Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.159714] ================================================================== [ 105.161761] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x5b0 [ 105.162793] Write of size 1 at addr ffff0000c62606d0 by task kunit_try_catch/214 [ 105.163675] [ 105.163950] CPU: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.164775] Hardware name: linux,dummy-virt (DT) [ 105.165441] Call trace: [ 105.165848] dump_backtrace+0xe0/0x134 [ 105.166434] show_stack+0x20/0x2c [ 105.166964] dump_stack_lvl+0x88/0xb4 [ 105.167567] print_report+0x158/0x44c [ 105.168129] kasan_report+0xc8/0x180 [ 105.168827] __asan_store1+0x68/0x7c [ 105.169215] krealloc_less_oob_helper+0x140/0x5b0 [ 105.169680] krealloc_less_oob+0x20/0x30 [ 105.170061] kunit_try_run_case+0x8c/0x124 [ 105.170468] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.170982] kthread+0x15c/0x170 [ 105.171458] ret_from_fork+0x10/0x20 [ 105.171923] [ 105.172136] Allocated by task 214: [ 105.172495] kasan_save_stack+0x3c/0x70 [ 105.173294] kasan_set_track+0x2c/0x40 [ 105.173900] kasan_save_alloc_info+0x24/0x34 [ 105.174547] __kasan_krealloc+0x10c/0x140 [ 105.175165] krealloc+0x158/0x1c0 [ 105.175692] krealloc_less_oob_helper+0xd8/0x5b0 [ 105.176570] krealloc_less_oob+0x20/0x30 [ 105.177250] kunit_try_run_case+0x8c/0x124 [ 105.177898] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.178674] kthread+0x15c/0x170 [ 105.179222] ret_from_fork+0x10/0x20 [ 105.179791] [ 105.180069] The buggy address belongs to the object at ffff0000c6260600 [ 105.180069] which belongs to the cache kmalloc-256 of size 256 [ 105.182350] The buggy address is located 208 bytes inside of [ 105.182350] 256-byte region [ffff0000c6260600, ffff0000c6260700) [ 105.183275] [ 105.183461] The buggy address belongs to the physical page: [ 105.183847] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.185001] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.185495] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.186247] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.186823] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.187306] page dumped because: kasan: bad access detected [ 105.187680] [ 105.187963] Memory state around the buggy address: [ 105.188806] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.189681] ffff0000c6260600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.190570] >ffff0000c6260680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 105.191410] ^ [ 105.192135] ffff0000c6260700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.193336] ffff0000c6260780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.194237] ================================================================== [ 105.225303] ================================================================== [ 105.225910] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b0/0x5b0 [ 105.226684] Write of size 1 at addr ffff0000c62606ea by task kunit_try_catch/214 [ 105.227283] [ 105.227526] CPU: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.228274] Hardware name: linux,dummy-virt (DT) [ 105.229455] Call trace: [ 105.229764] dump_backtrace+0xe0/0x134 [ 105.230222] show_stack+0x20/0x2c [ 105.230611] dump_stack_lvl+0x88/0xb4 [ 105.231103] print_report+0x158/0x44c [ 105.231525] kasan_report+0xc8/0x180 [ 105.231952] __asan_store1+0x68/0x7c [ 105.232411] krealloc_less_oob_helper+0x1b0/0x5b0 [ 105.232949] krealloc_less_oob+0x20/0x30 [ 105.233390] kunit_try_run_case+0x8c/0x124 [ 105.233874] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.234423] kthread+0x15c/0x170 [ 105.235035] ret_from_fork+0x10/0x20 [ 105.235482] [ 105.235687] Allocated by task 214: [ 105.236030] kasan_save_stack+0x3c/0x70 [ 105.236691] kasan_set_track+0x2c/0x40 [ 105.237128] kasan_save_alloc_info+0x24/0x34 [ 105.237631] __kasan_krealloc+0x10c/0x140 [ 105.238112] krealloc+0x158/0x1c0 [ 105.238521] krealloc_less_oob_helper+0xd8/0x5b0 [ 105.239023] krealloc_less_oob+0x20/0x30 [ 105.239455] kunit_try_run_case+0x8c/0x124 [ 105.239921] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.240663] kthread+0x15c/0x170 [ 105.241080] ret_from_fork+0x10/0x20 [ 105.241511] [ 105.241708] The buggy address belongs to the object at ffff0000c6260600 [ 105.241708] which belongs to the cache kmalloc-256 of size 256 [ 105.242622] The buggy address is located 234 bytes inside of [ 105.242622] 256-byte region [ffff0000c6260600, ffff0000c6260700) [ 105.243524] [ 105.243760] The buggy address belongs to the physical page: [ 105.244221] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.245192] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.245823] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.246496] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.247170] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.247800] page dumped because: kasan: bad access detected [ 105.248276] [ 105.249314] Memory state around the buggy address: [ 105.249754] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.250362] ffff0000c6260600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.250988] >ffff0000c6260680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 105.251570] ^ [ 105.252132] ffff0000c6260700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.253078] ffff0000c6260780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.253646] ================================================================== [ 105.442803] ================================================================== [ 105.443374] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1d4/0x5b0 [ 105.444511] Write of size 1 at addr ffff0000c68420eb by task kunit_try_catch/216 [ 105.445658] [ 105.445957] CPU: 1 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.446517] Hardware name: linux,dummy-virt (DT) [ 105.446866] Call trace: [ 105.447176] dump_backtrace+0xe0/0x134 [ 105.447567] show_stack+0x20/0x2c [ 105.448027] dump_stack_lvl+0x88/0xb4 [ 105.448552] print_report+0x158/0x44c [ 105.448920] kasan_report+0xc8/0x180 [ 105.449288] __asan_store1+0x68/0x7c [ 105.449775] krealloc_less_oob_helper+0x1d4/0x5b0 [ 105.450398] krealloc_pagealloc_less_oob+0x20/0x30 [ 105.450968] kunit_try_run_case+0x8c/0x124 [ 105.451497] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.452105] kthread+0x15c/0x170 [ 105.452524] ret_from_fork+0x10/0x20 [ 105.453005] [ 105.453585] The buggy address belongs to the physical page: [ 105.453989] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.454584] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.455438] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.456215] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.457365] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.458090] page dumped because: kasan: bad access detected [ 105.458515] [ 105.458701] Memory state around the buggy address: [ 105.459317] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.459953] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.460932] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 105.461490] ^ [ 105.462050] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.462677] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.463257] ================================================================== [ 105.254674] ================================================================== [ 105.255222] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1d4/0x5b0 [ 105.255955] Write of size 1 at addr ffff0000c62606eb by task kunit_try_catch/214 [ 105.256897] [ 105.257151] CPU: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.257841] Hardware name: linux,dummy-virt (DT) [ 105.258267] Call trace: [ 105.258528] dump_backtrace+0xe0/0x134 [ 105.259002] show_stack+0x20/0x2c [ 105.259362] dump_stack_lvl+0x88/0xb4 [ 105.259834] print_report+0x158/0x44c [ 105.260261] kasan_report+0xc8/0x180 [ 105.260704] __asan_store1+0x68/0x7c [ 105.261120] krealloc_less_oob_helper+0x1d4/0x5b0 [ 105.261631] krealloc_less_oob+0x20/0x30 [ 105.262051] kunit_try_run_case+0x8c/0x124 [ 105.262508] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.263296] kthread+0x15c/0x170 [ 105.263728] ret_from_fork+0x10/0x20 [ 105.264142] [ 105.264359] Allocated by task 214: [ 105.264908] kasan_save_stack+0x3c/0x70 [ 105.265361] kasan_set_track+0x2c/0x40 [ 105.265773] kasan_save_alloc_info+0x24/0x34 [ 105.266270] __kasan_krealloc+0x10c/0x140 [ 105.266694] krealloc+0x158/0x1c0 [ 105.267117] krealloc_less_oob_helper+0xd8/0x5b0 [ 105.267620] krealloc_less_oob+0x20/0x30 [ 105.268052] kunit_try_run_case+0x8c/0x124 [ 105.268683] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.269248] kthread+0x15c/0x170 [ 105.269664] ret_from_fork+0x10/0x20 [ 105.270102] [ 105.270297] The buggy address belongs to the object at ffff0000c6260600 [ 105.270297] which belongs to the cache kmalloc-256 of size 256 [ 105.271284] The buggy address is located 235 bytes inside of [ 105.271284] 256-byte region [ffff0000c6260600, ffff0000c6260700) [ 105.272196] [ 105.272609] The buggy address belongs to the physical page: [ 105.273127] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.273866] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.274486] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.275160] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.275830] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.277702] page dumped because: kasan: bad access detected [ 105.278209] [ 105.278403] Memory state around the buggy address: [ 105.278885] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.279503] ffff0000c6260600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.280149] >ffff0000c6260680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 105.281038] ^ [ 105.281594] ffff0000c6260700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.282227] ffff0000c6260780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.282828] ================================================================== [ 105.195379] ================================================================== [ 105.196249] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x188/0x5b0 [ 105.197831] Write of size 1 at addr ffff0000c62606da by task kunit_try_catch/214 [ 105.198338] [ 105.198537] CPU: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.199184] Hardware name: linux,dummy-virt (DT) [ 105.199621] Call trace: [ 105.199942] dump_backtrace+0xe0/0x134 [ 105.200406] show_stack+0x20/0x2c [ 105.200812] dump_stack_lvl+0x88/0xb4 [ 105.201314] print_report+0x158/0x44c [ 105.201719] kasan_report+0xc8/0x180 [ 105.202336] __asan_store1+0x68/0x7c [ 105.202731] krealloc_less_oob_helper+0x188/0x5b0 [ 105.203275] krealloc_less_oob+0x20/0x30 [ 105.203715] kunit_try_run_case+0x8c/0x124 [ 105.204203] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.204962] kthread+0x15c/0x170 [ 105.205377] ret_from_fork+0x10/0x20 [ 105.205816] [ 105.206027] Allocated by task 214: [ 105.206376] kasan_save_stack+0x3c/0x70 [ 105.206840] kasan_set_track+0x2c/0x40 [ 105.207287] kasan_save_alloc_info+0x24/0x34 [ 105.207764] __kasan_krealloc+0x10c/0x140 [ 105.208224] krealloc+0x158/0x1c0 [ 105.208809] krealloc_less_oob_helper+0xd8/0x5b0 [ 105.209383] krealloc_less_oob+0x20/0x30 [ 105.209827] kunit_try_run_case+0x8c/0x124 [ 105.210306] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.210868] kthread+0x15c/0x170 [ 105.211284] ret_from_fork+0x10/0x20 [ 105.211707] [ 105.211944] The buggy address belongs to the object at ffff0000c6260600 [ 105.211944] which belongs to the cache kmalloc-256 of size 256 [ 105.213157] The buggy address is located 218 bytes inside of [ 105.213157] 256-byte region [ffff0000c6260600, ffff0000c6260700) [ 105.214092] [ 105.214300] The buggy address belongs to the physical page: [ 105.214764] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.215545] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.216176] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.217802] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.218479] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.219115] page dumped because: kasan: bad access detected [ 105.219616] [ 105.219825] Memory state around the buggy address: [ 105.220300] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.221168] ffff0000c6260600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.221794] >ffff0000c6260680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 105.222385] ^ [ 105.222903] ffff0000c6260700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.223524] ffff0000c6260780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.224124] ================================================================== [ 105.371222] ================================================================== [ 105.371688] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x5b0 [ 105.373223] Write of size 1 at addr ffff0000c68420d0 by task kunit_try_catch/216 [ 105.373941] [ 105.374177] CPU: 1 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.374918] Hardware name: linux,dummy-virt (DT) [ 105.375370] Call trace: [ 105.375645] dump_backtrace+0xe0/0x134 [ 105.376118] show_stack+0x20/0x2c [ 105.376723] dump_stack_lvl+0x88/0xb4 [ 105.377197] print_report+0x158/0x44c [ 105.378476] kasan_report+0xc8/0x180 [ 105.378964] __asan_store1+0x68/0x7c [ 105.379435] krealloc_less_oob_helper+0x140/0x5b0 [ 105.379990] krealloc_pagealloc_less_oob+0x20/0x30 [ 105.380948] kunit_try_run_case+0x8c/0x124 [ 105.381487] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.382068] kthread+0x15c/0x170 [ 105.382516] ret_from_fork+0x10/0x20 [ 105.383009] [ 105.383228] The buggy address belongs to the physical page: [ 105.383732] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.384686] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.385301] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.386675] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.387390] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.388047] page dumped because: kasan: bad access detected [ 105.388590] [ 105.388803] Memory state around the buggy address: [ 105.389268] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.389951] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.390527] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 105.391504] ^ [ 105.392077] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.393504] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.394161] ================================================================== [ 105.395636] ================================================================== [ 105.397013] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x188/0x5b0 [ 105.397796] Write of size 1 at addr ffff0000c68420da by task kunit_try_catch/216 [ 105.398488] [ 105.398762] CPU: 1 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.399555] Hardware name: linux,dummy-virt (DT) [ 105.400037] Call trace: [ 105.400358] dump_backtrace+0xe0/0x134 [ 105.400820] show_stack+0x20/0x2c [ 105.402020] dump_stack_lvl+0x88/0xb4 [ 105.402490] print_report+0x158/0x44c [ 105.402938] kasan_report+0xc8/0x180 [ 105.403366] __asan_store1+0x68/0x7c [ 105.403838] krealloc_less_oob_helper+0x188/0x5b0 [ 105.404392] krealloc_pagealloc_less_oob+0x20/0x30 [ 105.404931] kunit_try_run_case+0x8c/0x124 [ 105.405770] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.406351] kthread+0x15c/0x170 [ 105.406814] ret_from_fork+0x10/0x20 [ 105.407285] [ 105.407503] The buggy address belongs to the physical page: [ 105.408030] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.409608] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.410242] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.410946] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.411642] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.412266] page dumped because: kasan: bad access detected [ 105.413075] [ 105.413323] Memory state around the buggy address: [ 105.413814] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.414459] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.415114] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 105.415713] ^ [ 105.416281] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.417703] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.418346] ================================================================== [ 105.342897] ================================================================== [ 105.343707] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5b0 [ 105.344345] Write of size 1 at addr ffff0000c68420c9 by task kunit_try_catch/216 [ 105.345992] [ 105.346317] CPU: 1 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.347421] Hardware name: linux,dummy-virt (DT) [ 105.348041] Call trace: [ 105.348442] dump_backtrace+0xe0/0x134 [ 105.349429] show_stack+0x20/0x2c [ 105.350000] dump_stack_lvl+0x88/0xb4 [ 105.350634] print_report+0x158/0x44c [ 105.351210] kasan_report+0xc8/0x180 [ 105.351812] __asan_store1+0x68/0x7c [ 105.352646] krealloc_less_oob_helper+0x114/0x5b0 [ 105.353579] krealloc_pagealloc_less_oob+0x20/0x30 [ 105.354296] kunit_try_run_case+0x8c/0x124 [ 105.354965] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.355781] kthread+0x15c/0x170 [ 105.356218] ret_from_fork+0x10/0x20 [ 105.357288] [ 105.357609] The buggy address belongs to the physical page: [ 105.358321] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.359135] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.359617] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.360165] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.361412] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.362340] page dumped because: kasan: bad access detected [ 105.363048] [ 105.363345] Memory state around the buggy address: [ 105.363996] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.365129] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.366242] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 105.367128] ^ [ 105.367851] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.368970] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.370022] ================================================================== [ 105.419356] ================================================================== [ 105.419954] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b0/0x5b0 [ 105.420827] Write of size 1 at addr ffff0000c68420ea by task kunit_try_catch/216 [ 105.421999] [ 105.422476] CPU: 1 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.423196] Hardware name: linux,dummy-virt (DT) [ 105.423644] Call trace: [ 105.423919] dump_backtrace+0xe0/0x134 [ 105.424375] show_stack+0x20/0x2c [ 105.425580] dump_stack_lvl+0x88/0xb4 [ 105.426056] print_report+0x158/0x44c [ 105.426497] kasan_report+0xc8/0x180 [ 105.426939] __asan_store1+0x68/0x7c [ 105.427411] krealloc_less_oob_helper+0x1b0/0x5b0 [ 105.428005] krealloc_pagealloc_less_oob+0x20/0x30 [ 105.428702] kunit_try_run_case+0x8c/0x124 [ 105.429269] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.430006] kthread+0x15c/0x170 [ 105.430434] ret_from_fork+0x10/0x20 [ 105.430900] [ 105.431120] The buggy address belongs to the physical page: [ 105.431585] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.432363] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.433810] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.434515] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.435221] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.435844] page dumped because: kasan: bad access detected [ 105.436334] [ 105.436626] Memory state around the buggy address: [ 105.437383] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.438026] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.438676] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 105.439263] ^ [ 105.439861] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.440484] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.441102] ================================================================== [ 105.128376] ================================================================== [ 105.129952] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5b0 [ 105.130981] Write of size 1 at addr ffff0000c62606c9 by task kunit_try_catch/214 [ 105.131870] [ 105.132157] CPU: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.133296] Hardware name: linux,dummy-virt (DT) [ 105.134003] Call trace: [ 105.134318] dump_backtrace+0xe0/0x134 [ 105.134689] show_stack+0x20/0x2c [ 105.135105] dump_stack_lvl+0x88/0xb4 [ 105.135533] print_report+0x158/0x44c [ 105.135992] kasan_report+0xc8/0x180 [ 105.136643] __asan_store1+0x68/0x7c [ 105.137077] krealloc_less_oob_helper+0x114/0x5b0 [ 105.137591] krealloc_less_oob+0x20/0x30 [ 105.138042] kunit_try_run_case+0x8c/0x124 [ 105.138489] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.139035] kthread+0x15c/0x170 [ 105.139413] ret_from_fork+0x10/0x20 [ 105.139813] [ 105.140028] Allocated by task 214: [ 105.140368] kasan_save_stack+0x3c/0x70 [ 105.140839] kasan_set_track+0x2c/0x40 [ 105.141279] kasan_save_alloc_info+0x24/0x34 [ 105.141734] __kasan_krealloc+0x10c/0x140 [ 105.142204] krealloc+0x158/0x1c0 [ 105.142610] krealloc_less_oob_helper+0xd8/0x5b0 [ 105.143324] krealloc_less_oob+0x20/0x30 [ 105.143779] kunit_try_run_case+0x8c/0x124 [ 105.144209] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.145606] kthread+0x15c/0x170 [ 105.146068] ret_from_fork+0x10/0x20 [ 105.146510] [ 105.146701] The buggy address belongs to the object at ffff0000c6260600 [ 105.146701] which belongs to the cache kmalloc-256 of size 256 [ 105.147651] The buggy address is located 201 bytes inside of [ 105.147651] 256-byte region [ffff0000c6260600, ffff0000c6260700) [ 105.148769] [ 105.148985] The buggy address belongs to the physical page: [ 105.149442] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.150210] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.150845] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.151546] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.152180] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.153052] page dumped because: kasan: bad access detected [ 105.153536] [ 105.153721] Memory state around the buggy address: [ 105.154216] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.154853] ffff0000c6260600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.155457] >ffff0000c6260680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 105.156060] ^ [ 105.156825] ffff0000c6260700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.157422] ffff0000c6260780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.158157] ==================================================================
[ 75.141585] ================================================================== [ 75.142449] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x158/0x4b8 [ 75.143460] Write of size 1 at addr ffff0000c5a260d0 by task kunit_try_catch/132 [ 75.144319] [ 75.144514] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.145824] Hardware name: linux,dummy-virt (DT) [ 75.146439] Call trace: [ 75.146823] dump_backtrace+0xf8/0x118 [ 75.147454] show_stack+0x18/0x24 [ 75.147939] __dump_stack+0x28/0x38 [ 75.148322] dump_stack_lvl+0x54/0x6c [ 75.149031] print_address_description+0x7c/0x1ec [ 75.149793] print_report+0x50/0x68 [ 75.150400] kasan_report+0xac/0x100 [ 75.151016] __asan_store1+0x6c/0x70 [ 75.151622] krealloc_less_oob_helper+0x158/0x4b8 [ 75.152339] krealloc_pagealloc_less_oob+0x18/0x24 [ 75.153233] kunit_try_run_case+0x80/0x184 [ 75.153911] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.154705] kthread+0x16c/0x21c [ 75.155240] ret_from_fork+0x10/0x20 [ 75.155617] [ 75.155812] The buggy address belongs to the physical page: [ 75.156296] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.157256] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.157883] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.158564] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.159262] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.159858] page dumped because: kasan: bad access detected [ 75.160305] [ 75.160521] Memory state around the buggy address: [ 75.160954] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.161570] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.162228] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 75.162977] ^ [ 75.163509] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.164150] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.165285] ================================================================== [ 74.907949] ================================================================== [ 74.908812] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x104/0x4b8 [ 74.909829] Write of size 1 at addr ffff0000c56f16c9 by task kunit_try_catch/130 [ 74.910500] [ 74.910856] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.911931] Hardware name: linux,dummy-virt (DT) [ 74.912556] Call trace: [ 74.913033] dump_backtrace+0xf8/0x118 [ 74.913774] show_stack+0x18/0x24 [ 74.914398] __dump_stack+0x28/0x38 [ 74.915018] dump_stack_lvl+0x54/0x6c [ 74.915481] print_address_description+0x7c/0x1ec [ 74.916252] print_report+0x50/0x68 [ 74.916979] kasan_report+0xac/0x100 [ 74.917651] __asan_store1+0x6c/0x70 [ 74.918322] krealloc_less_oob_helper+0x104/0x4b8 [ 74.919068] krealloc_less_oob+0x18/0x24 [ 74.919701] kunit_try_run_case+0x80/0x184 [ 74.920362] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.921263] kthread+0x16c/0x21c [ 74.922059] ret_from_fork+0x10/0x20 [ 74.922750] [ 74.923151] Allocated by task 130: [ 74.923689] kasan_set_track+0x4c/0x80 [ 74.924384] kasan_save_alloc_info+0x28/0x34 [ 74.925139] __kasan_krealloc+0xcc/0xf8 [ 74.925884] krealloc+0x150/0x270 [ 74.926296] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.926739] krealloc_less_oob+0x18/0x24 [ 74.927173] kunit_try_run_case+0x80/0x184 [ 74.927587] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.928401] kthread+0x16c/0x21c [ 74.929461] ret_from_fork+0x10/0x20 [ 74.930056] [ 74.930327] The buggy address belongs to the object at ffff0000c56f1600 [ 74.930327] which belongs to the cache kmalloc-256 of size 256 [ 74.931710] The buggy address is located 201 bytes inside of [ 74.931710] 256-byte region [ffff0000c56f1600, ffff0000c56f1700) [ 74.933204] [ 74.933400] The buggy address belongs to the physical page: [ 74.933784] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 74.934719] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 74.935365] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.936067] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.936735] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.937384] page dumped because: kasan: bad access detected [ 74.937845] [ 74.938037] Memory state around the buggy address: [ 74.938441] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.939445] ffff0000c56f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.940147] >ffff0000c56f1680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 74.940735] ^ [ 74.941280] ffff0000c56f1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.941932] ffff0000c56f1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.942848] ================================================================== [ 75.114913] ================================================================== [ 75.115663] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x104/0x4b8 [ 75.117179] Write of size 1 at addr ffff0000c5a260c9 by task kunit_try_catch/132 [ 75.118273] [ 75.118567] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.119647] Hardware name: linux,dummy-virt (DT) [ 75.120295] Call trace: [ 75.120780] dump_backtrace+0xf8/0x118 [ 75.121484] show_stack+0x18/0x24 [ 75.122122] __dump_stack+0x28/0x38 [ 75.122711] dump_stack_lvl+0x54/0x6c [ 75.123105] print_address_description+0x7c/0x1ec [ 75.123576] print_report+0x50/0x68 [ 75.124113] kasan_report+0xac/0x100 [ 75.124703] __asan_store1+0x6c/0x70 [ 75.125268] krealloc_less_oob_helper+0x104/0x4b8 [ 75.125827] krealloc_pagealloc_less_oob+0x18/0x24 [ 75.126356] kunit_try_run_case+0x80/0x184 [ 75.126862] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.127415] kthread+0x16c/0x21c [ 75.127857] ret_from_fork+0x10/0x20 [ 75.128294] [ 75.128489] The buggy address belongs to the physical page: [ 75.129098] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.130222] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.131119] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.132051] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.133125] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.134025] page dumped because: kasan: bad access detected [ 75.134695] [ 75.134975] Memory state around the buggy address: [ 75.135412] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.136022] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.136977] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 75.138225] ^ [ 75.138965] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.139869] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.140531] ================================================================== [ 75.035662] ================================================================== [ 75.036215] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x260/0x4b8 [ 75.037336] Write of size 1 at addr ffff0000c56f16eb by task kunit_try_catch/130 [ 75.037991] [ 75.038209] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.038938] Hardware name: linux,dummy-virt (DT) [ 75.039380] Call trace: [ 75.039650] dump_backtrace+0xf8/0x118 [ 75.040119] show_stack+0x18/0x24 [ 75.040557] __dump_stack+0x28/0x38 [ 75.041446] dump_stack_lvl+0x54/0x6c [ 75.041897] print_address_description+0x7c/0x1ec [ 75.042419] print_report+0x50/0x68 [ 75.042868] kasan_report+0xac/0x100 [ 75.043301] __asan_store1+0x6c/0x70 [ 75.043743] krealloc_less_oob_helper+0x260/0x4b8 [ 75.044288] krealloc_less_oob+0x18/0x24 [ 75.045023] kunit_try_run_case+0x80/0x184 [ 75.045510] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.046130] kthread+0x16c/0x21c [ 75.046533] ret_from_fork+0x10/0x20 [ 75.046959] [ 75.047144] Allocated by task 130: [ 75.047478] kasan_set_track+0x4c/0x80 [ 75.047946] kasan_save_alloc_info+0x28/0x34 [ 75.048446] __kasan_krealloc+0xcc/0xf8 [ 75.048939] krealloc+0x150/0x270 [ 75.049355] krealloc_less_oob_helper+0x9c/0x4b8 [ 75.049860] krealloc_less_oob+0x18/0x24 [ 75.050329] kunit_try_run_case+0x80/0x184 [ 75.051281] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.051878] kthread+0x16c/0x21c [ 75.052291] ret_from_fork+0x10/0x20 [ 75.053007] [ 75.053227] The buggy address belongs to the object at ffff0000c56f1600 [ 75.053227] which belongs to the cache kmalloc-256 of size 256 [ 75.054145] The buggy address is located 235 bytes inside of [ 75.054145] 256-byte region [ffff0000c56f1600, ffff0000c56f1700) [ 75.055043] [ 75.055262] The buggy address belongs to the physical page: [ 75.055731] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 75.056526] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 75.057616] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 75.058329] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 75.059030] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.059647] page dumped because: kasan: bad access detected [ 75.060119] [ 75.060306] Memory state around the buggy address: [ 75.061059] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.061660] ffff0000c56f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.062253] >ffff0000c56f1680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 75.062857] ^ [ 75.063434] ffff0000c56f1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.064064] ffff0000c56f1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.065146] ================================================================== [ 75.165986] ================================================================== [ 75.166536] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c4/0x4b8 [ 75.167318] Write of size 1 at addr ffff0000c5a260da by task kunit_try_catch/132 [ 75.167970] [ 75.168189] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.169115] Hardware name: linux,dummy-virt (DT) [ 75.169558] Call trace: [ 75.169851] dump_backtrace+0xf8/0x118 [ 75.170379] show_stack+0x18/0x24 [ 75.170821] __dump_stack+0x28/0x38 [ 75.171246] dump_stack_lvl+0x54/0x6c [ 75.171677] print_address_description+0x7c/0x1ec [ 75.172227] print_report+0x50/0x68 [ 75.172844] kasan_report+0xac/0x100 [ 75.173301] __asan_store1+0x6c/0x70 [ 75.173736] krealloc_less_oob_helper+0x1c4/0x4b8 [ 75.174255] krealloc_pagealloc_less_oob+0x18/0x24 [ 75.174752] kunit_try_run_case+0x80/0x184 [ 75.175222] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.175798] kthread+0x16c/0x21c [ 75.176244] ret_from_fork+0x10/0x20 [ 75.176803] [ 75.177039] The buggy address belongs to the physical page: [ 75.177510] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.178295] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.178963] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.179645] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.180304] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.181047] page dumped because: kasan: bad access detected [ 75.181651] [ 75.181867] Memory state around the buggy address: [ 75.182262] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.182902] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.183557] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 75.184142] ^ [ 75.185225] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.185822] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.186444] ================================================================== [ 75.005533] ================================================================== [ 75.006060] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x4b8 [ 75.006891] Write of size 1 at addr ffff0000c56f16ea by task kunit_try_catch/130 [ 75.007516] [ 75.007732] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.008469] Hardware name: linux,dummy-virt (DT) [ 75.009062] Call trace: [ 75.009350] dump_backtrace+0xf8/0x118 [ 75.009816] show_stack+0x18/0x24 [ 75.010244] __dump_stack+0x28/0x38 [ 75.010671] dump_stack_lvl+0x54/0x6c [ 75.011491] print_address_description+0x7c/0x1ec [ 75.012032] print_report+0x50/0x68 [ 75.012473] kasan_report+0xac/0x100 [ 75.013166] __asan_store1+0x6c/0x70 [ 75.013613] krealloc_less_oob_helper+0x214/0x4b8 [ 75.014167] krealloc_less_oob+0x18/0x24 [ 75.014600] kunit_try_run_case+0x80/0x184 [ 75.015072] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.015623] kthread+0x16c/0x21c [ 75.016084] ret_from_fork+0x10/0x20 [ 75.016557] [ 75.017238] Allocated by task 130: [ 75.017586] kasan_set_track+0x4c/0x80 [ 75.018047] kasan_save_alloc_info+0x28/0x34 [ 75.018545] __kasan_krealloc+0xcc/0xf8 [ 75.019002] krealloc+0x150/0x270 [ 75.019424] krealloc_less_oob_helper+0x9c/0x4b8 [ 75.019940] krealloc_less_oob+0x18/0x24 [ 75.020379] kunit_try_run_case+0x80/0x184 [ 75.021113] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.021741] kthread+0x16c/0x21c [ 75.022195] ret_from_fork+0x10/0x20 [ 75.022637] [ 75.022849] The buggy address belongs to the object at ffff0000c56f1600 [ 75.022849] which belongs to the cache kmalloc-256 of size 256 [ 75.023783] The buggy address is located 234 bytes inside of [ 75.023783] 256-byte region [ffff0000c56f1600, ffff0000c56f1700) [ 75.024667] [ 75.025367] The buggy address belongs to the physical page: [ 75.025852] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 75.026645] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 75.027290] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 75.027995] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 75.028648] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.029289] page dumped because: kasan: bad access detected [ 75.029769] [ 75.029978] Memory state around the buggy address: [ 75.030405] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.031295] ffff0000c56f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.031949] >ffff0000c56f1680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 75.032547] ^ [ 75.033570] ffff0000c56f1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.034253] ffff0000c56f1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.034827] ================================================================== [ 75.187158] ================================================================== [ 75.187671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x4b8 [ 75.188403] Write of size 1 at addr ffff0000c5a260ea by task kunit_try_catch/132 [ 75.189246] [ 75.189503] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.190222] Hardware name: linux,dummy-virt (DT) [ 75.190608] Call trace: [ 75.190927] dump_backtrace+0xf8/0x118 [ 75.191436] show_stack+0x18/0x24 [ 75.191865] __dump_stack+0x28/0x38 [ 75.192304] dump_stack_lvl+0x54/0x6c [ 75.192896] print_address_description+0x7c/0x1ec [ 75.193479] print_report+0x50/0x68 [ 75.193953] kasan_report+0xac/0x100 [ 75.194396] __asan_store1+0x6c/0x70 [ 75.194853] krealloc_less_oob_helper+0x214/0x4b8 [ 75.195360] krealloc_pagealloc_less_oob+0x18/0x24 [ 75.195906] kunit_try_run_case+0x80/0x184 [ 75.196387] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.197097] kthread+0x16c/0x21c [ 75.197516] ret_from_fork+0x10/0x20 [ 75.197942] [ 75.198139] The buggy address belongs to the physical page: [ 75.198616] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.199393] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.200023] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.200900] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.201574] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.202176] page dumped because: kasan: bad access detected [ 75.202647] [ 75.202839] Memory state around the buggy address: [ 75.203309] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.203942] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.204560] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 75.205649] ^ [ 75.206241] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.206881] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.207427] ================================================================== [ 75.208258] ================================================================== [ 75.208816] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x260/0x4b8 [ 75.209543] Write of size 1 at addr ffff0000c5a260eb by task kunit_try_catch/132 [ 75.210235] [ 75.210432] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.211255] Hardware name: linux,dummy-virt (DT) [ 75.211712] Call trace: [ 75.211997] dump_backtrace+0xf8/0x118 [ 75.212521] show_stack+0x18/0x24 [ 75.213085] __dump_stack+0x28/0x38 [ 75.213498] dump_stack_lvl+0x54/0x6c [ 75.213925] print_address_description+0x7c/0x1ec [ 75.214444] print_report+0x50/0x68 [ 75.214913] kasan_report+0xac/0x100 [ 75.215384] __asan_store1+0x6c/0x70 [ 75.215834] krealloc_less_oob_helper+0x260/0x4b8 [ 75.216355] krealloc_pagealloc_less_oob+0x18/0x24 [ 75.217002] kunit_try_run_case+0x80/0x184 [ 75.217477] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.218058] kthread+0x16c/0x21c [ 75.218463] ret_from_fork+0x10/0x20 [ 75.218911] [ 75.219105] The buggy address belongs to the physical page: [ 75.219563] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.220377] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.221240] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.221943] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.222627] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.223217] page dumped because: kasan: bad access detected [ 75.223663] [ 75.223892] Memory state around the buggy address: [ 75.224308] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.225494] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.226117] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 75.226700] ^ [ 75.227262] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.227870] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.228459] ================================================================== [ 74.943949] ================================================================== [ 74.944470] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x158/0x4b8 [ 74.945214] Write of size 1 at addr ffff0000c56f16d0 by task kunit_try_catch/130 [ 74.946372] [ 74.946605] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.947346] Hardware name: linux,dummy-virt (DT) [ 74.947802] Call trace: [ 74.948109] dump_backtrace+0xf8/0x118 [ 74.948594] show_stack+0x18/0x24 [ 74.949046] __dump_stack+0x28/0x38 [ 74.949753] dump_stack_lvl+0x54/0x6c [ 74.950215] print_address_description+0x7c/0x1ec [ 74.950773] print_report+0x50/0x68 [ 74.951230] kasan_report+0xac/0x100 [ 74.951691] __asan_store1+0x6c/0x70 [ 74.952162] krealloc_less_oob_helper+0x158/0x4b8 [ 74.952840] krealloc_less_oob+0x18/0x24 [ 74.953282] kunit_try_run_case+0x80/0x184 [ 74.954187] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.954780] kthread+0x16c/0x21c [ 74.955209] ret_from_fork+0x10/0x20 [ 74.955639] [ 74.955872] Allocated by task 130: [ 74.956248] kasan_set_track+0x4c/0x80 [ 74.956881] kasan_save_alloc_info+0x28/0x34 [ 74.957329] __kasan_krealloc+0xcc/0xf8 [ 74.958026] krealloc+0x150/0x270 [ 74.958485] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.959008] krealloc_less_oob+0x18/0x24 [ 74.959461] kunit_try_run_case+0x80/0x184 [ 74.960007] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.960594] kthread+0x16c/0x21c [ 74.961511] ret_from_fork+0x10/0x20 [ 74.961968] [ 74.962178] The buggy address belongs to the object at ffff0000c56f1600 [ 74.962178] which belongs to the cache kmalloc-256 of size 256 [ 74.963156] The buggy address is located 208 bytes inside of [ 74.963156] 256-byte region [ffff0000c56f1600, ffff0000c56f1700) [ 74.964115] [ 74.964377] The buggy address belongs to the physical page: [ 74.965118] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 74.965890] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 74.966527] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.967255] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.967948] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.968618] page dumped because: kasan: bad access detected [ 74.969119] [ 74.969306] Memory state around the buggy address: [ 74.969745] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.970381] ffff0000c56f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.971516] >ffff0000c56f1680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 74.972123] ^ [ 74.972902] ffff0000c56f1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.973517] ffff0000c56f1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.974165] ================================================================== [ 74.974973] ================================================================== [ 74.975510] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c4/0x4b8 [ 74.976300] Write of size 1 at addr ffff0000c56f16da by task kunit_try_catch/130 [ 74.977395] [ 74.977624] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.978409] Hardware name: linux,dummy-virt (DT) [ 74.978839] Call trace: [ 74.979115] dump_backtrace+0xf8/0x118 [ 74.979569] show_stack+0x18/0x24 [ 74.980022] __dump_stack+0x28/0x38 [ 74.980433] dump_stack_lvl+0x54/0x6c [ 74.980901] print_address_description+0x7c/0x1ec [ 74.981422] print_report+0x50/0x68 [ 74.981869] kasan_report+0xac/0x100 [ 74.982301] __asan_store1+0x6c/0x70 [ 74.982734] krealloc_less_oob_helper+0x1c4/0x4b8 [ 74.983525] krealloc_less_oob+0x18/0x24 [ 74.984022] kunit_try_run_case+0x80/0x184 [ 74.984488] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.985538] kthread+0x16c/0x21c [ 74.986002] ret_from_fork+0x10/0x20 [ 74.986443] [ 74.986627] Allocated by task 130: [ 74.986986] kasan_set_track+0x4c/0x80 [ 74.987503] kasan_save_alloc_info+0x28/0x34 [ 74.987995] __kasan_krealloc+0xcc/0xf8 [ 74.988505] krealloc+0x150/0x270 [ 74.989166] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.989718] krealloc_less_oob+0x18/0x24 [ 74.990193] kunit_try_run_case+0x80/0x184 [ 74.990685] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.991278] kthread+0x16c/0x21c [ 74.991673] ret_from_fork+0x10/0x20 [ 74.992113] [ 74.992308] The buggy address belongs to the object at ffff0000c56f1600 [ 74.992308] which belongs to the cache kmalloc-256 of size 256 [ 74.993896] The buggy address is located 218 bytes inside of [ 74.993896] 256-byte region [ffff0000c56f1600, ffff0000c56f1700) [ 74.994791] [ 74.994982] The buggy address belongs to the physical page: [ 74.995414] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 74.996266] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 74.997204] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.997942] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.998582] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.999182] page dumped because: kasan: bad access detected [ 74.999648] [ 74.999853] Memory state around the buggy address: [ 75.000307] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.001410] ffff0000c56f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.002022] >ffff0000c56f1680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 75.002636] ^ [ 75.003178] ffff0000c56f1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.003837] ffff0000c56f1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.004434] ==================================================================
[ 73.915408] ================================================================== [ 73.916609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x104/0x4b8 [ 73.917359] Write of size 1 at addr ffff0000c4b2bac9 by task kunit_try_catch/130 [ 73.918007] [ 73.918268] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.919023] Hardware name: linux,dummy-virt (DT) [ 73.919501] Call trace: [ 73.919950] dump_backtrace+0xf4/0x114 [ 73.920428] show_stack+0x18/0x24 [ 73.921078] __dump_stack+0x28/0x38 [ 73.921525] dump_stack_lvl+0x50/0x68 [ 73.921982] print_address_description+0x7c/0x1ec [ 73.922549] print_report+0x50/0x68 [ 73.923015] kasan_report+0xac/0xfc [ 73.923480] __asan_store1+0x6c/0x70 [ 73.924225] krealloc_less_oob_helper+0x104/0x4b8 [ 73.924770] krealloc_less_oob+0x18/0x24 [ 73.925227] kunit_try_run_case+0x80/0x184 [ 73.925722] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.926315] kthread+0x16c/0x21c [ 73.926756] ret_from_fork+0x10/0x20 [ 73.927182] [ 73.927386] Allocated by task 130: [ 73.927912] kasan_set_track+0x4c/0x80 [ 73.928376] kasan_save_alloc_info+0x28/0x34 [ 73.929044] __kasan_krealloc+0xcc/0xf8 [ 73.929533] krealloc+0x14c/0x26c [ 73.930015] krealloc_less_oob_helper+0x9c/0x4b8 [ 73.930526] krealloc_less_oob+0x18/0x24 [ 73.930990] kunit_try_run_case+0x80/0x184 [ 73.931474] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.932331] kthread+0x16c/0x21c [ 73.932786] ret_from_fork+0x10/0x20 [ 73.933211] [ 73.933423] The buggy address belongs to the object at ffff0000c4b2ba00 [ 73.933423] which belongs to the cache kmalloc-256 of size 256 [ 73.934422] The buggy address is located 201 bytes inside of [ 73.934422] 256-byte region [ffff0000c4b2ba00, ffff0000c4b2bb00) [ 73.935395] [ 73.935643] The buggy address belongs to the physical page: [ 73.936383] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 73.937175] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 73.937824] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 73.938663] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 73.939334] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.939978] page dumped because: kasan: bad access detected [ 73.940515] [ 73.940989] Memory state around the buggy address: [ 73.941428] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.942064] ffff0000c4b2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.942725] >ffff0000c4b2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 73.943300] ^ [ 73.943841] ffff0000c4b2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.944690] ffff0000c4b2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.945304] ================================================================== [ 74.222734] ================================================================== [ 74.223267] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x260/0x4b8 [ 74.224053] Write of size 1 at addr ffff0000c58ca0eb by task kunit_try_catch/132 [ 74.224702] [ 74.224919] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.225643] Hardware name: linux,dummy-virt (DT) [ 74.226581] Call trace: [ 74.226883] dump_backtrace+0xf4/0x114 [ 74.227356] show_stack+0x18/0x24 [ 74.227784] __dump_stack+0x28/0x38 [ 74.228194] dump_stack_lvl+0x50/0x68 [ 74.228607] print_address_description+0x7c/0x1ec [ 74.229165] print_report+0x50/0x68 [ 74.229605] kasan_report+0xac/0xfc [ 74.230067] __asan_store1+0x6c/0x70 [ 74.230519] krealloc_less_oob_helper+0x260/0x4b8 [ 74.231025] krealloc_pagealloc_less_oob+0x18/0x24 [ 74.231571] kunit_try_run_case+0x80/0x184 [ 74.232620] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.233216] kthread+0x16c/0x21c [ 74.233655] ret_from_fork+0x10/0x20 [ 74.234114] [ 74.234300] The buggy address belongs to the physical page: [ 74.234799] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.235622] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.236253] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.236942] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.237607] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.238249] page dumped because: kasan: bad access detected [ 74.238746] [ 74.238936] Memory state around the buggy address: [ 74.239401] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.240312] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.240927] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 74.241527] ^ [ 74.242099] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.242718] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.243761] ================================================================== [ 74.052025] ================================================================== [ 74.052611] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x260/0x4b8 [ 74.053416] Write of size 1 at addr ffff0000c4b2baeb by task kunit_try_catch/130 [ 74.054032] [ 74.054249] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.055017] Hardware name: linux,dummy-virt (DT) [ 74.055427] Call trace: [ 74.055709] dump_backtrace+0xf4/0x114 [ 74.056735] show_stack+0x18/0x24 [ 74.057182] __dump_stack+0x28/0x38 [ 74.057596] dump_stack_lvl+0x50/0x68 [ 74.058039] print_address_description+0x7c/0x1ec [ 74.058579] print_report+0x50/0x68 [ 74.059065] kasan_report+0xac/0xfc [ 74.059512] __asan_store1+0x6c/0x70 [ 74.060358] krealloc_less_oob_helper+0x260/0x4b8 [ 74.060903] krealloc_less_oob+0x18/0x24 [ 74.061337] kunit_try_run_case+0x80/0x184 [ 74.061818] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.062397] kthread+0x16c/0x21c [ 74.062851] ret_from_fork+0x10/0x20 [ 74.063287] [ 74.063473] Allocated by task 130: [ 74.064349] kasan_set_track+0x4c/0x80 [ 74.064843] kasan_save_alloc_info+0x28/0x34 [ 74.065312] __kasan_krealloc+0xcc/0xf8 [ 74.065841] krealloc+0x14c/0x26c [ 74.066246] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.066752] krealloc_less_oob+0x18/0x24 [ 74.067228] kunit_try_run_case+0x80/0x184 [ 74.067954] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.068551] kthread+0x16c/0x21c [ 74.068974] ret_from_fork+0x10/0x20 [ 74.069420] [ 74.069617] The buggy address belongs to the object at ffff0000c4b2ba00 [ 74.069617] which belongs to the cache kmalloc-256 of size 256 [ 74.070577] The buggy address is located 235 bytes inside of [ 74.070577] 256-byte region [ffff0000c4b2ba00, ffff0000c4b2bb00) [ 74.071473] [ 74.072178] The buggy address belongs to the physical page: [ 74.072634] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 74.073403] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 74.074085] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.074812] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.075478] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.076396] page dumped because: kasan: bad access detected [ 74.076916] [ 74.077111] Memory state around the buggy address: [ 74.077604] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.078246] ffff0000c4b2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.078890] >ffff0000c4b2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 74.079479] ^ [ 74.080604] ffff0000c4b2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.081233] ffff0000c4b2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.081883] ================================================================== [ 73.984169] ================================================================== [ 73.985072] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c4/0x4b8 [ 73.986090] Write of size 1 at addr ffff0000c4b2bada by task kunit_try_catch/130 [ 73.987014] [ 73.987304] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.988444] Hardware name: linux,dummy-virt (DT) [ 73.989006] Call trace: [ 73.989254] dump_backtrace+0xf4/0x114 [ 73.989695] show_stack+0x18/0x24 [ 73.990151] __dump_stack+0x28/0x38 [ 73.990626] dump_stack_lvl+0x50/0x68 [ 73.991115] print_address_description+0x7c/0x1ec [ 73.991661] print_report+0x50/0x68 [ 73.992138] kasan_report+0xac/0xfc [ 73.992562] __asan_store1+0x6c/0x70 [ 73.993104] krealloc_less_oob_helper+0x1c4/0x4b8 [ 73.993703] krealloc_less_oob+0x18/0x24 [ 73.994195] kunit_try_run_case+0x80/0x184 [ 73.994754] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.995560] kthread+0x16c/0x21c [ 73.996368] ret_from_fork+0x10/0x20 [ 73.996774] [ 73.996958] Allocated by task 130: [ 73.997250] kasan_set_track+0x4c/0x80 [ 73.997671] kasan_save_alloc_info+0x28/0x34 [ 73.998336] __kasan_krealloc+0xcc/0xf8 [ 73.998987] krealloc+0x14c/0x26c [ 73.999544] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.000763] krealloc_less_oob+0x18/0x24 [ 74.001400] kunit_try_run_case+0x80/0x184 [ 74.002062] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.002870] kthread+0x16c/0x21c [ 74.003437] ret_from_fork+0x10/0x20 [ 74.004322] [ 74.004605] The buggy address belongs to the object at ffff0000c4b2ba00 [ 74.004605] which belongs to the cache kmalloc-256 of size 256 [ 74.006015] The buggy address is located 218 bytes inside of [ 74.006015] 256-byte region [ffff0000c4b2ba00, ffff0000c4b2bb00) [ 74.007371] [ 74.007647] The buggy address belongs to the physical page: [ 74.008864] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 74.009691] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 74.010198] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.010792] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.011479] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.012138] page dumped because: kasan: bad access detected [ 74.013478] [ 74.013725] Memory state around the buggy address: [ 74.014213] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.014836] ffff0000c4b2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.015474] >ffff0000c4b2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 74.016613] ^ [ 74.017211] ffff0000c4b2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.017840] ffff0000c4b2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.018449] ================================================================== [ 74.201152] ================================================================== [ 74.202125] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x4b8 [ 74.202933] Write of size 1 at addr ffff0000c58ca0ea by task kunit_try_catch/132 [ 74.203497] [ 74.203719] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.204489] Hardware name: linux,dummy-virt (DT) [ 74.204897] Call trace: [ 74.205184] dump_backtrace+0xf4/0x114 [ 74.205708] show_stack+0x18/0x24 [ 74.206152] __dump_stack+0x28/0x38 [ 74.206594] dump_stack_lvl+0x50/0x68 [ 74.207026] print_address_description+0x7c/0x1ec [ 74.207594] print_report+0x50/0x68 [ 74.208037] kasan_report+0xac/0xfc [ 74.208470] __asan_store1+0x6c/0x70 [ 74.208918] krealloc_less_oob_helper+0x214/0x4b8 [ 74.209421] krealloc_pagealloc_less_oob+0x18/0x24 [ 74.210540] kunit_try_run_case+0x80/0x184 [ 74.211031] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.211607] kthread+0x16c/0x21c [ 74.212055] ret_from_fork+0x10/0x20 [ 74.212475] [ 74.212664] The buggy address belongs to the physical page: [ 74.213155] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.213913] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.214530] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.215224] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.216479] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.217126] page dumped because: kasan: bad access detected [ 74.217605] [ 74.217827] Memory state around the buggy address: [ 74.218266] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.218889] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.219515] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 74.220119] ^ [ 74.220688] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.221331] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.221926] ================================================================== [ 74.179197] ================================================================== [ 74.179769] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c4/0x4b8 [ 74.180489] Write of size 1 at addr ffff0000c58ca0da by task kunit_try_catch/132 [ 74.181157] [ 74.181425] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.182218] Hardware name: linux,dummy-virt (DT) [ 74.182656] Call trace: [ 74.182968] dump_backtrace+0xf4/0x114 [ 74.183444] show_stack+0x18/0x24 [ 74.184506] __dump_stack+0x28/0x38 [ 74.184971] dump_stack_lvl+0x50/0x68 [ 74.185444] print_address_description+0x7c/0x1ec [ 74.185987] print_report+0x50/0x68 [ 74.186417] kasan_report+0xac/0xfc [ 74.186854] __asan_store1+0x6c/0x70 [ 74.187293] krealloc_less_oob_helper+0x1c4/0x4b8 [ 74.187817] krealloc_pagealloc_less_oob+0x18/0x24 [ 74.188301] kunit_try_run_case+0x80/0x184 [ 74.188771] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.189360] kthread+0x16c/0x21c [ 74.189771] ret_from_fork+0x10/0x20 [ 74.190224] [ 74.190408] The buggy address belongs to the physical page: [ 74.190867] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.191640] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.192300] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.193540] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.194222] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.194847] page dumped because: kasan: bad access detected [ 74.195351] [ 74.195544] Memory state around the buggy address: [ 74.196010] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.196623] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.197238] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 74.197855] ^ [ 74.198385] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.199021] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.199593] ================================================================== [ 73.946940] ================================================================== [ 73.947440] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x158/0x4b8 [ 73.948713] Write of size 1 at addr ffff0000c4b2bad0 by task kunit_try_catch/130 [ 73.949658] [ 73.949992] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.951036] Hardware name: linux,dummy-virt (DT) [ 73.951389] Call trace: [ 73.951630] dump_backtrace+0xf4/0x114 [ 73.952457] show_stack+0x18/0x24 [ 73.953137] __dump_stack+0x28/0x38 [ 73.953767] dump_stack_lvl+0x50/0x68 [ 73.954406] print_address_description+0x7c/0x1ec [ 73.955172] print_report+0x50/0x68 [ 73.955869] kasan_report+0xac/0xfc [ 73.956580] __asan_store1+0x6c/0x70 [ 73.957236] krealloc_less_oob_helper+0x158/0x4b8 [ 73.957991] krealloc_less_oob+0x18/0x24 [ 73.958640] kunit_try_run_case+0x80/0x184 [ 73.959236] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.959950] kthread+0x16c/0x21c [ 73.960566] ret_from_fork+0x10/0x20 [ 73.961222] [ 73.961522] Allocated by task 130: [ 73.962032] kasan_set_track+0x4c/0x80 [ 73.962693] kasan_save_alloc_info+0x28/0x34 [ 73.963376] __kasan_krealloc+0xcc/0xf8 [ 73.964172] krealloc+0x14c/0x26c [ 73.964808] krealloc_less_oob_helper+0x9c/0x4b8 [ 73.965336] krealloc_less_oob+0x18/0x24 [ 73.965748] kunit_try_run_case+0x80/0x184 [ 73.966340] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.966987] kthread+0x16c/0x21c [ 73.967587] ret_from_fork+0x10/0x20 [ 73.968289] [ 73.968568] The buggy address belongs to the object at ffff0000c4b2ba00 [ 73.968568] which belongs to the cache kmalloc-256 of size 256 [ 73.970070] The buggy address is located 208 bytes inside of [ 73.970070] 256-byte region [ffff0000c4b2ba00, ffff0000c4b2bb00) [ 73.970994] [ 73.971180] The buggy address belongs to the physical page: [ 73.971546] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 73.972183] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 73.972678] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 73.973769] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 73.974796] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.975753] page dumped because: kasan: bad access detected [ 73.976529] [ 73.976829] Memory state around the buggy address: [ 73.977485] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.978390] ffff0000c4b2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.979298] >ffff0000c4b2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 73.980308] ^ [ 73.981153] ffff0000c4b2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.982088] ffff0000c4b2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.982973] ================================================================== [ 74.154369] ================================================================== [ 74.154889] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x158/0x4b8 [ 74.156821] Write of size 1 at addr ffff0000c58ca0d0 by task kunit_try_catch/132 [ 74.157375] [ 74.157575] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.158179] Hardware name: linux,dummy-virt (DT) [ 74.158522] Call trace: [ 74.159915] dump_backtrace+0xf4/0x114 [ 74.161076] show_stack+0x18/0x24 [ 74.162501] __dump_stack+0x28/0x38 [ 74.163247] dump_stack_lvl+0x50/0x68 [ 74.163712] print_address_description+0x7c/0x1ec [ 74.164283] print_report+0x50/0x68 [ 74.164751] kasan_report+0xac/0xfc [ 74.165214] __asan_store1+0x6c/0x70 [ 74.165684] krealloc_less_oob_helper+0x158/0x4b8 [ 74.166217] krealloc_pagealloc_less_oob+0x18/0x24 [ 74.166728] kunit_try_run_case+0x80/0x184 [ 74.167220] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.167817] kthread+0x16c/0x21c [ 74.168284] ret_from_fork+0x10/0x20 [ 74.168780] [ 74.168997] The buggy address belongs to the physical page: [ 74.169526] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.170301] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.170969] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.171678] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.172342] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.172974] page dumped because: kasan: bad access detected [ 74.173466] [ 74.173673] Memory state around the buggy address: [ 74.174147] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.174797] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.175446] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 74.176054] ^ [ 74.176617] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.177269] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.177879] ================================================================== [ 74.019627] ================================================================== [ 74.020472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x4b8 [ 74.021220] Write of size 1 at addr ffff0000c4b2baea by task kunit_try_catch/130 [ 74.021984] [ 74.022226] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.023138] Hardware name: linux,dummy-virt (DT) [ 74.023648] Call trace: [ 74.023998] dump_backtrace+0xf4/0x114 [ 74.025002] show_stack+0x18/0x24 [ 74.025507] __dump_stack+0x28/0x38 [ 74.026061] dump_stack_lvl+0x50/0x68 [ 74.026604] print_address_description+0x7c/0x1ec [ 74.027258] print_report+0x50/0x68 [ 74.028124] kasan_report+0xac/0xfc [ 74.028706] __asan_store1+0x6c/0x70 [ 74.029282] krealloc_less_oob_helper+0x214/0x4b8 [ 74.029921] krealloc_less_oob+0x18/0x24 [ 74.030396] kunit_try_run_case+0x80/0x184 [ 74.030896] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.031452] kthread+0x16c/0x21c [ 74.031995] ret_from_fork+0x10/0x20 [ 74.032471] [ 74.032664] Allocated by task 130: [ 74.033024] kasan_set_track+0x4c/0x80 [ 74.033540] kasan_save_alloc_info+0x28/0x34 [ 74.034441] __kasan_krealloc+0xcc/0xf8 [ 74.034964] krealloc+0x14c/0x26c [ 74.035406] krealloc_less_oob_helper+0x9c/0x4b8 [ 74.036209] krealloc_less_oob+0x18/0x24 [ 74.036695] kunit_try_run_case+0x80/0x184 [ 74.037174] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.037752] kthread+0x16c/0x21c [ 74.038162] ret_from_fork+0x10/0x20 [ 74.038576] [ 74.038798] The buggy address belongs to the object at ffff0000c4b2ba00 [ 74.038798] which belongs to the cache kmalloc-256 of size 256 [ 74.039702] The buggy address is located 234 bytes inside of [ 74.039702] 256-byte region [ffff0000c4b2ba00, ffff0000c4b2bb00) [ 74.040622] [ 74.040857] The buggy address belongs to the physical page: [ 74.041331] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 74.042569] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 74.043255] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.044273] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.044978] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.045576] page dumped because: kasan: bad access detected [ 74.046108] [ 74.046311] Memory state around the buggy address: [ 74.046756] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.047403] ffff0000c4b2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.048599] >ffff0000c4b2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 74.049216] ^ [ 74.049805] ffff0000c4b2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.050440] ffff0000c4b2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.051060] ================================================================== [ 74.133654] ================================================================== [ 74.134527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x104/0x4b8 [ 74.135243] Write of size 1 at addr ffff0000c58ca0c9 by task kunit_try_catch/132 [ 74.135819] [ 74.136060] CPU: 1 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.136816] Hardware name: linux,dummy-virt (DT) [ 74.137237] Call trace: [ 74.137539] dump_backtrace+0xf4/0x114 [ 74.138033] show_stack+0x18/0x24 [ 74.138460] __dump_stack+0x28/0x38 [ 74.138897] dump_stack_lvl+0x50/0x68 [ 74.139345] print_address_description+0x7c/0x1ec [ 74.139901] print_report+0x50/0x68 [ 74.140402] kasan_report+0xac/0xfc [ 74.140861] __asan_store1+0x6c/0x70 [ 74.141303] krealloc_less_oob_helper+0x104/0x4b8 [ 74.141820] krealloc_pagealloc_less_oob+0x18/0x24 [ 74.142346] kunit_try_run_case+0x80/0x184 [ 74.142831] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.143394] kthread+0x16c/0x21c [ 74.143820] ret_from_fork+0x10/0x20 [ 74.144255] [ 74.144444] The buggy address belongs to the physical page: [ 74.144926] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.145712] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.146352] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.147050] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.147701] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.148343] page dumped because: kasan: bad access detected [ 74.148816] [ 74.149002] Memory state around the buggy address: [ 74.149462] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.150079] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.150686] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 74.151316] ^ [ 74.151834] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.152439] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.153031] ==================================================================
[ 72.795260] ================================================================== [ 72.795800] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x180/0x5b0 [ 72.796872] Write of size 1 at addr ffff0000c5a360da by task kunit_try_catch/132 [ 72.797462] [ 72.797664] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.798841] Hardware name: linux,dummy-virt (DT) [ 72.799231] Call trace: [ 72.799494] dump_backtrace.part.0+0xdc/0xf0 [ 72.800029] show_stack+0x18/0x30 [ 72.800452] dump_stack_lvl+0x64/0x80 [ 72.800905] print_report+0x158/0x438 [ 72.801339] kasan_report+0xb4/0xf4 [ 72.801737] __asan_store1+0x68/0x7c [ 72.802124] krealloc_less_oob_helper+0x180/0x5b0 [ 72.802917] krealloc_pagealloc_less_oob+0x18/0x24 [ 72.803460] kunit_try_run_case+0x84/0x120 [ 72.803932] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.804481] kthread+0x180/0x190 [ 72.804847] ret_from_fork+0x10/0x20 [ 72.805243] [ 72.805436] The buggy address belongs to the physical page: [ 72.806378] page:00000000172f0408 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 72.807109] head:00000000172f0408 order:2 compound_mapcount:0 compound_pincount:0 [ 72.807712] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.808357] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.809007] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.809598] page dumped because: kasan: bad access detected [ 72.810106] [ 72.810314] Memory state around the buggy address: [ 72.810762] ffff0000c5a35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.811364] ffff0000c5a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.811973] >ffff0000c5a36080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 72.812814] ^ [ 72.813310] ffff0000c5a36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.814384] ffff0000c5a36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.814930] ================================================================== [ 72.815645] ================================================================== [ 72.816115] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a8/0x5b0 [ 72.816905] Write of size 1 at addr ffff0000c5a360ea by task kunit_try_catch/132 [ 72.817508] [ 72.817696] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.818628] Hardware name: linux,dummy-virt (DT) [ 72.819017] Call trace: [ 72.819313] dump_backtrace.part.0+0xdc/0xf0 [ 72.819832] show_stack+0x18/0x30 [ 72.820287] dump_stack_lvl+0x64/0x80 [ 72.820736] print_report+0x158/0x438 [ 72.821173] kasan_report+0xb4/0xf4 [ 72.821577] __asan_store1+0x68/0x7c [ 72.822574] krealloc_less_oob_helper+0x1a8/0x5b0 [ 72.823078] krealloc_pagealloc_less_oob+0x18/0x24 [ 72.823573] kunit_try_run_case+0x84/0x120 [ 72.824041] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.824653] kthread+0x180/0x190 [ 72.825024] ret_from_fork+0x10/0x20 [ 72.825439] [ 72.825614] The buggy address belongs to the physical page: [ 72.826424] page:00000000172f0408 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 72.827150] head:00000000172f0408 order:2 compound_mapcount:0 compound_pincount:0 [ 72.827760] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.828430] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.829109] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.829722] page dumped because: kasan: bad access detected [ 72.830709] [ 72.830899] Memory state around the buggy address: [ 72.831332] ffff0000c5a35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.831940] ffff0000c5a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.832548] >ffff0000c5a36080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 72.833099] ^ [ 72.833651] ffff0000c5a36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.834542] ffff0000c5a36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.835107] ================================================================== [ 72.744269] ================================================================== [ 72.745740] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x10c/0x5b0 [ 72.747075] Write of size 1 at addr ffff0000c5a360c9 by task kunit_try_catch/132 [ 72.747572] [ 72.747762] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.748297] Hardware name: linux,dummy-virt (DT) [ 72.749065] Call trace: [ 72.749726] dump_backtrace.part.0+0xdc/0xf0 [ 72.750622] show_stack+0x18/0x30 [ 72.751346] dump_stack_lvl+0x64/0x80 [ 72.752049] print_report+0x158/0x438 [ 72.752792] kasan_report+0xb4/0xf4 [ 72.753454] __asan_store1+0x68/0x7c [ 72.754175] krealloc_less_oob_helper+0x10c/0x5b0 [ 72.755114] krealloc_pagealloc_less_oob+0x18/0x24 [ 72.755961] kunit_try_run_case+0x84/0x120 [ 72.756699] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.757570] kthread+0x180/0x190 [ 72.758112] ret_from_fork+0x10/0x20 [ 72.758856] [ 72.759237] The buggy address belongs to the physical page: [ 72.759642] page:00000000172f0408 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 72.760213] head:00000000172f0408 order:2 compound_mapcount:0 compound_pincount:0 [ 72.761298] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.762406] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.763572] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.764505] page dumped because: kasan: bad access detected [ 72.765201] [ 72.765514] Memory state around the buggy address: [ 72.766220] ffff0000c5a35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.767333] ffff0000c5a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.768450] >ffff0000c5a36080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 72.769425] ^ [ 72.770187] ffff0000c5a36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.771281] ffff0000c5a36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.772284] ================================================================== [ 72.566922] ================================================================== [ 72.567869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x138/0x5b0 [ 72.568933] Write of size 1 at addr ffff0000c55e62d0 by task kunit_try_catch/130 [ 72.570108] [ 72.570426] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.571817] Hardware name: linux,dummy-virt (DT) [ 72.572428] Call trace: [ 72.572809] dump_backtrace.part.0+0xdc/0xf0 [ 72.573513] show_stack+0x18/0x30 [ 72.574493] dump_stack_lvl+0x64/0x80 [ 72.575089] print_report+0x158/0x438 [ 72.575709] kasan_report+0xb4/0xf4 [ 72.576263] __asan_store1+0x68/0x7c [ 72.576823] krealloc_less_oob_helper+0x138/0x5b0 [ 72.577533] krealloc_less_oob+0x18/0x2c [ 72.578366] kunit_try_run_case+0x84/0x120 [ 72.579525] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.580127] kthread+0x180/0x190 [ 72.580456] ret_from_fork+0x10/0x20 [ 72.580800] [ 72.580964] Allocated by task 130: [ 72.581227] kasan_save_stack+0x3c/0x70 [ 72.581800] kasan_set_track+0x2c/0x40 [ 72.582583] kasan_save_alloc_info+0x24/0x34 [ 72.583292] __kasan_krealloc+0xf0/0x120 [ 72.583961] krealloc+0x154/0x1a0 [ 72.584517] krealloc_less_oob_helper+0xd0/0x5b0 [ 72.585220] krealloc_less_oob+0x18/0x2c [ 72.585867] kunit_try_run_case+0x84/0x120 [ 72.586592] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.587547] kthread+0x180/0x190 [ 72.588101] ret_from_fork+0x10/0x20 [ 72.588666] [ 72.588945] The buggy address belongs to the object at ffff0000c55e6200 [ 72.588945] which belongs to the cache kmalloc-256 of size 256 [ 72.590472] The buggy address is located 208 bytes inside of [ 72.590472] 256-byte region [ffff0000c55e6200, ffff0000c55e6300) [ 72.591928] [ 72.592232] The buggy address belongs to the physical page: [ 72.592597] page:0000000087736949 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e6 [ 72.593146] head:0000000087736949 order:1 compound_mapcount:0 compound_pincount:0 [ 72.593962] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.595067] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.596056] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.596979] page dumped because: kasan: bad access detected [ 72.597679] [ 72.598029] Memory state around the buggy address: [ 72.598799] ffff0000c55e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.599708] ffff0000c55e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.600592] >ffff0000c55e6280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 72.601242] ^ [ 72.601632] ffff0000c55e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.602499] ffff0000c55e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.603003] ================================================================== [ 72.604176] ================================================================== [ 72.605072] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x180/0x5b0 [ 72.606173] Write of size 1 at addr ffff0000c55e62da by task kunit_try_catch/130 [ 72.607107] [ 72.607292] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.607839] Hardware name: linux,dummy-virt (DT) [ 72.608148] Call trace: [ 72.608359] dump_backtrace.part.0+0xdc/0xf0 [ 72.609113] show_stack+0x18/0x30 [ 72.609689] dump_stack_lvl+0x64/0x80 [ 72.610318] print_report+0x158/0x438 [ 72.610975] kasan_report+0xb4/0xf4 [ 72.611665] __asan_store1+0x68/0x7c [ 72.612233] krealloc_less_oob_helper+0x180/0x5b0 [ 72.612952] krealloc_less_oob+0x18/0x2c [ 72.613589] kunit_try_run_case+0x84/0x120 [ 72.614271] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.615248] kthread+0x180/0x190 [ 72.615811] ret_from_fork+0x10/0x20 [ 72.616377] [ 72.616665] Allocated by task 130: [ 72.617139] kasan_save_stack+0x3c/0x70 [ 72.617735] kasan_set_track+0x2c/0x40 [ 72.618389] kasan_save_alloc_info+0x24/0x34 [ 72.619055] __kasan_krealloc+0xf0/0x120 [ 72.619660] krealloc+0x154/0x1a0 [ 72.620236] krealloc_less_oob_helper+0xd0/0x5b0 [ 72.620949] krealloc_less_oob+0x18/0x2c [ 72.621589] kunit_try_run_case+0x84/0x120 [ 72.621990] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.622594] kthread+0x180/0x190 [ 72.623084] ret_from_fork+0x10/0x20 [ 72.623644] [ 72.623867] The buggy address belongs to the object at ffff0000c55e6200 [ 72.623867] which belongs to the cache kmalloc-256 of size 256 [ 72.624701] The buggy address is located 218 bytes inside of [ 72.624701] 256-byte region [ffff0000c55e6200, ffff0000c55e6300) [ 72.626072] [ 72.626360] The buggy address belongs to the physical page: [ 72.627241] page:0000000087736949 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e6 [ 72.628347] head:0000000087736949 order:1 compound_mapcount:0 compound_pincount:0 [ 72.629195] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.630179] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.631250] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.631879] page dumped because: kasan: bad access detected [ 72.632232] [ 72.632404] Memory state around the buggy address: [ 72.632938] ffff0000c55e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.633575] ffff0000c55e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.634269] >ffff0000c55e6280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 72.634818] ^ [ 72.635288] ffff0000c55e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.635926] ffff0000c55e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.636978] ================================================================== [ 72.667172] ================================================================== [ 72.667836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1cc/0x5b0 [ 72.668581] Write of size 1 at addr ffff0000c55e62eb by task kunit_try_catch/130 [ 72.669052] [ 72.669235] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.670101] Hardware name: linux,dummy-virt (DT) [ 72.670627] Call trace: [ 72.671036] dump_backtrace.part.0+0xdc/0xf0 [ 72.671595] show_stack+0x18/0x30 [ 72.672078] dump_stack_lvl+0x64/0x80 [ 72.672527] print_report+0x158/0x438 [ 72.673012] kasan_report+0xb4/0xf4 [ 72.673427] __asan_store1+0x68/0x7c [ 72.673840] krealloc_less_oob_helper+0x1cc/0x5b0 [ 72.674426] krealloc_less_oob+0x18/0x2c [ 72.675009] kunit_try_run_case+0x84/0x120 [ 72.675478] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.676067] kthread+0x180/0x190 [ 72.676464] ret_from_fork+0x10/0x20 [ 72.676878] [ 72.677085] Allocated by task 130: [ 72.677446] kasan_save_stack+0x3c/0x70 [ 72.677887] kasan_set_track+0x2c/0x40 [ 72.678294] kasan_save_alloc_info+0x24/0x34 [ 72.678875] __kasan_krealloc+0xf0/0x120 [ 72.679440] krealloc+0x154/0x1a0 [ 72.679861] krealloc_less_oob_helper+0xd0/0x5b0 [ 72.680419] krealloc_less_oob+0x18/0x2c [ 72.680868] kunit_try_run_case+0x84/0x120 [ 72.681347] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.681955] kthread+0x180/0x190 [ 72.682357] ret_from_fork+0x10/0x20 [ 72.682794] [ 72.683019] The buggy address belongs to the object at ffff0000c55e6200 [ 72.683019] which belongs to the cache kmalloc-256 of size 256 [ 72.683997] The buggy address is located 235 bytes inside of [ 72.683997] 256-byte region [ffff0000c55e6200, ffff0000c55e6300) [ 72.684974] [ 72.685148] The buggy address belongs to the physical page: [ 72.685520] page:0000000087736949 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e6 [ 72.686453] head:0000000087736949 order:1 compound_mapcount:0 compound_pincount:0 [ 72.687215] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.688079] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.688754] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.689367] page dumped because: kasan: bad access detected [ 72.689894] [ 72.690087] Memory state around the buggy address: [ 72.690597] ffff0000c55e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.691240] ffff0000c55e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.691913] >ffff0000c55e6280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 72.692522] ^ [ 72.693072] ffff0000c55e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.693681] ffff0000c55e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.694411] ================================================================== [ 72.773183] ================================================================== [ 72.773837] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x138/0x5b0 [ 72.774679] Write of size 1 at addr ffff0000c5a360d0 by task kunit_try_catch/132 [ 72.775634] [ 72.776013] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.776809] Hardware name: linux,dummy-virt (DT) [ 72.777144] Call trace: [ 72.777362] dump_backtrace.part.0+0xdc/0xf0 [ 72.778374] show_stack+0x18/0x30 [ 72.778797] dump_stack_lvl+0x64/0x80 [ 72.779284] print_report+0x158/0x438 [ 72.779856] kasan_report+0xb4/0xf4 [ 72.780332] __asan_store1+0x68/0x7c [ 72.780823] krealloc_less_oob_helper+0x138/0x5b0 [ 72.781422] krealloc_pagealloc_less_oob+0x18/0x24 [ 72.782052] kunit_try_run_case+0x84/0x120 [ 72.782619] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.783302] kthread+0x180/0x190 [ 72.783772] ret_from_fork+0x10/0x20 [ 72.784264] [ 72.784577] The buggy address belongs to the physical page: [ 72.785106] page:00000000172f0408 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 72.785984] head:00000000172f0408 order:2 compound_mapcount:0 compound_pincount:0 [ 72.786551] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.787172] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.788049] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.788800] page dumped because: kasan: bad access detected [ 72.789351] [ 72.789693] Memory state around the buggy address: [ 72.790311] ffff0000c5a35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.790940] ffff0000c5a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.791717] >ffff0000c5a36080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 72.792270] ^ [ 72.792773] ffff0000c5a36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.793363] ffff0000c5a36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.794407] ================================================================== [ 72.530299] ================================================================== [ 72.531671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x10c/0x5b0 [ 72.532738] Write of size 1 at addr ffff0000c55e62c9 by task kunit_try_catch/130 [ 72.533646] [ 72.534024] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.535224] Hardware name: linux,dummy-virt (DT) [ 72.535834] Call trace: [ 72.536237] dump_backtrace.part.0+0xdc/0xf0 [ 72.536955] show_stack+0x18/0x30 [ 72.537502] dump_stack_lvl+0x64/0x80 [ 72.537857] print_report+0x158/0x438 [ 72.538233] kasan_report+0xb4/0xf4 [ 72.538573] __asan_store1+0x68/0x7c [ 72.538905] krealloc_less_oob_helper+0x10c/0x5b0 [ 72.539329] krealloc_less_oob+0x18/0x2c [ 72.539990] kunit_try_run_case+0x84/0x120 [ 72.540792] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.541682] kthread+0x180/0x190 [ 72.542282] ret_from_fork+0x10/0x20 [ 72.542913] [ 72.543192] Allocated by task 130: [ 72.543746] kasan_save_stack+0x3c/0x70 [ 72.544339] kasan_set_track+0x2c/0x40 [ 72.544920] kasan_save_alloc_info+0x24/0x34 [ 72.545561] __kasan_krealloc+0xf0/0x120 [ 72.546230] krealloc+0x154/0x1a0 [ 72.546837] krealloc_less_oob_helper+0xd0/0x5b0 [ 72.547643] krealloc_less_oob+0x18/0x2c [ 72.548300] kunit_try_run_case+0x84/0x120 [ 72.548937] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.549722] kthread+0x180/0x190 [ 72.550314] ret_from_fork+0x10/0x20 [ 72.550948] [ 72.551271] The buggy address belongs to the object at ffff0000c55e6200 [ 72.551271] which belongs to the cache kmalloc-256 of size 256 [ 72.552668] The buggy address is located 201 bytes inside of [ 72.552668] 256-byte region [ffff0000c55e6200, ffff0000c55e6300) [ 72.554033] [ 72.554322] The buggy address belongs to the physical page: [ 72.555135] page:0000000087736949 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e6 [ 72.556312] head:0000000087736949 order:1 compound_mapcount:0 compound_pincount:0 [ 72.557193] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.557977] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.559020] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.559706] page dumped because: kasan: bad access detected [ 72.560060] [ 72.560222] Memory state around the buggy address: [ 72.560571] ffff0000c55e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.561032] ffff0000c55e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.561559] >ffff0000c55e6280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 72.562523] ^ [ 72.563422] ffff0000c55e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.564411] ffff0000c55e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.565354] ================================================================== [ 72.835940] ================================================================== [ 72.836492] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1cc/0x5b0 [ 72.837207] Write of size 1 at addr ffff0000c5a360eb by task kunit_try_catch/132 [ 72.838460] [ 72.838766] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.839308] Hardware name: linux,dummy-virt (DT) [ 72.839814] Call trace: [ 72.840189] dump_backtrace.part.0+0xdc/0xf0 [ 72.840770] show_stack+0x18/0x30 [ 72.841130] dump_stack_lvl+0x64/0x80 [ 72.841490] print_report+0x158/0x438 [ 72.842286] kasan_report+0xb4/0xf4 [ 72.842784] __asan_store1+0x68/0x7c [ 72.843177] krealloc_less_oob_helper+0x1cc/0x5b0 [ 72.843782] krealloc_pagealloc_less_oob+0x18/0x24 [ 72.844311] kunit_try_run_case+0x84/0x120 [ 72.844805] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.845265] kthread+0x180/0x190 [ 72.845642] ret_from_fork+0x10/0x20 [ 72.846695] [ 72.846898] The buggy address belongs to the physical page: [ 72.847328] page:00000000172f0408 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 72.848122] head:00000000172f0408 order:2 compound_mapcount:0 compound_pincount:0 [ 72.848754] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.849405] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.850050] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.850927] page dumped because: kasan: bad access detected [ 72.851384] [ 72.851591] Memory state around the buggy address: [ 