Hay
Sign in
Date
Dec. 4, 2024, 3:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   31.480477] ==================================================================
[   31.481260] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   31.483537] Write of size 1 at addr fff00000c5de20f0 by task kunit_try_catch/148
[   31.484528] 
[   31.484902] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.486765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.487802] Hardware name: linux,dummy-virt (DT)
[   31.488941] Call trace:
[   31.489495]  show_stack+0x20/0x38 (C)
[   31.489979]  dump_stack_lvl+0x8c/0xd0
[   31.491376]  print_report+0x118/0x5e0
[   31.492067]  kasan_report+0xc8/0x118
[   31.492671]  __asan_report_store1_noabort+0x20/0x30
[   31.493236]  krealloc_more_oob_helper+0x5c8/0x680
[   31.494251]  krealloc_large_more_oob+0x20/0x38
[   31.495420]  kunit_try_run_case+0x14c/0x3d0
[   31.495901]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.496802]  kthread+0x24c/0x2d0
[   31.497312]  ret_from_fork+0x10/0x20
[   31.497963] 
[   31.498399] The buggy address belongs to the physical page:
[   31.499064] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105de0
[   31.500513] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.501176] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.503049] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.504137] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.505095] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.505975] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.507849] head: 0bfffe0000000002 ffffc1ffc3177801 ffffffffffffffff 0000000000000000
[   31.509856] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.511232] page dumped because: kasan: bad access detected
[   31.511917] 
[   31.512277] Memory state around the buggy address:
[   31.512907]  fff00000c5de1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.514172]  fff00000c5de2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.514961] >fff00000c5de2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.516691]                                                              ^
[   31.517406]  fff00000c5de2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.518878]  fff00000c5de2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.519920] ==================================================================
[   31.122019] ==================================================================
[   31.123553] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   31.125049] Write of size 1 at addr fff00000c0972ef0 by task kunit_try_catch/144
[   31.126773] 
[   31.127560] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.129146] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.129764] Hardware name: linux,dummy-virt (DT)
[   31.130731] Call trace:
[   31.131324]  show_stack+0x20/0x38 (C)
[   31.131881]  dump_stack_lvl+0x8c/0xd0
[   31.132190]  print_report+0x118/0x5e0
[   31.132478]  kasan_report+0xc8/0x118
[   31.132875]  __asan_report_store1_noabort+0x20/0x30
[   31.133400]  krealloc_more_oob_helper+0x5c8/0x680
[   31.134016]  krealloc_more_oob+0x20/0x38
[   31.135009]  kunit_try_run_case+0x14c/0x3d0
[   31.135689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.136512]  kthread+0x24c/0x2d0
[   31.137068]  ret_from_fork+0x10/0x20
[   31.137592] 
[   31.138055] Allocated by task 144:
[   31.139066]  kasan_save_stack+0x3c/0x68
[   31.139617]  kasan_save_track+0x20/0x40
[   31.140263]  kasan_save_alloc_info+0x40/0x58
[   31.140881]  __kasan_krealloc+0x118/0x178
[   31.141437]  krealloc_noprof+0x128/0x360
[   31.142954]  krealloc_more_oob_helper+0x168/0x680
[   31.143549]  krealloc_more_oob+0x20/0x38
[   31.143928]  kunit_try_run_case+0x14c/0x3d0
[   31.144234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.144582]  kthread+0x24c/0x2d0
[   31.145227]  ret_from_fork+0x10/0x20
[   31.146340] 
[   31.146764] The buggy address belongs to the object at fff00000c0972e00
[   31.146764]  which belongs to the cache kmalloc-256 of size 256
[   31.148329] The buggy address is located 5 bytes to the right of
[   31.148329]  allocated 235-byte region [fff00000c0972e00, fff00000c0972eeb)
[   31.150386] 
[   31.150816] The buggy address belongs to the physical page:
[   31.151457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.152681] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.153755] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.154592] page_type: f5(slab)
[   31.155091] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.156793] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.157256] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.157813] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.159653] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.160709] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.161573] page dumped because: kasan: bad access detected
[   31.163287] 
[   31.163769] Memory state around the buggy address:
[   31.164605]  fff00000c0972d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.165457]  fff00000c0972e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.166505] >fff00000c0972e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.167500]                                                              ^
[   31.168671]  fff00000c0972f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.169962]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.171244] ==================================================================
[   31.439095] ==================================================================
[   31.440486] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   31.441498] Write of size 1 at addr fff00000c5de20eb by task kunit_try_catch/148
[   31.442715] 
[   31.443424] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.444778] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.445379] Hardware name: linux,dummy-virt (DT)
[   31.446520] Call trace:
[   31.446987]  show_stack+0x20/0x38 (C)
[   31.448050]  dump_stack_lvl+0x8c/0xd0
[   31.448512]  print_report+0x118/0x5e0
[   31.449606]  kasan_report+0xc8/0x118
[   31.450561]  __asan_report_store1_noabort+0x20/0x30
[   31.452356]  krealloc_more_oob_helper+0x614/0x680
[   31.453009]  krealloc_large_more_oob+0x20/0x38
[   31.453761]  kunit_try_run_case+0x14c/0x3d0
[   31.454854]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.455691]  kthread+0x24c/0x2d0
[   31.456407]  ret_from_fork+0x10/0x20
[   31.457071] 
[   31.457476] The buggy address belongs to the physical page:
[   31.458428] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105de0
[   31.459416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.460439] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.461744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.463659] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.464602] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.465820] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   31.467531] head: 0bfffe0000000002 ffffc1ffc3177801 ffffffffffffffff 0000000000000000
[   31.468281] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   31.469145] page dumped because: kasan: bad access detected
[   31.470369] 
[   31.470868] Memory state around the buggy address:
[   31.471591]  fff00000c5de1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.472670]  fff00000c5de2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.473475] >fff00000c5de2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.474613]                                                           ^
[   31.476530]  fff00000c5de2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.477605]  fff00000c5de2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.478697] ==================================================================
[   31.071601] ==================================================================
[   31.072861] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   31.073468] Write of size 1 at addr fff00000c0972eeb by task kunit_try_catch/144
[   31.074568] 
[   31.074939] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   31.076928] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.077521] Hardware name: linux,dummy-virt (DT)
[   31.078563] Call trace:
[   31.078981]  show_stack+0x20/0x38 (C)
[   31.079654]  dump_stack_lvl+0x8c/0xd0
[   31.080256]  print_report+0x118/0x5e0
[   31.080825]  kasan_report+0xc8/0x118
[   31.081435]  __asan_report_store1_noabort+0x20/0x30
[   31.082565]  krealloc_more_oob_helper+0x614/0x680
[   31.083246]  krealloc_more_oob+0x20/0x38
[   31.083916]  kunit_try_run_case+0x14c/0x3d0
[   31.084665]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.085388]  kthread+0x24c/0x2d0
[   31.086336]  ret_from_fork+0x10/0x20
[   31.086928] 
[   31.087313] Allocated by task 144:
[   31.087948]  kasan_save_stack+0x3c/0x68
[   31.088649]  kasan_save_track+0x20/0x40
[   31.089122]  kasan_save_alloc_info+0x40/0x58
[   31.090175]  __kasan_krealloc+0x118/0x178
[   31.090653]  krealloc_noprof+0x128/0x360
[   31.091300]  krealloc_more_oob_helper+0x168/0x680
[   31.091961]  krealloc_more_oob+0x20/0x38
[   31.092494]  kunit_try_run_case+0x14c/0x3d0
[   31.093287]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.094541]  kthread+0x24c/0x2d0
[   31.095187]  ret_from_fork+0x10/0x20
[   31.095658] 
[   31.096487] The buggy address belongs to the object at fff00000c0972e00
[   31.096487]  which belongs to the cache kmalloc-256 of size 256
[   31.098544] The buggy address is located 0 bytes to the right of
[   31.098544]  allocated 235-byte region [fff00000c0972e00, fff00000c0972eeb)
[   31.100047] 
[   31.100366] The buggy address belongs to the physical page:
[   31.101264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   31.102607] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.103564] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.104450] page_type: f5(slab)
[   31.104900] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.106250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.107107] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.108245] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.109382] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   31.110780] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   31.111729] page dumped because: kasan: bad access detected
[   31.112378] 
[   31.112735] Memory state around the buggy address:
[   31.113299]  fff00000c0972d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.114482]  fff00000c0972e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.115860] >fff00000c0972e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.116767]                                                           ^
[   31.118020]  fff00000c0972f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.119680]  fff00000c0972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.120372] ==================================================================
Metadata Full log Test run details 

[   21.852456] ==================================================================
[   21.854533] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   21.855539] Write of size 1 at addr ffff8881009a84f0 by task kunit_try_catch/164
[   21.856826] 
[   21.857000] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   21.858738] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.859096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.860057] Call Trace:
[   21.860757]  <TASK>
[   21.860986]  dump_stack_lvl+0x73/0xb0
[   21.861876]  print_report+0xd1/0x640
[   21.862158]  ? __virt_addr_valid+0x1db/0x2d0
[   21.863044]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.863726]  kasan_report+0x102/0x140
[   21.864110]  ? krealloc_more_oob_helper+0x7ed/0x930
[   21.864586]  ? krealloc_more_oob_helper+0x7ed/0x930
[   21.865679]  __asan_report_store1_noabort+0x1b/0x30
[   21.866465]  krealloc_more_oob_helper+0x7ed/0x930
[   21.867192]  ? __schedule+0xc3e/0x2790
[   21.867765]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.868246]  ? finish_task_switch.isra.0+0x153/0x700
[   21.869633]  ? __switch_to+0x5d9/0xf60
[   21.870079]  ? __schedule+0xc3e/0x2790
[   21.870495]  ? __pfx_read_tsc+0x10/0x10
[   21.871130]  krealloc_more_oob+0x1c/0x30
[   21.872046]  kunit_try_run_case+0x1b3/0x490
[   21.872833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.873562]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.874213]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.875198]  ? __kthread_parkme+0x82/0x160
[   21.875451]  ? preempt_count_sub+0x50/0x80
[   21.875647]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.875924]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.876992]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.877645]  kthread+0x257/0x310
[   21.877910]  ? __pfx_kthread+0x10/0x10
[   21.878247]  ret_from_fork+0x41/0x80
[   21.878962]  ? __pfx_kthread+0x10/0x10
[   21.880055]  ret_from_fork_asm+0x1a/0x30
[   21.880868]  </TASK>
[   21.881309] 
[   21.881448] Allocated by task 164:
[   21.881660]  kasan_save_stack+0x3d/0x60
[   21.882018]  kasan_save_track+0x18/0x40
[   21.883003]  kasan_save_alloc_info+0x3b/0x50
[   21.884035]  __kasan_krealloc+0x190/0x1f0
[   21.884580]  krealloc_noprof+0xf3/0x340
[   21.885024]  krealloc_more_oob_helper+0x1aa/0x930
[   21.885481]  krealloc_more_oob+0x1c/0x30
[   21.885917]  kunit_try_run_case+0x1b3/0x490
[   21.887211]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.887809]  kthread+0x257/0x310
[   21.888436]  ret_from_fork+0x41/0x80
[   21.888695]  ret_from_fork_asm+0x1a/0x30
[   21.889754] 
[   21.890131] The buggy address belongs to the object at ffff8881009a8400
[   21.890131]  which belongs to the cache kmalloc-256 of size 256
[   21.891713] The buggy address is located 5 bytes to the right of
[   21.891713]  allocated 235-byte region [ffff8881009a8400, ffff8881009a84eb)
[   21.894150] 
[   21.894611] The buggy address belongs to the physical page:
[   21.895169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   21.896675] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.897871] flags: 0x200000000000040(head|node=0|zone=2)
[   21.899007] page_type: f5(slab)
[   21.899703] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.900670] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.901659] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.902288] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.903648] head: 0200000000000001 ffffea0004026a01 ffffffffffffffff 0000000000000000
[   21.904880] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   21.905462] page dumped because: kasan: bad access detected
[   21.906024] 
[   21.906217] Memory state around the buggy address:
[   21.906659]  ffff8881009a8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.907917]  ffff8881009a8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.908906] >ffff8881009a8480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.909733]                                                              ^
[   21.910605]  ffff8881009a8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.911453]  ffff8881009a8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.911969] ==================================================================
[   21.790052] ==================================================================
[   21.791919] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   21.792658] Write of size 1 at addr ffff8881009a84eb by task kunit_try_catch/164
[   21.794462] 
[   21.794747] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   21.795985] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.796601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.797909] Call Trace:
[   21.798135]  <TASK>
[   21.798682]  dump_stack_lvl+0x73/0xb0
[   21.799614]  print_report+0xd1/0x640
[   21.800161]  ? __virt_addr_valid+0x1db/0x2d0
[   21.801142]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.802192]  kasan_report+0x102/0x140
[   21.803111]  ? krealloc_more_oob_helper+0x823/0x930
[   21.804376]  ? krealloc_more_oob_helper+0x823/0x930
[   21.805431]  __asan_report_store1_noabort+0x1b/0x30
[   21.805735]  krealloc_more_oob_helper+0x823/0x930
[   21.806235]  ? __schedule+0xc3e/0x2790
[   21.806616]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.807154]  ? finish_task_switch.isra.0+0x153/0x700
[   21.807692]  ? __switch_to+0x5d9/0xf60
[   21.808890]  ? __schedule+0xc3e/0x2790
[   21.810063]  ? __pfx_read_tsc+0x10/0x10
[   21.810556]  krealloc_more_oob+0x1c/0x30
[   21.810757]  kunit_try_run_case+0x1b3/0x490
[   21.811595]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.812069]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   21.813050]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.814009]  ? __kthread_parkme+0x82/0x160
[   21.814760]  ? preempt_count_sub+0x50/0x80
[   21.815044]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.815927]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.817168]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.818021]  kthread+0x257/0x310
[   21.818283]  ? __pfx_kthread+0x10/0x10
[   21.819285]  ret_from_fork+0x41/0x80
[   21.820297]  ? __pfx_kthread+0x10/0x10
[   21.820718]  ret_from_fork_asm+0x1a/0x30
[   21.821135]  </TASK>
[   21.822150] 
[   21.822410] Allocated by task 164:
[   21.822671]  kasan_save_stack+0x3d/0x60
[   21.823461]  kasan_save_track+0x18/0x40
[   21.823912]  kasan_save_alloc_info+0x3b/0x50
[   21.824207]  __kasan_krealloc+0x190/0x1f0
[   21.825264]  krealloc_noprof+0xf3/0x340
[   21.825871]  krealloc_more_oob_helper+0x1aa/0x930
[   21.826867]  krealloc_more_oob+0x1c/0x30
[   21.827392]  kunit_try_run_case+0x1b3/0x490
[   21.827938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.828450]  kthread+0x257/0x310
[   21.828882]  ret_from_fork+0x41/0x80
[   21.829485]  ret_from_fork_asm+0x1a/0x30
[   21.830382] 
[   21.830665] The buggy address belongs to the object at ffff8881009a8400
[   21.830665]  which belongs to the cache kmalloc-256 of size 256
[   21.832630] The buggy address is located 0 bytes to the right of
[   21.832630]  allocated 235-byte region [ffff8881009a8400, ffff8881009a84eb)
[   21.834315] 
[   21.834668] The buggy address belongs to the physical page:
[   21.835208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8
[   21.836179] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.837210] flags: 0x200000000000040(head|node=0|zone=2)
[   21.838050] page_type: f5(slab)
[   21.838752] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.840175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.842099] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.842822] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.843452] head: 0200000000000001 ffffea0004026a01 ffffffffffffffff 0000000000000000
[   21.844338] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   21.844926] page dumped because: kasan: bad access detected
[   21.845310] 
[   21.845657] Memory state around the buggy address:
[   21.846087]  ffff8881009a8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.846708]  ffff8881009a8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.847397] >ffff8881009a8480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.848618]                                                           ^
[   21.849085]  ffff8881009a8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.849918]  ffff8881009a8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.850748] ==================================================================
[   22.263515] ==================================================================
[   22.264116] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   22.265880] Write of size 1 at addr ffff888102b2e0f0 by task kunit_try_catch/168
[   22.266647] 
[   22.266859] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.267483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.267967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.268885] Call Trace:
[   22.269240]  <TASK>
[   22.269596]  dump_stack_lvl+0x73/0xb0
[   22.269979]  print_report+0xd1/0x640
[   22.270476]  ? __virt_addr_valid+0x1db/0x2d0
[   22.270908]  ? kasan_addr_to_slab+0x11/0xa0
[   22.271447]  kasan_report+0x102/0x140
[   22.271804]  ? krealloc_more_oob_helper+0x7ed/0x930
[   22.272380]  ? krealloc_more_oob_helper+0x7ed/0x930
[   22.273044]  __asan_report_store1_noabort+0x1b/0x30
[   22.274804]  krealloc_more_oob_helper+0x7ed/0x930
[   22.275311]  ? __schedule+0xc3e/0x2790
[   22.275661]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.276170]  ? finish_task_switch.isra.0+0x153/0x700
[   22.276784]  ? __switch_to+0x5d9/0xf60
[   22.277187]  ? __schedule+0xc3e/0x2790
[   22.277513]  ? __pfx_read_tsc+0x10/0x10
[   22.278044]  krealloc_large_more_oob+0x1c/0x30
[   22.278503]  kunit_try_run_case+0x1b3/0x490
[   22.279031]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.279568]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.280040]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.280463]  ? __kthread_parkme+0x82/0x160
[   22.281012]  ? preempt_count_sub+0x50/0x80
[   22.281430]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.282011]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.282693]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.283195]  kthread+0x257/0x310
[   22.283567]  ? __pfx_kthread+0x10/0x10
[   22.284011]  ret_from_fork+0x41/0x80
[   22.284516]  ? __pfx_kthread+0x10/0x10
[   22.284895]  ret_from_fork_asm+0x1a/0x30
[   22.285332]  </TASK>
[   22.285639] 
[   22.285920] The buggy address belongs to the physical page:
[   22.286565] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2c
[   22.287069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.287909] flags: 0x200000000000040(head|node=0|zone=2)
[   22.288470] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.289198] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.289994] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.290705] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.291493] head: 0200000000000002 ffffea00040acb01 ffffffffffffffff 0000000000000000
[   22.292216] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.292918] page dumped because: kasan: bad access detected
[   22.293404] 
[   22.293633] Memory state around the buggy address:
[   22.294107]  ffff888102b2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.294848]  ffff888102b2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.295360] >ffff888102b2e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.296168]                                                              ^
[   22.296735]  ffff888102b2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.297516]  ffff888102b2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.298294] ==================================================================
[   22.220548] ==================================================================
[   22.221625] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   22.222600] Write of size 1 at addr ffff888102b2e0eb by task kunit_try_catch/168
[   22.223893] 
[   22.224107] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241204 #1
[   22.225935] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.226315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.227282] Call Trace:
[   22.227585]  <TASK>
[   22.227875]  dump_stack_lvl+0x73/0xb0
[   22.228190]  print_report+0xd1/0x640
[   22.229610]  ? __virt_addr_valid+0x1db/0x2d0
[   22.230277]  ? kasan_addr_to_slab+0x11/0xa0
[   22.231102]  kasan_report+0x102/0x140
[   22.231635]  ? krealloc_more_oob_helper+0x823/0x930
[   22.232065]  ? krealloc_more_oob_helper+0x823/0x930
[   22.232472]  __asan_report_store1_noabort+0x1b/0x30
[   22.233006]  krealloc_more_oob_helper+0x823/0x930
[   22.233591]  ? __schedule+0xc3e/0x2790
[   22.234157]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.234908]  ? finish_task_switch.isra.0+0x153/0x700
[   22.235740]  ? __switch_to+0x5d9/0xf60
[   22.236412]  ? __schedule+0xc3e/0x2790
[   22.236893]  ? __pfx_read_tsc+0x10/0x10
[   22.237249]  krealloc_large_more_oob+0x1c/0x30
[   22.237976]  kunit_try_run_case+0x1b3/0x490
[   22.238644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.239095]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.240138]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.241037]  ? __kthread_parkme+0x82/0x160
[   22.241758]  ? preempt_count_sub+0x50/0x80
[   22.242181]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.242918]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.243554]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.244292]  kthread+0x257/0x310
[   22.245006]  ? __pfx_kthread+0x10/0x10
[   22.245356]  ret_from_fork+0x41/0x80
[   22.245711]  ? __pfx_kthread+0x10/0x10
[   22.246580]  ret_from_fork_asm+0x1a/0x30
[   22.247095]  </TASK>
[   22.247374] 
[   22.247539] The buggy address belongs to the physical page:
[   22.248112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2c
[   22.248807] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.250188] flags: 0x200000000000040(head|node=0|zone=2)
[   22.250944] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.251938] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.252977] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.253602] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.254255] head: 0200000000000002 ffffea00040acb01 ffffffffffffffff 0000000000000000
[   22.255008] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.255924] page dumped because: kasan: bad access detected
[   22.256554] 
[   22.256908] Memory state around the buggy address:
[   22.257524]  ffff888102b2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.258244]  ffff888102b2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.259097] >ffff888102b2e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.259885]                                                           ^
[   22.260689]  ffff888102b2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.261368]  ffff888102b2e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.262054] ==================================================================
Metadata Full log Test run details