Hay
Sign in
Date
Dec. 9, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   23.789585] ==================================================================
[   23.790358] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   23.791280] Write of size 1 at addr fff00000c645e0f0 by task kunit_try_catch/148
[   23.792492] 
[   23.792842] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.794530] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.795493] Hardware name: linux,dummy-virt (DT)
[   23.796094] Call trace:
[   23.796550]  show_stack+0x20/0x38 (C)
[   23.797214]  dump_stack_lvl+0x8c/0xd0
[   23.797903]  print_report+0x118/0x5e0
[   23.798562]  kasan_report+0xc8/0x118
[   23.799497]  __asan_report_store1_noabort+0x20/0x30
[   23.800090]  krealloc_more_oob_helper+0x5c8/0x680
[   23.800754]  krealloc_large_more_oob+0x20/0x38
[   23.801347]  kunit_try_run_case+0x14c/0x3d0
[   23.802034]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.802719]  kthread+0x24c/0x2d0
[   23.803329]  ret_from_fork+0x10/0x20
[   23.804158] 
[   23.804528] The buggy address belongs to the physical page:
[   23.805185] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10645c
[   23.806036] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.807318] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.808210] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.809047] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.809918] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.810759] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.811885] head: 0bfffe0000000002 ffffc1ffc3191701 ffffffffffffffff 0000000000000000
[   23.812737] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.813447] page dumped because: kasan: bad access detected
[   23.813768] 
[   23.814052] Memory state around the buggy address:
[   23.814562]  fff00000c645df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.815858]  fff00000c645e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.816458] >fff00000c645e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.817337]                                                              ^
[   23.818372]  fff00000c645e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.819518]  fff00000c645e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.820690] ==================================================================
[   23.472019] ==================================================================
[   23.472715] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   23.473663] Write of size 1 at addr fff00000c4598af0 by task kunit_try_catch/144
[   23.474550] 
[   23.474972] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.477115] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.477623] Hardware name: linux,dummy-virt (DT)
[   23.478272] Call trace:
[   23.478659]  show_stack+0x20/0x38 (C)
[   23.479410]  dump_stack_lvl+0x8c/0xd0
[   23.479972]  print_report+0x118/0x5e0
[   23.480474]  kasan_report+0xc8/0x118
[   23.481085]  __asan_report_store1_noabort+0x20/0x30
[   23.482284]  krealloc_more_oob_helper+0x5c8/0x680
[   23.483018]  krealloc_more_oob+0x20/0x38
[   23.483565]  kunit_try_run_case+0x14c/0x3d0
[   23.484242]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.484955]  kthread+0x24c/0x2d0
[   23.485529]  ret_from_fork+0x10/0x20
[   23.486068] 
[   23.486382] Allocated by task 144:
[   23.487156]  kasan_save_stack+0x3c/0x68
[   23.487656]  kasan_save_track+0x20/0x40
[   23.488181]  kasan_save_alloc_info+0x40/0x58
[   23.488764]  __kasan_krealloc+0x118/0x178
[   23.489273]  krealloc_noprof+0x128/0x360
[   23.489889]  krealloc_more_oob_helper+0x168/0x680
[   23.490458]  krealloc_more_oob+0x20/0x38
[   23.491015]  kunit_try_run_case+0x14c/0x3d0
[   23.492223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.492945]  kthread+0x24c/0x2d0
[   23.493509]  ret_from_fork+0x10/0x20
[   23.494150] 
[   23.494421] The buggy address belongs to the object at fff00000c4598a00
[   23.494421]  which belongs to the cache kmalloc-256 of size 256
[   23.496044] The buggy address is located 5 bytes to the right of
[   23.496044]  allocated 235-byte region [fff00000c4598a00, fff00000c4598aeb)
[   23.497769] 
[   23.498116] The buggy address belongs to the physical page:
[   23.498854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104598
[   23.500023] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.500904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.501738] page_type: f5(slab)
[   23.502173] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.503039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.503965] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.504828] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.505757] head: 0bfffe0000000001 ffffc1ffc3116601 ffffffffffffffff 0000000000000000
[   23.506614] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.507509] page dumped because: kasan: bad access detected
[   23.508174] 
[   23.508461] Memory state around the buggy address:
[   23.509244]  fff00000c4598980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.509982]  fff00000c4598a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.510780] >fff00000c4598a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.512024]                                                              ^
[   23.512752]  fff00000c4598b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.513606]  fff00000c4598b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.514471] ==================================================================
[   23.425666] ==================================================================
[   23.426719] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   23.427931] Write of size 1 at addr fff00000c4598aeb by task kunit_try_catch/144
[   23.428728] 
[   23.429150] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.430299] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.430939] Hardware name: linux,dummy-virt (DT)
[   23.431952] Call trace:
[   23.432446]  show_stack+0x20/0x38 (C)
[   23.433130]  dump_stack_lvl+0x8c/0xd0
[   23.433773]  print_report+0x118/0x5e0
[   23.434426]  kasan_report+0xc8/0x118
[   23.435071]  __asan_report_store1_noabort+0x20/0x30
[   23.435770]  krealloc_more_oob_helper+0x614/0x680
[   23.436883]  krealloc_more_oob+0x20/0x38
[   23.437554]  kunit_try_run_case+0x14c/0x3d0
[   23.438184]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.439100]  kthread+0x24c/0x2d0
[   23.439721]  ret_from_fork+0x10/0x20
[   23.440363] 
[   23.440801] Allocated by task 144:
[   23.441363]  kasan_save_stack+0x3c/0x68
[   23.442066]  kasan_save_track+0x20/0x40
[   23.442676]  kasan_save_alloc_info+0x40/0x58
[   23.443536]  __kasan_krealloc+0x118/0x178
[   23.444176]  krealloc_noprof+0x128/0x360
[   23.444911]  krealloc_more_oob_helper+0x168/0x680
[   23.445649]  krealloc_more_oob+0x20/0x38
[   23.446286]  kunit_try_run_case+0x14c/0x3d0
[   23.447249]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.448002]  kthread+0x24c/0x2d0
[   23.448581]  ret_from_fork+0x10/0x20
[   23.449216] 
[   23.449568] The buggy address belongs to the object at fff00000c4598a00
[   23.449568]  which belongs to the cache kmalloc-256 of size 256
[   23.451076] The buggy address is located 0 bytes to the right of
[   23.451076]  allocated 235-byte region [fff00000c4598a00, fff00000c4598aeb)
[   23.452436] 
[   23.453000] The buggy address belongs to the physical page:
[   23.453527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104598
[   23.454672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.455862] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.456838] page_type: f5(slab)
[   23.457460] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.458466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.459565] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.460602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.461496] head: 0bfffe0000000001 ffffc1ffc3116601 ffffffffffffffff 0000000000000000
[   23.462390] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.463455] page dumped because: kasan: bad access detected
[   23.463984] 
[   23.464200] Memory state around the buggy address:
[   23.464651]  fff00000c4598980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.465461]  fff00000c4598a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.466353] >fff00000c4598a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.467279]                                                           ^
[   23.468347]  fff00000c4598b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.469131]  fff00000c4598b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.469905] ==================================================================
[   23.756469] ==================================================================
[   23.757907] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   23.758612] Write of size 1 at addr fff00000c645e0eb by task kunit_try_catch/148
[   23.760588] 
[   23.761024] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.762170] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.763251] Hardware name: linux,dummy-virt (DT)
[   23.763931] Call trace:
[   23.764314]  show_stack+0x20/0x38 (C)
[   23.764841]  dump_stack_lvl+0x8c/0xd0
[   23.765389]  print_report+0x118/0x5e0
[   23.766000]  kasan_report+0xc8/0x118
[   23.766511]  __asan_report_store1_noabort+0x20/0x30
[   23.767146]  krealloc_more_oob_helper+0x614/0x680
[   23.767943]  krealloc_large_more_oob+0x20/0x38
[   23.768521]  kunit_try_run_case+0x14c/0x3d0
[   23.769218]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.769918]  kthread+0x24c/0x2d0
[   23.770431]  ret_from_fork+0x10/0x20
[   23.771241] 
[   23.771543] The buggy address belongs to the physical page:
[   23.772159] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10645c
[   23.773008] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.773878] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.774665] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.775504] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.776331] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.777301] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.778232] head: 0bfffe0000000002 ffffc1ffc3191701 ffffffffffffffff 0000000000000000
[   23.779300] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.780334] page dumped because: kasan: bad access detected
[   23.780971] 
[   23.781456] Memory state around the buggy address:
[   23.782201]  fff00000c645df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.783244]  fff00000c645e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.783966] >fff00000c645e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.784692]                                                           ^
[   23.785382]  fff00000c645e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.786142]  fff00000c645e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.787109] ==================================================================
Metadata Full log Test run details 

[   23.089071] ==================================================================
[   23.090217] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   23.091415] Write of size 1 at addr ffff8881003a04eb by task kunit_try_catch/163
[   23.092525] 
[   23.092760] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.093771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.094942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.095526] Call Trace:
[   23.095937]  <TASK>
[   23.096391]  dump_stack_lvl+0x73/0xb0
[   23.096863]  print_report+0xd1/0x640
[   23.097573]  ? __virt_addr_valid+0x1db/0x2d0
[   23.098026]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.098739]  kasan_report+0x102/0x140
[   23.099091]  ? krealloc_more_oob_helper+0x823/0x930
[   23.099566]  ? krealloc_more_oob_helper+0x823/0x930
[   23.099943]  __asan_report_store1_noabort+0x1b/0x30
[   23.100543]  krealloc_more_oob_helper+0x823/0x930
[   23.101611]  ? __schedule+0xc70/0x27e0
[   23.102139]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.102871]  ? finish_task_switch.isra.0+0x153/0x700
[   23.103415]  ? __switch_to+0x5d9/0xf60
[   23.103951]  ? __schedule+0xc70/0x27e0
[   23.104460]  ? __pfx_read_tsc+0x10/0x10
[   23.104952]  krealloc_more_oob+0x1c/0x30
[   23.105959]  kunit_try_run_case+0x1b3/0x490
[   23.106486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.106981]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.107577]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.108112]  ? __kthread_parkme+0x82/0x160
[   23.108517]  ? preempt_count_sub+0x50/0x80
[   23.108995]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.109555]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.110098]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.110764]  kthread+0x257/0x310
[   23.111160]  ? __pfx_kthread+0x10/0x10
[   23.112037]  ret_from_fork+0x41/0x80
[   23.112574]  ? __pfx_kthread+0x10/0x10
[   23.113049]  ret_from_fork_asm+0x1a/0x30
[   23.113522]  </TASK>
[   23.113751] 
[   23.114137] Allocated by task 163:
[   23.114656]  kasan_save_stack+0x3d/0x60
[   23.115090]  kasan_save_track+0x18/0x40
[   23.115655]  kasan_save_alloc_info+0x3b/0x50
[   23.116246]  __kasan_krealloc+0x190/0x1f0
[   23.116783]  krealloc_noprof+0xf3/0x340
[   23.117204]  krealloc_more_oob_helper+0x1aa/0x930
[   23.117685]  krealloc_more_oob+0x1c/0x30
[   23.118818]  kunit_try_run_case+0x1b3/0x490
[   23.119370]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.119940]  kthread+0x257/0x310
[   23.120389]  ret_from_fork+0x41/0x80
[   23.120950]  ret_from_fork_asm+0x1a/0x30
[   23.121479] 
[   23.121738] The buggy address belongs to the object at ffff8881003a0400
[   23.121738]  which belongs to the cache kmalloc-256 of size 256
[   23.123479] The buggy address is located 0 bytes to the right of
[   23.123479]  allocated 235-byte region [ffff8881003a0400, ffff8881003a04eb)
[   23.124978] 
[   23.125432] The buggy address belongs to the physical page:
[   23.126023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.126975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.128168] flags: 0x200000000000040(head|node=0|zone=2)
[   23.128597] page_type: f5(slab)
[   23.128992] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.129625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.130178] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.131025] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.131853] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.132636] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.133443] page dumped because: kasan: bad access detected
[   23.133933] 
[   23.134126] Memory state around the buggy address:
[   23.135382]  ffff8881003a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.136156]  ffff8881003a0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.136883] >ffff8881003a0480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.137599]                                                           ^
[   23.138285]  ffff8881003a0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.138920]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.139938] ==================================================================
[   23.496745] ==================================================================
[   23.497741] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   23.498556] Write of size 1 at addr ffff8881022e60eb by task kunit_try_catch/167
[   23.500030] 
[   23.500231] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.502517] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.503468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.505186] Call Trace:
[   23.505406]  <TASK>
[   23.505745]  dump_stack_lvl+0x73/0xb0
[   23.507019]  print_report+0xd1/0x640
[   23.507654]  ? __virt_addr_valid+0x1db/0x2d0
[   23.508388]  ? kasan_addr_to_slab+0x11/0xa0
[   23.508831]  kasan_report+0x102/0x140
[   23.510017]  ? krealloc_more_oob_helper+0x823/0x930
[   23.510889]  ? krealloc_more_oob_helper+0x823/0x930
[   23.512041]  __asan_report_store1_noabort+0x1b/0x30
[   23.512558]  krealloc_more_oob_helper+0x823/0x930
[   23.513022]  ? __schedule+0xc70/0x27e0
[   23.513433]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.513937]  ? finish_task_switch.isra.0+0x153/0x700
[   23.515129]  ? __switch_to+0x5d9/0xf60
[   23.515767]  ? __schedule+0xc70/0x27e0
[   23.516536]  ? __pfx_read_tsc+0x10/0x10
[   23.516737]  krealloc_large_more_oob+0x1c/0x30
[   23.517427]  kunit_try_run_case+0x1b3/0x490
[   23.518440]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.519208]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.520055]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.520612]  ? __kthread_parkme+0x82/0x160
[   23.521389]  ? preempt_count_sub+0x50/0x80
[   23.521990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.522626]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.523832]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.524773]  kthread+0x257/0x310
[   23.525427]  ? __pfx_kthread+0x10/0x10
[   23.525789]  ret_from_fork+0x41/0x80
[   23.526255]  ? __pfx_kthread+0x10/0x10
[   23.527045]  ret_from_fork_asm+0x1a/0x30
[   23.527916]  </TASK>
[   23.528523] 
[   23.528703] The buggy address belongs to the physical page:
[   23.529724] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e4
[   23.531474] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.532770] flags: 0x200000000000040(head|node=0|zone=2)
[   23.534417] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.535733] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.536984] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.538285] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.539122] head: 0200000000000002 ffffea000408b901 ffffffffffffffff 0000000000000000
[   23.540206] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.540627] page dumped because: kasan: bad access detected
[   23.541240] 
[   23.541457] Memory state around the buggy address:
[   23.542649]  ffff8881022e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.543730]  ffff8881022e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.545362] >ffff8881022e6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.546597]                                                           ^
[   23.547493]  ffff8881022e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.548169]  ffff8881022e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.549135] ==================================================================
[   23.141087] ==================================================================
[   23.141854] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   23.142620] Write of size 1 at addr ffff8881003a04f0 by task kunit_try_catch/163
[   23.143404] 
[   23.143591] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.144516] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.144938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.145593] Call Trace:
[   23.145927]  <TASK>
[   23.146238]  dump_stack_lvl+0x73/0xb0
[   23.147782]  print_report+0xd1/0x640
[   23.148659]  ? __virt_addr_valid+0x1db/0x2d0
[   23.149615]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.150224]  kasan_report+0x102/0x140
[   23.150684]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.151589]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.152695]  __asan_report_store1_noabort+0x1b/0x30
[   23.153558]  krealloc_more_oob_helper+0x7ed/0x930
[   23.154844]  ? __schedule+0xc70/0x27e0
[   23.155232]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.156139]  ? finish_task_switch.isra.0+0x153/0x700
[   23.156625]  ? __switch_to+0x5d9/0xf60
[   23.156975]  ? __schedule+0xc70/0x27e0
[   23.157439]  ? __pfx_read_tsc+0x10/0x10
[   23.157825]  krealloc_more_oob+0x1c/0x30
[   23.158275]  kunit_try_run_case+0x1b3/0x490
[   23.159109]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.160155]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.161376]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.161744]  ? __kthread_parkme+0x82/0x160
[   23.162170]  ? preempt_count_sub+0x50/0x80
[   23.162615]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.163064]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.163826]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.164575]  kthread+0x257/0x310
[   23.165702]  ? __pfx_kthread+0x10/0x10
[   23.166619]  ret_from_fork+0x41/0x80
[   23.167176]  ? __pfx_kthread+0x10/0x10
[   23.168193]  ret_from_fork_asm+0x1a/0x30
[   23.168798]  </TASK>
[   23.169480] 
[   23.169722] Allocated by task 163:
[   23.170532]  kasan_save_stack+0x3d/0x60
[   23.170856]  kasan_save_track+0x18/0x40
[   23.172105]  kasan_save_alloc_info+0x3b/0x50
[   23.172991]  __kasan_krealloc+0x190/0x1f0
[   23.173281]  krealloc_noprof+0xf3/0x340
[   23.174210]  krealloc_more_oob_helper+0x1aa/0x930
[   23.174623]  krealloc_more_oob+0x1c/0x30
[   23.175103]  kunit_try_run_case+0x1b3/0x490
[   23.175731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.176246]  kthread+0x257/0x310
[   23.177190]  ret_from_fork+0x41/0x80
[   23.177588]  ret_from_fork_asm+0x1a/0x30
[   23.178652] 
[   23.178903] The buggy address belongs to the object at ffff8881003a0400
[   23.178903]  which belongs to the cache kmalloc-256 of size 256
[   23.180398] The buggy address is located 5 bytes to the right of
[   23.180398]  allocated 235-byte region [ffff8881003a0400, ffff8881003a04eb)
[   23.181825] 
[   23.182866] The buggy address belongs to the physical page:
[   23.183266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   23.183963] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.184824] flags: 0x200000000000040(head|node=0|zone=2)
[   23.185470] page_type: f5(slab)
[   23.185925] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.186517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.187488] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.188196] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.188900] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   23.190228] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   23.191431] page dumped because: kasan: bad access detected
[   23.192177] 
[   23.192889] Memory state around the buggy address:
[   23.193480]  ffff8881003a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.194372]  ffff8881003a0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.194972] >ffff8881003a0480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.195740]                                                              ^
[   23.197047]  ffff8881003a0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.197851]  ffff8881003a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.199035] ==================================================================
[   23.550940] ==================================================================
[   23.551695] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   23.553105] Write of size 1 at addr ffff8881022e60f0 by task kunit_try_catch/167
[   23.554508] 
[   23.554706] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   23.555983] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.556672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.557417] Call Trace:
[   23.557737]  <TASK>
[   23.557999]  dump_stack_lvl+0x73/0xb0
[   23.558591]  print_report+0xd1/0x640
[   23.559104]  ? __virt_addr_valid+0x1db/0x2d0
[   23.559846]  ? kasan_addr_to_slab+0x11/0xa0
[   23.560522]  kasan_report+0x102/0x140
[   23.561289]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.561854]  ? krealloc_more_oob_helper+0x7ed/0x930
[   23.562478]  __asan_report_store1_noabort+0x1b/0x30
[   23.563013]  krealloc_more_oob_helper+0x7ed/0x930
[   23.563676]  ? __schedule+0xc70/0x27e0
[   23.564313]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.565134]  ? finish_task_switch.isra.0+0x153/0x700
[   23.565761]  ? __switch_to+0x5d9/0xf60
[   23.566121]  ? __schedule+0xc70/0x27e0
[   23.566738]  ? __pfx_read_tsc+0x10/0x10
[   23.567180]  krealloc_large_more_oob+0x1c/0x30
[   23.567745]  kunit_try_run_case+0x1b3/0x490
[   23.568314]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.568715]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.569381]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.569977]  ? __kthread_parkme+0x82/0x160
[   23.570371]  ? preempt_count_sub+0x50/0x80
[   23.571073]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.571740]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.572436]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.572982]  kthread+0x257/0x310
[   23.573424]  ? __pfx_kthread+0x10/0x10
[   23.573907]  ret_from_fork+0x41/0x80
[   23.574214]  ? __pfx_kthread+0x10/0x10
[   23.575013]  ret_from_fork_asm+0x1a/0x30
[   23.575726]  </TASK>
[   23.576101] 
[   23.576448] The buggy address belongs to the physical page:
[   23.577204] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022e4
[   23.578013] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.578771] flags: 0x200000000000040(head|node=0|zone=2)
[   23.579447] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.580279] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.581163] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.581863] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   23.582662] head: 0200000000000002 ffffea000408b901 ffffffffffffffff 0000000000000000
[   23.583567] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   23.584693] page dumped because: kasan: bad access detected
[   23.585404] 
[   23.585555] Memory state around the buggy address:
[   23.585858]  ffff8881022e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.587144]  ffff8881022e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.588804] >ffff8881022e6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.589727]                                                              ^
[   23.591003]  ffff8881022e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.591798]  ffff8881022e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.592849] ==================================================================
Metadata Full log Test run details