lkft/linux-next-master - next-20241206 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Dec. 6, 2024, 3:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.838981] ==================================================================
[   30.839646] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.840594] Write of size 1 at addr fff00000c62220eb by task kunit_try_catch/151
[   30.841407] 
[   30.841843] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.843147] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.843810] Hardware name: linux,dummy-virt (DT)
[   30.844406] Call trace:
[   30.844892]  show_stack+0x20/0x38 (C)
[   30.845450]  dump_stack_lvl+0x8c/0xd0
[   30.846142]  print_report+0x118/0x5e0
[   30.846825]  kasan_report+0xc8/0x118
[   30.847496]  __asan_report_store1_noabort+0x20/0x30
[   30.848264]  krealloc_less_oob_helper+0xa58/0xc50
[   30.848906]  krealloc_large_less_oob+0x20/0x38
[   30.849677]  kunit_try_run_case+0x14c/0x3d0
[   30.850348]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.851125]  kthread+0x24c/0x2d0
[   30.851790]  ret_from_fork+0x10/0x20
[   30.852438] 
[   30.852832] The buggy address belongs to the physical page:
[   30.853447] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.854481] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.855397] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.856308] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.857221] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.858159] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.859115] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.860089] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.861008] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.861906] page dumped because: kasan: bad access detected
[   30.862592] 
[   30.862987] Memory state around the buggy address:
[   30.863706]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.864477]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.865395] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.866233]                                                           ^
[   30.867051]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.867910]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.868755] ==================================================================
[   30.423809] ==================================================================
[   30.424661] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.425545] Write of size 1 at addr fff00000c0c136d0 by task kunit_try_catch/147
[   30.426773] 
[   30.427161] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.428323] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.428886] Hardware name: linux,dummy-virt (DT)
[   30.429544] Call trace:
[   30.430063]  show_stack+0x20/0x38 (C)
[   30.431045]  dump_stack_lvl+0x8c/0xd0
[   30.431726]  print_report+0x118/0x5e0
[   30.432340]  kasan_report+0xc8/0x118
[   30.432950]  __asan_report_store1_noabort+0x20/0x30
[   30.433752]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.434788]  krealloc_less_oob+0x20/0x38
[   30.435406]  kunit_try_run_case+0x14c/0x3d0
[   30.436150]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.436870]  kthread+0x24c/0x2d0
[   30.437503]  ret_from_fork+0x10/0x20
[   30.438137] 
[   30.438804] Allocated by task 147:
[   30.439356]  kasan_save_stack+0x3c/0x68
[   30.440049]  kasan_save_track+0x20/0x40
[   30.440695]  kasan_save_alloc_info+0x40/0x58
[   30.441322]  __kasan_krealloc+0x118/0x178
[   30.442014]  krealloc_noprof+0x128/0x360
[   30.443576]  krealloc_less_oob_helper+0x168/0xc50
[   30.444238]  krealloc_less_oob+0x20/0x38
[   30.444922]  kunit_try_run_case+0x14c/0x3d0
[   30.445589]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.446582]  kthread+0x24c/0x2d0
[   30.447155]  ret_from_fork+0x10/0x20
[   30.447838] 
[   30.448239] The buggy address belongs to the object at fff00000c0c13600
[   30.448239]  which belongs to the cache kmalloc-256 of size 256
[   30.449570] The buggy address is located 7 bytes to the right of
[   30.449570]  allocated 201-byte region [fff00000c0c13600, fff00000c0c136c9)
[   30.451211] 
[   30.451639] The buggy address belongs to the physical page:
[   30.452248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.453241] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.454112] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.455324] page_type: f5(slab)
[   30.455856] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.456787] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.457724] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.459064] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.460037] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.460910] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.461817] page dumped because: kasan: bad access detected
[   30.462877] 
[   30.463179] Memory state around the buggy address:
[   30.464289]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.465040]  fff00000c0c13600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.466208] >fff00000c0c13680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.467465]                                                  ^
[   30.468202]  fff00000c0c13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.469158]  fff00000c0c13780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.470074] ==================================================================
[   30.564173] ==================================================================
[   30.565156] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.567060] Write of size 1 at addr fff00000c0c136eb by task kunit_try_catch/147
[   30.568017] 
[   30.568484] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.570038] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.570589] Hardware name: linux,dummy-virt (DT)
[   30.571182] Call trace:
[   30.571605]  show_stack+0x20/0x38 (C)
[   30.572207]  dump_stack_lvl+0x8c/0xd0
[   30.572825]  print_report+0x118/0x5e0
[   30.573367]  kasan_report+0xc8/0x118
[   30.574012]  __asan_report_store1_noabort+0x20/0x30
[   30.574698]  krealloc_less_oob_helper+0xa58/0xc50
[   30.575374]  krealloc_less_oob+0x20/0x38
[   30.575929]  kunit_try_run_case+0x14c/0x3d0
[   30.576638]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.577369]  kthread+0x24c/0x2d0
[   30.577976]  ret_from_fork+0x10/0x20
[   30.578613] 
[   30.578998] Allocated by task 147:
[   30.579562]  kasan_save_stack+0x3c/0x68
[   30.580068]  kasan_save_track+0x20/0x40
[   30.580715]  kasan_save_alloc_info+0x40/0x58
[   30.581303]  __kasan_krealloc+0x118/0x178
[   30.581833]  krealloc_noprof+0x128/0x360
[   30.582457]  krealloc_less_oob_helper+0x168/0xc50
[   30.583135]  krealloc_less_oob+0x20/0x38
[   30.583657]  kunit_try_run_case+0x14c/0x3d0
[   30.584314]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.585022]  kthread+0x24c/0x2d0
[   30.585584]  ret_from_fork+0x10/0x20
[   30.586256] 
[   30.586675] The buggy address belongs to the object at fff00000c0c13600
[   30.586675]  which belongs to the cache kmalloc-256 of size 256
[   30.587962] The buggy address is located 34 bytes to the right of
[   30.587962]  allocated 201-byte region [fff00000c0c13600, fff00000c0c136c9)
[   30.589107] 
[   30.589414] The buggy address belongs to the physical page:
[   30.590070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.591010] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.591805] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.592677] page_type: f5(slab)
[   30.593178] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.594099] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.594973] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.595901] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.596740] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.597611] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.598457] page dumped because: kasan: bad access detected
[   30.599193] 
[   30.599572] Memory state around the buggy address:
[   30.600148]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.601075]  fff00000c0c13600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.601786] >fff00000c0c13680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.602700]                                                           ^
[   30.603409]  fff00000c0c13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.604275]  fff00000c0c13780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.605058] ==================================================================
[   30.731681] ==================================================================
[   30.732504] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.734388] Write of size 1 at addr fff00000c62220d0 by task kunit_try_catch/151
[   30.736144] 
[   30.736499] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.737691] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.738439] Hardware name: linux,dummy-virt (DT)
[   30.739774] Call trace:
[   30.740128]  show_stack+0x20/0x38 (C)
[   30.740785]  dump_stack_lvl+0x8c/0xd0
[   30.741360]  print_report+0x118/0x5e0
[   30.742004]  kasan_report+0xc8/0x118
[   30.743018]  __asan_report_store1_noabort+0x20/0x30
[   30.743603]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.744245]  krealloc_large_less_oob+0x20/0x38
[   30.744958]  kunit_try_run_case+0x14c/0x3d0
[   30.745689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.746735]  kthread+0x24c/0x2d0
[   30.747227]  ret_from_fork+0x10/0x20
[   30.748566] 
[   30.749068] The buggy address belongs to the physical page:
[   30.749875] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.751140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.752003] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.753114] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.754006] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.755054] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.755959] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.757138] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.758257] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.759657] page dumped because: kasan: bad access detected
[   30.760192] 
[   30.760364] Memory state around the buggy address:
[   30.760752]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.761741]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.762738] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.764472]                                                  ^
[   30.765154]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.766037]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.767237] ==================================================================
[   30.517983] ==================================================================
[   30.519339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.520181] Write of size 1 at addr fff00000c0c136ea by task kunit_try_catch/147
[   30.520958] 
[   30.521358] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.523174] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.523436] Hardware name: linux,dummy-virt (DT)
[   30.523899] Call trace:
[   30.524358]  show_stack+0x20/0x38 (C)
[   30.525106]  dump_stack_lvl+0x8c/0xd0
[   30.525804]  print_report+0x118/0x5e0
[   30.526434]  kasan_report+0xc8/0x118
[   30.527240]  __asan_report_store1_noabort+0x20/0x30
[   30.528037]  krealloc_less_oob_helper+0xae4/0xc50
[   30.528816]  krealloc_less_oob+0x20/0x38
[   30.529560]  kunit_try_run_case+0x14c/0x3d0
[   30.530600]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.531391]  kthread+0x24c/0x2d0
[   30.531912]  ret_from_fork+0x10/0x20
[   30.532452] 
[   30.532887] Allocated by task 147:
[   30.533442]  kasan_save_stack+0x3c/0x68
[   30.534220]  kasan_save_track+0x20/0x40
[   30.534943]  kasan_save_alloc_info+0x40/0x58
[   30.535889]  __kasan_krealloc+0x118/0x178
[   30.536956]  krealloc_noprof+0x128/0x360
[   30.537874]  krealloc_less_oob_helper+0x168/0xc50
[   30.538748]  krealloc_less_oob+0x20/0x38
[   30.539476]  kunit_try_run_case+0x14c/0x3d0
[   30.540098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.540805]  kthread+0x24c/0x2d0
[   30.541300]  ret_from_fork+0x10/0x20
[   30.541839] 
[   30.542221] The buggy address belongs to the object at fff00000c0c13600
[   30.542221]  which belongs to the cache kmalloc-256 of size 256
[   30.543899] The buggy address is located 33 bytes to the right of
[   30.543899]  allocated 201-byte region [fff00000c0c13600, fff00000c0c136c9)
[   30.545274] 
[   30.545697] The buggy address belongs to the physical page:
[   30.546371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.547306] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.548114] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.548891] page_type: f5(slab)
[   30.549456] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.550432] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.551585] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.552397] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.553263] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.554224] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.555091] page dumped because: kasan: bad access detected
[   30.556021] 
[   30.556306] Memory state around the buggy address:
[   30.557153]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.558082]  fff00000c0c13600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.559297] >fff00000c0c13680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.560036]                                                           ^
[   30.560849]  fff00000c0c13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.561589]  fff00000c0c13780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.562663] ==================================================================
[   30.472136] ==================================================================
[   30.472969] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.473771] Write of size 1 at addr fff00000c0c136da by task kunit_try_catch/147
[   30.474975] 
[   30.475389] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.476749] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.477559] Hardware name: linux,dummy-virt (DT)
[   30.478543] Call trace:
[   30.479426]  show_stack+0x20/0x38 (C)
[   30.479929]  dump_stack_lvl+0x8c/0xd0
[   30.480444]  print_report+0x118/0x5e0
[   30.481028]  kasan_report+0xc8/0x118
[   30.481560]  __asan_report_store1_noabort+0x20/0x30
[   30.482287]  krealloc_less_oob_helper+0xa80/0xc50
[   30.483178]  krealloc_less_oob+0x20/0x38
[   30.483844]  kunit_try_run_case+0x14c/0x3d0
[   30.484482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.485205]  kthread+0x24c/0x2d0
[   30.485779]  ret_from_fork+0x10/0x20
[   30.486386] 
[   30.486920] Allocated by task 147:
[   30.487407]  kasan_save_stack+0x3c/0x68
[   30.488134]  kasan_save_track+0x20/0x40
[   30.488635]  kasan_save_alloc_info+0x40/0x58
[   30.489301]  __kasan_krealloc+0x118/0x178
[   30.489965]  krealloc_noprof+0x128/0x360
[   30.491030]  krealloc_less_oob_helper+0x168/0xc50
[   30.491700]  krealloc_less_oob+0x20/0x38
[   30.492216]  kunit_try_run_case+0x14c/0x3d0
[   30.492875]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.493607]  kthread+0x24c/0x2d0
[   30.494081]  ret_from_fork+0x10/0x20
[   30.495342] 
[   30.495751] The buggy address belongs to the object at fff00000c0c13600
[   30.495751]  which belongs to the cache kmalloc-256 of size 256
[   30.496974] The buggy address is located 17 bytes to the right of
[   30.496974]  allocated 201-byte region [fff00000c0c13600, fff00000c0c136c9)
[   30.498255] 
[   30.499101] The buggy address belongs to the physical page:
[   30.499865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.500659] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.501635] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.502386] page_type: f5(slab)
[   30.503185] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.504087] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.504993] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.505995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.507101] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.508003] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.508848] page dumped because: kasan: bad access detected
[   30.509499] 
[   30.509844] Memory state around the buggy address:
[   30.510393]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.511581]  fff00000c0c13600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.512430] >fff00000c0c13680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.513222]                                                     ^
[   30.513933]  fff00000c0c13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.515341]  fff00000c0c13780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.516133] ==================================================================
[   30.376154] ==================================================================
[   30.377177] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.378092] Write of size 1 at addr fff00000c0c136c9 by task kunit_try_catch/147
[   30.379045] 
[   30.379392] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.381055] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.381555] Hardware name: linux,dummy-virt (DT)
[   30.382498] Call trace:
[   30.382939]  show_stack+0x20/0x38 (C)
[   30.383604]  dump_stack_lvl+0x8c/0xd0
[   30.384243]  print_report+0x118/0x5e0
[   30.384904]  kasan_report+0xc8/0x118
[   30.385476]  __asan_report_store1_noabort+0x20/0x30
[   30.386143]  krealloc_less_oob_helper+0xa48/0xc50
[   30.387195]  krealloc_less_oob+0x20/0x38
[   30.387863]  kunit_try_run_case+0x14c/0x3d0
[   30.388567]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.389354]  kthread+0x24c/0x2d0
[   30.389878]  ret_from_fork+0x10/0x20
[   30.390802] 
[   30.391186] Allocated by task 147:
[   30.391685]  kasan_save_stack+0x3c/0x68
[   30.392283]  kasan_save_track+0x20/0x40
[   30.392931]  kasan_save_alloc_info+0x40/0x58
[   30.393616]  __kasan_krealloc+0x118/0x178
[   30.394155]  krealloc_noprof+0x128/0x360
[   30.395090]  krealloc_less_oob_helper+0x168/0xc50
[   30.395796]  krealloc_less_oob+0x20/0x38
[   30.396391]  kunit_try_run_case+0x14c/0x3d0
[   30.397018]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.397628]  kthread+0x24c/0x2d0
[   30.399069]  ret_from_fork+0x10/0x20
[   30.399684] 
[   30.400056] The buggy address belongs to the object at fff00000c0c13600
[   30.400056]  which belongs to the cache kmalloc-256 of size 256
[   30.401278] The buggy address is located 0 bytes to the right of
[   30.401278]  allocated 201-byte region [fff00000c0c13600, fff00000c0c136c9)
[   30.403043] 
[   30.403463] The buggy address belongs to the physical page:
[   30.404281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.405366] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.406360] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.407216] page_type: f5(slab)
[   30.407698] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.408994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.409924] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.411101] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.412026] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.412966] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.413769] page dumped because: kasan: bad access detected
[   30.414827] 
[   30.415385] Memory state around the buggy address:
[   30.416051]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.416891]  fff00000c0c13600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.417754] >fff00000c0c13680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.418683]                                               ^
[   30.419573]  fff00000c0c13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.420204]  fff00000c0c13780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.421131] ==================================================================
[   30.769904] ==================================================================
[   30.770893] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.771713] Write of size 1 at addr fff00000c62220da by task kunit_try_catch/151
[   30.772724] 
[   30.773140] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.774647] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.775529] Hardware name: linux,dummy-virt (DT)
[   30.776216] Call trace:
[   30.776697]  show_stack+0x20/0x38 (C)
[   30.777365]  dump_stack_lvl+0x8c/0xd0
[   30.778088]  print_report+0x118/0x5e0
[   30.778931]  kasan_report+0xc8/0x118
[   30.779411]  __asan_report_store1_noabort+0x20/0x30
[   30.780379]  krealloc_less_oob_helper+0xa80/0xc50
[   30.781343]  krealloc_large_less_oob+0x20/0x38
[   30.782157]  kunit_try_run_case+0x14c/0x3d0
[   30.783168]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.783906]  kthread+0x24c/0x2d0
[   30.784427]  ret_from_fork+0x10/0x20
[   30.785340] 
[   30.785941] The buggy address belongs to the physical page:
[   30.787164] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.787957] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.788535] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.789482] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.790940] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.791752] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.792680] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.793572] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.794741] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.795908] page dumped because: kasan: bad access detected
[   30.796558] 
[   30.796930] Memory state around the buggy address:
[   30.797501]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.798504]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.799561] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.800453]                                                     ^
[   30.801210]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.802052]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.803330] ==================================================================
[   30.697188] ==================================================================
[   30.698333] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.699598] Write of size 1 at addr fff00000c62220c9 by task kunit_try_catch/151
[   30.701318] 
[   30.701773] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.703304] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.703939] Hardware name: linux,dummy-virt (DT)
[   30.704672] Call trace:
[   30.705219]  show_stack+0x20/0x38 (C)
[   30.705981]  dump_stack_lvl+0x8c/0xd0
[   30.707110]  print_report+0x118/0x5e0
[   30.707749]  kasan_report+0xc8/0x118
[   30.708354]  __asan_report_store1_noabort+0x20/0x30
[   30.709075]  krealloc_less_oob_helper+0xa48/0xc50
[   30.709798]  krealloc_large_less_oob+0x20/0x38
[   30.710503]  kunit_try_run_case+0x14c/0x3d0
[   30.711530]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.712311]  kthread+0x24c/0x2d0
[   30.712893]  ret_from_fork+0x10/0x20
[   30.713370] 
[   30.713829] The buggy address belongs to the physical page:
[   30.714980] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.715939] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.716804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.717610] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.718577] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.719712] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.720582] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.721434] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.722349] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.723119] page dumped because: kasan: bad access detected
[   30.723868] 
[   30.724178] Memory state around the buggy address:
[   30.724865]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.725634]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.726425] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.727480]                                               ^
[   30.728419]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.729273]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.729992] ==================================================================
[   30.804596] ==================================================================
[   30.805473] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.806221] Write of size 1 at addr fff00000c62220ea by task kunit_try_catch/151
[   30.807232] 
[   30.807655] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.808765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.809371] Hardware name: linux,dummy-virt (DT)
[   30.810007] Call trace:
[   30.810989]  show_stack+0x20/0x38 (C)
[   30.811499]  dump_stack_lvl+0x8c/0xd0
[   30.812186]  print_report+0x118/0x5e0
[   30.812874]  kasan_report+0xc8/0x118
[   30.813555]  __asan_report_store1_noabort+0x20/0x30
[   30.814345]  krealloc_less_oob_helper+0xae4/0xc50
[   30.815178]  krealloc_large_less_oob+0x20/0x38
[   30.815924]  kunit_try_run_case+0x14c/0x3d0
[   30.816722]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.817608]  kthread+0x24c/0x2d0
[   30.818229]  ret_from_fork+0x10/0x20
[   30.818943] 
[   30.819471] The buggy address belongs to the physical page:
[   30.820289] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.821330] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.822162] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.823180] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.823973] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.824963] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.825900] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.826845] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.827776] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.828690] page dumped because: kasan: bad access detected
[   30.829397] 
[   30.829837] Memory state around the buggy address:
[   30.830428]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.831402]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.832252] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.833172]                                                           ^
[   30.833974]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.834807]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.835697] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pqe81wAmdEAk58M4QzuPMJQH7i

job_id

TEST:linaro@lkft#2pqeCEaArxo5MC5gKpCZgjDmQfr

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pqeCEaArxo5MC5gKpCZgjDmQfr

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pqe8zShxf7LXfHLN65lsQtNnuf/Image.gz
sha256sum	8eacd80f3030cc7f9cde4ef2b91f53f31b00687dfe58810a77cbbd644ab42579

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pqe8zShxf7LXfHLN65lsQtNnuf/modules.tar.xz
sha256sum	6c79fa2abc795265f294a3cf6a6de2111df110b5a4707bd68a8cb4acf6d27f8c

durations

tests

boot	687.84
kunit	502.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   23.130462] ==================================================================
[   23.131665] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   23.133581] Write of size 1 at addr ffff888102aba0d0 by task kunit_try_catch/170
[   23.134638] 
[   23.134782] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.135302] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.135558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.136052] Call Trace:
[   23.137177]  <TASK>
[   23.137848]  dump_stack_lvl+0x73/0xb0
[   23.138488]  print_report+0xd1/0x640
[   23.138718]  ? __virt_addr_valid+0x1db/0x2d0
[   23.138924]  ? kasan_addr_to_slab+0x11/0xa0
[   23.139245]  kasan_report+0x102/0x140
[   23.139970]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.140419]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.141759]  __asan_report_store1_noabort+0x1b/0x30
[   23.142268]  krealloc_less_oob_helper+0xe25/0x11d0
[   23.142802]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.143808]  ? finish_task_switch.isra.0+0x153/0x700
[   23.144352]  ? __switch_to+0x5d9/0xf60
[   23.144742]  ? __schedule+0xc70/0x27e0
[   23.145052]  ? __pfx_read_tsc+0x10/0x10
[   23.146845]  krealloc_large_less_oob+0x1c/0x30
[   23.147406]  kunit_try_run_case+0x1b3/0x490
[   23.148296]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.149034]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.149558]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.150076]  ? __kthread_parkme+0x82/0x160
[   23.151193]  ? preempt_count_sub+0x50/0x80
[   23.151638]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.152323]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.153015]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.153586]  kthread+0x257/0x310
[   23.154059]  ? __pfx_kthread+0x10/0x10
[   23.154410]  ret_from_fork+0x41/0x80
[   23.154817]  ? __pfx_kthread+0x10/0x10
[   23.155341]  ret_from_fork_asm+0x1a/0x30
[   23.155710]  </TASK>
[   23.156048] 
[   23.157232] The buggy address belongs to the physical page:
[   23.157911] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.158760] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.159752] flags: 0x200000000000040(head|node=0|zone=2)
[   23.160276] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.162033] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.163014] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.163874] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.164572] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.166160] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.166829] page dumped because: kasan: bad access detected
[   23.167360] 
[   23.167533] Memory state around the buggy address:
[   23.168087]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.169211]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.169912] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.170535]                                                  ^
[   23.172049]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.172684]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.173399] ==================================================================
[   22.617182] ==================================================================
[   22.618750] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   22.620582] Write of size 1 at addr ffff8881003978c9 by task kunit_try_catch/166
[   22.621239] 
[   22.621486] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.623788] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.624234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.626436] Call Trace:
[   22.627319]  <TASK>
[   22.627484]  dump_stack_lvl+0x73/0xb0
[   22.628740]  print_report+0xd1/0x640
[   22.629199]  ? __virt_addr_valid+0x1db/0x2d0
[   22.630312]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.631815]  kasan_report+0x102/0x140
[   22.632222]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   22.633584]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   22.635071]  __asan_report_store1_noabort+0x1b/0x30
[   22.635592]  krealloc_less_oob_helper+0xd72/0x11d0
[   22.636119]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.636618]  ? finish_task_switch.isra.0+0x153/0x700
[   22.638690]  ? __switch_to+0x5d9/0xf60
[   22.639223]  ? __schedule+0xc70/0x27e0
[   22.640168]  ? __pfx_read_tsc+0x10/0x10
[   22.640916]  krealloc_less_oob+0x1c/0x30
[   22.642310]  kunit_try_run_case+0x1b3/0x490
[   22.642667]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.643878]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.644924]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.646544]  ? __kthread_parkme+0x82/0x160
[   22.647023]  ? preempt_count_sub+0x50/0x80
[   22.648257]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.649492]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.650156]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.651290]  kthread+0x257/0x310
[   22.651968]  ? __pfx_kthread+0x10/0x10
[   22.653450]  ret_from_fork+0x41/0x80
[   22.653861]  ? __pfx_kthread+0x10/0x10
[   22.654319]  ret_from_fork_asm+0x1a/0x30
[   22.655789]  </TASK>
[   22.656174] 
[   22.656438] Allocated by task 166:
[   22.656796]  kasan_save_stack+0x3d/0x60
[   22.658161]  kasan_save_track+0x18/0x40
[   22.659043]  kasan_save_alloc_info+0x3b/0x50
[   22.660418]  __kasan_krealloc+0x190/0x1f0
[   22.661300]  krealloc_noprof+0xf3/0x340
[   22.662198]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.663233]  krealloc_less_oob+0x1c/0x30
[   22.663523]  kunit_try_run_case+0x1b3/0x490
[   22.664424]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.665882]  kthread+0x257/0x310
[   22.666988]  ret_from_fork+0x41/0x80
[   22.667860]  ret_from_fork_asm+0x1a/0x30
[   22.668152] 
[   22.668329] The buggy address belongs to the object at ffff888100397800
[   22.668329]  which belongs to the cache kmalloc-256 of size 256
[   22.671132] The buggy address is located 0 bytes to the right of
[   22.671132]  allocated 201-byte region [ffff888100397800, ffff8881003978c9)
[   22.673350] 
[   22.673554] The buggy address belongs to the physical page:
[   22.674267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396
[   22.674887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.677021] flags: 0x200000000000040(head|node=0|zone=2)
[   22.677551] page_type: f5(slab)
[   22.678155] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.679803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.680612] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.681454] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.684010] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000
[   22.685322] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.686790] page dumped because: kasan: bad access detected
[   22.688060] 
[   22.688258] Memory state around the buggy address:
[   22.688540]  ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.690072]  ffff888100397800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.690919] >ffff888100397880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.693012]                                               ^
[   22.693719]  ffff888100397900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.695165]  ffff888100397980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.696421] ==================================================================
[   22.698189] ==================================================================
[   22.699002] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   22.699659] Write of size 1 at addr ffff8881003978d0 by task kunit_try_catch/166
[   22.700378] 
[   22.700568] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.702508] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.702992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.705851] Call Trace:
[   22.706114]  <TASK>
[   22.706789]  dump_stack_lvl+0x73/0xb0
[   22.707477]  print_report+0xd1/0x640
[   22.708520]  ? __virt_addr_valid+0x1db/0x2d0
[   22.708973]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.709924]  kasan_report+0x102/0x140
[   22.711231]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.712446]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   22.713643]  __asan_report_store1_noabort+0x1b/0x30
[   22.715025]  krealloc_less_oob_helper+0xe25/0x11d0
[   22.716057]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.716473]  ? finish_task_switch.isra.0+0x153/0x700
[   22.717027]  ? __switch_to+0x5d9/0xf60
[   22.717815]  ? __schedule+0xc70/0x27e0
[   22.718195]  ? __pfx_read_tsc+0x10/0x10
[   22.718818]  krealloc_less_oob+0x1c/0x30
[   22.719151]  kunit_try_run_case+0x1b3/0x490
[   22.720582]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.721287]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.721690]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.722865]  ? __kthread_parkme+0x82/0x160
[   22.723265]  ? preempt_count_sub+0x50/0x80
[   22.724583]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.725273]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.726020]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.726752]  kthread+0x257/0x310
[   22.728168]  ? __pfx_kthread+0x10/0x10
[   22.728614]  ret_from_fork+0x41/0x80
[   22.729407]  ? __pfx_kthread+0x10/0x10
[   22.729756]  ret_from_fork_asm+0x1a/0x30
[   22.730514]  </TASK>
[   22.730749] 
[   22.731432] Allocated by task 166:
[   22.731993]  kasan_save_stack+0x3d/0x60
[   22.732466]  kasan_save_track+0x18/0x40
[   22.732920]  kasan_save_alloc_info+0x3b/0x50
[   22.734377]  __kasan_krealloc+0x190/0x1f0
[   22.735263]  krealloc_noprof+0xf3/0x340
[   22.735718]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.736573]  krealloc_less_oob+0x1c/0x30
[   22.736912]  kunit_try_run_case+0x1b3/0x490
[   22.738082]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.738608]  kthread+0x257/0x310
[   22.739482]  ret_from_fork+0x41/0x80
[   22.739793]  ret_from_fork_asm+0x1a/0x30
[   22.740765] 
[   22.741099] The buggy address belongs to the object at ffff888100397800
[   22.741099]  which belongs to the cache kmalloc-256 of size 256
[   22.742134] The buggy address is located 7 bytes to the right of
[   22.742134]  allocated 201-byte region [ffff888100397800, ffff8881003978c9)
[   22.744849] 
[   22.745466] The buggy address belongs to the physical page:
[   22.746254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396
[   22.747031] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.748497] flags: 0x200000000000040(head|node=0|zone=2)
[   22.750128] page_type: f5(slab)
[   22.750862] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.751603] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.753504] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.754561] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.755581] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000
[   22.756037] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.756433] page dumped because: kasan: bad access detected
[   22.756654] 
[   22.756748] Memory state around the buggy address:
[   22.757052]  ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.758816]  ffff888100397800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.759848] >ffff888100397880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.761011]                                                  ^
[   22.761370]  ffff888100397900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.761801]  ffff888100397980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.762638] ==================================================================
[   23.174334] ==================================================================
[   23.175070] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   23.175984] Write of size 1 at addr ffff888102aba0da by task kunit_try_catch/170
[   23.177497] 
[   23.177802] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.179680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.180013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.181027] Call Trace:
[   23.182365]  <TASK>
[   23.182649]  dump_stack_lvl+0x73/0xb0
[   23.182995]  print_report+0xd1/0x640
[   23.183723]  ? __virt_addr_valid+0x1db/0x2d0
[   23.184690]  ? kasan_addr_to_slab+0x11/0xa0
[   23.185305]  kasan_report+0x102/0x140
[   23.186489]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.186984]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.187680]  __asan_report_store1_noabort+0x1b/0x30
[   23.188304]  krealloc_less_oob_helper+0xec8/0x11d0
[   23.188819]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.189383]  ? finish_task_switch.isra.0+0x153/0x700
[   23.189880]  ? __switch_to+0x5d9/0xf60
[   23.190363]  ? __schedule+0xc70/0x27e0
[   23.190819]  ? __pfx_read_tsc+0x10/0x10
[   23.191347]  krealloc_large_less_oob+0x1c/0x30
[   23.191710]  kunit_try_run_case+0x1b3/0x490
[   23.192335]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.192793]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.193178]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.193822]  ? __kthread_parkme+0x82/0x160
[   23.195331]  ? preempt_count_sub+0x50/0x80
[   23.196051]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.196406]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.196800]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.197845]  kthread+0x257/0x310
[   23.198415]  ? __pfx_kthread+0x10/0x10
[   23.198731]  ret_from_fork+0x41/0x80
[   23.199269]  ? __pfx_kthread+0x10/0x10
[   23.200744]  ret_from_fork_asm+0x1a/0x30
[   23.201292]  </TASK>
[   23.201701] 
[   23.201984] The buggy address belongs to the physical page:
[   23.202331] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.203313] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.205338] flags: 0x200000000000040(head|node=0|zone=2)
[   23.206244] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.206995] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.208035] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.209297] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.210145] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.211803] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.212583] page dumped because: kasan: bad access detected
[   23.213640] 
[   23.213885] Memory state around the buggy address:
[   23.215356]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.216334]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.216910] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.217751]                                                     ^
[   23.219359]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.219817]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.220718] ==================================================================
[   23.222244] ==================================================================
[   23.223780] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   23.225059] Write of size 1 at addr ffff888102aba0ea by task kunit_try_catch/170
[   23.226302] 
[   23.226594] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.227895] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.229140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.230467] Call Trace:
[   23.231066]  <TASK>
[   23.231471]  dump_stack_lvl+0x73/0xb0
[   23.232298]  print_report+0xd1/0x640
[   23.233406]  ? __virt_addr_valid+0x1db/0x2d0
[   23.234271]  ? kasan_addr_to_slab+0x11/0xa0
[   23.234782]  kasan_report+0x102/0x140
[   23.235104]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.236141]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.236573]  __asan_report_store1_noabort+0x1b/0x30
[   23.238409]  krealloc_less_oob_helper+0xe92/0x11d0
[   23.239298]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.240233]  ? finish_task_switch.isra.0+0x153/0x700
[   23.240763]  ? __switch_to+0x5d9/0xf60
[   23.242280]  ? __schedule+0xc70/0x27e0
[   23.243071]  ? __pfx_read_tsc+0x10/0x10
[   23.243761]  krealloc_large_less_oob+0x1c/0x30
[   23.244222]  kunit_try_run_case+0x1b3/0x490
[   23.245386]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.245997]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.247296]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.248278]  ? __kthread_parkme+0x82/0x160
[   23.248588]  ? preempt_count_sub+0x50/0x80
[   23.249262]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.249710]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.251280]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.252069]  kthread+0x257/0x310
[   23.252454]  ? __pfx_kthread+0x10/0x10
[   23.253494]  ret_from_fork+0x41/0x80
[   23.254070]  ? __pfx_kthread+0x10/0x10
[   23.254706]  ret_from_fork_asm+0x1a/0x30
[   23.255461]  </TASK>
[   23.255792] 
[   23.256094] The buggy address belongs to the physical page:
[   23.256501] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.257861] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.259203] flags: 0x200000000000040(head|node=0|zone=2)
[   23.260253] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.261284] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.261692] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.264332] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.265765] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.266765] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.267537] page dumped because: kasan: bad access detected
[   23.268434] 
[   23.268680] Memory state around the buggy address:
[   23.270072]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.270813]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.272204] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.273545]                                                           ^
[   23.274635]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.275592]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.276656] ==================================================================
[   22.892338] ==================================================================
[   22.893213] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   22.894034] Write of size 1 at addr ffff8881003978eb by task kunit_try_catch/166
[   22.894904] 
[   22.895238] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.896696] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.897225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.898441] Call Trace:
[   22.898770]  <TASK>
[   22.899022]  dump_stack_lvl+0x73/0xb0
[   22.899350]  print_report+0xd1/0x640
[   22.900518]  ? __virt_addr_valid+0x1db/0x2d0
[   22.901212]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.902226]  kasan_report+0x102/0x140
[   22.902845]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.903318]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   22.904393]  __asan_report_store1_noabort+0x1b/0x30
[   22.904757]  krealloc_less_oob_helper+0xd49/0x11d0
[   22.905387]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.907023]  ? finish_task_switch.isra.0+0x153/0x700
[   22.907854]  ? __switch_to+0x5d9/0xf60
[   22.908355]  ? __schedule+0xc70/0x27e0
[   22.909275]  ? __pfx_read_tsc+0x10/0x10
[   22.910281]  krealloc_less_oob+0x1c/0x30
[   22.910820]  kunit_try_run_case+0x1b3/0x490
[   22.911295]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.912245]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.912921]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.913556]  ? __kthread_parkme+0x82/0x160
[   22.914841]  ? preempt_count_sub+0x50/0x80
[   22.915336]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.916018]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.916732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.917743]  kthread+0x257/0x310
[   22.918148]  ? __pfx_kthread+0x10/0x10
[   22.919117]  ret_from_fork+0x41/0x80
[   22.919540]  ? __pfx_kthread+0x10/0x10
[   22.920091]  ret_from_fork_asm+0x1a/0x30
[   22.920960]  </TASK>
[   22.921260] 
[   22.921740] Allocated by task 166:
[   22.922539]  kasan_save_stack+0x3d/0x60
[   22.923661]  kasan_save_track+0x18/0x40
[   22.923993]  kasan_save_alloc_info+0x3b/0x50
[   22.924550]  __kasan_krealloc+0x190/0x1f0
[   22.925434]  krealloc_noprof+0xf3/0x340
[   22.925742]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.927355]  krealloc_less_oob+0x1c/0x30
[   22.927969]  kunit_try_run_case+0x1b3/0x490
[   22.928552]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.929307]  kthread+0x257/0x310
[   22.929904]  ret_from_fork+0x41/0x80
[   22.930365]  ret_from_fork_asm+0x1a/0x30
[   22.930824] 
[   22.931061] The buggy address belongs to the object at ffff888100397800
[   22.931061]  which belongs to the cache kmalloc-256 of size 256
[   22.932178] The buggy address is located 34 bytes to the right of
[   22.932178]  allocated 201-byte region [ffff888100397800, ffff8881003978c9)
[   22.934213] 
[   22.934536] The buggy address belongs to the physical page:
[   22.935091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396
[   22.936002] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.936680] flags: 0x200000000000040(head|node=0|zone=2)
[   22.937401] page_type: f5(slab)
[   22.937802] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.939657] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.940854] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.942581] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.943498] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000
[   22.944139] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.945234] page dumped because: kasan: bad access detected
[   22.946257] 
[   22.946610] Memory state around the buggy address:
[   22.947856]  ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.948867]  ffff888100397800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.950164] >ffff888100397880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.950794]                                                           ^
[   22.953050]  ffff888100397900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.953858]  ffff888100397980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.954636] ==================================================================
[   23.278462] ==================================================================
[   23.279388] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   23.280830] Write of size 1 at addr ffff888102aba0eb by task kunit_try_catch/170
[   23.281716] 
[   23.282180] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.284161] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.284645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.286869] Call Trace:
[   23.287500]  <TASK>
[   23.287864]  dump_stack_lvl+0x73/0xb0
[   23.288975]  print_report+0xd1/0x640
[   23.289438]  ? __virt_addr_valid+0x1db/0x2d0
[   23.290092]  ? kasan_addr_to_slab+0x11/0xa0
[   23.290981]  kasan_report+0x102/0x140
[   23.291630]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.292879]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.293552]  __asan_report_store1_noabort+0x1b/0x30
[   23.294557]  krealloc_less_oob_helper+0xd49/0x11d0
[   23.295347]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.296471]  ? finish_task_switch.isra.0+0x153/0x700
[   23.297521]  ? __switch_to+0x5d9/0xf60
[   23.298357]  ? __schedule+0xc70/0x27e0
[   23.298874]  ? __pfx_read_tsc+0x10/0x10
[   23.299534]  krealloc_large_less_oob+0x1c/0x30
[   23.300887]  kunit_try_run_case+0x1b3/0x490
[   23.301304]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.302008]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.302313]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.302622]  ? __kthread_parkme+0x82/0x160
[   23.302818]  ? preempt_count_sub+0x50/0x80
[   23.303093]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.303578]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.305873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.306570]  kthread+0x257/0x310
[   23.307263]  ? __pfx_kthread+0x10/0x10
[   23.307908]  ret_from_fork+0x41/0x80
[   23.309419]  ? __pfx_kthread+0x10/0x10
[   23.310196]  ret_from_fork_asm+0x1a/0x30
[   23.310545]  </TASK>
[   23.310837] 
[   23.311056] The buggy address belongs to the physical page:
[   23.311899] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.312507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.313875] flags: 0x200000000000040(head|node=0|zone=2)
[   23.314640] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.315294] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.316265] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.316884] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.318989] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.321062] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.321878] page dumped because: kasan: bad access detected
[   23.322395] 
[   23.322995] Memory state around the buggy address:
[   23.323925]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.325195]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.325849] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.326739]                                                           ^
[   23.327265]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.327791]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.328530] ==================================================================
[   22.829356] ==================================================================
[   22.830381] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   22.831066] Write of size 1 at addr ffff8881003978ea by task kunit_try_catch/166
[   22.831791] 
[   22.832434] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.834043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.834573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.835259] Call Trace:
[   22.836018]  <TASK>
[   22.836406]  dump_stack_lvl+0x73/0xb0
[   22.837010]  print_report+0xd1/0x640
[   22.838048]  ? __virt_addr_valid+0x1db/0x2d0
[   22.838591]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.839512]  kasan_report+0x102/0x140
[   22.840369]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.841743]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   22.842337]  __asan_report_store1_noabort+0x1b/0x30
[   22.842966]  krealloc_less_oob_helper+0xe92/0x11d0
[   22.843995]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.844372]  ? finish_task_switch.isra.0+0x153/0x700
[   22.845635]  ? __switch_to+0x5d9/0xf60
[   22.846349]  ? __schedule+0xc70/0x27e0
[   22.846830]  ? __pfx_read_tsc+0x10/0x10
[   22.847393]  krealloc_less_oob+0x1c/0x30
[   22.847846]  kunit_try_run_case+0x1b3/0x490
[   22.848671]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.849074]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.850545]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.851299]  ? __kthread_parkme+0x82/0x160
[   22.851867]  ? preempt_count_sub+0x50/0x80
[   22.852474]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.853293]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.853925]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.855082]  kthread+0x257/0x310
[   22.855467]  ? __pfx_kthread+0x10/0x10
[   22.855860]  ret_from_fork+0x41/0x80
[   22.856742]  ? __pfx_kthread+0x10/0x10
[   22.857063]  ret_from_fork_asm+0x1a/0x30
[   22.857983]  </TASK>
[   22.858797] 
[   22.859049] Allocated by task 166:
[   22.859289]  kasan_save_stack+0x3d/0x60
[   22.860432]  kasan_save_track+0x18/0x40
[   22.861222]  kasan_save_alloc_info+0x3b/0x50
[   22.861647]  __kasan_krealloc+0x190/0x1f0
[   22.861990]  krealloc_noprof+0xf3/0x340
[   22.862887]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.863704]  krealloc_less_oob+0x1c/0x30
[   22.864384]  kunit_try_run_case+0x1b3/0x490
[   22.864746]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.865474]  kthread+0x257/0x310
[   22.865899]  ret_from_fork+0x41/0x80
[   22.867407]  ret_from_fork_asm+0x1a/0x30
[   22.868089] 
[   22.868294] The buggy address belongs to the object at ffff888100397800
[   22.868294]  which belongs to the cache kmalloc-256 of size 256
[   22.869981] The buggy address is located 33 bytes to the right of
[   22.869981]  allocated 201-byte region [ffff888100397800, ffff8881003978c9)
[   22.870804] 
[   22.872110] The buggy address belongs to the physical page:
[   22.872497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396
[   22.873757] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.874702] flags: 0x200000000000040(head|node=0|zone=2)
[   22.875920] page_type: f5(slab)
[   22.877105] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.878071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.878695] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.879754] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.880764] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000
[   22.882099] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.883245] page dumped because: kasan: bad access detected
[   22.884108] 
[   22.884301] Memory state around the buggy address:
[   22.885017]  ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.886602]  ffff888100397800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.887280] >ffff888100397880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.887973]                                                           ^
[   22.889022]  ffff888100397900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.889562]  ffff888100397980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.890377] ==================================================================
[   23.079029] ==================================================================
[   23.079992] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   23.082408] Write of size 1 at addr ffff888102aba0c9 by task kunit_try_catch/170
[   23.083249] 
[   23.083594] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.085277] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.086422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.087499] Call Trace:
[   23.087653]  <TASK>
[   23.087786]  dump_stack_lvl+0x73/0xb0
[   23.088099]  print_report+0xd1/0x640
[   23.088397]  ? __virt_addr_valid+0x1db/0x2d0
[   23.089161]  ? kasan_addr_to_slab+0x11/0xa0
[   23.090467]  kasan_report+0x102/0x140
[   23.090889]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.091739]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.092868]  __asan_report_store1_noabort+0x1b/0x30
[   23.093360]  krealloc_less_oob_helper+0xd72/0x11d0
[   23.094318]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.095675]  ? finish_task_switch.isra.0+0x153/0x700
[   23.096513]  ? __switch_to+0x5d9/0xf60
[   23.097121]  ? __schedule+0xc70/0x27e0
[   23.097767]  ? __pfx_read_tsc+0x10/0x10
[   23.098516]  krealloc_large_less_oob+0x1c/0x30
[   23.099699]  kunit_try_run_case+0x1b3/0x490
[   23.100193]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.100671]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.102037]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.102565]  ? __kthread_parkme+0x82/0x160
[   23.102998]  ? preempt_count_sub+0x50/0x80
[   23.103363]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.103773]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.105094]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.106171]  kthread+0x257/0x310
[   23.106582]  ? __pfx_kthread+0x10/0x10
[   23.107200]  ret_from_fork+0x41/0x80
[   23.107764]  ? __pfx_kthread+0x10/0x10
[   23.108120]  ret_from_fork_asm+0x1a/0x30
[   23.108658]  </TASK>
[   23.109610] 
[   23.110505] The buggy address belongs to the physical page:
[   23.110999] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.111729] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.112903] flags: 0x200000000000040(head|node=0|zone=2)
[   23.113559] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.114371] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.115424] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.116384] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.118089] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.119378] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.120089] page dumped because: kasan: bad access detected
[   23.120619] 
[   23.120981] Memory state around the buggy address:
[   23.121986]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.122405]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.124217] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.124732]                                               ^
[   23.125232]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.126097]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.127345] ==================================================================
[   22.764718] ==================================================================
[   22.766154] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   22.767146] Write of size 1 at addr ffff8881003978da by task kunit_try_catch/166
[   22.768398] 
[   22.768584] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.769369] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.770635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.771528] Call Trace:
[   22.771832]  <TASK>
[   22.772089]  dump_stack_lvl+0x73/0xb0
[   22.772576]  print_report+0xd1/0x640
[   22.772891]  ? __virt_addr_valid+0x1db/0x2d0
[   22.773641]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.774082]  kasan_report+0x102/0x140
[   22.775307]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.776222]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   22.776866]  __asan_report_store1_noabort+0x1b/0x30
[   22.777821]  krealloc_less_oob_helper+0xec8/0x11d0
[   22.778381]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   22.779037]  ? finish_task_switch.isra.0+0x153/0x700
[   22.779465]  ? __switch_to+0x5d9/0xf60
[   22.779923]  ? __schedule+0xc70/0x27e0
[   22.781331]  ? __pfx_read_tsc+0x10/0x10
[   22.781745]  krealloc_less_oob+0x1c/0x30
[   22.782520]  kunit_try_run_case+0x1b3/0x490
[   22.782907]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.783471]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.784029]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.785171]  ? __kthread_parkme+0x82/0x160
[   22.785958]  ? preempt_count_sub+0x50/0x80
[   22.786682]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.787338]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.788438]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.790064]  kthread+0x257/0x310
[   22.790514]  ? __pfx_kthread+0x10/0x10
[   22.791551]  ret_from_fork+0x41/0x80
[   22.792356]  ? __pfx_kthread+0x10/0x10
[   22.792999]  ret_from_fork_asm+0x1a/0x30
[   22.794466]  </TASK>
[   22.794737] 
[   22.794956] Allocated by task 166:
[   22.795206]  kasan_save_stack+0x3d/0x60
[   22.795712]  kasan_save_track+0x18/0x40
[   22.796276]  kasan_save_alloc_info+0x3b/0x50
[   22.796738]  __kasan_krealloc+0x190/0x1f0
[   22.798155]  krealloc_noprof+0xf3/0x340
[   22.798771]  krealloc_less_oob_helper+0x1ab/0x11d0
[   22.799780]  krealloc_less_oob+0x1c/0x30
[   22.801072]  kunit_try_run_case+0x1b3/0x490
[   22.801611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.803251]  kthread+0x257/0x310
[   22.803659]  ret_from_fork+0x41/0x80
[   22.803923]  ret_from_fork_asm+0x1a/0x30
[   22.804774] 
[   22.805006] The buggy address belongs to the object at ffff888100397800
[   22.805006]  which belongs to the cache kmalloc-256 of size 256
[   22.806329] The buggy address is located 17 bytes to the right of
[   22.806329]  allocated 201-byte region [ffff888100397800, ffff8881003978c9)
[   22.808343] 
[   22.808639] The buggy address belongs to the physical page:
[   22.809116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100396
[   22.810359] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.811907] flags: 0x200000000000040(head|node=0|zone=2)
[   22.812483] page_type: f5(slab)
[   22.812834] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.813971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.815689] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.816423] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.817425] head: 0200000000000001 ffffea000400e581 ffffffffffffffff 0000000000000000
[   22.818403] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.820028] page dumped because: kasan: bad access detected
[   22.820619] 
[   22.820791] Memory state around the buggy address:
[   22.821430]  ffff888100397780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.822464]  ffff888100397800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.823863] >ffff888100397880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.824695]                                                     ^
[   22.825823]  ffff888100397900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.826483]  ffff888100397980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.827784] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pqe81wAmdEAk58M4QzuPMJQH7i

job_id

TEST:linaro@lkft#2pqeDMvrBhixnDqLVmPwCDtjEkb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pqeDMvrBhixnDqLVmPwCDtjEkb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pqeA5KBCoshFiQWYCWW4AkMtRi/bzImage
sha256sum	576f79e59297f8220b90f483ee888cf8595a10fb568b758edca1e6aa6875ea2a

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pqeA5KBCoshFiQWYCWW4AkMtRi/modules.tar.xz
sha256sum	87cbf29cac13f8253bb9fbe1586a4614307b91d91be8deb1585a5d59783cabc6

durations

tests

boot	455.40
kunit	486.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit