lkft/linux-next-master - next-20241127 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

Nov. 27, 2024, 3:37 a.m.

Environment
qemu-arm64
qemu-x86_64

[   47.370177] ==================================================================
[   47.371036] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   47.371709] Write of size 1 at addr fff00000c65fa0f0 by task kunit_try_catch/149
[   47.372477] 
[   47.372772] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   47.373957] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.374695] Hardware name: linux,dummy-virt (DT)
[   47.375417] Call trace:
[   47.375817]  show_stack+0x20/0x38 (C)
[   47.376436]  dump_stack_lvl+0x8c/0xd0
[   47.376952]  print_report+0x118/0x5e0
[   47.377601]  kasan_report+0xc8/0x118
[   47.378328]  __asan_report_store1_noabort+0x20/0x30
[   47.379186]  krealloc_more_oob_helper+0x5c8/0x680
[   47.380004]  krealloc_large_more_oob+0x20/0x38
[   47.380705]  kunit_try_run_case+0x14c/0x3d0
[   47.381395]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.382165]  kthread+0x24c/0x2d0
[   47.382784]  ret_from_fork+0x10/0x20
[   47.383343] 
[   47.383687] The buggy address belongs to the physical page:
[   47.384541] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f8
[   47.385596] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.386571] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   47.387488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   47.388436] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.389385] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   47.390329] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.391320] head: 0bfffe0000000002 ffffc1ffc3197e01 ffffffffffffffff 0000000000000000
[   47.392250] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   47.393196] page dumped because: kasan: bad access detected
[   47.393958] 
[   47.394414] Memory state around the buggy address:
[   47.395113]  fff00000c65f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.396048]  fff00000c65fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.397017] >fff00000c65fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   47.397887]                                                              ^
[   47.398791]  fff00000c65fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.399802]  fff00000c65fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.400742] ==================================================================
[   47.039752] ==================================================================
[   47.040555] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   47.042209] Write of size 1 at addr fff00000c45460f0 by task kunit_try_catch/145
[   47.043074] 
[   47.043457] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   47.044506] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.045497] Hardware name: linux,dummy-virt (DT)
[   47.046162] Call trace:
[   47.046573]  show_stack+0x20/0x38 (C)
[   47.047151]  dump_stack_lvl+0x8c/0xd0
[   47.047778]  print_report+0x118/0x5e0
[   47.048316]  kasan_report+0xc8/0x118
[   47.048869]  __asan_report_store1_noabort+0x20/0x30
[   47.049762]  krealloc_more_oob_helper+0x5c8/0x680
[   47.050453]  krealloc_more_oob+0x20/0x38
[   47.051012]  kunit_try_run_case+0x14c/0x3d0
[   47.051858]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.052546]  kthread+0x24c/0x2d0
[   47.053155]  ret_from_fork+0x10/0x20
[   47.054013] 
[   47.054254] Allocated by task 145:
[   47.055046]  kasan_save_stack+0x3c/0x68
[   47.055701]  kasan_save_track+0x20/0x40
[   47.056472]  kasan_save_alloc_info+0x40/0x58
[   47.057091]  __kasan_krealloc+0x118/0x178
[   47.057788]  krealloc_noprof+0x128/0x360
[   47.058445]  krealloc_more_oob_helper+0x168/0x680
[   47.059234]  krealloc_more_oob+0x20/0x38
[   47.059939]  kunit_try_run_case+0x14c/0x3d0
[   47.060685]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.061364]  kthread+0x24c/0x2d0
[   47.062606]  ret_from_fork+0x10/0x20
[   47.063091] 
[   47.063386] The buggy address belongs to the object at fff00000c4546000
[   47.063386]  which belongs to the cache kmalloc-256 of size 256
[   47.064981] The buggy address is located 5 bytes to the right of
[   47.064981]  allocated 235-byte region [fff00000c4546000, fff00000c45460eb)
[   47.066749] 
[   47.067092] The buggy address belongs to the physical page:
[   47.067942] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104546
[   47.068951] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.070153] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   47.071113] page_type: f5(slab)
[   47.071579] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   47.072377] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   47.073499] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   47.074653] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   47.075747] head: 0bfffe0000000001 ffffc1ffc3115181 ffffffffffffffff 0000000000000000
[   47.076824] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   47.078113] page dumped because: kasan: bad access detected
[   47.079004] 
[   47.079614] Memory state around the buggy address:
[   47.080218]  fff00000c4545f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.081109]  fff00000c4546000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.082587] >fff00000c4546080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   47.083399]                                                              ^
[   47.084261]  fff00000c4546100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.084887]  fff00000c4546180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.086203] ==================================================================