72.852023] ffff0000c5a35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.852658] ffff0000c5a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.853219] >ffff0000c5a36080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 72.853792] ^ [ 72.854890] ffff0000c5a36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.855500] ffff0000c5a36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.856052] ================================================================== [ 72.638069] ================================================================== [ 72.638621] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a8/0x5b0 [ 72.639360] Write of size 1 at addr ffff0000c55e62ea by task kunit_try_catch/130 [ 72.640287] [ 72.640508] CPU: 1 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.641208] Hardware name: linux,dummy-virt (DT) [ 72.641585] Call trace: [ 72.642360] dump_backtrace.part.0+0xdc/0xf0 [ 72.642869] show_stack+0x18/0x30 [ 72.643288] dump_stack_lvl+0x64/0x80 [ 72.643738] print_report+0x158/0x438 [ 72.644177] kasan_report+0xb4/0xf4 [ 72.644578] __asan_store1+0x68/0x7c [ 72.644957] krealloc_less_oob_helper+0x1a8/0x5b0 [ 72.645446] krealloc_less_oob+0x18/0x2c [ 72.645964] kunit_try_run_case+0x84/0x120 [ 72.646431] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.646957] kthread+0x180/0x190 [ 72.647326] ret_from_fork+0x10/0x20 [ 72.647754] [ 72.647932] Allocated by task 130: [ 72.648276] kasan_save_stack+0x3c/0x70 [ 72.648941] kasan_set_track+0x2c/0x40 [ 72.649350] kasan_save_alloc_info+0x24/0x34 [ 72.650294] __kasan_krealloc+0xf0/0x120 [ 72.650753] krealloc+0x154/0x1a0 [ 72.651138] krealloc_less_oob_helper+0xd0/0x5b0 [ 72.651623] krealloc_less_oob+0x18/0x2c [ 72.652084] kunit_try_run_case+0x84/0x120 [ 72.652552] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.653059] kthread+0x180/0x190 [ 72.653435] ret_from_fork+0x10/0x20 [ 72.654133] [ 72.654338] The buggy address belongs to the object at ffff0000c55e6200 [ 72.654338] which belongs to the cache kmalloc-256 of size 256 [ 72.655230] The buggy address is located 234 bytes inside of [ 72.655230] 256-byte region [ffff0000c55e6200, ffff0000c55e6300) [ 72.656139] [ 72.656322] The buggy address belongs to the physical page: [ 72.656759] page:0000000087736949 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e6 [ 72.657536] head:0000000087736949 order:1 compound_mapcount:0 compound_pincount:0 [ 72.658945] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.659635] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.660275] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.660883] page dumped because: kasan: bad access detected [ 72.661323] [ 72.661520] Memory state around the buggy address: [ 72.662002] ffff0000c55e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.662559] ffff0000c55e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.663158] >ffff0000c55e6280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 72.664067] ^ [ 72.664635] ffff0000c55e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.665248] ffff0000c55e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.665824] ==================================================================
[ 64.397006] ================================================================== [ 64.397601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x150/0x5c0 [ 64.398342] Write of size 1 at addr ffff0000c595e0d0 by task kunit_try_catch/130 [ 64.398884] [ 64.399085] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.399725] Hardware name: linux,dummy-virt (DT) [ 64.400060] Call trace: [ 64.400371] dump_backtrace+0x110/0x120 [ 64.400802] show_stack+0x18/0x28 [ 64.401200] dump_stack_lvl+0x68/0x84 [ 64.401612] print_report+0x158/0x484 [ 64.402014] kasan_report+0x98/0xe0 [ 64.402395] __asan_store1+0x68/0x78 [ 64.402765] krealloc_less_oob_helper+0x150/0x5c0 [ 64.403301] krealloc_pagealloc_less_oob+0x18/0x28 [ 64.403753] kunit_try_run_case+0x7c/0x120 [ 64.404173] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.404687] kthread+0x1a4/0x1b8 [ 64.405038] ret_from_fork+0x10/0x20 [ 64.405441] [ 64.405620] The buggy address belongs to the physical page: [ 64.406033] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.406716] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.407280] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.407963] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.408601] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.409163] page dumped because: kasan: bad access detected [ 64.409584] [ 64.409772] Memory state around the buggy address: [ 64.410166] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.410699] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.411277] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 64.411789] ^ [ 64.412253] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.412801] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.413336] ================================================================== [ 64.283870] ================================================================== [ 64.284395] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1d0/0x5c0 [ 64.285041] Write of size 1 at addr ffff0000c17a66ea by task kunit_try_catch/128 [ 64.285930] [ 64.286124] CPU: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.286783] Hardware name: linux,dummy-virt (DT) [ 64.287123] Call trace: [ 64.287389] dump_backtrace+0x110/0x120 [ 64.287840] show_stack+0x18/0x28 [ 64.288245] dump_stack_lvl+0x68/0x84 [ 64.288656] print_report+0x158/0x484 [ 64.289007] kasan_report+0x98/0xe0 [ 64.289391] __asan_store1+0x68/0x78 [ 64.290200] krealloc_less_oob_helper+0x1d0/0x5c0 [ 64.290677] krealloc_less_oob+0x18/0x28 [ 64.291104] kunit_try_run_case+0x7c/0x120 [ 64.291528] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.292043] kthread+0x1a4/0x1b8 [ 64.292403] ret_from_fork+0x10/0x20 [ 64.292777] [ 64.292943] Allocated by task 128: [ 64.293269] kasan_save_stack+0x2c/0x58 [ 64.293863] kasan_set_track+0x2c/0x40 [ 64.294266] kasan_save_alloc_info+0x24/0x38 [ 64.294684] __kasan_krealloc+0xec/0x120 [ 64.295054] krealloc+0x13c/0x178 [ 64.295398] krealloc_less_oob_helper+0xdc/0x5c0 [ 64.295860] krealloc_less_oob+0x18/0x28 [ 64.296396] kunit_try_run_case+0x7c/0x120 [ 64.296815] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.297322] kthread+0x1a4/0x1b8 [ 64.298120] ret_from_fork+0x10/0x20 [ 64.298514] [ 64.298693] The buggy address belongs to the object at ffff0000c17a6600 [ 64.298693] which belongs to the cache kmalloc-256 of size 256 [ 64.299530] The buggy address is located 234 bytes inside of [ 64.299530] 256-byte region [ffff0000c17a6600, ffff0000c17a6700) [ 64.300337] [ 64.300513] The buggy address belongs to the physical page: [ 64.300981] page:00000000d35011b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017a6 [ 64.301839] head:00000000d35011b9 order:1 compound_mapcount:0 compound_pincount:0 [ 64.302413] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.303041] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.303750] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.304312] page dumped because: kasan: bad access detected [ 64.304721] [ 64.304909] Memory state around the buggy address: [ 64.305294] ffff0000c17a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.306437] ffff0000c17a6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.306991] >ffff0000c17a6680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 64.307535] ^ [ 64.308051] ffff0000c17a6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.308621] ffff0000c17a6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.309126] ================================================================== [ 64.431641] ================================================================== [ 64.432145] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1d0/0x5c0 [ 64.432874] Write of size 1 at addr ffff0000c595e0ea by task kunit_try_catch/130 [ 64.433557] [ 64.433780] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.434542] Hardware name: linux,dummy-virt (DT) [ 64.435022] Call trace: [ 64.435402] dump_backtrace+0x110/0x120 [ 64.435807] show_stack+0x18/0x28 [ 64.436245] dump_stack_lvl+0x68/0x84 [ 64.436655] print_report+0x158/0x484 [ 64.437190] kasan_report+0x98/0xe0 [ 64.437606] __asan_store1+0x68/0x78 [ 64.437975] krealloc_less_oob_helper+0x1d0/0x5c0 [ 64.438453] krealloc_pagealloc_less_oob+0x18/0x28 [ 64.438907] kunit_try_run_case+0x7c/0x120 [ 64.439356] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.439892] kthread+0x1a4/0x1b8 [ 64.440211] ret_from_fork+0x10/0x20 [ 64.440624] [ 64.440814] The buggy address belongs to the physical page: [ 64.441252] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.441918] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.442450] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.443038] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.443679] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.444234] page dumped because: kasan: bad access detected [ 64.444650] [ 64.444831] Memory state around the buggy address: [ 64.445243] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.445883] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.446451] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 64.446959] ^ [ 64.447503] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.448076] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.448634] ================================================================== [ 64.310315] ================================================================== [ 64.310827] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1fc/0x5c0 [ 64.311472] Write of size 1 at addr ffff0000c17a66eb by task kunit_try_catch/128 [ 64.311945] [ 64.312143] CPU: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.312825] Hardware name: linux,dummy-virt (DT) [ 64.313193] Call trace: [ 64.313430] dump_backtrace+0x110/0x120 [ 64.313873] show_stack+0x18/0x28 [ 64.314258] dump_stack_lvl+0x68/0x84 [ 64.314673] print_report+0x158/0x484 [ 64.315037] kasan_report+0x98/0xe0 [ 64.315866] __asan_store1+0x68/0x78 [ 64.316268] krealloc_less_oob_helper+0x1fc/0x5c0 [ 64.316751] krealloc_less_oob+0x18/0x28 [ 64.317152] kunit_try_run_case+0x7c/0x120 [ 64.317849] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.318396] kthread+0x1a4/0x1b8 [ 64.318731] ret_from_fork+0x10/0x20 [ 64.319133] [ 64.319325] Allocated by task 128: [ 64.319653] kasan_save_stack+0x2c/0x58 [ 64.320026] kasan_set_track+0x2c/0x40 [ 64.320398] kasan_save_alloc_info+0x24/0x38 [ 64.320821] __kasan_krealloc+0xec/0x120 [ 64.321202] krealloc+0x13c/0x178 [ 64.321620] krealloc_less_oob_helper+0xdc/0x5c0 [ 64.322081] krealloc_less_oob+0x18/0x28 [ 64.322506] kunit_try_run_case+0x7c/0x120 [ 64.322950] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.323452] kthread+0x1a4/0x1b8 [ 64.323794] ret_from_fork+0x10/0x20 [ 64.324165] [ 64.324356] The buggy address belongs to the object at ffff0000c17a6600 [ 64.324356] which belongs to the cache kmalloc-256 of size 256 [ 64.325180] The buggy address is located 235 bytes inside of [ 64.325180] 256-byte region [ffff0000c17a6600, ffff0000c17a6700) [ 64.326690] [ 64.326857] The buggy address belongs to the physical page: [ 64.327283] page:00000000d35011b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017a6 [ 64.327963] head:00000000d35011b9 order:1 compound_mapcount:0 compound_pincount:0 [ 64.328549] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.329192] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.329941] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.330734] page dumped because: kasan: bad access detected [ 64.331147] [ 64.331341] Memory state around the buggy address: [ 64.331716] ffff0000c17a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.332307] ffff0000c17a6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.332871] >ffff0000c17a6680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 64.333870] ^ [ 64.334370] ffff0000c17a6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.334940] ffff0000c17a6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.335478] ================================================================== [ 64.257784] ================================================================== [ 64.258330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a0/0x5c0 [ 64.258972] Write of size 1 at addr ffff0000c17a66da by task kunit_try_catch/128 [ 64.259768] [ 64.259966] CPU: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.260593] Hardware name: linux,dummy-virt (DT) [ 64.261004] Call trace: [ 64.261311] dump_backtrace+0x110/0x120 [ 64.261986] show_stack+0x18/0x28 [ 64.262425] dump_stack_lvl+0x68/0x84 [ 64.262813] print_report+0x158/0x484 [ 64.263180] kasan_report+0x98/0xe0 [ 64.263615] __asan_store1+0x68/0x78 [ 64.263945] krealloc_less_oob_helper+0x1a0/0x5c0 [ 64.264472] krealloc_less_oob+0x18/0x28 [ 64.264859] kunit_try_run_case+0x7c/0x120 [ 64.265307] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.265821] kthread+0x1a4/0x1b8 [ 64.266169] ret_from_fork+0x10/0x20 [ 64.266543] [ 64.266720] Allocated by task 128: [ 64.267033] kasan_save_stack+0x2c/0x58 [ 64.267858] kasan_set_track+0x2c/0x40 [ 64.268251] kasan_save_alloc_info+0x24/0x38 [ 64.268679] __kasan_krealloc+0xec/0x120 [ 64.269076] krealloc+0x13c/0x178 [ 64.269441] krealloc_less_oob_helper+0xdc/0x5c0 [ 64.270129] krealloc_less_oob+0x18/0x28 [ 64.270570] kunit_try_run_case+0x7c/0x120 [ 64.270997] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.271486] kthread+0x1a4/0x1b8 [ 64.271812] ret_from_fork+0x10/0x20 [ 64.272184] [ 64.272373] The buggy address belongs to the object at ffff0000c17a6600 [ 64.272373] which belongs to the cache kmalloc-256 of size 256 [ 64.273161] The buggy address is located 218 bytes inside of [ 64.273161] 256-byte region [ffff0000c17a6600, ffff0000c17a6700) [ 64.274161] [ 64.274348] The buggy address belongs to the physical page: [ 64.274771] page:00000000d35011b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017a6 [ 64.275757] head:00000000d35011b9 order:1 compound_mapcount:0 compound_pincount:0 [ 64.276335] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.276957] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.277806] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.278350] page dumped because: kasan: bad access detected [ 64.278774] [ 64.278953] Memory state around the buggy address: [ 64.279322] ffff0000c17a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.279899] ffff0000c17a6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.280440] >ffff0000c17a6680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 64.280957] ^ [ 64.281445] ffff0000c17a6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.282031] ffff0000c17a6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.282608] ================================================================== [ 64.201676] ================================================================== [ 64.203048] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x11c/0x5c0 [ 64.204968] Write of size 1 at addr ffff0000c17a66c9 by task kunit_try_catch/128 [ 64.206677] [ 64.206892] CPU: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.207536] Hardware name: linux,dummy-virt (DT) [ 64.207909] Call trace: [ 64.208157] dump_backtrace+0x110/0x120 [ 64.208621] show_stack+0x18/0x28 [ 64.209016] dump_stack_lvl+0x68/0x84 [ 64.209585] print_report+0x158/0x484 [ 64.209974] kasan_report+0x98/0xe0 [ 64.210349] __asan_store1+0x68/0x78 [ 64.210704] krealloc_less_oob_helper+0x11c/0x5c0 [ 64.211173] krealloc_less_oob+0x18/0x28 [ 64.211917] kunit_try_run_case+0x7c/0x120 [ 64.212337] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.212854] kthread+0x1a4/0x1b8 [ 64.213188] ret_from_fork+0x10/0x20 [ 64.213912] [ 64.214085] Allocated by task 128: [ 64.214418] kasan_save_stack+0x2c/0x58 [ 64.214841] kasan_set_track+0x2c/0x40 [ 64.215205] kasan_save_alloc_info+0x24/0x38 [ 64.215620] __kasan_krealloc+0xec/0x120 [ 64.215998] krealloc+0x13c/0x178 [ 64.216382] krealloc_less_oob_helper+0xdc/0x5c0 [ 64.216869] krealloc_less_oob+0x18/0x28 [ 64.217292] kunit_try_run_case+0x7c/0x120 [ 64.217711] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.218179] kthread+0x1a4/0x1b8 [ 64.218995] ret_from_fork+0x10/0x20 [ 64.219368] [ 64.219562] The buggy address belongs to the object at ffff0000c17a6600 [ 64.219562] which belongs to the cache kmalloc-256 of size 256 [ 64.220371] The buggy address is located 201 bytes inside of [ 64.220371] 256-byte region [ffff0000c17a6600, ffff0000c17a6700) [ 64.221174] [ 64.221391] The buggy address belongs to the physical page: [ 64.222099] page:00000000d35011b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017a6 [ 64.222806] head:00000000d35011b9 order:1 compound_mapcount:0 compound_pincount:0 [ 64.223314] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.224000] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.224597] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.225143] page dumped because: kasan: bad access detected [ 64.225732] [ 64.225902] Memory state around the buggy address: [ 64.226302] ffff0000c17a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.226846] ffff0000c17a6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.227731] >ffff0000c17a6680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 64.228275] ^ [ 64.228676] ffff0000c17a6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.229266] ffff0000c17a6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.230048] ================================================================== [ 64.379515] ================================================================== [ 64.380356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x11c/0x5c0 [ 64.380999] Write of size 1 at addr ffff0000c595e0c9 by task kunit_try_catch/130 [ 64.381632] [ 64.381828] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.382613] Hardware name: linux,dummy-virt (DT) [ 64.382952] Call trace: [ 64.383218] dump_backtrace+0x110/0x120 [ 64.383744] show_stack+0x18/0x28 [ 64.384104] dump_stack_lvl+0x68/0x84 [ 64.384532] print_report+0x158/0x484 [ 64.384934] kasan_report+0x98/0xe0 [ 64.385314] __asan_store1+0x68/0x78 [ 64.385689] krealloc_less_oob_helper+0x11c/0x5c0 [ 64.386174] krealloc_pagealloc_less_oob+0x18/0x28 [ 64.386643] kunit_try_run_case+0x7c/0x120 [ 64.387062] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.387593] kthread+0x1a4/0x1b8 [ 64.387960] ret_from_fork+0x10/0x20 [ 64.388339] [ 64.388531] The buggy address belongs to the physical page: [ 64.388957] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.389642] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.390168] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.390745] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.391355] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.391895] page dumped because: kasan: bad access detected [ 64.392301] [ 64.392490] Memory state around the buggy address: [ 64.392874] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.393447] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.394037] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 64.394570] ^ [ 64.395001] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.395558] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.396074] ================================================================== [ 64.449352] ================================================================== [ 64.449855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1fc/0x5c0 [ 64.450585] Write of size 1 at addr ffff0000c595e0eb by task kunit_try_catch/130 [ 64.451127] [ 64.451331] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.451928] Hardware name: linux,dummy-virt (DT) [ 64.452319] Call trace: [ 64.452579] dump_backtrace+0x110/0x120 [ 64.452982] show_stack+0x18/0x28 [ 64.453439] dump_stack_lvl+0x68/0x84 [ 64.453842] print_report+0x158/0x484 [ 64.454238] kasan_report+0x98/0xe0 [ 64.454575] __asan_store1+0x68/0x78 [ 64.455007] krealloc_less_oob_helper+0x1fc/0x5c0 [ 64.455477] krealloc_pagealloc_less_oob+0x18/0x28 [ 64.456003] kunit_try_run_case+0x7c/0x120 [ 64.456512] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.457034] kthread+0x1a4/0x1b8 [ 64.457401] ret_from_fork+0x10/0x20 [ 64.457763] [ 64.457934] The buggy address belongs to the physical page: [ 64.458355] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.459049] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.459596] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.460183] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.460791] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.461356] page dumped because: kasan: bad access detected [ 64.461813] [ 64.462029] Memory state around the buggy address: [ 64.462436] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.462982] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.463526] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 64.464024] ^ [ 64.464548] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.465097] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.465655] ================================================================== [ 64.414930] ================================================================== [ 64.415462] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a0/0x5c0 [ 64.416066] Write of size 1 at addr ffff0000c595e0da by task kunit_try_catch/130 [ 64.416586] [ 64.416792] CPU: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.417456] Hardware name: linux,dummy-virt (DT) [ 64.417899] Call trace: [ 64.418152] dump_backtrace+0x110/0x120 [ 64.418575] show_stack+0x18/0x28 [ 64.418999] dump_stack_lvl+0x68/0x84 [ 64.419408] print_report+0x158/0x484 [ 64.419782] kasan_report+0x98/0xe0 [ 64.420145] __asan_store1+0x68/0x78 [ 64.420519] krealloc_less_oob_helper+0x1a0/0x5c0 [ 64.420987] krealloc_pagealloc_less_oob+0x18/0x28 [ 64.421498] kunit_try_run_case+0x7c/0x120 [ 64.421906] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.422397] kthread+0x1a4/0x1b8 [ 64.422738] ret_from_fork+0x10/0x20 [ 64.423109] [ 64.423295] The buggy address belongs to the physical page: [ 64.423718] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.424385] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.424925] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.425529] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.426121] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.426694] page dumped because: kasan: bad access detected [ 64.427115] [ 64.427297] Memory state around the buggy address: [ 64.427678] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.428212] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.428745] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 64.429263] ^ [ 64.429745] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.430329] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.430860] ================================================================== [ 64.231362] ================================================================== [ 64.231879] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x150/0x5c0 [ 64.232540] Write of size 1 at addr ffff0000c17a66d0 by task kunit_try_catch/128 [ 64.233050] [ 64.233266] CPU: 0 PID: 128 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.234022] Hardware name: linux,dummy-virt (DT) [ 64.234432] Call trace: [ 64.234672] dump_backtrace+0x110/0x120 [ 64.235114] show_stack+0x18/0x28 [ 64.235518] dump_stack_lvl+0x68/0x84 [ 64.235909] print_report+0x158/0x484 [ 64.236773] kasan_report+0x98/0xe0 [ 64.237155] __asan_store1+0x68/0x78 [ 64.237586] krealloc_less_oob_helper+0x150/0x5c0 [ 64.238317] krealloc_less_oob+0x18/0x28 [ 64.238744] kunit_try_run_case+0x7c/0x120 [ 64.239156] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.239642] kthread+0x1a4/0x1b8 [ 64.239984] ret_from_fork+0x10/0x20 [ 64.240352] [ 64.240531] Allocated by task 128: [ 64.240863] kasan_save_stack+0x2c/0x58 [ 64.241258] kasan_set_track+0x2c/0x40 [ 64.242070] kasan_save_alloc_info+0x24/0x38 [ 64.242494] __kasan_krealloc+0xec/0x120 [ 64.242892] krealloc+0x13c/0x178 [ 64.243249] krealloc_less_oob_helper+0xdc/0x5c0 [ 64.243709] krealloc_less_oob+0x18/0x28 [ 64.244137] kunit_try_run_case+0x7c/0x120 [ 64.244588] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.245106] kthread+0x1a4/0x1b8 [ 64.245714] ret_from_fork+0x10/0x20 [ 64.246079] [ 64.246278] The buggy address belongs to the object at ffff0000c17a6600 [ 64.246278] which belongs to the cache kmalloc-256 of size 256 [ 64.247117] The buggy address is located 208 bytes inside of [ 64.247117] 256-byte region [ffff0000c17a6600, ffff0000c17a6700) [ 64.247949] [ 64.248125] The buggy address belongs to the physical page: [ 64.248575] page:00000000d35011b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017a6 [ 64.249264] head:00000000d35011b9 order:1 compound_mapcount:0 compound_pincount:0 [ 64.250341] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.250964] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.251584] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.252134] page dumped because: kasan: bad access detected [ 64.252586] [ 64.252774] Memory state around the buggy address: [ 64.253152] ffff0000c17a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.253932] ffff0000c17a6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.254683] >ffff0000c17a6680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 64.255301] ^ [ 64.255829] ffff0000c17a6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.256469] ffff0000c17a6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.257013] ==================================================================
[ 30.663683] ================================================================== [ 30.664406] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18d/0x620 [ 30.665083] Write of size 1 at addr ffff88810370a0d0 by task kunit_try_catch/236 [ 30.665371] [ 30.665474] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.665778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.666087] Call Trace: [ 30.667114] <TASK> [ 30.667979] dump_stack_lvl+0x49/0x62 [ 30.668449] print_report+0x189/0x492 [ 30.668993] ? kasan_addr_to_slab+0xd/0xb0 [ 30.669692] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.670202] kasan_report+0x10c/0x190 [ 30.671642] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.671903] __asan_store1+0x65/0x70 [ 30.672085] krealloc_less_oob_helper+0x18d/0x620 [ 30.672348] ? krealloc_uaf+0x2e0/0x2e0 [ 30.672531] ? __kunit_add_resource+0xd1/0x100 [ 30.672730] ? preempt_count_sub+0x4c/0x70 [ 30.673102] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.674028] ? __kunit_add_resource+0xd1/0x100 [ 30.674394] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.674896] kunit_try_run_case+0x8f/0xd0 [ 30.675345] ? kunit_catch_run_case+0x80/0x80 [ 30.675804] ? kunit_try_catch_throw+0x40/0x40 [ 30.676145] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.676832] kthread+0x17b/0x1b0 [ 30.677428] ? kthread_complete_and_exit+0x30/0x30 [ 30.678022] ret_from_fork+0x22/0x30 [ 30.678246] </TASK> [ 30.678370] [ 30.678585] The buggy address belongs to the physical page: [ 30.679113] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.680186] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.681034] flags: 0x200000000010000(head|node=0|zone=2) [ 30.681393] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.682456] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.682801] page dumped because: kasan: bad access detected [ 30.683447] [ 30.683628] Memory state around the buggy address: [ 30.683892] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.684148] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.684779] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.685514] ^ [ 30.686189] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.687199] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.687905] ================================================================== [ 30.734228] ================================================================== [ 30.734827] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x25e/0x620 [ 30.735852] Write of size 1 at addr ffff88810370a0eb by task kunit_try_catch/236 [ 30.736858] [ 30.736970] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.737352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.738572] Call Trace: [ 30.738917] <TASK> [ 30.739155] dump_stack_lvl+0x49/0x62 [ 30.739932] print_report+0x189/0x492 [ 30.740387] ? kasan_addr_to_slab+0xd/0xb0 [ 30.740586] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.740799] kasan_report+0x10c/0x190 [ 30.740991] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.741235] __asan_store1+0x65/0x70 [ 30.741469] krealloc_less_oob_helper+0x25e/0x620 [ 30.741676] ? krealloc_uaf+0x2e0/0x2e0 [ 30.741940] ? __kunit_add_resource+0xd1/0x100 [ 30.742228] ? preempt_count_sub+0x4c/0x70 [ 30.742597] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.742830] ? __kunit_add_resource+0xd1/0x100 [ 30.743113] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.743542] kunit_try_run_case+0x8f/0xd0 [ 30.743762] ? kunit_catch_run_case+0x80/0x80 [ 30.743998] ? kunit_try_catch_throw+0x40/0x40 [ 30.744212] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.744526] kthread+0x17b/0x1b0 [ 30.744730] ? kthread_complete_and_exit+0x30/0x30 [ 30.745471] ret_from_fork+0x22/0x30 [ 30.745741] </TASK> [ 30.745876] [ 30.745993] The buggy address belongs to the physical page: [ 30.746271] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.746817] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.747142] flags: 0x200000000010000(head|node=0|zone=2) [ 30.747446] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.747919] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.748308] page dumped because: kasan: bad access detected [ 30.748569] [ 30.748673] Memory state around the buggy address: [ 30.748885] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749232] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749624] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.749975] ^ [ 30.750288] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750838] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.751218] ================================================================== [ 30.639775] ================================================================== [ 30.641005] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x141/0x620 [ 30.641709] Write of size 1 at addr ffff88810370a0c9 by task kunit_try_catch/236 [ 30.642531] [ 30.642786] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.643715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.644039] Call Trace: [ 30.644180] <TASK> [ 30.644303] dump_stack_lvl+0x49/0x62 [ 30.644738] print_report+0x189/0x492 [ 30.645188] ? kasan_addr_to_slab+0xd/0xb0 [ 30.645790] ? krealloc_less_oob_helper+0x141/0x620 [ 30.646359] kasan_report+0x10c/0x190 [ 30.646798] ? krealloc_less_oob_helper+0x141/0x620 [ 30.647202] __asan_store1+0x65/0x70 [ 30.647694] krealloc_less_oob_helper+0x141/0x620 [ 30.648212] ? krealloc_uaf+0x2e0/0x2e0 [ 30.648648] ? __kunit_add_resource+0xd1/0x100 [ 30.648990] ? preempt_count_sub+0x4c/0x70 [ 30.649500] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.649772] ? __kunit_add_resource+0xd1/0x100 [ 30.649985] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.650203] kunit_try_run_case+0x8f/0xd0 [ 30.650398] ? kunit_catch_run_case+0x80/0x80 [ 30.650602] ? kunit_try_catch_throw+0x40/0x40 [ 30.650800] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.651027] kthread+0x17b/0x1b0 [ 30.651223] ? kthread_complete_and_exit+0x30/0x30 [ 30.651696] ret_from_fork+0x22/0x30 [ 30.652080] </TASK> [ 30.652344] [ 30.652540] The buggy address belongs to the physical page: [ 30.653465] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.654433] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.655145] flags: 0x200000000010000(head|node=0|zone=2) [ 30.655795] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.656632] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.657688] page dumped because: kasan: bad access detected [ 30.658208] [ 30.658392] Memory state around the buggy address: [ 30.658948] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.659693] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.660447] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.661144] ^ [ 30.661799] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.662105] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.662585] ================================================================== [ 30.510302] ================================================================== [ 30.510758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18d/0x620 [ 30.511093] Write of size 1 at addr ffff88810090c8d0 by task kunit_try_catch/234 [ 30.511519] [ 30.511642] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.511999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.512607] Call Trace: [ 30.512775] <TASK> [ 30.512908] dump_stack_lvl+0x49/0x62 [ 30.513171] print_report+0x189/0x492 [ 30.513709] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.514027] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.514278] kasan_report+0x10c/0x190 [ 30.514633] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.514921] __asan_store1+0x65/0x70 [ 30.515137] krealloc_less_oob_helper+0x18d/0x620 [ 30.515425] ? krealloc_uaf+0x2e0/0x2e0 [ 30.515669] ? __kunit_add_resource+0xd1/0x100 [ 30.515882] ? preempt_count_sub+0x4c/0x70 [ 30.516137] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.516587] ? __kunit_add_resource+0xd1/0x100 [ 30.516855] krealloc_less_oob+0x18/0x20 [ 30.517098] kunit_try_run_case+0x8f/0xd0 [ 30.517605] ? kunit_catch_run_case+0x80/0x80 [ 30.517857] ? kunit_try_catch_throw+0x40/0x40 [ 30.518115] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.518563] kthread+0x17b/0x1b0 [ 30.518757] ? kthread_complete_and_exit+0x30/0x30 [ 30.519031] ret_from_fork+0x22/0x30 [ 30.519263] </TASK> [ 30.519524] [ 30.519622] Allocated by task 234: [ 30.519819] kasan_save_stack+0x41/0x70 [ 30.520035] kasan_set_track+0x25/0x40 [ 30.520255] kasan_save_alloc_info+0x1e/0x30 [ 30.520617] __kasan_krealloc+0x12e/0x180 [ 30.520816] krealloc+0xae/0x140 [ 30.521020] krealloc_less_oob_helper+0xe8/0x620 [ 30.521324] krealloc_less_oob+0x18/0x20 [ 30.521566] kunit_try_run_case+0x8f/0xd0 [ 30.521783] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.522063] kthread+0x17b/0x1b0 [ 30.522618] ret_from_fork+0x22/0x30 [ 30.522815] [ 30.522926] The buggy address belongs to the object at ffff88810090c800 [ 30.522926] which belongs to the cache kmalloc-256 of size 256 [ 30.523571] The buggy address is located 208 bytes inside of [ 30.523571] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.524070] [ 30.524192] The buggy address belongs to the physical page: [ 30.524568] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.524985] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.525617] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.525925] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.526282] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.526757] page dumped because: kasan: bad access detected [ 30.527020] [ 30.527135] Memory state around the buggy address: [ 30.527506] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.527814] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.528141] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.528564] ^ [ 30.528869] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529170] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529777] ================================================================== [ 30.489242] ================================================================== [ 30.490129] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x141/0x620 [ 30.490947] Write of size 1 at addr ffff88810090c8c9 by task kunit_try_catch/234 [ 30.491485] [ 30.491628] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.492017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.492532] Call Trace: [ 30.492703] <TASK> [ 30.492826] dump_stack_lvl+0x49/0x62 [ 30.493086] print_report+0x189/0x492 [ 30.493614] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.493901] ? krealloc_less_oob_helper+0x141/0x620 [ 30.494181] kasan_report+0x10c/0x190 [ 30.494429] ? krealloc_less_oob_helper+0x141/0x620 [ 30.494800] __asan_store1+0x65/0x70 [ 30.495018] krealloc_less_oob_helper+0x141/0x620 [ 30.495415] ? krealloc_uaf+0x2e0/0x2e0 [ 30.495633] ? __kunit_add_resource+0xd1/0x100 [ 30.495908] ? preempt_count_sub+0x4c/0x70 [ 30.496188] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.496592] ? __kunit_add_resource+0xd1/0x100 [ 30.496854] krealloc_less_oob+0x18/0x20 [ 30.497080] kunit_try_run_case+0x8f/0xd0 [ 30.497388] ? kunit_catch_run_case+0x80/0x80 [ 30.497624] ? kunit_try_catch_throw+0x40/0x40 [ 30.497868] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.498140] kthread+0x17b/0x1b0 [ 30.498681] ? kthread_complete_and_exit+0x30/0x30 [ 30.498956] ret_from_fork+0x22/0x30 [ 30.499203] </TASK> [ 30.499466] [ 30.499575] Allocated by task 234: [ 30.499739] kasan_save_stack+0x41/0x70 [ 30.499981] kasan_set_track+0x25/0x40 [ 30.500183] kasan_save_alloc_info+0x1e/0x30 [ 30.500544] __kasan_krealloc+0x12e/0x180 [ 30.500770] krealloc+0xae/0x140 [ 30.500983] krealloc_less_oob_helper+0xe8/0x620 [ 30.501229] krealloc_less_oob+0x18/0x20 [ 30.501738] kunit_try_run_case+0x8f/0xd0 [ 30.501952] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.502268] kthread+0x17b/0x1b0 [ 30.502546] ret_from_fork+0x22/0x30 [ 30.502770] [ 30.502875] The buggy address belongs to the object at ffff88810090c800 [ 30.502875] which belongs to the cache kmalloc-256 of size 256 [ 30.503442] The buggy address is located 201 bytes inside of [ 30.503442] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.503918] [ 30.504035] The buggy address belongs to the physical page: [ 30.504316] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.504749] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.505245] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.505846] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.506192] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.506679] page dumped because: kasan: bad access detected [ 30.506930] [ 30.507040] Memory state around the buggy address: [ 30.507309] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507756] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.508055] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.508522] ^ [ 30.508798] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.509133] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.509729] ================================================================== [ 30.548804] ================================================================== [ 30.549299] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x229/0x620 [ 30.549687] Write of size 1 at addr ffff88810090c8ea by task kunit_try_catch/234 [ 30.550079] [ 30.550216] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.550587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.550927] Call Trace: [ 30.551082] <TASK> [ 30.551304] dump_stack_lvl+0x49/0x62 [ 30.551552] print_report+0x189/0x492 [ 30.551742] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.552064] ? krealloc_less_oob_helper+0x229/0x620 [ 30.552468] kasan_report+0x10c/0x190 [ 30.552707] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.552946] ? krealloc_less_oob_helper+0x229/0x620 [ 30.553277] __asan_store1+0x65/0x70 [ 30.553570] krealloc_less_oob_helper+0x229/0x620 [ 30.553835] ? krealloc_uaf+0x2e0/0x2e0 [ 30.554091] ? __kunit_add_resource+0xd1/0x100 [ 30.554412] ? preempt_count_sub+0x4c/0x70 [ 30.554650] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.554916] ? __kunit_add_resource+0xd1/0x100 [ 30.555181] krealloc_less_oob+0x18/0x20 [ 30.555391] kunit_try_run_case+0x8f/0xd0 [ 30.555815] ? kunit_catch_run_case+0x80/0x80 [ 30.556047] ? kunit_try_catch_throw+0x40/0x40 [ 30.556398] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.556669] kthread+0x17b/0x1b0 [ 30.556885] ? kthread_complete_and_exit+0x30/0x30 [ 30.557184] ret_from_fork+0x22/0x30 [ 30.557415] </TASK> [ 30.557574] [ 30.557696] Allocated by task 234: [ 30.557912] kasan_save_stack+0x41/0x70 [ 30.558146] kasan_set_track+0x25/0x40 [ 30.558384] kasan_save_alloc_info+0x1e/0x30 [ 30.558660] __kasan_krealloc+0x12e/0x180 [ 30.558879] krealloc+0xae/0x140 [ 30.559120] krealloc_less_oob_helper+0xe8/0x620 [ 30.559479] krealloc_less_oob+0x18/0x20 [ 30.559693] kunit_try_run_case+0x8f/0xd0 [ 30.559942] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.560225] kthread+0x17b/0x1b0 [ 30.560430] ret_from_fork+0x22/0x30 [ 30.560658] [ 30.560743] The buggy address belongs to the object at ffff88810090c800 [ 30.560743] which belongs to the cache kmalloc-256 of size 256 [ 30.561328] The buggy address is located 234 bytes inside of [ 30.561328] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.561906] [ 30.562020] The buggy address belongs to the physical page: [ 30.562328] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.562816] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.563108] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.563592] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.563996] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.564410] page dumped because: kasan: bad access detected [ 30.564656] [ 30.564741] Memory state around the buggy address: [ 30.564992] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.565412] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.565758] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.566030] ^ [ 30.566490] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.566851] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.567193] ================================================================== [ 30.688257] ================================================================== [ 30.688905] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f3/0x620 [ 30.689699] Write of size 1 at addr ffff88810370a0da by task kunit_try_catch/236 [ 30.690394] [ 30.690602] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.691064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.692034] Call Trace: [ 30.692322] <TASK> [ 30.692594] dump_stack_lvl+0x49/0x62 [ 30.692794] print_report+0x189/0x492 [ 30.692984] ? kasan_addr_to_slab+0xd/0xb0 [ 30.693189] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.693401] kasan_report+0x10c/0x190 [ 30.693633] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.693916] __asan_store1+0x65/0x70 [ 30.694102] krealloc_less_oob_helper+0x1f3/0x620 [ 30.694724] ? krealloc_uaf+0x2e0/0x2e0 [ 30.694975] ? __kunit_add_resource+0xd1/0x100 [ 30.695224] ? preempt_count_sub+0x4c/0x70 [ 30.695549] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.695809] ? __kunit_add_resource+0xd1/0x100 [ 30.696070] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.696398] kunit_try_run_case+0x8f/0xd0 [ 30.696619] ? kunit_catch_run_case+0x80/0x80 [ 30.696855] ? kunit_try_catch_throw+0x40/0x40 [ 30.697121] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.697387] kthread+0x17b/0x1b0 [ 30.697626] ? kthread_complete_and_exit+0x30/0x30 [ 30.697919] ret_from_fork+0x22/0x30 [ 30.698181] </TASK> [ 30.698427] [ 30.698542] The buggy address belongs to the physical page: [ 30.698831] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.699295] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.700537] flags: 0x200000000010000(head|node=0|zone=2) [ 30.700986] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.701659] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.702681] page dumped because: kasan: bad access detected [ 30.703415] [ 30.703817] Memory state around the buggy address: [ 30.704708] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.704986] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.705268] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.706053] ^ [ 30.706800] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.707523] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.708256] ================================================================== [ 30.708983] ================================================================== [ 30.709291] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x229/0x620 [ 30.710081] Write of size 1 at addr ffff88810370a0ea by task kunit_try_catch/236 [ 30.710928] [ 30.711143] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.712154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.713199] Call Trace: [ 30.713642] <TASK> [ 30.713997] dump_stack_lvl+0x49/0x62 [ 30.714497] print_report+0x189/0x492 [ 30.715212] ? kasan_addr_to_slab+0xd/0xb0 [ 30.715692] ? krealloc_less_oob_helper+0x229/0x620 [ 30.716059] kasan_report+0x10c/0x190 [ 30.716280] ? krealloc_less_oob_helper+0x229/0x620 [ 30.716929] __asan_store1+0x65/0x70 [ 30.717379] krealloc_less_oob_helper+0x229/0x620 [ 30.717941] ? krealloc_uaf+0x2e0/0x2e0 [ 30.718481] ? __kunit_add_resource+0xd1/0x100 [ 30.718862] ? preempt_count_sub+0x4c/0x70 [ 30.719204] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.719875] ? __kunit_add_resource+0xd1/0x100 [ 30.720470] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.720690] kunit_try_run_case+0x8f/0xd0 [ 30.720877] ? kunit_catch_run_case+0x80/0x80 [ 30.721073] ? kunit_try_catch_throw+0x40/0x40 [ 30.721515] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.722286] kthread+0x17b/0x1b0 [ 30.722726] ? kthread_complete_and_exit+0x30/0x30 [ 30.723227] ret_from_fork+0x22/0x30 [ 30.723738] </TASK> [ 30.724057] [ 30.724337] The buggy address belongs to the physical page: [ 30.724970] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.726402] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.727004] flags: 0x200000000010000(head|node=0|zone=2) [ 30.727253] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.727880] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.728639] page dumped because: kasan: bad access detected [ 30.729218] [ 30.729491] Memory state around the buggy address: [ 30.729965] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.730797] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.731055] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.731330] ^ [ 30.732091] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.732897] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.733600] ================================================================== [ 30.568327] ================================================================== [ 30.569121] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x25e/0x620 [ 30.569607] Write of size 1 at addr ffff88810090c8eb by task kunit_try_catch/234 [ 30.569984] [ 30.570114] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.570553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.570988] Call Trace: [ 30.571154] <TASK> [ 30.571307] dump_stack_lvl+0x49/0x62 [ 30.572025] print_report+0x189/0x492 [ 30.572341] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.572631] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.572899] kasan_report+0x10c/0x190 [ 30.573150] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.573496] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.573830] __asan_store1+0x65/0x70 [ 30.574046] krealloc_less_oob_helper+0x25e/0x620 [ 30.574350] ? krealloc_uaf+0x2e0/0x2e0 [ 30.574606] ? __kunit_add_resource+0xd1/0x100 [ 30.574866] ? preempt_count_sub+0x4c/0x70 [ 30.575093] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.575365] ? __kunit_add_resource+0xd1/0x100 [ 30.575773] krealloc_less_oob+0x18/0x20 [ 30.575972] kunit_try_run_case+0x8f/0xd0 [ 30.576553] ? kunit_catch_run_case+0x80/0x80 [ 30.576824] ? kunit_try_catch_throw+0x40/0x40 [ 30.577102] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.577479] kthread+0x17b/0x1b0 [ 30.577726] ? kthread_complete_and_exit+0x30/0x30 [ 30.577990] ret_from_fork+0x22/0x30 [ 30.578254] </TASK> [ 30.578389] [ 30.578518] Allocated by task 234: [ 30.578711] kasan_save_stack+0x41/0x70 [ 30.578950] kasan_set_track+0x25/0x40 [ 30.579213] kasan_save_alloc_info+0x1e/0x30 [ 30.579472] __kasan_krealloc+0x12e/0x180 [ 30.580048] krealloc+0xae/0x140 [ 30.580305] krealloc_less_oob_helper+0xe8/0x620 [ 30.580562] krealloc_less_oob+0x18/0x20 [ 30.580811] kunit_try_run_case+0x8f/0xd0 [ 30.581083] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.581414] kthread+0x17b/0x1b0 [ 30.581640] ret_from_fork+0x22/0x30 [ 30.581842] [ 30.581970] The buggy address belongs to the object at ffff88810090c800 [ 30.581970] which belongs to the cache kmalloc-256 of size 256 [ 30.582559] The buggy address is located 235 bytes inside of [ 30.582559] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.583089] [ 30.583228] The buggy address belongs to the physical page: [ 30.583781] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.584174] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.584780] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.585080] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.585482] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.585886] page dumped because: kasan: bad access detected [ 30.586138] [ 30.586232] Memory state around the buggy address: [ 30.586480] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.586888] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.587215] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.587536] ^ [ 30.588249] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.588538] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.588876] ================================================================== [ 30.530545] ================================================================== [ 30.530867] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f3/0x620 [ 30.531296] Write of size 1 at addr ffff88810090c8da by task kunit_try_catch/234 [ 30.531614] [ 30.531742] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.532460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.532914] Call Trace: [ 30.533089] <TASK> [ 30.533241] dump_stack_lvl+0x49/0x62 [ 30.533476] print_report+0x189/0x492 [ 30.533695] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.533954] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.534261] kasan_report+0x10c/0x190 [ 30.534498] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.534738] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.535044] __asan_store1+0x65/0x70 [ 30.535261] krealloc_less_oob_helper+0x1f3/0x620 [ 30.535507] ? krealloc_uaf+0x2e0/0x2e0 [ 30.535719] ? __kunit_add_resource+0xd1/0x100 [ 30.535983] ? preempt_count_sub+0x4c/0x70 [ 30.536258] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.536485] ? __kunit_add_resource+0xd1/0x100 [ 30.536766] krealloc_less_oob+0x18/0x20 [ 30.536986] kunit_try_run_case+0x8f/0xd0 [ 30.537234] ? kunit_catch_run_case+0x80/0x80 [ 30.537527] ? kunit_try_catch_throw+0x40/0x40 [ 30.537881] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.538158] kthread+0x17b/0x1b0 [ 30.538344] ? kthread_complete_and_exit+0x30/0x30 [ 30.538636] ret_from_fork+0x22/0x30 [ 30.538870] </TASK> [ 30.538993] [ 30.539086] Allocated by task 234: [ 30.539296] kasan_save_stack+0x41/0x70 [ 30.539534] kasan_set_track+0x25/0x40 [ 30.539769] kasan_save_alloc_info+0x1e/0x30 [ 30.539954] __kasan_krealloc+0x12e/0x180 [ 30.540152] krealloc+0xae/0x140 [ 30.540368] krealloc_less_oob_helper+0xe8/0x620 [ 30.540643] krealloc_less_oob+0x18/0x20 [ 30.540847] kunit_try_run_case+0x8f/0xd0 [ 30.541061] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.541507] kthread+0x17b/0x1b0 [ 30.541680] ret_from_fork+0x22/0x30 [ 30.541894] [ 30.541981] The buggy address belongs to the object at ffff88810090c800 [ 30.541981] which belongs to the cache kmalloc-256 of size 256 [ 30.542538] The buggy address is located 218 bytes inside of [ 30.542538] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.543035] [ 30.543154] The buggy address belongs to the physical page: [ 30.543455] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.543960] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.544299] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.544544] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.544956] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.545356] page dumped because: kasan: bad access detected [ 30.545558] [ 30.545660] Memory state around the buggy address: [ 30.545929] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.546394] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.546703] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.547026] ^ [ 30.547334] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547591] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547939] ==================================================================