lkft/linux-next-master - next-20241122 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Nov. 22, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.817800] ==================================================================
[   32.818426] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   32.819355] Write of size 1 at addr fff00000c5c6f4da by task kunit_try_catch/147
[   32.822652] 
[   32.823908] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.826820] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.828404] Hardware name: linux,dummy-virt (DT)
[   32.830726] Call trace:
[   32.831384]  show_stack+0x20/0x38 (C)
[   32.832709]  dump_stack_lvl+0x8c/0xd0
[   32.833824]  print_report+0x118/0x5e0
[   32.834676]  kasan_report+0xc8/0x118
[   32.835913]  __asan_report_store1_noabort+0x20/0x30
[   32.837412]  krealloc_less_oob_helper+0xa80/0xc50
[   32.838015]  krealloc_less_oob+0x20/0x38
[   32.838787]  kunit_try_run_case+0x14c/0x3d0
[   32.839223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.840073]  kthread+0x24c/0x2d0
[   32.840959]  ret_from_fork+0x10/0x20
[   32.841857] 
[   32.842402] Allocated by task 147:
[   32.843139]  kasan_save_stack+0x3c/0x68
[   32.844074]  kasan_save_track+0x20/0x40
[   32.844974]  kasan_save_alloc_info+0x40/0x58
[   32.845876]  __kasan_krealloc+0x118/0x178
[   32.846480]  krealloc_noprof+0x128/0x360
[   32.847157]  krealloc_less_oob_helper+0x168/0xc50
[   32.847869]  krealloc_less_oob+0x20/0x38
[   32.848291]  kunit_try_run_case+0x14c/0x3d0
[   32.849327]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.850152]  kthread+0x24c/0x2d0
[   32.850815]  ret_from_fork+0x10/0x20
[   32.852109] 
[   32.852781] The buggy address belongs to the object at fff00000c5c6f400
[   32.852781]  which belongs to the cache kmalloc-256 of size 256
[   32.854705] The buggy address is located 17 bytes to the right of
[   32.854705]  allocated 201-byte region [fff00000c5c6f400, fff00000c5c6f4c9)
[   32.855760] 
[   32.856049] The buggy address belongs to the physical page:
[   32.858011] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.859139] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.861051] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.862271] page_type: f5(slab)
[   32.862763] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.864107] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.865367] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.867107] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.868404] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.870080] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.871756] page dumped because: kasan: bad access detected
[   32.872735] 
[   32.873154] Memory state around the buggy address:
[   32.874486]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.875562]  fff00000c5c6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.876320] >fff00000c5c6f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.879337]                                                     ^
[   32.880187]  fff00000c5c6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.881970]  fff00000c5c6f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.882876] ==================================================================
[   33.114537] ==================================================================
[   33.116098] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   33.117821] Write of size 1 at addr fff00000c69fa0c9 by task kunit_try_catch/151
[   33.118783] 
[   33.119169] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.120333] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.121106] Hardware name: linux,dummy-virt (DT)
[   33.121667] Call trace:
[   33.122601]  show_stack+0x20/0x38 (C)
[   33.123261]  dump_stack_lvl+0x8c/0xd0
[   33.123717]  print_report+0x118/0x5e0
[   33.124241]  kasan_report+0xc8/0x118
[   33.125679]  __asan_report_store1_noabort+0x20/0x30
[   33.126647]  krealloc_less_oob_helper+0xa48/0xc50
[   33.127272]  krealloc_large_less_oob+0x20/0x38
[   33.128032]  kunit_try_run_case+0x14c/0x3d0
[   33.129184]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.130238]  kthread+0x24c/0x2d0
[   33.130665]  ret_from_fork+0x10/0x20
[   33.131480] 
[   33.131951] The buggy address belongs to the physical page:
[   33.132757] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f8
[   33.133906] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.135004] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.136122] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.137242] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.138522] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.139713] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.140492] head: 0bfffe0000000002 ffffc1ffc31a7e01 ffffffffffffffff 0000000000000000
[   33.142114] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.143206] page dumped because: kasan: bad access detected
[   33.144213] 
[   33.144773] Memory state around the buggy address:
[   33.145633]  fff00000c69f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.146941]  fff00000c69fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.147792] >fff00000c69fa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.148844]                                               ^
[   33.150019]  fff00000c69fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.151875]  fff00000c69fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.153455] ==================================================================
[   33.155960] ==================================================================
[   33.157705] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   33.159917] Write of size 1 at addr fff00000c69fa0d0 by task kunit_try_catch/151
[   33.162611] 
[   33.163682] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.165265] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.166268] Hardware name: linux,dummy-virt (DT)
[   33.167059] Call trace:
[   33.167374]  show_stack+0x20/0x38 (C)
[   33.168207]  dump_stack_lvl+0x8c/0xd0
[   33.169311]  print_report+0x118/0x5e0
[   33.170680]  kasan_report+0xc8/0x118
[   33.171282]  __asan_report_store1_noabort+0x20/0x30
[   33.172228]  krealloc_less_oob_helper+0xb9c/0xc50
[   33.173594]  krealloc_large_less_oob+0x20/0x38
[   33.174176]  kunit_try_run_case+0x14c/0x3d0
[   33.175407]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.176208]  kthread+0x24c/0x2d0
[   33.177307]  ret_from_fork+0x10/0x20
[   33.178019] 
[   33.178391] The buggy address belongs to the physical page:
[   33.179299] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f8
[   33.180517] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.181977] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.182909] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.185085] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.186478] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.187705] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.188630] head: 0bfffe0000000002 ffffc1ffc31a7e01 ffffffffffffffff 0000000000000000
[   33.189672] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.190343] page dumped because: kasan: bad access detected
[   33.191832] 
[   33.192685] Memory state around the buggy address:
[   33.193776]  fff00000c69f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.195007]  fff00000c69fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.196385] >fff00000c69fa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.197796]                                                  ^
[   33.198793]  fff00000c69fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.201239]  fff00000c69fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.203017] ==================================================================
[   33.206783] ==================================================================
[   33.207660] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   33.210530] Write of size 1 at addr fff00000c69fa0da by task kunit_try_catch/151
[   33.212010] 
[   33.212370] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.214064] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.214517] Hardware name: linux,dummy-virt (DT)
[   33.214883] Call trace:
[   33.215090]  show_stack+0x20/0x38 (C)
[   33.215394]  dump_stack_lvl+0x8c/0xd0
[   33.216351]  print_report+0x118/0x5e0
[   33.217625]  kasan_report+0xc8/0x118
[   33.218603]  __asan_report_store1_noabort+0x20/0x30
[   33.219317]  krealloc_less_oob_helper+0xa80/0xc50
[   33.220113]  krealloc_large_less_oob+0x20/0x38
[   33.221094]  kunit_try_run_case+0x14c/0x3d0
[   33.221906]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.222712]  kthread+0x24c/0x2d0
[   33.223225]  ret_from_fork+0x10/0x20
[   33.224336] 
[   33.225003] The buggy address belongs to the physical page:
[   33.226747] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f8
[   33.227972] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.229760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.231179] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.232101] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.233365] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.234966] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.236060] head: 0bfffe0000000002 ffffc1ffc31a7e01 ffffffffffffffff 0000000000000000
[   33.236992] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.238470] page dumped because: kasan: bad access detected
[   33.239327] 
[   33.239726] Memory state around the buggy address:
[   33.240995]  fff00000c69f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.242031]  fff00000c69fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.243043] >fff00000c69fa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.243978]                                                     ^
[   33.244851]  fff00000c69fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.246072]  fff00000c69fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.247317] ==================================================================
[   32.695210] ==================================================================
[   32.696892] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.698378] Write of size 1 at addr fff00000c5c6f4c9 by task kunit_try_catch/147
[   32.700152] 
[   32.700972] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.702571] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.703340] Hardware name: linux,dummy-virt (DT)
[   32.704991] Call trace:
[   32.705400]  show_stack+0x20/0x38 (C)
[   32.706019]  dump_stack_lvl+0x8c/0xd0
[   32.706928]  print_report+0x118/0x5e0
[   32.707652]  kasan_report+0xc8/0x118
[   32.708252]  __asan_report_store1_noabort+0x20/0x30
[   32.710045]  krealloc_less_oob_helper+0xa48/0xc50
[   32.710815]  krealloc_less_oob+0x20/0x38
[   32.711397]  kunit_try_run_case+0x14c/0x3d0
[   32.713127]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.713956]  kthread+0x24c/0x2d0
[   32.714681]  ret_from_fork+0x10/0x20
[   32.715481] 
[   32.716006] Allocated by task 147:
[   32.716789]  kasan_save_stack+0x3c/0x68
[   32.717364]  kasan_save_track+0x20/0x40
[   32.717918]  kasan_save_alloc_info+0x40/0x58
[   32.718711]  __kasan_krealloc+0x118/0x178
[   32.719499]  krealloc_noprof+0x128/0x360
[   32.720148]  krealloc_less_oob_helper+0x168/0xc50
[   32.721176]  krealloc_less_oob+0x20/0x38
[   32.722076]  kunit_try_run_case+0x14c/0x3d0
[   32.723368]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.724198]  kthread+0x24c/0x2d0
[   32.725066]  ret_from_fork+0x10/0x20
[   32.725620] 
[   32.725925] The buggy address belongs to the object at fff00000c5c6f400
[   32.725925]  which belongs to the cache kmalloc-256 of size 256
[   32.727389] The buggy address is located 0 bytes to the right of
[   32.727389]  allocated 201-byte region [fff00000c5c6f400, fff00000c5c6f4c9)
[   32.729961] 
[   32.730341] The buggy address belongs to the physical page:
[   32.731154] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.732522] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.734750] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.735916] page_type: f5(slab)
[   32.736783] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.738289] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.739304] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.740321] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.741645] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.742614] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.744031] page dumped because: kasan: bad access detected
[   32.744818] 
[   32.745178] Memory state around the buggy address:
[   32.746088]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.746884]  fff00000c5c6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.748149] >fff00000c5c6f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.749059]                                               ^
[   32.750322]  fff00000c5c6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.751214]  fff00000c5c6f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.752548] ==================================================================
[   33.250989] ==================================================================
[   33.252002] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   33.253288] Write of size 1 at addr fff00000c69fa0ea by task kunit_try_catch/151
[   33.255570] 
[   33.256062] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.257333] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.257996] Hardware name: linux,dummy-virt (DT)
[   33.258715] Call trace:
[   33.259216]  show_stack+0x20/0x38 (C)
[   33.259870]  dump_stack_lvl+0x8c/0xd0
[   33.260611]  print_report+0x118/0x5e0
[   33.261251]  kasan_report+0xc8/0x118
[   33.261899]  __asan_report_store1_noabort+0x20/0x30
[   33.262653]  krealloc_less_oob_helper+0xae4/0xc50
[   33.263415]  krealloc_large_less_oob+0x20/0x38
[   33.264142]  kunit_try_run_case+0x14c/0x3d0
[   33.264945]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.265777]  kthread+0x24c/0x2d0
[   33.266391]  ret_from_fork+0x10/0x20
[   33.267067] 
[   33.267418] The buggy address belongs to the physical page:
[   33.268265] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f8
[   33.269301] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.270306] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.271288] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.272254] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.273205] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.274221] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.275256] head: 0bfffe0000000002 ffffc1ffc31a7e01 ffffffffffffffff 0000000000000000
[   33.276247] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.277245] page dumped because: kasan: bad access detected
[   33.278187] 
[   33.278700] Memory state around the buggy address:
[   33.279324]  fff00000c69f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.280300]  fff00000c69fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.281243] >fff00000c69fa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.282146]                                                           ^
[   33.283026]  fff00000c69fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.284064]  fff00000c69fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.285006] ==================================================================
[   32.755660] ==================================================================
[   32.756565] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.757411] Write of size 1 at addr fff00000c5c6f4d0 by task kunit_try_catch/147
[   32.758335] 
[   32.759589] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.761366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.761886] Hardware name: linux,dummy-virt (DT)
[   32.762323] Call trace:
[   32.763037]  show_stack+0x20/0x38 (C)
[   32.763625]  dump_stack_lvl+0x8c/0xd0
[   32.764372]  print_report+0x118/0x5e0
[   32.765175]  kasan_report+0xc8/0x118
[   32.766244]  __asan_report_store1_noabort+0x20/0x30
[   32.767456]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.768093]  krealloc_less_oob+0x20/0x38
[   32.768404]  kunit_try_run_case+0x14c/0x3d0
[   32.769222]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.769987]  kthread+0x24c/0x2d0