[   47.334063] ==================================================================
[   47.335501] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   47.336439] Write of size 1 at addr fff00000c65fa0eb by task kunit_try_catch/149
[   47.337323] 
[   47.338208] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   47.339441] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.339978] Hardware name: linux,dummy-virt (DT)
[   47.340723] Call trace:
[   47.341200]  show_stack+0x20/0x38 (C)
[   47.342065]  dump_stack_lvl+0x8c/0xd0
[   47.342725]  print_report+0x118/0x5e0
[   47.343350]  kasan_report+0xc8/0x118
[   47.343955]  __asan_report_store1_noabort+0x20/0x30
[   47.344673]  krealloc_more_oob_helper+0x614/0x680
[   47.345780]  krealloc_large_more_oob+0x20/0x38
[   47.346453]  kunit_try_run_case+0x14c/0x3d0
[   47.347111]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.347904]  kthread+0x24c/0x2d0
[   47.348541]  ret_from_fork+0x10/0x20
[   47.349486] 
[   47.349859] The buggy address belongs to the physical page:
[   47.350669] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f8
[   47.351663] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.352607] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   47.353903] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   47.355026] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.356104] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   47.357207] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.358674] head: 0bfffe0000000002 ffffc1ffc3197e01 ffffffffffffffff 0000000000000000
[   47.360011] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   47.361249] page dumped because: kasan: bad access detected
[   47.361893] 
[   47.362219] Memory state around the buggy address:
[   47.362820]  fff00000c65f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.363824]  fff00000c65fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.364719] >fff00000c65fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   47.365627]                                                           ^
[   47.366537]  fff00000c65fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.367510]  fff00000c65fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.368428] ==================================================================
[   46.993659] ==================================================================
[   46.994790] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   46.995412] Write of size 1 at addr fff00000c45460eb by task kunit_try_catch/145
[   46.996369] 
[   46.996725] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   46.997858] Tainted: [B]=BAD_PAGE, [N]=TEST
[   46.998348] Hardware name: linux,dummy-virt (DT)
[   46.998913] Call trace:
[   46.999372]  show_stack+0x20/0x38 (C)
[   47.000161]  dump_stack_lvl+0x8c/0xd0
[   47.000697]  print_report+0x118/0x5e0
[   47.001613]  kasan_report+0xc8/0x118
[   47.002195]  __asan_report_store1_noabort+0x20/0x30
[   47.002996]  krealloc_more_oob_helper+0x614/0x680
[   47.003833]  krealloc_more_oob+0x20/0x38
[   47.004392]  kunit_try_run_case+0x14c/0x3d0
[   47.005284]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.006091]  kthread+0x24c/0x2d0
[   47.006591]  ret_from_fork+0x10/0x20
[   47.007330] 
[   47.007693] Allocated by task 145:
[   47.008186]  kasan_save_stack+0x3c/0x68
[   47.008820]  kasan_save_track+0x20/0x40
[   47.009692]  kasan_save_alloc_info+0x40/0x58
[   47.010420]  __kasan_krealloc+0x118/0x178
[   47.010905]  krealloc_noprof+0x128/0x360
[   47.011640]  krealloc_more_oob_helper+0x168/0x680
[   47.012470]  krealloc_more_oob+0x20/0x38
[   47.013809]  kunit_try_run_case+0x14c/0x3d0
[   47.014499]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   47.015163]  kthread+0x24c/0x2d0
[   47.015697]  ret_from_fork+0x10/0x20
[   47.016234] 
[   47.016936] The buggy address belongs to the object at fff00000c4546000
[   47.016936]  which belongs to the cache kmalloc-256 of size 256
[   47.018544] The buggy address is located 0 bytes to the right of
[   47.018544]  allocated 235-byte region [fff00000c4546000, fff00000c45460eb)
[   47.019884] 
[   47.020169] The buggy address belongs to the physical page:
[   47.020938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104546
[   47.022279] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.023181] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   47.024052] page_type: f5(slab)
[   47.024602] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   47.025894] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   47.026943] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   47.027820] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   47.028764] head: 0bfffe0000000001 ffffc1ffc3115181 ffffffffffffffff 0000000000000000
[   47.029970] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   47.030915] page dumped because: kasan: bad access detected
[   47.031503] 
[   47.031841] Memory state around the buggy address:
[   47.032518]  fff00000c4545f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.033972]  fff00000c4546000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.034594] >fff00000c4546080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   47.035543]                                                           ^
[   47.036344]  fff00000c4546100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.037178]  fff00000c4546180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.038075] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pPrWzZCaknSLHWPXWgqldRCWId

job_id

TEST:linaro@lkft#2pPrasgygr18pFmDML3VW5NSaLA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pPrasgygr18pFmDML3VW5NSaLA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrXvafjAOnBSZ2PDjzBqmMUCC/Image.gz
sha256sum	7f51b42fbc42b34211545db145326239f0db4bfb7b996201cdd5797585c0f9c7

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrXvafjAOnBSZ2PDjzBqmMUCC/modules.tar.xz
sha256sum	1038ada13ea7237536e1543e3019652e5ec1fb8ccb58d0df0b9351c266f001b7

durations

tests

boot	391.39
kunit	431.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   24.551877] ==================================================================
[   24.553278] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   24.553687] Write of size 1 at addr ffff888102c5a0f0 by task kunit_try_catch/168
[   24.554765] 
[   24.555493] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   24.556448] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.556849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.558258] Call Trace:
[   24.558543]  <TASK>
[   24.558863]  dump_stack_lvl+0x73/0xb0
[   24.559501]  print_report+0xd1/0x640
[   24.559892]  ? __virt_addr_valid+0x1db/0x2d0
[   24.561040]  ? kasan_addr_to_slab+0x11/0xa0
[   24.561843]  kasan_report+0x102/0x140
[   24.562908]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.563567]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.564242]  __asan_report_store1_noabort+0x1b/0x30
[   24.564462]  krealloc_more_oob_helper+0x7ed/0x930
[   24.564669]  ? __schedule+0xc3e/0x2790
[   24.564851]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.565372]  ? finish_task_switch.isra.0+0x153/0x700
[   24.566487]  ? __switch_to+0x5d9/0xf60
[   24.566833]  ? __schedule+0xc3e/0x2790
[   24.567691]  ? __pfx_read_tsc+0x10/0x10
[   24.568386]  krealloc_large_more_oob+0x1c/0x30
[   24.569591]  kunit_try_run_case+0x1b3/0x490
[   24.570481]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.570955]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.571710]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.572413]  ? __kthread_parkme+0x82/0x160
[   24.572806]  ? preempt_count_sub+0x50/0x80
[   24.573288]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.574185]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.574602]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.575739]  kthread+0x257/0x310
[   24.576203]  ? __pfx_kthread+0x10/0x10
[   24.576699]  ret_from_fork+0x41/0x80
[   24.577114]  ? __pfx_kthread+0x10/0x10
[   24.577415]  ret_from_fork_asm+0x1a/0x30
[   24.578199]  </TASK>
[   24.578420] 
[   24.578750] The buggy address belongs to the physical page:
[   24.579603] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58
[   24.580499] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.581756] flags: 0x200000000000040(head|node=0|zone=2)
[   24.582630] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.583503] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.584573] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.584867] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.586397] head: 0200000000000002 ffffea00040b1601 ffffffffffffffff 0000000000000000
[   24.587096] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.587774] page dumped because: kasan: bad access detected
[   24.588783] 
[   24.589514] Memory state around the buggy address:
[   24.590356]  ffff888102c59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.591636]  ffff888102c5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.592657] >ffff888102c5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.593290]                                                              ^
[   24.594375]  ffff888102c5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.595135]  ffff888102c5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.596578] ==================================================================
[   24.509754] ==================================================================
[   24.510821] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   24.511600] Write of size 1 at addr ffff888102c5a0eb by task kunit_try_catch/168
[   24.513524] 
[   24.513730] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   24.515596] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.515926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.516906] Call Trace:
[   24.517829]  <TASK>
[   24.518164]  dump_stack_lvl+0x73/0xb0
[   24.518382]  print_report+0xd1/0x640
[   24.518558]  ? __virt_addr_valid+0x1db/0x2d0
[   24.518756]  ? kasan_addr_to_slab+0x11/0xa0
[   24.519120]  kasan_report+0x102/0x140
[   24.519820]  ? krealloc_more_oob_helper+0x823/0x930
[   24.521044]  ? krealloc_more_oob_helper+0x823/0x930
[   24.521844]  __asan_report_store1_noabort+0x1b/0x30
[   24.522643]  krealloc_more_oob_helper+0x823/0x930
[   24.523415]  ? __schedule+0xc3e/0x2790
[   24.524108]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.524574]  ? finish_task_switch.isra.0+0x153/0x700
[   24.525120]  ? __switch_to+0x5d9/0xf60
[   24.525519]  ? __schedule+0xc3e/0x2790
[   24.525933]  ? __pfx_read_tsc+0x10/0x10
[   24.526428]  krealloc_large_more_oob+0x1c/0x30
[   24.527419]  kunit_try_run_case+0x1b3/0x490
[   24.528086]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.528575]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.529736]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.530170]  ? __kthread_parkme+0x82/0x160
[   24.531191]  ? preempt_count_sub+0x50/0x80
[   24.531603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.532082]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.532692]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.533423]  kthread+0x257/0x310
[   24.533791]  ? __pfx_kthread+0x10/0x10
[   24.534284]  ret_from_fork+0x41/0x80
[   24.534811]  ? __pfx_kthread+0x10/0x10
[   24.535293]  ret_from_fork_asm+0x1a/0x30
[   24.535822]  </TASK>
[   24.536280] 
[   24.536527] The buggy address belongs to the physical page:
[   24.536884] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58
[   24.537688] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.538674] flags: 0x200000000000040(head|node=0|zone=2)
[   24.539176] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.540105] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.540949] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.541783] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   24.542698] head: 0200000000000002 ffffea00040b1601 ffffffffffffffff 0000000000000000
[   24.543318] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   24.543941] page dumped because: kasan: bad access detected
[   24.544409] 
[   24.544718] Memory state around the buggy address:
[   24.545367]  ffff888102c59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.546156]  ffff888102c5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.547179] >ffff888102c5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.547921]                                                           ^
[   24.548784]  ffff888102c5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.549763]  ffff888102c5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.550678] ==================================================================
[   24.084821] ==================================================================
[   24.085442] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   24.085739] Write of size 1 at addr ffff8881003a2aeb by task kunit_try_catch/164
[   24.086110] 
[   24.086291] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   24.087017] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.087514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.088379] Call Trace:
[   24.088583]  <TASK>
[   24.088774]  dump_stack_lvl+0x73/0xb0
[   24.089149]  print_report+0xd1/0x640
[   24.089727]  ? __virt_addr_valid+0x1db/0x2d0
[   24.090373]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.091107]  kasan_report+0x102/0x140
[   24.091624]  ? krealloc_more_oob_helper+0x823/0x930
[   24.091966]  ? krealloc_more_oob_helper+0x823/0x930
[   24.092383]  __asan_report_store1_noabort+0x1b/0x30
[   24.093146]  krealloc_more_oob_helper+0x823/0x930
[   24.093747]  ? __schedule+0xc3e/0x2790
[   24.094403]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.095193]  ? finish_task_switch.isra.0+0x153/0x700
[   24.095755]  ? __switch_to+0x5d9/0xf60
[   24.096204]  ? __schedule+0xc3e/0x2790
[   24.096807]  ? __pfx_read_tsc+0x10/0x10
[   24.097464]  krealloc_more_oob+0x1c/0x30
[   24.097943]  kunit_try_run_case+0x1b3/0x490
[   24.098580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.099135]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.099638]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.100380]  ? __kthread_parkme+0x82/0x160
[   24.100815]  ? preempt_count_sub+0x50/0x80
[   24.101688]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.102140]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.102708]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.103275]  kthread+0x257/0x310
[   24.103685]  ? __pfx_kthread+0x10/0x10
[   24.104213]  ret_from_fork+0x41/0x80
[   24.104661]  ? __pfx_kthread+0x10/0x10
[   24.105162]  ret_from_fork_asm+0x1a/0x30
[   24.105634]  </TASK>
[   24.105865] 
[   24.106222] Allocated by task 164:
[   24.106525]  kasan_save_stack+0x3d/0x60
[   24.107005]  kasan_save_track+0x18/0x40
[   24.107496]  kasan_save_alloc_info+0x3b/0x50
[   24.107799]  __kasan_krealloc+0x190/0x1f0
[   24.108700]  krealloc_noprof+0xf3/0x340
[   24.109267]  krealloc_more_oob_helper+0x1aa/0x930
[   24.109661]  krealloc_more_oob+0x1c/0x30
[   24.110418]  kunit_try_run_case+0x1b3/0x490
[   24.110902]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.111538]  kthread+0x257/0x310
[   24.112088]  ret_from_fork+0x41/0x80
[   24.112703]  ret_from_fork_asm+0x1a/0x30
[   24.113196] 
[   24.113459] The buggy address belongs to the object at ffff8881003a2a00
[   24.113459]  which belongs to the cache kmalloc-256 of size 256
[   24.114749] The buggy address is located 0 bytes to the right of
[   24.114749]  allocated 235-byte region [ffff8881003a2a00, ffff8881003a2aeb)
[   24.115950] 
[   24.116229] The buggy address belongs to the physical page:
[   24.116749] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a2
[   24.117813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.118724] flags: 0x200000000000040(head|node=0|zone=2)
[   24.119206] page_type: f5(slab)
[   24.119731] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.120723] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.121536] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.122290] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.123071] head: 0200000000000001 ffffea000400e881 ffffffffffffffff 0000000000000000
[   24.123841] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.124727] page dumped because: kasan: bad access detected
[   24.125369] 
[   24.125714] Memory state around the buggy address:
[   24.126127]  ffff8881003a2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.126964]  ffff8881003a2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.127733] >ffff8881003a2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.128498]                                                           ^
[   24.129078]  ffff8881003a2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.129616]  ffff8881003a2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.130351] ==================================================================
[   24.132134] ==================================================================
[   24.133283] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   24.134122] Write of size 1 at addr ffff8881003a2af0 by task kunit_try_catch/164
[   24.134886] 
[   24.135291] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   24.136445] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.136975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.137900] Call Trace:
[   24.138406]  <TASK>
[   24.138675]  dump_stack_lvl+0x73/0xb0
[   24.139624]  print_report+0xd1/0x640
[   24.140042]  ? __virt_addr_valid+0x1db/0x2d0
[   24.140496]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.142100]  kasan_report+0x102/0x140
[   24.142465]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.143151]  ? krealloc_more_oob_helper+0x7ed/0x930
[   24.143775]  __asan_report_store1_noabort+0x1b/0x30
[   24.144704]  krealloc_more_oob_helper+0x7ed/0x930
[   24.145166]  ? __schedule+0xc3e/0x2790
[   24.145557]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.146011]  ? finish_task_switch.isra.0+0x153/0x700
[   24.146781]  ? __switch_to+0x5d9/0xf60
[   24.147134]  ? __schedule+0xc3e/0x2790
[   24.147928]  ? __pfx_read_tsc+0x10/0x10
[   24.148668]  krealloc_more_oob+0x1c/0x30
[   24.149307]  kunit_try_run_case+0x1b3/0x490
[   24.149870]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.150390]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.150807]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.151710]  ? __kthread_parkme+0x82/0x160
[   24.152142]  ? preempt_count_sub+0x50/0x80
[   24.152870]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.153680]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.154292]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.155316]  kthread+0x257/0x310
[   24.155681]  ? __pfx_kthread+0x10/0x10
[   24.156800]  ret_from_fork+0x41/0x80
[   24.157245]  ? __pfx_kthread+0x10/0x10
[   24.157655]  ret_from_fork_asm+0x1a/0x30
[   24.158808]  </TASK>
[   24.159447] 
[   24.159636] Allocated by task 164:
[   24.159894]  kasan_save_stack+0x3d/0x60
[   24.160925]  kasan_save_track+0x18/0x40
[   24.161670]  kasan_save_alloc_info+0x3b/0x50
[   24.161872]  __kasan_krealloc+0x190/0x1f0
[   24.162126]  krealloc_noprof+0xf3/0x340
[   24.162725]  krealloc_more_oob_helper+0x1aa/0x930
[   24.163500]  krealloc_more_oob+0x1c/0x30
[   24.164286]  kunit_try_run_case+0x1b3/0x490
[   24.164774]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.165406]  kthread+0x257/0x310
[   24.165688]  ret_from_fork+0x41/0x80
[   24.166256]  ret_from_fork_asm+0x1a/0x30
[   24.166779] 
[   24.167091] The buggy address belongs to the object at ffff8881003a2a00
[   24.167091]  which belongs to the cache kmalloc-256 of size 256
[   24.168260] The buggy address is located 5 bytes to the right of
[   24.168260]  allocated 235-byte region [ffff8881003a2a00, ffff8881003a2aeb)
[   24.169413] 
[   24.169671] The buggy address belongs to the physical page:
[   24.170332] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a2
[   24.171229] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.172051] flags: 0x200000000000040(head|node=0|zone=2)
[   24.172792] page_type: f5(slab)
[   24.173706] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.174691] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.175524] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.176167] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   24.176801] head: 0200000000000001 ffffea000400e881 ffffffffffffffff 0000000000000000
[   24.177312] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   24.178497] page dumped because: kasan: bad access detected
[   24.178917] 
[   24.179428] Memory state around the buggy address:
[   24.179783]  ffff8881003a2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.181243]  ffff8881003a2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.181894] >ffff8881003a2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.182592]                                                              ^
[   24.183706]  ffff8881003a2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.185378]  ffff8881003a2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.186454] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pPrWzZCaknSLHWPXWgqldRCWId

job_id

TEST:linaro@lkft#2pPrbhaVR3ariJUhOI7IYbIBUdI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pPrbhaVR3ariJUhOI7IYbIBUdI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrYqhbLSrtk8tmKdo61CYQmn7/bzImage
sha256sum	bc7020f6c9906b0c5d6906e81b0f41206db7445f5dae748cf179d16decb29c87

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrYqhbLSrtk8tmKdo61CYQmn7/modules.tar.xz
sha256sum	e54cf87147493578594c767c66018773df97ab776c89d3f19e69e678f47aed9d

durations

tests

boot	322.07
kunit	429.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit