Hay
Sign in
Date
Dec. 5, 2024, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   29.313080] ==================================================================
[   29.314262] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   29.315141] Write of size 1 at addr fff00000c09760f0 by task kunit_try_catch/145
[   29.316547] 
[   29.316978] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   29.318215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.318831] Hardware name: linux,dummy-virt (DT)
[   29.320309] Call trace:
[   29.320717]  show_stack+0x20/0x38 (C)
[   29.321479]  dump_stack_lvl+0x8c/0xd0
[   29.322012]  print_report+0x118/0x5e0
[   29.322608]  kasan_report+0xc8/0x118
[   29.323158]  __asan_report_store1_noabort+0x20/0x30
[   29.324120]  krealloc_more_oob_helper+0x5c8/0x680
[   29.325163]  krealloc_more_oob+0x20/0x38
[   29.325783]  kunit_try_run_case+0x14c/0x3d0
[   29.326535]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.327338]  kthread+0x24c/0x2d0
[   29.327805]  ret_from_fork+0x10/0x20
[   29.328415] 
[   29.328777] Allocated by task 145:
[   29.329718]  kasan_save_stack+0x3c/0x68
[   29.330311]  kasan_save_track+0x20/0x40
[   29.331055]  kasan_save_alloc_info+0x40/0x58
[   29.331976]  __kasan_krealloc+0x118/0x178
[   29.332543]  krealloc_noprof+0x128/0x360
[   29.333241]  krealloc_more_oob_helper+0x168/0x680
[   29.333896]  krealloc_more_oob+0x20/0x38
[   29.334455]  kunit_try_run_case+0x14c/0x3d0
[   29.335051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.336528]  kthread+0x24c/0x2d0
[   29.337084]  ret_from_fork+0x10/0x20
[   29.337666] 
[   29.338070] The buggy address belongs to the object at fff00000c0976000
[   29.338070]  which belongs to the cache kmalloc-256 of size 256
[   29.339271] The buggy address is located 5 bytes to the right of
[   29.339271]  allocated 235-byte region [fff00000c0976000, fff00000c09760eb)
[   29.341278] 
[   29.341626] The buggy address belongs to the physical page:
[   29.342492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100976
[   29.344004] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.344776] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.345758] page_type: f5(slab)
[   29.346324] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.347227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.348124] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.349056] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.350188] head: 0bfffe0000000001 ffffc1ffc3025d81 ffffffffffffffff 0000000000000000
[   29.351223] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.352761] page dumped because: kasan: bad access detected
[   29.353479] 
[   29.353765] Memory state around the buggy address:
[   29.354407]  fff00000c0975f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.355119]  fff00000c0976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.356433] >fff00000c0976080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.357314]                                                              ^
[   29.358147]  fff00000c0976100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.359132]  fff00000c0976180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.360909] ==================================================================
[   29.636408] ==================================================================
[   29.637191] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   29.637978] Write of size 1 at addr fff00000c64920f0 by task kunit_try_catch/149
[   29.638852] 
[   29.639208] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   29.640577] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.641264] Hardware name: linux,dummy-virt (DT)
[   29.641869] Call trace:
[   29.642302]  show_stack+0x20/0x38 (C)
[   29.642774]  dump_stack_lvl+0x8c/0xd0
[   29.643465]  print_report+0x118/0x5e0
[   29.644026]  kasan_report+0xc8/0x118
[   29.644712]  __asan_report_store1_noabort+0x20/0x30
[   29.645408]  krealloc_more_oob_helper+0x5c8/0x680
[   29.645974]  krealloc_large_more_oob+0x20/0x38
[   29.646695]  kunit_try_run_case+0x14c/0x3d0
[   29.647391]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.648103]  kthread+0x24c/0x2d0
[   29.648698]  ret_from_fork+0x10/0x20
[   29.649262] 
[   29.649617] The buggy address belongs to the physical page:
[   29.650395] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106490
[   29.651292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.652156] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.653074] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.654088] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.655015] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.655986] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.657075] head: 0bfffe0000000002 ffffc1ffc3192401 ffffffffffffffff 0000000000000000
[   29.657967] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   29.658829] page dumped because: kasan: bad access detected
[   29.659495] 
[   29.659797] Memory state around the buggy address:
[   29.660407]  fff00000c6491f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.661294]  fff00000c6492000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.662261] >fff00000c6492080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.663301]                                                              ^
[   29.664121]  fff00000c6492100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.665043]  fff00000c6492180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.665866] ==================================================================
[   29.260824] ==================================================================
[   29.262074] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   29.262988] Write of size 1 at addr fff00000c09760eb by task kunit_try_catch/145
[   29.263800] 
[   29.264277] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   29.266255] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.267032] Hardware name: linux,dummy-virt (DT)
[   29.268075] Call trace:
[   29.268571]  show_stack+0x20/0x38 (C)
[   29.269196]  dump_stack_lvl+0x8c/0xd0
[   29.269770]  print_report+0x118/0x5e0
[   29.270382]  kasan_report+0xc8/0x118
[   29.271101]  __asan_report_store1_noabort+0x20/0x30
[   29.272023]  krealloc_more_oob_helper+0x614/0x680
[   29.272815]  krealloc_more_oob+0x20/0x38
[   29.273360]  kunit_try_run_case+0x14c/0x3d0
[   29.274508]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.275313]  kthread+0x24c/0x2d0
[   29.276110]  ret_from_fork+0x10/0x20
[   29.276958] 
[   29.277330] Allocated by task 145:
[   29.277838]  kasan_save_stack+0x3c/0x68
[   29.278350]  kasan_save_track+0x20/0x40
[   29.279071]  kasan_save_alloc_info+0x40/0x58
[   29.280125]  __kasan_krealloc+0x118/0x178
[   29.281016]  krealloc_noprof+0x128/0x360
[   29.281610]  krealloc_more_oob_helper+0x168/0x680
[   29.282262]  krealloc_more_oob+0x20/0x38
[   29.283033]  kunit_try_run_case+0x14c/0x3d0
[   29.283652]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.284665]  kthread+0x24c/0x2d0
[   29.285394]  ret_from_fork+0x10/0x20
[   29.285982] 
[   29.286312] The buggy address belongs to the object at fff00000c0976000
[   29.286312]  which belongs to the cache kmalloc-256 of size 256
[   29.288742] The buggy address is located 0 bytes to the right of
[   29.288742]  allocated 235-byte region [fff00000c0976000, fff00000c09760eb)
[   29.290120] 
[   29.290491] The buggy address belongs to the physical page:
[   29.291225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100976
[   29.292631] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.293505] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.294331] page_type: f5(slab)
[   29.294856] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.295997] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.297226] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.298094] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.299098] head: 0bfffe0000000001 ffffc1ffc3025d81 ffffffffffffffff 0000000000000000
[   29.300475] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.301361] page dumped because: kasan: bad access detected
[   29.302211] 
[   29.302706] Memory state around the buggy address:
[   29.303483]  fff00000c0975f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.304568]  fff00000c0976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.305810] >fff00000c0976080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.306892]                                                           ^
[   29.308258]  fff00000c0976100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.309352]  fff00000c0976180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.310186] ==================================================================
[   29.601786] ==================================================================
[   29.602974] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   29.603845] Write of size 1 at addr fff00000c64920eb by task kunit_try_catch/149
[   29.604687] 
[   29.605146] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   29.606476] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.606935] Hardware name: linux,dummy-virt (DT)
[   29.608532] Call trace:
[   29.608905]  show_stack+0x20/0x38 (C)
[   29.609611]  dump_stack_lvl+0x8c/0xd0
[   29.610104]  print_report+0x118/0x5e0
[   29.610733]  kasan_report+0xc8/0x118
[   29.611598]  __asan_report_store1_noabort+0x20/0x30
[   29.612270]  krealloc_more_oob_helper+0x614/0x680
[   29.613006]  krealloc_large_more_oob+0x20/0x38
[   29.613745]  kunit_try_run_case+0x14c/0x3d0
[   29.614344]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.615178]  kthread+0x24c/0x2d0
[   29.615788]  ret_from_fork+0x10/0x20
[   29.616345] 
[   29.616766] The buggy address belongs to the physical page:
[   29.617312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106490
[   29.618504] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.619477] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.620393] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.621432] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.622332] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.623267] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.624190] head: 0bfffe0000000002 ffffc1ffc3192401 ffffffffffffffff 0000000000000000
[   29.625058] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   29.625964] page dumped because: kasan: bad access detected
[   29.626665] 
[   29.627079] Memory state around the buggy address:
[   29.627671]  fff00000c6491f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.628630]  fff00000c6492000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.629575] >fff00000c6492080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.630409]                                                           ^
[   29.631213]  fff00000c6492100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.632095]  fff00000c6492180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.633140] ==================================================================
Metadata Full log Test run details 

[   27.269954] ==================================================================
[   27.271083] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   27.271816] Write of size 1 at addr ffff88810226e0eb by task kunit_try_catch/167
[   27.272470] 
[   27.272655] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   27.274124] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.274401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.275865] Call Trace:
[   27.276496]  <TASK>
[   27.277057]  dump_stack_lvl+0x73/0xb0
[   27.277432]  print_report+0xd1/0x640
[   27.277806]  ? __virt_addr_valid+0x1db/0x2d0
[   27.278327]  ? kasan_addr_to_slab+0x11/0xa0
[   27.278754]  kasan_report+0x102/0x140
[   27.279375]  ? krealloc_more_oob_helper+0x823/0x930
[   27.280750]  ? krealloc_more_oob_helper+0x823/0x930
[   27.281652]  __asan_report_store1_noabort+0x1b/0x30
[   27.282192]  krealloc_more_oob_helper+0x823/0x930
[   27.283061]  ? __schedule+0xc70/0x27e0
[   27.283940]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.285269]  ? finish_task_switch.isra.0+0x153/0x700
[   27.286095]  ? __switch_to+0x5d9/0xf60
[   27.286632]  ? __schedule+0xc70/0x27e0
[   27.287056]  ? __pfx_read_tsc+0x10/0x10
[   27.288103]  krealloc_large_more_oob+0x1c/0x30
[   27.288595]  kunit_try_run_case+0x1b3/0x490
[   27.289563]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.290326]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.291140]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.291633]  ? __kthread_parkme+0x82/0x160
[   27.292540]  ? preempt_count_sub+0x50/0x80
[   27.293345]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.293706]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.294967]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.295623]  kthread+0x257/0x310
[   27.296481]  ? __pfx_kthread+0x10/0x10
[   27.296872]  ret_from_fork+0x41/0x80
[   27.297485]  ? __pfx_kthread+0x10/0x10
[   27.298116]  ret_from_fork_asm+0x1a/0x30
[   27.298579]  </TASK>
[   27.298939] 
[   27.299340] The buggy address belongs to the physical page:
[   27.300314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10226c
[   27.301027] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.301972] flags: 0x200000000000040(head|node=0|zone=2)
[   27.302674] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.303524] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.304641] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.305358] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.306044] head: 0200000000000002 ffffea0004089b01 ffffffffffffffff 0000000000000000
[   27.306928] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   27.307808] page dumped because: kasan: bad access detected
[   27.308602] 
[   27.308926] Memory state around the buggy address:
[   27.309611]  ffff88810226df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.310475]  ffff88810226e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.311196] >ffff88810226e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.312341]                                                           ^
[   27.313150]  ffff88810226e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.313909]  ffff88810226e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.314636] ==================================================================
[   27.317404] ==================================================================
[   27.318155] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   27.318849] Write of size 1 at addr ffff88810226e0f0 by task kunit_try_catch/167
[   27.319727] 
[   27.320175] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   27.321402] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.321895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.322760] Call Trace:
[   27.323785]  <TASK>
[   27.324033]  dump_stack_lvl+0x73/0xb0
[   27.324420]  print_report+0xd1/0x640
[   27.324800]  ? __virt_addr_valid+0x1db/0x2d0
[   27.325245]  ? kasan_addr_to_slab+0x11/0xa0
[   27.325715]  kasan_report+0x102/0x140
[   27.326011]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.326746]  ? krealloc_more_oob_helper+0x7ed/0x930
[   27.327645]  __asan_report_store1_noabort+0x1b/0x30
[   27.329382]  krealloc_more_oob_helper+0x7ed/0x930
[   27.330062]  ? __schedule+0xc70/0x27e0
[   27.330470]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   27.331525]  ? finish_task_switch.isra.0+0x153/0x700
[   27.332557]  ? __switch_to+0x5d9/0xf60
[   27.333043]  ? __schedule+0xc70/0x27e0
[   27.333634]  ? __pfx_read_tsc+0x10/0x10
[   27.334167]  krealloc_large_more_oob+0x1c/0x30
[   27.334776]  kunit_try_run_case+0x1b3/0x490
[   27.335590]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.336472]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.337121]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.337892]  ? __kthread_parkme+0x82/0x160
[   27.338352]  ? preempt_count_sub+0x50/0x80
[   27.338883]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.339747]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.340505]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.341262]  kthread+0x257/0x310
[   27.341668]  ? __pfx_kthread+0x10/0x10
[   27.342269]  ret_from_fork+0x41/0x80
[   27.342616]  ? __pfx_kthread+0x10/0x10
[   27.343599]  ret_from_fork_asm+0x1a/0x30
[   27.344311]  </TASK>
[   27.344636] 
[   27.344981] The buggy address belongs to the physical page:
[   27.345651] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10226c
[   27.346782] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.347432] flags: 0x200000000000040(head|node=0|zone=2)
[   27.348117] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.348653] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.349634] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   27.350558] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   27.351674] head: 0200000000000002 ffffea0004089b01 ffffffffffffffff 0000000000000000
[   27.352600] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   27.353550] page dumped because: kasan: bad access detected
[   27.354016] 
[   27.354256] Memory state around the buggy address:
[   27.355061]  ffff88810226df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.355716]  ffff88810226e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.356582] >ffff88810226e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.357535]                                                              ^
[   27.358194]  ffff88810226e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.358978]  ffff88810226e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.359765] ==================================================================
[   26.837623] ==================================================================
[   26.838770] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   26.839838] Write of size 1 at addr ffff8881009aaeeb by task kunit_try_catch/163
[   26.841203] 
[   26.841549] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   26.842601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.843097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.844244] Call Trace:
[   26.844815]  <TASK>
[   26.845307]  dump_stack_lvl+0x73/0xb0
[   26.845695]  print_report+0xd1/0x640
[   26.846436]  ? __virt_addr_valid+0x1db/0x2d0
[   26.847177]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.847465]  kasan_report+0x102/0x140
[   26.847649]  ? krealloc_more_oob_helper+0x823/0x930
[   26.848020]  ? krealloc_more_oob_helper+0x823/0x930
[   26.849332]  __asan_report_store1_noabort+0x1b/0x30
[   26.850059]  krealloc_more_oob_helper+0x823/0x930
[   26.850641]  ? trace_hardirqs_on+0x37/0xe0
[   26.851385]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.851940]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   26.852618]  ? __pfx_krealloc_more_oob+0x10/0x10
[   26.853155]  krealloc_more_oob+0x1c/0x30
[   26.853877]  kunit_try_run_case+0x1b3/0x490
[   26.854719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.855805]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   26.856506]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.857109]  ? __kthread_parkme+0x82/0x160
[   26.858488]  ? preempt_count_sub+0x50/0x80
[   26.859044]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.859665]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.860882]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.861526]  kthread+0x257/0x310
[   26.862110]  ? __pfx_kthread+0x10/0x10
[   26.863025]  ret_from_fork+0x41/0x80
[   26.863574]  ? __pfx_kthread+0x10/0x10
[   26.864260]  ret_from_fork_asm+0x1a/0x30
[   26.864653]  </TASK>
[   26.864923] 
[   26.865597] Allocated by task 163:
[   26.866314]  kasan_save_stack+0x3d/0x60
[   26.866743]  kasan_save_track+0x18/0x40
[   26.867852]  kasan_save_alloc_info+0x3b/0x50
[   26.868424]  __kasan_krealloc+0x190/0x1f0
[   26.868920]  krealloc_noprof+0xf3/0x340
[   26.869311]  krealloc_more_oob_helper+0x1aa/0x930
[   26.869978]  krealloc_more_oob+0x1c/0x30
[   26.870438]  kunit_try_run_case+0x1b3/0x490
[   26.871344]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.872252]  kthread+0x257/0x310
[   26.872476]  ret_from_fork+0x41/0x80
[   26.872656]  ret_from_fork_asm+0x1a/0x30
[   26.873177] 
[   26.873573] The buggy address belongs to the object at ffff8881009aae00
[   26.873573]  which belongs to the cache kmalloc-256 of size 256
[   26.874315] The buggy address is located 0 bytes to the right of
[   26.874315]  allocated 235-byte region [ffff8881009aae00, ffff8881009aaeeb)
[   26.876122] 
[   26.876610] The buggy address belongs to the physical page:
[   26.877267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009aa
[   26.878109] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.879370] flags: 0x200000000000040(head|node=0|zone=2)
[   26.879896] page_type: f5(slab)
[   26.880580] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.881486] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.882512] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.883190] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.884283] head: 0200000000000001 ffffea0004026a81 ffffffffffffffff 0000000000000000
[   26.885268] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   26.886078] page dumped because: kasan: bad access detected
[   26.886582] 
[   26.886943] Memory state around the buggy address:
[   26.887513]  ffff8881009aad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.888229]  ffff8881009aae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.889207] >ffff8881009aae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.889729]                                                           ^
[   26.890339]  ffff8881009aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.891251]  ffff8881009aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.892163] ==================================================================
[   26.894393] ==================================================================
[   26.895080] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   26.896493] Write of size 1 at addr ffff8881009aaef0 by task kunit_try_catch/163
[   26.897229] 
[   26.897559] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   26.898409] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.899095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.899880] Call Trace:
[   26.900186]  <TASK>
[   26.900601]  dump_stack_lvl+0x73/0xb0
[   26.901195]  print_report+0xd1/0x640
[   26.901527]  ? __virt_addr_valid+0x1db/0x2d0
[   26.902212]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.903129]  kasan_report+0x102/0x140
[   26.903632]  ? krealloc_more_oob_helper+0x7ed/0x930
[   26.904289]  ? krealloc_more_oob_helper+0x7ed/0x930
[   26.904783]  __asan_report_store1_noabort+0x1b/0x30
[   26.905445]  krealloc_more_oob_helper+0x7ed/0x930
[   26.905933]  ? trace_hardirqs_on+0x37/0xe0
[   26.906234]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.907402]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   26.907989]  ? __pfx_krealloc_more_oob+0x10/0x10
[   26.908744]  krealloc_more_oob+0x1c/0x30
[   26.909102]  kunit_try_run_case+0x1b3/0x490
[   26.909419]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.910024]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   26.910996]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.911419]  ? __kthread_parkme+0x82/0x160
[   26.911862]  ? preempt_count_sub+0x50/0x80
[   26.912488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.913252]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.914542]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.915280]  kthread+0x257/0x310
[   26.916294]  ? __pfx_kthread+0x10/0x10
[   26.916750]  ret_from_fork+0x41/0x80
[   26.917509]  ? __pfx_kthread+0x10/0x10
[   26.918798]  ret_from_fork_asm+0x1a/0x30
[   26.919275]  </TASK>
[   26.919456] 
[   26.919717] Allocated by task 163:
[   26.920077]  kasan_save_stack+0x3d/0x60
[   26.920512]  kasan_save_track+0x18/0x40
[   26.921225]  kasan_save_alloc_info+0x3b/0x50
[   26.921614]  __kasan_krealloc+0x190/0x1f0
[   26.922209]  krealloc_noprof+0xf3/0x340
[   26.922747]  krealloc_more_oob_helper+0x1aa/0x930
[   26.923526]  krealloc_more_oob+0x1c/0x30
[   26.924325]  kunit_try_run_case+0x1b3/0x490
[   26.924777]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.925351]  kthread+0x257/0x310
[   26.925793]  ret_from_fork+0x41/0x80
[   26.926407]  ret_from_fork_asm+0x1a/0x30
[   26.926813] 
[   26.927285] The buggy address belongs to the object at ffff8881009aae00
[   26.927285]  which belongs to the cache kmalloc-256 of size 256
[   26.928350] The buggy address is located 5 bytes to the right of
[   26.928350]  allocated 235-byte region [ffff8881009aae00, ffff8881009aaeeb)
[   26.930429] 
[   26.930862] The buggy address belongs to the physical page:
[   26.931577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009aa
[   26.932474] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.933075] flags: 0x200000000000040(head|node=0|zone=2)
[   26.933761] page_type: f5(slab)
[   26.934462] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.935135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.935858] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.937123] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.937823] head: 0200000000000001 ffffea0004026a81 ffffffffffffffff 0000000000000000
[   26.938627] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   26.939563] page dumped because: kasan: bad access detected
[   26.939998] 
[   26.940332] Memory state around the buggy address:
[   26.940884]  ffff8881009aad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.941696]  ffff8881009aae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.942596] >ffff8881009aae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.943300]                                                              ^
[   26.944019]  ffff8881009aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.945052]  ffff8881009aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.945849] ==================================================================
Metadata Full log Test run details