Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 20.896757] ================================================================== [ 20.903745] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 20.911291] Write of size 1 at addr ffff000803bc64d0 by task kunit_try_catch/207 [ 20.918668] [ 20.920154] CPU: 2 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 20.920206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.920222] Hardware name: WinLink E850-96 board (DT) [ 20.920241] Call trace: [ 20.920253] show_stack+0x20/0x38 (C) [ 20.920287] dump_stack_lvl+0x8c/0xd0 [ 20.920324] print_report+0x118/0x608 [ 20.920355] kasan_report+0xdc/0x128 [ 20.920385] __asan_report_store1_noabort+0x20/0x30 [ 20.920422] krealloc_less_oob_helper+0xb9c/0xc50 [ 20.920449] krealloc_less_oob+0x20/0x38 [ 20.920473] kunit_try_run_case+0x170/0x3f0 [ 20.920508] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.920544] kthread+0x328/0x630 [ 20.920578] ret_from_fork+0x10/0x20 [ 20.920611] [ 20.987504] Allocated by task 207: [ 20.990892] kasan_save_stack+0x3c/0x68 [ 20.994709] kasan_save_track+0x20/0x40 [ 20.998529] kasan_save_alloc_info+0x40/0x58 [ 21.002782] __kasan_krealloc+0x118/0x178 [ 21.006775] krealloc_noprof+0x128/0x360 [ 21.010681] krealloc_less_oob_helper+0x168/0xc50 [ 21.015369] krealloc_less_oob+0x20/0x38 [ 21.019274] kunit_try_run_case+0x170/0x3f0 [ 21.023441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.028910] kthread+0x328/0x630 [ 21.032121] ret_from_fork+0x10/0x20 [ 21.035680] [ 21.037159] The buggy address belongs to the object at ffff000803bc6400 [ 21.037159] which belongs to the cache kmalloc-256 of size 256 [ 21.049656] The buggy address is located 7 bytes to the right of [ 21.049656] allocated 201-byte region [ffff000803bc6400, ffff000803bc64c9) [ 21.062590] [ 21.064067] The buggy address belongs to the physical page: [ 21.069624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883bc4 [ 21.077609] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.085248] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.092190] page_type: f5(slab) [ 21.095328] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.103048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.110774] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.118585] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.126398] head: 0bfffe0000000002 fffffdffe00ef101 00000000ffffffff 00000000ffffffff [ 21.134210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.142017] page dumped because: kasan: bad access detected [ 21.147571] [ 21.149046] Memory state around the buggy address: [ 21.153829] ffff000803bc6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.161030] ffff000803bc6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.168236] >ffff000803bc6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.175436] ^ [ 21.181255] ffff000803bc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.188460] ffff000803bc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.195662] ================================================================== [ 23.286767] ================================================================== [ 23.293896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 23.301445] Write of size 1 at addr ffff000805d560ea by task kunit_try_catch/211 [ 23.308824] [ 23.310306] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 23.310351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.310366] Hardware name: WinLink E850-96 board (DT) [ 23.310381] Call trace: [ 23.310390] show_stack+0x20/0x38 (C) [ 23.310421] dump_stack_lvl+0x8c/0xd0 [ 23.310455] print_report+0x118/0x608 [ 23.310484] kasan_report+0xdc/0x128 [ 23.310514] __asan_report_store1_noabort+0x20/0x30 [ 23.310547] krealloc_less_oob_helper+0xae4/0xc50 [ 23.310574] krealloc_large_less_oob+0x20/0x38 [ 23.310601] kunit_try_run_case+0x170/0x3f0 [ 23.310636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.310673] kthread+0x328/0x630 [ 23.310706] ret_from_fork+0x10/0x20 [ 23.310738] [ 23.378182] The buggy address belongs to the physical page: [ 23.383737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d54 [ 23.391723] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.399360] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.406305] page_type: f8(unknown) [ 23.409701] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.417422] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.425149] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.432960] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.440773] head: 0bfffe0000000002 fffffdffe0175501 00000000ffffffff 00000000ffffffff [ 23.448585] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.456391] page dumped because: kasan: bad access detected [ 23.461946] [ 23.463422] Memory state around the buggy address: [ 23.468201] ffff000805d55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.475405] ffff000805d56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.482609] >ffff000805d56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.489810] ^ [ 23.496411] ffff000805d56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.503616] ffff000805d56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.510819] ================================================================== [ 20.588215] ================================================================== [ 20.597673] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 20.605220] Write of size 1 at addr ffff000803bc64c9 by task kunit_try_catch/207 [ 20.612600] [ 20.614084] CPU: 2 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 20.614140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.614158] Hardware name: WinLink E850-96 board (DT) [ 20.614178] Call trace: [ 20.614192] show_stack+0x20/0x38 (C) [ 20.614224] dump_stack_lvl+0x8c/0xd0 [ 20.614260] print_report+0x118/0x608 [ 20.614290] kasan_report+0xdc/0x128 [ 20.614320] __asan_report_store1_noabort+0x20/0x30 [ 20.614356] krealloc_less_oob_helper+0xa48/0xc50 [ 20.614387] krealloc_less_oob+0x20/0x38 [ 20.614412] kunit_try_run_case+0x170/0x3f0 [ 20.614447] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.614484] kthread+0x328/0x630 [ 20.614519] ret_from_fork+0x10/0x20 [ 20.614553] [ 20.681433] Allocated by task 207: [ 20.684822] kasan_save_stack+0x3c/0x68 [ 20.688637] kasan_save_track+0x20/0x40 [ 20.692457] kasan_save_alloc_info+0x40/0x58 [ 20.696710] __kasan_krealloc+0x118/0x178 [ 20.700703] krealloc_noprof+0x128/0x360 [ 20.704609] krealloc_less_oob_helper+0x168/0xc50 [ 20.709298] krealloc_less_oob+0x20/0x38 [ 20.713203] kunit_try_run_case+0x170/0x3f0 [ 20.717369] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.722838] kthread+0x328/0x630 [ 20.726050] ret_from_fork+0x10/0x20 [ 20.729609] [ 20.731086] The buggy address belongs to the object at ffff000803bc6400 [ 20.731086] which belongs to the cache kmalloc-256 of size 256 [ 20.743588] The buggy address is located 0 bytes to the right of [ 20.743588] allocated 201-byte region [ffff000803bc6400, ffff000803bc64c9) [ 20.756518] [ 20.757996] The buggy address belongs to the physical page: [ 20.763553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883bc4 [ 20.771538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.779175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.786120] page_type: f5(slab) [ 20.789257] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 20.796976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.804704] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 20.812513] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.820326] head: 0bfffe0000000002 fffffdffe00ef101 00000000ffffffff 00000000ffffffff [ 20.828140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.835945] page dumped because: kasan: bad access detected [ 20.841499] [ 20.842975] Memory state around the buggy address: [ 20.847756] ffff000803bc6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.854958] ffff000803bc6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.862165] >ffff000803bc6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 20.869364] ^ [ 20.874923] ffff000803bc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.882128] ffff000803bc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.889331] ================================================================== [ 23.055991] ================================================================== [ 23.063088] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 23.070633] Write of size 1 at addr ffff000805d560da by task kunit_try_catch/211 [ 23.078011] [ 23.079496] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 23.079544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.079558] Hardware name: WinLink E850-96 board (DT) [ 23.079576] Call trace: [ 23.079588] show_stack+0x20/0x38 (C) [ 23.079620] dump_stack_lvl+0x8c/0xd0 [ 23.079655] print_report+0x118/0x608 [ 23.079686] kasan_report+0xdc/0x128 [ 23.079715] __asan_report_store1_noabort+0x20/0x30 [ 23.079749] krealloc_less_oob_helper+0xa80/0xc50 [ 23.079777] krealloc_large_less_oob+0x20/0x38 [ 23.079803] kunit_try_run_case+0x170/0x3f0 [ 23.079838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.079873] kthread+0x328/0x630 [ 23.079906] ret_from_fork+0x10/0x20 [ 23.079941] [ 23.147370] The buggy address belongs to the physical page: [ 23.152924] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d54 [ 23.160911] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.168549] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.175492] page_type: f8(unknown) [ 23.178890] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.186610] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.194336] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.202147] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.209961] head: 0bfffe0000000002 fffffdffe0175501 00000000ffffffff 00000000ffffffff [ 23.217773] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.225578] page dumped because: kasan: bad access detected [ 23.231133] [ 23.232609] Memory state around the buggy address: [ 23.237389] ffff000805d55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.244592] ffff000805d56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.251799] >ffff000805d56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.258998] ^ [ 23.265078] ffff000805d56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.272283] ffff000805d56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.279485] ================================================================== [ 21.816865] ================================================================== [ 21.823953] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 21.831502] Write of size 1 at addr ffff000803bc64eb by task kunit_try_catch/207 [ 21.838880] [ 21.840364] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 21.840415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.840431] Hardware name: WinLink E850-96 board (DT) [ 21.840450] Call trace: [ 21.840462] show_stack+0x20/0x38 (C) [ 21.840491] dump_stack_lvl+0x8c/0xd0 [ 21.840528] print_report+0x118/0x608 [ 21.840560] kasan_report+0xdc/0x128 [ 21.840589] __asan_report_store1_noabort+0x20/0x30 [ 21.840624] krealloc_less_oob_helper+0xa58/0xc50 [ 21.840653] krealloc_less_oob+0x20/0x38 [ 21.840679] kunit_try_run_case+0x170/0x3f0 [ 21.840710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.840744] kthread+0x328/0x630 [ 21.840777] ret_from_fork+0x10/0x20 [ 21.840810] [ 21.907716] Allocated by task 207: [ 21.911103] kasan_save_stack+0x3c/0x68 [ 21.914921] kasan_save_track+0x20/0x40 [ 21.918740] kasan_save_alloc_info+0x40/0x58 [ 21.922994] __kasan_krealloc+0x118/0x178 [ 21.926987] krealloc_noprof+0x128/0x360 [ 21.930893] krealloc_less_oob_helper+0x168/0xc50 [ 21.935580] krealloc_less_oob+0x20/0x38 [ 21.939486] kunit_try_run_case+0x170/0x3f0 [ 21.943653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.949122] kthread+0x328/0x630 [ 21.952334] ret_from_fork+0x10/0x20 [ 21.955892] [ 21.957371] The buggy address belongs to the object at ffff000803bc6400 [ 21.957371] which belongs to the cache kmalloc-256 of size 256 [ 21.969868] The buggy address is located 34 bytes to the right of [ 21.969868] allocated 201-byte region [ffff000803bc6400, ffff000803bc64c9) [ 21.982889] [ 21.984366] The buggy address belongs to the physical page: [ 21.989922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883bc4 [ 21.997906] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.005545] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.012490] page_type: f5(slab) [ 22.015626] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.023346] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.031073] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 22.038884] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.046697] head: 0bfffe0000000002 fffffdffe00ef101 00000000ffffffff 00000000ffffffff [ 22.054509] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.062314] page dumped because: kasan: bad access detected [ 22.067870] [ 22.069345] Memory state around the buggy address: [ 22.074126] ffff000803bc6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.081329] ffff000803bc6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.088535] >ffff000803bc6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.095734] ^ [ 22.102335] ffff000803bc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.109540] ffff000803bc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.116741] ================================================================== [ 21.509853] ================================================================== [ 21.516754] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 21.524302] Write of size 1 at addr ffff000803bc64ea by task kunit_try_catch/207 [ 21.531680] [ 21.533165] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 21.533217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.533232] Hardware name: WinLink E850-96 board (DT) [ 21.533251] Call trace: [ 21.533264] show_stack+0x20/0x38 (C) [ 21.533296] dump_stack_lvl+0x8c/0xd0 [ 21.533331] print_report+0x118/0x608 [ 21.533362] kasan_report+0xdc/0x128 [ 21.533391] __asan_report_store1_noabort+0x20/0x30 [ 21.533426] krealloc_less_oob_helper+0xae4/0xc50 [ 21.533453] krealloc_less_oob+0x20/0x38 [ 21.533477] kunit_try_run_case+0x170/0x3f0 [ 21.533511] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.533547] kthread+0x328/0x630 [ 21.533581] ret_from_fork+0x10/0x20 [ 21.533613] [ 21.600516] Allocated by task 207: [ 21.603903] kasan_save_stack+0x3c/0x68 [ 21.607722] kasan_save_track+0x20/0x40 [ 21.611540] kasan_save_alloc_info+0x40/0x58 [ 21.615793] __kasan_krealloc+0x118/0x178 [ 21.619786] krealloc_noprof+0x128/0x360 [ 21.623692] krealloc_less_oob_helper+0x168/0xc50 [ 21.628380] krealloc_less_oob+0x20/0x38 [ 21.632286] kunit_try_run_case+0x170/0x3f0 [ 21.636453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.641922] kthread+0x328/0x630 [ 21.645133] ret_from_fork+0x10/0x20 [ 21.648692] [ 21.650171] The buggy address belongs to the object at ffff000803bc6400 [ 21.650171] which belongs to the cache kmalloc-256 of size 256 [ 21.662668] The buggy address is located 33 bytes to the right of [ 21.662668] allocated 201-byte region [ffff000803bc6400, ffff000803bc64c9) [ 21.675688] [ 21.677167] The buggy address belongs to the physical page: [ 21.682723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883bc4 [ 21.690709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.698346] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.705290] page_type: f5(slab) [ 21.708426] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.716146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.723872] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.731684] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.739497] head: 0bfffe0000000002 fffffdffe00ef101 00000000ffffffff 00000000ffffffff [ 21.747309] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.755114] page dumped because: kasan: bad access detected [ 21.760669] [ 21.762145] Memory state around the buggy address: [ 21.766926] ffff000803bc6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.774128] ffff000803bc6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.781335] >ffff000803bc6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.788534] ^ [ 21.795136] ffff000803bc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.802339] ffff000803bc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.809542] ================================================================== [ 22.592291] ================================================================== [ 22.602241] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 22.609791] Write of size 1 at addr ffff000805d560c9 by task kunit_try_catch/211 [ 22.617167] [ 22.618654] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 22.618704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.618720] Hardware name: WinLink E850-96 board (DT) [ 22.618739] Call trace: [ 22.618748] show_stack+0x20/0x38 (C) [ 22.618781] dump_stack_lvl+0x8c/0xd0 [ 22.618818] print_report+0x118/0x608 [ 22.618846] kasan_report+0xdc/0x128 [ 22.618875] __asan_report_store1_noabort+0x20/0x30 [ 22.618912] krealloc_less_oob_helper+0xa48/0xc50 [ 22.618940] krealloc_large_less_oob+0x20/0x38 [ 22.618966] kunit_try_run_case+0x170/0x3f0 [ 22.619001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.619036] kthread+0x328/0x630 [ 22.619071] ret_from_fork+0x10/0x20 [ 22.619105] [ 22.686527] The buggy address belongs to the physical page: [ 22.692084] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d54 [ 22.700066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.707706] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.714650] page_type: f8(unknown) [ 22.718047] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.725766] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.733492] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.741303] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.749117] head: 0bfffe0000000002 fffffdffe0175501 00000000ffffffff 00000000ffffffff [ 22.756929] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.764734] page dumped because: kasan: bad access detected [ 22.770290] [ 22.771765] Memory state around the buggy address: [ 22.776547] ffff000805d55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.783749] ffff000805d56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.790955] >ffff000805d56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.798154] ^ [ 22.803713] ffff000805d56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.810918] ffff000805d56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.818120] ================================================================== [ 22.825654] ================================================================== [ 22.832534] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 22.840081] Write of size 1 at addr ffff000805d560d0 by task kunit_try_catch/211 [ 22.847459] [ 22.848943] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 22.848990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.849005] Hardware name: WinLink E850-96 board (DT) [ 22.849023] Call trace: [ 22.849035] show_stack+0x20/0x38 (C) [ 22.849067] dump_stack_lvl+0x8c/0xd0 [ 22.849101] print_report+0x118/0x608 [ 22.849135] kasan_report+0xdc/0x128 [ 22.849166] __asan_report_store1_noabort+0x20/0x30 [ 22.849201] krealloc_less_oob_helper+0xb9c/0xc50 [ 22.849228] krealloc_large_less_oob+0x20/0x38 [ 22.849255] kunit_try_run_case+0x170/0x3f0 [ 22.849290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.849326] kthread+0x328/0x630 [ 22.849360] ret_from_fork+0x10/0x20 [ 22.849392] [ 22.916818] The buggy address belongs to the physical page: [ 22.922376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d54 [ 22.930359] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.937998] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 22.944940] page_type: f8(unknown) [ 22.948337] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.956058] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.963784] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.971595] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 22.979409] head: 0bfffe0000000002 fffffdffe0175501 00000000ffffffff 00000000ffffffff [ 22.987221] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.995026] page dumped because: kasan: bad access detected [ 23.000581] [ 23.002057] Memory state around the buggy address: [ 23.006837] ffff000805d55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.014040] ffff000805d56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.021246] >ffff000805d56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.028446] ^ [ 23.034265] ffff000805d56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.041470] ffff000805d56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.048672] ================================================================== [ 23.518131] ================================================================== [ 23.525232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 23.532780] Write of size 1 at addr ffff000805d560eb by task kunit_try_catch/211 [ 23.540157] [ 23.541640] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 23.541690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.541704] Hardware name: WinLink E850-96 board (DT) [ 23.541724] Call trace: [ 23.541738] show_stack+0x20/0x38 (C) [ 23.541770] dump_stack_lvl+0x8c/0xd0 [ 23.541804] print_report+0x118/0x608 [ 23.541835] kasan_report+0xdc/0x128 [ 23.541863] __asan_report_store1_noabort+0x20/0x30 [ 23.541896] krealloc_less_oob_helper+0xa58/0xc50 [ 23.541926] krealloc_large_less_oob+0x20/0x38 [ 23.541952] kunit_try_run_case+0x170/0x3f0 [ 23.541986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.542023] kthread+0x328/0x630 [ 23.542057] ret_from_fork+0x10/0x20 [ 23.542091] [ 23.609514] The buggy address belongs to the physical page: [ 23.615073] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d54 [ 23.623057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.630695] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 23.637638] page_type: f8(unknown) [ 23.641036] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.648755] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.656482] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.664293] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 23.672107] head: 0bfffe0000000002 fffffdffe0175501 00000000ffffffff 00000000ffffffff [ 23.679918] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.687724] page dumped because: kasan: bad access detected [ 23.693279] [ 23.694755] Memory state around the buggy address: [ 23.699535] ffff000805d55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.706738] ffff000805d56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.713945] >ffff000805d56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.721144] ^ [ 23.727745] ffff000805d56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.734950] ffff000805d56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.742152] ================================================================== [ 21.203219] ================================================================== [ 21.210076] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 21.217623] Write of size 1 at addr ffff000803bc64da by task kunit_try_catch/207 [ 21.225001] [ 21.226488] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 21.226542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.226559] Hardware name: WinLink E850-96 board (DT) [ 21.226578] Call trace: [ 21.226590] show_stack+0x20/0x38 (C) [ 21.226628] dump_stack_lvl+0x8c/0xd0 [ 21.226663] print_report+0x118/0x608 [ 21.226695] kasan_report+0xdc/0x128 [ 21.226726] __asan_report_store1_noabort+0x20/0x30 [ 21.226762] krealloc_less_oob_helper+0xa80/0xc50 [ 21.226791] krealloc_less_oob+0x20/0x38 [ 21.226816] kunit_try_run_case+0x170/0x3f0 [ 21.226850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.226886] kthread+0x328/0x630 [ 21.226921] ret_from_fork+0x10/0x20 [ 21.226957] [ 21.293836] Allocated by task 207: [ 21.297227] kasan_save_stack+0x3c/0x68 [ 21.301041] kasan_save_track+0x20/0x40 [ 21.304860] kasan_save_alloc_info+0x40/0x58 [ 21.309114] __kasan_krealloc+0x118/0x178 [ 21.313107] krealloc_noprof+0x128/0x360 [ 21.317013] krealloc_less_oob_helper+0x168/0xc50 [ 21.321702] krealloc_less_oob+0x20/0x38 [ 21.325607] kunit_try_run_case+0x170/0x3f0 [ 21.329773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.335242] kthread+0x328/0x630 [ 21.338453] ret_from_fork+0x10/0x20 [ 21.342012] [ 21.343491] The buggy address belongs to the object at ffff000803bc6400 [ 21.343491] which belongs to the cache kmalloc-256 of size 256 [ 21.355990] The buggy address is located 17 bytes to the right of [ 21.355990] allocated 201-byte region [ffff000803bc6400, ffff000803bc64c9) [ 21.369009] [ 21.370487] The buggy address belongs to the physical page: [ 21.376043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883bc4 [ 21.384028] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.391667] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.398609] page_type: f5(slab) [ 21.401747] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.409466] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.417193] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000 [ 21.425004] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.432817] head: 0bfffe0000000002 fffffdffe00ef101 00000000ffffffff 00000000ffffffff [ 21.440629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.448436] page dumped because: kasan: bad access detected [ 21.453990] [ 21.455466] Memory state around the buggy address: [ 21.460247] ffff000803bc6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.467451] ffff000803bc6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.474655] >ffff000803bc6480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.481854] ^ [ 21.487934] ffff000803bc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.495140] ffff000803bc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.502342] ==================================================================
[ 15.502107] ================================================================== [ 15.502214] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 15.502647] Write of size 1 at addr fff00000c65660da by task kunit_try_catch/167 [ 15.502732] [ 15.502761] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.502843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.502957] Hardware name: linux,dummy-virt (DT) [ 15.503091] Call trace: [ 15.503129] show_stack+0x20/0x38 (C) [ 15.503180] dump_stack_lvl+0x8c/0xd0 [ 15.503231] print_report+0x118/0x608 [ 15.503398] kasan_report+0xdc/0x128 [ 15.503440] __asan_report_store1_noabort+0x20/0x30 [ 15.503494] krealloc_less_oob_helper+0xa80/0xc50 [ 15.503650] krealloc_large_less_oob+0x20/0x38 [ 15.503694] kunit_try_run_case+0x170/0x3f0 [ 15.503741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.503792] kthread+0x328/0x630 [ 15.503835] ret_from_fork+0x10/0x20 [ 15.504034] [ 15.504188] The buggy address belongs to the physical page: [ 15.504225] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106564 [ 15.504276] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.504320] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.504736] page_type: f8(unknown) [ 15.504826] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.505017] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.505083] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.505129] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.505175] head: 0bfffe0000000002 ffffc1ffc3195901 00000000ffffffff 00000000ffffffff [ 15.505220] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.505379] page dumped because: kasan: bad access detected [ 15.505580] [ 15.505695] Memory state around the buggy address: [ 15.505782] fff00000c6565f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.505854] fff00000c6566000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.505895] >fff00000c6566080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.505931] ^ [ 15.505966] fff00000c6566100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.506206] fff00000c6566180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.506401] ================================================================== [ 15.491463] ================================================================== [ 15.491533] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 15.491646] Write of size 1 at addr fff00000c65660c9 by task kunit_try_catch/167 [ 15.491694] [ 15.491726] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.491878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.491928] Hardware name: linux,dummy-virt (DT) [ 15.492147] Call trace: [ 15.492172] show_stack+0x20/0x38 (C) [ 15.492438] dump_stack_lvl+0x8c/0xd0 [ 15.492488] print_report+0x118/0x608 [ 15.492531] kasan_report+0xdc/0x128 [ 15.492750] __asan_report_store1_noabort+0x20/0x30 [ 15.492999] krealloc_less_oob_helper+0xa48/0xc50 [ 15.493177] krealloc_large_less_oob+0x20/0x38 [ 15.493264] kunit_try_run_case+0x170/0x3f0 [ 15.493313] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.493364] kthread+0x328/0x630 [ 15.493408] ret_from_fork+0x10/0x20 [ 15.493454] [ 15.493474] The buggy address belongs to the physical page: [ 15.493807] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106564 [ 15.494057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.494143] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.494192] page_type: f8(unknown) [ 15.494230] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.494330] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.494403] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.494560] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.494813] head: 0bfffe0000000002 ffffc1ffc3195901 00000000ffffffff 00000000ffffffff [ 15.495542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.495678] page dumped because: kasan: bad access detected [ 15.495726] [ 15.495743] Memory state around the buggy address: [ 15.495781] fff00000c6565f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.495834] fff00000c6566000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.495874] >fff00000c6566080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.495946] ^ [ 15.496100] fff00000c6566100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.496326] fff00000c6566180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.496370] ================================================================== [ 15.447232] ================================================================== [ 15.447279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 15.447324] Write of size 1 at addr fff00000c0922eea by task kunit_try_catch/163 [ 15.447371] [ 15.447399] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.447644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.447691] Hardware name: linux,dummy-virt (DT) [ 15.447743] Call trace: [ 15.447764] show_stack+0x20/0x38 (C) [ 15.448014] dump_stack_lvl+0x8c/0xd0 [ 15.448061] print_report+0x118/0x608 [ 15.448104] kasan_report+0xdc/0x128 [ 15.448146] __asan_report_store1_noabort+0x20/0x30 [ 15.448194] krealloc_less_oob_helper+0xae4/0xc50 [ 15.448776] krealloc_less_oob+0x20/0x38 [ 15.448845] kunit_try_run_case+0x170/0x3f0 [ 15.448893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.449205] kthread+0x328/0x630 [ 15.449325] ret_from_fork+0x10/0x20 [ 15.449426] [ 15.449489] Allocated by task 163: [ 15.449516] kasan_save_stack+0x3c/0x68 [ 15.449559] kasan_save_track+0x20/0x40 [ 15.449651] kasan_save_alloc_info+0x40/0x58 [ 15.449688] __kasan_krealloc+0x118/0x178 [ 15.449761] krealloc_noprof+0x128/0x360 [ 15.449926] krealloc_less_oob_helper+0x168/0xc50 [ 15.449963] krealloc_less_oob+0x20/0x38 [ 15.450000] kunit_try_run_case+0x170/0x3f0 [ 15.450037] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.450080] kthread+0x328/0x630 [ 15.450113] ret_from_fork+0x10/0x20 [ 15.450147] [ 15.450165] The buggy address belongs to the object at fff00000c0922e00 [ 15.450165] which belongs to the cache kmalloc-256 of size 256 [ 15.450219] The buggy address is located 33 bytes to the right of [ 15.450219] allocated 201-byte region [fff00000c0922e00, fff00000c0922ec9) [ 15.450280] [ 15.450298] The buggy address belongs to the physical page: [ 15.450327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922 [ 15.450377] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.450467] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.450587] page_type: f5(slab) [ 15.451064] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.451446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.451580] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.451654] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.451907] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff [ 15.453941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.454397] page dumped because: kasan: bad access detected [ 15.455092] [ 15.455153] Memory state around the buggy address: [ 15.455186] fff00000c0922d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.455229] fff00000c0922e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.455282] >fff00000c0922e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.455318] ^ [ 15.455512] fff00000c0922f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.456009] fff00000c0922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.456052] ================================================================== [ 15.507103] ================================================================== [ 15.507148] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 15.507194] Write of size 1 at addr fff00000c65660ea by task kunit_try_catch/167 [ 15.507412] [ 15.507498] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.508010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.508080] Hardware name: linux,dummy-virt (DT) [ 15.508160] Call trace: [ 15.508181] show_stack+0x20/0x38 (C) [ 15.508228] dump_stack_lvl+0x8c/0xd0 [ 15.508360] print_report+0x118/0x608 [ 15.508548] kasan_report+0xdc/0x128 [ 15.508603] __asan_report_store1_noabort+0x20/0x30 [ 15.508661] krealloc_less_oob_helper+0xae4/0xc50 [ 15.508706] krealloc_large_less_oob+0x20/0x38 [ 15.508760] kunit_try_run_case+0x170/0x3f0 [ 15.508964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.509015] kthread+0x328/0x630 [ 15.509066] ret_from_fork+0x10/0x20 [ 15.509112] [ 15.509132] The buggy address belongs to the physical page: [ 15.509162] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106564 [ 15.509213] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.509555] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.509806] page_type: f8(unknown) [ 15.509848] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.509895] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.509942] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.510016] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.510065] head: 0bfffe0000000002 ffffc1ffc3195901 00000000ffffffff 00000000ffffffff [ 15.510112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.510149] page dumped because: kasan: bad access detected [ 15.510226] [ 15.510243] Memory state around the buggy address: [ 15.510273] fff00000c6565f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.510313] fff00000c6566000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.510353] >fff00000c6566080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.510435] ^ [ 15.510472] fff00000c6566100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.510513] fff00000c6566180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.510565] ================================================================== [ 15.510960] ================================================================== [ 15.511185] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 15.511272] Write of size 1 at addr fff00000c65660eb by task kunit_try_catch/167 [ 15.511347] [ 15.511418] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.511493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.511518] Hardware name: linux,dummy-virt (DT) [ 15.511546] Call trace: [ 15.511566] show_stack+0x20/0x38 (C) [ 15.511610] dump_stack_lvl+0x8c/0xd0 [ 15.511668] print_report+0x118/0x608 [ 15.511721] kasan_report+0xdc/0x128 [ 15.511764] __asan_report_store1_noabort+0x20/0x30 [ 15.512047] krealloc_less_oob_helper+0xa58/0xc50 [ 15.512156] krealloc_large_less_oob+0x20/0x38 [ 15.512200] kunit_try_run_case+0x170/0x3f0 [ 15.512247] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.512597] kthread+0x328/0x630 [ 15.512679] ret_from_fork+0x10/0x20 [ 15.513099] [ 15.513205] The buggy address belongs to the physical page: [ 15.513235] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106564 [ 15.513327] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.513445] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.513530] page_type: f8(unknown) [ 15.513659] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.513745] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.513812] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.513858] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.513905] head: 0bfffe0000000002 ffffc1ffc3195901 00000000ffffffff 00000000ffffffff [ 15.513951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.513996] page dumped because: kasan: bad access detected [ 15.514065] [ 15.514151] Memory state around the buggy address: [ 15.514240] fff00000c6565f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.514280] fff00000c6566000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.514321] >fff00000c6566080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.514357] ^ [ 15.514393] fff00000c6566100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.514487] fff00000c6566180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.515071] ================================================================== [ 15.440425] ================================================================== [ 15.440471] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 15.440516] Write of size 1 at addr fff00000c0922eda by task kunit_try_catch/163 [ 15.440563] [ 15.440727] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.440819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.440844] Hardware name: linux,dummy-virt (DT) [ 15.440873] Call trace: [ 15.440893] show_stack+0x20/0x38 (C) [ 15.440940] dump_stack_lvl+0x8c/0xd0 [ 15.441900] print_report+0x118/0x608 [ 15.442009] kasan_report+0xdc/0x128 [ 15.442075] __asan_report_store1_noabort+0x20/0x30 [ 15.442194] krealloc_less_oob_helper+0xa80/0xc50 [ 15.442239] krealloc_less_oob+0x20/0x38 [ 15.442282] kunit_try_run_case+0x170/0x3f0 [ 15.442336] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.442574] kthread+0x328/0x630 [ 15.442897] ret_from_fork+0x10/0x20 [ 15.443169] [ 15.443463] Allocated by task 163: [ 15.443510] kasan_save_stack+0x3c/0x68 [ 15.443617] kasan_save_track+0x20/0x40 [ 15.443668] kasan_save_alloc_info+0x40/0x58 [ 15.443711] __kasan_krealloc+0x118/0x178 [ 15.443798] krealloc_noprof+0x128/0x360 [ 15.443832] krealloc_less_oob_helper+0x168/0xc50 [ 15.443868] krealloc_less_oob+0x20/0x38 [ 15.443901] kunit_try_run_case+0x170/0x3f0 [ 15.444062] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.444288] kthread+0x328/0x630 [ 15.444366] ret_from_fork+0x10/0x20 [ 15.444450] [ 15.444478] The buggy address belongs to the object at fff00000c0922e00 [ 15.444478] which belongs to the cache kmalloc-256 of size 256 [ 15.444581] The buggy address is located 17 bytes to the right of [ 15.444581] allocated 201-byte region [fff00000c0922e00, fff00000c0922ec9) [ 15.444652] [ 15.444671] The buggy address belongs to the physical page: [ 15.444700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922 [ 15.444823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.444962] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.445104] page_type: f5(slab) [ 15.445199] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.445298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.445346] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.445392] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.445621] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff [ 15.445851] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.445918] page dumped because: kasan: bad access detected [ 15.445997] [ 15.446015] Memory state around the buggy address: [ 15.446045] fff00000c0922d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.446086] fff00000c0922e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.446126] >fff00000c0922e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.446164] ^ [ 15.446198] fff00000c0922f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.446239] fff00000c0922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.446285] ================================================================== [ 15.423494] ================================================================== [ 15.424063] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 15.424340] Write of size 1 at addr fff00000c0922ec9 by task kunit_try_catch/163 [ 15.424591] [ 15.424637] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.424827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.424862] Hardware name: linux,dummy-virt (DT) [ 15.424957] Call trace: [ 15.425004] show_stack+0x20/0x38 (C) [ 15.425115] dump_stack_lvl+0x8c/0xd0 [ 15.425189] print_report+0x118/0x608 [ 15.425293] kasan_report+0xdc/0x128 [ 15.425336] __asan_report_store1_noabort+0x20/0x30 [ 15.425384] krealloc_less_oob_helper+0xa48/0xc50 [ 15.425430] krealloc_less_oob+0x20/0x38 [ 15.425472] kunit_try_run_case+0x170/0x3f0 [ 15.425519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.425580] kthread+0x328/0x630 [ 15.425624] ret_from_fork+0x10/0x20 [ 15.426029] [ 15.426327] Allocated by task 163: [ 15.426558] kasan_save_stack+0x3c/0x68 [ 15.426884] kasan_save_track+0x20/0x40 [ 15.426951] kasan_save_alloc_info+0x40/0x58 [ 15.427164] __kasan_krealloc+0x118/0x178 [ 15.427414] krealloc_noprof+0x128/0x360 [ 15.427550] krealloc_less_oob_helper+0x168/0xc50 [ 15.427587] krealloc_less_oob+0x20/0x38 [ 15.427621] kunit_try_run_case+0x170/0x3f0 [ 15.427668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.427719] kthread+0x328/0x630 [ 15.427753] ret_from_fork+0x10/0x20 [ 15.427787] [ 15.428011] The buggy address belongs to the object at fff00000c0922e00 [ 15.428011] which belongs to the cache kmalloc-256 of size 256 [ 15.428256] The buggy address is located 0 bytes to the right of [ 15.428256] allocated 201-byte region [fff00000c0922e00, fff00000c0922ec9) [ 15.428462] [ 15.428721] The buggy address belongs to the physical page: [ 15.428755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922 [ 15.429034] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.429084] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.429181] page_type: f5(slab) [ 15.429229] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.429655] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.429785] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.429867] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.429913] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff [ 15.429959] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.430003] page dumped because: kasan: bad access detected [ 15.430122] [ 15.430140] Memory state around the buggy address: [ 15.430176] fff00000c0922d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.430317] fff00000c0922e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.430366] >fff00000c0922e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.430414] ^ [ 15.430503] fff00000c0922f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.430603] fff00000c0922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.430660] ================================================================== [ 15.456792] ================================================================== [ 15.456964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 15.457047] Write of size 1 at addr fff00000c0922eeb by task kunit_try_catch/163 [ 15.457166] [ 15.457235] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.457581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.457994] Hardware name: linux,dummy-virt (DT) [ 15.458209] Call trace: [ 15.458232] show_stack+0x20/0x38 (C) [ 15.458447] dump_stack_lvl+0x8c/0xd0 [ 15.458724] print_report+0x118/0x608 [ 15.458928] kasan_report+0xdc/0x128 [ 15.459010] __asan_report_store1_noabort+0x20/0x30 [ 15.459166] krealloc_less_oob_helper+0xa58/0xc50 [ 15.459415] krealloc_less_oob+0x20/0x38 [ 15.459487] kunit_try_run_case+0x170/0x3f0 [ 15.459533] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.459777] kthread+0x328/0x630 [ 15.460142] ret_from_fork+0x10/0x20 [ 15.460342] [ 15.460361] Allocated by task 163: [ 15.460422] kasan_save_stack+0x3c/0x68 [ 15.460460] kasan_save_track+0x20/0x40 [ 15.460494] kasan_save_alloc_info+0x40/0x58 [ 15.460530] __kasan_krealloc+0x118/0x178 [ 15.460564] krealloc_noprof+0x128/0x360 [ 15.460598] krealloc_less_oob_helper+0x168/0xc50 [ 15.460646] krealloc_less_oob+0x20/0x38 [ 15.460679] kunit_try_run_case+0x170/0x3f0 [ 15.460715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.461003] kthread+0x328/0x630 [ 15.461039] ret_from_fork+0x10/0x20 [ 15.461074] [ 15.461093] The buggy address belongs to the object at fff00000c0922e00 [ 15.461093] which belongs to the cache kmalloc-256 of size 256 [ 15.461147] The buggy address is located 34 bytes to the right of [ 15.461147] allocated 201-byte region [fff00000c0922e00, fff00000c0922ec9) [ 15.461211] [ 15.461231] The buggy address belongs to the physical page: [ 15.461270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922 [ 15.461320] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.461374] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.461613] page_type: f5(slab) [ 15.461996] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.462049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.462316] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.462432] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.462578] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff [ 15.462673] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.462712] page dumped because: kasan: bad access detected [ 15.463055] [ 15.463078] Memory state around the buggy address: [ 15.463126] fff00000c0922d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463181] fff00000c0922e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.463240] >fff00000c0922e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.463278] ^ [ 15.463419] fff00000c0922f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463695] fff00000c0922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463830] ================================================================== [ 15.433308] ================================================================== [ 15.433602] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 15.433880] Write of size 1 at addr fff00000c0922ed0 by task kunit_try_catch/163 [ 15.434005] [ 15.434036] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.434112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.434168] Hardware name: linux,dummy-virt (DT) [ 15.434200] Call trace: [ 15.434488] show_stack+0x20/0x38 (C) [ 15.434575] dump_stack_lvl+0x8c/0xd0 [ 15.434623] print_report+0x118/0x608 [ 15.434990] kasan_report+0xdc/0x128 [ 15.435100] __asan_report_store1_noabort+0x20/0x30 [ 15.435149] krealloc_less_oob_helper+0xb9c/0xc50 [ 15.435201] krealloc_less_oob+0x20/0x38 [ 15.435337] kunit_try_run_case+0x170/0x3f0 [ 15.435478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.435537] kthread+0x328/0x630 [ 15.435691] ret_from_fork+0x10/0x20 [ 15.435816] [ 15.435862] Allocated by task 163: [ 15.435889] kasan_save_stack+0x3c/0x68 [ 15.435933] kasan_save_track+0x20/0x40 [ 15.436024] kasan_save_alloc_info+0x40/0x58 [ 15.436060] __kasan_krealloc+0x118/0x178 [ 15.436095] krealloc_noprof+0x128/0x360 [ 15.436129] krealloc_less_oob_helper+0x168/0xc50 [ 15.436383] krealloc_less_oob+0x20/0x38 [ 15.436424] kunit_try_run_case+0x170/0x3f0 [ 15.436462] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.436505] kthread+0x328/0x630 [ 15.436538] ret_from_fork+0x10/0x20 [ 15.436572] [ 15.436591] The buggy address belongs to the object at fff00000c0922e00 [ 15.436591] which belongs to the cache kmalloc-256 of size 256 [ 15.437118] The buggy address is located 7 bytes to the right of [ 15.437118] allocated 201-byte region [fff00000c0922e00, fff00000c0922ec9) [ 15.437189] [ 15.437208] The buggy address belongs to the physical page: [ 15.437465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922 [ 15.437522] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.437567] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.437637] page_type: f5(slab) [ 15.437674] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.437941] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.437996] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 15.438098] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.438197] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff [ 15.438283] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 15.438335] page dumped because: kasan: bad access detected [ 15.438733] [ 15.438756] Memory state around the buggy address: [ 15.438795] fff00000c0922d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.438851] fff00000c0922e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.438892] >fff00000c0922e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 15.439010] ^ [ 15.439124] fff00000c0922f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.439269] fff00000c0922f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.439306] ================================================================== [ 15.497099] ================================================================== [ 15.497146] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 15.497483] Write of size 1 at addr fff00000c65660d0 by task kunit_try_catch/167 [ 15.497881] [ 15.497925] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.498006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.498031] Hardware name: linux,dummy-virt (DT) [ 15.498066] Call trace: [ 15.498167] show_stack+0x20/0x38 (C) [ 15.498239] dump_stack_lvl+0x8c/0xd0 [ 15.498445] print_report+0x118/0x608 [ 15.498538] kasan_report+0xdc/0x128 [ 15.498580] __asan_report_store1_noabort+0x20/0x30 [ 15.498639] krealloc_less_oob_helper+0xb9c/0xc50 [ 15.498684] krealloc_large_less_oob+0x20/0x38 [ 15.498727] kunit_try_run_case+0x170/0x3f0 [ 15.498773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.498823] kthread+0x328/0x630 [ 15.498867] ret_from_fork+0x10/0x20 [ 15.498911] [ 15.498930] The buggy address belongs to the physical page: [ 15.498959] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106564 [ 15.499008] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.499380] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.499591] page_type: f8(unknown) [ 15.499942] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.500235] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.500318] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.500596] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.500893] head: 0bfffe0000000002 ffffc1ffc3195901 00000000ffffffff 00000000ffffffff [ 15.500942] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.501031] page dumped because: kasan: bad access detected [ 15.501062] [ 15.501266] Memory state around the buggy address: [ 15.501307] fff00000c6565f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.501435] fff00000c6566000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.501508] >fff00000c6566080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 15.501567] ^ [ 15.501641] fff00000c6566100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.501681] fff00000c6566180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.501719] ==================================================================
[ 14.043020] ================================================================== [ 14.044067] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 14.045396] Write of size 1 at addr ffff8881022aa0ea by task kunit_try_catch/183 [ 14.046223] [ 14.046431] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.046536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.046561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.046604] Call Trace: [ 14.046649] <TASK> [ 14.046696] dump_stack_lvl+0x73/0xb0 [ 14.046757] print_report+0xd1/0x650 [ 14.046804] ? __virt_addr_valid+0x1db/0x2d0 [ 14.046848] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.046886] ? kasan_addr_to_slab+0x11/0xa0 [ 14.046928] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.046969] kasan_report+0x141/0x180 [ 14.047014] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 14.047069] __asan_report_store1_noabort+0x1b/0x30 [ 14.047111] krealloc_less_oob_helper+0xe90/0x11d0 [ 14.047158] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.047200] ? finish_task_switch.isra.0+0x153/0x700 [ 14.047244] ? __switch_to+0x5d9/0xf60 [ 14.047283] ? dequeue_task_fair+0x166/0x4e0 [ 14.047332] ? __schedule+0x10cc/0x2b60 [ 14.047395] ? __pfx_read_tsc+0x10/0x10 [ 14.047444] krealloc_large_less_oob+0x1c/0x30 [ 14.047483] kunit_try_run_case+0x1a5/0x480 [ 14.047531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.047571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.047618] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.047665] ? __kthread_parkme+0x82/0x180 [ 14.047708] ? preempt_count_sub+0x50/0x80 [ 14.047757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.047802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.047847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.047892] kthread+0x337/0x6f0 [ 14.047933] ? __pfx_kthread+0x10/0x10 [ 14.047975] ? calculate_sigpending+0x7b/0xa0 [ 14.048019] ? __pfx_kthread+0x10/0x10 [ 14.048058] ret_from_fork+0x41/0x80 [ 14.048099] ? __pfx_kthread+0x10/0x10 [ 14.048135] ret_from_fork_asm+0x1a/0x30 [ 14.048201] </TASK> [ 14.048224] [ 14.068026] The buggy address belongs to the physical page: [ 14.068895] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a8 [ 14.069444] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.070219] flags: 0x200000000000040(head|node=0|zone=2) [ 14.070532] page_type: f8(unknown) [ 14.071069] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.071896] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.072628] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.072997] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.073579] head: 0200000000000002 ffffea000408aa01 00000000ffffffff 00000000ffffffff [ 14.074448] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.075289] page dumped because: kasan: bad access detected [ 14.075933] [ 14.076142] Memory state around the buggy address: [ 14.076692] ffff8881022a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.077415] ffff8881022aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.078191] >ffff8881022aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.078619] ^ [ 14.079191] ffff8881022aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.079598] ffff8881022aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.079928] ================================================================== [ 13.980836] ================================================================== [ 13.981549] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.981968] Write of size 1 at addr ffff8881022aa0d0 by task kunit_try_catch/183 [ 13.983010] [ 13.983323] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.983454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.983473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.983499] Call Trace: [ 13.983525] <TASK> [ 13.983553] dump_stack_lvl+0x73/0xb0 [ 13.983594] print_report+0xd1/0x650 [ 13.983621] ? __virt_addr_valid+0x1db/0x2d0 [ 13.983646] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.983668] ? kasan_addr_to_slab+0x11/0xa0 [ 13.983690] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.983712] kasan_report+0x141/0x180 [ 13.983736] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.983763] __asan_report_store1_noabort+0x1b/0x30 [ 13.983786] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.983810] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.983832] ? finish_task_switch.isra.0+0x153/0x700 [ 13.983857] ? __switch_to+0x5d9/0xf60 [ 13.983879] ? dequeue_task_fair+0x166/0x4e0 [ 13.983904] ? __schedule+0x10cc/0x2b60 [ 13.983929] ? __pfx_read_tsc+0x10/0x10 [ 13.983954] krealloc_large_less_oob+0x1c/0x30 [ 13.983974] kunit_try_run_case+0x1a5/0x480 [ 13.984001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.984024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.984050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.984401] ? __kthread_parkme+0x82/0x180 [ 13.984470] ? preempt_count_sub+0x50/0x80 [ 13.984808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.984901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.984954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.985004] kthread+0x337/0x6f0 [ 13.985061] ? __pfx_kthread+0x10/0x10 [ 13.985108] ? calculate_sigpending+0x7b/0xa0 [ 13.985135] ? __pfx_kthread+0x10/0x10 [ 13.985156] ret_from_fork+0x41/0x80 [ 13.985180] ? __pfx_kthread+0x10/0x10 [ 13.985200] ret_from_fork_asm+0x1a/0x30 [ 13.985261] </TASK> [ 13.985281] [ 13.997330] The buggy address belongs to the physical page: [ 13.998734] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a8 [ 13.999689] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.000421] flags: 0x200000000000040(head|node=0|zone=2) [ 14.000865] page_type: f8(unknown) [ 14.001168] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.001689] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.002072] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.002483] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.002908] head: 0200000000000002 ffffea000408aa01 00000000ffffffff 00000000ffffffff [ 14.004147] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.004616] page dumped because: kasan: bad access detected [ 14.005096] [ 14.005476] Memory state around the buggy address: [ 14.005708] ffff8881022a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.006169] ffff8881022aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.006676] >ffff8881022aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.006969] ^ [ 14.007205] ffff8881022aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.007622] ffff8881022aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.008260] ================================================================== [ 13.669191] ================================================================== [ 13.670594] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.671179] Write of size 1 at addr ffff888100aa12c9 by task kunit_try_catch/179 [ 13.672270] [ 13.672446] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.672506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.672520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.672544] Call Trace: [ 13.672562] <TASK> [ 13.672589] dump_stack_lvl+0x73/0xb0 [ 13.672627] print_report+0xd1/0x650 [ 13.672653] ? __virt_addr_valid+0x1db/0x2d0 [ 13.672679] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.672700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.672724] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.672745] kasan_report+0x141/0x180 [ 13.672769] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.672796] __asan_report_store1_noabort+0x1b/0x30 [ 13.672817] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.672841] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.672863] ? finish_task_switch.isra.0+0x153/0x700 [ 13.672888] ? __switch_to+0x5d9/0xf60 [ 13.672911] ? dequeue_task_fair+0x156/0x4e0 [ 13.672936] ? __schedule+0x10cc/0x2b60 [ 13.672960] ? __pfx_read_tsc+0x10/0x10 [ 13.672986] krealloc_less_oob+0x1c/0x30 [ 13.673006] kunit_try_run_case+0x1a5/0x480 [ 13.673052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.673089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.673135] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.673180] ? __kthread_parkme+0x82/0x180 [ 13.673222] ? preempt_count_sub+0x50/0x80 [ 13.673268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.673316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.673663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.673746] kthread+0x337/0x6f0 [ 13.673783] ? trace_preempt_on+0x20/0xc0 [ 13.673824] ? __pfx_kthread+0x10/0x10 [ 13.673854] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.673891] ? calculate_sigpending+0x7b/0xa0 [ 13.673927] ? __pfx_kthread+0x10/0x10 [ 13.673947] ret_from_fork+0x41/0x80 [ 13.673970] ? __pfx_kthread+0x10/0x10 [ 13.673989] ret_from_fork_asm+0x1a/0x30 [ 13.674023] </TASK> [ 13.674036] [ 13.690854] Allocated by task 179: [ 13.691835] kasan_save_stack+0x45/0x70 [ 13.693241] kasan_save_track+0x18/0x40 [ 13.693957] kasan_save_alloc_info+0x3b/0x50 [ 13.695384] __kasan_krealloc+0x190/0x1f0 [ 13.696156] krealloc_noprof+0xf3/0x340 [ 13.696388] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.696592] krealloc_less_oob+0x1c/0x30 [ 13.696769] kunit_try_run_case+0x1a5/0x480 [ 13.696931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.697998] kthread+0x337/0x6f0 [ 13.698370] ret_from_fork+0x41/0x80 [ 13.698684] ret_from_fork_asm+0x1a/0x30 [ 13.699006] [ 13.699186] The buggy address belongs to the object at ffff888100aa1200 [ 13.699186] which belongs to the cache kmalloc-256 of size 256 [ 13.700321] The buggy address is located 0 bytes to the right of [ 13.700321] allocated 201-byte region [ffff888100aa1200, ffff888100aa12c9) [ 13.701158] [ 13.701878] The buggy address belongs to the physical page: [ 13.702579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 13.703050] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.703696] flags: 0x200000000000040(head|node=0|zone=2) [ 13.704194] page_type: f5(slab) [ 13.704691] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.705025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.706040] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.706649] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.707383] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 13.707852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.708151] page dumped because: kasan: bad access detected [ 13.708700] [ 13.708897] Memory state around the buggy address: [ 13.709756] ffff888100aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.710473] ffff888100aa1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.710711] >ffff888100aa1280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.711464] ^ [ 13.711786] ffff888100aa1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.712530] ffff888100aa1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.712977] ================================================================== [ 13.714775] ================================================================== [ 13.715398] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.716535] Write of size 1 at addr ffff888100aa12d0 by task kunit_try_catch/179 [ 13.716830] [ 13.717104] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.717207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.717232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.717370] Call Trace: [ 13.717419] <TASK> [ 13.717462] dump_stack_lvl+0x73/0xb0 [ 13.717526] print_report+0xd1/0x650 [ 13.717776] ? __virt_addr_valid+0x1db/0x2d0 [ 13.717855] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.717905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.717954] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.717995] kasan_report+0x141/0x180 [ 13.718036] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.718102] __asan_report_store1_noabort+0x1b/0x30 [ 13.718138] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.718186] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.718238] ? finish_task_switch.isra.0+0x153/0x700 [ 13.718277] ? __switch_to+0x5d9/0xf60 [ 13.718311] ? dequeue_task_fair+0x156/0x4e0 [ 13.718367] ? __schedule+0x10cc/0x2b60 [ 13.718398] ? __pfx_read_tsc+0x10/0x10 [ 13.718424] krealloc_less_oob+0x1c/0x30 [ 13.718444] kunit_try_run_case+0x1a5/0x480 [ 13.718471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.718494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.718519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.718543] ? __kthread_parkme+0x82/0x180 [ 13.718567] ? preempt_count_sub+0x50/0x80 [ 13.718591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.718615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.718639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.718662] kthread+0x337/0x6f0 [ 13.718681] ? trace_preempt_on+0x20/0xc0 [ 13.718705] ? __pfx_kthread+0x10/0x10 [ 13.718726] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.718749] ? calculate_sigpending+0x7b/0xa0 [ 13.718771] ? __pfx_kthread+0x10/0x10 [ 13.718791] ret_from_fork+0x41/0x80 [ 13.718812] ? __pfx_kthread+0x10/0x10 [ 13.718831] ret_from_fork_asm+0x1a/0x30 [ 13.718864] </TASK> [ 13.718877] [ 13.732006] Allocated by task 179: [ 13.732371] kasan_save_stack+0x45/0x70 [ 13.732990] kasan_save_track+0x18/0x40 [ 13.733267] kasan_save_alloc_info+0x3b/0x50 [ 13.733487] __kasan_krealloc+0x190/0x1f0 [ 13.734060] krealloc_noprof+0xf3/0x340 [ 13.734558] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.735332] krealloc_less_oob+0x1c/0x30 [ 13.735654] kunit_try_run_case+0x1a5/0x480 [ 13.735863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.736092] kthread+0x337/0x6f0 [ 13.736263] ret_from_fork+0x41/0x80 [ 13.736630] ret_from_fork_asm+0x1a/0x30 [ 13.736996] [ 13.737180] The buggy address belongs to the object at ffff888100aa1200 [ 13.737180] which belongs to the cache kmalloc-256 of size 256 [ 13.739842] The buggy address is located 7 bytes to the right of [ 13.739842] allocated 201-byte region [ffff888100aa1200, ffff888100aa12c9) [ 13.740961] [ 13.741412] The buggy address belongs to the physical page: [ 13.741944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 13.742614] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.743353] flags: 0x200000000000040(head|node=0|zone=2) [ 13.743725] page_type: f5(slab) [ 13.743960] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.744303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.744595] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.745406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.745928] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 13.747116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.747860] page dumped because: kasan: bad access detected [ 13.748737] [ 13.748904] Memory state around the buggy address: [ 13.749487] ffff888100aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.749818] ffff888100aa1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.751007] >ffff888100aa1280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.751413] ^ [ 13.751862] ffff888100aa1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.752466] ffff888100aa1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.753573] ================================================================== [ 14.009096] ================================================================== [ 14.009611] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 14.009999] Write of size 1 at addr ffff8881022aa0da by task kunit_try_catch/183 [ 14.012410] [ 14.012583] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.012682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.012710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.012755] Call Trace: [ 14.012797] <TASK> [ 14.012835] dump_stack_lvl+0x73/0xb0 [ 14.012898] print_report+0xd1/0x650 [ 14.012944] ? __virt_addr_valid+0x1db/0x2d0 [ 14.012992] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.013052] ? kasan_addr_to_slab+0x11/0xa0 [ 14.013099] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.013142] kasan_report+0x141/0x180 [ 14.013198] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 14.013243] __asan_report_store1_noabort+0x1b/0x30 [ 14.013279] krealloc_less_oob_helper+0xec6/0x11d0 [ 14.013316] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.013369] ? finish_task_switch.isra.0+0x153/0x700 [ 14.013411] ? __switch_to+0x5d9/0xf60 [ 14.013446] ? dequeue_task_fair+0x166/0x4e0 [ 14.013474] ? __schedule+0x10cc/0x2b60 [ 14.013501] ? __pfx_read_tsc+0x10/0x10 [ 14.013527] krealloc_large_less_oob+0x1c/0x30 [ 14.013550] kunit_try_run_case+0x1a5/0x480 [ 14.013578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.013603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.013630] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.013657] ? __kthread_parkme+0x82/0x180 [ 14.013681] ? preempt_count_sub+0x50/0x80 [ 14.013708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.013733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.013759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.013784] kthread+0x337/0x6f0 [ 14.013805] ? __pfx_kthread+0x10/0x10 [ 14.013828] ? calculate_sigpending+0x7b/0xa0 [ 14.013853] ? __pfx_kthread+0x10/0x10 [ 14.013874] ret_from_fork+0x41/0x80 [ 14.013897] ? __pfx_kthread+0x10/0x10 [ 14.013917] ret_from_fork_asm+0x1a/0x30 [ 14.013952] </TASK> [ 14.013965] [ 14.027214] The buggy address belongs to the physical page: [ 14.027506] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a8 [ 14.027986] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.029385] flags: 0x200000000000040(head|node=0|zone=2) [ 14.029790] page_type: f8(unknown) [ 14.029998] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.030287] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.031503] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.032133] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.033430] head: 0200000000000002 ffffea000408aa01 00000000ffffffff 00000000ffffffff [ 14.033872] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.034685] page dumped because: kasan: bad access detected [ 14.034992] [ 14.035466] Memory state around the buggy address: [ 14.035834] ffff8881022a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.037527] ffff8881022aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.038179] >ffff8881022aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.038771] ^ [ 14.039262] ffff8881022aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.040746] ffff8881022aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.041581] ================================================================== [ 14.080941] ================================================================== [ 14.081554] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 14.082120] Write of size 1 at addr ffff8881022aa0eb by task kunit_try_catch/183 [ 14.082827] [ 14.083063] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.083176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.083205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.083250] Call Trace: [ 14.083294] <TASK> [ 14.083381] dump_stack_lvl+0x73/0xb0 [ 14.083454] print_report+0xd1/0x650 [ 14.083495] ? __virt_addr_valid+0x1db/0x2d0 [ 14.083529] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.083563] ? kasan_addr_to_slab+0x11/0xa0 [ 14.083598] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.083632] kasan_report+0x141/0x180 [ 14.083669] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 14.083711] __asan_report_store1_noabort+0x1b/0x30 [ 14.083743] krealloc_less_oob_helper+0xd47/0x11d0 [ 14.083780] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 14.083812] ? finish_task_switch.isra.0+0x153/0x700 [ 14.083848] ? __switch_to+0x5d9/0xf60 [ 14.083881] ? dequeue_task_fair+0x166/0x4e0 [ 14.083921] ? __schedule+0x10cc/0x2b60 [ 14.083959] ? __pfx_read_tsc+0x10/0x10 [ 14.083996] krealloc_large_less_oob+0x1c/0x30 [ 14.084030] kunit_try_run_case+0x1a5/0x480 [ 14.084075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.084111] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.084153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.084190] ? __kthread_parkme+0x82/0x180 [ 14.084234] ? preempt_count_sub+0x50/0x80 [ 14.084272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.084310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.084388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.084433] kthread+0x337/0x6f0 [ 14.084470] ? __pfx_kthread+0x10/0x10 [ 14.084505] ? calculate_sigpending+0x7b/0xa0 [ 14.084546] ? __pfx_kthread+0x10/0x10 [ 14.084581] ret_from_fork+0x41/0x80 [ 14.084620] ? __pfx_kthread+0x10/0x10 [ 14.084657] ret_from_fork_asm+0x1a/0x30 [ 14.084723] </TASK> [ 14.084748] [ 14.098071] The buggy address belongs to the physical page: [ 14.098737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a8 [ 14.100128] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.100976] flags: 0x200000000000040(head|node=0|zone=2) [ 14.101303] page_type: f8(unknown) [ 14.101726] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.102417] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.102727] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.104025] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.104670] head: 0200000000000002 ffffea000408aa01 00000000ffffffff 00000000ffffffff [ 14.105353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.105892] page dumped because: kasan: bad access detected [ 14.106175] [ 14.106617] Memory state around the buggy address: [ 14.106987] ffff8881022a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.107397] ffff8881022aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.108018] >ffff8881022aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 14.108948] ^ [ 14.109695] ffff8881022aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.110121] ffff8881022aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.110440] ================================================================== [ 13.836478] ================================================================== [ 13.837186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.837917] Write of size 1 at addr ffff888100aa12eb by task kunit_try_catch/179 [ 13.838645] [ 13.838977] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.839107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.839144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.839190] Call Trace: [ 13.839278] <TASK> [ 13.839356] dump_stack_lvl+0x73/0xb0 [ 13.839419] print_report+0xd1/0x650 [ 13.839460] ? __virt_addr_valid+0x1db/0x2d0 [ 13.839498] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.839530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.839568] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.839601] kasan_report+0x141/0x180 [ 13.839636] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.839678] __asan_report_store1_noabort+0x1b/0x30 [ 13.839714] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.839754] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.839787] ? finish_task_switch.isra.0+0x153/0x700 [ 13.839825] ? __switch_to+0x5d9/0xf60 [ 13.839863] ? dequeue_task_fair+0x156/0x4e0 [ 13.839908] ? __schedule+0x10cc/0x2b60 [ 13.839999] ? __pfx_read_tsc+0x10/0x10 [ 13.840043] krealloc_less_oob+0x1c/0x30 [ 13.840108] kunit_try_run_case+0x1a5/0x480 [ 13.840154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.840198] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.840242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.840281] ? __kthread_parkme+0x82/0x180 [ 13.840316] ? preempt_count_sub+0x50/0x80 [ 13.840378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.840421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.840466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.840542] kthread+0x337/0x6f0 [ 13.840579] ? trace_preempt_on+0x20/0xc0 [ 13.840643] ? __pfx_kthread+0x10/0x10 [ 13.840681] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.840720] ? calculate_sigpending+0x7b/0xa0 [ 13.840749] ? __pfx_kthread+0x10/0x10 [ 13.840769] ret_from_fork+0x41/0x80 [ 13.840792] ? __pfx_kthread+0x10/0x10 [ 13.840812] ret_from_fork_asm+0x1a/0x30 [ 13.840846] </TASK> [ 13.840860] [ 13.855078] Allocated by task 179: [ 13.855497] kasan_save_stack+0x45/0x70 [ 13.856177] kasan_save_track+0x18/0x40 [ 13.856593] kasan_save_alloc_info+0x3b/0x50 [ 13.856966] __kasan_krealloc+0x190/0x1f0 [ 13.857476] krealloc_noprof+0xf3/0x340 [ 13.858499] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.858768] krealloc_less_oob+0x1c/0x30 [ 13.859534] kunit_try_run_case+0x1a5/0x480 [ 13.860024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.860430] kthread+0x337/0x6f0 [ 13.860800] ret_from_fork+0x41/0x80 [ 13.861202] ret_from_fork_asm+0x1a/0x30 [ 13.862015] [ 13.862228] The buggy address belongs to the object at ffff888100aa1200 [ 13.862228] which belongs to the cache kmalloc-256 of size 256 [ 13.862701] The buggy address is located 34 bytes to the right of [ 13.862701] allocated 201-byte region [ffff888100aa1200, ffff888100aa12c9) [ 13.864157] [ 13.864564] The buggy address belongs to the physical page: [ 13.864893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 13.865428] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.866054] flags: 0x200000000000040(head|node=0|zone=2) [ 13.866862] page_type: f5(slab) [ 13.867128] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.867478] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.867819] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.869465] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.869804] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 13.870415] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.870758] page dumped because: kasan: bad access detected [ 13.871024] [ 13.871633] Memory state around the buggy address: [ 13.871970] ffff888100aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.872223] ffff888100aa1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.872676] >ffff888100aa1280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.873000] ^ [ 13.873495] ffff888100aa1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.873801] ffff888100aa1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.874107] ================================================================== [ 13.795899] ================================================================== [ 13.796554] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.796953] Write of size 1 at addr ffff888100aa12ea by task kunit_try_catch/179 [ 13.797537] [ 13.797705] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.797805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.797829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.797886] Call Trace: [ 13.797930] <TASK> [ 13.797976] dump_stack_lvl+0x73/0xb0 [ 13.798042] print_report+0xd1/0x650 [ 13.798127] ? __virt_addr_valid+0x1db/0x2d0 [ 13.798178] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.798247] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.798297] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.798478] kasan_report+0x141/0x180 [ 13.798538] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.798591] __asan_report_store1_noabort+0x1b/0x30 [ 13.798642] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.798703] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.798745] ? finish_task_switch.isra.0+0x153/0x700 [ 13.798797] ? __switch_to+0x5d9/0xf60 [ 13.798841] ? dequeue_task_fair+0x156/0x4e0 [ 13.798889] ? __schedule+0x10cc/0x2b60 [ 13.798932] ? __pfx_read_tsc+0x10/0x10 [ 13.798978] krealloc_less_oob+0x1c/0x30 [ 13.799016] kunit_try_run_case+0x1a5/0x480 [ 13.799101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.799145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.799195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.799274] ? __kthread_parkme+0x82/0x180 [ 13.799323] ? preempt_count_sub+0x50/0x80 [ 13.799392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.799434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.799473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.799510] kthread+0x337/0x6f0 [ 13.799539] ? trace_preempt_on+0x20/0xc0 [ 13.799576] ? __pfx_kthread+0x10/0x10 [ 13.799607] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.799643] ? calculate_sigpending+0x7b/0xa0 [ 13.799678] ? __pfx_kthread+0x10/0x10 [ 13.799710] ret_from_fork+0x41/0x80 [ 13.799744] ? __pfx_kthread+0x10/0x10 [ 13.799776] ret_from_fork_asm+0x1a/0x30 [ 13.799815] </TASK> [ 13.799829] [ 13.814493] Allocated by task 179: [ 13.814846] kasan_save_stack+0x45/0x70 [ 13.815651] kasan_save_track+0x18/0x40 [ 13.815894] kasan_save_alloc_info+0x3b/0x50 [ 13.816133] __kasan_krealloc+0x190/0x1f0 [ 13.816418] krealloc_noprof+0xf3/0x340 [ 13.816707] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.817055] krealloc_less_oob+0x1c/0x30 [ 13.817483] kunit_try_run_case+0x1a5/0x480 [ 13.818121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.818634] kthread+0x337/0x6f0 [ 13.818931] ret_from_fork+0x41/0x80 [ 13.819728] ret_from_fork_asm+0x1a/0x30 [ 13.820036] [ 13.820836] The buggy address belongs to the object at ffff888100aa1200 [ 13.820836] which belongs to the cache kmalloc-256 of size 256 [ 13.821879] The buggy address is located 33 bytes to the right of [ 13.821879] allocated 201-byte region [ffff888100aa1200, ffff888100aa12c9) [ 13.822647] [ 13.822826] The buggy address belongs to the physical page: [ 13.823535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 13.823964] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.824424] flags: 0x200000000000040(head|node=0|zone=2) [ 13.824841] page_type: f5(slab) [ 13.825086] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.826407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.826873] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.827460] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.828000] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 13.828905] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.829653] page dumped because: kasan: bad access detected [ 13.829982] [ 13.830773] Memory state around the buggy address: [ 13.831002] ffff888100aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.831531] ffff888100aa1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.832560] >ffff888100aa1280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.832968] ^ [ 13.833700] ffff888100aa1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.834554] ffff888100aa1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.835037] ================================================================== [ 13.754766] ================================================================== [ 13.755239] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.755608] Write of size 1 at addr ffff888100aa12da by task kunit_try_catch/179 [ 13.756395] [ 13.756633] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.756742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.756770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.756816] Call Trace: [ 13.756860] <TASK> [ 13.756904] dump_stack_lvl+0x73/0xb0 [ 13.757365] print_report+0xd1/0x650 [ 13.757744] ? __virt_addr_valid+0x1db/0x2d0 [ 13.757883] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.757918] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.757945] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.757968] kasan_report+0x141/0x180 [ 13.757994] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.758022] __asan_report_store1_noabort+0x1b/0x30 [ 13.758044] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.758074] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.758106] ? finish_task_switch.isra.0+0x153/0x700 [ 13.758131] ? __switch_to+0x5d9/0xf60 [ 13.758154] ? dequeue_task_fair+0x156/0x4e0 [ 13.758179] ? __schedule+0x10cc/0x2b60 [ 13.758207] ? __pfx_read_tsc+0x10/0x10 [ 13.758260] krealloc_less_oob+0x1c/0x30 [ 13.758290] kunit_try_run_case+0x1a5/0x480 [ 13.758330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.758384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.758425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.758462] ? __kthread_parkme+0x82/0x180 [ 13.758497] ? preempt_count_sub+0x50/0x80 [ 13.758537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.758575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.758614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.758646] kthread+0x337/0x6f0 [ 13.758665] ? trace_preempt_on+0x20/0xc0 [ 13.758690] ? __pfx_kthread+0x10/0x10 [ 13.758710] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.758733] ? calculate_sigpending+0x7b/0xa0 [ 13.758756] ? __pfx_kthread+0x10/0x10 [ 13.758776] ret_from_fork+0x41/0x80 [ 13.758797] ? __pfx_kthread+0x10/0x10 [ 13.758816] ret_from_fork_asm+0x1a/0x30 [ 13.758849] </TASK> [ 13.758862] [ 13.773424] Allocated by task 179: [ 13.773919] kasan_save_stack+0x45/0x70 [ 13.774654] kasan_save_track+0x18/0x40 [ 13.774837] kasan_save_alloc_info+0x3b/0x50 [ 13.775006] __kasan_krealloc+0x190/0x1f0 [ 13.775596] krealloc_noprof+0xf3/0x340 [ 13.776000] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.776671] krealloc_less_oob+0x1c/0x30 [ 13.777391] kunit_try_run_case+0x1a5/0x480 [ 13.777716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.777936] kthread+0x337/0x6f0 [ 13.778838] ret_from_fork+0x41/0x80 [ 13.779065] ret_from_fork_asm+0x1a/0x30 [ 13.779253] [ 13.779480] The buggy address belongs to the object at ffff888100aa1200 [ 13.779480] which belongs to the cache kmalloc-256 of size 256 [ 13.780577] The buggy address is located 17 bytes to the right of [ 13.780577] allocated 201-byte region [ffff888100aa1200, ffff888100aa12c9) [ 13.782464] [ 13.782599] The buggy address belongs to the physical page: [ 13.783351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 13.783989] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.785034] flags: 0x200000000000040(head|node=0|zone=2) [ 13.785723] page_type: f5(slab) [ 13.785930] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.786750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.787418] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.787854] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.788647] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 13.789476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.789971] page dumped because: kasan: bad access detected [ 13.790409] [ 13.790794] Memory state around the buggy address: [ 13.791128] ffff888100aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.791578] ffff888100aa1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.791936] >ffff888100aa1280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.793278] ^ [ 13.793768] ffff888100aa1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794457] ffff888100aa1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794806] ================================================================== [ 13.942758] ================================================================== [ 13.943763] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.944505] Write of size 1 at addr ffff8881022aa0c9 by task kunit_try_catch/183 [ 13.945138] [ 13.945573] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.945731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.945779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.945828] Call Trace: [ 13.945859] <TASK> [ 13.945900] dump_stack_lvl+0x73/0xb0 [ 13.946019] print_report+0xd1/0x650 [ 13.946075] ? __virt_addr_valid+0x1db/0x2d0 [ 13.946123] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.946165] ? kasan_addr_to_slab+0x11/0xa0 [ 13.946240] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.946300] kasan_report+0x141/0x180 [ 13.946391] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.946426] __asan_report_store1_noabort+0x1b/0x30 [ 13.946451] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.946478] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.946501] ? finish_task_switch.isra.0+0x153/0x700 [ 13.946541] ? __switch_to+0x5d9/0xf60 [ 13.946580] ? dequeue_task_fair+0x166/0x4e0 [ 13.946621] ? __schedule+0x10cc/0x2b60 [ 13.946660] ? __pfx_read_tsc+0x10/0x10 [ 13.946699] krealloc_large_less_oob+0x1c/0x30 [ 13.946732] kunit_try_run_case+0x1a5/0x480 [ 13.946774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.946808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.946848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.946884] ? __kthread_parkme+0x82/0x180 [ 13.946921] ? preempt_count_sub+0x50/0x80 [ 13.946961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.947000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.947039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.947064] kthread+0x337/0x6f0 [ 13.947109] ? __pfx_kthread+0x10/0x10 [ 13.947209] ? calculate_sigpending+0x7b/0xa0 [ 13.947252] ? __pfx_kthread+0x10/0x10 [ 13.947283] ret_from_fork+0x41/0x80 [ 13.947319] ? __pfx_kthread+0x10/0x10 [ 13.947359] ret_from_fork_asm+0x1a/0x30 [ 13.947398] </TASK> [ 13.947412] [ 13.967400] The buggy address belongs to the physical page: [ 13.968162] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a8 [ 13.968877] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.969892] flags: 0x200000000000040(head|node=0|zone=2) [ 13.970399] page_type: f8(unknown) [ 13.970575] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.970803] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.971625] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.972019] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.973000] head: 0200000000000002 ffffea000408aa01 00000000ffffffff 00000000ffffffff [ 13.973565] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.973989] page dumped because: kasan: bad access detected [ 13.974740] [ 13.974930] Memory state around the buggy address: [ 13.975938] ffff8881022a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.976881] ffff8881022aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.977611] >ffff8881022aa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.978092] ^ [ 13.979082] ffff8881022aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.979517] ffff8881022aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.979866] ==================================================================
[ 22.717557] ================================================================== [ 22.728627] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.736280] Write of size 1 at addr ffff88810314fac9 by task kunit_try_catch/201 [ 22.743682] [ 22.745183] CPU: 2 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 22.745192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.745194] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 22.745197] Call Trace: [ 22.745199] <TASK> [ 22.745201] dump_stack_lvl+0x73/0xb0 [ 22.745205] print_report+0xd1/0x650 [ 22.745209] ? __virt_addr_valid+0x1db/0x2d0 [ 22.745213] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.745217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.745221] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.745225] kasan_report+0x141/0x180 [ 22.745229] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.745234] __asan_report_store1_noabort+0x1b/0x30 [ 22.745238] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.745242] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.745245] ? finish_task_switch.isra.0+0x153/0x700 [ 22.745250] ? __switch_to+0x5d9/0xf60 [ 22.745253] ? dequeue_task_fair+0x166/0x4e0 [ 22.745258] ? __schedule+0x10cc/0x2b60 [ 22.745263] krealloc_less_oob+0x1c/0x30 [ 22.745266] kunit_try_run_case+0x1a2/0x480 [ 22.745271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.745275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.745280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.745284] ? __kthread_parkme+0x82/0x180 [ 22.745288] ? preempt_count_sub+0x50/0x80 [ 22.745293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.745298] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.745302] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.745306] kthread+0x334/0x6f0 [ 22.745309] ? trace_preempt_on+0x20/0xc0 [ 22.745314] ? __pfx_kthread+0x10/0x10 [ 22.745317] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.745321] ? calculate_sigpending+0x7b/0xa0 [ 22.745325] ? __pfx_kthread+0x10/0x10 [ 22.745328] ret_from_fork+0x3e/0x80 [ 22.745332] ? __pfx_kthread+0x10/0x10 [ 22.745335] ret_from_fork_asm+0x1a/0x30 [ 22.745341] </TASK> [ 22.745342] [ 22.924526] Allocated by task 201: [ 22.927933] kasan_save_stack+0x45/0x70 [ 22.931798] kasan_save_track+0x18/0x40 [ 22.935639] kasan_save_alloc_info+0x3b/0x50 [ 22.939945] __kasan_krealloc+0x190/0x1f0 [ 22.943993] krealloc_noprof+0xf3/0x340 [ 22.947831] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.952626] krealloc_less_oob+0x1c/0x30 [ 22.956549] kunit_try_run_case+0x1a2/0x480 [ 22.960737] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 22.966134] kthread+0x334/0x6f0 [ 22.969368] ret_from_fork+0x3e/0x80 [ 22.972969] ret_from_fork_asm+0x1a/0x30 [ 22.976926] [ 22.978452] The buggy address belongs to the object at ffff88810314fa00 [ 22.978452] which belongs to the cache kmalloc-256 of size 256 [ 22.990971] The buggy address is located 0 bytes to the right of [ 22.990971] allocated 201-byte region [ffff88810314fa00, ffff88810314fac9) [ 23.003929] [ 23.005449] The buggy address belongs to the physical page: [ 23.011021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10314e [ 23.019027] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.026681] flags: 0x200000000000040(head|node=0|zone=2) [ 23.031994] page_type: f5(slab) [ 23.035142] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.042889] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.050662] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.058489] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.066313] head: 0200000000000001 ffffea00040c5381 00000000ffffffff 00000000ffffffff [ 23.074139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.081982] page dumped because: kasan: bad access detected [ 23.087557] [ 23.089056] Memory state around the buggy address: [ 23.093847] ffff88810314f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.101069] ffff88810314fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.108294] >ffff88810314fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.115513] ^ [ 23.121086] ffff88810314fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.128306] ffff88810314fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.135525] ================================================================== [ 23.564314] ================================================================== [ 23.571545] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.579205] Write of size 1 at addr ffff88810314fada by task kunit_try_catch/201 [ 23.586596] [ 23.588099] CPU: 2 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 23.588107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.588109] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 23.588112] Call Trace: [ 23.588113] <TASK> [ 23.588115] dump_stack_lvl+0x73/0xb0 [ 23.588119] print_report+0xd1/0x650 [ 23.588123] ? __virt_addr_valid+0x1db/0x2d0 [ 23.588127] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.588131] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.588135] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.588139] kasan_report+0x141/0x180 [ 23.588143] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.588148] __asan_report_store1_noabort+0x1b/0x30 [ 23.588152] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.588156] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.588159] ? finish_task_switch.isra.0+0x153/0x700 [ 23.588164] ? __switch_to+0x5d9/0xf60 [ 23.588168] ? dequeue_task_fair+0x166/0x4e0 [ 23.588172] ? __schedule+0x10cc/0x2b60 [ 23.588177] krealloc_less_oob+0x1c/0x30 [ 23.588180] kunit_try_run_case+0x1a2/0x480 [ 23.588185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.588189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.588194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.588199] ? __kthread_parkme+0x82/0x180 [ 23.588203] ? preempt_count_sub+0x50/0x80 [ 23.588207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.588212] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.588216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.588221] kthread+0x334/0x6f0 [ 23.588223] ? trace_preempt_on+0x20/0xc0 [ 23.588228] ? __pfx_kthread+0x10/0x10 [ 23.588231] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.588235] ? calculate_sigpending+0x7b/0xa0 [ 23.588239] ? __pfx_kthread+0x10/0x10 [ 23.588242] ret_from_fork+0x3e/0x80 [ 23.588246] ? __pfx_kthread+0x10/0x10 [ 23.588249] ret_from_fork_asm+0x1a/0x30 [ 23.588255] </TASK> [ 23.588257] [ 23.767478] Allocated by task 201: [ 23.770884] kasan_save_stack+0x45/0x70 [ 23.774759] kasan_save_track+0x18/0x40 [ 23.778605] kasan_save_alloc_info+0x3b/0x50 [ 23.782880] __kasan_krealloc+0x190/0x1f0 [ 23.786891] krealloc_noprof+0xf3/0x340 [ 23.790756] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.795549] krealloc_less_oob+0x1c/0x30 [ 23.799475] kunit_try_run_case+0x1a2/0x480 [ 23.803660] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.809060] kthread+0x334/0x6f0 [ 23.812293] ret_from_fork+0x3e/0x80 [ 23.815874] ret_from_fork_asm+0x1a/0x30 [ 23.819799] [ 23.821298] The buggy address belongs to the object at ffff88810314fa00 [ 23.821298] which belongs to the cache kmalloc-256 of size 256 [ 23.833812] The buggy address is located 17 bytes to the right of [ 23.833812] allocated 201-byte region [ffff88810314fa00, ffff88810314fac9) [ 23.846848] [ 23.848348] The buggy address belongs to the physical page: [ 23.853929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10314e [ 23.861935] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.869588] flags: 0x200000000000040(head|node=0|zone=2) [ 23.874930] page_type: f5(slab) [ 23.878073] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.885813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.893552] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.901379] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.909206] head: 0200000000000001 ffffea00040c5381 00000000ffffffff 00000000ffffffff [ 23.917039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.924863] page dumped because: kasan: bad access detected [ 23.930437] [ 23.931937] Memory state around the buggy address: [ 23.936748] ffff88810314f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.943973] ffff88810314fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.951193] >ffff88810314fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.958413] ^ [ 23.964507] ffff88810314fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.971726] ffff88810314fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.978955] ================================================================== [ 26.558086] ================================================================== [ 26.565317] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.572970] Write of size 1 at addr ffff888102a320ea by task kunit_try_catch/205 [ 26.580363] [ 26.581862] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 26.581869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.581871] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 26.581874] Call Trace: [ 26.581876] <TASK> [ 26.581877] dump_stack_lvl+0x73/0xb0 [ 26.581881] print_report+0xd1/0x650 [ 26.581885] ? __virt_addr_valid+0x1db/0x2d0 [ 26.581889] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581892] ? kasan_addr_to_slab+0x11/0xa0 [ 26.581896] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581917] kasan_report+0x141/0x180 [ 26.581921] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581926] __asan_report_store1_noabort+0x1b/0x30 [ 26.581930] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581934] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.581938] ? finish_task_switch.isra.0+0x153/0x700 [ 26.581943] ? __switch_to+0x5d9/0xf60 [ 26.581959] ? dequeue_task_fair+0x166/0x4e0 [ 26.581963] ? __schedule+0x10cc/0x2b60 [ 26.581968] krealloc_large_less_oob+0x1c/0x30 [ 26.581971] kunit_try_run_case+0x1a2/0x480 [ 26.581976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.581980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.581985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.581989] ? __kthread_parkme+0x82/0x180 [ 26.581993] ? preempt_count_sub+0x50/0x80 [ 26.581998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582003] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.582007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.582011] kthread+0x334/0x6f0 [ 26.582014] ? trace_preempt_on+0x20/0xc0 [ 26.582018] ? __pfx_kthread+0x10/0x10 [ 26.582022] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.582026] ? calculate_sigpending+0x7b/0xa0 [ 26.582030] ? __pfx_kthread+0x10/0x10 [ 26.582033] ret_from_fork+0x3e/0x80 [ 26.582037] ? __pfx_kthread+0x10/0x10 [ 26.582040] ret_from_fork_asm+0x1a/0x30 [ 26.582045] </TASK> [ 26.582047] [ 26.760654] The buggy address belongs to the physical page: [ 26.766229] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 26.774235] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.781888] flags: 0x200000000000040(head|node=0|zone=2) [ 26.787227] page_type: f8(unknown) [ 26.790632] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.798372] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.806111] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.813938] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.821790] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 26.829615] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.837440] page dumped because: kasan: bad access detected [ 26.843014] [ 26.844512] Memory state around the buggy address: [ 26.849305] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.856524] ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.863743] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.870973] ^ [ 26.877584] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.884804] ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.892024] ================================================================== [ 26.217515] ================================================================== [ 26.224753] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.232406] Write of size 1 at addr ffff888102a320da by task kunit_try_catch/205 [ 26.239799] [ 26.241300] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 26.241307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.241309] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 26.241312] Call Trace: [ 26.241314] <TASK> [ 26.241315] dump_stack_lvl+0x73/0xb0 [ 26.241319] print_report+0xd1/0x650 [ 26.241323] ? __virt_addr_valid+0x1db/0x2d0 [ 26.241327] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.241330] ? kasan_addr_to_slab+0x11/0xa0 [ 26.241334] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.241338] kasan_report+0x141/0x180 [ 26.241342] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.241347] __asan_report_store1_noabort+0x1b/0x30 [ 26.241351] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.241355] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.241359] ? finish_task_switch.isra.0+0x153/0x700 [ 26.241363] ? __switch_to+0x5d9/0xf60 [ 26.241367] ? dequeue_task_fair+0x166/0x4e0 [ 26.241371] ? __schedule+0x10cc/0x2b60 [ 26.241376] krealloc_large_less_oob+0x1c/0x30 [ 26.241380] kunit_try_run_case+0x1a2/0x480 [ 26.241384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.241389] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.241393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.241398] ? __kthread_parkme+0x82/0x180 [ 26.241402] ? preempt_count_sub+0x50/0x80 [ 26.241406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.241411] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.241415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.241420] kthread+0x334/0x6f0 [ 26.241423] ? trace_preempt_on+0x20/0xc0 [ 26.241427] ? __pfx_kthread+0x10/0x10 [ 26.241430] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.241434] ? calculate_sigpending+0x7b/0xa0 [ 26.241438] ? __pfx_kthread+0x10/0x10 [ 26.241441] ret_from_fork+0x3e/0x80 [ 26.241445] ? __pfx_kthread+0x10/0x10 [ 26.241449] ret_from_fork_asm+0x1a/0x30 [ 26.241454] </TASK> [ 26.241456] [ 26.419987] The buggy address belongs to the physical page: [ 26.425560] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 26.433568] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.441222] flags: 0x200000000000040(head|node=0|zone=2) [ 26.446531] page_type: f8(unknown) [ 26.449939] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.457706] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.465443] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.473269] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.481097] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 26.488931] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.496781] page dumped because: kasan: bad access detected [ 26.502354] [ 26.503853] Memory state around the buggy address: [ 26.508647] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.515868] ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.523093] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.530314] ^ [ 26.536405] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.543626] ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.550843] ================================================================== [ 24.408641] ================================================================== [ 24.415872] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.423526] Write of size 1 at addr ffff88810314faeb by task kunit_try_catch/201 [ 24.430929] [ 24.432426] CPU: 2 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 24.432434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.432436] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 24.432439] Call Trace: [ 24.432440] <TASK> [ 24.432442] dump_stack_lvl+0x73/0xb0 [ 24.432446] print_report+0xd1/0x650 [ 24.432450] ? __virt_addr_valid+0x1db/0x2d0 [ 24.432454] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.432457] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.432461] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.432465] kasan_report+0x141/0x180 [ 24.432469] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.432474] __asan_report_store1_noabort+0x1b/0x30 [ 24.432478] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.432482] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.432486] ? finish_task_switch.isra.0+0x153/0x700 [ 24.432490] ? __switch_to+0x5d9/0xf60 [ 24.432494] ? dequeue_task_fair+0x166/0x4e0 [ 24.432498] ? __schedule+0x10cc/0x2b60 [ 24.432503] krealloc_less_oob+0x1c/0x30 [ 24.432506] kunit_try_run_case+0x1a2/0x480 [ 24.432511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.432515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.432520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.432524] ? __kthread_parkme+0x82/0x180 [ 24.432528] ? preempt_count_sub+0x50/0x80 [ 24.432533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.432537] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.432542] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.432546] kthread+0x334/0x6f0 [ 24.432549] ? trace_preempt_on+0x20/0xc0 [ 24.432553] ? __pfx_kthread+0x10/0x10 [ 24.432556] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.432560] ? calculate_sigpending+0x7b/0xa0 [ 24.432564] ? __pfx_kthread+0x10/0x10 [ 24.432567] ret_from_fork+0x3e/0x80 [ 24.432571] ? __pfx_kthread+0x10/0x10 [ 24.432574] ret_from_fork_asm+0x1a/0x30 [ 24.432580] </TASK> [ 24.432581] [ 24.611782] Allocated by task 201: [ 24.615188] kasan_save_stack+0x45/0x70 [ 24.619036] kasan_save_track+0x18/0x40 [ 24.622874] kasan_save_alloc_info+0x3b/0x50 [ 24.627146] __kasan_krealloc+0x190/0x1f0 [ 24.631160] krealloc_noprof+0xf3/0x340 [ 24.634998] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.639792] krealloc_less_oob+0x1c/0x30 [ 24.643718] kunit_try_run_case+0x1a2/0x480 [ 24.647932] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.653354] kthread+0x334/0x6f0 [ 24.656587] ret_from_fork+0x3e/0x80 [ 24.660168] ret_from_fork_asm+0x1a/0x30 [ 24.664093] [ 24.665593] The buggy address belongs to the object at ffff88810314fa00 [ 24.665593] which belongs to the cache kmalloc-256 of size 256 [ 24.678109] The buggy address is located 34 bytes to the right of [ 24.678109] allocated 201-byte region [ffff88810314fa00, ffff88810314fac9) [ 24.691143] [ 24.692640] The buggy address belongs to the physical page: [ 24.698214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10314e [ 24.706221] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.713875] flags: 0x200000000000040(head|node=0|zone=2) [ 24.719186] page_type: f5(slab) [ 24.722335] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 24.730082] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.737830] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 24.745664] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.753490] head: 0200000000000001 ffffea00040c5381 00000000ffffffff 00000000ffffffff [ 24.761316] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.769141] page dumped because: kasan: bad access detected [ 24.774713] [ 24.776214] Memory state around the buggy address: [ 24.781007] ffff88810314f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.788225] ffff88810314fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.795446] >ffff88810314fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.802673] ^ [ 24.809285] ffff88810314fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816505] ffff88810314fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.823724] ================================================================== [ 23.986186] ================================================================== [ 23.993425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.001079] Write of size 1 at addr ffff88810314faea by task kunit_try_catch/201 [ 24.008470] [ 24.009982] CPU: 2 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 24.009989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.009991] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 24.009995] Call Trace: [ 24.009996] <TASK> [ 24.009998] dump_stack_lvl+0x73/0xb0 [ 24.010001] print_report+0xd1/0x650 [ 24.010005] ? __virt_addr_valid+0x1db/0x2d0 [ 24.010009] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.010013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.010017] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.010021] kasan_report+0x141/0x180 [ 24.010025] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.010030] __asan_report_store1_noabort+0x1b/0x30 [ 24.010034] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.010038] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.010041] ? finish_task_switch.isra.0+0x153/0x700 [ 24.010046] ? __switch_to+0x5d9/0xf60 [ 24.010049] ? dequeue_task_fair+0x166/0x4e0 [ 24.010054] ? __schedule+0x10cc/0x2b60 [ 24.010059] krealloc_less_oob+0x1c/0x30 [ 24.010062] kunit_try_run_case+0x1a2/0x480 [ 24.010067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.010071] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.010076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.010080] ? __kthread_parkme+0x82/0x180 [ 24.010084] ? preempt_count_sub+0x50/0x80 [ 24.010089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.010093] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.010097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.010102] kthread+0x334/0x6f0 [ 24.010105] ? trace_preempt_on+0x20/0xc0 [ 24.010109] ? __pfx_kthread+0x10/0x10 [ 24.010112] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.010116] ? calculate_sigpending+0x7b/0xa0 [ 24.010120] ? __pfx_kthread+0x10/0x10 [ 24.010123] ret_from_fork+0x3e/0x80 [ 24.010127] ? __pfx_kthread+0x10/0x10 [ 24.010130] ret_from_fork_asm+0x1a/0x30 [ 24.010136] </TASK> [ 24.010137] [ 24.189473] Allocated by task 201: [ 24.192879] kasan_save_stack+0x45/0x70 [ 24.196719] kasan_save_track+0x18/0x40 [ 24.200558] kasan_save_alloc_info+0x3b/0x50 [ 24.204830] __kasan_krealloc+0x190/0x1f0 [ 24.208842] krealloc_noprof+0xf3/0x340 [ 24.212683] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.217476] krealloc_less_oob+0x1c/0x30 [ 24.221401] kunit_try_run_case+0x1a2/0x480 [ 24.225588] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.230987] kthread+0x334/0x6f0 [ 24.234218] ret_from_fork+0x3e/0x80 [ 24.237800] ret_from_fork_asm+0x1a/0x30 [ 24.241724] [ 24.243225] The buggy address belongs to the object at ffff88810314fa00 [ 24.243225] which belongs to the cache kmalloc-256 of size 256 [ 24.255741] The buggy address is located 33 bytes to the right of [ 24.255741] allocated 201-byte region [ffff88810314fa00, ffff88810314fac9) [ 24.268782] [ 24.270280] The buggy address belongs to the physical page: [ 24.275856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10314e [ 24.283863] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.291515] flags: 0x200000000000040(head|node=0|zone=2) [ 24.296829] page_type: f5(slab) [ 24.299975] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 24.307712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.315454] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 24.323288] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.331112] head: 0200000000000001 ffffea00040c5381 00000000ffffffff 00000000ffffffff [ 24.338940] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.346791] page dumped because: kasan: bad access detected [ 24.352362] [ 24.353864] Memory state around the buggy address: [ 24.358656] ffff88810314f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.365874] ffff88810314fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.373094] >ffff88810314fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.380314] ^ [ 24.386934] ffff88810314fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.394181] ffff88810314fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.401398] ================================================================== [ 25.532823] ================================================================== [ 25.544416] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.552077] Write of size 1 at addr ffff888102a320c9 by task kunit_try_catch/205 [ 25.559479] [ 25.560977] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 25.560984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.560986] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 25.560990] Call Trace: [ 25.560991] <TASK> [ 25.560993] dump_stack_lvl+0x73/0xb0 [ 25.560997] print_report+0xd1/0x650 [ 25.561001] ? __virt_addr_valid+0x1db/0x2d0 [ 25.561005] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.561008] ? kasan_addr_to_slab+0x11/0xa0 [ 25.561013] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.561016] kasan_report+0x141/0x180 [ 25.561021] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.561025] __asan_report_store1_noabort+0x1b/0x30 [ 25.561029] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.561033] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.561037] ? finish_task_switch.isra.0+0x153/0x700 [ 25.561041] ? __switch_to+0x5d9/0xf60 [ 25.561045] ? dequeue_task_fair+0x166/0x4e0 [ 25.561049] ? __schedule+0x10cc/0x2b60 [ 25.561054] krealloc_large_less_oob+0x1c/0x30 [ 25.561058] kunit_try_run_case+0x1a2/0x480 [ 25.561062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.561067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.561071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.561076] ? __kthread_parkme+0x82/0x180 [ 25.561080] ? preempt_count_sub+0x50/0x80 [ 25.561085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.561089] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 25.561094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.561098] kthread+0x334/0x6f0 [ 25.561101] ? trace_preempt_on+0x20/0xc0 [ 25.561105] ? __pfx_kthread+0x10/0x10 [ 25.561108] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.561112] ? calculate_sigpending+0x7b/0xa0 [ 25.561116] ? __pfx_kthread+0x10/0x10 [ 25.561119] ret_from_fork+0x3e/0x80 [ 25.561123] ? __pfx_kthread+0x10/0x10 [ 25.561126] ret_from_fork_asm+0x1a/0x30 [ 25.561132] </TASK> [ 25.561133] [ 25.739682] The buggy address belongs to the physical page: [ 25.745256] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 25.753262] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.760931] flags: 0x200000000000040(head|node=0|zone=2) [ 25.766271] page_type: f8(unknown) [ 25.769678] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.777416] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.785158] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.792983] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.800809] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 25.808637] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.816470] page dumped because: kasan: bad access detected [ 25.822040] [ 25.823532] Memory state around the buggy address: [ 25.828324] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.835545] ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.842764] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.849984] ^ [ 25.855557] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.862774] ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.869994] ================================================================== [ 26.899249] ================================================================== [ 26.906489] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.914141] Write of size 1 at addr ffff888102a320eb by task kunit_try_catch/205 [ 26.921533] [ 26.923034] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 26.923042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.923044] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 26.923047] Call Trace: [ 26.923048] <TASK> [ 26.923050] dump_stack_lvl+0x73/0xb0 [ 26.923053] print_report+0xd1/0x650 [ 26.923057] ? __virt_addr_valid+0x1db/0x2d0 [ 26.923061] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.923064] ? kasan_addr_to_slab+0x11/0xa0 [ 26.923068] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.923072] kasan_report+0x141/0x180 [ 26.923076] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.923081] __asan_report_store1_noabort+0x1b/0x30 [ 26.923085] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.923089] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.923093] ? finish_task_switch.isra.0+0x153/0x700 [ 26.923097] ? __switch_to+0x5d9/0xf60 [ 26.923101] ? dequeue_task_fair+0x166/0x4e0 [ 26.923105] ? __schedule+0x10cc/0x2b60 [ 26.923110] krealloc_large_less_oob+0x1c/0x30 [ 26.923113] kunit_try_run_case+0x1a2/0x480 [ 26.923118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.923122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.923127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.923131] ? __kthread_parkme+0x82/0x180 [ 26.923135] ? preempt_count_sub+0x50/0x80 [ 26.923140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.923145] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.923149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.923153] kthread+0x334/0x6f0 [ 26.923156] ? trace_preempt_on+0x20/0xc0 [ 26.923160] ? __pfx_kthread+0x10/0x10 [ 26.923163] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.923168] ? calculate_sigpending+0x7b/0xa0 [ 26.923171] ? __pfx_kthread+0x10/0x10 [ 26.923175] ret_from_fork+0x3e/0x80 [ 26.923179] ? __pfx_kthread+0x10/0x10 [ 26.923182] ret_from_fork_asm+0x1a/0x30 [ 26.923187] </TASK> [ 26.923189] [ 27.101661] The buggy address belongs to the physical page: [ 27.107235] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 27.115241] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.122895] flags: 0x200000000000040(head|node=0|zone=2) [ 27.128234] page_type: f8(unknown) [ 27.131640] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.139388] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 27.147127] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.154973] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 27.162804] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 27.170630] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.178455] page dumped because: kasan: bad access detected [ 27.184029] [ 27.185529] Memory state around the buggy address: [ 27.190321] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.197541] ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.204769] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 27.211997] ^ [ 27.218610] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.225837] ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.233056] ================================================================== [ 23.142771] ================================================================== [ 23.149998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.157651] Write of size 1 at addr ffff88810314fad0 by task kunit_try_catch/201 [ 23.165044] [ 23.166545] CPU: 2 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 23.166553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.166555] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 23.166558] Call Trace: [ 23.166560] <TASK> [ 23.166561] dump_stack_lvl+0x73/0xb0 [ 23.166565] print_report+0xd1/0x650 [ 23.166570] ? __virt_addr_valid+0x1db/0x2d0 [ 23.166573] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.166577] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.166581] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.166585] kasan_report+0x141/0x180 [ 23.166589] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.166594] __asan_report_store1_noabort+0x1b/0x30 [ 23.166598] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.166602] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.166606] ? finish_task_switch.isra.0+0x153/0x700 [ 23.166610] ? __switch_to+0x5d9/0xf60 [ 23.166614] ? dequeue_task_fair+0x166/0x4e0 [ 23.166618] ? __schedule+0x10cc/0x2b60 [ 23.166623] krealloc_less_oob+0x1c/0x30 [ 23.166626] kunit_try_run_case+0x1a2/0x480 [ 23.166631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.166635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.166640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.166645] ? __kthread_parkme+0x82/0x180 [ 23.166649] ? preempt_count_sub+0x50/0x80 [ 23.166653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.166658] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.166662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.166666] kthread+0x334/0x6f0 [ 23.166669] ? trace_preempt_on+0x20/0xc0 [ 23.166674] ? __pfx_kthread+0x10/0x10 [ 23.166677] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.166681] ? calculate_sigpending+0x7b/0xa0 [ 23.166685] ? __pfx_kthread+0x10/0x10 [ 23.166688] ret_from_fork+0x3e/0x80 [ 23.166692] ? __pfx_kthread+0x10/0x10 [ 23.166695] ret_from_fork_asm+0x1a/0x30 [ 23.166700] </TASK> [ 23.166702] [ 23.345950] Allocated by task 201: [ 23.349373] kasan_save_stack+0x45/0x70 [ 23.353214] kasan_save_track+0x18/0x40 [ 23.357052] kasan_save_alloc_info+0x3b/0x50 [ 23.361327] __kasan_krealloc+0x190/0x1f0 [ 23.365346] krealloc_noprof+0xf3/0x340 [ 23.369185] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.373980] krealloc_less_oob+0x1c/0x30 [ 23.377931] kunit_try_run_case+0x1a2/0x480 [ 23.382116] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.387517] kthread+0x334/0x6f0 [ 23.390748] ret_from_fork+0x3e/0x80 [ 23.394329] ret_from_fork_asm+0x1a/0x30 [ 23.398254] [ 23.399754] The buggy address belongs to the object at ffff88810314fa00 [ 23.399754] which belongs to the cache kmalloc-256 of size 256 [ 23.412267] The buggy address is located 7 bytes to the right of [ 23.412267] allocated 201-byte region [ffff88810314fa00, ffff88810314fac9) [ 23.425215] [ 23.426715] The buggy address belongs to the physical page: [ 23.432287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10314e [ 23.440287] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.447961] flags: 0x200000000000040(head|node=0|zone=2) [ 23.453280] page_type: f5(slab) [ 23.456425] raw: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.464164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.471930] head: 0200000000000040 ffff888100042b40 dead000000000122 0000000000000000 [ 23.479782] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.487608] head: 0200000000000001 ffffea00040c5381 00000000ffffffff 00000000ffffffff [ 23.495442] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.503269] page dumped because: kasan: bad access detected [ 23.508839] [ 23.510331] Memory state around the buggy address: [ 23.515123] ffff88810314f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.522345] ffff88810314fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.529570] >ffff88810314fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.536791] ^ [ 23.542625] ffff88810314fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.549850] ffff88810314fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.557071] ================================================================== [ 25.877258] ================================================================== [ 25.884504] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.892163] Write of size 1 at addr ffff888102a320d0 by task kunit_try_catch/205 [ 25.899557] [ 25.901055] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 25.901063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.901065] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 25.901068] Call Trace: [ 25.901069] <TASK> [ 25.901071] dump_stack_lvl+0x73/0xb0 [ 25.901075] print_report+0xd1/0x650 [ 25.901079] ? __virt_addr_valid+0x1db/0x2d0 [ 25.901083] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.901086] ? kasan_addr_to_slab+0x11/0xa0 [ 25.901090] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.901094] kasan_report+0x141/0x180 [ 25.901098] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.901103] __asan_report_store1_noabort+0x1b/0x30 [ 25.901107] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.901111] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.901115] ? finish_task_switch.isra.0+0x153/0x700 [ 25.901119] ? __switch_to+0x5d9/0xf60 [ 25.901123] ? dequeue_task_fair+0x166/0x4e0 [ 25.901127] ? __schedule+0x10cc/0x2b60 [ 25.901132] krealloc_large_less_oob+0x1c/0x30 [ 25.901135] kunit_try_run_case+0x1a2/0x480 [ 25.901140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.901144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.901149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.901154] ? __kthread_parkme+0x82/0x180 [ 25.901158] ? preempt_count_sub+0x50/0x80 [ 25.901162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.901167] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 25.901171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.901176] kthread+0x334/0x6f0 [ 25.901178] ? trace_preempt_on+0x20/0xc0 [ 25.901183] ? __pfx_kthread+0x10/0x10 [ 25.901186] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.901190] ? calculate_sigpending+0x7b/0xa0 [ 25.901194] ? __pfx_kthread+0x10/0x10 [ 25.901197] ret_from_fork+0x3e/0x80 [ 25.901201] ? __pfx_kthread+0x10/0x10 [ 25.901204] ret_from_fork_asm+0x1a/0x30 [ 25.901210] </TASK> [ 25.901211] [ 26.079708] The buggy address belongs to the physical page: [ 26.085282] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 26.093291] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.100972] flags: 0x200000000000040(head|node=0|zone=2) [ 26.106290] page_type: f8(unknown) [ 26.109695] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.117436] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.125175] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.133000] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.140829] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 26.148662] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.156494] page dumped because: kasan: bad access detected [ 26.162069] [ 26.163568] Memory state around the buggy address: [ 26.168360] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.175580] ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.182800] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.190019] ^ [ 26.195851] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.203070] ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.210288] ==================================================================