Date
July 1, 2025, 3:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.919255] ================================================================== [ 16.919448] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.919499] Write of size 1 at addr fff00000c69320eb by task kunit_try_catch/163 [ 16.919656] [ 16.919685] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.919763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.919790] Hardware name: linux,dummy-virt (DT) [ 16.919819] Call trace: [ 16.919839] show_stack+0x20/0x38 (C) [ 16.919894] dump_stack_lvl+0x8c/0xd0 [ 16.919940] print_report+0x118/0x608 [ 16.920207] kasan_report+0xdc/0x128 [ 16.920530] __asan_report_store1_noabort+0x20/0x30 [ 16.920590] krealloc_less_oob_helper+0xa58/0xc50 [ 16.920638] krealloc_large_less_oob+0x20/0x38 [ 16.920684] kunit_try_run_case+0x170/0x3f0 [ 16.920730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.920782] kthread+0x328/0x630 [ 16.920822] ret_from_fork+0x10/0x20 [ 16.920868] [ 16.920888] The buggy address belongs to the physical page: [ 16.920928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930 [ 16.920980] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.921372] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.921486] page_type: f8(unknown) [ 16.921523] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.921597] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.921740] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.921953] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.922166] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff [ 16.922298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.922390] page dumped because: kasan: bad access detected [ 16.922509] [ 16.922527] Memory state around the buggy address: [ 16.922557] fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.922670] fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.922855] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.922909] ^ [ 16.922947] fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.923023] fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.923187] ================================================================== [ 16.831983] ================================================================== [ 16.832053] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.832334] Write of size 1 at addr fff00000c0b9bec9 by task kunit_try_catch/159 [ 16.832448] [ 16.832558] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.832650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.832676] Hardware name: linux,dummy-virt (DT) [ 16.833080] Call trace: [ 16.833127] show_stack+0x20/0x38 (C) [ 16.833178] dump_stack_lvl+0x8c/0xd0 [ 16.833227] print_report+0x118/0x608 [ 16.833278] kasan_report+0xdc/0x128 [ 16.833925] __asan_report_store1_noabort+0x20/0x30 [ 16.834012] krealloc_less_oob_helper+0xa48/0xc50 [ 16.834449] krealloc_less_oob+0x20/0x38 [ 16.834637] kunit_try_run_case+0x170/0x3f0 [ 16.834713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.834781] kthread+0x328/0x630 [ 16.834929] ret_from_fork+0x10/0x20 [ 16.835036] [ 16.835056] Allocated by task 159: [ 16.835084] kasan_save_stack+0x3c/0x68 [ 16.835125] kasan_save_track+0x20/0x40 [ 16.835161] kasan_save_alloc_info+0x40/0x58 [ 16.835199] __kasan_krealloc+0x118/0x178 [ 16.835241] krealloc_noprof+0x128/0x360 [ 16.835368] krealloc_less_oob_helper+0x168/0xc50 [ 16.835428] krealloc_less_oob+0x20/0x38 [ 16.835900] kunit_try_run_case+0x170/0x3f0 [ 16.835950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.835993] kthread+0x328/0x630 [ 16.836023] ret_from_fork+0x10/0x20 [ 16.836057] [ 16.836549] The buggy address belongs to the object at fff00000c0b9be00 [ 16.836549] which belongs to the cache kmalloc-256 of size 256 [ 16.836623] The buggy address is located 0 bytes to the right of [ 16.836623] allocated 201-byte region [fff00000c0b9be00, fff00000c0b9bec9) [ 16.836687] [ 16.836717] The buggy address belongs to the physical page: [ 16.836749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 16.837126] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.837270] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.837349] page_type: f5(slab) [ 16.837655] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837817] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837918] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 16.838078] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.838122] page dumped because: kasan: bad access detected [ 16.838307] [ 16.838360] Memory state around the buggy address: [ 16.838406] fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838457] fff00000c0b9be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.838521] >fff00000c0b9be80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.838559] ^ [ 16.838815] fff00000c0b9bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838883] fff00000c0b9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838922] ================================================================== [ 16.909941] ================================================================== [ 16.909990] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.910063] Write of size 1 at addr fff00000c69320da by task kunit_try_catch/163 [ 16.910112] [ 16.910339] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.910434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.910500] Hardware name: linux,dummy-virt (DT) [ 16.910547] Call trace: [ 16.910579] show_stack+0x20/0x38 (C) [ 16.910629] dump_stack_lvl+0x8c/0xd0 [ 16.910676] print_report+0x118/0x608 [ 16.910721] kasan_report+0xdc/0x128 [ 16.911097] __asan_report_store1_noabort+0x20/0x30 [ 16.911146] krealloc_less_oob_helper+0xa80/0xc50 [ 16.911194] krealloc_large_less_oob+0x20/0x38 [ 16.911240] kunit_try_run_case+0x170/0x3f0 [ 16.911286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.911344] kthread+0x328/0x630 [ 16.911403] ret_from_fork+0x10/0x20 [ 16.911648] [ 16.911674] The buggy address belongs to the physical page: [ 16.911705] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930 [ 16.911759] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.911805] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.911856] page_type: f8(unknown) [ 16.911893] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.911948] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.912030] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.912077] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.912126] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff [ 16.912174] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.912214] page dumped because: kasan: bad access detected [ 16.912245] [ 16.912269] Memory state around the buggy address: [ 16.912407] fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.912481] fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.912910] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.913211] ^ [ 16.913643] fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.913738] fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.913776] ================================================================== [ 16.863006] ================================================================== [ 16.863057] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.863106] Write of size 1 at addr fff00000c0b9beeb by task kunit_try_catch/159 [ 16.863155] [ 16.863195] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.863593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.863620] Hardware name: linux,dummy-virt (DT) [ 16.863650] Call trace: [ 16.863670] show_stack+0x20/0x38 (C) [ 16.863723] dump_stack_lvl+0x8c/0xd0 [ 16.863929] print_report+0x118/0x608 [ 16.864096] kasan_report+0xdc/0x128 [ 16.864162] __asan_report_store1_noabort+0x20/0x30 [ 16.864262] krealloc_less_oob_helper+0xa58/0xc50 [ 16.864347] krealloc_less_oob+0x20/0x38 [ 16.864391] kunit_try_run_case+0x170/0x3f0 [ 16.864437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.864489] kthread+0x328/0x630 [ 16.864529] ret_from_fork+0x10/0x20 [ 16.864586] [ 16.864604] Allocated by task 159: [ 16.864630] kasan_save_stack+0x3c/0x68 [ 16.864670] kasan_save_track+0x20/0x40 [ 16.864749] kasan_save_alloc_info+0x40/0x58 [ 16.864994] __kasan_krealloc+0x118/0x178 [ 16.865077] krealloc_noprof+0x128/0x360 [ 16.865240] krealloc_less_oob_helper+0x168/0xc50 [ 16.865433] krealloc_less_oob+0x20/0x38 [ 16.865469] kunit_try_run_case+0x170/0x3f0 [ 16.865505] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.865547] kthread+0x328/0x630 [ 16.865587] ret_from_fork+0x10/0x20 [ 16.865621] [ 16.865639] The buggy address belongs to the object at fff00000c0b9be00 [ 16.865639] which belongs to the cache kmalloc-256 of size 256 [ 16.865698] The buggy address is located 34 bytes to the right of [ 16.865698] allocated 201-byte region [fff00000c0b9be00, fff00000c0b9bec9) [ 16.866309] [ 16.866328] The buggy address belongs to the physical page: [ 16.866359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 16.866636] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.866686] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.866736] page_type: f5(slab) [ 16.866875] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.867034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.867084] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.867133] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.867183] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 16.867240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.867279] page dumped because: kasan: bad access detected [ 16.867586] [ 16.867607] Memory state around the buggy address: [ 16.867878] fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868090] fff00000c0b9be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.868145] >fff00000c0b9be80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.868316] ^ [ 16.868356] fff00000c0b9bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868647] fff00000c0b9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868736] ================================================================== [ 16.856764] ================================================================== [ 16.856865] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.856914] Write of size 1 at addr fff00000c0b9beea by task kunit_try_catch/159 [ 16.856963] [ 16.856995] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.857073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.857105] Hardware name: linux,dummy-virt (DT) [ 16.857239] Call trace: [ 16.857359] show_stack+0x20/0x38 (C) [ 16.857406] dump_stack_lvl+0x8c/0xd0 [ 16.857731] print_report+0x118/0x608 [ 16.857784] kasan_report+0xdc/0x128 [ 16.857829] __asan_report_store1_noabort+0x20/0x30 [ 16.857948] krealloc_less_oob_helper+0xae4/0xc50 [ 16.858128] krealloc_less_oob+0x20/0x38 [ 16.858308] kunit_try_run_case+0x170/0x3f0 [ 16.858355] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.858406] kthread+0x328/0x630 [ 16.858447] ret_from_fork+0x10/0x20 [ 16.858495] [ 16.858523] Allocated by task 159: [ 16.858551] kasan_save_stack+0x3c/0x68 [ 16.858711] kasan_save_track+0x20/0x40 [ 16.858865] kasan_save_alloc_info+0x40/0x58 [ 16.858905] __kasan_krealloc+0x118/0x178 [ 16.858941] krealloc_noprof+0x128/0x360 [ 16.859096] krealloc_less_oob_helper+0x168/0xc50 [ 16.859378] krealloc_less_oob+0x20/0x38 [ 16.859459] kunit_try_run_case+0x170/0x3f0 [ 16.859495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.859580] kthread+0x328/0x630 [ 16.859611] ret_from_fork+0x10/0x20 [ 16.859645] [ 16.859669] The buggy address belongs to the object at fff00000c0b9be00 [ 16.859669] which belongs to the cache kmalloc-256 of size 256 [ 16.859962] The buggy address is located 33 bytes to the right of [ 16.859962] allocated 201-byte region [fff00000c0b9be00, fff00000c0b9bec9) [ 16.860099] [ 16.860170] The buggy address belongs to the physical page: [ 16.860261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 16.860332] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.860379] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.860592] page_type: f5(slab) [ 16.860670] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.860853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.860982] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.861117] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.861166] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 16.861214] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.861254] page dumped because: kasan: bad access detected [ 16.861289] [ 16.861338] Memory state around the buggy address: [ 16.861370] fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.861573] fff00000c0b9be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.861859] >fff00000c0b9be80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.862045] ^ [ 16.862198] fff00000c0b9bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.862241] fff00000c0b9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.862303] ================================================================== [ 16.903196] ================================================================== [ 16.903243] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.903543] Write of size 1 at addr fff00000c69320d0 by task kunit_try_catch/163 [ 16.903603] [ 16.903640] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.903972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.903997] Hardware name: linux,dummy-virt (DT) [ 16.904027] Call trace: [ 16.904047] show_stack+0x20/0x38 (C) [ 16.904094] dump_stack_lvl+0x8c/0xd0 [ 16.904141] print_report+0x118/0x608 [ 16.904192] kasan_report+0xdc/0x128 [ 16.904413] __asan_report_store1_noabort+0x20/0x30 [ 16.904586] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.904634] krealloc_large_less_oob+0x20/0x38 [ 16.904679] kunit_try_run_case+0x170/0x3f0 [ 16.904725] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.904777] kthread+0x328/0x630 [ 16.904818] ret_from_fork+0x10/0x20 [ 16.905702] [ 16.905786] The buggy address belongs to the physical page: [ 16.905820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930 [ 16.905876] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.905922] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.906072] page_type: f8(unknown) [ 16.906223] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.906371] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906457] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.906625] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906732] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff [ 16.907066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.907196] page dumped because: kasan: bad access detected [ 16.907309] [ 16.907364] Memory state around the buggy address: [ 16.907407] fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.907508] fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.907557] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.907606] ^ [ 16.907644] fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.907686] fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.907973] ================================================================== [ 16.849994] ================================================================== [ 16.850043] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.850091] Write of size 1 at addr fff00000c0b9beda by task kunit_try_catch/159 [ 16.850141] [ 16.850169] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.850249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.850275] Hardware name: linux,dummy-virt (DT) [ 16.850305] Call trace: [ 16.850325] show_stack+0x20/0x38 (C) [ 16.850372] dump_stack_lvl+0x8c/0xd0 [ 16.850420] print_report+0x118/0x608 [ 16.850464] kasan_report+0xdc/0x128 [ 16.850508] __asan_report_store1_noabort+0x20/0x30 [ 16.850554] krealloc_less_oob_helper+0xa80/0xc50 [ 16.850614] krealloc_less_oob+0x20/0x38 [ 16.850670] kunit_try_run_case+0x170/0x3f0 [ 16.850716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.851034] kthread+0x328/0x630 [ 16.851580] ret_from_fork+0x10/0x20 [ 16.851630] [ 16.851648] Allocated by task 159: [ 16.851675] kasan_save_stack+0x3c/0x68 [ 16.852054] kasan_save_track+0x20/0x40 [ 16.852220] kasan_save_alloc_info+0x40/0x58 [ 16.852507] __kasan_krealloc+0x118/0x178 [ 16.852546] krealloc_noprof+0x128/0x360 [ 16.852593] krealloc_less_oob_helper+0x168/0xc50 [ 16.852631] krealloc_less_oob+0x20/0x38 [ 16.852681] kunit_try_run_case+0x170/0x3f0 [ 16.852717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.853009] kthread+0x328/0x630 [ 16.853120] ret_from_fork+0x10/0x20 [ 16.853171] [ 16.853190] The buggy address belongs to the object at fff00000c0b9be00 [ 16.853190] which belongs to the cache kmalloc-256 of size 256 [ 16.853248] The buggy address is located 17 bytes to the right of [ 16.853248] allocated 201-byte region [fff00000c0b9be00, fff00000c0b9bec9) [ 16.853350] [ 16.853369] The buggy address belongs to the physical page: [ 16.853539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 16.853686] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.853778] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.853974] page_type: f5(slab) [ 16.854151] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.854202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.854252] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.854352] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.854594] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 16.854644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.854702] page dumped because: kasan: bad access detected [ 16.854811] [ 16.854828] Memory state around the buggy address: [ 16.854859] fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.854902] fff00000c0b9be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.854998] >fff00000c0b9be80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.855191] ^ [ 16.855229] fff00000c0b9bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.855271] fff00000c0b9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.855308] ================================================================== [ 16.842952] ================================================================== [ 16.843006] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.843057] Write of size 1 at addr fff00000c0b9bed0 by task kunit_try_catch/159 [ 16.843268] [ 16.843452] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.843743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.843985] Hardware name: linux,dummy-virt (DT) [ 16.844020] Call trace: [ 16.844040] show_stack+0x20/0x38 (C) [ 16.844193] dump_stack_lvl+0x8c/0xd0 [ 16.844247] print_report+0x118/0x608 [ 16.844454] kasan_report+0xdc/0x128 [ 16.844525] __asan_report_store1_noabort+0x20/0x30 [ 16.844772] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.844873] krealloc_less_oob+0x20/0x38 [ 16.845120] kunit_try_run_case+0x170/0x3f0 [ 16.845213] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.845610] kthread+0x328/0x630 [ 16.845706] ret_from_fork+0x10/0x20 [ 16.845753] [ 16.845771] Allocated by task 159: [ 16.845824] kasan_save_stack+0x3c/0x68 [ 16.845866] kasan_save_track+0x20/0x40 [ 16.845901] kasan_save_alloc_info+0x40/0x58 [ 16.845940] __kasan_krealloc+0x118/0x178 [ 16.845976] krealloc_noprof+0x128/0x360 [ 16.846206] krealloc_less_oob_helper+0x168/0xc50 [ 16.846248] krealloc_less_oob+0x20/0x38 [ 16.846283] kunit_try_run_case+0x170/0x3f0 [ 16.846319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.846424] kthread+0x328/0x630 [ 16.846530] ret_from_fork+0x10/0x20 [ 16.846574] [ 16.846593] The buggy address belongs to the object at fff00000c0b9be00 [ 16.846593] which belongs to the cache kmalloc-256 of size 256 [ 16.846937] The buggy address is located 7 bytes to the right of [ 16.846937] allocated 201-byte region [fff00000c0b9be00, fff00000c0b9bec9) [ 16.847144] [ 16.847221] The buggy address belongs to the physical page: [ 16.847254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a [ 16.847316] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.847390] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.847443] page_type: f5(slab) [ 16.847481] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.847531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.847591] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.847639] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.847697] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff [ 16.847745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.847912] page dumped because: kasan: bad access detected [ 16.848086] [ 16.848105] Memory state around the buggy address: [ 16.848260] fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848528] fff00000c0b9be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.848752] >fff00000c0b9be80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.848808] ^ [ 16.848866] fff00000c0b9bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848908] fff00000c0b9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848948] ================================================================== [ 16.898622] ================================================================== [ 16.898693] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.898954] Write of size 1 at addr fff00000c69320c9 by task kunit_try_catch/163 [ 16.899031] [ 16.899157] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.899238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.899270] Hardware name: linux,dummy-virt (DT) [ 16.899429] Call trace: [ 16.899450] show_stack+0x20/0x38 (C) [ 16.899500] dump_stack_lvl+0x8c/0xd0 [ 16.899547] print_report+0x118/0x608 [ 16.899604] kasan_report+0xdc/0x128 [ 16.899648] __asan_report_store1_noabort+0x20/0x30 [ 16.900262] krealloc_less_oob_helper+0xa48/0xc50 [ 16.900411] krealloc_large_less_oob+0x20/0x38 [ 16.900461] kunit_try_run_case+0x170/0x3f0 [ 16.900509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.900561] kthread+0x328/0x630 [ 16.900615] ret_from_fork+0x10/0x20 [ 16.900662] [ 16.900692] The buggy address belongs to the physical page: [ 16.900726] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930 [ 16.901065] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.901122] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.901366] page_type: f8(unknown) [ 16.901417] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.901553] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.901611] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.901669] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.901716] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff [ 16.901764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.901936] page dumped because: kasan: bad access detected [ 16.901971] [ 16.901988] Memory state around the buggy address: [ 16.902022] fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.902076] fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.902118] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.902156] ^ [ 16.902192] fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.902233] fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.902271] ================================================================== [ 16.914390] ================================================================== [ 16.914438] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.914483] Write of size 1 at addr fff00000c69320ea by task kunit_try_catch/163 [ 16.914674] [ 16.914717] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 16.915160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.915376] Hardware name: linux,dummy-virt (DT) [ 16.915551] Call trace: [ 16.915583] show_stack+0x20/0x38 (C) [ 16.915633] dump_stack_lvl+0x8c/0xd0 [ 16.915679] print_report+0x118/0x608 [ 16.915723] kasan_report+0xdc/0x128 [ 16.915776] __asan_report_store1_noabort+0x20/0x30 [ 16.915823] krealloc_less_oob_helper+0xae4/0xc50 [ 16.916237] krealloc_large_less_oob+0x20/0x38 [ 16.916378] kunit_try_run_case+0x170/0x3f0 [ 16.916525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.916588] kthread+0x328/0x630 [ 16.916629] ret_from_fork+0x10/0x20 [ 16.916675] [ 16.916947] The buggy address belongs to the physical page: [ 16.917055] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930 [ 16.917110] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.917160] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.917231] page_type: f8(unknown) [ 16.917312] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.917601] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.917900] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.917951] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.917999] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff [ 16.918047] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.918087] page dumped because: kasan: bad access detected [ 16.918355] [ 16.918435] Memory state around the buggy address: [ 16.918494] fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.918537] fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.918590] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.918637] ^ [ 16.918833] fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.918877] fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.918914] ==================================================================
[ 11.208044] ================================================================== [ 11.209047] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.209948] Write of size 1 at addr ffff888100ab34d0 by task kunit_try_catch/175 [ 11.210469] [ 11.210572] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.210615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.210627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.210708] Call Trace: [ 11.210725] <TASK> [ 11.210742] dump_stack_lvl+0x73/0xb0 [ 11.210772] print_report+0xd1/0x650 [ 11.210794] ? __virt_addr_valid+0x1db/0x2d0 [ 11.210816] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.210838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.210859] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.210881] kasan_report+0x141/0x180 [ 11.210902] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.210928] __asan_report_store1_noabort+0x1b/0x30 [ 11.210947] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.210971] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.210992] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.211020] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.211056] krealloc_less_oob+0x1c/0x30 [ 11.211076] kunit_try_run_case+0x1a5/0x480 [ 11.211099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.211120] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.211143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.211166] ? __kthread_parkme+0x82/0x180 [ 11.211186] ? preempt_count_sub+0x50/0x80 [ 11.211209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.211231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.211252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.211273] kthread+0x337/0x6f0 [ 11.211292] ? trace_preempt_on+0x20/0xc0 [ 11.211314] ? __pfx_kthread+0x10/0x10 [ 11.211334] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.211353] ? calculate_sigpending+0x7b/0xa0 [ 11.211375] ? __pfx_kthread+0x10/0x10 [ 11.211395] ret_from_fork+0x116/0x1d0 [ 11.211413] ? __pfx_kthread+0x10/0x10 [ 11.211432] ret_from_fork_asm+0x1a/0x30 [ 11.211462] </TASK> [ 11.211473] [ 11.224908] Allocated by task 175: [ 11.225073] kasan_save_stack+0x45/0x70 [ 11.225232] kasan_save_track+0x18/0x40 [ 11.225368] kasan_save_alloc_info+0x3b/0x50 [ 11.225516] __kasan_krealloc+0x190/0x1f0 [ 11.225668] krealloc_noprof+0xf3/0x340 [ 11.226011] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.226426] krealloc_less_oob+0x1c/0x30 [ 11.226802] kunit_try_run_case+0x1a5/0x480 [ 11.227228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.227810] kthread+0x337/0x6f0 [ 11.228158] ret_from_fork+0x116/0x1d0 [ 11.228506] ret_from_fork_asm+0x1a/0x30 [ 11.228893] [ 11.229074] The buggy address belongs to the object at ffff888100ab3400 [ 11.229074] which belongs to the cache kmalloc-256 of size 256 [ 11.230278] The buggy address is located 7 bytes to the right of [ 11.230278] allocated 201-byte region [ffff888100ab3400, ffff888100ab34c9) [ 11.231037] [ 11.231154] The buggy address belongs to the physical page: [ 11.231616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2 [ 11.232536] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.233202] flags: 0x200000000000040(head|node=0|zone=2) [ 11.233423] page_type: f5(slab) [ 11.233742] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.234508] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.235263] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.236009] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.236323] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff [ 11.236555] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.236800] page dumped because: kasan: bad access detected [ 11.236977] [ 11.237059] Memory state around the buggy address: [ 11.237215] ffff888100ab3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.237429] ffff888100ab3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.237651] >ffff888100ab3480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.238324] ^ [ 11.239036] ffff888100ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.239810] ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.240620] ================================================================== [ 11.457327] ================================================================== [ 11.457557] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.458040] Write of size 1 at addr ffff88810291e0ea by task kunit_try_catch/179 [ 11.458369] [ 11.458570] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.458615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.458626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.458829] Call Trace: [ 11.458850] <TASK> [ 11.458868] dump_stack_lvl+0x73/0xb0 [ 11.458900] print_report+0xd1/0x650 [ 11.458924] ? __virt_addr_valid+0x1db/0x2d0 [ 11.458947] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.458970] ? kasan_addr_to_slab+0x11/0xa0 [ 11.458989] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.459011] kasan_report+0x141/0x180 [ 11.459045] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.459072] __asan_report_store1_noabort+0x1b/0x30 [ 11.459091] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.459115] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.459137] ? finish_task_switch.isra.0+0x153/0x700 [ 11.459159] ? __switch_to+0x47/0xf50 [ 11.459183] ? __schedule+0x10cc/0x2b60 [ 11.459204] ? __pfx_read_tsc+0x10/0x10 [ 11.459227] krealloc_large_less_oob+0x1c/0x30 [ 11.459248] kunit_try_run_case+0x1a5/0x480 [ 11.459271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.459292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.459314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.459335] ? __kthread_parkme+0x82/0x180 [ 11.459354] ? preempt_count_sub+0x50/0x80 [ 11.459375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.459397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.459418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.459440] kthread+0x337/0x6f0 [ 11.459459] ? trace_preempt_on+0x20/0xc0 [ 11.459482] ? __pfx_kthread+0x10/0x10 [ 11.459501] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.459520] ? calculate_sigpending+0x7b/0xa0 [ 11.459543] ? __pfx_kthread+0x10/0x10 [ 11.459563] ret_from_fork+0x116/0x1d0 [ 11.459580] ? __pfx_kthread+0x10/0x10 [ 11.459599] ret_from_fork_asm+0x1a/0x30 [ 11.459628] </TASK> [ 11.459638] [ 11.467477] The buggy address belongs to the physical page: [ 11.467795] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 11.468112] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.468384] flags: 0x200000000000040(head|node=0|zone=2) [ 11.468634] page_type: f8(unknown) [ 11.468812] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.469168] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.469461] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.469963] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.470266] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 11.470551] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.471194] page dumped because: kasan: bad access detected [ 11.471375] [ 11.471445] Memory state around the buggy address: [ 11.471790] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.472238] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.472630] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.472870] ^ [ 11.473126] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.473448] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.473758] ================================================================== [ 11.437501] ================================================================== [ 11.438474] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.439046] Write of size 1 at addr ffff88810291e0da by task kunit_try_catch/179 [ 11.439276] [ 11.439371] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.439413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.439424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.439445] Call Trace: [ 11.439464] <TASK> [ 11.439482] dump_stack_lvl+0x73/0xb0 [ 11.439511] print_report+0xd1/0x650 [ 11.439534] ? __virt_addr_valid+0x1db/0x2d0 [ 11.439556] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.439578] ? kasan_addr_to_slab+0x11/0xa0 [ 11.439597] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.439620] kasan_report+0x141/0x180 [ 11.439694] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.439726] __asan_report_store1_noabort+0x1b/0x30 [ 11.439746] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.439770] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.439793] ? finish_task_switch.isra.0+0x153/0x700 [ 11.439813] ? __switch_to+0x47/0xf50 [ 11.439838] ? __schedule+0x10cc/0x2b60 [ 11.439859] ? __pfx_read_tsc+0x10/0x10 [ 11.439882] krealloc_large_less_oob+0x1c/0x30 [ 11.439903] kunit_try_run_case+0x1a5/0x480 [ 11.439927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.439947] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.439969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.439990] ? __kthread_parkme+0x82/0x180 [ 11.440010] ? preempt_count_sub+0x50/0x80 [ 11.440042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.440065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.440086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.440107] kthread+0x337/0x6f0 [ 11.440125] ? trace_preempt_on+0x20/0xc0 [ 11.440153] ? __pfx_kthread+0x10/0x10 [ 11.440173] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.440192] ? calculate_sigpending+0x7b/0xa0 [ 11.440215] ? __pfx_kthread+0x10/0x10 [ 11.440235] ret_from_fork+0x116/0x1d0 [ 11.440252] ? __pfx_kthread+0x10/0x10 [ 11.440271] ret_from_fork_asm+0x1a/0x30 [ 11.440301] </TASK> [ 11.440313] [ 11.450525] The buggy address belongs to the physical page: [ 11.450942] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 11.451299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.451612] flags: 0x200000000000040(head|node=0|zone=2) [ 11.451832] page_type: f8(unknown) [ 11.451961] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.452318] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.452649] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.453054] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.453392] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 11.453622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.453981] page dumped because: kasan: bad access detected [ 11.454213] [ 11.454281] Memory state around the buggy address: [ 11.454438] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.455236] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.455475] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.455710] ^ [ 11.456107] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.456608] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.456975] ================================================================== [ 11.174009] ================================================================== [ 11.174421] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.175221] Write of size 1 at addr ffff888100ab34c9 by task kunit_try_catch/175 [ 11.176136] [ 11.176465] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.176529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.176541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.176563] Call Trace: [ 11.176576] <TASK> [ 11.176596] dump_stack_lvl+0x73/0xb0 [ 11.176768] print_report+0xd1/0x650 [ 11.176799] ? __virt_addr_valid+0x1db/0x2d0 [ 11.176824] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.176846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.176867] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.176889] kasan_report+0x141/0x180 [ 11.176918] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.176945] __asan_report_store1_noabort+0x1b/0x30 [ 11.176964] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.176988] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.177010] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.177048] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.177073] krealloc_less_oob+0x1c/0x30 [ 11.177093] kunit_try_run_case+0x1a5/0x480 [ 11.177119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.177139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.177162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.177183] ? __kthread_parkme+0x82/0x180 [ 11.177204] ? preempt_count_sub+0x50/0x80 [ 11.177229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.177252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.177273] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.177294] kthread+0x337/0x6f0 [ 11.177313] ? trace_preempt_on+0x20/0xc0 [ 11.177336] ? __pfx_kthread+0x10/0x10 [ 11.177355] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.177375] ? calculate_sigpending+0x7b/0xa0 [ 11.177398] ? __pfx_kthread+0x10/0x10 [ 11.177419] ret_from_fork+0x116/0x1d0 [ 11.177437] ? __pfx_kthread+0x10/0x10 [ 11.177456] ret_from_fork_asm+0x1a/0x30 [ 11.177486] </TASK> [ 11.177498] [ 11.189761] Allocated by task 175: [ 11.190115] kasan_save_stack+0x45/0x70 [ 11.190476] kasan_save_track+0x18/0x40 [ 11.190849] kasan_save_alloc_info+0x3b/0x50 [ 11.191302] __kasan_krealloc+0x190/0x1f0 [ 11.191857] krealloc_noprof+0xf3/0x340 [ 11.192230] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.192658] krealloc_less_oob+0x1c/0x30 [ 11.193072] kunit_try_run_case+0x1a5/0x480 [ 11.193451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.193956] kthread+0x337/0x6f0 [ 11.194318] ret_from_fork+0x116/0x1d0 [ 11.194606] ret_from_fork_asm+0x1a/0x30 [ 11.194749] [ 11.194837] The buggy address belongs to the object at ffff888100ab3400 [ 11.194837] which belongs to the cache kmalloc-256 of size 256 [ 11.195331] The buggy address is located 0 bytes to the right of [ 11.195331] allocated 201-byte region [ffff888100ab3400, ffff888100ab34c9) [ 11.196564] [ 11.196749] The buggy address belongs to the physical page: [ 11.197385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2 [ 11.198227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.199068] flags: 0x200000000000040(head|node=0|zone=2) [ 11.199597] page_type: f5(slab) [ 11.199815] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.200291] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.200527] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.201173] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.201888] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff [ 11.202800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.203308] page dumped because: kasan: bad access detected [ 11.203482] [ 11.203552] Memory state around the buggy address: [ 11.203774] ffff888100ab3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.204414] ffff888100ab3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.205160] >ffff888100ab3480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.205968] ^ [ 11.206479] ffff888100ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.207043] ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.207422] ================================================================== [ 11.407833] ================================================================== [ 11.408509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.409507] Write of size 1 at addr ffff88810291e0d0 by task kunit_try_catch/179 [ 11.410371] [ 11.410577] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.410620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.410631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.410651] Call Trace: [ 11.410680] <TASK> [ 11.410717] dump_stack_lvl+0x73/0xb0 [ 11.410810] print_report+0xd1/0x650 [ 11.410834] ? __virt_addr_valid+0x1db/0x2d0 [ 11.410857] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.410879] ? kasan_addr_to_slab+0x11/0xa0 [ 11.410898] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.410921] kasan_report+0x141/0x180 [ 11.410942] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.410968] __asan_report_store1_noabort+0x1b/0x30 [ 11.410988] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.411012] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.411046] ? finish_task_switch.isra.0+0x153/0x700 [ 11.411067] ? __switch_to+0x47/0xf50 [ 11.411092] ? __schedule+0x10cc/0x2b60 [ 11.411113] ? __pfx_read_tsc+0x10/0x10 [ 11.411136] krealloc_large_less_oob+0x1c/0x30 [ 11.411157] kunit_try_run_case+0x1a5/0x480 [ 11.411181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.411202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.411224] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.411245] ? __kthread_parkme+0x82/0x180 [ 11.411265] ? preempt_count_sub+0x50/0x80 [ 11.411286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.411308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.411329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.411350] kthread+0x337/0x6f0 [ 11.411368] ? trace_preempt_on+0x20/0xc0 [ 11.411392] ? __pfx_kthread+0x10/0x10 [ 11.411411] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.411430] ? calculate_sigpending+0x7b/0xa0 [ 11.411453] ? __pfx_kthread+0x10/0x10 [ 11.411473] ret_from_fork+0x116/0x1d0 [ 11.411490] ? __pfx_kthread+0x10/0x10 [ 11.411509] ret_from_fork_asm+0x1a/0x30 [ 11.411539] </TASK> [ 11.411550] [ 11.425786] The buggy address belongs to the physical page: [ 11.426422] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 11.427264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.428077] flags: 0x200000000000040(head|node=0|zone=2) [ 11.428269] page_type: f8(unknown) [ 11.428397] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.428628] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.429418] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.430165] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.430878] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 11.431652] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.432355] page dumped because: kasan: bad access detected [ 11.432964] [ 11.433054] Memory state around the buggy address: [ 11.433210] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.433427] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.433651] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.434387] ^ [ 11.434971] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.435891] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.436538] ================================================================== [ 11.313086] ================================================================== [ 11.313426] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.313681] Write of size 1 at addr ffff888100ab34eb by task kunit_try_catch/175 [ 11.314087] [ 11.314209] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.314264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.314275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.314296] Call Trace: [ 11.314316] <TASK> [ 11.314346] dump_stack_lvl+0x73/0xb0 [ 11.314376] print_report+0xd1/0x650 [ 11.314399] ? __virt_addr_valid+0x1db/0x2d0 [ 11.314422] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.314443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.314464] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.314487] kasan_report+0x141/0x180 [ 11.314508] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.314535] __asan_report_store1_noabort+0x1b/0x30 [ 11.314564] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.314589] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.314611] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.314711] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.314740] krealloc_less_oob+0x1c/0x30 [ 11.314760] kunit_try_run_case+0x1a5/0x480 [ 11.314783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.314804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.314827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.314858] ? __kthread_parkme+0x82/0x180 [ 11.314878] ? preempt_count_sub+0x50/0x80 [ 11.314901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.314935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.314957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.314979] kthread+0x337/0x6f0 [ 11.314997] ? trace_preempt_on+0x20/0xc0 [ 11.315036] ? __pfx_kthread+0x10/0x10 [ 11.315056] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.315076] ? calculate_sigpending+0x7b/0xa0 [ 11.315110] ? __pfx_kthread+0x10/0x10 [ 11.315130] ret_from_fork+0x116/0x1d0 [ 11.315149] ? __pfx_kthread+0x10/0x10 [ 11.315168] ret_from_fork_asm+0x1a/0x30 [ 11.315198] </TASK> [ 11.315209] [ 11.323234] Allocated by task 175: [ 11.323382] kasan_save_stack+0x45/0x70 [ 11.323596] kasan_save_track+0x18/0x40 [ 11.324004] kasan_save_alloc_info+0x3b/0x50 [ 11.324239] __kasan_krealloc+0x190/0x1f0 [ 11.324428] krealloc_noprof+0xf3/0x340 [ 11.324579] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.325081] krealloc_less_oob+0x1c/0x30 [ 11.325287] kunit_try_run_case+0x1a5/0x480 [ 11.325497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.325783] kthread+0x337/0x6f0 [ 11.326040] ret_from_fork+0x116/0x1d0 [ 11.326266] ret_from_fork_asm+0x1a/0x30 [ 11.326450] [ 11.326549] The buggy address belongs to the object at ffff888100ab3400 [ 11.326549] which belongs to the cache kmalloc-256 of size 256 [ 11.326909] The buggy address is located 34 bytes to the right of [ 11.326909] allocated 201-byte region [ffff888100ab3400, ffff888100ab34c9) [ 11.327822] [ 11.327916] The buggy address belongs to the physical page: [ 11.328102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2 [ 11.328806] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.329180] flags: 0x200000000000040(head|node=0|zone=2) [ 11.329423] page_type: f5(slab) [ 11.329582] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.330909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.331312] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.331634] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.331945] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff [ 11.332269] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.332576] page dumped because: kasan: bad access detected [ 11.333488] [ 11.333588] Memory state around the buggy address: [ 11.334314] ffff888100ab3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.335061] ffff888100ab3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.335369] >ffff888100ab3480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.335915] ^ [ 11.336369] ffff888100ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.337215] ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.337517] ================================================================== [ 11.474136] ================================================================== [ 11.474421] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.474656] Write of size 1 at addr ffff88810291e0eb by task kunit_try_catch/179 [ 11.474976] [ 11.475258] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.475305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.475317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.475336] Call Trace: [ 11.475351] <TASK> [ 11.475365] dump_stack_lvl+0x73/0xb0 [ 11.475393] print_report+0xd1/0x650 [ 11.475416] ? __virt_addr_valid+0x1db/0x2d0 [ 11.475438] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.475460] ? kasan_addr_to_slab+0x11/0xa0 [ 11.475479] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.475504] kasan_report+0x141/0x180 [ 11.475528] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.475556] __asan_report_store1_noabort+0x1b/0x30 [ 11.475575] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.475599] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.475622] ? finish_task_switch.isra.0+0x153/0x700 [ 11.475705] ? __switch_to+0x47/0xf50 [ 11.475733] ? __schedule+0x10cc/0x2b60 [ 11.475755] ? __pfx_read_tsc+0x10/0x10 [ 11.475780] krealloc_large_less_oob+0x1c/0x30 [ 11.475804] kunit_try_run_case+0x1a5/0x480 [ 11.475828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.475850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.475871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.475893] ? __kthread_parkme+0x82/0x180 [ 11.475912] ? preempt_count_sub+0x50/0x80 [ 11.475934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.475956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.475977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.475999] kthread+0x337/0x6f0 [ 11.476017] ? trace_preempt_on+0x20/0xc0 [ 11.476051] ? __pfx_kthread+0x10/0x10 [ 11.476070] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.476089] ? calculate_sigpending+0x7b/0xa0 [ 11.476111] ? __pfx_kthread+0x10/0x10 [ 11.476131] ret_from_fork+0x116/0x1d0 [ 11.476156] ? __pfx_kthread+0x10/0x10 [ 11.476175] ret_from_fork_asm+0x1a/0x30 [ 11.476204] </TASK> [ 11.476214] [ 11.483425] The buggy address belongs to the physical page: [ 11.483894] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 11.484283] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.484611] flags: 0x200000000000040(head|node=0|zone=2) [ 11.484944] page_type: f8(unknown) [ 11.485143] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.485490] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.485869] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.486187] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.486482] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 11.486888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.487187] page dumped because: kasan: bad access detected [ 11.487426] [ 11.487519] Memory state around the buggy address: [ 11.487954] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.488245] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.488481] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.488693] ^ [ 11.488891] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.489243] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.489557] ================================================================== [ 11.385477] ================================================================== [ 11.386260] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.386615] Write of size 1 at addr ffff88810291e0c9 by task kunit_try_catch/179 [ 11.387017] [ 11.387156] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.387202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.387213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.387245] Call Trace: [ 11.387258] <TASK> [ 11.387276] dump_stack_lvl+0x73/0xb0 [ 11.387316] print_report+0xd1/0x650 [ 11.387339] ? __virt_addr_valid+0x1db/0x2d0 [ 11.387362] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.387384] ? kasan_addr_to_slab+0x11/0xa0 [ 11.387413] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.387435] kasan_report+0x141/0x180 [ 11.387456] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.387493] __asan_report_store1_noabort+0x1b/0x30 [ 11.387513] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.387537] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.387560] ? finish_task_switch.isra.0+0x153/0x700 [ 11.387582] ? __switch_to+0x47/0xf50 [ 11.387607] ? __schedule+0x10cc/0x2b60 [ 11.387629] ? __pfx_read_tsc+0x10/0x10 [ 11.387667] krealloc_large_less_oob+0x1c/0x30 [ 11.387690] kunit_try_run_case+0x1a5/0x480 [ 11.387714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.387735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.387810] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.387848] ? __kthread_parkme+0x82/0x180 [ 11.387868] ? preempt_count_sub+0x50/0x80 [ 11.387890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.387912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.387934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.387955] kthread+0x337/0x6f0 [ 11.387981] ? trace_preempt_on+0x20/0xc0 [ 11.388004] ? __pfx_kthread+0x10/0x10 [ 11.388038] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.388059] ? calculate_sigpending+0x7b/0xa0 [ 11.388082] ? __pfx_kthread+0x10/0x10 [ 11.388102] ret_from_fork+0x116/0x1d0 [ 11.388119] ? __pfx_kthread+0x10/0x10 [ 11.388138] ret_from_fork_asm+0x1a/0x30 [ 11.388172] </TASK> [ 11.388183] [ 11.396773] The buggy address belongs to the physical page: [ 11.396966] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 11.397626] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.398312] flags: 0x200000000000040(head|node=0|zone=2) [ 11.399091] page_type: f8(unknown) [ 11.399387] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.399719] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.400647] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.401273] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.401515] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 11.402127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.402847] page dumped because: kasan: bad access detected [ 11.403476] [ 11.403715] Memory state around the buggy address: [ 11.404254] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.404913] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.405533] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.406193] ^ [ 11.406740] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.407224] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.407440] ================================================================== [ 11.277245] ================================================================== [ 11.277698] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.278490] Write of size 1 at addr ffff888100ab34ea by task kunit_try_catch/175 [ 11.279194] [ 11.279299] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.279342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.279354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.279375] Call Trace: [ 11.279394] <TASK> [ 11.279413] dump_stack_lvl+0x73/0xb0 [ 11.279443] print_report+0xd1/0x650 [ 11.279465] ? __virt_addr_valid+0x1db/0x2d0 [ 11.279487] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.279530] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279552] kasan_report+0x141/0x180 [ 11.279573] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279599] __asan_report_store1_noabort+0x1b/0x30 [ 11.279619] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.279655] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.279676] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.279704] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.279729] krealloc_less_oob+0x1c/0x30 [ 11.279750] kunit_try_run_case+0x1a5/0x480 [ 11.279773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.279829] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.279853] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.279874] ? __kthread_parkme+0x82/0x180 [ 11.279894] ? preempt_count_sub+0x50/0x80 [ 11.279917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.279939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.279961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.279982] kthread+0x337/0x6f0 [ 11.280000] ? trace_preempt_on+0x20/0xc0 [ 11.280034] ? __pfx_kthread+0x10/0x10 [ 11.280055] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.280074] ? calculate_sigpending+0x7b/0xa0 [ 11.280097] ? __pfx_kthread+0x10/0x10 [ 11.280117] ret_from_fork+0x116/0x1d0 [ 11.280135] ? __pfx_kthread+0x10/0x10 [ 11.280160] ret_from_fork_asm+0x1a/0x30 [ 11.280190] </TASK> [ 11.280201] [ 11.294326] Allocated by task 175: [ 11.294707] kasan_save_stack+0x45/0x70 [ 11.295188] kasan_save_track+0x18/0x40 [ 11.295474] kasan_save_alloc_info+0x3b/0x50 [ 11.295625] __kasan_krealloc+0x190/0x1f0 [ 11.296139] krealloc_noprof+0xf3/0x340 [ 11.296535] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.297155] krealloc_less_oob+0x1c/0x30 [ 11.297517] kunit_try_run_case+0x1a5/0x480 [ 11.297783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.298272] kthread+0x337/0x6f0 [ 11.298498] ret_from_fork+0x116/0x1d0 [ 11.298631] ret_from_fork_asm+0x1a/0x30 [ 11.299054] [ 11.299264] The buggy address belongs to the object at ffff888100ab3400 [ 11.299264] which belongs to the cache kmalloc-256 of size 256 [ 11.300230] The buggy address is located 33 bytes to the right of [ 11.300230] allocated 201-byte region [ffff888100ab3400, ffff888100ab34c9) [ 11.300610] [ 11.300812] The buggy address belongs to the physical page: [ 11.301339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2 [ 11.302190] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.302926] flags: 0x200000000000040(head|node=0|zone=2) [ 11.303582] page_type: f5(slab) [ 11.303950] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.304852] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.305224] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.305458] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.305828] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff [ 11.306518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.307232] page dumped because: kasan: bad access detected [ 11.307918] [ 11.308123] Memory state around the buggy address: [ 11.308571] ffff888100ab3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.309323] ffff888100ab3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.309728] >ffff888100ab3480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.310347] ^ [ 11.310809] ffff888100ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.311444] ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.312296] ================================================================== [ 11.241588] ================================================================== [ 11.242290] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.243015] Write of size 1 at addr ffff888100ab34da by task kunit_try_catch/175 [ 11.243747] [ 11.243947] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.244267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.244278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.244300] Call Trace: [ 11.244319] <TASK> [ 11.244339] dump_stack_lvl+0x73/0xb0 [ 11.244369] print_report+0xd1/0x650 [ 11.244391] ? __virt_addr_valid+0x1db/0x2d0 [ 11.244414] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.244436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.244458] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.244480] kasan_report+0x141/0x180 [ 11.244504] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.244533] __asan_report_store1_noabort+0x1b/0x30 [ 11.244554] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.244578] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.244600] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.244628] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.244665] krealloc_less_oob+0x1c/0x30 [ 11.244685] kunit_try_run_case+0x1a5/0x480 [ 11.244716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.244738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.244761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.244782] ? __kthread_parkme+0x82/0x180 [ 11.244801] ? preempt_count_sub+0x50/0x80 [ 11.244824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.244846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.244868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.244890] kthread+0x337/0x6f0 [ 11.244908] ? trace_preempt_on+0x20/0xc0 [ 11.244930] ? __pfx_kthread+0x10/0x10 [ 11.244950] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.244970] ? calculate_sigpending+0x7b/0xa0 [ 11.244993] ? __pfx_kthread+0x10/0x10 [ 11.245013] ret_from_fork+0x116/0x1d0 [ 11.245041] ? __pfx_kthread+0x10/0x10 [ 11.245060] ret_from_fork_asm+0x1a/0x30 [ 11.245090] </TASK> [ 11.245101] [ 11.258257] Allocated by task 175: [ 11.258395] kasan_save_stack+0x45/0x70 [ 11.258549] kasan_save_track+0x18/0x40 [ 11.258864] kasan_save_alloc_info+0x3b/0x50 [ 11.259268] __kasan_krealloc+0x190/0x1f0 [ 11.259657] krealloc_noprof+0xf3/0x340 [ 11.260162] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.260615] krealloc_less_oob+0x1c/0x30 [ 11.261153] kunit_try_run_case+0x1a5/0x480 [ 11.261511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.261883] kthread+0x337/0x6f0 [ 11.262221] ret_from_fork+0x116/0x1d0 [ 11.262578] ret_from_fork_asm+0x1a/0x30 [ 11.262999] [ 11.263210] The buggy address belongs to the object at ffff888100ab3400 [ 11.263210] which belongs to the cache kmalloc-256 of size 256 [ 11.263929] The buggy address is located 17 bytes to the right of [ 11.263929] allocated 201-byte region [ffff888100ab3400, ffff888100ab34c9) [ 11.264328] [ 11.264401] The buggy address belongs to the physical page: [ 11.264577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2 [ 11.265329] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.266377] flags: 0x200000000000040(head|node=0|zone=2) [ 11.267048] page_type: f5(slab) [ 11.267440] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.268173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.268920] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.269597] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.270600] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff [ 11.271142] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.271376] page dumped because: kasan: bad access detected [ 11.271547] [ 11.271617] Memory state around the buggy address: [ 11.272179] ffff888100ab3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.272816] ffff888100ab3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.273601] >ffff888100ab3480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.274426] ^ [ 11.275440] ffff888100ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.275921] ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.276559] ==================================================================