Date
June 17, 2025, 3:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 92.279792] ================================================================== [ 92.280920] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18c/0x590 [ 92.282864] Write of size 1 at addr ffff0000c5fa60da by task kunit_try_catch/141 [ 92.284084] [ 92.284625] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.285818] Hardware name: linux,dummy-virt (DT) [ 92.286591] Call trace: [ 92.287234] dump_backtrace+0x9c/0x128 [ 92.288249] show_stack+0x20/0x38 [ 92.289040] dump_stack_lvl+0x60/0xb0 [ 92.289935] print_report+0xf8/0x5e8 [ 92.290975] kasan_report+0xdc/0x128 [ 92.291810] __asan_store1+0x60/0x70 [ 92.292406] krealloc_less_oob_helper+0x18c/0x590 [ 92.293750] krealloc_pagealloc_less_oob+0x20/0x38 [ 92.294784] kunit_try_run_case+0x114/0x298 [ 92.296001] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.296971] kthread+0x18c/0x1a8 [ 92.297748] ret_from_fork+0x10/0x20 [ 92.298637] [ 92.299073] The buggy address belongs to the physical page: [ 92.299799] page:0000000027946532 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa4 [ 92.301637] head:0000000027946532 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.304168] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.305459] page_type: 0xffffffff() [ 92.306532] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.307894] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.309010] page dumped because: kasan: bad access detected [ 92.309799] [ 92.310422] Memory state around the buggy address: [ 92.311559] ffff0000c5fa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.312865] ffff0000c5fa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.314043] >ffff0000c5fa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 92.315501] ^ [ 92.316880] ffff0000c5fa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.318136] ffff0000c5fa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.320368] ================================================================== [ 92.322607] ================================================================== [ 92.324015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b8/0x590 [ 92.325396] Write of size 1 at addr ffff0000c5fa60ea by task kunit_try_catch/141 [ 92.326934] [ 92.327768] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.328904] Hardware name: linux,dummy-virt (DT) [ 92.330093] Call trace: [ 92.330538] dump_backtrace+0x9c/0x128 [ 92.331464] show_stack+0x20/0x38 [ 92.332139] dump_stack_lvl+0x60/0xb0 [ 92.333353] print_report+0xf8/0x5e8 [ 92.334127] kasan_report+0xdc/0x128 [ 92.335063] __asan_store1+0x60/0x70 [ 92.336235] krealloc_less_oob_helper+0x1b8/0x590 [ 92.337238] krealloc_pagealloc_less_oob+0x20/0x38 [ 92.338339] kunit_try_run_case+0x114/0x298 [ 92.339489] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.340847] kthread+0x18c/0x1a8 [ 92.341867] ret_from_fork+0x10/0x20 [ 92.343054] [ 92.343578] The buggy address belongs to the physical page: [ 92.344795] page:0000000027946532 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa4 [ 92.346266] head:0000000027946532 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.347796] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.348918] page_type: 0xffffffff() [ 92.349981] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.351215] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.352601] page dumped because: kasan: bad access detected [ 92.353558] [ 92.354062] Memory state around the buggy address: [ 92.355159] ffff0000c5fa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.356503] ffff0000c5fa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.357599] >ffff0000c5fa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 92.358618] ^ [ 92.360866] ffff0000c5fa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.362066] ffff0000c5fa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.363433] ================================================================== [ 92.365823] ================================================================== [ 92.366550] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x590 [ 92.367715] Write of size 1 at addr ffff0000c5fa60eb by task kunit_try_catch/141 [ 92.369029] [ 92.369542] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.370756] Hardware name: linux,dummy-virt (DT) [ 92.371627] Call trace: [ 92.372033] dump_backtrace+0x9c/0x128 [ 92.372888] show_stack+0x20/0x38 [ 92.373600] dump_stack_lvl+0x60/0xb0 [ 92.374271] print_report+0xf8/0x5e8 [ 92.375239] kasan_report+0xdc/0x128 [ 92.375965] __asan_store1+0x60/0x70 [ 92.376921] krealloc_less_oob_helper+0x1e0/0x590 [ 92.378022] krealloc_pagealloc_less_oob+0x20/0x38 [ 92.379213] kunit_try_run_case+0x114/0x298 [ 92.380047] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.381045] kthread+0x18c/0x1a8 [ 92.381726] ret_from_fork+0x10/0x20 [ 92.382495] [ 92.382867] The buggy address belongs to the physical page: [ 92.383779] page:0000000027946532 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa4 [ 92.385062] head:0000000027946532 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.386230] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.387540] page_type: 0xffffffff() [ 92.388860] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.389773] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.390939] page dumped because: kasan: bad access detected [ 92.391772] [ 92.392201] Memory state around the buggy address: [ 92.392651] ffff0000c5fa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.393266] ffff0000c5fa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.394569] >ffff0000c5fa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 92.395711] ^ [ 92.396740] ffff0000c5fa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.397870] ffff0000c5fa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.399103] ================================================================== [ 92.201271] ================================================================== [ 92.202748] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x110/0x590 [ 92.204146] Write of size 1 at addr ffff0000c5fa60c9 by task kunit_try_catch/141 [ 92.205442] [ 92.205945] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.207338] Hardware name: linux,dummy-virt (DT) [ 92.208261] Call trace: [ 92.208856] dump_backtrace+0x9c/0x128 [ 92.209884] show_stack+0x20/0x38 [ 92.210703] dump_stack_lvl+0x60/0xb0 [ 92.211661] print_report+0xf8/0x5e8 [ 92.212106] kasan_report+0xdc/0x128 [ 92.212607] __asan_store1+0x60/0x70 [ 92.213636] krealloc_less_oob_helper+0x110/0x590 [ 92.214715] krealloc_pagealloc_less_oob+0x20/0x38 [ 92.215806] kunit_try_run_case+0x114/0x298 [ 92.216800] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.217907] kthread+0x18c/0x1a8 [ 92.218708] ret_from_fork+0x10/0x20 [ 92.219650] [ 92.220085] The buggy address belongs to the physical page: [ 92.221099] page:0000000027946532 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa4 [ 92.222492] head:0000000027946532 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.224134] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.225676] page_type: 0xffffffff() [ 92.226465] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.228446] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.229833] page dumped because: kasan: bad access detected [ 92.230873] [ 92.231540] Memory state around the buggy address: [ 92.232466] ffff0000c5fa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.233572] ffff0000c5fa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.234800] >ffff0000c5fa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 92.236253] ^ [ 92.237396] ffff0000c5fa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.238623] ffff0000c5fa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.239981] ================================================================== [ 92.079992] ================================================================== [ 92.080649] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1e0/0x590 [ 92.081242] Write of size 1 at addr ffff0000c0b918eb by task kunit_try_catch/137 [ 92.081910] [ 92.082177] CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.082970] Hardware name: linux,dummy-virt (DT) [ 92.083316] Call trace: [ 92.083623] dump_backtrace+0x9c/0x128 [ 92.084381] show_stack+0x20/0x38 [ 92.084930] dump_stack_lvl+0x60/0xb0 [ 92.085390] print_report+0xf8/0x5e8 [ 92.085879] kasan_report+0xdc/0x128 [ 92.086343] __asan_store1+0x60/0x70 [ 92.087075] krealloc_less_oob_helper+0x1e0/0x590 [ 92.087697] krealloc_less_oob+0x20/0x38 [ 92.088173] kunit_try_run_case+0x114/0x298 [ 92.088696] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.089317] kthread+0x18c/0x1a8 [ 92.089735] ret_from_fork+0x10/0x20 [ 92.090171] [ 92.090385] Allocated by task 137: [ 92.090744] kasan_save_stack+0x3c/0x68 [ 92.091255] kasan_set_track+0x2c/0x40 [ 92.091836] kasan_save_alloc_info+0x24/0x38 [ 92.092395] __kasan_krealloc+0x10c/0x140 [ 92.092946] krealloc+0x10c/0x1a0 [ 92.093421] krealloc_less_oob_helper+0xd4/0x590 [ 92.094009] krealloc_less_oob+0x20/0x38 [ 92.094516] kunit_try_run_case+0x114/0x298 [ 92.095145] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.095791] kthread+0x18c/0x1a8 [ 92.096294] ret_from_fork+0x10/0x20 [ 92.096769] [ 92.097008] The buggy address belongs to the object at ffff0000c0b91800 [ 92.097008] which belongs to the cache kmalloc-256 of size 256 [ 92.097978] The buggy address is located 34 bytes to the right of [ 92.097978] allocated 201-byte region [ffff0000c0b91800, ffff0000c0b918c9) [ 92.099480] [ 92.099884] The buggy address belongs to the physical page: [ 92.100470] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 92.101386] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.101947] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 92.102461] page_type: 0xffffffff() [ 92.103129] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 92.104056] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 92.104731] page dumped because: kasan: bad access detected [ 92.105310] [ 92.105542] Memory state around the buggy address: [ 92.106081] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.106743] ffff0000c0b91800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.108234] >ffff0000c0b91880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 92.108708] ^ [ 92.109486] ffff0000c0b91900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.110391] ffff0000c0b91980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.111021] ================================================================== [ 92.016908] ================================================================== [ 92.017601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18c/0x590 [ 92.018357] Write of size 1 at addr ffff0000c0b918da by task kunit_try_catch/137 [ 92.018967] [ 92.019224] CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.019997] Hardware name: linux,dummy-virt (DT) [ 92.020446] Call trace: [ 92.020717] dump_backtrace+0x9c/0x128 [ 92.021174] show_stack+0x20/0x38 [ 92.021633] dump_stack_lvl+0x60/0xb0 [ 92.022107] print_report+0xf8/0x5e8 [ 92.022590] kasan_report+0xdc/0x128 [ 92.023008] __asan_store1+0x60/0x70 [ 92.023747] krealloc_less_oob_helper+0x18c/0x590 [ 92.024350] krealloc_less_oob+0x20/0x38 [ 92.025447] kunit_try_run_case+0x114/0x298 [ 92.025932] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.026563] kthread+0x18c/0x1a8 [ 92.026894] ret_from_fork+0x10/0x20 [ 92.027237] [ 92.027420] Allocated by task 137: [ 92.027678] kasan_save_stack+0x3c/0x68 [ 92.028083] kasan_set_track+0x2c/0x40 [ 92.028480] kasan_save_alloc_info+0x24/0x38 [ 92.028967] __kasan_krealloc+0x10c/0x140 [ 92.029489] krealloc+0x10c/0x1a0 [ 92.029942] krealloc_less_oob_helper+0xd4/0x590 [ 92.030540] krealloc_less_oob+0x20/0x38 [ 92.030994] kunit_try_run_case+0x114/0x298 [ 92.031515] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.032172] kthread+0x18c/0x1a8 [ 92.032670] ret_from_fork+0x10/0x20 [ 92.033145] [ 92.033364] The buggy address belongs to the object at ffff0000c0b91800 [ 92.033364] which belongs to the cache kmalloc-256 of size 256 [ 92.034490] The buggy address is located 17 bytes to the right of [ 92.034490] allocated 201-byte region [ffff0000c0b91800, ffff0000c0b918c9) [ 92.035373] [ 92.035688] The buggy address belongs to the physical page: [ 92.036467] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 92.037364] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.038059] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 92.038660] page_type: 0xffffffff() [ 92.039090] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 92.039733] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 92.040400] page dumped because: kasan: bad access detected [ 92.042031] [ 92.042292] Memory state around the buggy address: [ 92.042816] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.043507] ffff0000c0b91800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.044225] >ffff0000c0b91880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 92.044869] ^ [ 92.045489] ffff0000c0b91900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.046069] ffff0000c0b91980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.046760] ================================================================== [ 92.242590] ================================================================== [ 92.243514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x590 [ 92.245514] Write of size 1 at addr ffff0000c5fa60d0 by task kunit_try_catch/141 [ 92.247050] [ 92.247439] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.248338] Hardware name: linux,dummy-virt (DT) [ 92.249281] Call trace: [ 92.249670] dump_backtrace+0x9c/0x128 [ 92.250184] show_stack+0x20/0x38 [ 92.251288] dump_stack_lvl+0x60/0xb0 [ 92.252243] print_report+0xf8/0x5e8 [ 92.253178] kasan_report+0xdc/0x128 [ 92.254032] __asan_store1+0x60/0x70 [ 92.254882] krealloc_less_oob_helper+0x140/0x590 [ 92.255943] krealloc_pagealloc_less_oob+0x20/0x38 [ 92.256956] kunit_try_run_case+0x114/0x298 [ 92.257840] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.259017] kthread+0x18c/0x1a8 [ 92.259380] ret_from_fork+0x10/0x20 [ 92.259819] [ 92.260035] The buggy address belongs to the physical page: [ 92.260427] page:0000000027946532 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa4 [ 92.261971] head:0000000027946532 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.263118] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.264079] page_type: 0xffffffff() [ 92.265131] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.266476] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.267715] page dumped because: kasan: bad access detected [ 92.268686] [ 92.269088] Memory state around the buggy address: [ 92.269953] ffff0000c5fa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.271030] ffff0000c5fa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.272191] >ffff0000c5fa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 92.273339] ^ [ 92.274257] ffff0000c5fa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.275248] ffff0000c5fa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.276493] ================================================================== [ 91.942537] ================================================================== [ 91.943691] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x110/0x590 [ 91.945023] Write of size 1 at addr ffff0000c0b918c9 by task kunit_try_catch/137 [ 91.946131] [ 91.946561] CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 91.947766] Hardware name: linux,dummy-virt (DT) [ 91.948591] Call trace: [ 91.949121] dump_backtrace+0x9c/0x128 [ 91.949923] show_stack+0x20/0x38 [ 91.950566] dump_stack_lvl+0x60/0xb0 [ 91.951286] print_report+0xf8/0x5e8 [ 91.952046] kasan_report+0xdc/0x128 [ 91.952882] __asan_store1+0x60/0x70 [ 91.953647] krealloc_less_oob_helper+0x110/0x590 [ 91.954534] krealloc_less_oob+0x20/0x38 [ 91.955301] kunit_try_run_case+0x114/0x298 [ 91.956145] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.957179] kthread+0x18c/0x1a8 [ 91.957851] ret_from_fork+0x10/0x20 [ 91.958564] [ 91.958918] Allocated by task 137: [ 91.959550] kasan_save_stack+0x3c/0x68 [ 91.960360] kasan_set_track+0x2c/0x40 [ 91.961156] kasan_save_alloc_info+0x24/0x38 [ 91.961977] __kasan_krealloc+0x10c/0x140 [ 91.962756] krealloc+0x10c/0x1a0 [ 91.963407] krealloc_less_oob_helper+0xd4/0x590 [ 91.964312] krealloc_less_oob+0x20/0x38 [ 91.965516] kunit_try_run_case+0x114/0x298 [ 91.966107] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.966834] kthread+0x18c/0x1a8 [ 91.967239] ret_from_fork+0x10/0x20 [ 91.967692] [ 91.967932] The buggy address belongs to the object at ffff0000c0b91800 [ 91.967932] which belongs to the cache kmalloc-256 of size 256 [ 91.969116] The buggy address is located 0 bytes to the right of [ 91.969116] allocated 201-byte region [ffff0000c0b91800, ffff0000c0b918c9) [ 91.970209] [ 91.970468] The buggy address belongs to the physical page: [ 91.971021] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 91.971913] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.972716] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 91.973420] page_type: 0xffffffff() [ 91.973854] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 91.974508] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 91.975140] page dumped because: kasan: bad access detected [ 91.975661] [ 91.975859] Memory state around the buggy address: [ 91.976364] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.977089] ffff0000c0b91800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.977753] >ffff0000c0b91880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 91.978445] ^ [ 91.979098] ffff0000c0b91900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.980109] ffff0000c0b91980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.981472] ================================================================== [ 91.984642] ================================================================== [ 91.985186] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x140/0x590 [ 91.985890] Write of size 1 at addr ffff0000c0b918d0 by task kunit_try_catch/137 [ 91.986550] [ 91.986977] CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 91.987914] Hardware name: linux,dummy-virt (DT) [ 91.988580] Call trace: [ 91.988831] dump_backtrace+0x9c/0x128 [ 91.989338] show_stack+0x20/0x38 [ 91.989917] dump_stack_lvl+0x60/0xb0 [ 91.990366] print_report+0xf8/0x5e8 [ 91.991549] kasan_report+0xdc/0x128 [ 91.991998] __asan_store1+0x60/0x70 [ 91.992499] krealloc_less_oob_helper+0x140/0x590 [ 91.993222] krealloc_less_oob+0x20/0x38 [ 91.993675] kunit_try_run_case+0x114/0x298 [ 91.994159] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.994806] kthread+0x18c/0x1a8 [ 91.995227] ret_from_fork+0x10/0x20 [ 91.995692] [ 91.995905] Allocated by task 137: [ 91.996297] kasan_save_stack+0x3c/0x68 [ 91.996804] kasan_set_track+0x2c/0x40 [ 91.997253] kasan_save_alloc_info+0x24/0x38 [ 91.997713] __kasan_krealloc+0x10c/0x140 [ 91.998190] krealloc+0x10c/0x1a0 [ 91.998602] krealloc_less_oob_helper+0xd4/0x590 [ 91.999107] krealloc_less_oob+0x20/0x38 [ 91.999452] kunit_try_run_case+0x114/0x298 [ 91.999885] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.000560] kthread+0x18c/0x1a8 [ 92.000955] ret_from_fork+0x10/0x20 [ 92.001439] [ 92.001638] The buggy address belongs to the object at ffff0000c0b91800 [ 92.001638] which belongs to the cache kmalloc-256 of size 256 [ 92.002522] The buggy address is located 7 bytes to the right of [ 92.002522] allocated 201-byte region [ffff0000c0b91800, ffff0000c0b918c9) [ 92.003432] [ 92.003642] The buggy address belongs to the physical page: [ 92.004192] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 92.005073] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.005815] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 92.006467] page_type: 0xffffffff() [ 92.006873] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 92.007555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 92.008236] page dumped because: kasan: bad access detected [ 92.008774] [ 92.008999] Memory state around the buggy address: [ 92.009442] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.010116] ffff0000c0b91800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.010833] >ffff0000c0b91880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 92.011407] ^ [ 92.011976] ffff0000c0b91900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.012733] ffff0000c0b91980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.013366] ================================================================== [ 92.048055] ================================================================== [ 92.048591] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1b8/0x590 [ 92.049717] Write of size 1 at addr ffff0000c0b918ea by task kunit_try_catch/137 [ 92.050502] [ 92.050805] CPU: 1 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.051778] Hardware name: linux,dummy-virt (DT) [ 92.052290] Call trace: [ 92.052622] dump_backtrace+0x9c/0x128 [ 92.053109] show_stack+0x20/0x38 [ 92.053647] dump_stack_lvl+0x60/0xb0 [ 92.054121] print_report+0xf8/0x5e8 [ 92.054595] kasan_report+0xdc/0x128 [ 92.055110] __asan_store1+0x60/0x70 [ 92.055592] krealloc_less_oob_helper+0x1b8/0x590 [ 92.056158] krealloc_less_oob+0x20/0x38 [ 92.056723] kunit_try_run_case+0x114/0x298 [ 92.057264] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.057914] kthread+0x18c/0x1a8 [ 92.058369] ret_from_fork+0x10/0x20 [ 92.058823] [ 92.059054] Allocated by task 137: [ 92.059438] kasan_save_stack+0x3c/0x68 [ 92.059954] kasan_set_track+0x2c/0x40 [ 92.060463] kasan_save_alloc_info+0x24/0x38 [ 92.060950] __kasan_krealloc+0x10c/0x140 [ 92.061351] krealloc+0x10c/0x1a0 [ 92.061730] krealloc_less_oob_helper+0xd4/0x590 [ 92.062317] krealloc_less_oob+0x20/0x38 [ 92.063480] kunit_try_run_case+0x114/0x298 [ 92.063961] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.064723] kthread+0x18c/0x1a8 [ 92.065200] ret_from_fork+0x10/0x20 [ 92.065765] [ 92.065964] The buggy address belongs to the object at ffff0000c0b91800 [ 92.065964] which belongs to the cache kmalloc-256 of size 256 [ 92.067031] The buggy address is located 33 bytes to the right of [ 92.067031] allocated 201-byte region [ffff0000c0b91800, ffff0000c0b918c9) [ 92.068210] [ 92.068494] The buggy address belongs to the physical page: [ 92.069069] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 92.069921] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.070657] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 92.071208] page_type: 0xffffffff() [ 92.071897] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 92.072806] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 92.073561] page dumped because: kasan: bad access detected [ 92.074150] [ 92.074462] Memory state around the buggy address: [ 92.075130] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.075791] ffff0000c0b91800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.076450] >ffff0000c0b91880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 92.077081] ^ [ 92.077816] ffff0000c0b91900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.078359] ffff0000c0b91980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.078919] ==================================================================
[ 33.446217] ================================================================== [ 33.447150] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x146/0x660 [ 33.448127] Write of size 1 at addr ffff8881003666c9 by task kunit_try_catch/152 [ 33.449392] [ 33.449556] CPU: 0 PID: 152 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.450121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.450634] Call Trace: [ 33.450826] <TASK> [ 33.450992] dump_stack_lvl+0x4e/0x90 [ 33.451289] print_report+0xd2/0x650 [ 33.451539] ? __virt_addr_valid+0x156/0x1e0 [ 33.451843] ? krealloc_less_oob_helper+0x146/0x660 [ 33.452157] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.452487] ? krealloc_less_oob_helper+0x146/0x660 [ 33.452788] kasan_report+0x147/0x180 [ 33.453077] ? krealloc_less_oob_helper+0x146/0x660 [ 33.453413] __asan_store1+0x69/0x70 [ 33.453628] krealloc_less_oob_helper+0x146/0x660 [ 33.454027] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.454395] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.454687] ? __schedule+0x715/0x11a0 [ 33.454971] ? ktime_get_ts64+0x118/0x140 [ 33.455259] krealloc_less_oob+0x1c/0x30 [ 33.455580] kunit_try_run_case+0x120/0x290 [ 33.456030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.456308] ? __kasan_check_write+0x18/0x20 [ 33.456614] ? trace_preempt_on+0x20/0xa0 [ 33.456851] ? __kthread_parkme+0x4f/0xd0 [ 33.457132] ? preempt_count_sub+0x50/0x80 [ 33.457418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.457914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.458306] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.458640] kthread+0x19e/0x1e0 [ 33.458918] ? __pfx_kthread+0x10/0x10 [ 33.459369] ret_from_fork+0x41/0x70 [ 33.459606] ? __pfx_kthread+0x10/0x10 [ 33.459846] ret_from_fork_asm+0x1b/0x30 [ 33.460163] </TASK> [ 33.460333] [ 33.460436] Allocated by task 152: [ 33.460646] kasan_save_stack+0x44/0x70 [ 33.460953] kasan_set_track+0x29/0x40 [ 33.461186] kasan_save_alloc_info+0x22/0x30 [ 33.461474] __kasan_krealloc+0x12f/0x180 [ 33.461769] krealloc+0xc1/0x140 [ 33.461961] krealloc_less_oob_helper+0xe5/0x660 [ 33.462264] krealloc_less_oob+0x1c/0x30 [ 33.462528] kunit_try_run_case+0x120/0x290 [ 33.462773] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.463140] kthread+0x19e/0x1e0 [ 33.463379] ret_from_fork+0x41/0x70 [ 33.463594] ret_from_fork_asm+0x1b/0x30 [ 33.463889] [ 33.464024] The buggy address belongs to the object at ffff888100366600 [ 33.464024] which belongs to the cache kmalloc-256 of size 256 [ 33.464662] The buggy address is located 0 bytes to the right of [ 33.464662] allocated 201-byte region [ffff888100366600, ffff8881003666c9) [ 33.465334] [ 33.465441] The buggy address belongs to the physical page: [ 33.465816] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.466294] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.466808] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.467188] page_type: 0xffffffff() [ 33.467472] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.467909] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.468275] page dumped because: kasan: bad access detected [ 33.468569] [ 33.468692] Memory state around the buggy address: [ 33.469000] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.469340] ffff888100366600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.469757] >ffff888100366680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 33.470202] ^ [ 33.470499] ffff888100366700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.470953] ffff888100366780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.471345] ================================================================== [ 33.555583] ================================================================== [ 33.556507] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x294/0x660 [ 33.557544] Write of size 1 at addr ffff8881003666eb by task kunit_try_catch/152 [ 33.558007] [ 33.558146] CPU: 0 PID: 152 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.558720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.559290] Call Trace: [ 33.559576] <TASK> [ 33.560106] dump_stack_lvl+0x4e/0x90 [ 33.560506] print_report+0xd2/0x650 [ 33.560962] ? __virt_addr_valid+0x156/0x1e0 [ 33.561242] ? krealloc_less_oob_helper+0x294/0x660 [ 33.561578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.562099] ? krealloc_less_oob_helper+0x294/0x660 [ 33.562438] kasan_report+0x147/0x180 [ 33.562779] ? krealloc_less_oob_helper+0x294/0x660 [ 33.563158] __asan_store1+0x69/0x70 [ 33.563897] krealloc_less_oob_helper+0x294/0x660 [ 33.564262] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.564645] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.565007] ? __schedule+0x715/0x11a0 [ 33.565313] ? ktime_get_ts64+0x118/0x140 [ 33.565641] krealloc_less_oob+0x1c/0x30 [ 33.565927] kunit_try_run_case+0x120/0x290 [ 33.566270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.566626] ? __kasan_check_write+0x18/0x20 [ 33.566954] ? trace_preempt_on+0x20/0xa0 [ 33.567261] ? __kthread_parkme+0x4f/0xd0 [ 33.568038] ? preempt_count_sub+0x50/0x80 [ 33.568403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.568755] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.569180] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.569539] kthread+0x19e/0x1e0 [ 33.569829] ? __pfx_kthread+0x10/0x10 [ 33.570125] ret_from_fork+0x41/0x70 [ 33.570408] ? __pfx_kthread+0x10/0x10 [ 33.570679] ret_from_fork_asm+0x1b/0x30 [ 33.571016] </TASK> [ 33.571190] [ 33.571319] Allocated by task 152: [ 33.572308] kasan_save_stack+0x44/0x70 [ 33.572558] kasan_set_track+0x29/0x40 [ 33.573039] kasan_save_alloc_info+0x22/0x30 [ 33.573478] __kasan_krealloc+0x12f/0x180 [ 33.573774] krealloc+0xc1/0x140 [ 33.573985] krealloc_less_oob_helper+0xe5/0x660 [ 33.574339] krealloc_less_oob+0x1c/0x30 [ 33.574660] kunit_try_run_case+0x120/0x290 [ 33.574936] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.575943] kthread+0x19e/0x1e0 [ 33.576226] ret_from_fork+0x41/0x70 [ 33.576505] ret_from_fork_asm+0x1b/0x30 [ 33.576757] [ 33.576895] The buggy address belongs to the object at ffff888100366600 [ 33.576895] which belongs to the cache kmalloc-256 of size 256 [ 33.577517] The buggy address is located 34 bytes to the right of [ 33.577517] allocated 201-byte region [ffff888100366600, ffff8881003666c9) [ 33.578262] [ 33.578395] The buggy address belongs to the physical page: [ 33.578704] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.579219] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.580122] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.580488] page_type: 0xffffffff() [ 33.580727] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.581195] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.581626] page dumped because: kasan: bad access detected [ 33.581944] [ 33.582082] Memory state around the buggy address: [ 33.582356] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.582744] ffff888100366600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.583177] >ffff888100366680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 33.583991] ^ [ 33.584345] ffff888100366700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.584743] ffff888100366780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.585225] ================================================================== [ 33.500563] ================================================================== [ 33.501537] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x21a/0x660 [ 33.502337] Write of size 1 at addr ffff8881003666da by task kunit_try_catch/152 [ 33.502838] [ 33.502971] CPU: 0 PID: 152 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.503344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.503742] Call Trace: [ 33.504035] <TASK> [ 33.504291] dump_stack_lvl+0x4e/0x90 [ 33.504745] print_report+0xd2/0x650 [ 33.505155] ? __virt_addr_valid+0x156/0x1e0 [ 33.505618] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.506177] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.506745] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.507328] kasan_report+0x147/0x180 [ 33.507761] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.508299] __asan_store1+0x69/0x70 [ 33.508706] krealloc_less_oob_helper+0x21a/0x660 [ 33.509248] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.509818] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.510352] ? __schedule+0x715/0x11a0 [ 33.510765] ? ktime_get_ts64+0x118/0x140 [ 33.511250] krealloc_less_oob+0x1c/0x30 [ 33.511684] kunit_try_run_case+0x120/0x290 [ 33.512150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.512401] ? __kasan_check_write+0x18/0x20 [ 33.512626] ? trace_preempt_on+0x20/0xa0 [ 33.512880] ? __kthread_parkme+0x4f/0xd0 [ 33.513288] ? preempt_count_sub+0x50/0x80 [ 33.513585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.513910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.514319] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.514641] kthread+0x19e/0x1e0 [ 33.514906] ? __pfx_kthread+0x10/0x10 [ 33.515287] ret_from_fork+0x41/0x70 [ 33.515582] ? __pfx_kthread+0x10/0x10 [ 33.515979] ret_from_fork_asm+0x1b/0x30 [ 33.516312] </TASK> [ 33.516479] [ 33.516624] Allocated by task 152: [ 33.516915] kasan_save_stack+0x44/0x70 [ 33.517172] kasan_set_track+0x29/0x40 [ 33.517442] kasan_save_alloc_info+0x22/0x30 [ 33.517692] __kasan_krealloc+0x12f/0x180 [ 33.517978] krealloc+0xc1/0x140 [ 33.518246] krealloc_less_oob_helper+0xe5/0x660 [ 33.518557] krealloc_less_oob+0x1c/0x30 [ 33.518814] kunit_try_run_case+0x120/0x290 [ 33.519086] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.519421] kthread+0x19e/0x1e0 [ 33.519611] ret_from_fork+0x41/0x70 [ 33.520008] ret_from_fork_asm+0x1b/0x30 [ 33.520251] [ 33.520407] The buggy address belongs to the object at ffff888100366600 [ 33.520407] which belongs to the cache kmalloc-256 of size 256 [ 33.521088] The buggy address is located 17 bytes to the right of [ 33.521088] allocated 201-byte region [ffff888100366600, ffff8881003666c9) [ 33.521835] [ 33.521950] The buggy address belongs to the physical page: [ 33.522458] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.523028] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.523548] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.523995] page_type: 0xffffffff() [ 33.524272] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.524700] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.525247] page dumped because: kasan: bad access detected [ 33.525553] [ 33.525680] Memory state around the buggy address: [ 33.525985] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.526422] ffff888100366600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.526875] >ffff888100366680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 33.527255] ^ [ 33.527616] ffff888100366700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.528090] ffff888100366780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.528508] ================================================================== [ 33.647436] ================================================================== [ 33.648133] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x146/0x660 [ 33.648925] Write of size 1 at addr ffff88810222a0c9 by task kunit_try_catch/156 [ 33.649369] [ 33.649673] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.650203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.650654] Call Trace: [ 33.650996] <TASK> [ 33.651217] dump_stack_lvl+0x4e/0x90 [ 33.651990] print_report+0xd2/0x650 [ 33.652279] ? __virt_addr_valid+0x156/0x1e0 [ 33.652692] ? krealloc_less_oob_helper+0x146/0x660 [ 33.653134] ? kasan_addr_to_slab+0x11/0xb0 [ 33.653448] ? krealloc_less_oob_helper+0x146/0x660 [ 33.653930] kasan_report+0x147/0x180 [ 33.654202] ? krealloc_less_oob_helper+0x146/0x660 [ 33.654670] __asan_store1+0x69/0x70 [ 33.654993] krealloc_less_oob_helper+0x146/0x660 [ 33.655325] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.656119] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.656634] ? __schedule+0x715/0x11a0 [ 33.656934] ? ktime_get_ts64+0x118/0x140 [ 33.657285] krealloc_pagealloc_less_oob+0x1c/0x30 [ 33.657705] kunit_try_run_case+0x120/0x290 [ 33.658045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.658491] ? __kasan_check_write+0x18/0x20 [ 33.658870] ? trace_preempt_on+0x20/0xa0 [ 33.659145] ? __kthread_parkme+0x4f/0xd0 [ 33.659460] ? preempt_count_sub+0x50/0x80 [ 33.659937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.660373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.661212] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.661616] kthread+0x19e/0x1e0 [ 33.661919] ? __pfx_kthread+0x10/0x10 [ 33.662165] ret_from_fork+0x41/0x70 [ 33.662412] ? __pfx_kthread+0x10/0x10 [ 33.662678] ret_from_fork_asm+0x1b/0x30 [ 33.663341] </TASK> [ 33.663481] [ 33.663752] The buggy address belongs to the physical page: [ 33.664075] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102228 [ 33.664648] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.665485] flags: 0x200000000000040(head|node=0|zone=2) [ 33.665809] page_type: 0xffffffff() [ 33.666056] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.666425] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.667085] page dumped because: kasan: bad access detected [ 33.667383] [ 33.667595] Memory state around the buggy address: [ 33.667924] ffff888102229f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.668309] ffff88810222a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.669093] >ffff88810222a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 33.669522] ^ [ 33.670036] ffff88810222a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.670588] ffff88810222a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.671008] ================================================================== [ 33.740070] ================================================================== [ 33.740603] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x294/0x660 [ 33.741068] Write of size 1 at addr ffff88810222a0eb by task kunit_try_catch/156 [ 33.741543] [ 33.742152] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.742894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.743380] Call Trace: [ 33.743619] <TASK> [ 33.743822] dump_stack_lvl+0x4e/0x90 [ 33.744126] print_report+0xd2/0x650 [ 33.744370] ? __virt_addr_valid+0x156/0x1e0 [ 33.744710] ? krealloc_less_oob_helper+0x294/0x660 [ 33.745042] ? kasan_addr_to_slab+0x11/0xb0 [ 33.745341] ? krealloc_less_oob_helper+0x294/0x660 [ 33.745645] kasan_report+0x147/0x180 [ 33.746479] ? krealloc_less_oob_helper+0x294/0x660 [ 33.746893] __asan_store1+0x69/0x70 [ 33.747146] krealloc_less_oob_helper+0x294/0x660 [ 33.747549] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.747946] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.748275] ? __schedule+0x715/0x11a0 [ 33.748612] ? ktime_get_ts64+0x118/0x140 [ 33.748937] krealloc_pagealloc_less_oob+0x1c/0x30 [ 33.749265] kunit_try_run_case+0x120/0x290 [ 33.749982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.750299] ? __kasan_check_write+0x18/0x20 [ 33.750661] ? trace_preempt_on+0x20/0xa0 [ 33.750979] ? __kthread_parkme+0x4f/0xd0 [ 33.751233] ? preempt_count_sub+0x50/0x80 [ 33.751677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.752029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.752846] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.753216] kthread+0x19e/0x1e0 [ 33.753459] ? __pfx_kthread+0x10/0x10 [ 33.754069] ret_from_fork+0x41/0x70 [ 33.754308] ? __pfx_kthread+0x10/0x10 [ 33.754727] ret_from_fork_asm+0x1b/0x30 [ 33.755055] </TASK> [ 33.755241] [ 33.755443] The buggy address belongs to the physical page: [ 33.755758] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102228 [ 33.756296] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.756885] flags: 0x200000000000040(head|node=0|zone=2) [ 33.757203] page_type: 0xffffffff() [ 33.757417] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.758302] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.758824] page dumped because: kasan: bad access detected [ 33.759139] [ 33.759256] Memory state around the buggy address: [ 33.759616] ffff888102229f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.760037] ffff88810222a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.760423] >ffff88810222a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 33.760948] ^ [ 33.761361] ffff88810222a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.762260] ffff88810222a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.762792] ================================================================== [ 33.717418] ================================================================== [ 33.718089] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x258/0x660 [ 33.718675] Write of size 1 at addr ffff88810222a0ea by task kunit_try_catch/156 [ 33.719140] [ 33.719259] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.720176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.720658] Call Trace: [ 33.720886] <TASK> [ 33.721065] dump_stack_lvl+0x4e/0x90 [ 33.721353] print_report+0xd2/0x650 [ 33.721630] ? __virt_addr_valid+0x156/0x1e0 [ 33.722239] ? krealloc_less_oob_helper+0x258/0x660 [ 33.722721] ? kasan_addr_to_slab+0x11/0xb0 [ 33.723073] ? krealloc_less_oob_helper+0x258/0x660 [ 33.723388] kasan_report+0x147/0x180 [ 33.723746] ? krealloc_less_oob_helper+0x258/0x660 [ 33.724112] __asan_store1+0x69/0x70 [ 33.724464] krealloc_less_oob_helper+0x258/0x660 [ 33.724767] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.725152] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.725529] ? __schedule+0x715/0x11a0 [ 33.726164] ? ktime_get_ts64+0x118/0x140 [ 33.726540] krealloc_pagealloc_less_oob+0x1c/0x30 [ 33.726842] kunit_try_run_case+0x120/0x290 [ 33.727181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.727630] ? __kasan_check_write+0x18/0x20 [ 33.727948] ? trace_preempt_on+0x20/0xa0 [ 33.728258] ? __kthread_parkme+0x4f/0xd0 [ 33.728526] ? preempt_count_sub+0x50/0x80 [ 33.728984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.729272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.730030] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.730378] kthread+0x19e/0x1e0 [ 33.730728] ? __pfx_kthread+0x10/0x10 [ 33.731026] ret_from_fork+0x41/0x70 [ 33.731250] ? __pfx_kthread+0x10/0x10 [ 33.731528] ret_from_fork_asm+0x1b/0x30 [ 33.731932] </TASK> [ 33.732089] [ 33.732219] The buggy address belongs to the physical page: [ 33.732619] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102228 [ 33.733236] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.734061] flags: 0x200000000000040(head|node=0|zone=2) [ 33.734422] page_type: 0xffffffff() [ 33.734763] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.735259] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.735731] page dumped because: kasan: bad access detected [ 33.736128] [ 33.736254] Memory state around the buggy address: [ 33.736689] ffff888102229f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.737148] ffff88810222a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.737524] >ffff88810222a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 33.738228] ^ [ 33.738684] ffff88810222a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.739094] ffff88810222a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.739526] ================================================================== [ 33.472251] ================================================================== [ 33.472702] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a6/0x660 [ 33.473265] Write of size 1 at addr ffff8881003666d0 by task kunit_try_catch/152 [ 33.473913] [ 33.474043] CPU: 0 PID: 152 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.474514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.474923] Call Trace: [ 33.475117] <TASK> [ 33.475288] dump_stack_lvl+0x4e/0x90 [ 33.475596] print_report+0xd2/0x650 [ 33.475907] ? __virt_addr_valid+0x156/0x1e0 [ 33.476245] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.476506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.476858] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.477245] kasan_report+0x147/0x180 [ 33.477481] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.477888] __asan_store1+0x69/0x70 [ 33.478099] krealloc_less_oob_helper+0x1a6/0x660 [ 33.479832] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.480243] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.480585] ? __schedule+0x715/0x11a0 [ 33.480920] ? ktime_get_ts64+0x118/0x140 [ 33.481206] krealloc_less_oob+0x1c/0x30 [ 33.481560] kunit_try_run_case+0x120/0x290 [ 33.482370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.482715] ? __kasan_check_write+0x18/0x20 [ 33.483069] ? trace_preempt_on+0x20/0xa0 [ 33.483352] ? __kthread_parkme+0x4f/0xd0 [ 33.483661] ? preempt_count_sub+0x50/0x80 [ 33.483951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.484336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.484706] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.485105] kthread+0x19e/0x1e0 [ 33.485755] ? __pfx_kthread+0x10/0x10 [ 33.486043] ret_from_fork+0x41/0x70 [ 33.486282] ? __pfx_kthread+0x10/0x10 [ 33.486552] ret_from_fork_asm+0x1b/0x30 [ 33.486844] </TASK> [ 33.487002] [ 33.487123] Allocated by task 152: [ 33.487308] kasan_save_stack+0x44/0x70 [ 33.487585] kasan_set_track+0x29/0x40 [ 33.487869] kasan_save_alloc_info+0x22/0x30 [ 33.488191] __kasan_krealloc+0x12f/0x180 [ 33.488447] krealloc+0xc1/0x140 [ 33.488650] krealloc_less_oob_helper+0xe5/0x660 [ 33.489408] krealloc_less_oob+0x1c/0x30 [ 33.489904] kunit_try_run_case+0x120/0x290 [ 33.490175] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.490620] kthread+0x19e/0x1e0 [ 33.490883] ret_from_fork+0x41/0x70 [ 33.491123] ret_from_fork_asm+0x1b/0x30 [ 33.491345] [ 33.491454] The buggy address belongs to the object at ffff888100366600 [ 33.491454] which belongs to the cache kmalloc-256 of size 256 [ 33.492223] The buggy address is located 7 bytes to the right of [ 33.492223] allocated 201-byte region [ffff888100366600, ffff8881003666c9) [ 33.492913] [ 33.493031] The buggy address belongs to the physical page: [ 33.493374] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.493943] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.494366] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.494717] page_type: 0xffffffff() [ 33.494973] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.495403] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.495791] page dumped because: kasan: bad access detected [ 33.496104] [ 33.496230] Memory state around the buggy address: [ 33.496485] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.496895] ffff888100366600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.497351] >ffff888100366680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 33.497737] ^ [ 33.498067] ffff888100366700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.498412] ffff888100366780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.498898] ================================================================== [ 33.694385] ================================================================== [ 33.694768] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x21a/0x660 [ 33.695228] Write of size 1 at addr ffff88810222a0da by task kunit_try_catch/156 [ 33.695609] [ 33.695967] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.696462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.697326] Call Trace: [ 33.697615] <TASK> [ 33.697814] dump_stack_lvl+0x4e/0x90 [ 33.698093] print_report+0xd2/0x650 [ 33.698436] ? __virt_addr_valid+0x156/0x1e0 [ 33.698763] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.699146] ? kasan_addr_to_slab+0x11/0xb0 [ 33.699527] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.699852] kasan_report+0x147/0x180 [ 33.700411] ? krealloc_less_oob_helper+0x21a/0x660 [ 33.701076] __asan_store1+0x69/0x70 [ 33.701343] krealloc_less_oob_helper+0x21a/0x660 [ 33.701671] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.702152] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.702610] ? __schedule+0x715/0x11a0 [ 33.702897] ? ktime_get_ts64+0x118/0x140 [ 33.703169] krealloc_pagealloc_less_oob+0x1c/0x30 [ 33.703703] kunit_try_run_case+0x120/0x290 [ 33.704023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.704299] ? __kasan_check_write+0x18/0x20 [ 33.704614] ? trace_preempt_on+0x20/0xa0 [ 33.704873] ? __kthread_parkme+0x4f/0xd0 [ 33.705487] ? preempt_count_sub+0x50/0x80 [ 33.705916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.706216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.706622] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.707044] kthread+0x19e/0x1e0 [ 33.707315] ? __pfx_kthread+0x10/0x10 [ 33.707770] ret_from_fork+0x41/0x70 [ 33.708048] ? __pfx_kthread+0x10/0x10 [ 33.708286] ret_from_fork_asm+0x1b/0x30 [ 33.708956] </TASK> [ 33.709150] [ 33.709280] The buggy address belongs to the physical page: [ 33.709680] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102228 [ 33.710302] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.710844] flags: 0x200000000000040(head|node=0|zone=2) [ 33.711176] page_type: 0xffffffff() [ 33.711412] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.712063] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.712803] page dumped because: kasan: bad access detected [ 33.713113] [ 33.713256] Memory state around the buggy address: [ 33.713640] ffff888102229f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.714078] ffff88810222a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.714599] >ffff88810222a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 33.715029] ^ [ 33.715373] ffff88810222a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.715985] ffff88810222a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.716581] ================================================================== [ 33.529899] ================================================================== [ 33.530318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x258/0x660 [ 33.530821] Write of size 1 at addr ffff8881003666ea by task kunit_try_catch/152 [ 33.531287] [ 33.531430] CPU: 0 PID: 152 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.531989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.532705] Call Trace: [ 33.532928] <TASK> [ 33.533109] dump_stack_lvl+0x4e/0x90 [ 33.533408] print_report+0xd2/0x650 [ 33.533702] ? __virt_addr_valid+0x156/0x1e0 [ 33.534057] ? krealloc_less_oob_helper+0x258/0x660 [ 33.534334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.534751] ? krealloc_less_oob_helper+0x258/0x660 [ 33.535107] kasan_report+0x147/0x180 [ 33.535403] ? krealloc_less_oob_helper+0x258/0x660 [ 33.535797] __asan_store1+0x69/0x70 [ 33.536070] krealloc_less_oob_helper+0x258/0x660 [ 33.536398] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.536768] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.537112] ? __schedule+0x715/0x11a0 [ 33.537407] ? ktime_get_ts64+0x118/0x140 [ 33.537688] krealloc_less_oob+0x1c/0x30 [ 33.537972] kunit_try_run_case+0x120/0x290 [ 33.538308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.538638] ? __kasan_check_write+0x18/0x20 [ 33.539052] ? trace_preempt_on+0x20/0xa0 [ 33.539309] ? __kthread_parkme+0x4f/0xd0 [ 33.539641] ? preempt_count_sub+0x50/0x80 [ 33.539963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.540317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.540706] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.541068] kthread+0x19e/0x1e0 [ 33.541353] ? __pfx_kthread+0x10/0x10 [ 33.541627] ret_from_fork+0x41/0x70 [ 33.541933] ? __pfx_kthread+0x10/0x10 [ 33.542217] ret_from_fork_asm+0x1b/0x30 [ 33.542528] </TASK> [ 33.542664] [ 33.542821] Allocated by task 152: [ 33.543049] kasan_save_stack+0x44/0x70 [ 33.543369] kasan_set_track+0x29/0x40 [ 33.543610] kasan_save_alloc_info+0x22/0x30 [ 33.544019] __kasan_krealloc+0x12f/0x180 [ 33.544310] krealloc+0xc1/0x140 [ 33.544568] krealloc_less_oob_helper+0xe5/0x660 [ 33.544920] krealloc_less_oob+0x1c/0x30 [ 33.545202] kunit_try_run_case+0x120/0x290 [ 33.545483] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.545843] kthread+0x19e/0x1e0 [ 33.546106] ret_from_fork+0x41/0x70 [ 33.546413] ret_from_fork_asm+0x1b/0x30 [ 33.546653] [ 33.546829] The buggy address belongs to the object at ffff888100366600 [ 33.546829] which belongs to the cache kmalloc-256 of size 256 [ 33.547514] The buggy address is located 33 bytes to the right of [ 33.547514] allocated 201-byte region [ffff888100366600, ffff8881003666c9) [ 33.548270] [ 33.548421] The buggy address belongs to the physical page: [ 33.548745] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.549348] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.549824] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.550206] page_type: 0xffffffff() [ 33.550462] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.550936] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.551383] page dumped because: kasan: bad access detected [ 33.551687] [ 33.551808] Memory state around the buggy address: [ 33.552128] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.552583] ffff888100366600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.553041] >ffff888100366680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 33.553466] ^ [ 33.553905] ffff888100366700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.554286] ffff888100366780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.554745] ================================================================== [ 33.672245] ================================================================== [ 33.673027] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1a6/0x660 [ 33.673613] Write of size 1 at addr ffff88810222a0d0 by task kunit_try_catch/156 [ 33.674069] [ 33.674185] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.674908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.675512] Call Trace: [ 33.675723] <TASK> [ 33.675890] dump_stack_lvl+0x4e/0x90 [ 33.676158] print_report+0xd2/0x650 [ 33.676741] ? __virt_addr_valid+0x156/0x1e0 [ 33.677173] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.677591] ? kasan_addr_to_slab+0x11/0xb0 [ 33.677912] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.678267] kasan_report+0x147/0x180 [ 33.678602] ? krealloc_less_oob_helper+0x1a6/0x660 [ 33.679101] __asan_store1+0x69/0x70 [ 33.679367] krealloc_less_oob_helper+0x1a6/0x660 [ 33.679713] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 33.680081] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.680414] ? __schedule+0x715/0x11a0 [ 33.680661] ? ktime_get_ts64+0x118/0x140 [ 33.681237] krealloc_pagealloc_less_oob+0x1c/0x30 [ 33.681690] kunit_try_run_case+0x120/0x290 [ 33.682015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.682460] ? __kasan_check_write+0x18/0x20 [ 33.682756] ? trace_preempt_on+0x20/0xa0 [ 33.683059] ? __kthread_parkme+0x4f/0xd0 [ 33.683315] ? preempt_count_sub+0x50/0x80 [ 33.683675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.684065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.684409] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.685021] kthread+0x19e/0x1e0 [ 33.685301] ? __pfx_kthread+0x10/0x10 [ 33.685657] ret_from_fork+0x41/0x70 [ 33.685952] ? __pfx_kthread+0x10/0x10 [ 33.686205] ret_from_fork_asm+0x1b/0x30 [ 33.686517] </TASK> [ 33.686724] [ 33.686991] The buggy address belongs to the physical page: [ 33.687335] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102228 [ 33.687904] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.688609] flags: 0x200000000000040(head|node=0|zone=2) [ 33.688983] page_type: 0xffffffff() [ 33.689219] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.689759] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.690170] page dumped because: kasan: bad access detected [ 33.690595] [ 33.690740] Memory state around the buggy address: [ 33.691024] ffff888102229f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.691428] ffff88810222a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.691919] >ffff88810222a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 33.692294] ^ [ 33.692973] ffff88810222a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.693451] ffff88810222a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.693883] ==================================================================