Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.976140] ================================================================== [ 30.977629] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.978560] Write of size 1 at addr fff00000c64660eb by task kunit_try_catch/151 [ 30.979431] [ 30.979927] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.981211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.981626] Hardware name: linux,dummy-virt (DT) [ 30.982650] Call trace: [ 30.983067] show_stack+0x20/0x38 (C) [ 30.983605] dump_stack_lvl+0x8c/0xd0 [ 30.984140] print_report+0x118/0x5e0 [ 30.984929] kasan_report+0xc8/0x118 [ 30.985966] __asan_report_store1_noabort+0x20/0x30 [ 30.986668] krealloc_less_oob_helper+0xa58/0xc50 [ 30.987313] krealloc_large_less_oob+0x20/0x38 [ 30.987951] kunit_try_run_case+0x14c/0x3d0 [ 30.988843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.989542] kthread+0x24c/0x2d0 [ 30.990520] ret_from_fork+0x10/0x20 [ 30.991121] [ 30.991505] The buggy address belongs to the physical page: [ 30.992972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.993602] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.994077] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.995100] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.995954] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.997226] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.998140] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.999538] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 31.001008] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 31.001751] page dumped because: kasan: bad access detected [ 31.002554] [ 31.002973] Memory state around the buggy address: [ 31.003646] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.004519] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.005698] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 31.006814] ^ [ 31.007745] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.009023] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.009810] ================================================================== [ 30.615979] ================================================================== [ 30.616709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.617737] Write of size 1 at addr fff00000c4481eda by task kunit_try_catch/147 [ 30.619182] [ 30.619701] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.621017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.621762] Hardware name: linux,dummy-virt (DT) [ 30.622538] Call trace: [ 30.622941] show_stack+0x20/0x38 (C) [ 30.623448] dump_stack_lvl+0x8c/0xd0 [ 30.624084] print_report+0x118/0x5e0 [ 30.624608] kasan_report+0xc8/0x118 [ 30.625293] __asan_report_store1_noabort+0x20/0x30 [ 30.625966] krealloc_less_oob_helper+0xa80/0xc50 [ 30.626721] krealloc_less_oob+0x20/0x38 [ 30.627272] kunit_try_run_case+0x14c/0x3d0 [ 30.627997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.628724] kthread+0x24c/0x2d0 [ 30.629318] ret_from_fork+0x10/0x20 [ 30.629865] [ 30.630283] Allocated by task 147: [ 30.630856] kasan_save_stack+0x3c/0x68 [ 30.631414] kasan_save_track+0x20/0x40 [ 30.632084] kasan_save_alloc_info+0x40/0x58 [ 30.632698] __kasan_krealloc+0x118/0x178 [ 30.633384] krealloc_noprof+0x128/0x360 [ 30.633995] krealloc_less_oob_helper+0x168/0xc50 [ 30.634733] krealloc_less_oob+0x20/0x38 [ 30.635365] kunit_try_run_case+0x14c/0x3d0 [ 30.636066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.636748] kthread+0x24c/0x2d0 [ 30.637369] ret_from_fork+0x10/0x20 [ 30.637921] [ 30.638325] The buggy address belongs to the object at fff00000c4481e00 [ 30.638325] which belongs to the cache kmalloc-256 of size 256 [ 30.639590] The buggy address is located 17 bytes to the right of [ 30.639590] allocated 201-byte region [fff00000c4481e00, fff00000c4481ec9) [ 30.640976] [ 30.641388] The buggy address belongs to the physical page: [ 30.642124] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.643151] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.643961] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.644841] page_type: f5(slab) [ 30.645425] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.646260] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.647186] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.648081] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.648960] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.649804] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.650673] page dumped because: kasan: bad access detected [ 30.651364] [ 30.651757] Memory state around the buggy address: [ 30.652271] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.653227] fff00000c4481e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.654114] >fff00000c4481e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.654985] ^ [ 30.655787] fff00000c4481f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.656623] fff00000c4481f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.657497] ================================================================== [ 30.838220] ================================================================== [ 30.839515] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.840298] Write of size 1 at addr fff00000c64660c9 by task kunit_try_catch/151 [ 30.841630] [ 30.842031] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.843874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.844521] Hardware name: linux,dummy-virt (DT) [ 30.845613] Call trace: [ 30.846064] show_stack+0x20/0x38 (C) [ 30.846600] dump_stack_lvl+0x8c/0xd0 [ 30.847462] print_report+0x118/0x5e0 [ 30.848048] kasan_report+0xc8/0x118 [ 30.848826] __asan_report_store1_noabort+0x20/0x30 [ 30.849428] krealloc_less_oob_helper+0xa48/0xc50 [ 30.850354] krealloc_large_less_oob+0x20/0x38 [ 30.851154] kunit_try_run_case+0x14c/0x3d0 [ 30.851947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.853046] kthread+0x24c/0x2d0 [ 30.853585] ret_from_fork+0x10/0x20 [ 30.854145] [ 30.854517] The buggy address belongs to the physical page: [ 30.855189] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.856109] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.857254] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.858528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.859381] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.860233] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.861581] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.862365] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.863311] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.864095] page dumped because: kasan: bad access detected [ 30.865452] [ 30.865810] Memory state around the buggy address: [ 30.866462] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.867374] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.868040] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.869486] ^ [ 30.870118] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.870941] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.871728] ================================================================== [ 30.530113] ================================================================== [ 30.531136] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.531892] Write of size 1 at addr fff00000c4481ec9 by task kunit_try_catch/147 [ 30.533007] [ 30.533290] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.534464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.534930] Hardware name: linux,dummy-virt (DT) [ 30.535550] Call trace: [ 30.535944] show_stack+0x20/0x38 (C) [ 30.536574] dump_stack_lvl+0x8c/0xd0 [ 30.537190] print_report+0x118/0x5e0 [ 30.537818] kasan_report+0xc8/0x118 [ 30.538414] __asan_report_store1_noabort+0x20/0x30 [ 30.539186] krealloc_less_oob_helper+0xa48/0xc50 [ 30.539821] krealloc_less_oob+0x20/0x38 [ 30.540363] kunit_try_run_case+0x14c/0x3d0 [ 30.541054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.541760] kthread+0x24c/0x2d0 [ 30.542366] ret_from_fork+0x10/0x20 [ 30.542896] [ 30.543273] Allocated by task 147: [ 30.543794] kasan_save_stack+0x3c/0x68 [ 30.544388] kasan_save_track+0x20/0x40 [ 30.544871] kasan_save_alloc_info+0x40/0x58 [ 30.545516] __kasan_krealloc+0x118/0x178 [ 30.546168] krealloc_noprof+0x128/0x360 [ 30.546793] krealloc_less_oob_helper+0x168/0xc50 [ 30.547438] krealloc_less_oob+0x20/0x38 [ 30.547954] kunit_try_run_case+0x14c/0x3d0 [ 30.548592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.549203] kthread+0x24c/0x2d0 [ 30.549761] ret_from_fork+0x10/0x20 [ 30.550316] [ 30.550693] The buggy address belongs to the object at fff00000c4481e00 [ 30.550693] which belongs to the cache kmalloc-256 of size 256 [ 30.551890] The buggy address is located 0 bytes to the right of [ 30.551890] allocated 201-byte region [fff00000c4481e00, fff00000c4481ec9) [ 30.553076] [ 30.553439] The buggy address belongs to the physical page: [ 30.554133] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.555124] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.555857] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.556785] page_type: f5(slab) [ 30.557258] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.558078] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.559005] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.559845] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.560656] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.561515] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.562257] page dumped because: kasan: bad access detected [ 30.563002] [ 30.563294] Memory state around the buggy address: [ 30.563946] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.564709] fff00000c4481e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.565579] >fff00000c4481e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.566317] ^ [ 30.567077] fff00000c4481f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.567810] fff00000c4481f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.568575] ================================================================== [ 30.705314] ================================================================== [ 30.705984] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.706954] Write of size 1 at addr fff00000c4481eeb by task kunit_try_catch/147 [ 30.707724] [ 30.709022] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.710312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.710771] Hardware name: linux,dummy-virt (DT) [ 30.711073] Call trace: [ 30.711267] show_stack+0x20/0x38 (C) [ 30.711543] dump_stack_lvl+0x8c/0xd0 [ 30.711807] print_report+0x118/0x5e0 [ 30.712206] kasan_report+0xc8/0x118 [ 30.712796] __asan_report_store1_noabort+0x20/0x30 [ 30.713593] krealloc_less_oob_helper+0xa58/0xc50 [ 30.714367] krealloc_less_oob+0x20/0x38 [ 30.715042] kunit_try_run_case+0x14c/0x3d0 [ 30.715637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.716479] kthread+0x24c/0x2d0 [ 30.716967] ret_from_fork+0x10/0x20 [ 30.717634] [ 30.718031] Allocated by task 147: [ 30.718556] kasan_save_stack+0x3c/0x68 [ 30.719088] kasan_save_track+0x20/0x40 [ 30.719772] kasan_save_alloc_info+0x40/0x58 [ 30.720486] __kasan_krealloc+0x118/0x178 [ 30.721145] krealloc_noprof+0x128/0x360 [ 30.721782] krealloc_less_oob_helper+0x168/0xc50 [ 30.722489] krealloc_less_oob+0x20/0x38 [ 30.723144] kunit_try_run_case+0x14c/0x3d0 [ 30.723830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.724500] kthread+0x24c/0x2d0 [ 30.725113] ret_from_fork+0x10/0x20 [ 30.725721] [ 30.726053] The buggy address belongs to the object at fff00000c4481e00 [ 30.726053] which belongs to the cache kmalloc-256 of size 256 [ 30.727264] The buggy address is located 34 bytes to the right of [ 30.727264] allocated 201-byte region [fff00000c4481e00, fff00000c4481ec9) [ 30.728688] [ 30.729016] The buggy address belongs to the physical page: [ 30.729664] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.730491] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.731386] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.732346] page_type: f5(slab) [ 30.732953] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.733785] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.734751] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.735664] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.736495] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.737424] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.738240] page dumped because: kasan: bad access detected [ 30.738827] [ 30.739255] Memory state around the buggy address: [ 30.739849] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740725] fff00000c4481e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.741578] >fff00000c4481e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.742391] ^ [ 30.743220] fff00000c4481f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.744039] fff00000c4481f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.744876] ================================================================== [ 30.873012] ================================================================== [ 30.873820] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.875022] Write of size 1 at addr fff00000c64660d0 by task kunit_try_catch/151 [ 30.875941] [ 30.876376] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.878094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.879288] Hardware name: linux,dummy-virt (DT) [ 30.880104] Call trace: [ 30.880462] show_stack+0x20/0x38 (C) [ 30.881281] dump_stack_lvl+0x8c/0xd0 [ 30.881961] print_report+0x118/0x5e0 [ 30.882592] kasan_report+0xc8/0x118 [ 30.883236] __asan_report_store1_noabort+0x20/0x30 [ 30.883973] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.885102] krealloc_large_less_oob+0x20/0x38 [ 30.885743] kunit_try_run_case+0x14c/0x3d0 [ 30.886516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.887345] kthread+0x24c/0x2d0 [ 30.887872] ret_from_fork+0x10/0x20 [ 30.888558] [ 30.888919] The buggy address belongs to the physical page: [ 30.889438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.890594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.891795] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.893120] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.893828] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.895088] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.895495] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.895868] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.896658] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.898176] page dumped because: kasan: bad access detected [ 30.899053] [ 30.899405] Memory state around the buggy address: [ 30.900033] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.901204] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.901987] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.902769] ^ [ 30.903833] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.905003] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.906089] ================================================================== [ 30.570740] ================================================================== [ 30.571632] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.572940] Write of size 1 at addr fff00000c4481ed0 by task kunit_try_catch/147 [ 30.573646] [ 30.575194] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.576412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.576930] Hardware name: linux,dummy-virt (DT) [ 30.577481] Call trace: [ 30.577924] show_stack+0x20/0x38 (C) [ 30.578574] dump_stack_lvl+0x8c/0xd0 [ 30.579170] print_report+0x118/0x5e0 [ 30.579743] kasan_report+0xc8/0x118 [ 30.580377] __asan_report_store1_noabort+0x20/0x30 [ 30.580958] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.581665] krealloc_less_oob+0x20/0x38 [ 30.582250] kunit_try_run_case+0x14c/0x3d0 [ 30.582963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.583740] kthread+0x24c/0x2d0 [ 30.584250] ret_from_fork+0x10/0x20 [ 30.584881] [ 30.585253] Allocated by task 147: [ 30.585798] kasan_save_stack+0x3c/0x68 [ 30.586346] kasan_save_track+0x20/0x40 [ 30.587323] kasan_save_alloc_info+0x40/0x58 [ 30.587850] __kasan_krealloc+0x118/0x178 [ 30.588632] krealloc_noprof+0x128/0x360 [ 30.589155] krealloc_less_oob_helper+0x168/0xc50 [ 30.589701] krealloc_less_oob+0x20/0x38 [ 30.590624] kunit_try_run_case+0x14c/0x3d0 [ 30.591345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.592086] kthread+0x24c/0x2d0 [ 30.592806] ret_from_fork+0x10/0x20 [ 30.593519] [ 30.593874] The buggy address belongs to the object at fff00000c4481e00 [ 30.593874] which belongs to the cache kmalloc-256 of size 256 [ 30.595058] The buggy address is located 7 bytes to the right of [ 30.595058] allocated 201-byte region [fff00000c4481e00, fff00000c4481ec9) [ 30.596569] [ 30.596988] The buggy address belongs to the physical page: [ 30.597731] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.598560] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.599526] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.600396] page_type: f5(slab) [ 30.600951] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.601866] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.602782] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.603664] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.604529] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.605397] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.606238] page dumped because: kasan: bad access detected [ 30.606948] [ 30.607352] Memory state around the buggy address: [ 30.607987] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.608758] fff00000c4481e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.609636] >fff00000c4481e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.610376] ^ [ 30.611265] fff00000c4481f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.612080] fff00000c4481f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.612872] ================================================================== [ 30.941102] ================================================================== [ 30.941822] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.942753] Write of size 1 at addr fff00000c64660ea by task kunit_try_catch/151 [ 30.943659] [ 30.944069] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.945130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.945588] Hardware name: linux,dummy-virt (DT) [ 30.946709] Call trace: [ 30.947181] show_stack+0x20/0x38 (C) [ 30.947801] dump_stack_lvl+0x8c/0xd0 [ 30.949632] print_report+0x118/0x5e0 [ 30.950264] kasan_report+0xc8/0x118 [ 30.950829] __asan_report_store1_noabort+0x20/0x30 [ 30.951574] krealloc_less_oob_helper+0xae4/0xc50 [ 30.952200] krealloc_large_less_oob+0x20/0x38 [ 30.953340] kunit_try_run_case+0x14c/0x3d0 [ 30.953948] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.954661] kthread+0x24c/0x2d0 [ 30.955220] ret_from_fork+0x10/0x20 [ 30.955791] [ 30.956175] The buggy address belongs to the physical page: [ 30.957578] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.958526] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.959345] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.960160] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.961097] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.962366] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.963186] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.963985] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.965784] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.966687] page dumped because: kasan: bad access detected [ 30.967335] [ 30.968000] Memory state around the buggy address: [ 30.969147] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.970127] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.971003] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.971800] ^ [ 30.972708] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.973740] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.974981] ================================================================== [ 30.659674] ================================================================== [ 30.660438] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.661385] Write of size 1 at addr fff00000c4481eea by task kunit_try_catch/147 [ 30.662563] [ 30.662926] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.664823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.665504] Hardware name: linux,dummy-virt (DT) [ 30.666183] Call trace: [ 30.666551] show_stack+0x20/0x38 (C) [ 30.667067] dump_stack_lvl+0x8c/0xd0 [ 30.667588] print_report+0x118/0x5e0 [ 30.668482] kasan_report+0xc8/0x118 [ 30.669219] __asan_report_store1_noabort+0x20/0x30 [ 30.670022] krealloc_less_oob_helper+0xae4/0xc50 [ 30.670895] krealloc_less_oob+0x20/0x38 [ 30.671689] kunit_try_run_case+0x14c/0x3d0 [ 30.672277] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.673313] kthread+0x24c/0x2d0 [ 30.673862] ret_from_fork+0x10/0x20 [ 30.674662] [ 30.675203] Allocated by task 147: [ 30.675849] kasan_save_stack+0x3c/0x68 [ 30.676600] kasan_save_track+0x20/0x40 [ 30.677311] kasan_save_alloc_info+0x40/0x58 [ 30.677861] __kasan_krealloc+0x118/0x178 [ 30.678494] krealloc_noprof+0x128/0x360 [ 30.679062] krealloc_less_oob_helper+0x168/0xc50 [ 30.679729] krealloc_less_oob+0x20/0x38 [ 30.680407] kunit_try_run_case+0x14c/0x3d0 [ 30.681056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.681691] kthread+0x24c/0x2d0 [ 30.682266] ret_from_fork+0x10/0x20 [ 30.682830] [ 30.683220] The buggy address belongs to the object at fff00000c4481e00 [ 30.683220] which belongs to the cache kmalloc-256 of size 256 [ 30.684467] The buggy address is located 33 bytes to the right of [ 30.684467] allocated 201-byte region [fff00000c4481e00, fff00000c4481ec9) [ 30.685864] [ 30.686288] The buggy address belongs to the physical page: [ 30.686982] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.688018] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.688865] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.689758] page_type: f5(slab) [ 30.690224] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.691179] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.692086] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.693052] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.693944] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.694832] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.695740] page dumped because: kasan: bad access detected [ 30.696391] [ 30.696789] Memory state around the buggy address: [ 30.697335] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698194] fff00000c4481e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.699162] >fff00000c4481e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.700153] ^ [ 30.700856] fff00000c4481f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.701965] fff00000c4481f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.702897] ================================================================== [ 30.907955] ================================================================== [ 30.909008] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.909630] Write of size 1 at addr fff00000c64660da by task kunit_try_catch/151 [ 30.910604] [ 30.911041] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.912325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.912802] Hardware name: linux,dummy-virt (DT) [ 30.913472] Call trace: [ 30.913984] show_stack+0x20/0x38 (C) [ 30.914663] dump_stack_lvl+0x8c/0xd0 [ 30.915287] print_report+0x118/0x5e0 [ 30.915862] kasan_report+0xc8/0x118 [ 30.916488] __asan_report_store1_noabort+0x20/0x30 [ 30.917503] krealloc_less_oob_helper+0xa80/0xc50 [ 30.918501] krealloc_large_less_oob+0x20/0x38 [ 30.919138] kunit_try_run_case+0x14c/0x3d0 [ 30.919858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.920955] kthread+0x24c/0x2d0 [ 30.921429] ret_from_fork+0x10/0x20 [ 30.922063] [ 30.922373] The buggy address belongs to the physical page: [ 30.922948] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.923923] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.924761] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.925966] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.926867] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.928148] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.929337] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.930136] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.931204] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.931999] page dumped because: kasan: bad access detected [ 30.933473] [ 30.933724] Memory state around the buggy address: [ 30.934398] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.935190] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.936059] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.936824] ^ [ 30.937871] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.938716] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.939782] ==================================================================
[ 30.631218] ================================================================== [ 30.631923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.632296] Write of size 1 at addr fff00000c47dfcea by task kunit_try_catch/147 [ 30.633004] [ 30.633411] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.635807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.636481] Hardware name: linux,dummy-virt (DT) [ 30.637193] Call trace: [ 30.637709] show_stack+0x20/0x38 (C) [ 30.638339] dump_stack_lvl+0x8c/0xd0 [ 30.640140] print_report+0x118/0x5e0 [ 30.641017] kasan_report+0xc8/0x118 [ 30.641806] __asan_report_store1_noabort+0x20/0x30 [ 30.642446] krealloc_less_oob_helper+0xae4/0xc50 [ 30.643114] krealloc_less_oob+0x20/0x38 [ 30.643821] kunit_try_run_case+0x14c/0x3d0 [ 30.644489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.645321] kthread+0x24c/0x2d0 [ 30.645898] ret_from_fork+0x10/0x20 [ 30.646584] [ 30.646954] Allocated by task 147: [ 30.647433] kasan_save_stack+0x3c/0x68 [ 30.648107] kasan_save_track+0x20/0x40 [ 30.648812] kasan_save_alloc_info+0x40/0x58 [ 30.649440] __kasan_krealloc+0x118/0x178 [ 30.650111] krealloc_noprof+0x128/0x360 [ 30.650788] krealloc_less_oob_helper+0x168/0xc50 [ 30.651416] krealloc_less_oob+0x20/0x38 [ 30.652104] kunit_try_run_case+0x14c/0x3d0 [ 30.652770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.653603] kthread+0x24c/0x2d0 [ 30.654098] ret_from_fork+0x10/0x20 [ 30.654757] [ 30.655131] The buggy address belongs to the object at fff00000c47dfc00 [ 30.655131] which belongs to the cache kmalloc-256 of size 256 [ 30.656803] The buggy address is located 33 bytes to the right of [ 30.656803] allocated 201-byte region [fff00000c47dfc00, fff00000c47dfcc9) [ 30.658257] [ 30.658605] The buggy address belongs to the physical page: [ 30.659475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.660605] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.661657] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.662660] page_type: f5(slab) [ 30.663145] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.664223] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.665142] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.666251] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.667342] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.668002] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.668937] page dumped because: kasan: bad access detected [ 30.669604] [ 30.670010] Memory state around the buggy address: [ 30.670713] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.671437] fff00000c47dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.672398] >fff00000c47dfc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.673252] ^ [ 30.674074] fff00000c47dfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.674989] fff00000c47dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675789] ================================================================== [ 30.913460] ================================================================== [ 30.914761] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.916420] Write of size 1 at addr fff00000c64ba0ea by task kunit_try_catch/151 [ 30.917289] [ 30.917714] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.919262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.919782] Hardware name: linux,dummy-virt (DT) [ 30.920447] Call trace: [ 30.920830] show_stack+0x20/0x38 (C) [ 30.921454] dump_stack_lvl+0x8c/0xd0 [ 30.922934] print_report+0x118/0x5e0 [ 30.923649] kasan_report+0xc8/0x118 [ 30.924063] __asan_report_store1_noabort+0x20/0x30 [ 30.924866] krealloc_less_oob_helper+0xae4/0xc50 [ 30.926116] krealloc_large_less_oob+0x20/0x38 [ 30.926779] kunit_try_run_case+0x14c/0x3d0 [ 30.927387] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.928229] kthread+0x24c/0x2d0 [ 30.928767] ret_from_fork+0x10/0x20 [ 30.929440] [ 30.930113] The buggy address belongs to the physical page: [ 30.930680] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 30.932108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.933113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.934018] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.934959] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.936006] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.937006] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.937935] head: 0bfffe0000000002 ffffc1ffc3192e01 ffffffffffffffff 0000000000000000 [ 30.938841] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.939680] page dumped because: kasan: bad access detected [ 30.940466] [ 30.941516] Memory state around the buggy address: [ 30.942563] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.943249] fff00000c64ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.944081] >fff00000c64ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.944947] ^ [ 30.946083] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.946860] fff00000c64ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.948203] ================================================================== [ 30.949501] ================================================================== [ 30.950608] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.951255] Write of size 1 at addr fff00000c64ba0eb by task kunit_try_catch/151 [ 30.951950] [ 30.952347] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.953653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.954135] Hardware name: linux,dummy-virt (DT) [ 30.954813] Call trace: [ 30.955279] show_stack+0x20/0x38 (C) [ 30.957221] dump_stack_lvl+0x8c/0xd0 [ 30.958093] print_report+0x118/0x5e0 [ 30.958721] kasan_report+0xc8/0x118 [ 30.959372] __asan_report_store1_noabort+0x20/0x30 [ 30.960183] krealloc_less_oob_helper+0xa58/0xc50 [ 30.961018] krealloc_large_less_oob+0x20/0x38 [ 30.961678] kunit_try_run_case+0x14c/0x3d0 [ 30.962302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.963252] kthread+0x24c/0x2d0 [ 30.964021] ret_from_fork+0x10/0x20 [ 30.964622] [ 30.965140] The buggy address belongs to the physical page: [ 30.966404] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 30.967576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.968414] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.969249] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.970591] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.971847] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.972738] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.973636] head: 0bfffe0000000002 ffffc1ffc3192e01 ffffffffffffffff 0000000000000000 [ 30.974564] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.975394] page dumped because: kasan: bad access detected [ 30.976089] [ 30.976502] Memory state around the buggy address: [ 30.977213] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.978360] fff00000c64ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.979898] >fff00000c64ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.980746] ^ [ 30.981565] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.982346] fff00000c64ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.983210] ================================================================== [ 30.679382] ================================================================== [ 30.680145] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.681187] Write of size 1 at addr fff00000c47dfceb by task kunit_try_catch/147 [ 30.682386] [ 30.682776] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.684993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.685795] Hardware name: linux,dummy-virt (DT) [ 30.686616] Call trace: [ 30.687201] show_stack+0x20/0x38 (C) [ 30.687795] dump_stack_lvl+0x8c/0xd0 [ 30.688476] print_report+0x118/0x5e0 [ 30.689025] kasan_report+0xc8/0x118 [ 30.689661] __asan_report_store1_noabort+0x20/0x30 [ 30.690432] krealloc_less_oob_helper+0xa58/0xc50 [ 30.691068] krealloc_less_oob+0x20/0x38 [ 30.691727] kunit_try_run_case+0x14c/0x3d0 [ 30.692329] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.693180] kthread+0x24c/0x2d0 [ 30.693800] ret_from_fork+0x10/0x20 [ 30.694417] [ 30.694754] Allocated by task 147: [ 30.695394] kasan_save_stack+0x3c/0x68 [ 30.695934] kasan_save_track+0x20/0x40 [ 30.696620] kasan_save_alloc_info+0x40/0x58 [ 30.697233] __kasan_krealloc+0x118/0x178 [ 30.697926] krealloc_noprof+0x128/0x360 [ 30.698584] krealloc_less_oob_helper+0x168/0xc50 [ 30.699258] krealloc_less_oob+0x20/0x38 [ 30.699952] kunit_try_run_case+0x14c/0x3d0 [ 30.700645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.701356] kthread+0x24c/0x2d0 [ 30.701986] ret_from_fork+0x10/0x20 [ 30.702637] [ 30.703010] The buggy address belongs to the object at fff00000c47dfc00 [ 30.703010] which belongs to the cache kmalloc-256 of size 256 [ 30.704343] The buggy address is located 34 bytes to the right of [ 30.704343] allocated 201-byte region [fff00000c47dfc00, fff00000c47dfcc9) [ 30.705794] [ 30.706110] The buggy address belongs to the physical page: [ 30.706917] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.707814] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.708760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.709658] page_type: f5(slab) [ 30.710219] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.711089] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.712005] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.712988] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.713902] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.714827] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.715712] page dumped because: kasan: bad access detected [ 30.716398] [ 30.716797] Memory state around the buggy address: [ 30.717543] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.718290] fff00000c47dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.719254] >fff00000c47dfc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.720070] ^ [ 30.720917] fff00000c47dfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.721824] fff00000c47dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.722665] ================================================================== [ 30.809304] ================================================================== [ 30.810651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.811749] Write of size 1 at addr fff00000c64ba0c9 by task kunit_try_catch/151 [ 30.812834] [ 30.813283] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.814847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.815393] Hardware name: linux,dummy-virt (DT) [ 30.816073] Call trace: [ 30.816575] show_stack+0x20/0x38 (C) [ 30.817105] dump_stack_lvl+0x8c/0xd0 [ 30.817676] print_report+0x118/0x5e0 [ 30.818300] kasan_report+0xc8/0x118 [ 30.818883] __asan_report_store1_noabort+0x20/0x30 [ 30.819557] krealloc_less_oob_helper+0xa48/0xc50 [ 30.820198] krealloc_large_less_oob+0x20/0x38 [ 30.820854] kunit_try_run_case+0x14c/0x3d0 [ 30.821483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.822349] kthread+0x24c/0x2d0 [ 30.822827] ret_from_fork+0x10/0x20 [ 30.823450] [ 30.823836] The buggy address belongs to the physical page: [ 30.824438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 30.825359] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.826138] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.827223] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.828117] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.828997] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.829934] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.830783] head: 0bfffe0000000002 ffffc1ffc3192e01 ffffffffffffffff 0000000000000000 [ 30.831983] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.832844] page dumped because: kasan: bad access detected [ 30.833485] [ 30.833892] Memory state around the buggy address: [ 30.834398] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.835584] fff00000c64ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.836632] >fff00000c64ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.837481] ^ [ 30.838269] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.839241] fff00000c64ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.839962] ================================================================== [ 30.480011] ================================================================== [ 30.481286] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.482130] Write of size 1 at addr fff00000c47dfcc9 by task kunit_try_catch/147 [ 30.483569] [ 30.483964] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.484903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.485457] Hardware name: linux,dummy-virt (DT) [ 30.486012] Call trace: [ 30.486875] show_stack+0x20/0x38 (C) [ 30.487518] dump_stack_lvl+0x8c/0xd0 [ 30.488142] print_report+0x118/0x5e0 [ 30.488676] kasan_report+0xc8/0x118 [ 30.489284] __asan_report_store1_noabort+0x20/0x30 [ 30.490478] krealloc_less_oob_helper+0xa48/0xc50 [ 30.491239] krealloc_less_oob+0x20/0x38 [ 30.491770] kunit_try_run_case+0x14c/0x3d0 [ 30.492472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.493407] kthread+0x24c/0x2d0 [ 30.494444] ret_from_fork+0x10/0x20 [ 30.495119] [ 30.495484] Allocated by task 147: [ 30.495929] kasan_save_stack+0x3c/0x68 [ 30.496584] kasan_save_track+0x20/0x40 [ 30.497223] kasan_save_alloc_info+0x40/0x58 [ 30.497994] __kasan_krealloc+0x118/0x178 [ 30.498961] krealloc_noprof+0x128/0x360 [ 30.499506] krealloc_less_oob_helper+0x168/0xc50 [ 30.500175] krealloc_less_oob+0x20/0x38 [ 30.501421] kunit_try_run_case+0x14c/0x3d0 [ 30.501983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.502775] kthread+0x24c/0x2d0 [ 30.503309] ret_from_fork+0x10/0x20 [ 30.504296] [ 30.504674] The buggy address belongs to the object at fff00000c47dfc00 [ 30.504674] which belongs to the cache kmalloc-256 of size 256 [ 30.506643] The buggy address is located 0 bytes to the right of [ 30.506643] allocated 201-byte region [fff00000c47dfc00, fff00000c47dfcc9) [ 30.507855] [ 30.508231] The buggy address belongs to the physical page: [ 30.508933] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.509819] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.511020] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.512007] page_type: f5(slab) [ 30.512507] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.513441] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.515002] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.515822] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.516759] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.517624] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.518455] page dumped because: kasan: bad access detected [ 30.519545] [ 30.519910] Memory state around the buggy address: [ 30.520519] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.521326] fff00000c47dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.522842] >fff00000c47dfc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.523610] ^ [ 30.524322] fff00000c47dfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.525671] fff00000c47dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.526436] ================================================================== [ 30.841546] ================================================================== [ 30.842709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.843677] Write of size 1 at addr fff00000c64ba0d0 by task kunit_try_catch/151 [ 30.844940] [ 30.845341] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.846912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.847399] Hardware name: linux,dummy-virt (DT) [ 30.848071] Call trace: [ 30.848431] show_stack+0x20/0x38 (C) [ 30.849006] dump_stack_lvl+0x8c/0xd0 [ 30.849717] print_report+0x118/0x5e0 [ 30.850717] kasan_report+0xc8/0x118 [ 30.851347] __asan_report_store1_noabort+0x20/0x30 [ 30.852710] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.853924] krealloc_large_less_oob+0x20/0x38 [ 30.855016] kunit_try_run_case+0x14c/0x3d0 [ 30.855967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.857211] kthread+0x24c/0x2d0 [ 30.857832] ret_from_fork+0x10/0x20 [ 30.858387] [ 30.858810] The buggy address belongs to the physical page: [ 30.859652] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 30.860556] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.861353] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.862226] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.863291] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.864324] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.865240] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.866303] head: 0bfffe0000000002 ffffc1ffc3192e01 ffffffffffffffff 0000000000000000 [ 30.867720] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.868657] page dumped because: kasan: bad access detected [ 30.869594] [ 30.870221] Memory state around the buggy address: [ 30.871041] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.871946] fff00000c64ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.872929] >fff00000c64ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.874287] ^ [ 30.875460] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.876330] fff00000c64ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.878011] ================================================================== [ 30.528059] ================================================================== [ 30.528754] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.530001] Write of size 1 at addr fff00000c47dfcd0 by task kunit_try_catch/147 [ 30.530864] [ 30.531263] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.533371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.534519] Hardware name: linux,dummy-virt (DT) [ 30.535195] Call trace: [ 30.535658] show_stack+0x20/0x38 (C) [ 30.536304] dump_stack_lvl+0x8c/0xd0 [ 30.536874] print_report+0x118/0x5e0 [ 30.537510] kasan_report+0xc8/0x118 [ 30.538870] __asan_report_store1_noabort+0x20/0x30 [ 30.539662] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.540241] krealloc_less_oob+0x20/0x38 [ 30.540925] kunit_try_run_case+0x14c/0x3d0 [ 30.541544] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.542327] kthread+0x24c/0x2d0 [ 30.543323] ret_from_fork+0x10/0x20 [ 30.543901] [ 30.544197] Allocated by task 147: [ 30.544745] kasan_save_stack+0x3c/0x68 [ 30.545367] kasan_save_track+0x20/0x40 [ 30.546840] kasan_save_alloc_info+0x40/0x58 [ 30.547397] __kasan_krealloc+0x118/0x178 [ 30.548065] krealloc_noprof+0x128/0x360 [ 30.548860] krealloc_less_oob_helper+0x168/0xc50 [ 30.549567] krealloc_less_oob+0x20/0x38 [ 30.550461] kunit_try_run_case+0x14c/0x3d0 [ 30.551010] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.551769] kthread+0x24c/0x2d0 [ 30.552286] ret_from_fork+0x10/0x20 [ 30.553072] [ 30.553420] The buggy address belongs to the object at fff00000c47dfc00 [ 30.553420] which belongs to the cache kmalloc-256 of size 256 [ 30.555487] The buggy address is located 7 bytes to the right of [ 30.555487] allocated 201-byte region [fff00000c47dfc00, fff00000c47dfcc9) [ 30.556908] [ 30.557281] The buggy address belongs to the physical page: [ 30.558344] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.559157] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.560114] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.560912] page_type: f5(slab) [ 30.561451] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.562878] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.563831] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.565016] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.566103] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.567520] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.568381] page dumped because: kasan: bad access detected [ 30.569049] [ 30.569324] Memory state around the buggy address: [ 30.570411] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.571291] fff00000c47dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.572741] >fff00000c47dfc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.573520] ^ [ 30.574281] fff00000c47dfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.575574] fff00000c47dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.576345] ================================================================== [ 30.879430] ================================================================== [ 30.880245] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.881497] Write of size 1 at addr fff00000c64ba0da by task kunit_try_catch/151 [ 30.883012] [ 30.883349] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.884447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.885091] Hardware name: linux,dummy-virt (DT) [ 30.885663] Call trace: [ 30.886385] show_stack+0x20/0x38 (C) [ 30.887045] dump_stack_lvl+0x8c/0xd0 [ 30.887687] print_report+0x118/0x5e0 [ 30.888204] kasan_report+0xc8/0x118 [ 30.888929] __asan_report_store1_noabort+0x20/0x30 [ 30.889685] krealloc_less_oob_helper+0xa80/0xc50 [ 30.890662] krealloc_large_less_oob+0x20/0x38 [ 30.891260] kunit_try_run_case+0x14c/0x3d0 [ 30.891956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.893211] kthread+0x24c/0x2d0 [ 30.893780] ret_from_fork+0x10/0x20 [ 30.894276] [ 30.894664] The buggy address belongs to the physical page: [ 30.895354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 30.896413] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.897170] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.898653] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.899574] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.900550] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.901408] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.902627] head: 0bfffe0000000002 ffffc1ffc3192e01 ffffffffffffffff 0000000000000000 [ 30.903502] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.904501] page dumped because: kasan: bad access detected [ 30.905178] [ 30.905559] Memory state around the buggy address: [ 30.906159] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.907012] fff00000c64ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.908638] >fff00000c64ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.909396] ^ [ 30.910125] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.911139] fff00000c64ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.911947] ================================================================== [ 30.579889] ================================================================== [ 30.580638] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.581377] Write of size 1 at addr fff00000c47dfcda by task kunit_try_catch/147 [ 30.582219] [ 30.582897] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.584369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.585041] Hardware name: linux,dummy-virt (DT) [ 30.586150] Call trace: [ 30.586799] show_stack+0x20/0x38 (C) [ 30.587811] dump_stack_lvl+0x8c/0xd0 [ 30.588698] print_report+0x118/0x5e0 [ 30.589381] kasan_report+0xc8/0x118 [ 30.590252] __asan_report_store1_noabort+0x20/0x30 [ 30.591070] krealloc_less_oob_helper+0xa80/0xc50 [ 30.591693] krealloc_less_oob+0x20/0x38 [ 30.592386] kunit_try_run_case+0x14c/0x3d0 [ 30.593066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.594019] kthread+0x24c/0x2d0 [ 30.594829] ret_from_fork+0x10/0x20 [ 30.595442] [ 30.595771] Allocated by task 147: [ 30.596335] kasan_save_stack+0x3c/0x68 [ 30.597497] kasan_save_track+0x20/0x40 [ 30.598327] kasan_save_alloc_info+0x40/0x58 [ 30.599200] __kasan_krealloc+0x118/0x178 [ 30.599821] krealloc_noprof+0x128/0x360 [ 30.600395] krealloc_less_oob_helper+0x168/0xc50 [ 30.601402] krealloc_less_oob+0x20/0x38 [ 30.602778] kunit_try_run_case+0x14c/0x3d0 [ 30.603635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.604572] kthread+0x24c/0x2d0 [ 30.605268] ret_from_fork+0x10/0x20 [ 30.605972] [ 30.606497] The buggy address belongs to the object at fff00000c47dfc00 [ 30.606497] which belongs to the cache kmalloc-256 of size 256 [ 30.608082] The buggy address is located 17 bytes to the right of [ 30.608082] allocated 201-byte region [fff00000c47dfc00, fff00000c47dfcc9) [ 30.609440] [ 30.610212] The buggy address belongs to the physical page: [ 30.611698] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.612504] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.613355] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.614624] page_type: f5(slab) [ 30.615098] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.615962] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.616858] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.618016] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.618820] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.620183] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.621032] page dumped because: kasan: bad access detected [ 30.621744] [ 30.622444] Memory state around the buggy address: [ 30.623271] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.624127] fff00000c47dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.624957] >fff00000c47dfc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.625832] ^ [ 30.626642] fff00000c47dfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.627346] fff00000c47dfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.628276] ==================================================================
[ 25.107157] ================================================================== [ 25.107991] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0 [ 25.107991] Write of size 1 at addr ffff888102b120eb by task kunit_try_catch/171 [ 25.107991] [ 25.107991] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.107991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.107991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.107991] Call Trace: [ 25.107991] <TASK> [ 25.107991] dump_stack_lvl+0x73/0xb0 [ 25.107991] print_report+0xd1/0x640 [ 25.107991] ? __virt_addr_valid+0x1db/0x2d0 [ 25.107991] ? kasan_addr_to_slab+0x11/0xa0 [ 25.107991] kasan_report+0x102/0x140 [ 25.107991] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 25.107991] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 25.107991] __asan_report_store1_noabort+0x1b/0x30 [ 25.107991] krealloc_less_oob_helper+0xd49/0x11d0 [ 25.107991] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.107991] ? __switch_to+0x5d9/0xf60 [ 25.107991] ? __schedule+0xc3e/0x2790 [ 25.107991] krealloc_large_less_oob+0x1c/0x30 [ 25.107991] kunit_try_run_case+0x1b3/0x490 [ 25.107991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107991] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.107991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.107991] ? __kthread_parkme+0x82/0x160 [ 25.107991] ? preempt_count_sub+0x50/0x80 [ 25.107991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.107991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.107991] kthread+0x257/0x310 [ 25.107991] ? __pfx_kthread+0x10/0x10 [ 25.107991] ret_from_fork+0x41/0x80 [ 25.107991] ? __pfx_kthread+0x10/0x10 [ 25.107991] ret_from_fork_asm+0x1a/0x30 [ 25.107991] </TASK> [ 25.107991] [ 25.107991] The buggy address belongs to the physical page: [ 25.107991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 25.107991] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.107991] flags: 0x200000000000040(head|node=0|zone=2) [ 25.107991] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.107991] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.107991] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.107991] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.107991] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 25.107991] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 25.107991] page dumped because: kasan: bad access detected [ 25.107991] [ 25.107991] Memory state around the buggy address: [ 25.107991] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.107991] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.107991] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.107991] ^ [ 25.107991] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.107991] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.107991] ================================================================== [ 24.761503] ================================================================== [ 24.762215] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0 [ 24.763090] Write of size 1 at addr ffff888100aa9aeb by task kunit_try_catch/165 [ 24.763465] [ 24.763636] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 24.763639] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.763773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.763813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.763872] Call Trace: [ 24.763925] <TASK> [ 24.763976] dump_stack_lvl+0x73/0xb0 [ 24.764071] print_report+0xd1/0x640 [ 24.764147] ? __virt_addr_valid+0x1db/0x2d0 [ 24.764230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.764315] kasan_report+0x102/0x140 [ 24.764417] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 24.764504] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 24.764597] __asan_report_store1_noabort+0x1b/0x30 [ 24.764673] krealloc_less_oob_helper+0xd49/0x11d0 [ 24.764792] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.764875] ? finish_task_switch.isra.0+0x153/0x700 [ 24.764985] ? __switch_to+0x5d9/0xf60 [ 24.765078] ? __schedule+0xc3e/0x2790 [ 24.767192] ? __pfx_read_tsc+0x10/0x10 [ 24.767296] krealloc_less_oob+0x1c/0x30 [ 24.767366] kunit_try_run_case+0x1b3/0x490 [ 24.767436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.767500] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.767565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.767630] ? __kthread_parkme+0x82/0x160 [ 24.767745] ? preempt_count_sub+0x50/0x80 [ 24.768486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.770557] sched_clock: Marking unstable (24632152235, 131065939)<-(24918734144, -155476693) [ 24.772272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.772386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.772462] kthread+0x257/0x310 [ 24.773192] ? __pfx_kthread+0x10/0x10 [ 24.773260] ret_from_fork+0x41/0x80 [ 24.764218] ? __pfx_kthread+0x10/0x10 [ 24.764218] ret_from_fork_asm+0x1a/0x30 [ 24.764218] </TASK> [ 24.764218] [ 24.764218] Allocated by task 165: [ 24.764218] kasan_save_stack+0x3d/0x60 [ 24.764218] kasan_save_track+0x18/0x40 [ 24.764218] kasan_save_alloc_info+0x3b/0x50 [ 24.764218] __kasan_krealloc+0x190/0x1f0 [ 24.764218] krealloc_noprof+0xf3/0x340 [ 24.764218] krealloc_less_oob_helper+0x1ab/0x11d0 [ 24.764218] krealloc_less_oob+0x1c/0x30 [ 24.764218] kunit_try_run_case+0x1b3/0x490 [ 24.764218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.764218] kthread+0x257/0x310 [ 24.764218] ret_from_fork+0x41/0x80 [ 24.764218] ret_from_fork_asm+0x1a/0x30 [ 24.764218] [ 24.764218] The buggy address belongs to the object at ffff888100aa9a00 [ 24.764218] which belongs to the cache kmalloc-256 of size 256 [ 24.764218] The buggy address is located 34 bytes to the right of [ 24.764218] allocated 201-byte region [ffff888100aa9a00, ffff888100aa9ac9) [ 24.764218] [ 24.764218] The buggy address belongs to the physical page: [ 24.764218] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 24.764218] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.764218] flags: 0x200000000000040(head|node=0|zone=2) [ 24.764218] page_type: f5(slab) [ 24.764218] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.764218] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.764218] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.764218] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.764218] head: 0200000000000001 ffffea000402aa01 ffffffffffffffff 0000000000000000 [ 24.764218] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.764218] page dumped because: kasan: bad access detected [ 24.764218] [ 24.764218] Memory state around the buggy address: [ 24.764218] ffff888100aa9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764218] ffff888100aa9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.764218] >ffff888100aa9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.764218] ^ [ 24.764218] ffff888100aa9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764218] ffff888100aa9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764218] ================================================================== [ 24.573240] ================================================================== [ 24.574527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0 [ 24.575272] Write of size 1 at addr ffff888100aa9ad0 by task kunit_try_catch/165 [ 24.575835] [ 24.576049] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.578040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.578427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.579505] Call Trace: [ 24.579828] <TASK> [ 24.580025] dump_stack_lvl+0x73/0xb0 [ 24.580555] print_report+0xd1/0x640 [ 24.581569] ? __virt_addr_valid+0x1db/0x2d0 [ 24.582113] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.582523] kasan_report+0x102/0x140 [ 24.583401] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 24.583902] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 24.584627] __asan_report_store1_noabort+0x1b/0x30 [ 24.585153] krealloc_less_oob_helper+0xe25/0x11d0 [ 24.585580] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.586115] ? finish_task_switch.isra.0+0x153/0x700 [ 24.586606] ? __switch_to+0x5d9/0xf60 [ 24.587732] ? __schedule+0xc3e/0x2790 [ 24.588283] ? __pfx_read_tsc+0x10/0x10 [ 24.588788] krealloc_less_oob+0x1c/0x30 [ 24.589260] kunit_try_run_case+0x1b3/0x490 [ 24.589801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.590637] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.591827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.592422] ? __kthread_parkme+0x82/0x160 [ 24.592940] ? preempt_count_sub+0x50/0x80 [ 24.593420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.594055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.594885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.595960] kthread+0x257/0x310 [ 24.596397] ? __pfx_kthread+0x10/0x10 [ 24.597251] ret_from_fork+0x41/0x80 [ 24.597635] ? __pfx_kthread+0x10/0x10 [ 24.598036] ret_from_fork_asm+0x1a/0x30 [ 24.598807] </TASK> [ 24.599653] [ 24.599949] Allocated by task 165: [ 24.600370] kasan_save_stack+0x3d/0x60 [ 24.601020] kasan_save_track+0x18/0x40 [ 24.601515] kasan_save_alloc_info+0x3b/0x50 [ 24.601907] __kasan_krealloc+0x190/0x1f0 [ 24.602561] krealloc_noprof+0xf3/0x340 [ 24.603000] krealloc_less_oob_helper+0x1ab/0x11d0 [ 24.603336] krealloc_less_oob+0x1c/0x30 [ 24.604189] kunit_try_run_case+0x1b3/0x490 [ 24.604545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.605076] kthread+0x257/0x310 [ 24.605461] ret_from_fork+0x41/0x80 [ 24.606440] ret_from_fork_asm+0x1a/0x30 [ 24.606850] [ 24.607222] The buggy address belongs to the object at ffff888100aa9a00 [ 24.607222] which belongs to the cache kmalloc-256 of size 256 [ 24.608386] The buggy address is located 7 bytes to the right of [ 24.608386] allocated 201-byte region [ffff888100aa9a00, ffff888100aa9ac9) [ 24.610051] [ 24.610477] The buggy address belongs to the physical page: [ 24.611024] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 24.611626] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.612559] flags: 0x200000000000040(head|node=0|zone=2) [ 24.613720] page_type: f5(slab) [ 24.614086] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.614781] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.615252] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.616264] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.617005] head: 0200000000000001 ffffea000402aa01 ffffffffffffffff 0000000000000000 [ 24.618362] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.619017] page dumped because: kasan: bad access detected [ 24.619799] [ 24.620008] Memory state around the buggy address: [ 24.620632] ffff888100aa9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.621952] ffff888100aa9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.622458] >ffff888100aa9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.623042] ^ [ 24.623556] ffff888100aa9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.624447] ffff888100aa9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.624941] ================================================================== [ 24.942742] ================================================================== [ 24.943528] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0 [ 24.943528] Write of size 1 at addr ffff888102b120c9 by task kunit_try_catch/171 [ 24.943528] [ 24.943528] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.943528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.943528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.943528] Call Trace: [ 24.943528] <TASK> [ 24.943528] dump_stack_lvl+0x73/0xb0 [ 24.943528] print_report+0xd1/0x640 [ 24.943528] ? __virt_addr_valid+0x1db/0x2d0 [ 24.943528] ? kasan_addr_to_slab+0x11/0xa0 [ 24.943528] kasan_report+0x102/0x140 [ 24.943528] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 24.943528] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 24.943528] __asan_report_store1_noabort+0x1b/0x30 [ 24.943528] krealloc_less_oob_helper+0xd72/0x11d0 [ 24.943528] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.943528] ? __switch_to+0x5d9/0xf60 [ 24.943528] ? __schedule+0xc3e/0x2790 [ 24.943528] krealloc_large_less_oob+0x1c/0x30 [ 24.943528] kunit_try_run_case+0x1b3/0x490 [ 24.943528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.943528] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.943528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.943528] ? __kthread_parkme+0x82/0x160 [ 24.943528] ? preempt_count_sub+0x50/0x80 [ 24.943528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.943528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.943528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.943528] kthread+0x257/0x310 [ 24.943528] ? __pfx_kthread+0x10/0x10 [ 24.943528] ret_from_fork+0x41/0x80 [ 24.943528] ? __pfx_kthread+0x10/0x10 [ 24.943528] ret_from_fork_asm+0x1a/0x30 [ 24.943528] </TASK> [ 24.943528] [ 24.943528] The buggy address belongs to the physical page: [ 24.943528] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 24.943528] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.943528] flags: 0x200000000000040(head|node=0|zone=2) [ 24.943528] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.943528] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.943528] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.943528] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.943528] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 24.943528] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 24.943528] page dumped because: kasan: bad access detected [ 24.943528] [ 24.943528] Memory state around the buggy address: [ 24.943528] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.943528] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.943528] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.943528] ^ [ 24.943528] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.943528] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.943528] ================================================================== [ 25.028928] ================================================================== [ 25.029771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0 [ 25.029771] Write of size 1 at addr ffff888102b120da by task kunit_try_catch/171 [ 25.029771] [ 25.029771] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.029771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.029771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.029771] Call Trace: [ 25.029771] <TASK> [ 25.029771] dump_stack_lvl+0x73/0xb0 [ 25.029771] print_report+0xd1/0x640 [ 25.029771] ? __virt_addr_valid+0x1db/0x2d0 [ 25.029771] ? kasan_addr_to_slab+0x11/0xa0 [ 25.029771] kasan_report+0x102/0x140 [ 25.029771] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 25.029771] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 25.029771] __asan_report_store1_noabort+0x1b/0x30 [ 25.029771] krealloc_less_oob_helper+0xec8/0x11d0 [ 25.029771] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.029771] ? __switch_to+0x5d9/0xf60 [ 25.029771] ? __schedule+0xc3e/0x2790 [ 25.029771] krealloc_large_less_oob+0x1c/0x30 [ 25.029771] kunit_try_run_case+0x1b3/0x490 [ 25.029771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.029771] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.029771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.029771] ? __kthread_parkme+0x82/0x160 [ 25.029771] ? preempt_count_sub+0x50/0x80 [ 25.029771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.029771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.029771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.029771] kthread+0x257/0x310 [ 25.029771] ? __pfx_kthread+0x10/0x10 [ 25.029771] ret_from_fork+0x41/0x80 [ 25.029771] ? __pfx_kthread+0x10/0x10 [ 25.029771] ret_from_fork_asm+0x1a/0x30 [ 25.029771] </TASK> [ 25.029771] [ 25.029771] The buggy address belongs to the physical page: [ 25.029771] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 25.029771] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.029771] flags: 0x200000000000040(head|node=0|zone=2) [ 25.029771] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.029771] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.029771] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.029771] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.029771] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 25.029771] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 25.029771] page dumped because: kasan: bad access detected [ 25.029771] [ 25.029771] Memory state around the buggy address: [ 25.029771] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.029771] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.029771] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.029771] ^ [ 25.029771] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.029771] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.029771] ================================================================== [ 25.066775] ================================================================== [ 25.067294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0 [ 25.067495] Write of size 1 at addr ffff888102b120ea by task kunit_try_catch/171 [ 25.067495] [ 25.067495] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.067495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.067495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.067495] Call Trace: [ 25.067495] <TASK> [ 25.067495] dump_stack_lvl+0x73/0xb0 [ 25.067495] print_report+0xd1/0x640 [ 25.067495] ? __virt_addr_valid+0x1db/0x2d0 [ 25.067495] ? kasan_addr_to_slab+0x11/0xa0 [ 25.067495] kasan_report+0x102/0x140 [ 25.067495] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 25.067495] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 25.067495] __asan_report_store1_noabort+0x1b/0x30 [ 25.067495] krealloc_less_oob_helper+0xe92/0x11d0 [ 25.067495] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.067495] ? __switch_to+0x5d9/0xf60 [ 25.067495] ? __schedule+0xc3e/0x2790 [ 25.067495] krealloc_large_less_oob+0x1c/0x30 [ 25.067495] kunit_try_run_case+0x1b3/0x490 [ 25.067495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.067495] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.067495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.067495] ? __kthread_parkme+0x82/0x160 [ 25.067495] ? preempt_count_sub+0x50/0x80 [ 25.067495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.067495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.067495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.067495] kthread+0x257/0x310 [ 25.067495] ? __pfx_kthread+0x10/0x10 [ 25.067495] ret_from_fork+0x41/0x80 [ 25.067495] ? __pfx_kthread+0x10/0x10 [ 25.067495] ret_from_fork_asm+0x1a/0x30 [ 25.067495] </TASK> [ 25.067495] [ 25.067495] The buggy address belongs to the physical page: [ 25.067495] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 25.067495] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.067495] flags: 0x200000000000040(head|node=0|zone=2) [ 25.067495] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.067495] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.067495] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.067495] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.067495] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 25.067495] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 25.067495] page dumped because: kasan: bad access detected [ 25.067495] [ 25.067495] Memory state around the buggy address: [ 25.067495] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.067495] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.067495] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.067495] ^ [ 25.067495] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.067495] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.067495] ================================================================== [ 24.986650] ================================================================== [ 24.987292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0 [ 24.987292] Write of size 1 at addr ffff888102b120d0 by task kunit_try_catch/171 [ 24.987292] [ 24.987292] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.987292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.987292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.987292] Call Trace: [ 24.987292] <TASK> [ 24.987292] dump_stack_lvl+0x73/0xb0 [ 24.987292] print_report+0xd1/0x640 [ 24.987292] ? __virt_addr_valid+0x1db/0x2d0 [ 24.987292] ? kasan_addr_to_slab+0x11/0xa0 [ 24.987292] kasan_report+0x102/0x140 [ 24.987292] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 24.987292] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 24.987292] __asan_report_store1_noabort+0x1b/0x30 [ 24.987292] krealloc_less_oob_helper+0xe25/0x11d0 [ 24.987292] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.987292] ? __switch_to+0x5d9/0xf60 [ 24.987292] ? __schedule+0xc3e/0x2790 [ 24.987292] krealloc_large_less_oob+0x1c/0x30 [ 24.987292] kunit_try_run_case+0x1b3/0x490 [ 24.987292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.987292] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.987292] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.987292] ? __kthread_parkme+0x82/0x160 [ 24.987292] ? preempt_count_sub+0x50/0x80 [ 24.987292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.987292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.987292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.987292] kthread+0x257/0x310 [ 24.987292] ? __pfx_kthread+0x10/0x10 [ 24.987292] ret_from_fork+0x41/0x80 [ 24.987292] ? __pfx_kthread+0x10/0x10 [ 24.987292] ret_from_fork_asm+0x1a/0x30 [ 24.987292] </TASK> [ 24.987292] [ 24.987292] The buggy address belongs to the physical page: [ 24.987292] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 24.987292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.987292] flags: 0x200000000000040(head|node=0|zone=2) [ 24.987292] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.987292] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.987292] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.987292] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.987292] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 24.987292] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 24.987292] page dumped because: kasan: bad access detected [ 24.987292] [ 24.987292] Memory state around the buggy address: [ 24.987292] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.987292] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.987292] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.987292] ^ [ 24.987292] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.987292] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.987292] ================================================================== [ 24.513382] ================================================================== [ 24.514355] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0 [ 24.515193] Write of size 1 at addr ffff888100aa9ac9 by task kunit_try_catch/165 [ 24.516747] [ 24.517527] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.518089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.519005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.520136] Call Trace: [ 24.520822] <TASK> [ 24.521589] dump_stack_lvl+0x73/0xb0 [ 24.522671] print_report+0xd1/0x640 [ 24.523073] ? __virt_addr_valid+0x1db/0x2d0 [ 24.523785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.524557] kasan_report+0x102/0x140 [ 24.524880] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 24.525564] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 24.526472] __asan_report_store1_noabort+0x1b/0x30 [ 24.526966] krealloc_less_oob_helper+0xd72/0x11d0 [ 24.527402] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.528384] ? finish_task_switch.isra.0+0x153/0x700 [ 24.528833] ? __switch_to+0x5d9/0xf60 [ 24.529533] ? __schedule+0xc3e/0x2790 [ 24.530554] ? __pfx_read_tsc+0x10/0x10 [ 24.531097] krealloc_less_oob+0x1c/0x30 [ 24.531844] kunit_try_run_case+0x1b3/0x490 [ 24.532321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.533379] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.534209] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.535080] ? __kthread_parkme+0x82/0x160 [ 24.535758] ? preempt_count_sub+0x50/0x80 [ 24.536450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.536662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.537950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.538532] kthread+0x257/0x310 [ 24.538787] ? __pfx_kthread+0x10/0x10 [ 24.539159] ret_from_fork+0x41/0x80 [ 24.539547] ? __pfx_kthread+0x10/0x10 [ 24.539865] ret_from_fork_asm+0x1a/0x30 [ 24.540198] </TASK> [ 24.540387] [ 24.540914] Allocated by task 165: [ 24.541507] kasan_save_stack+0x3d/0x60 [ 24.541894] kasan_save_track+0x18/0x40 [ 24.542903] kasan_save_alloc_info+0x3b/0x50 [ 24.543622] __kasan_krealloc+0x190/0x1f0 [ 24.543943] krealloc_noprof+0xf3/0x340 [ 24.544734] krealloc_less_oob_helper+0x1ab/0x11d0 [ 24.545396] krealloc_less_oob+0x1c/0x30 [ 24.545851] kunit_try_run_case+0x1b3/0x490 [ 24.546022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.547095] kthread+0x257/0x310 [ 24.547499] ret_from_fork+0x41/0x80 [ 24.548136] ret_from_fork_asm+0x1a/0x30 [ 24.548833] [ 24.549381] The buggy address belongs to the object at ffff888100aa9a00 [ 24.549381] which belongs to the cache kmalloc-256 of size 256 [ 24.551020] The buggy address is located 0 bytes to the right of [ 24.551020] allocated 201-byte region [ffff888100aa9a00, ffff888100aa9ac9) [ 24.551821] [ 24.552061] The buggy address belongs to the physical page: [ 24.552526] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 24.553397] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.554440] flags: 0x200000000000040(head|node=0|zone=2) [ 24.555407] page_type: f5(slab) [ 24.555825] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.556781] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.557571] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.558300] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.560054] head: 0200000000000001 ffffea000402aa01 ffffffffffffffff 0000000000000000 [ 24.560438] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.561272] page dumped because: kasan: bad access detected [ 24.562428] [ 24.562587] Memory state around the buggy address: [ 24.562876] ffff888100aa9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563948] ffff888100aa9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.565737] >ffff888100aa9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.566244] ^ [ 24.566781] ffff888100aa9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.568566] ffff888100aa9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.569122] ================================================================== [ 24.626928] ================================================================== [ 24.627620] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0 [ 24.628533] Write of size 1 at addr ffff888100aa9ada by task kunit_try_catch/165 [ 24.629634] [ 24.629934] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.630588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.631414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.632129] Call Trace: [ 24.632452] <TASK> [ 24.632774] dump_stack_lvl+0x73/0xb0 [ 24.633152] print_report+0xd1/0x640 [ 24.633446] ? __virt_addr_valid+0x1db/0x2d0 [ 24.636043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.636613] kasan_report+0x102/0x140 [ 24.638777] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 24.639387] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 24.639912] __asan_report_store1_noabort+0x1b/0x30 [ 24.640521] krealloc_less_oob_helper+0xec8/0x11d0 [ 24.641860] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.642956] ? finish_task_switch.isra.0+0x153/0x700 [ 24.644007] ? __switch_to+0x5d9/0xf60 [ 24.645161] ? __schedule+0xc3e/0x2790 [ 24.645718] ? __pfx_read_tsc+0x10/0x10 [ 24.646253] krealloc_less_oob+0x1c/0x30 [ 24.647524] kunit_try_run_case+0x1b3/0x490 [ 24.648934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.649488] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.649847] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.650465] ? __kthread_parkme+0x82/0x160 [ 24.650874] ? preempt_count_sub+0x50/0x80 [ 24.651314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.652059] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.652772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.653802] kthread+0x257/0x310 [ 24.654273] ? __pfx_kthread+0x10/0x10 [ 24.654835] ret_from_fork+0x41/0x80 [ 24.655351] ? __pfx_kthread+0x10/0x10 [ 24.656118] ret_from_fork_asm+0x1a/0x30 [ 24.656720] </TASK> [ 24.657127] [ 24.657384] Allocated by task 165: [ 24.657900] kasan_save_stack+0x3d/0x60 [ 24.658483] kasan_save_track+0x18/0x40 [ 24.659028] kasan_save_alloc_info+0x3b/0x50 [ 24.659518] __kasan_krealloc+0x190/0x1f0 [ 24.660110] krealloc_noprof+0xf3/0x340 [ 24.660776] krealloc_less_oob_helper+0x1ab/0x11d0 [ 24.661409] krealloc_less_oob+0x1c/0x30 [ 24.661996] kunit_try_run_case+0x1b3/0x490 [ 24.662612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.663393] kthread+0x257/0x310 [ 24.663938] ret_from_fork+0x41/0x80 [ 24.664588] ret_from_fork_asm+0x1a/0x30 [ 24.665147] [ 24.665439] The buggy address belongs to the object at ffff888100aa9a00 [ 24.665439] which belongs to the cache kmalloc-256 of size 256 [ 24.667031] The buggy address is located 17 bytes to the right of [ 24.667031] allocated 201-byte region [ffff888100aa9a00, ffff888100aa9ac9) [ 24.667837] clocksource: timekeeping watchdog on CPU0: Marking clocksource 'tsc' as unstable because the skew is too large: [ 24.668285] [ 24.668447] The buggy address belongs to the physical page: [ 24.668531] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 24.668613] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.668728] flags: 0x200000000000040(head|node=0|zone=2) [ 24.668801] page_type: f5(slab) [ 24.668876] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.668959] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.670614] clocksource: 'hpet' wd_nsec: 464547490 wd_now: 78733987 wd_last: 75ae61aa mask: ffffffff [ 24.670932] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.671004] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.671066] head: 0200000000000001 ffffea000402aa01 ffffffffffffffff 0000000000000000 [ 24.673242] clocksource: 'tsc' cs_nsec: 465236277 cs_now: 1378f8626a cs_last: 1325c7b18e mask: ffffffffffffffff [ 24.676131] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.676206] page dumped because: kasan: bad access detected [ 24.676246] [ 24.676267] Memory state around the buggy address: [ 24.676399] ffff888100aa9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.680027] clocksource: Clocksource 'tsc' skewed 688787 ns (0 ms) over watchdog 'hpet' interval of 464547490 ns (464 ms) [ 24.680313] clocksource: 'tsc' is current clocksource. [ 24.681002] ffff888100aa9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.681076] >ffff888100aa9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.681121] ^ [ 24.681192] ffff888100aa9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.681266] ffff888100aa9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.681320] ==================================================================
[ 20.031318] ================================================================== [ 20.031748] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0 [ 20.032450] Write of size 1 at addr ffff888102a1e0d0 by task kunit_try_catch/169 [ 20.033191] [ 20.033718] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.034600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.035015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.035790] Call Trace: [ 20.035967] <TASK> [ 20.036238] dump_stack_lvl+0x73/0xb0 [ 20.036991] print_report+0xd1/0x640 [ 20.038058] ? __virt_addr_valid+0x1db/0x2d0 [ 20.038417] ? kasan_addr_to_slab+0x11/0xa0 [ 20.038820] kasan_report+0x102/0x140 [ 20.039099] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 20.039422] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 20.040004] __asan_report_store1_noabort+0x1b/0x30 [ 20.040611] krealloc_less_oob_helper+0xe25/0x11d0 [ 20.041169] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.041809] ? finish_task_switch.isra.0+0x153/0x700 [ 20.042350] ? __switch_to+0x5d9/0xf60 [ 20.042908] ? __schedule+0xc3e/0x2790 [ 20.043385] ? __pfx_read_tsc+0x10/0x10 [ 20.043774] krealloc_large_less_oob+0x1c/0x30 [ 20.044322] kunit_try_run_case+0x1b3/0x490 [ 20.044786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.045281] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.045848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.046196] ? __kthread_parkme+0x82/0x160 [ 20.046509] ? preempt_count_sub+0x50/0x80 [ 20.047047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.047650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.048267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.048792] kthread+0x257/0x310 [ 20.049225] ? __pfx_kthread+0x10/0x10 [ 20.049623] ret_from_fork+0x41/0x80 [ 20.049909] ? __pfx_kthread+0x10/0x10 [ 20.050191] ret_from_fork_asm+0x1a/0x30 [ 20.050763] </TASK> [ 20.051090] [ 20.051343] The buggy address belongs to the physical page: [ 20.051947] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 20.052743] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.053308] flags: 0x200000000000040(head|node=0|zone=2) [ 20.053882] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.054292] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.054910] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.055704] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.056390] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 20.057099] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.057716] page dumped because: kasan: bad access detected [ 20.058260] [ 20.058429] Memory state around the buggy address: [ 20.058947] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.059318] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.059981] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 20.060695] ^ [ 20.061196] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.061748] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.062127] ================================================================== [ 19.775340] ================================================================== [ 19.776157] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0 [ 19.776972] Write of size 1 at addr ffff8881003976da by task kunit_try_catch/165 [ 19.778581] [ 19.778836] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.779446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.779974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.780414] Call Trace: [ 19.780724] <TASK> [ 19.781080] dump_stack_lvl+0x73/0xb0 [ 19.781523] print_report+0xd1/0x640 [ 19.781952] ? __virt_addr_valid+0x1db/0x2d0 [ 19.782379] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.783068] kasan_report+0x102/0x140 [ 19.783407] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 19.783762] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 19.784096] __asan_report_store1_noabort+0x1b/0x30 [ 19.784430] krealloc_less_oob_helper+0xec8/0x11d0 [ 19.784957] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.785703] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.786229] ? __pfx_krealloc_less_oob+0x10/0x10 [ 19.786758] krealloc_less_oob+0x1c/0x30 [ 19.787198] kunit_try_run_case+0x1b3/0x490 [ 19.787622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.788011] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.788321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.788716] ? __kthread_parkme+0x82/0x160 [ 19.789149] ? preempt_count_sub+0x50/0x80 [ 19.789634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.790134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.790782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.791311] kthread+0x257/0x310 [ 19.791602] ? __pfx_kthread+0x10/0x10 [ 19.792047] ret_from_fork+0x41/0x80 [ 19.792442] ? __pfx_kthread+0x10/0x10 [ 19.792917] ret_from_fork_asm+0x1a/0x30 [ 19.793334] </TASK> [ 19.793552] [ 19.793710] Allocated by task 165: [ 19.794018] kasan_save_stack+0x3d/0x60 [ 19.794465] kasan_save_track+0x18/0x40 [ 19.794959] kasan_save_alloc_info+0x3b/0x50 [ 19.795446] __kasan_krealloc+0x190/0x1f0 [ 19.796005] krealloc_noprof+0xf3/0x340 [ 19.796316] krealloc_less_oob_helper+0x1ab/0x11d0 [ 19.796845] krealloc_less_oob+0x1c/0x30 [ 19.797115] kunit_try_run_case+0x1b3/0x490 [ 19.797396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.797738] kthread+0x257/0x310 [ 19.797981] ret_from_fork+0x41/0x80 [ 19.798400] ret_from_fork_asm+0x1a/0x30 [ 19.798843] [ 19.799120] The buggy address belongs to the object at ffff888100397600 [ 19.799120] which belongs to the cache kmalloc-256 of size 256 [ 19.800361] The buggy address is located 17 bytes to the right of [ 19.800361] allocated 201-byte region [ffff888100397600, ffff8881003976c9) [ 19.801796] [ 19.801970] The buggy address belongs to the physical page: [ 19.802264] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396 [ 19.803049] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.803474] flags: 0x200000000000040(head|node=0|zone=2) [ 19.804030] page_type: f5(slab) [ 19.804381] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.805204] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.805635] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.806027] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.806433] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000 [ 19.807246] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.808065] page dumped because: kasan: bad access detected [ 19.808609] [ 19.808832] Memory state around the buggy address: [ 19.809284] ffff888100397580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.810061] ffff888100397600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.812766] >ffff888100397680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.813210] ^ [ 19.813563] ffff888100397700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.814200] ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.817006] ================================================================== [ 19.822398] ================================================================== [ 19.823206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0 [ 19.824369] Write of size 1 at addr ffff8881003976ea by task kunit_try_catch/165 [ 19.825123] [ 19.825427] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.826260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.826587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.827236] Call Trace: [ 19.827455] <TASK> [ 19.827721] dump_stack_lvl+0x73/0xb0 [ 19.828175] print_report+0xd1/0x640 [ 19.828628] ? __virt_addr_valid+0x1db/0x2d0 [ 19.829097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.829441] kasan_report+0x102/0x140 [ 19.829978] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 19.830507] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 19.830969] __asan_report_store1_noabort+0x1b/0x30 [ 19.831458] krealloc_less_oob_helper+0xe92/0x11d0 [ 19.831995] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.832439] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.832896] ? __pfx_krealloc_less_oob+0x10/0x10 [ 19.833442] krealloc_less_oob+0x1c/0x30 [ 19.833886] kunit_try_run_case+0x1b3/0x490 [ 19.834231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.834757] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.835224] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.835583] ? __kthread_parkme+0x82/0x160 [ 19.836058] ? preempt_count_sub+0x50/0x80 [ 19.836541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.837046] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.837477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.837848] kthread+0x257/0x310 [ 19.838125] ? __pfx_kthread+0x10/0x10 [ 19.838402] ret_from_fork+0x41/0x80 [ 19.838834] ? __pfx_kthread+0x10/0x10 [ 19.839257] ret_from_fork_asm+0x1a/0x30 [ 19.839880] </TASK> [ 19.840151] [ 19.840370] Allocated by task 165: [ 19.840749] kasan_save_stack+0x3d/0x60 [ 19.841173] kasan_save_track+0x18/0x40 [ 19.841614] kasan_save_alloc_info+0x3b/0x50 [ 19.842074] __kasan_krealloc+0x190/0x1f0 [ 19.845307] krealloc_noprof+0xf3/0x340 [ 19.845857] krealloc_less_oob_helper+0x1ab/0x11d0 [ 19.846272] krealloc_less_oob+0x1c/0x30 [ 19.846572] kunit_try_run_case+0x1b3/0x490 [ 19.847017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.848523] kthread+0x257/0x310 [ 19.849540] ret_from_fork+0x41/0x80 [ 19.850007] ret_from_fork_asm+0x1a/0x30 [ 19.850450] [ 19.851273] The buggy address belongs to the object at ffff888100397600 [ 19.851273] which belongs to the cache kmalloc-256 of size 256 [ 19.852482] The buggy address is located 33 bytes to the right of [ 19.852482] allocated 201-byte region [ffff888100397600, ffff8881003976c9) [ 19.854195] [ 19.854356] The buggy address belongs to the physical page: [ 19.854870] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396 [ 19.855560] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.856590] flags: 0x200000000000040(head|node=0|zone=2) [ 19.857163] page_type: f5(slab) [ 19.857552] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.858152] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.858677] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.859702] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.860465] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000 [ 19.861008] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.861387] page dumped because: kasan: bad access detected [ 19.861951] [ 19.862186] Memory state around the buggy address: [ 19.862532] ffff888100397580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.863059] ffff888100397600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.863639] >ffff888100397680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.864423] ^ [ 19.865089] ffff888100397700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.866374] ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.866880] ================================================================== [ 20.098941] ================================================================== [ 20.099360] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0 [ 20.100614] Write of size 1 at addr ffff888102a1e0ea by task kunit_try_catch/169 [ 20.101257] [ 20.101525] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.102289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.102563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.103428] Call Trace: [ 20.103829] <TASK> [ 20.104131] dump_stack_lvl+0x73/0xb0 [ 20.104641] print_report+0xd1/0x640 [ 20.105108] ? __virt_addr_valid+0x1db/0x2d0 [ 20.105714] ? kasan_addr_to_slab+0x11/0xa0 [ 20.106222] kasan_report+0x102/0x140 [ 20.106743] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 20.107297] ? krealloc_less_oob_helper+0xe92/0x11d0 [ 20.108019] __asan_report_store1_noabort+0x1b/0x30 [ 20.108615] krealloc_less_oob_helper+0xe92/0x11d0 [ 20.109237] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.109681] ? finish_task_switch.isra.0+0x153/0x700 [ 20.110236] ? __switch_to+0x5d9/0xf60 [ 20.110761] ? __schedule+0xc3e/0x2790 [ 20.111220] ? __pfx_read_tsc+0x10/0x10 [ 20.111754] krealloc_large_less_oob+0x1c/0x30 [ 20.112102] kunit_try_run_case+0x1b3/0x490 [ 20.112387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.112704] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.113179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.113608] ? __kthread_parkme+0x82/0x160 [ 20.114074] ? preempt_count_sub+0x50/0x80 [ 20.114448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.114884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.115390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.115992] kthread+0x257/0x310 [ 20.116298] ? __pfx_kthread+0x10/0x10 [ 20.116771] ret_from_fork+0x41/0x80 [ 20.117160] ? __pfx_kthread+0x10/0x10 [ 20.117452] ret_from_fork_asm+0x1a/0x30 [ 20.117972] </TASK> [ 20.118202] [ 20.118359] The buggy address belongs to the physical page: [ 20.118730] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 20.119283] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.119990] flags: 0x200000000000040(head|node=0|zone=2) [ 20.120547] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.121075] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.121709] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.122229] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.122842] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 20.123409] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.124121] page dumped because: kasan: bad access detected [ 20.124422] [ 20.124691] Memory state around the buggy address: [ 20.125801] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.126358] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.127067] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 20.127429] ^ [ 20.128047] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.128771] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.129401] ================================================================== [ 19.868356] ================================================================== [ 19.869103] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0 [ 19.869744] Write of size 1 at addr ffff8881003976eb by task kunit_try_catch/165 [ 19.870977] [ 19.871237] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.872739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.873159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.873738] Call Trace: [ 19.874065] <TASK> [ 19.874329] dump_stack_lvl+0x73/0xb0 [ 19.875184] print_report+0xd1/0x640 [ 19.875671] ? __virt_addr_valid+0x1db/0x2d0 [ 19.876546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.877309] kasan_report+0x102/0x140 [ 19.877944] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 19.878406] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 19.879260] __asan_report_store1_noabort+0x1b/0x30 [ 19.879837] krealloc_less_oob_helper+0xd49/0x11d0 [ 19.880284] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.880755] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.881211] ? __pfx_krealloc_less_oob+0x10/0x10 [ 19.881770] krealloc_less_oob+0x1c/0x30 [ 19.882241] kunit_try_run_case+0x1b3/0x490 [ 19.882612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.883090] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.883695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.884154] ? __kthread_parkme+0x82/0x160 [ 19.884710] ? preempt_count_sub+0x50/0x80 [ 19.885203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.885758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.886295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.886884] kthread+0x257/0x310 [ 19.887294] ? __pfx_kthread+0x10/0x10 [ 19.887854] ret_from_fork+0x41/0x80 [ 19.888201] ? __pfx_kthread+0x10/0x10 [ 19.888676] ret_from_fork_asm+0x1a/0x30 [ 19.889144] </TASK> [ 19.889463] [ 19.889753] Allocated by task 165: [ 19.890091] kasan_save_stack+0x3d/0x60 [ 19.890534] kasan_save_track+0x18/0x40 [ 19.890941] kasan_save_alloc_info+0x3b/0x50 [ 19.891450] __kasan_krealloc+0x190/0x1f0 [ 19.891941] krealloc_noprof+0xf3/0x340 [ 19.892360] krealloc_less_oob_helper+0x1ab/0x11d0 [ 19.892918] krealloc_less_oob+0x1c/0x30 [ 19.893394] kunit_try_run_case+0x1b3/0x490 [ 19.893899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.894329] kthread+0x257/0x310 [ 19.894716] ret_from_fork+0x41/0x80 [ 19.895224] ret_from_fork_asm+0x1a/0x30 [ 19.895732] [ 19.895957] The buggy address belongs to the object at ffff888100397600 [ 19.895957] which belongs to the cache kmalloc-256 of size 256 [ 19.897038] The buggy address is located 34 bytes to the right of [ 19.897038] allocated 201-byte region [ffff888100397600, ffff8881003976c9) [ 19.897992] [ 19.898251] The buggy address belongs to the physical page: [ 19.898775] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396 [ 19.899185] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.899668] flags: 0x200000000000040(head|node=0|zone=2) [ 19.900260] page_type: f5(slab) [ 19.900698] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.901400] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.902169] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.902848] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.903367] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000 [ 19.904126] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.904735] page dumped because: kasan: bad access detected [ 19.905329] [ 19.905561] Memory state around the buggy address: [ 19.905970] ffff888100397580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.906450] ffff888100397600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.906976] >ffff888100397680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.907658] ^ [ 19.908235] ffff888100397700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.908931] ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.909573] ================================================================== [ 20.063331] ================================================================== [ 20.065370] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0 [ 20.066162] Write of size 1 at addr ffff888102a1e0da by task kunit_try_catch/169 [ 20.066906] [ 20.067163] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.068111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.068558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.069189] Call Trace: [ 20.069528] <TASK> [ 20.069835] dump_stack_lvl+0x73/0xb0 [ 20.070276] print_report+0xd1/0x640 [ 20.070796] ? __virt_addr_valid+0x1db/0x2d0 [ 20.071223] ? kasan_addr_to_slab+0x11/0xa0 [ 20.071747] kasan_report+0x102/0x140 [ 20.072135] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 20.073258] ? krealloc_less_oob_helper+0xec8/0x11d0 [ 20.074282] __asan_report_store1_noabort+0x1b/0x30 [ 20.074795] krealloc_less_oob_helper+0xec8/0x11d0 [ 20.075290] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.076033] ? finish_task_switch.isra.0+0x153/0x700 [ 20.076388] ? __switch_to+0x5d9/0xf60 [ 20.076919] ? __schedule+0xc3e/0x2790 [ 20.077281] ? __pfx_read_tsc+0x10/0x10 [ 20.077644] krealloc_large_less_oob+0x1c/0x30 [ 20.077962] kunit_try_run_case+0x1b3/0x490 [ 20.078455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.079022] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.079526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.080114] ? __kthread_parkme+0x82/0x160 [ 20.080620] ? preempt_count_sub+0x50/0x80 [ 20.081123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.081670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.082171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.082809] kthread+0x257/0x310 [ 20.083106] ? __pfx_kthread+0x10/0x10 [ 20.083632] ret_from_fork+0x41/0x80 [ 20.083931] ? __pfx_kthread+0x10/0x10 [ 20.084208] ret_from_fork_asm+0x1a/0x30 [ 20.084770] </TASK> [ 20.085055] [ 20.085366] The buggy address belongs to the physical page: [ 20.085980] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 20.086627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.087082] flags: 0x200000000000040(head|node=0|zone=2) [ 20.087752] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.088231] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.088963] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.089635] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.090153] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 20.090570] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.091000] page dumped because: kasan: bad access detected [ 20.091302] [ 20.091455] Memory state around the buggy address: [ 20.092008] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.092694] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.093328] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 20.093967] ^ [ 20.096053] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.096777] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.097328] ================================================================== [ 19.684572] ================================================================== [ 19.685593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0 [ 19.686442] Write of size 1 at addr ffff8881003976c9 by task kunit_try_catch/165 [ 19.687122] [ 19.687409] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.688439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.688925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.690012] Call Trace: [ 19.690288] <TASK> [ 19.690559] dump_stack_lvl+0x73/0xb0 [ 19.690864] print_report+0xd1/0x640 [ 19.691333] ? __virt_addr_valid+0x1db/0x2d0 [ 19.691836] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.693176] kasan_report+0x102/0x140 [ 19.693644] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 19.694307] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 19.694822] __asan_report_store1_noabort+0x1b/0x30 [ 19.695756] krealloc_less_oob_helper+0xd72/0x11d0 [ 19.696270] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.696821] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.697781] ? __pfx_krealloc_less_oob+0x10/0x10 [ 19.698523] krealloc_less_oob+0x1c/0x30 [ 19.698975] kunit_try_run_case+0x1b3/0x490 [ 19.700127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.700441] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.701291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.701605] ? __kthread_parkme+0x82/0x160 [ 19.702066] ? preempt_count_sub+0x50/0x80 [ 19.702535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.702858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.704209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.704682] kthread+0x257/0x310 [ 19.705032] ? __pfx_kthread+0x10/0x10 [ 19.705419] ret_from_fork+0x41/0x80 [ 19.705723] ? __pfx_kthread+0x10/0x10 [ 19.706147] ret_from_fork_asm+0x1a/0x30 [ 19.706802] </TASK> [ 19.707267] [ 19.707644] Allocated by task 165: [ 19.708237] kasan_save_stack+0x3d/0x60 [ 19.708814] kasan_save_track+0x18/0x40 [ 19.709441] kasan_save_alloc_info+0x3b/0x50 [ 19.710266] __kasan_krealloc+0x190/0x1f0 [ 19.710844] krealloc_noprof+0xf3/0x340 [ 19.711503] krealloc_less_oob_helper+0x1ab/0x11d0 [ 19.712294] krealloc_less_oob+0x1c/0x30 [ 19.712847] kunit_try_run_case+0x1b3/0x490 [ 19.713557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.714409] kthread+0x257/0x310 [ 19.714910] ret_from_fork+0x41/0x80 [ 19.715591] ret_from_fork_asm+0x1a/0x30 [ 19.716285] [ 19.716609] The buggy address belongs to the object at ffff888100397600 [ 19.716609] which belongs to the cache kmalloc-256 of size 256 [ 19.718699] The buggy address is located 0 bytes to the right of [ 19.718699] allocated 201-byte region [ffff888100397600, ffff8881003976c9) [ 19.719929] [ 19.720430] The buggy address belongs to the physical page: [ 19.721761] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396 [ 19.722770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.723724] flags: 0x200000000000040(head|node=0|zone=2) [ 19.724059] page_type: f5(slab) [ 19.724584] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.726031] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.726864] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.727629] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.728314] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000 [ 19.729017] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.730088] page dumped because: kasan: bad access detected [ 19.730523] [ 19.730948] Memory state around the buggy address: [ 19.731406] ffff888100397580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.731973] ffff888100397600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.732564] >ffff888100397680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.733278] ^ [ 19.734329] ffff888100397700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.734773] ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.735193] ================================================================== [ 19.738837] ================================================================== [ 19.739766] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0 [ 19.740248] Write of size 1 at addr ffff8881003976d0 by task kunit_try_catch/165 [ 19.740907] [ 19.741138] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.741816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.742277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.742965] Call Trace: [ 19.743269] <TASK> [ 19.743475] dump_stack_lvl+0x73/0xb0 [ 19.743950] print_report+0xd1/0x640 [ 19.744354] ? __virt_addr_valid+0x1db/0x2d0 [ 19.744697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.745040] kasan_report+0x102/0x140 [ 19.745624] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 19.746139] ? krealloc_less_oob_helper+0xe25/0x11d0 [ 19.746689] __asan_report_store1_noabort+0x1b/0x30 [ 19.747178] krealloc_less_oob_helper+0xe25/0x11d0 [ 19.747585] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 19.748109] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.748634] ? __pfx_krealloc_less_oob+0x10/0x10 [ 19.748974] krealloc_less_oob+0x1c/0x30 [ 19.749266] kunit_try_run_case+0x1b3/0x490 [ 19.749601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.750101] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.750696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.751192] ? __kthread_parkme+0x82/0x160 [ 19.751661] ? preempt_count_sub+0x50/0x80 [ 19.752113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.752473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.753030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.753372] kthread+0x257/0x310 [ 19.753653] ? __pfx_kthread+0x10/0x10 [ 19.754082] ret_from_fork+0x41/0x80 [ 19.754476] ? __pfx_kthread+0x10/0x10 [ 19.754904] ret_from_fork_asm+0x1a/0x30 [ 19.755396] </TASK> [ 19.755643] [ 19.755863] Allocated by task 165: [ 19.756216] kasan_save_stack+0x3d/0x60 [ 19.756652] kasan_save_track+0x18/0x40 [ 19.756952] kasan_save_alloc_info+0x3b/0x50 [ 19.757382] __kasan_krealloc+0x190/0x1f0 [ 19.757901] krealloc_noprof+0xf3/0x340 [ 19.758187] krealloc_less_oob_helper+0x1ab/0x11d0 [ 19.758507] krealloc_less_oob+0x1c/0x30 [ 19.758815] kunit_try_run_case+0x1b3/0x490 [ 19.759254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.759791] kthread+0x257/0x310 [ 19.760110] ret_from_fork+0x41/0x80 [ 19.760427] ret_from_fork_asm+0x1a/0x30 [ 19.760955] [ 19.761122] The buggy address belongs to the object at ffff888100397600 [ 19.761122] which belongs to the cache kmalloc-256 of size 256 [ 19.762243] The buggy address is located 7 bytes to the right of [ 19.762243] allocated 201-byte region [ffff888100397600, ffff8881003976c9) [ 19.762832] [ 19.762997] The buggy address belongs to the physical page: [ 19.763293] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396 [ 19.763915] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.764598] flags: 0x200000000000040(head|node=0|zone=2) [ 19.765323] page_type: f5(slab) [ 19.765729] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.766416] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.767296] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.767839] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.768387] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000 [ 19.769045] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.769653] page dumped because: kasan: bad access detected [ 19.769950] [ 19.770110] Memory state around the buggy address: [ 19.770560] ffff888100397580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.771282] ffff888100397600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.772036] >ffff888100397680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 19.772509] ^ [ 19.773230] ffff888100397700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.773625] ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.773986] ================================================================== [ 20.130388] ================================================================== [ 20.131849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0 [ 20.132809] Write of size 1 at addr ffff888102a1e0eb by task kunit_try_catch/169 [ 20.133427] [ 20.133681] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.134388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.134893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.135751] Call Trace: [ 20.136096] <TASK> [ 20.136385] dump_stack_lvl+0x73/0xb0 [ 20.136828] print_report+0xd1/0x640 [ 20.137253] ? __virt_addr_valid+0x1db/0x2d0 [ 20.137713] ? kasan_addr_to_slab+0x11/0xa0 [ 20.138018] kasan_report+0x102/0x140 [ 20.138312] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 20.138915] ? krealloc_less_oob_helper+0xd49/0x11d0 [ 20.139450] __asan_report_store1_noabort+0x1b/0x30 [ 20.140014] krealloc_less_oob_helper+0xd49/0x11d0 [ 20.140617] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.141137] ? finish_task_switch.isra.0+0x153/0x700 [ 20.141707] ? __switch_to+0x5d9/0xf60 [ 20.142006] ? __schedule+0xc3e/0x2790 [ 20.142441] ? __pfx_read_tsc+0x10/0x10 [ 20.142991] krealloc_large_less_oob+0x1c/0x30 [ 20.143525] kunit_try_run_case+0x1b3/0x490 [ 20.143949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.144266] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.144669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.145245] ? __kthread_parkme+0x82/0x160 [ 20.145773] ? preempt_count_sub+0x50/0x80 [ 20.146236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.146827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.147392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.147814] kthread+0x257/0x310 [ 20.148243] ? __pfx_kthread+0x10/0x10 [ 20.148753] ret_from_fork+0x41/0x80 [ 20.149169] ? __pfx_kthread+0x10/0x10 [ 20.149697] ret_from_fork_asm+0x1a/0x30 [ 20.150187] </TASK> [ 20.150379] [ 20.150559] The buggy address belongs to the physical page: [ 20.151148] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 20.151860] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.152383] flags: 0x200000000000040(head|node=0|zone=2) [ 20.152971] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.153686] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.154091] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.154658] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.155074] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 20.156894] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.157586] page dumped because: kasan: bad access detected [ 20.158105] [ 20.158324] Memory state around the buggy address: [ 20.158892] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.159617] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.160179] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 20.160566] ^ [ 20.160980] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.161721] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.162410] ================================================================== [ 19.995842] ================================================================== [ 19.996748] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0 [ 19.997425] Write of size 1 at addr ffff888102a1e0c9 by task kunit_try_catch/169 [ 19.997952] [ 19.998406] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.999439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.999684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.000376] Call Trace: [ 20.000721] <TASK> [ 20.001012] dump_stack_lvl+0x73/0xb0 [ 20.001374] print_report+0xd1/0x640 [ 20.001867] ? __virt_addr_valid+0x1db/0x2d0 [ 20.002393] ? kasan_addr_to_slab+0x11/0xa0 [ 20.002977] kasan_report+0x102/0x140 [ 20.003323] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 20.003910] ? krealloc_less_oob_helper+0xd72/0x11d0 [ 20.004430] __asan_report_store1_noabort+0x1b/0x30 [ 20.005085] krealloc_less_oob_helper+0xd72/0x11d0 [ 20.006155] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 20.007511] ? finish_task_switch.isra.0+0x153/0x700 [ 20.008054] ? __switch_to+0x5d9/0xf60 [ 20.008405] ? __schedule+0xc3e/0x2790 [ 20.008858] ? __pfx_read_tsc+0x10/0x10 [ 20.009297] krealloc_large_less_oob+0x1c/0x30 [ 20.009862] kunit_try_run_case+0x1b3/0x490 [ 20.010249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.010781] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.011151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.011674] ? __kthread_parkme+0x82/0x160 [ 20.012023] ? preempt_count_sub+0x50/0x80 [ 20.012321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.012763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.013350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.014037] kthread+0x257/0x310 [ 20.014435] ? __pfx_kthread+0x10/0x10 [ 20.014910] ret_from_fork+0x41/0x80 [ 20.015186] ? __pfx_kthread+0x10/0x10 [ 20.015709] ret_from_fork_asm+0x1a/0x30 [ 20.016172] </TASK> [ 20.016449] [ 20.016733] The buggy address belongs to the physical page: [ 20.017371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 20.018964] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.020173] flags: 0x200000000000040(head|node=0|zone=2) [ 20.020865] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.021729] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.022329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.023217] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.023791] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 20.024651] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 20.025061] page dumped because: kasan: bad access detected [ 20.025636] [ 20.026279] Memory state around the buggy address: [ 20.026698] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.027448] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.028254] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 20.028904] ^ [ 20.029529] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.030061] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.030288] ==================================================================