lkft/linux-stable-rc-linux-6.6.y - v6.6.74-439-g3b8d2f9dc632 - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

Feb. 5, 2025, 2:09 p.m.

Environment
qemu-armv7
qemu-x86_64

[  144.884932] ==================================================================
[  144.886026] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x144/0x384
[  144.886871] Write of size 1 at addr c4ffe0eb by task kunit_try_catch/133
[  144.887652] 
[  144.887907] CPU: 0 PID: 133 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  144.888545] Hardware name: Generic DT based system
[  144.889048]  unwind_backtrace from show_stack+0x18/0x1c
[  144.889929]  show_stack from dump_stack_lvl+0x58/0x70
[  144.890795]  dump_stack_lvl from print_report+0x164/0x51c
[  144.891626]  print_report from kasan_report+0xc8/0x104
[  144.892415]  kasan_report from krealloc_more_oob_helper+0x144/0x384
[  144.893313]  krealloc_more_oob_helper from kunit_try_run_case+0x11c/0x2e4
[  144.894265]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.895311]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  144.896233]  kthread from ret_from_fork+0x14/0x30
[  144.896907] Exception stack(0xf9f33fb0 to 0xf9f33ff8)
[  144.897607] 3fa0:                                     00000000 00000000 00000000 00000000
[  144.898688] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  144.899671] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  144.900426] 
[  144.900732] The buggy address belongs to the physical page:
[  144.901449] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc
[  144.902431] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  144.903343] flags: 0x40(head|zone=0)
[  144.903925] page_type: 0xffffffff()
[  144.904485] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
[  144.905486] raw: 00000000
[  144.905947] page dumped because: kasan: bad access detected
[  144.906690] 
[  144.907081] Memory state around the buggy address:
[  144.907676]  c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.908492]  c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.909445] >c4ffe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[  144.910324]                                                   ^
[  144.911022]  c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  144.911859]  c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  144.912611] ==================================================================
[  144.643293] ==================================================================
[  144.644020] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x180/0x384
[  144.644806] Write of size 1 at addr c4c17af0 by task kunit_try_catch/129
[  144.645484] 
[  144.645747] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  144.646682] Hardware name: Generic DT based system
[  144.647416]  unwind_backtrace from show_stack+0x18/0x1c
[  144.648147]  show_stack from dump_stack_lvl+0x58/0x70
[  144.648987]  dump_stack_lvl from print_report+0x164/0x51c
[  144.649793]  print_report from kasan_report+0xc8/0x104
[  144.650534]  kasan_report from krealloc_more_oob_helper+0x180/0x384
[  144.651570]  krealloc_more_oob_helper from kunit_try_run_case+0x11c/0x2e4
[  144.652471]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.653487]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  144.654463]  kthread from ret_from_fork+0x14/0x30
[  144.655105] Exception stack(0xf9f13fb0 to 0xf9f13ff8)
[  144.655876] 3fa0:                                     00000000 00000000 00000000 00000000
[  144.657314] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  144.658363] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  144.659172] 
[  144.659440] Allocated by task 129:
[  144.659835]  kasan_set_track+0x3c/0x5c
[  144.660518]  __kasan_krealloc+0xe0/0x104
[  144.661041]  krealloc+0xd4/0x134
[  144.661487]  krealloc_more_oob_helper+0xd4/0x384
[  144.662195]  kunit_try_run_case+0x11c/0x2e4
[  144.662916]  kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.663639]  kthread+0x184/0x1a8
[  144.664295]  ret_from_fork+0x14/0x30
[  144.664721] 
[  144.664966] The buggy address belongs to the object at c4c17a00
[  144.664966]  which belongs to the cache kmalloc-256 of size 256
[  144.666322] The buggy address is located 5 bytes to the right of
[  144.666322]  allocated 235-byte region [c4c17a00, c4c17aeb)
[  144.667489] 
[  144.667784] The buggy address belongs to the physical page:
[  144.668440] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16
[  144.669333] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  144.670189] flags: 0x840(slab|head|zone=0)
[  144.670865] page_type: 0xffffffff()
[  144.671392] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001
[  144.672132] raw: 00000000
[  144.672562] page dumped because: kasan: bad access detected
[  144.673162] 
[  144.673476] Memory state around the buggy address:
[  144.674176]  c4c17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.674866]  c4c17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.676385] >c4c17a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[  144.677472]                                                      ^
[  144.678189]  c4c17b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.678899]  c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.679636] ==================================================================
[  144.916432] ==================================================================
[  144.917160] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x180/0x384
[  144.918192] Write of size 1 at addr c4ffe0f0 by task kunit_try_catch/133
[  144.918950] 
[  144.919323] CPU: 0 PID: 133 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  144.920328] Hardware name: Generic DT based system
[  144.921069]  unwind_backtrace from show_stack+0x18/0x1c
[  144.921915]  show_stack from dump_stack_lvl+0x58/0x70
[  144.922644]  dump_stack_lvl from print_report+0x164/0x51c
[  144.923401]  print_report from kasan_report+0xc8/0x104
[  144.924206]  kasan_report from krealloc_more_oob_helper+0x180/0x384
[  144.925038]  krealloc_more_oob_helper from kunit_try_run_case+0x11c/0x2e4
[  144.925936]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.927537]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  144.928661]  kthread from ret_from_fork+0x14/0x30
[  144.929514] Exception stack(0xf9f33fb0 to 0xf9f33ff8)
[  144.930319] 3fa0:                                     00000000 00000000 00000000 00000000
[  144.931416] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  144.932329] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  144.932968] 
[  144.933291] The buggy address belongs to the physical page:
[  144.933946] page:a8595845 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44ffc
[  144.935000] head:a8595845 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  144.935756] flags: 0x40(head|zone=0)
[  144.936234] page_type: 0xffffffff()
[  144.936701] raw: 00000040 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
[  144.937710] raw: 00000000
[  144.938041] page dumped because: kasan: bad access detected
[  144.938596] 
[  144.938949] Memory state around the buggy address:
[  144.939515]  c4ffdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.940409]  c4ffe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.941154] >c4ffe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[  144.941973]                                                      ^
[  144.942658]  c4ffe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  144.943556]  c4ffe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  144.944250] ==================================================================
[  144.603642] ==================================================================
[  144.604720] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x144/0x384
[  144.605523] Write of size 1 at addr c4c17aeb by task kunit_try_catch/129
[  144.607211] 
[  144.607428] CPU: 0 PID: 129 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  144.608850] Hardware name: Generic DT based system
[  144.609360]  unwind_backtrace from show_stack+0x18/0x1c
[  144.610132]  show_stack from dump_stack_lvl+0x58/0x70
[  144.610810]  dump_stack_lvl from print_report+0x164/0x51c
[  144.611621]  print_report from kasan_report+0xc8/0x104
[  144.612342]  kasan_report from krealloc_more_oob_helper+0x144/0x384
[  144.613155]  krealloc_more_oob_helper from kunit_try_run_case+0x11c/0x2e4
[  144.613993]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.615039]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  144.616211]  kthread from ret_from_fork+0x14/0x30
[  144.616950] Exception stack(0xf9f13fb0 to 0xf9f13ff8)
[  144.617709] 3fa0:                                     00000000 00000000 00000000 00000000
[  144.619004] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  144.619923] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  144.620633] 
[  144.620888] Allocated by task 129:
[  144.621361]  kasan_set_track+0x3c/0x5c
[  144.621894]  __kasan_krealloc+0xe0/0x104
[  144.622493]  krealloc+0xd4/0x134
[  144.622982]  krealloc_more_oob_helper+0xd4/0x384
[  144.623606]  kunit_try_run_case+0x11c/0x2e4
[  144.624232]  kunit_generic_run_threadfn_adapter+0x2c/0x48
[  144.624890]  kthread+0x184/0x1a8
[  144.625326]  ret_from_fork+0x14/0x30
[  144.625994] 
[  144.626227] The buggy address belongs to the object at c4c17a00
[  144.626227]  which belongs to the cache kmalloc-256 of size 256
[  144.627347] The buggy address is located 0 bytes to the right of
[  144.627347]  allocated 235-byte region [c4c17a00, c4c17aeb)
[  144.628604] 
[  144.628832] The buggy address belongs to the physical page:
[  144.629511] page:17c33a57 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44c16
[  144.630447] head:17c33a57 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  144.631330] flags: 0x840(slab|head|zone=0)
[  144.631910] page_type: 0xffffffff()
[  144.632369] raw: 00000840 c4801500 00000122 00000000 00000000 80100010 ffffffff 00000001
[  144.633321] raw: 00000000
[  144.633645] page dumped because: kasan: bad access detected
[  144.634222] 
[  144.634514] Memory state around the buggy address:
[  144.634997]  c4c17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.635820]  c4c17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  144.636952] >c4c17a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[  144.637884]                                                   ^
[  144.638494]  c4c17b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.639340]  c4c17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  144.640118] ==================================================================

KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm

host

x86_64

plan

2scp7HAa1iha7YmHo9amhA3Zoaf

job_id

TEST:linaro@lkft#2scp9k2bMdaR9RzmxSdU4Pagt3S

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2scp9k2bMdaR9RzmxSdU4Pagt3S

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp80kdCynaiME265k0tflex3j/zImage
sha256sum	2ec0ad9e2c9c2a4a4d852abc0ba0a8de660b638bffa2adf05b0d4ec1199ca51d

rootfs

url	https://storage.tuxboot.com/debian/trixie/armhf/rootfs.ext4.xz
sha256sum	9cdae70185dbd487a97d6a7cfe02264669ba7f0f2427339a41193144fc3b80f5

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp80kdCynaiME265k0tflex3j/modules.tar.xz
sha256sum	25e9e1313a1787688855986fbd16429047905ad40c6c4b2cc2846722c6dc88e9

durations

tests

boot	1797.00
kunit	0

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.0+ds-2

[   47.144519] ==================================================================
[   47.145166] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1bb/0x3b0
[   47.146850] Write of size 1 at addr ffff8881028576f0 by task kunit_try_catch/152
[   47.147830] 
[   47.148169] CPU: 1 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   47.149541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.150813] Call Trace:
[   47.151105]  <TASK>
[   47.151471]  dump_stack_lvl+0x4e/0x90
[   47.152436]  print_report+0xd2/0x660
[   47.153079]  ? __virt_addr_valid+0x156/0x1e0
[   47.153691]  ? kasan_complete_mode_report_info+0x2a/0x200
[   47.154472]  kasan_report+0xff/0x140
[   47.155128]  ? krealloc_more_oob_helper+0x1bb/0x3b0
[   47.155675]  ? krealloc_more_oob_helper+0x1bb/0x3b0
[   47.156818]  __asan_store1+0x69/0x70
[   47.157386]  krealloc_more_oob_helper+0x1bb/0x3b0
[   47.158068]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   47.158771]  ? finish_task_switch.isra.0+0xc8/0x3e0
[   47.159454]  ? __schedule+0x70b/0x1190
[   47.159881]  ? ktime_get_ts64+0x118/0x140
[   47.160622]  krealloc_more_oob+0x1c/0x30
[   47.161237]  kunit_try_run_case+0x126/0x290
[   47.161850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.162453]  ? __kasan_check_write+0x18/0x20
[   47.163632]  ? trace_preempt_on+0x20/0xa0
[   47.164439]  ? __kthread_parkme+0x4f/0xd0
[   47.165222]  ? preempt_count_sub+0x50/0x80
[   47.165793]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.166654]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   47.167484]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.168333]  kthread+0x19e/0x1e0
[   47.168920]  ? __pfx_kthread+0x10/0x10
[   47.169664]  ret_from_fork+0x41/0x70
[   47.170426]  ? __pfx_kthread+0x10/0x10
[   47.170911]  ret_from_fork_asm+0x1b/0x30
[   47.171609]  </TASK>
[   47.172363] 
[   47.172583] Allocated by task 152:
[   47.173411]  kasan_save_stack+0x3c/0x60
[   47.173945]  kasan_set_track+0x29/0x40
[   47.174788]  kasan_save_alloc_info+0x22/0x30
[   47.175820]  __kasan_krealloc+0x12f/0x180
[   47.176344]  krealloc+0xc1/0x140
[   47.176717]  krealloc_more_oob_helper+0xe2/0x3b0
[   47.177223]  krealloc_more_oob+0x1c/0x30
[   47.177645]  kunit_try_run_case+0x126/0x290
[   47.178639]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.179857]  kthread+0x19e/0x1e0
[   47.180376]  ret_from_fork+0x41/0x70
[   47.180882]  ret_from_fork_asm+0x1b/0x30
[   47.181409] 
[   47.181678] The buggy address belongs to the object at ffff888102857600
[   47.181678]  which belongs to the cache kmalloc-256 of size 256
[   47.183858] The buggy address is located 5 bytes to the right of
[   47.183858]  allocated 235-byte region [ffff888102857600, ffff8881028576eb)
[   47.185235] 
[   47.185515] The buggy address belongs to the physical page:
[   47.186399] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856
[   47.187653] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.188688] flags: 0x200000000000840(slab|head|node=0|zone=2)
[   47.189571] page_type: 0xffffffff()
[   47.190330] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000
[   47.191604] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   47.192420] page dumped because: kasan: bad access detected
[   47.193006] 
[   47.193270] Memory state around the buggy address:
[   47.193671]  ffff888102857580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.195099]  ffff888102857600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.195864] >ffff888102857680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   47.196472]                                                              ^
[   47.197133]  ffff888102857700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.197788]  ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.198463] ==================================================================
[   47.093606] ==================================================================
[   47.094309] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x179/0x3b0
[   47.094668] Write of size 1 at addr ffff8881028576eb by task kunit_try_catch/152
[   47.095002] 
[   47.095137] CPU: 1 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   47.095498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.096164] Call Trace:
[   47.096545]  <TASK>
[   47.096887]  dump_stack_lvl+0x4e/0x90
[   47.097428]  print_report+0xd2/0x660
[   47.098639]  ? __virt_addr_valid+0x156/0x1e0
[   47.099551]  ? kasan_complete_mode_report_info+0x2a/0x200
[   47.100414]  kasan_report+0xff/0x140
[   47.100857]  ? krealloc_more_oob_helper+0x179/0x3b0
[   47.101770]  ? krealloc_more_oob_helper+0x179/0x3b0
[   47.102801]  __asan_store1+0x69/0x70
[   47.103466]  krealloc_more_oob_helper+0x179/0x3b0
[   47.104399]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   47.105087]  ? finish_task_switch.isra.0+0xc8/0x3e0
[   47.105800]  ? __schedule+0x70b/0x1190
[   47.106610]  ? ktime_get_ts64+0x118/0x140
[   47.107428]  krealloc_more_oob+0x1c/0x30
[   47.108001]  kunit_try_run_case+0x126/0x290
[   47.108566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.109485]  ? __kasan_check_write+0x18/0x20
[   47.110230]  ? trace_preempt_on+0x20/0xa0
[   47.110839]  ? __kthread_parkme+0x4f/0xd0
[   47.111453]  ? preempt_count_sub+0x50/0x80
[   47.111991]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.112588]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   47.113448]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.114372]  kthread+0x19e/0x1e0
[   47.114971]  ? __pfx_kthread+0x10/0x10
[   47.115692]  ret_from_fork+0x41/0x70
[   47.116352]  ? __pfx_kthread+0x10/0x10
[   47.116879]  ret_from_fork_asm+0x1b/0x30
[   47.117509]  </TASK>
[   47.117856] 
[   47.118145] Allocated by task 152:
[   47.118478]  kasan_save_stack+0x3c/0x60
[   47.119081]  kasan_set_track+0x29/0x40
[   47.119872]  kasan_save_alloc_info+0x22/0x30
[   47.120652]  __kasan_krealloc+0x12f/0x180
[   47.121176]  krealloc+0xc1/0x140
[   47.121635]  krealloc_more_oob_helper+0xe2/0x3b0
[   47.122315]  krealloc_more_oob+0x1c/0x30
[   47.123422]  kunit_try_run_case+0x126/0x290
[   47.124173]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.124805]  kthread+0x19e/0x1e0
[   47.125515]  ret_from_fork+0x41/0x70
[   47.126202]  ret_from_fork_asm+0x1b/0x30
[   47.126798] 
[   47.127026] The buggy address belongs to the object at ffff888102857600
[   47.127026]  which belongs to the cache kmalloc-256 of size 256
[   47.128668] The buggy address is located 0 bytes to the right of
[   47.128668]  allocated 235-byte region [ffff888102857600, ffff8881028576eb)
[   47.130251] 
[   47.130625] The buggy address belongs to the physical page:
[   47.131139] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102856
[   47.132647] head:(____ptrval____) order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.133546] flags: 0x200000000000840(slab|head|node=0|zone=2)
[   47.134018] page_type: 0xffffffff()
[   47.134696] raw: 0200000000000840 ffff888100041b40 dead000000000122 0000000000000000
[   47.135777] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   47.136514] page dumped because: kasan: bad access detected
[   47.137421] 
[   47.137796] Memory state around the buggy address:
[   47.138657]  ffff888102857580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.139610]  ffff888102857600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.140531] >ffff888102857680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   47.140998]                                                           ^
[   47.141666]  ffff888102857700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.142722]  ffff888102857780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.143355] ==================================================================
[   47.502423] ==================================================================
[   47.503542] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x179/0x3b0
[   47.504288] Write of size 1 at addr ffff88810256a0eb by task kunit_try_catch/156
[   47.505132] 
[   47.505449] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   47.506582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.507970] Call Trace:
[   47.508390]  <TASK>
[   47.508761]  dump_stack_lvl+0x4e/0x90
[   47.509373]  print_report+0xd2/0x660
[   47.510090]  ? __virt_addr_valid+0x156/0x1e0
[   47.510815]  ? kasan_addr_to_slab+0x11/0xb0
[   47.511699]  kasan_report+0xff/0x140
[   47.512525]  ? krealloc_more_oob_helper+0x179/0x3b0
[   47.513270]  ? krealloc_more_oob_helper+0x179/0x3b0
[   47.513937]  __asan_store1+0x69/0x70
[   47.514476]  krealloc_more_oob_helper+0x179/0x3b0
[   47.515383]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   47.515878]  ? finish_task_switch.isra.0+0xc8/0x3e0
[   47.516379]  ? __schedule+0x70b/0x1190
[   47.517299]  ? ktime_get_ts64+0x118/0x140
[   47.517885]  krealloc_pagealloc_more_oob+0x1c/0x30
[   47.518445]  kunit_try_run_case+0x126/0x290
[   47.519155]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.519624]  ? __kasan_check_write+0x18/0x20
[   47.520451]  ? trace_preempt_on+0x20/0xa0
[   47.521164]  ? __kthread_parkme+0x4f/0xd0
[   47.521790]  ? preempt_count_sub+0x50/0x80
[   47.522387]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.523242]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   47.524424]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.525278]  kthread+0x19e/0x1e0
[   47.525940]  ? __pfx_kthread+0x10/0x10
[   47.526291]  ret_from_fork+0x41/0x70
[   47.526849]  ? __pfx_kthread+0x10/0x10
[   47.528059]  ret_from_fork_asm+0x1b/0x30
[   47.528785]  </TASK>
[   47.529146] 
[   47.529526] The buggy address belongs to the physical page:
[   47.529973] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568
[   47.531144] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.532262] flags: 0x200000000000040(head|node=0|zone=2)
[   47.532694] page_type: 0xffffffff()
[   47.533354] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   47.534264] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.535083] page dumped because: kasan: bad access detected
[   47.535698] 
[   47.536680] Memory state around the buggy address:
[   47.537130]  ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.538053]  ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.538776] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   47.539544]                                                           ^
[   47.540289]  ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.541583]  ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.542413] ==================================================================
[   47.543884] ==================================================================
[   47.545186] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1bb/0x3b0
[   47.546287] Write of size 1 at addr ffff88810256a0f0 by task kunit_try_catch/156
[   47.547014] 
[   47.547327] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   47.548257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.549321] Call Trace:
[   47.549667]  <TASK>
[   47.550145]  dump_stack_lvl+0x4e/0x90
[   47.550819]  print_report+0xd2/0x660
[   47.551428]  ? __virt_addr_valid+0x156/0x1e0
[   47.552065]  ? kasan_addr_to_slab+0x11/0xb0
[   47.552758]  kasan_report+0xff/0x140
[   47.553457]  ? krealloc_more_oob_helper+0x1bb/0x3b0
[   47.554121]  ? krealloc_more_oob_helper+0x1bb/0x3b0
[   47.554549]  __asan_store1+0x69/0x70
[   47.555356]  krealloc_more_oob_helper+0x1bb/0x3b0
[   47.556135]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   47.556828]  ? finish_task_switch.isra.0+0xc8/0x3e0
[   47.557763]  ? __schedule+0x70b/0x1190
[   47.558534]  ? ktime_get_ts64+0x118/0x140
[   47.559171]  krealloc_pagealloc_more_oob+0x1c/0x30
[   47.559898]  kunit_try_run_case+0x126/0x290
[   47.560569]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.561278]  ? __kasan_check_write+0x18/0x20
[   47.561778]  ? trace_preempt_on+0x20/0xa0
[   47.562314]  ? __kthread_parkme+0x4f/0xd0
[   47.562954]  ? preempt_count_sub+0x50/0x80
[   47.563790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   47.564294]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   47.565079]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   47.565887]  kthread+0x19e/0x1e0
[   47.566289]  ? __pfx_kthread+0x10/0x10
[   47.566968]  ret_from_fork+0x41/0x70
[   47.567665]  ? __pfx_kthread+0x10/0x10
[   47.568571]  ret_from_fork_asm+0x1b/0x30
[   47.569080]  </TASK>
[   47.569441] 
[   47.569769] The buggy address belongs to the physical page:
[   47.570430] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102568
[   47.571812] head:(____ptrval____) order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   47.572490] flags: 0x200000000000040(head|node=0|zone=2)
[   47.573208] page_type: 0xffffffff()
[   47.573785] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   47.574649] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   47.575320] page dumped because: kasan: bad access detected
[   47.576171] 
[   47.576618] Memory state around the buggy address:
[   47.577203]  ffff888102569f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.578103]  ffff88810256a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.578767] >ffff88810256a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   47.579563]                                                              ^
[   47.580676]  ffff88810256a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.581387]  ffff88810256a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   47.582150] ==================================================================

KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2scp7HAa1iha7YmHo9amhA3Zoaf

job_id

TEST:linaro@lkft#2scpCxUulzfryZ2TsikmwEK1AdZ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2scpCxUulzfryZ2TsikmwEK1AdZ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp8zm5hJl6SmQE8n6U8Q9QI98/bzImage
sha256sum	8eb2ae8e2796c2c768fe9124a5be0c7c1089c70896d72f85fffbc7ea6d73a065

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp8zm5hJl6SmQE8n6U8Q9QI98/modules.tar.xz
sha256sum	c3edc49215a4679c3efacc9117c8ce65958bd3361473b1888be9bf96d1d7fbbb

durations

tests

boot	895.00
kunit	0

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.0+ds-2

Metadata

Failure - qemu-armv7 - gcc-13-lkftconfig-kunit KNOWN ISSUE

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE