Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.437044] ================================================================== [ 24.443972] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.451523] Write of size 1 at addr ffff0008031520f0 by task kunit_try_catch/209 [ 24.458899] [ 24.460385] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 24.460438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.460453] Hardware name: WinLink E850-96 board (DT) [ 24.460476] Call trace: [ 24.460489] show_stack+0x20/0x38 (C) [ 24.460525] dump_stack_lvl+0x8c/0xd0 [ 24.460562] print_report+0x118/0x608 [ 24.460596] kasan_report+0xdc/0x128 [ 24.460626] __asan_report_store1_noabort+0x20/0x30 [ 24.460661] krealloc_more_oob_helper+0x5c0/0x678 [ 24.460690] krealloc_large_more_oob+0x20/0x38 [ 24.460720] kunit_try_run_case+0x170/0x3f0 [ 24.460757] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.460797] kthread+0x328/0x630 [ 24.460832] ret_from_fork+0x10/0x20 [ 24.460868] [ 24.528258] The buggy address belongs to the physical page: [ 24.533816] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883150 [ 24.541799] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.549438] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.556381] page_type: f8(unknown) [ 24.559778] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.567498] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.575224] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.583036] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.590849] head: 0bfffe0000000002 fffffdffe00c5401 00000000ffffffff 00000000ffffffff [ 24.598661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.606466] page dumped because: kasan: bad access detected [ 24.612022] [ 24.613497] Memory state around the buggy address: [ 24.618276] ffff000803151f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.625480] ffff000803152000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.632685] >ffff000803152080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.639886] ^ [ 24.646747] ffff000803152100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.653952] ffff000803152180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.661153] ================================================================== [ 24.203342] ================================================================== [ 24.212639] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.220189] Write of size 1 at addr ffff0008031520eb by task kunit_try_catch/209 [ 24.227567] [ 24.229055] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 24.229109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.229126] Hardware name: WinLink E850-96 board (DT) [ 24.229147] Call trace: [ 24.229161] show_stack+0x20/0x38 (C) [ 24.229197] dump_stack_lvl+0x8c/0xd0 [ 24.229233] print_report+0x118/0x608 [ 24.229265] kasan_report+0xdc/0x128 [ 24.229296] __asan_report_store1_noabort+0x20/0x30 [ 24.229334] krealloc_more_oob_helper+0x60c/0x678 [ 24.229362] krealloc_large_more_oob+0x20/0x38 [ 24.229389] kunit_try_run_case+0x170/0x3f0 [ 24.229429] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.229467] kthread+0x328/0x630 [ 24.229503] ret_from_fork+0x10/0x20 [ 24.229539] [ 24.296924] The buggy address belongs to the physical page: [ 24.302482] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883150 [ 24.310466] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.318105] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.325049] page_type: f8(unknown) [ 24.328448] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.336165] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.343891] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.351703] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.359515] head: 0bfffe0000000002 fffffdffe00c5401 00000000ffffffff 00000000ffffffff [ 24.367327] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.375133] page dumped because: kasan: bad access detected [ 24.380688] [ 24.382165] Memory state around the buggy address: [ 24.386947] ffff000803151f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.394149] ffff000803152000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.401353] >ffff000803152080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.408552] ^ [ 24.415154] ffff000803152100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.422358] ffff000803152180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.429559] ================================================================== [ 22.357271] ================================================================== [ 22.364143] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 22.371691] Write of size 1 at addr ffff0008033108f0 by task kunit_try_catch/205 [ 22.379069] [ 22.380555] CPU: 7 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 22.380605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.380620] Hardware name: WinLink E850-96 board (DT) [ 22.380638] Call trace: [ 22.380650] show_stack+0x20/0x38 (C) [ 22.380681] dump_stack_lvl+0x8c/0xd0 [ 22.380720] print_report+0x118/0x608 [ 22.380752] kasan_report+0xdc/0x128 [ 22.380781] __asan_report_store1_noabort+0x20/0x30 [ 22.380820] krealloc_more_oob_helper+0x5c0/0x678 [ 22.380849] krealloc_more_oob+0x20/0x38 [ 22.380875] kunit_try_run_case+0x170/0x3f0 [ 22.380911] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.380947] kthread+0x328/0x630 [ 22.380980] ret_from_fork+0x10/0x20 [ 22.381015] [ 22.447905] Allocated by task 205: [ 22.451293] kasan_save_stack+0x3c/0x68 [ 22.455110] kasan_save_track+0x20/0x40 [ 22.458929] kasan_save_alloc_info+0x40/0x58 [ 22.463183] __kasan_krealloc+0x118/0x178 [ 22.467176] krealloc_noprof+0x128/0x360 [ 22.471082] krealloc_more_oob_helper+0x168/0x678 [ 22.475769] krealloc_more_oob+0x20/0x38 [ 22.479675] kunit_try_run_case+0x170/0x3f0 [ 22.483842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.489311] kthread+0x328/0x630 [ 22.492523] ret_from_fork+0x10/0x20 [ 22.496082] [ 22.497558] The buggy address belongs to the object at ffff000803310800 [ 22.497558] which belongs to the cache kmalloc-256 of size 256 [ 22.510059] The buggy address is located 5 bytes to the right of [ 22.510059] allocated 235-byte region [ffff000803310800, ffff0008033108eb) [ 22.522990] [ 22.524468] The buggy address belongs to the physical page: [ 22.530027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883310 [ 22.538008] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.545648] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.552594] page_type: f5(slab) [ 22.555729] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.563448] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.571175] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.578986] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.586799] head: 0bfffe0000000002 fffffdffe00cc401 00000000ffffffff 00000000ffffffff [ 22.594611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.602416] page dumped because: kasan: bad access detected [ 22.607972] [ 22.609449] Memory state around the buggy address: [ 22.614229] ffff000803310780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.621432] ffff000803310800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.628635] >ffff000803310880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.635836] ^ [ 22.642698] ffff000803310900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.649902] ffff000803310980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.657104] ================================================================== [ 22.048015] ================================================================== [ 22.057029] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 22.064580] Write of size 1 at addr ffff0008033108eb by task kunit_try_catch/205 [ 22.071956] [ 22.073442] CPU: 7 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 22.073497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.073515] Hardware name: WinLink E850-96 board (DT) [ 22.073536] Call trace: [ 22.073549] show_stack+0x20/0x38 (C) [ 22.073585] dump_stack_lvl+0x8c/0xd0 [ 22.073623] print_report+0x118/0x608 [ 22.073658] kasan_report+0xdc/0x128 [ 22.073688] __asan_report_store1_noabort+0x20/0x30 [ 22.073725] krealloc_more_oob_helper+0x60c/0x678 [ 22.073756] krealloc_more_oob+0x20/0x38 [ 22.073782] kunit_try_run_case+0x170/0x3f0 [ 22.073818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.073859] kthread+0x328/0x630 [ 22.073893] ret_from_fork+0x10/0x20 [ 22.073928] [ 22.140793] Allocated by task 205: [ 22.144180] kasan_save_stack+0x3c/0x68 [ 22.147996] kasan_save_track+0x20/0x40 [ 22.151816] kasan_save_alloc_info+0x40/0x58 [ 22.156069] __kasan_krealloc+0x118/0x178 [ 22.160062] krealloc_noprof+0x128/0x360 [ 22.163968] krealloc_more_oob_helper+0x168/0x678 [ 22.168656] krealloc_more_oob+0x20/0x38 [ 22.172562] kunit_try_run_case+0x170/0x3f0 [ 22.176729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.182197] kthread+0x328/0x630 [ 22.185409] ret_from_fork+0x10/0x20 [ 22.188968] [ 22.190445] The buggy address belongs to the object at ffff000803310800 [ 22.190445] which belongs to the cache kmalloc-256 of size 256 [ 22.202945] The buggy address is located 0 bytes to the right of [ 22.202945] allocated 235-byte region [ffff000803310800, ffff0008033108eb) [ 22.215877] [ 22.217357] The buggy address belongs to the physical page: [ 22.222913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883310 [ 22.230896] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.238537] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.245479] page_type: f5(slab) [ 22.248618] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.256335] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.264061] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.271873] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.279686] head: 0bfffe0000000002 fffffdffe00cc401 00000000ffffffff 00000000ffffffff [ 22.287498] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.295303] page dumped because: kasan: bad access detected [ 22.300860] [ 22.302336] Memory state around the buggy address: [ 22.307115] ffff000803310780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.314319] ffff000803310800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.321523] >ffff000803310880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.328723] ^ [ 22.335324] ffff000803310900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.342529] ffff000803310980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.349731] ==================================================================
[ 17.835142] ================================================================== [ 17.835407] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 17.835528] Write of size 1 at addr fff00000c79120f0 by task kunit_try_catch/162 [ 17.835581] [ 17.835609] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.835697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.835724] Hardware name: linux,dummy-virt (DT) [ 17.835863] Call trace: [ 17.835914] show_stack+0x20/0x38 (C) [ 17.836088] dump_stack_lvl+0x8c/0xd0 [ 17.836137] print_report+0x118/0x608 [ 17.836181] kasan_report+0xdc/0x128 [ 17.836473] __asan_report_store1_noabort+0x20/0x30 [ 17.836624] krealloc_more_oob_helper+0x5c0/0x678 [ 17.836834] krealloc_large_more_oob+0x20/0x38 [ 17.837027] kunit_try_run_case+0x170/0x3f0 [ 17.837145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.837331] kthread+0x328/0x630 [ 17.837384] ret_from_fork+0x10/0x20 [ 17.837862] [ 17.837963] The buggy address belongs to the physical page: [ 17.838121] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107910 [ 17.838294] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.838342] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.838524] page_type: f8(unknown) [ 17.838751] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.838845] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.838959] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.839063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.839234] head: 0bfffe0000000002 ffffc1ffc31e4401 00000000ffffffff 00000000ffffffff [ 17.839350] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.839414] page dumped because: kasan: bad access detected [ 17.839446] [ 17.839463] Memory state around the buggy address: [ 17.839565] fff00000c7911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.839612] fff00000c7912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.839974] >fff00000c7912080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.840066] ^ [ 17.840155] fff00000c7912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.840288] fff00000c7912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.840328] ================================================================== [ 17.762984] ================================================================== [ 17.763218] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 17.763285] Write of size 1 at addr fff00000c4775cf0 by task kunit_try_catch/158 [ 17.763336] [ 17.763460] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.763604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.763865] Hardware name: linux,dummy-virt (DT) [ 17.764114] Call trace: [ 17.764163] show_stack+0x20/0x38 (C) [ 17.764245] dump_stack_lvl+0x8c/0xd0 [ 17.764407] print_report+0x118/0x608 [ 17.764466] kasan_report+0xdc/0x128 [ 17.764537] __asan_report_store1_noabort+0x20/0x30 [ 17.764587] krealloc_more_oob_helper+0x5c0/0x678 [ 17.764882] krealloc_more_oob+0x20/0x38 [ 17.765136] kunit_try_run_case+0x170/0x3f0 [ 17.765321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.765459] kthread+0x328/0x630 [ 17.765527] ret_from_fork+0x10/0x20 [ 17.765895] [ 17.765943] Allocated by task 158: [ 17.766064] kasan_save_stack+0x3c/0x68 [ 17.766152] kasan_save_track+0x20/0x40 [ 17.766322] kasan_save_alloc_info+0x40/0x58 [ 17.766409] __kasan_krealloc+0x118/0x178 [ 17.766782] krealloc_noprof+0x128/0x360 [ 17.766846] krealloc_more_oob_helper+0x168/0x678 [ 17.767044] krealloc_more_oob+0x20/0x38 [ 17.767203] kunit_try_run_case+0x170/0x3f0 [ 17.767303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.767393] kthread+0x328/0x630 [ 17.767442] ret_from_fork+0x10/0x20 [ 17.767736] [ 17.767806] The buggy address belongs to the object at fff00000c4775c00 [ 17.767806] which belongs to the cache kmalloc-256 of size 256 [ 17.768078] The buggy address is located 5 bytes to the right of [ 17.768078] allocated 235-byte region [fff00000c4775c00, fff00000c4775ceb) [ 17.768248] [ 17.768293] The buggy address belongs to the physical page: [ 17.768333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104774 [ 17.768502] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.768604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.768786] page_type: f5(slab) [ 17.768871] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.769097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.769161] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.769360] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.769541] head: 0bfffe0000000001 ffffc1ffc311dd01 00000000ffffffff 00000000ffffffff [ 17.769603] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.769689] page dumped because: kasan: bad access detected [ 17.769805] [ 17.770057] Memory state around the buggy address: [ 17.770243] fff00000c4775b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.770297] fff00000c4775c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.770365] >fff00000c4775c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.770559] ^ [ 17.770681] fff00000c4775d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.770785] fff00000c4775d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.770824] ================================================================== [ 17.830722] ================================================================== [ 17.830774] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 17.830825] Write of size 1 at addr fff00000c79120eb by task kunit_try_catch/162 [ 17.830924] [ 17.831103] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.831474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.831541] Hardware name: linux,dummy-virt (DT) [ 17.831575] Call trace: [ 17.832051] show_stack+0x20/0x38 (C) [ 17.832122] dump_stack_lvl+0x8c/0xd0 [ 17.832169] print_report+0x118/0x608 [ 17.832213] kasan_report+0xdc/0x128 [ 17.832256] __asan_report_store1_noabort+0x20/0x30 [ 17.832306] krealloc_more_oob_helper+0x60c/0x678 [ 17.832352] krealloc_large_more_oob+0x20/0x38 [ 17.832397] kunit_try_run_case+0x170/0x3f0 [ 17.832444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.832497] kthread+0x328/0x630 [ 17.832541] ret_from_fork+0x10/0x20 [ 17.832587] [ 17.832606] The buggy address belongs to the physical page: [ 17.832636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107910 [ 17.832688] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.832733] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.832784] page_type: f8(unknown) [ 17.832823] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.832893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.832944] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.832994] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.833045] head: 0bfffe0000000002 ffffc1ffc31e4401 00000000ffffffff 00000000ffffffff [ 17.833095] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.833138] page dumped because: kasan: bad access detected [ 17.833169] [ 17.833186] Memory state around the buggy address: [ 17.833216] fff00000c7911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.833260] fff00000c7912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.833304] >fff00000c7912080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.833342] ^ [ 17.833665] fff00000c7912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.833850] fff00000c7912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.834010] ================================================================== [ 17.755631] ================================================================== [ 17.755733] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 17.755841] Write of size 1 at addr fff00000c4775ceb by task kunit_try_catch/158 [ 17.756253] [ 17.756392] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.756610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.756649] Hardware name: linux,dummy-virt (DT) [ 17.756688] Call trace: [ 17.756720] show_stack+0x20/0x38 (C) [ 17.756823] dump_stack_lvl+0x8c/0xd0 [ 17.756882] print_report+0x118/0x608 [ 17.756936] kasan_report+0xdc/0x128 [ 17.756985] __asan_report_store1_noabort+0x20/0x30 [ 17.757050] krealloc_more_oob_helper+0x60c/0x678 [ 17.757105] krealloc_more_oob+0x20/0x38 [ 17.757148] kunit_try_run_case+0x170/0x3f0 [ 17.757198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.757261] kthread+0x328/0x630 [ 17.757306] ret_from_fork+0x10/0x20 [ 17.757367] [ 17.757409] Allocated by task 158: [ 17.757436] kasan_save_stack+0x3c/0x68 [ 17.757486] kasan_save_track+0x20/0x40 [ 17.757520] kasan_save_alloc_info+0x40/0x58 [ 17.757564] __kasan_krealloc+0x118/0x178 [ 17.757599] krealloc_noprof+0x128/0x360 [ 17.757635] krealloc_more_oob_helper+0x168/0x678 [ 17.757672] krealloc_more_oob+0x20/0x38 [ 17.757715] kunit_try_run_case+0x170/0x3f0 [ 17.757762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.757815] kthread+0x328/0x630 [ 17.758121] ret_from_fork+0x10/0x20 [ 17.758362] [ 17.758395] The buggy address belongs to the object at fff00000c4775c00 [ 17.758395] which belongs to the cache kmalloc-256 of size 256 [ 17.758586] The buggy address is located 0 bytes to the right of [ 17.758586] allocated 235-byte region [fff00000c4775c00, fff00000c4775ceb) [ 17.758882] [ 17.759162] The buggy address belongs to the physical page: [ 17.759241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104774 [ 17.759325] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.759677] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.759767] page_type: f5(slab) [ 17.759960] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.760067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.760143] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 17.760242] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.760369] head: 0bfffe0000000001 ffffc1ffc311dd01 00000000ffffffff 00000000ffffffff [ 17.760532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.760577] page dumped because: kasan: bad access detected [ 17.760610] [ 17.760628] Memory state around the buggy address: [ 17.760659] fff00000c4775b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.760818] fff00000c4775c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.761116] >fff00000c4775c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.761243] ^ [ 17.761350] fff00000c4775d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.761404] fff00000c4775d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.761525] ==================================================================
[ 10.492110] ================================================================== [ 10.492607] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.492955] Write of size 1 at addr ffff8881009a2aeb by task kunit_try_catch/175 [ 10.493180] [ 10.493451] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.493667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.493683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.493707] Call Trace: [ 10.493720] <TASK> [ 10.493740] dump_stack_lvl+0x73/0xb0 [ 10.493772] print_report+0xd1/0x650 [ 10.493795] ? __virt_addr_valid+0x1db/0x2d0 [ 10.493818] ? krealloc_more_oob_helper+0x821/0x930 [ 10.493838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.493860] ? krealloc_more_oob_helper+0x821/0x930 [ 10.493880] kasan_report+0x141/0x180 [ 10.493901] ? krealloc_more_oob_helper+0x821/0x930 [ 10.493937] __asan_report_store1_noabort+0x1b/0x30 [ 10.493957] krealloc_more_oob_helper+0x821/0x930 [ 10.493975] ? __schedule+0x10cc/0x2b60 [ 10.493999] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.494018] ? finish_task_switch.isra.0+0x153/0x700 [ 10.494043] ? __switch_to+0x5d9/0xf60 [ 10.494064] ? dequeue_task_fair+0x166/0x4e0 [ 10.494088] ? __schedule+0x10cc/0x2b60 [ 10.494109] ? __pfx_read_tsc+0x10/0x10 [ 10.494132] krealloc_more_oob+0x1c/0x30 [ 10.494150] kunit_try_run_case+0x1a5/0x480 [ 10.494176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.494197] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.494222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.494244] ? __kthread_parkme+0x82/0x180 [ 10.494266] ? preempt_count_sub+0x50/0x80 [ 10.494290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.494312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.494334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.494355] kthread+0x337/0x6f0 [ 10.494371] ? trace_preempt_on+0x20/0xc0 [ 10.494396] ? __pfx_kthread+0x10/0x10 [ 10.494413] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.494434] ? calculate_sigpending+0x7b/0xa0 [ 10.494455] ? __pfx_kthread+0x10/0x10 [ 10.494473] ret_from_fork+0x41/0x80 [ 10.494493] ? __pfx_kthread+0x10/0x10 [ 10.494510] ret_from_fork_asm+0x1a/0x30 [ 10.494541] </TASK> [ 10.494552] [ 10.503164] Allocated by task 175: [ 10.503367] kasan_save_stack+0x45/0x70 [ 10.503547] kasan_save_track+0x18/0x40 [ 10.503718] kasan_save_alloc_info+0x3b/0x50 [ 10.503866] __kasan_krealloc+0x190/0x1f0 [ 10.504015] krealloc_noprof+0xf3/0x340 [ 10.504243] krealloc_more_oob_helper+0x1a9/0x930 [ 10.504480] krealloc_more_oob+0x1c/0x30 [ 10.504673] kunit_try_run_case+0x1a5/0x480 [ 10.504877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.505139] kthread+0x337/0x6f0 [ 10.505431] ret_from_fork+0x41/0x80 [ 10.505618] ret_from_fork_asm+0x1a/0x30 [ 10.505884] [ 10.505970] The buggy address belongs to the object at ffff8881009a2a00 [ 10.505970] which belongs to the cache kmalloc-256 of size 256 [ 10.506415] The buggy address is located 0 bytes to the right of [ 10.506415] allocated 235-byte region [ffff8881009a2a00, ffff8881009a2aeb) [ 10.507167] [ 10.507258] The buggy address belongs to the physical page: [ 10.507481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2 [ 10.507864] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.508187] flags: 0x200000000000040(head|node=0|zone=2) [ 10.508424] page_type: f5(slab) [ 10.508583] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.508972] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.509270] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.509590] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.509882] head: 0200000000000001 ffffea0004026881 00000000ffffffff 00000000ffffffff [ 10.510224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.510453] page dumped because: kasan: bad access detected [ 10.510620] [ 10.510689] Memory state around the buggy address: [ 10.510887] ffff8881009a2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.511476] ffff8881009a2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.511773] >ffff8881009a2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.511995] ^ [ 10.512193] ffff8881009a2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.512414] ffff8881009a2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.512802] ================================================================== [ 10.668009] ================================================================== [ 10.668635] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.669048] Write of size 1 at addr ffff8881028920eb by task kunit_try_catch/179 [ 10.669382] [ 10.669497] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.669542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.669573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.669594] Call Trace: [ 10.669608] <TASK> [ 10.669627] dump_stack_lvl+0x73/0xb0 [ 10.669653] print_report+0xd1/0x650 [ 10.669675] ? __virt_addr_valid+0x1db/0x2d0 [ 10.669696] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669716] ? kasan_addr_to_slab+0x11/0xa0 [ 10.669736] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669756] kasan_report+0x141/0x180 [ 10.669778] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669802] __asan_report_store1_noabort+0x1b/0x30 [ 10.669822] krealloc_more_oob_helper+0x821/0x930 [ 10.669841] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.669867] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.669887] ? irqentry_exit+0x2a/0x60 [ 10.669904] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.669937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.669964] ? __pfx_read_tsc+0x10/0x10 [ 10.669987] krealloc_large_more_oob+0x1c/0x30 [ 10.670006] kunit_try_run_case+0x1a5/0x480 [ 10.670028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.670049] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.670073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.670095] ? __kthread_parkme+0x82/0x180 [ 10.670117] ? preempt_count_sub+0x50/0x80 [ 10.670142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.670164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.670186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.670208] kthread+0x337/0x6f0 [ 10.670225] ? trace_preempt_on+0x20/0xc0 [ 10.670248] ? __pfx_kthread+0x10/0x10 [ 10.670265] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.670286] ? calculate_sigpending+0x7b/0xa0 [ 10.670308] ? __pfx_kthread+0x10/0x10 [ 10.670326] ret_from_fork+0x41/0x80 [ 10.670346] ? __pfx_kthread+0x10/0x10 [ 10.670362] ret_from_fork_asm+0x1a/0x30 [ 10.670393] </TASK> [ 10.670404] [ 10.677623] The buggy address belongs to the physical page: [ 10.677813] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102890 [ 10.678068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.678397] flags: 0x200000000000040(head|node=0|zone=2) [ 10.678670] page_type: f8(unknown) [ 10.678852] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.679134] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.679395] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.679764] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.680112] head: 0200000000000002 ffffea00040a2401 00000000ffffffff 00000000ffffffff [ 10.680433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.680732] page dumped because: kasan: bad access detected [ 10.680903] [ 10.680979] Memory state around the buggy address: [ 10.681140] ffff888102891f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.681461] ffff888102892000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.681800] >ffff888102892080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.682058] ^ [ 10.682258] ffff888102892100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.682476] ffff888102892180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.682808] ================================================================== [ 10.513426] ================================================================== [ 10.514180] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.514531] Write of size 1 at addr ffff8881009a2af0 by task kunit_try_catch/175 [ 10.515348] [ 10.515479] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.515526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.515537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.515557] Call Trace: [ 10.515575] <TASK> [ 10.515593] dump_stack_lvl+0x73/0xb0 [ 10.515619] print_report+0xd1/0x650 [ 10.515642] ? __virt_addr_valid+0x1db/0x2d0 [ 10.515662] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.515681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.515703] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.515724] kasan_report+0x141/0x180 [ 10.515747] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.515771] __asan_report_store1_noabort+0x1b/0x30 [ 10.515791] krealloc_more_oob_helper+0x7eb/0x930 [ 10.515810] ? __schedule+0x10cc/0x2b60 [ 10.515833] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.515853] ? finish_task_switch.isra.0+0x153/0x700 [ 10.515875] ? __switch_to+0x5d9/0xf60 [ 10.515895] ? dequeue_task_fair+0x166/0x4e0 [ 10.515936] ? __schedule+0x10cc/0x2b60 [ 10.515957] ? __pfx_read_tsc+0x10/0x10 [ 10.515980] krealloc_more_oob+0x1c/0x30 [ 10.515997] kunit_try_run_case+0x1a5/0x480 [ 10.516022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.516043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.516066] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.516088] ? __kthread_parkme+0x82/0x180 [ 10.516109] ? preempt_count_sub+0x50/0x80 [ 10.516132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.516155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.516178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.516200] kthread+0x337/0x6f0 [ 10.516216] ? trace_preempt_on+0x20/0xc0 [ 10.516239] ? __pfx_kthread+0x10/0x10 [ 10.516264] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.516284] ? calculate_sigpending+0x7b/0xa0 [ 10.516305] ? __pfx_kthread+0x10/0x10 [ 10.516323] ret_from_fork+0x41/0x80 [ 10.516342] ? __pfx_kthread+0x10/0x10 [ 10.516359] ret_from_fork_asm+0x1a/0x30 [ 10.516389] </TASK> [ 10.516400] [ 10.524577] Allocated by task 175: [ 10.524826] kasan_save_stack+0x45/0x70 [ 10.525044] kasan_save_track+0x18/0x40 [ 10.525179] kasan_save_alloc_info+0x3b/0x50 [ 10.525322] __kasan_krealloc+0x190/0x1f0 [ 10.525459] krealloc_noprof+0xf3/0x340 [ 10.525592] krealloc_more_oob_helper+0x1a9/0x930 [ 10.525956] krealloc_more_oob+0x1c/0x30 [ 10.526156] kunit_try_run_case+0x1a5/0x480 [ 10.526367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.526611] kthread+0x337/0x6f0 [ 10.526786] ret_from_fork+0x41/0x80 [ 10.527174] ret_from_fork_asm+0x1a/0x30 [ 10.527382] [ 10.527477] The buggy address belongs to the object at ffff8881009a2a00 [ 10.527477] which belongs to the cache kmalloc-256 of size 256 [ 10.527988] The buggy address is located 5 bytes to the right of [ 10.527988] allocated 235-byte region [ffff8881009a2a00, ffff8881009a2aeb) [ 10.528370] [ 10.528445] The buggy address belongs to the physical page: [ 10.528615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2 [ 10.528947] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.529274] flags: 0x200000000000040(head|node=0|zone=2) [ 10.529608] page_type: f5(slab) [ 10.529849] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.530152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.530384] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.530720] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.531129] head: 0200000000000001 ffffea0004026881 00000000ffffffff 00000000ffffffff [ 10.531710] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.532189] page dumped because: kasan: bad access detected [ 10.532433] [ 10.532507] Memory state around the buggy address: [ 10.532716] ffff8881009a2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.533081] ffff8881009a2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.533376] >ffff8881009a2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.533633] ^ [ 10.534659] ffff8881009a2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.534962] ffff8881009a2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.535240] ================================================================== [ 10.683862] ================================================================== [ 10.684211] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.684497] Write of size 1 at addr ffff8881028920f0 by task kunit_try_catch/179 [ 10.685136] [ 10.685237] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.685280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.685292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.685312] Call Trace: [ 10.685324] <TASK> [ 10.685339] dump_stack_lvl+0x73/0xb0 [ 10.685366] print_report+0xd1/0x650 [ 10.685390] ? __virt_addr_valid+0x1db/0x2d0 [ 10.685413] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.685433] ? kasan_addr_to_slab+0x11/0xa0 [ 10.685454] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.685473] kasan_report+0x141/0x180 [ 10.685495] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.685519] __asan_report_store1_noabort+0x1b/0x30 [ 10.685540] krealloc_more_oob_helper+0x7eb/0x930 [ 10.685581] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.685607] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.685627] ? irqentry_exit+0x2a/0x60 [ 10.685645] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.685669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.685697] ? __pfx_read_tsc+0x10/0x10 [ 10.685722] krealloc_large_more_oob+0x1c/0x30 [ 10.685742] kunit_try_run_case+0x1a5/0x480 [ 10.685765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.685786] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.685811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.685833] ? __kthread_parkme+0x82/0x180 [ 10.685857] ? preempt_count_sub+0x50/0x80 [ 10.685884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.685908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.685940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.685963] kthread+0x337/0x6f0 [ 10.685979] ? trace_preempt_on+0x20/0xc0 [ 10.686004] ? __pfx_kthread+0x10/0x10 [ 10.686021] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.686042] ? calculate_sigpending+0x7b/0xa0 [ 10.686064] ? __pfx_kthread+0x10/0x10 [ 10.686082] ret_from_fork+0x41/0x80 [ 10.686102] ? __pfx_kthread+0x10/0x10 [ 10.686119] ret_from_fork_asm+0x1a/0x30 [ 10.686150] </TASK> [ 10.686160] [ 10.693191] The buggy address belongs to the physical page: [ 10.693457] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102890 [ 10.693785] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.694024] flags: 0x200000000000040(head|node=0|zone=2) [ 10.694273] page_type: f8(unknown) [ 10.694454] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.694817] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.695085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.695397] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.695719] head: 0200000000000002 ffffea00040a2401 00000000ffffffff 00000000ffffffff [ 10.696037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.696343] page dumped because: kasan: bad access detected [ 10.696587] [ 10.696680] Memory state around the buggy address: [ 10.696885] ffff888102891f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.697168] ffff888102892000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.697434] >ffff888102892080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.697712] ^ [ 10.697926] ffff888102892100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.698237] ffff888102892180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.698546] ==================================================================