Hay
Sign in
Date
Dec. 3, 2024, 11:38 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   29.536187] ==================================================================
[   29.537229] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   29.538044] Write of size 1 at addr fff00000c09750eb by task kunit_try_catch/145
[   29.539005] 
[   29.539544] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.540881] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.541286] Hardware name: linux,dummy-virt (DT)
[   29.542112] Call trace:
[   29.542463]  show_stack+0x20/0x38 (C)
[   29.543982]  dump_stack_lvl+0x8c/0xd0
[   29.544687]  print_report+0x118/0x5e0
[   29.545318]  kasan_report+0xc8/0x118
[   29.545891]  __asan_report_store1_noabort+0x20/0x30
[   29.546637]  krealloc_more_oob_helper+0x614/0x680
[   29.547379]  krealloc_more_oob+0x20/0x38
[   29.548111]  kunit_try_run_case+0x14c/0x3d0
[   29.549548]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.550259]  kthread+0x24c/0x2d0
[   29.550826]  ret_from_fork+0x10/0x20
[   29.551586] 
[   29.551875] Allocated by task 145:
[   29.552469]  kasan_save_stack+0x3c/0x68
[   29.553176]  kasan_save_track+0x20/0x40
[   29.553913]  kasan_save_alloc_info+0x40/0x58
[   29.554491]  __kasan_krealloc+0x118/0x178
[   29.555138]  krealloc_noprof+0x128/0x360
[   29.555704]  krealloc_more_oob_helper+0x168/0x680
[   29.556890]  krealloc_more_oob+0x20/0x38
[   29.557594]  kunit_try_run_case+0x14c/0x3d0
[   29.558261]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.559494]  kthread+0x24c/0x2d0
[   29.559767]  ret_from_fork+0x10/0x20
[   29.560040] 
[   29.560208] The buggy address belongs to the object at fff00000c0975000
[   29.560208]  which belongs to the cache kmalloc-256 of size 256
[   29.562227] The buggy address is located 0 bytes to the right of
[   29.562227]  allocated 235-byte region [fff00000c0975000, fff00000c09750eb)
[   29.564485] 
[   29.565153] The buggy address belongs to the physical page:
[   29.565903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.567006] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.568471] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.569594] page_type: f5(slab)
[   29.570066] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.570923] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.572441] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.573866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.574893] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.576479] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.577494] page dumped because: kasan: bad access detected
[   29.578318] 
[   29.578845] Memory state around the buggy address:
[   29.580310]  fff00000c0974f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.581440]  fff00000c0975000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.582637] >fff00000c0975080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.583661]                                                           ^
[   29.584464]  fff00000c0975100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.585302]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.586793] ==================================================================
[   29.949089] ==================================================================
[   29.949695] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   29.950900] Write of size 1 at addr fff00000c62c60f0 by task kunit_try_catch/149
[   29.951880] 
[   29.952219] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.953469] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.953981] Hardware name: linux,dummy-virt (DT)
[   29.954574] Call trace:
[   29.955053]  show_stack+0x20/0x38 (C)
[   29.955633]  dump_stack_lvl+0x8c/0xd0
[   29.956285]  print_report+0x118/0x5e0
[   29.956817]  kasan_report+0xc8/0x118
[   29.957503]  __asan_report_store1_noabort+0x20/0x30
[   29.958178]  krealloc_more_oob_helper+0x5c8/0x680
[   29.959214]  krealloc_large_more_oob+0x20/0x38
[   29.960022]  kunit_try_run_case+0x14c/0x3d0
[   29.960692]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.961579]  kthread+0x24c/0x2d0
[   29.962275]  ret_from_fork+0x10/0x20
[   29.962847] 
[   29.963150] The buggy address belongs to the physical page:
[   29.963938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c4
[   29.964898] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.965944] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.966840] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.967779] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.968713] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.969649] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.970583] head: 0bfffe0000000002 ffffc1ffc318b101 ffffffffffffffff 0000000000000000
[   29.971531] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   29.972397] page dumped because: kasan: bad access detected
[   29.973054] 
[   29.973376] Memory state around the buggy address:
[   29.973998]  fff00000c62c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.974884]  fff00000c62c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.975814] >fff00000c62c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.976670]                                                              ^
[   29.977538]  fff00000c62c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.978344]  fff00000c62c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.979268] ==================================================================
[   29.911441] ==================================================================
[   29.913061] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   29.914007] Write of size 1 at addr fff00000c62c60eb by task kunit_try_catch/149
[   29.915096] 
[   29.916025] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.917797] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.918378] Hardware name: linux,dummy-virt (DT)
[   29.918931] Call trace:
[   29.919680]  show_stack+0x20/0x38 (C)
[   29.920219]  dump_stack_lvl+0x8c/0xd0
[   29.920930]  print_report+0x118/0x5e0
[   29.921624]  kasan_report+0xc8/0x118
[   29.922133]  __asan_report_store1_noabort+0x20/0x30
[   29.922852]  krealloc_more_oob_helper+0x614/0x680
[   29.923850]  krealloc_large_more_oob+0x20/0x38
[   29.924547]  kunit_try_run_case+0x14c/0x3d0
[   29.925249]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.926187]  kthread+0x24c/0x2d0
[   29.926888]  ret_from_fork+0x10/0x20
[   29.927730] 
[   29.928079] The buggy address belongs to the physical page:
[   29.928852] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c4
[   29.929742] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.930714] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.931822] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.933035] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.933982] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.934938] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.936892] head: 0bfffe0000000002 ffffc1ffc318b101 ffffffffffffffff 0000000000000000
[   29.938005] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   29.938909] page dumped because: kasan: bad access detected
[   29.939834] 
[   29.940463] Memory state around the buggy address:
[   29.941127]  fff00000c62c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.942260]  fff00000c62c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.943303] >fff00000c62c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.944363]                                                           ^
[   29.945375]  fff00000c62c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.946465]  fff00000c62c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.947508] ==================================================================
[   29.589099] ==================================================================
[   29.589759] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   29.590569] Write of size 1 at addr fff00000c09750f0 by task kunit_try_catch/145
[   29.592007] 
[   29.592397] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   29.593605] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.594195] Hardware name: linux,dummy-virt (DT)
[   29.594836] Call trace:
[   29.595560]  show_stack+0x20/0x38 (C)
[   29.596177]  dump_stack_lvl+0x8c/0xd0
[   29.596860]  print_report+0x118/0x5e0
[   29.597767]  kasan_report+0xc8/0x118
[   29.598218]  __asan_report_store1_noabort+0x20/0x30
[   29.598743]  krealloc_more_oob_helper+0x5c8/0x680
[   29.600023]  krealloc_more_oob+0x20/0x38
[   29.600644]  kunit_try_run_case+0x14c/0x3d0
[   29.601211]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.602083]  kthread+0x24c/0x2d0
[   29.602702]  ret_from_fork+0x10/0x20
[   29.603510] 
[   29.604121] Allocated by task 145:
[   29.604515]  kasan_save_stack+0x3c/0x68
[   29.604959]  kasan_save_track+0x20/0x40
[   29.605874]  kasan_save_alloc_info+0x40/0x58
[   29.606643]  __kasan_krealloc+0x118/0x178
[   29.607521]  krealloc_noprof+0x128/0x360
[   29.608477]  krealloc_more_oob_helper+0x168/0x680
[   29.609381]  krealloc_more_oob+0x20/0x38
[   29.610146]  kunit_try_run_case+0x14c/0x3d0
[   29.610780]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.611839]  kthread+0x24c/0x2d0
[   29.612229]  ret_from_fork+0x10/0x20
[   29.612979] 
[   29.613381] The buggy address belongs to the object at fff00000c0975000
[   29.613381]  which belongs to the cache kmalloc-256 of size 256
[   29.614279] The buggy address is located 5 bytes to the right of
[   29.614279]  allocated 235-byte region [fff00000c0975000, fff00000c09750eb)
[   29.615244] 
[   29.615989] The buggy address belongs to the physical page:
[   29.616939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   29.617956] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.618830] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.620573] page_type: f5(slab)
[   29.620942] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.621433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.622642] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.623933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.624931] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   29.625945] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.626775] page dumped because: kasan: bad access detected
[   29.627228] 
[   29.627637] Memory state around the buggy address:
[   29.628658]  fff00000c0974f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.630028]  fff00000c0975000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.631532] >fff00000c0975080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.632431]                                                              ^
[   29.633393]  fff00000c0975100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.634208]  fff00000c0975180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.635188] ==================================================================
Metadata Full log Test run details 

[   25.204351] ==================================================================
[   25.204951] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   25.207235] Write of size 1 at addr ffff8881003984f0 by task kunit_try_catch/165
[   25.207773] 
[   25.208206] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.209283] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.209615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.210130] Call Trace:
[   25.210446]  <TASK>
[   25.210752]  dump_stack_lvl+0x73/0xb0
[   25.211159]  print_report+0xd1/0x640
[   25.211539]  ? __virt_addr_valid+0x1db/0x2d0
[   25.211986]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.212528]  kasan_report+0x102/0x140
[   25.212927]  ? krealloc_more_oob_helper+0x7ed/0x930
[   25.213455]  ? krealloc_more_oob_helper+0x7ed/0x930
[   25.213872]  __asan_report_store1_noabort+0x1b/0x30
[   25.214302]  krealloc_more_oob_helper+0x7ed/0x930
[   25.214781]  ? __schedule+0xc3e/0x2790
[   25.215250]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.215739]  ? finish_task_switch.isra.0+0x153/0x700
[   25.216156]  ? __switch_to+0x5d9/0xf60
[   25.216544]  ? __schedule+0xc3e/0x2790
[   25.216973]  ? __pfx_read_tsc+0x10/0x10
[   25.217397]  krealloc_more_oob+0x1c/0x30
[   25.217768]  kunit_try_run_case+0x1b3/0x490
[   25.218255]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.218623]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.219036]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.219523]  ? __kthread_parkme+0x82/0x160
[   25.219961]  ? preempt_count_sub+0x50/0x80
[   25.220347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.220715]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.221279]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.221668]  kthread+0x257/0x310
[   25.222016]  ? __pfx_kthread+0x10/0x10
[   25.222423]  ret_from_fork+0x41/0x80
[   25.222919]  ? __pfx_kthread+0x10/0x10
[   25.223327]  ret_from_fork_asm+0x1a/0x30
[   25.223701]  </TASK>
[   25.223914] 
[   25.224139] Allocated by task 165:
[   25.224445]  kasan_save_stack+0x3d/0x60
[   25.224822]  kasan_save_track+0x18/0x40
[   25.225286]  kasan_save_alloc_info+0x3b/0x50
[   25.225784]  __kasan_krealloc+0x190/0x1f0
[   25.226190]  krealloc_noprof+0xf3/0x340
[   25.226636]  krealloc_more_oob_helper+0x1aa/0x930
[   25.227081]  krealloc_more_oob+0x1c/0x30
[   25.227344]  kunit_try_run_case+0x1b3/0x490
[   25.227842]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.228390]  kthread+0x257/0x310
[   25.228812]  ret_from_fork+0x41/0x80
[   25.229156]  ret_from_fork_asm+0x1a/0x30
[   25.229427] 
[   25.229671] The buggy address belongs to the object at ffff888100398400
[   25.229671]  which belongs to the cache kmalloc-256 of size 256
[   25.230770] The buggy address is located 5 bytes to the right of
[   25.230770]  allocated 235-byte region [ffff888100398400, ffff8881003984eb)
[   25.231641] 
[   25.231813] The buggy address belongs to the physical page:
[   25.232163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100398
[   25.233009] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.233586] flags: 0x200000000000040(head|node=0|zone=2)
[   25.234070] page_type: f5(slab)
[   25.234388] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.234851] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.235466] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.236239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.237020] head: 0200000000000001 ffffea000400e601 ffffffffffffffff 0000000000000000
[   25.237809] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.238482] page dumped because: kasan: bad access detected
[   25.238829] 
[   25.238974] Memory state around the buggy address:
[   25.239271]  ffff888100398380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.240079]  ffff888100398400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.240805] >ffff888100398480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.241376]                                                              ^
[   25.241868]  ffff888100398500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.242596]  ffff888100398580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.243205] ==================================================================
[   25.550011] ==================================================================
[   25.551543] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   25.552770] Write of size 1 at addr ffff8881022560f0 by task kunit_try_catch/169
[   25.553230] 
[   25.553532] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.554433] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.554979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.555703] Call Trace:
[   25.555998]  <TASK>
[   25.556312]  dump_stack_lvl+0x73/0xb0
[   25.556829]  print_report+0xd1/0x640
[   25.557279]  ? __virt_addr_valid+0x1db/0x2d0
[   25.557807]  ? kasan_addr_to_slab+0x11/0xa0
[   25.558322]  kasan_report+0x102/0x140
[   25.558734]  ? krealloc_more_oob_helper+0x7ed/0x930
[   25.559274]  ? krealloc_more_oob_helper+0x7ed/0x930
[   25.559828]  __asan_report_store1_noabort+0x1b/0x30
[   25.560365]  krealloc_more_oob_helper+0x7ed/0x930
[   25.560906]  ? __schedule+0xc3e/0x2790
[   25.561359]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.561834]  ? finish_task_switch.isra.0+0x153/0x700
[   25.562401]  ? __switch_to+0x5d9/0xf60
[   25.562869]  ? __schedule+0xc3e/0x2790
[   25.563194]  ? __pfx_read_tsc+0x10/0x10
[   25.563492]  krealloc_large_more_oob+0x1c/0x30
[   25.563943]  kunit_try_run_case+0x1b3/0x490
[   25.564523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.565073]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.565543]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.566108]  ? __kthread_parkme+0x82/0x160
[   25.566595]  ? preempt_count_sub+0x50/0x80
[   25.567020]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.567558]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.568079]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.568755]  kthread+0x257/0x310
[   25.569131]  ? __pfx_kthread+0x10/0x10
[   25.569650]  ret_from_fork+0x41/0x80
[   25.569958]  ? __pfx_kthread+0x10/0x10
[   25.570425]  ret_from_fork_asm+0x1a/0x30
[   25.570932]  </TASK>
[   25.571262] 
[   25.571513] The buggy address belongs to the physical page:
[   25.571995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.572641] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.573277] flags: 0x200000000000040(head|node=0|zone=2)
[   25.573755] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.574374] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.575154] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.575892] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.576570] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.577255] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.577901] page dumped because: kasan: bad access detected
[   25.578664] 
[   25.578812] Memory state around the buggy address:
[   25.579124]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.579561]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.580223] >ffff888102256080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.580841]                                                              ^
[   25.581217]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.581898]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.582559] ==================================================================
[   25.516263] ==================================================================
[   25.517460] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   25.518142] Write of size 1 at addr ffff8881022560eb by task kunit_try_catch/169
[   25.518615] 
[   25.518793] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.519652] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.519982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.520626] Call Trace:
[   25.520823]  <TASK>
[   25.521014]  dump_stack_lvl+0x73/0xb0
[   25.521411]  print_report+0xd1/0x640
[   25.521973]  ? __virt_addr_valid+0x1db/0x2d0
[   25.522580]  ? kasan_addr_to_slab+0x11/0xa0
[   25.523087]  kasan_report+0x102/0x140
[   25.523521]  ? krealloc_more_oob_helper+0x823/0x930
[   25.524002]  ? krealloc_more_oob_helper+0x823/0x930
[   25.524665]  __asan_report_store1_noabort+0x1b/0x30
[   25.525162]  krealloc_more_oob_helper+0x823/0x930
[   25.525659]  ? __schedule+0xc3e/0x2790
[   25.525999]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.526676]  ? finish_task_switch.isra.0+0x153/0x700
[   25.527221]  ? __switch_to+0x5d9/0xf60
[   25.527690]  ? __schedule+0xc3e/0x2790
[   25.528139]  ? __pfx_read_tsc+0x10/0x10
[   25.528562]  krealloc_large_more_oob+0x1c/0x30
[   25.529047]  kunit_try_run_case+0x1b3/0x490
[   25.529620]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.530137]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.530709]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.531280]  ? __kthread_parkme+0x82/0x160
[   25.531763]  ? preempt_count_sub+0x50/0x80
[   25.532271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.532820]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.533477]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.533936]  kthread+0x257/0x310
[   25.534377]  ? __pfx_kthread+0x10/0x10
[   25.534872]  ret_from_fork+0x41/0x80
[   25.535304]  ? __pfx_kthread+0x10/0x10
[   25.535743]  ret_from_fork_asm+0x1a/0x30
[   25.536270]  </TASK>
[   25.536656] 
[   25.536896] The buggy address belongs to the physical page:
[   25.537402] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102254
[   25.538026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.538707] flags: 0x200000000000040(head|node=0|zone=2)
[   25.539350] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.539943] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.540693] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.541260] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.541971] head: 0200000000000002 ffffea0004089501 ffffffffffffffff 0000000000000000
[   25.542680] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   25.543314] page dumped because: kasan: bad access detected
[   25.543753] 
[   25.544029] Memory state around the buggy address:
[   25.544506]  ffff888102255f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.545232]  ffff888102256000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.545772] >ffff888102256080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.546381]                                                           ^
[   25.547113]  ffff888102256100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.547628]  ffff888102256180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.548296] ==================================================================
[   25.154506] ==================================================================
[   25.155360] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   25.156732] Write of size 1 at addr ffff8881003984eb by task kunit_try_catch/165
[   25.158125] 
[   25.158399] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241203 #1
[   25.159661] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.160009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.160826] Call Trace:
[   25.161049]  <TASK>
[   25.161573]  dump_stack_lvl+0x73/0xb0
[   25.162132]  print_report+0xd1/0x640
[   25.162941]  ? __virt_addr_valid+0x1db/0x2d0
[   25.163305]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.164047]  kasan_report+0x102/0x140
[   25.164994]  ? krealloc_more_oob_helper+0x823/0x930
[   25.165406]  ? krealloc_more_oob_helper+0x823/0x930
[   25.166342]  __asan_report_store1_noabort+0x1b/0x30
[   25.166938]  krealloc_more_oob_helper+0x823/0x930
[   25.167478]  ? __schedule+0xc3e/0x2790
[   25.167891]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.168372]  ? finish_task_switch.isra.0+0x153/0x700
[   25.169198]  ? __switch_to+0x5d9/0xf60
[   25.170134]  ? __schedule+0xc3e/0x2790
[   25.170497]  ? __pfx_read_tsc+0x10/0x10
[   25.171032]  krealloc_more_oob+0x1c/0x30
[   25.171800]  kunit_try_run_case+0x1b3/0x490
[   25.172393]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.173048]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   25.173722]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.174133]  ? __kthread_parkme+0x82/0x160
[   25.175104]  ? preempt_count_sub+0x50/0x80
[   25.175496]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.175883]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.176455]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.176886]  kthread+0x257/0x310
[   25.177249]  ? __pfx_kthread+0x10/0x10
[   25.177651]  ret_from_fork+0x41/0x80
[   25.178162]  ? __pfx_kthread+0x10/0x10
[   25.178745]  ret_from_fork_asm+0x1a/0x30
[   25.179166]  </TASK>
[   25.179493] 
[   25.179790] Allocated by task 165:
[   25.180178]  kasan_save_stack+0x3d/0x60
[   25.180606]  kasan_save_track+0x18/0x40
[   25.181000]  kasan_save_alloc_info+0x3b/0x50
[   25.181921]  __kasan_krealloc+0x190/0x1f0
[   25.182343]  krealloc_noprof+0xf3/0x340
[   25.182619]  krealloc_more_oob_helper+0x1aa/0x930
[   25.183247]  krealloc_more_oob+0x1c/0x30
[   25.183819]  kunit_try_run_case+0x1b3/0x490
[   25.184242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.184871]  kthread+0x257/0x310
[   25.185264]  ret_from_fork+0x41/0x80
[   25.185965]  ret_from_fork_asm+0x1a/0x30
[   25.186381] 
[   25.186580] The buggy address belongs to the object at ffff888100398400
[   25.186580]  which belongs to the cache kmalloc-256 of size 256
[   25.187886] The buggy address is located 0 bytes to the right of
[   25.187886]  allocated 235-byte region [ffff888100398400, ffff8881003984eb)
[   25.188973] 
[   25.189237] The buggy address belongs to the physical page:
[   25.189749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100398
[   25.190405] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.191318] flags: 0x200000000000040(head|node=0|zone=2)
[   25.191936] page_type: f5(slab)
[   25.192301] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.192900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.193773] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.194385] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.195202] head: 0200000000000001 ffffea000400e601 ffffffffffffffff 0000000000000000
[   25.196077] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   25.196889] page dumped because: kasan: bad access detected
[   25.197316] 
[   25.197577] Memory state around the buggy address:
[   25.198195]  ffff888100398380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.198738]  ffff888100398400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.199478] >ffff888100398480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.200110]                                                           ^
[   25.201004]  ffff888100398500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.201559]  ffff888100398580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.202320] ==================================================================
Metadata Full log Test run details