lkft/linux-next-master - next-20241204 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Dec. 4, 2024, 3:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.569709] ==================================================================
[   31.571029] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.571980] Write of size 1 at addr fff00000c5e720d0 by task kunit_try_catch/150
[   31.573465] 
[   31.573967] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.575142] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.575799] Hardware name: linux,dummy-virt (DT)
[   31.576549] Call trace:
[   31.577863]  show_stack+0x20/0x38 (C)
[   31.578528]  dump_stack_lvl+0x8c/0xd0
[   31.579222]  print_report+0x118/0x5e0
[   31.580301]  kasan_report+0xc8/0x118
[   31.581233]  __asan_report_store1_noabort+0x20/0x30
[   31.581970]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.582618]  krealloc_large_less_oob+0x20/0x38
[   31.583995]  kunit_try_run_case+0x14c/0x3d0
[   31.584603]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.585458]  kthread+0x24c/0x2d0
[   31.586378]  ret_from_fork+0x10/0x20
[   31.587034] 
[   31.587453] The buggy address belongs to the physical page:
[   31.588902] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e70
[   31.589908] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.590931] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.591838] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.592912] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.594011] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.594896] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.596173] head: 0bfffe0000000002 ffffc1ffc3179c01 ffffffffffffffff 0000000000000000
[   31.597116] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.598593] page dumped because: kasan: bad access detected
[   31.599172] 
[   31.599502] Memory state around the buggy address:
[   31.600191]  fff00000c5e71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.601060]  fff00000c5e72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.602806] >fff00000c5e72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.603594]                                                  ^
[   31.604608]  fff00000c5e72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.606003]  fff00000c5e72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.606971] ==================================================================
[   31.609281] ==================================================================
[   31.610480] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.611377] Write of size 1 at addr fff00000c5e720da by task kunit_try_catch/150
[   31.612706] 
[   31.613235] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.614963] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.615751] Hardware name: linux,dummy-virt (DT)
[   31.616550] Call trace:
[   31.616815]  show_stack+0x20/0x38 (C)
[   31.617882]  dump_stack_lvl+0x8c/0xd0
[   31.619000]  print_report+0x118/0x5e0
[   31.619536]  kasan_report+0xc8/0x118
[   31.620169]  __asan_report_store1_noabort+0x20/0x30
[   31.620966]  krealloc_less_oob_helper+0xa80/0xc50
[   31.621927]  krealloc_large_less_oob+0x20/0x38
[   31.622594]  kunit_try_run_case+0x14c/0x3d0
[   31.624079]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.624711]  kthread+0x24c/0x2d0
[   31.625351]  ret_from_fork+0x10/0x20
[   31.625984] 
[   31.626394] The buggy address belongs to the physical page:
[   31.627292] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e70
[   31.628793] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.630607] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.631470] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.632374] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.633391] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.634406] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.635395] head: 0bfffe0000000002 ffffc1ffc3179c01 ffffffffffffffff 0000000000000000
[   31.636662] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.637527] page dumped because: kasan: bad access detected
[   31.638603] 
[   31.638886] Memory state around the buggy address:
[   31.639355]  fff00000c5e71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.640050]  fff00000c5e72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.640743] >fff00000c5e72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.641750]                                                     ^
[   31.642929]  fff00000c5e72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.643911]  fff00000c5e72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.644903] ==================================================================
[   31.234737] ==================================================================
[   31.235719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.236516] Write of size 1 at addr fff00000c09730d0 by task kunit_try_catch/146
[   31.237234] 
[   31.237582] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.239611] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.240478] Hardware name: linux,dummy-virt (DT)
[   31.241090] Call trace:
[   31.241643]  show_stack+0x20/0x38 (C)
[   31.242570]  dump_stack_lvl+0x8c/0xd0
[   31.243292]  print_report+0x118/0x5e0
[   31.244119]  kasan_report+0xc8/0x118
[   31.244931]  __asan_report_store1_noabort+0x20/0x30
[   31.246116]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.246936]  krealloc_less_oob+0x20/0x38
[   31.247488]  kunit_try_run_case+0x14c/0x3d0
[   31.248015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.248717]  kthread+0x24c/0x2d0
[   31.249349]  ret_from_fork+0x10/0x20
[   31.250179] 
[   31.250578] Allocated by task 146:
[   31.251153]  kasan_save_stack+0x3c/0x68
[   31.251977]  kasan_save_track+0x20/0x40
[   31.252684]  kasan_save_alloc_info+0x40/0x58
[   31.253395]  __kasan_krealloc+0x118/0x178
[   31.254595]  krealloc_noprof+0x128/0x360
[   31.255500]  krealloc_less_oob_helper+0x168/0xc50
[   31.256197]  krealloc_less_oob+0x20/0x38
[   31.256769]  kunit_try_run_case+0x14c/0x3d0
[   31.257365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.258479]  kthread+0x24c/0x2d0
[   31.258989]  ret_from_fork+0x10/0x20
[   31.259503] 
[   31.259844] The buggy address belongs to the object at fff00000c0973000
[   31.259844]  which belongs to the cache kmalloc-256 of size 256
[   31.261973] The buggy address is located 7 bytes to the right of
[   31.261973]  allocated 201-byte region [fff00000c0973000, fff00000c09730c9)
[   31.263811] 
[   31.264108] The buggy address belongs to the physical page:
[   31.264815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.265865] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.267461] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.268563] page_type: f5(slab)
[   31.269242] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.270684] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.271562] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.272579] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.273520] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.274399] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.275693] page dumped because: kasan: bad access detected
[   31.276364] 
[   31.276867] Memory state around the buggy address:
[   31.277555]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.278966]  fff00000c0973000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.281059] >fff00000c0973080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.282850]                                                  ^
[   31.283576]  fff00000c0973100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.284422]  fff00000c0973180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.285355] ==================================================================
[   31.289305] ==================================================================
[   31.290554] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.291451] Write of size 1 at addr fff00000c09730da by task kunit_try_catch/146
[   31.292218] 
[   31.292528] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.293722] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.294416] Hardware name: linux,dummy-virt (DT)
[   31.295461] Call trace:
[   31.295927]  show_stack+0x20/0x38 (C)
[   31.296499]  dump_stack_lvl+0x8c/0xd0
[   31.297072]  print_report+0x118/0x5e0
[   31.297736]  kasan_report+0xc8/0x118
[   31.298271]  __asan_report_store1_noabort+0x20/0x30
[   31.299170]  krealloc_less_oob_helper+0xa80/0xc50
[   31.300215]  krealloc_less_oob+0x20/0x38
[   31.300827]  kunit_try_run_case+0x14c/0x3d0
[   31.301477]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.302333]  kthread+0x24c/0x2d0
[   31.302981]  ret_from_fork+0x10/0x20
[   31.303560] 
[   31.303943] Allocated by task 146:
[   31.304434]  kasan_save_stack+0x3c/0x68
[   31.305211]  kasan_save_track+0x20/0x40
[   31.305727]  kasan_save_alloc_info+0x40/0x58
[   31.306947]  __kasan_krealloc+0x118/0x178
[   31.307523]  krealloc_noprof+0x128/0x360
[   31.308194]  krealloc_less_oob_helper+0x168/0xc50
[   31.309424]  krealloc_less_oob+0x20/0x38
[   31.310459]  kunit_try_run_case+0x14c/0x3d0
[   31.311107]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.311791]  kthread+0x24c/0x2d0
[   31.312404]  ret_from_fork+0x10/0x20
[   31.312970] 
[   31.313399] The buggy address belongs to the object at fff00000c0973000
[   31.313399]  which belongs to the cache kmalloc-256 of size 256
[   31.315049] The buggy address is located 17 bytes to the right of
[   31.315049]  allocated 201-byte region [fff00000c0973000, fff00000c09730c9)
[   31.316595] 
[   31.316939] The buggy address belongs to the physical page:
[   31.317712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.319326] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.320213] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.321251] page_type: f5(slab)
[   31.322322] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.323377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.324317] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.325245] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.326265] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.327143] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.328080] page dumped because: kasan: bad access detected
[   31.328745] 
[   31.329122] Memory state around the buggy address:
[   31.330651]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.331852]  fff00000c0973000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.332704] >fff00000c0973080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.334182]                                                     ^
[   31.335004]  fff00000c0973100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.335922]  fff00000c0973180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.336824] ==================================================================
[   31.647247] ==================================================================
[   31.648219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.649075] Write of size 1 at addr fff00000c5e720ea by task kunit_try_catch/150
[   31.649777] 
[   31.650256] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.651477] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.652130] Hardware name: linux,dummy-virt (DT)
[   31.653328] Call trace:
[   31.653659]  show_stack+0x20/0x38 (C)
[   31.654287]  dump_stack_lvl+0x8c/0xd0
[   31.654997]  print_report+0x118/0x5e0
[   31.655569]  kasan_report+0xc8/0x118
[   31.656720]  __asan_report_store1_noabort+0x20/0x30
[   31.657116]  krealloc_less_oob_helper+0xae4/0xc50
[   31.657447]  krealloc_large_less_oob+0x20/0x38
[   31.658269]  kunit_try_run_case+0x14c/0x3d0
[   31.659202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.659877]  kthread+0x24c/0x2d0
[   31.660503]  ret_from_fork+0x10/0x20
[   31.661232] 
[   31.661993] The buggy address belongs to the physical page:
[   31.662990] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e70
[   31.663996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.665069] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.666932] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.668050] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.669029] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.670547] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.671738] head: 0bfffe0000000002 ffffc1ffc3179c01 ffffffffffffffff 0000000000000000
[   31.672713] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.673556] page dumped because: kasan: bad access detected
[   31.674202] 
[   31.674540] Memory state around the buggy address:
[   31.675243]  fff00000c5e71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.676601]  fff00000c5e72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.677500] >fff00000c5e72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.679079]                                                           ^
[   31.679665]  fff00000c5e72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.680584]  fff00000c5e72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.681400] ==================================================================
[   31.183468] ==================================================================
[   31.184777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.185798] Write of size 1 at addr fff00000c09730c9 by task kunit_try_catch/146
[   31.187150] 
[   31.187523] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.188721] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.189482] Hardware name: linux,dummy-virt (DT)
[   31.190690] Call trace:
[   31.191104]  show_stack+0x20/0x38 (C)
[   31.191690]  dump_stack_lvl+0x8c/0xd0
[   31.192284]  print_report+0x118/0x5e0
[   31.192928]  kasan_report+0xc8/0x118
[   31.193527]  __asan_report_store1_noabort+0x20/0x30
[   31.194227]  krealloc_less_oob_helper+0xa48/0xc50
[   31.195345]  krealloc_less_oob+0x20/0x38
[   31.196039]  kunit_try_run_case+0x14c/0x3d0
[   31.196817]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.197602]  kthread+0x24c/0x2d0
[   31.198405]  ret_from_fork+0x10/0x20
[   31.199011] 
[   31.199284] Allocated by task 146:
[   31.199884]  kasan_save_stack+0x3c/0x68
[   31.200544]  kasan_save_track+0x20/0x40
[   31.201127]  kasan_save_alloc_info+0x40/0x58
[   31.202120]  __kasan_krealloc+0x118/0x178
[   31.202574]  krealloc_noprof+0x128/0x360
[   31.203288]  krealloc_less_oob_helper+0x168/0xc50
[   31.203958]  krealloc_less_oob+0x20/0x38
[   31.204531]  kunit_try_run_case+0x14c/0x3d0
[   31.205143]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.206425]  kthread+0x24c/0x2d0
[   31.207034]  ret_from_fork+0x10/0x20
[   31.207662] 
[   31.207988] The buggy address belongs to the object at fff00000c0973000
[   31.207988]  which belongs to the cache kmalloc-256 of size 256
[   31.209800] The buggy address is located 0 bytes to the right of
[   31.209800]  allocated 201-byte region [fff00000c0973000, fff00000c09730c9)
[   31.212167] 
[   31.212549] The buggy address belongs to the physical page:
[   31.213180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.214438] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.215385] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.216188] page_type: f5(slab)
[   31.216729] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.217651] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.219075] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.220139] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.221075] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.222210] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.223398] page dumped because: kasan: bad access detected
[   31.223927] 
[   31.224393] Memory state around the buggy address:
[   31.225030]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.226175]  fff00000c0973000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.227202] >fff00000c0973080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.228659]                                               ^
[   31.229260]  fff00000c0973100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.229889]  fff00000c0973180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.231107] ==================================================================
[   31.386891] ==================================================================
[   31.387759] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.388471] Write of size 1 at addr fff00000c09730eb by task kunit_try_catch/146
[   31.389350] 
[   31.389769] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.390993] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.391462] Hardware name: linux,dummy-virt (DT)
[   31.392312] Call trace:
[   31.392758]  show_stack+0x20/0x38 (C)
[   31.393278]  dump_stack_lvl+0x8c/0xd0
[   31.393870]  print_report+0x118/0x5e0
[   31.394526]  kasan_report+0xc8/0x118
[   31.395269]  __asan_report_store1_noabort+0x20/0x30
[   31.396081]  krealloc_less_oob_helper+0xa58/0xc50
[   31.396748]  krealloc_less_oob+0x20/0x38
[   31.397420]  kunit_try_run_case+0x14c/0x3d0
[   31.397999]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.398833]  kthread+0x24c/0x2d0
[   31.399419]  ret_from_fork+0x10/0x20
[   31.400036] 
[   31.400449] Allocated by task 146:
[   31.401009]  kasan_save_stack+0x3c/0x68
[   31.401562]  kasan_save_track+0x20/0x40
[   31.402200]  kasan_save_alloc_info+0x40/0x58
[   31.402832]  __kasan_krealloc+0x118/0x178
[   31.403367]  krealloc_noprof+0x128/0x360
[   31.404051]  krealloc_less_oob_helper+0x168/0xc50
[   31.404716]  krealloc_less_oob+0x20/0x38
[   31.405265]  kunit_try_run_case+0x14c/0x3d0
[   31.405844]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.406684]  kthread+0x24c/0x2d0
[   31.407211]  ret_from_fork+0x10/0x20
[   31.407741] 
[   31.408181] The buggy address belongs to the object at fff00000c0973000
[   31.408181]  which belongs to the cache kmalloc-256 of size 256
[   31.409670] The buggy address is located 34 bytes to the right of
[   31.409670]  allocated 201-byte region [fff00000c0973000, fff00000c09730c9)
[   31.411121] 
[   31.411436] The buggy address belongs to the physical page:
[   31.412110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.413082] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.414066] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.415051] page_type: f5(slab)
[   31.415534] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.416416] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.417349] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.418281] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.419264] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.420165] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.421205] page dumped because: kasan: bad access detected
[   31.421884] 
[   31.422191] Memory state around the buggy address:
[   31.422841]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.423748]  fff00000c0973000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.424590] >fff00000c0973080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.425495]                                                           ^
[   31.426386]  fff00000c0973100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.427296]  fff00000c0973180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.428185] ==================================================================
[   31.529056] ==================================================================
[   31.530235] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.531506] Write of size 1 at addr fff00000c5e720c9 by task kunit_try_catch/150
[   31.532511] 
[   31.532965] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.534663] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.535321] Hardware name: linux,dummy-virt (DT)
[   31.536227] Call trace:
[   31.536614]  show_stack+0x20/0x38 (C)
[   31.537226]  dump_stack_lvl+0x8c/0xd0
[   31.537808]  print_report+0x118/0x5e0
[   31.538792]  kasan_report+0xc8/0x118
[   31.539356]  __asan_report_store1_noabort+0x20/0x30
[   31.540056]  krealloc_less_oob_helper+0xa48/0xc50
[   31.540832]  krealloc_large_less_oob+0x20/0x38
[   31.541463]  kunit_try_run_case+0x14c/0x3d0
[   31.542403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.543175]  kthread+0x24c/0x2d0
[   31.543789]  ret_from_fork+0x10/0x20
[   31.544398] 
[   31.544733] The buggy address belongs to the physical page:
[   31.545475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e70
[   31.546979] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.547850] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.548831] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.549670] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.551647] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.552996] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.554023] head: 0bfffe0000000002 ffffc1ffc3179c01 ffffffffffffffff 0000000000000000
[   31.555328] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.556248] page dumped because: kasan: bad access detected
[   31.556885] 
[   31.557252] Memory state around the buggy address:
[   31.557890]  fff00000c5e71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.559114]  fff00000c5e72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.559964] >fff00000c5e72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.560940]                                               ^
[   31.561682]  fff00000c5e72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.563153]  fff00000c5e72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.564003] ==================================================================
[   31.683280] ==================================================================
[   31.685340] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.687547] Write of size 1 at addr fff00000c5e720eb by task kunit_try_catch/150
[   31.690180] 
[   31.690977] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.692258] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.692942] Hardware name: linux,dummy-virt (DT)
[   31.693535] Call trace:
[   31.694528]  show_stack+0x20/0x38 (C)
[   31.695013]  dump_stack_lvl+0x8c/0xd0
[   31.695490]  print_report+0x118/0x5e0
[   31.695837]  kasan_report+0xc8/0x118
[   31.696455]  __asan_report_store1_noabort+0x20/0x30
[   31.697687]  krealloc_less_oob_helper+0xa58/0xc50
[   31.698899]  krealloc_large_less_oob+0x20/0x38
[   31.699608]  kunit_try_run_case+0x14c/0x3d0
[   31.700430]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.701261]  kthread+0x24c/0x2d0
[   31.701544]  ret_from_fork+0x10/0x20
[   31.702300] 
[   31.702788] The buggy address belongs to the physical page:
[   31.703930] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e70
[   31.705237] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.706509] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.707071] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.707518] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.707992] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.708440] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.709298] head: 0bfffe0000000002 ffffc1ffc3179c01 ffffffffffffffff 0000000000000000
[   31.710134] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.712293] page dumped because: kasan: bad access detected
[   31.712965] 
[   31.713212] Memory state around the buggy address:
[   31.714691]  fff00000c5e71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.716078]  fff00000c5e72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.716983] >fff00000c5e72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.718082]                                                           ^
[   31.718753]  fff00000c5e72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.719391]  fff00000c5e72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.720313] ==================================================================
[   31.339516] ==================================================================
[   31.341151] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.341616] Write of size 1 at addr fff00000c09730ea by task kunit_try_catch/146
[   31.343799] 
[   31.344234] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.345491] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.346315] Hardware name: linux,dummy-virt (DT)
[   31.346954] Call trace:
[   31.347472]  show_stack+0x20/0x38 (C)
[   31.348131]  dump_stack_lvl+0x8c/0xd0
[   31.348873]  print_report+0x118/0x5e0
[   31.349449]  kasan_report+0xc8/0x118
[   31.350023]  __asan_report_store1_noabort+0x20/0x30
[   31.350693]  krealloc_less_oob_helper+0xae4/0xc50
[   31.351482]  krealloc_less_oob+0x20/0x38
[   31.352026]  kunit_try_run_case+0x14c/0x3d0
[   31.352870]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.353607]  kthread+0x24c/0x2d0
[   31.354142]  ret_from_fork+0x10/0x20
[   31.354703] 
[   31.355055] Allocated by task 146:
[   31.355649]  kasan_save_stack+0x3c/0x68
[   31.356265]  kasan_save_track+0x20/0x40
[   31.356940]  kasan_save_alloc_info+0x40/0x58
[   31.357613]  __kasan_krealloc+0x118/0x178
[   31.358149]  krealloc_noprof+0x128/0x360
[   31.358826]  krealloc_less_oob_helper+0x168/0xc50
[   31.359598]  krealloc_less_oob+0x20/0x38
[   31.360171]  kunit_try_run_case+0x14c/0x3d0
[   31.360831]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.361477]  kthread+0x24c/0x2d0
[   31.362077]  ret_from_fork+0x10/0x20
[   31.362729] 
[   31.363069] The buggy address belongs to the object at fff00000c0973000
[   31.363069]  which belongs to the cache kmalloc-256 of size 256
[   31.364559] The buggy address is located 33 bytes to the right of
[   31.364559]  allocated 201-byte region [fff00000c0973000, fff00000c09730c9)
[   31.366123] 
[   31.366420] The buggy address belongs to the physical page:
[   31.367229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.368154] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.369065] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.369927] page_type: f5(slab)
[   31.370490] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.371438] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.372426] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.373439] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.374342] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.375372] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.376287] page dumped because: kasan: bad access detected
[   31.376962] 
[   31.377292] Memory state around the buggy address:
[   31.377874]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.378797]  fff00000c0973000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.379752] >fff00000c0973080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.380683]                                                           ^
[   31.381517]  fff00000c0973100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.382492]  fff00000c0973180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.383321] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pkzOQ64sCFC31yYjRS6AWIZJPK

job_id

TEST:linaro@lkft#2pkzSniTBejgv77hai49VDkGf2w

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pkzSniTBejgv77hai49VDkGf2w

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pkzPWRRqn4UIxxZS4u2UOywsi6/Image.gz
sha256sum	8011a3a6e6302e948bcbdda2e64a2b70f34d19eb6c9d41a171f8629f7b7bc06b

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pkzPWRRqn4UIxxZS4u2UOywsi6/modules.tar.xz
sha256sum	ad6c1defc9643c75a5f26c3d1719d429eba6fd1bcadb58bde542c09aa78ef6de

durations

tests

boot	395.47
kunit	452.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   22.350701] ==================================================================
[   22.352294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   22.353301] Write of size 1 at addr ffff888102c3a0d0 by task kunit_try_catch/170
[   22.354728] 
[   22.355008] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.357209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.357879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.358322] Call Trace:
[   22.358893]  <TASK>
[   22.359568]  dump_stack_lvl+0x73/0xb0
[   22.359979]  print_report+0xd1/0x640
[   22.361110]  ? __virt_addr_valid+0x1db/0x2d0
[   22.361700]  ? kasan_addr_to_slab+0x11/0xa0
[   22.362216]  kasan_report+0x102/0x140
[   22.362616]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.363066]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.363689]  __asan_report_store1_noabort+0x1b/0x30
[   22.364511]  krealloc_less_oob_helper+0xe25/0x11d0
[   22.365068]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.365518]  ? finish_task_switch.isra.0+0x153/0x700
[   22.366238]  ? __switch_to+0x5d9/0xf60
[   22.367033]  ? __schedule+0xc3e/0x2790
[   22.367401]  ? __pfx_read_tsc+0x10/0x10
[   22.367820]  krealloc_large_less_oob+0x1c/0x30
[   22.368901]  kunit_try_run_case+0x1b3/0x490
[   22.369254]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.369573]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.370189]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.370996]  ? __kthread_parkme+0x82/0x160
[   22.371314]  ? preempt_count_sub+0x50/0x80
[   22.372119]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.372690]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.373345]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.373719]  kthread+0x257/0x310
[   22.374152]  ? __pfx_kthread+0x10/0x10
[   22.374675]  ret_from_fork+0x41/0x80
[   22.375269]  ? __pfx_kthread+0x10/0x10
[   22.376007]  ret_from_fork_asm+0x1a/0x30
[   22.376608]  </TASK>
[   22.376900] 
[   22.377110] The buggy address belongs to the physical page:
[   22.377658] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c38
[   22.378493] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.378999] flags: 0x200000000000040(head|node=0|zone=2)
[   22.379904] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.380638] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.381186] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.381889] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.382660] head: 0200000000000002 ffffea00040b0e01 ffffffffffffffff 0000000000000000
[   22.383261] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.384026] page dumped because: kasan: bad access detected
[   22.384615] 
[   22.384793] Memory state around the buggy address:
[   22.385269]  ffff888102c39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.386407]  ffff888102c3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.387011] >ffff888102c3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.387904]                                                  ^
[   22.388496]  ffff888102c3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.389556]  ffff888102c3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.390026] ==================================================================
[   21.991688] ==================================================================
[   21.992348] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   21.992846] Write of size 1 at addr ffff8881003940d0 by task kunit_try_catch/166
[   21.994625] 
[   21.994917] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   21.995881] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.996902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.998124] Call Trace:
[   21.998819]  <TASK>
[   21.999060]  dump_stack_lvl+0x73/0xb0
[   21.999564]  print_report+0xd1/0x640
[   21.999936]  ? __virt_addr_valid+0x1db/0x2d0
[   22.001070]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.001722]  kasan_report+0x102/0x140
[   22.002214]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.002741]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.003507]  __asan_report_store1_noabort+0x1b/0x30
[   22.003945]  krealloc_less_oob_helper+0xe25/0x11d0
[   22.005167]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.005651]  ? finish_task_switch.isra.0+0x153/0x700
[   22.006293]  ? __switch_to+0x5d9/0xf60
[   22.006670]  ? __schedule+0xc3e/0x2790
[   22.007480]  ? __pfx_read_tsc+0x10/0x10
[   22.007865]  krealloc_less_oob+0x1c/0x30
[   22.008853]  kunit_try_run_case+0x1b3/0x490
[   22.009454]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.009906]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.010380]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.010928]  ? __kthread_parkme+0x82/0x160
[   22.011546]  ? preempt_count_sub+0x50/0x80
[   22.011923]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.012890]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.013519]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.014147]  kthread+0x257/0x310
[   22.014730]  ? __pfx_kthread+0x10/0x10
[   22.015097]  ret_from_fork+0x41/0x80
[   22.015820]  ? __pfx_kthread+0x10/0x10
[   22.016116]  ret_from_fork_asm+0x1a/0x30
[   22.016652]  </TASK>
[   22.016884] 
[   22.017113] Allocated by task 166:
[   22.017476]  kasan_save_stack+0x3d/0x60
[   22.017765]  kasan_save_track+0x18/0x40
[   22.019479]  kasan_save_alloc_info+0x3b/0x50
[   22.019835]  __kasan_krealloc+0x190/0x1f0
[   22.020477]  krealloc_noprof+0xf3/0x340
[   22.020888]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.021740]  krealloc_less_oob+0x1c/0x30
[   22.022105]  kunit_try_run_case+0x1b3/0x490
[   22.023110]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.023692]  kthread+0x257/0x310
[   22.024060]  ret_from_fork+0x41/0x80
[   22.024523]  ret_from_fork_asm+0x1a/0x30
[   22.025239] 
[   22.025624] The buggy address belongs to the object at ffff888100394000
[   22.025624]  which belongs to the cache kmalloc-256 of size 256
[   22.026625] The buggy address is located 7 bytes to the right of
[   22.026625]  allocated 201-byte region [ffff888100394000, ffff8881003940c9)
[   22.027622] 
[   22.028614] The buggy address belongs to the physical page:
[   22.028971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   22.029843] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.031291] flags: 0x200000000000040(head|node=0|zone=2)
[   22.032189] page_type: f5(slab)
[   22.033054] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.033664] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.034508] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.035246] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.036402] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   22.036821] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.037685] page dumped because: kasan: bad access detected
[   22.038684] 
[   22.039135] Memory state around the buggy address:
[   22.040097]  ffff888100393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.041502]  ffff888100394000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.042369] >ffff888100394080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.042962]                                                  ^
[   22.043517]  ffff888100394100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.045038]  ffff888100394180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.045873] ==================================================================
[   22.484446] ==================================================================
[   22.485575] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   22.487483] Write of size 1 at addr ffff888102c3a0eb by task kunit_try_catch/170
[   22.488040] 
[   22.488295] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.489414] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.489822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.490593] Call Trace:
[   22.491217]  <TASK>
[   22.491677]  dump_stack_lvl+0x73/0xb0
[   22.492016]  print_report+0xd1/0x640
[   22.492635]  ? __virt_addr_valid+0x1db/0x2d0
[   22.493102]  ? kasan_addr_to_slab+0x11/0xa0
[   22.493740]  kasan_report+0x102/0x140
[   22.494090]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.495148]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.496035]  __asan_report_store1_noabort+0x1b/0x30
[   22.496700]  krealloc_less_oob_helper+0xd49/0x11d0
[   22.497156]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.497886]  ? finish_task_switch.isra.0+0x153/0x700
[   22.498239]  ? __switch_to+0x5d9/0xf60
[   22.499112]  ? __schedule+0xc3e/0x2790
[   22.499544]  ? __pfx_read_tsc+0x10/0x10
[   22.500105]  krealloc_large_less_oob+0x1c/0x30
[   22.501523]  kunit_try_run_case+0x1b3/0x490
[   22.502035]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.503010]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.503515]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.504103]  ? __kthread_parkme+0x82/0x160
[   22.504509]  ? preempt_count_sub+0x50/0x80
[   22.505067]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.506051]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.507185]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.508293]  kthread+0x257/0x310
[   22.509097]  ? __pfx_kthread+0x10/0x10
[   22.509483]  ret_from_fork+0x41/0x80
[   22.509823]  ? __pfx_kthread+0x10/0x10
[   22.510623]  ret_from_fork_asm+0x1a/0x30
[   22.511393]  </TASK>
[   22.511684] 
[   22.511874] The buggy address belongs to the physical page:
[   22.512441] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c38
[   22.513578] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.514151] flags: 0x200000000000040(head|node=0|zone=2)
[   22.515143] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.516739] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.517745] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.518827] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.519790] head: 0200000000000002 ffffea00040b0e01 ffffffffffffffff 0000000000000000
[   22.520433] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.522020] page dumped because: kasan: bad access detected
[   22.522739] 
[   22.522955] Memory state around the buggy address:
[   22.525008]  ffff888102c39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.526043]  ffff888102c3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.526914] >ffff888102c3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.527534]                                                           ^
[   22.528577]  ffff888102c3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.529669]  ffff888102c3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.531071] ==================================================================
[   21.919143] ==================================================================
[   21.920681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   21.922142] Write of size 1 at addr ffff8881003940c9 by task kunit_try_catch/166
[   21.923264] 
[   21.923468] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   21.924324] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.925312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.926269] Call Trace:
[   21.926597]  <TASK>
[   21.926887]  dump_stack_lvl+0x73/0xb0
[   21.927296]  print_report+0xd1/0x640
[   21.928099]  ? __virt_addr_valid+0x1db/0x2d0
[   21.928423]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.929112]  kasan_report+0x102/0x140
[   21.929543]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   21.930549]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   21.931094]  __asan_report_store1_noabort+0x1b/0x30
[   21.932230]  krealloc_less_oob_helper+0xd72/0x11d0
[   21.932814]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.933560]  ? finish_task_switch.isra.0+0x153/0x700
[   21.934481]  ? __switch_to+0x5d9/0xf60
[   21.935089]  ? __schedule+0xc3e/0x2790
[   21.935991]  ? __pfx_read_tsc+0x10/0x10
[   21.936948]  krealloc_less_oob+0x1c/0x30
[   21.937605]  kunit_try_run_case+0x1b3/0x490
[   21.937942]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.938989]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.939605]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.940467]  ? __kthread_parkme+0x82/0x160
[   21.940940]  ? preempt_count_sub+0x50/0x80
[   21.941981]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.942679]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.943587]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.943981]  kthread+0x257/0x310
[   21.944267]  ? __pfx_kthread+0x10/0x10
[   21.944830]  ret_from_fork+0x41/0x80
[   21.946317]  ? __pfx_kthread+0x10/0x10
[   21.947306]  ret_from_fork_asm+0x1a/0x30
[   21.948680]  </TASK>
[   21.949356] 
[   21.949841] Allocated by task 166:
[   21.950172]  kasan_save_stack+0x3d/0x60
[   21.951939]  kasan_save_track+0x18/0x40
[   21.952806]  kasan_save_alloc_info+0x3b/0x50
[   21.953272]  __kasan_krealloc+0x190/0x1f0
[   21.953732]  krealloc_noprof+0xf3/0x340
[   21.954068]  krealloc_less_oob_helper+0x1ab/0x11d0
[   21.954652]  krealloc_less_oob+0x1c/0x30
[   21.955917]  kunit_try_run_case+0x1b3/0x490
[   21.956338]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.957290]  kthread+0x257/0x310
[   21.958018]  ret_from_fork+0x41/0x80
[   21.959208]  ret_from_fork_asm+0x1a/0x30
[   21.960189] 
[   21.961390] The buggy address belongs to the object at ffff888100394000
[   21.961390]  which belongs to the cache kmalloc-256 of size 256
[   21.963503] The buggy address is located 0 bytes to the right of
[   21.963503]  allocated 201-byte region [ffff888100394000, ffff8881003940c9)
[   21.965714] 
[   21.966034] The buggy address belongs to the physical page:
[   21.967148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   21.968683] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.969840] flags: 0x200000000000040(head|node=0|zone=2)
[   21.970867] page_type: f5(slab)
[   21.971257] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.972832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.974015] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.975371] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.976863] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   21.978109] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   21.979446] page dumped because: kasan: bad access detected
[   21.979892] 
[   21.980080] Memory state around the buggy address:
[   21.980475]  ffff888100393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.981325]  ffff888100394000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.983118] >ffff888100394080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.983919]                                               ^
[   21.984445]  ffff888100394100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.985502]  ffff888100394180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.987520] ==================================================================
[   22.099617] ==================================================================
[   22.100172] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   22.101110] Write of size 1 at addr ffff8881003940ea by task kunit_try_catch/166
[   22.101990] 
[   22.102212] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.103655] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.104151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.104936] Call Trace:
[   22.105198]  <TASK>
[   22.105517]  dump_stack_lvl+0x73/0xb0
[   22.106879]  print_report+0xd1/0x640
[   22.107150]  ? __virt_addr_valid+0x1db/0x2d0
[   22.107910]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.108589]  kasan_report+0x102/0x140
[   22.108981]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.109847]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.110403]  __asan_report_store1_noabort+0x1b/0x30
[   22.110770]  krealloc_less_oob_helper+0xe92/0x11d0
[   22.111282]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.111712]  ? finish_task_switch.isra.0+0x153/0x700
[   22.112993]  ? __switch_to+0x5d9/0xf60
[   22.113538]  ? __schedule+0xc3e/0x2790
[   22.114186]  ? __pfx_read_tsc+0x10/0x10
[   22.114670]  krealloc_less_oob+0x1c/0x30
[   22.115105]  kunit_try_run_case+0x1b3/0x490
[   22.116246]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.116725]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.117499]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.117901]  ? __kthread_parkme+0x82/0x160
[   22.118458]  ? preempt_count_sub+0x50/0x80
[   22.118845]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.120070]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.120574]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.121139]  kthread+0x257/0x310
[   22.121420]  ? __pfx_kthread+0x10/0x10
[   22.122155]  ret_from_fork+0x41/0x80
[   22.122741]  ? __pfx_kthread+0x10/0x10
[   22.123060]  ret_from_fork_asm+0x1a/0x30
[   22.124543]  </TASK>
[   22.124874] 
[   22.125033] Allocated by task 166:
[   22.125456]  kasan_save_stack+0x3d/0x60
[   22.125878]  kasan_save_track+0x18/0x40
[   22.126299]  kasan_save_alloc_info+0x3b/0x50
[   22.126882]  __kasan_krealloc+0x190/0x1f0
[   22.128157]  krealloc_noprof+0xf3/0x340
[   22.128786]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.129254]  krealloc_less_oob+0x1c/0x30
[   22.129869]  kunit_try_run_case+0x1b3/0x490
[   22.130165]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.130874]  kthread+0x257/0x310
[   22.131277]  ret_from_fork+0x41/0x80
[   22.132541]  ret_from_fork_asm+0x1a/0x30
[   22.133066] 
[   22.133235] The buggy address belongs to the object at ffff888100394000
[   22.133235]  which belongs to the cache kmalloc-256 of size 256
[   22.134729] The buggy address is located 33 bytes to the right of
[   22.134729]  allocated 201-byte region [ffff888100394000, ffff8881003940c9)
[   22.136390] 
[   22.136642] The buggy address belongs to the physical page:
[   22.137210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   22.138041] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.138890] flags: 0x200000000000040(head|node=0|zone=2)
[   22.139401] page_type: f5(slab)
[   22.140247] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.141191] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.142224] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.142969] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.143598] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   22.144296] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.145470] page dumped because: kasan: bad access detected
[   22.146057] 
[   22.146480] Memory state around the buggy address:
[   22.147505]  ffff888100393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.148837]  ffff888100394000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.150238] >ffff888100394080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.151700]                                                           ^
[   22.152458]  ffff888100394100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.153654]  ffff888100394180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.154298] ==================================================================
[   22.391370] ==================================================================
[   22.392041] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   22.393153] Write of size 1 at addr ffff888102c3a0da by task kunit_try_catch/170
[   22.393999] 
[   22.394212] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.395375] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.395879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.396378] Call Trace:
[   22.396739]  <TASK>
[   22.397283]  dump_stack_lvl+0x73/0xb0
[   22.397737]  print_report+0xd1/0x640
[   22.398084]  ? __virt_addr_valid+0x1db/0x2d0
[   22.398477]  ? kasan_addr_to_slab+0x11/0xa0
[   22.399473]  kasan_report+0x102/0x140
[   22.399848]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.400188]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.401126]  __asan_report_store1_noabort+0x1b/0x30
[   22.401745]  krealloc_less_oob_helper+0xec8/0x11d0
[   22.402117]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.402653]  ? finish_task_switch.isra.0+0x153/0x700
[   22.403214]  ? __switch_to+0x5d9/0xf60
[   22.403629]  ? __schedule+0xc3e/0x2790
[   22.404158]  ? __pfx_read_tsc+0x10/0x10
[   22.404630]  krealloc_large_less_oob+0x1c/0x30
[   22.405150]  kunit_try_run_case+0x1b3/0x490
[   22.405884]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.406588]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.407032]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.407658]  ? __kthread_parkme+0x82/0x160
[   22.408115]  ? preempt_count_sub+0x50/0x80
[   22.408425]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.409423]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.409799]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.410744]  kthread+0x257/0x310
[   22.411213]  ? __pfx_kthread+0x10/0x10
[   22.411794]  ret_from_fork+0x41/0x80
[   22.412095]  ? __pfx_kthread+0x10/0x10
[   22.412545]  ret_from_fork_asm+0x1a/0x30
[   22.412957]  </TASK>
[   22.413141] 
[   22.413513] The buggy address belongs to the physical page:
[   22.416031] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c38
[   22.416647] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.417324] flags: 0x200000000000040(head|node=0|zone=2)
[   22.418167] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.418926] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.420467] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.421247] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.422292] head: 0200000000000002 ffffea00040b0e01 ffffffffffffffff 0000000000000000
[   22.423669] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.425036] page dumped because: kasan: bad access detected
[   22.425260] 
[   22.426047] Memory state around the buggy address:
[   22.427621]  ffff888102c39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.429002]  ffff888102c3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.430153] >ffff888102c3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.430702]                                                     ^
[   22.431413]  ffff888102c3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.432185]  ffff888102c3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.433719] ==================================================================
[   22.047452] ==================================================================
[   22.049432] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   22.050990] Write of size 1 at addr ffff8881003940da by task kunit_try_catch/166
[   22.051520] 
[   22.051716] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.052592] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.052968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.053638] Call Trace:
[   22.055059]  <TASK>
[   22.055609]  dump_stack_lvl+0x73/0xb0
[   22.056136]  print_report+0xd1/0x640
[   22.056793]  ? __virt_addr_valid+0x1db/0x2d0
[   22.057613]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.058872]  kasan_report+0x102/0x140
[   22.059329]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.059850]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.060275]  __asan_report_store1_noabort+0x1b/0x30
[   22.061158]  krealloc_less_oob_helper+0xec8/0x11d0
[   22.061683]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.062633]  ? finish_task_switch.isra.0+0x153/0x700
[   22.063202]  ? __switch_to+0x5d9/0xf60
[   22.063569]  ? __schedule+0xc3e/0x2790
[   22.064004]  ? __pfx_read_tsc+0x10/0x10
[   22.064501]  krealloc_less_oob+0x1c/0x30
[   22.065350]  kunit_try_run_case+0x1b3/0x490
[   22.065772]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.066152]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.067167]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.067859]  ? __kthread_parkme+0x82/0x160
[   22.068261]  ? preempt_count_sub+0x50/0x80
[   22.068959]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.069399]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.069974]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.070432]  kthread+0x257/0x310
[   22.071545]  ? __pfx_kthread+0x10/0x10
[   22.071931]  ret_from_fork+0x41/0x80
[   22.072425]  ? __pfx_kthread+0x10/0x10
[   22.072816]  ret_from_fork_asm+0x1a/0x30
[   22.073356]  </TASK>
[   22.073576] 
[   22.073836] Allocated by task 166:
[   22.074106]  kasan_save_stack+0x3d/0x60
[   22.075010]  kasan_save_track+0x18/0x40
[   22.075534]  kasan_save_alloc_info+0x3b/0x50
[   22.075996]  __kasan_krealloc+0x190/0x1f0
[   22.076570]  krealloc_noprof+0xf3/0x340
[   22.076960]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.077564]  krealloc_less_oob+0x1c/0x30
[   22.077923]  kunit_try_run_case+0x1b3/0x490
[   22.079045]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.079519]  kthread+0x257/0x310
[   22.079994]  ret_from_fork+0x41/0x80
[   22.080582]  ret_from_fork_asm+0x1a/0x30
[   22.080937] 
[   22.081168] The buggy address belongs to the object at ffff888100394000
[   22.081168]  which belongs to the cache kmalloc-256 of size 256
[   22.082053] The buggy address is located 17 bytes to the right of
[   22.082053]  allocated 201-byte region [ffff888100394000, ffff8881003940c9)
[   22.083636] 
[   22.083866] The buggy address belongs to the physical page:
[   22.084530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   22.085346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.085917] flags: 0x200000000000040(head|node=0|zone=2)
[   22.086846] page_type: f5(slab)
[   22.087141] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.088004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.088849] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.089666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.090771] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   22.091460] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.092034] page dumped because: kasan: bad access detected
[   22.092696] 
[   22.092974] Memory state around the buggy address:
[   22.093462]  ffff888100393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.094046]  ffff888100394000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.095272] >ffff888100394080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.095792]                                                     ^
[   22.096394]  ffff888100394100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.097375]  ffff888100394180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.097947] ==================================================================
[   22.434881] ==================================================================
[   22.436591] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   22.437245] Write of size 1 at addr ffff888102c3a0ea by task kunit_try_catch/170
[   22.438708] 
[   22.438906] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.441018] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.441905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.442803] Call Trace:
[   22.443020]  <TASK>
[   22.443898]  dump_stack_lvl+0x73/0xb0
[   22.444452]  print_report+0xd1/0x640
[   22.444881]  ? __virt_addr_valid+0x1db/0x2d0
[   22.445358]  ? kasan_addr_to_slab+0x11/0xa0
[   22.446351]  kasan_report+0x102/0x140
[   22.447121]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.447650]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.448705]  __asan_report_store1_noabort+0x1b/0x30
[   22.449548]  krealloc_less_oob_helper+0xe92/0x11d0
[   22.450048]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.450561]  ? finish_task_switch.isra.0+0x153/0x700
[   22.452135]  ? __switch_to+0x5d9/0xf60
[   22.453520]  ? __schedule+0xc3e/0x2790
[   22.453914]  ? __pfx_read_tsc+0x10/0x10
[   22.454883]  krealloc_large_less_oob+0x1c/0x30
[   22.455490]  kunit_try_run_case+0x1b3/0x490
[   22.457211]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.457713]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.458188]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.459064]  ? __kthread_parkme+0x82/0x160
[   22.459913]  ? preempt_count_sub+0x50/0x80
[   22.461365]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.461825]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.462787]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.463893]  kthread+0x257/0x310
[   22.464547]  ? __pfx_kthread+0x10/0x10
[   22.465561]  ret_from_fork+0x41/0x80
[   22.465966]  ? __pfx_kthread+0x10/0x10
[   22.467097]  ret_from_fork_asm+0x1a/0x30
[   22.467604]  </TASK>
[   22.467728] 
[   22.467822] The buggy address belongs to the physical page:
[   22.468773] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c38
[   22.469812] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.470204] flags: 0x200000000000040(head|node=0|zone=2)
[   22.470562] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.471894] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.472665] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.474109] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.474936] head: 0200000000000002 ffffea00040b0e01 ffffffffffffffff 0000000000000000
[   22.475802] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.476559] page dumped because: kasan: bad access detected
[   22.477100] 
[   22.477667] Memory state around the buggy address:
[   22.478618]  ffff888102c39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.479228]  ffff888102c3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.480142] >ffff888102c3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.481016]                                                           ^
[   22.482057]  ffff888102c3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.483078]  ffff888102c3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.483734] ==================================================================
[   22.305420] ==================================================================
[   22.306380] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   22.307267] Write of size 1 at addr ffff888102c3a0c9 by task kunit_try_catch/170
[   22.308160] 
[   22.308578] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.309902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.310247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.310928] Call Trace:
[   22.311192]  <TASK>
[   22.311422]  dump_stack_lvl+0x73/0xb0
[   22.311810]  print_report+0xd1/0x640
[   22.312572]  ? __virt_addr_valid+0x1db/0x2d0
[   22.313914]  ? kasan_addr_to_slab+0x11/0xa0
[   22.314843]  kasan_report+0x102/0x140
[   22.315367]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   22.315857]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   22.316338]  __asan_report_store1_noabort+0x1b/0x30
[   22.317217]  krealloc_less_oob_helper+0xd72/0x11d0
[   22.318038]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.318768]  ? finish_task_switch.isra.0+0x153/0x700
[   22.319495]  ? __switch_to+0x5d9/0xf60
[   22.320017]  ? __schedule+0xc3e/0x2790
[   22.320606]  ? __pfx_read_tsc+0x10/0x10
[   22.321150]  krealloc_large_less_oob+0x1c/0x30
[   22.321873]  kunit_try_run_case+0x1b3/0x490
[   22.322579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.323132]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.323840]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.324260]  ? __kthread_parkme+0x82/0x160
[   22.325032]  ? preempt_count_sub+0x50/0x80
[   22.326026]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.326924]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.327533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.328664]  kthread+0x257/0x310
[   22.328986]  ? __pfx_kthread+0x10/0x10
[   22.329703]  ret_from_fork+0x41/0x80
[   22.330350]  ? __pfx_kthread+0x10/0x10
[   22.330901]  ret_from_fork_asm+0x1a/0x30
[   22.331817]  </TASK>
[   22.332175] 
[   22.332379] The buggy address belongs to the physical page:
[   22.332894] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c38
[   22.333993] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.334964] flags: 0x200000000000040(head|node=0|zone=2)
[   22.336100] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.337342] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.338209] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.339338] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.340627] head: 0200000000000002 ffffea00040b0e01 ffffffffffffffff 0000000000000000
[   22.341564] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.342634] page dumped because: kasan: bad access detected
[   22.343199] 
[   22.343523] Memory state around the buggy address:
[   22.344087]  ffff888102c39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.345154]  ffff888102c3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.346143] >ffff888102c3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.346963]                                               ^
[   22.347711]  ffff888102c3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.348534]  ffff888102c3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.349246] ==================================================================
[   22.155797] ==================================================================
[   22.156383] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   22.157472] Write of size 1 at addr ffff8881003940eb by task kunit_try_catch/166
[   22.158119] 
[   22.158346] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.159342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.160159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.160974] Call Trace:
[   22.161484]  <TASK>
[   22.161697]  dump_stack_lvl+0x73/0xb0
[   22.162263]  print_report+0xd1/0x640
[   22.162841]  ? __virt_addr_valid+0x1db/0x2d0
[   22.163483]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.163940]  kasan_report+0x102/0x140
[   22.164383]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.165032]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.166279]  __asan_report_store1_noabort+0x1b/0x30
[   22.166952]  krealloc_less_oob_helper+0xd49/0x11d0
[   22.167426]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.168222]  ? finish_task_switch.isra.0+0x153/0x700
[   22.168894]  ? __switch_to+0x5d9/0xf60
[   22.169959]  ? __schedule+0xc3e/0x2790
[   22.171198]  ? __pfx_read_tsc+0x10/0x10
[   22.171834]  krealloc_less_oob+0x1c/0x30
[   22.172862]  kunit_try_run_case+0x1b3/0x490
[   22.173329]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.174727]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.175135]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.176091]  ? __kthread_parkme+0x82/0x160
[   22.176895]  ? preempt_count_sub+0x50/0x80
[   22.177280]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.177783]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.178438]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.179615]  kthread+0x257/0x310
[   22.179880]  ? __pfx_kthread+0x10/0x10
[   22.180623]  ret_from_fork+0x41/0x80
[   22.181162]  ? __pfx_kthread+0x10/0x10
[   22.181844]  ret_from_fork_asm+0x1a/0x30
[   22.182725]  </TASK>
[   22.183148] 
[   22.183563] Allocated by task 166:
[   22.184047]  kasan_save_stack+0x3d/0x60
[   22.184725]  kasan_save_track+0x18/0x40
[   22.185232]  kasan_save_alloc_info+0x3b/0x50
[   22.185692]  __kasan_krealloc+0x190/0x1f0
[   22.186197]  krealloc_noprof+0xf3/0x340
[   22.186589]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.187574]  krealloc_less_oob+0x1c/0x30
[   22.188028]  kunit_try_run_case+0x1b3/0x490
[   22.188767]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.189599]  kthread+0x257/0x310
[   22.190036]  ret_from_fork+0x41/0x80
[   22.190876]  ret_from_fork_asm+0x1a/0x30
[   22.191170] 
[   22.191628] The buggy address belongs to the object at ffff888100394000
[   22.191628]  which belongs to the cache kmalloc-256 of size 256
[   22.192999] The buggy address is located 34 bytes to the right of
[   22.192999]  allocated 201-byte region [ffff888100394000, ffff8881003940c9)
[   22.194032] 
[   22.194585] The buggy address belongs to the physical page:
[   22.194963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   22.196842] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.197962] flags: 0x200000000000040(head|node=0|zone=2)
[   22.198693] page_type: f5(slab)
[   22.198941] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.199231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.200350] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.201951] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.203747] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   22.204541] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.205130] page dumped because: kasan: bad access detected
[   22.206008] 
[   22.206226] Memory state around the buggy address:
[   22.206621]  ffff888100393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.208298]  ffff888100394000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.209245] >ffff888100394080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.209940]                                                           ^
[   22.211096]  ffff888100394100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.211799]  ffff888100394180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.212715] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pkzOQ64sCFC31yYjRS6AWIZJPK

job_id

TEST:linaro@lkft#2pkzTsU1xl2Vqmee3g1ijKz1h5X

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pkzTsU1xl2Vqmee3g1ijKz1h5X

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pkzQXhJtYepVwCbYkLnReuWfXN/bzImage
sha256sum	be4144357f019be7120330ce25bbb2572993ef70aa2431b4f4bfd8e065674be8

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pkzQXhJtYepVwCbYkLnReuWfXN/modules.tar.xz
sha256sum	f60576863ab4043369dae0c7e570f47e302411a12cace5cc5f1d325228c7c39e

durations

tests

boot	337.76
kunit	506.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit