Date
June 17, 2025, 3:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 91.824619] ================================================================== [ 91.825935] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x138/0x380 [ 91.827441] Write of size 1 at addr ffff0000c0b916eb by task kunit_try_catch/135 [ 91.828392] [ 91.828936] CPU: 1 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 91.830168] Hardware name: linux,dummy-virt (DT) [ 91.831007] Call trace: [ 91.831522] dump_backtrace+0x9c/0x128 [ 91.832453] show_stack+0x20/0x38 [ 91.833233] dump_stack_lvl+0x60/0xb0 [ 91.834064] print_report+0xf8/0x5e8 [ 91.834754] kasan_report+0xdc/0x128 [ 91.835590] __asan_store1+0x60/0x70 [ 91.836468] krealloc_more_oob_helper+0x138/0x380 [ 91.837446] krealloc_more_oob+0x20/0x38 [ 91.838237] kunit_try_run_case+0x114/0x298 [ 91.839161] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.840214] kthread+0x18c/0x1a8 [ 91.840961] ret_from_fork+0x10/0x20 [ 91.841768] [ 91.842188] Allocated by task 135: [ 91.842837] kasan_save_stack+0x3c/0x68 [ 91.843639] kasan_set_track+0x2c/0x40 [ 91.844490] kasan_save_alloc_info+0x24/0x38 [ 91.845306] __kasan_krealloc+0x10c/0x140 [ 91.846132] krealloc+0x10c/0x1a0 [ 91.846830] krealloc_more_oob_helper+0xd4/0x380 [ 91.847671] krealloc_more_oob+0x20/0x38 [ 91.848517] kunit_try_run_case+0x114/0x298 [ 91.849379] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.850250] kthread+0x18c/0x1a8 [ 91.850790] ret_from_fork+0x10/0x20 [ 91.851544] [ 91.851998] The buggy address belongs to the object at ffff0000c0b91600 [ 91.851998] which belongs to the cache kmalloc-256 of size 256 [ 91.853623] The buggy address is located 0 bytes to the right of [ 91.853623] allocated 235-byte region [ffff0000c0b91600, ffff0000c0b916eb) [ 91.855235] [ 91.855717] The buggy address belongs to the physical page: [ 91.856631] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 91.857911] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.859017] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 91.860161] page_type: 0xffffffff() [ 91.860981] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 91.862036] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 91.863033] page dumped because: kasan: bad access detected [ 91.863895] [ 91.864288] Memory state around the buggy address: [ 91.865164] ffff0000c0b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.866217] ffff0000c0b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.867254] >ffff0000c0b91680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 91.868253] ^ [ 91.869334] ffff0000c0b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.870358] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.871316] ================================================================== [ 91.874377] ================================================================== [ 91.875610] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x168/0x380 [ 91.877092] Write of size 1 at addr ffff0000c0b916f0 by task kunit_try_catch/135 [ 91.878293] [ 91.878777] CPU: 1 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 91.879944] Hardware name: linux,dummy-virt (DT) [ 91.880700] Call trace: [ 91.881262] dump_backtrace+0x9c/0x128 [ 91.882024] show_stack+0x20/0x38 [ 91.882691] dump_stack_lvl+0x60/0xb0 [ 91.883364] print_report+0xf8/0x5e8 [ 91.885179] kasan_report+0xdc/0x128 [ 91.886202] __asan_store1+0x60/0x70 [ 91.886999] krealloc_more_oob_helper+0x168/0x380 [ 91.887918] krealloc_more_oob+0x20/0x38 [ 91.888726] kunit_try_run_case+0x114/0x298 [ 91.889585] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.890572] kthread+0x18c/0x1a8 [ 91.891251] ret_from_fork+0x10/0x20 [ 91.891990] [ 91.892358] Allocated by task 135: [ 91.893048] kasan_save_stack+0x3c/0x68 [ 91.893850] kasan_set_track+0x2c/0x40 [ 91.894572] kasan_save_alloc_info+0x24/0x38 [ 91.895422] __kasan_krealloc+0x10c/0x140 [ 91.896286] krealloc+0x10c/0x1a0 [ 91.897020] krealloc_more_oob_helper+0xd4/0x380 [ 91.897847] krealloc_more_oob+0x20/0x38 [ 91.898578] kunit_try_run_case+0x114/0x298 [ 91.899369] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 91.900371] kthread+0x18c/0x1a8 [ 91.901049] ret_from_fork+0x10/0x20 [ 91.901805] [ 91.902149] The buggy address belongs to the object at ffff0000c0b91600 [ 91.902149] which belongs to the cache kmalloc-256 of size 256 [ 91.903727] The buggy address is located 5 bytes to the right of [ 91.903727] allocated 235-byte region [ffff0000c0b91600, ffff0000c0b916eb) [ 91.905398] [ 91.905807] The buggy address belongs to the physical page: [ 91.906692] page:00000000c3af2b0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b90 [ 91.908032] head:00000000c3af2b0d order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.909280] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff) [ 91.910198] page_type: 0xffffffff() [ 91.910956] raw: 0bfffc0000000840 ffff0000c0001b40 dead000000000122 0000000000000000 [ 91.911892] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 91.912735] page dumped because: kasan: bad access detected [ 91.913386] [ 91.913762] Memory state around the buggy address: [ 91.914402] ffff0000c0b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.915619] ffff0000c0b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.916834] >ffff0000c0b91680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 91.917943] ^ [ 91.919034] ffff0000c0b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.921894] ffff0000c0b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.923091] ================================================================== [ 92.120882] ================================================================== [ 92.121666] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x138/0x380 [ 92.122330] Write of size 1 at addr ffff0000c601a0eb by task kunit_try_catch/139 [ 92.123292] [ 92.123521] CPU: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.124040] Hardware name: linux,dummy-virt (DT) [ 92.124433] Call trace: [ 92.124696] dump_backtrace+0x9c/0x128 [ 92.125113] show_stack+0x20/0x38 [ 92.125841] dump_stack_lvl+0x60/0xb0 [ 92.126403] print_report+0xf8/0x5e8 [ 92.126953] kasan_report+0xdc/0x128 [ 92.127304] __asan_store1+0x60/0x70 [ 92.128190] krealloc_more_oob_helper+0x138/0x380 [ 92.128833] krealloc_pagealloc_more_oob+0x20/0x38 [ 92.129341] kunit_try_run_case+0x114/0x298 [ 92.129866] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.131659] kthread+0x18c/0x1a8 [ 92.132061] ret_from_fork+0x10/0x20 [ 92.132424] [ 92.132655] The buggy address belongs to the physical page: [ 92.133271] page:00000000f1dbd5c8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106018 [ 92.134168] head:00000000f1dbd5c8 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.134939] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.135652] page_type: 0xffffffff() [ 92.136244] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.136879] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.137455] page dumped because: kasan: bad access detected [ 92.137910] [ 92.138115] Memory state around the buggy address: [ 92.138579] ffff0000c6019f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.139156] ffff0000c601a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.140281] >ffff0000c601a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 92.141007] ^ [ 92.142534] ffff0000c601a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.143240] ffff0000c601a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.144030] ================================================================== [ 92.145211] ================================================================== [ 92.145798] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x168/0x380 [ 92.146508] Write of size 1 at addr ffff0000c601a0f0 by task kunit_try_catch/139 [ 92.147055] [ 92.147359] CPU: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 92.148506] Hardware name: linux,dummy-virt (DT) [ 92.148858] Call trace: [ 92.149105] dump_backtrace+0x9c/0x128 [ 92.149722] show_stack+0x20/0x38 [ 92.150172] dump_stack_lvl+0x60/0xb0 [ 92.150845] print_report+0xf8/0x5e8 [ 92.151452] kasan_report+0xdc/0x128 [ 92.152014] __asan_store1+0x60/0x70 [ 92.152519] krealloc_more_oob_helper+0x168/0x380 [ 92.153001] krealloc_pagealloc_more_oob+0x20/0x38 [ 92.154269] kunit_try_run_case+0x114/0x298 [ 92.155971] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 92.157251] kthread+0x18c/0x1a8 [ 92.158016] ret_from_fork+0x10/0x20 [ 92.159189] [ 92.159643] The buggy address belongs to the physical page: [ 92.160665] page:00000000f1dbd5c8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106018 [ 92.162444] head:00000000f1dbd5c8 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.164235] flags: 0xbfffc0000000040(head|node=0|zone=2|lastcpupid=0xffff) [ 92.165583] page_type: 0xffffffff() [ 92.166427] raw: 0bfffc0000000040 0000000000000000 dead000000000122 0000000000000000 [ 92.167729] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 92.169235] page dumped because: kasan: bad access detected [ 92.170273] [ 92.170750] Memory state around the buggy address: [ 92.171681] ffff0000c6019f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.173951] ffff0000c601a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.175274] >ffff0000c601a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 92.176752] ^ [ 92.177716] ffff0000c601a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.180958] ffff0000c601a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 92.181892] ==================================================================
[ 33.618360] ================================================================== [ 33.619114] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.619748] Write of size 1 at addr ffff8881020720f0 by task kunit_try_catch/154 [ 33.620211] [ 33.620356] CPU: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.620924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.621655] Call Trace: [ 33.621908] <TASK> [ 33.622110] dump_stack_lvl+0x4e/0x90 [ 33.622486] print_report+0xd2/0x650 [ 33.622841] ? __virt_addr_valid+0x156/0x1e0 [ 33.623204] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.624135] ? kasan_addr_to_slab+0x11/0xb0 [ 33.624584] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.624988] kasan_report+0x147/0x180 [ 33.625317] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.625743] __asan_store1+0x69/0x70 [ 33.626162] krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.626577] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 33.627127] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.627566] ? __schedule+0x715/0x11a0 [ 33.627955] ? ktime_get_ts64+0x118/0x140 [ 33.628282] krealloc_pagealloc_more_oob+0x1c/0x30 [ 33.628724] kunit_try_run_case+0x120/0x290 [ 33.629573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.629971] ? __kasan_check_write+0x18/0x20 [ 33.630257] ? trace_preempt_on+0x20/0xa0 [ 33.630638] ? __kthread_parkme+0x4f/0xd0 [ 33.631042] ? preempt_count_sub+0x50/0x80 [ 33.631321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.631750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.632150] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.632634] kthread+0x19e/0x1e0 [ 33.632926] ? __pfx_kthread+0x10/0x10 [ 33.633217] ret_from_fork+0x41/0x70 [ 33.633913] ? __pfx_kthread+0x10/0x10 [ 33.634173] ret_from_fork_asm+0x1b/0x30 [ 33.634452] </TASK> [ 33.634632] [ 33.634804] The buggy address belongs to the physical page: [ 33.635130] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102070 [ 33.635629] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.636132] flags: 0x200000000000040(head|node=0|zone=2) [ 33.636457] page_type: 0xffffffff() [ 33.636685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.637129] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.637565] page dumped because: kasan: bad access detected [ 33.637988] [ 33.638139] Memory state around the buggy address: [ 33.638531] ffff888102071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.639065] ffff888102072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.639545] >ffff888102072080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 33.640005] ^ [ 33.640351] ffff888102072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.640850] ffff888102072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.641244] ================================================================== [ 33.414453] ================================================================== [ 33.414934] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.415528] Write of size 1 at addr ffff8881003664f0 by task kunit_try_catch/150 [ 33.416004] [ 33.416122] CPU: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.416837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.417587] Call Trace: [ 33.417763] <TASK> [ 33.418073] dump_stack_lvl+0x4e/0x90 [ 33.418344] print_report+0xd2/0x650 [ 33.418595] ? __virt_addr_valid+0x156/0x1e0 [ 33.418964] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.419232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.419634] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.420044] kasan_report+0x147/0x180 [ 33.420272] ? krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.420675] __asan_store1+0x69/0x70 [ 33.421099] krealloc_more_oob_helper+0x1bb/0x3b0 [ 33.421435] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 33.421795] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.422080] ? __schedule+0x715/0x11a0 [ 33.422379] ? ktime_get_ts64+0x118/0x140 [ 33.422686] krealloc_more_oob+0x1c/0x30 [ 33.423000] kunit_try_run_case+0x120/0x290 [ 33.423249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.423590] ? __kasan_check_write+0x18/0x20 [ 33.423880] ? trace_preempt_on+0x20/0xa0 [ 33.424173] ? __kthread_parkme+0x4f/0xd0 [ 33.424475] ? preempt_count_sub+0x50/0x80 [ 33.424762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.425088] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.425444] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.425775] kthread+0x19e/0x1e0 [ 33.426023] ? __pfx_kthread+0x10/0x10 [ 33.426257] ret_from_fork+0x41/0x70 [ 33.426520] ? __pfx_kthread+0x10/0x10 [ 33.426764] ret_from_fork_asm+0x1b/0x30 [ 33.427172] </TASK> [ 33.427425] [ 33.427535] Allocated by task 150: [ 33.427776] kasan_save_stack+0x44/0x70 [ 33.428031] kasan_set_track+0x29/0x40 [ 33.428282] kasan_save_alloc_info+0x22/0x30 [ 33.428516] __kasan_krealloc+0x12f/0x180 [ 33.428742] krealloc+0xc1/0x140 [ 33.429037] krealloc_more_oob_helper+0xe2/0x3b0 [ 33.429390] krealloc_more_oob+0x1c/0x30 [ 33.429639] kunit_try_run_case+0x120/0x290 [ 33.430022] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.430353] kthread+0x19e/0x1e0 [ 33.430568] ret_from_fork+0x41/0x70 [ 33.430918] ret_from_fork_asm+0x1b/0x30 [ 33.431147] [ 33.431254] The buggy address belongs to the object at ffff888100366400 [ 33.431254] which belongs to the cache kmalloc-256 of size 256 [ 33.432025] The buggy address is located 5 bytes to the right of [ 33.432025] allocated 235-byte region [ffff888100366400, ffff8881003664eb) [ 33.432696] [ 33.432838] The buggy address belongs to the physical page: [ 33.433164] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.433738] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.434198] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.434549] page_type: 0xffffffff() [ 33.434807] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.435239] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.435671] page dumped because: kasan: bad access detected [ 33.435951] [ 33.436075] Memory state around the buggy address: [ 33.436379] ffff888100366380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.436741] ffff888100366400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.437137] >ffff888100366480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 33.437564] ^ [ 33.438000] ffff888100366500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.438362] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.438761] ================================================================== [ 33.389319] ================================================================== [ 33.390317] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x179/0x3b0 [ 33.390762] Write of size 1 at addr ffff8881003664eb by task kunit_try_catch/150 [ 33.391244] [ 33.391394] CPU: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.391840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.392463] Call Trace: [ 33.392623] <TASK> [ 33.392809] dump_stack_lvl+0x4e/0x90 [ 33.393064] print_report+0xd2/0x650 [ 33.393342] ? __virt_addr_valid+0x156/0x1e0 [ 33.393628] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.393943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.394298] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.394612] kasan_report+0x147/0x180 [ 33.394925] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.395257] __asan_store1+0x69/0x70 [ 33.395517] krealloc_more_oob_helper+0x179/0x3b0 [ 33.395815] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 33.396215] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.396562] ? __schedule+0x715/0x11a0 [ 33.396784] ? ktime_get_ts64+0x118/0x140 [ 33.397099] krealloc_more_oob+0x1c/0x30 [ 33.397607] kunit_try_run_case+0x120/0x290 [ 33.397954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.398287] ? __kasan_check_write+0x18/0x20 [ 33.398562] ? trace_preempt_on+0x20/0xa0 [ 33.398936] ? __kthread_parkme+0x4f/0xd0 [ 33.399181] ? preempt_count_sub+0x50/0x80 [ 33.399494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.399768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.400205] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.400530] kthread+0x19e/0x1e0 [ 33.400765] ? __pfx_kthread+0x10/0x10 [ 33.401066] ret_from_fork+0x41/0x70 [ 33.401294] ? __pfx_kthread+0x10/0x10 [ 33.401571] ret_from_fork_asm+0x1b/0x30 [ 33.401825] </TASK> [ 33.402019] [ 33.402147] Allocated by task 150: [ 33.402328] kasan_save_stack+0x44/0x70 [ 33.402626] kasan_set_track+0x29/0x40 [ 33.402872] kasan_save_alloc_info+0x22/0x30 [ 33.403189] __kasan_krealloc+0x12f/0x180 [ 33.403488] krealloc+0xc1/0x140 [ 33.403732] krealloc_more_oob_helper+0xe2/0x3b0 [ 33.404039] krealloc_more_oob+0x1c/0x30 [ 33.404317] kunit_try_run_case+0x120/0x290 [ 33.404588] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.405017] kthread+0x19e/0x1e0 [ 33.405271] ret_from_fork+0x41/0x70 [ 33.405504] ret_from_fork_asm+0x1b/0x30 [ 33.405799] [ 33.405941] The buggy address belongs to the object at ffff888100366400 [ 33.405941] which belongs to the cache kmalloc-256 of size 256 [ 33.406563] The buggy address is located 0 bytes to the right of [ 33.406563] allocated 235-byte region [ffff888100366400, ffff8881003664eb) [ 33.407343] [ 33.407449] The buggy address belongs to the physical page: [ 33.407856] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100366 [ 33.408351] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.408845] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 33.409220] page_type: 0xffffffff() [ 33.409477] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000 [ 33.409937] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.410384] page dumped because: kasan: bad access detected [ 33.410665] [ 33.410856] Memory state around the buggy address: [ 33.411122] ffff888100366380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.411559] ffff888100366400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.411987] >ffff888100366480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 33.412415] ^ [ 33.412796] ffff888100366500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.413200] ffff888100366580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.413606] ================================================================== [ 33.590285] ================================================================== [ 33.591549] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x179/0x3b0 [ 33.592355] Write of size 1 at addr ffff8881020720eb by task kunit_try_catch/154 [ 33.593459] [ 33.593612] CPU: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 33.594259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.594823] Call Trace: [ 33.595009] <TASK> [ 33.595157] dump_stack_lvl+0x4e/0x90 [ 33.595831] print_report+0xd2/0x650 [ 33.596144] ? __virt_addr_valid+0x156/0x1e0 [ 33.596653] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.597102] ? kasan_addr_to_slab+0x11/0xb0 [ 33.597514] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.598031] kasan_report+0x147/0x180 [ 33.598441] ? krealloc_more_oob_helper+0x179/0x3b0 [ 33.598929] __asan_store1+0x69/0x70 [ 33.599322] krealloc_more_oob_helper+0x179/0x3b0 [ 33.599709] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 33.600050] ? finish_task_switch.isra.0+0xc8/0x3e0 [ 33.600947] ? __schedule+0x715/0x11a0 [ 33.601221] ? ktime_get_ts64+0x118/0x140 [ 33.601609] krealloc_pagealloc_more_oob+0x1c/0x30 [ 33.602133] kunit_try_run_case+0x120/0x290 [ 33.602670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.603133] ? __kasan_check_write+0x18/0x20 [ 33.603556] ? trace_preempt_on+0x20/0xa0 [ 33.603983] ? __kthread_parkme+0x4f/0xd0 [ 33.604368] ? preempt_count_sub+0x50/0x80 [ 33.604741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.605103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.605741] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 33.606301] kthread+0x19e/0x1e0 [ 33.606728] ? __pfx_kthread+0x10/0x10 [ 33.607097] ret_from_fork+0x41/0x70 [ 33.607370] ? __pfx_kthread+0x10/0x10 [ 33.607807] ret_from_fork_asm+0x1b/0x30 [ 33.608249] </TASK> [ 33.608509] [ 33.608631] The buggy address belongs to the physical page: [ 33.609191] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102070 [ 33.609787] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.610248] flags: 0x200000000000040(head|node=0|zone=2) [ 33.610917] page_type: 0xffffffff() [ 33.611370] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.612007] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.612550] page dumped because: kasan: bad access detected [ 33.613082] [ 33.613302] Memory state around the buggy address: [ 33.613647] ffff888102071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.614203] ffff888102072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.614831] >ffff888102072080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 33.615476] ^ [ 33.615909] ffff888102072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.616422] ffff888102072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 33.617047] ==================================================================