lkft/linux-next-master - next-20241128 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

Nov. 28, 2024, 2:36 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.814799] ==================================================================
[   29.816550] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   29.817426] Write of size 1 at addr fff00000c61a20f0 by task kunit_try_catch/144
[   29.818256] 
[   29.818683] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.819942] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.820613] Hardware name: linux,dummy-virt (DT)
[   29.821157] Call trace:
[   29.821545]  show_stack+0x20/0x38 (C)
[   29.822031]  dump_stack_lvl+0x8c/0xd0
[   29.822650]  print_report+0x118/0x5e0
[   29.823176]  kasan_report+0xc8/0x118
[   29.823771]  __asan_report_store1_noabort+0x20/0x30
[   29.824746]  krealloc_more_oob_helper+0x5c8/0x680
[   29.826052]  krealloc_more_oob+0x20/0x38
[   29.826649]  kunit_try_run_case+0x14c/0x3d0
[   29.827292]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.827967]  kthread+0x24c/0x2d0
[   29.828583]  ret_from_fork+0x10/0x20
[   29.829511] 
[   29.829856] Allocated by task 144:
[   29.830344]  kasan_save_stack+0x3c/0x68
[   29.830968]  kasan_save_track+0x20/0x40
[   29.831559]  kasan_save_alloc_info+0x40/0x58
[   29.832181]  __kasan_krealloc+0x118/0x178
[   29.832703]  krealloc_noprof+0x128/0x360
[   29.833369]  krealloc_more_oob_helper+0x168/0x680
[   29.834764]  krealloc_more_oob+0x20/0x38
[   29.835494]  kunit_try_run_case+0x14c/0x3d0
[   29.836231]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.837107]  kthread+0x24c/0x2d0
[   29.837835]  ret_from_fork+0x10/0x20
[   29.838302] 
[   29.838607] The buggy address belongs to the object at fff00000c61a2000
[   29.838607]  which belongs to the cache kmalloc-256 of size 256
[   29.840312] The buggy address is located 5 bytes to the right of
[   29.840312]  allocated 235-byte region [fff00000c61a2000, fff00000c61a20eb)
[   29.841994] 
[   29.842402] The buggy address belongs to the physical page:
[   29.843657] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a2
[   29.844719] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.845731] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.846739] page_type: f5(slab)
[   29.847217] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.848103] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.849795] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.850569] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.851448] head: 0bfffe0000000001 ffffc1ffc3186881 ffffffffffffffff 0000000000000000
[   29.852327] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.853192] page dumped because: kasan: bad access detected
[   29.854204] 
[   29.854564] Memory state around the buggy address:
[   29.855191]  fff00000c61a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.855917]  fff00000c61a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.856819] >fff00000c61a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.858299]                                                              ^
[   29.859054]  fff00000c61a2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.859862]  fff00000c61a2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.860665] ==================================================================
[   29.768598] ==================================================================
[   29.770253] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   29.771161] Write of size 1 at addr fff00000c61a20eb by task kunit_try_catch/144
[   29.771901] 
[   29.772362] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   29.773692] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.774720] Hardware name: linux,dummy-virt (DT)
[   29.775367] Call trace:
[   29.775685]  show_stack+0x20/0x38 (C)
[   29.776140]  dump_stack_lvl+0x8c/0xd0
[   29.776665]  print_report+0x118/0x5e0
[   29.777458]  kasan_report+0xc8/0x118
[   29.778720]  __asan_report_store1_noabort+0x20/0x30
[   29.779468]  krealloc_more_oob_helper+0x614/0x680
[   29.780091]  krealloc_more_oob+0x20/0x38
[   29.780629]  kunit_try_run_case+0x14c/0x3d0
[   29.781558]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.782263]  kthread+0x24c/0x2d0
[   29.782824]  ret_from_fork+0x10/0x20
[   29.783369] 
[   29.783746] Allocated by task 144:
[   29.784316]  kasan_save_stack+0x3c/0x68
[   29.784888]  kasan_save_track+0x20/0x40
[   29.786212]  kasan_save_alloc_info+0x40/0x58
[   29.786833]  __kasan_krealloc+0x118/0x178
[   29.787465]  krealloc_noprof+0x128/0x360
[   29.788026]  krealloc_more_oob_helper+0x168/0x680
[   29.788731]  krealloc_more_oob+0x20/0x38
[   29.789281]  kunit_try_run_case+0x14c/0x3d0
[   29.790310]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.790938]  kthread+0x24c/0x2d0
[   29.791524]  ret_from_fork+0x10/0x20
[   29.792086] 
[   29.792491] The buggy address belongs to the object at fff00000c61a2000
[   29.792491]  which belongs to the cache kmalloc-256 of size 256
[   29.794473] The buggy address is located 0 bytes to the right of
[   29.794473]  allocated 235-byte region [fff00000c61a2000, fff00000c61a20eb)
[   29.795787] 
[   29.796175] The buggy address belongs to the physical page:
[   29.796763] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a2
[   29.797670] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.798928] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.799759] page_type: f5(slab)
[   29.800332] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.801387] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.802157] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.802928] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   29.804190] head: 0bfffe0000000001 ffffc1ffc3186881 ffffffffffffffff 0000000000000000
[   29.804877] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   29.806056] page dumped because: kasan: bad access detected
[   29.806698] 
[   29.807034] Memory state around the buggy address:
[   29.807526]  fff00000c61a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.808394]  fff00000c61a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.809102] >fff00000c61a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.810066]                                                           ^
[   29.810778]  fff00000c61a2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.811943]  fff00000c61a2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.812828] ==================================================================
[   30.096251] ==================================================================
[   30.097650] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   30.098555] Write of size 1 at addr fff00000c65260eb by task kunit_try_catch/148
[   30.099180] 
[   30.099562] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.100606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.102009] Hardware name: linux,dummy-virt (DT)
[   30.102658] Call trace:
[   30.103188]  show_stack+0x20/0x38 (C)
[   30.103867]  dump_stack_lvl+0x8c/0xd0
[   30.104596]  print_report+0x118/0x5e0
[   30.105315]  kasan_report+0xc8/0x118
[   30.106096]  __asan_report_store1_noabort+0x20/0x30
[   30.106759]  krealloc_more_oob_helper+0x614/0x680
[   30.107374]  krealloc_large_more_oob+0x20/0x38
[   30.107938]  kunit_try_run_case+0x14c/0x3d0
[   30.108454]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.109276]  kthread+0x24c/0x2d0
[   30.110524]  ret_from_fork+0x10/0x20
[   30.111232] 
[   30.111618] The buggy address belongs to the physical page:
[   30.112324] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106524
[   30.113153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.114354] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.115219] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.116053] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.117263] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.117947] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.118753] head: 0bfffe0000000002 ffffc1ffc3194901 ffffffffffffffff 0000000000000000
[   30.119511] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.120813] page dumped because: kasan: bad access detected
[   30.121905] 
[   30.122279] Memory state around the buggy address:
[   30.122993]  fff00000c6525f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.123646]  fff00000c6526000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.124000] >fff00000c6526080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.124608]                                                           ^
[   30.125509]  fff00000c6526100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.126197]  fff00000c6526180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.127689] ==================================================================
[   30.130476] ==================================================================
[   30.131051] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   30.131922] Write of size 1 at addr fff00000c65260f0 by task kunit_try_catch/148
[   30.132830] 
[   30.133902] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   30.136032] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.136597] Hardware name: linux,dummy-virt (DT)
[   30.137574] Call trace:
[   30.138017]  show_stack+0x20/0x38 (C)
[   30.138615]  dump_stack_lvl+0x8c/0xd0
[   30.139475]  print_report+0x118/0x5e0
[   30.140352]  kasan_report+0xc8/0x118
[   30.140846]  __asan_report_store1_noabort+0x20/0x30
[   30.141551]  krealloc_more_oob_helper+0x5c8/0x680
[   30.142551]  krealloc_large_more_oob+0x20/0x38
[   30.143199]  kunit_try_run_case+0x14c/0x3d0
[   30.143814]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.144550]  kthread+0x24c/0x2d0
[   30.145157]  ret_from_fork+0x10/0x20
[   30.146453] 
[   30.146842] The buggy address belongs to the physical page:
[   30.147453] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106524
[   30.148424] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.149625] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.150546] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.151284] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.152006] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.153625] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.154863] head: 0bfffe0000000002 ffffc1ffc3194901 ffffffffffffffff 0000000000000000
[   30.155832] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   30.156738] page dumped because: kasan: bad access detected
[   30.157819] 
[   30.158152] Memory state around the buggy address:
[   30.158792]  fff00000c6525f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.159410]  fff00000c6526000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.160244] >fff00000c6526080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.161193]                                                              ^
[   30.162224]  fff00000c6526100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.163354]  fff00000c6526180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.164224] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pSZJzQkkhJpt8WfFKMypNz4Dl1

job_id

TEST:linaro@lkft#2pSZOtFxfGeoQdbU0KjZZzPdVXj

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pSZOtFxfGeoQdbU0KjZZzPdVXj

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZLRIQFIoJdmNCL0bXHD2kaAs/Image.gz
sha256sum	5fba9bc6d13080f2ce21eb4cc1407335048dfebed92a49e3dc8085a23ecc09c5

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZLRIQFIoJdmNCL0bXHD2kaAs/modules.tar.xz
sha256sum	906bdfa17aa539e8cf2e1a21f8eaef876840979765c77cebe6145023f8479733

durations

tests

boot	379.90
kunit	461.69

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   20.946302] ==================================================================
[   20.947115] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   20.948028] Write of size 1 at addr ffff888102bba0f0 by task kunit_try_catch/168
[   20.949798] 
[   20.950071] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.951863] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.952815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.954380] Call Trace:
[   20.954834]  <TASK>
[   20.955286]  dump_stack_lvl+0x73/0xb0
[   20.956042]  print_report+0xd1/0x640
[   20.956841]  ? __virt_addr_valid+0x1db/0x2d0
[   20.957438]  ? kasan_addr_to_slab+0x11/0xa0
[   20.957896]  kasan_report+0x102/0x140
[   20.958430]  ? krealloc_more_oob_helper+0x7ed/0x930
[   20.959009]  ? krealloc_more_oob_helper+0x7ed/0x930
[   20.959985]  __asan_report_store1_noabort+0x1b/0x30
[   20.960369]  krealloc_more_oob_helper+0x7ed/0x930
[   20.960862]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   20.961638]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.962576]  ? ktime_get_ts64+0xbf/0x230
[   20.963029]  ? __pfx_read_tsc+0x10/0x10
[   20.963507]  krealloc_large_more_oob+0x1c/0x30
[   20.963788]  kunit_try_run_case+0x1b3/0x490
[   20.964587]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.965586]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.966276]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.966699]  ? __kthread_parkme+0x82/0x160
[   20.967792]  ? preempt_count_sub+0x50/0x80
[   20.968665]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.969202]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.969693]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.970308]  kthread+0x257/0x310
[   20.971051]  ? __pfx_kthread+0x10/0x10
[   20.971987]  ret_from_fork+0x41/0x80
[   20.972885]  ? __pfx_kthread+0x10/0x10
[   20.973367]  ret_from_fork_asm+0x1a/0x30
[   20.974095]  </TASK>
[   20.974444] 
[   20.975021] The buggy address belongs to the physical page:
[   20.975627] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   20.976421] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.977558] flags: 0x200000000000040(head|node=0|zone=2)
[   20.978227] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.978944] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.979843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.981059] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.981874] head: 0200000000000002 ffffea00040aee01 ffffffffffffffff 0000000000000000
[   20.982787] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   20.983676] page dumped because: kasan: bad access detected
[   20.984410] 
[   20.984627] Memory state around the buggy address:
[   20.985766]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.986516]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.987528] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   20.988162]                                                              ^
[   20.989632]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.990275]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.991329] ==================================================================
[   20.899755] ==================================================================
[   20.900996] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   20.901656] Write of size 1 at addr ffff888102bba0eb by task kunit_try_catch/168
[   20.902309] 
[   20.902867] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.904464] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.904886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.905620] Call Trace:
[   20.905853]  <TASK>
[   20.906148]  dump_stack_lvl+0x73/0xb0
[   20.906989]  print_report+0xd1/0x640
[   20.907768]  ? __virt_addr_valid+0x1db/0x2d0
[   20.908433]  ? kasan_addr_to_slab+0x11/0xa0
[   20.909085]  kasan_report+0x102/0x140
[   20.909620]  ? krealloc_more_oob_helper+0x823/0x930
[   20.910077]  ? krealloc_more_oob_helper+0x823/0x930
[   20.910814]  __asan_report_store1_noabort+0x1b/0x30
[   20.911553]  krealloc_more_oob_helper+0x823/0x930
[   20.911954]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   20.912740]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.913444]  ? ktime_get_ts64+0xbf/0x230
[   20.913895]  ? __pfx_read_tsc+0x10/0x10
[   20.914369]  krealloc_large_more_oob+0x1c/0x30
[   20.914826]  kunit_try_run_case+0x1b3/0x490
[   20.915277]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.916004]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.916935]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.918009]  ? __kthread_parkme+0x82/0x160
[   20.918743]  ? preempt_count_sub+0x50/0x80
[   20.919229]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.919840]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.920325]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.921252]  kthread+0x257/0x310
[   20.921716]  ? __pfx_kthread+0x10/0x10
[   20.922058]  ret_from_fork+0x41/0x80
[   20.922642]  ? __pfx_kthread+0x10/0x10
[   20.923035]  ret_from_fork_asm+0x1a/0x30
[   20.923783]  </TASK>
[   20.923982] 
[   20.924139] The buggy address belongs to the physical page:
[   20.924700] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   20.925764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.926632] flags: 0x200000000000040(head|node=0|zone=2)
[   20.927902] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.929210] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.930602] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   20.932038] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   20.932727] head: 0200000000000002 ffffea00040aee01 ffffffffffffffff 0000000000000000
[   20.934029] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   20.934956] page dumped because: kasan: bad access detected
[   20.935629] 
[   20.935832] Memory state around the buggy address:
[   20.936397]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.938120]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.939144] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   20.940011]                                                           ^
[   20.940884]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.942481]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.943895] ==================================================================
[   20.570027] ==================================================================
[   20.570677] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   20.571808] Write of size 1 at addr ffff8881003a1ef0 by task kunit_try_catch/164
[   20.572581] 
[   20.572880] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.574375] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.574840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.575939] Call Trace:
[   20.576427]  <TASK>
[   20.576912]  dump_stack_lvl+0x73/0xb0
[   20.577746]  print_report+0xd1/0x640
[   20.578326]  ? __virt_addr_valid+0x1db/0x2d0
[   20.579089]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.580126]  kasan_report+0x102/0x140
[   20.580489]  ? krealloc_more_oob_helper+0x7ed/0x930
[   20.581063]  ? krealloc_more_oob_helper+0x7ed/0x930
[   20.581915]  __asan_report_store1_noabort+0x1b/0x30
[   20.582382]  krealloc_more_oob_helper+0x7ed/0x930
[   20.583363]  ? __schedule+0xc3e/0x2790
[   20.584036]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.584963]  ? finish_task_switch.isra.0+0x153/0x700
[   20.585732]  ? __switch_to+0x5d9/0xf60
[   20.586604]  ? __schedule+0xc3e/0x2790
[   20.586920]  ? __pfx_read_tsc+0x10/0x10
[   20.587250]  krealloc_more_oob+0x1c/0x30
[   20.587711]  kunit_try_run_case+0x1b3/0x490
[   20.588155]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.588685]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.589060]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.589625]  ? __kthread_parkme+0x82/0x160
[   20.590038]  ? preempt_count_sub+0x50/0x80
[   20.590478]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.591028]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.592141]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.592939]  kthread+0x257/0x310
[   20.593555]  ? __pfx_kthread+0x10/0x10
[   20.593905]  ret_from_fork+0x41/0x80
[   20.594388]  ? __pfx_kthread+0x10/0x10
[   20.594844]  ret_from_fork_asm+0x1a/0x30
[   20.595770]  </TASK>
[   20.596139] 
[   20.596498] Allocated by task 164:
[   20.596770]  kasan_save_stack+0x3d/0x60
[   20.597156]  kasan_save_track+0x18/0x40
[   20.597663]  kasan_save_alloc_info+0x3b/0x50
[   20.598101]  __kasan_krealloc+0x190/0x1f0
[   20.598422]  krealloc_noprof+0xf3/0x340
[   20.598876]  krealloc_more_oob_helper+0x1aa/0x930
[   20.599712]  krealloc_more_oob+0x1c/0x30
[   20.600029]  kunit_try_run_case+0x1b3/0x490
[   20.600632]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.601385]  kthread+0x257/0x310
[   20.601787]  ret_from_fork+0x41/0x80
[   20.602302]  ret_from_fork_asm+0x1a/0x30
[   20.602770] 
[   20.602999] The buggy address belongs to the object at ffff8881003a1e00
[   20.602999]  which belongs to the cache kmalloc-256 of size 256
[   20.604280] The buggy address is located 5 bytes to the right of
[   20.604280]  allocated 235-byte region [ffff8881003a1e00, ffff8881003a1eeb)
[   20.605672] 
[   20.605831] The buggy address belongs to the physical page:
[   20.606303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   20.607123] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.608149] flags: 0x200000000000040(head|node=0|zone=2)
[   20.608820] page_type: f5(slab)
[   20.609379] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.610050] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.610694] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.611276] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.611932] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   20.612810] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.613613] page dumped because: kasan: bad access detected
[   20.614275] 
[   20.614510] Memory state around the buggy address:
[   20.614889]  ffff8881003a1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.615726]  ffff8881003a1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.616773] >ffff8881003a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   20.617574]                                                              ^
[   20.618222]  ffff8881003a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.618878]  ffff8881003a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.619436] ==================================================================
[   20.519776] ==================================================================
[   20.521476] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   20.522251] Write of size 1 at addr ffff8881003a1eeb by task kunit_try_catch/164
[   20.523756] 
[   20.524330] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241128 #1
[   20.525293] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.525846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.526652] Call Trace:
[   20.526915]  <TASK>
[   20.527214]  dump_stack_lvl+0x73/0xb0
[   20.528154]  print_report+0xd1/0x640
[   20.528606]  ? __virt_addr_valid+0x1db/0x2d0
[   20.529010]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.529802]  kasan_report+0x102/0x140
[   20.530016]  ? krealloc_more_oob_helper+0x823/0x930
[   20.530735]  ? krealloc_more_oob_helper+0x823/0x930
[   20.531860]  __asan_report_store1_noabort+0x1b/0x30
[   20.532236]  krealloc_more_oob_helper+0x823/0x930
[   20.532692]  ? __schedule+0xc3e/0x2790
[   20.533072]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.534224]  ? finish_task_switch.isra.0+0x153/0x700
[   20.534709]  ? __switch_to+0x5d9/0xf60
[   20.535157]  ? __schedule+0xc3e/0x2790
[   20.535661]  ? __pfx_read_tsc+0x10/0x10
[   20.536033]  krealloc_more_oob+0x1c/0x30
[   20.536756]  kunit_try_run_case+0x1b3/0x490
[   20.537690]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.538395]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   20.538960]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.539515]  ? __kthread_parkme+0x82/0x160
[   20.539988]  ? preempt_count_sub+0x50/0x80
[   20.540579]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.540983]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.541796]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.542335]  kthread+0x257/0x310
[   20.542758]  ? __pfx_kthread+0x10/0x10
[   20.543058]  ret_from_fork+0x41/0x80
[   20.543530]  ? __pfx_kthread+0x10/0x10
[   20.543980]  ret_from_fork_asm+0x1a/0x30
[   20.544516]  </TASK>
[   20.544829] 
[   20.545062] Allocated by task 164:
[   20.545914]  kasan_save_stack+0x3d/0x60
[   20.546524]  kasan_save_track+0x18/0x40
[   20.546981]  kasan_save_alloc_info+0x3b/0x50
[   20.547755]  __kasan_krealloc+0x190/0x1f0
[   20.548200]  krealloc_noprof+0xf3/0x340
[   20.548728]  krealloc_more_oob_helper+0x1aa/0x930
[   20.549286]  krealloc_more_oob+0x1c/0x30
[   20.549659]  kunit_try_run_case+0x1b3/0x490
[   20.550129]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.550679]  kthread+0x257/0x310
[   20.551023]  ret_from_fork+0x41/0x80
[   20.551793]  ret_from_fork_asm+0x1a/0x30
[   20.552279] 
[   20.552565] The buggy address belongs to the object at ffff8881003a1e00
[   20.552565]  which belongs to the cache kmalloc-256 of size 256
[   20.553715] The buggy address is located 0 bytes to the right of
[   20.553715]  allocated 235-byte region [ffff8881003a1e00, ffff8881003a1eeb)
[   20.554668] 
[   20.554866] The buggy address belongs to the physical page:
[   20.555458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   20.556003] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.557026] flags: 0x200000000000040(head|node=0|zone=2)
[   20.557714] page_type: f5(slab)
[   20.558001] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.558906] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.559687] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.560724] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   20.561319] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   20.562002] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   20.562569] page dumped because: kasan: bad access detected
[   20.563139] 
[   20.563475] Memory state around the buggy address:
[   20.563908]  ffff8881003a1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.564864]  ffff8881003a1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.565709] >ffff8881003a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   20.566396]                                                           ^
[   20.566966]  ffff8881003a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.567617]  ffff8881003a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.568180] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pSZJzQkkhJpt8WfFKMypNz4Dl1

job_id

TEST:linaro@lkft#2pSZPewjT2orEVcwbDqECJPoQkA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pSZPewjT2orEVcwbDqECJPoQkA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZMjfLmjiaWH7XKoeoQxm7E9X/bzImage
sha256sum	2f0a09feefd5994ed265072fbad4eb4d4b5bdd155e48621279515fda0e903117

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pSZMjfLmjiaWH7XKoeoQxm7E9X/modules.tar.xz
sha256sum	db73eb0ad23fd8381a84f10d613eb35ef43355fa02ba6a51820b18aa895161ad

durations

tests

boot	322.83
kunit	412.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit