[Bug 220889] New: KASAN: invalid-access in bpf_patch_insn_data+0x22c/0x2f0
1 view
Skip to first unread message
bugzill...@kernel.org
Dec 21, 2025, 9:29:34 PM (3 days ago) Dec 21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
Bug ID: 220889
Summary: KASAN: invalid-access in
bpf_patch_insn_data+0x22c/0x2f0
Product: Memory Management
Version: 2.5
Kernel Version: v6.18
Hardware: ARM
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Sanitizers
Assignee: mm_san...@kernel-bugs.kernel.org
Reporter: joonk...@samsung.com
CC: kasa...@googlegroups.com
Regression: No
When SW tag KASAN is enabled, we got kernel crash from bpf/verifier.
I found that it occurred only from 6.18, not 6.12 LTS we're working on.
After some tests, I found that the device is booted when 2 commits are
reverted.
bpf: potential double-free of env->insn_aux_data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b13448dd64e27752fad252cec7da1a50ab9f0b6f
bpf: use realloc in bpf_patch_insn_data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77620d1267392b1a34bfc437d2adea3006f95865
==================================================================
[ 79.419177] [4: netbpfload: 825] BUG: KASAN: invalid-access in
bpf_patch_insn_data+0x22c/0x2f0
[ 79.419415] [4: netbpfload: 825] Write of size 27896 at addr
25ffffc08e6314d0 by task netbpfload/825
[ 79.419984] [4: netbpfload: 825] Pointer tag: [25], memory tag: [fa]
[ 79.425193] [4: netbpfload: 825]
[ 79.427365] [4: netbpfload: 825] CPU: 4 UID: 0 PID: 825 Comm:
netbpfload Tainted: G OE
6.18.0-rc6-android17-0-gd28deb424356-4k #1 PREEMPT
92293e52a7788dc6ec1b9dff6625aaee925f3475
[ 79.427374] [4: netbpfload: 825] Tainted: [O]=OOT_MODULE,
[E]=UNSIGNED_MODULE
[ 79.427378] [4: netbpfload: 825] Hardware name: Samsung ERD9965 board
based on S5E9965 (DT)
[ 79.427382] [4: netbpfload: 825] Call trace:
[ 79.427385] [4: netbpfload: 825] show_stack+0x18/0x28 (C)
[ 79.427394] [4: netbpfload: 825] __dump_stack+0x28/0x3c
[ 79.427401] [4: netbpfload: 825] dump_stack_lvl+0x7c/0xa8
[ 79.427407] [4: netbpfload: 825] print_address_description+0x7c/0x20c
[ 79.427414] [4: netbpfload: 825] print_report+0x70/0x8c
[ 79.427421] [4: netbpfload: 825] kasan_report+0xb4/0x114
[ 79.427427] [4: netbpfload: 825] kasan_check_range+0x94/0xa0
[ 79.427432] [4: netbpfload: 825] __asan_memmove+0x54/0x88
[ 79.427437] [4: netbpfload: 825] bpf_patch_insn_data+0x22c/0x2f0
[ 79.427442] [4: netbpfload: 825] bpf_check+0x2b44/0x8c34
[ 79.427449] [4: netbpfload: 825] bpf_prog_load+0x8dc/0x990
[ 79.427453] [4: netbpfload: 825] __sys_bpf+0x300/0x4c8
[ 79.427458] [4: netbpfload: 825] __arm64_sys_bpf+0x48/0x64
[ 79.427465] [4: netbpfload: 825] invoke_syscall+0x6c/0x13c
[ 79.427471] [4: netbpfload: 825] el0_svc_common+0xf8/0x138
[ 79.427478] [4: netbpfload: 825] do_el0_svc+0x30/0x40
[ 79.427484] [4: netbpfload: 825] el0_svc+0x38/0x8c
[ 79.427491] [4: netbpfload: 825] el0t_64_sync_handler+0x68/0xdc
[ 79.427497] [4: netbpfload: 825] el0t_64_sync+0x1b8/0x1bc
[ 79.427502] [4: netbpfload: 825]
[ 79.545586] [4: netbpfload: 825] The buggy address belongs to a 8-page
vmalloc region starting at 0x25ffffc08e631000 allocated at
bpf_patch_insn_data+0x8c/0x2f0
[ 79.558777] [4: netbpfload: 825] The buggy address belongs to the
physical page:
[ 79.565029] [4: netbpfload: 825] page: refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x8b308b
[ 79.573710] [4: netbpfload: 825] memcg:c6ffff882d1d6402
[ 79.577791] [4: netbpfload: 825] flags:
0x6f80000000000000(zone=1|kasantag=0xbe)
[ 79.584042] [4: netbpfload: 825] raw: 6f80000000000000 0000000000000000
dead000000000122 0000000000000000
[ 79.592460] [4: netbpfload: 825] raw: 0000000000000000 0000000000000000
00000001ffffffff c6ffff882d1d6402
[ 79.600877] [4: netbpfload: 825] page dumped because: kasan: bad access
detected
[ 79.607126] [4: netbpfload: 825]
[ 79.609296] [4: netbpfload: 825] Memory state around the buggy address:
[ 79.614766] [4: netbpfload: 825] ffffffc08e637f00: 25 25 25 25 25 25
25 25 25 25 25 25 25 25 25 25
[ 79.622665] [4: netbpfload: 825] ffffffc08e638000: 25 25 25 25 25 25
25 25 25 25 25 25 25 25 25 25
[ 79.630562] [4: netbpfload: 825] >ffffffc08e638100: 25 25 25 25 25 25
25 fa fa fa fa fa fa fe fe fe
[ 79.638463] [4: netbpfload: 825]
^
[ 79.644190] [4: netbpfload: 825] ffffffc08e638200: fe fe fe fe fe fe
fe fe fe fe fe fe fe fe fe fe
[ 79.652089] [4: netbpfload: 825] ffffffc08e638300: fe fe fe fe fe fe
fe fe fe fe fe fe fe fe fe fe
[ 79.659987] [4: netbpfload: 825]
==================================================================
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are on the CC list for the bug.
Bug ID: 220889
Summary: KASAN: invalid-access in
bpf_patch_insn_data+0x22c/0x2f0
Product: Memory Management
Version: 2.5
Kernel Version: v6.18
Hardware: ARM
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Sanitizers
Assignee: mm_san...@kernel-bugs.kernel.org
Reporter: joonk...@samsung.com
CC: kasa...@googlegroups.com
Regression: No
When SW tag KASAN is enabled, we got kernel crash from bpf/verifier.
I found that it occurred only from 6.18, not 6.12 LTS we're working on.
After some tests, I found that the device is booted when 2 commits are
reverted.
bpf: potential double-free of env->insn_aux_data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b13448dd64e27752fad252cec7da1a50ab9f0b6f
bpf: use realloc in bpf_patch_insn_data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77620d1267392b1a34bfc437d2adea3006f95865
==================================================================
[ 79.419177] [4: netbpfload: 825] BUG: KASAN: invalid-access in
bpf_patch_insn_data+0x22c/0x2f0
[ 79.419415] [4: netbpfload: 825] Write of size 27896 at addr
25ffffc08e6314d0 by task netbpfload/825
[ 79.419984] [4: netbpfload: 825] Pointer tag: [25], memory tag: [fa]
[ 79.425193] [4: netbpfload: 825]
[ 79.427365] [4: netbpfload: 825] CPU: 4 UID: 0 PID: 825 Comm:
netbpfload Tainted: G OE
6.18.0-rc6-android17-0-gd28deb424356-4k #1 PREEMPT
92293e52a7788dc6ec1b9dff6625aaee925f3475
[ 79.427374] [4: netbpfload: 825] Tainted: [O]=OOT_MODULE,
[E]=UNSIGNED_MODULE
[ 79.427378] [4: netbpfload: 825] Hardware name: Samsung ERD9965 board
based on S5E9965 (DT)
[ 79.427382] [4: netbpfload: 825] Call trace:
[ 79.427385] [4: netbpfload: 825] show_stack+0x18/0x28 (C)
[ 79.427394] [4: netbpfload: 825] __dump_stack+0x28/0x3c
[ 79.427401] [4: netbpfload: 825] dump_stack_lvl+0x7c/0xa8
[ 79.427407] [4: netbpfload: 825] print_address_description+0x7c/0x20c
[ 79.427414] [4: netbpfload: 825] print_report+0x70/0x8c
[ 79.427421] [4: netbpfload: 825] kasan_report+0xb4/0x114
[ 79.427427] [4: netbpfload: 825] kasan_check_range+0x94/0xa0
[ 79.427432] [4: netbpfload: 825] __asan_memmove+0x54/0x88
[ 79.427437] [4: netbpfload: 825] bpf_patch_insn_data+0x22c/0x2f0
[ 79.427442] [4: netbpfload: 825] bpf_check+0x2b44/0x8c34
[ 79.427449] [4: netbpfload: 825] bpf_prog_load+0x8dc/0x990
[ 79.427453] [4: netbpfload: 825] __sys_bpf+0x300/0x4c8
[ 79.427458] [4: netbpfload: 825] __arm64_sys_bpf+0x48/0x64
[ 79.427465] [4: netbpfload: 825] invoke_syscall+0x6c/0x13c
[ 79.427471] [4: netbpfload: 825] el0_svc_common+0xf8/0x138
[ 79.427478] [4: netbpfload: 825] do_el0_svc+0x30/0x40
[ 79.427484] [4: netbpfload: 825] el0_svc+0x38/0x8c
[ 79.427491] [4: netbpfload: 825] el0t_64_sync_handler+0x68/0xdc
[ 79.427497] [4: netbpfload: 825] el0t_64_sync+0x1b8/0x1bc
[ 79.427502] [4: netbpfload: 825]
[ 79.545586] [4: netbpfload: 825] The buggy address belongs to a 8-page
vmalloc region starting at 0x25ffffc08e631000 allocated at
bpf_patch_insn_data+0x8c/0x2f0
[ 79.558777] [4: netbpfload: 825] The buggy address belongs to the
physical page:
[ 79.565029] [4: netbpfload: 825] page: refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x8b308b
[ 79.573710] [4: netbpfload: 825] memcg:c6ffff882d1d6402
[ 79.577791] [4: netbpfload: 825] flags:
0x6f80000000000000(zone=1|kasantag=0xbe)
[ 79.584042] [4: netbpfload: 825] raw: 6f80000000000000 0000000000000000
dead000000000122 0000000000000000
[ 79.592460] [4: netbpfload: 825] raw: 0000000000000000 0000000000000000
00000001ffffffff c6ffff882d1d6402
[ 79.600877] [4: netbpfload: 825] page dumped because: kasan: bad access
detected
[ 79.607126] [4: netbpfload: 825]
[ 79.609296] [4: netbpfload: 825] Memory state around the buggy address:
[ 79.614766] [4: netbpfload: 825] ffffffc08e637f00: 25 25 25 25 25 25
25 25 25 25 25 25 25 25 25 25
[ 79.622665] [4: netbpfload: 825] ffffffc08e638000: 25 25 25 25 25 25
25 25 25 25 25 25 25 25 25 25
[ 79.630562] [4: netbpfload: 825] >ffffffc08e638100: 25 25 25 25 25 25
25 fa fa fa fa fa fa fe fe fe
[ 79.638463] [4: netbpfload: 825]
^
[ 79.644190] [4: netbpfload: 825] ffffffc08e638200: fe fe fe fe fe fe
fe fe fe fe fe fe fe fe fe fe
[ 79.652089] [4: netbpfload: 825] ffffffc08e638300: fe fe fe fe fe fe
fe fe fe fe fe fe fe fe fe fe
[ 79.659987] [4: netbpfload: 825]
==================================================================
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are on the CC list for the bug.
bugzill...@kernel.org
Dec 22, 2025, 3:33:14 AM (3 days ago) Dec 22
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
Marco Elver (mel...@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mel...@kernel.org
--- Comment #1 from Marco Elver (mel...@kernel.org) ---
Not sure why this was reported here, but it's best you send this to LKML with
maintainers+mailing lists of both BPF and KASAN added (see MAINTAINERS file).
Marco Elver (mel...@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mel...@kernel.org
--- Comment #1 from Marco Elver (mel...@kernel.org) ---
Not sure why this was reported here, but it's best you send this to LKML with
maintainers+mailing lists of both BPF and KASAN added (see MAINTAINERS file).
bugzill...@kernel.org
Dec 22, 2025, 10:51:26 AM (3 days ago) Dec 22
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
Andrey Konovalov (andre...@gmail.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andre...@gmail.com
--- Comment #2 from Andrey Konovalov (andre...@gmail.com) ---
These patches likely fix the issue:
https://lore.kernel.org/linux-mm/cover.1765978969.g...@pm.me/
Andrey Konovalov (andre...@gmail.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andre...@gmail.com
--- Comment #2 from Andrey Konovalov (andre...@gmail.com) ---
These patches likely fix the issue:
https://lore.kernel.org/linux-mm/cover.1765978969.g...@pm.me/
bugzill...@kernel.org
Dec 22, 2025, 7:42:25 PM (2 days ago) Dec 22
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
--- Comment #3 from joonk...@samsung.com ---
(In reply to Andrey Konovalov from comment #2)
I'll check them.
--- Comment #3 from joonk...@samsung.com ---
(In reply to Andrey Konovalov from comment #2)
> These patches likely fix the issue:
>
> https://lore.kernel.org/linux-mm/cover.1765978969.g...@pm.me/
Thanks.
>
> https://lore.kernel.org/linux-mm/cover.1765978969.g...@pm.me/
I'll check them.
bugzill...@kernel.org
Dec 23, 2025, 1:54:32 AM (2 days ago) Dec 23
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
--- Comment #4 from joonk...@samsung.com ---
After applying fixes, panic on warn occurred.
Did I missing something?
[ 84.536021] [4: netbpfload: 771] ------------[ cut here ]------------
[ 84.536196] [4: netbpfload: 771] WARNING: CPU: 4 PID: 771 at
mm/kasan/shadow.c:174 __kasan_unpoison_vmalloc+0x94/0xa0
....
[ 84.773445] [4: netbpfload: 771] CPU: 4 UID: 0 PID: 771 Comm:
netbpfload Tainted: G OE 6.18.1-android17-0-g41be44edb8d5-4k #1
PREEMPT 70442b615e7d1d560808f482eb5d71810120225e
[ 84.789323] [4: netbpfload: 771] Tainted: [O]=OOT_MODULE,
[E]=UNSIGNED_MODULE
[ 84.795311] [4: netbpfload: 771] Hardware name: Samsung ERD9965 board
based on S5E9965 (DT)
[ 84.802519] [4: netbpfload: 771] pstate: 03402005 (nzcv daif +PAN -UAO
+TCO +DIT -SSBS BTYPE=--)
[ 84.810152] [4: netbpfload: 771] pc :
__kasan_unpoison_vmalloc+0x94/0xa0
[ 84.815708] [4: netbpfload: 771] lr :
__kasan_unpoison_vmalloc+0x24/0xa0
[ 84.821264] [4: netbpfload: 771] sp : ffffffc0a97e77a0
[ 84.825256] [4: netbpfload: 771] x29: ffffffc0a97e77a0 x28:
3bffff8837198670 x27: 0000000000008000
[ 84.833069] [4: netbpfload: 771] x26: 41ffff8837ef8e00 x25:
ffffffffffffffa8 x24: 00000000000071c8
[ 84.840880] [4: netbpfload: 771] x23: 0000000000000001 x22:
00000000ffffffff x21: 000000000000000e
[ 84.848694] [4: netbpfload: 771] x20: 0000000000000058 x19:
c3ffffc0a8f271c8 x18: ffffffc082f1c100
[ 84.856504] [4: netbpfload: 771] x17: 000000003688d116 x16:
000000003688d116 x15: ffffff8837efff80
[ 84.864317] [4: netbpfload: 771] x14: 0000000000000180 x13:
0000000000000000 x12: e6ffff8837eff700
[ 84.872129] [4: netbpfload: 771] x11: 0000000000000041 x10:
0000000000000000 x9 : fffffffebf800000
[ 84.879941] [4: netbpfload: 771] x8 : ffffffc0a8f271c8 x7 :
0000000000000000 x6 : ffffffc0805bef3c
[ 84.887754] [4: netbpfload: 771] x5 : 0000000000000000 x4 :
0000000000000000 x3 : ffffffc080234b6c
[ 84.895566] [4: netbpfload: 771] x2 : 000000000000000e x1 :
0000000000000058 x0 : 0000000000000001
[ 84.903377] [4: netbpfload: 771] Call trace:
[ 84.906502] [4: netbpfload: 771] __kasan_unpoison_vmalloc+0x94/0xa0
(P)
[ 84.912058] [4: netbpfload: 771] vrealloc_node_align_noprof+0xdc/0x2e4
[ 84.917525] [4: netbpfload: 771] bpf_patch_insn_data+0xb0/0x378
[ 84.922384] [4: netbpfload: 771] bpf_check+0x25a4/0x8ef0
[ 84.926638] [4: netbpfload: 771] bpf_prog_load+0x8dc/0x990
[ 84.931065] [4: netbpfload: 771] __sys_bpf+0x340/0x524
[ 84.935145] [4: netbpfload: 771] __arm64_sys_bpf+0x48/0x64
[ 84.939571] [4: netbpfload: 771] invoke_syscall+0x6c/0x13c
[ 84.943997] [4: netbpfload: 771] el0_svc_common+0xf8/0x138
[ 84.948426] [4: netbpfload: 771] do_el0_svc+0x30/0x40
[ 84.952420] [4: netbpfload: 771] el0_svc+0x38/0x90
[ 84.956151] [4: netbpfload: 771] el0t_64_sync_handler+0x68/0xdc
[ 84.961011] [4: netbpfload: 771] el0t_64_sync+0x1b8/0x1bc
[ 84.965355] [4: netbpfload: 771] Kernel panic - not syncing: kernel:
panic_on_warn set ...
--- Comment #4 from joonk...@samsung.com ---
After applying fixes, panic on warn occurred.
Did I missing something?
[ 84.536021] [4: netbpfload: 771] ------------[ cut here ]------------
[ 84.536196] [4: netbpfload: 771] WARNING: CPU: 4 PID: 771 at
mm/kasan/shadow.c:174 __kasan_unpoison_vmalloc+0x94/0xa0
....
[ 84.773445] [4: netbpfload: 771] CPU: 4 UID: 0 PID: 771 Comm:
netbpfload Tainted: G OE 6.18.1-android17-0-g41be44edb8d5-4k #1
PREEMPT 70442b615e7d1d560808f482eb5d71810120225e
[ 84.789323] [4: netbpfload: 771] Tainted: [O]=OOT_MODULE,
[E]=UNSIGNED_MODULE
[ 84.795311] [4: netbpfload: 771] Hardware name: Samsung ERD9965 board
based on S5E9965 (DT)
[ 84.802519] [4: netbpfload: 771] pstate: 03402005 (nzcv daif +PAN -UAO
+TCO +DIT -SSBS BTYPE=--)
[ 84.810152] [4: netbpfload: 771] pc :
__kasan_unpoison_vmalloc+0x94/0xa0
[ 84.815708] [4: netbpfload: 771] lr :
__kasan_unpoison_vmalloc+0x24/0xa0
[ 84.821264] [4: netbpfload: 771] sp : ffffffc0a97e77a0
[ 84.825256] [4: netbpfload: 771] x29: ffffffc0a97e77a0 x28:
3bffff8837198670 x27: 0000000000008000
[ 84.833069] [4: netbpfload: 771] x26: 41ffff8837ef8e00 x25:
ffffffffffffffa8 x24: 00000000000071c8
[ 84.840880] [4: netbpfload: 771] x23: 0000000000000001 x22:
00000000ffffffff x21: 000000000000000e
[ 84.848694] [4: netbpfload: 771] x20: 0000000000000058 x19:
c3ffffc0a8f271c8 x18: ffffffc082f1c100
[ 84.856504] [4: netbpfload: 771] x17: 000000003688d116 x16:
000000003688d116 x15: ffffff8837efff80
[ 84.864317] [4: netbpfload: 771] x14: 0000000000000180 x13:
0000000000000000 x12: e6ffff8837eff700
[ 84.872129] [4: netbpfload: 771] x11: 0000000000000041 x10:
0000000000000000 x9 : fffffffebf800000
[ 84.879941] [4: netbpfload: 771] x8 : ffffffc0a8f271c8 x7 :
0000000000000000 x6 : ffffffc0805bef3c
[ 84.887754] [4: netbpfload: 771] x5 : 0000000000000000 x4 :
0000000000000000 x3 : ffffffc080234b6c
[ 84.895566] [4: netbpfload: 771] x2 : 000000000000000e x1 :
0000000000000058 x0 : 0000000000000001
[ 84.903377] [4: netbpfload: 771] Call trace:
[ 84.906502] [4: netbpfload: 771] __kasan_unpoison_vmalloc+0x94/0xa0
(P)
[ 84.912058] [4: netbpfload: 771] vrealloc_node_align_noprof+0xdc/0x2e4
[ 84.917525] [4: netbpfload: 771] bpf_patch_insn_data+0xb0/0x378
[ 84.922384] [4: netbpfload: 771] bpf_check+0x25a4/0x8ef0
[ 84.926638] [4: netbpfload: 771] bpf_prog_load+0x8dc/0x990
[ 84.931065] [4: netbpfload: 771] __sys_bpf+0x340/0x524
[ 84.935145] [4: netbpfload: 771] __arm64_sys_bpf+0x48/0x64
[ 84.939571] [4: netbpfload: 771] invoke_syscall+0x6c/0x13c
[ 84.943997] [4: netbpfload: 771] el0_svc_common+0xf8/0x138
[ 84.948426] [4: netbpfload: 771] do_el0_svc+0x30/0x40
[ 84.952420] [4: netbpfload: 771] el0_svc+0x38/0x90
[ 84.956151] [4: netbpfload: 771] el0t_64_sync_handler+0x68/0xdc
[ 84.961011] [4: netbpfload: 771] el0t_64_sync+0x1b8/0x1bc
[ 84.965355] [4: netbpfload: 771] Kernel panic - not syncing: kernel:
panic_on_warn set ...
bugzill...@kernel.org
Dec 23, 2025, 7:41:34 AM (2 days ago) Dec 23
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=220889
--- Comment #5 from joonk...@samsung.com ---
When "old_size" value is a multiple of 8(which is in the granule_mask range),
panic on warn occurred in kasan_unpoison().
[ 79.334574][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
abffffc08ef41000 to 330
[ 79.334919][ T827] bpf_patch_insn_data: insn_aux_data at 55ffffc0a9c00000
[ 79.335151][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
55ffffc0a9c00000 to 331
[ 79.336331][ T827] vrealloc_node_align_noprof: p=55ffffc0a9c00000
old_size=7170
[ 79.343898][ T827] vrealloc_node_align_noprof: size=71c8 alloced_size=8000
[ 79.350782][ T827] bpf_patch_insn_data: insn_aux_data at 55ffffc0a9c00000
[ 79.357591][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
55ffffc0a9c00000 to 332
[ 79.366174][ T827] vrealloc_node_align_noprof: p=55ffffc0a9c00000
old_size=71c8
[ 79.373588][ T827] vrealloc_node_align_noprof: size=7220 alloced_size=8000
[ 79.380485][ T827] kasan_unpoison: after kasan_reset_tag
addr=ffffffc0a9c071c8(granule mask=f)
--- Comment #5 from joonk...@samsung.com ---
When "old_size" value is a multiple of 8(which is in the granule_mask range),
panic on warn occurred in kasan_unpoison().
[ 79.334574][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
abffffc08ef41000 to 330
[ 79.334919][ T827] bpf_patch_insn_data: insn_aux_data at 55ffffc0a9c00000
[ 79.335151][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
55ffffc0a9c00000 to 331
[ 79.336331][ T827] vrealloc_node_align_noprof: p=55ffffc0a9c00000
old_size=7170
[ 79.343898][ T827] vrealloc_node_align_noprof: size=71c8 alloced_size=8000
[ 79.350782][ T827] bpf_patch_insn_data: insn_aux_data at 55ffffc0a9c00000
[ 79.357591][ T827] bpf_patch_insn_data: insn_aux_data size realloc at
55ffffc0a9c00000 to 332
[ 79.366174][ T827] vrealloc_node_align_noprof: p=55ffffc0a9c00000
old_size=71c8
[ 79.373588][ T827] vrealloc_node_align_noprof: size=7220 alloced_size=8000
[ 79.380485][ T827] kasan_unpoison: after kasan_reset_tag
addr=ffffffc0a9c071c8(granule mask=f)
Reply all
Reply to author
Forward
0 new messages