Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 178.029852] ================================================================== [ 178.032197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x110/0x590 [ 178.033980] Write of size 1 at addr ffff0000c0b824c9 by task kunit_try_catch/136 [ 178.035417] [ 178.035975] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.037904] Hardware name: linux,dummy-virt (DT) [ 178.039138] Call trace: [ 178.039865] dump_backtrace+0x9c/0x128 [ 178.041062] show_stack+0x20/0x38 [ 178.042049] dump_stack_lvl+0x60/0xb0 [ 178.043391] print_report+0xf8/0x5d8 [ 178.044525] kasan_report+0xc8/0x118 [ 178.045856] __asan_store1+0x60/0x70 [ 178.046838] krealloc_less_oob_helper+0x110/0x590 [ 178.048562] krealloc_less_oob+0x20/0x38 [ 178.049835] kunit_try_run_case+0xf8/0x260 [ 178.051123] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.052635] kthread+0x18c/0x1a8 [ 178.053767] ret_from_fork+0x10/0x20 [ 178.054684] [ 178.055358] Allocated by task 136: [ 178.056409] kasan_save_stack+0x3c/0x68 [ 178.057644] kasan_set_track+0x2c/0x40 [ 178.058800] kasan_save_alloc_info+0x24/0x38 [ 178.060145] __kasan_krealloc+0x10c/0x140 [ 178.061500] krealloc+0x10c/0x1a0 [ 178.062800] krealloc_less_oob_helper+0xd4/0x590 [ 178.064433] krealloc_less_oob+0x20/0x38 [ 178.065406] kunit_try_run_case+0xf8/0x260 [ 178.066704] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.068249] kthread+0x18c/0x1a8 [ 178.069525] ret_from_fork+0x10/0x20 [ 178.070449] [ 178.071112] The buggy address belongs to the object at ffff0000c0b82400 [ 178.071112] which belongs to the cache kmalloc-256 of size 256 [ 178.074288] The buggy address is located 0 bytes to the right of [ 178.074288] allocated 201-byte region [ffff0000c0b82400, ffff0000c0b824c9) [ 178.076760] [ 178.078375] The buggy address belongs to the physical page: [ 178.080106] page:000000000369a94f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b82 [ 178.082231] head:000000000369a94f order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.084090] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 178.086053] page_type: 0xffffffff() [ 178.088170] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 178.089918] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 178.091463] page dumped because: kasan: bad access detected [ 178.092705] [ 178.093219] Memory state around the buggy address: [ 178.095158] ffff0000c0b82380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.096928] ffff0000c0b82400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.098623] >ffff0000c0b82480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 178.100151] ^ [ 178.102051] ffff0000c0b82500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.103668] ffff0000c0b82580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.105439] ================================================================== [ 178.109621] ================================================================== [ 178.111237] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x590 [ 178.112959] Write of size 1 at addr ffff0000c0b824d0 by task kunit_try_catch/136 [ 178.114989] [ 178.115826] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.117875] Hardware name: linux,dummy-virt (DT) [ 178.118856] Call trace: [ 178.119832] dump_backtrace+0x9c/0x128 [ 178.121469] show_stack+0x20/0x38 [ 178.122312] dump_stack_lvl+0x60/0xb0 [ 178.123539] print_report+0xf8/0x5d8 [ 178.124704] kasan_report+0xc8/0x118 [ 178.125929] __asan_store1+0x60/0x70 [ 178.127071] krealloc_less_oob_helper+0x140/0x590 [ 178.128319] krealloc_less_oob+0x20/0x38 [ 178.129273] kunit_try_run_case+0xf8/0x260 [ 178.130799] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.132123] kthread+0x18c/0x1a8 [ 178.133632] ret_from_fork+0x10/0x20 [ 178.135230] [ 178.135996] Allocated by task 136: [ 178.137018] kasan_save_stack+0x3c/0x68 [ 178.138199] kasan_set_track+0x2c/0x40 [ 178.139323] kasan_save_alloc_info+0x24/0x38 [ 178.140612] __kasan_krealloc+0x10c/0x140 [ 178.142142] krealloc+0x10c/0x1a0 [ 178.143644] krealloc_less_oob_helper+0xd4/0x590 [ 178.144917] krealloc_less_oob+0x20/0x38 [ 178.146040] kunit_try_run_case+0xf8/0x260 [ 178.147225] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.148657] kthread+0x18c/0x1a8 [ 178.149626] ret_from_fork+0x10/0x20 [ 178.150726] [ 178.151337] The buggy address belongs to the object at ffff0000c0b82400 [ 178.151337] which belongs to the cache kmalloc-256 of size 256 [ 178.153561] The buggy address is located 7 bytes to the right of [ 178.153561] allocated 201-byte region [ffff0000c0b82400, ffff0000c0b824c9) [ 178.156890] [ 178.157465] The buggy address belongs to the physical page: [ 178.158854] page:000000000369a94f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b82 [ 178.160861] head:000000000369a94f order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.162649] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 178.164658] page_type: 0xffffffff() [ 178.166487] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 178.168183] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 178.170624] page dumped because: kasan: bad access detected [ 178.171852] [ 178.172376] Memory state around the buggy address: [ 178.173517] ffff0000c0b82380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.175178] ffff0000c0b82400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.176787] >ffff0000c0b82480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 178.178427] ^ [ 178.179777] ffff0000c0b82500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.181397] ffff0000c0b82580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.182951] ================================================================== [ 178.796325] ================================================================== [ 178.798958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x590 [ 178.800652] Write of size 1 at addr ffff0000c60220eb by task kunit_try_catch/140 [ 178.802866] [ 178.803456] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.805490] Hardware name: linux,dummy-virt (DT) [ 178.806686] Call trace: [ 178.808076] dump_backtrace+0x9c/0x128 [ 178.809312] show_stack+0x20/0x38 [ 178.810365] dump_stack_lvl+0x60/0xb0 [ 178.811591] print_report+0xf8/0x5d8 [ 178.813794] kasan_report+0xc8/0x118 [ 178.815176] __asan_store1+0x60/0x70 [ 178.816247] krealloc_less_oob_helper+0x1e0/0x590 [ 178.817310] krealloc_pagealloc_less_oob+0x20/0x38 [ 178.818613] kunit_try_run_case+0xf8/0x260 [ 178.819782] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.821238] kthread+0x18c/0x1a8 [ 178.822222] ret_from_fork+0x10/0x20 [ 178.823471] [ 178.824026] The buggy address belongs to the physical page: [ 178.825459] page:00000000dc26f172 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 178.827549] head:00000000dc26f172 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.829320] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 178.830938] page_type: 0xffffffff() [ 178.831975] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.833775] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 178.835358] page dumped because: kasan: bad access detected [ 178.837228] [ 178.837719] Memory state around the buggy address: [ 178.838752] ffff0000c6021f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.840314] ffff0000c6022000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.842644] >ffff0000c6022080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 178.844360] ^ [ 178.845875] ffff0000c6022100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.847477] ffff0000c6022180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.849834] ================================================================== [ 178.267936] ================================================================== [ 178.269498] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b8/0x590 [ 178.271230] Write of size 1 at addr ffff0000c0b824ea by task kunit_try_catch/136 [ 178.273080] [ 178.273964] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.275450] Hardware name: linux,dummy-virt (DT) [ 178.276301] Call trace: [ 178.277360] dump_backtrace+0x9c/0x128 [ 178.278493] show_stack+0x20/0x38 [ 178.279466] dump_stack_lvl+0x60/0xb0 [ 178.280627] print_report+0xf8/0x5d8 [ 178.281735] kasan_report+0xc8/0x118 [ 178.282952] __asan_store1+0x60/0x70 [ 178.284348] krealloc_less_oob_helper+0x1b8/0x590 [ 178.286343] krealloc_less_oob+0x20/0x38 [ 178.287515] kunit_try_run_case+0xf8/0x260 [ 178.288797] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.290440] kthread+0x18c/0x1a8 [ 178.291417] ret_from_fork+0x10/0x20 [ 178.292502] [ 178.293102] Allocated by task 136: [ 178.294058] kasan_save_stack+0x3c/0x68 [ 178.295181] kasan_set_track+0x2c/0x40 [ 178.296376] kasan_save_alloc_info+0x24/0x38 [ 178.297805] __kasan_krealloc+0x10c/0x140 [ 178.299086] krealloc+0x10c/0x1a0 [ 178.300085] krealloc_less_oob_helper+0xd4/0x590 [ 178.301598] krealloc_less_oob+0x20/0x38 [ 178.302866] kunit_try_run_case+0xf8/0x260 [ 178.303949] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.305263] kthread+0x18c/0x1a8 [ 178.306054] ret_from_fork+0x10/0x20 [ 178.306941] [ 178.307399] The buggy address belongs to the object at ffff0000c0b82400 [ 178.307399] which belongs to the cache kmalloc-256 of size 256 [ 178.310455] The buggy address is located 33 bytes to the right of [ 178.310455] allocated 201-byte region [ffff0000c0b82400, ffff0000c0b824c9) [ 178.313983] [ 178.314952] The buggy address belongs to the physical page: [ 178.316184] page:000000000369a94f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b82 [ 178.318566] head:000000000369a94f order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.320664] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 178.322448] page_type: 0xffffffff() [ 178.323464] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 178.325231] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 178.327810] page dumped because: kasan: bad access detected [ 178.329564] [ 178.330082] Memory state around the buggy address: [ 178.331324] ffff0000c0b82380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.332955] ffff0000c0b82400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.334506] >ffff0000c0b82480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 178.335951] ^ [ 178.338169] ffff0000c0b82500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.339811] ffff0000c0b82580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.341770] ================================================================== [ 178.569757] ================================================================== [ 178.571957] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x110/0x590 [ 178.574075] Write of size 1 at addr ffff0000c60220c9 by task kunit_try_catch/140 [ 178.575893] [ 178.576471] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.579133] Hardware name: linux,dummy-virt (DT) [ 178.580271] Call trace: [ 178.581071] dump_backtrace+0x9c/0x128 [ 178.582493] show_stack+0x20/0x38 [ 178.583474] dump_stack_lvl+0x60/0xb0 [ 178.584606] print_report+0xf8/0x5d8 [ 178.586194] kasan_report+0xc8/0x118 [ 178.587297] __asan_store1+0x60/0x70 [ 178.588410] krealloc_less_oob_helper+0x110/0x590 [ 178.589836] krealloc_pagealloc_less_oob+0x20/0x38 [ 178.591372] kunit_try_run_case+0xf8/0x260 [ 178.592828] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.594359] kthread+0x18c/0x1a8 [ 178.595357] ret_from_fork+0x10/0x20 [ 178.596509] [ 178.597211] The buggy address belongs to the physical page: [ 178.598897] page:00000000dc26f172 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 178.600940] head:00000000dc26f172 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.602788] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 178.604565] page_type: 0xffffffff() [ 178.605889] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.607746] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 178.609587] page dumped because: kasan: bad access detected [ 178.610299] [ 178.610613] Memory state around the buggy address: [ 178.611940] ffff0000c6021f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.613870] ffff0000c6022000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.615783] >ffff0000c6022080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 178.617679] ^ [ 178.619163] ffff0000c6022100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.620793] ffff0000c6022180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.622453] ================================================================== [ 178.187395] ================================================================== [ 178.189296] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18c/0x590 [ 178.191033] Write of size 1 at addr ffff0000c0b824da by task kunit_try_catch/136 [ 178.192773] [ 178.193462] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.195732] Hardware name: linux,dummy-virt (DT) [ 178.196879] Call trace: [ 178.197501] dump_backtrace+0x9c/0x128 [ 178.198779] show_stack+0x20/0x38 [ 178.199807] dump_stack_lvl+0x60/0xb0 [ 178.201094] print_report+0xf8/0x5d8 [ 178.202145] kasan_report+0xc8/0x118 [ 178.203313] __asan_store1+0x60/0x70 [ 178.204421] krealloc_less_oob_helper+0x18c/0x590 [ 178.205848] krealloc_less_oob+0x20/0x38 [ 178.207120] kunit_try_run_case+0xf8/0x260 [ 178.208338] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.210084] kthread+0x18c/0x1a8 [ 178.211472] ret_from_fork+0x10/0x20 [ 178.213012] [ 178.213750] Allocated by task 136: [ 178.214671] kasan_save_stack+0x3c/0x68 [ 178.215844] kasan_set_track+0x2c/0x40 [ 178.216995] kasan_save_alloc_info+0x24/0x38 [ 178.218388] __kasan_krealloc+0x10c/0x140 [ 178.219787] krealloc+0x10c/0x1a0 [ 178.220960] krealloc_less_oob_helper+0xd4/0x590 [ 178.222507] krealloc_less_oob+0x20/0x38 [ 178.223777] kunit_try_run_case+0xf8/0x260 [ 178.225076] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.226675] kthread+0x18c/0x1a8 [ 178.227427] ret_from_fork+0x10/0x20 [ 178.228317] [ 178.228975] The buggy address belongs to the object at ffff0000c0b82400 [ 178.228975] which belongs to the cache kmalloc-256 of size 256 [ 178.232059] The buggy address is located 17 bytes to the right of [ 178.232059] allocated 201-byte region [ffff0000c0b82400, ffff0000c0b824c9) [ 178.234788] [ 178.235250] The buggy address belongs to the physical page: [ 178.236561] page:000000000369a94f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b82 [ 178.239080] head:000000000369a94f order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.240955] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 178.242641] page_type: 0xffffffff() [ 178.243664] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 178.245789] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 178.247898] page dumped because: kasan: bad access detected [ 178.249515] [ 178.250057] Memory state around the buggy address: [ 178.251182] ffff0000c0b82380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.252730] ffff0000c0b82400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.254429] >ffff0000c0b82480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 178.256002] ^ [ 178.257530] ffff0000c0b82500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.259591] ffff0000c0b82580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.261838] ================================================================== [ 178.681294] ================================================================== [ 178.683183] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18c/0x590 [ 178.686035] Write of size 1 at addr ffff0000c60220da by task kunit_try_catch/140 [ 178.687918] [ 178.688400] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.691021] Hardware name: linux,dummy-virt (DT) [ 178.691975] Call trace: [ 178.692688] dump_backtrace+0x9c/0x128 [ 178.694309] show_stack+0x20/0x38 [ 178.695430] dump_stack_lvl+0x60/0xb0 [ 178.696834] print_report+0xf8/0x5d8 [ 178.697880] kasan_report+0xc8/0x118 [ 178.699048] __asan_store1+0x60/0x70 [ 178.700152] krealloc_less_oob_helper+0x18c/0x590 [ 178.701861] krealloc_pagealloc_less_oob+0x20/0x38 [ 178.703114] kunit_try_run_case+0xf8/0x260 [ 178.704555] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.706204] kthread+0x18c/0x1a8 [ 178.707137] ret_from_fork+0x10/0x20 [ 178.708248] [ 178.708909] The buggy address belongs to the physical page: [ 178.710634] page:00000000dc26f172 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 178.712708] head:00000000dc26f172 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.714819] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 178.716364] page_type: 0xffffffff() [ 178.717479] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.719414] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 178.721247] page dumped because: kasan: bad access detected [ 178.722940] [ 178.723633] Memory state around the buggy address: [ 178.724911] ffff0000c6021f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.726930] ffff0000c6022000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.728754] >ffff0000c6022080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 178.730104] ^ [ 178.731474] ffff0000c6022100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.733234] ffff0000c6022180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.734844] ================================================================== [ 178.347546] ================================================================== [ 178.349130] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x590 [ 178.351788] Write of size 1 at addr ffff0000c0b824eb by task kunit_try_catch/136 [ 178.354350] [ 178.355002] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.356839] Hardware name: linux,dummy-virt (DT) [ 178.357953] Call trace: [ 178.359489] dump_backtrace+0x9c/0x128 [ 178.360666] show_stack+0x20/0x38 [ 178.361722] dump_stack_lvl+0x60/0xb0 [ 178.362893] print_report+0xf8/0x5d8 [ 178.364006] kasan_report+0xc8/0x118 [ 178.365960] __asan_store1+0x60/0x70 [ 178.367006] krealloc_less_oob_helper+0x1e0/0x590 [ 178.368377] krealloc_less_oob+0x20/0x38 [ 178.369489] kunit_try_run_case+0xf8/0x260 [ 178.370723] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.372201] kthread+0x18c/0x1a8 [ 178.373436] ret_from_fork+0x10/0x20 [ 178.374356] [ 178.374844] Allocated by task 136: [ 178.375909] kasan_save_stack+0x3c/0x68 [ 178.377191] kasan_set_track+0x2c/0x40 [ 178.378341] kasan_save_alloc_info+0x24/0x38 [ 178.379636] __kasan_krealloc+0x10c/0x140 [ 178.380849] krealloc+0x10c/0x1a0 [ 178.381841] krealloc_less_oob_helper+0xd4/0x590 [ 178.383525] krealloc_less_oob+0x20/0x38 [ 178.384492] kunit_try_run_case+0xf8/0x260 [ 178.385493] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.387387] kthread+0x18c/0x1a8 [ 178.388515] ret_from_fork+0x10/0x20 [ 178.389746] [ 178.390415] The buggy address belongs to the object at ffff0000c0b82400 [ 178.390415] which belongs to the cache kmalloc-256 of size 256 [ 178.392586] The buggy address is located 34 bytes to the right of [ 178.392586] allocated 201-byte region [ffff0000c0b82400, ffff0000c0b824c9) [ 178.396031] [ 178.397171] The buggy address belongs to the physical page: [ 178.398538] page:000000000369a94f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b82 [ 178.400546] head:000000000369a94f order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.402739] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 178.405429] page_type: 0xffffffff() [ 178.406551] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 178.408307] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 178.410293] page dumped because: kasan: bad access detected [ 178.411174] [ 178.411696] Memory state around the buggy address: [ 178.412862] ffff0000c0b82380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.414433] ffff0000c0b82400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.416362] >ffff0000c0b82480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 178.418257] ^ [ 178.419946] ffff0000c0b82500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.421814] ffff0000c0b82580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.423412] ================================================================== [ 178.624960] ================================================================== [ 178.626662] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x590 [ 178.628138] Write of size 1 at addr ffff0000c60220d0 by task kunit_try_catch/140 [ 178.630309] [ 178.630912] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.632736] Hardware name: linux,dummy-virt (DT) [ 178.633863] Call trace: [ 178.634589] dump_backtrace+0x9c/0x128 [ 178.635818] show_stack+0x20/0x38 [ 178.636678] dump_stack_lvl+0x60/0xb0 [ 178.638361] print_report+0xf8/0x5d8 [ 178.639863] kasan_report+0xc8/0x118 [ 178.641304] __asan_store1+0x60/0x70 [ 178.643280] krealloc_less_oob_helper+0x140/0x590 [ 178.644963] krealloc_pagealloc_less_oob+0x20/0x38 [ 178.646411] kunit_try_run_case+0xf8/0x260 [ 178.647602] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.649099] kthread+0x18c/0x1a8 [ 178.649898] ret_from_fork+0x10/0x20 [ 178.651731] [ 178.652256] The buggy address belongs to the physical page: [ 178.653614] page:00000000dc26f172 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 178.655670] head:00000000dc26f172 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.657361] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 178.658841] page_type: 0xffffffff() [ 178.659645] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.661206] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 178.663140] page dumped because: kasan: bad access detected [ 178.664508] [ 178.665201] Memory state around the buggy address: [ 178.666525] ffff0000c6021f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.668229] ffff0000c6022000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.670060] >ffff0000c6022080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 178.671735] ^ [ 178.672788] ffff0000c6022100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.675106] ffff0000c6022180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.677611] ================================================================== [ 178.738297] ================================================================== [ 178.739821] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b8/0x590 [ 178.741616] Write of size 1 at addr ffff0000c60220ea by task kunit_try_catch/140 [ 178.743546] [ 178.744729] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 178.746987] Hardware name: linux,dummy-virt (DT) [ 178.748157] Call trace: [ 178.748859] dump_backtrace+0x9c/0x128 [ 178.750102] show_stack+0x20/0x38 [ 178.751104] dump_stack_lvl+0x60/0xb0 [ 178.752334] print_report+0xf8/0x5d8 [ 178.753843] kasan_report+0xc8/0x118 [ 178.755192] __asan_store1+0x60/0x70 [ 178.756243] krealloc_less_oob_helper+0x1b8/0x590 [ 178.757862] krealloc_pagealloc_less_oob+0x20/0x38 [ 178.759255] kunit_try_run_case+0xf8/0x260 [ 178.760446] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 178.761852] kthread+0x18c/0x1a8 [ 178.762639] ret_from_fork+0x10/0x20 [ 178.763351] [ 178.763752] The buggy address belongs to the physical page: [ 178.765796] page:00000000dc26f172 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 178.768081] head:00000000dc26f172 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 178.770134] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 178.771839] page_type: 0xffffffff() [ 178.772856] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 178.774536] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 178.776887] page dumped because: kasan: bad access detected [ 178.778181] [ 178.779163] Memory state around the buggy address: [ 178.780250] ffff0000c6021f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.782115] ffff0000c6022000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.783366] >ffff0000c6022080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 178.786207] ^ [ 178.787799] ffff0000c6022100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.789432] ffff0000c6022180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 178.791604] ==================================================================