lkft/linux-next-master - next-20241209 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

Dec. 9, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   23.568856] ==================================================================
[   23.569591] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   23.570339] Write of size 1 at addr fff00000c09734d0 by task kunit_try_catch/146
[   23.571130] 
[   23.571890] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.573107] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.573660] Hardware name: linux,dummy-virt (DT)
[   23.574261] Call trace:
[   23.574743]  show_stack+0x20/0x38 (C)
[   23.575806]  dump_stack_lvl+0x8c/0xd0
[   23.576314]  print_report+0x118/0x5e0
[   23.576856]  kasan_report+0xc8/0x118
[   23.577391]  __asan_report_store1_noabort+0x20/0x30
[   23.578106]  krealloc_less_oob_helper+0xb9c/0xc50
[   23.578785]  krealloc_less_oob+0x20/0x38
[   23.579607]  kunit_try_run_case+0x14c/0x3d0
[   23.580185]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.580894]  kthread+0x24c/0x2d0
[   23.581462]  ret_from_fork+0x10/0x20
[   23.581976] 
[   23.582301] Allocated by task 146:
[   23.583608]  kasan_save_stack+0x3c/0x68
[   23.584061]  kasan_save_track+0x20/0x40
[   23.584596]  kasan_save_alloc_info+0x40/0x58
[   23.585213]  __kasan_krealloc+0x118/0x178
[   23.585786]  krealloc_noprof+0x128/0x360
[   23.586356]  krealloc_less_oob_helper+0x168/0xc50
[   23.587220]  krealloc_less_oob+0x20/0x38
[   23.587772]  kunit_try_run_case+0x14c/0x3d0
[   23.588311]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.589194]  kthread+0x24c/0x2d0
[   23.589682]  ret_from_fork+0x10/0x20
[   23.590203] 
[   23.590513] The buggy address belongs to the object at fff00000c0973400
[   23.590513]  which belongs to the cache kmalloc-256 of size 256
[   23.592344] The buggy address is located 7 bytes to the right of
[   23.592344]  allocated 201-byte region [fff00000c0973400, fff00000c09734c9)
[   23.593536] 
[   23.593901] The buggy address belongs to the physical page:
[   23.594472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   23.595329] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.596235] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.597016] page_type: f5(slab)
[   23.598104] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.600331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.601389] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.602246] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.603153] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   23.604057] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.605106] page dumped because: kasan: bad access detected
[   23.605690] 
[   23.606014] Memory state around the buggy address:
[   23.606578]  fff00000c0973380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.608120]  fff00000c0973400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.608956] >fff00000c0973480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.609766]                                                  ^
[   23.610390]  fff00000c0973500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.611273]  fff00000c0973580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.612338] ==================================================================
[   23.829668] ==================================================================
[   23.830717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   23.831491] Write of size 1 at addr fff00000c64620c9 by task kunit_try_catch/150
[   23.832629] 
[   23.832957] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.834264] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.835145] Hardware name: linux,dummy-virt (DT)
[   23.835687] Call trace:
[   23.836077]  show_stack+0x20/0x38 (C)
[   23.836661]  dump_stack_lvl+0x8c/0xd0
[   23.837209]  print_report+0x118/0x5e0
[   23.837809]  kasan_report+0xc8/0x118
[   23.838353]  __asan_report_store1_noabort+0x20/0x30
[   23.839278]  krealloc_less_oob_helper+0xa48/0xc50
[   23.839869]  krealloc_large_less_oob+0x20/0x38
[   23.840513]  kunit_try_run_case+0x14c/0x3d0
[   23.841181]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.841931]  kthread+0x24c/0x2d0
[   23.842518]  ret_from_fork+0x10/0x20
[   23.843274] 
[   23.843595] The buggy address belongs to the physical page:
[   23.844144] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   23.845093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.845865] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.846744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.847804] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.848628] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.849502] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.850384] head: 0bfffe0000000002 ffffc1ffc3191801 ffffffffffffffff 0000000000000000
[   23.851455] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.852321] page dumped because: kasan: bad access detected
[   23.852974] 
[   23.853281] Memory state around the buggy address:
[   23.853860]  fff00000c6461f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.854630]  fff00000c6462000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.855657] >fff00000c6462080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.856365]                                               ^
[   23.857085]  fff00000c6462100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.857931]  fff00000c6462180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.858685] ==================================================================
[   23.860405] ==================================================================
[   23.861161] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   23.862518] Write of size 1 at addr fff00000c64620d0 by task kunit_try_catch/150
[   23.863949] 
[   23.864265] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.865248] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.865884] Hardware name: linux,dummy-virt (DT)
[   23.866472] Call trace:
[   23.866872]  show_stack+0x20/0x38 (C)
[   23.868001]  dump_stack_lvl+0x8c/0xd0
[   23.868511]  print_report+0x118/0x5e0
[   23.869100]  kasan_report+0xc8/0x118
[   23.869714]  __asan_report_store1_noabort+0x20/0x30
[   23.870314]  krealloc_less_oob_helper+0xb9c/0xc50
[   23.871258]  krealloc_large_less_oob+0x20/0x38
[   23.871820]  kunit_try_run_case+0x14c/0x3d0
[   23.872478]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.873176]  kthread+0x24c/0x2d0
[   23.873659]  ret_from_fork+0x10/0x20
[   23.874259] 
[   23.874566] The buggy address belongs to the physical page:
[   23.875404] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   23.876274] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.877118] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.877986] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.878803] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.879611] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.880515] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.881485] head: 0bfffe0000000002 ffffc1ffc3191801 ffffffffffffffff 0000000000000000
[   23.882451] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.883459] page dumped because: kasan: bad access detected
[   23.884117] 
[   23.884395] Memory state around the buggy address:
[   23.884939]  fff00000c6461f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.885642]  fff00000c6462000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.887109] >fff00000c6462080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.887762]                                                  ^
[   23.888362]  fff00000c6462100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.889746]  fff00000c6462180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.890508] ==================================================================
[   23.523683] ==================================================================
[   23.524812] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   23.525507] Write of size 1 at addr fff00000c09734c9 by task kunit_try_catch/146
[   23.526407] 
[   23.526748] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.527996] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.528483] Hardware name: linux,dummy-virt (DT)
[   23.528974] Call trace:
[   23.529359]  show_stack+0x20/0x38 (C)
[   23.530219]  dump_stack_lvl+0x8c/0xd0
[   23.530873]  print_report+0x118/0x5e0
[   23.531504]  kasan_report+0xc8/0x118
[   23.532131]  __asan_report_store1_noabort+0x20/0x30
[   23.533059]  krealloc_less_oob_helper+0xa48/0xc50
[   23.533671]  krealloc_less_oob+0x20/0x38
[   23.534264]  kunit_try_run_case+0x14c/0x3d0
[   23.534790]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.536419]  kthread+0x24c/0x2d0
[   23.536953]  ret_from_fork+0x10/0x20
[   23.537622] 
[   23.537984] Allocated by task 146:
[   23.538451]  kasan_save_stack+0x3c/0x68
[   23.539318]  kasan_save_track+0x20/0x40
[   23.539797]  kasan_save_alloc_info+0x40/0x58
[   23.540309]  __kasan_krealloc+0x118/0x178
[   23.541025]  krealloc_noprof+0x128/0x360
[   23.541647]  krealloc_less_oob_helper+0x168/0xc50
[   23.542338]  krealloc_less_oob+0x20/0x38
[   23.543431]  kunit_try_run_case+0x14c/0x3d0
[   23.544051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.544746]  kthread+0x24c/0x2d0
[   23.545305]  ret_from_fork+0x10/0x20
[   23.545920] 
[   23.546264] The buggy address belongs to the object at fff00000c0973400
[   23.546264]  which belongs to the cache kmalloc-256 of size 256
[   23.548246] The buggy address is located 0 bytes to the right of
[   23.548246]  allocated 201-byte region [fff00000c0973400, fff00000c09734c9)
[   23.549695] 
[   23.550177] The buggy address belongs to the physical page:
[   23.550953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   23.552052] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.553302] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.554148] page_type: f5(slab)
[   23.554651] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.555553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.556326] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.557485] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.558362] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   23.559315] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.559883] page dumped because: kasan: bad access detected
[   23.560152] 
[   23.560283] Memory state around the buggy address:
[   23.560523]  fff00000c0973380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.561260]  fff00000c0973400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.562319] >fff00000c0973480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.563721]                                               ^
[   23.564450]  fff00000c0973500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.565379]  fff00000c0973580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.566362] ==================================================================
[   23.705291] ==================================================================
[   23.705936] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   23.707829] Write of size 1 at addr fff00000c09734eb by task kunit_try_catch/146
[   23.708660] 
[   23.709007] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.710081] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.710637] Hardware name: linux,dummy-virt (DT)
[   23.711992] Call trace:
[   23.712412]  show_stack+0x20/0x38 (C)
[   23.713037]  dump_stack_lvl+0x8c/0xd0
[   23.713577]  print_report+0x118/0x5e0
[   23.714104]  kasan_report+0xc8/0x118
[   23.714717]  __asan_report_store1_noabort+0x20/0x30
[   23.715734]  krealloc_less_oob_helper+0xa58/0xc50
[   23.716224]  krealloc_less_oob+0x20/0x38
[   23.716861]  kunit_try_run_case+0x14c/0x3d0
[   23.717413]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.718359]  kthread+0x24c/0x2d0
[   23.719143]  ret_from_fork+0x10/0x20
[   23.719660] 
[   23.719984] Allocated by task 146:
[   23.720421]  kasan_save_stack+0x3c/0x68
[   23.720949]  kasan_save_track+0x20/0x40
[   23.721527]  kasan_save_alloc_info+0x40/0x58
[   23.722104]  __kasan_krealloc+0x118/0x178
[   23.722603]  krealloc_noprof+0x128/0x360
[   23.723307]  krealloc_less_oob_helper+0x168/0xc50
[   23.724544]  krealloc_less_oob+0x20/0x38
[   23.725079]  kunit_try_run_case+0x14c/0x3d0
[   23.725659]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.726376]  kthread+0x24c/0x2d0
[   23.727199]  ret_from_fork+0x10/0x20
[   23.727560] 
[   23.727950] The buggy address belongs to the object at fff00000c0973400
[   23.727950]  which belongs to the cache kmalloc-256 of size 256
[   23.729117] The buggy address is located 34 bytes to the right of
[   23.729117]  allocated 201-byte region [fff00000c0973400, fff00000c09734c9)
[   23.730380] 
[   23.730721] The buggy address belongs to the physical page:
[   23.731437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   23.732518] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.733759] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.735078] page_type: f5(slab)
[   23.735684] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.736558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.737454] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.738335] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.739516] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   23.740355] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.741123] page dumped because: kasan: bad access detected
[   23.741687] 
[   23.742658] Memory state around the buggy address:
[   23.743211]  fff00000c0973380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.744012]  fff00000c0973400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.744935] >fff00000c0973480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.746178]                                                           ^
[   23.746881]  fff00000c0973500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.748274]  fff00000c0973580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.749149] ==================================================================
[   23.614559] ==================================================================
[   23.615389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   23.616152] Write of size 1 at addr fff00000c09734da by task kunit_try_catch/146
[   23.617593] 
[   23.617899] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.619425] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.619874] Hardware name: linux,dummy-virt (DT)
[   23.620517] Call trace:
[   23.620992]  show_stack+0x20/0x38 (C)
[   23.621607]  dump_stack_lvl+0x8c/0xd0
[   23.622202]  print_report+0x118/0x5e0
[   23.622795]  kasan_report+0xc8/0x118
[   23.623357]  __asan_report_store1_noabort+0x20/0x30
[   23.624561]  krealloc_less_oob_helper+0xa80/0xc50
[   23.625245]  krealloc_less_oob+0x20/0x38
[   23.625956]  kunit_try_run_case+0x14c/0x3d0
[   23.626664]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.627504]  kthread+0x24c/0x2d0
[   23.628398]  ret_from_fork+0x10/0x20
[   23.628970] 
[   23.629479] Allocated by task 146:
[   23.630051]  kasan_save_stack+0x3c/0x68
[   23.630769]  kasan_save_track+0x20/0x40
[   23.631209]  kasan_save_alloc_info+0x40/0x58
[   23.631661]  __kasan_krealloc+0x118/0x178
[   23.632157]  krealloc_noprof+0x128/0x360
[   23.633075]  krealloc_less_oob_helper+0x168/0xc50
[   23.633745]  krealloc_less_oob+0x20/0x38
[   23.634396]  kunit_try_run_case+0x14c/0x3d0
[   23.635060]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.635909]  kthread+0x24c/0x2d0
[   23.636415]  ret_from_fork+0x10/0x20
[   23.636971] 
[   23.637333] The buggy address belongs to the object at fff00000c0973400
[   23.637333]  which belongs to the cache kmalloc-256 of size 256
[   23.639315] The buggy address is located 17 bytes to the right of
[   23.639315]  allocated 201-byte region [fff00000c0973400, fff00000c09734c9)
[   23.640718] 
[   23.641041] The buggy address belongs to the physical page:
[   23.641694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   23.642716] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.643842] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.644222] page_type: f5(slab)
[   23.644426] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.644891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.646128] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.647367] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.648488] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   23.649504] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.651285] page dumped because: kasan: bad access detected
[   23.652147] 
[   23.652363] Memory state around the buggy address:
[   23.653140]  fff00000c0973380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.653979]  fff00000c0973400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.654847] >fff00000c0973480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.656033]                                                     ^
[   23.657150]  fff00000c0973500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.658122]  fff00000c0973580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.659039] ==================================================================
[   23.891782] ==================================================================
[   23.892590] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   23.893403] Write of size 1 at addr fff00000c64620da by task kunit_try_catch/150
[   23.894215] 
[   23.894533] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.897156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.897721] Hardware name: linux,dummy-virt (DT)
[   23.898271] Call trace:
[   23.898737]  show_stack+0x20/0x38 (C)
[   23.899501]  dump_stack_lvl+0x8c/0xd0
[   23.899956]  print_report+0x118/0x5e0
[   23.900362]  kasan_report+0xc8/0x118
[   23.900776]  __asan_report_store1_noabort+0x20/0x30
[   23.901269]  krealloc_less_oob_helper+0xa80/0xc50
[   23.902325]  krealloc_large_less_oob+0x20/0x38
[   23.903418]  kunit_try_run_case+0x14c/0x3d0
[   23.903948]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.904743]  kthread+0x24c/0x2d0
[   23.905278]  ret_from_fork+0x10/0x20
