Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-armv7 | |
| qemu-x86_64 |
[ 144.763762] ================================================================== [ 144.764509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a8/0x5f0 [ 144.765301] Write of size 1 at addr c4c17cda by task kunit_try_catch/131 [ 144.767137] [ 144.767447] CPU: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.768434] Hardware name: Generic DT based system [ 144.768993] unwind_backtrace from show_stack+0x18/0x1c [ 144.769730] show_stack from dump_stack_lvl+0x58/0x70 [ 144.770435] dump_stack_lvl from print_report+0x164/0x51c [ 144.771213] print_report from kasan_report+0xc8/0x104 [ 144.771867] kasan_report from krealloc_less_oob_helper+0x1a8/0x5f0 [ 144.772810] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.773717] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.774678] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.775619] kthread from ret_from_fork+0x14/0x30 [ 144.776375] Exception stack(0xf9f23fb0 to 0xf9f23ff8) [ 144.776930] 3fa0: 00000000 00000000 00000000 00000000 [ 144.777883] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.778761] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.779509] [ 144.779817] Allocated by task 131: [ 144.780202] kasan_set_track+0x3c/0x5c [ 144.780703] __kasan_krealloc+0xe0/0x104 [ 144.781385] krealloc+0xd4/0x134 [ 144.781841] krealloc_less_oob_helper+0xd4/0x5f0 [ 144.782489] kunit_try_run_case+0x11c/0x2e4 [ 144.782997] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.783804] kthread+0x184/0x1a8 [ 144.784276] ret_from_fork+0x14/0x30 [ 144.784705] [ 144.785086] The buggy address belongs to the object at c4c17c00 [ 144.785086] which belongs to the cache kmalloc-256 of size 256 [ 144.786810] The buggy address is located 17 bytes to the right of [ 144.786810] allocated 201-byte region [c4c17c00, c4c17cc9) [ 144.788088] [ 144.788431] The buggy address belongs to the physical page: [ 144.789084] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16 [ 144.790127] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.790870] flags: 0x840(slab|head|zone=0) [ 144.791395] page_type: 0xffffffff() [ 144.791803] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001 [ 144.792906] raw: 00000000 [ 144.793257] page dumped because: kasan: bad access detected [ 144.793936] [ 144.794318] Memory state around the buggy address: [ 144.794886] c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.795675] c4c17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.796386] >c4c17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 144.797129] ^ [ 144.797689] c4c17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.798671] c4c17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.799462] ================================================================== [ 144.687805] ================================================================== [ 144.688897] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5f0 [ 144.689687] Write of size 1 at addr c4c17cc9 by task kunit_try_catch/131 [ 144.690352] [ 144.690690] CPU: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.691566] Hardware name: Generic DT based system [ 144.692140] unwind_backtrace from show_stack+0x18/0x1c [ 144.692738] show_stack from dump_stack_lvl+0x58/0x70 [ 144.693505] dump_stack_lvl from print_report+0x164/0x51c [ 144.694123] print_report from kasan_report+0xc8/0x104 [ 144.694967] kasan_report from krealloc_less_oob_helper+0x114/0x5f0 [ 144.695829] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.696844] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.697816] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.698688] kthread from ret_from_fork+0x14/0x30 [ 144.699267] Exception stack(0xf9f23fb0 to 0xf9f23ff8) [ 144.699914] 3fa0: 00000000 00000000 00000000 00000000 [ 144.700796] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.701751] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.702452] [ 144.702738] Allocated by task 131: [ 144.703196] kasan_set_track+0x3c/0x5c [ 144.703758] __kasan_krealloc+0xe0/0x104 [ 144.704297] krealloc+0xd4/0x134 [ 144.704692] krealloc_less_oob_helper+0xd4/0x5f0 [ 144.705408] kunit_try_run_case+0x11c/0x2e4 [ 144.706328] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.707287] kthread+0x184/0x1a8 [ 144.707669] ret_from_fork+0x14/0x30 [ 144.708430] [ 144.708997] The buggy address belongs to the object at c4c17c00 [ 144.708997] which belongs to the cache kmalloc-256 of size 256 [ 144.710241] The buggy address is located 0 bytes to the right of [ 144.710241] allocated 201-byte region [c4c17c00, c4c17cc9) [ 144.711407] [ 144.711754] The buggy address belongs to the physical page: [ 144.712475] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16 [ 144.713487] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.714485] flags: 0x840(slab|head|zone=0) [ 144.715095] page_type: 0xffffffff() [ 144.715585] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001 [ 144.716549] raw: 00000000 [ 144.717071] page dumped because: kasan: bad access detected [ 144.717742] [ 144.718073] Memory state around the buggy address: [ 144.718694] c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.719451] c4c17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.720294] >c4c17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 144.721020] ^ [ 144.721609] c4c17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.722466] c4c17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.723240] ================================================================== [ 145.042680] ================================================================== [ 145.043264] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x5f0 [ 145.044619] Write of size 1 at addr c4ffe0ea by task kunit_try_catch/135 [ 145.045580] [ 145.045840] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 145.047146] Hardware name: Generic DT based system [ 145.048152] unwind_backtrace from show_stack+0x18/0x1c [ 145.048838] show_stack from dump_stack_lvl+0x58/0x70 [ 145.049532] dump_stack_lvl from print_report+0x164/0x51c [ 145.051189] print_report from kasan_report+0xc8/0x104 [ 145.051968] kasan_report from krealloc_less_oob_helper+0x1e0/0x5f0 [ 145.052932] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 145.053896] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 145.054908] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 145.055826] kthread from ret_from_fork+0x14/0x30 [ 145.056482] Exception stack(0xf9f43fb0 to 0xf9f43ff8) [ 145.057192] 3fa0: 00000000 00000000 00000000 00000000 [ 145.058185] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 145.059169] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 145.059918] [ 145.060284] The buggy address belongs to the physical page: [ 145.060994] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc [ 145.062098] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 145.063103] flags: 0x40(head|zone=0) [ 145.063739] page_type: 0xffffffff() [ 145.064244] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 145.065311] raw: 00000000 [ 145.065847] page dumped because: kasan: bad access detected [ 145.066522] [ 145.066767] Memory state around the buggy address: [ 145.067554] c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.068378] c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.069339] >c4ffe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 145.070066] ^ [ 145.070928] c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.072161] c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.073157] ================================================================== [ 144.801098] ================================================================== [ 144.801830] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x5f0 [ 144.802834] Write of size 1 at addr c4c17cea by task kunit_try_catch/131 [ 144.803509] [ 144.803796] CPU: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.804685] Hardware name: Generic DT based system [ 144.805262] unwind_backtrace from show_stack+0x18/0x1c [ 144.806676] show_stack from dump_stack_lvl+0x58/0x70 [ 144.807818] dump_stack_lvl from print_report+0x164/0x51c [ 144.809087] print_report from kasan_report+0xc8/0x104 [ 144.810034] kasan_report from krealloc_less_oob_helper+0x1e0/0x5f0 [ 144.810910] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.811844] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.812879] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.813806] kthread from ret_from_fork+0x14/0x30 [ 144.814489] Exception stack(0xf9f23fb0 to 0xf9f23ff8) [ 144.815261] 3fa0: 00000000 00000000 00000000 00000000 [ 144.816280] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.817203] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.817982] [ 144.818350] Allocated by task 131: [ 144.818936] kasan_set_track+0x3c/0x5c [ 144.819722] __kasan_krealloc+0xe0/0x104 [ 144.820281] krealloc+0xd4/0x134 [ 144.820736] krealloc_less_oob_helper+0xd4/0x5f0 [ 144.821358] kunit_try_run_case+0x11c/0x2e4 [ 144.822199] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.822944] kthread+0x184/0x1a8 [ 144.823603] ret_from_fork+0x14/0x30 [ 144.824138] [ 144.824523] The buggy address belongs to the object at c4c17c00 [ 144.824523] which belongs to the cache kmalloc-256 of size 256 [ 144.825925] The buggy address is located 33 bytes to the right of [ 144.825925] allocated 201-byte region [c4c17c00, c4c17cc9) [ 144.828343] [ 144.828928] The buggy address belongs to the physical page: [ 144.829834] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16 [ 144.830953] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.831670] flags: 0x840(slab|head|zone=0) [ 144.832348] page_type: 0xffffffff() [ 144.832869] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001 [ 144.833806] raw: 00000000 [ 144.834173] page dumped because: kasan: bad access detected [ 144.834813] [ 144.835168] Memory state around the buggy address: [ 144.835747] c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.836560] c4c17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.837454] >c4c17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 144.838399] ^ [ 144.838984] c4c17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.839765] c4c17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.840490] ================================================================== [ 145.074565] ================================================================== [ 145.075236] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x5f0 [ 145.075990] Write of size 1 at addr c4ffe0eb by task kunit_try_catch/135 [ 145.076985] [ 145.077331] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 145.078316] Hardware name: Generic DT based system [ 145.079141] unwind_backtrace from show_stack+0x18/0x1c [ 145.079843] show_stack from dump_stack_lvl+0x58/0x70 [ 145.080489] dump_stack_lvl from print_report+0x164/0x51c [ 145.081321] print_report from kasan_report+0xc8/0x104 [ 145.082045] kasan_report from krealloc_less_oob_helper+0x214/0x5f0 [ 145.082918] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 145.083905] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 145.085003] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 145.086291] kthread from ret_from_fork+0x14/0x30 [ 145.087617] Exception stack(0xf9f43fb0 to 0xf9f43ff8) [ 145.088258] 3fa0: 00000000 00000000 00000000 00000000 [ 145.089234] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 145.090154] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 145.090825] [ 145.091151] The buggy address belongs to the physical page: [ 145.091742] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc [ 145.092658] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 145.093458] flags: 0x40(head|zone=0) [ 145.093935] page_type: 0xffffffff() [ 145.094365] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 145.095260] raw: 00000000 [ 145.095681] page dumped because: kasan: bad access detected [ 145.096236] [ 145.096583] Memory state around the buggy address: [ 145.097219] c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.097989] c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.098620] >c4ffe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 145.099361] ^ [ 145.099923] c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.100834] c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.101546] ================================================================== [ 144.953598] ================================================================== [ 144.954801] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5f0 [ 144.955531] Write of size 1 at addr c4ffe0c9 by task kunit_try_catch/135 [ 144.956258] [ 144.956574] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.957542] Hardware name: Generic DT based system [ 144.958232] unwind_backtrace from show_stack+0x18/0x1c [ 144.958981] show_stack from dump_stack_lvl+0x58/0x70 [ 144.959675] dump_stack_lvl from print_report+0x164/0x51c [ 144.960356] print_report from kasan_report+0xc8/0x104 [ 144.961108] kasan_report from krealloc_less_oob_helper+0x114/0x5f0 [ 144.962019] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.962949] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.963988] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.964842] kthread from ret_from_fork+0x14/0x30 [ 144.965425] Exception stack(0xf9f43fb0 to 0xf9f43ff8) [ 144.966088] 3fa0: 00000000 00000000 00000000 00000000 [ 144.967712] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.968832] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.969567] [ 144.969815] The buggy address belongs to the physical page: [ 144.970484] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc [ 144.971333] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.972098] flags: 0x40(head|zone=0) [ 144.972663] page_type: 0xffffffff() [ 144.973222] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 144.973977] raw: 00000000 [ 144.974431] page dumped because: kasan: bad access detected [ 144.974963] [ 144.975327] Memory state around the buggy address: [ 144.975924] c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.976644] c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.977465] >c4ffe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 144.978168] ^ [ 144.978647] c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 144.979465] c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 144.980163] ================================================================== [ 144.841597] ================================================================== [ 144.843233] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x214/0x5f0 [ 144.843982] Write of size 1 at addr c4c17ceb by task kunit_try_catch/131 [ 144.844743] [ 144.844980] CPU: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.846382] Hardware name: Generic DT based system [ 144.847004] unwind_backtrace from show_stack+0x18/0x1c [ 144.847792] show_stack from dump_stack_lvl+0x58/0x70 [ 144.848434] dump_stack_lvl from print_report+0x164/0x51c [ 144.849279] print_report from kasan_report+0xc8/0x104 [ 144.849962] kasan_report from krealloc_less_oob_helper+0x214/0x5f0 [ 144.850807] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.851567] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.852506] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.853475] kthread from ret_from_fork+0x14/0x30 [ 144.854086] Exception stack(0xf9f23fb0 to 0xf9f23ff8) [ 144.854649] 3fa0: 00000000 00000000 00000000 00000000 [ 144.855667] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.856522] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.857289] [ 144.857579] Allocated by task 131: [ 144.857933] kasan_set_track+0x3c/0x5c [ 144.858750] __kasan_krealloc+0xe0/0x104 [ 144.859378] krealloc+0xd4/0x134 [ 144.859784] krealloc_less_oob_helper+0xd4/0x5f0 [ 144.860492] kunit_try_run_case+0x11c/0x2e4 [ 144.861072] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.861745] kthread+0x184/0x1a8 [ 144.862185] ret_from_fork+0x14/0x30 [ 144.862762] [ 144.863088] The buggy address belongs to the object at c4c17c00 [ 144.863088] which belongs to the cache kmalloc-256 of size 256 [ 144.864118] The buggy address is located 34 bytes to the right of [ 144.864118] allocated 201-byte region [c4c17c00, c4c17cc9) [ 144.865334] [ 144.865632] The buggy address belongs to the physical page: [ 144.866975] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16 [ 144.867794] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.868763] flags: 0x840(slab|head|zone=0) [ 144.869269] page_type: 0xffffffff() [ 144.869712] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001 [ 144.870737] raw: 00000000 [ 144.871147] page dumped because: kasan: bad access detected [ 144.871741] [ 144.872034] Memory state around the buggy address: [ 144.872609] c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.873487] c4c17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.874173] >c4c17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 144.874906] ^ [ 144.875854] c4c17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.876645] c4c17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.877426] ================================================================== [ 144.983174] ================================================================== [ 144.983881] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x150/0x5f0 [ 144.984674] Write of size 1 at addr c4ffe0d0 by task kunit_try_catch/135 [ 144.985385] [ 144.985642] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.986502] Hardware name: Generic DT based system [ 144.987542] unwind_backtrace from show_stack+0x18/0x1c [ 144.988438] show_stack from dump_stack_lvl+0x58/0x70 [ 144.989403] dump_stack_lvl from print_report+0x164/0x51c [ 144.989761] print_report from kasan_report+0xc8/0x104 [ 144.990171] kasan_report from krealloc_less_oob_helper+0x150/0x5f0 [ 144.991501] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.992667] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.993685] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.994604] kthread from ret_from_fork+0x14/0x30 [ 144.995299] Exception stack(0xf9f43fb0 to 0xf9f43ff8) [ 144.996025] 3fa0: 00000000 00000000 00000000 00000000 [ 144.997002] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.997919] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.998761] [ 144.999040] The buggy address belongs to the physical page: [ 144.999677] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc [ 145.000659] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 145.001552] flags: 0x40(head|zone=0) [ 145.002101] page_type: 0xffffffff() [ 145.002569] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 145.003585] raw: 00000000 [ 145.003989] page dumped because: kasan: bad access detected [ 145.004724] [ 145.005097] Memory state around the buggy address: [ 145.005853] c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.007281] c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.008118] >c4ffe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 145.008889] ^ [ 145.009534] c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.010338] c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.011125] ================================================================== [ 145.012395] ================================================================== [ 145.012932] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a8/0x5f0 [ 145.014002] Write of size 1 at addr c4ffe0da by task kunit_try_catch/135 [ 145.015235] [ 145.015492] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 145.016621] Hardware name: Generic DT based system [ 145.017240] unwind_backtrace from show_stack+0x18/0x1c [ 145.018096] show_stack from dump_stack_lvl+0x58/0x70 [ 145.018800] dump_stack_lvl from print_report+0x164/0x51c [ 145.019577] print_report from kasan_report+0xc8/0x104 [ 145.020360] kasan_report from krealloc_less_oob_helper+0x1a8/0x5f0 [ 145.021271] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 145.022217] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 145.023281] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 145.024208] kthread from ret_from_fork+0x14/0x30 [ 145.024871] Exception stack(0xf9f43fb0 to 0xf9f43ff8) [ 145.025555] 3fa0: 00000000 00000000 00000000 00000000 [ 145.027031] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 145.028510] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 145.029942] [ 145.030417] The buggy address belongs to the physical page: [ 145.031437] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc [ 145.032588] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 145.033396] flags: 0x40(head|zone=0) [ 145.033681] page_type: 0xffffffff() [ 145.033936] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 145.035091] raw: 00000000 [ 145.035494] page dumped because: kasan: bad access detected [ 145.036126] [ 145.036467] Memory state around the buggy address: [ 145.037105] c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.038010] c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.038725] >c4ffe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 145.039458] ^ [ 145.040107] c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.040832] c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 145.041436] ================================================================== [ 144.726254] ================================================================== [ 144.727124] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x150/0x5f0 [ 144.727933] Write of size 1 at addr c4c17cd0 by task kunit_try_catch/131 [ 144.728673] [ 144.729117] CPU: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 144.730072] Hardware name: Generic DT based system [ 144.730715] unwind_backtrace from show_stack+0x18/0x1c [ 144.731593] show_stack from dump_stack_lvl+0x58/0x70 [ 144.732301] dump_stack_lvl from print_report+0x164/0x51c [ 144.733003] print_report from kasan_report+0xc8/0x104 [ 144.733718] kasan_report from krealloc_less_oob_helper+0x150/0x5f0 [ 144.734561] krealloc_less_oob_helper from kunit_try_run_case+0x11c/0x2e4 [ 144.735459] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.736642] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 144.737633] kthread from ret_from_fork+0x14/0x30 [ 144.738332] Exception stack(0xf9f23fb0 to 0xf9f23ff8) [ 144.738953] 3fa0: 00000000 00000000 00000000 00000000 [ 144.739872] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 144.740846] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 144.741538] [ 144.741783] Allocated by task 131: [ 144.742178] kasan_set_track+0x3c/0x5c [ 144.742734] __kasan_krealloc+0xe0/0x104 [ 144.743387] krealloc+0xd4/0x134 [ 144.743855] krealloc_less_oob_helper+0xd4/0x5f0 [ 144.744437] kunit_try_run_case+0x11c/0x2e4 [ 144.745014] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 144.745738] kthread+0x184/0x1a8 [ 144.746227] ret_from_fork+0x14/0x30 [ 144.746753] [ 144.747104] The buggy address belongs to the object at c4c17c00 [ 144.747104] which belongs to the cache kmalloc-256 of size 256 [ 144.749628] The buggy address is located 7 bytes to the right of [ 144.749628] allocated 201-byte region [c4c17c00, c4c17cc9) [ 144.751095] [ 144.751739] The buggy address belongs to the physical page: [ 144.752577] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16 [ 144.753436] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.754232] flags: 0x840(slab|head|zone=0) [ 144.754714] page_type: 0xffffffff() [ 144.755220] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001 [ 144.756127] raw: 00000000 [ 144.756543] page dumped because: kasan: bad access detected [ 144.757147] [ 144.757353] Memory state around the buggy address: [ 144.758046] c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.758786] c4c17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.759464] >c4c17c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 144.760162] ^ [ 144.760949] c4c17d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.761675] c4c17d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.762406] ==================================================================
[ 47.723210] ================================================================== [ 47.724607] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x258/0x660 [ 47.725451] Write of size 1 at addr ffff88810256a0ea by task kunit_try_catch/158 [ 47.726633] [ 47.727072] CPU: 1 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.728495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.729473] Call Trace: [ 47.729913] <TASK> [ 47.730148] dump_stack_lvl+0x4e/0x90 [ 47.730949] print_report+0xd2/0x660 [ 47.731603] ? __virt_addr_valid+0x156/0x1e0 [ 47.732060] ? kasan_addr_to_slab+0x11/0xb0 [ 47.732824] kasan_report+0xff/0x140 [ 47.733475] ? krealloc_less_oob_helper+0x258/0x660 [ 47.734149] ? krealloc_less_oob_helper+0x258/0x660 [ 47.734970] __asan_store1+0x69/0x70 [ 47.735777] krealloc_less_oob_helper+0x258/0x660 [ 47.736340] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.737175] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.738082] ? __schedule+0x70b/0x1190 [ 47.738602] ? ktime_get_ts64+0x118/0x140 [ 47.739203] krealloc_pagealloc_less_oob+0x1c/0x30 [ 47.740098] kunit_try_run_case+0x126/0x290 [ 47.741199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.741729] ? __kasan_check_write+0x18/0x20 [ 47.742249] ? trace_preempt_on+0x20/0xa0 [ 47.742704] ? __kthread_parkme+0x4f/0xd0 [ 47.743966] ? preempt_count_sub+0x50/0x80 [ 47.744568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.745434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.746262] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.746868] kthread+0x19e/0x1e0 [ 47.747413] ? __pfx_kthread+0x10/0x10 [ 47.748463] ret_from_fork+0x41/0x70 [ 47.749291] ? __pfx_kthread+0x10/0x10 [ 47.749848] ret_from_fork_asm+0x1b/0x30 [ 47.750591] </TASK> [ 47.751130] [ 47.751417] The buggy address belongs to the physical page: [ 47.752351] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 47.753312] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.753906] flags: 0x200000000000040(head|node=0|zone=2) [ 47.754769] page_type: 0xffffffff() [ 47.755337] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.756478] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.757543] page dumped because: kasan: bad access detected [ 47.758439] [ 47.758653] Memory state around the buggy address: [ 47.759192] ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.759991] ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.760518] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 47.761110] ^ [ 47.761932] ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.762510] ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.763987] ================================================================== [ 47.324390] ================================================================== [ 47.325336] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x21a/0x660 [ 47.326400] Write of size 1 at addr ffff8881028578da by task kunit_try_catch/154 [ 47.327169] [ 47.327691] CPU: 1 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.329292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.330158] Call Trace: [ 47.330712] <TASK> [ 47.331099] dump_stack_lvl+0x4e/0x90 [ 47.331886] print_report+0xd2/0x660 [ 47.332919] ? __virt_addr_valid+0x156/0x1e0 [ 47.333585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.334242] kasan_report+0xff/0x140 [ 47.334813] ? krealloc_less_oob_helper+0x21a/0x660 [ 47.335649] ? krealloc_less_oob_helper+0x21a/0x660 [ 47.336480] __asan_store1+0x69/0x70 [ 47.337361] krealloc_less_oob_helper+0x21a/0x660 [ 47.338353] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.339039] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.339645] ? __schedule+0x70b/0x1190 [ 47.340603] ? ktime_get_ts64+0x118/0x140 [ 47.341278] krealloc_less_oob+0x1c/0x30 [ 47.341874] kunit_try_run_case+0x126/0x290 [ 47.342651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.343456] ? __kasan_check_write+0x18/0x20 [ 47.344440] ? trace_preempt_on+0x20/0xa0 [ 47.344963] ? __kthread_parkme+0x4f/0xd0 [ 47.345678] ? preempt_count_sub+0x50/0x80 [ 47.346477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.347092] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.347715] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.348727] kthread+0x19e/0x1e0 [ 47.349232] ? __pfx_kthread+0x10/0x10 [ 47.349964] ret_from_fork+0x41/0x70 [ 47.350804] ? __pfx_kthread+0x10/0x10 [ 47.351356] ret_from_fork_asm+0x1b/0x30 [ 47.351999] </TASK> [ 47.352344] [ 47.352584] Allocated by task 154: [ 47.353553] kasan_save_stack+0x3c/0x60 [ 47.354396] kasan_set_track+0x29/0x40 [ 47.354923] kasan_save_alloc_info+0x22/0x30 [ 47.355645] __kasan_krealloc+0x12f/0x180 [ 47.356675] krealloc+0xc1/0x140 [ 47.357348] krealloc_less_oob_helper+0xe5/0x660 [ 47.358233] krealloc_less_oob+0x1c/0x30 [ 47.358750] kunit_try_run_case+0x126/0x290 [ 47.359252] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.360403] kthread+0x19e/0x1e0 [ 47.360820] ret_from_fork+0x41/0x70 [ 47.361531] ret_from_fork_asm+0x1b/0x30 [ 47.362382] [ 47.362626] The buggy address belongs to the object at ffff888102857800 [ 47.362626] which belongs to the cache kmalloc-256 of size 256 [ 47.363883] The buggy address is located 17 bytes to the right of [ 47.363883] allocated 201-byte region [ffff888102857800, ffff8881028578c9) [ 47.365452] [ 47.365731] The buggy address belongs to the physical page: [ 47.366589] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856 [ 47.367601] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.368793] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 47.369411] page_type: 0xffffffff() [ 47.370324] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 47.371100] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.371753] page dumped because: kasan: bad access detected [ 47.372340] [ 47.372587] Memory state around the buggy address: [ 47.373053] ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.374522] ffff888102857800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.375324] >ffff888102857880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 47.376367] ^ [ 47.377078] ffff888102857900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.378339] ffff888102857980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.378979] ================================================================== [ 47.268633] ================================================================== [ 47.269384] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a6/0x660 [ 47.270899] Write of size 1 at addr ffff8881028578d0 by task kunit_try_catch/154 [ 47.272077] [ 47.272291] CPU: 1 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.273187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.274228] Call Trace: [ 47.274733] <TASK> [ 47.275083] dump_stack_lvl+0x4e/0x90 [ 47.275561] print_report+0xd2/0x660 [ 47.276091] ? __virt_addr_valid+0x156/0x1e0 [ 47.276717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.277963] kasan_report+0xff/0x140 [ 47.278670] ? krealloc_less_oob_helper+0x1a6/0x660 [ 47.279441] ? krealloc_less_oob_helper+0x1a6/0x660 [ 47.280125] __asan_store1+0x69/0x70 [ 47.281105] krealloc_less_oob_helper+0x1a6/0x660 [ 47.281654] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.282280] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.283203] ? __schedule+0x70b/0x1190 [ 47.283765] ? ktime_get_ts64+0x118/0x140 [ 47.284462] krealloc_less_oob+0x1c/0x30 [ 47.284981] kunit_try_run_case+0x126/0x290 [ 47.285935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.286830] ? __kasan_check_write+0x18/0x20 [ 47.287552] ? trace_preempt_on+0x20/0xa0 [ 47.288447] ? __kthread_parkme+0x4f/0xd0 [ 47.289253] ? preempt_count_sub+0x50/0x80 [ 47.289769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.290698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.291534] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.292042] kthread+0x19e/0x1e0 [ 47.292577] ? __pfx_kthread+0x10/0x10 [ 47.293148] ret_from_fork+0x41/0x70 [ 47.293608] ? __pfx_kthread+0x10/0x10 [ 47.294551] ret_from_fork_asm+0x1b/0x30 [ 47.295475] </TASK> [ 47.295902] [ 47.296196] Allocated by task 154: [ 47.296843] kasan_save_stack+0x3c/0x60 [ 47.297443] kasan_set_track+0x29/0x40 [ 47.298515] kasan_save_alloc_info+0x22/0x30 [ 47.299266] __kasan_krealloc+0x12f/0x180 [ 47.300097] krealloc+0xc1/0x140 [ 47.300794] krealloc_less_oob_helper+0xe5/0x660 [ 47.301693] krealloc_less_oob+0x1c/0x30 [ 47.302458] kunit_try_run_case+0x126/0x290 [ 47.303079] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.304006] kthread+0x19e/0x1e0 [ 47.304654] ret_from_fork+0x41/0x70 [ 47.305497] ret_from_fork_asm+0x1b/0x30 [ 47.306258] [ 47.306591] The buggy address belongs to the object at ffff888102857800 [ 47.306591] which belongs to the cache kmalloc-256 of size 256 [ 47.307885] The buggy address is located 7 bytes to the right of [ 47.307885] allocated 201-byte region [ffff888102857800, ffff8881028578c9) [ 47.310079] [ 47.310402] The buggy address belongs to the physical page: [ 47.310982] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856 [ 47.312069] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.312799] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 47.313469] page_type: 0xffffffff() [ 47.314076] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 47.314915] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.315686] page dumped because: kasan: bad access detected [ 47.316362] [ 47.316599] Memory state around the buggy address: [ 47.317247] ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.317923] ffff888102857800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.318791] >ffff888102857880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 47.319479] ^ [ 47.320207] ffff888102857900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.321705] ffff888102857980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.322550] ================================================================== [ 47.591721] ================================================================== [ 47.592856] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x146/0x660 [ 47.594149] Write of size 1 at addr ffff88810256a0c9 by task kunit_try_catch/158 [ 47.594919] [ 47.595462] CPU: 1 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.596604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.597439] Call Trace: [ 47.597696] <TASK> [ 47.598513] dump_stack_lvl+0x4e/0x90 [ 47.599441] print_report+0xd2/0x660 [ 47.600131] ? __virt_addr_valid+0x156/0x1e0 [ 47.600884] ? kasan_addr_to_slab+0x11/0xb0 [ 47.601562] kasan_report+0xff/0x140 [ 47.602250] ? krealloc_less_oob_helper+0x146/0x660 [ 47.603298] ? krealloc_less_oob_helper+0x146/0x660 [ 47.603917] __asan_store1+0x69/0x70 [ 47.604760] krealloc_less_oob_helper+0x146/0x660 [ 47.605267] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.606088] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.606698] ? __schedule+0x70b/0x1190 [ 47.607459] ? ktime_get_ts64+0x118/0x140 [ 47.608058] krealloc_pagealloc_less_oob+0x1c/0x30 [ 47.608646] kunit_try_run_case+0x126/0x290 [ 47.609513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.609899] ? __kasan_check_write+0x18/0x20 [ 47.610624] ? trace_preempt_on+0x20/0xa0 [ 47.611539] ? __kthread_parkme+0x4f/0xd0 [ 47.612207] ? preempt_count_sub+0x50/0x80 [ 47.612820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.613452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.614344] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.615134] kthread+0x19e/0x1e0 [ 47.615748] ? __pfx_kthread+0x10/0x10 [ 47.616522] ret_from_fork+0x41/0x70 [ 47.617064] ? __pfx_kthread+0x10/0x10 [ 47.617585] ret_from_fork_asm+0x1b/0x30 [ 47.618120] </TASK> [ 47.618464] [ 47.619623] The buggy address belongs to the physical page: [ 47.620424] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 47.621248] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.621869] flags: 0x200000000000040(head|node=0|zone=2) [ 47.622498] page_type: 0xffffffff() [ 47.623325] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.624246] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.625244] page dumped because: kasan: bad access detected [ 47.625806] [ 47.626248] Memory state around the buggy address: [ 47.626694] ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.627674] ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.628554] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 47.629431] ^ [ 47.630247] ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.631091] ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.631830] ================================================================== [ 47.434921] ================================================================== [ 47.435752] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x294/0x660 [ 47.436601] Write of size 1 at addr ffff8881028578eb by task kunit_try_catch/154 [ 47.437274] [ 47.437575] CPU: 1 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.439390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.440597] Call Trace: [ 47.440960] <TASK> [ 47.441313] dump_stack_lvl+0x4e/0x90 [ 47.441849] print_report+0xd2/0x660 [ 47.442286] ? __virt_addr_valid+0x156/0x1e0 [ 47.443259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.444132] kasan_report+0xff/0x140 [ 47.444593] ? krealloc_less_oob_helper+0x294/0x660 [ 47.445962] ? krealloc_less_oob_helper+0x294/0x660 [ 47.446533] __asan_store1+0x69/0x70 [ 47.447072] krealloc_less_oob_helper+0x294/0x660 [ 47.447726] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.448859] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.450019] ? __schedule+0x70b/0x1190 [ 47.450815] ? ktime_get_ts64+0x118/0x140 [ 47.451488] krealloc_less_oob+0x1c/0x30 [ 47.452095] kunit_try_run_case+0x126/0x290 [ 47.452990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.453541] ? __kasan_check_write+0x18/0x20 [ 47.454772] ? trace_preempt_on+0x20/0xa0 [ 47.455598] ? __kthread_parkme+0x4f/0xd0 [ 47.456126] ? preempt_count_sub+0x50/0x80 [ 47.456770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.457390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.459279] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.459860] kthread+0x19e/0x1e0 [ 47.460472] ? __pfx_kthread+0x10/0x10 [ 47.460978] ret_from_fork+0x41/0x70 [ 47.461685] ? __pfx_kthread+0x10/0x10 [ 47.462434] ret_from_fork_asm+0x1b/0x30 [ 47.462988] </TASK> [ 47.463917] [ 47.464192] Allocated by task 154: [ 47.464861] kasan_save_stack+0x3c/0x60 [ 47.465703] kasan_set_track+0x29/0x40 [ 47.466492] kasan_save_alloc_info+0x22/0x30 [ 47.467070] __kasan_krealloc+0x12f/0x180 [ 47.468091] krealloc+0xc1/0x140 [ 47.468791] krealloc_less_oob_helper+0xe5/0x660 [ 47.469594] krealloc_less_oob+0x1c/0x30 [ 47.470291] kunit_try_run_case+0x126/0x290 [ 47.471026] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.471733] kthread+0x19e/0x1e0 [ 47.472176] ret_from_fork+0x41/0x70 [ 47.472758] ret_from_fork_asm+0x1b/0x30 [ 47.473654] [ 47.473912] The buggy address belongs to the object at ffff888102857800 [ 47.473912] which belongs to the cache kmalloc-256 of size 256 [ 47.475848] The buggy address is located 34 bytes to the right of [ 47.475848] allocated 201-byte region [ffff888102857800, ffff8881028578c9) [ 47.477426] [ 47.477659] The buggy address belongs to the physical page: [ 47.479119] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856 [ 47.479801] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.480560] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 47.481306] page_type: 0xffffffff() [ 47.481893] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 47.482530] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.483411] page dumped because: kasan: bad access detected [ 47.484138] [ 47.484451] Memory state around the buggy address: [ 47.485031] ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.485856] ffff888102857800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.486668] >ffff888102857880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 47.487522] ^ [ 47.489310] ffff888102857900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.490113] ffff888102857980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.490758] ================================================================== [ 47.765452] ================================================================== [ 47.766711] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x294/0x660 [ 47.768158] Write of size 1 at addr ffff88810256a0eb by task kunit_try_catch/158 [ 47.768630] [ 47.769414] CPU: 1 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.770447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.771353] Call Trace: [ 47.771863] <TASK> [ 47.772321] dump_stack_lvl+0x4e/0x90 [ 47.772829] print_report+0xd2/0x660 [ 47.773399] ? __virt_addr_valid+0x156/0x1e0 [ 47.773996] ? kasan_addr_to_slab+0x11/0xb0 [ 47.774664] kasan_report+0xff/0x140 [ 47.775405] ? krealloc_less_oob_helper+0x294/0x660 [ 47.776172] ? krealloc_less_oob_helper+0x294/0x660 [ 47.776639] __asan_store1+0x69/0x70 [ 47.777303] krealloc_less_oob_helper+0x294/0x660 [ 47.778055] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.778760] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.779638] ? __schedule+0x70b/0x1190 [ 47.780267] ? ktime_get_ts64+0x118/0x140 [ 47.780731] krealloc_pagealloc_less_oob+0x1c/0x30 [ 47.781391] kunit_try_run_case+0x126/0x290 [ 47.782278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.782751] ? __kasan_check_write+0x18/0x20 [ 47.783383] ? trace_preempt_on+0x20/0xa0 [ 47.784035] ? __kthread_parkme+0x4f/0xd0 [ 47.784668] ? preempt_count_sub+0x50/0x80 [ 47.785436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.786226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.787048] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.787701] kthread+0x19e/0x1e0 [ 47.788357] ? __pfx_kthread+0x10/0x10 [ 47.788834] ret_from_fork+0x41/0x70 [ 47.789975] ? __pfx_kthread+0x10/0x10 [ 47.790607] ret_from_fork_asm+0x1b/0x30 [ 47.791410] </TASK> [ 47.792222] [ 47.792468] The buggy address belongs to the physical page: [ 47.793124] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 47.794343] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.795563] flags: 0x200000000000040(head|node=0|zone=2) [ 47.796401] page_type: 0xffffffff() [ 47.796837] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.797592] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.798618] page dumped because: kasan: bad access detected [ 47.799254] [ 47.799516] Memory state around the buggy address: [ 47.800098] ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.801499] ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.802254] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 47.803321] ^ [ 47.804336] ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.804783] ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.805988] ================================================================== [ 47.210271] ================================================================== [ 47.211869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x146/0x660 [ 47.213013] Write of size 1 at addr ffff8881028578c9 by task kunit_try_catch/154 [ 47.214256] [ 47.215208] CPU: 1 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.215870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.217479] Call Trace: [ 47.217795] <TASK> [ 47.218368] dump_stack_lvl+0x4e/0x90 [ 47.219220] print_report+0xd2/0x660 [ 47.219826] ? __virt_addr_valid+0x156/0x1e0 [ 47.220631] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.221769] kasan_report+0xff/0x140 [ 47.222257] ? krealloc_less_oob_helper+0x146/0x660 [ 47.223266] ? krealloc_less_oob_helper+0x146/0x660 [ 47.223773] __asan_store1+0x69/0x70 [ 47.224651] krealloc_less_oob_helper+0x146/0x660 [ 47.225400] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.226178] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.226802] ? __schedule+0x70b/0x1190 [ 47.227315] ? ktime_get_ts64+0x118/0x140 [ 47.228092] krealloc_less_oob+0x1c/0x30 [ 47.228819] kunit_try_run_case+0x126/0x290 [ 47.229733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.230778] ? __kasan_check_write+0x18/0x20 [ 47.231357] ? trace_preempt_on+0x20/0xa0 [ 47.232040] ? __kthread_parkme+0x4f/0xd0 [ 47.232840] ? preempt_count_sub+0x50/0x80 [ 47.233366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.234067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.234792] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.235779] kthread+0x19e/0x1e0 [ 47.236249] ? __pfx_kthread+0x10/0x10 [ 47.236828] ret_from_fork+0x41/0x70 [ 47.237383] ? __pfx_kthread+0x10/0x10 [ 47.238487] ret_from_fork_asm+0x1b/0x30 [ 47.239359] </TASK> [ 47.239581] [ 47.239850] Allocated by task 154: [ 47.240573] kasan_save_stack+0x3c/0x60 [ 47.241331] kasan_set_track+0x29/0x40 [ 47.241888] kasan_save_alloc_info+0x22/0x30 [ 47.242321] __kasan_krealloc+0x12f/0x180 [ 47.242902] krealloc+0xc1/0x140 [ 47.243621] krealloc_less_oob_helper+0xe5/0x660 [ 47.244385] krealloc_less_oob+0x1c/0x30 [ 47.245005] kunit_try_run_case+0x126/0x290 [ 47.245825] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.246753] kthread+0x19e/0x1e0 [ 47.247275] ret_from_fork+0x41/0x70 [ 47.248402] ret_from_fork_asm+0x1b/0x30 [ 47.248803] [ 47.249084] The buggy address belongs to the object at ffff888102857800 [ 47.249084] which belongs to the cache kmalloc-256 of size 256 [ 47.250789] The buggy address is located 0 bytes to the right of [ 47.250789] allocated 201-byte region [ffff888102857800, ffff8881028578c9) [ 47.252114] [ 47.252401] The buggy address belongs to the physical page: [ 47.252950] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856 [ 47.254516] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.255505] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 47.256285] page_type: 0xffffffff() [ 47.256822] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 47.257610] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.259110] page dumped because: kasan: bad access detected [ 47.259949] [ 47.260527] Memory state around the buggy address: [ 47.261248] ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.261968] ffff888102857800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.263216] >ffff888102857880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 47.264136] ^ [ 47.264693] ffff888102857900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.265731] ffff888102857980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.266715] ================================================================== [ 47.635609] ================================================================== [ 47.636163] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a6/0x660 [ 47.636729] Write of size 1 at addr ffff88810256a0d0 by task kunit_try_catch/158 [ 47.637526] [ 47.637841] CPU: 1 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.638801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.640939] Call Trace: [ 47.641468] <TASK> [ 47.641801] dump_stack_lvl+0x4e/0x90 [ 47.642757] print_report+0xd2/0x660 [ 47.643563] ? __virt_addr_valid+0x156/0x1e0 [ 47.644493] ? kasan_addr_to_slab+0x11/0xb0 [ 47.645350] kasan_report+0xff/0x140 [ 47.646216] ? krealloc_less_oob_helper+0x1a6/0x660 [ 47.646755] ? krealloc_less_oob_helper+0x1a6/0x660 [ 47.647489] __asan_store1+0x69/0x70 [ 47.648507] krealloc_less_oob_helper+0x1a6/0x660 [ 47.649222] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.649965] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.650844] ? __schedule+0x70b/0x1190 [ 47.651587] ? ktime_get_ts64+0x118/0x140 [ 47.652288] krealloc_pagealloc_less_oob+0x1c/0x30 [ 47.652784] kunit_try_run_case+0x126/0x290 [ 47.653466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.654198] ? __kasan_check_write+0x18/0x20 [ 47.655052] ? trace_preempt_on+0x20/0xa0 [ 47.655804] ? __kthread_parkme+0x4f/0xd0 [ 47.656488] ? preempt_count_sub+0x50/0x80 [ 47.657238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.658214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.659092] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.660091] kthread+0x19e/0x1e0 [ 47.660615] ? __pfx_kthread+0x10/0x10 [ 47.661312] ret_from_fork+0x41/0x70 [ 47.662284] ? __pfx_kthread+0x10/0x10 [ 47.662664] ret_from_fork_asm+0x1b/0x30 [ 47.663519] </TASK> [ 47.663975] [ 47.664347] The buggy address belongs to the physical page: [ 47.664881] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 47.666125] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.666983] flags: 0x200000000000040(head|node=0|zone=2) [ 47.667699] page_type: 0xffffffff() [ 47.668293] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.669668] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.670439] page dumped because: kasan: bad access detected [ 47.670886] [ 47.671148] Memory state around the buggy address: [ 47.671597] ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.672781] ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.673838] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 47.674773] ^ [ 47.675681] ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.676510] ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.677347] ================================================================== [ 47.380301] ================================================================== [ 47.381038] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x258/0x660 [ 47.382810] Write of size 1 at addr ffff8881028578ea by task kunit_try_catch/154 [ 47.383493] [ 47.384315] CPU: 1 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.385279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.386493] Call Trace: [ 47.386873] <TASK> [ 47.387370] dump_stack_lvl+0x4e/0x90 [ 47.387863] print_report+0xd2/0x660 [ 47.388435] ? __virt_addr_valid+0x156/0x1e0 [ 47.389364] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.390112] kasan_report+0xff/0x140 [ 47.390537] ? krealloc_less_oob_helper+0x258/0x660 [ 47.391277] ? krealloc_less_oob_helper+0x258/0x660 [ 47.391951] __asan_store1+0x69/0x70 [ 47.392415] krealloc_less_oob_helper+0x258/0x660 [ 47.393143] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.393730] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.394417] ? __schedule+0x70b/0x1190 [ 47.394982] ? ktime_get_ts64+0x118/0x140 [ 47.395548] krealloc_less_oob+0x1c/0x30 [ 47.396041] kunit_try_run_case+0x126/0x290 [ 47.396611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.397298] ? __kasan_check_write+0x18/0x20 [ 47.397879] ? trace_preempt_on+0x20/0xa0 [ 47.398620] ? __kthread_parkme+0x4f/0xd0 [ 47.399509] ? preempt_count_sub+0x50/0x80 [ 47.400339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.401424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.402373] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.403385] kthread+0x19e/0x1e0 [ 47.403881] ? __pfx_kthread+0x10/0x10 [ 47.404611] ret_from_fork+0x41/0x70 [ 47.405333] ? __pfx_kthread+0x10/0x10 [ 47.405908] ret_from_fork_asm+0x1b/0x30 [ 47.406638] </TASK> [ 47.406995] [ 47.407750] Allocated by task 154: [ 47.408173] kasan_save_stack+0x3c/0x60 [ 47.408758] kasan_set_track+0x29/0x40 [ 47.409225] kasan_save_alloc_info+0x22/0x30 [ 47.410087] __kasan_krealloc+0x12f/0x180 [ 47.410689] krealloc+0xc1/0x140 [ 47.411943] krealloc_less_oob_helper+0xe5/0x660 [ 47.412404] krealloc_less_oob+0x1c/0x30 [ 47.412983] kunit_try_run_case+0x126/0x290 [ 47.413485] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.414264] kthread+0x19e/0x1e0 [ 47.414811] ret_from_fork+0x41/0x70 [ 47.415293] ret_from_fork_asm+0x1b/0x30 [ 47.415673] [ 47.415885] The buggy address belongs to the object at ffff888102857800 [ 47.415885] which belongs to the cache kmalloc-256 of size 256 [ 47.417399] The buggy address is located 33 bytes to the right of [ 47.417399] allocated 201-byte region [ffff888102857800, ffff8881028578c9) [ 47.418716] [ 47.419006] The buggy address belongs to the physical page: [ 47.420181] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856 [ 47.421455] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.422295] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 47.423520] page_type: 0xffffffff() [ 47.424169] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 47.424849] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.425630] page dumped because: kasan: bad access detected [ 47.426502] [ 47.426807] Memory state around the buggy address: [ 47.427896] ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.428568] ffff888102857800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.429649] >ffff888102857880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 47.430447] ^ [ 47.431125] ffff888102857900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.432040] ffff888102857980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.432631] ================================================================== [ 47.679844] ================================================================== [ 47.680605] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x21a/0x660 [ 47.681461] Write of size 1 at addr ffff88810256a0da by task kunit_try_catch/158 [ 47.682331] [ 47.682634] CPU: 1 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.683799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.685300] Call Trace: [ 47.685924] <TASK> [ 47.686546] dump_stack_lvl+0x4e/0x90 [ 47.687270] print_report+0xd2/0x660 [ 47.687781] ? __virt_addr_valid+0x156/0x1e0 [ 47.688313] ? kasan_addr_to_slab+0x11/0xb0 [ 47.688964] kasan_report+0xff/0x140 [ 47.689575] ? krealloc_less_oob_helper+0x21a/0x660 [ 47.690106] ? krealloc_less_oob_helper+0x21a/0x660 [ 47.690867] __asan_store1+0x69/0x70 [ 47.691374] krealloc_less_oob_helper+0x21a/0x660 [ 47.692041] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 47.692759] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 47.693531] ? __schedule+0x70b/0x1190 [ 47.694115] ? ktime_get_ts64+0x118/0x140 [ 47.695176] krealloc_pagealloc_less_oob+0x1c/0x30 [ 47.696460] kunit_try_run_case+0x126/0x290 [ 47.697021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.697689] ? __kasan_check_write+0x18/0x20 [ 47.698404] ? trace_preempt_on+0x20/0xa0 [ 47.698953] ? __kthread_parkme+0x4f/0xd0 [ 47.699701] ? preempt_count_sub+0x50/0x80 [ 47.700394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.701302] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.702645] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.703577] kthread+0x19e/0x1e0 [ 47.704218] ? __pfx_kthread+0x10/0x10 [ 47.705203] ret_from_fork+0x41/0x70 [ 47.705776] ? __pfx_kthread+0x10/0x10 [ 47.706455] ret_from_fork_asm+0x1b/0x30 [ 47.707231] </TASK> [ 47.707652] [ 47.708172] The buggy address belongs to the physical page: [ 47.708965] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568 [ 47.709685] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.710691] flags: 0x200000000000040(head|node=0|zone=2) [ 47.711599] page_type: 0xffffffff() [ 47.711957] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 47.713274] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.714238] page dumped because: kasan: bad access detected [ 47.714845] [ 47.715122] Memory state around the buggy address: [ 47.715857] ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.717257] ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.718024] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 47.718867] ^ [ 47.719818] ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.720530] ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 47.721732] ==================================================================