Hay
Sign in
Date
Nov. 20, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   36.232513] ==================================================================
[   36.234292] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   36.235171] Write of size 1 at addr fff00000c64d60eb by task kunit_try_catch/149
[   36.235911] 
[   36.236291] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   36.238176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.238601] Hardware name: linux,dummy-virt (DT)
[   36.239286] Call trace:
[   36.239819]  show_stack+0x20/0x38 (C)
[   36.240483]  dump_stack_lvl+0x8c/0xd0
[   36.241102]  print_report+0x118/0x5e0
[   36.241792]  kasan_report+0xc8/0x118
[   36.242484]  __asan_report_store1_noabort+0x20/0x30
[   36.243005]  krealloc_more_oob_helper+0x614/0x680
[   36.243537]  krealloc_large_more_oob+0x20/0x38
[   36.244621]  kunit_try_run_case+0x14c/0x3d0
[   36.245465]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.246153]  kthread+0x24c/0x2d0
[   36.246674]  ret_from_fork+0x10/0x20
[   36.247277] 
[   36.247647] The buggy address belongs to the physical page:
[   36.248263] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064d4
[   36.249018] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   36.250113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   36.250714] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.251288] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   36.252184] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.253657] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   36.254890] head: 0bfffe0000000002 ffffc1ffc3193501 ffffffffffffffff 0000000000000000
[   36.255682] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   36.256673] page dumped because: kasan: bad access detected
[   36.257489] 
[   36.257734] Memory state around the buggy address:
[   36.258426]  fff00000c64d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.259879]  fff00000c64d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.260731] >fff00000c64d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   36.261610]                                                           ^
[   36.262426]  fff00000c64d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.263146]  fff00000c64d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.264015] ==================================================================
[   35.906995] ==================================================================
[   35.908062] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   35.908981] Write of size 1 at addr fff00000c449b4eb by task kunit_try_catch/145
[   35.910393] 
[   35.910820] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   35.912068] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.912890] Hardware name: linux,dummy-virt (DT)
[   35.913930] Call trace:
[   35.914724]  show_stack+0x20/0x38 (C)
[   35.915240]  dump_stack_lvl+0x8c/0xd0
[   35.915797]  print_report+0x118/0x5e0
[   35.916376]  kasan_report+0xc8/0x118
[   35.916962]  __asan_report_store1_noabort+0x20/0x30
[   35.918040]  krealloc_more_oob_helper+0x614/0x680
[   35.918697]  krealloc_more_oob+0x20/0x38
[   35.919168]  kunit_try_run_case+0x14c/0x3d0
[   35.919802]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.920472]  kthread+0x24c/0x2d0
[   35.920967]  ret_from_fork+0x10/0x20
[   35.921642] 
[   35.921968] Allocated by task 145:
[   35.922387]  kasan_save_stack+0x3c/0x68
[   35.922988]  kasan_save_track+0x20/0x40
[   35.923461]  kasan_save_alloc_info+0x40/0x58
[   35.924085]  __kasan_krealloc+0x118/0x178
[   35.924682]  krealloc_noprof+0x128/0x360
[   35.925177]  krealloc_more_oob_helper+0x168/0x680
[   35.926794]  krealloc_more_oob+0x20/0x38
[   35.927333]  kunit_try_run_case+0x14c/0x3d0
[   35.927864]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.928521]  kthread+0x24c/0x2d0
[   35.928993]  ret_from_fork+0x10/0x20
[   35.929536] 
[   35.930112] The buggy address belongs to the object at fff00000c449b400
[   35.930112]  which belongs to the cache kmalloc-256 of size 256
[   35.931513] The buggy address is located 0 bytes to the right of
[   35.931513]  allocated 235-byte region [fff00000c449b400, fff00000c449b4eb)
[   35.932704] 
[   35.933116] The buggy address belongs to the physical page:
[   35.934503] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10449a
[   35.935146] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.936891] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.937585] page_type: f5(slab)
[   35.938084] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   35.938980] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   35.939807] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   35.940635] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   35.941527] head: 0bfffe0000000001 ffffc1ffc3112681 ffffffffffffffff 0000000000000000
[   35.942482] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   35.943231] page dumped because: kasan: bad access detected
[   35.944214] 
[   35.944699] Memory state around the buggy address:
[   35.945765]  fff00000c449b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.946767]  fff00000c449b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.947854] >fff00000c449b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   35.948782]                                                           ^
[   35.949691]  fff00000c449b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.950523]  fff00000c449b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.951180] ==================================================================
[   35.953922] ==================================================================
[   35.954532] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   35.955168] Write of size 1 at addr fff00000c449b4f0 by task kunit_try_catch/145
[   35.956030] 
[   35.956392] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   35.958254] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.958767] Hardware name: linux,dummy-virt (DT)
[   35.959237] Call trace:
[   35.959628]  show_stack+0x20/0x38 (C)
[   35.960190]  dump_stack_lvl+0x8c/0xd0
[   35.960801]  print_report+0x118/0x5e0
[   35.961627]  kasan_report+0xc8/0x118
[   35.962109]  __asan_report_store1_noabort+0x20/0x30
[   35.962749]  krealloc_more_oob_helper+0x5c8/0x680
[   35.963258]  krealloc_more_oob+0x20/0x38
[   35.963865]  kunit_try_run_case+0x14c/0x3d0
[   35.964499]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.965091]  kthread+0x24c/0x2d0
[   35.965938]  ret_from_fork+0x10/0x20
[   35.966524] 
[   35.966826] Allocated by task 145:
[   35.967538]  kasan_save_stack+0x3c/0x68
[   35.968082]  kasan_save_track+0x20/0x40
[   35.968655]  kasan_save_alloc_info+0x40/0x58
[   35.969232]  __kasan_krealloc+0x118/0x178
[   35.969795]  krealloc_noprof+0x128/0x360
[   35.970371]  krealloc_more_oob_helper+0x168/0x680
[   35.971002]  krealloc_more_oob+0x20/0x38
[   35.971597]  kunit_try_run_case+0x14c/0x3d0
[   35.972076]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.972765]  kthread+0x24c/0x2d0
[   35.973268]  ret_from_fork+0x10/0x20
[   35.974612] 
[   35.974967] The buggy address belongs to the object at fff00000c449b400
[   35.974967]  which belongs to the cache kmalloc-256 of size 256
[   35.976082] The buggy address is located 5 bytes to the right of
[   35.976082]  allocated 235-byte region [fff00000c449b400, fff00000c449b4eb)
[   35.978244] 
[   35.978601] The buggy address belongs to the physical page:
[   35.979210] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10449a
[   35.980463] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.981270] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.982352] page_type: f5(slab)
[   35.982830] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   35.983764] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   35.984635] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   35.985639] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   35.986475] head: 0bfffe0000000001 ffffc1ffc3112681 ffffffffffffffff 0000000000000000
[   35.987284] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   35.988136] page dumped because: kasan: bad access detected
[   35.988821] 
[   35.989103] Memory state around the buggy address:
[   35.990158]  fff00000c449b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.990885]  fff00000c449b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.991689] >fff00000c449b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   35.992475]                                                              ^
[   35.993276]  fff00000c449b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.994389]  fff00000c449b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.995136] ==================================================================
[   36.265744] ==================================================================
[   36.266545] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   36.267507] Write of size 1 at addr fff00000c64d60f0 by task kunit_try_catch/149
[   36.268231] 
[   36.268588] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   36.269696] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.270258] Hardware name: linux,dummy-virt (DT)
[   36.270941] Call trace:
[   36.271366]  show_stack+0x20/0x38 (C)
[   36.271815]  dump_stack_lvl+0x8c/0xd0
[   36.272412]  print_report+0x118/0x5e0
[   36.273050]  kasan_report+0xc8/0x118
[   36.273742]  __asan_report_store1_noabort+0x20/0x30
[   36.274491]  krealloc_more_oob_helper+0x5c8/0x680
[   36.275201]  krealloc_large_more_oob+0x20/0x38
[   36.275754]  kunit_try_run_case+0x14c/0x3d0
[   36.276456]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.277259]  kthread+0x24c/0x2d0
[   36.277913]  ret_from_fork+0x10/0x20
[   36.278530] 
[   36.278782] The buggy address belongs to the physical page:
[   36.279217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064d4
[   36.280117] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   36.281065] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   36.282169] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.283042] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   36.283944] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.284860] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   36.285632] head: 0bfffe0000000002 ffffc1ffc3193501 ffffffffffffffff 0000000000000000
[   36.286558] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   36.287206] page dumped because: kasan: bad access detected
[   36.288008] 
[   36.288348] Memory state around the buggy address:
[   36.289022]  fff00000c64d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.289930]  fff00000c64d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.290753] >fff00000c64d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   36.291535]                                                              ^
[   36.292419]  fff00000c64d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.293113]  fff00000c64d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.294112] ==================================================================
Metadata Full log Test run details 

[   27.601656] ==================================================================
[   27.602660] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   27.603496] Write of size 1 at addr ffff8881024f60f0 by task kunit_try_catch/167
[   27.604969] 
[   27.605206] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   27.606862] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.607435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.608967] Call Trace:
[   27.609221]  <TASK>
[   27.609412]  dump_stack_lvl+0x73/0xb0
[   27.610491]  print_report+0xd1/0x640
[   27.611202]  ? __virt_addr_valid+0x1db/0x2d0
[   27.611789]  ? kasan_addr_to_slab+0x11/0xa0
[   27.612540]  kasan_report+0x102/0x140
[   27.613415]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.614126]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.615014]  __asan_report_store1_noabort+0x1b/0x30
[   27.615785]  krealloc_more_oob_helper+0x7ed/0x930
[   27.616583]  ? __schedule+0xc3e/0x2790
[   27.617239]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.618137]  ? finish_task_switch.isra.0+0x153/0x700
[   27.618619]  ? __switch_to+0x5d9/0xf60
[   27.619025]  ? __schedule+0xc3e/0x2790
[   27.619428]  ? __pfx_read_tsc+0x10/0x10
[   27.620482]  krealloc_large_more_oob+0x1c/0x30
[   27.621228]  kunit_try_run_case+0x1b3/0x490
[   27.622390]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.622791]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.623495]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.624484]  ? __kthread_parkme+0x82/0x160
[   27.625075]  ? preempt_count_sub+0x50/0x80
[   27.625793]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.626674]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.627980]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.628568]  kthread+0x257/0x310
[   27.629295]  ? __pfx_kthread+0x10/0x10
[   27.629846]  ret_from_fork+0x41/0x80
[   27.630177]  ? __pfx_kthread+0x10/0x10
[   27.630644]  ret_from_fork_asm+0x1a/0x30
[   27.631014]  </TASK>
[   27.632071] 
[   27.632323] The buggy address belongs to the physical page:
[   27.632674] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024f4
[   27.633891] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.634504] flags: 0x200000000000040(head|node=0|zone=2)
[   27.635540] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.636458] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.637370] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.638215] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.639499] head: 0200000000000002 ffffea0004093d01 ffffffffffffffff 0000000000000000
[   27.640311] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   27.641382] page dumped because: kasan: bad access detected
[   27.641713] 
[   27.641944] Memory state around the buggy address:
[   27.642908]  ffff8881024f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.643492]  ffff8881024f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.644547] >ffff8881024f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.645125]                                                              ^
[   27.646261]  ffff8881024f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.647160]  ffff8881024f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.648006] ==================================================================
[   27.156273] ==================================================================
[   27.158148] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   27.158769] Write of size 1 at addr ffff888100394ceb by task kunit_try_catch/163
[   27.160302] 
[   27.160495] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   27.161386] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.161828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.162702] Call Trace:
[   27.163014]  <TASK>
[   27.163369]  dump_stack_lvl+0x73/0xb0
[   27.163782]  print_report+0xd1/0x640
[   27.165019]  ? __virt_addr_valid+0x1db/0x2d0
[   27.165927]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.166315]  kasan_report+0x102/0x140
[   27.167098]  ? krealloc_more_oob_helper+0x823/0x930
[   27.168108]  ? krealloc_more_oob_helper+0x823/0x930
[   27.168790]  __asan_report_store1_noabort+0x1b/0x30
[   27.169445]  krealloc_more_oob_helper+0x823/0x930
[   27.170209]  ? __schedule+0xc3e/0x2790
[   27.170562]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.171114]  ? __kasan_check_write+0x18/0x20
[   27.171664]  ? queued_spin_lock_slowpath+0x117/0xb40
[   27.172293]  ? irqentry_exit+0x2a/0x60
[   27.173314]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   27.173812]  ? trace_hardirqs_on+0x37/0xe0
[   27.174591]  ? __pfx_read_tsc+0x10/0x10
[   27.175266]  krealloc_more_oob+0x1c/0x30
[   27.176038]  kunit_try_run_case+0x1b3/0x490
[   27.176717]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.177528]  ? queued_spin_lock_slowpath+0x117/0xb40
[   27.178253]  ? __kthread_parkme+0x82/0x160
[   27.178706]  ? preempt_count_sub+0x50/0x80
[   27.179576]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.180404]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.181661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.182174]  kthread+0x257/0x310
[   27.182790]  ? __pfx_kthread+0x10/0x10
[   27.183590]  ret_from_fork+0x41/0x80
[   27.184285]  ? __pfx_kthread+0x10/0x10
[   27.184946]  ret_from_fork_asm+0x1a/0x30
[   27.185733]  </TASK>
[   27.186053] 
[   27.186675] Allocated by task 163:
[   27.186991]  kasan_save_stack+0x3d/0x60
[   27.187802]  kasan_save_track+0x18/0x40
[   27.188359]  kasan_save_alloc_info+0x3b/0x50
[   27.188800]  __kasan_krealloc+0x190/0x1f0
[   27.189112]  krealloc_noprof+0xf3/0x340
[   27.189454]  krealloc_more_oob_helper+0x1aa/0x930
[   27.190483]  krealloc_more_oob+0x1c/0x30
[   27.191011]  kunit_try_run_case+0x1b3/0x490
[   27.191567]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.192461]  kthread+0x257/0x310
[   27.192797]  ret_from_fork+0x41/0x80
[   27.193320]  ret_from_fork_asm+0x1a/0x30
[   27.194120] 
[   27.194398] The buggy address belongs to the object at ffff888100394c00
[   27.194398]  which belongs to the cache kmalloc-256 of size 256
[   27.196054] The buggy address is located 0 bytes to the right of
[   27.196054]  allocated 235-byte region [ffff888100394c00, ffff888100394ceb)
[   27.197436] 
[   27.197839] The buggy address belongs to the physical page:
[   27.198482] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   27.199595] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.200418] flags: 0x200000000000040(head|node=0|zone=2)
[   27.201221] page_type: f5(slab)
[   27.201572] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   27.202425] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   27.204004] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   27.204636] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   27.205561] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   27.206355] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   27.206867] page dumped because: kasan: bad access detected
[   27.207448] 
[   27.207640] Memory state around the buggy address:
[   27.208309]  ffff888100394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.208867]  ffff888100394c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.209655] >ffff888100394c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   27.210335]                                                           ^
[   27.211304]  ffff888100394d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.211944]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.212751] ==================================================================
[   27.554007] ==================================================================
[   27.554818] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   27.556461] Write of size 1 at addr ffff8881024f60eb by task kunit_try_catch/167
[   27.557554] 
[   27.557773] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   27.559060] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.559358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.560514] Call Trace:
[   27.560897]  <TASK>
[   27.561544]  dump_stack_lvl+0x73/0xb0
[   27.562465]  print_report+0xd1/0x640
[   27.563231]  ? __virt_addr_valid+0x1db/0x2d0
[   27.563823]  ? kasan_addr_to_slab+0x11/0xa0
[   27.564180]  kasan_report+0x102/0x140
[   27.564841]  ? krealloc_more_oob_helper+0x823/0x930
[   27.565362]  ? krealloc_more_oob_helper+0x823/0x930
[   27.566147]  __asan_report_store1_noabort+0x1b/0x30
[   27.566972]  krealloc_more_oob_helper+0x823/0x930
[   27.567435]  ? __schedule+0xc3e/0x2790
[   27.567919]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.568612]  ? finish_task_switch.isra.0+0x153/0x700
[   27.569181]  ? __switch_to+0x5d9/0xf60
[   27.569644]  ? __schedule+0xc3e/0x2790
[   27.570592]  ? __pfx_read_tsc+0x10/0x10
[   27.571039]  krealloc_large_more_oob+0x1c/0x30
[   27.571608]  kunit_try_run_case+0x1b3/0x490
[   27.572314]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.573004]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.573452]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.574416]  ? __kthread_parkme+0x82/0x160
[   27.574884]  ? preempt_count_sub+0x50/0x80
[   27.575512]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.575983]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.576841]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.577801]  kthread+0x257/0x310
[   27.578189]  ? __pfx_kthread+0x10/0x10
[   27.579006]  ret_from_fork+0x41/0x80
[   27.579494]  ? __pfx_kthread+0x10/0x10
[   27.580203]  ret_from_fork_asm+0x1a/0x30
[   27.580571]  </TASK>
[   27.581041] 
[   27.581327] The buggy address belongs to the physical page:
[   27.581908] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024f4
[   27.583127] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.584156] flags: 0x200000000000040(head|node=0|zone=2)
[   27.584523] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.586310] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.586958] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.588285] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.589331] head: 0200000000000002 ffffea0004093d01 ffffffffffffffff 0000000000000000
[   27.589683] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   27.590352] page dumped because: kasan: bad access detected
[   27.591608] 
[   27.591907] Memory state around the buggy address:
[   27.593418]  ffff8881024f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.594146]  ffff8881024f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.595495] >ffff8881024f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.596409]                                                           ^
[   27.597587]  ffff8881024f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.598291]  ffff8881024f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.599388] ==================================================================
[   27.213773] ==================================================================
[   27.214371] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   27.215080] Write of size 1 at addr ffff888100394cf0 by task kunit_try_catch/163
[   27.215650] 
[   27.215926] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   27.217008] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.217283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.218287] Call Trace:
[   27.218498]  <TASK>
[   27.218893]  dump_stack_lvl+0x73/0xb0
[   27.219387]  print_report+0xd1/0x640
[   27.219833]  ? __virt_addr_valid+0x1db/0x2d0
[   27.220347]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.220891]  kasan_report+0x102/0x140
[   27.221477]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.222003]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.222879]  __asan_report_store1_noabort+0x1b/0x30
[   27.223509]  krealloc_more_oob_helper+0x7ed/0x930
[   27.224139]  ? __schedule+0xc3e/0x2790
[   27.224421]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.224789]  ? __kasan_check_write+0x18/0x20
[   27.225172]  ? queued_spin_lock_slowpath+0x117/0xb40
[   27.225921]  ? irqentry_exit+0x2a/0x60
[   27.226660]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   27.227277]  ? trace_hardirqs_on+0x37/0xe0
[   27.227573]  ? __pfx_read_tsc+0x10/0x10
[   27.228533]  krealloc_more_oob+0x1c/0x30
[   27.228998]  kunit_try_run_case+0x1b3/0x490
[   27.229877]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.230340]  ? queued_spin_lock_slowpath+0x117/0xb40
[   27.230885]  ? __kthread_parkme+0x82/0x160
[   27.231251]  ? preempt_count_sub+0x50/0x80
[   27.231799]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.232124]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.232717]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.233075]  kthread+0x257/0x310
[   27.233446]  ? __pfx_kthread+0x10/0x10
[   27.234756]  ret_from_fork+0x41/0x80
[   27.235298]  ? __pfx_kthread+0x10/0x10
[   27.235603]  ret_from_fork_asm+0x1a/0x30
[   27.236814]  </TASK>
[   27.237128] 
[   27.237298] Allocated by task 163:
[   27.237536]  kasan_save_stack+0x3d/0x60
[   27.238375]  kasan_save_track+0x18/0x40
[   27.239551]  kasan_save_alloc_info+0x3b/0x50
[   27.240730]  __kasan_krealloc+0x190/0x1f0
[   27.241160]  krealloc_noprof+0xf3/0x340
[   27.241577]  krealloc_more_oob_helper+0x1aa/0x930
[   27.242174]  krealloc_more_oob+0x1c/0x30
[   27.242481]  kunit_try_run_case+0x1b3/0x490
[   27.243032]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.243571]  kthread+0x257/0x310
[   27.244227]  ret_from_fork+0x41/0x80
[   27.244517]  ret_from_fork_asm+0x1a/0x30
[   27.245091] 
[   27.245244] The buggy address belongs to the object at ffff888100394c00
[   27.245244]  which belongs to the cache kmalloc-256 of size 256
[   27.246637] The buggy address is located 5 bytes to the right of
[   27.246637]  allocated 235-byte region [ffff888100394c00, ffff888100394ceb)
[   27.247925] 
[   27.248232] The buggy address belongs to the physical page:
[   27.248726] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   27.249234] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.250009] flags: 0x200000000000040(head|node=0|zone=2)
[   27.250465] page_type: f5(slab)
[   27.250728] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   27.251281] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   27.252350] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   27.253147] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   27.253585] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   27.254456] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   27.255419] page dumped because: kasan: bad access detected
[   27.255974] 
[   27.256139] Memory state around the buggy address:
[   27.256549]  ffff888100394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.257443]  ffff888100394c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.258042] >ffff888100394c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   27.259216]                                                              ^
[   27.259910]  ffff888100394d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.260406]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.261020] ==================================================================
Metadata Full log Test run details