Date
July 9, 2025, 2:07 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 16.832329] ================================================================== [ 16.832574] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.832634] Write of size 1 at addr fff00000c4519cda by task kunit_try_catch/158 [ 16.832986] [ 16.833191] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.833428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.833530] Hardware name: linux,dummy-virt (DT) [ 16.833565] Call trace: [ 16.833627] show_stack+0x20/0x38 (C) [ 16.833802] dump_stack_lvl+0x8c/0xd0 [ 16.833898] print_report+0x118/0x608 [ 16.833985] kasan_report+0xdc/0x128 [ 16.834315] __asan_report_store1_noabort+0x20/0x30 [ 16.834472] krealloc_less_oob_helper+0xa80/0xc50 [ 16.834569] krealloc_less_oob+0x20/0x38 [ 16.834790] kunit_try_run_case+0x170/0x3f0 [ 16.834931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.834987] kthread+0x328/0x630 [ 16.835076] ret_from_fork+0x10/0x20 [ 16.835280] [ 16.835303] Allocated by task 158: [ 16.835331] kasan_save_stack+0x3c/0x68 [ 16.835376] kasan_save_track+0x20/0x40 [ 16.835441] kasan_save_alloc_info+0x40/0x58 [ 16.835482] __kasan_krealloc+0x118/0x178 [ 16.835529] krealloc_noprof+0x128/0x360 [ 16.835566] krealloc_less_oob_helper+0x168/0xc50 [ 16.835606] krealloc_less_oob+0x20/0x38 [ 16.835643] kunit_try_run_case+0x170/0x3f0 [ 16.835680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.835732] kthread+0x328/0x630 [ 16.835764] ret_from_fork+0x10/0x20 [ 16.835809] [ 16.835827] The buggy address belongs to the object at fff00000c4519c00 [ 16.835827] which belongs to the cache kmalloc-256 of size 256 [ 16.835898] The buggy address is located 17 bytes to the right of [ 16.835898] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.835962] [ 16.835982] The buggy address belongs to the physical page: [ 16.836031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.836101] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.836767] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.836926] page_type: f5(slab) [ 16.837013] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837492] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837571] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837875] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.837951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.838023] page dumped because: kasan: bad access detected [ 16.838054] [ 16.838078] Memory state around the buggy address: [ 16.838281] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838504] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.838557] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.838682] ^ [ 16.838843] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838887] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838985] ================================================================== [ 16.911622] ================================================================== [ 16.912187] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.912499] Write of size 1 at addr fff00000c77e20da by task kunit_try_catch/162 [ 16.912611] [ 16.912928] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.913289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.914254] Hardware name: linux,dummy-virt (DT) [ 16.914320] Call trace: [ 16.914343] show_stack+0x20/0x38 (C) [ 16.914398] dump_stack_lvl+0x8c/0xd0 [ 16.914447] print_report+0x118/0x608 [ 16.914495] kasan_report+0xdc/0x128 [ 16.914540] __asan_report_store1_noabort+0x20/0x30 [ 16.914592] krealloc_less_oob_helper+0xa80/0xc50 [ 16.914642] krealloc_large_less_oob+0x20/0x38 [ 16.916052] kunit_try_run_case+0x170/0x3f0 [ 16.916298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.916362] kthread+0x328/0x630 [ 16.916688] ret_from_fork+0x10/0x20 [ 16.916870] [ 16.916973] The buggy address belongs to the physical page: [ 16.917295] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.917641] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.917719] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.917794] page_type: f8(unknown) [ 16.917846] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.918061] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.918334] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.918390] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.918447] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.918848] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.918919] page dumped because: kasan: bad access detected [ 16.919031] [ 16.919254] Memory state around the buggy address: [ 16.919376] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.919425] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.919677] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.919927] ^ [ 16.920196] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.920252] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.920312] ================================================================== [ 16.813653] ================================================================== [ 16.813712] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.814062] Write of size 1 at addr fff00000c4519cc9 by task kunit_try_catch/158 [ 16.814340] [ 16.814480] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.814574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.814974] Hardware name: linux,dummy-virt (DT) [ 16.815026] Call trace: [ 16.815179] show_stack+0x20/0x38 (C) [ 16.815271] dump_stack_lvl+0x8c/0xd0 [ 16.815491] print_report+0x118/0x608 [ 16.815706] kasan_report+0xdc/0x128 [ 16.815893] __asan_report_store1_noabort+0x20/0x30 [ 16.816232] krealloc_less_oob_helper+0xa48/0xc50 [ 16.816521] krealloc_less_oob+0x20/0x38 [ 16.816725] kunit_try_run_case+0x170/0x3f0 [ 16.816848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.817044] kthread+0x328/0x630 [ 16.817139] ret_from_fork+0x10/0x20 [ 16.817323] [ 16.817437] Allocated by task 158: [ 16.817470] kasan_save_stack+0x3c/0x68 [ 16.817546] kasan_save_track+0x20/0x40 [ 16.818005] kasan_save_alloc_info+0x40/0x58 [ 16.818066] __kasan_krealloc+0x118/0x178 [ 16.818119] krealloc_noprof+0x128/0x360 [ 16.818185] krealloc_less_oob_helper+0x168/0xc50 [ 16.818465] krealloc_less_oob+0x20/0x38 [ 16.818579] kunit_try_run_case+0x170/0x3f0 [ 16.818748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.818794] kthread+0x328/0x630 [ 16.818827] ret_from_fork+0x10/0x20 [ 16.818904] [ 16.818931] The buggy address belongs to the object at fff00000c4519c00 [ 16.818931] which belongs to the cache kmalloc-256 of size 256 [ 16.818991] The buggy address is located 0 bytes to the right of [ 16.818991] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.819055] [ 16.819092] The buggy address belongs to the physical page: [ 16.819125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.819207] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.819257] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.819313] page_type: f5(slab) [ 16.819355] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.819406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.819467] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.819523] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.819581] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.819632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.819672] page dumped because: kasan: bad access detected [ 16.819712] [ 16.819730] Memory state around the buggy address: [ 16.819770] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.819812] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.819854] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.819892] ^ [ 16.819927] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.819968] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.820006] ================================================================== [ 16.840620] ================================================================== [ 16.840915] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.840984] Write of size 1 at addr fff00000c4519cea by task kunit_try_catch/158 [ 16.841037] [ 16.841203] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.841357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.841416] Hardware name: linux,dummy-virt (DT) [ 16.841485] Call trace: [ 16.841620] show_stack+0x20/0x38 (C) [ 16.841679] dump_stack_lvl+0x8c/0xd0 [ 16.841737] print_report+0x118/0x608 [ 16.841785] kasan_report+0xdc/0x128 [ 16.842331] __asan_report_store1_noabort+0x20/0x30 [ 16.842490] krealloc_less_oob_helper+0xae4/0xc50 [ 16.842677] krealloc_less_oob+0x20/0x38 [ 16.842786] kunit_try_run_case+0x170/0x3f0 [ 16.842836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.843272] kthread+0x328/0x630 [ 16.843350] ret_from_fork+0x10/0x20 [ 16.843676] [ 16.843886] Allocated by task 158: [ 16.843962] kasan_save_stack+0x3c/0x68 [ 16.844165] kasan_save_track+0x20/0x40 [ 16.844482] kasan_save_alloc_info+0x40/0x58 [ 16.844690] __kasan_krealloc+0x118/0x178 [ 16.844794] krealloc_noprof+0x128/0x360 [ 16.844902] krealloc_less_oob_helper+0x168/0xc50 [ 16.845076] krealloc_less_oob+0x20/0x38 [ 16.845181] kunit_try_run_case+0x170/0x3f0 [ 16.845229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.845287] kthread+0x328/0x630 [ 16.845319] ret_from_fork+0x10/0x20 [ 16.845371] [ 16.845400] The buggy address belongs to the object at fff00000c4519c00 [ 16.845400] which belongs to the cache kmalloc-256 of size 256 [ 16.845471] The buggy address is located 33 bytes to the right of [ 16.845471] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.845545] [ 16.845564] The buggy address belongs to the physical page: [ 16.845625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.845678] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.845726] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.845779] page_type: f5(slab) [ 16.846198] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.846636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.846726] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.847354] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.847462] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.847547] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.847725] page dumped because: kasan: bad access detected [ 16.847981] [ 16.848073] Memory state around the buggy address: [ 16.848531] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848623] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.848803] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.848846] ^ [ 16.848900] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848942] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848981] ================================================================== [ 16.888865] ================================================================== [ 16.888951] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.889021] Write of size 1 at addr fff00000c77e20c9 by task kunit_try_catch/162 [ 16.889074] [ 16.889125] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.889210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.889492] Hardware name: linux,dummy-virt (DT) [ 16.889547] Call trace: [ 16.889635] show_stack+0x20/0x38 (C) [ 16.889698] dump_stack_lvl+0x8c/0xd0 [ 16.889766] print_report+0x118/0x608 [ 16.889815] kasan_report+0xdc/0x128 [ 16.889861] __asan_report_store1_noabort+0x20/0x30 [ 16.889915] krealloc_less_oob_helper+0xa48/0xc50 [ 16.889965] krealloc_large_less_oob+0x20/0x38 [ 16.890013] kunit_try_run_case+0x170/0x3f0 [ 16.890275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.890341] kthread+0x328/0x630 [ 16.890412] ret_from_fork+0x10/0x20 [ 16.890565] [ 16.890585] The buggy address belongs to the physical page: [ 16.893890] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.894178] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.894230] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.894287] page_type: f8(unknown) [ 16.894334] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.894389] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.894444] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.894498] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.894552] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.894606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.894647] page dumped because: kasan: bad access detected [ 16.894677] [ 16.894695] Memory state around the buggy address: [ 16.894728] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.894773] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.894818] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.894857] ^ [ 16.894895] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.894939] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.894979] ================================================================== [ 16.895417] ================================================================== [ 16.895464] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.895512] Write of size 1 at addr fff00000c77e20d0 by task kunit_try_catch/162 [ 16.895562] [ 16.895594] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.895674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.901858] Hardware name: linux,dummy-virt (DT) [ 16.901919] Call trace: [ 16.901957] show_stack+0x20/0x38 (C) [ 16.902105] dump_stack_lvl+0x8c/0xd0 [ 16.902251] print_report+0x118/0x608 [ 16.902315] kasan_report+0xdc/0x128 [ 16.902976] __asan_report_store1_noabort+0x20/0x30 [ 16.903078] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.903325] krealloc_large_less_oob+0x20/0x38 [ 16.903517] kunit_try_run_case+0x170/0x3f0 [ 16.903899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.904249] kthread+0x328/0x630 [ 16.904480] ret_from_fork+0x10/0x20 [ 16.904533] [ 16.904554] The buggy address belongs to the physical page: [ 16.904586] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.904639] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.904686] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.905210] page_type: f8(unknown) [ 16.905676] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.905737] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906021] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.906471] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906780] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.907046] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.907319] page dumped because: kasan: bad access detected [ 16.907355] [ 16.907372] Memory state around the buggy address: [ 16.907656] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.908068] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.908247] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.908484] ^ [ 16.908533] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.908872] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.909183] ================================================================== [ 16.926965] ================================================================== [ 16.927009] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.927058] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/162 [ 16.927124] [ 16.927153] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.927233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.927258] Hardware name: linux,dummy-virt (DT) [ 16.927287] Call trace: [ 16.927309] show_stack+0x20/0x38 (C) [ 16.927516] dump_stack_lvl+0x8c/0xd0 [ 16.927571] print_report+0x118/0x608 [ 16.927618] kasan_report+0xdc/0x128 [ 16.927664] __asan_report_store1_noabort+0x20/0x30 [ 16.927715] krealloc_less_oob_helper+0xa58/0xc50 [ 16.927821] krealloc_large_less_oob+0x20/0x38 [ 16.927870] kunit_try_run_case+0x170/0x3f0 [ 16.927947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.928010] kthread+0x328/0x630 [ 16.928059] ret_from_fork+0x10/0x20 [ 16.928186] [ 16.928234] The buggy address belongs to the physical page: [ 16.928285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.928339] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.928478] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.928662] page_type: f8(unknown) [ 16.928748] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.928823] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.928879] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.928932] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.928986] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.929049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.929102] page dumped because: kasan: bad access detected [ 16.929132] [ 16.929149] Memory state around the buggy address: [ 16.929180] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.929258] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.929305] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.929345] ^ [ 16.929421] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.929505] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.929553] ================================================================== [ 16.852757] ================================================================== [ 16.852836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.852891] Write of size 1 at addr fff00000c4519ceb by task kunit_try_catch/158 [ 16.853417] [ 16.853468] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.853552] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.853578] Hardware name: linux,dummy-virt (DT) [ 16.853618] Call trace: [ 16.853641] show_stack+0x20/0x38 (C) [ 16.853697] dump_stack_lvl+0x8c/0xd0 [ 16.853747] print_report+0x118/0x608 [ 16.853794] kasan_report+0xdc/0x128 [ 16.853840] __asan_report_store1_noabort+0x20/0x30 [ 16.853897] krealloc_less_oob_helper+0xa58/0xc50 [ 16.853946] krealloc_less_oob+0x20/0x38 [ 16.853991] kunit_try_run_case+0x170/0x3f0 [ 16.854038] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.855865] kthread+0x328/0x630 [ 16.855925] ret_from_fork+0x10/0x20 [ 16.855976] [ 16.855994] Allocated by task 158: [ 16.856029] kasan_save_stack+0x3c/0x68 [ 16.856073] kasan_save_track+0x20/0x40 [ 16.856125] kasan_save_alloc_info+0x40/0x58 [ 16.856166] __kasan_krealloc+0x118/0x178 [ 16.856203] krealloc_noprof+0x128/0x360 [ 16.856240] krealloc_less_oob_helper+0x168/0xc50 [ 16.856279] krealloc_less_oob+0x20/0x38 [ 16.856314] kunit_try_run_case+0x170/0x3f0 [ 16.856352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.856394] kthread+0x328/0x630 [ 16.856426] ret_from_fork+0x10/0x20 [ 16.856461] [ 16.856479] The buggy address belongs to the object at fff00000c4519c00 [ 16.856479] which belongs to the cache kmalloc-256 of size 256 [ 16.856535] The buggy address is located 34 bytes to the right of [ 16.856535] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.856599] [ 16.856618] The buggy address belongs to the physical page: [ 16.857124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.857231] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.857338] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.857392] page_type: f5(slab) [ 16.857431] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.857687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.857929] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.857984] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.858167] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.858359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.858410] page dumped because: kasan: bad access detected [ 16.858442] [ 16.858459] Memory state around the buggy address: [ 16.858490] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858532] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.858573] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.858611] ^ [ 16.858648] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858690] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858728] ================================================================== [ 16.821822] ================================================================== [ 16.821977] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.822030] Write of size 1 at addr fff00000c4519cd0 by task kunit_try_catch/158 [ 16.822441] [ 16.822599] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.823018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.823114] Hardware name: linux,dummy-virt (DT) [ 16.823242] Call trace: [ 16.823282] show_stack+0x20/0x38 (C) [ 16.823340] dump_stack_lvl+0x8c/0xd0 [ 16.823545] print_report+0x118/0x608 [ 16.823744] kasan_report+0xdc/0x128 [ 16.823893] __asan_report_store1_noabort+0x20/0x30 [ 16.824018] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.824230] krealloc_less_oob+0x20/0x38 [ 16.824667] kunit_try_run_case+0x170/0x3f0 [ 16.824833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.825008] kthread+0x328/0x630 [ 16.825220] ret_from_fork+0x10/0x20 [ 16.825624] [ 16.825724] Allocated by task 158: [ 16.825930] kasan_save_stack+0x3c/0x68 [ 16.826121] kasan_save_track+0x20/0x40 [ 16.826227] kasan_save_alloc_info+0x40/0x58 [ 16.826456] __kasan_krealloc+0x118/0x178 [ 16.826627] krealloc_noprof+0x128/0x360 [ 16.826742] krealloc_less_oob_helper+0x168/0xc50 [ 16.826848] krealloc_less_oob+0x20/0x38 [ 16.826892] kunit_try_run_case+0x170/0x3f0 [ 16.827220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.827423] kthread+0x328/0x630 [ 16.827512] ret_from_fork+0x10/0x20 [ 16.827636] [ 16.827725] The buggy address belongs to the object at fff00000c4519c00 [ 16.827725] which belongs to the cache kmalloc-256 of size 256 [ 16.828144] The buggy address is located 7 bytes to the right of [ 16.828144] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.828311] [ 16.828381] The buggy address belongs to the physical page: [ 16.828514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.828597] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.828644] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.828878] page_type: f5(slab) [ 16.828925] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.829365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.829580] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.829661] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.830116] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.830192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.830333] page dumped because: kasan: bad access detected [ 16.830410] [ 16.830452] Memory state around the buggy address: [ 16.830585] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.830663] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.830720] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.830758] ^ [ 16.830964] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.831122] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.831285] ================================================================== [ 16.921818] ================================================================== [ 16.921870] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.922462] Write of size 1 at addr fff00000c77e20ea by task kunit_try_catch/162 [ 16.922531] [ 16.922565] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.922929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.923362] Hardware name: linux,dummy-virt (DT) [ 16.923437] Call trace: [ 16.923474] show_stack+0x20/0x38 (C) [ 16.923574] dump_stack_lvl+0x8c/0xd0 [ 16.923627] print_report+0x118/0x608 [ 16.923686] kasan_report+0xdc/0x128 [ 16.923743] __asan_report_store1_noabort+0x20/0x30 [ 16.923795] krealloc_less_oob_helper+0xae4/0xc50 [ 16.923852] krealloc_large_less_oob+0x20/0x38 [ 16.923916] kunit_try_run_case+0x170/0x3f0 [ 16.923999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.924081] kthread+0x328/0x630 [ 16.924168] ret_from_fork+0x10/0x20 [ 16.924218] [ 16.924237] The buggy address belongs to the physical page: [ 16.924639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.924700] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.924747] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.924806] page_type: f8(unknown) [ 16.924851] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.924908] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.925715] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.925774] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.925829] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.925881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.925922] page dumped because: kasan: bad access detected [ 16.925953] [ 16.925970] Memory state around the buggy address: [ 16.926003] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.926050] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.926108] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.926147] ^ [ 16.926206] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.926340] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.926435] ==================================================================
[ 12.459652] ================================================================== [ 12.460262] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.460637] Write of size 1 at addr ffff8881003418da by task kunit_try_catch/175 [ 12.461145] [ 12.461440] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.461486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.461497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.461517] Call Trace: [ 12.461635] <TASK> [ 12.461652] dump_stack_lvl+0x73/0xb0 [ 12.461684] print_report+0xd1/0x650 [ 12.461705] ? __virt_addr_valid+0x1db/0x2d0 [ 12.461728] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.461752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.461774] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.461798] kasan_report+0x141/0x180 [ 12.461872] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.461900] __asan_report_store1_noabort+0x1b/0x30 [ 12.461925] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.461950] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.461974] ? finish_task_switch.isra.0+0x153/0x700 [ 12.461997] ? __switch_to+0x47/0xf50 [ 12.462021] ? __schedule+0x10cc/0x2b60 [ 12.462043] ? __pfx_read_tsc+0x10/0x10 [ 12.462067] krealloc_less_oob+0x1c/0x30 [ 12.462088] kunit_try_run_case+0x1a5/0x480 [ 12.462113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.462137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.462162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.462186] ? __kthread_parkme+0x82/0x180 [ 12.462207] ? preempt_count_sub+0x50/0x80 [ 12.462229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.462252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.462276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.462301] kthread+0x337/0x6f0 [ 12.462319] ? trace_preempt_on+0x20/0xc0 [ 12.462342] ? __pfx_kthread+0x10/0x10 [ 12.462362] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.462384] ? calculate_sigpending+0x7b/0xa0 [ 12.462409] ? __pfx_kthread+0x10/0x10 [ 12.462429] ret_from_fork+0x116/0x1d0 [ 12.462448] ? __pfx_kthread+0x10/0x10 [ 12.462467] ret_from_fork_asm+0x1a/0x30 [ 12.462498] </TASK> [ 12.462507] [ 12.473745] Allocated by task 175: [ 12.473997] kasan_save_stack+0x45/0x70 [ 12.474292] kasan_save_track+0x18/0x40 [ 12.474492] kasan_save_alloc_info+0x3b/0x50 [ 12.475135] __kasan_krealloc+0x190/0x1f0 [ 12.475347] krealloc_noprof+0xf3/0x340 [ 12.475536] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.475777] krealloc_less_oob+0x1c/0x30 [ 12.476286] kunit_try_run_case+0x1a5/0x480 [ 12.476467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.476952] kthread+0x337/0x6f0 [ 12.477101] ret_from_fork+0x116/0x1d0 [ 12.477446] ret_from_fork_asm+0x1a/0x30 [ 12.477759] [ 12.477856] The buggy address belongs to the object at ffff888100341800 [ 12.477856] which belongs to the cache kmalloc-256 of size 256 [ 12.478652] The buggy address is located 17 bytes to the right of [ 12.478652] allocated 201-byte region [ffff888100341800, ffff8881003418c9) [ 12.479551] [ 12.479674] The buggy address belongs to the physical page: [ 12.480319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.480887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.481300] flags: 0x200000000000040(head|node=0|zone=2) [ 12.481654] page_type: f5(slab) [ 12.481829] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.482325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.482671] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.483192] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.483624] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.484151] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.484560] page dumped because: kasan: bad access detected [ 12.484947] [ 12.485150] Memory state around the buggy address: [ 12.485722] ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.486189] ffff888100341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.486475] >ffff888100341880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.487029] ^ [ 12.487297] ffff888100341900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.487667] ffff888100341980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.488172] ================================================================== [ 12.646899] ================================================================== [ 12.647453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.647718] Write of size 1 at addr ffff888101eae0ea by task kunit_try_catch/179 [ 12.649707] [ 12.649933] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.649980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.649991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.650011] Call Trace: [ 12.650026] <TASK> [ 12.650042] dump_stack_lvl+0x73/0xb0 [ 12.650072] print_report+0xd1/0x650 [ 12.650094] ? __virt_addr_valid+0x1db/0x2d0 [ 12.650117] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.650140] ? kasan_addr_to_slab+0x11/0xa0 [ 12.650161] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.650185] kasan_report+0x141/0x180 [ 12.650206] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.650234] __asan_report_store1_noabort+0x1b/0x30 [ 12.650259] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.650284] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.650308] ? finish_task_switch.isra.0+0x153/0x700 [ 12.650330] ? __switch_to+0x47/0xf50 [ 12.650354] ? __schedule+0x10cc/0x2b60 [ 12.650375] ? __pfx_read_tsc+0x10/0x10 [ 12.650398] krealloc_large_less_oob+0x1c/0x30 [ 12.650421] kunit_try_run_case+0x1a5/0x480 [ 12.650444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.650466] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.650489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.650512] ? __kthread_parkme+0x82/0x180 [ 12.650532] ? preempt_count_sub+0x50/0x80 [ 12.650554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.650578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.650624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.650649] kthread+0x337/0x6f0 [ 12.650667] ? trace_preempt_on+0x20/0xc0 [ 12.650690] ? __pfx_kthread+0x10/0x10 [ 12.650709] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.650730] ? calculate_sigpending+0x7b/0xa0 [ 12.650754] ? __pfx_kthread+0x10/0x10 [ 12.650774] ret_from_fork+0x116/0x1d0 [ 12.650804] ? __pfx_kthread+0x10/0x10 [ 12.650828] ret_from_fork_asm+0x1a/0x30 [ 12.650858] </TASK> [ 12.650868] [ 12.659353] The buggy address belongs to the physical page: [ 12.659557] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac [ 12.659897] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.660125] flags: 0x200000000000040(head|node=0|zone=2) [ 12.660573] page_type: f8(unknown) [ 12.660785] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.661196] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.661430] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.662946] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.663269] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff [ 12.663561] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.663879] page dumped because: kasan: bad access detected [ 12.664133] [ 12.664215] Memory state around the buggy address: [ 12.664447] ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.664768] ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.665158] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.665425] ^ [ 12.665722] ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.666119] ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.666401] ================================================================== [ 12.593382] ================================================================== [ 12.594060] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.594374] Write of size 1 at addr ffff888101eae0c9 by task kunit_try_catch/179 [ 12.594707] [ 12.595143] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.595338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.595354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.595375] Call Trace: [ 12.595390] <TASK> [ 12.595406] dump_stack_lvl+0x73/0xb0 [ 12.595439] print_report+0xd1/0x650 [ 12.595461] ? __virt_addr_valid+0x1db/0x2d0 [ 12.595484] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.595507] ? kasan_addr_to_slab+0x11/0xa0 [ 12.595527] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.595551] kasan_report+0x141/0x180 [ 12.595571] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.595611] __asan_report_store1_noabort+0x1b/0x30 [ 12.595635] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.595660] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.595684] ? finish_task_switch.isra.0+0x153/0x700 [ 12.595708] ? __switch_to+0x47/0xf50 [ 12.595732] ? __schedule+0x10cc/0x2b60 [ 12.595754] ? __pfx_read_tsc+0x10/0x10 [ 12.595793] krealloc_large_less_oob+0x1c/0x30 [ 12.595817] kunit_try_run_case+0x1a5/0x480 [ 12.595843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.595866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.595890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.595913] ? __kthread_parkme+0x82/0x180 [ 12.595934] ? preempt_count_sub+0x50/0x80 [ 12.595956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.595980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.596003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.596028] kthread+0x337/0x6f0 [ 12.596046] ? trace_preempt_on+0x20/0xc0 [ 12.596069] ? __pfx_kthread+0x10/0x10 [ 12.596089] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.596110] ? calculate_sigpending+0x7b/0xa0 [ 12.596134] ? __pfx_kthread+0x10/0x10 [ 12.596154] ret_from_fork+0x116/0x1d0 [ 12.596171] ? __pfx_kthread+0x10/0x10 [ 12.596191] ret_from_fork_asm+0x1a/0x30 [ 12.596222] </TASK> [ 12.596232] [ 12.605260] The buggy address belongs to the physical page: [ 12.605515] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac [ 12.605851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.606169] flags: 0x200000000000040(head|node=0|zone=2) [ 12.606355] page_type: f8(unknown) [ 12.606531] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.607050] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.607344] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.607666] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.608104] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff [ 12.608401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.608720] page dumped because: kasan: bad access detected [ 12.608993] [ 12.609077] Memory state around the buggy address: [ 12.609233] ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.609460] ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.609789] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.610100] ^ [ 12.610676] ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.611111] ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.611392] ================================================================== [ 12.628118] ================================================================== [ 12.628461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.628973] Write of size 1 at addr ffff888101eae0da by task kunit_try_catch/179 [ 12.629263] [ 12.629354] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.629395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.629406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.629426] Call Trace: [ 12.629439] <TASK> [ 12.629454] dump_stack_lvl+0x73/0xb0 [ 12.629485] print_report+0xd1/0x650 [ 12.629508] ? __virt_addr_valid+0x1db/0x2d0 [ 12.629531] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.629554] ? kasan_addr_to_slab+0x11/0xa0 [ 12.629574] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.629611] kasan_report+0x141/0x180 [ 12.629632] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.629660] __asan_report_store1_noabort+0x1b/0x30 [ 12.629685] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.629711] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.629735] ? finish_task_switch.isra.0+0x153/0x700 [ 12.629758] ? __switch_to+0x47/0xf50 [ 12.629783] ? __schedule+0x10cc/0x2b60 [ 12.629804] ? __pfx_read_tsc+0x10/0x10 [ 12.629879] krealloc_large_less_oob+0x1c/0x30 [ 12.629904] kunit_try_run_case+0x1a5/0x480 [ 12.629932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.629955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.629980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.630004] ? __kthread_parkme+0x82/0x180 [ 12.630024] ? preempt_count_sub+0x50/0x80 [ 12.630047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.630071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.630096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.630121] kthread+0x337/0x6f0 [ 12.630139] ? trace_preempt_on+0x20/0xc0 [ 12.630163] ? __pfx_kthread+0x10/0x10 [ 12.630182] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.630203] ? calculate_sigpending+0x7b/0xa0 [ 12.630227] ? __pfx_kthread+0x10/0x10 [ 12.630248] ret_from_fork+0x116/0x1d0 [ 12.630267] ? __pfx_kthread+0x10/0x10 [ 12.630287] ret_from_fork_asm+0x1a/0x30 [ 12.630317] </TASK> [ 12.630327] [ 12.638207] The buggy address belongs to the physical page: [ 12.638392] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac [ 12.638810] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.639163] flags: 0x200000000000040(head|node=0|zone=2) [ 12.639452] page_type: f8(unknown) [ 12.639581] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.639903] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.640133] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.640736] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.641173] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff [ 12.641518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.641937] page dumped because: kasan: bad access detected [ 12.642147] [ 12.642216] Memory state around the buggy address: [ 12.642371] ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.642587] ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.643904] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.644714] ^ [ 12.645533] ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.646294] ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.646517] ================================================================== [ 12.488713] ================================================================== [ 12.488945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.489689] Write of size 1 at addr ffff8881003418ea by task kunit_try_catch/175 [ 12.490293] [ 12.490408] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.490610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.490623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.490642] Call Trace: [ 12.490662] <TASK> [ 12.490680] dump_stack_lvl+0x73/0xb0 [ 12.490712] print_report+0xd1/0x650 [ 12.490734] ? __virt_addr_valid+0x1db/0x2d0 [ 12.490757] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.490781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.490819] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.490851] kasan_report+0x141/0x180 [ 12.490872] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.490899] __asan_report_store1_noabort+0x1b/0x30 [ 12.490924] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.490949] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.490973] ? finish_task_switch.isra.0+0x153/0x700 [ 12.490995] ? __switch_to+0x47/0xf50 [ 12.491020] ? __schedule+0x10cc/0x2b60 [ 12.491041] ? __pfx_read_tsc+0x10/0x10 [ 12.491065] krealloc_less_oob+0x1c/0x30 [ 12.491088] kunit_try_run_case+0x1a5/0x480 [ 12.491113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.491135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.491159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.491181] ? __kthread_parkme+0x82/0x180 [ 12.491201] ? preempt_count_sub+0x50/0x80 [ 12.491223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.491247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.491272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.491296] kthread+0x337/0x6f0 [ 12.491314] ? trace_preempt_on+0x20/0xc0 [ 12.491337] ? __pfx_kthread+0x10/0x10 [ 12.491357] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.491378] ? calculate_sigpending+0x7b/0xa0 [ 12.491402] ? __pfx_kthread+0x10/0x10 [ 12.491422] ret_from_fork+0x116/0x1d0 [ 12.491439] ? __pfx_kthread+0x10/0x10 [ 12.491459] ret_from_fork_asm+0x1a/0x30 [ 12.491489] </TASK> [ 12.491499] [ 12.502208] Allocated by task 175: [ 12.502577] kasan_save_stack+0x45/0x70 [ 12.502808] kasan_save_track+0x18/0x40 [ 12.503037] kasan_save_alloc_info+0x3b/0x50 [ 12.503464] __kasan_krealloc+0x190/0x1f0 [ 12.503668] krealloc_noprof+0xf3/0x340 [ 12.504027] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.504205] krealloc_less_oob+0x1c/0x30 [ 12.504433] kunit_try_run_case+0x1a5/0x480 [ 12.504647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.505408] kthread+0x337/0x6f0 [ 12.505571] ret_from_fork+0x116/0x1d0 [ 12.506004] ret_from_fork_asm+0x1a/0x30 [ 12.506335] [ 12.506412] The buggy address belongs to the object at ffff888100341800 [ 12.506412] which belongs to the cache kmalloc-256 of size 256 [ 12.507241] The buggy address is located 33 bytes to the right of [ 12.507241] allocated 201-byte region [ffff888100341800, ffff8881003418c9) [ 12.507900] [ 12.508013] The buggy address belongs to the physical page: [ 12.508255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.508555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.509217] flags: 0x200000000000040(head|node=0|zone=2) [ 12.509419] page_type: f5(slab) [ 12.509793] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.510464] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.511016] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.511451] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.511966] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.512289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.512625] page dumped because: kasan: bad access detected [ 12.513152] [ 12.513250] Memory state around the buggy address: [ 12.513443] ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.513943] ffff888100341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.514349] >ffff888100341880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.514714] ^ [ 12.515170] ffff888100341900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.515753] ffff888100341980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.516386] ================================================================== [ 12.517146] ================================================================== [ 12.517682] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.518356] Write of size 1 at addr ffff8881003418eb by task kunit_try_catch/175 [ 12.518693] [ 12.518793] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.518841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.518852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.518872] Call Trace: [ 12.518891] <TASK> [ 12.518909] dump_stack_lvl+0x73/0xb0 [ 12.518939] print_report+0xd1/0x650 [ 12.518960] ? __virt_addr_valid+0x1db/0x2d0 [ 12.518984] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.519007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.519030] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.519054] kasan_report+0x141/0x180 [ 12.519074] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.519102] __asan_report_store1_noabort+0x1b/0x30 [ 12.519127] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.519152] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.519176] ? finish_task_switch.isra.0+0x153/0x700 [ 12.519198] ? __switch_to+0x47/0xf50 [ 12.519224] ? __schedule+0x10cc/0x2b60 [ 12.519245] ? __pfx_read_tsc+0x10/0x10 [ 12.519269] krealloc_less_oob+0x1c/0x30 [ 12.519289] kunit_try_run_case+0x1a5/0x480 [ 12.519314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.519336] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.519360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.519382] ? __kthread_parkme+0x82/0x180 [ 12.519403] ? preempt_count_sub+0x50/0x80 [ 12.519424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.519448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.519471] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.519496] kthread+0x337/0x6f0 [ 12.519513] ? trace_preempt_on+0x20/0xc0 [ 12.519536] ? __pfx_kthread+0x10/0x10 [ 12.519556] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.519577] ? calculate_sigpending+0x7b/0xa0 [ 12.519610] ? __pfx_kthread+0x10/0x10 [ 12.519630] ret_from_fork+0x116/0x1d0 [ 12.519649] ? __pfx_kthread+0x10/0x10 [ 12.519884] ret_from_fork_asm+0x1a/0x30 [ 12.519916] </TASK> [ 12.519926] [ 12.529928] Allocated by task 175: [ 12.530109] kasan_save_stack+0x45/0x70 [ 12.530269] kasan_save_track+0x18/0x40 [ 12.530465] kasan_save_alloc_info+0x3b/0x50 [ 12.531182] __kasan_krealloc+0x190/0x1f0 [ 12.531362] krealloc_noprof+0xf3/0x340 [ 12.531719] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.532002] krealloc_less_oob+0x1c/0x30 [ 12.532323] kunit_try_run_case+0x1a5/0x480 [ 12.532616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.533272] kthread+0x337/0x6f0 [ 12.533411] ret_from_fork+0x116/0x1d0 [ 12.533770] ret_from_fork_asm+0x1a/0x30 [ 12.534131] [ 12.534225] The buggy address belongs to the object at ffff888100341800 [ 12.534225] which belongs to the cache kmalloc-256 of size 256 [ 12.534879] The buggy address is located 34 bytes to the right of [ 12.534879] allocated 201-byte region [ffff888100341800, ffff8881003418c9) [ 12.535607] [ 12.535693] The buggy address belongs to the physical page: [ 12.535955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.536609] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.537114] flags: 0x200000000000040(head|node=0|zone=2) [ 12.537490] page_type: f5(slab) [ 12.537631] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.538471] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.539007] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.539467] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.539934] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.540432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.540969] page dumped because: kasan: bad access detected [ 12.541196] [ 12.541493] Memory state around the buggy address: [ 12.541887] ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.542183] ffff888100341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.542746] >ffff888100341880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.543136] ^ [ 12.543433] ffff888100341900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.543752] ffff888100341980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.544532] ================================================================== [ 12.611972] ================================================================== [ 12.612278] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.612605] Write of size 1 at addr ffff888101eae0d0 by task kunit_try_catch/179 [ 12.612839] [ 12.612952] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.613141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.613157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.613176] Call Trace: [ 12.613188] <TASK> [ 12.613203] dump_stack_lvl+0x73/0xb0 [ 12.613233] print_report+0xd1/0x650 [ 12.613255] ? __virt_addr_valid+0x1db/0x2d0 [ 12.613279] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.613301] ? kasan_addr_to_slab+0x11/0xa0 [ 12.613321] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.613345] kasan_report+0x141/0x180 [ 12.613366] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.613394] __asan_report_store1_noabort+0x1b/0x30 [ 12.613418] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.613443] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.613467] ? finish_task_switch.isra.0+0x153/0x700 [ 12.613490] ? __switch_to+0x47/0xf50 [ 12.613514] ? __schedule+0x10cc/0x2b60 [ 12.613536] ? __pfx_read_tsc+0x10/0x10 [ 12.613559] krealloc_large_less_oob+0x1c/0x30 [ 12.613581] kunit_try_run_case+0x1a5/0x480 [ 12.613621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.613644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.613667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.613691] ? __kthread_parkme+0x82/0x180 [ 12.613711] ? preempt_count_sub+0x50/0x80 [ 12.613733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.613757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.613790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.613867] kthread+0x337/0x6f0 [ 12.613887] ? trace_preempt_on+0x20/0xc0 [ 12.613911] ? __pfx_kthread+0x10/0x10 [ 12.613930] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.613952] ? calculate_sigpending+0x7b/0xa0 [ 12.613976] ? __pfx_kthread+0x10/0x10 [ 12.613997] ret_from_fork+0x116/0x1d0 [ 12.614016] ? __pfx_kthread+0x10/0x10 [ 12.614036] ret_from_fork_asm+0x1a/0x30 [ 12.614067] </TASK> [ 12.614077] [ 12.621492] The buggy address belongs to the physical page: [ 12.621788] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac [ 12.622158] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.622537] flags: 0x200000000000040(head|node=0|zone=2) [ 12.622779] page_type: f8(unknown) [ 12.622969] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.623197] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.623582] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.623877] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.624413] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff [ 12.624693] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.625002] page dumped because: kasan: bad access detected [ 12.625274] [ 12.625430] Memory state around the buggy address: [ 12.625618] ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.625834] ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.626145] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.626462] ^ [ 12.626741] ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.626959] ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.627360] ================================================================== [ 12.666835] ================================================================== [ 12.667340] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.667754] Write of size 1 at addr ffff888101eae0eb by task kunit_try_catch/179 [ 12.668038] [ 12.668131] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.668175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.668186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.668205] Call Trace: [ 12.668223] <TASK> [ 12.668241] dump_stack_lvl+0x73/0xb0 [ 12.668270] print_report+0xd1/0x650 [ 12.668291] ? __virt_addr_valid+0x1db/0x2d0 [ 12.668315] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.668338] ? kasan_addr_to_slab+0x11/0xa0 [ 12.668358] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.668381] kasan_report+0x141/0x180 [ 12.668402] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.668430] __asan_report_store1_noabort+0x1b/0x30 [ 12.668454] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.668480] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.668504] ? finish_task_switch.isra.0+0x153/0x700 [ 12.668526] ? __switch_to+0x47/0xf50 [ 12.668550] ? __schedule+0x10cc/0x2b60 [ 12.668571] ? __pfx_read_tsc+0x10/0x10 [ 12.668657] krealloc_large_less_oob+0x1c/0x30 [ 12.668684] kunit_try_run_case+0x1a5/0x480 [ 12.668709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.668731] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.668755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.668792] ? __kthread_parkme+0x82/0x180 [ 12.668848] ? preempt_count_sub+0x50/0x80 [ 12.668871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.668895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.668920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.668944] kthread+0x337/0x6f0 [ 12.668962] ? trace_preempt_on+0x20/0xc0 [ 12.668986] ? __pfx_kthread+0x10/0x10 [ 12.669005] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.669026] ? calculate_sigpending+0x7b/0xa0 [ 12.669051] ? __pfx_kthread+0x10/0x10 [ 12.669071] ret_from_fork+0x116/0x1d0 [ 12.669090] ? __pfx_kthread+0x10/0x10 [ 12.669110] ret_from_fork_asm+0x1a/0x30 [ 12.669140] </TASK> [ 12.669149] [ 12.676724] The buggy address belongs to the physical page: [ 12.677079] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac [ 12.677360] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.677634] flags: 0x200000000000040(head|node=0|zone=2) [ 12.677883] page_type: f8(unknown) [ 12.678056] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.678369] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.678608] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.679405] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.679676] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff [ 12.680259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.680551] page dumped because: kasan: bad access detected [ 12.680775] [ 12.680922] Memory state around the buggy address: [ 12.681130] ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.681347] ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.681671] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.682059] ^ [ 12.682313] ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.682531] ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.682998] ================================================================== [ 12.430454] ================================================================== [ 12.430790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.431657] Write of size 1 at addr ffff8881003418d0 by task kunit_try_catch/175 [ 12.432308] [ 12.432424] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.432470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.432481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.432501] Call Trace: [ 12.432513] <TASK> [ 12.432532] dump_stack_lvl+0x73/0xb0 [ 12.432566] print_report+0xd1/0x650 [ 12.432589] ? __virt_addr_valid+0x1db/0x2d0 [ 12.432627] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.432651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.432674] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.432697] kasan_report+0x141/0x180 [ 12.432718] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.432746] __asan_report_store1_noabort+0x1b/0x30 [ 12.432770] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.433177] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.433204] ? finish_task_switch.isra.0+0x153/0x700 [ 12.433227] ? __switch_to+0x47/0xf50 [ 12.433253] ? __schedule+0x10cc/0x2b60 [ 12.433276] ? __pfx_read_tsc+0x10/0x10 [ 12.433301] krealloc_less_oob+0x1c/0x30 [ 12.433321] kunit_try_run_case+0x1a5/0x480 [ 12.433347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.433369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.433394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.433417] ? __kthread_parkme+0x82/0x180 [ 12.433437] ? preempt_count_sub+0x50/0x80 [ 12.433459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.433483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.433507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.433532] kthread+0x337/0x6f0 [ 12.433550] ? trace_preempt_on+0x20/0xc0 [ 12.433573] ? __pfx_kthread+0x10/0x10 [ 12.433607] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.433628] ? calculate_sigpending+0x7b/0xa0 [ 12.433652] ? __pfx_kthread+0x10/0x10 [ 12.433673] ret_from_fork+0x116/0x1d0 [ 12.433691] ? __pfx_kthread+0x10/0x10 [ 12.433710] ret_from_fork_asm+0x1a/0x30 [ 12.433740] </TASK> [ 12.433750] [ 12.444537] Allocated by task 175: [ 12.444740] kasan_save_stack+0x45/0x70 [ 12.445232] kasan_save_track+0x18/0x40 [ 12.445401] kasan_save_alloc_info+0x3b/0x50 [ 12.445755] __kasan_krealloc+0x190/0x1f0 [ 12.446171] krealloc_noprof+0xf3/0x340 [ 12.446460] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.446694] krealloc_less_oob+0x1c/0x30 [ 12.447281] kunit_try_run_case+0x1a5/0x480 [ 12.447475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.447990] kthread+0x337/0x6f0 [ 12.448179] ret_from_fork+0x116/0x1d0 [ 12.448363] ret_from_fork_asm+0x1a/0x30 [ 12.448550] [ 12.448658] The buggy address belongs to the object at ffff888100341800 [ 12.448658] which belongs to the cache kmalloc-256 of size 256 [ 12.449629] The buggy address is located 7 bytes to the right of [ 12.449629] allocated 201-byte region [ffff888100341800, ffff8881003418c9) [ 12.450341] [ 12.450587] The buggy address belongs to the physical page: [ 12.450842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.451322] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.451671] flags: 0x200000000000040(head|node=0|zone=2) [ 12.452304] page_type: f5(slab) [ 12.452458] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.453105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.453517] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.454001] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.454447] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.454879] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.455356] page dumped because: kasan: bad access detected [ 12.455685] [ 12.455796] Memory state around the buggy address: [ 12.456156] ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.456481] ffff888100341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.456792] >ffff888100341880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.457482] ^ [ 12.457974] ffff888100341900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.458297] ffff888100341980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.458657] ================================================================== [ 12.397482] ================================================================== [ 12.398795] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.399574] Write of size 1 at addr ffff8881003418c9 by task kunit_try_catch/175 [ 12.400505] [ 12.400727] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.400777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.400787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.400943] Call Trace: [ 12.400958] <TASK> [ 12.400976] dump_stack_lvl+0x73/0xb0 [ 12.401012] print_report+0xd1/0x650 [ 12.401035] ? __virt_addr_valid+0x1db/0x2d0 [ 12.401060] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.401083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.401106] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.401130] kasan_report+0x141/0x180 [ 12.401151] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.401179] __asan_report_store1_noabort+0x1b/0x30 [ 12.401204] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.401230] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.401254] ? finish_task_switch.isra.0+0x153/0x700 [ 12.401279] ? __switch_to+0x47/0xf50 [ 12.401305] ? __schedule+0x10cc/0x2b60 [ 12.401328] ? __pfx_read_tsc+0x10/0x10 [ 12.401353] krealloc_less_oob+0x1c/0x30 [ 12.401373] kunit_try_run_case+0x1a5/0x480 [ 12.401399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.401421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.401446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.401469] ? __kthread_parkme+0x82/0x180 [ 12.401490] ? preempt_count_sub+0x50/0x80 [ 12.401512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.401536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.401560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.401584] kthread+0x337/0x6f0 [ 12.401625] ? trace_preempt_on+0x20/0xc0 [ 12.401649] ? __pfx_kthread+0x10/0x10 [ 12.401669] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.401689] ? calculate_sigpending+0x7b/0xa0 [ 12.401714] ? __pfx_kthread+0x10/0x10 [ 12.401734] ret_from_fork+0x116/0x1d0 [ 12.401752] ? __pfx_kthread+0x10/0x10 [ 12.401771] ret_from_fork_asm+0x1a/0x30 [ 12.401812] </TASK> [ 12.401822] [ 12.414720] Allocated by task 175: [ 12.415306] kasan_save_stack+0x45/0x70 [ 12.415765] kasan_save_track+0x18/0x40 [ 12.416454] kasan_save_alloc_info+0x3b/0x50 [ 12.417047] __kasan_krealloc+0x190/0x1f0 [ 12.417495] krealloc_noprof+0xf3/0x340 [ 12.418025] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.418258] krealloc_less_oob+0x1c/0x30 [ 12.418401] kunit_try_run_case+0x1a5/0x480 [ 12.418551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.418748] kthread+0x337/0x6f0 [ 12.419008] ret_from_fork+0x116/0x1d0 [ 12.419303] ret_from_fork_asm+0x1a/0x30 [ 12.419971] [ 12.420075] The buggy address belongs to the object at ffff888100341800 [ 12.420075] which belongs to the cache kmalloc-256 of size 256 [ 12.420721] The buggy address is located 0 bytes to the right of [ 12.420721] allocated 201-byte region [ffff888100341800, ffff8881003418c9) [ 12.421708] [ 12.421816] The buggy address belongs to the physical page: [ 12.422079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.422414] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.422746] flags: 0x200000000000040(head|node=0|zone=2) [ 12.423389] page_type: f5(slab) [ 12.423535] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.424073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.424513] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.425047] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.425377] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.425712] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.426255] page dumped because: kasan: bad access detected [ 12.426628] [ 12.426703] Memory state around the buggy address: [ 12.427303] ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.427623] ffff888100341800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.428161] >ffff888100341880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.428530] ^ [ 12.428802] ffff888100341900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.429269] ffff888100341980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.429670] ==================================================================