Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.315484] ================================================================== [ 105.316042] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x168/0x374 [ 105.317325] Write of size 1 at addr ffff0000c68420f0 by task kunit_try_catch/215 [ 105.317852] [ 105.318058] CPU: 1 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.319170] Hardware name: linux,dummy-virt (DT) [ 105.319688] Call trace: [ 105.320105] dump_backtrace+0xe0/0x134 [ 105.320779] show_stack+0x20/0x2c [ 105.321397] dump_stack_lvl+0x88/0xb4 [ 105.321977] print_report+0x158/0x44c [ 105.322333] kasan_report+0xc8/0x180 [ 105.322700] __asan_store1+0x68/0x7c [ 105.323134] krealloc_more_oob_helper+0x168/0x374 [ 105.323623] krealloc_pagealloc_more_oob+0x20/0x2c [ 105.324173] kunit_try_run_case+0x8c/0x124 [ 105.324712] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.326150] kthread+0x15c/0x170 [ 105.326608] ret_from_fork+0x10/0x20 [ 105.327038] [ 105.327259] The buggy address belongs to the physical page: [ 105.327783] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.328724] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.329422] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.330262] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.330964] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.331585] page dumped because: kasan: bad access detected [ 105.332105] [ 105.332335] Memory state around the buggy address: [ 105.333583] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.334265] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.334907] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 105.335482] ^ [ 105.336133] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.337236] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.338115] ================================================================== [ 105.289993] ================================================================== [ 105.290771] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x13c/0x374 [ 105.292781] Write of size 1 at addr ffff0000c68420eb by task kunit_try_catch/215 [ 105.294238] [ 105.294737] CPU: 1 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.295900] Hardware name: linux,dummy-virt (DT) [ 105.296949] Call trace: [ 105.297640] dump_backtrace+0xe0/0x134 [ 105.298076] show_stack+0x20/0x2c [ 105.298512] dump_stack_lvl+0x88/0xb4 [ 105.298990] print_report+0x158/0x44c [ 105.299419] kasan_report+0xc8/0x180 [ 105.299912] __asan_store1+0x68/0x7c [ 105.300367] krealloc_more_oob_helper+0x13c/0x374 [ 105.300852] krealloc_pagealloc_more_oob+0x20/0x2c [ 105.301358] kunit_try_run_case+0x8c/0x124 [ 105.302699] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.303296] kthread+0x15c/0x170 [ 105.303692] ret_from_fork+0x10/0x20 [ 105.304136] [ 105.304337] The buggy address belongs to the physical page: [ 105.305179] page:00000000c34535d9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106840 [ 105.305937] head:00000000c34535d9 order:2 compound_mapcount:0 compound_pincount:0 [ 105.306553] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 105.307234] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 105.307911] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 105.309380] page dumped because: kasan: bad access detected [ 105.309868] [ 105.310064] Memory state around the buggy address: [ 105.310529] ffff0000c6841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.311170] ffff0000c6842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.311776] >ffff0000c6842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 105.312354] ^ [ 105.313294] ffff0000c6842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.313932] ffff0000c6842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 105.314559] ================================================================== [ 105.087376] ================================================================== [ 105.088524] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x168/0x374 [ 105.089871] Write of size 1 at addr ffff0000c62604f0 by task kunit_try_catch/213 [ 105.091263] [ 105.091644] CPU: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.092730] Hardware name: linux,dummy-virt (DT) [ 105.093298] Call trace: [ 105.093693] dump_backtrace+0xe0/0x134 [ 105.094296] show_stack+0x20/0x2c [ 105.094859] dump_stack_lvl+0x88/0xb4 [ 105.095413] print_report+0x158/0x44c [ 105.095776] kasan_report+0xc8/0x180 [ 105.096144] __asan_store1+0x68/0x7c [ 105.096528] krealloc_more_oob_helper+0x168/0x374 [ 105.097291] krealloc_more_oob+0x20/0x30 [ 105.098057] kunit_try_run_case+0x8c/0x124 [ 105.098751] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.099579] kthread+0x15c/0x170 [ 105.100171] ret_from_fork+0x10/0x20 [ 105.100910] [ 105.101296] Allocated by task 213: [ 105.101829] kasan_save_stack+0x3c/0x70 [ 105.102462] kasan_set_track+0x2c/0x40 [ 105.103090] kasan_save_alloc_info+0x24/0x34 [ 105.103801] __kasan_krealloc+0x10c/0x140 [ 105.104493] krealloc+0x158/0x1c0 [ 105.105092] krealloc_more_oob_helper+0xd8/0x374 [ 105.105779] krealloc_more_oob+0x20/0x30 [ 105.106392] kunit_try_run_case+0x8c/0x124 [ 105.107057] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.107867] kthread+0x15c/0x170 [ 105.109292] ret_from_fork+0x10/0x20 [ 105.109895] [ 105.110083] The buggy address belongs to the object at ffff0000c6260400 [ 105.110083] which belongs to the cache kmalloc-256 of size 256 [ 105.110820] The buggy address is located 240 bytes inside of [ 105.110820] 256-byte region [ffff0000c6260400, ffff0000c6260500) [ 105.111812] [ 105.112049] The buggy address belongs to the physical page: [ 105.112812] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.113646] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.114370] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.115181] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.116127] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.117297] page dumped because: kasan: bad access detected [ 105.117996] [ 105.118273] Memory state around the buggy address: [ 105.118897] ffff0000c6260380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.119767] ffff0000c6260400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.120906] >ffff0000c6260480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 105.121691] ^ [ 105.122148] ffff0000c6260500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.122625] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.123520] ================================================================== [ 105.052949] ================================================================== [ 105.053712] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x13c/0x374 [ 105.054367] Write of size 1 at addr ffff0000c62604eb by task kunit_try_catch/213 [ 105.054997] [ 105.055226] CPU: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.055915] Hardware name: linux,dummy-virt (DT) [ 105.056343] Call trace: [ 105.057379] dump_backtrace+0xe0/0x134 [ 105.057839] show_stack+0x20/0x2c [ 105.058232] dump_stack_lvl+0x88/0xb4 [ 105.058671] print_report+0x158/0x44c [ 105.059099] kasan_report+0xc8/0x180 [ 105.059523] __asan_store1+0x68/0x7c [ 105.059973] krealloc_more_oob_helper+0x13c/0x374 [ 105.060687] krealloc_more_oob+0x20/0x30 [ 105.061127] kunit_try_run_case+0x8c/0x124 [ 105.061626] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.062195] kthread+0x15c/0x170 [ 105.062584] ret_from_fork+0x10/0x20 [ 105.063043] [ 105.063237] Allocated by task 213: [ 105.063618] kasan_save_stack+0x3c/0x70 [ 105.064095] kasan_set_track+0x2c/0x40 [ 105.064753] kasan_save_alloc_info+0x24/0x34 [ 105.065216] __kasan_krealloc+0x10c/0x140 [ 105.065690] krealloc+0x158/0x1c0 [ 105.066106] krealloc_more_oob_helper+0xd8/0x374 [ 105.066637] krealloc_more_oob+0x20/0x30 [ 105.067217] kunit_try_run_case+0x8c/0x124 [ 105.067858] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.068854] kthread+0x15c/0x170 [ 105.069408] ret_from_fork+0x10/0x20 [ 105.069982] [ 105.070261] The buggy address belongs to the object at ffff0000c6260400 [ 105.070261] which belongs to the cache kmalloc-256 of size 256 [ 105.071643] The buggy address is located 235 bytes inside of [ 105.071643] 256-byte region [ffff0000c6260400, ffff0000c6260500) [ 105.073853] [ 105.074142] The buggy address belongs to the physical page: [ 105.074829] page:0000000090416edb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106260 [ 105.075916] head:0000000090416edb order:1 compound_mapcount:0 compound_pincount:0 [ 105.077007] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 105.077943] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 105.078477] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.079106] page dumped because: kasan: bad access detected [ 105.079784] [ 105.080054] Memory state around the buggy address: [ 105.080907] ffff0000c6260380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.081795] ffff0000c6260400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.082652] >ffff0000c6260480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 105.083497] ^ [ 105.084307] ffff0000c6260500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.085387] ffff0000c6260580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.085870] ==================================================================
[ 74.833831] ================================================================== [ 74.834568] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x12c/0x2a4 [ 74.835176] Write of size 1 at addr ffff0000c56f14eb by task kunit_try_catch/129 [ 74.835676] [ 74.835936] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.837076] Hardware name: linux,dummy-virt (DT) [ 74.837829] Call trace: [ 74.838212] dump_backtrace+0xf8/0x118 [ 74.838651] show_stack+0x18/0x24 [ 74.839056] __dump_stack+0x28/0x38 [ 74.839763] dump_stack_lvl+0x54/0x6c [ 74.840196] print_address_description+0x7c/0x1ec [ 74.840715] print_report+0x50/0x68 [ 74.841290] kasan_report+0xac/0x100 [ 74.841830] __asan_store1+0x6c/0x70 [ 74.842332] krealloc_more_oob_helper+0x12c/0x2a4 [ 74.842942] krealloc_more_oob+0x18/0x24 [ 74.843405] kunit_try_run_case+0x80/0x184 [ 74.843891] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.844474] kthread+0x16c/0x21c [ 74.845181] ret_from_fork+0x10/0x20 [ 74.845616] [ 74.845854] Allocated by task 129: [ 74.846233] kasan_set_track+0x4c/0x80 [ 74.846717] kasan_save_alloc_info+0x28/0x34 [ 74.847196] __kasan_krealloc+0xcc/0xf8 [ 74.847666] krealloc+0x150/0x270 [ 74.848091] krealloc_more_oob_helper+0x9c/0x2a4 [ 74.848619] krealloc_more_oob+0x18/0x24 [ 74.849159] kunit_try_run_case+0x80/0x184 [ 74.849781] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.850385] kthread+0x16c/0x21c [ 74.850870] ret_from_fork+0x10/0x20 [ 74.851281] [ 74.851491] The buggy address belongs to the object at ffff0000c56f1400 [ 74.851491] which belongs to the cache kmalloc-256 of size 256 [ 74.852400] The buggy address is located 235 bytes inside of [ 74.852400] 256-byte region [ffff0000c56f1400, ffff0000c56f1500) [ 74.853680] [ 74.853925] The buggy address belongs to the physical page: [ 74.854382] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 74.855319] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 74.855930] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.856908] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.857565] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.858194] page dumped because: kasan: bad access detected [ 74.858668] [ 74.858883] Memory state around the buggy address: [ 74.859309] ffff0000c56f1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.859959] ffff0000c56f1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.860578] >ffff0000c56f1480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 74.861425] ^ [ 74.861979] ffff0000c56f1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.862612] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.863215] ================================================================== [ 74.866155] ================================================================== [ 74.866911] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17c/0x2a4 [ 74.867510] Write of size 1 at addr ffff0000c56f14f0 by task kunit_try_catch/129 [ 74.868365] [ 74.869002] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.869980] Hardware name: linux,dummy-virt (DT) [ 74.870336] Call trace: [ 74.870569] dump_backtrace+0xf8/0x118 [ 74.871008] show_stack+0x18/0x24 [ 74.871399] __dump_stack+0x28/0x38 [ 74.871788] dump_stack_lvl+0x54/0x6c [ 74.872780] print_address_description+0x7c/0x1ec [ 74.873636] print_report+0x50/0x68 [ 74.874293] kasan_report+0xac/0x100 [ 74.874968] __asan_store1+0x6c/0x70 [ 74.875603] krealloc_more_oob_helper+0x17c/0x2a4 [ 74.876351] krealloc_more_oob+0x18/0x24 [ 74.877090] kunit_try_run_case+0x80/0x184 [ 74.877912] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.878731] kthread+0x16c/0x21c [ 74.879324] ret_from_fork+0x10/0x20 [ 74.879930] [ 74.880235] Allocated by task 129: [ 74.880791] kasan_set_track+0x4c/0x80 [ 74.881496] kasan_save_alloc_info+0x28/0x34 [ 74.882170] __kasan_krealloc+0xcc/0xf8 [ 74.882836] krealloc+0x150/0x270 [ 74.883409] krealloc_more_oob_helper+0x9c/0x2a4 [ 74.884149] krealloc_more_oob+0x18/0x24 [ 74.884860] kunit_try_run_case+0x80/0x184 [ 74.885632] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.886459] kthread+0x16c/0x21c [ 74.887047] ret_from_fork+0x10/0x20 [ 74.887641] [ 74.887938] The buggy address belongs to the object at ffff0000c56f1400 [ 74.887938] which belongs to the cache kmalloc-256 of size 256 [ 74.889612] The buggy address is located 240 bytes inside of [ 74.889612] 256-byte region [ffff0000c56f1400, ffff0000c56f1500) [ 74.891430] [ 74.891873] The buggy address belongs to the physical page: [ 74.892463] page:00000000b1c7ebef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f0 [ 74.893715] head:00000000b1c7ebef order:1 compound_mapcount:0 compound_pincount:0 [ 74.894835] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 74.895839] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 74.897232] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.897717] page dumped because: kasan: bad access detected [ 74.898203] [ 74.898451] Memory state around the buggy address: [ 74.898969] ffff0000c56f1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.899618] ffff0000c56f1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.900223] >ffff0000c56f1480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 74.901076] ^ [ 74.901662] ffff0000c56f1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.902284] ffff0000c56f1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.902869] ================================================================== [ 75.069551] ================================================================== [ 75.070411] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x12c/0x2a4 [ 75.071144] Write of size 1 at addr ffff0000c5a260eb by task kunit_try_catch/131 [ 75.071791] [ 75.071995] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.072683] Hardware name: linux,dummy-virt (DT) [ 75.073232] Call trace: [ 75.073517] dump_backtrace+0xf8/0x118 [ 75.074407] show_stack+0x18/0x24 [ 75.074853] __dump_stack+0x28/0x38 [ 75.075285] dump_stack_lvl+0x54/0x6c [ 75.075703] print_address_description+0x7c/0x1ec [ 75.076251] print_report+0x50/0x68 [ 75.077156] kasan_report+0xac/0x100 [ 75.077648] __asan_store1+0x6c/0x70 [ 75.078110] krealloc_more_oob_helper+0x12c/0x2a4 [ 75.078636] krealloc_pagealloc_more_oob+0x18/0x24 [ 75.079159] kunit_try_run_case+0x80/0x184 [ 75.079632] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.080218] kthread+0x16c/0x21c [ 75.080777] ret_from_fork+0x10/0x20 [ 75.081205] [ 75.081399] The buggy address belongs to the physical page: [ 75.081882] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.082648] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.083264] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.083953] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.084632] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.085251] page dumped because: kasan: bad access detected [ 75.085712] [ 75.085919] Memory state around the buggy address: [ 75.086392] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.087179] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.087808] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 75.088401] ^ [ 75.089038] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.089803] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.090384] ================================================================== [ 75.091254] ================================================================== [ 75.091799] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17c/0x2a4 [ 75.092527] Write of size 1 at addr ffff0000c5a260f0 by task kunit_try_catch/131 [ 75.093597] [ 75.093841] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.094546] Hardware name: linux,dummy-virt (DT) [ 75.094986] Call trace: [ 75.095254] dump_backtrace+0xf8/0x118 [ 75.095707] show_stack+0x18/0x24 [ 75.096135] __dump_stack+0x28/0x38 [ 75.096585] dump_stack_lvl+0x54/0x6c [ 75.097047] print_address_description+0x7c/0x1ec [ 75.097569] print_report+0x50/0x68 [ 75.098046] kasan_report+0xac/0x100 [ 75.098519] __asan_store1+0x6c/0x70 [ 75.099185] krealloc_more_oob_helper+0x17c/0x2a4 [ 75.099701] krealloc_pagealloc_more_oob+0x18/0x24 [ 75.100211] kunit_try_run_case+0x80/0x184 [ 75.100842] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.101419] kthread+0x16c/0x21c [ 75.101844] ret_from_fork+0x10/0x20 [ 75.102247] [ 75.102461] The buggy address belongs to the physical page: [ 75.102937] page:0000000021e95fe4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a24 [ 75.103661] head:0000000021e95fe4 order:2 compound_mapcount:0 compound_pincount:0 [ 75.104307] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 75.105179] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 75.105877] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 75.106505] page dumped because: kasan: bad access detected [ 75.106986] [ 75.107167] Memory state around the buggy address: [ 75.107606] ffff0000c5a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.108243] ffff0000c5a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.109110] >ffff0000c5a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 75.109717] ^ [ 75.110246] ffff0000c5a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.110895] ffff0000c5a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 75.111514] ==================================================================
[ 73.879183] ================================================================== [ 73.880287] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17c/0x2a4 [ 73.881008] Write of size 1 at addr ffff0000c4b2b8f0 by task kunit_try_catch/129 [ 73.881599] [ 73.881834] CPU: 1 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.882613] Hardware name: linux,dummy-virt (DT) [ 73.883032] Call trace: [ 73.883329] dump_backtrace+0xf4/0x114 [ 73.884160] show_stack+0x18/0x24 [ 73.884601] __dump_stack+0x28/0x38 [ 73.885021] dump_stack_lvl+0x50/0x68 [ 73.885451] print_address_description+0x7c/0x1ec [ 73.886006] print_report+0x50/0x68 [ 73.886446] kasan_report+0xac/0xfc [ 73.886890] __asan_store1+0x6c/0x70 [ 73.887332] krealloc_more_oob_helper+0x17c/0x2a4 [ 73.888336] krealloc_more_oob+0x18/0x24 [ 73.888841] kunit_try_run_case+0x80/0x184 [ 73.889376] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.889966] kthread+0x16c/0x21c [ 73.890383] ret_from_fork+0x10/0x20 [ 73.890835] [ 73.891068] Allocated by task 129: [ 73.891432] kasan_set_track+0x4c/0x80 [ 73.891863] kasan_save_alloc_info+0x28/0x34 [ 73.892420] __kasan_krealloc+0xcc/0xf8 [ 73.892906] krealloc+0x14c/0x26c [ 73.893328] krealloc_more_oob_helper+0x9c/0x2a4 [ 73.894065] krealloc_more_oob+0x18/0x24 [ 73.894475] kunit_try_run_case+0x80/0x184 [ 73.894990] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.895613] kthread+0x16c/0x21c [ 73.897729] ret_from_fork+0x10/0x20 [ 73.898313] [ 73.898501] The buggy address belongs to the object at ffff0000c4b2b800 [ 73.898501] which belongs to the cache kmalloc-256 of size 256 [ 73.899713] The buggy address is located 240 bytes inside of [ 73.899713] 256-byte region [ffff0000c4b2b800, ffff0000c4b2b900) [ 73.901310] [ 73.901558] The buggy address belongs to the physical page: [ 73.902041] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 73.903198] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 73.904089] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 73.905290] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 73.905969] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.906533] page dumped because: kasan: bad access detected [ 73.907035] [ 73.907238] Memory state around the buggy address: [ 73.907655] ffff0000c4b2b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.908306] ffff0000c4b2b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.909224] >ffff0000c4b2b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 73.909865] ^ [ 73.910450] ffff0000c4b2b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.911059] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.911664] ================================================================== [ 73.849006] ================================================================== [ 73.849892] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x12c/0x2a4 [ 73.850594] Write of size 1 at addr ffff0000c4b2b8eb by task kunit_try_catch/129 [ 73.851194] [ 73.851419] CPU: 1 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.852321] Hardware name: linux,dummy-virt (DT) [ 73.852843] Call trace: [ 73.853089] dump_backtrace+0xf4/0x114 [ 73.853653] show_stack+0x18/0x24 [ 73.854155] __dump_stack+0x28/0x38 [ 73.854607] dump_stack_lvl+0x50/0x68 [ 73.855057] print_address_description+0x7c/0x1ec [ 73.855636] print_report+0x50/0x68 [ 73.856196] kasan_report+0xac/0xfc [ 73.856665] __asan_store1+0x6c/0x70 [ 73.857142] krealloc_more_oob_helper+0x12c/0x2a4 [ 73.857664] krealloc_more_oob+0x18/0x24 [ 73.858153] kunit_try_run_case+0x80/0x184 [ 73.858627] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.859226] kthread+0x16c/0x21c [ 73.859659] ret_from_fork+0x10/0x20 [ 73.860329] [ 73.860530] Allocated by task 129: [ 73.860884] kasan_set_track+0x4c/0x80 [ 73.861352] kasan_save_alloc_info+0x28/0x34 [ 73.861809] __kasan_krealloc+0xcc/0xf8 [ 73.862300] krealloc+0x14c/0x26c [ 73.862691] krealloc_more_oob_helper+0x9c/0x2a4 [ 73.863233] krealloc_more_oob+0x18/0x24 [ 73.863846] kunit_try_run_case+0x80/0x184 [ 73.864319] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 73.864890] kthread+0x16c/0x21c [ 73.865301] ret_from_fork+0x10/0x20 [ 73.866100] [ 73.866320] The buggy address belongs to the object at ffff0000c4b2b800 [ 73.866320] which belongs to the cache kmalloc-256 of size 256 [ 73.867278] The buggy address is located 235 bytes inside of [ 73.867278] 256-byte region [ffff0000c4b2b800, ffff0000c4b2b900) [ 73.868438] [ 73.868675] The buggy address belongs to the physical page: [ 73.869147] page:00000000c9970dfc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b2a [ 73.869966] head:00000000c9970dfc order:1 compound_mapcount:0 compound_pincount:0 [ 73.870590] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 73.871315] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 73.872550] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.873182] page dumped because: kasan: bad access detected [ 73.873669] [ 73.873870] Memory state around the buggy address: [ 73.874331] ffff0000c4b2b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.874996] ffff0000c4b2b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.875608] >ffff0000c4b2b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 73.876203] ^ [ 73.877051] ffff0000c4b2b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.877653] ffff0000c4b2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.878249] ================================================================== [ 74.109619] ================================================================== [ 74.110188] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17c/0x2a4 [ 74.110899] Write of size 1 at addr ffff0000c58ca0f0 by task kunit_try_catch/131 [ 74.111506] [ 74.111765] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.112502] Hardware name: linux,dummy-virt (DT) [ 74.112965] Call trace: [ 74.113244] dump_backtrace+0xf4/0x114 [ 74.113746] show_stack+0x18/0x24 [ 74.114175] __dump_stack+0x28/0x38 [ 74.114595] dump_stack_lvl+0x50/0x68 [ 74.115058] print_address_description+0x7c/0x1ec [ 74.115578] print_report+0x50/0x68 [ 74.116188] kasan_report+0xac/0xfc [ 74.116630] __asan_store1+0x6c/0x70 [ 74.117081] krealloc_more_oob_helper+0x17c/0x2a4 [ 74.117588] krealloc_pagealloc_more_oob+0x18/0x24 [ 74.118456] kunit_try_run_case+0x80/0x184 [ 74.118984] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.119553] kthread+0x16c/0x21c [ 74.119984] ret_from_fork+0x10/0x20 [ 74.120405] [ 74.120592] The buggy address belongs to the physical page: [ 74.121096] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.121888] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.122514] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.123227] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.124442] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.125096] page dumped because: kasan: bad access detected [ 74.125609] [ 74.125833] Memory state around the buggy address: [ 74.126312] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.126942] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.127580] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 74.128173] ^ [ 74.128770] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.129452] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.130070] ================================================================== [ 74.086636] ================================================================== [ 74.087508] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x12c/0x2a4 [ 74.088638] Write of size 1 at addr ffff0000c58ca0eb by task kunit_try_catch/131 [ 74.089260] [ 74.089517] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.090278] Hardware name: linux,dummy-virt (DT) [ 74.090680] Call trace: [ 74.090973] dump_backtrace+0xf4/0x114 [ 74.091437] show_stack+0x18/0x24 [ 74.092425] __dump_stack+0x28/0x38 [ 74.093007] dump_stack_lvl+0x50/0x68 [ 74.093448] print_address_description+0x7c/0x1ec [ 74.093948] print_report+0x50/0x68 [ 74.094445] kasan_report+0xac/0xfc [ 74.094974] __asan_store1+0x6c/0x70 [ 74.095443] krealloc_more_oob_helper+0x12c/0x2a4 [ 74.095959] krealloc_pagealloc_more_oob+0x18/0x24 [ 74.096498] kunit_try_run_case+0x80/0x184 [ 74.096965] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.097527] kthread+0x16c/0x21c [ 74.097959] ret_from_fork+0x10/0x20 [ 74.098368] [ 74.098556] The buggy address belongs to the physical page: [ 74.099032] page:000000000dfb6053 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8 [ 74.099794] head:000000000dfb6053 order:2 compound_mapcount:0 compound_pincount:0 [ 74.100414] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 74.101155] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 74.101848] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.102464] page dumped because: kasan: bad access detected [ 74.103489] [ 74.103713] Memory state around the buggy address: [ 74.104159] ffff0000c58c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.104819] ffff0000c58ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.105460] >ffff0000c58ca080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 74.106065] ^ [ 74.106624] ffff0000c58ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.107248] ffff0000c58ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 74.108370] ==================================================================
[ 72.489703] ================================================================== [ 72.490576] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x160/0x370 [ 72.491816] Write of size 1 at addr ffff0000c3c44ef0 by task kunit_try_catch/129 [ 72.492718] [ 72.492913] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.493460] Hardware name: linux,dummy-virt (DT) [ 72.493855] Call trace: [ 72.494432] dump_backtrace.part.0+0xdc/0xf0 [ 72.495181] show_stack+0x18/0x30 [ 72.495813] dump_stack_lvl+0x64/0x80 [ 72.496388] print_report+0x158/0x438 [ 72.496988] kasan_report+0xb4/0xf4 [ 72.497545] __asan_store1+0x68/0x7c [ 72.498177] krealloc_more_oob_helper+0x160/0x370 [ 72.498975] krealloc_more_oob+0x18/0x2c [ 72.499623] kunit_try_run_case+0x84/0x120 [ 72.500247] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.501023] kthread+0x180/0x190 [ 72.501553] ret_from_fork+0x10/0x20 [ 72.502207] [ 72.502522] Allocated by task 129: [ 72.502995] kasan_save_stack+0x3c/0x70 [ 72.503592] kasan_set_track+0x2c/0x40 [ 72.504161] kasan_save_alloc_info+0x24/0x34 [ 72.504637] __kasan_krealloc+0xf0/0x120 [ 72.504985] krealloc+0x154/0x1a0 [ 72.505316] krealloc_more_oob_helper+0xd0/0x370 [ 72.505816] krealloc_more_oob+0x18/0x2c [ 72.506325] kunit_try_run_case+0x84/0x120 [ 72.507053] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.507935] kthread+0x180/0x190 [ 72.508500] ret_from_fork+0x10/0x20 [ 72.509055] [ 72.509337] The buggy address belongs to the object at ffff0000c3c44e00 [ 72.509337] which belongs to the cache kmalloc-256 of size 256 [ 72.510988] The buggy address is located 240 bytes inside of [ 72.510988] 256-byte region [ffff0000c3c44e00, ffff0000c3c44f00) [ 72.511963] [ 72.512141] The buggy address belongs to the physical page: [ 72.512623] page:000000003b9e76ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c44 [ 72.513707] head:000000003b9e76ea order:1 compound_mapcount:0 compound_pincount:0 [ 72.514747] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.515723] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.516669] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.517561] page dumped because: kasan: bad access detected [ 72.518035] [ 72.518201] Memory state around the buggy address: [ 72.518548] ffff0000c3c44d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.519293] ffff0000c3c44e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.520075] >ffff0000c3c44e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 72.520750] ^ [ 72.521183] ffff0000c3c44f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.521655] ffff0000c3c44f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.522685] ================================================================== [ 72.448326] ================================================================== [ 72.449087] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x134/0x370 [ 72.449694] Write of size 1 at addr ffff0000c3c44eeb by task kunit_try_catch/129 [ 72.451222] [ 72.451679] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.452947] Hardware name: linux,dummy-virt (DT) [ 72.453727] Call trace: [ 72.454387] dump_backtrace.part.0+0xdc/0xf0 [ 72.455318] show_stack+0x18/0x30 [ 72.455994] dump_stack_lvl+0x64/0x80 [ 72.456735] print_report+0x158/0x438 [ 72.457515] kasan_report+0xb4/0xf4 [ 72.458274] __asan_store1+0x68/0x7c [ 72.459009] krealloc_more_oob_helper+0x134/0x370 [ 72.459907] krealloc_more_oob+0x18/0x2c [ 72.460701] kunit_try_run_case+0x84/0x120 [ 72.461497] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.462671] kthread+0x180/0x190 [ 72.463303] ret_from_fork+0x10/0x20 [ 72.463856] [ 72.464035] Allocated by task 129: [ 72.464305] kasan_save_stack+0x3c/0x70 [ 72.465222] kasan_set_track+0x2c/0x40 [ 72.465951] kasan_save_alloc_info+0x24/0x34 [ 72.466864] __kasan_krealloc+0xf0/0x120 [ 72.467635] krealloc+0x154/0x1a0 [ 72.468365] krealloc_more_oob_helper+0xd0/0x370 [ 72.469318] krealloc_more_oob+0x18/0x2c [ 72.470355] kunit_try_run_case+0x84/0x120 [ 72.471675] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.472920] kthread+0x180/0x190 [ 72.474869] ret_from_fork+0x10/0x20 [ 72.475253] [ 72.475441] The buggy address belongs to the object at ffff0000c3c44e00 [ 72.475441] which belongs to the cache kmalloc-256 of size 256 [ 72.476322] The buggy address is located 235 bytes inside of [ 72.476322] 256-byte region [ffff0000c3c44e00, ffff0000c3c44f00) [ 72.477123] [ 72.477312] The buggy address belongs to the physical page: [ 72.478576] page:000000003b9e76ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c44 [ 72.479550] head:000000003b9e76ea order:1 compound_mapcount:0 compound_pincount:0 [ 72.480131] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 72.480879] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 72.481544] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.482297] page dumped because: kasan: bad access detected [ 72.482797] [ 72.482973] Memory state around the buggy address: [ 72.483426] ffff0000c3c44d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.484072] ffff0000c3c44e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.484691] >ffff0000c3c44e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 72.485257] ^ [ 72.485809] ffff0000c3c44f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.486391] ffff0000c3c44f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.487286] ================================================================== [ 72.718881] ================================================================== [ 72.719511] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x160/0x370 [ 72.720335] Write of size 1 at addr ffff0000c5a320f0 by task kunit_try_catch/131 [ 72.720948] [ 72.721191] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.721974] Hardware name: linux,dummy-virt (DT) [ 72.722476] Call trace: [ 72.722775] dump_backtrace.part.0+0xdc/0xf0 [ 72.723314] show_stack+0x18/0x30 [ 72.723809] dump_stack_lvl+0x64/0x80 [ 72.724253] print_report+0x158/0x438 [ 72.724791] kasan_report+0xb4/0xf4 [ 72.725219] __asan_store1+0x68/0x7c [ 72.725623] krealloc_more_oob_helper+0x160/0x370 [ 72.726152] krealloc_pagealloc_more_oob+0x18/0x24 [ 72.726694] kunit_try_run_case+0x84/0x120 [ 72.727175] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.727750] kthread+0x180/0x190 [ 72.728141] ret_from_fork+0x10/0x20 [ 72.728550] [ 72.728757] The buggy address belongs to the physical page: [ 72.729234] page:00000000a668a8fd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a30 [ 72.730350] head:00000000a668a8fd order:2 compound_mapcount:0 compound_pincount:0 [ 72.730841] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.731356] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.732441] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.733155] page dumped because: kasan: bad access detected [ 72.733532] [ 72.733699] Memory state around the buggy address: [ 72.734544] ffff0000c5a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.736115] ffff0000c5a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.737146] >ffff0000c5a32080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 72.737608] ^ [ 72.738664] ffff0000c5a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.739499] ffff0000c5a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.740286] ================================================================== [ 72.698851] ================================================================== [ 72.699728] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x134/0x370 [ 72.700419] Write of size 1 at addr ffff0000c5a320eb by task kunit_try_catch/131 [ 72.701074] [ 72.701324] CPU: 1 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.702104] Hardware name: linux,dummy-virt (DT) [ 72.702585] Call trace: [ 72.702826] dump_backtrace.part.0+0xdc/0xf0 [ 72.703410] show_stack+0x18/0x30 [ 72.703907] dump_stack_lvl+0x64/0x80 [ 72.704361] print_report+0x158/0x438 [ 72.704836] kasan_report+0xb4/0xf4 [ 72.705227] __asan_store1+0x68/0x7c [ 72.705675] krealloc_more_oob_helper+0x134/0x370 [ 72.706277] krealloc_pagealloc_more_oob+0x18/0x24 [ 72.706916] kunit_try_run_case+0x84/0x120 [ 72.707376] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.707965] kthread+0x180/0x190 [ 72.708372] ret_from_fork+0x10/0x20 [ 72.708813] [ 72.709056] The buggy address belongs to the physical page: [ 72.709571] page:00000000a668a8fd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a30 [ 72.710321] head:00000000a668a8fd order:2 compound_mapcount:0 compound_pincount:0 [ 72.710955] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 72.711639] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 72.712301] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 72.712916] page dumped because: kasan: bad access detected [ 72.713402] [ 72.713597] Memory state around the buggy address: [ 72.714101] ffff0000c5a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.714763] ffff0000c5a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.715346] >ffff0000c5a32080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 72.716009] ^ [ 72.716588] ffff0000c5a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.717269] ffff0000c5a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 72.717889] ==================================================================
[ 64.358189] ================================================================== [ 64.358711] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x178/0x388 [ 64.359466] Write of size 1 at addr ffff0000c595e0f0 by task kunit_try_catch/129 [ 64.360151] [ 64.360422] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.361147] Hardware name: linux,dummy-virt (DT) [ 64.361719] Call trace: [ 64.362110] dump_backtrace+0x110/0x120 [ 64.362644] show_stack+0x18/0x28 [ 64.363131] dump_stack_lvl+0x68/0x84 [ 64.363519] print_report+0x158/0x484 [ 64.363921] kasan_report+0x98/0xe0 [ 64.364281] __asan_store1+0x68/0x78 [ 64.364655] krealloc_more_oob_helper+0x178/0x388 [ 64.365096] krealloc_pagealloc_more_oob+0x18/0x28 [ 64.365648] kunit_try_run_case+0x7c/0x120 [ 64.366046] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.366711] kthread+0x1a4/0x1b8 [ 64.367033] ret_from_fork+0x10/0x20 [ 64.367411] [ 64.367626] The buggy address belongs to the physical page: [ 64.368150] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.368828] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.369528] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.370323] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.371044] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.371581] page dumped because: kasan: bad access detected [ 64.372057] [ 64.372279] Memory state around the buggy address: [ 64.372684] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.373220] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.373830] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 64.374421] ^ [ 64.374978] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.375508] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.375992] ================================================================== [ 64.173810] ================================================================== [ 64.174310] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x178/0x388 [ 64.174981] Write of size 1 at addr ffff0000c55e46f0 by task kunit_try_catch/127 [ 64.175503] [ 64.175698] CPU: 1 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.176386] Hardware name: linux,dummy-virt (DT) [ 64.176744] Call trace: [ 64.176975] dump_backtrace+0x110/0x120 [ 64.177433] show_stack+0x18/0x28 [ 64.177820] dump_stack_lvl+0x68/0x84 [ 64.178216] print_report+0x158/0x484 [ 64.178597] kasan_report+0x98/0xe0 [ 64.178955] __asan_store1+0x68/0x78 [ 64.179577] krealloc_more_oob_helper+0x178/0x388 [ 64.180067] krealloc_more_oob+0x18/0x28 [ 64.180493] kunit_try_run_case+0x7c/0x120 [ 64.180919] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.181589] kthread+0x1a4/0x1b8 [ 64.181933] ret_from_fork+0x10/0x20 [ 64.182330] [ 64.182519] Allocated by task 127: [ 64.182822] kasan_save_stack+0x2c/0x58 [ 64.183200] kasan_set_track+0x2c/0x40 [ 64.183576] kasan_save_alloc_info+0x24/0x38 [ 64.184001] __kasan_krealloc+0xec/0x120 [ 64.184391] krealloc+0x13c/0x178 [ 64.184735] krealloc_more_oob_helper+0xdc/0x388 [ 64.185180] krealloc_more_oob+0x18/0x28 [ 64.185824] kunit_try_run_case+0x7c/0x120 [ 64.186243] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.186775] kthread+0x1a4/0x1b8 [ 64.187115] ret_from_fork+0x10/0x20 [ 64.187506] [ 64.187685] The buggy address belongs to the object at ffff0000c55e4600 [ 64.187685] which belongs to the cache kmalloc-256 of size 256 [ 64.188511] The buggy address is located 240 bytes inside of [ 64.188511] 256-byte region [ffff0000c55e4600, ffff0000c55e4700) [ 64.189362] [ 64.189691] The buggy address belongs to the physical page: [ 64.190140] page:000000007e8e1d6e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e4 [ 64.190873] head:000000007e8e1d6e order:1 compound_mapcount:0 compound_pincount:0 [ 64.191440] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.192064] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.192685] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.193283] page dumped because: kasan: bad access detected [ 64.193763] [ 64.193961] Memory state around the buggy address: [ 64.194325] ffff0000c55e4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.194872] ffff0000c55e4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.195640] >ffff0000c55e4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 64.196143] ^ [ 64.196644] ffff0000c55e4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.197192] ffff0000c55e4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.198360] ================================================================== [ 64.147159] ================================================================== [ 64.147990] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x144/0x388 [ 64.148674] Write of size 1 at addr ffff0000c55e46eb by task kunit_try_catch/127 [ 64.149207] [ 64.149464] CPU: 1 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.150106] Hardware name: linux,dummy-virt (DT) [ 64.150661] Call trace: [ 64.150933] dump_backtrace+0x110/0x120 [ 64.151397] show_stack+0x18/0x28 [ 64.151813] dump_stack_lvl+0x68/0x84 [ 64.152253] print_report+0x158/0x484 [ 64.152642] kasan_report+0x98/0xe0 [ 64.153021] __asan_store1+0x68/0x78 [ 64.153421] krealloc_more_oob_helper+0x144/0x388 [ 64.153949] krealloc_more_oob+0x18/0x28 [ 64.154529] kunit_try_run_case+0x7c/0x120 [ 64.154995] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.155544] kthread+0x1a4/0x1b8 [ 64.155920] ret_from_fork+0x10/0x20 [ 64.156320] [ 64.156507] Allocated by task 127: [ 64.156831] kasan_save_stack+0x2c/0x58 [ 64.157277] kasan_set_track+0x2c/0x40 [ 64.157798] kasan_save_alloc_info+0x24/0x38 [ 64.158252] __kasan_krealloc+0xec/0x120 [ 64.158653] krealloc+0x13c/0x178 [ 64.158996] krealloc_more_oob_helper+0xdc/0x388 [ 64.159490] krealloc_more_oob+0x18/0x28 [ 64.159894] kunit_try_run_case+0x7c/0x120 [ 64.160343] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.160861] kthread+0x1a4/0x1b8 [ 64.161202] ret_from_fork+0x10/0x20 [ 64.161752] [ 64.161962] The buggy address belongs to the object at ffff0000c55e4600 [ 64.161962] which belongs to the cache kmalloc-256 of size 256 [ 64.162875] The buggy address is located 235 bytes inside of [ 64.162875] 256-byte region [ffff0000c55e4600, ffff0000c55e4700) [ 64.163722] [ 64.163931] The buggy address belongs to the physical page: [ 64.164448] page:000000007e8e1d6e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e4 [ 64.165186] head:000000007e8e1d6e order:1 compound_mapcount:0 compound_pincount:0 [ 64.165960] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 64.166649] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002480 [ 64.167249] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.167827] page dumped because: kasan: bad access detected [ 64.168283] [ 64.168470] Memory state around the buggy address: [ 64.168851] ffff0000c55e4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.169639] ffff0000c55e4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.170196] >ffff0000c55e4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 64.170707] ^ [ 64.171219] ffff0000c55e4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.172208] ffff0000c55e4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.172748] ================================================================== [ 64.339206] ================================================================== [ 64.340009] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x144/0x388 [ 64.340673] Write of size 1 at addr ffff0000c595e0eb by task kunit_try_catch/129 [ 64.341168] [ 64.341403] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.342021] Hardware name: linux,dummy-virt (DT) [ 64.342426] Call trace: [ 64.342687] dump_backtrace+0x110/0x120 [ 64.343139] show_stack+0x18/0x28 [ 64.343568] dump_stack_lvl+0x68/0x84 [ 64.344070] print_report+0x158/0x484 [ 64.344488] kasan_report+0x98/0xe0 [ 64.344847] __asan_store1+0x68/0x78 [ 64.345213] krealloc_more_oob_helper+0x144/0x388 [ 64.345819] krealloc_pagealloc_more_oob+0x18/0x28 [ 64.346307] kunit_try_run_case+0x7c/0x120 [ 64.346796] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.347431] kthread+0x1a4/0x1b8 [ 64.347784] ret_from_fork+0x10/0x20 [ 64.348142] [ 64.348356] The buggy address belongs to the physical page: [ 64.348756] page:000000002033b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595c [ 64.349443] head:000000002033b139 order:2 compound_mapcount:0 compound_pincount:0 [ 64.349996] flags: 0xbfffc0000010000(head|node=0|zone=2|lastcpupid=0xffff) [ 64.350645] raw: 0bfffc0000010000 0000000000000000 dead000000000122 0000000000000000 [ 64.351438] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.352003] page dumped because: kasan: bad access detected [ 64.352437] [ 64.352627] Memory state around the buggy address: [ 64.353001] ffff0000c595df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.353596] ffff0000c595e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.354162] >ffff0000c595e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 64.354833] ^ [ 64.355349] ffff0000c595e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.355916] ffff0000c595e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 64.356629] ==================================================================
[ 30.465706] ================================================================== [ 30.466052] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.466546] Write of size 1 at addr ffff88810090c6f0 by task kunit_try_catch/233 [ 30.466920] [ 30.467041] CPU: 1 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.467468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.467833] Call Trace: [ 30.467994] <TASK> [ 30.468284] dump_stack_lvl+0x49/0x62 [ 30.468795] print_report+0x189/0x492 [ 30.469023] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.469464] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.469732] kasan_report+0x10c/0x190 [ 30.469973] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.470267] __asan_store1+0x65/0x70 [ 30.470577] krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.470866] ? krealloc_less_oob+0x20/0x20 [ 30.471076] ? __kunit_add_resource+0xd1/0x100 [ 30.471396] ? preempt_count_sub+0x4c/0x70 [ 30.471626] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.471878] ? __kunit_add_resource+0xd1/0x100 [ 30.472150] krealloc_more_oob+0x18/0x20 [ 30.472367] kunit_try_run_case+0x8f/0xd0 [ 30.472602] ? kunit_catch_run_case+0x80/0x80 [ 30.472832] ? kunit_try_catch_throw+0x40/0x40 [ 30.473061] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.473742] kthread+0x17b/0x1b0 [ 30.473971] ? kthread_complete_and_exit+0x30/0x30 [ 30.474264] ret_from_fork+0x22/0x30 [ 30.474599] </TASK> [ 30.474753] [ 30.474847] Allocated by task 233: [ 30.475043] kasan_save_stack+0x41/0x70 [ 30.475305] kasan_set_track+0x25/0x40 [ 30.475620] kasan_save_alloc_info+0x1e/0x30 [ 30.475866] __kasan_krealloc+0x12e/0x180 [ 30.476110] krealloc+0xae/0x140 [ 30.476604] krealloc_more_oob_helper+0xe5/0x3b0 [ 30.476878] krealloc_more_oob+0x18/0x20 [ 30.477112] kunit_try_run_case+0x8f/0xd0 [ 30.477369] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.477751] kthread+0x17b/0x1b0 [ 30.477945] ret_from_fork+0x22/0x30 [ 30.478181] [ 30.478273] The buggy address belongs to the object at ffff88810090c600 [ 30.478273] which belongs to the cache kmalloc-256 of size 256 [ 30.478920] The buggy address is located 240 bytes inside of [ 30.478920] 256-byte region [ffff88810090c600, ffff88810090c700) [ 30.479557] [ 30.479677] The buggy address belongs to the physical page: [ 30.479957] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.480669] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.481016] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.481371] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.481824] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.482157] page dumped because: kasan: bad access detected [ 30.482561] [ 30.482683] Memory state around the buggy address: [ 30.482918] ffff88810090c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.483247] ffff88810090c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.483703] >ffff88810090c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.484026] ^ [ 30.484630] ffff88810090c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.484957] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.485309] ================================================================== [ 30.592504] ================================================================== [ 30.593656] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17d/0x3b0 [ 30.595001] Write of size 1 at addr ffff8881036be0eb by task kunit_try_catch/235 [ 30.595457] [ 30.595574] CPU: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.595881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.596206] Call Trace: [ 30.597098] <TASK> [ 30.597459] dump_stack_lvl+0x49/0x62 [ 30.598059] print_report+0x189/0x492 [ 30.598843] ? kasan_addr_to_slab+0xd/0xb0 [ 30.599392] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.600056] kasan_report+0x10c/0x190 [ 30.600570] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.601039] __asan_store1+0x65/0x70 [ 30.601397] krealloc_more_oob_helper+0x17d/0x3b0 [ 30.601623] ? krealloc_less_oob+0x20/0x20 [ 30.601812] ? __kunit_add_resource+0xd1/0x100 [ 30.602014] ? preempt_count_sub+0x4c/0x70 [ 30.602404] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.603157] ? __kunit_add_resource+0xd1/0x100 [ 30.603764] krealloc_pagealloc_more_oob+0x18/0x20 [ 30.604370] kunit_try_run_case+0x8f/0xd0 [ 30.604957] ? kunit_catch_run_case+0x80/0x80 [ 30.605552] ? kunit_try_catch_throw+0x40/0x40 [ 30.606097] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.606808] kthread+0x17b/0x1b0 [ 30.607517] ? kthread_complete_and_exit+0x30/0x30 [ 30.608157] ret_from_fork+0x22/0x30 [ 30.608691] </TASK> [ 30.608810] [ 30.608901] The buggy address belongs to the physical page: [ 30.609118] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.610204] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.611189] flags: 0x200000000010000(head|node=0|zone=2) [ 30.611816] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.612611] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.612901] page dumped because: kasan: bad access detected [ 30.613106] [ 30.613205] Memory state around the buggy address: [ 30.613665] ffff8881036bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.614441] ffff8881036be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.615313] >ffff8881036be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.616071] ^ [ 30.616820] ffff8881036be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.617511] ffff8881036be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.618024] ================================================================== [ 30.618448] ================================================================== [ 30.619190] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.620131] Write of size 1 at addr ffff8881036be0f0 by task kunit_try_catch/235 [ 30.620975] [ 30.621127] CPU: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.621911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.622677] Call Trace: [ 30.622806] <TASK> [ 30.622920] dump_stack_lvl+0x49/0x62 [ 30.623114] print_report+0x189/0x492 [ 30.623311] ? kasan_addr_to_slab+0xd/0xb0 [ 30.623623] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.623885] kasan_report+0x10c/0x190 [ 30.624108] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.624401] __asan_store1+0x65/0x70 [ 30.624839] krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.625134] ? krealloc_less_oob+0x20/0x20 [ 30.625519] ? __kunit_add_resource+0xd1/0x100 [ 30.625791] ? preempt_count_sub+0x4c/0x70 [ 30.626014] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.626295] ? __kunit_add_resource+0xd1/0x100 [ 30.626514] krealloc_pagealloc_more_oob+0x18/0x20 [ 30.626870] kunit_try_run_case+0x8f/0xd0 [ 30.627118] ? kunit_catch_run_case+0x80/0x80 [ 30.627513] ? kunit_try_catch_throw+0x40/0x40 [ 30.627776] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.628085] kthread+0x17b/0x1b0 [ 30.628322] ? kthread_complete_and_exit+0x30/0x30 [ 30.628643] ret_from_fork+0x22/0x30 [ 30.628835] </TASK> [ 30.629030] [ 30.629147] The buggy address belongs to the physical page: [ 30.629528] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.629948] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.630799] flags: 0x200000000010000(head|node=0|zone=2) [ 30.631075] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.631608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.632029] page dumped because: kasan: bad access detected [ 30.632310] [ 30.632514] Memory state around the buggy address: [ 30.632778] ffff8881036bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.633102] ffff8881036be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.633562] >ffff8881036be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.633877] ^ [ 30.634327] ffff8881036be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.634958] ffff8881036be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.635357] ================================================================== [ 30.445320] ================================================================== [ 30.445905] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17d/0x3b0 [ 30.446346] Write of size 1 at addr ffff88810090c6eb by task kunit_try_catch/233 [ 30.446703] [ 30.446836] CPU: 1 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.447260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.447768] Call Trace: [ 30.447941] <TASK> [ 30.448081] dump_stack_lvl+0x49/0x62 [ 30.448655] print_report+0x189/0x492 [ 30.448905] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.449245] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.449553] kasan_report+0x10c/0x190 [ 30.449752] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.450051] __asan_store1+0x65/0x70 [ 30.450265] krealloc_more_oob_helper+0x17d/0x3b0 [ 30.450539] ? krealloc_less_oob+0x20/0x20 [ 30.450782] ? __kunit_add_resource+0xd1/0x100 [ 30.451050] ? preempt_count_sub+0x4c/0x70 [ 30.451463] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.451762] ? __kunit_add_resource+0xd1/0x100 [ 30.451996] krealloc_more_oob+0x18/0x20 [ 30.452261] kunit_try_run_case+0x8f/0xd0 [ 30.452798] ? kunit_catch_run_case+0x80/0x80 [ 30.453075] ? kunit_try_catch_throw+0x40/0x40 [ 30.453374] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.453658] kthread+0x17b/0x1b0 [ 30.453864] ? kthread_complete_and_exit+0x30/0x30 [ 30.454149] ret_from_fork+0x22/0x30 [ 30.454375] </TASK> [ 30.454520] [ 30.454629] Allocated by task 233: [ 30.454804] kasan_save_stack+0x41/0x70 [ 30.455048] kasan_set_track+0x25/0x40 [ 30.455461] kasan_save_alloc_info+0x1e/0x30 [ 30.455710] __kasan_krealloc+0x12e/0x180 [ 30.455955] krealloc+0xae/0x140 [ 30.456134] krealloc_more_oob_helper+0xe5/0x3b0 [ 30.456687] krealloc_more_oob+0x18/0x20 [ 30.456945] kunit_try_run_case+0x8f/0xd0 [ 30.457203] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.457596] kthread+0x17b/0x1b0 [ 30.457806] ret_from_fork+0x22/0x30 [ 30.458025] [ 30.458131] The buggy address belongs to the object at ffff88810090c600 [ 30.458131] which belongs to the cache kmalloc-256 of size 256 [ 30.458745] The buggy address is located 235 bytes inside of [ 30.458745] 256-byte region [ffff88810090c600, ffff88810090c700) [ 30.459412] [ 30.459524] The buggy address belongs to the physical page: [ 30.459790] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.460233] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.460852] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.461188] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.461625] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.461978] page dumped because: kasan: bad access detected [ 30.462247] [ 30.462475] Memory state around the buggy address: [ 30.462722] ffff88810090c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.463018] ffff88810090c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.463504] >ffff88810090c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.463811] ^ [ 30.464111] ffff88810090c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.464764] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.465106] ==================================================================