lkft/linux-next-master - next-20241203 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Dec. 3, 2024, 11:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.102312] ==================================================================
[   30.103165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.103999] Write of size 1 at addr fff00000c65520ea by task kunit_try_catch/151
[   30.104849] 
[   30.105378] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   30.106735] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.107763] Hardware name: linux,dummy-virt (DT)
[   30.109348] Call trace:
[   30.109739]  show_stack+0x20/0x38 (C)
[   30.110348]  dump_stack_lvl+0x8c/0xd0
[   30.111152]  print_report+0x118/0x5e0
[   30.111893]  kasan_report+0xc8/0x118
[   30.112547]  __asan_report_store1_noabort+0x20/0x30
[   30.113189]  krealloc_less_oob_helper+0xae4/0xc50
[   30.113916]  krealloc_large_less_oob+0x20/0x38
[   30.114673]  kunit_try_run_case+0x14c/0x3d0
[   30.115486]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.116446]  kthread+0x24c/0x2d0
[   30.117189]  ret_from_fork+0x10/0x20
[   30.118157] 
[   30.118679] The buggy address belongs to the physical page:
[   30.120104] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   30.121427] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.122594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.123891] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.125034] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.126167] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.127425] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.128443] head: 0bfffe0000000002 ffffc1ffc3195401 ffffffffffffffff 0000000000000000
[   30.129410] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.130473] page dumped because: kasan: bad access detected
[   30.131315] 
[   30.131834] Memory state around the buggy address:
[   30.132306]  fff00000c6551f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.133816]  fff00000c6552000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.134252] >fff00000c6552080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.135657]                                                           ^
[   30.136713]  fff00000c6552100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.137667]  fff00000c6552180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.138705] ==================================================================
[   29.757363] ==================================================================
[   29.758213] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.759210] Write of size 1 at addr fff00000c09752da by task kunit_try_catch/147
[   29.760531] 
[   29.760822] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.762011] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.762907] Hardware name: linux,dummy-virt (DT)
[   29.763745] Call trace:
[   29.764317]  show_stack+0x20/0x38 (C)
[   29.765129]  dump_stack_lvl+0x8c/0xd0
[   29.765935]  print_report+0x118/0x5e0
[   29.766714]  kasan_report+0xc8/0x118
[   29.767510]  __asan_report_store1_noabort+0x20/0x30
[   29.768406]  krealloc_less_oob_helper+0xa80/0xc50
[   29.769271]  krealloc_less_oob+0x20/0x38
[   29.770047]  kunit_try_run_case+0x14c/0x3d0
[   29.770891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.771860]  kthread+0x24c/0x2d0
[   29.772384]  ret_from_fork+0x10/0x20
[   29.772936] 
[   29.773246] Allocated by task 147:
[   29.773765]  kasan_save_stack+0x3c/0x68
[   29.774393]  kasan_save_track+0x20/0x40
[   29.775406]  kasan_save_alloc_info+0x40/0x58
[   29.776051]  __kasan_krealloc+0x118/0x178
[   29.776944]  krealloc_noprof+0x128/0x360
[   29.777600]  krealloc_less_oob_helper+0x168/0xc50
[   29.778529]  krealloc_less_oob+0x20/0x38
[   29.779254]  kunit_try_run_case+0x14c/0x3d0
[   29.779902]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.780952]  kthread+0x24c/0x2d0
[   29.781704]  ret_from_fork+0x10/0x20
[   29.782404] 
[   29.782959] The buggy address belongs to the object at fff00000c0975200
[   29.782959]  which belongs to the cache kmalloc-256 of size 256
[   29.784612] The buggy address is located 17 bytes to the right of
[   29.784612]  allocated 201-byte region [fff00000c0975200, fff00000c09752c9)
[   29.786578] 
[   29.787068] The buggy address belongs to the physical page:
[   29.787972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.789006] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.790106] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.791169] page_type: f5(slab)
[   29.791748] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.792851] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.793814] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.794836] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.795831] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.796831] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.797814] page dumped because: kasan: bad access detected
[   29.798593] 
[   29.798927] Memory state around the buggy address:
[   29.799706]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.800675]  fff00000c0975200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.801615] >fff00000c0975280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.802576]                                                     ^
[   29.803368]  fff00000c0975300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.804414]  fff00000c0975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.805305] ==================================================================
[   29.702514] ==================================================================
[   29.703112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.704165] Write of size 1 at addr fff00000c09752d0 by task kunit_try_catch/147
[   29.705174] 
[   29.705669] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.707212] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.708392] Hardware name: linux,dummy-virt (DT)
[   29.709407] Call trace:
[   29.710432]  show_stack+0x20/0x38 (C)
[   29.711249]  dump_stack_lvl+0x8c/0xd0
[   29.712113]  print_report+0x118/0x5e0
[   29.712712]  kasan_report+0xc8/0x118
[   29.713221]  __asan_report_store1_noabort+0x20/0x30
[   29.713942]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.714682]  krealloc_less_oob+0x20/0x38
[   29.715398]  kunit_try_run_case+0x14c/0x3d0
[   29.716815]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.717191]  kthread+0x24c/0x2d0
[   29.717841]  ret_from_fork+0x10/0x20
[   29.718378] 
[   29.718770] Allocated by task 147:
[   29.719859]  kasan_save_stack+0x3c/0x68
[   29.720431]  kasan_save_track+0x20/0x40
[   29.721072]  kasan_save_alloc_info+0x40/0x58
[   29.721774]  __kasan_krealloc+0x118/0x178
[   29.722375]  krealloc_noprof+0x128/0x360
[   29.722998]  krealloc_less_oob_helper+0x168/0xc50
[   29.724163]  krealloc_less_oob+0x20/0x38
[   29.724688]  kunit_try_run_case+0x14c/0x3d0
[   29.725585]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.726493]  kthread+0x24c/0x2d0
[   29.727145]  ret_from_fork+0x10/0x20
[   29.727994] 
[   29.728362] The buggy address belongs to the object at fff00000c0975200
[   29.728362]  which belongs to the cache kmalloc-256 of size 256
[   29.729821] The buggy address is located 7 bytes to the right of
[   29.729821]  allocated 201-byte region [fff00000c0975200, fff00000c09752c9)
[   29.731393] 
[   29.732068] The buggy address belongs to the physical page:
[   29.732922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.733969] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.735238] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.736195] page_type: f5(slab)
[   29.736705] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.737811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.738941] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.740372] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.741531] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.742727] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.744098] page dumped because: kasan: bad access detected
[   29.745103] 
[   29.745437] Memory state around the buggy address:
[   29.745984]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.746882]  fff00000c0975200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.748484] >fff00000c0975280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.749719]                                                  ^
[   29.750386]  fff00000c0975300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.752202]  fff00000c0975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.753894] ==================================================================
[   29.646498] ==================================================================
[   29.647733] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.649605] Write of size 1 at addr fff00000c09752c9 by task kunit_try_catch/147
[   29.650548] 
[   29.650845] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.652198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.653109] Hardware name: linux,dummy-virt (DT)
[   29.653715] Call trace:
[   29.654160]  show_stack+0x20/0x38 (C)
[   29.654899]  dump_stack_lvl+0x8c/0xd0
[   29.655482]  print_report+0x118/0x5e0
[   29.656096]  kasan_report+0xc8/0x118
[   29.656655]  __asan_report_store1_noabort+0x20/0x30
[   29.657252]  krealloc_less_oob_helper+0xa48/0xc50
[   29.658909]  krealloc_less_oob+0x20/0x38
[   29.660183]  kunit_try_run_case+0x14c/0x3d0
[   29.661637]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.662807]  kthread+0x24c/0x2d0
[   29.663448]  ret_from_fork+0x10/0x20
[   29.664671] 
[   29.664927] Allocated by task 147:
[   29.665243]  kasan_save_stack+0x3c/0x68
[   29.665786]  kasan_save_track+0x20/0x40
[   29.666956]  kasan_save_alloc_info+0x40/0x58
[   29.667723]  __kasan_krealloc+0x118/0x178
[   29.668297]  krealloc_noprof+0x128/0x360
[   29.668775]  krealloc_less_oob_helper+0x168/0xc50
[   29.669568]  krealloc_less_oob+0x20/0x38
[   29.670052]  kunit_try_run_case+0x14c/0x3d0
[   29.670756]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.671806]  kthread+0x24c/0x2d0
[   29.672233]  ret_from_fork+0x10/0x20
[   29.673833] 
[   29.674092] The buggy address belongs to the object at fff00000c0975200
[   29.674092]  which belongs to the cache kmalloc-256 of size 256
[   29.675994] The buggy address is located 0 bytes to the right of
[   29.675994]  allocated 201-byte region [fff00000c0975200, fff00000c09752c9)
[   29.678178] 
[   29.678505] The buggy address belongs to the physical page:
[   29.679283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.680399] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.681387] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.682223] page_type: f5(slab)
[   29.683104] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.684097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.685472] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.686298] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.687355] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.688346] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.689261] page dumped because: kasan: bad access detected
[   29.690195] 
[   29.690695] Memory state around the buggy address:
[   29.692157]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.694029]  fff00000c0975200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.695959] >fff00000c0975280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.697700]                                               ^
[   29.698564]  fff00000c0975300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.699917]  fff00000c0975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.700855] ==================================================================
[   30.066437] ==================================================================
[   30.067304] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.068523] Write of size 1 at addr fff00000c65520da by task kunit_try_catch/151
[   30.069353] 
[   30.069814] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   30.071072] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.072381] Hardware name: linux,dummy-virt (DT)
[   30.072997] Call trace:
[   30.073432]  show_stack+0x20/0x38 (C)
[   30.074138]  dump_stack_lvl+0x8c/0xd0
[   30.075708]  print_report+0x118/0x5e0
[   30.076784]  kasan_report+0xc8/0x118
[   30.077112]  __asan_report_store1_noabort+0x20/0x30
[   30.077575]  krealloc_less_oob_helper+0xa80/0xc50
[   30.078631]  krealloc_large_less_oob+0x20/0x38
[   30.079402]  kunit_try_run_case+0x14c/0x3d0
[   30.080234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.081005]  kthread+0x24c/0x2d0
[   30.081939]  ret_from_fork+0x10/0x20
[   30.082421] 
[   30.082700] The buggy address belongs to the physical page:
[   30.084165] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   30.085104] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.085971] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.086915] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.087859] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.088806] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.090001] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.090875] head: 0bfffe0000000002 ffffc1ffc3195401 ffffffffffffffff 0000000000000000
[   30.092181] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.093392] page dumped because: kasan: bad access detected
[   30.093994] 
[   30.094363] Memory state around the buggy address:
[   30.094941]  fff00000c6551f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.095877]  fff00000c6552000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.096783] >fff00000c6552080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.098361]                                                     ^
[   30.099081]  fff00000c6552100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.099739]  fff00000c6552180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.100894] ==================================================================
[   29.989973] ==================================================================
[   29.991671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.992869] Write of size 1 at addr fff00000c65520c9 by task kunit_try_catch/151
[   29.994232] 
[   29.994601] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.996017] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.996320] Hardware name: linux,dummy-virt (DT)
[   29.996937] Call trace:
[   29.997360]  show_stack+0x20/0x38 (C)
[   29.997888]  dump_stack_lvl+0x8c/0xd0
[   29.998631]  print_report+0x118/0x5e0
[   29.999717]  kasan_report+0xc8/0x118
[   30.000801]  __asan_report_store1_noabort+0x20/0x30
[   30.001514]  krealloc_less_oob_helper+0xa48/0xc50
[   30.002156]  krealloc_large_less_oob+0x20/0x38
[   30.002854]  kunit_try_run_case+0x14c/0x3d0
[   30.003629]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.004436]  kthread+0x24c/0x2d0
[   30.005171]  ret_from_fork+0x10/0x20
[   30.005972] 
[   30.006278] The buggy address belongs to the physical page:
[   30.007316] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   30.008955] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.009499] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.010726] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.012171] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.013204] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.014216] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.015207] head: 0bfffe0000000002 ffffc1ffc3195401 ffffffffffffffff 0000000000000000
[   30.016531] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.017468] page dumped because: kasan: bad access detected
[   30.018203] 
[   30.018559] Memory state around the buggy address:
[   30.019420]  fff00000c6551f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.020601]  fff00000c6552000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.021178] >fff00000c6552080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.022072]                                               ^
[   30.023021]  fff00000c6552100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.024202]  fff00000c6552180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.025137] ==================================================================
[   29.809682] ==================================================================
[   29.810530] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.811607] Write of size 1 at addr fff00000c09752ea by task kunit_try_catch/147
[   29.812708] 
[   29.813048] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.814461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.815136] Hardware name: linux,dummy-virt (DT)
[   29.815733] Call trace:
[   29.815958]  show_stack+0x20/0x38 (C)
[   29.816257]  dump_stack_lvl+0x8c/0xd0
[   29.816896]  print_report+0x118/0x5e0
[   29.817572]  kasan_report+0xc8/0x118
[   29.818374]  __asan_report_store1_noabort+0x20/0x30
[   29.819262]  krealloc_less_oob_helper+0xae4/0xc50
[   29.820185]  krealloc_less_oob+0x20/0x38
[   29.821213]  kunit_try_run_case+0x14c/0x3d0
[   29.821690]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.822259]  kthread+0x24c/0x2d0
[   29.822893]  ret_from_fork+0x10/0x20
[   29.823836] 
[   29.824243] Allocated by task 147:
[   29.824906]  kasan_save_stack+0x3c/0x68
[   29.825575]  kasan_save_track+0x20/0x40
[   29.826279]  kasan_save_alloc_info+0x40/0x58
[   29.827004]  __kasan_krealloc+0x118/0x178
[   29.827693]  krealloc_noprof+0x128/0x360
[   29.828481]  krealloc_less_oob_helper+0x168/0xc50
[   29.829105]  krealloc_less_oob+0x20/0x38
[   29.829682]  kunit_try_run_case+0x14c/0x3d0
[   29.830371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.831085]  kthread+0x24c/0x2d0
[   29.831664]  ret_from_fork+0x10/0x20
[   29.832203] 
[   29.832585] The buggy address belongs to the object at fff00000c0975200
[   29.832585]  which belongs to the cache kmalloc-256 of size 256
[   29.834038] The buggy address is located 33 bytes to the right of
[   29.834038]  allocated 201-byte region [fff00000c0975200, fff00000c09752c9)
[   29.835642] 
[   29.836089] The buggy address belongs to the physical page:
[   29.836870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.837974] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.838928] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.839816] page_type: f5(slab)
[   29.840429] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.841435] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.842484] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.843502] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.844283] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.845272] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.846244] page dumped because: kasan: bad access detected
[   29.847004] 
[   29.847402] Memory state around the buggy address:
[   29.848129]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.849096]  fff00000c0975200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.850027] >fff00000c0975280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.850959]                                                           ^
[   29.851819]  fff00000c0975300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.852783]  fff00000c0975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.853691] ==================================================================
[   29.855723] ==================================================================
[   29.856607] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.857579] Write of size 1 at addr fff00000c09752eb by task kunit_try_catch/147
[   29.858643] 
[   29.859177] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.861246] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.861895] Hardware name: linux,dummy-virt (DT)
[   29.862685] Call trace:
[   29.863101]  show_stack+0x20/0x38 (C)
[   29.863876]  dump_stack_lvl+0x8c/0xd0
[   29.864531]  print_report+0x118/0x5e0
[   29.865151]  kasan_report+0xc8/0x118
[   29.865752]  __asan_report_store1_noabort+0x20/0x30
[   29.866529]  krealloc_less_oob_helper+0xa58/0xc50
[   29.867389]  krealloc_less_oob+0x20/0x38
[   29.868040]  kunit_try_run_case+0x14c/0x3d0
[   29.868805]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.869604]  kthread+0x24c/0x2d0
[   29.870253]  ret_from_fork+0x10/0x20
[   29.870936] 
[   29.871210] Allocated by task 147:
[   29.871800]  kasan_save_stack+0x3c/0x68
[   29.872394]  kasan_save_track+0x20/0x40
[   29.872890]  kasan_save_alloc_info+0x40/0x58
[   29.873629]  __kasan_krealloc+0x118/0x178
[   29.874344]  krealloc_noprof+0x128/0x360
[   29.875017]  krealloc_less_oob_helper+0x168/0xc50
[   29.875746]  krealloc_less_oob+0x20/0x38
[   29.876385]  kunit_try_run_case+0x14c/0x3d0
[   29.877075]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.877931]  kthread+0x24c/0x2d0
[   29.878559]  ret_from_fork+0x10/0x20
[   29.879141] 
[   29.879489] The buggy address belongs to the object at fff00000c0975200
[   29.879489]  which belongs to the cache kmalloc-256 of size 256
[   29.880949] The buggy address is located 34 bytes to the right of
[   29.880949]  allocated 201-byte region [fff00000c0975200, fff00000c09752c9)
[   29.882524] 
[   29.883018] The buggy address belongs to the physical page:
[   29.883793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.884876] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.885849] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.886771] page_type: f5(slab)
[   29.887322] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.888387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.889392] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.890392] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.891355] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.892345] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.893292] page dumped because: kasan: bad access detected
[   29.894074] 
[   29.894429] Memory state around the buggy address:
[   29.895168]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.896179]  fff00000c0975200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.897051] >fff00000c0975280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.897969]                                                           ^
[   29.898863]  fff00000c0975300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.899888]  fff00000c0975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.900846] ==================================================================
[   30.140666] ==================================================================
[   30.141972] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.142829] Write of size 1 at addr fff00000c65520eb by task kunit_try_catch/151
[   30.144241] 
[   30.144664] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   30.145867] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.146572] Hardware name: linux,dummy-virt (DT)
[   30.147627] Call trace:
[   30.147989]  show_stack+0x20/0x38 (C)
[   30.149273]  dump_stack_lvl+0x8c/0xd0
[   30.149884]  print_report+0x118/0x5e0
[   30.150451]  kasan_report+0xc8/0x118
[   30.150974]  __asan_report_store1_noabort+0x20/0x30
[   30.152033]  krealloc_less_oob_helper+0xa58/0xc50
[   30.152716]  krealloc_large_less_oob+0x20/0x38
[   30.153424]  kunit_try_run_case+0x14c/0x3d0
[   30.154104]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.154823]  kthread+0x24c/0x2d0
[   30.156161]  ret_from_fork+0x10/0x20
[   30.156767] 
[   30.157089] The buggy address belongs to the physical page:
[   30.157877] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   30.158823] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.160197] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.161237] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.162263] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.163342] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.164733] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.165682] head: 0bfffe0000000002 ffffc1ffc3195401 ffffffffffffffff 0000000000000000
[   30.166674] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.168149] page dumped because: kasan: bad access detected
[   30.168767] 
[   30.169080] Memory state around the buggy address:
[   30.169616]  fff00000c6551f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.170655]  fff00000c6552000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.171948] >fff00000c6552080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.172986]                                                           ^
[   30.173794]  fff00000c6552100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.174860]  fff00000c6552180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.176281] ==================================================================
[   30.026775] ==================================================================
[   30.028311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.030817] Write of size 1 at addr fff00000c65520d0 by task kunit_try_catch/151
[   30.032048] 
[   30.032470] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   30.034444] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.035783] Hardware name: linux,dummy-virt (DT)
[   30.036912] Call trace:
[   30.037227]  show_stack+0x20/0x38 (C)
[   30.038063]  dump_stack_lvl+0x8c/0xd0
[   30.038894]  print_report+0x118/0x5e0
[   30.039589]  kasan_report+0xc8/0x118
[   30.040307]  __asan_report_store1_noabort+0x20/0x30
[   30.041169]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.041949]  krealloc_large_less_oob+0x20/0x38
[   30.042740]  kunit_try_run_case+0x14c/0x3d0
[   30.043491]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.044438]  kthread+0x24c/0x2d0
[   30.045129]  ret_from_fork+0x10/0x20
[   30.045589] 
[   30.045981] The buggy address belongs to the physical page:
[   30.046832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106550
[   30.047855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.049127] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.050094] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.051134] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.052149] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.053284] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.054349] head: 0bfffe0000000002 ffffc1ffc3195401 ffffffffffffffff 0000000000000000
[   30.055261] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.056730] page dumped because: kasan: bad access detected
[   30.057123] 
[   30.057289] Memory state around the buggy address:
[   30.058417]  fff00000c6551f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.059198]  fff00000c6552000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.060301] >fff00000c6552080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.061197]                                                  ^
[   30.061936]  fff00000c6552100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.062800]  fff00000c6552180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.064483] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pjANFhcTUHYUD8KvmkoTjVeTmt

job_id

TEST:linaro@lkft#2pjARytps7if5HJMuumTS46nTsj

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pjARytps7if5HJMuumTS46nTsj

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pjAOc9bkDiDA04up4xCb2C3vN5/Image.gz
sha256sum	7696a40d025f98ea7e22dbff6285b0cd7a198a045c5b4811710fc4905df88b37

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pjAOc9bkDiDA04up4xCb2C3vN5/modules.tar.xz
sha256sum	bfdbe907add46b30ce9c5dd00a77c19e4fd26300871ba14b257d0d3291f18d7d

durations

tests

boot	386.69
kunit	461.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   25.407450] ==================================================================
[   25.408249] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   25.410138] Write of size 1 at addr ffff8881009a3eea by task kunit_try_catch/167
[   25.411314] 
[   25.412025] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.412908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.413428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.414683] Call Trace:
[   25.414881]  <TASK>
[   25.415094]  dump_stack_lvl+0x73/0xb0
[   25.415512]  print_report+0xd1/0x640
[   25.416945]  ? __virt_addr_valid+0x1db/0x2d0
[   25.417328]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.418305]  kasan_report+0x102/0x140
[   25.418646]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   25.419560]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   25.420124]  __asan_report_store1_noabort+0x1b/0x30
[   25.420521]  krealloc_less_oob_helper+0xe92/0x11d0
[   25.421677]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.422087]  ? finish_task_switch.isra.0+0x153/0x700
[   25.422488]  ? __switch_to+0x5d9/0xf60
[   25.423405]  ? __schedule+0xc3e/0x2790
[   25.424200]  ? __pfx_read_tsc+0x10/0x10
[   25.424566]  krealloc_less_oob+0x1c/0x30
[   25.425656]  kunit_try_run_case+0x1b3/0x490
[   25.426002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.426399]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.427432]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.427962]  ? __kthread_parkme+0x82/0x160
[   25.428306]  ? preempt_count_sub+0x50/0x80
[   25.428737]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.429600]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.429939]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.430461]  kthread+0x257/0x310
[   25.431539]  ? __pfx_kthread+0x10/0x10
[   25.432008]  ret_from_fork+0x41/0x80
[   25.432344]  ? __pfx_kthread+0x10/0x10
[   25.432787]  ret_from_fork_asm+0x1a/0x30
[   25.434153]  </TASK>
[   25.434321] 
[   25.434435] Allocated by task 167:
[   25.434742]  kasan_save_stack+0x3d/0x60
[   25.435848]  kasan_save_track+0x18/0x40
[   25.436526]  kasan_save_alloc_info+0x3b/0x50
[   25.437297]  __kasan_krealloc+0x190/0x1f0
[   25.437587]  krealloc_noprof+0xf3/0x340
[   25.437904]  krealloc_less_oob_helper+0x1ab/0x11d0
[   25.438378]  krealloc_less_oob+0x1c/0x30
[   25.439216]  kunit_try_run_case+0x1b3/0x490
[   25.440036]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.440864]  kthread+0x257/0x310
[   25.441233]  ret_from_fork+0x41/0x80
[   25.441482]  ret_from_fork_asm+0x1a/0x30
[   25.442039] 
[   25.442270] The buggy address belongs to the object at ffff8881009a3e00
[   25.442270]  which belongs to the cache kmalloc-256 of size 256
[   25.443787] The buggy address is located 33 bytes to the right of
[   25.443787]  allocated 201-byte region [ffff8881009a3e00, ffff8881009a3ec9)
[   25.444563] 
[   25.444832] The buggy address belongs to the physical page:
[   25.445582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2
[   25.446175] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.447483] flags: 0x200000000000040(head|node=0|zone=2)
[   25.448124] page_type: f5(slab)
[   25.448522] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.449195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.449995] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.450509] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.451779] head: 0200000000000001 ffffea0004026881 ffffffffffffffff 0000000000000000
[   25.452331] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.453184] page dumped because: kasan: bad access detected
[   25.453783] 
[   25.453994] Memory state around the buggy address:
[   25.454313]  ffff8881009a3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.454970]  ffff8881009a3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.455419] >ffff8881009a3e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.455982]                                                           ^
[   25.457462]  ffff8881009a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.458189]  ffff8881009a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.458902] ==================================================================
[   25.591904] ==================================================================
[   25.592615] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   25.593379] Write of size 1 at addr ffff8881022560c9 by task kunit_try_catch/171
[   25.594029] 
[   25.594282] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.594968] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.595331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.596233] Call Trace:
[   25.596491]  <TASK>
[   25.596878]  dump_stack_lvl+0x73/0xb0
[   25.597384]  print_report+0xd1/0x640
[   25.597849]  ? __virt_addr_valid+0x1db/0x2d0
[   25.598298]  ? kasan_addr_to_slab+0x11/0xa0
[   25.598698]  kasan_report+0x102/0x140
[   25.599212]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   25.599741]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   25.600143]  __asan_report_store1_noabort+0x1b/0x30
[   25.600705]  krealloc_less_oob_helper+0xd72/0x11d0
[   25.601032]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.601524]  ? finish_task_switch.isra.0+0x153/0x700
[   25.602169]  ? __switch_to+0x5d9/0xf60
[   25.602610]  ? __schedule+0xc3e/0x2790
[   25.603038]  ? __pfx_read_tsc+0x10/0x10
[   25.603387]  krealloc_large_less_oob+0x1c/0x30
[   25.603915]  kunit_try_run_case+0x1b3/0x490
[   25.604259]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.604622]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.604935]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.605263]  ? __kthread_parkme+0x82/0x160
[   25.605720]  ? preempt_count_sub+0x50/0x80
[   25.606185]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.606719]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.607271]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.607971]  kthread+0x257/0x310
[   25.608323]  ? __pfx_kthread+0x10/0x10
[   25.608845]  ret_from_fork+0x41/0x80
[   25.609277]  ? __pfx_kthread+0x10/0x10
[   25.609780]  ret_from_fork_asm+0x1a/0x30
[   25.610030]  </TASK>
[   25.610298] 
[   25.610551] The buggy address belongs to the physical page:
[   25.610985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.611401] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.611799] flags: 0x200000000000040(head|node=0|zone=2)
[   25.612167] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.612848] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.613996] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.614827] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.616248] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.617878] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.619519] page dumped because: kasan: bad access detected
[   25.619937] 
[   25.620671] Memory state around the buggy address:
[   25.621713]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.622318]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.622780] >ffff888102256080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.623351]                                               ^
[   25.623942]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.624406]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.625016] ==================================================================
[   25.695025] ==================================================================
[   25.696190] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   25.696839] Write of size 1 at addr ffff8881022560ea by task kunit_try_catch/171
[   25.697352] 
[   25.697599] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.698220] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.698607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.699498] Call Trace:
[   25.699874]  <TASK>
[   25.700084]  dump_stack_lvl+0x73/0xb0
[   25.700549]  print_report+0xd1/0x640
[   25.701079]  ? __virt_addr_valid+0x1db/0x2d0
[   25.701563]  ? kasan_addr_to_slab+0x11/0xa0
[   25.702039]  kasan_report+0x102/0x140
[   25.702480]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   25.703555]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   25.703970]  __asan_report_store1_noabort+0x1b/0x30
[   25.704823]  krealloc_less_oob_helper+0xe92/0x11d0
[   25.705292]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.705823]  ? finish_task_switch.isra.0+0x153/0x700
[   25.706301]  ? __switch_to+0x5d9/0xf60
[   25.706873]  ? __schedule+0xc3e/0x2790
[   25.707238]  ? __pfx_read_tsc+0x10/0x10
[   25.707513]  krealloc_large_less_oob+0x1c/0x30
[   25.708600]  kunit_try_run_case+0x1b3/0x490
[   25.709168]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.709772]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.710232]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.710765]  ? __kthread_parkme+0x82/0x160
[   25.711260]  ? preempt_count_sub+0x50/0x80
[   25.711836]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.712214]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.712775]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.713869]  kthread+0x257/0x310
[   25.714184]  ? __pfx_kthread+0x10/0x10
[   25.714768]  ret_from_fork+0x41/0x80
[   25.715156]  ? __pfx_kthread+0x10/0x10
[   25.715410]  ret_from_fork_asm+0x1a/0x30
[   25.715702]  </TASK>
[   25.715877] 
[   25.716018] The buggy address belongs to the physical page:
[   25.716322] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.717333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.718190] flags: 0x200000000000040(head|node=0|zone=2)
[   25.720172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.721540] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.722421] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.723177] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.724558] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.725234] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.726310] page dumped because: kasan: bad access detected
[   25.726632] 
[   25.726849] Memory state around the buggy address:
[   25.727656]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.728193]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.729240] >ffff888102256080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.729714]                                                           ^
[   25.730200]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.731113]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.732391] ==================================================================
[   25.358196] ==================================================================
[   25.358968] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   25.359809] Write of size 1 at addr ffff8881009a3eda by task kunit_try_catch/167
[   25.360634] 
[   25.361101] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.362234] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.362686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.363449] Call Trace:
[   25.363946]  <TASK>
[   25.364520]  dump_stack_lvl+0x73/0xb0
[   25.365078]  print_report+0xd1/0x640
[   25.365412]  ? __virt_addr_valid+0x1db/0x2d0
[   25.366277]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.366687]  kasan_report+0x102/0x140
[   25.367384]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   25.368282]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   25.368706]  __asan_report_store1_noabort+0x1b/0x30
[   25.369175]  krealloc_less_oob_helper+0xec8/0x11d0
[   25.369493]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.369988]  ? finish_task_switch.isra.0+0x153/0x700
[   25.371189]  ? __switch_to+0x5d9/0xf60
[   25.372003]  ? __schedule+0xc3e/0x2790
[   25.372301]  ? __pfx_read_tsc+0x10/0x10
[   25.373101]  krealloc_less_oob+0x1c/0x30
[   25.373568]  kunit_try_run_case+0x1b3/0x490
[   25.374219]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.375424]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.375879]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.376315]  ? __kthread_parkme+0x82/0x160
[   25.376782]  ? preempt_count_sub+0x50/0x80
[   25.377706]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.378100]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.379043]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.379426]  kthread+0x257/0x310
[   25.379774]  ? __pfx_kthread+0x10/0x10
[   25.381159]  ret_from_fork+0x41/0x80
[   25.381481]  ? __pfx_kthread+0x10/0x10
[   25.382084]  ret_from_fork_asm+0x1a/0x30
[   25.382456]  </TASK>
[   25.382866] 
[   25.383029] Allocated by task 167:
[   25.383371]  kasan_save_stack+0x3d/0x60
[   25.383682]  kasan_save_track+0x18/0x40
[   25.383977]  kasan_save_alloc_info+0x3b/0x50
[   25.384415]  __kasan_krealloc+0x190/0x1f0
[   25.385372]  krealloc_noprof+0xf3/0x340
[   25.385740]  krealloc_less_oob_helper+0x1ab/0x11d0
[   25.386098]  krealloc_less_oob+0x1c/0x30
[   25.386785]  kunit_try_run_case+0x1b3/0x490
[   25.387229]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.387780]  kthread+0x257/0x310
[   25.388022]  ret_from_fork+0x41/0x80
[   25.388419]  ret_from_fork_asm+0x1a/0x30
[   25.388680] 
[   25.388891] The buggy address belongs to the object at ffff8881009a3e00
[   25.388891]  which belongs to the cache kmalloc-256 of size 256
[   25.390903] The buggy address is located 17 bytes to the right of
[   25.390903]  allocated 201-byte region [ffff8881009a3e00, ffff8881009a3ec9)
[   25.391518] 
[   25.391734] The buggy address belongs to the physical page:
[   25.392288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2
[   25.393001] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.393571] flags: 0x200000000000040(head|node=0|zone=2)
[   25.394171] page_type: f5(slab)
[   25.394405] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.395996] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.396421] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.397212] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.397798] head: 0200000000000001 ffffea0004026881 ffffffffffffffff 0000000000000000
[   25.398455] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.399264] page dumped because: kasan: bad access detected
[   25.399642] 
[   25.399829] Memory state around the buggy address:
[   25.400110]  ffff8881009a3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.400756]  ffff8881009a3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.401297] >ffff8881009a3e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.404116]                                                     ^
[   25.404598]  ffff8881009a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.405399]  ffff8881009a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.406611] ==================================================================
[   25.734164] ==================================================================
[   25.735103] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   25.735812] Write of size 1 at addr ffff8881022560eb by task kunit_try_catch/171
[   25.736821] 
[   25.737011] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.737642] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.737971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.739188] Call Trace:
[   25.739443]  <TASK>
[   25.740574]  dump_stack_lvl+0x73/0xb0
[   25.740890]  print_report+0xd1/0x640
[   25.741214]  ? __virt_addr_valid+0x1db/0x2d0
[   25.742101]  ? kasan_addr_to_slab+0x11/0xa0
[   25.742940]  kasan_report+0x102/0x140
[   25.743151]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   25.743430]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   25.744285]  __asan_report_store1_noabort+0x1b/0x30
[   25.744702]  krealloc_less_oob_helper+0xd49/0x11d0
[   25.745177]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.745615]  ? finish_task_switch.isra.0+0x153/0x700
[   25.746010]  ? __switch_to+0x5d9/0xf60
[   25.746373]  ? __schedule+0xc3e/0x2790
[   25.747514]  ? __pfx_read_tsc+0x10/0x10
[   25.747857]  krealloc_large_less_oob+0x1c/0x30
[   25.748117]  kunit_try_run_case+0x1b3/0x490
[   25.748377]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.748735]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.749650]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.750105]  ? __kthread_parkme+0x82/0x160
[   25.751010]  ? preempt_count_sub+0x50/0x80
[   25.751428]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.752165]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.752965]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.753414]  kthread+0x257/0x310
[   25.754232]  ? __pfx_kthread+0x10/0x10
[   25.754759]  ret_from_fork+0x41/0x80
[   25.755766]  ? __pfx_kthread+0x10/0x10
[   25.756110]  ret_from_fork_asm+0x1a/0x30
[   25.756446]  </TASK>
[   25.757510] 
[   25.757683] The buggy address belongs to the physical page:
[   25.757981] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.758371] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.759144] flags: 0x200000000000040(head|node=0|zone=2)
[   25.760239] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.760785] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.761485] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.762211] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.763023] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.763590] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.764668] page dumped because: kasan: bad access detected
[   25.765310] 
[   25.765516] Memory state around the buggy address:
[   25.766500]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.767279]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.768620] >ffff888102256080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.768964]                                                           ^
[   25.769271]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.769844]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.770173] ==================================================================
[   25.661128] ==================================================================
[   25.661683] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   25.662138] Write of size 1 at addr ffff8881022560da by task kunit_try_catch/171
[   25.662493] 
[   25.662660] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.663763] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.664175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.665088] Call Trace:
[   25.665295]  <TASK>
[   25.665606]  dump_stack_lvl+0x73/0xb0
[   25.666162]  print_report+0xd1/0x640
[   25.666579]  ? __virt_addr_valid+0x1db/0x2d0
[   25.667097]  ? kasan_addr_to_slab+0x11/0xa0
[   25.667445]  kasan_report+0x102/0x140
[   25.668463]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   25.668874]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   25.669455]  __asan_report_store1_noabort+0x1b/0x30
[   25.670009]  krealloc_less_oob_helper+0xec8/0x11d0
[   25.670397]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.670731]  ? finish_task_switch.isra.0+0x153/0x700
[   25.671229]  ? __switch_to+0x5d9/0xf60
[   25.671641]  ? __schedule+0xc3e/0x2790
[   25.672045]  ? __pfx_read_tsc+0x10/0x10
[   25.672750]  krealloc_large_less_oob+0x1c/0x30
[   25.673214]  kunit_try_run_case+0x1b3/0x490
[   25.674222]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.674782]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.675165]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.675566]  ? __kthread_parkme+0x82/0x160
[   25.676104]  ? preempt_count_sub+0x50/0x80
[   25.676579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.677190]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.677584]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.678244]  kthread+0x257/0x310
[   25.679210]  ? __pfx_kthread+0x10/0x10
[   25.679612]  ret_from_fork+0x41/0x80
[   25.680032]  ? __pfx_kthread+0x10/0x10
[   25.680484]  ret_from_fork_asm+0x1a/0x30
[   25.681001]  </TASK>
[   25.681201] 
[   25.681412] The buggy address belongs to the physical page:
[   25.681797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.682207] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.682776] flags: 0x200000000000040(head|node=0|zone=2)
[   25.683465] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.684241] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.685495] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.686217] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.686844] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.687475] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.688246] page dumped because: kasan: bad access detected
[   25.688674] 
[   25.688855] Memory state around the buggy address:
[   25.689396]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.690847]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.691497] >ffff888102256080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.692046]                                                     ^
[   25.692765]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.693526]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.694186] ==================================================================
[   25.253013] ==================================================================
[   25.253936] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   25.255151] Write of size 1 at addr ffff8881009a3ec9 by task kunit_try_catch/167
[   25.256938] 
[   25.257144] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.257828] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.258500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.259370] Call Trace:
[   25.260089]  <TASK>
[   25.260865]  dump_stack_lvl+0x73/0xb0
[   25.261148]  print_report+0xd1/0x640
[   25.261461]  ? __virt_addr_valid+0x1db/0x2d0
[   25.262354]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.263304]  kasan_report+0x102/0x140
[   25.263802]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   25.264340]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   25.265029]  __asan_report_store1_noabort+0x1b/0x30
[   25.266235]  krealloc_less_oob_helper+0xd72/0x11d0
[   25.266941]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.267439]  ? finish_task_switch.isra.0+0x153/0x700
[   25.268255]  ? __switch_to+0x5d9/0xf60
[   25.269160]  ? __schedule+0xc3e/0x2790
[   25.269712]  ? __pfx_read_tsc+0x10/0x10
[   25.270024]  krealloc_less_oob+0x1c/0x30
[   25.270400]  kunit_try_run_case+0x1b3/0x490
[   25.271348]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.271717]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.271990]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.272846]  ? __kthread_parkme+0x82/0x160
[   25.273446]  ? preempt_count_sub+0x50/0x80
[   25.274386]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.274859]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.275227]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.275758]  kthread+0x257/0x310
[   25.276217]  ? __pfx_kthread+0x10/0x10
[   25.276984]  ret_from_fork+0x41/0x80
[   25.277350]  ? __pfx_kthread+0x10/0x10
[   25.278312]  ret_from_fork_asm+0x1a/0x30
[   25.278898]  </TASK>
[   25.279179] 
[   25.279362] Allocated by task 167:
[   25.279682]  kasan_save_stack+0x3d/0x60
[   25.280094]  kasan_save_track+0x18/0x40
[   25.280422]  kasan_save_alloc_info+0x3b/0x50
[   25.281479]  __kasan_krealloc+0x190/0x1f0
[   25.281881]  krealloc_noprof+0xf3/0x340
[   25.282271]  krealloc_less_oob_helper+0x1ab/0x11d0
[   25.282797]  krealloc_less_oob+0x1c/0x30
[   25.283514]  kunit_try_run_case+0x1b3/0x490
[   25.284128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.284830]  kthread+0x257/0x310
[   25.285255]  ret_from_fork+0x41/0x80
[   25.285862]  ret_from_fork_asm+0x1a/0x30
[   25.286118] 
[   25.286267] The buggy address belongs to the object at ffff8881009a3e00
[   25.286267]  which belongs to the cache kmalloc-256 of size 256
[   25.287555] The buggy address is located 0 bytes to the right of
[   25.287555]  allocated 201-byte region [ffff8881009a3e00, ffff8881009a3ec9)
[   25.288842] 
[   25.289412] The buggy address belongs to the physical page:
[   25.289856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2
[   25.290453] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.290967] flags: 0x200000000000040(head|node=0|zone=2)
[   25.292028] page_type: f5(slab)
[   25.292259] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.292988] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.294169] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.295159] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.296170] head: 0200000000000001 ffffea0004026881 ffffffffffffffff 0000000000000000
[   25.296648] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.297908] page dumped because: kasan: bad access detected
[   25.298213] 
[   25.298682] Memory state around the buggy address:
[   25.299632]  ffff8881009a3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.300271]  ffff8881009a3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.301446] >ffff8881009a3e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.302186]                                               ^
[   25.302871]  ffff8881009a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.303981]  ffff8881009a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.305289] ==================================================================
[   25.626571] ==================================================================
[   25.627261] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   25.627902] Write of size 1 at addr ffff8881022560d0 by task kunit_try_catch/171
[   25.628548] 
[   25.628915] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.629749] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.630116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.630566] Call Trace:
[   25.630986]  <TASK>
[   25.631268]  dump_stack_lvl+0x73/0xb0
[   25.632367]  print_report+0xd1/0x640
[   25.632780]  ? __virt_addr_valid+0x1db/0x2d0
[   25.633351]  ? kasan_addr_to_slab+0x11/0xa0
[   25.633936]  kasan_report+0x102/0x140
[   25.634341]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   25.634959]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   25.635408]  __asan_report_store1_noabort+0x1b/0x30
[   25.635997]  krealloc_less_oob_helper+0xe25/0x11d0
[   25.636515]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.637632]  ? finish_task_switch.isra.0+0x153/0x700
[   25.638126]  ? __switch_to+0x5d9/0xf60
[   25.638426]  ? __schedule+0xc3e/0x2790
[   25.638826]  ? __pfx_read_tsc+0x10/0x10
[   25.639406]  krealloc_large_less_oob+0x1c/0x30
[   25.640003]  kunit_try_run_case+0x1b3/0x490
[   25.640342]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.640911]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.641369]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.641991]  ? __kthread_parkme+0x82/0x160
[   25.642357]  ? preempt_count_sub+0x50/0x80
[   25.643456]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.643786]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.644388]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.645119]  kthread+0x257/0x310
[   25.645479]  ? __pfx_kthread+0x10/0x10
[   25.645937]  ret_from_fork+0x41/0x80
[   25.646324]  ? __pfx_kthread+0x10/0x10
[   25.646868]  ret_from_fork_asm+0x1a/0x30
[   25.647302]  </TASK>
[   25.647603] 
[   25.648456] The buggy address belongs to the physical page:
[   25.648855] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.649805] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.650205] flags: 0x200000000000040(head|node=0|zone=2)
[   25.650788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.651472] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.652079] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.652731] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.653195] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.654897] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.655433] page dumped because: kasan: bad access detected
[   25.656133] 
[   25.656288] Memory state around the buggy address:
[   25.656585]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.656939]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.657401] >ffff888102256080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.657847]                                                  ^
[   25.658417]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.659161]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.660351] ==================================================================
[   25.306893] ==================================================================
[   25.307423] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   25.308518] Write of size 1 at addr ffff8881009a3ed0 by task kunit_try_catch/167
[   25.308771] 
[   25.308867] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.309307] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.309753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.310895] Call Trace:
[   25.311240]  <TASK>
[   25.311550]  dump_stack_lvl+0x73/0xb0
[   25.312209]  print_report+0xd1/0x640
[   25.312661]  ? __virt_addr_valid+0x1db/0x2d0
[   25.313125]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.313826]  kasan_report+0x102/0x140
[   25.314477]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   25.315100]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   25.315681]  __asan_report_store1_noabort+0x1b/0x30
[   25.315991]  krealloc_less_oob_helper+0xe25/0x11d0
[   25.317119]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.318068]  ? finish_task_switch.isra.0+0x153/0x700
[   25.318909]  ? __switch_to+0x5d9/0xf60
[   25.319614]  ? __schedule+0xc3e/0x2790
[   25.320386]  ? __pfx_read_tsc+0x10/0x10
[   25.321136]  krealloc_less_oob+0x1c/0x30
[   25.321417]  kunit_try_run_case+0x1b3/0x490
[   25.321723]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.322191]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.322523]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.323002]  ? __kthread_parkme+0x82/0x160
[   25.324130]  ? preempt_count_sub+0x50/0x80
[   25.324754]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.325274]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.326031]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.326544]  kthread+0x257/0x310
[   25.327187]  ? __pfx_kthread+0x10/0x10
[   25.327410]  ret_from_fork+0x41/0x80
[   25.327627]  ? __pfx_kthread+0x10/0x10
[   25.327991]  ret_from_fork_asm+0x1a/0x30
[   25.328388]  </TASK>
[   25.329685] 
[   25.330043] Allocated by task 167:
[   25.330635]  kasan_save_stack+0x3d/0x60
[   25.330874]  kasan_save_track+0x18/0x40
[   25.331099]  kasan_save_alloc_info+0x3b/0x50
[   25.331265]  __kasan_krealloc+0x190/0x1f0
[   25.331406]  krealloc_noprof+0xf3/0x340
[   25.331779]  krealloc_less_oob_helper+0x1ab/0x11d0
[   25.332250]  krealloc_less_oob+0x1c/0x30
[   25.332659]  kunit_try_run_case+0x1b3/0x490
[   25.333496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.334588]  kthread+0x257/0x310
[   25.335495]  ret_from_fork+0x41/0x80
[   25.336131]  ret_from_fork_asm+0x1a/0x30
[   25.336597] 
[   25.337128] The buggy address belongs to the object at ffff8881009a3e00
[   25.337128]  which belongs to the cache kmalloc-256 of size 256
[   25.338271] The buggy address is located 7 bytes to the right of
[   25.338271]  allocated 201-byte region [ffff8881009a3e00, ffff8881009a3ec9)
[   25.339826] 
[   25.340019] The buggy address belongs to the physical page:
[   25.340411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2
[   25.341027] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.342066] flags: 0x200000000000040(head|node=0|zone=2)
[   25.342752] page_type: f5(slab)
[   25.343204] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.344121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.345026] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.346200] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.346867] head: 0200000000000001 ffffea0004026881 ffffffffffffffff 0000000000000000
[   25.347427] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.348749] page dumped because: kasan: bad access detected
[   25.349140] 
[   25.349332] Memory state around the buggy address:
[   25.349716]  ffff8881009a3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.350240]  ffff8881009a3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.350817] >ffff8881009a3e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.351442]                                                  ^
[   25.353095]  ffff8881009a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.353600]  ffff8881009a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.354246] ==================================================================
[   25.460217] ==================================================================
[   25.461470] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   25.462143] Write of size 1 at addr ffff8881009a3eeb by task kunit_try_catch/167
[   25.462881] 
[   25.463075] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.463926] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.464270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.464823] Call Trace:
[   25.466288]  <TASK>
[   25.466673]  dump_stack_lvl+0x73/0xb0
[   25.467361]  print_report+0xd1/0x640
[   25.467966]  ? __virt_addr_valid+0x1db/0x2d0
[   25.468366]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.469227]  kasan_report+0x102/0x140
[   25.469963]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   25.470393]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   25.471129]  __asan_report_store1_noabort+0x1b/0x30
[   25.471610]  krealloc_less_oob_helper+0xd49/0x11d0
[   25.472620]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.473390]  ? finish_task_switch.isra.0+0x153/0x700
[   25.474369]  ? __switch_to+0x5d9/0xf60
[   25.475192]  ? __schedule+0xc3e/0x2790
[   25.475535]  ? __pfx_read_tsc+0x10/0x10
[   25.475994]  krealloc_less_oob+0x1c/0x30
[   25.476404]  kunit_try_run_case+0x1b3/0x490
[   25.477492]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.478270]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.478654]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.479123]  ? __kthread_parkme+0x82/0x160
[   25.479465]  ? preempt_count_sub+0x50/0x80
[   25.479856]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.480239]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.481201]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.482097]  kthread+0x257/0x310
[   25.482582]  ? __pfx_kthread+0x10/0x10
[   25.483132]  ret_from_fork+0x41/0x80
[   25.483670]  ? __pfx_kthread+0x10/0x10
[   25.483957]  ret_from_fork_asm+0x1a/0x30
[   25.484666]  </TASK>
[   25.485079] 
[   25.485286] Allocated by task 167:
[   25.485874]  kasan_save_stack+0x3d/0x60
[   25.486400]  kasan_save_track+0x18/0x40
[   25.486806]  kasan_save_alloc_info+0x3b/0x50
[   25.487095]  __kasan_krealloc+0x190/0x1f0
[   25.487559]  krealloc_noprof+0xf3/0x340
[   25.488117]  krealloc_less_oob_helper+0x1ab/0x11d0
[   25.488734]  krealloc_less_oob+0x1c/0x30
[   25.489344]  kunit_try_run_case+0x1b3/0x490
[   25.489914]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.490563]  kthread+0x257/0x310
[   25.491006]  ret_from_fork+0x41/0x80
[   25.491556]  ret_from_fork_asm+0x1a/0x30
[   25.492130] 
[   25.492493] The buggy address belongs to the object at ffff8881009a3e00
[   25.492493]  which belongs to the cache kmalloc-256 of size 256
[   25.493850] The buggy address is located 34 bytes to the right of
[   25.493850]  allocated 201-byte region [ffff8881009a3e00, ffff8881009a3ec9)
[   25.494658] 
[   25.494930] The buggy address belongs to the physical page:
[   25.495408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a2
[   25.496351] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.497228] flags: 0x200000000000040(head|node=0|zone=2)
[   25.497869] page_type: f5(slab)
[   25.498268] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.498901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.499913] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.500762] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.501603] head: 0200000000000001 ffffea0004026881 ffffffffffffffff 0000000000000000
[   25.502239] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.503039] page dumped because: kasan: bad access detected
[   25.503584] 
[   25.503837] Memory state around the buggy address:
[   25.504353]  ffff8881009a3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.505072]  ffff8881009a3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.506047] >ffff8881009a3e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.506801]                                                           ^
[   25.507323]  ffff8881009a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.508044]  ffff8881009a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.508425] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pjANFhcTUHYUD8KvmkoTjVeTmt

job_id

TEST:linaro@lkft#2pjATBKMghIeGylomk9PK5q1ibs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pjATBKMghIeGylomk9PK5q1ibs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pjAPstBpuMa9RC9WsDWMrrsOhu/bzImage
sha256sum	54a91a6c1290c1e7dd4edf5b366196af27bc0d7ee9352ef85db99ca82d4f3570

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pjAPstBpuMa9RC9WsDWMrrsOhu/modules.tar.xz
sha256sum	292a94a98872a6bd57f79164b767d5d7e9b1f24ed204926a5ed6e405a69a6b0c

durations

tests

boot	298.98
kunit	453.95

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit