lkft/linux-next-master - next-20241122 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

Nov. 22, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.057851] ==================================================================
[   33.058892] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   33.059602] Write of size 1 at addr fff00000c69f60f0 by task kunit_try_catch/149
[   33.060029] 
[   33.060211] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.062551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.063476] Hardware name: linux,dummy-virt (DT)
[   33.064770] Call trace:
[   33.065366]  show_stack+0x20/0x38 (C)
[   33.066521]  dump_stack_lvl+0x8c/0xd0
[   33.067209]  print_report+0x118/0x5e0
[   33.067772]  kasan_report+0xc8/0x118
[   33.068289]  __asan_report_store1_noabort+0x20/0x30
[   33.069277]  krealloc_more_oob_helper+0x5c8/0x680
[   33.070280]  krealloc_large_more_oob+0x20/0x38
[   33.071548]  kunit_try_run_case+0x14c/0x3d0
[   33.072040]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.073005]  kthread+0x24c/0x2d0
[   33.073940]  ret_from_fork+0x10/0x20
[   33.074367] 
[   33.074864] The buggy address belongs to the physical page:
[   33.075887] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4
[   33.077362] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.078835] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.080831] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.081528] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.082158] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.082860] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.086176] head: 0bfffe0000000002 ffffc1ffc31a7d01 ffffffffffffffff 0000000000000000
[   33.089301] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.091163] page dumped because: kasan: bad access detected
[   33.091693] 
[   33.091940] Memory state around the buggy address:
[   33.092375]  fff00000c69f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.096598]  fff00000c69f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.098782] >fff00000c69f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   33.099891]                                                              ^
[   33.100855]  fff00000c69f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.101600]  fff00000c69f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.102273] ==================================================================
[   32.626724] ==================================================================
[   32.627720] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   32.629025] Write of size 1 at addr fff00000c5c6f2f0 by task kunit_try_catch/145
[   32.631927] 
[   32.632335] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.635340] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.635843] Hardware name: linux,dummy-virt (DT)
[   32.636937] Call trace:
[   32.637925]  show_stack+0x20/0x38 (C)
[   32.639146]  dump_stack_lvl+0x8c/0xd0
[   32.639705]  print_report+0x118/0x5e0
[   32.640320]  kasan_report+0xc8/0x118
[   32.640877]  __asan_report_store1_noabort+0x20/0x30
[   32.641847]  krealloc_more_oob_helper+0x5c8/0x680
[   32.642840]  krealloc_more_oob+0x20/0x38
[   32.644020]  kunit_try_run_case+0x14c/0x3d0
[   32.644794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.646079]  kthread+0x24c/0x2d0
[   32.646920]  ret_from_fork+0x10/0x20
[   32.647567] 
[   32.647894] Allocated by task 145:
[   32.648420]  kasan_save_stack+0x3c/0x68
[   32.649636]  kasan_save_track+0x20/0x40
[   32.650109]  kasan_save_alloc_info+0x40/0x58
[   32.651932]  __kasan_krealloc+0x118/0x178
[   32.653181]  krealloc_noprof+0x128/0x360
[   32.653997]  krealloc_more_oob_helper+0x168/0x680
[   32.654869]  krealloc_more_oob+0x20/0x38
[   32.655427]  kunit_try_run_case+0x14c/0x3d0
[   32.656119]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.657348]  kthread+0x24c/0x2d0
[   32.658398]  ret_from_fork+0x10/0x20
[   32.659468] 
[   32.659770] The buggy address belongs to the object at fff00000c5c6f200
[   32.659770]  which belongs to the cache kmalloc-256 of size 256
[   32.662320] The buggy address is located 5 bytes to the right of
[   32.662320]  allocated 235-byte region [fff00000c5c6f200, fff00000c5c6f2eb)
[   32.664039] 
[   32.664409] The buggy address belongs to the physical page:
[   32.665803] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.666485] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.667465] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.668343] page_type: f5(slab)
[   32.669076] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.670171] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.671264] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.672142] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.673281] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.674501] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.675690] page dumped because: kasan: bad access detected
[   32.676232] 
[   32.676537] Memory state around the buggy address:
[   32.677555]  fff00000c5c6f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.678392]  fff00000c5c6f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.679678] >fff00000c5c6f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.680784]                                                              ^
[   32.681570]  fff00000c5c6f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.682901]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.683799] ==================================================================
[   33.017103] ==================================================================
[   33.018499] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   33.019401] Write of size 1 at addr fff00000c69f60eb by task kunit_try_catch/149
[   33.020466] 
[   33.021233] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.022835] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.023339] Hardware name: linux,dummy-virt (DT)
[   33.023890] Call trace:
[   33.024350]  show_stack+0x20/0x38 (C)
[   33.025102]  dump_stack_lvl+0x8c/0xd0
[   33.026545]  print_report+0x118/0x5e0
[   33.027248]  kasan_report+0xc8/0x118
[   33.028014]  __asan_report_store1_noabort+0x20/0x30
[   33.028757]  krealloc_more_oob_helper+0x614/0x680
[   33.029361]  krealloc_large_more_oob+0x20/0x38
[   33.030603]  kunit_try_run_case+0x14c/0x3d0
[   33.031234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.032055]  kthread+0x24c/0x2d0
[   33.033148]  ret_from_fork+0x10/0x20
[   33.033693] 
[   33.034028] The buggy address belongs to the physical page:
[   33.034589] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069f4
[   33.035702] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.036761] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.037799] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.038781] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.039791] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.040621] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.041677] head: 0bfffe0000000002 ffffc1ffc31a7d01 ffffffffffffffff 0000000000000000
[   33.042635] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   33.044018] page dumped because: kasan: bad access detected
[   33.044951] 
[   33.045243] Memory state around the buggy address:
[   33.045981]  fff00000c69f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.046796]  fff00000c69f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.048341] >fff00000c69f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   33.049729]                                                           ^
[   33.050700]  fff00000c69f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.051728]  fff00000c69f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.053098] ==================================================================
[   32.569385] ==================================================================
[   32.570844] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   32.572127] Write of size 1 at addr fff00000c5c6f2eb by task kunit_try_catch/145
[   32.573050] 
[   32.574087] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   32.576472] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.577088] Hardware name: linux,dummy-virt (DT)
[   32.577749] Call trace:
[   32.578132]  show_stack+0x20/0x38 (C)
[   32.579316]  dump_stack_lvl+0x8c/0xd0
[   32.580188]  print_report+0x118/0x5e0
[   32.582295]  kasan_report+0xc8/0x118
[   32.582761]  __asan_report_store1_noabort+0x20/0x30
[   32.583805]  krealloc_more_oob_helper+0x614/0x680
[   32.584731]  krealloc_more_oob+0x20/0x38
[   32.585271]  kunit_try_run_case+0x14c/0x3d0
[   32.586020]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.587281]  kthread+0x24c/0x2d0
[   32.588131]  ret_from_fork+0x10/0x20
[   32.588976] 
[   32.589286] Allocated by task 145:
[   32.589964]  kasan_save_stack+0x3c/0x68
[   32.590542]  kasan_save_track+0x20/0x40
[   32.591096]  kasan_save_alloc_info+0x40/0x58
[   32.591812]  __kasan_krealloc+0x118/0x178
[   32.592421]  krealloc_noprof+0x128/0x360
[   32.593313]  krealloc_more_oob_helper+0x168/0x680
[   32.594227]  krealloc_more_oob+0x20/0x38
[   32.595390]  kunit_try_run_case+0x14c/0x3d0
[   32.596052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.597405]  kthread+0x24c/0x2d0
[   32.598457]  ret_from_fork+0x10/0x20
[   32.599351] 
[   32.599801] The buggy address belongs to the object at fff00000c5c6f200
[   32.599801]  which belongs to the cache kmalloc-256 of size 256
[   32.601087] The buggy address is located 0 bytes to the right of
[   32.601087]  allocated 235-byte region [fff00000c5c6f200, fff00000c5c6f2eb)
[   32.602547] 
[   32.603023] The buggy address belongs to the physical page:
[   32.603814] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c6e
[   32.604805] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.605524] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.606815] page_type: f5(slab)
[   32.607316] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.609024] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.610666] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.611648] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   32.613298] head: 0bfffe0000000001 ffffc1ffc3171b81 ffffffffffffffff 0000000000000000
[   32.614950] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   32.615831] page dumped because: kasan: bad access detected
[   32.616175] 
[   32.616337] Memory state around the buggy address:
[   32.617560]  fff00000c5c6f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.618293]  fff00000c5c6f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.619850] >fff00000c5c6f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.621415]                                                           ^
[   32.622419]  fff00000c5c6f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.623305]  fff00000c5c6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.624246] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5fJPu1U0syxXCEatKhpHAVGc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5fJPu1U0syxXCEatKhpHAVGc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/Image.gz
sha256sum	c7dd7dbcf7d483b1d1dd11cc623170a05fa77e79300cd8b3c90dab3ce454e75a

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/modules.tar.xz
sha256sum	5eca046fbd2122c8407be146a89207cf131b2811a5bb49c1bd70a7799382ee91

durations

tests

boot	412.61
kunit	528.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   24.604553] ==================================================================
[   24.605032] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   24.605687] Write of size 1 at addr ffff88810232a0f0 by task kunit_try_catch/168
[   24.606427] 
[   24.606610] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.607282] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.607889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.608650] Call Trace:
[   24.609102]  <TASK>
[   24.609517]  dump_stack_lvl+0x73/0xb0
[   24.610033]  print_report+0xd1/0x640
[   24.610530]  ? __virt_addr_valid+0x1db/0x2d0
[   24.611290]  ? kasan_addr_to_slab+0x11/0xa0
[   24.612002]  kasan_report+0x102/0x140
[   24.612562]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.613478]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.614057]  __asan_report_store1_noabort+0x1b/0x30
[   24.614639]  krealloc_more_oob_helper+0x7ed/0x930
[   24.615387]  ? __schedule+0xc3e/0x2790
[   24.616106]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.616729]  ? finish_task_switch.isra.0+0x153/0x700
[   24.617476]  ? __switch_to+0x5d9/0xf60
[   24.618201]  ? __schedule+0xc3e/0x2790
[   24.618768]  ? __pfx_read_tsc+0x10/0x10
[   24.619497]  krealloc_large_more_oob+0x1c/0x30
[   24.620028]  kunit_try_run_case+0x1b3/0x490
[   24.620900]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.621199]  ? irqentry_exit+0x2a/0x60
[   24.622138]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.623127]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.623552]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.624509]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.624982]  kthread+0x257/0x310
[   24.626266]  ? __pfx_kthread+0x10/0x10
[   24.626621]  ret_from_fork+0x41/0x80
[   24.627480]  ? __pfx_kthread+0x10/0x10
[   24.627808]  ret_from_fork_asm+0x1a/0x30
[   24.628332]  </TASK>
[   24.628641] 
[   24.628934] The buggy address belongs to the physical page:
[   24.630026] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.630552] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.631660] flags: 0x200000000000040(head|node=0|zone=2)
[   24.632530] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.633265] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.633921] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.634481] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.635104] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.635951] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.636478] page dumped because: kasan: bad access detected
[   24.637562] 
[   24.637783] Memory state around the buggy address:
[   24.638437]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.639644]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.640181] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.641065]                                                              ^
[   24.641687]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.642458]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.643294] ==================================================================
[   24.562363] ==================================================================
[   24.563347] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   24.564556] Write of size 1 at addr ffff88810232a0eb by task kunit_try_catch/168
[   24.565456] 
[   24.565711] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.566776] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.568107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.568990] Call Trace:
[   24.569426]  <TASK>
[   24.569666]  dump_stack_lvl+0x73/0xb0
[   24.570396]  print_report+0xd1/0x640
[   24.570839]  ? __virt_addr_valid+0x1db/0x2d0
[   24.571464]  ? kasan_addr_to_slab+0x11/0xa0
[   24.571679]  kasan_report+0x102/0x140
[   24.572050]  ? krealloc_more_oob_helper+0x823/0x930
[   24.572947]  ? krealloc_more_oob_helper+0x823/0x930
[   24.573683]  __asan_report_store1_noabort+0x1b/0x30
[   24.574444]  krealloc_more_oob_helper+0x823/0x930
[   24.574962]  ? __schedule+0xc3e/0x2790
[   24.575588]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.576284]  ? finish_task_switch.isra.0+0x153/0x700
[   24.576789]  ? __switch_to+0x5d9/0xf60
[   24.577620]  ? __schedule+0xc3e/0x2790
[   24.578242]  ? __pfx_read_tsc+0x10/0x10
[   24.578723]  krealloc_large_more_oob+0x1c/0x30
[   24.579495]  kunit_try_run_case+0x1b3/0x490
[   24.580030]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.580653]  ? irqentry_exit+0x2a/0x60
[   24.581210]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.582334]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.582789]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.583538]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.584318]  kthread+0x257/0x310
[   24.584745]  ? __pfx_kthread+0x10/0x10
[   24.585308]  ret_from_fork+0x41/0x80
[   24.585722]  ? __pfx_kthread+0x10/0x10
[   24.586401]  ret_from_fork_asm+0x1a/0x30
[   24.587407]  </TASK>
[   24.587601] 
[   24.587849] The buggy address belongs to the physical page:
[   24.588622] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102328
[   24.589446] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.590227] flags: 0x200000000000040(head|node=0|zone=2)
[   24.590798] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.591891] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.592878] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.594200] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.595071] head: 0200000000000002 ffffea000408ca01 ffffffffffffffff 0000000000000000
[   24.595927] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.596527] page dumped because: kasan: bad access detected
[   24.597616] 
[   24.598096] Memory state around the buggy address:
[   24.598813]  ffff888102329f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.600150]  ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.600784] >ffff88810232a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.601514]                                                           ^
[   24.602142]  ffff88810232a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.602719]  ffff88810232a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.603497] ==================================================================
[   24.251199] ==================================================================
[   24.251925] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   24.252545] Write of size 1 at addr ffff888100394cf0 by task kunit_try_catch/164
[   24.253105] 
[   24.253381] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.253998] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.254398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.255090] Call Trace:
[   24.255416]  <TASK>
[   24.255675]  dump_stack_lvl+0x73/0xb0
[   24.256057]  print_report+0xd1/0x640
[   24.256579]  ? __virt_addr_valid+0x1db/0x2d0
[   24.257226]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.257588]  kasan_report+0x102/0x140
[   24.257973]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.259482]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.259948]  __asan_report_store1_noabort+0x1b/0x30
[   24.260424]  krealloc_more_oob_helper+0x7ed/0x930
[   24.260729]  ? trace_hardirqs_on+0x37/0xe0
[   24.261030]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.261341]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.262500]  ? __pfx_krealloc_more_oob+0x10/0x10
[   24.263272]  krealloc_more_oob+0x1c/0x30
[   24.263710]  kunit_try_run_case+0x1b3/0x490
[   24.264466]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.265150]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.265865]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.266409]  ? __kthread_parkme+0x82/0x160
[   24.266901]  ? preempt_count_sub+0x50/0x80
[   24.267210]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.268091]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.268733]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.270396]  kthread+0x257/0x310
[   24.270861]  ? __pfx_kthread+0x10/0x10
[   24.271197]  ret_from_fork+0x41/0x80
[   24.271784]  ? __pfx_kthread+0x10/0x10
[   24.272388]  ret_from_fork_asm+0x1a/0x30
[   24.272692]  </TASK>
[   24.273031] 
[   24.273743] Allocated by task 164:
[   24.274210]  kasan_save_stack+0x3d/0x60
[   24.274749]  kasan_save_track+0x18/0x40
[   24.275040]  kasan_save_alloc_info+0x3b/0x50
[   24.275438]  __kasan_krealloc+0x190/0x1f0
[   24.275931]  krealloc_noprof+0xf3/0x340
[   24.276366]  krealloc_more_oob_helper+0x1aa/0x930
[   24.277179]  krealloc_more_oob+0x1c/0x30
[   24.278026]  kunit_try_run_case+0x1b3/0x490
[   24.278601]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.279039]  kthread+0x257/0x310
[   24.279443]  ret_from_fork+0x41/0x80
[   24.280182]  ret_from_fork_asm+0x1a/0x30
[   24.280584] 
[   24.280737] The buggy address belongs to the object at ffff888100394c00
[   24.280737]  which belongs to the cache kmalloc-256 of size 256
[   24.281409] The buggy address is located 5 bytes to the right of
[   24.281409]  allocated 235-byte region [ffff888100394c00, ffff888100394ceb)
[   24.282969] 
[   24.283226] The buggy address belongs to the physical page:
[   24.283697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   24.284209] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.285344] flags: 0x200000000000040(head|node=0|zone=2)
[   24.286604] page_type: f5(slab)
[   24.286870] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.287532] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.288429] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.289343] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.290666] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   24.292148] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.292951] page dumped because: kasan: bad access detected
[   24.293501] 
[   24.293651] Memory state around the buggy address:
[   24.294109]  ffff888100394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.295011]  ffff888100394c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.295442] >ffff888100394c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.296215]                                                              ^
[   24.296744]  ffff888100394d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.297634]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.298167] ==================================================================
[   24.195661] ==================================================================
[   24.196728] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   24.197183] Write of size 1 at addr ffff888100394ceb by task kunit_try_catch/164
[   24.197997] 
[   24.198235] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   24.199931] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.200352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.201040] Call Trace:
[   24.201243]  <TASK>
[   24.201741]  dump_stack_lvl+0x73/0xb0
[   24.203129]  print_report+0xd1/0x640
[   24.203634]  ? __virt_addr_valid+0x1db/0x2d0
[   24.204406]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.204761]  kasan_report+0x102/0x140
[   24.205405]  ? krealloc_more_oob_helper+0x823/0x930
[   24.206572]  ? krealloc_more_oob_helper+0x823/0x930
[   24.207346]  __asan_report_store1_noabort+0x1b/0x30
[   24.207720]  krealloc_more_oob_helper+0x823/0x930
[   24.208847]  ? trace_hardirqs_on+0x37/0xe0
[   24.209642]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.210076]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.210465]  ? __pfx_krealloc_more_oob+0x10/0x10
[   24.211252]  krealloc_more_oob+0x1c/0x30
[   24.211848]  kunit_try_run_case+0x1b3/0x490
[   24.212773]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.213374]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.213817]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.215046]  ? __kthread_parkme+0x82/0x160
[   24.215421]  ? preempt_count_sub+0x50/0x80
[   24.216149]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.216799]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.217249]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.217922]  kthread+0x257/0x310
[   24.219366]  ? __pfx_kthread+0x10/0x10
[   24.220052]  ret_from_fork+0x41/0x80
[   24.220411]  ? __pfx_kthread+0x10/0x10
[   24.220933]  ret_from_fork_asm+0x1a/0x30
[   24.221498]  </TASK>
[   24.221795] 
[   24.222304] Allocated by task 164:
[   24.222727]  kasan_save_stack+0x3d/0x60
[   24.223786]  kasan_save_track+0x18/0x40
[   24.224268]  kasan_save_alloc_info+0x3b/0x50
[   24.224481]  __kasan_krealloc+0x190/0x1f0
[   24.224629]  krealloc_noprof+0xf3/0x340
[   24.224765]  krealloc_more_oob_helper+0x1aa/0x930
[   24.225168]  krealloc_more_oob+0x1c/0x30
[   24.225625]  kunit_try_run_case+0x1b3/0x490
[   24.226344]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.227495]  kthread+0x257/0x310
[   24.227950]  ret_from_fork+0x41/0x80
[   24.228553]  ret_from_fork_asm+0x1a/0x30
[   24.229285] 
[   24.229523] The buggy address belongs to the object at ffff888100394c00
[   24.229523]  which belongs to the cache kmalloc-256 of size 256
[   24.230770] The buggy address is located 0 bytes to the right of
[   24.230770]  allocated 235-byte region [ffff888100394c00, ffff888100394ceb)
[   24.233061] 
[   24.233227] The buggy address belongs to the physical page:
[   24.234063] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   24.234777] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.235785] flags: 0x200000000000040(head|node=0|zone=2)
[   24.236478] page_type: f5(slab)
[   24.236866] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.237409] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.238213] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.238850] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.240110] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   24.240770] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.241540] page dumped because: kasan: bad access detected
[   24.242279] 
[   24.242504] Memory state around the buggy address:
[   24.243456]  ffff888100394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.243982]  ffff888100394c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.244519] >ffff888100394c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.245142]                                                           ^
[   24.246085]  ffff888100394d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.246759]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.247786] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5gJrOhOMCPVCTwF6RWUbKkzV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5gJrOhOMCPVCTwF6RWUbKkzV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/bzImage
sha256sum	9e430a5c45c1c4d501e13019c577f1fb3e738d06e3c62c75693b9374ef9b548d

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/modules.tar.xz
sha256sum	342d3a3609bc12bfde714988d31ce95ccf57861e8edbfa31f0f2d2d1be459952

durations

tests

boot	362.79
kunit	484.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit