16.432457] fff00000c5b4fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.432730] fff00000c5b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.432852] >fff00000c5b4fc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.432961] ^ [ 16.433071] fff00000c5b4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433162] fff00000c5b4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433200] ================================================================== [ 16.472776] ================================================================== [ 16.472972] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.473145] Write of size 1 at addr fff00000c790a0c9 by task kunit_try_catch/162 [ 16.473342] [ 16.473385] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.473466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.473492] Hardware name: linux,dummy-virt (DT) [ 16.473676] Call trace: [ 16.473704] show_stack+0x20/0x38 (C) [ 16.474091] dump_stack_lvl+0x8c/0xd0 [ 16.474149] print_report+0x118/0x5d0 [ 16.474197] kasan_report+0xdc/0x128 [ 16.474243] __asan_report_store1_noabort+0x20/0x30 [ 16.474295] krealloc_less_oob_helper+0xa48/0xc50 [ 16.474343] krealloc_large_less_oob+0x20/0x38 [ 16.474390] kunit_try_run_case+0x170/0x3f0 [ 16.474437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.474491] kthread+0x328/0x630 [ 16.474534] ret_from_fork+0x10/0x20 [ 16.474581] [ 16.474601] The buggy address belongs to the physical page: [ 16.474664] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908 [ 16.474750] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.474798] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.474848] page_type: f8(unknown) [ 16.474963] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.475142] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.475203] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.475476] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.475589] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff [ 16.475661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.475701] page dumped because: kasan: bad access detected [ 16.475732] [ 16.475751] Memory state around the buggy address: [ 16.475782] fff00000c7909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.476000] fff00000c790a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.476105] >fff00000c790a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.476171] ^ [ 16.476214] fff00000c790a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.476256] fff00000c790a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.476294] ================================================================== [ 16.479766] ================================================================== [ 16.479801] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.479842] Write of size 1 at addr fff00000c790a0da by task kunit_try_catch/162 [ 16.479889] [ 16.479914] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.480041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.480068] Hardware name: linux,dummy-virt (DT) [ 16.480506] Call trace: [ 16.480554] show_stack+0x20/0x38 (C) [ 16.480606] dump_stack_lvl+0x8c/0xd0 [ 16.480664] print_report+0x118/0x5d0 [ 16.480710] kasan_report+0xdc/0x128 [ 16.480755] __asan_report_store1_noabort+0x20/0x30 [ 16.480806] krealloc_less_oob_helper+0xa80/0xc50 [ 16.480977] krealloc_large_less_oob+0x20/0x38 [ 16.481108] kunit_try_run_case+0x170/0x3f0 [ 16.481194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.481323] kthread+0x328/0x630 [ 16.481399] ret_from_fork+0x10/0x20 [ 16.481514] [ 16.481562] The buggy address belongs to the physical page: [ 16.481592] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908 [ 16.481655] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.481700] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.481874] page_type: f8(unknown) [ 16.481920] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.481970] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.482048] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.482143] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.482263] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff [ 16.482352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.482426] page dumped because: kasan: bad access detected [ 16.482492] [ 16.482510] Memory state around the buggy address: [ 16.482571] fff00000c7909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.482883] fff00000c790a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.483030] >fff00000c790a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.483133] ^ [ 16.483180] fff00000c790a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.483223] fff00000c790a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.483294] ================================================================== [ 16.434322] ================================================================== [ 16.434373] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.434517] Write of size 1 at addr fff00000c5b4fcd0 by task kunit_try_catch/158 [ 16.434730] [ 16.434815] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.434916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.434961] Hardware name: linux,dummy-virt (DT) [ 16.435017] Call trace: [ 16.435056] show_stack+0x20/0x38 (C) [ 16.435106] dump_stack_lvl+0x8c/0xd0 [ 16.435155] print_report+0x118/0x5d0 [ 16.435429] kasan_report+0xdc/0x128 [ 16.435490] __asan_report_store1_noabort+0x20/0x30 [ 16.435558] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.435642] krealloc_less_oob+0x20/0x38 [ 16.435743] kunit_try_run_case+0x170/0x3f0 [ 16.435792] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.435844] kthread+0x328/0x630 [ 16.435919] ret_from_fork+0x10/0x20 [ 16.436058] [ 16.436113] Allocated by task 158: [ 16.436236] kasan_save_stack+0x3c/0x68 [ 16.436359] kasan_save_track+0x20/0x40 [ 16.436403] kasan_save_alloc_info+0x40/0x58 [ 16.436479] __kasan_krealloc+0x118/0x178 [ 16.436544] krealloc_noprof+0x128/0x360 [ 16.436581] krealloc_less_oob_helper+0x168/0xc50 [ 16.436739] krealloc_less_oob+0x20/0x38 [ 16.436870] kunit_try_run_case+0x170/0x3f0 [ 16.436929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.436977] kthread+0x328/0x630 [ 16.437041] ret_from_fork+0x10/0x20 [ 16.437146] [ 16.437213] The buggy address belongs to the object at fff00000c5b4fc00 [ 16.437213] which belongs to the cache kmalloc-256 of size 256 [ 16.437357] The buggy address is located 7 bytes to the right of [ 16.437357] allocated 201-byte region [fff00000c5b4fc00, fff00000c5b4fcc9) [ 16.437421] [ 16.437441] The buggy address belongs to the physical page: [ 16.437478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4e [ 16.437530] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.437754] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.437957] page_type: f5(slab) [ 16.438055] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.438150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.438201] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.438364] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.438535] head: 0bfffe0000000001 ffffc1ffc316d381 00000000ffffffff 00000000ffffffff [ 16.438586] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.438651] page dumped because: kasan: bad access detected [ 16.438696] [ 16.438714] Memory state around the buggy address: [ 16.438744] fff00000c5b4fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.438794] fff00000c5b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.438836] >fff00000c5b4fc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.438873] ^ [ 16.438909] fff00000c5b4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.438951] fff00000c5b4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.438991] ================================================================== [ 16.446208] ================================================================== [ 16.446278] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.446333] Write of size 1 at addr fff00000c5b4fcea by task kunit_try_catch/158 [ 16.446426] [ 16.446472] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.446551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.446596] Hardware name: linux,dummy-virt (DT) [ 16.446700] Call trace: [ 16.446749] show_stack+0x20/0x38 (C) [ 16.446814] dump_stack_lvl+0x8c/0xd0 [ 16.446891] print_report+0x118/0x5d0 [ 16.446966] kasan_report+0xdc/0x128 [ 16.447030] __asan_report_store1_noabort+0x20/0x30 [ 16.447137] krealloc_less_oob_helper+0xae4/0xc50 [ 16.447186] krealloc_less_oob+0x20/0x38 [ 16.447232] kunit_try_run_case+0x170/0x3f0 [ 16.447279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.447331] kthread+0x328/0x630 [ 16.447482] ret_from_fork+0x10/0x20 [ 16.447563] [ 16.447726] Allocated by task 158: [ 16.447782] kasan_save_stack+0x3c/0x68 [ 16.447882] kasan_save_track+0x20/0x40 [ 16.447938] kasan_save_alloc_info+0x40/0x58 [ 16.447995] __kasan_krealloc+0x118/0x178 [ 16.448037] krealloc_noprof+0x128/0x360 [ 16.448120] krealloc_less_oob_helper+0x168/0xc50 [ 16.448176] krealloc_less_oob+0x20/0x38 [ 16.448212] kunit_try_run_case+0x170/0x3f0 [ 16.448249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.448308] kthread+0x328/0x630 [ 16.448455] ret_from_fork+0x10/0x20 [ 16.448596] [ 16.448633] The buggy address belongs to the object at fff00000c5b4fc00 [ 16.448633] which belongs to the cache kmalloc-256 of size 256 [ 16.448734] The buggy address is located 33 bytes to the right of [ 16.448734] allocated 201-byte region [fff00000c5b4fc00, fff00000c5b4fcc9) [ 16.448821] [ 16.448849] The buggy address belongs to the physical page: [ 16.448879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b4e [ 16.448931] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.448991] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.449045] page_type: f5(slab) [ 16.449091] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.449141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.449195] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.449244] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.449292] head: 0bfffe0000000001 ffffc1ffc316d381 00000000ffffffff 00000000ffffffff [ 16.449340] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.449383] page dumped because: kasan: bad access detected [ 16.449415] [ 16.449442] Memory state around the buggy address: [ 16.449477] fff00000c5b4fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.449520] fff00000c5b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.449567] >fff00000c5b4fc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.449604] ^ [ 16.449653] fff00000c5b4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.449695] fff00000c5b4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.449732] ================================================================== [ 16.477540] ================================================================== [ 16.477586] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.477781] Write of size 1 at addr fff00000c790a0d0 by task kunit_try_catch/162 [ 16.477899] [ 16.478026] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.478168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.478196] Hardware name: linux,dummy-virt (DT) [ 16.478226] Call trace: [ 16.478249] show_stack+0x20/0x38 (C) [ 16.478317] dump_stack_lvl+0x8c/0xd0 [ 16.478365] print_report+0x118/0x5d0 [ 16.478410] kasan_report+0xdc/0x128 [ 16.478464] __asan_report_store1_noabort+0x20/0x30 [ 16.478515] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.478571] krealloc_large_less_oob+0x20/0x38 [ 16.478631] kunit_try_run_case+0x170/0x3f0 [ 16.478678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.478729] kthread+0x328/0x630 [ 16.478770] ret_from_fork+0x10/0x20 [ 16.478817] [ 16.478836] The buggy address belongs to the physical page: [ 16.478875] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107908 [ 16.478936] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.478981] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.479038] page_type: f8(unknown) [ 16.479076] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.479126] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.479184] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.479241] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.479290] head: 0bfffe0000000002 ffffc1ffc31e4201 00000000ffffffff 00000000ffffffff [ 16.479338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.479385] page dumped because: kasan: bad access detected [ 16.479424] [ 16.479442] Memory state around the buggy address: [ 16.479472] fff00000c7909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.479514] fff00000c790a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.479555] >fff00000c790a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.479592] ^ [ 16.479636] fff00000c790a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.479679] fff00000c790a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.479716] ==================================================================
[ 12.425164] ================================================================== [ 12.425483] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.426377] Write of size 1 at addr ffff888100ab08eb by task kunit_try_catch/176 [ 12.426720] [ 12.426808] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.426850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.426861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.426883] Call Trace: [ 12.426895] <TASK> [ 12.426909] dump_stack_lvl+0x73/0xb0 [ 12.426935] print_report+0xd1/0x610 [ 12.426957] ? __virt_addr_valid+0x1db/0x2d0 [ 12.426978] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.427022] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427046] kasan_report+0x141/0x180 [ 12.427067] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427096] __asan_report_store1_noabort+0x1b/0x30 [ 12.427120] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427146] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.427168] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.427198] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.427226] krealloc_less_oob+0x1c/0x30 [ 12.427247] kunit_try_run_case+0x1a5/0x480 [ 12.427270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.427292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.427315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.427338] ? __kthread_parkme+0x82/0x180 [ 12.427357] ? preempt_count_sub+0x50/0x80 [ 12.427381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.427417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.427439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.427462] kthread+0x337/0x6f0 [ 12.427481] ? trace_preempt_on+0x20/0xc0 [ 12.427503] ? __pfx_kthread+0x10/0x10 [ 12.427524] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.427544] ? calculate_sigpending+0x7b/0xa0 [ 12.427568] ? __pfx_kthread+0x10/0x10 [ 12.427590] ret_from_fork+0x116/0x1d0 [ 12.427608] ? __pfx_kthread+0x10/0x10 [ 12.427628] ret_from_fork_asm+0x1a/0x30 [ 12.427659] </TASK> [ 12.427669] [ 12.435267] Allocated by task 176: [ 12.435412] kasan_save_stack+0x45/0x70 [ 12.435724] kasan_save_track+0x18/0x40 [ 12.435919] kasan_save_alloc_info+0x3b/0x50 [ 12.436244] __kasan_krealloc+0x190/0x1f0 [ 12.436412] krealloc_noprof+0xf3/0x340 [ 12.436613] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.436849] krealloc_less_oob+0x1c/0x30 [ 12.437016] kunit_try_run_case+0x1a5/0x480 [ 12.437211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.437389] kthread+0x337/0x6f0 [ 12.437522] ret_from_fork+0x116/0x1d0 [ 12.437656] ret_from_fork_asm+0x1a/0x30 [ 12.437796] [ 12.437870] The buggy address belongs to the object at ffff888100ab0800 [ 12.437870] which belongs to the cache kmalloc-256 of size 256 [ 12.438227] The buggy address is located 34 bytes to the right of [ 12.438227] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.439101] [ 12.439335] The buggy address belongs to the physical page: [ 12.439621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.439975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.440755] flags: 0x200000000000040(head|node=0|zone=2) [ 12.440940] page_type: f5(slab) [ 12.441145] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.441497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.441858] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.442221] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.442495] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.442729] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.443142] page dumped because: kasan: bad access detected [ 12.443410] [ 12.443506] Memory state around the buggy address: [ 12.443730] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.443991] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.444644] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.444925] ^ [ 12.445237] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.445473] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.445690] ================================================================== [ 12.585061] ================================================================== [ 12.585338] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.585642] Write of size 1 at addr ffff8881038a20eb by task kunit_try_catch/180 [ 12.586708] [ 12.586953] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.587000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.587153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.587176] Call Trace: [ 12.587192] <TASK> [ 12.587208] dump_stack_lvl+0x73/0xb0 [ 12.587237] print_report+0xd1/0x610 [ 12.587260] ? __virt_addr_valid+0x1db/0x2d0 [ 12.587281] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587304] ? kasan_addr_to_slab+0x11/0xa0 [ 12.587324] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587347] kasan_report+0x141/0x180 [ 12.587369] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587409] __asan_report_store1_noabort+0x1b/0x30 [ 12.587434] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587460] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.587484] ? finish_task_switch.isra.0+0x153/0x700 [ 12.587505] ? __switch_to+0x47/0xf50 [ 12.587530] ? __schedule+0x10c6/0x2b60 [ 12.587552] ? __pfx_read_tsc+0x10/0x10 [ 12.587576] krealloc_large_less_oob+0x1c/0x30 [ 12.587607] kunit_try_run_case+0x1a5/0x480 [ 12.587630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.587652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.587675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.587698] ? __kthread_parkme+0x82/0x180 [ 12.587718] ? preempt_count_sub+0x50/0x80 [ 12.587740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.587764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.587786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.587809] kthread+0x337/0x6f0 [ 12.587828] ? trace_preempt_on+0x20/0xc0 [ 12.587850] ? __pfx_kthread+0x10/0x10 [ 12.587871] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.587891] ? calculate_sigpending+0x7b/0xa0 [ 12.587914] ? __pfx_kthread+0x10/0x10 [ 12.587936] ret_from_fork+0x116/0x1d0 [ 12.587954] ? __pfx_kthread+0x10/0x10 [ 12.587974] ret_from_fork_asm+0x1a/0x30 [ 12.588008] </TASK> [ 12.588017] [ 12.598107] The buggy address belongs to the physical page: [ 12.598426] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.598937] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.599329] flags: 0x200000000000040(head|node=0|zone=2) [ 12.599586] page_type: f8(unknown) [ 12.599744] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.600084] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.600693] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.601007] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.601412] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.601885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.602297] page dumped because: kasan: bad access detected [ 12.602627] [ 12.602730] Memory state around the buggy address: [ 12.603047] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.603420] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.603827] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.604185] ^ [ 12.604539] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.605023] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.605305] ================================================================== [ 12.564273] ================================================================== [ 12.564606] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.565427] Write of size 1 at addr ffff8881038a20ea by task kunit_try_catch/180 [ 12.566052] [ 12.566193] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.566322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.566337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.566359] Call Trace: [ 12.566371] <TASK> [ 12.566387] dump_stack_lvl+0x73/0xb0 [ 12.566433] print_report+0xd1/0x610 [ 12.566456] ? __virt_addr_valid+0x1db/0x2d0 [ 12.566477] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566501] ? kasan_addr_to_slab+0x11/0xa0 [ 12.566521] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566544] kasan_report+0x141/0x180 [ 12.566566] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566595] __asan_report_store1_noabort+0x1b/0x30 [ 12.566619] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566645] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.566669] ? finish_task_switch.isra.0+0x153/0x700 [ 12.566690] ? __switch_to+0x47/0xf50 [ 12.566716] ? __schedule+0x10c6/0x2b60 [ 12.566739] ? __pfx_read_tsc+0x10/0x10 [ 12.566764] krealloc_large_less_oob+0x1c/0x30 [ 12.566787] kunit_try_run_case+0x1a5/0x480 [ 12.566811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.566834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.566857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.566882] ? __kthread_parkme+0x82/0x180 [ 12.566903] ? preempt_count_sub+0x50/0x80 [ 12.566927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.566950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.566973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.566998] kthread+0x337/0x6f0 [ 12.567018] ? trace_preempt_on+0x20/0xc0 [ 12.567041] ? __pfx_kthread+0x10/0x10 [ 12.567062] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.567083] ? calculate_sigpending+0x7b/0xa0 [ 12.567107] ? __pfx_kthread+0x10/0x10 [ 12.567129] ret_from_fork+0x116/0x1d0 [ 12.567147] ? __pfx_kthread+0x10/0x10 [ 12.567168] ret_from_fork_asm+0x1a/0x30 [ 12.567201] </TASK> [ 12.567212] [ 12.577096] The buggy address belongs to the physical page: [ 12.577502] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.577966] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.578314] flags: 0x200000000000040(head|node=0|zone=2) [ 12.578573] page_type: f8(unknown) [ 12.578727] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.579056] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.579378] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.580026] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.580449] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.580887] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.581313] page dumped because: kasan: bad access detected [ 12.581622] [ 12.581785] Memory state around the buggy address: [ 12.581995] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.582294] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.582599] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.583138] ^ [ 12.583503] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.583960] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.584342] ================================================================== [ 12.349185] ================================================================== [ 12.349458] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.349738] Write of size 1 at addr ffff888100ab08d0 by task kunit_try_catch/176 [ 12.350331] [ 12.350452] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.350537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.350551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.350572] Call Trace: [ 12.350583] <TASK> [ 12.350597] dump_stack_lvl+0x73/0xb0 [ 12.350624] print_report+0xd1/0x610 [ 12.350647] ? __virt_addr_valid+0x1db/0x2d0 [ 12.350670] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.350715] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350739] kasan_report+0x141/0x180 [ 12.350761] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350790] __asan_report_store1_noabort+0x1b/0x30 [ 12.350814] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350839] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.350862] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.350891] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.350918] krealloc_less_oob+0x1c/0x30 [ 12.350939] kunit_try_run_case+0x1a5/0x480 [ 12.350963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.350985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.351008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.351076] ? __kthread_parkme+0x82/0x180 [ 12.351098] ? preempt_count_sub+0x50/0x80 [ 12.351123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.351146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.351169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.351192] kthread+0x337/0x6f0 [ 12.351211] ? trace_preempt_on+0x20/0xc0 [ 12.351233] ? __pfx_kthread+0x10/0x10 [ 12.351254] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.351275] ? calculate_sigpending+0x7b/0xa0 [ 12.351297] ? __pfx_kthread+0x10/0x10 [ 12.351319] ret_from_fork+0x116/0x1d0 [ 12.351337] ? __pfx_kthread+0x10/0x10 [ 12.351357] ret_from_fork_asm+0x1a/0x30 [ 12.351389] </TASK> [ 12.351410] [ 12.358924] Allocated by task 176: [ 12.359213] kasan_save_stack+0x45/0x70 [ 12.359426] kasan_save_track+0x18/0x40 [ 12.359623] kasan_save_alloc_info+0x3b/0x50 [ 12.359838] __kasan_krealloc+0x190/0x1f0 [ 12.360011] krealloc_noprof+0xf3/0x340 [ 12.360154] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.360319] krealloc_less_oob+0x1c/0x30 [ 12.360508] kunit_try_run_case+0x1a5/0x480 [ 12.360770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.361022] kthread+0x337/0x6f0 [ 12.361190] ret_from_fork+0x116/0x1d0 [ 12.361379] ret_from_fork_asm+0x1a/0x30 [ 12.361584] [ 12.361919] The buggy address belongs to the object at ffff888100ab0800 [ 12.361919] which belongs to the cache kmalloc-256 of size 256 [ 12.362474] The buggy address is located 7 bytes to the right of [ 12.362474] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.362973] [ 12.363118] The buggy address belongs to the physical page: [ 12.363386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.363747] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.364022] flags: 0x200000000000040(head|node=0|zone=2) [ 12.364285] page_type: f5(slab) [ 12.364464] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.364784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.365168] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.365486] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.365792] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.366025] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.366526] page dumped because: kasan: bad access detected [ 12.366776] [ 12.366869] Memory state around the buggy address: [ 12.367040] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.368557] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.369377] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.369784] ^ [ 12.370113] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370423] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370862] ================================================================== [ 12.519647] ================================================================== [ 12.519924] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520175] Write of size 1 at addr ffff8881038a20d0 by task kunit_try_catch/180 [ 12.520415] [ 12.520597] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.520640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.520651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.520676] Call Trace: [ 12.520687] <TASK> [ 12.520703] dump_stack_lvl+0x73/0xb0 [ 12.520732] print_report+0xd1/0x610 [ 12.520755] ? __virt_addr_valid+0x1db/0x2d0 [ 12.520779] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520802] ? kasan_addr_to_slab+0x11/0xa0 [ 12.520823] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520847] kasan_report+0x141/0x180 [ 12.520868] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520900] __asan_report_store1_noabort+0x1b/0x30 [ 12.520924] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520949] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.520973] ? finish_task_switch.isra.0+0x153/0x700 [ 12.520995] ? __switch_to+0x47/0xf50 [ 12.521020] ? __schedule+0x10c6/0x2b60 [ 12.521042] ? __pfx_read_tsc+0x10/0x10 [ 12.521067] krealloc_large_less_oob+0x1c/0x30 [ 12.521089] kunit_try_run_case+0x1a5/0x480 [ 12.521113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.521135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.521158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.521181] ? __kthread_parkme+0x82/0x180 [ 12.521200] ? preempt_count_sub+0x50/0x80 [ 12.521223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.521247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.521269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.521292] kthread+0x337/0x6f0 [ 12.521311] ? trace_preempt_on+0x20/0xc0 [ 12.521334] ? __pfx_kthread+0x10/0x10 [ 12.521354] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.521375] ? calculate_sigpending+0x7b/0xa0 [ 12.521408] ? __pfx_kthread+0x10/0x10 [ 12.521430] ret_from_fork+0x116/0x1d0 [ 12.521448] ? __pfx_kthread+0x10/0x10 [ 12.521468] ret_from_fork_asm+0x1a/0x30 [ 12.521500] </TASK> [ 12.521511] [ 12.532930] The buggy address belongs to the physical page: [ 12.533423] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.534186] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.534843] flags: 0x200000000000040(head|node=0|zone=2) [ 12.535054] page_type: f8(unknown) [ 12.535183] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.535425] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.535790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.536434] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.537202] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.537902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.538546] page dumped because: kasan: bad access detected [ 12.539065] [ 12.539223] Memory state around the buggy address: [ 12.539696] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.540058] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.540277] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.540501] ^ [ 12.540876] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.541485] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.542155] ================================================================== [ 12.403442] ================================================================== [ 12.404200] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.404542] Write of size 1 at addr ffff888100ab08ea by task kunit_try_catch/176 [ 12.404879] [ 12.404997] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.405044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.405058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.405082] Call Trace: [ 12.405098] <TASK> [ 12.405115] dump_stack_lvl+0x73/0xb0 [ 12.405143] print_report+0xd1/0x610 [ 12.405165] ? __virt_addr_valid+0x1db/0x2d0 [ 12.405189] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.405300] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405324] kasan_report+0x141/0x180 [ 12.405346] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405375] __asan_report_store1_noabort+0x1b/0x30 [ 12.405411] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405437] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.405459] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.405489] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.405516] krealloc_less_oob+0x1c/0x30 [ 12.405537] kunit_try_run_case+0x1a5/0x480 [ 12.405560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.405583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.405616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.405639] ? __kthread_parkme+0x82/0x180 [ 12.405660] ? preempt_count_sub+0x50/0x80 [ 12.405684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.405707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.405730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.405753] kthread+0x337/0x6f0 [ 12.405772] ? trace_preempt_on+0x20/0xc0 [ 12.405794] ? __pfx_kthread+0x10/0x10 [ 12.405814] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.405835] ? calculate_sigpending+0x7b/0xa0 [ 12.405858] ? __pfx_kthread+0x10/0x10 [ 12.405880] ret_from_fork+0x116/0x1d0 [ 12.405898] ? __pfx_kthread+0x10/0x10 [ 12.405918] ret_from_fork_asm+0x1a/0x30 [ 12.405950] </TASK> [ 12.405960] [ 12.413667] Allocated by task 176: [ 12.413802] kasan_save_stack+0x45/0x70 [ 12.413949] kasan_save_track+0x18/0x40 [ 12.414120] kasan_save_alloc_info+0x3b/0x50 [ 12.414334] __kasan_krealloc+0x190/0x1f0 [ 12.414554] krealloc_noprof+0xf3/0x340 [ 12.414805] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.415069] krealloc_less_oob+0x1c/0x30 [ 12.415240] kunit_try_run_case+0x1a5/0x480 [ 12.415446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.415652] kthread+0x337/0x6f0 [ 12.415975] ret_from_fork+0x116/0x1d0 [ 12.416177] ret_from_fork_asm+0x1a/0x30 [ 12.416323] [ 12.416408] The buggy address belongs to the object at ffff888100ab0800 [ 12.416408] which belongs to the cache kmalloc-256 of size 256 [ 12.417425] The buggy address is located 33 bytes to the right of [ 12.417425] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.417969] [ 12.418125] The buggy address belongs to the physical page: [ 12.418352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.418731] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.418963] flags: 0x200000000000040(head|node=0|zone=2) [ 12.419141] page_type: f5(slab) [ 12.419263] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.419555] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.419946] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.420615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.420862] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.421096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.421728] page dumped because: kasan: bad access detected [ 12.421991] [ 12.422082] Memory state around the buggy address: [ 12.422550] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.423155] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.423434] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.423685] ^ [ 12.423978] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.424368] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.424605] ================================================================== [ 12.372363] ================================================================== [ 12.372887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.373715] Write of size 1 at addr ffff888100ab08da by task kunit_try_catch/176 [ 12.374604] [ 12.374903] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.374948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.374960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.375066] Call Trace: [ 12.375083] <TASK> [ 12.375099] dump_stack_lvl+0x73/0xb0 [ 12.375127] print_report+0xd1/0x610 [ 12.375149] ? __virt_addr_valid+0x1db/0x2d0 [ 12.375171] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.375217] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375240] kasan_report+0x141/0x180 [ 12.375262] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375291] __asan_report_store1_noabort+0x1b/0x30 [ 12.375315] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375340] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.375362] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.375392] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.375432] krealloc_less_oob+0x1c/0x30 [ 12.375453] kunit_try_run_case+0x1a5/0x480 [ 12.375477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.375499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.375521] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.375544] ? __kthread_parkme+0x82/0x180 [ 12.375564] ? preempt_count_sub+0x50/0x80 [ 12.375588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.375613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.375635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.375658] kthread+0x337/0x6f0 [ 12.375677] ? trace_preempt_on+0x20/0xc0 [ 12.375699] ? __pfx_kthread+0x10/0x10 [ 12.375719] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.375740] ? calculate_sigpending+0x7b/0xa0 [ 12.375763] ? __pfx_kthread+0x10/0x10 [ 12.375784] ret_from_fork+0x116/0x1d0 [ 12.375802] ? __pfx_kthread+0x10/0x10 [ 12.375822] ret_from_fork_asm+0x1a/0x30 [ 12.375854] </TASK> [ 12.375865] [ 12.388967] Allocated by task 176: [ 12.389392] kasan_save_stack+0x45/0x70 [ 12.389799] kasan_save_track+0x18/0x40 [ 12.390182] kasan_save_alloc_info+0x3b/0x50 [ 12.390725] __kasan_krealloc+0x190/0x1f0 [ 12.391179] krealloc_noprof+0xf3/0x340 [ 12.391456] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.391640] krealloc_less_oob+0x1c/0x30 [ 12.391988] kunit_try_run_case+0x1a5/0x480 [ 12.392417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.392910] kthread+0x337/0x6f0 [ 12.393254] ret_from_fork+0x116/0x1d0 [ 12.393610] ret_from_fork_asm+0x1a/0x30 [ 12.393981] [ 12.394151] The buggy address belongs to the object at ffff888100ab0800 [ 12.394151] which belongs to the cache kmalloc-256 of size 256 [ 12.394538] The buggy address is located 17 bytes to the right of [ 12.394538] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.395702] [ 12.395866] The buggy address belongs to the physical page: [ 12.396417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.397269] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.397762] flags: 0x200000000000040(head|node=0|zone=2) [ 12.398356] page_type: f5(slab) [ 12.398575] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.398810] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.399104] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.399406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.399693] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.400033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.400307] page dumped because: kasan: bad access detected [ 12.400568] [ 12.400699] Memory state around the buggy address: [ 12.400886] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.401180] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.401498] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.401914] ^ [ 12.402159] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.402419] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.402829] ================================================================== [ 12.327318] ================================================================== [ 12.327884] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.328315] Write of size 1 at addr ffff888100ab08c9 by task kunit_try_catch/176 [ 12.328867] [ 12.328987] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.329095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.329110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.329131] Call Trace: [ 12.329143] <TASK> [ 12.329158] dump_stack_lvl+0x73/0xb0 [ 12.329187] print_report+0xd1/0x610 [ 12.329209] ? __virt_addr_valid+0x1db/0x2d0 [ 12.329231] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.329275] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329299] kasan_report+0x141/0x180 [ 12.329320] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329349] __asan_report_store1_noabort+0x1b/0x30 [ 12.329373] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329411] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.329434] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.329464] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.329491] krealloc_less_oob+0x1c/0x30 [ 12.329512] kunit_try_run_case+0x1a5/0x480 [ 12.329536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.329558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.329581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.329616] ? __kthread_parkme+0x82/0x180 [ 12.329636] ? preempt_count_sub+0x50/0x80 [ 12.329660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.329683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.329706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.329728] kthread+0x337/0x6f0 [ 12.329747] ? trace_preempt_on+0x20/0xc0 [ 12.329770] ? __pfx_kthread+0x10/0x10 [ 12.329791] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.329813] ? calculate_sigpending+0x7b/0xa0 [ 12.329836] ? __pfx_kthread+0x10/0x10 [ 12.329858] ret_from_fork+0x116/0x1d0 [ 12.329877] ? __pfx_kthread+0x10/0x10 [ 12.329898] ret_from_fork_asm+0x1a/0x30 [ 12.329930] </TASK> [ 12.329940] [ 12.337861] Allocated by task 176: [ 12.338221] kasan_save_stack+0x45/0x70 [ 12.338451] kasan_save_track+0x18/0x40 [ 12.338698] kasan_save_alloc_info+0x3b/0x50 [ 12.338891] __kasan_krealloc+0x190/0x1f0 [ 12.339110] krealloc_noprof+0xf3/0x340 [ 12.339292] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.339524] krealloc_less_oob+0x1c/0x30 [ 12.339809] kunit_try_run_case+0x1a5/0x480 [ 12.339970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.340206] kthread+0x337/0x6f0 [ 12.340357] ret_from_fork+0x116/0x1d0 [ 12.340501] ret_from_fork_asm+0x1a/0x30 [ 12.340671] [ 12.340767] The buggy address belongs to the object at ffff888100ab0800 [ 12.340767] which belongs to the cache kmalloc-256 of size 256 [ 12.341364] The buggy address is located 0 bytes to the right of [ 12.341364] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.342110] [ 12.342214] The buggy address belongs to the physical page: [ 12.342434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.342779] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.343134] flags: 0x200000000000040(head|node=0|zone=2) [ 12.343330] page_type: f5(slab) [ 12.343466] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.343703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.343936] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.344171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.344977] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.345343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.345626] page dumped because: kasan: bad access detected [ 12.345798] [ 12.345868] Memory state around the buggy address: [ 12.346023] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.346237] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.347049] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.347381] ^ [ 12.347745] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.348141] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.348443] ================================================================== [ 12.492297] ================================================================== [ 12.493319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.493632] Write of size 1 at addr ffff8881038a20c9 by task kunit_try_catch/180 [ 12.494741] [ 12.494980] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.495155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.495168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.495189] Call Trace: [ 12.495202] <TASK> [ 12.495219] dump_stack_lvl+0x73/0xb0 [ 12.495251] print_report+0xd1/0x610 [ 12.495272] ? __virt_addr_valid+0x1db/0x2d0 [ 12.495294] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495316] ? kasan_addr_to_slab+0x11/0xa0 [ 12.495336] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495361] kasan_report+0x141/0x180 [ 12.495382] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495422] __asan_report_store1_noabort+0x1b/0x30 [ 12.495446] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495471] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.495495] ? finish_task_switch.isra.0+0x153/0x700 [ 12.495516] ? __switch_to+0x47/0xf50 [ 12.495543] ? __schedule+0x10c6/0x2b60 [ 12.495566] ? __pfx_read_tsc+0x10/0x10 [ 12.495598] krealloc_large_less_oob+0x1c/0x30 [ 12.495620] kunit_try_run_case+0x1a5/0x480 [ 12.495643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495665] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.495688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.495710] ? __kthread_parkme+0x82/0x180 [ 12.495730] ? preempt_count_sub+0x50/0x80 [ 12.495752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.495798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.495821] kthread+0x337/0x6f0 [ 12.495840] ? trace_preempt_on+0x20/0xc0 [ 12.495862] ? __pfx_kthread+0x10/0x10 [ 12.495883] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.495903] ? calculate_sigpending+0x7b/0xa0 [ 12.495926] ? __pfx_kthread+0x10/0x10 [ 12.495947] ret_from_fork+0x116/0x1d0 [ 12.495965] ? __pfx_kthread+0x10/0x10 [ 12.495985] ret_from_fork_asm+0x1a/0x30 [ 12.496018] </TASK> [ 12.496028] [ 12.510506] The buggy address belongs to the physical page: [ 12.511030] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.511279] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.511513] flags: 0x200000000000040(head|node=0|zone=2) [ 12.511706] page_type: f8(unknown) [ 12.512001] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.512305] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.512954] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.513349] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.513712] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.514213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.514687] page dumped because: kasan: bad access detected [ 12.515035] [ 12.515141] Memory state around the buggy address: [ 12.515562] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.516006] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.516441] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.516872] ^ [ 12.517220] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.517555] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.518012] ================================================================== [ 12.543215] ================================================================== [ 12.543895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.544575] Write of size 1 at addr ffff8881038a20da by task kunit_try_catch/180 [ 12.544938] [ 12.545023] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.545063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.545074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.545095] Call Trace: [ 12.545110] <TASK> [ 12.545126] dump_stack_lvl+0x73/0xb0 [ 12.545152] print_report+0xd1/0x610 [ 12.545173] ? __virt_addr_valid+0x1db/0x2d0 [ 12.545195] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545218] ? kasan_addr_to_slab+0x11/0xa0 [ 12.545238] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545261] kasan_report+0x141/0x180 [ 12.545283] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545312] __asan_report_store1_noabort+0x1b/0x30 [ 12.545335] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545361] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.545384] ? finish_task_switch.isra.0+0x153/0x700 [ 12.545415] ? __switch_to+0x47/0xf50 [ 12.545441] ? __schedule+0x10c6/0x2b60 [ 12.545463] ? __pfx_read_tsc+0x10/0x10 [ 12.545486] krealloc_large_less_oob+0x1c/0x30 [ 12.545508] kunit_try_run_case+0x1a5/0x480 [ 12.545532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.545577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.545621] ? __kthread_parkme+0x82/0x180 [ 12.545642] ? preempt_count_sub+0x50/0x80 [ 12.545664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.545710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.545733] kthread+0x337/0x6f0 [ 12.545752] ? trace_preempt_on+0x20/0xc0 [ 12.545775] ? __pfx_kthread+0x10/0x10 [ 12.545795] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.545816] ? calculate_sigpending+0x7b/0xa0 [ 12.545839] ? __pfx_kthread+0x10/0x10 [ 12.545860] ret_from_fork+0x116/0x1d0 [ 12.545880] ? __pfx_kthread+0x10/0x10 [ 12.545901] ret_from_fork_asm+0x1a/0x30 [ 12.545935] </TASK> [ 12.545944] [ 12.555378] The buggy address belongs to the physical page: [ 12.555636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.555971] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.556262] flags: 0x200000000000040(head|node=0|zone=2) [ 12.556448] page_type: f8(unknown) [ 12.556647] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.557021] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.558334] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.558984] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.559319] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.559812] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.560203] page dumped because: kasan: bad access detected [ 12.560463] [ 12.560550] Memory state around the buggy address: [ 12.561012] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.561342] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.561734] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.562120] ^ [ 12.562548] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.562882] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.563256] ==================================================================
[ 12.487089] ================================================================== [ 12.487463] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.487817] Write of size 1 at addr ffff88810034c4ea by task kunit_try_catch/175 [ 12.488207] [ 12.488307] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.488357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.488368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.488390] Call Trace: [ 12.488408] <TASK> [ 12.488427] dump_stack_lvl+0x73/0xb0 [ 12.488454] print_report+0xd1/0x610 [ 12.488476] ? __virt_addr_valid+0x1db/0x2d0 [ 12.488498] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.488521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.488542] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.488565] kasan_report+0x141/0x180 [ 12.488586] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.488613] __asan_report_store1_noabort+0x1b/0x30 [ 12.488637] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.488662] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.488685] ? finish_task_switch.isra.0+0x153/0x700 [ 12.488707] ? __switch_to+0x47/0xf50 [ 12.488732] ? __schedule+0x10c6/0x2b60 [ 12.488753] ? __pfx_read_tsc+0x10/0x10 [ 12.488776] krealloc_less_oob+0x1c/0x30 [ 12.488797] kunit_try_run_case+0x1a5/0x480 [ 12.488821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.488842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.488908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.488931] ? __kthread_parkme+0x82/0x180 [ 12.488950] ? preempt_count_sub+0x50/0x80 [ 12.488972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.488995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.489018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.489041] kthread+0x337/0x6f0 [ 12.489059] ? trace_preempt_on+0x20/0xc0 [ 12.489082] ? __pfx_kthread+0x10/0x10 [ 12.489102] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.489123] ? calculate_sigpending+0x7b/0xa0 [ 12.489157] ? __pfx_kthread+0x10/0x10 [ 12.489177] ret_from_fork+0x116/0x1d0 [ 12.489195] ? __pfx_kthread+0x10/0x10 [ 12.489215] ret_from_fork_asm+0x1a/0x30 [ 12.489245] </TASK> [ 12.489255] [ 12.497279] Allocated by task 175: [ 12.497420] kasan_save_stack+0x45/0x70 [ 12.497572] kasan_save_track+0x18/0x40 [ 12.497713] kasan_save_alloc_info+0x3b/0x50 [ 12.497868] __kasan_krealloc+0x190/0x1f0 [ 12.498013] krealloc_noprof+0xf3/0x340 [ 12.498163] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.498397] krealloc_less_oob+0x1c/0x30 [ 12.498851] kunit_try_run_case+0x1a5/0x480 [ 12.499490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.499984] kthread+0x337/0x6f0 [ 12.500118] ret_from_fork+0x116/0x1d0 [ 12.500270] ret_from_fork_asm+0x1a/0x30 [ 12.500420] [ 12.500498] The buggy address belongs to the object at ffff88810034c400 [ 12.500498] which belongs to the cache kmalloc-256 of size 256 [ 12.500869] The buggy address is located 33 bytes to the right of [ 12.500869] allocated 201-byte region [ffff88810034c400, ffff88810034c4c9) [ 12.501662] [ 12.501847] The buggy address belongs to the physical page: [ 12.502416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.502972] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.503311] flags: 0x200000000000040(head|node=0|zone=2) [ 12.503595] page_type: f5(slab) [ 12.503754] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.503995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.504405] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.504749] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.505296] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.505673] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.506030] page dumped because: kasan: bad access detected [ 12.506253] [ 12.506363] Memory state around the buggy address: [ 12.506576] ffff88810034c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.506818] ffff88810034c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.507337] >ffff88810034c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.507623] ^ [ 12.507950] ffff88810034c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.508248] ffff88810034c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.508566] ================================================================== [ 12.655184] ================================================================== [ 12.656075] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.656445] Write of size 1 at addr ffff8881038d60da by task kunit_try_catch/179 [ 12.657056] [ 12.657295] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.657351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.657362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.657384] Call Trace: [ 12.657398] <TASK> [ 12.657415] dump_stack_lvl+0x73/0xb0 [ 12.657443] print_report+0xd1/0x610 [ 12.657464] ? __virt_addr_valid+0x1db/0x2d0 [ 12.657487] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.657509] ? kasan_addr_to_slab+0x11/0xa0 [ 12.657529] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.657551] kasan_report+0x141/0x180 [ 12.657572] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.657599] __asan_report_store1_noabort+0x1b/0x30 [ 12.657623] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.657647] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.657670] ? finish_task_switch.isra.0+0x153/0x700 [ 12.657694] ? __switch_to+0x47/0xf50 [ 12.657719] ? __schedule+0x10c6/0x2b60 [ 12.657740] ? __pfx_read_tsc+0x10/0x10 [ 12.657764] krealloc_large_less_oob+0x1c/0x30 [ 12.657785] kunit_try_run_case+0x1a5/0x480 [ 12.657810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.657831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.657867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.657890] ? __kthread_parkme+0x82/0x180 [ 12.657910] ? preempt_count_sub+0x50/0x80 [ 12.657932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.657955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.657977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.658001] kthread+0x337/0x6f0 [ 12.658019] ? trace_preempt_on+0x20/0xc0 [ 12.658043] ? __pfx_kthread+0x10/0x10 [ 12.658062] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.658083] ? calculate_sigpending+0x7b/0xa0 [ 12.658106] ? __pfx_kthread+0x10/0x10 [ 12.658127] ret_from_fork+0x116/0x1d0 [ 12.658155] ? __pfx_kthread+0x10/0x10 [ 12.658175] ret_from_fork_asm+0x1a/0x30 [ 12.658205] </TASK> [ 12.658215] [ 12.672257] The buggy address belongs to the physical page: [ 12.672911] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.673189] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.673478] flags: 0x200000000000040(head|node=0|zone=2) [ 12.673702] page_type: f8(unknown) [ 12.673866] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.674244] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.674579] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.674958] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.675265] head: 0200000000000002 ffffea00040e3501 00000000ffffffff 00000000ffffffff [ 12.675834] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.676190] page dumped because: kasan: bad access detected [ 12.676557] [ 12.676711] Memory state around the buggy address: [ 12.677032] ffff8881038d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.677325] ffff8881038d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.677650] >ffff8881038d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.677987] ^ [ 12.678244] ffff8881038d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.678611] ffff8881038d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.678870] ================================================================== [ 12.679388] ================================================================== [ 12.680127] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.680675] Write of size 1 at addr ffff8881038d60ea by task kunit_try_catch/179 [ 12.680974] [ 12.681094] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.681139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.681212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.681235] Call Trace: [ 12.681252] <TASK> [ 12.681267] dump_stack_lvl+0x73/0xb0 [ 12.681295] print_report+0xd1/0x610 [ 12.681318] ? __virt_addr_valid+0x1db/0x2d0 [ 12.681340] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.681362] ? kasan_addr_to_slab+0x11/0xa0 [ 12.681382] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.681406] kasan_report+0x141/0x180 [ 12.681463] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.681503] __asan_report_store1_noabort+0x1b/0x30 [ 12.681538] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.681562] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.681585] ? finish_task_switch.isra.0+0x153/0x700 [ 12.681607] ? __switch_to+0x47/0xf50 [ 12.681633] ? __schedule+0x10c6/0x2b60 [ 12.681657] ? __pfx_read_tsc+0x10/0x10 [ 12.681683] krealloc_large_less_oob+0x1c/0x30 [ 12.681706] kunit_try_run_case+0x1a5/0x480 [ 12.681731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.681752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.681775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.681797] ? __kthread_parkme+0x82/0x180 [ 12.681817] ? preempt_count_sub+0x50/0x80 [ 12.681839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.681914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.681937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.681993] kthread+0x337/0x6f0 [ 12.682012] ? trace_preempt_on+0x20/0xc0 [ 12.682034] ? __pfx_kthread+0x10/0x10 [ 12.682090] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.682112] ? calculate_sigpending+0x7b/0xa0 [ 12.682135] ? __pfx_kthread+0x10/0x10 [ 12.682170] ret_from_fork+0x116/0x1d0 [ 12.682188] ? __pfx_kthread+0x10/0x10 [ 12.682208] ret_from_fork_asm+0x1a/0x30 [ 12.682238] </TASK> [ 12.682248] [ 12.691223] The buggy address belongs to the physical page: [ 12.691514] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.692105] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.692506] flags: 0x200000000000040(head|node=0|zone=2) [ 12.692763] page_type: f8(unknown) [ 12.692943] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.693486] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.693811] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.694159] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.694592] head: 0200000000000002 ffffea00040e3501 00000000ffffffff 00000000ffffffff [ 12.694918] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.695426] page dumped because: kasan: bad access detected [ 12.695615] [ 12.695710] Memory state around the buggy address: [ 12.696194] ffff8881038d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.696437] ffff8881038d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.696977] >ffff8881038d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.697467] ^ [ 12.697738] ffff8881038d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.698129] ffff8881038d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.698467] ================================================================== [ 12.420760] ================================================================== [ 12.421348] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.421725] Write of size 1 at addr ffff88810034c4c9 by task kunit_try_catch/175 [ 12.422030] [ 12.422218] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.422269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.422281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.422303] Call Trace: [ 12.422316] <TASK> [ 12.422334] dump_stack_lvl+0x73/0xb0 [ 12.422366] print_report+0xd1/0x610 [ 12.422388] ? __virt_addr_valid+0x1db/0x2d0 [ 12.422412] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.422434] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.422455] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.422478] kasan_report+0x141/0x180 [ 12.422499] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.422527] __asan_report_store1_noabort+0x1b/0x30 [ 12.422550] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.422576] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.422599] ? finish_task_switch.isra.0+0x153/0x700 [ 12.422623] ? __switch_to+0x47/0xf50 [ 12.422652] ? __schedule+0x10c6/0x2b60 [ 12.422674] ? __pfx_read_tsc+0x10/0x10 [ 12.422698] krealloc_less_oob+0x1c/0x30 [ 12.422719] kunit_try_run_case+0x1a5/0x480 [ 12.422745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.422766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.422789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.422812] ? __kthread_parkme+0x82/0x180 [ 12.422832] ? preempt_count_sub+0x50/0x80 [ 12.422898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.422923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.422945] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.422968] kthread+0x337/0x6f0 [ 12.422987] ? trace_preempt_on+0x20/0xc0 [ 12.423010] ? __pfx_kthread+0x10/0x10 [ 12.423032] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.423053] ? calculate_sigpending+0x7b/0xa0 [ 12.423077] ? __pfx_kthread+0x10/0x10 [ 12.423098] ret_from_fork+0x116/0x1d0 [ 12.423116] ? __pfx_kthread+0x10/0x10 [ 12.423135] ret_from_fork_asm+0x1a/0x30 [ 12.423176] </TASK> [ 12.423187] [ 12.431369] Allocated by task 175: [ 12.431518] kasan_save_stack+0x45/0x70 [ 12.431674] kasan_save_track+0x18/0x40 [ 12.431813] kasan_save_alloc_info+0x3b/0x50 [ 12.432017] __kasan_krealloc+0x190/0x1f0 [ 12.432230] krealloc_noprof+0xf3/0x340 [ 12.432430] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.432834] krealloc_less_oob+0x1c/0x30 [ 12.432998] kunit_try_run_case+0x1a5/0x480 [ 12.433156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.433644] kthread+0x337/0x6f0 [ 12.433815] ret_from_fork+0x116/0x1d0 [ 12.434062] ret_from_fork_asm+0x1a/0x30 [ 12.434249] [ 12.434353] The buggy address belongs to the object at ffff88810034c400 [ 12.434353] which belongs to the cache kmalloc-256 of size 256 [ 12.434907] The buggy address is located 0 bytes to the right of [ 12.434907] allocated 201-byte region [ffff88810034c400, ffff88810034c4c9) [ 12.435433] [ 12.435534] The buggy address belongs to the physical page: [ 12.435789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.436235] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.436582] flags: 0x200000000000040(head|node=0|zone=2) [ 12.436779] page_type: f5(slab) [ 12.436907] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.437155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.437390] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.437772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.438512] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.438759] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.439383] page dumped because: kasan: bad access detected [ 12.439612] [ 12.439711] Memory state around the buggy address: [ 12.439981] ffff88810034c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.440218] ffff88810034c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.440684] >ffff88810034c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.441025] ^ [ 12.441294] ffff88810034c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.441701] ffff88810034c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.442037] ================================================================== [ 12.464832] ================================================================== [ 12.466161] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.466471] Write of size 1 at addr ffff88810034c4da by task kunit_try_catch/175 [ 12.466828] [ 12.466944] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.466988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.467000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.467022] Call Trace: [ 12.467034] <TASK> [ 12.467051] dump_stack_lvl+0x73/0xb0 [ 12.467077] print_report+0xd1/0x610 [ 12.467099] ? __virt_addr_valid+0x1db/0x2d0 [ 12.467121] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.467144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.467179] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.467202] kasan_report+0x141/0x180 [ 12.467223] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.467250] __asan_report_store1_noabort+0x1b/0x30 [ 12.467274] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.467298] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.467322] ? finish_task_switch.isra.0+0x153/0x700 [ 12.467343] ? __switch_to+0x47/0xf50 [ 12.467367] ? __schedule+0x10c6/0x2b60 [ 12.467389] ? __pfx_read_tsc+0x10/0x10 [ 12.467412] krealloc_less_oob+0x1c/0x30 [ 12.467432] kunit_try_run_case+0x1a5/0x480 [ 12.467456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467477] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.467500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.467522] ? __kthread_parkme+0x82/0x180 [ 12.467542] ? preempt_count_sub+0x50/0x80 [ 12.467564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.467609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.467632] kthread+0x337/0x6f0 [ 12.467650] ? trace_preempt_on+0x20/0xc0 [ 12.467673] ? __pfx_kthread+0x10/0x10 [ 12.467693] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.467713] ? calculate_sigpending+0x7b/0xa0 [ 12.467737] ? __pfx_kthread+0x10/0x10 [ 12.467757] ret_from_fork+0x116/0x1d0 [ 12.467775] ? __pfx_kthread+0x10/0x10 [ 12.467795] ret_from_fork_asm+0x1a/0x30 [ 12.467825] </TASK> [ 12.467835] [ 12.475790] Allocated by task 175: [ 12.475980] kasan_save_stack+0x45/0x70 [ 12.476205] kasan_save_track+0x18/0x40 [ 12.476407] kasan_save_alloc_info+0x3b/0x50 [ 12.477040] __kasan_krealloc+0x190/0x1f0 [ 12.477243] krealloc_noprof+0xf3/0x340 [ 12.477476] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.477659] krealloc_less_oob+0x1c/0x30 [ 12.477803] kunit_try_run_case+0x1a5/0x480 [ 12.477955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.478135] kthread+0x337/0x6f0 [ 12.478317] ret_from_fork+0x116/0x1d0 [ 12.478573] ret_from_fork_asm+0x1a/0x30 [ 12.478773] [ 12.478874] The buggy address belongs to the object at ffff88810034c400 [ 12.478874] which belongs to the cache kmalloc-256 of size 256 [ 12.479345] The buggy address is located 17 bytes to the right of [ 12.479345] allocated 201-byte region [ffff88810034c400, ffff88810034c4c9) [ 12.480032] [ 12.480136] The buggy address belongs to the physical page: [ 12.480357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.480716] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.481221] flags: 0x200000000000040(head|node=0|zone=2) [ 12.481557] page_type: f5(slab) [ 12.481718] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.482045] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.482363] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.482706] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.483084] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.483473] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.483790] page dumped because: kasan: bad access detected [ 12.484171] [ 12.484276] Memory state around the buggy address: [ 12.484475] ffff88810034c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.484721] ffff88810034c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.485094] >ffff88810034c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.485513] ^ [ 12.485769] ffff88810034c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.486040] ffff88810034c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.486642] ================================================================== [ 12.626086] ================================================================== [ 12.626364] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.626693] Write of size 1 at addr ffff8881038d60d0 by task kunit_try_catch/179 [ 12.627417] [ 12.627521] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.627566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.627577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.627601] Call Trace: [ 12.627619] <TASK> [ 12.627637] dump_stack_lvl+0x73/0xb0 [ 12.627666] print_report+0xd1/0x610 [ 12.627688] ? __virt_addr_valid+0x1db/0x2d0 [ 12.627710] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.627744] ? kasan_addr_to_slab+0x11/0xa0 [ 12.627763] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.627786] kasan_report+0x141/0x180 [ 12.627806] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.627834] __asan_report_store1_noabort+0x1b/0x30 [ 12.628059] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.628089] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.628112] ? finish_task_switch.isra.0+0x153/0x700 [ 12.628134] ? __switch_to+0x47/0xf50 [ 12.628173] ? __schedule+0x10c6/0x2b60 [ 12.628195] ? __pfx_read_tsc+0x10/0x10 [ 12.628218] krealloc_large_less_oob+0x1c/0x30 [ 12.628240] kunit_try_run_case+0x1a5/0x480 [ 12.628264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.628286] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.628309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.628335] ? __kthread_parkme+0x82/0x180 [ 12.628355] ? preempt_count_sub+0x50/0x80 [ 12.628377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.628399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.628421] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.628444] kthread+0x337/0x6f0 [ 12.628462] ? trace_preempt_on+0x20/0xc0 [ 12.628485] ? __pfx_kthread+0x10/0x10 [ 12.628504] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.628525] ? calculate_sigpending+0x7b/0xa0 [ 12.628547] ? __pfx_kthread+0x10/0x10 [ 12.628568] ret_from_fork+0x116/0x1d0 [ 12.628585] ? __pfx_kthread+0x10/0x10 [ 12.628605] ret_from_fork_asm+0x1a/0x30 [ 12.628637] </TASK> [ 12.628648] [ 12.643706] The buggy address belongs to the physical page: [ 12.643981] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.644721] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.645450] flags: 0x200000000000040(head|node=0|zone=2) [ 12.645962] page_type: f8(unknown) [ 12.646363] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.646776] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.647567] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.648275] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.648972] head: 0200000000000002 ffffea00040e3501 00000000ffffffff 00000000ffffffff [ 12.649225] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.649709] page dumped because: kasan: bad access detected [ 12.650307] [ 12.650466] Memory state around the buggy address: [ 12.650887] ffff8881038d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.651776] ffff8881038d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.652433] >ffff8881038d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.652802] ^ [ 12.653329] ffff8881038d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.653999] ffff8881038d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.654283] ================================================================== [ 12.698841] ================================================================== [ 12.699220] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.699637] Write of size 1 at addr ffff8881038d60eb by task kunit_try_catch/179 [ 12.700098] [ 12.700360] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.700404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.700416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.700436] Call Trace: [ 12.700452] <TASK> [ 12.700468] dump_stack_lvl+0x73/0xb0 [ 12.700495] print_report+0xd1/0x610 [ 12.700516] ? __virt_addr_valid+0x1db/0x2d0 [ 12.700537] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.700560] ? kasan_addr_to_slab+0x11/0xa0 [ 12.700579] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.700602] kasan_report+0x141/0x180 [ 12.700623] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.700650] __asan_report_store1_noabort+0x1b/0x30 [ 12.700673] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.700698] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.700721] ? finish_task_switch.isra.0+0x153/0x700 [ 12.700742] ? __switch_to+0x47/0xf50 [ 12.700766] ? __schedule+0x10c6/0x2b60 [ 12.700787] ? __pfx_read_tsc+0x10/0x10 [ 12.700810] krealloc_large_less_oob+0x1c/0x30 [ 12.700831] kunit_try_run_case+0x1a5/0x480 [ 12.700854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.700876] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.700898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.700920] ? __kthread_parkme+0x82/0x180 [ 12.700940] ? preempt_count_sub+0x50/0x80 [ 12.700961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.700984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.701006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.701028] kthread+0x337/0x6f0 [ 12.701047] ? trace_preempt_on+0x20/0xc0 [ 12.701069] ? __pfx_kthread+0x10/0x10 [ 12.701089] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.701109] ? calculate_sigpending+0x7b/0xa0 [ 12.701131] ? __pfx_kthread+0x10/0x10 [ 12.701163] ret_from_fork+0x116/0x1d0 [ 12.701181] ? __pfx_kthread+0x10/0x10 [ 12.701202] ret_from_fork_asm+0x1a/0x30 [ 12.701233] </TASK> [ 12.701243] [ 12.710881] The buggy address belongs to the physical page: [ 12.711209] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.711992] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.712497] flags: 0x200000000000040(head|node=0|zone=2) [ 12.712795] page_type: f8(unknown) [ 12.713179] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.713765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.714215] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.714716] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.715304] head: 0200000000000002 ffffea00040e3501 00000000ffffffff 00000000ffffffff [ 12.715639] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.716045] page dumped because: kasan: bad access detected [ 12.716523] [ 12.716604] Memory state around the buggy address: [ 12.716842] ffff8881038d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.717349] ffff8881038d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.717804] >ffff8881038d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.718187] ^ [ 12.718588] ffff8881038d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.718901] ffff8881038d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.719432] ================================================================== [ 12.598225] ================================================================== [ 12.599543] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.600351] Write of size 1 at addr ffff8881038d60c9 by task kunit_try_catch/179 [ 12.601065] [ 12.601266] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.601314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.601325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.601347] Call Trace: [ 12.601360] <TASK> [ 12.601378] dump_stack_lvl+0x73/0xb0 [ 12.601431] print_report+0xd1/0x610 [ 12.601453] ? __virt_addr_valid+0x1db/0x2d0 [ 12.601476] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.601498] ? kasan_addr_to_slab+0x11/0xa0 [ 12.601520] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.601542] kasan_report+0x141/0x180 [ 12.601565] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.601593] __asan_report_store1_noabort+0x1b/0x30 [ 12.601617] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.601641] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.601664] ? finish_task_switch.isra.0+0x153/0x700 [ 12.601687] ? __switch_to+0x47/0xf50 [ 12.601714] ? __schedule+0x10c6/0x2b60 [ 12.601736] ? __pfx_read_tsc+0x10/0x10 [ 12.601760] krealloc_large_less_oob+0x1c/0x30 [ 12.601781] kunit_try_run_case+0x1a5/0x480 [ 12.601806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.601828] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.601852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.601875] ? __kthread_parkme+0x82/0x180 [ 12.601895] ? preempt_count_sub+0x50/0x80 [ 12.601917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.601940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.601962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.601984] kthread+0x337/0x6f0 [ 12.602002] ? trace_preempt_on+0x20/0xc0 [ 12.602024] ? __pfx_kthread+0x10/0x10 [ 12.602044] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.602064] ? calculate_sigpending+0x7b/0xa0 [ 12.602087] ? __pfx_kthread+0x10/0x10 [ 12.602108] ret_from_fork+0x116/0x1d0 [ 12.602125] ? __pfx_kthread+0x10/0x10 [ 12.602154] ret_from_fork_asm+0x1a/0x30 [ 12.602184] </TASK> [ 12.602194] [ 12.616138] The buggy address belongs to the physical page: [ 12.616358] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.617189] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.617902] flags: 0x200000000000040(head|node=0|zone=2) [ 12.618477] page_type: f8(unknown) [ 12.618798] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.619269] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.619976] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.620331] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.621069] head: 0200000000000002 ffffea00040e3501 00000000ffffffff 00000000ffffffff [ 12.621492] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.621715] page dumped because: kasan: bad access detected [ 12.621945] [ 12.622108] Memory state around the buggy address: [ 12.622564] ffff8881038d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.623215] ffff8881038d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.623830] >ffff8881038d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.624538] ^ [ 12.625083] ffff8881038d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.625429] ffff8881038d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.625639] ================================================================== [ 12.509005] ================================================================== [ 12.509319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.509672] Write of size 1 at addr ffff88810034c4eb by task kunit_try_catch/175 [ 12.510002] [ 12.510121] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.510325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.510339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.510360] Call Trace: [ 12.510377] <TASK> [ 12.510393] dump_stack_lvl+0x73/0xb0 [ 12.510423] print_report+0xd1/0x610 [ 12.510444] ? __virt_addr_valid+0x1db/0x2d0 [ 12.510466] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.510489] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.510511] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.510533] kasan_report+0x141/0x180 [ 12.510554] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.510581] __asan_report_store1_noabort+0x1b/0x30 [ 12.510605] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.510630] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.510653] ? finish_task_switch.isra.0+0x153/0x700 [ 12.510675] ? __switch_to+0x47/0xf50 [ 12.510699] ? __schedule+0x10c6/0x2b60 [ 12.510720] ? __pfx_read_tsc+0x10/0x10 [ 12.510743] krealloc_less_oob+0x1c/0x30 [ 12.510764] kunit_try_run_case+0x1a5/0x480 [ 12.510787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.510809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.510831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.510906] ? __kthread_parkme+0x82/0x180 [ 12.510926] ? preempt_count_sub+0x50/0x80 [ 12.510948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.510972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.510995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.511017] kthread+0x337/0x6f0 [ 12.511037] ? trace_preempt_on+0x20/0xc0 [ 12.511059] ? __pfx_kthread+0x10/0x10 [ 12.511079] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.511100] ? calculate_sigpending+0x7b/0xa0 [ 12.511123] ? __pfx_kthread+0x10/0x10 [ 12.511157] ret_from_fork+0x116/0x1d0 [ 12.511176] ? __pfx_kthread+0x10/0x10 [ 12.511196] ret_from_fork_asm+0x1a/0x30 [ 12.511226] </TASK> [ 12.511235] [ 12.519633] Allocated by task 175: [ 12.519775] kasan_save_stack+0x45/0x70 [ 12.520194] kasan_save_track+0x18/0x40 [ 12.520462] kasan_save_alloc_info+0x3b/0x50 [ 12.520651] __kasan_krealloc+0x190/0x1f0 [ 12.520832] krealloc_noprof+0xf3/0x340 [ 12.521035] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.521276] krealloc_less_oob+0x1c/0x30 [ 12.521509] kunit_try_run_case+0x1a5/0x480 [ 12.521721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.522288] kthread+0x337/0x6f0 [ 12.522467] ret_from_fork+0x116/0x1d0 [ 12.522631] ret_from_fork_asm+0x1a/0x30 [ 12.522832] [ 12.522952] The buggy address belongs to the object at ffff88810034c400 [ 12.522952] which belongs to the cache kmalloc-256 of size 256 [ 12.523552] The buggy address is located 34 bytes to the right of [ 12.523552] allocated 201-byte region [ffff88810034c400, ffff88810034c4c9) [ 12.524306] [ 12.524424] The buggy address belongs to the physical page: [ 12.524636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.525016] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.525386] flags: 0x200000000000040(head|node=0|zone=2) [ 12.525601] page_type: f5(slab) [ 12.525760] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.526140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.526478] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.526713] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.526948] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.527244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.527868] page dumped because: kasan: bad access detected [ 12.528624] [ 12.528798] Memory state around the buggy address: [ 12.529340] ffff88810034c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.530009] ffff88810034c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.530770] >ffff88810034c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.531435] ^ [ 12.532039] ffff88810034c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.532418] ffff88810034c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.532639] ================================================================== [ 12.442683] ================================================================== [ 12.443180] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.443541] Write of size 1 at addr ffff88810034c4d0 by task kunit_try_catch/175 [ 12.443822] [ 12.443914] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.443958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.443969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.443991] Call Trace: [ 12.444003] <TASK> [ 12.444018] dump_stack_lvl+0x73/0xb0 [ 12.444046] print_report+0xd1/0x610 [ 12.444067] ? __virt_addr_valid+0x1db/0x2d0 [ 12.444089] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.444112] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.444133] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.444167] kasan_report+0x141/0x180 [ 12.444189] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.444217] __asan_report_store1_noabort+0x1b/0x30 [ 12.444241] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.444266] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.444350] ? finish_task_switch.isra.0+0x153/0x700 [ 12.444374] ? __switch_to+0x47/0xf50 [ 12.444399] ? __schedule+0x10c6/0x2b60 [ 12.444421] ? __pfx_read_tsc+0x10/0x10 [ 12.444444] krealloc_less_oob+0x1c/0x30 [ 12.444465] kunit_try_run_case+0x1a5/0x480 [ 12.444489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.444511] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.444535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.444558] ? __kthread_parkme+0x82/0x180 [ 12.444577] ? preempt_count_sub+0x50/0x80 [ 12.444599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.444621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.444644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.444666] kthread+0x337/0x6f0 [ 12.444685] ? trace_preempt_on+0x20/0xc0 [ 12.444708] ? __pfx_kthread+0x10/0x10 [ 12.444727] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.444748] ? calculate_sigpending+0x7b/0xa0 [ 12.444771] ? __pfx_kthread+0x10/0x10 [ 12.444792] ret_from_fork+0x116/0x1d0 [ 12.444809] ? __pfx_kthread+0x10/0x10 [ 12.444829] ret_from_fork_asm+0x1a/0x30 [ 12.444858] </TASK> [ 12.444869] [ 12.453432] Allocated by task 175: [ 12.453607] kasan_save_stack+0x45/0x70 [ 12.453817] kasan_save_track+0x18/0x40 [ 12.453977] kasan_save_alloc_info+0x3b/0x50 [ 12.454199] __kasan_krealloc+0x190/0x1f0 [ 12.454386] krealloc_noprof+0xf3/0x340 [ 12.454570] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.454737] krealloc_less_oob+0x1c/0x30 [ 12.454879] kunit_try_run_case+0x1a5/0x480 [ 12.455030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.455247] kthread+0x337/0x6f0 [ 12.455418] ret_from_fork+0x116/0x1d0 [ 12.455615] ret_from_fork_asm+0x1a/0x30 [ 12.455814] [ 12.455913] The buggy address belongs to the object at ffff88810034c400 [ 12.455913] which belongs to the cache kmalloc-256 of size 256 [ 12.456796] The buggy address is located 7 bytes to the right of [ 12.456796] allocated 201-byte region [ffff88810034c400, ffff88810034c4c9) [ 12.457574] [ 12.457683] The buggy address belongs to the physical page: [ 12.457907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034c [ 12.458457] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.458762] flags: 0x200000000000040(head|node=0|zone=2) [ 12.459085] page_type: f5(slab) [ 12.459236] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.459548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.459897] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.460591] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.460988] head: 0200000000000001 ffffea000400d301 00000000ffffffff 00000000ffffffff [ 12.461265] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.461624] page dumped because: kasan: bad access detected [ 12.461912] [ 12.462012] Memory state around the buggy address: [ 12.462196] ffff88810034c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.462460] ffff88810034c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.462786] >ffff88810034c480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.463158] ^ [ 12.463504] ffff88810034c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.463777] ffff88810034c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.464158] ==================================================================