Hay
Sign in
Date
Dec. 6, 2024, 3:11 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.319477] ==================================================================
[   30.320972] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   30.321931] Write of size 1 at addr fff00000c0c134f0 by task kunit_try_catch/145
[   30.323337] 
[   30.323735] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.324966] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.325549] Hardware name: linux,dummy-virt (DT)
[   30.326223] Call trace:
[   30.326613]  show_stack+0x20/0x38 (C)
[   30.327260]  dump_stack_lvl+0x8c/0xd0
[   30.327908]  print_report+0x118/0x5e0
[   30.328482]  kasan_report+0xc8/0x118
[   30.329318]  __asan_report_store1_noabort+0x20/0x30
[   30.329956]  krealloc_more_oob_helper+0x5c8/0x680
[   30.330972]  krealloc_more_oob+0x20/0x38
[   30.331554]  kunit_try_run_case+0x14c/0x3d0
[   30.332236]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.332900]  kthread+0x24c/0x2d0
[   30.333484]  ret_from_fork+0x10/0x20
[   30.334141] 
[   30.334783] Allocated by task 145:
[   30.335287]  kasan_save_stack+0x3c/0x68
[   30.335924]  kasan_save_track+0x20/0x40
[   30.336465]  kasan_save_alloc_info+0x40/0x58
[   30.337150]  __kasan_krealloc+0x118/0x178
[   30.337800]  krealloc_noprof+0x128/0x360
[   30.338653]  krealloc_more_oob_helper+0x168/0x680
[   30.339292]  krealloc_more_oob+0x20/0x38
[   30.339922]  kunit_try_run_case+0x14c/0x3d0
[   30.340541]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.341238]  kthread+0x24c/0x2d0
[   30.341781]  ret_from_fork+0x10/0x20
[   30.343170] 
[   30.343423] The buggy address belongs to the object at fff00000c0c13400
[   30.343423]  which belongs to the cache kmalloc-256 of size 256
[   30.344756] The buggy address is located 5 bytes to the right of
[   30.344756]  allocated 235-byte region [fff00000c0c13400, fff00000c0c134eb)
[   30.345936] 
[   30.346635] The buggy address belongs to the physical page:
[   30.347338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.348270] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.349059] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.349928] page_type: f5(slab)
[   30.350715] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.351640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.352534] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.353468] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.354389] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.355341] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.356219] page dumped because: kasan: bad access detected
[   30.356823] 
[   30.357193] Memory state around the buggy address:
[   30.357854]  fff00000c0c13380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.359090]  fff00000c0c13400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.359862] >fff00000c0c13480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.360725]                                                              ^
[   30.361531]  fff00000c0c13500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.362344]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.363027] ==================================================================
[   30.273328] ==================================================================
[   30.274086] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   30.275399] Write of size 1 at addr fff00000c0c134eb by task kunit_try_catch/145
[   30.276057] 
[   30.276399] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.277466] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.278056] Hardware name: linux,dummy-virt (DT)
[   30.278957] Call trace:
[   30.279379]  show_stack+0x20/0x38 (C)
[   30.280037]  dump_stack_lvl+0x8c/0xd0
[   30.280914]  print_report+0x118/0x5e0
[   30.281450]  kasan_report+0xc8/0x118
[   30.282094]  __asan_report_store1_noabort+0x20/0x30
[   30.283045]  krealloc_more_oob_helper+0x614/0x680
[   30.283767]  krealloc_more_oob+0x20/0x38
[   30.284413]  kunit_try_run_case+0x14c/0x3d0
[   30.285098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.285832]  kthread+0x24c/0x2d0
[   30.286737]  ret_from_fork+0x10/0x20
[   30.287285] 
[   30.287682] Allocated by task 145:
[   30.288174]  kasan_save_stack+0x3c/0x68
[   30.288828]  kasan_save_track+0x20/0x40
[   30.289307]  kasan_save_alloc_info+0x40/0x58
[   30.289993]  __kasan_krealloc+0x118/0x178
[   30.291013]  krealloc_noprof+0x128/0x360
[   30.291648]  krealloc_more_oob_helper+0x168/0x680
[   30.292260]  krealloc_more_oob+0x20/0x38
[   30.292870]  kunit_try_run_case+0x14c/0x3d0
[   30.293419]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.294208]  kthread+0x24c/0x2d0
[   30.294775]  ret_from_fork+0x10/0x20
[   30.295273] 
[   30.295681] The buggy address belongs to the object at fff00000c0c13400
[   30.295681]  which belongs to the cache kmalloc-256 of size 256
[   30.297864] The buggy address is located 0 bytes to the right of
[   30.297864]  allocated 235-byte region [fff00000c0c13400, fff00000c0c134eb)
[   30.299638] 
[   30.299980] The buggy address belongs to the physical page:
[   30.300648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100c12
[   30.301505] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.302282] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.303535] page_type: f5(slab)
[   30.304076] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.304915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.305838] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.307165] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.308133] head: 0bfffe0000000001 ffffc1ffc3030481 ffffffffffffffff 0000000000000000
[   30.308978] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   30.309824] page dumped because: kasan: bad access detected
[   30.310974] 
[   30.311340] Memory state around the buggy address:
[   30.312013]  fff00000c0c13380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.312842]  fff00000c0c13400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.313623] >fff00000c0c13480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.314350]                                                           ^
[   30.315578]  fff00000c0c13500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.316531]  fff00000c0c13580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.317465] ==================================================================
[   30.618766] ==================================================================
[   30.619998] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   30.620963] Write of size 1 at addr fff00000c62220eb by task kunit_try_catch/149
[   30.621631] 
[   30.622041] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.623881] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.624535] Hardware name: linux,dummy-virt (DT)
[   30.625151] Call trace:
[   30.625806]  show_stack+0x20/0x38 (C)
[   30.626550]  dump_stack_lvl+0x8c/0xd0
[   30.627386]  print_report+0x118/0x5e0
[   30.627961]  kasan_report+0xc8/0x118
[   30.628584]  __asan_report_store1_noabort+0x20/0x30
[   30.629220]  krealloc_more_oob_helper+0x614/0x680
[   30.629937]  krealloc_large_more_oob+0x20/0x38
[   30.630667]  kunit_try_run_case+0x14c/0x3d0
[   30.631310]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.632127]  kthread+0x24c/0x2d0
[   30.632835]  ret_from_fork+0x10/0x20
[   30.633557] 
[   30.633942] The buggy address belongs to the physical page:
[   30.635017] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.635950] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.636843] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.637802] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.639248] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.640205] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.641102] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.641850] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.643064] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.644128] page dumped because: kasan: bad access detected
[   30.644795] 
[   30.645149] Memory state around the buggy address:
[   30.646166]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.647391]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.648334] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.649176]                                                           ^
[   30.649906]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.650674]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.651500] ==================================================================
[   30.653378] ==================================================================
[   30.654563] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   30.655912] Write of size 1 at addr fff00000c62220f0 by task kunit_try_catch/149
[   30.656735] 
[   30.657172] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   30.658589] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.660245] Hardware name: linux,dummy-virt (DT)
[   30.660995] Call trace:
[   30.661585]  show_stack+0x20/0x38 (C)
[   30.662657]  dump_stack_lvl+0x8c/0xd0
[   30.663154]  print_report+0x118/0x5e0
[   30.664051]  kasan_report+0xc8/0x118
[   30.664715]  __asan_report_store1_noabort+0x20/0x30
[   30.665331]  krealloc_more_oob_helper+0x5c8/0x680
[   30.666072]  krealloc_large_more_oob+0x20/0x38
[   30.666723]  kunit_try_run_case+0x14c/0x3d0
[   30.667650]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.668615]  kthread+0x24c/0x2d0
[   30.669195]  ret_from_fork+0x10/0x20
[   30.669805] 
[   30.670142] The buggy address belongs to the physical page:
[   30.671415] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106220
[   30.672348] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.673184] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.674055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.674959] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.675695] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.676694] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.677697] head: 0bfffe0000000002 ffffc1ffc3188801 ffffffffffffffff 0000000000000000
[   30.679003] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.679992] page dumped because: kasan: bad access detected
[   30.680798] 
[   30.680971] Memory state around the buggy address:
[   30.681310]  fff00000c6221f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.682249]  fff00000c6222000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.684153] >fff00000c6222080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.685086]                                                              ^
[   30.685954]  fff00000c6222100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.687083]  fff00000c6222180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.688107] ==================================================================
Metadata Full log Test run details 

[   23.019386] ==================================================================
[   23.020032] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   23.022772] Write of size 1 at addr ffff888102aba0f0 by task kunit_try_catch/168
[   23.023476] 
[   23.024357] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   23.025612] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.026801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.028252] Call Trace:
[   23.029018]  <TASK>
[   23.029234]  dump_stack_lvl+0x73/0xb0
[   23.029506]  print_report+0xd1/0x640
[   23.030247]  ? __virt_addr_valid+0x1db/0x2d0
[   23.030846]  ? kasan_addr_to_slab+0x11/0xa0
[   23.031317]  kasan_report+0x102/0x140
[   23.031719]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.032223]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.032728]  __asan_report_store1_noabort+0x1b/0x30
[   23.034567]  krealloc_more_oob_helper+0x7ed/0x930
[   23.035860]  ? __schedule+0xc70/0x27e0
[   23.036731]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.037352]  ? finish_task_switch.isra.0+0x153/0x700
[   23.037827]  ? __switch_to+0x5d9/0xf60
[   23.038807]  ? __schedule+0xc70/0x27e0
[   23.040018]  ? __pfx_read_tsc+0x10/0x10
[   23.040523]  krealloc_large_more_oob+0x1c/0x30
[   23.041584]  kunit_try_run_case+0x1b3/0x490
[   23.042644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.043084]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.044120]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.044910]  ? __kthread_parkme+0x82/0x160
[   23.045278]  ? preempt_count_sub+0x50/0x80
[   23.045999]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.046400]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.047320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.048557]  kthread+0x257/0x310
[   23.049146]  ? __pfx_kthread+0x10/0x10
[   23.049582]  ret_from_fork+0x41/0x80
[   23.049950]  ? __pfx_kthread+0x10/0x10
[   23.050311]  ret_from_fork_asm+0x1a/0x30
[   23.050744]  </TASK>
[   23.051333] 
[   23.052170] The buggy address belongs to the physical page:
[   23.052992] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   23.053927] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.054867] flags: 0x200000000000040(head|node=0|zone=2)
[   23.056092] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.056695] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.057272] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.059071] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.060587] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.061079] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.062642] page dumped because: kasan: bad access detected
[   23.064024] 
[   23.064386] Memory state around the buggy address:
[   23.064877]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.065525]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.066273] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.067329]                                                              ^
[   23.068602]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.069458]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.070559] ==================================================================
[   22.458416] ==================================================================
[   22.459282] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   22.459730] Write of size 1 at addr ffff8881009a4aeb by task kunit_try_catch/164
[   22.460193] 
[   22.460475] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.462356] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.463218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.464286] Call Trace:
[   22.465466]  <TASK>
[   22.466196]  dump_stack_lvl+0x73/0xb0
[   22.466857]  print_report+0xd1/0x640
[   22.467427]  ? __virt_addr_valid+0x1db/0x2d0
[   22.468028]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.468966]  kasan_report+0x102/0x140
[   22.469552]  ? krealloc_more_oob_helper+0x823/0x930
[   22.470358]  ? krealloc_more_oob_helper+0x823/0x930
[   22.470734]  __asan_report_store1_noabort+0x1b/0x30
[   22.471356]  krealloc_more_oob_helper+0x823/0x930
[   22.471880]  ? __schedule+0xc70/0x27e0
[   22.473017]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.473446]  ? finish_task_switch.isra.0+0x153/0x700
[   22.474076]  ? __switch_to+0x5d9/0xf60
[   22.475003]  ? __schedule+0xc70/0x27e0
[   22.475830]  ? __pfx_read_tsc+0x10/0x10
[   22.477384]  krealloc_more_oob+0x1c/0x30
[   22.478063]  kunit_try_run_case+0x1b3/0x490
[   22.478915]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.479736]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.480629]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.482062]  ? __kthread_parkme+0x82/0x160
[   22.482646]  ? preempt_count_sub+0x50/0x80
[   22.483646]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.484144]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.485509]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.486432]  kthread+0x257/0x310
[   22.487099]  ? __pfx_kthread+0x10/0x10
[   22.488485]  ret_from_fork+0x41/0x80
[   22.488961]  ? __pfx_kthread+0x10/0x10
[   22.489947]  ret_from_fork_asm+0x1a/0x30
[   22.490427]  </TASK>
[   22.490967] 
[   22.491167] Allocated by task 164:
[   22.491794]  kasan_save_stack+0x3d/0x60
[   22.492707]  kasan_save_track+0x18/0x40
[   22.494097]  kasan_save_alloc_info+0x3b/0x50
[   22.494585]  __kasan_krealloc+0x190/0x1f0
[   22.495363]  krealloc_noprof+0xf3/0x340
[   22.496079]  krealloc_more_oob_helper+0x1aa/0x930
[   22.496818]  krealloc_more_oob+0x1c/0x30
[   22.497209]  kunit_try_run_case+0x1b3/0x490
[   22.498305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.498755]  kthread+0x257/0x310
[   22.499359]  ret_from_fork+0x41/0x80
[   22.500468]  ret_from_fork_asm+0x1a/0x30
[   22.501290] 
[   22.501469] The buggy address belongs to the object at ffff8881009a4a00
[   22.501469]  which belongs to the cache kmalloc-256 of size 256
[   22.503775] The buggy address is located 0 bytes to the right of
[   22.503775]  allocated 235-byte region [ffff8881009a4a00, ffff8881009a4aeb)
[   22.506154] 
[   22.506599] The buggy address belongs to the physical page:
[   22.507466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a4
[   22.508351] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.509922] flags: 0x200000000000040(head|node=0|zone=2)
[   22.510487] page_type: f5(slab)
[   22.510841] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.511581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.513441] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.514895] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.515707] head: 0200000000000001 ffffea0004026901 ffffffffffffffff 0000000000000000
[   22.516460] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.517907] page dumped because: kasan: bad access detected
[   22.518767] 
[   22.519050] Memory state around the buggy address:
[   22.519910]  ffff8881009a4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.521189]  ffff8881009a4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.522030] >ffff8881009a4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.523112]                                                           ^
[   22.524094]  ffff8881009a4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.524950]  ffff8881009a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.526602] ==================================================================
[   22.962852] ==================================================================
[   22.964333] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   22.965633] Write of size 1 at addr ffff888102aba0eb by task kunit_try_catch/168
[   22.966349] 
[   22.966593] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.969018] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.969710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.971254] Call Trace:
[   22.971574]  <TASK>
[   22.972569]  dump_stack_lvl+0x73/0xb0
[   22.973343]  print_report+0xd1/0x640
[   22.973820]  ? __virt_addr_valid+0x1db/0x2d0
[   22.974445]  ? kasan_addr_to_slab+0x11/0xa0
[   22.975011]  kasan_report+0x102/0x140
[   22.975530]  ? krealloc_more_oob_helper+0x823/0x930
[   22.976104]  ? krealloc_more_oob_helper+0x823/0x930
[   22.976579]  __asan_report_store1_noabort+0x1b/0x30
[   22.978172]  krealloc_more_oob_helper+0x823/0x930
[   22.978824]  ? __schedule+0xc70/0x27e0
[   22.979337]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.980065]  ? finish_task_switch.isra.0+0x153/0x700
[   22.980527]  ? __switch_to+0x5d9/0xf60
[   22.980831]  ? __schedule+0xc70/0x27e0
[   22.981512]  ? __pfx_read_tsc+0x10/0x10
[   22.982997]  krealloc_large_more_oob+0x1c/0x30
[   22.983403]  kunit_try_run_case+0x1b3/0x490
[   22.984504]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.985062]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.985618]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.986067]  ? __kthread_parkme+0x82/0x160
[   22.986598]  ? preempt_count_sub+0x50/0x80
[   22.988084]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.988826]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.990497]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.990796]  kthread+0x257/0x310
[   22.990997]  ? __pfx_kthread+0x10/0x10
[   22.991556]  ret_from_fork+0x41/0x80
[   22.993113]  ? __pfx_kthread+0x10/0x10
[   22.994377]  ret_from_fork_asm+0x1a/0x30
[   22.995561]  </TASK>
[   22.995867] 
[   22.996100] The buggy address belongs to the physical page:
[   22.997590] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8
[   22.999331] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.001114] flags: 0x200000000000040(head|node=0|zone=2)
[   23.001703] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.002449] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.004473] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.004969] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.006585] head: 0200000000000002 ffffea00040aae01 ffffffffffffffff 0000000000000000
[   23.007247] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.008358] page dumped because: kasan: bad access detected
[   23.009733] 
[   23.009924] Memory state around the buggy address:
[   23.011025]  ffff888102ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.012224]  ffff888102aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.013828] >ffff888102aba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.014754]                                                           ^
[   23.015771]  ffff888102aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.017487]  ffff888102aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.018151] ==================================================================
[   22.529015] ==================================================================
[   22.530668] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   22.532085] Write of size 1 at addr ffff8881009a4af0 by task kunit_try_catch/164
[   22.532698] 
[   22.532920] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241206 #1
[   22.535672] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.535988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.537658] Call Trace:
[   22.538012]  <TASK>
[   22.538389]  dump_stack_lvl+0x73/0xb0
[   22.540132]  print_report+0xd1/0x640
[   22.540604]  ? __virt_addr_valid+0x1db/0x2d0
[   22.541426]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.542469]  kasan_report+0x102/0x140
[   22.542748]  ? krealloc_more_oob_helper+0x7ed/0x930
[   22.543026]  ? krealloc_more_oob_helper+0x7ed/0x930
[   22.544899]  __asan_report_store1_noabort+0x1b/0x30
[   22.545687]  krealloc_more_oob_helper+0x7ed/0x930
[   22.546761]  ? __schedule+0xc70/0x27e0
[   22.547847]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.548822]  ? finish_task_switch.isra.0+0x153/0x700
[   22.549819]  ? __switch_to+0x5d9/0xf60
[   22.550354]  ? __schedule+0xc70/0x27e0
[   22.550805]  ? __pfx_read_tsc+0x10/0x10
[   22.551907]  krealloc_more_oob+0x1c/0x30
[   22.552926]  kunit_try_run_case+0x1b3/0x490
[   22.553415]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.554530]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   22.555547]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.556501]  ? __kthread_parkme+0x82/0x160
[   22.557471]  ? preempt_count_sub+0x50/0x80
[   22.558156]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.558652]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.559792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.561323]  kthread+0x257/0x310
[   22.562348]  ? __pfx_kthread+0x10/0x10
[   22.562638]  ret_from_fork+0x41/0x80
[   22.563559]  ? __pfx_kthread+0x10/0x10
[   22.564304]  ret_from_fork_asm+0x1a/0x30
[   22.564849]  </TASK>
[   22.565360] 
[   22.565650] Allocated by task 164:
[   22.566309]  kasan_save_stack+0x3d/0x60
[   22.567216]  kasan_save_track+0x18/0x40
[   22.568286]  kasan_save_alloc_info+0x3b/0x50
[   22.569051]  __kasan_krealloc+0x190/0x1f0
[   22.570575]  krealloc_noprof+0xf3/0x340
[   22.571053]  krealloc_more_oob_helper+0x1aa/0x930
[   22.572539]  krealloc_more_oob+0x1c/0x30
[   22.573365]  kunit_try_run_case+0x1b3/0x490
[   22.573643]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.574521]  kthread+0x257/0x310
[   22.574981]  ret_from_fork+0x41/0x80
[   22.575363]  ret_from_fork_asm+0x1a/0x30
[   22.576548] 
[   22.576854] The buggy address belongs to the object at ffff8881009a4a00
[   22.576854]  which belongs to the cache kmalloc-256 of size 256
[   22.579321] The buggy address is located 5 bytes to the right of
[   22.579321]  allocated 235-byte region [ffff8881009a4a00, ffff8881009a4aeb)
[   22.580628] 
[   22.581668] The buggy address belongs to the physical page:
[   22.583687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a4
[   22.584427] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.586062] flags: 0x200000000000040(head|node=0|zone=2)
[   22.586823] page_type: f5(slab)
[   22.587353] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.588398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.589713] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.590866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.592185] head: 0200000000000001 ffffea0004026901 ffffffffffffffff 0000000000000000
[   22.592822] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.594829] page dumped because: kasan: bad access detected
[   22.595303] 
[   22.595495] Memory state around the buggy address:
[   22.596714]  ffff8881009a4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.598112]  ffff8881009a4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.600328] >ffff8881009a4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.601523]                                                              ^
[   22.603849]  ffff8881009a4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.605802]  ffff8881009a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.607475] ==================================================================
Metadata Full log Test run details