[   23.905803] 
[   23.906154] The buggy address belongs to the physical page:
[   23.906749] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   23.907690] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.908506] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.909549] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.910405] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.911297] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.912314] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.913168] head: 0bfffe0000000002 ffffc1ffc3191801 ffffffffffffffff 0000000000000000
[   23.913963] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.914781] page dumped because: kasan: bad access detected
[   23.916026] 
[   23.916318] Memory state around the buggy address:
[   23.916876]  fff00000c6461f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.917684]  fff00000c6462000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.918475] >fff00000c6462080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.919452]                                                     ^
[   23.920043]  fff00000c6462100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.920893]  fff00000c6462180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.921627] ==================================================================
[   23.956447] ==================================================================
[   23.957129] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   23.958068] Write of size 1 at addr fff00000c64620eb by task kunit_try_catch/150
[   23.959074] 
[   23.959346] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.961444] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.962167] Hardware name: linux,dummy-virt (DT)
[   23.963348] Call trace:
[   23.963827]  show_stack+0x20/0x38 (C)
[   23.964510]  dump_stack_lvl+0x8c/0xd0
[   23.965198]  print_report+0x118/0x5e0
[   23.965829]  kasan_report+0xc8/0x118
[   23.966473]  __asan_report_store1_noabort+0x20/0x30
[   23.967480]  krealloc_less_oob_helper+0xa58/0xc50
[   23.967958]  krealloc_large_less_oob+0x20/0x38
[   23.968770]  kunit_try_run_case+0x14c/0x3d0
[   23.969354]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.970208]  kthread+0x24c/0x2d0
[   23.970743]  ret_from_fork+0x10/0x20
[   23.971549] 
[   23.971906] The buggy address belongs to the physical page:
[   23.972552] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   23.973470] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.974374] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.975390] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.976161] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.977062] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.977977] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.978856] head: 0bfffe0000000002 ffffc1ffc3191801 ffffffffffffffff 0000000000000000
[   23.980077] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.981177] page dumped because: kasan: bad access detected
[   23.981448] 
[   23.981580] Memory state around the buggy address:
[   23.982005]  fff00000c6461f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.983446]  fff00000c6462000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.984342] >fff00000c6462080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.985192]                                                           ^
[   23.985961]  fff00000c6462100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.986773]  fff00000c6462180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.987726] ==================================================================
[   23.661481] ==================================================================
[   23.662166] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   23.663155] Write of size 1 at addr fff00000c09734ea by task kunit_try_catch/146
[   23.664765] 
[   23.665033] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.665545] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.665844] Hardware name: linux,dummy-virt (DT)
[   23.666369] Call trace:
[   23.666785]  show_stack+0x20/0x38 (C)
[   23.667944]  dump_stack_lvl+0x8c/0xd0
[   23.668556]  print_report+0x118/0x5e0
[   23.669224]  kasan_report+0xc8/0x118
[   23.669910]  __asan_report_store1_noabort+0x20/0x30
[   23.670652]  krealloc_less_oob_helper+0xae4/0xc50
[   23.671466]  krealloc_less_oob+0x20/0x38
[   23.672442]  kunit_try_run_case+0x14c/0x3d0
[   23.672834]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.673779]  kthread+0x24c/0x2d0
[   23.674388]  ret_from_fork+0x10/0x20
[   23.675281] 
[   23.675626] Allocated by task 146:
[   23.676280]  kasan_save_stack+0x3c/0x68
[   23.676904]  kasan_save_track+0x20/0x40
[   23.677481]  kasan_save_alloc_info+0x40/0x58
[   23.678135]  __kasan_krealloc+0x118/0x178
[   23.678763]  krealloc_noprof+0x128/0x360
[   23.679472]  krealloc_less_oob_helper+0x168/0xc50
[   23.680346]  krealloc_less_oob+0x20/0x38
[   23.680590]  kunit_try_run_case+0x14c/0x3d0
[   23.681282]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.681919]  kthread+0x24c/0x2d0
[   23.682337]  ret_from_fork+0x10/0x20
[   23.682903] 
[   23.683541] The buggy address belongs to the object at fff00000c0973400
[   23.683541]  which belongs to the cache kmalloc-256 of size 256
[   23.685323] The buggy address is located 33 bytes to the right of
[   23.685323]  allocated 201-byte region [fff00000c0973400, fff00000c09734c9)
[   23.686578] 
[   23.686877] The buggy address belongs to the physical page:
[   23.687538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100972
[   23.688401] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.689671] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.690118] page_type: f5(slab)
[   23.690325] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.690667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.691838] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.692632] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.693545] head: 0bfffe0000000001 ffffc1ffc3025c81 ffffffffffffffff 0000000000000000
[   23.694560] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.695694] page dumped because: kasan: bad access detected
[   23.696336] 
[   23.696649] Memory state around the buggy address:
[   23.697205]  fff00000c0973380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.698418]  fff00000c0973400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.699727] >fff00000c0973480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.700696]                                                           ^
[   23.701411]  fff00000c0973500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.702297]  fff00000c0973580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.703196] ==================================================================
[   23.922757] ==================================================================
[   23.924569] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   23.925449] Write of size 1 at addr fff00000c64620ea by task kunit_try_catch/150
[   23.926804] 
[   23.927362] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.928446] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.928949] Hardware name: linux,dummy-virt (DT)
[   23.929470] Call trace:
[   23.929866]  show_stack+0x20/0x38 (C)
[   23.930455]  dump_stack_lvl+0x8c/0xd0
[   23.930935]  print_report+0x118/0x5e0
[   23.931848]  kasan_report+0xc8/0x118
[   23.932439]  __asan_report_store1_noabort+0x20/0x30
[   23.933185]  krealloc_less_oob_helper+0xae4/0xc50
[   23.933895]  krealloc_large_less_oob+0x20/0x38
[   23.934540]  kunit_try_run_case+0x14c/0x3d0
[   23.935281]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.936245]  kthread+0x24c/0x2d0
[   23.936909]  ret_from_fork+0x10/0x20
[   23.937585] 
[   23.938039] The buggy address belongs to the physical page:
[   23.938753] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   23.939809] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.940565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.941608] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.942395] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.943475] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.944556] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.945730] head: 0bfffe0000000002 ffffc1ffc3191801 ffffffffffffffff 0000000000000000
[   23.946490] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.947247] page dumped because: kasan: bad access detected
[   23.947721] 
[   23.947974] Memory state around the buggy address:
[   23.948395]  fff00000c6461f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.949878]  fff00000c6462000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.950829] >fff00000c6462080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.951874]                                                           ^
[   23.952571]  fff00000c6462100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.953338]  fff00000c6462180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.954315] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2py6iNW3A19OotmKMY53lmGd6oj

job_id

TEST:linaro@lkft#2py6nFdPiknWFOsEIA8yVXfzW70

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2py6nFdPiknWFOsEIA8yVXfzW70

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6jouhw76XPtptNZqsJZuZSQp/Image.gz
sha256sum	585f992ebe50618c33d06c91b201dcdd77d849fd5a2ae15648a255921e68d327

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6jouhw76XPtptNZqsJZuZSQp/modules.tar.xz
sha256sum	c030e654f042d75e88e5e0f533f0d246e75ce1cd54b338d0c8f2e891828c0660

durations

tests

boot	494.17
kunit	331.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   23.274466] ==================================================================
[   23.275514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   23.277226] Write of size 1 at addr ffff8881003a06d0 by task kunit_try_catch/165
[   23.278249] 
[   23.278631] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.279428] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.280002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.281090] Call Trace:
[   23.281563]  <TASK>
[   23.282153]  dump_stack_lvl+0x73/0xb0
[   23.282588]  print_report+0xd1/0x640
[   23.283074]  ? __virt_addr_valid+0x1db/0x2d0
[   23.283650]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.284167]  kasan_report+0x102/0x140
[   23.284577]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.285861]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.286314]  __asan_report_store1_noabort+0x1b/0x30
[   23.286842]  krealloc_less_oob_helper+0xe25/0x11d0
[   23.287967]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.288696]  ? finish_task_switch.isra.0+0x153/0x700
[   23.289550]  ? __switch_to+0x5d9/0xf60
[   23.290118]  ? __schedule+0xc70/0x27e0
[   23.290599]  ? __pfx_read_tsc+0x10/0x10
[   23.290998]  krealloc_less_oob+0x1c/0x30
[   23.291762]  kunit_try_run_case+0x1b3/0x490
[   23.292431]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.293258]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.293846]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.294451]  ? __kthread_parkme+0x82/0x160
[   23.295203]  ? preempt_count_sub+0x50/0x80
[   23.295722]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.296270]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.297063]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.297577]  kthread+0x257/0x310
[   23.297898]  ? __pfx_kthread+0x10/0x10
[   23.298776]  ret_from_fork+0x41/0x80
[   23.299290]  ? __pfx_kthread+0x10/0x10
[   23.299940]  ret_from_fork_asm+0x1a/0x30
[   23.300522]  </TASK>
[   23.300901] 
[   23.301158] Allocated by task 165:
[   23.301576]  kasan_save_stack+0x3d/0x60
[   23.301939]  kasan_save_track+0x18/0x40
[   23.302500]  kasan_save_alloc_info+0x3b/0x50
[   23.303282]  __kasan_krealloc+0x190/0x1f0
[   23.304038]  krealloc_noprof+0xf3/0x340
[   23.304673]  krealloc_less_oob_helper+0x1ab/0x11d0
[   23.305694]  krealloc_less_oob+0x1c/0x30
[   23.306511]  kunit_try_run_case+0x1b3/0x490
[   23.307494]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.308189]  kthread+0x257/0x310
[   23.308710]  ret_from_fork+0x41/0x80
[   23.309122]  ret_from_fork_asm+0x1a/0x30
[   23.309546] 
[   23.309831] The buggy address belongs to the object at ffff8881003a0600
[   23.309831]  which belongs to the cache kmalloc-256 of size 256
[   23.310838] The buggy address is located 7 bytes to the right of
[   23.310838]  allocated 201-byte region [ffff8881003a0600, ffff8881003a06c9)
[   23.311934] 
[   23.312231] The buggy address belongs to the physical page:
[   23.312898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.313619] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.314538] flags: 0x200000000000040(head|node=0|zone=2)
[   23.315165] page_type: f5(slab)
[   23.315572] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.316378] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.317103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.317725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.318646] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.319444] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.320259] page dumped because: kasan: bad access detected
[   23.320764] 
[   23.321035] Memory state around the buggy address:
[   23.321571]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.322223]  ffff8881003a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.323180] >ffff8881003a0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.323917]                                                  ^
[   23.324409]  ffff8881003a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.325066]  ffff8881003a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.325834] ==================================================================
[   23.598824] ==================================================================
[   23.600499] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   23.601321] Write of size 1 at addr ffff88810239e0c9 by task kunit_try_catch/169
[   23.602422] 
[   23.602978] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.604552] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.605150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.605973] Call Trace:
[   23.606339]  <TASK>
[   23.606663]  dump_stack_lvl+0x73/0xb0
[   23.607259]  print_report+0xd1/0x640
[   23.607647]  ? __virt_addr_valid+0x1db/0x2d0
[   23.608387]  ? kasan_addr_to_slab+0x11/0xa0
[   23.609030]  kasan_report+0x102/0x140
[   23.609717]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.610414]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.611207]  __asan_report_store1_noabort+0x1b/0x30
[   23.611784]  krealloc_less_oob_helper+0xd72/0x11d0
[   23.612472]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.613406]  ? finish_task_switch.isra.0+0x153/0x700
[   23.614431]  ? __switch_to+0x5d9/0xf60
[   23.614849]  ? __schedule+0xc70/0x27e0
[   23.615434]  ? __pfx_read_tsc+0x10/0x10
[   23.616061]  krealloc_large_less_oob+0x1c/0x30
[   23.616556]  kunit_try_run_case+0x1b3/0x490
[   23.617338]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.617895]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.618586]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.619490]  ? __kthread_parkme+0x82/0x160
[   23.619803]  ? preempt_count_sub+0x50/0x80
[   23.620542]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.621418]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.622254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.622839]  kthread+0x257/0x310
[   23.623178]  ? __pfx_kthread+0x10/0x10
[   23.623645]  ret_from_fork+0x41/0x80
[   23.623997]  ? __pfx_kthread+0x10/0x10
[   23.625422]  ret_from_fork_asm+0x1a/0x30
[   23.626209]  </TASK>
[   23.626688] 
[   23.626859] The buggy address belongs to the physical page:
[   23.628054] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10239c
[   23.629049] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.630091] flags: 0x200000000000040(head|node=0|zone=2)
[   23.631101] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.632150] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.633316] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.633937] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.634954] head: 0200000000000002 ffffea000408e701 ffffffffffffffff 0000000000000000
[   23.635877] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.637612] page dumped because: kasan: bad access detected
[   23.638039] 
[   23.638277] Memory state around the buggy address:
[   23.639198]  ffff88810239df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.640014]  ffff88810239e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.640754] >ffff88810239e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.642121]                                               ^
[   23.643589]  ffff88810239e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.644113]  ffff88810239e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.645408] ==================================================================
[   23.738534] ==================================================================
[   23.739182] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   23.739683] Write of size 1 at addr ffff88810239e0ea by task kunit_try_catch/169
[   23.740621] 
[   23.740800] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.742461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.743089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.743955] Call Trace:
[   23.744552]  <TASK>
[   23.744860]  dump_stack_lvl+0x73/0xb0
[   23.745192]  print_report+0xd1/0x640
[   23.745772]  ? __virt_addr_valid+0x1db/0x2d0
[   23.746597]  ? kasan_addr_to_slab+0x11/0xa0
[   23.747441]  kasan_report+0x102/0x140
[   23.747800]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.748567]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.749158]  __asan_report_store1_noabort+0x1b/0x30
[   23.749825]  krealloc_less_oob_helper+0xe92/0x11d0
[   23.750505]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.751125]  ? finish_task_switch.isra.0+0x153/0x700
[   23.751906]  ? __switch_to+0x5d9/0xf60
[   23.752430]  ? __schedule+0xc70/0x27e0
[   23.753914]  ? __pfx_read_tsc+0x10/0x10
[   23.754894]  krealloc_large_less_oob+0x1c/0x30
[   23.755410]  kunit_try_run_case+0x1b3/0x490
[   23.756068]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.757178]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.757621]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.758687]  ? __kthread_parkme+0x82/0x160
[   23.759132]  ? preempt_count_sub+0x50/0x80
[   23.759585]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.760113]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.760777]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.761441]  kthread+0x257/0x310
[   23.762001]  ? __pfx_kthread+0x10/0x10
[   23.762518]  ret_from_fork+0x41/0x80
[   23.762996]  ? __pfx_kthread+0x10/0x10
[   23.763513]  ret_from_fork_asm+0x1a/0x30
[   23.763987]  </TASK>
[   23.764541] 
[   23.764846] The buggy address belongs to the physical page:
[   23.765461] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10239c
[   23.766421] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.767440] flags: 0x200000000000040(head|node=0|zone=2)
[   23.768052] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.768852] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.769853] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.770443] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.771161] head: 0200000000000002 ffffea000408e701 ffffffffffffffff 0000000000000000
[   23.772219] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.772972] page dumped because: kasan: bad access detected
[   23.773583] 
[   23.773903] Memory state around the buggy address:
[   23.774524]  ffff88810239df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.775337]  ffff88810239e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.775858] >ffff88810239e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.776632]                                                           ^
[   23.777392]  ffff88810239e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.778512]  ffff88810239e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.779116] ==================================================================
[   23.328092] ==================================================================
[   23.328936] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   23.330408] Write of size 1 at addr ffff8881003a06da by task kunit_try_catch/165
[   23.331798] 
[   23.332246] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.333415] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.334365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.335166] Call Trace:
[   23.335672]  <TASK>
[   23.336344]  dump_stack_lvl+0x73/0xb0
[   23.336723]  print_report+0xd1/0x640
[   23.337811]  ? __virt_addr_valid+0x1db/0x2d0
[   23.338239]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.339004]  kasan_report+0x102/0x140
[   23.339696]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.340291]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.341650]  __asan_report_store1_noabort+0x1b/0x30
[   23.342190]  krealloc_less_oob_helper+0xec8/0x11d0
[   23.343050]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.343559]  ? finish_task_switch.isra.0+0x153/0x700
[   23.344035]  ? __switch_to+0x5d9/0xf60
[   23.344858]  ? __schedule+0xc70/0x27e0
[   23.345166]  ? __pfx_read_tsc+0x10/0x10
[   23.345888]  krealloc_less_oob+0x1c/0x30
[   23.346348]  kunit_try_run_case+0x1b3/0x490
[   23.346970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.347434]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.348340]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.349095]  ? __kthread_parkme+0x82/0x160
[   23.349568]  ? preempt_count_sub+0x50/0x80
[   23.350331]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.351083]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.352011]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.352647]  kthread+0x257/0x310
[   23.353482]  ? __pfx_kthread+0x10/0x10
[   23.354085]  ret_from_fork+0x41/0x80
[   23.354436]  ? __pfx_kthread+0x10/0x10
[   23.355140]  ret_from_fork_asm+0x1a/0x30
[   23.355509]  </TASK>
[   23.355763] 
[   23.356497] Allocated by task 165:
[   23.356874]  kasan_save_stack+0x3d/0x60
[   23.357418]  kasan_save_track+0x18/0x40
[   23.358119]  kasan_save_alloc_info+0x3b/0x50
[   23.359169]  __kasan_krealloc+0x190/0x1f0
[   23.359952]  krealloc_noprof+0xf3/0x340
[   23.360607]  krealloc_less_oob_helper+0x1ab/0x11d0
[   23.361517]  krealloc_less_oob+0x1c/0x30
[   23.362051]  kunit_try_run_case+0x1b3/0x490
[   23.362554]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.363367]  kthread+0x257/0x310
[   23.363676]  ret_from_fork+0x41/0x80
[   23.364160]  ret_from_fork_asm+0x1a/0x30
[   23.364484] 
[   23.365370] The buggy address belongs to the object at ffff8881003a0600
[   23.365370]  which belongs to the cache kmalloc-256 of size 256
[   23.366675] The buggy address is located 17 bytes to the right of
[   23.366675]  allocated 201-byte region [ffff8881003a0600, ffff8881003a06c9)
[   23.368600] 
[   23.368869] The buggy address belongs to the physical page:
[   23.369777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.370592] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.371451] flags: 0x200000000000040(head|node=0|zone=2)
[   23.372221] page_type: f5(slab)
[   23.372593] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.373211] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.374072] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.374851] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.375634] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.376397] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.377126] page dumped because: kasan: bad access detected
[   23.377482] 
[   23.377868] Memory state around the buggy address:
[   23.378411]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.379276]  ffff8881003a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.380416] >ffff8881003a0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.381220]                                                     ^
[   23.381657]  ffff8881003a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.382726]  ffff8881003a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.383425] ==================================================================
[   23.439498] ==================================================================
[   23.440845] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   23.441610] Write of size 1 at addr ffff8881003a06eb by task kunit_try_catch/165
[   23.442756] 
[   23.443232] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.445055] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.445487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.445980] Call Trace:
[   23.446539]  <TASK>
[   23.446969]  dump_stack_lvl+0x73/0xb0
[   23.447647]  print_report+0xd1/0x640
[   23.448567]  ? __virt_addr_valid+0x1db/0x2d0
[   23.449338]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.450213]  kasan_report+0x102/0x140
[   23.450755]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.451440]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.452349]  __asan_report_store1_noabort+0x1b/0x30
[   23.452782]  krealloc_less_oob_helper+0xd49/0x11d0
[   23.453560]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.454277]  ? finish_task_switch.isra.0+0x153/0x700
[   23.454739]  ? __switch_to+0x5d9/0xf60
[   23.455610]  ? __schedule+0xc70/0x27e0
[   23.456374]  ? __pfx_read_tsc+0x10/0x10
[   23.457153]  krealloc_less_oob+0x1c/0x30
[   23.457499]  kunit_try_run_case+0x1b3/0x490
[   23.458373]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.458988]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.459202]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.459454]  ? __kthread_parkme+0x82/0x160
[   23.459650]  ? preempt_count_sub+0x50/0x80
[   23.459950]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.460562]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.461618]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.462199]  kthread+0x257/0x310
[   23.462735]  ? __pfx_kthread+0x10/0x10
[   23.463231]  ret_from_fork+0x41/0x80
[   23.463668]  ? __pfx_kthread+0x10/0x10
[   23.464394]  ret_from_fork_asm+0x1a/0x30
[   23.464772]  </TASK>
[   23.465047] 
[   23.465499] Allocated by task 165:
[   23.465779]  kasan_save_stack+0x3d/0x60
[   23.466281]  kasan_save_track+0x18/0x40
[   23.466742]  kasan_save_alloc_info+0x3b/0x50
[   23.467266]  __kasan_krealloc+0x190/0x1f0
[   23.467912]  krealloc_noprof+0xf3/0x340
[   23.468379]  krealloc_less_oob_helper+0x1ab/0x11d0
[   23.468858]  krealloc_less_oob+0x1c/0x30
[   23.469490]  kunit_try_run_case+0x1b3/0x490
[   23.469785]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.470883]  kthread+0x257/0x310
[   23.471145]  ret_from_fork+0x41/0x80
[   23.471581]  ret_from_fork_asm+0x1a/0x30
[   23.471985] 
[   23.472360] The buggy address belongs to the object at ffff8881003a0600
[   23.472360]  which belongs to the cache kmalloc-256 of size 256
[   23.474247] The buggy address is located 34 bytes to the right of
[   23.474247]  allocated 201-byte region [ffff8881003a0600, ffff8881003a06c9)
[   23.475290] 
[   23.475506] The buggy address belongs to the physical page:
[   23.476090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.477164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.478039] flags: 0x200000000000040(head|node=0|zone=2)
[   23.478643] page_type: f5(slab)
[   23.479128] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.480008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.480739] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.481357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.482084] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.482960] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.483557] page dumped because: kasan: bad access detected
[   23.484046] 
[   23.484283] Memory state around the buggy address:
[   23.484712]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.485468]  ffff8881003a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.486068] >ffff8881003a0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.486896]                                                           ^
[   23.487401]  ffff8881003a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.488189]  ffff8881003a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.488815] ==================================================================
[   23.646857] ==================================================================
[   23.647424] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   23.648805] Write of size 1 at addr ffff88810239e0d0 by task kunit_try_catch/169
[   23.649475] 
[   23.649754] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.651631] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.652712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.654644] Call Trace:
[   23.655104]  <TASK>
[   23.655928]  dump_stack_lvl+0x73/0xb0
[   23.656698]  print_report+0xd1/0x640
[   23.657223]  ? __virt_addr_valid+0x1db/0x2d0
[   23.657559]  ? kasan_addr_to_slab+0x11/0xa0
[   23.658897]  kasan_report+0x102/0x140
[   23.659266]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.660231]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   23.661497]  __asan_report_store1_noabort+0x1b/0x30
[   23.662808]  krealloc_less_oob_helper+0xe25/0x11d0
[   23.663991]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.664761]  ? finish_task_switch.isra.0+0x153/0x700
[   23.665776]  ? __switch_to+0x5d9/0xf60
[   23.666842]  ? __schedule+0xc70/0x27e0
[   23.667224]  ? __pfx_read_tsc+0x10/0x10
[   23.668365]  krealloc_large_less_oob+0x1c/0x30
[   23.668802]  kunit_try_run_case+0x1b3/0x490
[   23.669428]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.670366]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.671066]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.671631]  ? __kthread_parkme+0x82/0x160
[   23.672622]  ? preempt_count_sub+0x50/0x80
[   23.673114]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.673757]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.674166]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.674931]  kthread+0x257/0x310
[   23.675487]  ? __pfx_kthread+0x10/0x10
[   23.676124]  ret_from_fork+0x41/0x80
[   23.676726]  ? __pfx_kthread+0x10/0x10
[   23.677006]  ret_from_fork_asm+0x1a/0x30
[   23.677859]  </TASK>
[   23.678195] 
[   23.678718] The buggy address belongs to the physical page:
[   23.679246] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10239c
[   23.680104] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.681209] flags: 0x200000000000040(head|node=0|zone=2)
[   23.681953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.682983] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.683742] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.684391] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.685615] head: 0200000000000002 ffffea000408e701 ffffffffffffffff 0000000000000000
[   23.686449] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.687236] page dumped because: kasan: bad access detected
[   23.688178] 
[   23.688375] Memory state around the buggy address:
[   23.689161]  ffff88810239df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.690016]  ffff88810239e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.690664] >ffff88810239e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.691730]                                                  ^
[   23.692433]  ffff88810239e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.693127]  ffff88810239e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.693923] ==================================================================
[   23.780407] ==================================================================
[   23.780997] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   23.781640] Write of size 1 at addr ffff88810239e0eb by task kunit_try_catch/169
[   23.782433] 
[   23.782619] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.783981] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.784672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.785630] Call Trace:
[   23.785931]  <TASK>
[   23.786128]  dump_stack_lvl+0x73/0xb0
[   23.786964]  print_report+0xd1/0x640
[   23.787454]  ? __virt_addr_valid+0x1db/0x2d0
[   23.787991]  ? kasan_addr_to_slab+0x11/0xa0
[   23.788500]  kasan_report+0x102/0x140
[   23.789088]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.790195]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   23.791933]  __asan_report_store1_noabort+0x1b/0x30
[   23.792582]  krealloc_less_oob_helper+0xd49/0x11d0
[   23.792870]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.793811]  ? finish_task_switch.isra.0+0x153/0x700
[   23.794872]  ? __switch_to+0x5d9/0xf60
[   23.795560]  ? __schedule+0xc70/0x27e0
[   23.796147]  ? __pfx_read_tsc+0x10/0x10
[   23.796489]  krealloc_large_less_oob+0x1c/0x30
[   23.797075]  kunit_try_run_case+0x1b3/0x490
[   23.797429]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.798190]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.799635]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.800824]  ? __kthread_parkme+0x82/0x160
[   23.801698]  ? preempt_count_sub+0x50/0x80
[   23.802773]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.803650]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.804596]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.805557]  kthread+0x257/0x310
[   23.806175]  ? __pfx_kthread+0x10/0x10
[   23.807280]  ret_from_fork+0x41/0x80
[   23.807576]  ? __pfx_kthread+0x10/0x10
[   23.808080]  ret_from_fork_asm+0x1a/0x30
[   23.808459]  </TASK>
[   23.808654] 
[   23.808913] The buggy address belongs to the physical page:
[   23.809892] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10239c
[   23.811160] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.812013] flags: 0x200000000000040(head|node=0|zone=2)
[   23.812819] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.814564] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.815475] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.816824] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.818400] head: 0200000000000002 ffffea000408e701 ffffffffffffffff 0000000000000000
[   23.819183] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.820374] page dumped because: kasan: bad access detected
[   23.820959] 
[   23.821527] Memory state around the buggy address:
[   23.822232]  ffff88810239df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.823111]  ffff88810239e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.823761] >ffff88810239e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.824995]                                                           ^
[   23.825698]  ffff88810239e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.827068]  ffff88810239e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.828595] ==================================================================
[   23.206598] ==================================================================
[   23.207792] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   23.209407] Write of size 1 at addr ffff8881003a06c9 by task kunit_try_catch/165
[   23.210374] 
[   23.210762] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.212774] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.213544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.214494] Call Trace:
[   23.214912]  <TASK>
[   23.215233]  dump_stack_lvl+0x73/0xb0
[   23.216181]  print_report+0xd1/0x640
[   23.217129]  ? __virt_addr_valid+0x1db/0x2d0
[   23.217508]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.218568]  kasan_report+0x102/0x140
[   23.218975]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.219863]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   23.220819]  __asan_report_store1_noabort+0x1b/0x30
[   23.221479]  krealloc_less_oob_helper+0xd72/0x11d0
[   23.222161]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.222941]  ? finish_task_switch.isra.0+0x153/0x700
[   23.224034]  ? __switch_to+0x5d9/0xf60
[   23.224347]  ? __schedule+0xc70/0x27e0
[   23.225166]  ? __pfx_read_tsc+0x10/0x10
[   23.226336]  krealloc_less_oob+0x1c/0x30
[   23.226726]  kunit_try_run_case+0x1b3/0x490
[   23.227894]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.228796]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.229517]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.230373]  ? __kthread_parkme+0x82/0x160
[   23.230981]  ? preempt_count_sub+0x50/0x80
[   23.231197]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.232746]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.233593]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.234411]  kthread+0x257/0x310
[   23.234669]  ? __pfx_kthread+0x10/0x10
[   23.234963]  ret_from_fork+0x41/0x80
[   23.235461]  ? __pfx_kthread+0x10/0x10
[   23.236588]  ret_from_fork_asm+0x1a/0x30
[   23.237131]  </TASK>
[   23.237711] 
[   23.238105] Allocated by task 165:
[   23.239487]  kasan_save_stack+0x3d/0x60
[   23.239867]  kasan_save_track+0x18/0x40
[   23.240671]  kasan_save_alloc_info+0x3b/0x50
[   23.241116]  __kasan_krealloc+0x190/0x1f0
[   23.241596]  krealloc_noprof+0xf3/0x340
[   23.242672]  krealloc_less_oob_helper+0x1ab/0x11d0
[   23.243198]  krealloc_less_oob+0x1c/0x30
[   23.244288]  kunit_try_run_case+0x1b3/0x490
[   23.244824]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.245784]  kthread+0x257/0x310
[   23.246476]  ret_from_fork+0x41/0x80
[   23.246775]  ret_from_fork_asm+0x1a/0x30
[   23.247973] 
[   23.248163] The buggy address belongs to the object at ffff8881003a0600
[   23.248163]  which belongs to the cache kmalloc-256 of size 256
[   23.250194] The buggy address is located 0 bytes to the right of
[   23.250194]  allocated 201-byte region [ffff8881003a0600, ffff8881003a06c9)
[   23.251623] 
[   23.252287] The buggy address belongs to the physical page:
[   23.253349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.254581] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.256046] flags: 0x200000000000040(head|node=0|zone=2)
[   23.256776] page_type: f5(slab)
[   23.257149] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.258219] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.259887] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.261666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.262189] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.263557] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.264446] page dumped because: kasan: bad access detected
[   23.265345] 
[   23.265496] Memory state around the buggy address:
[   23.266603]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.267784]  ffff8881003a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.268523] >ffff8881003a0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.269482]                                               ^
[   23.270232]  ffff8881003a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.270836]  ffff8881003a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.272089] ==================================================================
[   23.384983] ==================================================================
[   23.385461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   23.387391] Write of size 1 at addr ffff8881003a06ea by task kunit_try_catch/165
[   23.388887] 
[   23.389463] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.390409] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.390825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.392045] Call Trace:
[   23.392435]  <TASK>
[   23.393133]  dump_stack_lvl+0x73/0xb0
[   23.393472]  print_report+0xd1/0x640
[   23.394282]  ? __virt_addr_valid+0x1db/0x2d0
[   23.394752]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.395645]  kasan_report+0x102/0x140
[   23.396326]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.397345]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   23.397795]  __asan_report_store1_noabort+0x1b/0x30
[   23.398578]  krealloc_less_oob_helper+0xe92/0x11d0
[   23.399027]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.399885]  ? finish_task_switch.isra.0+0x153/0x700
[   23.400613]  ? __switch_to+0x5d9/0xf60
[   23.401030]  ? __schedule+0xc70/0x27e0
[   23.401644]  ? __pfx_read_tsc+0x10/0x10
[   23.402255]  krealloc_less_oob+0x1c/0x30
[   23.402846]  kunit_try_run_case+0x1b3/0x490
[   23.403360]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.403900]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.404526]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.405098]  ? __kthread_parkme+0x82/0x160
[   23.405750]  ? preempt_count_sub+0x50/0x80
[   23.406350]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.407365]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.408246]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.408834]  kthread+0x257/0x310
[   23.409477]  ? __pfx_kthread+0x10/0x10
[   23.410423]  ret_from_fork+0x41/0x80
[   23.410775]  ? __pfx_kthread+0x10/0x10
[   23.411410]  ret_from_fork_asm+0x1a/0x30
[   23.412480]  </TASK>
[   23.412788] 
[   23.413023] Allocated by task 165:
[   23.413555]  kasan_save_stack+0x3d/0x60
[   23.414193]  kasan_save_track+0x18/0x40
[   23.414594]  kasan_save_alloc_info+0x3b/0x50
[   23.415069]  __kasan_krealloc+0x190/0x1f0
[   23.415430]  krealloc_noprof+0xf3/0x340
[   23.416081]  krealloc_less_oob_helper+0x1ab/0x11d0
[   23.416671]  krealloc_less_oob+0x1c/0x30
[   23.417145]  kunit_try_run_case+0x1b3/0x490
[   23.417609]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.418250]  kthread+0x257/0x310
[   23.418678]  ret_from_fork+0x41/0x80
[   23.419443]  ret_from_fork_asm+0x1a/0x30
[   23.419728] 
[   23.420115] The buggy address belongs to the object at ffff8881003a0600
[   23.420115]  which belongs to the cache kmalloc-256 of size 256
[   23.421542] The buggy address is located 33 bytes to the right of
[   23.421542]  allocated 201-byte region [ffff8881003a0600, ffff8881003a06c9)
[   23.423034] 
[   23.423317] The buggy address belongs to the physical page:
[   23.423834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.424738] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.425544] flags: 0x200000000000040(head|node=0|zone=2)
[   23.426183] page_type: f5(slab)
[   23.426648] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.427499] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.428334] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.429069] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.429952] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.430616] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.431509] page dumped because: kasan: bad access detected
[   23.432106] 
[   23.432354] Memory state around the buggy address:
[   23.433075]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.433895]  ffff8881003a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.434458] >ffff8881003a0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.435385]                                                           ^
[   23.435968]  ffff8881003a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.436632]  ffff8881003a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.437570] ==================================================================
[   23.694932] ==================================================================
[   23.695464] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   23.696585] Write of size 1 at addr ffff88810239e0da by task kunit_try_catch/169
[   23.697491] 
[   23.697681] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.698250] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.698814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.700175] Call Trace:
[   23.701094]  <TASK>
[   23.701537]  dump_stack_lvl+0x73/0xb0
[   23.702516]  print_report+0xd1/0x640
[   23.703270]  ? __virt_addr_valid+0x1db/0x2d0
[   23.703764]  ? kasan_addr_to_slab+0x11/0xa0
[   23.704366]  kasan_report+0x102/0x140
[   23.704772]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.705432]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   23.706025]  __asan_report_store1_noabort+0x1b/0x30
[   23.706902]  krealloc_less_oob_helper+0xec8/0x11d0
[   23.707734]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   23.708506]  ? finish_task_switch.isra.0+0x153/0x700
[   23.709155]  ? __switch_to+0x5d9/0xf60
[   23.710249]  ? __schedule+0xc70/0x27e0
[   23.711049]  ? __pfx_read_tsc+0x10/0x10
[   23.712142]  krealloc_large_less_oob+0x1c/0x30
[   23.712633]  kunit_try_run_case+0x1b3/0x490
[   23.713731]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.714647]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.715332]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.715992]  ? __kthread_parkme+0x82/0x160
[   23.716922]  ? preempt_count_sub+0x50/0x80
[   23.717567]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.718137]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.718819]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.719392]  kthread+0x257/0x310
[   23.720070]  ? __pfx_kthread+0x10/0x10
[   23.720415]  ret_from_fork+0x41/0x80
[   23.721343]  ? __pfx_kthread+0x10/0x10
[   23.721720]  ret_from_fork_asm+0x1a/0x30
[   23.722904]  </TASK>
[   23.723382] 
[   23.723617] The buggy address belongs to the physical page:
[   23.724181] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10239c
[   23.724787] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.725942] flags: 0x200000000000040(head|node=0|zone=2)
[   23.726531] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.727524] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.728197] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.729023] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.729794] head: 0200000000000002 ffffea000408e701 ffffffffffffffff 0000000000000000
[   23.730582] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.731573] page dumped because: kasan: bad access detected
[   23.732192] 
[   23.732359] Memory state around the buggy address:
[   23.732887]  ffff88810239df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.733671]  ffff88810239e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.734444] >ffff88810239e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.735141]                                                     ^
[   23.735965]  ffff88810239e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.736624]  ffff88810239e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.737372] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2py6iNW3A19OotmKMY53lmGd6oj

job_id

TEST:linaro@lkft#2py6oNZWhxtgVMZK3Ek4jsM4HRg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2py6oNZWhxtgVMZK3Ek4jsM4HRg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6l9cQAS9X4UuL7CI8IoAQLY9/bzImage
sha256sum	f2def6667a55fdb12dee0962daf6bcbe66cf324f93249dc5ac8e99310b080d86

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6l9cQAS9X4UuL7CI8IoAQLY9/modules.tar.xz
sha256sum	b8ac931af103d7c2342f58fb2ac1b1b78a223c58c1dd243149250d39dac436b0

durations

tests

boot	445.05
kunit	498.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit