lkft/linux-next-master - next-20241128 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Nov. 28, 2024, 2:36 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.267985] ==================================================================
[   30.268828] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.269652] Write of size 1 at addr fff00000c64e60ea by task kunit_try_catch/150
[   30.270398] 
[   30.270751] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.272266] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.272817] Hardware name: linux,dummy-virt (DT)
[   30.273409] Call trace:
[   30.273818]  show_stack+0x20/0x38 (C)
[   30.274646]  dump_stack_lvl+0x8c/0xd0
[   30.275262]  print_report+0x118/0x5e0
[   30.275792]  kasan_report+0xc8/0x118
[   30.276390]  __asan_report_store1_noabort+0x20/0x30
[   30.277335]  krealloc_less_oob_helper+0xae4/0xc50
[   30.278033]  krealloc_large_less_oob+0x20/0x38
[   30.278616]  kunit_try_run_case+0x14c/0x3d0
[   30.279259]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.279948]  kthread+0x24c/0x2d0
[   30.280522]  ret_from_fork+0x10/0x20
[   30.281294] 
[   30.281533] The buggy address belongs to the physical page:
[   30.282217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e4
[   30.282938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.283825] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.284586] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.285706] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.286519] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.287340] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.288194] head: 0bfffe0000000002 ffffc1ffc3193901 ffffffffffffffff 0000000000000000
[   30.289819] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.290550] page dumped because: kasan: bad access detected
[   30.291130] 
[   30.291464] Memory state around the buggy address:
[   30.292032]  fff00000c64e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.292817]  fff00000c64e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.293856] >fff00000c64e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.294589]                                                           ^
[   30.295279]  fff00000c64e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.296068]  fff00000c64e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.296872] ==================================================================
[   30.238560] ==================================================================
[   30.239209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.240024] Write of size 1 at addr fff00000c64e60da by task kunit_try_catch/150
[   30.240880] 
[   30.241522] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.242786] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.243406] Hardware name: linux,dummy-virt (DT)
[   30.243941] Call trace:
[   30.244383]  show_stack+0x20/0x38 (C)
[   30.244977]  dump_stack_lvl+0x8c/0xd0
[   30.245835]  print_report+0x118/0x5e0
[   30.246431]  kasan_report+0xc8/0x118
[   30.246927]  __asan_report_store1_noabort+0x20/0x30
[   30.247661]  krealloc_less_oob_helper+0xa80/0xc50
[   30.248238]  krealloc_large_less_oob+0x20/0x38
[   30.248886]  kunit_try_run_case+0x14c/0x3d0
[   30.249792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.250492]  kthread+0x24c/0x2d0
[   30.251027]  ret_from_fork+0x10/0x20
[   30.251567] 
[   30.251878] The buggy address belongs to the physical page:
[   30.252445] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e4
[   30.253631] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.254381] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.255241] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.256047] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.256895] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.258544] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.258931] head: 0bfffe0000000002 ffffc1ffc3193901 ffffffffffffffff 0000000000000000
[   30.259314] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.259663] page dumped because: kasan: bad access detected
[   30.259937] 
[   30.260081] Memory state around the buggy address:
[   30.261226]  fff00000c64e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.262267]  fff00000c64e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.263005] >fff00000c64e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.263834]                                                     ^
[   30.264515]  fff00000c64e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.265615]  fff00000c64e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.266376] ==================================================================
[   29.915466] ==================================================================
[   29.916089] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.918603] Write of size 1 at addr fff00000c1de7ed0 by task kunit_try_catch/146
[   29.919324] 
[   29.919651] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.920680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.922418] Hardware name: linux,dummy-virt (DT)
[   29.923029] Call trace:
[   29.923381]  show_stack+0x20/0x38 (C)
[   29.923956]  dump_stack_lvl+0x8c/0xd0
[   29.924502]  print_report+0x118/0x5e0
[   29.925272]  kasan_report+0xc8/0x118
[   29.925761]  __asan_report_store1_noabort+0x20/0x30
[   29.926460]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.927068]  krealloc_less_oob+0x20/0x38
[   29.927744]  kunit_try_run_case+0x14c/0x3d0
[   29.928257]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.929280]  kthread+0x24c/0x2d0
[   29.929837]  ret_from_fork+0x10/0x20
[   29.930390] 
[   29.930714] Allocated by task 146:
[   29.931237]  kasan_save_stack+0x3c/0x68
[   29.931729]  kasan_save_track+0x20/0x40
[   29.932337]  kasan_save_alloc_info+0x40/0x58
[   29.932874]  __kasan_krealloc+0x118/0x178
[   29.934374]  krealloc_noprof+0x128/0x360
[   29.934903]  krealloc_less_oob_helper+0x168/0xc50
[   29.935521]  krealloc_less_oob+0x20/0x38
[   29.936034]  kunit_try_run_case+0x14c/0x3d0
[   29.937206]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.937869]  kthread+0x24c/0x2d0
[   29.938340]  ret_from_fork+0x10/0x20
[   29.938882] 
[   29.939243] The buggy address belongs to the object at fff00000c1de7e00
[   29.939243]  which belongs to the cache kmalloc-256 of size 256
[   29.940375] The buggy address is located 7 bytes to the right of
[   29.940375]  allocated 201-byte region [fff00000c1de7e00, fff00000c1de7ec9)
[   29.941819] 
[   29.942171] The buggy address belongs to the physical page:
[   29.942801] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de6
[   29.943646] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.944463] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.945558] page_type: f5(slab)
[   29.946002] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.946799] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.947587] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.948431] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.949472] head: 0bfffe0000000001 ffffc1ffc3077981 ffffffffffffffff 0000000000000000
[   29.950277] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.951068] page dumped because: kasan: bad access detected
[   29.951763] 
[   29.952096] Memory state around the buggy address:
[   29.952683]  fff00000c1de7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.953867]  fff00000c1de7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.954834] >fff00000c1de7e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.955567]                                                  ^
[   29.956188]  fff00000c1de7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.956797]  fff00000c1de7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.957965] ==================================================================
[   30.002764] ==================================================================
[   30.003546] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.004138] Write of size 1 at addr fff00000c1de7eea by task kunit_try_catch/146
[   30.004848] 
[   30.005513] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.006576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.007170] Hardware name: linux,dummy-virt (DT)
[   30.007768] Call trace:
[   30.008196]  show_stack+0x20/0x38 (C)
[   30.008785]  dump_stack_lvl+0x8c/0xd0
[   30.009549]  print_report+0x118/0x5e0
[   30.010148]  kasan_report+0xc8/0x118
[   30.010714]  __asan_report_store1_noabort+0x20/0x30
[   30.011384]  krealloc_less_oob_helper+0xae4/0xc50
[   30.012031]  krealloc_less_oob+0x20/0x38
[   30.012636]  kunit_try_run_case+0x14c/0x3d0
[   30.013544]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.014273]  kthread+0x24c/0x2d0
[   30.014723]  ret_from_fork+0x10/0x20
[   30.015312] 
[   30.015657] Allocated by task 146:
[   30.016152]  kasan_save_stack+0x3c/0x68
[   30.016739]  kasan_save_track+0x20/0x40
[   30.017525]  kasan_save_alloc_info+0x40/0x58
[   30.018139]  __kasan_krealloc+0x118/0x178
[   30.018626]  krealloc_noprof+0x128/0x360
[   30.019214]  krealloc_less_oob_helper+0x168/0xc50
[   30.019759]  krealloc_less_oob+0x20/0x38
[   30.020358]  kunit_try_run_case+0x14c/0x3d0
[   30.021587]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.022234]  kthread+0x24c/0x2d0
[   30.022759]  ret_from_fork+0x10/0x20
[   30.023281] 
[   30.023629] The buggy address belongs to the object at fff00000c1de7e00
[   30.023629]  which belongs to the cache kmalloc-256 of size 256
[   30.024730] The buggy address is located 33 bytes to the right of
[   30.024730]  allocated 201-byte region [fff00000c1de7e00, fff00000c1de7ec9)
[   30.026183] 
[   30.026523] The buggy address belongs to the physical page:
[   30.027209] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de6
[   30.028025] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.028847] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.029890] page_type: f5(slab)
[   30.030401] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.031130] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   30.032012] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.032791] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   30.033979] head: 0bfffe0000000001 ffffc1ffc3077981 ffffffffffffffff 0000000000000000
[   30.034803] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.035579] page dumped because: kasan: bad access detected
[   30.036200] 
[   30.036547] Memory state around the buggy address:
[   30.037342]  fff00000c1de7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.038147]  fff00000c1de7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.038920] >fff00000c1de7e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.039687]                                                           ^
[   30.040370]  fff00000c1de7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.042057]  fff00000c1de7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.042710] ==================================================================
[   30.044310] ==================================================================
[   30.045048] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.045938] Write of size 1 at addr fff00000c1de7eeb by task kunit_try_catch/146
[   30.046792] 
[   30.047474] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.048606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.049343] Hardware name: linux,dummy-virt (DT)
[   30.049946] Call trace:
[   30.050346]  show_stack+0x20/0x38 (C)
[   30.050866]  dump_stack_lvl+0x8c/0xd0
[   30.051416]  print_report+0x118/0x5e0
[   30.052006]  kasan_report+0xc8/0x118
[   30.052562]  __asan_report_store1_noabort+0x20/0x30
[   30.053546]  krealloc_less_oob_helper+0xa58/0xc50
[   30.054218]  krealloc_less_oob+0x20/0x38
[   30.054821]  kunit_try_run_case+0x14c/0x3d0
[   30.055391]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.056069]  kthread+0x24c/0x2d0
[   30.056641]  ret_from_fork+0x10/0x20
[   30.057531] 
[   30.057869] Allocated by task 146:
[   30.058286]  kasan_save_stack+0x3c/0x68
[   30.058869]  kasan_save_track+0x20/0x40
[   30.059419]  kasan_save_alloc_info+0x40/0x58
[   30.060049]  __kasan_krealloc+0x118/0x178
[   30.060661]  krealloc_noprof+0x128/0x360
[   30.061881]  krealloc_less_oob_helper+0x168/0xc50
[   30.062965]  krealloc_less_oob+0x20/0x38
[   30.063429]  kunit_try_run_case+0x14c/0x3d0
[   30.064036]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.064758]  kthread+0x24c/0x2d0
[   30.065545]  ret_from_fork+0x10/0x20
[   30.066082] 
[   30.066488] The buggy address belongs to the object at fff00000c1de7e00
[   30.066488]  which belongs to the cache kmalloc-256 of size 256
[   30.068054] The buggy address is located 34 bytes to the right of
[   30.068054]  allocated 201-byte region [fff00000c1de7e00, fff00000c1de7ec9)
[   30.069991] 
[   30.070485] The buggy address belongs to the physical page:
[   30.070997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de6
[   30.071766] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.072545] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.073606] page_type: f5(slab)
[   30.074363] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.074742] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   30.075103] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.075931] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   30.076706] head: 0bfffe0000000001 ffffc1ffc3077981 ffffffffffffffff 0000000000000000
[   30.077904] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.078744] page dumped because: kasan: bad access detected
[   30.079381] 
[   30.079754] Memory state around the buggy address:
[   30.080335]  fff00000c1de7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.081970]  fff00000c1de7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.082730] >fff00000c1de7e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.083572]                                                           ^
[   30.084331]  fff00000c1de7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.085295]  fff00000c1de7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.086190] ==================================================================
[   30.298289] ==================================================================
[   30.298805] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.299643] Write of size 1 at addr fff00000c64e60eb by task kunit_try_catch/150
[   30.300337] 
[   30.300655] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.303198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.303838] Hardware name: linux,dummy-virt (DT)
[   30.304391] Call trace:
[   30.304740]  show_stack+0x20/0x38 (C)
[   30.305448]  dump_stack_lvl+0x8c/0xd0
[   30.306076]  print_report+0x118/0x5e0
[   30.306715]  kasan_report+0xc8/0x118
[   30.307274]  __asan_report_store1_noabort+0x20/0x30
[   30.307913]  krealloc_less_oob_helper+0xa58/0xc50
[   30.308635]  krealloc_large_less_oob+0x20/0x38
[   30.309729]  kunit_try_run_case+0x14c/0x3d0
[   30.310296]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.310943]  kthread+0x24c/0x2d0
[   30.311487]  ret_from_fork+0x10/0x20
[   30.312103] 
[   30.312497] The buggy address belongs to the physical page:
[   30.313040] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e4
[   30.314211] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.314954] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.315890] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.316761] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.317868] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.318778] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.319553] head: 0bfffe0000000002 ffffc1ffc3193901 ffffffffffffffff 0000000000000000
[   30.320391] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.321263] page dumped because: kasan: bad access detected
[   30.322397] 
[   30.322877] Memory state around the buggy address:
[   30.323584]  fff00000c64e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.324405]  fff00000c64e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.325378] >fff00000c64e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.326170]                                                           ^
[   30.326808]  fff00000c64e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.328091]  fff00000c64e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.328960] ==================================================================
[   30.173671] ==================================================================
[   30.174719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.175762] Write of size 1 at addr fff00000c64e60c9 by task kunit_try_catch/150
[   30.176851] 
[   30.177641] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.178833] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.179321] Hardware name: linux,dummy-virt (DT)
[   30.179975] Call trace:
[   30.180416]  show_stack+0x20/0x38 (C)
[   30.181010]  dump_stack_lvl+0x8c/0xd0
[   30.181651]  print_report+0x118/0x5e0
[   30.182240]  kasan_report+0xc8/0x118
[   30.182748]  __asan_report_store1_noabort+0x20/0x30
[   30.183628]  krealloc_less_oob_helper+0xa48/0xc50
[   30.184273]  krealloc_large_less_oob+0x20/0x38
[   30.185161]  kunit_try_run_case+0x14c/0x3d0
[   30.185797]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.186555]  kthread+0x24c/0x2d0
[   30.187169]  ret_from_fork+0x10/0x20
[   30.187743] 
[   30.187912] The buggy address belongs to the physical page:
[   30.188308] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e4
[   30.189726] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.190456] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.191211] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.192075] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.192899] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.193763] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.194660] head: 0bfffe0000000002 ffffc1ffc3193901 ffffffffffffffff 0000000000000000
[   30.195453] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.196291] page dumped because: kasan: bad access detected
[   30.196893] 
[   30.197252] Memory state around the buggy address:
[   30.197874]  fff00000c64e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.198517]  fff00000c64e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.199369] >fff00000c64e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.200050]                                               ^
[   30.200781]  fff00000c64e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.201516]  fff00000c64e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.202859] ==================================================================
[   29.959568] ==================================================================
[   29.960249] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.960847] Write of size 1 at addr fff00000c1de7eda by task kunit_try_catch/146
[   29.961863] 
[   29.962247] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.963432] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.964510] Hardware name: linux,dummy-virt (DT)
[   29.965328] Call trace:
[   29.965692]  show_stack+0x20/0x38 (C)
[   29.966177]  dump_stack_lvl+0x8c/0xd0
[   29.966778]  print_report+0x118/0x5e0
[   29.967489]  kasan_report+0xc8/0x118
[   29.968042]  __asan_report_store1_noabort+0x20/0x30
[   29.968681]  krealloc_less_oob_helper+0xa80/0xc50
[   29.969300]  krealloc_less_oob+0x20/0x38
[   29.969896]  kunit_try_run_case+0x14c/0x3d0
[   29.970479]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.971456]  kthread+0x24c/0x2d0
[   29.971960]  ret_from_fork+0x10/0x20
[   29.972567] 
[   29.972862] Allocated by task 146:
[   29.973621]  kasan_save_stack+0x3c/0x68
[   29.974169]  kasan_save_track+0x20/0x40
[   29.974695]  kasan_save_alloc_info+0x40/0x58
[   29.975344]  __kasan_krealloc+0x118/0x178
[   29.975924]  krealloc_noprof+0x128/0x360
[   29.976455]  krealloc_less_oob_helper+0x168/0xc50
[   29.977372]  krealloc_less_oob+0x20/0x38
[   29.977931]  kunit_try_run_case+0x14c/0x3d0
[   29.978504]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.979079]  kthread+0x24c/0x2d0
[   29.979631]  ret_from_fork+0x10/0x20
[   29.980180] 
[   29.980488] The buggy address belongs to the object at fff00000c1de7e00
[   29.980488]  which belongs to the cache kmalloc-256 of size 256
[   29.982752] The buggy address is located 17 bytes to the right of
[   29.982752]  allocated 201-byte region [fff00000c1de7e00, fff00000c1de7ec9)
[   29.983986] 
[   29.984345] The buggy address belongs to the physical page:
[   29.984874] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de6
[   29.985860] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.986942] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.987702] page_type: f5(slab)
[   29.988226] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.989265] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.990171] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.990989] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.991809] head: 0bfffe0000000001 ffffc1ffc3077981 ffffffffffffffff 0000000000000000
[   29.992632] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.993636] page dumped because: kasan: bad access detected
[   29.994238] 
[   29.994565] Memory state around the buggy address:
[   29.995056]  fff00000c1de7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.995914]  fff00000c1de7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.996636] >fff00000c1de7e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.997796]                                                     ^
[   29.998504]  fff00000c1de7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.999255]  fff00000c1de7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.000061] ==================================================================
[   30.204946] ==================================================================
[   30.206349] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.207309] Write of size 1 at addr fff00000c64e60d0 by task kunit_try_catch/150
[   30.208082] 
[   30.208443] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.209878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.210730] Hardware name: linux,dummy-virt (DT)
[   30.211383] Call trace:
[   30.211697]  show_stack+0x20/0x38 (C)
[   30.212171]  dump_stack_lvl+0x8c/0xd0
[   30.212710]  print_report+0x118/0x5e0
[   30.213856]  kasan_report+0xc8/0x118
[   30.214476]  __asan_report_store1_noabort+0x20/0x30
[   30.215195]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.215758]  krealloc_large_less_oob+0x20/0x38
[   30.216373]  kunit_try_run_case+0x14c/0x3d0
[   30.217015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.217689]  kthread+0x24c/0x2d0
[   30.218515]  ret_from_fork+0x10/0x20
[   30.219072] 
[   30.219383] The buggy address belongs to the physical page:
[   30.219989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064e4
[   30.220855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.222303] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.223052] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.223864] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.225007] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.225876] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.226981] head: 0bfffe0000000002 ffffc1ffc3193901 ffffffffffffffff 0000000000000000
[   30.227846] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.228591] page dumped because: kasan: bad access detected
[   30.229545] 
[   30.229854] Memory state around the buggy address:
[   30.230412]  fff00000c64e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.231109]  fff00000c64e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.231959] >fff00000c64e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.232677]                                                  ^
[   30.233685]  fff00000c64e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.234374]  fff00000c64e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.235134] ==================================================================
[   29.871834] ==================================================================
[   29.872911] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.874089] Write of size 1 at addr fff00000c1de7ec9 by task kunit_try_catch/146
[   29.874902] 
[   29.875329] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.876380] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.876950] Hardware name: linux,dummy-virt (DT)
[   29.877643] Call trace:
[   29.878058]  show_stack+0x20/0x38 (C)
[   29.878633]  dump_stack_lvl+0x8c/0xd0
[   29.879277]  print_report+0x118/0x5e0
[   29.879883]  kasan_report+0xc8/0x118
[   29.880403]  __asan_report_store1_noabort+0x20/0x30
[   29.881451]  krealloc_less_oob_helper+0xa48/0xc50
[   29.882080]  krealloc_less_oob+0x20/0x38
[   29.882654]  kunit_try_run_case+0x14c/0x3d0
[   29.883285]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.883956]  kthread+0x24c/0x2d0
[   29.884543]  ret_from_fork+0x10/0x20
[   29.885304] 
[   29.885742] Allocated by task 146:
[   29.886281]  kasan_save_stack+0x3c/0x68
[   29.886827]  kasan_save_track+0x20/0x40
[   29.887325]  kasan_save_alloc_info+0x40/0x58
[   29.887981]  __kasan_krealloc+0x118/0x178
[   29.888489]  krealloc_noprof+0x128/0x360
[   29.889073]  krealloc_less_oob_helper+0x168/0xc50
[   29.889688]  krealloc_less_oob+0x20/0x38
[   29.890463]  kunit_try_run_case+0x14c/0x3d0
[   29.891047]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.891670]  kthread+0x24c/0x2d0
[   29.892095]  ret_from_fork+0x10/0x20
[   29.893149] 
[   29.893789] The buggy address belongs to the object at fff00000c1de7e00
[   29.893789]  which belongs to the cache kmalloc-256 of size 256
[   29.895130] The buggy address is located 0 bytes to the right of
[   29.895130]  allocated 201-byte region [fff00000c1de7e00, fff00000c1de7ec9)
[   29.896656] 
[   29.896917] The buggy address belongs to the physical page:
[   29.897906] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de6
[   29.898697] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.899821] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.900767] page_type: f5(slab)
[   29.901191] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.902301] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.903110] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.903891] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.904723] head: 0bfffe0000000001 ffffc1ffc3077981 ffffffffffffffff 0000000000000000
[   29.905935] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.906674] page dumped because: kasan: bad access detected
[   29.907671] 
[   29.907949] Memory state around the buggy address:
[   29.908594]  fff00000c1de7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.909293]  fff00000c1de7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.910177] >fff00000c1de7e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.911077]                                               ^
[   29.911688]  fff00000c1de7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.912579]  fff00000c1de7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.913761] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pSZJzQkkhJpt8WfFKMypNz4Dl1

job_id

TEST:linaro@lkft#2pSZOtFxfGeoQdbU0KjZZzPdVXj

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pSZOtFxfGeoQdbU0KjZZzPdVXj

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZLRIQFIoJdmNCL0bXHD2kaAs/Image.gz
sha256sum	5fba9bc6d13080f2ce21eb4cc1407335048dfebed92a49e3dc8085a23ecc09c5

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZLRIQFIoJdmNCL0bXHD2kaAs/modules.tar.xz
sha256sum	906bdfa17aa539e8cf2e1a21f8eaef876840979765c77cebe6145023f8479733

durations

tests

boot	379.90
kunit	461.69

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   20.836535] ==================================================================
[   20.838323] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   20.839706] Write of size 1 at addr ffff888100a966eb by task kunit_try_catch/166
[   20.840977] 
[   20.841283] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.842835] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.843109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.844319] Call Trace:
[   20.844553]  <TASK>
[   20.844751]  dump_stack_lvl+0x73/0xb0
[   20.845512]  print_report+0xd1/0x640
[   20.845815]  ? __virt_addr_valid+0x1db/0x2d0
[   20.846434]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.847289]  kasan_report+0x102/0x140
[   20.847585]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   20.847905]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   20.848274]  __asan_report_store1_noabort+0x1b/0x30
[   20.848664]  krealloc_less_oob_helper+0xd49/0x11d0
[   20.849115]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.849801]  ? finish_task_switch.isra.0+0x153/0x700
[   20.850727]  ? __switch_to+0x5d9/0xf60
[   20.851384]  ? __schedule+0xc3e/0x2790
[   20.852150]  ? __pfx_read_tsc+0x10/0x10
[   20.853204]  krealloc_less_oob+0x1c/0x30
[   20.854007]  kunit_try_run_case+0x1b3/0x490
[   20.854875]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.855808]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.856922]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.858443]  ? __kthread_parkme+0x82/0x160
[   20.858963]  ? preempt_count_sub+0x50/0x80
[   20.859866]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.860679]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.861875]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.862759]  kthread+0x257/0x310
[   20.863305]  ? __pfx_kthread+0x10/0x10
[   20.863756]  ret_from_fork+0x41/0x80
[   20.864330]  ? __pfx_kthread+0x10/0x10
[   20.864913]  ret_from_fork_asm+0x1a/0x30
[   20.865284]  </TASK>
[   20.865619] 
[   20.865805] Allocated by task 166:
[   20.866206]  kasan_save_stack+0x3d/0x60
[   20.866686]  kasan_save_track+0x18/0x40
[   20.867143]  kasan_save_alloc_info+0x3b/0x50
[   20.868434]  __kasan_krealloc+0x190/0x1f0
[   20.868877]  krealloc_noprof+0xf3/0x340
[   20.869398]  krealloc_less_oob_helper+0x1ab/0x11d0
[   20.869895]  krealloc_less_oob+0x1c/0x30
[   20.870466]  kunit_try_run_case+0x1b3/0x490
[   20.870865]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.871563]  kthread+0x257/0x310
[   20.871966]  ret_from_fork+0x41/0x80
[   20.872985]  ret_from_fork_asm+0x1a/0x30
[   20.873387] 
[   20.873585] The buggy address belongs to the object at ffff888100a96600
[   20.873585]  which belongs to the cache kmalloc-256 of size 256
[   20.874536] The buggy address is located 34 bytes to the right of
[   20.874536]  allocated 201-byte region [ffff888100a96600, ffff888100a966c9)
[   20.875874] 
[   20.876140] The buggy address belongs to the physical page:
[   20.876677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   20.877545] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.878491] flags: 0x200000000000040(head|node=0|zone=2)
[   20.878930] page_type: f5(slab)
[   20.880023] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.880641] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.881550] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.882333] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.883029] head: 0200000000000001 ffffea000402a581 ffffffffffffffff 0000000000000000
[   20.883787] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.885372] page dumped because: kasan: bad access detected
[   20.885808] 
[   20.885979] Memory state around the buggy address:
[   20.886501]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.886973]  ffff888100a96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.887860] >ffff888100a96680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.888706]                                                           ^
[   20.889522]  ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.890383]  ffff888100a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.890892] ==================================================================
[   20.723396] ==================================================================
[   20.723901] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   20.725126] Write of size 1 at addr ffff888100a966da by task kunit_try_catch/166
[   20.725847] 
[   20.726127] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.726901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.728212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.730136] Call Trace:
[   20.730323]  <TASK>
[   20.731166]  dump_stack_lvl+0x73/0xb0
[   20.731902]  print_report+0xd1/0x640
[   20.732718]  ? __virt_addr_valid+0x1db/0x2d0
[   20.733308]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.734050]  kasan_report+0x102/0x140
[   20.734666]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   20.735425]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   20.736032]  __asan_report_store1_noabort+0x1b/0x30
[   20.736933]  krealloc_less_oob_helper+0xec8/0x11d0
[   20.737665]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.738446]  ? finish_task_switch.isra.0+0x153/0x700
[   20.738929]  ? __switch_to+0x5d9/0xf60
[   20.740211]  ? __schedule+0xc3e/0x2790
[   20.741021]  ? __pfx_read_tsc+0x10/0x10
[   20.741521]  krealloc_less_oob+0x1c/0x30
[   20.741913]  kunit_try_run_case+0x1b3/0x490
[   20.742607]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.742943]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.743564]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.744000]  ? __kthread_parkme+0x82/0x160
[   20.744405]  ? preempt_count_sub+0x50/0x80
[   20.745797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.746486]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.746903]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.748213]  kthread+0x257/0x310
[   20.748508]  ? __pfx_kthread+0x10/0x10
[   20.748874]  ret_from_fork+0x41/0x80
[   20.749202]  ? __pfx_kthread+0x10/0x10
[   20.749804]  ret_from_fork_asm+0x1a/0x30
[   20.750688]  </TASK>
[   20.751000] 
[   20.751435] Allocated by task 166:
[   20.752434]  kasan_save_stack+0x3d/0x60
[   20.752688]  kasan_save_track+0x18/0x40
[   20.753175]  kasan_save_alloc_info+0x3b/0x50
[   20.753589]  __kasan_krealloc+0x190/0x1f0
[   20.753926]  krealloc_noprof+0xf3/0x340
[   20.754274]  krealloc_less_oob_helper+0x1ab/0x11d0
[   20.755374]  krealloc_less_oob+0x1c/0x30
[   20.755898]  kunit_try_run_case+0x1b3/0x490
[   20.756682]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.757100]  kthread+0x257/0x310
[   20.757682]  ret_from_fork+0x41/0x80
[   20.758132]  ret_from_fork_asm+0x1a/0x30
[   20.758876] 
[   20.759032] The buggy address belongs to the object at ffff888100a96600
[   20.759032]  which belongs to the cache kmalloc-256 of size 256
[   20.760635] The buggy address is located 17 bytes to the right of
[   20.760635]  allocated 201-byte region [ffff888100a96600, ffff888100a966c9)
[   20.761938] 
[   20.762145] The buggy address belongs to the physical page:
[   20.762939] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   20.763578] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.764390] flags: 0x200000000000040(head|node=0|zone=2)
[   20.765493] page_type: f5(slab)
[   20.765775] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.766545] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.767736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.768314] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.768979] head: 0200000000000001 ffffea000402a581 ffffffffffffffff 0000000000000000
[   20.769730] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.771153] page dumped because: kasan: bad access detected
[   20.771700] 
[   20.771885] Memory state around the buggy address:
[   20.772925]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.773829]  ffff888100a96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.774740] >ffff888100a96680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.775595]                                                     ^
[   20.775984]  ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.777144]  ffff888100a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.777886] ==================================================================
[   20.672311] ==================================================================
[   20.672950] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   20.674624] Write of size 1 at addr ffff888100a966d0 by task kunit_try_catch/166
[   20.675209] 
[   20.675534] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.676323] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.676792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.677794] Call Trace:
[   20.678031]  <TASK>
[   20.678410]  dump_stack_lvl+0x73/0xb0
[   20.678705]  print_report+0xd1/0x640
[   20.679043]  ? __virt_addr_valid+0x1db/0x2d0
[   20.679999]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.680654]  kasan_report+0x102/0x140
[   20.681027]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   20.681759]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   20.682368]  __asan_report_store1_noabort+0x1b/0x30
[   20.682726]  krealloc_less_oob_helper+0xe25/0x11d0
[   20.683414]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.683804]  ? finish_task_switch.isra.0+0x153/0x700
[   20.684321]  ? __switch_to+0x5d9/0xf60
[   20.684689]  ? __schedule+0xc3e/0x2790
[   20.685094]  ? __pfx_read_tsc+0x10/0x10
[   20.685464]  krealloc_less_oob+0x1c/0x30
[   20.685918]  kunit_try_run_case+0x1b3/0x490
[   20.686929]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.687692]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.688111]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.688693]  ? __kthread_parkme+0x82/0x160
[   20.689316]  ? preempt_count_sub+0x50/0x80
[   20.689821]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.690419]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.691046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.692032]  kthread+0x257/0x310
[   20.692311]  ? __pfx_kthread+0x10/0x10
[   20.692832]  ret_from_fork+0x41/0x80
[   20.693296]  ? __pfx_kthread+0x10/0x10
[   20.693708]  ret_from_fork_asm+0x1a/0x30
[   20.694050]  </TASK>
[   20.694462] 
[   20.694693] Allocated by task 166:
[   20.694923]  kasan_save_stack+0x3d/0x60
[   20.695573]  kasan_save_track+0x18/0x40
[   20.696026]  kasan_save_alloc_info+0x3b/0x50
[   20.696514]  __kasan_krealloc+0x190/0x1f0
[   20.697004]  krealloc_noprof+0xf3/0x340
[   20.697582]  krealloc_less_oob_helper+0x1ab/0x11d0
[   20.698031]  krealloc_less_oob+0x1c/0x30
[   20.698917]  kunit_try_run_case+0x1b3/0x490
[   20.699615]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.700039]  kthread+0x257/0x310
[   20.700595]  ret_from_fork+0x41/0x80
[   20.701024]  ret_from_fork_asm+0x1a/0x30
[   20.701416] 
[   20.701677] The buggy address belongs to the object at ffff888100a96600
[   20.701677]  which belongs to the cache kmalloc-256 of size 256
[   20.702661] The buggy address is located 7 bytes to the right of
[   20.702661]  allocated 201-byte region [ffff888100a96600, ffff888100a966c9)
[   20.703929] 
[   20.704797] The buggy address belongs to the physical page:
[   20.705812] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   20.706780] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.707386] flags: 0x200000000000040(head|node=0|zone=2)
[   20.707959] page_type: f5(slab)
[   20.708783] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.709564] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.710322] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.711496] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.712141] head: 0200000000000001 ffffea000402a581 ffffffffffffffff 0000000000000000
[   20.712759] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.713628] page dumped because: kasan: bad access detected
[   20.714410] 
[   20.714663] Memory state around the buggy address:
[   20.715635]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.716414]  ffff888100a96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.716975] >ffff888100a96680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.718496]                                                  ^
[   20.719000]  ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.719958]  ffff888100a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.721000] ==================================================================
[   20.625922] ==================================================================
[   20.626840] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   20.627363] Write of size 1 at addr ffff888100a966c9 by task kunit_try_catch/166
[   20.628045] 
[   20.628288] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.630064] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.630372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.631459] Call Trace:
[   20.631865]  <TASK>
[   20.632174]  dump_stack_lvl+0x73/0xb0
[   20.632513]  print_report+0xd1/0x640
[   20.633305]  ? __virt_addr_valid+0x1db/0x2d0
[   20.633789]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.634356]  kasan_report+0x102/0x140
[   20.634753]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   20.635433]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   20.635805]  __asan_report_store1_noabort+0x1b/0x30
[   20.636131]  krealloc_less_oob_helper+0xd72/0x11d0
[   20.636723]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.637429]  ? finish_task_switch.isra.0+0x153/0x700
[   20.637816]  ? __switch_to+0x5d9/0xf60
[   20.638140]  ? __schedule+0xc3e/0x2790
[   20.638578]  ? __pfx_read_tsc+0x10/0x10
[   20.639041]  krealloc_less_oob+0x1c/0x30
[   20.640210]  kunit_try_run_case+0x1b3/0x490
[   20.640664]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.640996]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.641606]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.642134]  ? __kthread_parkme+0x82/0x160
[   20.642803]  ? preempt_count_sub+0x50/0x80
[   20.643374]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.643897]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.644741]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.645442]  kthread+0x257/0x310
[   20.645901]  ? __pfx_kthread+0x10/0x10
[   20.646363]  ret_from_fork+0x41/0x80
[   20.646721]  ? __pfx_kthread+0x10/0x10
[   20.647044]  ret_from_fork_asm+0x1a/0x30
[   20.647787]  </TASK>
[   20.648035] 
[   20.648399] Allocated by task 166:
[   20.648815]  kasan_save_stack+0x3d/0x60
[   20.649151]  kasan_save_track+0x18/0x40
[   20.649767]  kasan_save_alloc_info+0x3b/0x50
[   20.650433]  __kasan_krealloc+0x190/0x1f0
[   20.650805]  krealloc_noprof+0xf3/0x340
[   20.651382]  krealloc_less_oob_helper+0x1ab/0x11d0
[   20.651813]  krealloc_less_oob+0x1c/0x30
[   20.652087]  kunit_try_run_case+0x1b3/0x490
[   20.652828]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.653476]  kthread+0x257/0x310
[   20.653747]  ret_from_fork+0x41/0x80
[   20.654063]  ret_from_fork_asm+0x1a/0x30
[   20.654538] 
[   20.654795] The buggy address belongs to the object at ffff888100a96600
[   20.654795]  which belongs to the cache kmalloc-256 of size 256
[   20.655834] The buggy address is located 0 bytes to the right of
[   20.655834]  allocated 201-byte region [ffff888100a96600, ffff888100a966c9)
[   20.657017] 
[   20.657386] The buggy address belongs to the physical page:
[   20.657775] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   20.658651] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.659682] flags: 0x200000000000040(head|node=0|zone=2)
[   20.660144] page_type: f5(slab)
[   20.660572] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.661455] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.662081] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.662712] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.663569] head: 0200000000000001 ffffea000402a581 ffffffffffffffff 0000000000000000
[   20.664401] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.664973] page dumped because: kasan: bad access detected
[   20.665599] 
[   20.665827] Memory state around the buggy address:
[   20.666315]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.666995]  ffff888100a96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.667697] >ffff888100a96680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.668442]                                               ^
[   20.669027]  ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.669714]  ffff888100a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.670648] ==================================================================
[   21.085883] ==================================================================
[   21.086504] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   21.087133] Write of size 1 at addr ffff88810236e0da by task kunit_try_catch/170
[   21.087825] 
[   21.088106] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   21.090437] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.091436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.092219] Call Trace:
[   21.092550]  <TASK>
[   21.092874]  dump_stack_lvl+0x73/0xb0
[   21.093280]  print_report+0xd1/0x640
[   21.093920]  ? __virt_addr_valid+0x1db/0x2d0
[   21.094986]  ? kasan_addr_to_slab+0x11/0xa0
[   21.095811]  kasan_report+0x102/0x140
[   21.096832]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   21.097573]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   21.098127]  __asan_report_store1_noabort+0x1b/0x30
[   21.099230]  krealloc_less_oob_helper+0xec8/0x11d0
[   21.100109]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.100742]  ? finish_task_switch.isra.0+0x153/0x700
[   21.101038]  ? __switch_to+0x5d9/0xf60
[   21.102001]  ? __schedule+0xc3e/0x2790
[   21.102584]  ? __pfx_read_tsc+0x10/0x10
[   21.103120]  krealloc_large_less_oob+0x1c/0x30
[   21.103678]  kunit_try_run_case+0x1b3/0x490
[   21.104139]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.104802]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.105826]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.106369]  ? __kthread_parkme+0x82/0x160
[   21.106682]  ? preempt_count_sub+0x50/0x80
[   21.107173]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.108079]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.108682]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.109115]  kthread+0x257/0x310
[   21.110109]  ? __pfx_kthread+0x10/0x10
[   21.111154]  ret_from_fork+0x41/0x80
[   21.112449]  ? __pfx_kthread+0x10/0x10
[   21.112730]  ret_from_fork_asm+0x1a/0x30
[   21.113239]  </TASK>
[   21.113602] 
[   21.113797] The buggy address belongs to the physical page:
[   21.115175] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10236c
[   21.116395] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.116766] flags: 0x200000000000040(head|node=0|zone=2)
[   21.117020] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.117829] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.118662] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.120115] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.121649] head: 0200000000000002 ffffea000408db01 ffffffffffffffff 0000000000000000
[   21.122542] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   21.123176] page dumped because: kasan: bad access detected
[   21.123866] 
[   21.123997] Memory state around the buggy address:
[   21.124480]  ffff88810236df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.126104]  ffff88810236e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.127165] >ffff88810236e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.128001]                                                     ^
[   21.128833]  ffff88810236e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.130107]  ffff88810236e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.131715] ==================================================================
[   20.998030] ==================================================================
[   20.999466] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   21.000390] Write of size 1 at addr ffff88810236e0c9 by task kunit_try_catch/170
[   21.001724] 
[   21.001995] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   21.002760] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.003202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.004038] Call Trace:
[   21.004452]  <TASK>
[   21.005010]  dump_stack_lvl+0x73/0xb0
[   21.005805]  print_report+0xd1/0x640
[   21.006397]  ? __virt_addr_valid+0x1db/0x2d0
[   21.007279]  ? kasan_addr_to_slab+0x11/0xa0
[   21.007817]  kasan_report+0x102/0x140
[   21.008398]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   21.009066]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   21.010104]  __asan_report_store1_noabort+0x1b/0x30
[   21.011017]  krealloc_less_oob_helper+0xd72/0x11d0
[   21.011422]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.012061]  ? finish_task_switch.isra.0+0x153/0x700
[   21.012957]  ? __switch_to+0x5d9/0xf60
[   21.014174]  ? __schedule+0xc3e/0x2790
[   21.014629]  ? __pfx_read_tsc+0x10/0x10
[   21.015379]  krealloc_large_less_oob+0x1c/0x30
[   21.016005]  kunit_try_run_case+0x1b3/0x490
[   21.017064]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.017785]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.018553]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.019088]  ? __kthread_parkme+0x82/0x160
[   21.019722]  ? preempt_count_sub+0x50/0x80
[   21.020232]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.020926]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.021990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.022731]  kthread+0x257/0x310
[   21.023266]  ? __pfx_kthread+0x10/0x10
[   21.023592]  ret_from_fork+0x41/0x80
[   21.024080]  ? __pfx_kthread+0x10/0x10
[   21.024665]  ret_from_fork_asm+0x1a/0x30
[   21.025036]  </TASK>
[   21.025467] 
[   21.026056] The buggy address belongs to the physical page:
[   21.027174] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10236c
[   21.027942] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.028776] flags: 0x200000000000040(head|node=0|zone=2)
[   21.029571] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.030144] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.031457] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.032127] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.033619] head: 0200000000000002 ffffea000408db01 ffffffffffffffff 0000000000000000
[   21.034331] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   21.035359] page dumped because: kasan: bad access detected
[   21.035978] 
[   21.036597] Memory state around the buggy address:
[   21.037122]  ffff88810236df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.037839]  ffff88810236e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.038774] >ffff88810236e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.039880]                                               ^
[   21.040666]  ffff88810236e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.041953]  ffff88810236e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.042864] ==================================================================
[   21.176954] ==================================================================
[   21.178010] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   21.179530] Write of size 1 at addr ffff88810236e0eb by task kunit_try_catch/170
[   21.180594] 
[   21.180955] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   21.182283] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.183395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.184707] Call Trace:
[   21.184996]  <TASK>
[   21.185264]  dump_stack_lvl+0x73/0xb0
[   21.185697]  print_report+0xd1/0x640
[   21.186250]  ? __virt_addr_valid+0x1db/0x2d0
[   21.186635]  ? kasan_addr_to_slab+0x11/0xa0
[   21.186916]  kasan_report+0x102/0x140
[   21.187453]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   21.188496]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   21.189616]  __asan_report_store1_noabort+0x1b/0x30
[   21.190614]  krealloc_less_oob_helper+0xd49/0x11d0
[   21.191106]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.191946]  ? finish_task_switch.isra.0+0x153/0x700
[   21.193024]  ? __switch_to+0x5d9/0xf60
[   21.193902]  ? __schedule+0xc3e/0x2790
[   21.194509]  ? __pfx_read_tsc+0x10/0x10
[   21.195079]  krealloc_large_less_oob+0x1c/0x30
[   21.196100]  kunit_try_run_case+0x1b3/0x490
[   21.196727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.197123]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.197555]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.197960]  ? __kthread_parkme+0x82/0x160
[   21.198624]  ? preempt_count_sub+0x50/0x80
[   21.199680]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.200633]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.201479]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.202228]  kthread+0x257/0x310
[   21.202498]  ? __pfx_kthread+0x10/0x10
[   21.203001]  ret_from_fork+0x41/0x80
[   21.204074]  ? __pfx_kthread+0x10/0x10
[   21.205076]  ret_from_fork_asm+0x1a/0x30
[   21.205379]  </TASK>
[   21.205970] 
[   21.206502] The buggy address belongs to the physical page:
[   21.207160] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10236c
[   21.207979] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.208975] flags: 0x200000000000040(head|node=0|zone=2)
[   21.210251] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.211120] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.211947] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.213005] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.213801] head: 0200000000000002 ffffea000408db01 ffffffffffffffff 0000000000000000
[   21.214567] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   21.215317] page dumped because: kasan: bad access detected
[   21.216245] 
[   21.216896] Memory state around the buggy address:
[   21.217517]  ffff88810236df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.218658]  ffff88810236e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.219552] >ffff88810236e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.221069]                                                           ^
[   21.222148]  ffff88810236e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.222720]  ffff88810236e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.223453] ==================================================================
[   21.043800] ==================================================================
[   21.044383] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   21.044815] Write of size 1 at addr ffff88810236e0d0 by task kunit_try_catch/170
[   21.045404] 
[   21.045688] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   21.046939] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.047479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.048262] Call Trace:
[   21.048763]  <TASK>
[   21.048965]  dump_stack_lvl+0x73/0xb0
[   21.049324]  print_report+0xd1/0x640
[   21.051642]  ? __virt_addr_valid+0x1db/0x2d0
[   21.052866]  ? kasan_addr_to_slab+0x11/0xa0
[   21.053567]  kasan_report+0x102/0x140
[   21.054372]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   21.054945]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   21.055797]  __asan_report_store1_noabort+0x1b/0x30
[   21.056397]  krealloc_less_oob_helper+0xe25/0x11d0
[   21.057029]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.057587]  ? finish_task_switch.isra.0+0x153/0x700
[   21.057998]  ? __switch_to+0x5d9/0xf60
[   21.058485]  ? __schedule+0xc3e/0x2790
[   21.058949]  ? __pfx_read_tsc+0x10/0x10
[   21.059629]  krealloc_large_less_oob+0x1c/0x30
[   21.060280]  kunit_try_run_case+0x1b3/0x490
[   21.060759]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.061736]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.062173]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.062786]  ? __kthread_parkme+0x82/0x160
[   21.063147]  ? preempt_count_sub+0x50/0x80
[   21.064498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.064936]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.065435]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.066444]  kthread+0x257/0x310
[   21.066798]  ? __pfx_kthread+0x10/0x10
[   21.067161]  ret_from_fork+0x41/0x80
[   21.067511]  ? __pfx_kthread+0x10/0x10
[   21.067911]  ret_from_fork_asm+0x1a/0x30
[   21.068403]  </TASK>
[   21.069210] 
[   21.069603] The buggy address belongs to the physical page:
[   21.070556] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10236c
[   21.071380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.072134] flags: 0x200000000000040(head|node=0|zone=2)
[   21.072732] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.073936] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.074777] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.075501] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.076161] head: 0200000000000002 ffffea000408db01 ffffffffffffffff 0000000000000000
[   21.077065] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   21.077940] page dumped because: kasan: bad access detected
[   21.078920] 
[   21.079068] Memory state around the buggy address:
[   21.079659]  ffff88810236df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.080684]  ffff88810236e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.081488] >ffff88810236e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.082061]                                                  ^
[   21.082849]  ffff88810236e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.084108]  ffff88810236e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.084797] ==================================================================
[   20.779031] ==================================================================
[   20.780684] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   20.782062] Write of size 1 at addr ffff888100a966ea by task kunit_try_catch/166
[   20.783227] 
[   20.783777] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.784860] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.785111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.785892] Call Trace:
[   20.786259]  <TASK>
[   20.786730]  dump_stack_lvl+0x73/0xb0
[   20.787028]  print_report+0xd1/0x640
[   20.787836]  ? __virt_addr_valid+0x1db/0x2d0
[   20.788638]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.789478]  kasan_report+0x102/0x140
[   20.789994]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   20.790986]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   20.791646]  __asan_report_store1_noabort+0x1b/0x30
[   20.792273]  krealloc_less_oob_helper+0xe92/0x11d0
[   20.792811]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.793493]  ? finish_task_switch.isra.0+0x153/0x700
[   20.794172]  ? __switch_to+0x5d9/0xf60
[   20.794700]  ? __schedule+0xc3e/0x2790
[   20.795265]  ? __pfx_read_tsc+0x10/0x10
[   20.796159]  krealloc_less_oob+0x1c/0x30
[   20.796773]  kunit_try_run_case+0x1b3/0x490
[   20.797603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.798069]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.798790]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.799233]  ? __kthread_parkme+0x82/0x160
[   20.800016]  ? preempt_count_sub+0x50/0x80
[   20.801439]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.801859]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.802940]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.803460]  kthread+0x257/0x310
[   20.803922]  ? __pfx_kthread+0x10/0x10
[   20.804518]  ret_from_fork+0x41/0x80
[   20.805333]  ? __pfx_kthread+0x10/0x10
[   20.805641]  ret_from_fork_asm+0x1a/0x30
[   20.805938]  </TASK>
[   20.806295] 
[   20.806692] Allocated by task 166:
[   20.807243]  kasan_save_stack+0x3d/0x60
[   20.807873]  kasan_save_track+0x18/0x40
[   20.808535]  kasan_save_alloc_info+0x3b/0x50
[   20.809266]  __kasan_krealloc+0x190/0x1f0
[   20.810000]  krealloc_noprof+0xf3/0x340
[   20.810318]  krealloc_less_oob_helper+0x1ab/0x11d0
[   20.810886]  krealloc_less_oob+0x1c/0x30
[   20.811185]  kunit_try_run_case+0x1b3/0x490
[   20.812163]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.812815]  kthread+0x257/0x310
[   20.813507]  ret_from_fork+0x41/0x80
[   20.814095]  ret_from_fork_asm+0x1a/0x30
[   20.814407] 
[   20.814664] The buggy address belongs to the object at ffff888100a96600
[   20.814664]  which belongs to the cache kmalloc-256 of size 256
[   20.815823] The buggy address is located 33 bytes to the right of
[   20.815823]  allocated 201-byte region [ffff888100a96600, ffff888100a966c9)
[   20.817872] 
[   20.818088] The buggy address belongs to the physical page:
[   20.818636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   20.819619] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.821118] flags: 0x200000000000040(head|node=0|zone=2)
[   20.822131] page_type: f5(slab)
[   20.822749] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.823712] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.824130] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.825614] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.826585] head: 0200000000000001 ffffea000402a581 ffffffffffffffff 0000000000000000
[   20.827634] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.828200] page dumped because: kasan: bad access detected
[   20.829128] 
[   20.829446] Memory state around the buggy address:
[   20.829744]  ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.831224]  ffff888100a96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.832479] >ffff888100a96680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.833236]                                                           ^
[   20.834280]  ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.835485]  ffff888100a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.835769] ==================================================================
[   21.132710] ==================================================================
[   21.133107] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   21.135147] Write of size 1 at addr ffff88810236e0ea by task kunit_try_catch/170
[   21.135834] 
[   21.136052] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   21.137983] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.138585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.139458] Call Trace:
[   21.140309]  <TASK>
[   21.140555]  dump_stack_lvl+0x73/0xb0
[   21.141140]  print_report+0xd1/0x640
[   21.141675]  ? __virt_addr_valid+0x1db/0x2d0
[   21.142124]  ? kasan_addr_to_slab+0x11/0xa0
[   21.142677]  kasan_report+0x102/0x140
[   21.143401]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   21.143899]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   21.144417]  __asan_report_store1_noabort+0x1b/0x30
[   21.145734]  krealloc_less_oob_helper+0xe92/0x11d0
[   21.146497]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.147017]  ? finish_task_switch.isra.0+0x153/0x700
[   21.147620]  ? __switch_to+0x5d9/0xf60
[   21.147942]  ? __schedule+0xc3e/0x2790
[   21.148649]  ? __pfx_read_tsc+0x10/0x10
[   21.149045]  krealloc_large_less_oob+0x1c/0x30
[   21.149845]  kunit_try_run_case+0x1b3/0x490
[   21.150493]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.151067]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.152147]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.152837]  ? __kthread_parkme+0x82/0x160
[   21.153478]  ? preempt_count_sub+0x50/0x80
[   21.153935]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.154638]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.155386]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.155918]  kthread+0x257/0x310
[   21.156359]  ? __pfx_kthread+0x10/0x10
[   21.157017]  ret_from_fork+0x41/0x80
[   21.157871]  ? __pfx_kthread+0x10/0x10
[   21.158244]  ret_from_fork_asm+0x1a/0x30
[   21.158842]  </TASK>
[   21.159596] 
[   21.159925] The buggy address belongs to the physical page:
[   21.160627] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10236c
[   21.161765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.162508] flags: 0x200000000000040(head|node=0|zone=2)
[   21.163194] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.163968] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.164679] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.165909] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   21.167554] head: 0200000000000002 ffffea000408db01 ffffffffffffffff 0000000000000000
[   21.168095] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   21.169246] page dumped because: kasan: bad access detected
[   21.169805] 
[   21.170005] Memory state around the buggy address:
[   21.170999]  ffff88810236df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.171625]  ffff88810236e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.172469] >ffff88810236e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.173742]                                                           ^
[   21.174625]  ffff88810236e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.174899]  ffff88810236e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.175440] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pSZJzQkkhJpt8WfFKMypNz4Dl1

job_id

TEST:linaro@lkft#2pSZPewjT2orEVcwbDqECJPoQkA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pSZPewjT2orEVcwbDqECJPoQkA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZMjfLmjiaWH7XKoeoQxm7E9X/bzImage
sha256sum	2f0a09feefd5994ed265072fbad4eb4d4b5bdd155e48621279515fda0e903117

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZMjfLmjiaWH7XKoeoQxm7E9X/modules.tar.xz
sha256sum	db73eb0ad23fd8381a84f10d613eb35ef43355fa02ba6a51820b18aa895161ad

durations

tests

boot	322.83
kunit	412.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit