Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.757739] ================================================================== [ 30.758822] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680 [ 30.759653] Write of size 1 at addr fff00000c64660eb by task kunit_try_catch/149 [ 30.760383] [ 30.761291] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.762806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.763652] Hardware name: linux,dummy-virt (DT) [ 30.764771] Call trace: [ 30.765411] show_stack+0x20/0x38 (C) [ 30.766486] dump_stack_lvl+0x8c/0xd0 [ 30.767237] print_report+0x118/0x5e0 [ 30.767872] kasan_report+0xc8/0x118 [ 30.768415] __asan_report_store1_noabort+0x20/0x30 [ 30.769452] krealloc_more_oob_helper+0x614/0x680 [ 30.770298] krealloc_large_more_oob+0x20/0x38 [ 30.770977] kunit_try_run_case+0x14c/0x3d0 [ 30.771608] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.772635] kthread+0x24c/0x2d0 [ 30.773104] ret_from_fork+0x10/0x20 [ 30.773586] [ 30.774031] The buggy address belongs to the physical page: [ 30.774834] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.776013] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.777097] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.777990] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.778886] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.779923] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.780881] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.782597] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.783406] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.784203] page dumped because: kasan: bad access detected [ 30.784920] [ 30.785283] Memory state around the buggy address: [ 30.785804] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.787123] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.787930] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.789403] ^ [ 30.790211] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.791034] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.791828] ================================================================== [ 30.794851] ================================================================== [ 30.795673] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680 [ 30.797465] Write of size 1 at addr fff00000c64660f0 by task kunit_try_catch/149 [ 30.798236] [ 30.798643] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.799694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.800360] Hardware name: linux,dummy-virt (DT) [ 30.801104] Call trace: [ 30.801803] show_stack+0x20/0x38 (C) [ 30.802529] dump_stack_lvl+0x8c/0xd0 [ 30.803290] print_report+0x118/0x5e0 [ 30.804059] kasan_report+0xc8/0x118 [ 30.804673] __asan_report_store1_noabort+0x20/0x30 [ 30.805310] krealloc_more_oob_helper+0x5c8/0x680 [ 30.806297] krealloc_large_more_oob+0x20/0x38 [ 30.807114] kunit_try_run_case+0x14c/0x3d0 [ 30.807615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.808376] kthread+0x24c/0x2d0 [ 30.809288] ret_from_fork+0x10/0x20 [ 30.809938] [ 30.810337] The buggy address belongs to the physical page: [ 30.811126] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106464 [ 30.812024] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.813061] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.813693] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.814355] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.815620] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.817219] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.818188] head: 0bfffe0000000002 ffffc1ffc3191901 ffffffffffffffff 0000000000000000 [ 30.818980] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.819923] page dumped because: kasan: bad access detected [ 30.820515] [ 30.820872] Memory state around the buggy address: [ 30.821477] fff00000c6465f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.822715] fff00000c6466000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.823341] >fff00000c6466080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.824814] ^ [ 30.825869] fff00000c6466100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.826890] fff00000c6466180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.827933] ================================================================== [ 30.469505] ================================================================== [ 30.470461] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680 [ 30.471205] Write of size 1 at addr fff00000c4481cf0 by task kunit_try_catch/145 [ 30.472132] [ 30.473323] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.474408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.475111] Hardware name: linux,dummy-virt (DT) [ 30.475759] Call trace: [ 30.476944] show_stack+0x20/0x38 (C) [ 30.477831] dump_stack_lvl+0x8c/0xd0 [ 30.478474] print_report+0x118/0x5e0 [ 30.479471] kasan_report+0xc8/0x118 [ 30.480206] __asan_report_store1_noabort+0x20/0x30 [ 30.481161] krealloc_more_oob_helper+0x5c8/0x680 [ 30.481954] krealloc_more_oob+0x20/0x38 [ 30.482699] kunit_try_run_case+0x14c/0x3d0 [ 30.483263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.484159] kthread+0x24c/0x2d0 [ 30.484802] ret_from_fork+0x10/0x20 [ 30.485426] [ 30.485753] Allocated by task 145: [ 30.486556] kasan_save_stack+0x3c/0x68 [ 30.487616] kasan_save_track+0x20/0x40 [ 30.488186] kasan_save_alloc_info+0x40/0x58 [ 30.488792] __kasan_krealloc+0x118/0x178 [ 30.489877] krealloc_noprof+0x128/0x360 [ 30.490523] krealloc_more_oob_helper+0x168/0x680 [ 30.491210] krealloc_more_oob+0x20/0x38 [ 30.491797] kunit_try_run_case+0x14c/0x3d0 [ 30.493343] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.494264] kthread+0x24c/0x2d0 [ 30.494819] ret_from_fork+0x10/0x20 [ 30.495408] [ 30.495738] The buggy address belongs to the object at fff00000c4481c00 [ 30.495738] which belongs to the cache kmalloc-256 of size 256 [ 30.497420] The buggy address is located 5 bytes to the right of [ 30.497420] allocated 235-byte region [fff00000c4481c00, fff00000c4481ceb) [ 30.498726] [ 30.499103] The buggy address belongs to the physical page: [ 30.499701] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.500521] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.502610] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.503339] page_type: f5(slab) [ 30.503881] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.505109] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.505988] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.507090] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.508143] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.509445] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.510109] page dumped because: kasan: bad access detected [ 30.510846] [ 30.511347] Memory state around the buggy address: [ 30.512092] fff00000c4481b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.513098] fff00000c4481c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.514378] >fff00000c4481c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.515140] ^ [ 30.515895] fff00000c4481d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.516921] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.517687] ================================================================== [ 30.420851] ================================================================== [ 30.422277] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680 [ 30.423221] Write of size 1 at addr fff00000c4481ceb by task kunit_try_catch/145 [ 30.424135] [ 30.424518] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.425937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.426370] Hardware name: linux,dummy-virt (DT) [ 30.427030] Call trace: [ 30.427415] show_stack+0x20/0x38 (C) [ 30.428117] dump_stack_lvl+0x8c/0xd0 [ 30.428873] print_report+0x118/0x5e0 [ 30.430080] kasan_report+0xc8/0x118 [ 30.430923] __asan_report_store1_noabort+0x20/0x30 [ 30.431629] krealloc_more_oob_helper+0x614/0x680 [ 30.432354] krealloc_more_oob+0x20/0x38 [ 30.433267] kunit_try_run_case+0x14c/0x3d0 [ 30.433968] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.434722] kthread+0x24c/0x2d0 [ 30.435376] ret_from_fork+0x10/0x20 [ 30.435935] [ 30.436297] Allocated by task 145: [ 30.436839] kasan_save_stack+0x3c/0x68 [ 30.437484] kasan_save_track+0x20/0x40 [ 30.438114] kasan_save_alloc_info+0x40/0x58 [ 30.438660] __kasan_krealloc+0x118/0x178 [ 30.439132] krealloc_noprof+0x128/0x360 [ 30.439780] krealloc_more_oob_helper+0x168/0x680 [ 30.440502] krealloc_more_oob+0x20/0x38 [ 30.441745] kunit_try_run_case+0x14c/0x3d0 [ 30.442356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.443208] kthread+0x24c/0x2d0 [ 30.443766] ret_from_fork+0x10/0x20 [ 30.444745] [ 30.445073] The buggy address belongs to the object at fff00000c4481c00 [ 30.445073] which belongs to the cache kmalloc-256 of size 256 [ 30.445991] The buggy address is located 0 bytes to the right of [ 30.445991] allocated 235-byte region [fff00000c4481c00, fff00000c4481ceb) [ 30.447560] [ 30.447993] The buggy address belongs to the physical page: [ 30.448823] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480 [ 30.450034] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.451104] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.452109] page_type: f5(slab) [ 30.453030] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.453994] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.454837] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.455988] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.457455] head: 0bfffe0000000001 ffffc1ffc3112001 ffffffffffffffff 0000000000000000 [ 30.458526] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.459555] page dumped because: kasan: bad access detected [ 30.460508] [ 30.460788] Memory state around the buggy address: [ 30.461272] fff00000c4481b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.462681] fff00000c4481c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.463657] >fff00000c4481c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.464819] ^ [ 30.465700] fff00000c4481d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.466499] fff00000c4481d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.467220] ==================================================================
[ 30.732905] ================================================================== [ 30.734511] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680 [ 30.735362] Write of size 1 at addr fff00000c65720eb by task kunit_try_catch/149 [ 30.736199] [ 30.736673] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.738140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.739000] Hardware name: linux,dummy-virt (DT) [ 30.739636] Call trace: [ 30.740137] show_stack+0x20/0x38 (C) [ 30.740776] dump_stack_lvl+0x8c/0xd0 [ 30.741452] print_report+0x118/0x5e0 [ 30.742467] kasan_report+0xc8/0x118 [ 30.743145] __asan_report_store1_noabort+0x20/0x30 [ 30.743912] krealloc_more_oob_helper+0x614/0x680 [ 30.744606] krealloc_large_more_oob+0x20/0x38 [ 30.745296] kunit_try_run_case+0x14c/0x3d0 [ 30.746319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.747117] kthread+0x24c/0x2d0 [ 30.747664] ret_from_fork+0x10/0x20 [ 30.748229] [ 30.749216] The buggy address belongs to the physical page: [ 30.749970] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106570 [ 30.751157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.752135] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.753143] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.753565] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.754411] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.756012] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.757075] head: 0bfffe0000000002 ffffc1ffc3195c01 ffffffffffffffff 0000000000000000 [ 30.758054] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.759040] page dumped because: kasan: bad access detected [ 30.759843] [ 30.760185] Memory state around the buggy address: [ 30.760862] fff00000c6571f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.761801] fff00000c6572000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.762630] >fff00000c6572080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.763363] ^ [ 30.764130] fff00000c6572100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.765077] fff00000c6572180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.765792] ================================================================== [ 30.767693] ================================================================== [ 30.769369] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680 [ 30.771140] Write of size 1 at addr fff00000c65720f0 by task kunit_try_catch/149 [ 30.772493] [ 30.772864] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.773918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.774542] Hardware name: linux,dummy-virt (DT) [ 30.775151] Call trace: [ 30.775515] show_stack+0x20/0x38 (C) [ 30.776162] dump_stack_lvl+0x8c/0xd0 [ 30.776763] print_report+0x118/0x5e0 [ 30.777400] kasan_report+0xc8/0x118 [ 30.778036] __asan_report_store1_noabort+0x20/0x30 [ 30.778779] krealloc_more_oob_helper+0x5c8/0x680 [ 30.779334] krealloc_large_more_oob+0x20/0x38 [ 30.780047] kunit_try_run_case+0x14c/0x3d0 [ 30.780722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.781546] kthread+0x24c/0x2d0 [ 30.782129] ret_from_fork+0x10/0x20 [ 30.782695] [ 30.783065] The buggy address belongs to the physical page: [ 30.783731] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106570 [ 30.784719] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.785552] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.786424] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.787172] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.788201] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.789015] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.789956] head: 0bfffe0000000002 ffffc1ffc3195c01 ffffffffffffffff 0000000000000000 [ 30.790873] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 30.791729] page dumped because: kasan: bad access detected [ 30.792471] [ 30.792982] Memory state around the buggy address: [ 30.793668] fff00000c6571f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.794669] fff00000c6572000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.795459] >fff00000c6572080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.796300] ^ [ 30.797093] fff00000c6572100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.797993] fff00000c6572180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.798849] ================================================================== [ 30.368770] ================================================================== [ 30.370156] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680 [ 30.372059] Write of size 1 at addr fff00000c47dfaeb by task kunit_try_catch/145 [ 30.372773] [ 30.373218] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.375129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.375702] Hardware name: linux,dummy-virt (DT) [ 30.376283] Call trace: [ 30.376795] show_stack+0x20/0x38 (C) [ 30.377434] dump_stack_lvl+0x8c/0xd0 [ 30.378353] print_report+0x118/0x5e0 [ 30.378955] kasan_report+0xc8/0x118 [ 30.379460] __asan_report_store1_noabort+0x20/0x30 [ 30.380101] krealloc_more_oob_helper+0x614/0x680 [ 30.380880] krealloc_more_oob+0x20/0x38 [ 30.381588] kunit_try_run_case+0x14c/0x3d0 [ 30.382541] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.383240] kthread+0x24c/0x2d0 [ 30.383900] ret_from_fork+0x10/0x20 [ 30.384599] [ 30.384909] Allocated by task 145: [ 30.385511] kasan_save_stack+0x3c/0x68 [ 30.386800] kasan_save_track+0x20/0x40 [ 30.387453] kasan_save_alloc_info+0x40/0x58 [ 30.388550] __kasan_krealloc+0x118/0x178 [ 30.389178] krealloc_noprof+0x128/0x360 [ 30.389861] krealloc_more_oob_helper+0x168/0x680 [ 30.390778] krealloc_more_oob+0x20/0x38 [ 30.391393] kunit_try_run_case+0x14c/0x3d0 [ 30.392011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.392714] kthread+0x24c/0x2d0 [ 30.393323] ret_from_fork+0x10/0x20 [ 30.394101] [ 30.394558] The buggy address belongs to the object at fff00000c47dfa00 [ 30.394558] which belongs to the cache kmalloc-256 of size 256 [ 30.395761] The buggy address is located 0 bytes to the right of [ 30.395761] allocated 235-byte region [fff00000c47dfa00, fff00000c47dfaeb) [ 30.398221] [ 30.398698] The buggy address belongs to the physical page: [ 30.399408] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.400462] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.401748] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.402856] page_type: f5(slab) [ 30.403558] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.404581] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.405463] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.406600] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.407492] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.408407] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.409330] page dumped because: kasan: bad access detected [ 30.410264] [ 30.410638] Memory state around the buggy address: [ 30.411120] fff00000c47df980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.411941] fff00000c47dfa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.412708] >fff00000c47dfa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.413493] ^ [ 30.414275] fff00000c47dfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.415595] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.416664] ================================================================== [ 30.419087] ================================================================== [ 30.419996] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680 [ 30.420843] Write of size 1 at addr fff00000c47dfaf0 by task kunit_try_catch/145 [ 30.422818] [ 30.423213] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 30.424387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.424948] Hardware name: linux,dummy-virt (DT) [ 30.425553] Call trace: [ 30.426076] show_stack+0x20/0x38 (C) [ 30.427055] dump_stack_lvl+0x8c/0xd0 [ 30.427963] print_report+0x118/0x5e0 [ 30.428671] kasan_report+0xc8/0x118 [ 30.429361] __asan_report_store1_noabort+0x20/0x30 [ 30.430165] krealloc_more_oob_helper+0x5c8/0x680 [ 30.431302] krealloc_more_oob+0x20/0x38 [ 30.431945] kunit_try_run_case+0x14c/0x3d0 [ 30.432460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.433274] kthread+0x24c/0x2d0 [ 30.433973] ret_from_fork+0x10/0x20 [ 30.434633] [ 30.435006] Allocated by task 145: [ 30.436449] kasan_save_stack+0x3c/0x68 [ 30.437148] kasan_save_track+0x20/0x40 [ 30.437922] kasan_save_alloc_info+0x40/0x58 [ 30.438738] __kasan_krealloc+0x118/0x178 [ 30.439361] krealloc_noprof+0x128/0x360 [ 30.439865] krealloc_more_oob_helper+0x168/0x680 [ 30.440596] krealloc_more_oob+0x20/0x38 [ 30.441199] kunit_try_run_case+0x14c/0x3d0 [ 30.442468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.443468] kthread+0x24c/0x2d0 [ 30.444097] ret_from_fork+0x10/0x20 [ 30.444655] [ 30.444982] The buggy address belongs to the object at fff00000c47dfa00 [ 30.444982] which belongs to the cache kmalloc-256 of size 256 [ 30.446799] The buggy address is located 5 bytes to the right of [ 30.446799] allocated 235-byte region [fff00000c47dfa00, fff00000c47dfaeb) [ 30.448084] [ 30.448461] The buggy address belongs to the physical page: [ 30.449578] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047de [ 30.451176] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.452275] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.453149] page_type: f5(slab) [ 30.454083] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.455159] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.456072] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.456940] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.457976] head: 0bfffe0000000001 ffffc1ffc311f781 ffffffffffffffff 0000000000000000 [ 30.458930] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 30.459778] page dumped because: kasan: bad access detected [ 30.460491] [ 30.461657] Memory state around the buggy address: [ 30.462155] fff00000c47df980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.463286] fff00000c47dfa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.464144] >fff00000c47dfa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.465298] ^ [ 30.466513] fff00000c47dfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.467363] fff00000c47dfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.468139] ==================================================================
[ 24.827215] ================================================================== [ 24.827215] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930 [ 24.827856] clocksource: Checking clocksource tsc synchronization from CPU 0 to CPUs 1. [ 24.827215] Write of size 1 at addr ffff888102b120eb by task kunit_try_catch/169 [ 24.827215] [ 24.827215] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.827215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.827215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.827215] Call Trace: [ 24.827215] <TASK> [ 24.827215] dump_stack_lvl+0x73/0xb0 [ 24.827215] print_report+0xd1/0x640 [ 24.827215] ? __virt_addr_valid+0x1db/0x2d0 [ 24.827215] ? kasan_addr_to_slab+0x11/0xa0 [ 24.827215] kasan_report+0x102/0x140 [ 24.827215] ? krealloc_more_oob_helper+0x823/0x930 [ 24.827215] ? krealloc_more_oob_helper+0x823/0x930 [ 24.827215] __asan_report_store1_noabort+0x1b/0x30 [ 24.827215] krealloc_more_oob_helper+0x823/0x930 [ 24.827215] ? __schedule+0xc3e/0x2790 [ 24.827215] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.827215] ? finish_task_switch.isra.0+0x153/0x700 [ 24.827215] ? __switch_to+0x5d9/0xf60 [ 24.827215] ? __schedule+0xc3e/0x2790 [ 24.827215] ? __pfx_read_tsc+0x10/0x10 [ 24.827215] krealloc_large_more_oob+0x1c/0x30 [ 24.827215] kunit_try_run_case+0x1b3/0x490 [ 24.827215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.827215] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.827215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.827215] ? __kthread_parkme+0x82/0x160 [ 24.827215] ? preempt_count_sub+0x50/0x80 [ 24.827215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.827215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.827215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.827215] kthread+0x257/0x310 [ 24.827215] ? __pfx_kthread+0x10/0x10 [ 24.827215] ret_from_fork+0x41/0x80 [ 24.827215] ? __pfx_kthread+0x10/0x10 [ 24.827215] ret_from_fork_asm+0x1a/0x30 [ 24.827215] </TASK> [ 24.827215] [ 24.827215] The buggy address belongs to the physical page: [ 24.827215] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 24.827215] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.827215] flags: 0x200000000000040(head|node=0|zone=2) [ 24.827215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.827215] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.827215] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.827215] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.827215] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 24.827215] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 24.827215] page dumped because: kasan: bad access detected [ 24.827215] [ 24.827215] Memory state around the buggy address: [ 24.827215] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.827215] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.827215] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.827215] ^ [ 24.827215] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.827215] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.827215] ================================================================== [ 24.451305] ================================================================== [ 24.451869] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930 [ 24.452777] Write of size 1 at addr ffff88810038e6f0 by task kunit_try_catch/163 [ 24.454463] [ 24.454646] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.455405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.456480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.457141] Call Trace: [ 24.458050] <TASK> [ 24.458298] dump_stack_lvl+0x73/0xb0 [ 24.459206] print_report+0xd1/0x640 [ 24.459574] ? __virt_addr_valid+0x1db/0x2d0 [ 24.460594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.461395] kasan_report+0x102/0x140 [ 24.461794] ? krealloc_more_oob_helper+0x7ed/0x930 [ 24.462823] ? krealloc_more_oob_helper+0x7ed/0x930 [ 24.463627] __asan_report_store1_noabort+0x1b/0x30 [ 24.464762] krealloc_more_oob_helper+0x7ed/0x930 [ 24.465171] ? __schedule+0xc3e/0x2790 [ 24.465722] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.466086] ? finish_task_switch.isra.0+0x153/0x700 [ 24.466739] ? __switch_to+0x5d9/0xf60 [ 24.467170] ? __schedule+0xc3e/0x2790 [ 24.467478] ? __pfx_read_tsc+0x10/0x10 [ 24.467951] krealloc_more_oob+0x1c/0x30 [ 24.468328] kunit_try_run_case+0x1b3/0x490 [ 24.468634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469933] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.470418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.471240] ? __kthread_parkme+0x82/0x160 [ 24.471593] ? preempt_count_sub+0x50/0x80 [ 24.471981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.472539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.473175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.473624] kthread+0x257/0x310 [ 24.473916] ? __pfx_kthread+0x10/0x10 [ 24.474328] ret_from_fork+0x41/0x80 [ 24.474642] ? __pfx_kthread+0x10/0x10 [ 24.475763] ret_from_fork_asm+0x1a/0x30 [ 24.476144] </TASK> [ 24.476388] [ 24.476636] Allocated by task 163: [ 24.477277] kasan_save_stack+0x3d/0x60 [ 24.477614] kasan_save_track+0x18/0x40 [ 24.478070] kasan_save_alloc_info+0x3b/0x50 [ 24.478538] __kasan_krealloc+0x190/0x1f0 [ 24.479514] krealloc_noprof+0xf3/0x340 [ 24.479943] krealloc_more_oob_helper+0x1aa/0x930 [ 24.480628] krealloc_more_oob+0x1c/0x30 [ 24.481143] kunit_try_run_case+0x1b3/0x490 [ 24.481656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.482149] kthread+0x257/0x310 [ 24.482404] ret_from_fork+0x41/0x80 [ 24.482664] ret_from_fork_asm+0x1a/0x30 [ 24.482956] [ 24.483807] The buggy address belongs to the object at ffff88810038e600 [ 24.483807] which belongs to the cache kmalloc-256 of size 256 [ 24.485724] The buggy address is located 5 bytes to the right of [ 24.485724] allocated 235-byte region [ffff88810038e600, ffff88810038e6eb) [ 24.487408] [ 24.487642] The buggy address belongs to the physical page: [ 24.488056] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038e [ 24.489162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.489545] flags: 0x200000000000040(head|node=0|zone=2) [ 24.490789] page_type: f5(slab) [ 24.491189] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.492418] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.493488] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.494407] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.495480] head: 0200000000000001 ffffea000400e381 ffffffffffffffff 0000000000000000 [ 24.497006] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.498024] page dumped because: kasan: bad access detected [ 24.498978] [ 24.499221] Memory state around the buggy address: [ 24.499527] ffff88810038e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.500162] ffff88810038e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.500572] >ffff88810038e680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.502454] ^ [ 24.503114] ffff88810038e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.504009] ffff88810038e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.505073] ================================================================== [ 24.394034] ================================================================== [ 24.394803] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930 [ 24.395464] Write of size 1 at addr ffff88810038e6eb by task kunit_try_catch/163 [ 24.395994] [ 24.396163] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.397098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.397725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.398845] Call Trace: [ 24.399379] <TASK> [ 24.399713] dump_stack_lvl+0x73/0xb0 [ 24.400487] print_report+0xd1/0x640 [ 24.401450] ? __virt_addr_valid+0x1db/0x2d0 [ 24.402123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.402835] kasan_report+0x102/0x140 [ 24.403649] ? krealloc_more_oob_helper+0x823/0x930 [ 24.404551] ? krealloc_more_oob_helper+0x823/0x930 [ 24.405297] __asan_report_store1_noabort+0x1b/0x30 [ 24.405871] krealloc_more_oob_helper+0x823/0x930 [ 24.406367] ? __schedule+0xc3e/0x2790 [ 24.406970] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.407517] ? finish_task_switch.isra.0+0x153/0x700 [ 24.408613] ? __switch_to+0x5d9/0xf60 [ 24.409368] ? __schedule+0xc3e/0x2790 [ 24.409791] ? __pfx_read_tsc+0x10/0x10 [ 24.410240] krealloc_more_oob+0x1c/0x30 [ 24.410598] kunit_try_run_case+0x1b3/0x490 [ 24.411641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.411975] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.412997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.413478] ? __kthread_parkme+0x82/0x160 [ 24.414437] ? preempt_count_sub+0x50/0x80 [ 24.414824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.415317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.416642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.417042] kthread+0x257/0x310 [ 24.418142] ? __pfx_kthread+0x10/0x10 [ 24.418470] ret_from_fork+0x41/0x80 [ 24.418757] ? __pfx_kthread+0x10/0x10 [ 24.419017] ret_from_fork_asm+0x1a/0x30 [ 24.419487] </TASK> [ 24.420302] [ 24.420571] Allocated by task 163: [ 24.421198] kasan_save_stack+0x3d/0x60 [ 24.421492] kasan_save_track+0x18/0x40 [ 24.421775] kasan_save_alloc_info+0x3b/0x50 [ 24.422920] __kasan_krealloc+0x190/0x1f0 [ 24.423474] krealloc_noprof+0xf3/0x340 [ 24.424367] krealloc_more_oob_helper+0x1aa/0x930 [ 24.424602] krealloc_more_oob+0x1c/0x30 [ 24.424855] kunit_try_run_case+0x1b3/0x490 [ 24.426162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.427076] kthread+0x257/0x310 [ 24.427324] ret_from_fork+0x41/0x80 [ 24.428310] ret_from_fork_asm+0x1a/0x30 [ 24.428714] [ 24.428871] The buggy address belongs to the object at ffff88810038e600 [ 24.428871] which belongs to the cache kmalloc-256 of size 256 [ 24.430459] The buggy address is located 0 bytes to the right of [ 24.430459] allocated 235-byte region [ffff88810038e600, ffff88810038e6eb) [ 24.431238] [ 24.431462] The buggy address belongs to the physical page: [ 24.432852] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038e [ 24.433534] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.434396] flags: 0x200000000000040(head|node=0|zone=2) [ 24.434857] page_type: f5(slab) [ 24.435506] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.436688] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.437280] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.438407] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 24.438770] head: 0200000000000001 ffffea000400e381 ffffffffffffffff 0000000000000000 [ 24.439383] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 24.440981] page dumped because: kasan: bad access detected [ 24.441575] [ 24.442001] Memory state around the buggy address: [ 24.442985] ffff88810038e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.443498] ffff88810038e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.444479] >ffff88810038e680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.446200] ^ [ 24.446667] ffff88810038e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.447325] ffff88810038e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.448580] ================================================================== [ 24.877040] ================================================================== [ 24.877282] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930 [ 24.877282] Write of size 1 at addr ffff888102b120f0 by task kunit_try_catch/169 [ 24.877282] [ 24.877282] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 24.880279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.880279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.880279] Call Trace: [ 24.880279] <TASK> [ 24.880279] dump_stack_lvl+0x73/0xb0 [ 24.880279] print_report+0xd1/0x640 [ 24.880279] ? __virt_addr_valid+0x1db/0x2d0 [ 24.880279] ? kasan_addr_to_slab+0x11/0xa0 [ 24.880279] kasan_report+0x102/0x140 [ 24.880279] ? krealloc_more_oob_helper+0x7ed/0x930 [ 24.880279] ? krealloc_more_oob_helper+0x7ed/0x930 [ 24.880279] __asan_report_store1_noabort+0x1b/0x30 [ 24.880279] krealloc_more_oob_helper+0x7ed/0x930 [ 24.880279] ? __schedule+0xc3e/0x2790 [ 24.880279] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.880279] ? finish_task_switch.isra.0+0x153/0x700 [ 24.880279] ? __switch_to+0x5d9/0xf60 [ 24.880279] ? __schedule+0xc3e/0x2790 [ 24.880279] ? __pfx_read_tsc+0x10/0x10 [ 24.880279] krealloc_large_more_oob+0x1c/0x30 [ 24.880279] kunit_try_run_case+0x1b3/0x490 [ 24.880279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.880279] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.880279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.880279] ? __kthread_parkme+0x82/0x160 [ 24.880279] ? preempt_count_sub+0x50/0x80 [ 24.880279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.880279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.880279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.880279] kthread+0x257/0x310 [ 24.880279] ? __pfx_kthread+0x10/0x10 [ 24.880279] ret_from_fork+0x41/0x80 [ 24.880279] ? __pfx_kthread+0x10/0x10 [ 24.880279] ret_from_fork_asm+0x1a/0x30 [ 24.880279] </TASK> [ 24.880279] [ 24.880279] The buggy address belongs to the physical page: [ 24.880279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10 [ 24.880279] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.880279] flags: 0x200000000000040(head|node=0|zone=2) [ 24.880279] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.880279] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.880279] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.880279] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.880279] head: 0200000000000002 ffffea00040ac401 ffffffffffffffff 0000000000000000 [ 24.880279] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 24.880279] page dumped because: kasan: bad access detected [ 24.880279] [ 24.880279] Memory state around the buggy address: [ 24.880279] ffff888102b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.880279] ffff888102b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.880279] >ffff888102b12080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.880279] ^ [ 24.880279] ffff888102b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.880279] ffff888102b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.880279] ==================================================================
[ 19.633342] ================================================================== [ 19.634085] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930 [ 19.634717] Write of size 1 at addr ffff888100a22ef0 by task kunit_try_catch/163 [ 19.635450] [ 19.635777] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.636354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.636855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.637553] Call Trace: [ 19.637912] <TASK> [ 19.638251] dump_stack_lvl+0x73/0xb0 [ 19.639744] print_report+0xd1/0x640 [ 19.640031] ? __virt_addr_valid+0x1db/0x2d0 [ 19.640433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.641080] kasan_report+0x102/0x140 [ 19.641522] ? krealloc_more_oob_helper+0x7ed/0x930 [ 19.642120] ? krealloc_more_oob_helper+0x7ed/0x930 [ 19.642671] __asan_report_store1_noabort+0x1b/0x30 [ 19.643189] krealloc_more_oob_helper+0x7ed/0x930 [ 19.643697] ? __schedule+0xc3e/0x2790 [ 19.644169] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 19.644653] ? finish_task_switch.isra.0+0x153/0x700 [ 19.645097] ? __switch_to+0x5d9/0xf60 [ 19.645548] ? __schedule+0xc3e/0x2790 [ 19.646064] ? __pfx_read_tsc+0x10/0x10 [ 19.646477] krealloc_more_oob+0x1c/0x30 [ 19.646981] kunit_try_run_case+0x1b3/0x490 [ 19.647408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.647799] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.648112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.648690] ? __kthread_parkme+0x82/0x160 [ 19.649170] ? preempt_count_sub+0x50/0x80 [ 19.649679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.650178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.650822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.651409] kthread+0x257/0x310 [ 19.651887] ? __pfx_kthread+0x10/0x10 [ 19.652350] ret_from_fork+0x41/0x80 [ 19.653066] ? __pfx_kthread+0x10/0x10 [ 19.654271] ret_from_fork_asm+0x1a/0x30 [ 19.654998] </TASK> [ 19.655334] [ 19.656081] Allocated by task 163: [ 19.656780] kasan_save_stack+0x3d/0x60 [ 19.657123] kasan_save_track+0x18/0x40 [ 19.657516] kasan_save_alloc_info+0x3b/0x50 [ 19.657846] __kasan_krealloc+0x190/0x1f0 [ 19.658136] krealloc_noprof+0xf3/0x340 [ 19.658445] krealloc_more_oob_helper+0x1aa/0x930 [ 19.659007] krealloc_more_oob+0x1c/0x30 [ 19.659432] kunit_try_run_case+0x1b3/0x490 [ 19.659935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.660313] kthread+0x257/0x310 [ 19.660621] ret_from_fork+0x41/0x80 [ 19.661027] ret_from_fork_asm+0x1a/0x30 [ 19.661432] [ 19.661713] The buggy address belongs to the object at ffff888100a22e00 [ 19.661713] which belongs to the cache kmalloc-256 of size 256 [ 19.662739] The buggy address is located 5 bytes to the right of [ 19.662739] allocated 235-byte region [ffff888100a22e00, ffff888100a22eeb) [ 19.663545] [ 19.663817] The buggy address belongs to the physical page: [ 19.664280] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 19.664940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.665564] flags: 0x200000000000040(head|node=0|zone=2) [ 19.666140] page_type: f5(slab) [ 19.666432] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.667078] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.667742] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.668201] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.668715] head: 0200000000000001 ffffea0004028881 ffffffffffffffff 0000000000000000 [ 19.669386] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.670089] page dumped because: kasan: bad access detected [ 19.670450] [ 19.670673] Memory state around the buggy address: [ 19.671121] ffff888100a22d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.671812] ffff888100a22e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.672280] >ffff888100a22e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 19.672975] ^ [ 19.673344] ffff888100a22f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.673986] ffff888100a22f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.674546] ================================================================== [ 19.590635] ================================================================== [ 19.591541] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930 [ 19.592184] Write of size 1 at addr ffff888100a22eeb by task kunit_try_catch/163 [ 19.592728] [ 19.592924] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.593956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.594413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.595120] Call Trace: [ 19.595609] <TASK> [ 19.595944] dump_stack_lvl+0x73/0xb0 [ 19.596470] print_report+0xd1/0x640 [ 19.596987] ? __virt_addr_valid+0x1db/0x2d0 [ 19.597181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.597370] kasan_report+0x102/0x140 [ 19.597571] ? krealloc_more_oob_helper+0x823/0x930 [ 19.598173] ? krealloc_more_oob_helper+0x823/0x930 [ 19.598634] __asan_report_store1_noabort+0x1b/0x30 [ 19.599202] krealloc_more_oob_helper+0x823/0x930 [ 19.599648] ? __schedule+0xc3e/0x2790 [ 19.600118] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 19.600754] ? finish_task_switch.isra.0+0x153/0x700 [ 19.601088] ? __switch_to+0x5d9/0xf60 [ 19.601383] ? __schedule+0xc3e/0x2790 [ 19.601909] ? __pfx_read_tsc+0x10/0x10 [ 19.602365] krealloc_more_oob+0x1c/0x30 [ 19.602877] kunit_try_run_case+0x1b3/0x490 [ 19.603391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.603934] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.604370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.604947] ? __kthread_parkme+0x82/0x160 [ 19.605481] ? preempt_count_sub+0x50/0x80 [ 19.605835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.606168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.606765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.607302] kthread+0x257/0x310 [ 19.607802] ? __pfx_kthread+0x10/0x10 [ 19.608230] ret_from_fork+0x41/0x80 [ 19.608685] ? __pfx_kthread+0x10/0x10 [ 19.608967] ret_from_fork_asm+0x1a/0x30 [ 19.609317] </TASK> [ 19.609656] [ 19.609893] Allocated by task 163: [ 19.610300] kasan_save_stack+0x3d/0x60 [ 19.610791] kasan_save_track+0x18/0x40 [ 19.611249] kasan_save_alloc_info+0x3b/0x50 [ 19.611804] __kasan_krealloc+0x190/0x1f0 [ 19.612187] krealloc_noprof+0xf3/0x340 [ 19.612455] krealloc_more_oob_helper+0x1aa/0x930 [ 19.612823] krealloc_more_oob+0x1c/0x30 [ 19.613325] kunit_try_run_case+0x1b3/0x490 [ 19.613857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.614399] kthread+0x257/0x310 [ 19.614858] ret_from_fork+0x41/0x80 [ 19.615260] ret_from_fork_asm+0x1a/0x30 [ 19.615758] [ 19.615922] The buggy address belongs to the object at ffff888100a22e00 [ 19.615922] which belongs to the cache kmalloc-256 of size 256 [ 19.616812] The buggy address is located 0 bytes to the right of [ 19.616812] allocated 235-byte region [ffff888100a22e00, ffff888100a22eeb) [ 19.617925] [ 19.618134] The buggy address belongs to the physical page: [ 19.618432] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 19.618918] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.619300] flags: 0x200000000000040(head|node=0|zone=2) [ 19.619909] page_type: f5(slab) [ 19.620280] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.621005] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.621760] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 19.622452] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 19.624367] head: 0200000000000001 ffffea0004028881 ffffffffffffffff 0000000000000000 [ 19.625087] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 19.625889] page dumped because: kasan: bad access detected [ 19.626968] [ 19.627191] Memory state around the buggy address: [ 19.627716] ffff888100a22d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.628296] ffff888100a22e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.628913] >ffff888100a22e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 19.629518] ^ [ 19.629960] ffff888100a22f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.630686] ffff888100a22f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.631145] ================================================================== [ 19.920320] ================================================================== [ 19.921128] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930 [ 19.922063] Write of size 1 at addr ffff888102a1e0eb by task kunit_try_catch/167 [ 19.922586] [ 19.922907] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.923922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.924336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.925386] Call Trace: [ 19.925747] <TASK> [ 19.926154] dump_stack_lvl+0x73/0xb0 [ 19.926663] print_report+0xd1/0x640 [ 19.927197] ? __virt_addr_valid+0x1db/0x2d0 [ 19.927782] ? kasan_addr_to_slab+0x11/0xa0 [ 19.928453] kasan_report+0x102/0x140 [ 19.928973] ? krealloc_more_oob_helper+0x823/0x930 [ 19.929612] ? krealloc_more_oob_helper+0x823/0x930 [ 19.930232] __asan_report_store1_noabort+0x1b/0x30 [ 19.930962] krealloc_more_oob_helper+0x823/0x930 [ 19.931587] ? __schedule+0xc3e/0x2790 [ 19.932092] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 19.933041] ? finish_task_switch.isra.0+0x153/0x700 [ 19.933859] ? __switch_to+0x5d9/0xf60 [ 19.934295] ? __schedule+0xc3e/0x2790 [ 19.934672] ? __pfx_read_tsc+0x10/0x10 [ 19.935394] krealloc_large_more_oob+0x1c/0x30 [ 19.935857] kunit_try_run_case+0x1b3/0x490 [ 19.936412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.936849] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.937537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.938144] ? __kthread_parkme+0x82/0x160 [ 19.938570] ? preempt_count_sub+0x50/0x80 [ 19.939117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.939703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.940330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.940982] kthread+0x257/0x310 [ 19.941321] ? __pfx_kthread+0x10/0x10 [ 19.941670] ret_from_fork+0x41/0x80 [ 19.942099] ? __pfx_kthread+0x10/0x10 [ 19.942404] ret_from_fork_asm+0x1a/0x30 [ 19.942945] </TASK> [ 19.943154] [ 19.943315] The buggy address belongs to the physical page: [ 19.943819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 19.944594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.945343] flags: 0x200000000000040(head|node=0|zone=2) [ 19.946005] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.946779] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.947264] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.947835] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.948370] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 19.948985] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 19.949558] page dumped because: kasan: bad access detected [ 19.950052] [ 19.950266] Memory state around the buggy address: [ 19.950612] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.951058] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.951736] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 19.952135] ^ [ 19.952762] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.953379] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.953932] ================================================================== [ 19.955328] ================================================================== [ 19.955897] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930 [ 19.957215] Write of size 1 at addr ffff888102a1e0f0 by task kunit_try_catch/167 [ 19.958152] [ 19.958363] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.958949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.959347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.960158] Call Trace: [ 19.960370] <TASK> [ 19.960645] dump_stack_lvl+0x73/0xb0 [ 19.961080] print_report+0xd1/0x640 [ 19.961512] ? __virt_addr_valid+0x1db/0x2d0 [ 19.962025] ? kasan_addr_to_slab+0x11/0xa0 [ 19.962420] kasan_report+0x102/0x140 [ 19.962776] ? krealloc_more_oob_helper+0x7ed/0x930 [ 19.963294] ? krealloc_more_oob_helper+0x7ed/0x930 [ 19.963805] __asan_report_store1_noabort+0x1b/0x30 [ 19.964310] krealloc_more_oob_helper+0x7ed/0x930 [ 19.964753] ? __schedule+0xc3e/0x2790 [ 19.965041] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 19.965382] ? finish_task_switch.isra.0+0x153/0x700 [ 19.966787] ? __switch_to+0x5d9/0xf60 [ 19.967217] ? __schedule+0xc3e/0x2790 [ 19.967649] ? __pfx_read_tsc+0x10/0x10 [ 19.968072] krealloc_large_more_oob+0x1c/0x30 [ 19.968644] kunit_try_run_case+0x1b3/0x490 [ 19.969117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.969644] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.970147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.970645] ? __kthread_parkme+0x82/0x160 [ 19.970987] ? preempt_count_sub+0x50/0x80 [ 19.971282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.971719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.972296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.972890] kthread+0x257/0x310 [ 19.973287] ? __pfx_kthread+0x10/0x10 [ 19.973729] ret_from_fork+0x41/0x80 [ 19.974073] ? __pfx_kthread+0x10/0x10 [ 19.974352] ret_from_fork_asm+0x1a/0x30 [ 19.974822] </TASK> [ 19.975109] [ 19.975328] The buggy address belongs to the physical page: [ 19.975889] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1c [ 19.976537] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.976962] flags: 0x200000000000040(head|node=0|zone=2) [ 19.977304] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.977970] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.978713] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.979387] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.980105] head: 0200000000000002 ffffea00040a8701 ffffffffffffffff 0000000000000000 [ 19.980752] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 19.981134] page dumped because: kasan: bad access detected [ 19.981431] [ 19.981643] Memory state around the buggy address: [ 19.982054] ffff888102a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.982727] ffff888102a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.983352] >ffff888102a1e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 19.984039] ^ [ 19.984702] ffff888102a1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.985311] ffff888102a1e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.985973] ==================================================================