[   32.771168]  ret_from_fork+0x10/0x20
[   32.771800] 
[   32.772144] Allocated by task 147:
[   32.772884]  kasan_save_stack+0x3c/0x68
[   32.773635]  kasan_save_track+0x20/0x40
[   32.774354]  kasan_save_alloc_info+0x40/0x58
[   32.774895]  __kasan_krealloc+0x118/0x178
[   32.775534]  krealloc_noprof+0x128/0x360
[   32.777544]  krealloc_less_oob_helper+0x168/0xc50
[   32.778763]  krealloc_less_oob+0x20/0x38
[   32.779625]  kunit_try_run_case+0x14c/0x3d0
[   32.780670]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.782834]  kthread+0x24c/0x2d0
[   32.783408]  ret_from_fork+0x10/0x20
[   32.783833] 
[   32.784899] The buggy address belongs to the object at fff00000c5c6f400
[   32.784899]  which belongs to the cache kmalloc-256 of size 256
[   32.787003] The buggy address is located 7 bytes to the right of
[   32.787003]  allocated 201-byte region [fff00000c5c6f400, fff00000c5c6f4c9)
[   32.788992] 
[   32.789984] The buggy address belongs to the physical page:
[   32.790623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.792150] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.794009] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.794808] page_type: f5(slab)
[   32.795246] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.796205] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.797795] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.798907] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.799643] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.801706] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.802660] page dumped because: kasan: bad access detected
[   32.803497] 
[   32.804060] Memory state around the buggy address:
[   32.805367]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.806272]  fff00000c5c6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.809402] >fff00000c5c6f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.811235]                                                  ^
[   32.811833]  fff00000c5c6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.812423]  fff00000c5c6f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.815537] ==================================================================
[   33.286966] ==================================================================
[   33.287778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   33.289361] Write of size 1 at addr fff00000c69fa0eb by task kunit_try_catch/151
[   33.290676] 
[   33.291013] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.292517] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.293020] Hardware name: linux,dummy-virt (DT)
[   33.293971] Call trace:
[   33.294462]  show_stack+0x20/0x38 (C)
[   33.295161]  dump_stack_lvl+0x8c/0xd0
[   33.295973]  print_report+0x118/0x5e0
[   33.296835]  kasan_report+0xc8/0x118
[   33.297730]  __asan_report_store1_noabort+0x20/0x30
[   33.298319]  krealloc_less_oob_helper+0xa58/0xc50
[   33.299687]  krealloc_large_less_oob+0x20/0x38
[   33.300585]  kunit_try_run_case+0x14c/0x3d0
[   33.301220]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.302501]  kthread+0x24c/0x2d0
[   33.303148]  ret_from_fork+0x10/0x20
[   33.303640] 
[   33.304064] The buggy address belongs to the physical page:
[   33.305127] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f8
[   33.305937] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.307105] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.308109] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.309220] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.310241] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.311206] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.312255] head: 0bfffe0000000002 ffffc1ffc31a7e01 ffffffffffffffff 0000000000000000
[   33.313186] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.314127] page dumped because: kasan: bad access detected
[   33.314818] 
[   33.315177] Memory state around the buggy address:
[   33.315842]  fff00000c69f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.316885]  fff00000c69fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.317672] >fff00000c69fa080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.318549]                                                           ^
[   33.319546]  fff00000c69fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.320391]  fff00000c69fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.321296] ==================================================================
[   32.946714] ==================================================================
[   32.947629] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   32.948577] Write of size 1 at addr fff00000c5c6f4eb by task kunit_try_catch/147
[   32.949487] 
[   32.949916] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.951242] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.951671] Hardware name: linux,dummy-virt (DT)
[   32.953388] Call trace:
[   32.954115]  show_stack+0x20/0x38 (C)
[   32.955167]  dump_stack_lvl+0x8c/0xd0
[   32.955983]  print_report+0x118/0x5e0
[   32.957045]  kasan_report+0xc8/0x118
[   32.958083]  __asan_report_store1_noabort+0x20/0x30
[   32.959300]  krealloc_less_oob_helper+0xa58/0xc50
[   32.960315]  krealloc_less_oob+0x20/0x38
[   32.961365]  kunit_try_run_case+0x14c/0x3d0
[   32.962508]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.963411]  kthread+0x24c/0x2d0
[   32.964319]  ret_from_fork+0x10/0x20
[   32.965233] 
[   32.965620] Allocated by task 147:
[   32.966366]  kasan_save_stack+0x3c/0x68
[   32.967395]  kasan_save_track+0x20/0x40
[   32.967856]  kasan_save_alloc_info+0x40/0x58
[   32.968318]  __kasan_krealloc+0x118/0x178
[   32.969247]  krealloc_noprof+0x128/0x360
[   32.970209]  krealloc_less_oob_helper+0x168/0xc50
[   32.971350]  krealloc_less_oob+0x20/0x38
[   32.972496]  kunit_try_run_case+0x14c/0x3d0
[   32.973655]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.975010]  kthread+0x24c/0x2d0
[   32.975802]  ret_from_fork+0x10/0x20
[   32.976841] 
[   32.977461] The buggy address belongs to the object at fff00000c5c6f400
[   32.977461]  which belongs to the cache kmalloc-256 of size 256
[   32.979802] The buggy address is located 34 bytes to the right of
[   32.979802]  allocated 201-byte region [fff00000c5c6f400, fff00000c5c6f4c9)
[   32.982235] 
[   32.982651] The buggy address belongs to the physical page:
[   32.983947] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.985468] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.986391] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.988168] page_type: f5(slab)
[   32.988988] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.989989] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.991259] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.992287] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.994258] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.995396] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.996404] page dumped because: kasan: bad access detected
[   32.997175] 
[   32.997882] Memory state around the buggy address:
[   32.998922]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.999909]  fff00000c5c6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.001259] >fff00000c5c6f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.002106]                                                           ^
[   33.003883]  fff00000c5c6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.005316]  fff00000c5c6f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.006263] ==================================================================
[   32.885518] ==================================================================
[   32.886574] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   32.887312] Write of size 1 at addr fff00000c5c6f4ea by task kunit_try_catch/147
[   32.888383] 
[   32.889826] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.891130] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.891944] Hardware name: linux,dummy-virt (DT)
[   32.892578] Call trace:
[   32.892924]  show_stack+0x20/0x38 (C)
[   32.893663]  dump_stack_lvl+0x8c/0xd0
[   32.894430]  print_report+0x118/0x5e0
[   32.896069]  kasan_report+0xc8/0x118
[   32.896500]  __asan_report_store1_noabort+0x20/0x30
[   32.897381]  krealloc_less_oob_helper+0xae4/0xc50
[   32.898091]  krealloc_less_oob+0x20/0x38
[   32.899176]  kunit_try_run_case+0x14c/0x3d0
[   32.900116]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.901724]  kthread+0x24c/0x2d0
[   32.902936]  ret_from_fork+0x10/0x20
[   32.903393] 
[   32.903667] Allocated by task 147:
[   32.903950]  kasan_save_stack+0x3c/0x68
[   32.904250]  kasan_save_track+0x20/0x40
[   32.905784]  kasan_save_alloc_info+0x40/0x58
[   32.906804]  __kasan_krealloc+0x118/0x178
[   32.907906]  krealloc_noprof+0x128/0x360
[   32.908885]  krealloc_less_oob_helper+0x168/0xc50
[   32.909557]  krealloc_less_oob+0x20/0x38
[   32.910189]  kunit_try_run_case+0x14c/0x3d0
[   32.910944]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.911794]  kthread+0x24c/0x2d0
[   32.912551]  ret_from_fork+0x10/0x20
[   32.913023] 
[   32.913616] The buggy address belongs to the object at fff00000c5c6f400
[   32.913616]  which belongs to the cache kmalloc-256 of size 256
[   32.915719] The buggy address is located 33 bytes to the right of
[   32.915719]  allocated 201-byte region [fff00000c5c6f400, fff00000c5c6f4c9)
[   32.918198] 
[   32.918858] The buggy address belongs to the physical page:
[   32.919768] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.920920] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.921972] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.923497] page_type: f5(slab)
[   32.924296] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.925659] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.926979] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.928210] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.929205] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.931055] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.933107] page dumped because: kasan: bad access detected
[   32.935237] 
[   32.935929] Memory state around the buggy address:
[   32.936949]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.938460]  fff00000c5c6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.939534] >fff00000c5c6f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.940277]                                                           ^
[   32.941086]  fff00000c5c6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.942870]  fff00000c5c6f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.943853] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5fJPu1U0syxXCEatKhpHAVGc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5fJPu1U0syxXCEatKhpHAVGc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/Image.gz
sha256sum	c7dd7dbcf7d483b1d1dd11cc623170a05fa77e79300cd8b3c90dab3ce454e75a

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/modules.tar.xz
sha256sum	5eca046fbd2122c8407be146a89207cf131b2811a5bb49c1bd70a7799382ee91

durations

tests

boot	412.61
kunit	528.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   24.395156] ==================================================================
[   24.395687] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   24.396124] Write of size 1 at addr ffff888100a256da by task kunit_try_catch/166
[   24.396554] 
[   24.396737] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.397645] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.398055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.398809] Call Trace:
[   24.399205]  <TASK>
[   24.399529]  dump_stack_lvl+0x73/0xb0
[   24.400009]  print_report+0xd1/0x640
[   24.400447]  ? __virt_addr_valid+0x1db/0x2d0
[   24.400941]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.401326]  kasan_report+0x102/0x140
[   24.401677]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   24.402309]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   24.402718]  __asan_report_store1_noabort+0x1b/0x30
[   24.403384]  krealloc_less_oob_helper+0xec8/0x11d0
[   24.403923]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.404293]  ? finish_task_switch.isra.0+0x153/0x700
[   24.404608]  ? __switch_to+0x5d9/0xf60
[   24.404919]  ? __schedule+0xc3e/0x2790
[   24.405369]  ? __pfx_read_tsc+0x10/0x10
[   24.405971]  krealloc_less_oob+0x1c/0x30
[   24.406415]  kunit_try_run_case+0x1b3/0x490
[   24.406899]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.407495]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.408077]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.408714]  ? __kthread_parkme+0x82/0x160
[   24.409236]  ? preempt_count_sub+0x50/0x80
[   24.409700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.410041]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.410444]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.411111]  kthread+0x257/0x310
[   24.411571]  ? __pfx_kthread+0x10/0x10
[   24.412032]  ret_from_fork+0x41/0x80
[   24.412590]  ? __pfx_kthread+0x10/0x10
[   24.413066]  ret_from_fork_asm+0x1a/0x30
[   24.413692]  </TASK>
[   24.413985] 
[   24.414132] Allocated by task 166:
[   24.414410]  kasan_save_stack+0x3d/0x60
[   24.414681]  kasan_save_track+0x18/0x40
[   24.415784]  kasan_save_alloc_info+0x3b/0x50
[   24.418372]  __kasan_krealloc+0x190/0x1f0
[   24.418802]  krealloc_noprof+0xf3/0x340
[   24.419228]  krealloc_less_oob_helper+0x1ab/0x11d0
[   24.420736]  krealloc_less_oob+0x1c/0x30
[   24.423040]  kunit_try_run_case+0x1b3/0x490
[   24.424129]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.426302]  kthread+0x257/0x310
[   24.427734]  ret_from_fork+0x41/0x80
[   24.428935]  ret_from_fork_asm+0x1a/0x30
[   24.429806] 
[   24.430627] The buggy address belongs to the object at ffff888100a25600
[   24.430627]  which belongs to the cache kmalloc-256 of size 256
[   24.432957] The buggy address is located 17 bytes to the right of
[   24.432957]  allocated 201-byte region [ffff888100a25600, ffff888100a256c9)
[   24.435486] 
[   24.436087] The buggy address belongs to the physical page:
[   24.437322] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   24.438004] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.438706] flags: 0x200000000000040(head|node=0|zone=2)
[   24.439416] page_type: f5(slab)
[   24.439639] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.440388] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.440913] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.441469] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.442186] head: 0200000000000001 ffffea0004028901 ffffffffffffffff 0000000000000000
[   24.443042] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.443496] page dumped because: kasan: bad access detected
[   24.444241] 
[   24.444584] Memory state around the buggy address:
[   24.445371]  ffff888100a25580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.446370]  ffff888100a25600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.447280] >ffff888100a25680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.448037]                                                     ^
[   24.448843]  ffff888100a25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.449894]  ffff888100a25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.451053] ==================================================================
[   24.356374] ==================================================================
[   24.357093] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   24.357617] Write of size 1 at addr ffff888100a256d0 by task kunit_try_catch/166
[   24.358489] 
[   24.358718] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.359453] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.359698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.360511] Call Trace:
[   24.360813]  <TASK>
[   24.361086]  dump_stack_lvl+0x73/0xb0
[   24.361578]  print_report+0xd1/0x640
[   24.361913]  ? __virt_addr_valid+0x1db/0x2d0
[   24.362433]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.362769]  kasan_report+0x102/0x140
[   24.363063]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   24.363652]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   24.364434]  __asan_report_store1_noabort+0x1b/0x30
[   24.364978]  krealloc_less_oob_helper+0xe25/0x11d0
[   24.365493]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.365901]  ? finish_task_switch.isra.0+0x153/0x700
[   24.366359]  ? __switch_to+0x5d9/0xf60
[   24.366816]  ? __schedule+0xc3e/0x2790
[   24.367455]  ? __pfx_read_tsc+0x10/0x10
[   24.367883]  krealloc_less_oob+0x1c/0x30
[   24.368243]  kunit_try_run_case+0x1b3/0x490
[   24.368540]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.368862]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.369335]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.369938]  ? __kthread_parkme+0x82/0x160
[   24.370500]  ? preempt_count_sub+0x50/0x80
[   24.370906]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.371212]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.371871]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.372410]  kthread+0x257/0x310
[   24.372986]  ? __pfx_kthread+0x10/0x10
[   24.373405]  ret_from_fork+0x41/0x80
[   24.373736]  ? __pfx_kthread+0x10/0x10
[   24.374302]  ret_from_fork_asm+0x1a/0x30
[   24.374617]  </TASK>
[   24.374974] 
[   24.375187] Allocated by task 166:
[   24.375471]  kasan_save_stack+0x3d/0x60
[   24.375901]  kasan_save_track+0x18/0x40
[   24.376452]  kasan_save_alloc_info+0x3b/0x50
[   24.376949]  __kasan_krealloc+0x190/0x1f0
[   24.377346]  krealloc_noprof+0xf3/0x340
[   24.377599]  krealloc_less_oob_helper+0x1ab/0x11d0
[   24.377924]  krealloc_less_oob+0x1c/0x30
[   24.378187]  kunit_try_run_case+0x1b3/0x490
[   24.378503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.378839]  kthread+0x257/0x310
[   24.379208]  ret_from_fork+0x41/0x80
[   24.379646]  ret_from_fork_asm+0x1a/0x30
[   24.380128] 
[   24.380465] The buggy address belongs to the object at ffff888100a25600
[   24.380465]  which belongs to the cache kmalloc-256 of size 256
[   24.381699] The buggy address is located 7 bytes to the right of
[   24.381699]  allocated 201-byte region [ffff888100a25600, ffff888100a256c9)
[   24.382845] 
[   24.383120] The buggy address belongs to the physical page:
[   24.383699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   24.384239] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.384611] flags: 0x200000000000040(head|node=0|zone=2)
[   24.385154] page_type: f5(slab)
[   24.385578] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.386260] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.386997] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.387654] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.388283] head: 0200000000000001 ffffea0004028901 ffffffffffffffff 0000000000000000
[   24.388968] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.389404] page dumped because: kasan: bad access detected
[   24.389656] 
[   24.389786] Memory state around the buggy address:
[   24.390264]  ffff888100a25580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.390984]  ffff888100a25600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.391561] >ffff888100a25680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.392157]                                                  ^
[   24.392670]  ffff888100a25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.393226]  ffff888100a25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.393857] ==================================================================
[   24.651063] ==================================================================
[   24.651855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   24.652761] Write of size 1 at addr ffff88810232a0c9 by task kunit_try_catch/170
[   24.654945] 
[   24.655117] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.655726] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.656260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.657684] Call Trace:
[   24.658453]  <TASK>
[   24.658683]  dump_stack_lvl+0x73/0xb0
[   24.659145]  print_report+0xd1/0x640
[   24.659439]  ? __virt_addr_valid+0x1db/0x2d0
[   24.660061]  ? kasan_addr_to_slab+0x11/0xa0
[   24.660490]  kasan_report+0x102/0x140
[   24.660844]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   24.661492]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   24.662135]  __asan_report_store1_noabort+0x1b/0x30
[   24.662499]  krealloc_less_oob_helper+0xd72/0x11d0
[   24.663049]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.663492]  ? finish_task_switch.isra.0+0x153/0x700
[   24.663815]  ? __switch_to+0x5d9/0xf60
[   24.664344]  ? irqentry_exit+0x2a/0x60
[   24.664798]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.665304]  ? trace_hardirqs_on+0x37/0xe0
[   24.665648]  ? __pfx_read_tsc+0x10/0x10
[   24.665962]  krealloc_large_less_oob+0x1c/0x30
[   24.667009]  kunit_try_run_case+0x1b3/0x490
[   24.667566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.668255]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.668740]  ? __kthread_parkme+0x82/0x160
[   24.669180]  ? preempt_count_sub+0x50/0x80
[   24.669469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.670002]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.670565]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.671191]  kthread+0x257/0x310
[   24.671740]  ? __pfx_kthread+0x10/0x10
[   24.672194]  ret_from_fork+0x41/0x80
[   24.672613]  ? __pfx_kthread+0x10/0x10
[   24.673578]  ret_from_fork_asm+0x1a/0x30
[   24.673961]  </TASK>
[   24.674219] 
[   24.674378] The buggy address belongs to the physical page:
[   24.674670] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.675343] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.676020] flags: 0x200000000000040(head|node=0|zone=2)
[   24.676684] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.677555] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.678167] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.679165] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.679692] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.680300] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.680690] page dumped because: kasan: bad access detected
[   24.683056] 
[   24.683281] Memory state around the buggy address:
[   24.683725]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.684214]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.685572] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.686028]                                               ^
[   24.686661]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.687603]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.688516] ==================================================================
[   24.690309] ==================================================================
[   24.692081] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   24.692700] Write of size 1 at addr ffff88810232a0d0 by task kunit_try_catch/170
[   24.693352] 
[   24.693765] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.694651] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.695228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.695802] Call Trace:
[   24.696138]  <TASK>
[   24.696767]  dump_stack_lvl+0x73/0xb0
[   24.697199]  print_report+0xd1/0x640
[   24.697599]  ? __virt_addr_valid+0x1db/0x2d0
[   24.698169]  ? kasan_addr_to_slab+0x11/0xa0
[   24.698897]  kasan_report+0x102/0x140
[   24.699216]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   24.699619]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   24.699978]  __asan_report_store1_noabort+0x1b/0x30
[   24.700522]  krealloc_less_oob_helper+0xe25/0x11d0
[   24.701144]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.701725]  ? finish_task_switch.isra.0+0x153/0x700
[   24.702278]  ? __switch_to+0x5d9/0xf60
[   24.702563]  ? irqentry_exit+0x2a/0x60
[   24.702851]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.703360]  ? trace_hardirqs_on+0x37/0xe0
[   24.703798]  ? __pfx_read_tsc+0x10/0x10
[   24.704240]  krealloc_large_less_oob+0x1c/0x30
[   24.705207]  kunit_try_run_case+0x1b3/0x490
[   24.705791]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.706168]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.706481]  ? __kthread_parkme+0x82/0x160
[   24.706966]  ? preempt_count_sub+0x50/0x80
[   24.707402]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.708122]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.709032]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.709449]  kthread+0x257/0x310
[   24.709719]  ? __pfx_kthread+0x10/0x10
[   24.710168]  ret_from_fork+0x41/0x80
[   24.710700]  ? __pfx_kthread+0x10/0x10
[   24.711138]  ret_from_fork_asm+0x1a/0x30
[   24.711864]  </TASK>
[   24.712149] 
[   24.712454] The buggy address belongs to the physical page:
[   24.713340] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.713863] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.714878] flags: 0x200000000000040(head|node=0|zone=2)
[   24.715229] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.715880] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.716738] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.719000] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.720420] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.721089] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.723177] page dumped because: kasan: bad access detected
[   24.723560] 
[   24.723777] Memory state around the buggy address:
[   24.724378]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.724877]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.725671] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.726276]                                                  ^
[   24.726791]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.727285]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.728554] ==================================================================
[   24.452351] ==================================================================
[   24.452810] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   24.453240] Write of size 1 at addr ffff888100a256ea by task kunit_try_catch/166
[   24.453814] 
[   24.454320] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.455339] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.455592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.456311] Call Trace:
[   24.456772]  <TASK>
[   24.457059]  dump_stack_lvl+0x73/0xb0
[   24.457502]  print_report+0xd1/0x640
[   24.457959]  ? __virt_addr_valid+0x1db/0x2d0
[   24.458583]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.458992]  kasan_report+0x102/0x140
[   24.459529]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   24.460120]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   24.460653]  __asan_report_store1_noabort+0x1b/0x30
[   24.461177]  krealloc_less_oob_helper+0xe92/0x11d0
[   24.461651]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.462403]  ? finish_task_switch.isra.0+0x153/0x700
[   24.462980]  ? __switch_to+0x5d9/0xf60
[   24.463221]  ? __schedule+0xc3e/0x2790
[   24.463503]  ? __pfx_read_tsc+0x10/0x10
[   24.464056]  krealloc_less_oob+0x1c/0x30
[   24.464562]  kunit_try_run_case+0x1b3/0x490
[   24.465138]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.465636]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.466365]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.466680]  ? __kthread_parkme+0x82/0x160
[   24.467111]  ? preempt_count_sub+0x50/0x80
[   24.467731]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.468294]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.469045]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.469857]  kthread+0x257/0x310
[   24.470134]  ? __pfx_kthread+0x10/0x10
[   24.470442]  ret_from_fork+0x41/0x80
[   24.470708]  ? __pfx_kthread+0x10/0x10
[   24.471237]  ret_from_fork_asm+0x1a/0x30
[   24.471805]  </TASK>
[   24.472232] 
[   24.472560] Allocated by task 166:
[   24.472983]  kasan_save_stack+0x3d/0x60
[   24.473417]  kasan_save_track+0x18/0x40
[   24.473807]  kasan_save_alloc_info+0x3b/0x50
[   24.474527]  __kasan_krealloc+0x190/0x1f0
[   24.474986]  krealloc_noprof+0xf3/0x340
[   24.475275]  krealloc_less_oob_helper+0x1ab/0x11d0
[   24.475574]  krealloc_less_oob+0x1c/0x30
[   24.475857]  kunit_try_run_case+0x1b3/0x490
[   24.476297]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.476799]  kthread+0x257/0x310
[   24.477291]  ret_from_fork+0x41/0x80
[   24.477676]  ret_from_fork_asm+0x1a/0x30
[   24.478320] 
[   24.478544] The buggy address belongs to the object at ffff888100a25600
[   24.478544]  which belongs to the cache kmalloc-256 of size 256
[   24.479491] The buggy address is located 33 bytes to the right of
[   24.479491]  allocated 201-byte region [ffff888100a25600, ffff888100a256c9)
[   24.480361] 
[   24.480650] The buggy address belongs to the physical page:
[   24.481325] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   24.481897] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.482727] flags: 0x200000000000040(head|node=0|zone=2)
[   24.483166] page_type: f5(slab)
[   24.483453] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.484126] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.484990] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.485658] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.486408] head: 0200000000000001 ffffea0004028901 ffffffffffffffff 0000000000000000
[   24.487121] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.487758] page dumped because: kasan: bad access detected
[   24.488367] 
[   24.488575] Memory state around the buggy address:
[   24.488933]  ffff888100a25580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.489293]  ffff888100a25600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.489646] >ffff888100a25680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.490304]                                                           ^
[   24.490922]  ffff888100a25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.491626]  ffff888100a25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.492515] ==================================================================
[   24.768932] ==================================================================
[   24.770418] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   24.771214] Write of size 1 at addr ffff88810232a0ea by task kunit_try_catch/170
[   24.771644] 
[   24.771813] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.772318] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.772563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.773350] Call Trace:
[   24.773658]  <TASK>
[   24.774157]  dump_stack_lvl+0x73/0xb0
[   24.774647]  print_report+0xd1/0x640
[   24.775224]  ? __virt_addr_valid+0x1db/0x2d0
[   24.775763]  ? kasan_addr_to_slab+0x11/0xa0
[   24.776364]  kasan_report+0x102/0x140
[   24.776634]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   24.778010]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   24.778603]  __asan_report_store1_noabort+0x1b/0x30
[   24.779348]  krealloc_less_oob_helper+0xe92/0x11d0
[   24.780084]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.780653]  ? finish_task_switch.isra.0+0x153/0x700
[   24.781364]  ? __switch_to+0x5d9/0xf60
[   24.781788]  ? irqentry_exit+0x2a/0x60
[   24.782678]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.783197]  ? trace_hardirqs_on+0x37/0xe0
[   24.783632]  ? __pfx_read_tsc+0x10/0x10
[   24.784409]  krealloc_large_less_oob+0x1c/0x30
[   24.784798]  kunit_try_run_case+0x1b3/0x490
[   24.785407]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.786122]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.786653]  ? __kthread_parkme+0x82/0x160
[   24.787299]  ? preempt_count_sub+0x50/0x80
[   24.787666]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.788636]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.789144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.790084]  kthread+0x257/0x310
[   24.790509]  ? __pfx_kthread+0x10/0x10
[   24.790817]  ret_from_fork+0x41/0x80
[   24.791435]  ? __pfx_kthread+0x10/0x10
[   24.792048]  ret_from_fork_asm+0x1a/0x30
[   24.792472]  </TASK>
[   24.792658] 
[   24.792806] The buggy address belongs to the physical page:
[   24.794054] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.794791] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.795672] flags: 0x200000000000040(head|node=0|zone=2)
[   24.796354] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.797051] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.797726] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.798957] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.799520] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.800523] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.801072] page dumped because: kasan: bad access detected
[   24.801615] 
[   24.802025] Memory state around the buggy address:
[   24.802516]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.803074]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.803761] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.805088]                                                           ^
[   24.805806]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.806551]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.807361] ==================================================================
[   24.307106] ==================================================================
[   24.307782] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   24.308490] Write of size 1 at addr ffff888100a256c9 by task kunit_try_catch/166
[   24.309353] 
[   24.309602] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.310743] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.311952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.312497] Call Trace:
[   24.312996]  <TASK>
[   24.313285]  dump_stack_lvl+0x73/0xb0
[   24.313704]  print_report+0xd1/0x640
[   24.314036]  ? __virt_addr_valid+0x1db/0x2d0
[   24.314342]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.315448]  kasan_report+0x102/0x140
[   24.315898]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   24.316593]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   24.317125]  __asan_report_store1_noabort+0x1b/0x30
[   24.317562]  krealloc_less_oob_helper+0xd72/0x11d0
[   24.317982]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.318414]  ? finish_task_switch.isra.0+0x153/0x700
[   24.319305]  ? __switch_to+0x5d9/0xf60
[   24.319723]  ? __schedule+0xc3e/0x2790
[   24.320348]  ? __pfx_read_tsc+0x10/0x10
[   24.320720]  krealloc_less_oob+0x1c/0x30
[   24.321159]  kunit_try_run_case+0x1b3/0x490
[   24.321474]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.321776]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.322370]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.323324]  ? __kthread_parkme+0x82/0x160
[   24.323798]  ? preempt_count_sub+0x50/0x80
[   24.324430]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.325047]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.325754]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.326146]  kthread+0x257/0x310
[   24.326405]  ? __pfx_kthread+0x10/0x10
[   24.326718]  ret_from_fork+0x41/0x80
[   24.327569]  ? __pfx_kthread+0x10/0x10
[   24.328044]  ret_from_fork_asm+0x1a/0x30
[   24.328725]  </TASK>
[   24.329083] 
[   24.329386] Allocated by task 166:
[   24.329661]  kasan_save_stack+0x3d/0x60
[   24.329966]  kasan_save_track+0x18/0x40
[   24.330509]  kasan_save_alloc_info+0x3b/0x50
[   24.330971]  __kasan_krealloc+0x190/0x1f0
[   24.331877]  krealloc_noprof+0xf3/0x340
[   24.332328]  krealloc_less_oob_helper+0x1ab/0x11d0
[   24.332714]  krealloc_less_oob+0x1c/0x30
[   24.333002]  kunit_try_run_case+0x1b3/0x490
[   24.333275]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.333757]  kthread+0x257/0x310
[   24.334156]  ret_from_fork+0x41/0x80
[   24.334552]  ret_from_fork_asm+0x1a/0x30
[   24.335070] 
[   24.335282] The buggy address belongs to the object at ffff888100a25600
[   24.335282]  which belongs to the cache kmalloc-256 of size 256
[   24.336183] The buggy address is located 0 bytes to the right of
[   24.336183]  allocated 201-byte region [ffff888100a25600, ffff888100a256c9)
[   24.337133] 
[   24.337300] The buggy address belongs to the physical page:
[   24.337601] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   24.338035] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.338466] flags: 0x200000000000040(head|node=0|zone=2)
[   24.339607] page_type: f5(slab)
[   24.339997] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.341095] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.342163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.343376] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.344074] head: 0200000000000001 ffffea0004028901 ffffffffffffffff 0000000000000000
[   24.344464] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.345494] page dumped because: kasan: bad access detected
[   24.346068] 
[   24.347660] Memory state around the buggy address:
[   24.349082]  ffff888100a25580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.350738]  ffff888100a25600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.351849] >ffff888100a25680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.353136]                                               ^
[   24.353688]  ffff888100a25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.354562]  ffff888100a25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.354933] ==================================================================
[   24.495591] ==================================================================
[   24.497419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   24.498056] Write of size 1 at addr ffff888100a256eb by task kunit_try_catch/166
[   24.498437] 
[   24.498612] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.500488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.500891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.501628] Call Trace:
[   24.503621]  <TASK>
[   24.503928]  dump_stack_lvl+0x73/0xb0
[   24.504367]  print_report+0xd1/0x640
[   24.504777]  ? __virt_addr_valid+0x1db/0x2d0
[   24.505541]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.506204]  kasan_report+0x102/0x140
[   24.506571]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   24.507606]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   24.508345]  __asan_report_store1_noabort+0x1b/0x30
[   24.509158]  krealloc_less_oob_helper+0xd49/0x11d0
[   24.509705]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.510511]  ? finish_task_switch.isra.0+0x153/0x700
[   24.511604]  ? __switch_to+0x5d9/0xf60
[   24.512189]  ? __schedule+0xc3e/0x2790
[   24.513147]  ? __pfx_read_tsc+0x10/0x10
[   24.513550]  krealloc_less_oob+0x1c/0x30
[   24.514226]  kunit_try_run_case+0x1b3/0x490
[   24.514645]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.515425]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.515943]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.516456]  ? __kthread_parkme+0x82/0x160
[   24.517425]  ? preempt_count_sub+0x50/0x80
[   24.518099]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.518656]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.520101]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.520721]  kthread+0x257/0x310
[   24.521404]  ? __pfx_kthread+0x10/0x10
[   24.521994]  ret_from_fork+0x41/0x80
[   24.522408]  ? __pfx_kthread+0x10/0x10
[   24.522850]  ret_from_fork_asm+0x1a/0x30
[   24.524101]  </TASK>
[   24.524439] 
[   24.524619] Allocated by task 166:
[   24.525064]  kasan_save_stack+0x3d/0x60
[   24.525526]  kasan_save_track+0x18/0x40
[   24.526236]  kasan_save_alloc_info+0x3b/0x50
[   24.526730]  __kasan_krealloc+0x190/0x1f0
[   24.527616]  krealloc_noprof+0xf3/0x340
[   24.528052]  krealloc_less_oob_helper+0x1ab/0x11d0
[   24.528528]  krealloc_less_oob+0x1c/0x30
[   24.529475]  kunit_try_run_case+0x1b3/0x490
[   24.529773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.530674]  kthread+0x257/0x310
[   24.532136]  ret_from_fork+0x41/0x80
[   24.532603]  ret_from_fork_asm+0x1a/0x30
[   24.533191] 
[   24.533428] The buggy address belongs to the object at ffff888100a25600
[   24.533428]  which belongs to the cache kmalloc-256 of size 256
[   24.534678] The buggy address is located 34 bytes to the right of
[   24.534678]  allocated 201-byte region [ffff888100a25600, ffff888100a256c9)
[   24.536516] 
[   24.536844] The buggy address belongs to the physical page:
[   24.537559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   24.538514] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.539483] flags: 0x200000000000040(head|node=0|zone=2)
[   24.540693] page_type: f5(slab)
[   24.541087] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.541796] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.542697] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.543551] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.544804] head: 0200000000000001 ffffea0004028901 ffffffffffffffff 0000000000000000
[   24.545407] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.546445] page dumped because: kasan: bad access detected
[   24.546936] 
[   24.547133] Memory state around the buggy address:
[   24.548392]  ffff888100a25580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.549109]  ffff888100a25600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.549763] >ffff888100a25680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.550524]                                                           ^
[   24.551392]  ffff888100a25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.551817]  ffff888100a25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.553283] ==================================================================
[   24.808209] ==================================================================
[   24.808991] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   24.810455] Write of size 1 at addr ffff88810232a0eb by task kunit_try_catch/170
[   24.811424] 
[   24.811682] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.813479] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.813778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.814238] Call Trace:
[   24.814496]  <TASK>
[   24.814719]  dump_stack_lvl+0x73/0xb0
[   24.815090]  print_report+0xd1/0x640
[   24.815430]  ? __virt_addr_valid+0x1db/0x2d0
[   24.815813]  ? kasan_addr_to_slab+0x11/0xa0
[   24.816447]  kasan_report+0x102/0x140
[   24.817298]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   24.817701]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   24.818584]  __asan_report_store1_noabort+0x1b/0x30
[   24.818939]  krealloc_less_oob_helper+0xd49/0x11d0
[   24.819496]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.819868]  ? finish_task_switch.isra.0+0x153/0x700
[   24.820332]  ? __switch_to+0x5d9/0xf60
[   24.820680]  ? irqentry_exit+0x2a/0x60
[   24.821157]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.821889]  ? trace_hardirqs_on+0x37/0xe0
[   24.822379]  ? __pfx_read_tsc+0x10/0x10
[   24.823134]  krealloc_large_less_oob+0x1c/0x30
[   24.823671]  kunit_try_run_case+0x1b3/0x490
[   24.824258]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.824951]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.826038]  ? __kthread_parkme+0x82/0x160
[   24.826500]  ? preempt_count_sub+0x50/0x80
[   24.826857]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.827507]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.828172]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.828626]  kthread+0x257/0x310
[   24.828920]  ? __pfx_kthread+0x10/0x10
[   24.829343]  ret_from_fork+0x41/0x80
[   24.829937]  ? __pfx_kthread+0x10/0x10
[   24.830484]  ret_from_fork_asm+0x1a/0x30
[   24.830893]  </TASK>
[   24.831200] 
[   24.832031] The buggy address belongs to the physical page:
[   24.832643] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.833089] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.834034] flags: 0x200000000000040(head|node=0|zone=2)
[   24.834578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.835455] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.835914] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.836693] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.837286] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.837789] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.838569] page dumped because: kasan: bad access detected
[   24.839133] 
[   24.840060] Memory state around the buggy address:
[   24.840408]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.840781]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.841163] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.841648]                                                           ^
[   24.842380]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.843007]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.843845] ==================================================================
[   24.729490] ==================================================================
[   24.730224] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   24.730983] Write of size 1 at addr ffff88810232a0da by task kunit_try_catch/170
[   24.731723] 
[   24.732117] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.732888] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.733415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.734289] Call Trace:
[   24.734543]  <TASK>
[   24.734813]  dump_stack_lvl+0x73/0xb0
[   24.735422]  print_report+0xd1/0x640
[   24.735978]  ? __virt_addr_valid+0x1db/0x2d0
[   24.736339]  ? kasan_addr_to_slab+0x11/0xa0
[   24.736889]  kasan_report+0x102/0x140
[   24.737619]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   24.739027]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   24.739618]  __asan_report_store1_noabort+0x1b/0x30
[   24.740133]  krealloc_less_oob_helper+0xec8/0x11d0
[   24.740698]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.741560]  ? finish_task_switch.isra.0+0x153/0x700
[   24.742297]  ? __switch_to+0x5d9/0xf60
[   24.742715]  ? irqentry_exit+0x2a/0x60
[   24.743376]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.743731]  ? trace_hardirqs_on+0x37/0xe0
[   24.744039]  ? __pfx_read_tsc+0x10/0x10
[   24.744483]  krealloc_large_less_oob+0x1c/0x30
[   24.744944]  kunit_try_run_case+0x1b3/0x490
[   24.745940]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.746336]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.746641]  ? __kthread_parkme+0x82/0x160
[   24.747284]  ? preempt_count_sub+0x50/0x80
[   24.747741]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.748741]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.749366]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.749753]  kthread+0x257/0x310
[   24.750041]  ? __pfx_kthread+0x10/0x10
[   24.751418]  ret_from_fork+0x41/0x80
[   24.751676]  ? __pfx_kthread+0x10/0x10
[   24.751885]  ret_from_fork_asm+0x1a/0x30
[   24.752183]  </TASK>
[   24.752363] 
[   24.752505] The buggy address belongs to the physical page:
[   24.752683] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.753462] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.755184] flags: 0x200000000000040(head|node=0|zone=2)
[   24.755800] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.756845] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.758052] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.758939] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.760037] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.760646] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.761257] page dumped because: kasan: bad access detected
[   24.761644] 
[   24.762218] Memory state around the buggy address:
[   24.762995]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.763376]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.764177] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.765341]                                                     ^
[   24.766414]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.767096]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.768057] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5gJrOhOMCPVCTwF6RWUbKkzV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5gJrOhOMCPVCTwF6RWUbKkzV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/bzImage
sha256sum	9e430a5c45c1c4d501e13019c577f1fb3e738d06e3c62c75693b9374ef9b548d

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/modules.tar.xz
sha256sum	342d3a3609bc12bfde714988d31ce95ccf57861e8edbfa31f0f2d2d1be459952

durations

tests

boot	362.79
kunit	484.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit