Date
June 8, 2025, 11:09 p.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 26.064049] ================================================================== [ 26.064300] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 26.064458] Read of size 4 at addr fff00000c641c180 by task swapper/0/0 [ 26.064578] [ 26.064774] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.065050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.065198] Hardware name: linux,dummy-virt (DT) [ 26.065413] Call trace: [ 26.065482] show_stack+0x20/0x38 (C) [ 26.065628] dump_stack_lvl+0x8c/0xd0 [ 26.065755] print_report+0x118/0x608 [ 26.065878] kasan_report+0xdc/0x128 [ 26.066020] __asan_report_load4_noabort+0x20/0x30 [ 26.066152] rcu_uaf_reclaim+0x64/0x70 [ 26.066685] rcu_core+0x9f4/0x1e20 [ 26.066923] rcu_core_si+0x18/0x30 [ 26.067198] handle_softirqs+0x374/0xb28 [ 26.067414] __do_softirq+0x1c/0x28 [ 26.067772] ____do_softirq+0x18/0x30 [ 26.067896] call_on_irq_stack+0x24/0x30 [ 26.068033] do_softirq_own_stack+0x24/0x38 [ 26.070040] __irq_exit_rcu+0x1fc/0x318 [ 26.070663] irq_exit_rcu+0x1c/0x80 [ 26.070785] el1_interrupt+0x38/0x58 [ 26.071439] el1h_64_irq_handler+0x18/0x28 [ 26.071590] el1h_64_irq+0x6c/0x70 [ 26.071849] arch_local_irq_enable+0x4/0x8 (P) [ 26.072057] do_idle+0x384/0x4e8 [ 26.072251] cpu_startup_entry+0x64/0x80 [ 26.073004] rest_init+0x160/0x188 [ 26.073141] start_kernel+0x30c/0x3d0 [ 26.073290] __primary_switched+0x8c/0xa0 [ 26.073433] [ 26.073482] Allocated by task 198: [ 26.073582] kasan_save_stack+0x3c/0x68 [ 26.073690] kasan_save_track+0x20/0x40 [ 26.073785] kasan_save_alloc_info+0x40/0x58 [ 26.073962] __kasan_kmalloc+0xd4/0xd8 [ 26.074068] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.074361] rcu_uaf+0xb0/0x2d8 [ 26.074472] kunit_try_run_case+0x170/0x3f0 [ 26.074686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.074801] kthread+0x328/0x630 [ 26.074914] ret_from_fork+0x10/0x20 [ 26.075059] [ 26.075158] Freed by task 0: [ 26.075262] kasan_save_stack+0x3c/0x68 [ 26.075386] kasan_save_track+0x20/0x40 [ 26.075492] kasan_save_free_info+0x4c/0x78 [ 26.075611] __kasan_slab_free+0x6c/0x98 [ 26.075784] kfree+0x214/0x3c8 [ 26.075883] rcu_uaf_reclaim+0x28/0x70 [ 26.076013] rcu_core+0x9f4/0x1e20 [ 26.076200] rcu_core_si+0x18/0x30 [ 26.076396] handle_softirqs+0x374/0xb28 [ 26.076558] __do_softirq+0x1c/0x28 [ 26.076684] [ 26.076823] Last potentially related work creation: [ 26.076913] kasan_save_stack+0x3c/0x68 [ 26.077085] kasan_record_aux_stack+0xb4/0xc8 [ 26.077211] __call_rcu_common.constprop.0+0x70/0x8b0 [ 26.077330] call_rcu+0x18/0x30 [ 26.077423] rcu_uaf+0x14c/0x2d8 [ 26.077559] kunit_try_run_case+0x170/0x3f0 [ 26.077656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.077766] kthread+0x328/0x630 [ 26.077867] ret_from_fork+0x10/0x20 [ 26.078189] [ 26.078254] The buggy address belongs to the object at fff00000c641c180 [ 26.078254] which belongs to the cache kmalloc-32 of size 32 [ 26.078446] The buggy address is located 0 bytes inside of [ 26.078446] freed 32-byte region [fff00000c641c180, fff00000c641c1a0) [ 26.078654] [ 26.078819] The buggy address belongs to the physical page: [ 26.078916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641c [ 26.079127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.079499] page_type: f5(slab) [ 26.079608] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 26.079736] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.079837] page dumped because: kasan: bad access detected [ 26.079912] [ 26.079996] Memory state around the buggy address: [ 26.080174] fff00000c641c080: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 26.080391] fff00000c641c100: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.080536] >fff00000c641c180: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 26.080637] ^ [ 26.080721] fff00000c641c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.080866] fff00000c641c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.080988] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 25.796923] ================================================================== [ 25.797140] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 25.797281] Read of size 1 at addr fff00000c6507a00 by task kunit_try_catch/196 [ 25.797396] [ 25.797479] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.797674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.797740] Hardware name: linux,dummy-virt (DT) [ 25.797821] Call trace: [ 25.797886] show_stack+0x20/0x38 (C) [ 25.798040] dump_stack_lvl+0x8c/0xd0 [ 25.798258] print_report+0x118/0x608 [ 25.798397] kasan_report+0xdc/0x128 [ 25.798527] __kasan_check_byte+0x54/0x70 [ 25.799189] ksize+0x30/0x88 [ 25.799497] ksize_uaf+0x168/0x5f8 [ 25.799680] kunit_try_run_case+0x170/0x3f0 [ 25.799977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.800178] kthread+0x328/0x630 [ 25.800294] ret_from_fork+0x10/0x20 [ 25.800426] [ 25.800569] Allocated by task 196: [ 25.800778] kasan_save_stack+0x3c/0x68 [ 25.800979] kasan_save_track+0x20/0x40 [ 25.801091] kasan_save_alloc_info+0x40/0x58 [ 25.801279] __kasan_kmalloc+0xd4/0xd8 [ 25.801390] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.801849] ksize_uaf+0xb8/0x5f8 [ 25.802099] kunit_try_run_case+0x170/0x3f0 [ 25.802216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.802535] kthread+0x328/0x630 [ 25.802730] ret_from_fork+0x10/0x20 [ 25.802883] [ 25.802987] Freed by task 196: [ 25.803163] kasan_save_stack+0x3c/0x68 [ 25.803272] kasan_save_track+0x20/0x40 [ 25.803380] kasan_save_free_info+0x4c/0x78 [ 25.803515] __kasan_slab_free+0x6c/0x98 [ 25.803712] kfree+0x214/0x3c8 [ 25.803859] ksize_uaf+0x11c/0x5f8 [ 25.803976] kunit_try_run_case+0x170/0x3f0 [ 25.804129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.804259] kthread+0x328/0x630 [ 25.804354] ret_from_fork+0x10/0x20 [ 25.804888] [ 25.804983] The buggy address belongs to the object at fff00000c6507a00 [ 25.804983] which belongs to the cache kmalloc-128 of size 128 [ 25.805122] The buggy address is located 0 bytes inside of [ 25.805122] freed 128-byte region [fff00000c6507a00, fff00000c6507a80) [ 25.805265] [ 25.805385] The buggy address belongs to the physical page: [ 25.805589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.805758] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.806136] page_type: f5(slab) [ 25.806488] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.807006] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.807289] page dumped because: kasan: bad access detected [ 25.807374] [ 25.807455] Memory state around the buggy address: [ 25.807535] fff00000c6507900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.807691] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.807811] >fff00000c6507a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.807914] ^ [ 25.808201] fff00000c6507a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.808849] fff00000c6507b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.809043] ================================================================== [ 25.810361] ================================================================== [ 25.810497] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 25.810698] Read of size 1 at addr fff00000c6507a00 by task kunit_try_catch/196 [ 25.810895] [ 25.810987] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.811314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.811386] Hardware name: linux,dummy-virt (DT) [ 25.811537] Call trace: [ 25.811629] show_stack+0x20/0x38 (C) [ 25.811825] dump_stack_lvl+0x8c/0xd0 [ 25.812032] print_report+0x118/0x608 [ 25.812360] kasan_report+0xdc/0x128 [ 25.812490] __asan_report_load1_noabort+0x20/0x30 [ 25.812792] ksize_uaf+0x598/0x5f8 [ 25.812962] kunit_try_run_case+0x170/0x3f0 [ 25.813110] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.813305] kthread+0x328/0x630 [ 25.813432] ret_from_fork+0x10/0x20 [ 25.813693] [ 25.813831] Allocated by task 196: [ 25.813959] kasan_save_stack+0x3c/0x68 [ 25.814141] kasan_save_track+0x20/0x40 [ 25.814265] kasan_save_alloc_info+0x40/0x58 [ 25.814462] __kasan_kmalloc+0xd4/0xd8 [ 25.814703] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.814851] ksize_uaf+0xb8/0x5f8 [ 25.815140] kunit_try_run_case+0x170/0x3f0 [ 25.815255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.815370] kthread+0x328/0x630 [ 25.815492] ret_from_fork+0x10/0x20 [ 25.815602] [ 25.815661] Freed by task 196: [ 25.816021] kasan_save_stack+0x3c/0x68 [ 25.816459] kasan_save_track+0x20/0x40 [ 25.816876] kasan_save_free_info+0x4c/0x78 [ 25.817004] __kasan_slab_free+0x6c/0x98 [ 25.817604] kfree+0x214/0x3c8 [ 25.817846] ksize_uaf+0x11c/0x5f8 [ 25.818012] kunit_try_run_case+0x170/0x3f0 [ 25.818124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.818235] kthread+0x328/0x630 [ 25.818360] ret_from_fork+0x10/0x20 [ 25.818629] [ 25.818706] The buggy address belongs to the object at fff00000c6507a00 [ 25.818706] which belongs to the cache kmalloc-128 of size 128 [ 25.818849] The buggy address is located 0 bytes inside of [ 25.818849] freed 128-byte region [fff00000c6507a00, fff00000c6507a80) [ 25.819036] [ 25.819187] The buggy address belongs to the physical page: [ 25.819269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.819752] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.820127] page_type: f5(slab) [ 25.820309] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.820435] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.820544] page dumped because: kasan: bad access detected [ 25.820627] [ 25.820704] Memory state around the buggy address: [ 25.820802] fff00000c6507900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.821119] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.821229] >fff00000c6507a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.821320] ^ [ 25.821461] fff00000c6507a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.821746] fff00000c6507b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822168] ================================================================== [ 25.823497] ================================================================== [ 25.823692] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 25.823882] Read of size 1 at addr fff00000c6507a78 by task kunit_try_catch/196 [ 25.824021] [ 25.824092] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.824288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.824352] Hardware name: linux,dummy-virt (DT) [ 25.824424] Call trace: [ 25.824485] show_stack+0x20/0x38 (C) [ 25.824616] dump_stack_lvl+0x8c/0xd0 [ 25.824739] print_report+0x118/0x608 [ 25.824858] kasan_report+0xdc/0x128 [ 25.824996] __asan_report_load1_noabort+0x20/0x30 [ 25.825124] ksize_uaf+0x544/0x5f8 [ 25.825232] kunit_try_run_case+0x170/0x3f0 [ 25.825354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.825482] kthread+0x328/0x630 [ 25.825597] ret_from_fork+0x10/0x20 [ 25.825713] [ 25.825755] Allocated by task 196: [ 25.825857] kasan_save_stack+0x3c/0x68 [ 25.826052] kasan_save_track+0x20/0x40 [ 25.826201] kasan_save_alloc_info+0x40/0x58 [ 25.826376] __kasan_kmalloc+0xd4/0xd8 [ 25.826529] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.826700] ksize_uaf+0xb8/0x5f8 [ 25.826876] kunit_try_run_case+0x170/0x3f0 [ 25.827188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.827394] kthread+0x328/0x630 [ 25.827489] ret_from_fork+0x10/0x20 [ 25.827679] [ 25.827726] Freed by task 196: [ 25.827928] kasan_save_stack+0x3c/0x68 [ 25.828071] kasan_save_track+0x20/0x40 [ 25.828173] kasan_save_free_info+0x4c/0x78 [ 25.828314] __kasan_slab_free+0x6c/0x98 [ 25.829391] kfree+0x214/0x3c8 [ 25.829520] ksize_uaf+0x11c/0x5f8 [ 25.829608] kunit_try_run_case+0x170/0x3f0 [ 25.829717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.829832] kthread+0x328/0x630 [ 25.829917] ret_from_fork+0x10/0x20 [ 25.830030] [ 25.830079] The buggy address belongs to the object at fff00000c6507a00 [ 25.830079] which belongs to the cache kmalloc-128 of size 128 [ 25.830217] The buggy address is located 120 bytes inside of [ 25.830217] freed 128-byte region [fff00000c6507a00, fff00000c6507a80) [ 25.830364] [ 25.830425] The buggy address belongs to the physical page: [ 25.830519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.830673] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.830814] page_type: f5(slab) [ 25.830925] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.831236] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.831354] page dumped because: kasan: bad access detected [ 25.831446] [ 25.831599] Memory state around the buggy address: [ 25.831834] fff00000c6507900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.831965] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832146] >fff00000c6507a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.832245] ^ [ 25.832363] fff00000c6507a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832492] fff00000c6507b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832684] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 25.720616] ================================================================== [ 25.720738] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 25.720865] Read of size 1 at addr fff00000c6507973 by task kunit_try_catch/194 [ 25.721019] [ 25.721109] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.721499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.722257] Hardware name: linux,dummy-virt (DT) [ 25.722453] Call trace: [ 25.722617] show_stack+0x20/0x38 (C) [ 25.722916] dump_stack_lvl+0x8c/0xd0 [ 25.723081] print_report+0x118/0x608 [ 25.723697] kasan_report+0xdc/0x128 [ 25.724043] __asan_report_load1_noabort+0x20/0x30 [ 25.724185] ksize_unpoisons_memory+0x628/0x740 [ 25.724561] kunit_try_run_case+0x170/0x3f0 [ 25.724737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.724899] kthread+0x328/0x630 [ 25.725050] ret_from_fork+0x10/0x20 [ 25.725284] [ 25.725335] Allocated by task 194: [ 25.725409] kasan_save_stack+0x3c/0x68 [ 25.725518] kasan_save_track+0x20/0x40 [ 25.725611] kasan_save_alloc_info+0x40/0x58 [ 25.725775] __kasan_kmalloc+0xd4/0xd8 [ 25.726065] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.726174] ksize_unpoisons_memory+0xc0/0x740 [ 25.726268] kunit_try_run_case+0x170/0x3f0 [ 25.726357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.726518] kthread+0x328/0x630 [ 25.726611] ret_from_fork+0x10/0x20 [ 25.726705] [ 25.726764] The buggy address belongs to the object at fff00000c6507900 [ 25.726764] which belongs to the cache kmalloc-128 of size 128 [ 25.727170] The buggy address is located 0 bytes to the right of [ 25.727170] allocated 115-byte region [fff00000c6507900, fff00000c6507973) [ 25.727608] [ 25.727672] The buggy address belongs to the physical page: [ 25.727880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.728052] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.728868] page_type: f5(slab) [ 25.729290] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.729466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.729569] page dumped because: kasan: bad access detected [ 25.729648] [ 25.729696] Memory state around the buggy address: [ 25.730204] fff00000c6507800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.730547] fff00000c6507880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.730671] >fff00000c6507900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.731116] ^ [ 25.731265] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.731535] fff00000c6507a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.731960] ================================================================== [ 25.734798] ================================================================== [ 25.735164] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 25.735282] Read of size 1 at addr fff00000c6507978 by task kunit_try_catch/194 [ 25.735398] [ 25.735474] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.735955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.736179] Hardware name: linux,dummy-virt (DT) [ 25.736296] Call trace: [ 25.736363] show_stack+0x20/0x38 (C) [ 25.736509] dump_stack_lvl+0x8c/0xd0 [ 25.736715] print_report+0x118/0x608 [ 25.736915] kasan_report+0xdc/0x128 [ 25.737054] __asan_report_load1_noabort+0x20/0x30 [ 25.737195] ksize_unpoisons_memory+0x618/0x740 [ 25.737326] kunit_try_run_case+0x170/0x3f0 [ 25.737463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.737617] kthread+0x328/0x630 [ 25.737762] ret_from_fork+0x10/0x20 [ 25.738277] [ 25.738324] Allocated by task 194: [ 25.738413] kasan_save_stack+0x3c/0x68 [ 25.738573] kasan_save_track+0x20/0x40 [ 25.738676] kasan_save_alloc_info+0x40/0x58 [ 25.739011] __kasan_kmalloc+0xd4/0xd8 [ 25.739115] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.739230] ksize_unpoisons_memory+0xc0/0x740 [ 25.739335] kunit_try_run_case+0x170/0x3f0 [ 25.739448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.739904] kthread+0x328/0x630 [ 25.740023] ret_from_fork+0x10/0x20 [ 25.740114] [ 25.740164] The buggy address belongs to the object at fff00000c6507900 [ 25.740164] which belongs to the cache kmalloc-128 of size 128 [ 25.740310] The buggy address is located 5 bytes to the right of [ 25.740310] allocated 115-byte region [fff00000c6507900, fff00000c6507973) [ 25.742046] [ 25.742256] The buggy address belongs to the physical page: [ 25.742346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.742481] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.743305] page_type: f5(slab) [ 25.743434] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.743569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.744430] page dumped because: kasan: bad access detected [ 25.744823] [ 25.744870] Memory state around the buggy address: [ 25.745580] fff00000c6507800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.745719] fff00000c6507880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.746513] >fff00000c6507900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.746621] ^ [ 25.747158] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.747290] fff00000c6507a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.747708] ================================================================== [ 25.749455] ================================================================== [ 25.749559] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 25.749671] Read of size 1 at addr fff00000c650797f by task kunit_try_catch/194 [ 25.749787] [ 25.749856] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.750084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.750755] Hardware name: linux,dummy-virt (DT) [ 25.750848] Call trace: [ 25.750925] show_stack+0x20/0x38 (C) [ 25.751075] dump_stack_lvl+0x8c/0xd0 [ 25.751565] print_report+0x118/0x608 [ 25.752027] kasan_report+0xdc/0x128 [ 25.752525] __asan_report_load1_noabort+0x20/0x30 [ 25.752817] ksize_unpoisons_memory+0x690/0x740 [ 25.753431] kunit_try_run_case+0x170/0x3f0 [ 25.754503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.754653] kthread+0x328/0x630 [ 25.755246] ret_from_fork+0x10/0x20 [ 25.756220] [ 25.756353] Allocated by task 194: [ 25.756427] kasan_save_stack+0x3c/0x68 [ 25.757096] kasan_save_track+0x20/0x40 [ 25.757245] kasan_save_alloc_info+0x40/0x58 [ 25.757350] __kasan_kmalloc+0xd4/0xd8 [ 25.757459] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.757719] ksize_unpoisons_memory+0xc0/0x740 [ 25.757821] kunit_try_run_case+0x170/0x3f0 [ 25.757964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.758112] kthread+0x328/0x630 [ 25.758363] ret_from_fork+0x10/0x20 [ 25.758503] [ 25.758567] The buggy address belongs to the object at fff00000c6507900 [ 25.758567] which belongs to the cache kmalloc-128 of size 128 [ 25.758827] The buggy address is located 12 bytes to the right of [ 25.758827] allocated 115-byte region [fff00000c6507900, fff00000c6507973) [ 25.759017] [ 25.759074] The buggy address belongs to the physical page: [ 25.759158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.759311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.759471] page_type: f5(slab) [ 25.760141] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.760417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.760530] page dumped because: kasan: bad access detected [ 25.760917] [ 25.760979] Memory state around the buggy address: [ 25.761064] fff00000c6507800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.761408] fff00000c6507880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.761590] >fff00000c6507900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.761714] ^ [ 25.762005] fff00000c6507980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.762340] fff00000c6507a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.762455] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 25.677198] ================================================================== [ 25.677335] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 25.677450] Free of addr fff00000c62bd320 by task kunit_try_catch/192 [ 25.677548] [ 25.677613] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.677804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.677884] Hardware name: linux,dummy-virt (DT) [ 25.678011] Call trace: [ 25.678082] show_stack+0x20/0x38 (C) [ 25.678225] dump_stack_lvl+0x8c/0xd0 [ 25.678371] print_report+0x118/0x608 [ 25.678504] kasan_report_invalid_free+0xc0/0xe8 [ 25.678651] check_slab_allocation+0xd4/0x108 [ 25.678794] __kasan_slab_pre_free+0x2c/0x48 [ 25.679055] kfree+0xe8/0x3c8 [ 25.679432] kfree_sensitive+0x3c/0xb0 [ 25.679921] kmalloc_double_kzfree+0x168/0x308 [ 25.680477] kunit_try_run_case+0x170/0x3f0 [ 25.680982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.681127] kthread+0x328/0x630 [ 25.681329] ret_from_fork+0x10/0x20 [ 25.681618] [ 25.682135] Allocated by task 192: [ 25.682372] kasan_save_stack+0x3c/0x68 [ 25.682636] kasan_save_track+0x20/0x40 [ 25.682750] kasan_save_alloc_info+0x40/0x58 [ 25.682876] __kasan_kmalloc+0xd4/0xd8 [ 25.682993] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.683475] kmalloc_double_kzfree+0xb8/0x308 [ 25.683726] kunit_try_run_case+0x170/0x3f0 [ 25.683979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.684138] kthread+0x328/0x630 [ 25.684395] ret_from_fork+0x10/0x20 [ 25.684971] [ 25.685047] Freed by task 192: [ 25.685176] kasan_save_stack+0x3c/0x68 [ 25.685298] kasan_save_track+0x20/0x40 [ 25.685592] kasan_save_free_info+0x4c/0x78 [ 25.685826] __kasan_slab_free+0x6c/0x98 [ 25.685987] kfree+0x214/0x3c8 [ 25.686203] kfree_sensitive+0x80/0xb0 [ 25.686351] kmalloc_double_kzfree+0x11c/0x308 [ 25.686454] kunit_try_run_case+0x170/0x3f0 [ 25.687059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.687234] kthread+0x328/0x630 [ 25.687490] ret_from_fork+0x10/0x20 [ 25.687739] [ 25.687833] The buggy address belongs to the object at fff00000c62bd320 [ 25.687833] which belongs to the cache kmalloc-16 of size 16 [ 25.688141] The buggy address is located 0 bytes inside of [ 25.688141] 16-byte region [fff00000c62bd320, fff00000c62bd330) [ 25.688309] [ 25.688364] The buggy address belongs to the physical page: [ 25.688719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.689097] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.689219] page_type: f5(slab) [ 25.689339] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.689468] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.689579] page dumped because: kasan: bad access detected [ 25.689658] [ 25.689701] Memory state around the buggy address: [ 25.689777] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.689880] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.690015] >fff00000c62bd300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.690113] ^ [ 25.690217] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690327] fff00000c62bd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690419] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.657559] ================================================================== [ 25.657907] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 25.658246] Read of size 1 at addr fff00000c62bd320 by task kunit_try_catch/192 [ 25.658564] [ 25.658767] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.659082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.659175] Hardware name: linux,dummy-virt (DT) [ 25.659260] Call trace: [ 25.659326] show_stack+0x20/0x38 (C) [ 25.659957] dump_stack_lvl+0x8c/0xd0 [ 25.660257] print_report+0x118/0x608 [ 25.660389] kasan_report+0xdc/0x128 [ 25.660529] __kasan_check_byte+0x54/0x70 [ 25.660744] kfree_sensitive+0x30/0xb0 [ 25.660974] kmalloc_double_kzfree+0x168/0x308 [ 25.661156] kunit_try_run_case+0x170/0x3f0 [ 25.661299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.661610] kthread+0x328/0x630 [ 25.661727] ret_from_fork+0x10/0x20 [ 25.661852] [ 25.661901] Allocated by task 192: [ 25.662001] kasan_save_stack+0x3c/0x68 [ 25.662366] kasan_save_track+0x20/0x40 [ 25.662590] kasan_save_alloc_info+0x40/0x58 [ 25.662828] __kasan_kmalloc+0xd4/0xd8 [ 25.663017] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.663381] kmalloc_double_kzfree+0xb8/0x308 [ 25.663836] kunit_try_run_case+0x170/0x3f0 [ 25.664124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.664438] kthread+0x328/0x630 [ 25.664566] ret_from_fork+0x10/0x20 [ 25.664837] [ 25.664902] Freed by task 192: [ 25.664996] kasan_save_stack+0x3c/0x68 [ 25.665565] kasan_save_track+0x20/0x40 [ 25.666108] kasan_save_free_info+0x4c/0x78 [ 25.666240] __kasan_slab_free+0x6c/0x98 [ 25.666742] kfree+0x214/0x3c8 [ 25.666850] kfree_sensitive+0x80/0xb0 [ 25.667213] kmalloc_double_kzfree+0x11c/0x308 [ 25.667516] kunit_try_run_case+0x170/0x3f0 [ 25.667903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.668504] kthread+0x328/0x630 [ 25.668633] ret_from_fork+0x10/0x20 [ 25.668743] [ 25.668828] The buggy address belongs to the object at fff00000c62bd320 [ 25.668828] which belongs to the cache kmalloc-16 of size 16 [ 25.668983] The buggy address is located 0 bytes inside of [ 25.668983] freed 16-byte region [fff00000c62bd320, fff00000c62bd330) [ 25.669242] [ 25.669549] The buggy address belongs to the physical page: [ 25.669756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.670318] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.670702] page_type: f5(slab) [ 25.670903] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.671388] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.671839] page dumped because: kasan: bad access detected [ 25.671922] [ 25.672186] Memory state around the buggy address: [ 25.672282] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.672719] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.673076] >fff00000c62bd300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.673466] ^ [ 25.673555] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.673660] fff00000c62bd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.674144] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.603374] ================================================================== [ 25.604097] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 25.604491] Read of size 1 at addr fff00000c6418728 by task kunit_try_catch/188 [ 25.604631] [ 25.604957] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.605796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.605893] Hardware name: linux,dummy-virt (DT) [ 25.605993] Call trace: [ 25.606101] show_stack+0x20/0x38 (C) [ 25.606362] dump_stack_lvl+0x8c/0xd0 [ 25.606998] print_report+0x118/0x608 [ 25.607166] kasan_report+0xdc/0x128 [ 25.607317] __asan_report_load1_noabort+0x20/0x30 [ 25.607889] kmalloc_uaf2+0x3f4/0x468 [ 25.608029] kunit_try_run_case+0x170/0x3f0 [ 25.608346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.608665] kthread+0x328/0x630 [ 25.608818] ret_from_fork+0x10/0x20 [ 25.609081] [ 25.609128] Allocated by task 188: [ 25.609285] kasan_save_stack+0x3c/0x68 [ 25.609424] kasan_save_track+0x20/0x40 [ 25.609659] kasan_save_alloc_info+0x40/0x58 [ 25.609763] __kasan_kmalloc+0xd4/0xd8 [ 25.609855] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.609974] kmalloc_uaf2+0xc4/0x468 [ 25.610061] kunit_try_run_case+0x170/0x3f0 [ 25.610154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.610361] kthread+0x328/0x630 [ 25.610529] ret_from_fork+0x10/0x20 [ 25.610673] [ 25.610801] Freed by task 188: [ 25.610916] kasan_save_stack+0x3c/0x68 [ 25.611057] kasan_save_track+0x20/0x40 [ 25.611173] kasan_save_free_info+0x4c/0x78 [ 25.611293] __kasan_slab_free+0x6c/0x98 [ 25.611403] kfree+0x214/0x3c8 [ 25.611507] kmalloc_uaf2+0x134/0x468 [ 25.611610] kunit_try_run_case+0x170/0x3f0 [ 25.611725] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.611876] kthread+0x328/0x630 [ 25.612024] ret_from_fork+0x10/0x20 [ 25.612127] [ 25.612185] The buggy address belongs to the object at fff00000c6418700 [ 25.612185] which belongs to the cache kmalloc-64 of size 64 [ 25.612334] The buggy address is located 40 bytes inside of [ 25.612334] freed 64-byte region [fff00000c6418700, fff00000c6418740) [ 25.612503] [ 25.612557] The buggy address belongs to the physical page: [ 25.612677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 25.612873] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.613142] page_type: f5(slab) [ 25.613299] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 25.613478] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.613664] page dumped because: kasan: bad access detected [ 25.613747] [ 25.613795] Memory state around the buggy address: [ 25.613881] fff00000c6418600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.614027] fff00000c6418680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.614149] >fff00000c6418700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.614254] ^ [ 25.614335] fff00000c6418780: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.614440] fff00000c6418800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.614554] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.568899] ================================================================== [ 25.569231] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 25.569436] Write of size 33 at addr fff00000c6418580 by task kunit_try_catch/186 [ 25.569838] [ 25.570205] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.570859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.571469] Hardware name: linux,dummy-virt (DT) [ 25.572403] Call trace: [ 25.572703] show_stack+0x20/0x38 (C) [ 25.573012] dump_stack_lvl+0x8c/0xd0 [ 25.573624] print_report+0x118/0x608 [ 25.574533] kasan_report+0xdc/0x128 [ 25.574692] kasan_check_range+0x100/0x1a8 [ 25.574812] __asan_memset+0x34/0x78 [ 25.574954] kmalloc_uaf_memset+0x170/0x310 [ 25.576287] kunit_try_run_case+0x170/0x3f0 [ 25.577141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.578078] kthread+0x328/0x630 [ 25.578258] ret_from_fork+0x10/0x20 [ 25.578382] [ 25.578429] Allocated by task 186: [ 25.578498] kasan_save_stack+0x3c/0x68 [ 25.579978] kasan_save_track+0x20/0x40 [ 25.580094] kasan_save_alloc_info+0x40/0x58 [ 25.580443] __kasan_kmalloc+0xd4/0xd8 [ 25.580570] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.580842] kmalloc_uaf_memset+0xb8/0x310 [ 25.581072] kunit_try_run_case+0x170/0x3f0 [ 25.581174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.581296] kthread+0x328/0x630 [ 25.581494] ret_from_fork+0x10/0x20 [ 25.581584] [ 25.581632] Freed by task 186: [ 25.581702] kasan_save_stack+0x3c/0x68 [ 25.581797] kasan_save_track+0x20/0x40 [ 25.581911] kasan_save_free_info+0x4c/0x78 [ 25.582096] __kasan_slab_free+0x6c/0x98 [ 25.582361] kfree+0x214/0x3c8 [ 25.582455] kmalloc_uaf_memset+0x11c/0x310 [ 25.582952] kunit_try_run_case+0x170/0x3f0 [ 25.583254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.583700] kthread+0x328/0x630 [ 25.583804] ret_from_fork+0x10/0x20 [ 25.583892] [ 25.583967] The buggy address belongs to the object at fff00000c6418580 [ 25.583967] which belongs to the cache kmalloc-64 of size 64 [ 25.584304] The buggy address is located 0 bytes inside of [ 25.584304] freed 64-byte region [fff00000c6418580, fff00000c64185c0) [ 25.584560] [ 25.584651] The buggy address belongs to the physical page: [ 25.584855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 25.585254] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.585453] page_type: f5(slab) [ 25.585547] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 25.585672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.585769] page dumped because: kasan: bad access detected [ 25.585890] [ 25.585980] Memory state around the buggy address: [ 25.586070] fff00000c6418480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.586464] fff00000c6418500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.586594] >fff00000c6418580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.586911] ^ [ 25.587185] fff00000c6418600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.587474] fff00000c6418680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.587578] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 38.030406] ================================================================== [ 38.030633] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 38.030633] [ 38.030843] Invalid read at 0x000000003966563a: [ 38.031020] test_invalid_access+0xdc/0x1f0 [ 38.031175] kunit_try_run_case+0x170/0x3f0 [ 38.031306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.031431] kthread+0x328/0x630 [ 38.031638] ret_from_fork+0x10/0x20 [ 38.032016] [ 38.032136] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 38.032327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.032412] Hardware name: linux,dummy-virt (DT) [ 38.032524] ==================================================================
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 29.445904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x40fc/0x4858 [ 29.378678] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f7c/0x4858 [ 29.476402] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f94/0x4858
Failure - log-parser-boot - internal-error-oops-oops-smp
[ 117.624074] Internal error: Oops: 0000000096000005 [#1] SMP [ 117.633484] Modules linked in: [ 117.634503] CPU: 1 UID: 0 PID: 580 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 117.636626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 117.638057] Hardware name: linux,dummy-virt (DT) [ 117.639013] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 117.640494] pc : kunit_test_null_dereference+0x70/0x170 [ 117.641608] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 117.642697] sp : ffff800080d57d30 [ 117.643494] x29: ffff800080d57d90 x28: 0000000000000000 x27: 0000000000000000 [ 117.644900] x26: 1ffe000018c87ee1 x25: 0000000000000000 x24: 0000000000000004 [ 117.646424] x23: fff00000c643f70c x22: ffffa6ed51c578b8 x21: fff00000c43a0288 [ 117.647499] x20: 1ffff000101aafa6 x19: ffff800080087990 x18: 0000000087a74730 [ 117.648449] x17: 0000000000000001 x16: fff00000da468d28 x15: 00000000cdc5a0e3 [ 117.649398] x14: 0000000035a4dfa6 x13: 1ffe00001b48d189 x12: fffd8000193568b4 [ 117.650348] x11: 1ffe0000193568b3 x10: fffd8000193568b3 x9 : ffffa6ed51c4ed20 [ 117.651352] x8 : ffff800080d57c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 117.652262] x5 : ffff7000101aafa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 117.653170] x2 : dfff800000000000 x1 : fff00000c9ab3cc0 x0 : ffff800080087990 [ 117.654160] Call trace: [ 117.654554] kunit_test_null_dereference+0x70/0x170 (P) [ 117.655230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 117.655896] kthread+0x328/0x630 [ 117.656398] ret_from_fork+0x10/0x20 [ 117.657381] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 117.658452] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 59.541015] ================================================================== [ 59.541121] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 59.541121] [ 59.541227] Use-after-free read at 0x000000002b0b3d28 (in kfence-#184): [ 59.541293] test_krealloc+0x51c/0x830 [ 59.541351] kunit_try_run_case+0x170/0x3f0 [ 59.541410] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.541467] kthread+0x328/0x630 [ 59.541522] ret_from_fork+0x10/0x20 [ 59.541574] [ 59.541603] kfence-#184: 0x000000002b0b3d28-0x000000001ce9b6e2, size=32, cache=kmalloc-32 [ 59.541603] [ 59.541669] allocated by task 337 on cpu 0 at 59.540017s (0.001648s ago): [ 59.541752] test_alloc+0x29c/0x628 [ 59.541807] test_krealloc+0xc0/0x830 [ 59.541858] kunit_try_run_case+0x170/0x3f0 [ 59.541909] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.541982] kthread+0x328/0x630 [ 59.542034] ret_from_fork+0x10/0x20 [ 59.542082] [ 59.542111] freed by task 337 on cpu 0 at 59.540434s (0.001673s ago): [ 59.542186] krealloc_noprof+0x148/0x360 [ 59.542236] test_krealloc+0x1dc/0x830 [ 59.542286] kunit_try_run_case+0x170/0x3f0 [ 59.542334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.542388] kthread+0x328/0x630 [ 59.542431] ret_from_fork+0x10/0x20 [ 59.542479] [ 59.542530] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 59.542624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.542660] Hardware name: linux,dummy-virt (DT) [ 59.542702] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 59.353820] ================================================================== [ 59.353926] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 59.353926] [ 59.354065] Use-after-free read at 0x000000000136638a (in kfence-#182): [ 59.354131] test_memcache_typesafe_by_rcu+0x280/0x560 [ 59.354195] kunit_try_run_case+0x170/0x3f0 [ 59.354258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.354315] kthread+0x328/0x630 [ 59.354367] ret_from_fork+0x10/0x20 [ 59.354418] [ 59.354451] kfence-#182: 0x000000000136638a-0x0000000063b13388, size=32, cache=test [ 59.354451] [ 59.354516] allocated by task 335 on cpu 0 at 59.330119s (0.024393s ago): [ 59.354601] test_alloc+0x230/0x628 [ 59.354654] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 59.354713] kunit_try_run_case+0x170/0x3f0 [ 59.354764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.354818] kthread+0x328/0x630 [ 59.354875] ret_from_fork+0x10/0x20 [ 59.354927] [ 59.354981] freed by task 335 on cpu 0 at 59.330255s (0.024721s ago): [ 59.355058] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 59.355125] kunit_try_run_case+0x170/0x3f0 [ 59.355224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 59.355281] kthread+0x328/0x630 [ 59.355327] ret_from_fork+0x10/0x20 [ 59.355376] [ 59.355430] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 59.355527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.355564] Hardware name: linux,dummy-virt (DT) [ 59.355607] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 37.796275] ================================================================== [ 37.796430] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 37.796430] [ 37.796516] Corrupted memory at 0x00000000b97ebba3 [ ! . . . . . . . . . . . . . . . ] (in kfence-#178): [ 37.796879] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 37.796979] kunit_try_run_case+0x170/0x3f0 [ 37.797048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.797105] kthread+0x328/0x630 [ 37.797160] ret_from_fork+0x10/0x20 [ 37.797210] [ 37.797240] kfence-#178: 0x0000000032987e51-0x00000000cf879059, size=73, cache=kmalloc-96 [ 37.797240] [ 37.797310] allocated by task 325 on cpu 0 at 37.795836s (0.001470s ago): [ 37.797389] test_alloc+0x29c/0x628 [ 37.797443] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 37.797501] kunit_try_run_case+0x170/0x3f0 [ 37.797555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.797612] kthread+0x328/0x630 [ 37.797660] ret_from_fork+0x10/0x20 [ 37.797709] [ 37.797737] freed by task 325 on cpu 0 at 37.796090s (0.001643s ago): [ 37.797815] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 37.797872] kunit_try_run_case+0x170/0x3f0 [ 37.797926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.798004] kthread+0x328/0x630 [ 37.798050] ret_from_fork+0x10/0x20 [ 37.798100] [ 37.798151] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 37.798248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.798286] Hardware name: linux,dummy-virt (DT) [ 37.798327] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 37.380235] ================================================================== [ 37.380356] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 37.380356] [ 37.380469] Out-of-bounds read at 0x000000008a1bd165 (105B right of kfence-#174): [ 37.380543] test_kmalloc_aligned_oob_read+0x238/0x468 [ 37.380611] kunit_try_run_case+0x170/0x3f0 [ 37.380673] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.380731] kthread+0x328/0x630 [ 37.380786] ret_from_fork+0x10/0x20 [ 37.380841] [ 37.380872] kfence-#174: 0x00000000b913e09f-0x000000007242a917, size=73, cache=kmalloc-96 [ 37.380872] [ 37.380965] allocated by task 323 on cpu 0 at 37.379810s (0.001148s ago): [ 37.381058] test_alloc+0x29c/0x628 [ 37.381114] test_kmalloc_aligned_oob_read+0x100/0x468 [ 37.381170] kunit_try_run_case+0x170/0x3f0 [ 37.381224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.381282] kthread+0x328/0x630 [ 37.381330] ret_from_fork+0x10/0x20 [ 37.381382] [ 37.381433] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 37.381532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.381567] Hardware name: linux,dummy-virt (DT) [ 37.381608] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 33.416508] ================================================================== [ 33.416761] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 33.416761] [ 33.416905] Corrupted memory at 0x0000000029a3b41e [ ! ] (in kfence-#136): [ 33.417270] test_corruption+0x1d8/0x378 [ 33.417426] kunit_try_run_case+0x170/0x3f0 [ 33.417600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.417728] kthread+0x328/0x630 [ 33.417838] ret_from_fork+0x10/0x20 [ 33.417959] [ 33.418021] kfence-#136: 0x00000000993ea147-0x0000000046023a47, size=32, cache=test [ 33.418021] [ 33.418166] allocated by task 313 on cpu 0 at 33.416011s (0.002131s ago): [ 33.418444] test_alloc+0x230/0x628 [ 33.418562] test_corruption+0x198/0x378 [ 33.418678] kunit_try_run_case+0x170/0x3f0 [ 33.418815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.419067] kthread+0x328/0x630 [ 33.419171] ret_from_fork+0x10/0x20 [ 33.419396] [ 33.419459] freed by task 313 on cpu 0 at 33.416132s (0.003318s ago): [ 33.419817] test_corruption+0x1d8/0x378 [ 33.420111] kunit_try_run_case+0x170/0x3f0 [ 33.420720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.420971] kthread+0x328/0x630 [ 33.421068] ret_from_fork+0x10/0x20 [ 33.421198] [ 33.421436] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 33.422521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.422662] Hardware name: linux,dummy-virt (DT) [ 33.422763] ================================================================== [ 32.886489] ================================================================== [ 32.886633] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 32.886633] [ 32.886760] Corrupted memory at 0x00000000e67e92dd [ ! . . . . . . . . . . . . . . . ] (in kfence-#131): [ 32.892574] test_corruption+0x278/0x378 [ 32.893244] kunit_try_run_case+0x170/0x3f0 [ 32.893690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.893809] kthread+0x328/0x630 [ 32.893914] ret_from_fork+0x10/0x20 [ 32.894040] [ 32.895342] kfence-#131: 0x00000000858acf21-0x000000004e32e3e2, size=32, cache=kmalloc-32 [ 32.895342] [ 32.895514] allocated by task 311 on cpu 0 at 32.886166s (0.009341s ago): [ 32.895603] test_alloc+0x29c/0x628 [ 32.895687] test_corruption+0xdc/0x378 [ 32.895839] kunit_try_run_case+0x170/0x3f0 [ 32.895957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.896073] kthread+0x328/0x630 [ 32.896242] ret_from_fork+0x10/0x20 [ 32.896614] [ 32.896838] freed by task 311 on cpu 0 at 32.886328s (0.010502s ago): [ 32.897526] test_corruption+0x278/0x378 [ 32.898002] kunit_try_run_case+0x170/0x3f0 [ 32.898119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.898330] kthread+0x328/0x630 [ 32.898434] ret_from_fork+0x10/0x20 [ 32.898988] [ 32.899555] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.900411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.900627] Hardware name: linux,dummy-virt (DT) [ 32.900718] ================================================================== [ 33.203104] ================================================================== [ 33.203387] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 33.203387] [ 33.203948] Corrupted memory at 0x00000000c93e28f1 [ ! . . . . . . . . . . . . . . . ] (in kfence-#134): [ 33.207332] test_corruption+0x120/0x378 [ 33.207580] kunit_try_run_case+0x170/0x3f0 [ 33.207709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.208384] kthread+0x328/0x630 [ 33.208656] ret_from_fork+0x10/0x20 [ 33.209204] [ 33.209292] kfence-#134: 0x000000003a104f1d-0x000000007a28f13b, size=32, cache=test [ 33.209292] [ 33.209508] allocated by task 313 on cpu 0 at 33.202342s (0.007149s ago): [ 33.209800] test_alloc+0x230/0x628 [ 33.210065] test_corruption+0xdc/0x378 [ 33.210190] kunit_try_run_case+0x170/0x3f0 [ 33.210668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.210831] kthread+0x328/0x630 [ 33.210974] ret_from_fork+0x10/0x20 [ 33.211080] [ 33.211670] freed by task 313 on cpu 0 at 33.202850s (0.008784s ago): [ 33.212019] test_corruption+0x120/0x378 [ 33.212134] kunit_try_run_case+0x170/0x3f0 [ 33.212243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.213224] kthread+0x328/0x630 [ 33.213380] ret_from_fork+0x10/0x20 [ 33.213517] [ 33.213613] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 33.214010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.214128] Hardware name: linux,dummy-virt (DT) [ 33.214289] ================================================================== [ 33.096481] ================================================================== [ 33.096623] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 33.096623] [ 33.096753] Corrupted memory at 0x0000000043d1a25b [ ! ] (in kfence-#133): [ 33.097889] test_corruption+0x284/0x378 [ 33.099224] kunit_try_run_case+0x170/0x3f0 [ 33.099367] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.100055] kthread+0x328/0x630 [ 33.100677] ret_from_fork+0x10/0x20 [ 33.100786] [ 33.101331] kfence-#133: 0x0000000093cb781f-0x000000008c39337f, size=32, cache=kmalloc-32 [ 33.101331] [ 33.101602] allocated by task 311 on cpu 0 at 33.094600s (0.006990s ago): [ 33.101753] test_alloc+0x29c/0x628 [ 33.102705] test_corruption+0x198/0x378 [ 33.102947] kunit_try_run_case+0x170/0x3f0 [ 33.103255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.103750] kthread+0x328/0x630 [ 33.103892] ret_from_fork+0x10/0x20 [ 33.104384] [ 33.104994] freed by task 311 on cpu 0 at 33.094849s (0.009918s ago): [ 33.105760] test_corruption+0x284/0x378 [ 33.106162] kunit_try_run_case+0x170/0x3f0 [ 33.106433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.106543] kthread+0x328/0x630 [ 33.106639] ret_from_fork+0x10/0x20 [ 33.107202] [ 33.107768] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 33.108382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.108481] Hardware name: linux,dummy-virt (DT) [ 33.108587] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 32.780649] ================================================================== [ 32.780793] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 32.780793] [ 32.780916] Invalid free of 0x0000000020f8c6e6 (in kfence-#130): [ 32.781059] test_invalid_addr_free+0xec/0x238 [ 32.781171] kunit_try_run_case+0x170/0x3f0 [ 32.781280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.781382] kthread+0x328/0x630 [ 32.781479] ret_from_fork+0x10/0x20 [ 32.781578] [ 32.781637] kfence-#130: 0x00000000bc31ae80-0x000000001879a131, size=32, cache=test [ 32.781637] [ 32.781760] allocated by task 309 on cpu 0 at 32.780437s (0.001315s ago): [ 32.781907] test_alloc+0x230/0x628 [ 32.782439] test_invalid_addr_free+0xd4/0x238 [ 32.782589] kunit_try_run_case+0x170/0x3f0 [ 32.782706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.782834] kthread+0x328/0x630 [ 32.782998] ret_from_fork+0x10/0x20 [ 32.783186] [ 32.783608] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.784907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.785005] Hardware name: linux,dummy-virt (DT) [ 32.785087] ================================================================== [ 32.675158] ================================================================== [ 32.675636] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 32.675636] [ 32.675837] Invalid free of 0x00000000ae6b650f (in kfence-#129): [ 32.676160] test_invalid_addr_free+0x1ac/0x238 [ 32.676669] kunit_try_run_case+0x170/0x3f0 [ 32.677209] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.677447] kthread+0x328/0x630 [ 32.677583] ret_from_fork+0x10/0x20 [ 32.677694] [ 32.677764] kfence-#129: 0x000000008c5ab3f3-0x00000000fdf86c18, size=32, cache=kmalloc-32 [ 32.677764] [ 32.677985] allocated by task 307 on cpu 0 at 32.673805s (0.004155s ago): [ 32.678153] test_alloc+0x29c/0x628 [ 32.678286] test_invalid_addr_free+0xd4/0x238 [ 32.678404] kunit_try_run_case+0x170/0x3f0 [ 32.678526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.678640] kthread+0x328/0x630 [ 32.678740] ret_from_fork+0x10/0x20 [ 32.678904] [ 32.679952] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.680496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.680581] Hardware name: linux,dummy-virt (DT) [ 32.681109] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 32.569689] ================================================================== [ 32.569817] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 32.569817] [ 32.569952] Invalid free of 0x0000000012539dae (in kfence-#128): [ 32.570071] test_double_free+0x100/0x238 [ 32.570178] kunit_try_run_case+0x170/0x3f0 [ 32.570289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.570396] kthread+0x328/0x630 [ 32.570486] ret_from_fork+0x10/0x20 [ 32.570586] [ 32.570643] kfence-#128: 0x0000000012539dae-0x00000000533d7d2f, size=32, cache=test [ 32.570643] [ 32.570762] allocated by task 305 on cpu 0 at 32.565230s (0.005524s ago): [ 32.575012] test_alloc+0x230/0x628 [ 32.575603] test_double_free+0xd4/0x238 [ 32.575721] kunit_try_run_case+0x170/0x3f0 [ 32.575838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.577650] kthread+0x328/0x630 [ 32.577971] ret_from_fork+0x10/0x20 [ 32.578998] [ 32.579460] freed by task 305 on cpu 0 at 32.568071s (0.011381s ago): [ 32.579624] test_double_free+0xf0/0x238 [ 32.580336] kunit_try_run_case+0x170/0x3f0 [ 32.581176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.581364] kthread+0x328/0x630 [ 32.581455] ret_from_fork+0x10/0x20 [ 32.581558] [ 32.581647] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.583017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.583108] Hardware name: linux,dummy-virt (DT) [ 32.583202] ================================================================== [ 32.461329] ================================================================== [ 32.461688] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 32.461688] [ 32.461891] Invalid free of 0x000000008fca06d6 (in kfence-#127): [ 32.462068] test_double_free+0x1bc/0x238 [ 32.462526] kunit_try_run_case+0x170/0x3f0 [ 32.462654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.462772] kthread+0x328/0x630 [ 32.462894] ret_from_fork+0x10/0x20 [ 32.463022] [ 32.463098] kfence-#127: 0x000000008fca06d6-0x00000000b0c607d8, size=32, cache=kmalloc-32 [ 32.463098] [ 32.463279] allocated by task 303 on cpu 0 at 32.460538s (0.002702s ago): [ 32.463836] test_alloc+0x29c/0x628 [ 32.463970] test_double_free+0xd4/0x238 [ 32.464081] kunit_try_run_case+0x170/0x3f0 [ 32.464194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.464310] kthread+0x328/0x630 [ 32.466083] ret_from_fork+0x10/0x20 [ 32.466374] [ 32.466677] freed by task 303 on cpu 0 at 32.460656s (0.005944s ago): [ 32.466904] test_double_free+0x1ac/0x238 [ 32.467506] kunit_try_run_case+0x170/0x3f0 [ 32.468090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.468305] kthread+0x328/0x630 [ 32.469052] ret_from_fork+0x10/0x20 [ 32.469193] [ 32.469305] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.469459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.469502] Hardware name: linux,dummy-virt (DT) [ 32.469545] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 32.040711] ================================================================== [ 32.040864] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 32.040864] [ 32.042271] Use-after-free read at 0x0000000093bdb26c (in kfence-#123): [ 32.042423] test_use_after_free_read+0x114/0x248 [ 32.042551] kunit_try_run_case+0x170/0x3f0 [ 32.042665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.042779] kthread+0x328/0x630 [ 32.042892] ret_from_fork+0x10/0x20 [ 32.043022] [ 32.043184] kfence-#123: 0x0000000093bdb26c-0x00000000f13d12c3, size=32, cache=kmalloc-32 [ 32.043184] [ 32.044131] allocated by task 295 on cpu 0 at 32.040084s (0.004037s ago): [ 32.044581] test_alloc+0x29c/0x628 [ 32.045378] test_use_after_free_read+0xd0/0x248 [ 32.045538] kunit_try_run_case+0x170/0x3f0 [ 32.045629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.045689] kthread+0x328/0x630 [ 32.045759] ret_from_fork+0x10/0x20 [ 32.045867] [ 32.045949] freed by task 295 on cpu 0 at 32.040205s (0.005718s ago): [ 32.046123] test_use_after_free_read+0x1c0/0x248 [ 32.046235] kunit_try_run_case+0x170/0x3f0 [ 32.046335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.046452] kthread+0x328/0x630 [ 32.047257] ret_from_fork+0x10/0x20 [ 32.047646] [ 32.047917] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.050030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.050114] Hardware name: linux,dummy-virt (DT) [ 32.050202] ================================================================== [ 32.149562] ================================================================== [ 32.149883] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 32.149883] [ 32.150103] Use-after-free read at 0x0000000049965629 (in kfence-#124): [ 32.150613] test_use_after_free_read+0x114/0x248 [ 32.150744] kunit_try_run_case+0x170/0x3f0 [ 32.150872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.151070] kthread+0x328/0x630 [ 32.151464] ret_from_fork+0x10/0x20 [ 32.151667] [ 32.151735] kfence-#124: 0x0000000049965629-0x00000000c267539b, size=32, cache=test [ 32.151735] [ 32.152141] allocated by task 297 on cpu 0 at 32.148786s (0.003346s ago): [ 32.152360] test_alloc+0x230/0x628 [ 32.152469] test_use_after_free_read+0xd0/0x248 [ 32.152578] kunit_try_run_case+0x170/0x3f0 [ 32.152689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.152832] kthread+0x328/0x630 [ 32.152951] ret_from_fork+0x10/0x20 [ 32.153052] [ 32.153118] freed by task 297 on cpu 0 at 32.149141s (0.003960s ago): [ 32.153349] test_use_after_free_read+0xf0/0x248 [ 32.153455] kunit_try_run_case+0x170/0x3f0 [ 32.153551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.153693] kthread+0x328/0x630 [ 32.153789] ret_from_fork+0x10/0x20 [ 32.153909] [ 32.154239] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 32.155081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.155215] Hardware name: linux,dummy-virt (DT) [ 32.155310] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 29.198001] ================================================================== [ 29.198113] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 29.198350] [ 29.200443] kasan_bitops_generic+0x110/0x1c8 [ 29.205009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 29.208563] ================================================================== [ 29.074580] ================================================================== [ 29.075249] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 29.075470] Read of size 8 at addr fff00000c62bd348 by task kunit_try_catch/261 [ 29.076155] [ 29.076366] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.076550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.076823] Hardware name: linux,dummy-virt (DT) [ 29.076926] Call trace: [ 29.077098] show_stack+0x20/0x38 (C) [ 29.077327] dump_stack_lvl+0x8c/0xd0 [ 29.077653] print_report+0x118/0x608 [ 29.078033] kasan_report+0xdc/0x128 [ 29.078461] __asan_report_load8_noabort+0x20/0x30 [ 29.079164] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 29.079666] kasan_bitops_generic+0x110/0x1c8 [ 29.079842] kunit_try_run_case+0x170/0x3f0 [ 29.079999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.080362] kthread+0x328/0x630 [ 29.081266] ret_from_fork+0x10/0x20 [ 29.081776] [ 29.083384] __kasan_kmalloc+0xd4/0xd8 [ 29.085665] [ 29.085720] The buggy address belongs to the object at fff00000c62bd340 [ 29.085720] which belongs to the cache kmalloc-16 of size 16 [ 29.085867] The buggy address is located 8 bytes inside of [ 29.085867] allocated 9-byte region [fff00000c62bd340, fff00000c62bd349) [ 29.087696] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.089269] page dumped because: kasan: bad access detected [ 29.089570] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.090674] ================================================================== [ 29.053613] ================================================================== [ 29.053779] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 29.053959] Write of size 8 at addr fff00000c62bd348 by task kunit_try_catch/261 [ 29.054169] [ 29.054268] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.054657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.054870] Hardware name: linux,dummy-virt (DT) [ 29.054983] Call trace: [ 29.055063] show_stack+0x20/0x38 (C) [ 29.055442] dump_stack_lvl+0x8c/0xd0 [ 29.055612] print_report+0x118/0x608 [ 29.055752] kasan_report+0xdc/0x128 [ 29.056064] kasan_check_range+0x100/0x1a8 [ 29.056467] __kasan_check_write+0x20/0x30 [ 29.056590] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 29.056964] kasan_bitops_generic+0x110/0x1c8 [ 29.057105] kunit_try_run_case+0x170/0x3f0 [ 29.059364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.059580] kthread+0x328/0x630 [ 29.059685] ret_from_fork+0x10/0x20 [ 29.059758] [ 29.059784] Allocated by task 261: [ 29.059825] kasan_save_stack+0x3c/0x68 [ 29.059883] kasan_save_track+0x20/0x40 [ 29.059963] kasan_save_alloc_info+0x40/0x58 [ 29.060243] __kasan_kmalloc+0xd4/0xd8 [ 29.061011] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.061259] kasan_bitops_generic+0xa0/0x1c8 [ 29.061743] kunit_try_run_case+0x170/0x3f0 [ 29.062280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.062683] kthread+0x328/0x630 [ 29.063171] ret_from_fork+0x10/0x20 [ 29.063295] [ 29.063352] The buggy address belongs to the object at fff00000c62bd340 [ 29.063352] which belongs to the cache kmalloc-16 of size 16 [ 29.063993] The buggy address is located 8 bytes inside of [ 29.063993] allocated 9-byte region [fff00000c62bd340, fff00000c62bd349) [ 29.064189] [ 29.064261] The buggy address belongs to the physical page: [ 29.064596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 29.065478] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.065650] page_type: f5(slab) [ 29.065791] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.066320] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.066893] page dumped because: kasan: bad access detected [ 29.067021] [ 29.067071] Memory state around the buggy address: [ 29.067162] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.067282] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.067844] >fff00000c62bd300: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 29.068128] ^ [ 29.068741] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.068877] fff00000c62bd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.069003] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 31.827178] ================================================================== [ 31.827814] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 31.827814] [ 31.828220] Out-of-bounds write at 0x0000000069a54c95 (1B left of kfence-#121): [ 31.828419] test_out_of_bounds_write+0x100/0x240 [ 31.828626] kunit_try_run_case+0x170/0x3f0 [ 31.828986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.829275] kthread+0x328/0x630 [ 31.829637] ret_from_fork+0x10/0x20 [ 31.829883] [ 31.830183] kfence-#121: 0x00000000d8479847-0x00000000fe4d0970, size=32, cache=kmalloc-32 [ 31.830183] [ 31.830579] allocated by task 291 on cpu 0 at 31.826306s (0.004264s ago): [ 31.830967] test_alloc+0x29c/0x628 [ 31.831138] test_out_of_bounds_write+0xc8/0x240 [ 31.831319] kunit_try_run_case+0x170/0x3f0 [ 31.831470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.831598] kthread+0x328/0x630 [ 31.831700] ret_from_fork+0x10/0x20 [ 31.831907] [ 31.832156] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 31.832352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.832445] Hardware name: linux,dummy-virt (DT) [ 31.832706] ================================================================== [ 31.935148] ================================================================== [ 31.935685] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 31.935685] [ 31.935876] Out-of-bounds write at 0x000000002559346d (1B left of kfence-#122): [ 31.936176] test_out_of_bounds_write+0x100/0x240 [ 31.936781] kunit_try_run_case+0x170/0x3f0 [ 31.937370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.937561] kthread+0x328/0x630 [ 31.937665] ret_from_fork+0x10/0x20 [ 31.937773] [ 31.938727] kfence-#122: 0x00000000faf941a8-0x00000000f8aeaa40, size=32, cache=test [ 31.938727] [ 31.939234] allocated by task 293 on cpu 0 at 31.934654s (0.004568s ago): [ 31.939888] test_alloc+0x230/0x628 [ 31.940081] test_out_of_bounds_write+0xc8/0x240 [ 31.940201] kunit_try_run_case+0x170/0x3f0 [ 31.940558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.940755] kthread+0x328/0x630 [ 31.940863] ret_from_fork+0x10/0x20 [ 31.941496] [ 31.941886] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 31.942105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.942511] Hardware name: linux,dummy-virt (DT) [ 31.942769] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 30.988505] ================================================================== [ 30.989761] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 30.989761] [ 30.990143] Out-of-bounds read at 0x00000000628e88bd (1B left of kfence-#113): [ 30.990347] test_out_of_bounds_read+0x114/0x3e0 [ 30.990488] kunit_try_run_case+0x170/0x3f0 [ 30.990609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.990719] kthread+0x328/0x630 [ 30.990812] ret_from_fork+0x10/0x20 [ 30.990926] [ 30.993023] kfence-#113: 0x00000000755b29ff-0x00000000bf15941c, size=32, cache=kmalloc-32 [ 30.993023] [ 30.993185] allocated by task 287 on cpu 0 at 30.982159s (0.011015s ago): [ 30.993369] test_alloc+0x29c/0x628 [ 30.993503] test_out_of_bounds_read+0xdc/0x3e0 [ 30.993808] kunit_try_run_case+0x170/0x3f0 [ 30.993916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.994048] kthread+0x328/0x630 [ 30.994150] ret_from_fork+0x10/0x20 [ 30.994282] [ 30.994386] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.994568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.994639] Hardware name: linux,dummy-virt (DT) [ 30.994780] ================================================================== [ 31.301375] ================================================================== [ 31.301679] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 31.301679] [ 31.301973] Out-of-bounds read at 0x000000004ccf5982 (32B right of kfence-#116): [ 31.302136] test_out_of_bounds_read+0x1c8/0x3e0 [ 31.302255] kunit_try_run_case+0x170/0x3f0 [ 31.302386] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.302595] kthread+0x328/0x630 [ 31.302793] ret_from_fork+0x10/0x20 [ 31.302950] [ 31.303013] kfence-#116: 0x00000000faa9686c-0x0000000019094fb1, size=32, cache=kmalloc-32 [ 31.303013] [ 31.303205] allocated by task 287 on cpu 0 at 31.300720s (0.002474s ago): [ 31.304504] test_alloc+0x29c/0x628 [ 31.304617] test_out_of_bounds_read+0x198/0x3e0 [ 31.304679] kunit_try_run_case+0x170/0x3f0 [ 31.304734] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.304790] kthread+0x328/0x630 [ 31.304839] ret_from_fork+0x10/0x20 [ 31.304891] [ 31.304974] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 31.305253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.305546] Hardware name: linux,dummy-virt (DT) [ 31.306358] ================================================================== [ 31.620283] ================================================================== [ 31.620498] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 31.620498] [ 31.620694] Out-of-bounds read at 0x00000000cccbad45 (1B left of kfence-#119): [ 31.620963] test_out_of_bounds_read+0x114/0x3e0 [ 31.621259] kunit_try_run_case+0x170/0x3f0 [ 31.621637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.621898] kthread+0x328/0x630 [ 31.622037] ret_from_fork+0x10/0x20 [ 31.622160] [ 31.622240] kfence-#119: 0x00000000f54e7f79-0x00000000491ee2ed, size=32, cache=test [ 31.622240] [ 31.622379] allocated by task 289 on cpu 0 at 31.620124s (0.002246s ago): [ 31.622648] test_alloc+0x230/0x628 [ 31.622759] test_out_of_bounds_read+0xdc/0x3e0 [ 31.622918] kunit_try_run_case+0x170/0x3f0 [ 31.623065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.623189] kthread+0x328/0x630 [ 31.623465] ret_from_fork+0x10/0x20 [ 31.623622] [ 31.623795] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 31.624018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.624094] Hardware name: linux,dummy-virt (DT) [ 31.624190] ================================================================== [ 31.724774] ================================================================== [ 31.725029] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 31.725029] [ 31.725225] Out-of-bounds read at 0x000000003005eb10 (32B right of kfence-#120): [ 31.725370] test_out_of_bounds_read+0x1c8/0x3e0 [ 31.725511] kunit_try_run_case+0x170/0x3f0 [ 31.725634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.725826] kthread+0x328/0x630 [ 31.725960] ret_from_fork+0x10/0x20 [ 31.726135] [ 31.726223] kfence-#120: 0x00000000e3163032-0x000000006a047eed, size=32, cache=test [ 31.726223] [ 31.726354] allocated by task 289 on cpu 0 at 31.724606s (0.001740s ago): [ 31.726553] test_alloc+0x230/0x628 [ 31.726670] test_out_of_bounds_read+0x198/0x3e0 [ 31.727235] kunit_try_run_case+0x170/0x3f0 [ 31.727394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.727600] kthread+0x328/0x630 [ 31.727803] ret_from_fork+0x10/0x20 [ 31.728305] [ 31.729016] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 31.729822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.730043] Hardware name: linux,dummy-virt (DT) [ 31.730504] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 24.686496] ================================================================== [ 24.686829] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x224/0x488 [ 24.686829] [ 24.687819] Corrupted memory at 0x0000000013c18436 [ ! . . . . . . . ] (in kfence-#72): [ 24.694235] kmalloc_track_caller_oob_right+0x224/0x488 [ 24.694503] kunit_try_run_case+0x170/0x3f0 [ 24.694637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.694894] kthread+0x328/0x630 [ 24.695008] ret_from_fork+0x10/0x20 [ 24.695175] [ 24.696187] kfence-#72: 0x00000000cfa026a5-0x00000000d2b2f014, size=120, cache=kmalloc-128 [ 24.696187] [ 24.697778] allocated by task 142 on cpu 0 at 24.681123s (0.016005s ago): [ 24.699145] kmalloc_track_caller_oob_right+0x184/0x488 [ 24.699708] kunit_try_run_case+0x170/0x3f0 [ 24.699809] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.699918] kthread+0x328/0x630 [ 24.700033] ret_from_fork+0x10/0x20 [ 24.701063] [ 24.701900] freed by task 142 on cpu 0 at 24.682541s (0.018765s ago): [ 24.702494] kmalloc_track_caller_oob_right+0x224/0x488 [ 24.702621] kunit_try_run_case+0x170/0x3f0 [ 24.702712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.702873] kthread+0x328/0x630 [ 24.702978] ret_from_fork+0x10/0x20 [ 24.703177] [ 24.703358] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.703640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.703713] Hardware name: linux,dummy-virt (DT) [ 24.703811] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 30.757086] ================================================================== [ 30.757242] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 30.757366] Write of size 1 at addr fff00000c6431d78 by task kunit_try_catch/285 [ 30.757741] [ 30.757905] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.758278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.758487] Hardware name: linux,dummy-virt (DT) [ 30.758570] Call trace: [ 30.758626] show_stack+0x20/0x38 (C) [ 30.758753] dump_stack_lvl+0x8c/0xd0 [ 30.758884] print_report+0x118/0x608 [ 30.759033] kasan_report+0xdc/0x128 [ 30.759227] __asan_report_store1_noabort+0x20/0x30 [ 30.759416] strncpy_from_user+0x270/0x2a0 [ 30.760054] copy_user_test_oob+0x5c0/0xec8 [ 30.760439] kunit_try_run_case+0x170/0x3f0 [ 30.760611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.760763] kthread+0x328/0x630 [ 30.760965] ret_from_fork+0x10/0x20 [ 30.761113] [ 30.761259] Allocated by task 285: [ 30.761487] kasan_save_stack+0x3c/0x68 [ 30.761799] kasan_save_track+0x20/0x40 [ 30.762142] kasan_save_alloc_info+0x40/0x58 [ 30.762296] __kasan_kmalloc+0xd4/0xd8 [ 30.762399] __kmalloc_noprof+0x198/0x4c8 [ 30.762542] kunit_kmalloc_array+0x34/0x88 [ 30.762704] copy_user_test_oob+0xac/0xec8 [ 30.762877] kunit_try_run_case+0x170/0x3f0 [ 30.763042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.763275] kthread+0x328/0x630 [ 30.763429] ret_from_fork+0x10/0x20 [ 30.763856] [ 30.763944] The buggy address belongs to the object at fff00000c6431d00 [ 30.763944] which belongs to the cache kmalloc-128 of size 128 [ 30.764140] The buggy address is located 0 bytes to the right of [ 30.764140] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.764322] [ 30.764395] The buggy address belongs to the physical page: [ 30.764485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.764638] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.764894] page_type: f5(slab) [ 30.765080] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.765221] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.765352] page dumped because: kasan: bad access detected [ 30.765528] [ 30.765575] Memory state around the buggy address: [ 30.765803] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.766072] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766327] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.766424] ^ [ 30.766562] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766683] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.766830] ================================================================== [ 30.743605] ================================================================== [ 30.743710] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 30.743830] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.743979] [ 30.744060] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.744257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.744330] Hardware name: linux,dummy-virt (DT) [ 30.744408] Call trace: [ 30.744460] show_stack+0x20/0x38 (C) [ 30.744589] dump_stack_lvl+0x8c/0xd0 [ 30.744710] print_report+0x118/0x608 [ 30.744828] kasan_report+0xdc/0x128 [ 30.745013] kasan_check_range+0x100/0x1a8 [ 30.745176] __kasan_check_write+0x20/0x30 [ 30.745321] strncpy_from_user+0x3c/0x2a0 [ 30.745475] copy_user_test_oob+0x5c0/0xec8 [ 30.746697] kunit_try_run_case+0x170/0x3f0 [ 30.747174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.747365] kthread+0x328/0x630 [ 30.747506] ret_from_fork+0x10/0x20 [ 30.747639] [ 30.747689] Allocated by task 285: [ 30.747817] kasan_save_stack+0x3c/0x68 [ 30.748509] kasan_save_track+0x20/0x40 [ 30.748617] kasan_save_alloc_info+0x40/0x58 [ 30.748756] __kasan_kmalloc+0xd4/0xd8 [ 30.749057] __kmalloc_noprof+0x198/0x4c8 [ 30.749238] kunit_kmalloc_array+0x34/0x88 [ 30.749428] copy_user_test_oob+0xac/0xec8 [ 30.749582] kunit_try_run_case+0x170/0x3f0 [ 30.749721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.749987] kthread+0x328/0x630 [ 30.750096] ret_from_fork+0x10/0x20 [ 30.750281] [ 30.750828] The buggy address belongs to the object at fff00000c6431d00 [ 30.750828] which belongs to the cache kmalloc-128 of size 128 [ 30.751167] The buggy address is located 0 bytes inside of [ 30.751167] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.751435] [ 30.751541] The buggy address belongs to the physical page: [ 30.751622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.751759] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.751888] page_type: f5(slab) [ 30.752034] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.752206] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.752328] page dumped because: kasan: bad access detected [ 30.752437] [ 30.752498] Memory state around the buggy address: [ 30.752616] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.752734] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.752848] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.753675] ^ [ 30.753914] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.754330] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.754458] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 30.663568] ================================================================== [ 30.663805] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 30.664009] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.664154] [ 30.664266] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.664619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.664836] Hardware name: linux,dummy-virt (DT) [ 30.665067] Call trace: [ 30.665240] show_stack+0x20/0x38 (C) [ 30.665378] dump_stack_lvl+0x8c/0xd0 [ 30.665502] print_report+0x118/0x608 [ 30.665633] kasan_report+0xdc/0x128 [ 30.665960] kasan_check_range+0x100/0x1a8 [ 30.666116] __kasan_check_read+0x20/0x30 [ 30.666343] copy_user_test_oob+0x728/0xec8 [ 30.666488] kunit_try_run_case+0x170/0x3f0 [ 30.666784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.667103] kthread+0x328/0x630 [ 30.667264] ret_from_fork+0x10/0x20 [ 30.667494] [ 30.667559] Allocated by task 285: [ 30.667642] kasan_save_stack+0x3c/0x68 [ 30.667762] kasan_save_track+0x20/0x40 [ 30.667874] kasan_save_alloc_info+0x40/0x58 [ 30.668092] __kasan_kmalloc+0xd4/0xd8 [ 30.668199] __kmalloc_noprof+0x198/0x4c8 [ 30.668330] kunit_kmalloc_array+0x34/0x88 [ 30.668523] copy_user_test_oob+0xac/0xec8 [ 30.668861] kunit_try_run_case+0x170/0x3f0 [ 30.669020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.669146] kthread+0x328/0x630 [ 30.669329] ret_from_fork+0x10/0x20 [ 30.669445] [ 30.669505] The buggy address belongs to the object at fff00000c6431d00 [ 30.669505] which belongs to the cache kmalloc-128 of size 128 [ 30.669841] The buggy address is located 0 bytes inside of [ 30.669841] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.670023] [ 30.670075] The buggy address belongs to the physical page: [ 30.670152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.671033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.671554] page_type: f5(slab) [ 30.671675] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.671795] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.671903] page dumped because: kasan: bad access detected [ 30.672790] [ 30.673086] Memory state around the buggy address: [ 30.673216] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.673663] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.674226] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.674333] ^ [ 30.674439] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675216] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675583] ================================================================== [ 30.688039] ================================================================== [ 30.688164] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.688285] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.688410] [ 30.688489] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.688688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.688758] Hardware name: linux,dummy-virt (DT) [ 30.688837] Call trace: [ 30.688899] show_stack+0x20/0x38 (C) [ 30.689044] dump_stack_lvl+0x8c/0xd0 [ 30.689170] print_report+0x118/0x608 [ 30.689301] kasan_report+0xdc/0x128 [ 30.689627] kasan_check_range+0x100/0x1a8 [ 30.689862] __kasan_check_write+0x20/0x30 [ 30.690023] copy_user_test_oob+0x35c/0xec8 [ 30.690173] kunit_try_run_case+0x170/0x3f0 [ 30.690330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.690493] kthread+0x328/0x630 [ 30.690654] ret_from_fork+0x10/0x20 [ 30.690828] [ 30.690894] Allocated by task 285: [ 30.690995] kasan_save_stack+0x3c/0x68 [ 30.691181] kasan_save_track+0x20/0x40 [ 30.691388] kasan_save_alloc_info+0x40/0x58 [ 30.691566] __kasan_kmalloc+0xd4/0xd8 [ 30.691679] __kmalloc_noprof+0x198/0x4c8 [ 30.691780] kunit_kmalloc_array+0x34/0x88 [ 30.691879] copy_user_test_oob+0xac/0xec8 [ 30.692011] kunit_try_run_case+0x170/0x3f0 [ 30.692121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.692275] kthread+0x328/0x630 [ 30.692380] ret_from_fork+0x10/0x20 [ 30.692475] [ 30.692562] The buggy address belongs to the object at fff00000c6431d00 [ 30.692562] which belongs to the cache kmalloc-128 of size 128 [ 30.692704] The buggy address is located 0 bytes inside of [ 30.692704] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.692869] [ 30.692924] The buggy address belongs to the physical page: [ 30.693026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.693844] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.694093] page_type: f5(slab) [ 30.694686] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.695203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.695645] page dumped because: kasan: bad access detected [ 30.696063] [ 30.696127] Memory state around the buggy address: [ 30.696600] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.696857] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.697695] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.698176] ^ [ 30.698379] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698517] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698687] ================================================================== [ 30.708082] ================================================================== [ 30.708187] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.708294] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.708413] [ 30.708481] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.708673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.708738] Hardware name: linux,dummy-virt (DT) [ 30.708816] Call trace: [ 30.708869] show_stack+0x20/0x38 (C) [ 30.709825] dump_stack_lvl+0x8c/0xd0 [ 30.709990] print_report+0x118/0x608 [ 30.710104] kasan_report+0xdc/0x128 [ 30.710217] kasan_check_range+0x100/0x1a8 [ 30.710336] __kasan_check_write+0x20/0x30 [ 30.710453] copy_user_test_oob+0x434/0xec8 [ 30.710574] kunit_try_run_case+0x170/0x3f0 [ 30.710694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.710822] kthread+0x328/0x630 [ 30.711031] ret_from_fork+0x10/0x20 [ 30.711214] [ 30.711271] Allocated by task 285: [ 30.711357] kasan_save_stack+0x3c/0x68 [ 30.713165] kasan_save_track+0x20/0x40 [ 30.713295] kasan_save_alloc_info+0x40/0x58 [ 30.713406] __kasan_kmalloc+0xd4/0xd8 [ 30.713503] __kmalloc_noprof+0x198/0x4c8 [ 30.713608] kunit_kmalloc_array+0x34/0x88 [ 30.713701] copy_user_test_oob+0xac/0xec8 [ 30.713806] kunit_try_run_case+0x170/0x3f0 [ 30.713908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.714061] kthread+0x328/0x630 [ 30.714170] ret_from_fork+0x10/0x20 [ 30.714271] [ 30.714323] The buggy address belongs to the object at fff00000c6431d00 [ 30.714323] which belongs to the cache kmalloc-128 of size 128 [ 30.714474] The buggy address is located 0 bytes inside of [ 30.714474] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.714636] [ 30.714685] The buggy address belongs to the physical page: [ 30.714763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.714907] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.717829] page_type: f5(slab) [ 30.717928] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.718073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.718178] page dumped because: kasan: bad access detected [ 30.718263] [ 30.718450] Memory state around the buggy address: [ 30.720752] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.720873] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.722254] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.722953] ^ [ 30.723279] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.724062] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.724711] ================================================================== [ 30.700455] ================================================================== [ 30.700565] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.700677] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.700796] [ 30.700863] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.701607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.701689] Hardware name: linux,dummy-virt (DT) [ 30.701775] Call trace: [ 30.701834] show_stack+0x20/0x38 (C) [ 30.701981] dump_stack_lvl+0x8c/0xd0 [ 30.702101] print_report+0x118/0x608 [ 30.702220] kasan_report+0xdc/0x128 [ 30.702347] kasan_check_range+0x100/0x1a8 [ 30.702475] __kasan_check_read+0x20/0x30 [ 30.702763] copy_user_test_oob+0x3c8/0xec8 [ 30.702925] kunit_try_run_case+0x170/0x3f0 [ 30.703318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.703472] kthread+0x328/0x630 [ 30.703589] ret_from_fork+0x10/0x20 [ 30.703716] [ 30.703770] Allocated by task 285: [ 30.703854] kasan_save_stack+0x3c/0x68 [ 30.703987] kasan_save_track+0x20/0x40 [ 30.704104] kasan_save_alloc_info+0x40/0x58 [ 30.704221] __kasan_kmalloc+0xd4/0xd8 [ 30.704325] __kmalloc_noprof+0x198/0x4c8 [ 30.704437] kunit_kmalloc_array+0x34/0x88 [ 30.704537] copy_user_test_oob+0xac/0xec8 [ 30.704633] kunit_try_run_case+0x170/0x3f0 [ 30.704729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.704839] kthread+0x328/0x630 [ 30.704929] ret_from_fork+0x10/0x20 [ 30.705054] [ 30.705138] The buggy address belongs to the object at fff00000c6431d00 [ 30.705138] which belongs to the cache kmalloc-128 of size 128 [ 30.705296] The buggy address is located 0 bytes inside of [ 30.705296] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.705497] [ 30.705559] The buggy address belongs to the physical page: [ 30.705637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.705769] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.705902] page_type: f5(slab) [ 30.706018] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.706149] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.706250] page dumped because: kasan: bad access detected [ 30.706336] [ 30.706388] Memory state around the buggy address: [ 30.706474] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.706590] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.706698] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.706801] ^ [ 30.707232] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707373] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707486] ================================================================== [ 30.726419] ================================================================== [ 30.727717] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.727870] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.728036] [ 30.728370] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.729753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.730002] Hardware name: linux,dummy-virt (DT) [ 30.730105] Call trace: [ 30.730254] show_stack+0x20/0x38 (C) [ 30.730404] dump_stack_lvl+0x8c/0xd0 [ 30.730589] print_report+0x118/0x608 [ 30.730709] kasan_report+0xdc/0x128 [ 30.730830] kasan_check_range+0x100/0x1a8 [ 30.730980] __kasan_check_read+0x20/0x30 [ 30.731263] copy_user_test_oob+0x4a0/0xec8 [ 30.731651] kunit_try_run_case+0x170/0x3f0 [ 30.731871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.732035] kthread+0x328/0x630 [ 30.732158] ret_from_fork+0x10/0x20 [ 30.732422] [ 30.732788] Allocated by task 285: [ 30.732887] kasan_save_stack+0x3c/0x68 [ 30.733530] kasan_save_track+0x20/0x40 [ 30.733846] kasan_save_alloc_info+0x40/0x58 [ 30.733999] __kasan_kmalloc+0xd4/0xd8 [ 30.734434] __kmalloc_noprof+0x198/0x4c8 [ 30.734553] kunit_kmalloc_array+0x34/0x88 [ 30.734652] copy_user_test_oob+0xac/0xec8 [ 30.734751] kunit_try_run_case+0x170/0x3f0 [ 30.734846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.735970] kthread+0x328/0x630 [ 30.736085] ret_from_fork+0x10/0x20 [ 30.736199] [ 30.736251] The buggy address belongs to the object at fff00000c6431d00 [ 30.736251] which belongs to the cache kmalloc-128 of size 128 [ 30.736396] The buggy address is located 0 bytes inside of [ 30.736396] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.737270] [ 30.737343] The buggy address belongs to the physical page: [ 30.737438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.737591] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.737718] page_type: f5(slab) [ 30.737888] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.738049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.738252] page dumped because: kasan: bad access detected [ 30.739342] [ 30.739445] Memory state around the buggy address: [ 30.739537] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.740149] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740274] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.740375] ^ [ 30.740493] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740641] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740742] ================================================================== [ 30.641727] ================================================================== [ 30.641928] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 30.642129] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.642257] [ 30.642351] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.642561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.642629] Hardware name: linux,dummy-virt (DT) [ 30.642715] Call trace: [ 30.642794] show_stack+0x20/0x38 (C) [ 30.642987] dump_stack_lvl+0x8c/0xd0 [ 30.643147] print_report+0x118/0x608 [ 30.643447] kasan_report+0xdc/0x128 [ 30.643606] kasan_check_range+0x100/0x1a8 [ 30.643753] __kasan_check_write+0x20/0x30 [ 30.643897] copy_user_test_oob+0x234/0xec8 [ 30.644098] kunit_try_run_case+0x170/0x3f0 [ 30.644281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.644437] kthread+0x328/0x630 [ 30.644567] ret_from_fork+0x10/0x20 [ 30.644697] [ 30.644769] Allocated by task 285: [ 30.644870] kasan_save_stack+0x3c/0x68 [ 30.645154] kasan_save_track+0x20/0x40 [ 30.645277] kasan_save_alloc_info+0x40/0x58 [ 30.645502] __kasan_kmalloc+0xd4/0xd8 [ 30.645689] __kmalloc_noprof+0x198/0x4c8 [ 30.646668] kunit_kmalloc_array+0x34/0x88 [ 30.647033] copy_user_test_oob+0xac/0xec8 [ 30.647149] kunit_try_run_case+0x170/0x3f0 [ 30.647272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.647402] kthread+0x328/0x630 [ 30.647496] ret_from_fork+0x10/0x20 [ 30.647600] [ 30.647970] The buggy address belongs to the object at fff00000c6431d00 [ 30.647970] which belongs to the cache kmalloc-128 of size 128 [ 30.648608] The buggy address is located 0 bytes inside of [ 30.648608] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.648773] [ 30.648868] The buggy address belongs to the physical page: [ 30.648993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.649281] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.649474] page_type: f5(slab) [ 30.649627] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.649970] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.650093] page dumped because: kasan: bad access detected [ 30.650191] [ 30.650503] Memory state around the buggy address: [ 30.650922] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.651068] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.651551] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.651663] ^ [ 30.651793] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652129] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652422] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 30.418116] ================================================================== [ 30.418228] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 30.418342] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/269 [ 30.418782] [ 30.418915] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.419517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.419621] Hardware name: linux,dummy-virt (DT) [ 30.419864] Call trace: [ 30.419984] show_stack+0x20/0x38 (C) [ 30.420120] dump_stack_lvl+0x8c/0xd0 [ 30.420253] print_report+0x310/0x608 [ 30.420495] kasan_report+0xdc/0x128 [ 30.420637] __asan_report_load1_noabort+0x20/0x30 [ 30.421210] vmalloc_oob+0x51c/0x5d0 [ 30.421515] kunit_try_run_case+0x170/0x3f0 [ 30.421735] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.422001] kthread+0x328/0x630 [ 30.422224] ret_from_fork+0x10/0x20 [ 30.422488] [ 30.422589] The buggy address belongs to the virtual mapping at [ 30.422589] [ffff8000800fe000, ffff800080100000) created by: [ 30.422589] vmalloc_oob+0x98/0x5d0 [ 30.422816] [ 30.422882] The buggy address belongs to the physical page: [ 30.423413] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106442 [ 30.423650] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.423884] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 30.424043] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.424152] page dumped because: kasan: bad access detected [ 30.424228] [ 30.424281] Memory state around the buggy address: [ 30.424356] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.425007] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.425165] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 30.425293] ^ [ 30.425631] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 30.425754] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 30.426010] ================================================================== [ 30.405657] ================================================================== [ 30.405817] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 30.407263] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/269 [ 30.407591] [ 30.407717] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.408693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.409003] Hardware name: linux,dummy-virt (DT) [ 30.409115] Call trace: [ 30.409919] show_stack+0x20/0x38 (C) [ 30.410301] dump_stack_lvl+0x8c/0xd0 [ 30.410440] print_report+0x310/0x608 [ 30.410622] kasan_report+0xdc/0x128 [ 30.411025] __asan_report_load1_noabort+0x20/0x30 [ 30.411274] vmalloc_oob+0x578/0x5d0 [ 30.411726] kunit_try_run_case+0x170/0x3f0 [ 30.411879] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.412043] kthread+0x328/0x630 [ 30.412227] ret_from_fork+0x10/0x20 [ 30.412370] [ 30.412775] The buggy address belongs to the virtual mapping at [ 30.412775] [ffff8000800fe000, ffff800080100000) created by: [ 30.412775] vmalloc_oob+0x98/0x5d0 [ 30.413024] [ 30.413165] The buggy address belongs to the physical page: [ 30.413288] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106442 [ 30.413547] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.413727] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 30.414231] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.414762] page dumped because: kasan: bad access detected [ 30.414852] [ 30.414929] Memory state around the buggy address: [ 30.415105] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.415318] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.415465] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 30.415575] ^ [ 30.415693] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 30.415896] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 30.416241] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 29.866375] ================================================================== [ 29.866552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 29.866762] Read of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.867333] [ 29.868090] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.868642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.868724] Hardware name: linux,dummy-virt (DT) [ 29.869006] Call trace: [ 29.869155] show_stack+0x20/0x38 (C) [ 29.869283] dump_stack_lvl+0x8c/0xd0 [ 29.869406] print_report+0x118/0x608 [ 29.870026] kasan_report+0xdc/0x128 [ 29.870509] __asan_report_load4_noabort+0x20/0x30 [ 29.871209] kasan_atomics_helper+0x3dd8/0x4858 [ 29.871568] kasan_atomics+0x198/0x2e0 [ 29.871697] kunit_try_run_case+0x170/0x3f0 [ 29.871839] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.872572] kthread+0x328/0x630 [ 29.873468] ret_from_fork+0x10/0x20 [ 29.874014] [ 29.874375] Allocated by task 265: [ 29.874876] kasan_save_stack+0x3c/0x68 [ 29.875375] kasan_save_track+0x20/0x40 [ 29.876107] kasan_save_alloc_info+0x40/0x58 [ 29.876257] __kasan_kmalloc+0xd4/0xd8 [ 29.876567] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.876820] kasan_atomics+0xb8/0x2e0 [ 29.876929] kunit_try_run_case+0x170/0x3f0 [ 29.877998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.878134] kthread+0x328/0x630 [ 29.878311] ret_from_fork+0x10/0x20 [ 29.878494] [ 29.878547] The buggy address belongs to the object at fff00000c643c780 [ 29.878547] which belongs to the cache kmalloc-64 of size 64 [ 29.878692] The buggy address is located 0 bytes to the right of [ 29.878692] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.878849] [ 29.878983] The buggy address belongs to the physical page: [ 29.879151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.879287] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.879432] page_type: f5(slab) [ 29.879816] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.880027] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.880179] page dumped because: kasan: bad access detected [ 29.880279] [ 29.880335] Memory state around the buggy address: [ 29.880421] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.880539] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.880666] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.880768] ^ [ 29.880856] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.881237] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.881346] ================================================================== [ 29.728763] ================================================================== [ 29.728923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 29.729071] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.729257] [ 29.729423] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.729633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.729705] Hardware name: linux,dummy-virt (DT) [ 29.729781] Call trace: [ 29.729839] show_stack+0x20/0x38 (C) [ 29.729984] dump_stack_lvl+0x8c/0xd0 [ 29.730115] print_report+0x118/0x608 [ 29.730251] kasan_report+0xdc/0x128 [ 29.730600] kasan_check_range+0x100/0x1a8 [ 29.730767] __kasan_check_write+0x20/0x30 [ 29.731500] kasan_atomics_helper+0x99c/0x4858 [ 29.731666] kasan_atomics+0x198/0x2e0 [ 29.731808] kunit_try_run_case+0x170/0x3f0 [ 29.731894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.732063] kthread+0x328/0x630 [ 29.732190] ret_from_fork+0x10/0x20 [ 29.732335] [ 29.732461] Allocated by task 265: [ 29.732628] kasan_save_stack+0x3c/0x68 [ 29.732744] kasan_save_track+0x20/0x40 [ 29.732904] kasan_save_alloc_info+0x40/0x58 [ 29.733046] __kasan_kmalloc+0xd4/0xd8 [ 29.733154] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.733448] kasan_atomics+0xb8/0x2e0 [ 29.733573] kunit_try_run_case+0x170/0x3f0 [ 29.733689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.733944] kthread+0x328/0x630 [ 29.734140] ret_from_fork+0x10/0x20 [ 29.734334] [ 29.734443] The buggy address belongs to the object at fff00000c643c780 [ 29.734443] which belongs to the cache kmalloc-64 of size 64 [ 29.734637] The buggy address is located 0 bytes to the right of [ 29.734637] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.734827] [ 29.734904] The buggy address belongs to the physical page: [ 29.735232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.735420] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.735582] page_type: f5(slab) [ 29.735699] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.735871] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.736010] page dumped because: kasan: bad access detected [ 29.736105] [ 29.736328] Memory state around the buggy address: [ 29.736491] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.736604] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.736720] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.736907] ^ [ 29.737035] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.737149] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.737258] ================================================================== [ 30.255664] ================================================================== [ 30.255776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 30.255895] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.256856] [ 30.257015] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.257501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.257761] Hardware name: linux,dummy-virt (DT) [ 30.257841] Call trace: [ 30.258345] show_stack+0x20/0x38 (C) [ 30.258493] dump_stack_lvl+0x8c/0xd0 [ 30.259011] print_report+0x118/0x608 [ 30.259216] kasan_report+0xdc/0x128 [ 30.259454] kasan_check_range+0x100/0x1a8 [ 30.259701] __kasan_check_write+0x20/0x30 [ 30.260102] kasan_atomics_helper+0x16d0/0x4858 [ 30.260400] kasan_atomics+0x198/0x2e0 [ 30.260520] kunit_try_run_case+0x170/0x3f0 [ 30.261599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.262450] kthread+0x328/0x630 [ 30.263351] ret_from_fork+0x10/0x20 [ 30.263756] [ 30.264411] Allocated by task 265: [ 30.264662] kasan_save_stack+0x3c/0x68 [ 30.265676] kasan_save_track+0x20/0x40 [ 30.266087] kasan_save_alloc_info+0x40/0x58 [ 30.266237] __kasan_kmalloc+0xd4/0xd8 [ 30.266337] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.266444] kasan_atomics+0xb8/0x2e0 [ 30.266539] kunit_try_run_case+0x170/0x3f0 [ 30.268635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.269076] kthread+0x328/0x630 [ 30.269183] ret_from_fork+0x10/0x20 [ 30.269276] [ 30.270655] The buggy address belongs to the object at fff00000c643c780 [ 30.270655] which belongs to the cache kmalloc-64 of size 64 [ 30.270971] The buggy address is located 0 bytes to the right of [ 30.270971] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.272142] [ 30.272497] The buggy address belongs to the physical page: [ 30.273262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.273420] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.273549] page_type: f5(slab) [ 30.273651] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.273777] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.274603] page dumped because: kasan: bad access detected [ 30.277247] [ 30.277400] Memory state around the buggy address: [ 30.277646] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.278627] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.278909] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.280022] ^ [ 30.280747] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.281182] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.281882] ================================================================== [ 29.857307] ================================================================== [ 29.857443] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xca0/0x4858 [ 29.857560] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.857682] [ 29.857746] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.857960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.858031] Hardware name: linux,dummy-virt (DT) [ 29.858110] Call trace: [ 29.858164] show_stack+0x20/0x38 (C) [ 29.858290] dump_stack_lvl+0x8c/0xd0 [ 29.858405] print_report+0x118/0x608 [ 29.858525] kasan_report+0xdc/0x128 [ 29.858639] kasan_check_range+0x100/0x1a8 [ 29.858764] __kasan_check_write+0x20/0x30 [ 29.858888] kasan_atomics_helper+0xca0/0x4858 [ 29.859500] kasan_atomics+0x198/0x2e0 [ 29.859745] kunit_try_run_case+0x170/0x3f0 [ 29.860203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.860412] kthread+0x328/0x630 [ 29.860545] ret_from_fork+0x10/0x20 [ 29.860862] [ 29.860915] Allocated by task 265: [ 29.861065] kasan_save_stack+0x3c/0x68 [ 29.861377] kasan_save_track+0x20/0x40 [ 29.861483] kasan_save_alloc_info+0x40/0x58 [ 29.861650] __kasan_kmalloc+0xd4/0xd8 [ 29.861964] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.862088] kasan_atomics+0xb8/0x2e0 [ 29.862366] kunit_try_run_case+0x170/0x3f0 [ 29.862664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.862787] kthread+0x328/0x630 [ 29.862892] ret_from_fork+0x10/0x20 [ 29.863428] [ 29.863484] The buggy address belongs to the object at fff00000c643c780 [ 29.863484] which belongs to the cache kmalloc-64 of size 64 [ 29.863642] The buggy address is located 0 bytes to the right of [ 29.863642] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.863825] [ 29.863883] The buggy address belongs to the physical page: [ 29.863995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.864307] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.864437] page_type: f5(slab) [ 29.864539] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.864672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.864771] page dumped because: kasan: bad access detected [ 29.864854] [ 29.864900] Memory state around the buggy address: [ 29.865019] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.865201] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.865355] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.865640] ^ [ 29.865743] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.865863] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.866008] ================================================================== [ 30.052626] ================================================================== [ 30.052729] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 30.052884] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.053176] [ 30.053431] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.054630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.054807] Hardware name: linux,dummy-virt (DT) [ 30.054897] Call trace: [ 30.054971] show_stack+0x20/0x38 (C) [ 30.055102] dump_stack_lvl+0x8c/0xd0 [ 30.055229] print_report+0x118/0x608 [ 30.055352] kasan_report+0xdc/0x128 [ 30.055470] kasan_check_range+0x100/0x1a8 [ 30.055589] __kasan_check_write+0x20/0x30 [ 30.055706] kasan_atomics_helper+0x1190/0x4858 [ 30.055829] kasan_atomics+0x198/0x2e0 [ 30.056621] kunit_try_run_case+0x170/0x3f0 [ 30.056784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.057472] kthread+0x328/0x630 [ 30.057890] ret_from_fork+0x10/0x20 [ 30.058048] [ 30.058270] Allocated by task 265: [ 30.058351] kasan_save_stack+0x3c/0x68 [ 30.058574] kasan_save_track+0x20/0x40 [ 30.058668] kasan_save_alloc_info+0x40/0x58 [ 30.058775] __kasan_kmalloc+0xd4/0xd8 [ 30.058971] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.059271] kasan_atomics+0xb8/0x2e0 [ 30.059532] kunit_try_run_case+0x170/0x3f0 [ 30.060103] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.060255] kthread+0x328/0x630 [ 30.060559] ret_from_fork+0x10/0x20 [ 30.060677] [ 30.060982] The buggy address belongs to the object at fff00000c643c780 [ 30.060982] which belongs to the cache kmalloc-64 of size 64 [ 30.061439] The buggy address is located 0 bytes to the right of [ 30.061439] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.062827] [ 30.063043] The buggy address belongs to the physical page: [ 30.063128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.064060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.064195] page_type: f5(slab) [ 30.064293] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.065408] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.066014] page dumped because: kasan: bad access detected [ 30.066889] [ 30.066984] Memory state around the buggy address: [ 30.067274] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.067511] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.067794] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.068277] ^ [ 30.068385] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.068495] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.068694] ================================================================== [ 30.342413] ================================================================== [ 30.342521] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 30.342639] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.342762] [ 30.343056] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.343625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.344075] Hardware name: linux,dummy-virt (DT) [ 30.344525] Call trace: [ 30.344615] show_stack+0x20/0x38 (C) [ 30.345405] dump_stack_lvl+0x8c/0xd0 [ 30.345578] print_report+0x118/0x608 [ 30.346006] kasan_report+0xdc/0x128 [ 30.346396] kasan_check_range+0x100/0x1a8 [ 30.346542] __kasan_check_write+0x20/0x30 [ 30.346668] kasan_atomics_helper+0x17ec/0x4858 [ 30.346874] kasan_atomics+0x198/0x2e0 [ 30.347227] kunit_try_run_case+0x170/0x3f0 [ 30.347306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.347417] kthread+0x328/0x630 [ 30.347790] ret_from_fork+0x10/0x20 [ 30.347971] [ 30.348032] Allocated by task 265: [ 30.348219] kasan_save_stack+0x3c/0x68 [ 30.348411] kasan_save_track+0x20/0x40 [ 30.348510] kasan_save_alloc_info+0x40/0x58 [ 30.348621] __kasan_kmalloc+0xd4/0xd8 [ 30.348914] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.349046] kasan_atomics+0xb8/0x2e0 [ 30.349509] kunit_try_run_case+0x170/0x3f0 [ 30.349620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.350084] kthread+0x328/0x630 [ 30.350191] ret_from_fork+0x10/0x20 [ 30.350312] [ 30.350457] The buggy address belongs to the object at fff00000c643c780 [ 30.350457] which belongs to the cache kmalloc-64 of size 64 [ 30.350747] The buggy address is located 0 bytes to the right of [ 30.350747] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.351180] [ 30.351258] The buggy address belongs to the physical page: [ 30.351342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.351479] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.351597] page_type: f5(slab) [ 30.351857] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.352017] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.352129] page dumped because: kasan: bad access detected [ 30.352213] [ 30.352275] Memory state around the buggy address: [ 30.352360] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.352516] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.352631] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.352729] ^ [ 30.352849] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.353408] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.353652] ================================================================== [ 30.083738] ================================================================== [ 30.083855] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 30.084003] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.084135] [ 30.084205] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.084516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.084661] Hardware name: linux,dummy-virt (DT) [ 30.084820] Call trace: [ 30.084928] show_stack+0x20/0x38 (C) [ 30.085262] dump_stack_lvl+0x8c/0xd0 [ 30.085462] print_report+0x118/0x608 [ 30.085749] kasan_report+0xdc/0x128 [ 30.086059] kasan_check_range+0x100/0x1a8 [ 30.086213] __kasan_check_write+0x20/0x30 [ 30.086567] kasan_atomics_helper+0x126c/0x4858 [ 30.086708] kasan_atomics+0x198/0x2e0 [ 30.086832] kunit_try_run_case+0x170/0x3f0 [ 30.086986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.087127] kthread+0x328/0x630 [ 30.087292] ret_from_fork+0x10/0x20 [ 30.087531] [ 30.087591] Allocated by task 265: [ 30.087764] kasan_save_stack+0x3c/0x68 [ 30.087889] kasan_save_track+0x20/0x40 [ 30.088103] kasan_save_alloc_info+0x40/0x58 [ 30.088298] __kasan_kmalloc+0xd4/0xd8 [ 30.088500] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.088622] kasan_atomics+0xb8/0x2e0 [ 30.088719] kunit_try_run_case+0x170/0x3f0 [ 30.088871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.089018] kthread+0x328/0x630 [ 30.089116] ret_from_fork+0x10/0x20 [ 30.089226] [ 30.089296] The buggy address belongs to the object at fff00000c643c780 [ 30.089296] which belongs to the cache kmalloc-64 of size 64 [ 30.089446] The buggy address is located 0 bytes to the right of [ 30.089446] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.089708] [ 30.089775] The buggy address belongs to the physical page: [ 30.089899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.090057] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.090255] page_type: f5(slab) [ 30.090417] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.090555] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.090684] page dumped because: kasan: bad access detected [ 30.090784] [ 30.090950] Memory state around the buggy address: [ 30.091047] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.091263] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.091386] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.091501] ^ [ 30.091682] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.091796] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.091917] ================================================================== [ 30.004705] ================================================================== [ 30.004851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 30.004989] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.005113] [ 30.005185] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.005384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.005456] Hardware name: linux,dummy-virt (DT) [ 30.005531] Call trace: [ 30.005643] show_stack+0x20/0x38 (C) [ 30.005777] dump_stack_lvl+0x8c/0xd0 [ 30.005893] print_report+0x118/0x608 [ 30.006038] kasan_report+0xdc/0x128 [ 30.006154] kasan_check_range+0x100/0x1a8 [ 30.006277] __kasan_check_write+0x20/0x30 [ 30.006393] kasan_atomics_helper+0xff0/0x4858 [ 30.006510] kasan_atomics+0x198/0x2e0 [ 30.006627] kunit_try_run_case+0x170/0x3f0 [ 30.006753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.006897] kthread+0x328/0x630 [ 30.007201] ret_from_fork+0x10/0x20 [ 30.007951] [ 30.008380] Allocated by task 265: [ 30.008492] kasan_save_stack+0x3c/0x68 [ 30.008997] kasan_save_track+0x20/0x40 [ 30.009131] kasan_save_alloc_info+0x40/0x58 [ 30.009320] __kasan_kmalloc+0xd4/0xd8 [ 30.009476] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.009582] kasan_atomics+0xb8/0x2e0 [ 30.009681] kunit_try_run_case+0x170/0x3f0 [ 30.010450] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.011078] kthread+0x328/0x630 [ 30.011672] ret_from_fork+0x10/0x20 [ 30.011786] [ 30.011847] The buggy address belongs to the object at fff00000c643c780 [ 30.011847] which belongs to the cache kmalloc-64 of size 64 [ 30.012017] The buggy address is located 0 bytes to the right of [ 30.012017] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.012545] [ 30.012654] The buggy address belongs to the physical page: [ 30.012823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.013483] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.013867] page_type: f5(slab) [ 30.014001] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.014578] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.014748] page dumped because: kasan: bad access detected [ 30.015034] [ 30.015098] Memory state around the buggy address: [ 30.015187] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.015763] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.016125] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.016245] ^ [ 30.016657] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.017170] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.017308] ================================================================== [ 30.231798] ================================================================== [ 30.231979] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 30.232093] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.232214] [ 30.232284] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.232490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.232680] Hardware name: linux,dummy-virt (DT) [ 30.232906] Call trace: [ 30.233088] show_stack+0x20/0x38 (C) [ 30.233233] dump_stack_lvl+0x8c/0xd0 [ 30.233409] print_report+0x118/0x608 [ 30.233575] kasan_report+0xdc/0x128 [ 30.233783] kasan_check_range+0x100/0x1a8 [ 30.234038] __kasan_check_write+0x20/0x30 [ 30.234173] kasan_atomics_helper+0x1644/0x4858 [ 30.234326] kasan_atomics+0x198/0x2e0 [ 30.234782] kunit_try_run_case+0x170/0x3f0 [ 30.235096] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.235391] kthread+0x328/0x630 [ 30.235559] ret_from_fork+0x10/0x20 [ 30.235832] [ 30.235978] Allocated by task 265: [ 30.236112] kasan_save_stack+0x3c/0x68 [ 30.236306] kasan_save_track+0x20/0x40 [ 30.236406] kasan_save_alloc_info+0x40/0x58 [ 30.236508] __kasan_kmalloc+0xd4/0xd8 [ 30.236654] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.236784] kasan_atomics+0xb8/0x2e0 [ 30.236891] kunit_try_run_case+0x170/0x3f0 [ 30.237018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.237252] kthread+0x328/0x630 [ 30.237427] ret_from_fork+0x10/0x20 [ 30.237574] [ 30.237635] The buggy address belongs to the object at fff00000c643c780 [ 30.237635] which belongs to the cache kmalloc-64 of size 64 [ 30.238005] The buggy address is located 0 bytes to the right of [ 30.238005] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.238222] [ 30.238353] The buggy address belongs to the physical page: [ 30.238436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.238566] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.238687] page_type: f5(slab) [ 30.238780] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.238921] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.239053] page dumped because: kasan: bad access detected [ 30.239166] [ 30.239227] Memory state around the buggy address: [ 30.239416] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.239554] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.239685] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.239799] ^ [ 30.240007] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.240144] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.240250] ================================================================== [ 29.962083] ================================================================== [ 29.962192] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 29.962304] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.962429] [ 29.962497] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.962690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.962759] Hardware name: linux,dummy-virt (DT) [ 29.962849] Call trace: [ 29.962953] show_stack+0x20/0x38 (C) [ 29.963241] dump_stack_lvl+0x8c/0xd0 [ 29.963500] print_report+0x118/0x608 [ 29.963837] kasan_report+0xdc/0x128 [ 29.963978] kasan_check_range+0x100/0x1a8 [ 29.964329] __kasan_check_write+0x20/0x30 [ 29.964482] kasan_atomics_helper+0xeb8/0x4858 [ 29.964657] kasan_atomics+0x198/0x2e0 [ 29.964803] kunit_try_run_case+0x170/0x3f0 [ 29.965068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.965253] kthread+0x328/0x630 [ 29.965642] ret_from_fork+0x10/0x20 [ 29.965816] [ 29.966305] Allocated by task 265: [ 29.966608] kasan_save_stack+0x3c/0x68 [ 29.966997] kasan_save_track+0x20/0x40 [ 29.967168] kasan_save_alloc_info+0x40/0x58 [ 29.967487] __kasan_kmalloc+0xd4/0xd8 [ 29.967679] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.967835] kasan_atomics+0xb8/0x2e0 [ 29.968113] kunit_try_run_case+0x170/0x3f0 [ 29.968223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.968334] kthread+0x328/0x630 [ 29.968482] ret_from_fork+0x10/0x20 [ 29.968585] [ 29.968638] The buggy address belongs to the object at fff00000c643c780 [ 29.968638] which belongs to the cache kmalloc-64 of size 64 [ 29.968785] The buggy address is located 0 bytes to the right of [ 29.968785] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.969081] [ 29.969504] The buggy address belongs to the physical page: [ 29.969906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.970154] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.970334] page_type: f5(slab) [ 29.970544] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.971179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.971366] page dumped because: kasan: bad access detected [ 29.971502] [ 29.971812] Memory state around the buggy address: [ 29.971906] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.972042] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.972169] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.972269] ^ [ 29.972739] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.973013] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.973126] ================================================================== [ 30.109640] ================================================================== [ 30.109769] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 30.110304] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.110482] [ 30.110557] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.110758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.110823] Hardware name: linux,dummy-virt (DT) [ 30.110911] Call trace: [ 30.110987] show_stack+0x20/0x38 (C) [ 30.111114] dump_stack_lvl+0x8c/0xd0 [ 30.112539] print_report+0x118/0x608 [ 30.112688] kasan_report+0xdc/0x128 [ 30.112818] kasan_check_range+0x100/0x1a8 [ 30.113337] __kasan_check_write+0x20/0x30 [ 30.113959] kasan_atomics_helper+0x1384/0x4858 [ 30.114205] kasan_atomics+0x198/0x2e0 [ 30.114627] kunit_try_run_case+0x170/0x3f0 [ 30.115587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.115872] kthread+0x328/0x630 [ 30.116192] ret_from_fork+0x10/0x20 [ 30.116380] [ 30.116461] Allocated by task 265: [ 30.116657] kasan_save_stack+0x3c/0x68 [ 30.116772] kasan_save_track+0x20/0x40 [ 30.116919] kasan_save_alloc_info+0x40/0x58 [ 30.117190] __kasan_kmalloc+0xd4/0xd8 [ 30.117342] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.117631] kasan_atomics+0xb8/0x2e0 [ 30.117792] kunit_try_run_case+0x170/0x3f0 [ 30.117904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.118067] kthread+0x328/0x630 [ 30.118216] ret_from_fork+0x10/0x20 [ 30.118366] [ 30.118425] The buggy address belongs to the object at fff00000c643c780 [ 30.118425] which belongs to the cache kmalloc-64 of size 64 [ 30.118582] The buggy address is located 0 bytes to the right of [ 30.118582] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.118781] [ 30.118846] The buggy address belongs to the physical page: [ 30.119173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.119329] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.119623] page_type: f5(slab) [ 30.119769] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.119994] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.120110] page dumped because: kasan: bad access detected [ 30.120244] [ 30.120306] Memory state around the buggy address: [ 30.120401] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.120526] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.120645] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.120743] ^ [ 30.120824] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.121005] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.121097] ================================================================== [ 29.749551] ================================================================== [ 29.749619] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 29.749685] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.749750] [ 29.749786] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.749890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.749927] Hardware name: linux,dummy-virt (DT) [ 29.750028] Call trace: [ 29.750181] show_stack+0x20/0x38 (C) [ 29.750323] dump_stack_lvl+0x8c/0xd0 [ 29.750458] print_report+0x118/0x608 [ 29.750810] kasan_report+0xdc/0x128 [ 29.751034] kasan_check_range+0x100/0x1a8 [ 29.751261] __kasan_check_write+0x20/0x30 [ 29.751490] kasan_atomics_helper+0xa6c/0x4858 [ 29.751717] kasan_atomics+0x198/0x2e0 [ 29.752038] kunit_try_run_case+0x170/0x3f0 [ 29.752860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.753131] kthread+0x328/0x630 [ 29.754475] ret_from_fork+0x10/0x20 [ 29.754684] [ 29.754739] Allocated by task 265: [ 29.754817] kasan_save_stack+0x3c/0x68 [ 29.754985] kasan_save_track+0x20/0x40 [ 29.755249] kasan_save_alloc_info+0x40/0x58 [ 29.755427] __kasan_kmalloc+0xd4/0xd8 [ 29.755591] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.755851] kasan_atomics+0xb8/0x2e0 [ 29.756034] kunit_try_run_case+0x170/0x3f0 [ 29.756163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.756372] kthread+0x328/0x630 [ 29.756677] ret_from_fork+0x10/0x20 [ 29.757267] [ 29.757338] The buggy address belongs to the object at fff00000c643c780 [ 29.757338] which belongs to the cache kmalloc-64 of size 64 [ 29.757646] The buggy address is located 0 bytes to the right of [ 29.757646] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.757828] [ 29.757882] The buggy address belongs to the physical page: [ 29.758804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.759237] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.759871] page_type: f5(slab) [ 29.760638] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.761151] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.761300] page dumped because: kasan: bad access detected [ 29.761774] [ 29.762150] Memory state around the buggy address: [ 29.762486] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.762605] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.763868] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.764372] ^ [ 29.765229] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.765353] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.765451] ================================================================== [ 29.845268] ================================================================== [ 29.845368] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3de4/0x4858 [ 29.845481] Read of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.845603] [ 29.845668] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.845860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.845927] Hardware name: linux,dummy-virt (DT) [ 29.846027] Call trace: [ 29.846081] show_stack+0x20/0x38 (C) [ 29.846209] dump_stack_lvl+0x8c/0xd0 [ 29.846328] print_report+0x118/0x608 [ 29.846453] kasan_report+0xdc/0x128 [ 29.846573] __asan_report_load4_noabort+0x20/0x30 [ 29.846700] kasan_atomics_helper+0x3de4/0x4858 [ 29.846827] kasan_atomics+0x198/0x2e0 [ 29.847929] kunit_try_run_case+0x170/0x3f0 [ 29.848150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.848338] kthread+0x328/0x630 [ 29.848470] ret_from_fork+0x10/0x20 [ 29.848616] [ 29.848679] Allocated by task 265: [ 29.848842] kasan_save_stack+0x3c/0x68 [ 29.849193] kasan_save_track+0x20/0x40 [ 29.849377] kasan_save_alloc_info+0x40/0x58 [ 29.849494] __kasan_kmalloc+0xd4/0xd8 [ 29.849629] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.849759] kasan_atomics+0xb8/0x2e0 [ 29.849860] kunit_try_run_case+0x170/0x3f0 [ 29.849980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.850100] kthread+0x328/0x630 [ 29.850259] ret_from_fork+0x10/0x20 [ 29.850379] [ 29.850461] The buggy address belongs to the object at fff00000c643c780 [ 29.850461] which belongs to the cache kmalloc-64 of size 64 [ 29.850698] The buggy address is located 0 bytes to the right of [ 29.850698] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.851100] [ 29.851527] The buggy address belongs to the physical page: [ 29.851678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.852478] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.852757] page_type: f5(slab) [ 29.852874] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.853152] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.853268] page dumped because: kasan: bad access detected [ 29.853373] [ 29.853663] Memory state around the buggy address: [ 29.853985] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.854630] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.855143] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.855726] ^ [ 29.855871] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.856012] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.856114] ================================================================== [ 30.219415] ================================================================== [ 30.219531] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 30.219664] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.219806] [ 30.219955] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.220159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.220235] Hardware name: linux,dummy-virt (DT) [ 30.220318] Call trace: [ 30.220385] show_stack+0x20/0x38 (C) [ 30.220518] dump_stack_lvl+0x8c/0xd0 [ 30.220645] print_report+0x118/0x608 [ 30.220765] kasan_report+0xdc/0x128 [ 30.220886] __asan_report_load8_noabort+0x20/0x30 [ 30.221036] kasan_atomics_helper+0x3db0/0x4858 [ 30.221163] kasan_atomics+0x198/0x2e0 [ 30.221296] kunit_try_run_case+0x170/0x3f0 [ 30.221486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.221681] kthread+0x328/0x630 [ 30.221832] ret_from_fork+0x10/0x20 [ 30.221992] [ 30.222066] Allocated by task 265: [ 30.222288] kasan_save_stack+0x3c/0x68 [ 30.222509] kasan_save_track+0x20/0x40 [ 30.222619] kasan_save_alloc_info+0x40/0x58 [ 30.222732] __kasan_kmalloc+0xd4/0xd8 [ 30.222831] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.222965] kasan_atomics+0xb8/0x2e0 [ 30.223060] kunit_try_run_case+0x170/0x3f0 [ 30.223183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.223354] kthread+0x328/0x630 [ 30.223469] ret_from_fork+0x10/0x20 [ 30.223654] [ 30.223739] The buggy address belongs to the object at fff00000c643c780 [ 30.223739] which belongs to the cache kmalloc-64 of size 64 [ 30.223985] The buggy address is located 0 bytes to the right of [ 30.223985] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.225793] [ 30.226381] The buggy address belongs to the physical page: [ 30.226503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.227020] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.227267] page_type: f5(slab) [ 30.227397] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.227614] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.228027] page dumped because: kasan: bad access detected [ 30.228153] [ 30.228463] Memory state around the buggy address: [ 30.228620] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.228896] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.229038] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.229893] ^ [ 30.230041] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.230676] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.230976] ================================================================== [ 29.952849] ================================================================== [ 29.953372] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 29.953612] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.953748] [ 29.953952] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.954236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.954442] Hardware name: linux,dummy-virt (DT) [ 29.954624] Call trace: [ 29.954680] show_stack+0x20/0x38 (C) [ 29.954808] dump_stack_lvl+0x8c/0xd0 [ 29.954955] print_report+0x118/0x608 [ 29.955099] kasan_report+0xdc/0x128 [ 29.955719] __asan_report_store8_noabort+0x20/0x30 [ 29.956168] kasan_atomics_helper+0x3e5c/0x4858 [ 29.956322] kasan_atomics+0x198/0x2e0 [ 29.956528] kunit_try_run_case+0x170/0x3f0 [ 29.956746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.956920] kthread+0x328/0x630 [ 29.957127] ret_from_fork+0x10/0x20 [ 29.957285] [ 29.957445] Allocated by task 265: [ 29.957534] kasan_save_stack+0x3c/0x68 [ 29.957640] kasan_save_track+0x20/0x40 [ 29.957793] kasan_save_alloc_info+0x40/0x58 [ 29.958027] __kasan_kmalloc+0xd4/0xd8 [ 29.958173] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.958339] kasan_atomics+0xb8/0x2e0 [ 29.958442] kunit_try_run_case+0x170/0x3f0 [ 29.958543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.958653] kthread+0x328/0x630 [ 29.958744] ret_from_fork+0x10/0x20 [ 29.958910] [ 29.958983] The buggy address belongs to the object at fff00000c643c780 [ 29.958983] which belongs to the cache kmalloc-64 of size 64 [ 29.959141] The buggy address is located 0 bytes to the right of [ 29.959141] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.959325] [ 29.959392] The buggy address belongs to the physical page: [ 29.959558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.959788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.959922] page_type: f5(slab) [ 29.960058] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.960208] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.960319] page dumped because: kasan: bad access detected [ 29.960408] [ 29.960457] Memory state around the buggy address: [ 29.960535] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.960755] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.960952] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.961056] ^ [ 29.961151] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.961285] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.961548] ================================================================== [ 30.328813] ================================================================== [ 30.328927] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 30.329070] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.329192] [ 30.329279] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.329474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.329542] Hardware name: linux,dummy-virt (DT) [ 30.329624] Call trace: [ 30.329696] show_stack+0x20/0x38 (C) [ 30.330066] dump_stack_lvl+0x8c/0xd0 [ 30.330439] print_report+0x118/0x608 [ 30.330572] kasan_report+0xdc/0x128 [ 30.330701] __asan_report_load8_noabort+0x20/0x30 [ 30.331010] kasan_atomics_helper+0x3e20/0x4858 [ 30.331202] kasan_atomics+0x198/0x2e0 [ 30.331823] kunit_try_run_case+0x170/0x3f0 [ 30.332174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.332323] kthread+0x328/0x630 [ 30.332543] ret_from_fork+0x10/0x20 [ 30.333180] [ 30.333252] Allocated by task 265: [ 30.333338] kasan_save_stack+0x3c/0x68 [ 30.333562] kasan_save_track+0x20/0x40 [ 30.333723] kasan_save_alloc_info+0x40/0x58 [ 30.334295] __kasan_kmalloc+0xd4/0xd8 [ 30.334406] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.334663] kasan_atomics+0xb8/0x2e0 [ 30.334852] kunit_try_run_case+0x170/0x3f0 [ 30.334980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.335548] kthread+0x328/0x630 [ 30.335807] ret_from_fork+0x10/0x20 [ 30.336059] [ 30.336117] The buggy address belongs to the object at fff00000c643c780 [ 30.336117] which belongs to the cache kmalloc-64 of size 64 [ 30.336820] The buggy address is located 0 bytes to the right of [ 30.336820] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.337261] [ 30.337327] The buggy address belongs to the physical page: [ 30.337672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.337857] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.338272] page_type: f5(slab) [ 30.338563] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.338819] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.339232] page dumped because: kasan: bad access detected [ 30.339382] [ 30.339598] Memory state around the buggy address: [ 30.339891] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.340334] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.340697] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.341249] ^ [ 30.341420] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.341564] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.341669] ================================================================== [ 29.394003] ================================================================== [ 29.397562] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ec/0x4858 [ 29.399745] kasan_atomics_helper+0x1ec/0x4858 [ 29.405108] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.406355] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.412466] kunit_try_run_case+0x170/0x3f0 [ 29.418684] [ 29.421378] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.426881] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.427837] ================================================================== [ 30.186293] ================================================================== [ 30.186923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 30.187073] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.187783] [ 30.187878] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.188284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.188607] Hardware name: linux,dummy-virt (DT) [ 30.188686] Call trace: [ 30.188750] show_stack+0x20/0x38 (C) [ 30.188892] dump_stack_lvl+0x8c/0xd0 [ 30.189030] print_report+0x118/0x608 [ 30.189146] kasan_report+0xdc/0x128 [ 30.191915] kasan_check_range+0x100/0x1a8 [ 30.192076] __kasan_check_write+0x20/0x30 [ 30.193053] kasan_atomics_helper+0x154c/0x4858 [ 30.193835] kasan_atomics+0x198/0x2e0 [ 30.194384] kunit_try_run_case+0x170/0x3f0 [ 30.194528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.194666] kthread+0x328/0x630 [ 30.195905] ret_from_fork+0x10/0x20 [ 30.196452] [ 30.196666] Allocated by task 265: [ 30.196864] kasan_save_stack+0x3c/0x68 [ 30.197555] kasan_save_track+0x20/0x40 [ 30.198389] kasan_save_alloc_info+0x40/0x58 [ 30.198819] __kasan_kmalloc+0xd4/0xd8 [ 30.198965] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.199313] kasan_atomics+0xb8/0x2e0 [ 30.199421] kunit_try_run_case+0x170/0x3f0 [ 30.199842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.200118] kthread+0x328/0x630 [ 30.200227] ret_from_fork+0x10/0x20 [ 30.200755] [ 30.200887] The buggy address belongs to the object at fff00000c643c780 [ 30.200887] which belongs to the cache kmalloc-64 of size 64 [ 30.201387] The buggy address is located 0 bytes to the right of [ 30.201387] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.201613] [ 30.201737] The buggy address belongs to the physical page: [ 30.201823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.201981] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.202115] page_type: f5(slab) [ 30.202400] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.202538] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.202650] page dumped because: kasan: bad access detected [ 30.202891] [ 30.203493] Memory state around the buggy address: [ 30.203653] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.203775] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.203894] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.204013] ^ [ 30.204282] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.204621] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.204818] ================================================================== [ 30.241253] ================================================================== [ 30.241568] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 30.241885] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.242032] [ 30.242109] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.242306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.242374] Hardware name: linux,dummy-virt (DT) [ 30.242450] Call trace: [ 30.242502] show_stack+0x20/0x38 (C) [ 30.242630] dump_stack_lvl+0x8c/0xd0 [ 30.242750] print_report+0x118/0x608 [ 30.242886] kasan_report+0xdc/0x128 [ 30.243432] __asan_report_load8_noabort+0x20/0x30 [ 30.244265] kasan_atomics_helper+0x3df4/0x4858 [ 30.244867] kasan_atomics+0x198/0x2e0 [ 30.245126] kunit_try_run_case+0x170/0x3f0 [ 30.245381] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.245636] kthread+0x328/0x630 [ 30.246227] ret_from_fork+0x10/0x20 [ 30.246472] [ 30.247023] Allocated by task 265: [ 30.247149] kasan_save_stack+0x3c/0x68 [ 30.247364] kasan_save_track+0x20/0x40 [ 30.247617] kasan_save_alloc_info+0x40/0x58 [ 30.247747] __kasan_kmalloc+0xd4/0xd8 [ 30.247921] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.248062] kasan_atomics+0xb8/0x2e0 [ 30.248159] kunit_try_run_case+0x170/0x3f0 [ 30.248253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.248370] kthread+0x328/0x630 [ 30.248493] ret_from_fork+0x10/0x20 [ 30.248632] [ 30.248686] The buggy address belongs to the object at fff00000c643c780 [ 30.248686] which belongs to the cache kmalloc-64 of size 64 [ 30.248831] The buggy address is located 0 bytes to the right of [ 30.248831] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.249385] [ 30.249459] The buggy address belongs to the physical page: [ 30.249572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.250570] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.251093] page_type: f5(slab) [ 30.251372] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.252007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.252130] page dumped because: kasan: bad access detected [ 30.252343] [ 30.252417] Memory state around the buggy address: [ 30.252626] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.252922] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.253409] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.253542] ^ [ 30.253764] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.254315] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.254513] ================================================================== [ 29.973782] ================================================================== [ 29.973897] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 29.974050] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.974245] [ 29.974360] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.974911] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.975007] Hardware name: linux,dummy-virt (DT) [ 29.975091] Call trace: [ 29.975437] show_stack+0x20/0x38 (C) [ 29.975631] dump_stack_lvl+0x8c/0xd0 [ 29.975771] print_report+0x118/0x608 [ 29.975893] kasan_report+0xdc/0x128 [ 29.976171] kasan_check_range+0x100/0x1a8 [ 29.976433] __kasan_check_write+0x20/0x30 [ 29.976566] kasan_atomics_helper+0xf20/0x4858 [ 29.976694] kasan_atomics+0x198/0x2e0 [ 29.976810] kunit_try_run_case+0x170/0x3f0 [ 29.976955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.977151] kthread+0x328/0x630 [ 29.977285] ret_from_fork+0x10/0x20 [ 29.977570] [ 29.977621] Allocated by task 265: [ 29.977725] kasan_save_stack+0x3c/0x68 [ 29.977866] kasan_save_track+0x20/0x40 [ 29.978354] kasan_save_alloc_info+0x40/0x58 [ 29.978474] __kasan_kmalloc+0xd4/0xd8 [ 29.978586] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.978711] kasan_atomics+0xb8/0x2e0 [ 29.978817] kunit_try_run_case+0x170/0x3f0 [ 29.979117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.979256] kthread+0x328/0x630 [ 29.979524] ret_from_fork+0x10/0x20 [ 29.979664] [ 29.979746] The buggy address belongs to the object at fff00000c643c780 [ 29.979746] which belongs to the cache kmalloc-64 of size 64 [ 29.980157] The buggy address is located 0 bytes to the right of [ 29.980157] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.980433] [ 29.980488] The buggy address belongs to the physical page: [ 29.980571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.980713] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.980835] page_type: f5(slab) [ 29.982168] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.982350] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.982470] page dumped because: kasan: bad access detected [ 29.982562] [ 29.983630] Memory state around the buggy address: [ 29.984018] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.984173] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.984310] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.984584] ^ [ 29.984802] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985074] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985175] ================================================================== [ 29.769313] ================================================================== [ 29.769518] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xad4/0x4858 [ 29.769692] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.769816] [ 29.769888] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.770115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.770199] Hardware name: linux,dummy-virt (DT) [ 29.771411] print_report+0x118/0x608 [ 29.781091] ^ [ 29.786663] print_report+0x118/0x608 [ 29.786786] kasan_report+0xdc/0x128 [ 29.788801] ret_from_fork+0x10/0x20 [ 29.788925] [ 29.789371] kasan_save_track+0x20/0x40 [ 29.789702] __kasan_kmalloc+0xd4/0xd8 [ 29.790710] kthread+0x328/0x630 [ 29.791490] The buggy address is located 0 bytes to the right of [ 29.791490] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.792435] page_type: f5(slab) [ 29.792554] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.793650] ^ [ 29.793844] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.795681] [ 29.797659] kasan_atomics_helper+0xb70/0x4858 [ 29.802534] kasan_save_alloc_info+0x40/0x58 [ 29.804855] The buggy address is located 0 bytes to the right of [ 29.804855] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.808889] [ 29.811255] page_type: f5(slab) [ 29.812661] [ 29.815530] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.817258] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dbc/0x4858 [ 29.819969] kunit_try_run_case+0x170/0x3f0 [ 29.821838] kthread+0x328/0x630 [ 29.824018] [ 29.825133] page_type: f5(slab) [ 29.825819] [ 29.827872] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.830101] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.840244] [ 29.840298] The buggy address belongs to the physical page: [ 29.841124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.841863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.842388] page_type: f5(slab) [ 29.842598] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.842834] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.842995] page dumped because: kasan: bad access detected [ 29.843459] [ 29.843524] Memory state around the buggy address: [ 29.843621] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.844124] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.844368] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.844562] ^ [ 29.844656] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.844770] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.844949] ================================================================== [ 30.306556] ================================================================== [ 30.306663] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 30.306779] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.306914] [ 30.307024] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.307293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.307375] Hardware name: linux,dummy-virt (DT) [ 30.307473] Call trace: [ 30.307595] show_stack+0x20/0x38 (C) [ 30.307748] dump_stack_lvl+0x8c/0xd0 [ 30.307886] print_report+0x118/0x608 [ 30.308124] kasan_report+0xdc/0x128 [ 30.308322] kasan_check_range+0x100/0x1a8 [ 30.308518] __kasan_check_write+0x20/0x30 [ 30.308718] kasan_atomics_helper+0x175c/0x4858 [ 30.309090] kasan_atomics+0x198/0x2e0 [ 30.309253] kunit_try_run_case+0x170/0x3f0 [ 30.309401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.309646] kthread+0x328/0x630 [ 30.310458] ret_from_fork+0x10/0x20 [ 30.310589] [ 30.310639] Allocated by task 265: [ 30.311494] kasan_save_stack+0x3c/0x68 [ 30.312381] kasan_save_track+0x20/0x40 [ 30.312499] kasan_save_alloc_info+0x40/0x58 [ 30.312615] __kasan_kmalloc+0xd4/0xd8 [ 30.313668] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.313902] kasan_atomics+0xb8/0x2e0 [ 30.314394] kunit_try_run_case+0x170/0x3f0 [ 30.316664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.317014] kthread+0x328/0x630 [ 30.318216] ret_from_fork+0x10/0x20 [ 30.318350] [ 30.318730] The buggy address belongs to the object at fff00000c643c780 [ 30.318730] which belongs to the cache kmalloc-64 of size 64 [ 30.319325] The buggy address is located 0 bytes to the right of [ 30.319325] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.320583] [ 30.320651] The buggy address belongs to the physical page: [ 30.321527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.322016] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.322880] page_type: f5(slab) [ 30.323705] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.323847] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.323979] page dumped because: kasan: bad access detected [ 30.324070] [ 30.324119] Memory state around the buggy address: [ 30.324206] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.324476] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.324591] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.324691] ^ [ 30.324851] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.325048] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.325219] ================================================================== [ 30.135156] ================================================================== [ 30.135261] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 30.135328] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.135411] [ 30.135835] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.136652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.136735] Hardware name: linux,dummy-virt (DT) [ 30.136857] Call trace: [ 30.136989] show_stack+0x20/0x38 (C) [ 30.137169] dump_stack_lvl+0x8c/0xd0 [ 30.137300] print_report+0x118/0x608 [ 30.137634] kasan_report+0xdc/0x128 [ 30.137759] kasan_check_range+0x100/0x1a8 [ 30.137949] __kasan_check_write+0x20/0x30 [ 30.138093] kasan_atomics_helper+0x1414/0x4858 [ 30.138723] kasan_atomics+0x198/0x2e0 [ 30.139268] kunit_try_run_case+0x170/0x3f0 [ 30.139502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.139673] kthread+0x328/0x630 [ 30.139800] ret_from_fork+0x10/0x20 [ 30.139975] [ 30.140031] Allocated by task 265: [ 30.140108] kasan_save_stack+0x3c/0x68 [ 30.140220] kasan_save_track+0x20/0x40 [ 30.140330] kasan_save_alloc_info+0x40/0x58 [ 30.140472] __kasan_kmalloc+0xd4/0xd8 [ 30.140744] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.140911] kasan_atomics+0xb8/0x2e0 [ 30.141047] kunit_try_run_case+0x170/0x3f0 [ 30.141188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.141353] kthread+0x328/0x630 [ 30.141710] ret_from_fork+0x10/0x20 [ 30.141834] [ 30.141967] The buggy address belongs to the object at fff00000c643c780 [ 30.141967] which belongs to the cache kmalloc-64 of size 64 [ 30.142209] The buggy address is located 0 bytes to the right of [ 30.142209] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.142429] [ 30.142487] The buggy address belongs to the physical page: [ 30.142921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.143078] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.143203] page_type: f5(slab) [ 30.143303] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.143434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.143538] page dumped because: kasan: bad access detected [ 30.143650] [ 30.143724] Memory state around the buggy address: [ 30.143836] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.144103] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.144223] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.144329] ^ [ 30.144416] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.145812] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.145998] ================================================================== [ 30.029022] ================================================================== [ 30.029328] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 30.030127] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.030306] [ 30.030528] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.031450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.031641] Hardware name: linux,dummy-virt (DT) [ 30.031749] Call trace: [ 30.031810] show_stack+0x20/0x38 (C) [ 30.031969] dump_stack_lvl+0x8c/0xd0 [ 30.032095] print_report+0x118/0x608 [ 30.032217] kasan_report+0xdc/0x128 [ 30.032332] kasan_check_range+0x100/0x1a8 [ 30.032455] __kasan_check_write+0x20/0x30 [ 30.032571] kasan_atomics_helper+0x10c0/0x4858 [ 30.033259] kasan_atomics+0x198/0x2e0 [ 30.033508] kunit_try_run_case+0x170/0x3f0 [ 30.034228] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.034554] kthread+0x328/0x630 [ 30.034951] ret_from_fork+0x10/0x20 [ 30.035753] [ 30.036047] Allocated by task 265: [ 30.036143] kasan_save_stack+0x3c/0x68 [ 30.036480] kasan_save_track+0x20/0x40 [ 30.036618] kasan_save_alloc_info+0x40/0x58 [ 30.036762] __kasan_kmalloc+0xd4/0xd8 [ 30.036988] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.037144] kasan_atomics+0xb8/0x2e0 [ 30.037316] kunit_try_run_case+0x170/0x3f0 [ 30.037420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.037555] kthread+0x328/0x630 [ 30.037649] ret_from_fork+0x10/0x20 [ 30.037744] [ 30.037803] The buggy address belongs to the object at fff00000c643c780 [ 30.037803] which belongs to the cache kmalloc-64 of size 64 [ 30.037967] The buggy address is located 0 bytes to the right of [ 30.037967] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.038126] [ 30.038178] The buggy address belongs to the physical page: [ 30.038255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.038400] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.038613] page_type: f5(slab) [ 30.038716] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.038855] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.039214] page dumped because: kasan: bad access detected [ 30.039319] [ 30.039859] Memory state around the buggy address: [ 30.039971] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.041015] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.041207] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.041519] ^ [ 30.041992] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.043222] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.043339] ================================================================== [ 29.612242] ================================================================== [ 29.612372] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x684/0x4858 [ 29.612628] [ 29.612770] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.613049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.614066] kasan_check_range+0x100/0x1a8 [ 29.614252] __kasan_check_write+0x20/0x30 [ 29.614646] kasan_atomics+0x198/0x2e0 [ 29.615465] kasan_save_stack+0x3c/0x68 [ 29.615568] kasan_save_track+0x20/0x40 [ 29.615744] kasan_save_alloc_info+0x40/0x58 [ 29.615902] __kasan_kmalloc+0xd4/0xd8 [ 29.616370] kasan_atomics+0xb8/0x2e0 [ 29.617301] ret_from_fork+0x10/0x20 [ 29.617634] The buggy address is located 0 bytes to the right of [ 29.617634] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.617847] [ 29.617958] The buggy address belongs to the physical page: [ 29.618753] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.619327] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.619613] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.619743] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.619865] ^ [ 29.620063] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.620232] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.620339] ================================================================== [ 29.986701] ================================================================== [ 29.987255] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 29.987461] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.987675] [ 29.987758] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.988012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.988090] Hardware name: linux,dummy-virt (DT) [ 29.988182] Call trace: [ 29.988358] show_stack+0x20/0x38 (C) [ 29.988669] dump_stack_lvl+0x8c/0xd0 [ 29.988798] print_report+0x118/0x608 [ 29.988918] kasan_report+0xdc/0x128 [ 29.989061] kasan_check_range+0x100/0x1a8 [ 29.989212] __kasan_check_write+0x20/0x30 [ 29.989943] kasan_atomics_helper+0xf88/0x4858 [ 29.990132] kasan_atomics+0x198/0x2e0 [ 29.990346] kunit_try_run_case+0x170/0x3f0 [ 29.990662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.991451] kthread+0x328/0x630 [ 29.992841] ret_from_fork+0x10/0x20 [ 29.993636] [ 29.993989] Allocated by task 265: [ 29.994319] kasan_save_stack+0x3c/0x68 [ 29.994485] kasan_save_track+0x20/0x40 [ 29.995065] kasan_save_alloc_info+0x40/0x58 [ 29.995348] __kasan_kmalloc+0xd4/0xd8 [ 29.995448] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.995550] kasan_atomics+0xb8/0x2e0 [ 29.995646] kunit_try_run_case+0x170/0x3f0 [ 29.995749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.995872] kthread+0x328/0x630 [ 29.995989] ret_from_fork+0x10/0x20 [ 29.996091] [ 29.997642] The buggy address belongs to the object at fff00000c643c780 [ 29.997642] which belongs to the cache kmalloc-64 of size 64 [ 29.998621] The buggy address is located 0 bytes to the right of [ 29.998621] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.999298] [ 29.999372] The buggy address belongs to the physical page: [ 29.999599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.000272] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.000550] page_type: f5(slab) [ 30.000673] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.000982] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.001095] page dumped because: kasan: bad access detected [ 30.001434] [ 30.001491] Memory state around the buggy address: [ 30.001708] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.002000] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.002154] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.002408] ^ [ 30.002497] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.002608] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.002710] ================================================================== [ 29.738191] ================================================================== [ 29.738318] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa04/0x4858 [ 29.738586] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.738955] [ 29.739040] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.739471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.739578] Hardware name: linux,dummy-virt (DT) [ 29.739673] Call trace: [ 29.739756] show_stack+0x20/0x38 (C) [ 29.739959] dump_stack_lvl+0x8c/0xd0 [ 29.740109] print_report+0x118/0x608 [ 29.740304] kasan_report+0xdc/0x128 [ 29.740400] kasan_check_range+0x100/0x1a8 [ 29.740532] __kasan_check_write+0x20/0x30 [ 29.740913] kasan_atomics_helper+0xa04/0x4858 [ 29.741201] kasan_atomics+0x198/0x2e0 [ 29.741390] kunit_try_run_case+0x170/0x3f0 [ 29.741525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.741668] kthread+0x328/0x630 [ 29.741790] ret_from_fork+0x10/0x20 [ 29.741971] [ 29.742098] Allocated by task 265: [ 29.742173] kasan_save_stack+0x3c/0x68 [ 29.742288] kasan_save_track+0x20/0x40 [ 29.742390] kasan_save_alloc_info+0x40/0x58 [ 29.742654] __kasan_kmalloc+0xd4/0xd8 [ 29.742793] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.743015] kasan_atomics+0xb8/0x2e0 [ 29.743184] kunit_try_run_case+0x170/0x3f0 [ 29.743306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.743698] kthread+0x328/0x630 [ 29.743893] ret_from_fork+0x10/0x20 [ 29.744024] [ 29.744081] The buggy address belongs to the object at fff00000c643c780 [ 29.744081] which belongs to the cache kmalloc-64 of size 64 [ 29.745094] The buggy address is located 0 bytes to the right of [ 29.745094] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.745263] [ 29.745315] The buggy address belongs to the physical page: [ 29.745393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.745524] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.745646] page_type: f5(slab) [ 29.745743] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.745869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.745988] page dumped because: kasan: bad access detected [ 29.746072] [ 29.746122] Memory state around the buggy address: [ 29.746202] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.746312] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.746418] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.746517] ^ [ 29.746596] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.746707] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.746807] ================================================================== [ 30.018700] ================================================================== [ 30.018805] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 30.018927] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.020518] [ 30.020609] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.020733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.020845] Hardware name: linux,dummy-virt (DT) [ 30.020960] Call trace: [ 30.021035] show_stack+0x20/0x38 (C) [ 30.021289] dump_stack_lvl+0x8c/0xd0 [ 30.021465] print_report+0x118/0x608 [ 30.021594] kasan_report+0xdc/0x128 [ 30.021779] kasan_check_range+0x100/0x1a8 [ 30.022369] __kasan_check_write+0x20/0x30 [ 30.022532] kasan_atomics_helper+0x1058/0x4858 [ 30.022667] kasan_atomics+0x198/0x2e0 [ 30.023171] kunit_try_run_case+0x170/0x3f0 [ 30.023463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.023765] kthread+0x328/0x630 [ 30.024010] ret_from_fork+0x10/0x20 [ 30.024133] [ 30.024189] Allocated by task 265: [ 30.024271] kasan_save_stack+0x3c/0x68 [ 30.024382] kasan_save_track+0x20/0x40 [ 30.024480] kasan_save_alloc_info+0x40/0x58 [ 30.024581] __kasan_kmalloc+0xd4/0xd8 [ 30.024710] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.024844] kasan_atomics+0xb8/0x2e0 [ 30.025048] kunit_try_run_case+0x170/0x3f0 [ 30.025168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.025305] kthread+0x328/0x630 [ 30.025415] ret_from_fork+0x10/0x20 [ 30.025615] [ 30.025681] The buggy address belongs to the object at fff00000c643c780 [ 30.025681] which belongs to the cache kmalloc-64 of size 64 [ 30.025976] The buggy address is located 0 bytes to the right of [ 30.025976] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.026174] [ 30.026342] The buggy address belongs to the physical page: [ 30.026426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.026559] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.026679] page_type: f5(slab) [ 30.026771] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.026912] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.027038] page dumped because: kasan: bad access detected [ 30.027183] [ 30.027243] Memory state around the buggy address: [ 30.027338] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.027506] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.027695] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.027806] ^ [ 30.027905] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.028096] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.028212] ================================================================== [ 30.148535] ================================================================== [ 30.148675] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 30.148796] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.148919] [ 30.149019] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.150604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.150758] Hardware name: linux,dummy-virt (DT) [ 30.151095] Call trace: [ 30.151208] show_stack+0x20/0x38 (C) [ 30.151379] dump_stack_lvl+0x8c/0xd0 [ 30.151839] print_report+0x118/0x608 [ 30.152082] kasan_report+0xdc/0x128 [ 30.152248] kasan_check_range+0x100/0x1a8 [ 30.152371] __kasan_check_write+0x20/0x30 [ 30.152572] kasan_atomics_helper+0x147c/0x4858 [ 30.153030] kasan_atomics+0x198/0x2e0 [ 30.153514] kunit_try_run_case+0x170/0x3f0 [ 30.154262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.154411] kthread+0x328/0x630 [ 30.154950] ret_from_fork+0x10/0x20 [ 30.155136] [ 30.155686] Allocated by task 265: [ 30.155793] kasan_save_stack+0x3c/0x68 [ 30.156463] kasan_save_track+0x20/0x40 [ 30.156571] kasan_save_alloc_info+0x40/0x58 [ 30.156685] __kasan_kmalloc+0xd4/0xd8 [ 30.156789] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.157293] kasan_atomics+0xb8/0x2e0 [ 30.157799] kunit_try_run_case+0x170/0x3f0 [ 30.158147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.158457] kthread+0x328/0x630 [ 30.158581] ret_from_fork+0x10/0x20 [ 30.159036] [ 30.159094] The buggy address belongs to the object at fff00000c643c780 [ 30.159094] which belongs to the cache kmalloc-64 of size 64 [ 30.159620] The buggy address is located 0 bytes to the right of [ 30.159620] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.160424] [ 30.160520] The buggy address belongs to the physical page: [ 30.160677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.161473] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.161753] page_type: f5(slab) [ 30.161966] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.162102] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.162238] page dumped because: kasan: bad access detected [ 30.162477] [ 30.162602] Memory state around the buggy address: [ 30.162696] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.163034] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.163884] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.164031] ^ [ 30.164127] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.165338] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.165457] ================================================================== [ 30.166111] ================================================================== [ 30.166341] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 30.166456] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.166582] [ 30.166654] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.166850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.166950] Hardware name: linux,dummy-virt (DT) [ 30.167028] Call trace: [ 30.167087] show_stack+0x20/0x38 (C) [ 30.167224] dump_stack_lvl+0x8c/0xd0 [ 30.167589] print_report+0x118/0x608 [ 30.167737] kasan_report+0xdc/0x128 [ 30.167929] kasan_check_range+0x100/0x1a8 [ 30.168089] __kasan_check_write+0x20/0x30 [ 30.168233] kasan_atomics_helper+0x14e4/0x4858 [ 30.168571] kasan_atomics+0x198/0x2e0 [ 30.168701] kunit_try_run_case+0x170/0x3f0 [ 30.168836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.169000] kthread+0x328/0x630 [ 30.169123] ret_from_fork+0x10/0x20 [ 30.169294] [ 30.169356] Allocated by task 265: [ 30.169483] kasan_save_stack+0x3c/0x68 [ 30.169606] kasan_save_track+0x20/0x40 [ 30.169699] kasan_save_alloc_info+0x40/0x58 [ 30.169806] __kasan_kmalloc+0xd4/0xd8 [ 30.169900] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.170032] kasan_atomics+0xb8/0x2e0 [ 30.170132] kunit_try_run_case+0x170/0x3f0 [ 30.171164] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.172052] kthread+0x328/0x630 [ 30.173377] ret_from_fork+0x10/0x20 [ 30.173502] [ 30.173557] The buggy address belongs to the object at fff00000c643c780 [ 30.173557] which belongs to the cache kmalloc-64 of size 64 [ 30.174441] The buggy address is located 0 bytes to the right of [ 30.174441] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.174611] [ 30.174671] The buggy address belongs to the physical page: [ 30.174749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.174896] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.175068] page_type: f5(slab) [ 30.177041] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.177194] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.177314] page dumped because: kasan: bad access detected [ 30.177412] [ 30.177462] Memory state around the buggy address: [ 30.178549] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.180496] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.180626] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.180740] ^ [ 30.180831] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.182711] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.183057] ================================================================== [ 30.044217] ================================================================== [ 30.044502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 30.044614] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.044738] [ 30.044813] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.045108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.045183] Hardware name: linux,dummy-virt (DT) [ 30.045309] Call trace: [ 30.045485] show_stack+0x20/0x38 (C) [ 30.045848] dump_stack_lvl+0x8c/0xd0 [ 30.046041] print_report+0x118/0x608 [ 30.046225] kasan_report+0xdc/0x128 [ 30.046368] kasan_check_range+0x100/0x1a8 [ 30.046509] __kasan_check_write+0x20/0x30 [ 30.046816] kasan_atomics_helper+0x1128/0x4858 [ 30.046992] kasan_atomics+0x198/0x2e0 [ 30.047172] kunit_try_run_case+0x170/0x3f0 [ 30.047313] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.047491] kthread+0x328/0x630 [ 30.047606] ret_from_fork+0x10/0x20 [ 30.047818] [ 30.047872] Allocated by task 265: [ 30.047968] kasan_save_stack+0x3c/0x68 [ 30.048092] kasan_save_track+0x20/0x40 [ 30.048343] kasan_save_alloc_info+0x40/0x58 [ 30.048469] __kasan_kmalloc+0xd4/0xd8 [ 30.048802] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.049028] kasan_atomics+0xb8/0x2e0 [ 30.049202] kunit_try_run_case+0x170/0x3f0 [ 30.049311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.049420] kthread+0x328/0x630 [ 30.049546] ret_from_fork+0x10/0x20 [ 30.049758] [ 30.049810] The buggy address belongs to the object at fff00000c643c780 [ 30.049810] which belongs to the cache kmalloc-64 of size 64 [ 30.050068] The buggy address is located 0 bytes to the right of [ 30.050068] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.050520] [ 30.050633] The buggy address belongs to the physical page: [ 30.050717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.050844] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.050994] page_type: f5(slab) [ 30.051210] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.051528] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.051653] page dumped because: kasan: bad access detected [ 30.051750] [ 30.051803] Memory state around the buggy address: [ 30.051886] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.052069] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.052148] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.052203] ^ [ 30.052248] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.052304] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.052353] ================================================================== [ 30.092814] ================================================================== [ 30.092925] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 30.093058] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.093179] [ 30.093253] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.093453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.093532] Hardware name: linux,dummy-virt (DT) [ 30.093759] Call trace: [ 30.093954] show_stack+0x20/0x38 (C) [ 30.094167] dump_stack_lvl+0x8c/0xd0 [ 30.094347] print_report+0x118/0x608 [ 30.094498] kasan_report+0xdc/0x128 [ 30.094623] kasan_check_range+0x100/0x1a8 [ 30.094747] __kasan_check_write+0x20/0x30 [ 30.094876] kasan_atomics_helper+0x12d8/0x4858 [ 30.095021] kasan_atomics+0x198/0x2e0 [ 30.095478] kunit_try_run_case+0x170/0x3f0 [ 30.095843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.096119] kthread+0x328/0x630 [ 30.096876] ret_from_fork+0x10/0x20 [ 30.097885] [ 30.097957] Allocated by task 265: [ 30.098283] kasan_save_stack+0x3c/0x68 [ 30.098728] kasan_save_track+0x20/0x40 [ 30.099151] kasan_save_alloc_info+0x40/0x58 [ 30.099365] __kasan_kmalloc+0xd4/0xd8 [ 30.099476] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.099594] kasan_atomics+0xb8/0x2e0 [ 30.100571] kunit_try_run_case+0x170/0x3f0 [ 30.100973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.101497] kthread+0x328/0x630 [ 30.101826] ret_from_fork+0x10/0x20 [ 30.102407] [ 30.102697] The buggy address belongs to the object at fff00000c643c780 [ 30.102697] which belongs to the cache kmalloc-64 of size 64 [ 30.102988] The buggy address is located 0 bytes to the right of [ 30.102988] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.103382] [ 30.103449] The buggy address belongs to the physical page: [ 30.103539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.104267] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.104887] page_type: f5(slab) [ 30.105259] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.105626] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.105840] page dumped because: kasan: bad access detected [ 30.106323] [ 30.106414] Memory state around the buggy address: [ 30.106805] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.106951] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.107066] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.107736] ^ [ 30.107947] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.108073] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.108181] ================================================================== [ 29.924463] ================================================================== [ 29.924618] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 29.924752] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.924991] [ 29.925178] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.925406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.925484] Hardware name: linux,dummy-virt (DT) [ 29.925571] Call trace: [ 29.925635] show_stack+0x20/0x38 (C) [ 29.925761] dump_stack_lvl+0x8c/0xd0 [ 29.925890] print_report+0x118/0x608 [ 29.926034] kasan_report+0xdc/0x128 [ 29.926156] __asan_report_load8_noabort+0x20/0x30 [ 29.926286] kasan_atomics_helper+0x3f58/0x4858 [ 29.926407] kasan_atomics+0x198/0x2e0 [ 29.926521] kunit_try_run_case+0x170/0x3f0 [ 29.926648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.926785] kthread+0x328/0x630 [ 29.926912] ret_from_fork+0x10/0x20 [ 29.927091] [ 29.927221] Allocated by task 265: [ 29.927473] kasan_save_stack+0x3c/0x68 [ 29.927626] kasan_save_track+0x20/0x40 [ 29.927744] kasan_save_alloc_info+0x40/0x58 [ 29.927860] __kasan_kmalloc+0xd4/0xd8 [ 29.927992] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.928100] kasan_atomics+0xb8/0x2e0 [ 29.928337] kunit_try_run_case+0x170/0x3f0 [ 29.928494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.928816] kthread+0x328/0x630 [ 29.928918] ret_from_fork+0x10/0x20 [ 29.929154] [ 29.929208] The buggy address belongs to the object at fff00000c643c780 [ 29.929208] which belongs to the cache kmalloc-64 of size 64 [ 29.929477] The buggy address is located 0 bytes to the right of [ 29.929477] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.929781] [ 29.929865] The buggy address belongs to the physical page: [ 29.930007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.930198] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.930345] page_type: f5(slab) [ 29.930461] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.930609] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.930979] page dumped because: kasan: bad access detected [ 29.931128] [ 29.931251] Memory state around the buggy address: [ 29.931671] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.931822] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.931971] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.932333] ^ [ 29.932499] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.932709] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.933438] ================================================================== [ 30.070170] ================================================================== [ 30.070465] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 30.070779] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.071559] [ 30.071661] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.071889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.071991] Hardware name: linux,dummy-virt (DT) [ 30.072197] Call trace: [ 30.072368] show_stack+0x20/0x38 (C) [ 30.072565] dump_stack_lvl+0x8c/0xd0 [ 30.072750] print_report+0x118/0x608 [ 30.073007] kasan_report+0xdc/0x128 [ 30.073369] kasan_check_range+0x100/0x1a8 [ 30.073881] __kasan_check_write+0x20/0x30 [ 30.074495] kasan_atomics_helper+0x11f8/0x4858 [ 30.074838] kasan_atomics+0x198/0x2e0 [ 30.075239] kunit_try_run_case+0x170/0x3f0 [ 30.075390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.075528] kthread+0x328/0x630 [ 30.075658] ret_from_fork+0x10/0x20 [ 30.075790] [ 30.075843] Allocated by task 265: [ 30.077247] kasan_save_stack+0x3c/0x68 [ 30.077372] kasan_save_track+0x20/0x40 [ 30.077493] kasan_save_alloc_info+0x40/0x58 [ 30.078162] __kasan_kmalloc+0xd4/0xd8 [ 30.079218] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.079548] kasan_atomics+0xb8/0x2e0 [ 30.079656] kunit_try_run_case+0x170/0x3f0 [ 30.079759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.079870] kthread+0x328/0x630 [ 30.080009] ret_from_fork+0x10/0x20 [ 30.080257] [ 30.080310] The buggy address belongs to the object at fff00000c643c780 [ 30.080310] which belongs to the cache kmalloc-64 of size 64 [ 30.080482] The buggy address is located 0 bytes to the right of [ 30.080482] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.080696] [ 30.080757] The buggy address belongs to the physical page: [ 30.080834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.081153] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.081288] page_type: f5(slab) [ 30.081548] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.081910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.082077] page dumped because: kasan: bad access detected [ 30.082177] [ 30.082236] Memory state around the buggy address: [ 30.082342] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.082522] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.082653] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.082783] ^ [ 30.082924] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.083084] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.083191] ================================================================== [ 30.206100] ================================================================== [ 30.206246] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 30.206453] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.206616] [ 30.206898] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.207348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.207584] Hardware name: linux,dummy-virt (DT) [ 30.207773] Call trace: [ 30.207870] show_stack+0x20/0x38 (C) [ 30.208178] dump_stack_lvl+0x8c/0xd0 [ 30.208526] print_report+0x118/0x608 [ 30.208813] kasan_report+0xdc/0x128 [ 30.209140] kasan_check_range+0x100/0x1a8 [ 30.209355] __kasan_check_write+0x20/0x30 [ 30.209800] kasan_atomics_helper+0x15b4/0x4858 [ 30.210047] kasan_atomics+0x198/0x2e0 [ 30.210243] kunit_try_run_case+0x170/0x3f0 [ 30.210455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.210660] kthread+0x328/0x630 [ 30.210915] ret_from_fork+0x10/0x20 [ 30.211076] [ 30.211414] Allocated by task 265: [ 30.211700] kasan_save_stack+0x3c/0x68 [ 30.212074] kasan_save_track+0x20/0x40 [ 30.212289] kasan_save_alloc_info+0x40/0x58 [ 30.212596] __kasan_kmalloc+0xd4/0xd8 [ 30.212767] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.212993] kasan_atomics+0xb8/0x2e0 [ 30.213302] kunit_try_run_case+0x170/0x3f0 [ 30.213654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.213833] kthread+0x328/0x630 [ 30.214581] ret_from_fork+0x10/0x20 [ 30.214746] [ 30.214839] The buggy address belongs to the object at fff00000c643c780 [ 30.214839] which belongs to the cache kmalloc-64 of size 64 [ 30.215531] The buggy address is located 0 bytes to the right of [ 30.215531] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.215704] [ 30.215984] The buggy address belongs to the physical page: [ 30.216082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.216446] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.216859] page_type: f5(slab) [ 30.217094] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.217338] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.217594] page dumped because: kasan: bad access detected [ 30.217689] [ 30.217834] Memory state around the buggy address: [ 30.217920] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.218066] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.218181] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.218401] ^ [ 30.218542] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.218700] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.218967] ================================================================== [ 29.694232] ================================================================== [ 29.694340] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 29.694453] Read of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.694575] [ 29.694642] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.694833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.694920] Hardware name: linux,dummy-virt (DT) [ 29.699179] Call trace: [ 29.699746] show_stack+0x20/0x38 (C) [ 29.700056] dump_stack_lvl+0x8c/0xd0 [ 29.700198] print_report+0x118/0x608 [ 29.700328] kasan_report+0xdc/0x128 [ 29.701363] __asan_report_load4_noabort+0x20/0x30 [ 29.701756] kasan_atomics_helper+0x42d8/0x4858 [ 29.701958] kasan_atomics+0x198/0x2e0 [ 29.702103] kunit_try_run_case+0x170/0x3f0 [ 29.702427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.702578] kthread+0x328/0x630 [ 29.702962] ret_from_fork+0x10/0x20 [ 29.703091] [ 29.703152] Allocated by task 265: [ 29.703243] kasan_save_stack+0x3c/0x68 [ 29.703613] kasan_save_track+0x20/0x40 [ 29.703735] kasan_save_alloc_info+0x40/0x58 [ 29.703865] __kasan_kmalloc+0xd4/0xd8 [ 29.704124] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.704274] kasan_atomics+0xb8/0x2e0 [ 29.704365] kunit_try_run_case+0x170/0x3f0 [ 29.704464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.704582] kthread+0x328/0x630 [ 29.704827] ret_from_fork+0x10/0x20 [ 29.704924] [ 29.705005] The buggy address belongs to the object at fff00000c643c780 [ 29.705005] which belongs to the cache kmalloc-64 of size 64 [ 29.705381] The buggy address is located 0 bytes to the right of [ 29.705381] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.705831] [ 29.706164] The buggy address belongs to the physical page: [ 29.706267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.706636] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.706774] page_type: f5(slab) [ 29.707045] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.711187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.712271] Call trace: [ 29.712341] show_stack+0x20/0x38 (C) [ 29.713288] dump_stack_lvl+0x8c/0xd0 [ 29.713636] print_report+0x118/0x608 [ 29.714159] kasan_report+0xdc/0x128 [ 29.714667] kasan_check_range+0x100/0x1a8 [ 29.715720] __kasan_check_write+0x20/0x30 [ 29.715911] kasan_atomics_helper+0x934/0x4858 [ 29.716112] kasan_atomics+0x198/0x2e0 [ 29.716347] kunit_try_run_case+0x170/0x3f0 [ 29.716635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.717159] kthread+0x328/0x630 [ 29.717303] ret_from_fork+0x10/0x20 [ 29.717424] [ 29.718115] Allocated by task 265: [ 29.718200] kasan_save_stack+0x3c/0x68 [ 29.718710] kasan_save_track+0x20/0x40 [ 29.719162] kasan_save_alloc_info+0x40/0x58 [ 29.719504] __kasan_kmalloc+0xd4/0xd8 [ 29.719928] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.720245] kasan_atomics+0xb8/0x2e0 [ 29.720365] kunit_try_run_case+0x170/0x3f0 [ 29.721024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.721232] kthread+0x328/0x630 [ 29.721353] ret_from_fork+0x10/0x20 [ 29.721600] [ 29.721658] The buggy address belongs to the object at fff00000c643c780 [ 29.721658] which belongs to the cache kmalloc-64 of size 64 [ 29.722235] The buggy address is located 0 bytes to the right of [ 29.722235] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.722605] [ 29.723176] The buggy address belongs to the physical page: [ 29.723612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.723752] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.723874] page_type: f5(slab) [ 29.724893] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.725202] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.725396] page dumped because: kasan: bad access detected [ 29.725600] [ 29.725764] Memory state around the buggy address: [ 29.725890] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.726269] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.726437] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.726541] ^ [ 29.726628] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.726738] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.726842] ================================================================== [ 30.121624] ================================================================== [ 30.121904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 30.122123] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.122260] [ 30.122453] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.123006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.123222] Hardware name: linux,dummy-virt (DT) [ 30.123350] Call trace: [ 30.123452] show_stack+0x20/0x38 (C) [ 30.123611] dump_stack_lvl+0x8c/0xd0 [ 30.123750] print_report+0x118/0x608 [ 30.124000] kasan_report+0xdc/0x128 [ 30.124263] __asan_report_load8_noabort+0x20/0x30 [ 30.124448] kasan_atomics_helper+0x3f04/0x4858 [ 30.126145] kasan_atomics+0x198/0x2e0 [ 30.126283] kunit_try_run_case+0x170/0x3f0 [ 30.126451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.126857] kthread+0x328/0x630 [ 30.127075] ret_from_fork+0x10/0x20 [ 30.127427] [ 30.127479] Allocated by task 265: [ 30.127569] kasan_save_stack+0x3c/0x68 [ 30.127847] kasan_save_track+0x20/0x40 [ 30.127994] kasan_save_alloc_info+0x40/0x58 [ 30.128117] __kasan_kmalloc+0xd4/0xd8 [ 30.128234] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.129293] kasan_atomics+0xb8/0x2e0 [ 30.129528] kunit_try_run_case+0x170/0x3f0 [ 30.129685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.129924] kthread+0x328/0x630 [ 30.130038] ret_from_fork+0x10/0x20 [ 30.130395] [ 30.130458] The buggy address belongs to the object at fff00000c643c780 [ 30.130458] which belongs to the cache kmalloc-64 of size 64 [ 30.130629] The buggy address is located 0 bytes to the right of [ 30.130629] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.131178] [ 30.131245] The buggy address belongs to the physical page: [ 30.131864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.132061] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.132201] page_type: f5(slab) [ 30.132440] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.133083] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.133282] page dumped because: kasan: bad access detected [ 30.133499] [ 30.133656] Memory state around the buggy address: [ 30.133819] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.134016] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.134157] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.134294] ^ [ 30.134385] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.134493] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.134590] ================================================================== [ 30.284705] ================================================================== [ 30.284818] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 30.284962] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 30.285088] [ 30.285167] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.285367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.285441] Hardware name: linux,dummy-virt (DT) [ 30.285517] Call trace: [ 30.285573] show_stack+0x20/0x38 (C) [ 30.285704] dump_stack_lvl+0x8c/0xd0 [ 30.285828] print_report+0x118/0x608 [ 30.289761] kasan_report+0xdc/0x128 [ 30.290994] __asan_report_load8_noabort+0x20/0x30 [ 30.291133] kasan_atomics_helper+0x3e10/0x4858 [ 30.293487] kasan_atomics+0x198/0x2e0 [ 30.294253] kunit_try_run_case+0x170/0x3f0 [ 30.294723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.295684] kthread+0x328/0x630 [ 30.296518] ret_from_fork+0x10/0x20 [ 30.297329] [ 30.297493] Allocated by task 265: [ 30.297876] kasan_save_stack+0x3c/0x68 [ 30.298002] kasan_save_track+0x20/0x40 [ 30.298106] kasan_save_alloc_info+0x40/0x58 [ 30.299440] __kasan_kmalloc+0xd4/0xd8 [ 30.299560] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.299679] kasan_atomics+0xb8/0x2e0 [ 30.301001] kunit_try_run_case+0x170/0x3f0 [ 30.301122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.302361] kthread+0x328/0x630 [ 30.302644] ret_from_fork+0x10/0x20 [ 30.303485] [ 30.303557] The buggy address belongs to the object at fff00000c643c780 [ 30.303557] which belongs to the cache kmalloc-64 of size 64 [ 30.303981] The buggy address is located 0 bytes to the right of [ 30.303981] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 30.304078] [ 30.304112] The buggy address belongs to the physical page: [ 30.304201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 30.304359] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.304510] page_type: f5(slab) [ 30.304639] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.304781] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.304912] page dumped because: kasan: bad access detected [ 30.305033] [ 30.305086] Memory state around the buggy address: [ 30.305236] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.305370] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.305499] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.305612] ^ [ 30.305712] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.305852] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.305984] ================================================================== [ 29.911701] ================================================================== [ 29.911809] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 29.911926] Read of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.912076] [ 29.912151] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.912356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.912430] Hardware name: linux,dummy-virt (DT) [ 29.912513] Call trace: [ 29.912580] show_stack+0x20/0x38 (C) [ 29.912723] dump_stack_lvl+0x8c/0xd0 [ 29.915227] print_report+0x118/0x608 [ 29.915536] kasan_report+0xdc/0x128 [ 29.916247] kasan_check_range+0x100/0x1a8 [ 29.916577] __kasan_check_read+0x20/0x30 [ 29.917087] kasan_atomics_helper+0xdd4/0x4858 [ 29.917212] kasan_atomics+0x198/0x2e0 [ 29.918179] kunit_try_run_case+0x170/0x3f0 [ 29.918338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.918473] kthread+0x328/0x630 [ 29.918582] ret_from_fork+0x10/0x20 [ 29.918701] [ 29.918752] Allocated by task 265: [ 29.918830] kasan_save_stack+0x3c/0x68 [ 29.918959] kasan_save_track+0x20/0x40 [ 29.919079] kasan_save_alloc_info+0x40/0x58 [ 29.919197] __kasan_kmalloc+0xd4/0xd8 [ 29.919291] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.919409] kasan_atomics+0xb8/0x2e0 [ 29.919509] kunit_try_run_case+0x170/0x3f0 [ 29.920157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.920348] kthread+0x328/0x630 [ 29.920450] ret_from_fork+0x10/0x20 [ 29.920554] [ 29.920709] The buggy address belongs to the object at fff00000c643c780 [ 29.920709] which belongs to the cache kmalloc-64 of size 64 [ 29.920870] The buggy address is located 0 bytes to the right of [ 29.920870] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.921051] [ 29.921103] The buggy address belongs to the physical page: [ 29.921193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.921599] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.921955] page_type: f5(slab) [ 29.922073] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.922225] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.922379] page dumped because: kasan: bad access detected [ 29.922606] [ 29.922668] Memory state around the buggy address: [ 29.922747] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.922859] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.923013] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.923334] ^ [ 29.923501] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.923621] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.923892] ================================================================== [ 29.934761] ================================================================== [ 29.934880] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 29.935015] Write of size 8 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.935540] [ 29.936767] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.937951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.938111] Hardware name: linux,dummy-virt (DT) [ 29.939118] Call trace: [ 29.939187] show_stack+0x20/0x38 (C) [ 29.940276] dump_stack_lvl+0x8c/0xd0 [ 29.940414] print_report+0x118/0x608 [ 29.941259] kasan_report+0xdc/0x128 [ 29.942082] kasan_check_range+0x100/0x1a8 [ 29.942460] __kasan_check_write+0x20/0x30 [ 29.943114] kasan_atomics_helper+0xe44/0x4858 [ 29.943263] kasan_atomics+0x198/0x2e0 [ 29.943659] kunit_try_run_case+0x170/0x3f0 [ 29.943781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.943963] kthread+0x328/0x630 [ 29.944318] ret_from_fork+0x10/0x20 [ 29.944466] [ 29.944516] Allocated by task 265: [ 29.944588] kasan_save_stack+0x3c/0x68 [ 29.944695] kasan_save_track+0x20/0x40 [ 29.944858] kasan_save_alloc_info+0x40/0x58 [ 29.945045] __kasan_kmalloc+0xd4/0xd8 [ 29.945291] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.945446] kasan_atomics+0xb8/0x2e0 [ 29.945725] kunit_try_run_case+0x170/0x3f0 [ 29.945849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.945984] kthread+0x328/0x630 [ 29.946101] ret_from_fork+0x10/0x20 [ 29.946685] [ 29.947019] The buggy address belongs to the object at fff00000c643c780 [ 29.947019] which belongs to the cache kmalloc-64 of size 64 [ 29.947402] The buggy address is located 0 bytes to the right of [ 29.947402] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.948098] [ 29.948296] The buggy address belongs to the physical page: [ 29.948665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.948830] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.949061] page_type: f5(slab) [ 29.949336] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.949463] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.949567] page dumped because: kasan: bad access detected [ 29.949773] [ 29.949828] Memory state around the buggy address: [ 29.950002] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.950124] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.950236] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.950352] ^ [ 29.950452] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.950714] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.951325] ================================================================== [ 29.526092] ================================================================== [ 29.526311] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x47c/0x4858 [ 29.527619] Hardware name: linux,dummy-virt (DT) [ 29.531852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.534362] The buggy address belongs to the object at fff00000c643c780 [ 29.534362] which belongs to the cache kmalloc-64 of size 64 [ 29.536244] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.538016] ================================================================== [ 29.882582] ================================================================== [ 29.882690] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 29.882802] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.882952] [ 29.883023] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.883249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.883383] Hardware name: linux,dummy-virt (DT) [ 29.883507] Call trace: [ 29.883577] show_stack+0x20/0x38 (C) [ 29.883726] dump_stack_lvl+0x8c/0xd0 [ 29.883910] print_report+0x118/0x608 [ 29.884089] kasan_report+0xdc/0x128 [ 29.884240] kasan_check_range+0x100/0x1a8 [ 29.884454] __kasan_check_write+0x20/0x30 [ 29.884810] kasan_atomics_helper+0xd3c/0x4858 [ 29.884983] kasan_atomics+0x198/0x2e0 [ 29.885109] kunit_try_run_case+0x170/0x3f0 [ 29.885240] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.885393] kthread+0x328/0x630 [ 29.885508] ret_from_fork+0x10/0x20 [ 29.885637] [ 29.885685] Allocated by task 265: [ 29.885777] kasan_save_stack+0x3c/0x68 [ 29.885907] kasan_save_track+0x20/0x40 [ 29.886228] kasan_save_alloc_info+0x40/0x58 [ 29.886344] __kasan_kmalloc+0xd4/0xd8 [ 29.886462] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.886767] kasan_atomics+0xb8/0x2e0 [ 29.886965] kunit_try_run_case+0x170/0x3f0 [ 29.887074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.887193] kthread+0x328/0x630 [ 29.887292] ret_from_fork+0x10/0x20 [ 29.887466] [ 29.887559] The buggy address belongs to the object at fff00000c643c780 [ 29.887559] which belongs to the cache kmalloc-64 of size 64 [ 29.887719] The buggy address is located 0 bytes to the right of [ 29.887719] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.887995] [ 29.888116] The buggy address belongs to the physical page: [ 29.888199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.888341] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.888657] page_type: f5(slab) [ 29.888853] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.889277] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.889386] page dumped because: kasan: bad access detected [ 29.889501] [ 29.889554] Memory state around the buggy address: [ 29.889641] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.889772] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.889966] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.890098] ^ [ 29.890196] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.890312] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.890413] ================================================================== [ 29.624192] ================================================================== [ 29.624303] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x6ec/0x4858 [ 29.624432] Write of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.624558] [ 29.624630] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.624848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.631366] [ 29.631782] page_type: f5(slab) [ 29.632961] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.634315] ================================================================== [ 29.891018] ================================================================== [ 29.891257] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 29.891502] Read of size 4 at addr fff00000c643c7b0 by task kunit_try_catch/265 [ 29.891627] [ 29.892437] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.894992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.895038] Hardware name: linux,dummy-virt (DT) [ 29.895080] Call trace: [ 29.895108] show_stack+0x20/0x38 (C) [ 29.895231] dump_stack_lvl+0x8c/0xd0 [ 29.895369] print_report+0x118/0x608 [ 29.895852] kasan_report+0xdc/0x128 [ 29.896284] __asan_report_load4_noabort+0x20/0x30 [ 29.896602] kasan_atomics_helper+0x3e04/0x4858 [ 29.897016] kasan_atomics+0x198/0x2e0 [ 29.897369] kunit_try_run_case+0x170/0x3f0 [ 29.897754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.898030] kthread+0x328/0x630 [ 29.898230] ret_from_fork+0x10/0x20 [ 29.898725] [ 29.898814] Allocated by task 265: [ 29.899320] kasan_save_stack+0x3c/0x68 [ 29.899465] kasan_save_track+0x20/0x40 [ 29.899582] kasan_save_alloc_info+0x40/0x58 [ 29.899702] __kasan_kmalloc+0xd4/0xd8 [ 29.899834] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.899967] kasan_atomics+0xb8/0x2e0 [ 29.900102] kunit_try_run_case+0x170/0x3f0 [ 29.900211] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.900707] kthread+0x328/0x630 [ 29.901241] ret_from_fork+0x10/0x20 [ 29.901406] [ 29.902101] The buggy address belongs to the object at fff00000c643c780 [ 29.902101] which belongs to the cache kmalloc-64 of size 64 [ 29.902247] The buggy address is located 0 bytes to the right of [ 29.902247] allocated 48-byte region [fff00000c643c780, fff00000c643c7b0) [ 29.902409] [ 29.902461] The buggy address belongs to the physical page: [ 29.902540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643c [ 29.902677] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.902809] page_type: f5(slab) [ 29.902926] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.903080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.907169] page dumped because: kasan: bad access detected [ 29.907282] [ 29.907593] Memory state around the buggy address: [ 29.907686] fff00000c643c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.907826] fff00000c643c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.907973] >fff00000c643c780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.908077] ^ [ 29.911080] fff00000c643c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.911206] fff00000c643c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.911312] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 29.274767] ================================================================== [ 29.274884] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 29.275026] Read of size 8 at addr fff00000c62bd348 by task kunit_try_catch/261 [ 29.281860] dump_stack_lvl+0x8c/0xd0 [ 29.283022] print_report+0x118/0x608 [ 29.283831] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 29.286509] kasan_bitops_generic+0xa0/0x1c8 [ 29.287976] [ 29.288508] page_type: f5(slab) [ 29.289759] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.293255] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 29.016591] ================================================================== [ 29.016708] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 29.016830] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 29.016967] [ 29.018204] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 29.018617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.018694] Hardware name: linux,dummy-virt (DT) [ 29.018796] Call trace: [ 29.018878] show_stack+0x20/0x38 (C) [ 29.019659] dump_stack_lvl+0x8c/0xd0 [ 29.020025] print_report+0x118/0x608 [ 29.020188] kasan_report+0xdc/0x128 [ 29.021097] __asan_report_load1_noabort+0x20/0x30 [ 29.021259] strnlen+0x80/0x88 [ 29.021399] kasan_strings+0x478/0xb00 [ 29.021537] kunit_try_run_case+0x170/0x3f0 [ 29.022284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.022457] kthread+0x328/0x630 [ 29.022581] ret_from_fork+0x10/0x20 [ 29.022706] [ 29.022760] Allocated by task 259: [ 29.022839] kasan_save_stack+0x3c/0x68 [ 29.022980] kasan_save_track+0x20/0x40 [ 29.023129] kasan_save_alloc_info+0x40/0x58 [ 29.023238] __kasan_kmalloc+0xd4/0xd8 [ 29.023335] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.023454] kasan_strings+0xc8/0xb00 [ 29.023552] kunit_try_run_case+0x170/0x3f0 [ 29.023662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.023823] kthread+0x328/0x630 [ 29.023952] ret_from_fork+0x10/0x20 [ 29.024074] [ 29.024140] Freed by task 259: [ 29.024242] kasan_save_stack+0x3c/0x68 [ 29.024364] kasan_save_track+0x20/0x40 [ 29.024480] kasan_save_free_info+0x4c/0x78 [ 29.024603] __kasan_slab_free+0x6c/0x98 [ 29.024794] kfree+0x214/0x3c8 [ 29.024895] kasan_strings+0x24c/0xb00 [ 29.025041] kunit_try_run_case+0x170/0x3f0 [ 29.025179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.025318] kthread+0x328/0x630 [ 29.025427] ret_from_fork+0x10/0x20 [ 29.025546] [ 29.025610] The buggy address belongs to the object at fff00000c6437e00 [ 29.025610] which belongs to the cache kmalloc-32 of size 32 [ 29.025764] The buggy address is located 16 bytes inside of [ 29.025764] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 29.026038] [ 29.026186] The buggy address belongs to the physical page: [ 29.026292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 29.026436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.026572] page_type: f5(slab) [ 29.026677] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.026833] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 29.026986] page dumped because: kasan: bad access detected [ 29.027085] [ 29.027146] Memory state around the buggy address: [ 29.027242] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 29.027434] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.027601] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.027710] ^ [ 29.027972] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.028110] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.028216] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 28.991914] ================================================================== [ 28.992160] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 28.992296] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.992427] [ 28.992516] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.992728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.992801] Hardware name: linux,dummy-virt (DT) [ 28.992880] Call trace: [ 28.992960] show_stack+0x20/0x38 (C) [ 28.993096] dump_stack_lvl+0x8c/0xd0 [ 28.993220] print_report+0x118/0x608 [ 28.993345] kasan_report+0xdc/0x128 [ 28.993465] __asan_report_load1_noabort+0x20/0x30 [ 28.993612] strlen+0xa8/0xb0 [ 28.993749] kasan_strings+0x418/0xb00 [ 28.994173] kunit_try_run_case+0x170/0x3f0 [ 28.994328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.994488] kthread+0x328/0x630 [ 28.994990] ret_from_fork+0x10/0x20 [ 28.995564] [ 28.995973] Allocated by task 259: [ 28.996590] kasan_save_stack+0x3c/0x68 [ 28.996713] kasan_save_track+0x20/0x40 [ 28.996818] kasan_save_alloc_info+0x40/0x58 [ 28.998215] __kasan_kmalloc+0xd4/0xd8 [ 28.998665] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.999469] kasan_strings+0xc8/0xb00 [ 28.999581] kunit_try_run_case+0x170/0x3f0 [ 28.999978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.000388] kthread+0x328/0x630 [ 29.000737] ret_from_fork+0x10/0x20 [ 29.001064] [ 29.001747] Freed by task 259: [ 29.002037] kasan_save_stack+0x3c/0x68 [ 29.002418] kasan_save_track+0x20/0x40 [ 29.003061] kasan_save_free_info+0x4c/0x78 [ 29.003213] __kasan_slab_free+0x6c/0x98 [ 29.003685] kfree+0x214/0x3c8 [ 29.003814] kasan_strings+0x24c/0xb00 [ 29.004297] kunit_try_run_case+0x170/0x3f0 [ 29.004836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.005093] kthread+0x328/0x630 [ 29.005180] ret_from_fork+0x10/0x20 [ 29.006028] [ 29.006291] The buggy address belongs to the object at fff00000c6437e00 [ 29.006291] which belongs to the cache kmalloc-32 of size 32 [ 29.006855] The buggy address is located 16 bytes inside of [ 29.006855] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 29.007653] [ 29.007714] The buggy address belongs to the physical page: [ 29.007810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 29.008261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.008545] page_type: f5(slab) [ 29.009080] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.009222] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 29.009329] page dumped because: kasan: bad access detected [ 29.010301] [ 29.010406] Memory state around the buggy address: [ 29.010753] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 29.010893] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.011235] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.011982] ^ [ 29.012293] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.012408] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.013229] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 28.975113] ================================================================== [ 28.975260] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 28.975399] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.975834] [ 28.975975] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.976184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.976256] Hardware name: linux,dummy-virt (DT) [ 28.976345] Call trace: [ 28.976432] show_stack+0x20/0x38 (C) [ 28.976704] dump_stack_lvl+0x8c/0xd0 [ 28.976857] print_report+0x118/0x608 [ 28.977070] kasan_report+0xdc/0x128 [ 28.977205] __asan_report_load1_noabort+0x20/0x30 [ 28.977400] kasan_strings+0x95c/0xb00 [ 28.977529] kunit_try_run_case+0x170/0x3f0 [ 28.977720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.977899] kthread+0x328/0x630 [ 28.978061] ret_from_fork+0x10/0x20 [ 28.978505] [ 28.978661] Allocated by task 259: [ 28.978747] kasan_save_stack+0x3c/0x68 [ 28.978960] kasan_save_track+0x20/0x40 [ 28.979258] kasan_save_alloc_info+0x40/0x58 [ 28.979779] __kasan_kmalloc+0xd4/0xd8 [ 28.980343] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.980488] kasan_strings+0xc8/0xb00 [ 28.980599] kunit_try_run_case+0x170/0x3f0 [ 28.981596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.981762] kthread+0x328/0x630 [ 28.981865] ret_from_fork+0x10/0x20 [ 28.981981] [ 28.982037] Freed by task 259: [ 28.982113] kasan_save_stack+0x3c/0x68 [ 28.983181] kasan_save_track+0x20/0x40 [ 28.983346] kasan_save_free_info+0x4c/0x78 [ 28.984072] __kasan_slab_free+0x6c/0x98 [ 28.984202] kfree+0x214/0x3c8 [ 28.984299] kasan_strings+0x24c/0xb00 [ 28.984383] kunit_try_run_case+0x170/0x3f0 [ 28.984489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.985093] kthread+0x328/0x630 [ 28.985214] ret_from_fork+0x10/0x20 [ 28.985310] [ 28.986100] The buggy address belongs to the object at fff00000c6437e00 [ 28.986100] which belongs to the cache kmalloc-32 of size 32 [ 28.986999] The buggy address is located 16 bytes inside of [ 28.986999] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 28.987336] [ 28.987417] The buggy address belongs to the physical page: [ 28.987504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 28.987772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.987915] page_type: f5(slab) [ 28.988164] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 28.988358] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.988660] page dumped because: kasan: bad access detected [ 28.988766] [ 28.988821] Memory state around the buggy address: [ 28.988973] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 28.989274] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989391] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989518] ^ [ 28.989695] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.989815] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.989952] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 28.952695] ================================================================== [ 28.952817] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 28.956082] Read of size 1 at addr fff00000c6437e10 by task kunit_try_catch/259 [ 28.956234] [ 28.956336] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.956578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.956661] Hardware name: linux,dummy-virt (DT) [ 28.956758] Call trace: [ 28.956826] show_stack+0x20/0x38 (C) [ 28.956988] dump_stack_lvl+0x8c/0xd0 [ 28.957140] print_report+0x118/0x608 [ 28.957357] kasan_report+0xdc/0x128 [ 28.959180] __asan_report_load1_noabort+0x20/0x30 [ 28.959340] strcmp+0xc0/0xc8 [ 28.959471] kasan_strings+0x340/0xb00 [ 28.959614] kunit_try_run_case+0x170/0x3f0 [ 28.959845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.960023] kthread+0x328/0x630 [ 28.960763] ret_from_fork+0x10/0x20 [ 28.960969] [ 28.961587] Allocated by task 259: [ 28.961728] kasan_save_stack+0x3c/0x68 [ 28.962156] kasan_save_track+0x20/0x40 [ 28.962371] kasan_save_alloc_info+0x40/0x58 [ 28.962568] __kasan_kmalloc+0xd4/0xd8 [ 28.962684] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.962850] kasan_strings+0xc8/0xb00 [ 28.963012] kunit_try_run_case+0x170/0x3f0 [ 28.963183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.963317] kthread+0x328/0x630 [ 28.964034] ret_from_fork+0x10/0x20 [ 28.964154] [ 28.964211] Freed by task 259: [ 28.964290] kasan_save_stack+0x3c/0x68 [ 28.964489] kasan_save_track+0x20/0x40 [ 28.965175] kasan_save_free_info+0x4c/0x78 [ 28.965587] __kasan_slab_free+0x6c/0x98 [ 28.965727] kfree+0x214/0x3c8 [ 28.965825] kasan_strings+0x24c/0xb00 [ 28.966116] kunit_try_run_case+0x170/0x3f0 [ 28.966339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.967012] kthread+0x328/0x630 [ 28.967120] ret_from_fork+0x10/0x20 [ 28.967236] [ 28.967784] The buggy address belongs to the object at fff00000c6437e00 [ 28.967784] which belongs to the cache kmalloc-32 of size 32 [ 28.967995] The buggy address is located 16 bytes inside of [ 28.967995] freed 32-byte region [fff00000c6437e00, fff00000c6437e20) [ 28.968286] [ 28.968358] The buggy address belongs to the physical page: [ 28.968469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106437 [ 28.968694] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.968839] page_type: f5(slab) [ 28.969040] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 28.969217] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.969377] page dumped because: kasan: bad access detected [ 28.969999] [ 28.970060] Memory state around the buggy address: [ 28.970150] fff00000c6437d00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 28.970266] fff00000c6437d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.970803] >fff00000c6437e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.971025] ^ [ 28.971930] fff00000c6437e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.972086] fff00000c6437f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.972201] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 28.866797] ================================================================== [ 28.866961] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 28.867112] Read of size 1 at addr ffff800080a07b4a by task kunit_try_catch/253 [ 28.867469] [ 28.867579] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.867880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.867976] Hardware name: linux,dummy-virt (DT) [ 28.868066] Call trace: [ 28.868409] show_stack+0x20/0x38 (C) [ 28.868705] dump_stack_lvl+0x8c/0xd0 [ 28.868954] print_report+0x310/0x608 [ 28.869180] kasan_report+0xdc/0x128 [ 28.869312] __asan_report_load1_noabort+0x20/0x30 [ 28.869452] kasan_alloca_oob_right+0x2dc/0x340 [ 28.869595] kunit_try_run_case+0x170/0x3f0 [ 28.869752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.869981] kthread+0x328/0x630 [ 28.870489] ret_from_fork+0x10/0x20 [ 28.870768] [ 28.870830] The buggy address belongs to stack of task kunit_try_catch/253 [ 28.871138] [ 28.871211] The buggy address belongs to the virtual mapping at [ 28.871211] [ffff800080a00000, ffff800080a09000) created by: [ 28.871211] kernel_clone+0x150/0x7a8 [ 28.871486] [ 28.871775] The buggy address belongs to the physical page: [ 28.871886] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063f6 [ 28.872048] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.872216] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.872376] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.872527] page dumped because: kasan: bad access detected [ 28.872651] [ 28.872981] Memory state around the buggy address: [ 28.873275] ffff800080a07a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.873448] ffff800080a07a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.873566] >ffff800080a07b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 28.873680] ^ [ 28.874052] ffff800080a07b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 28.874180] ffff800080a07c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 28.874282] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 28.830842] ================================================================== [ 28.831056] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 28.831963] Read of size 1 at addr ffff800080867b5f by task kunit_try_catch/251 [ 28.833182] [ 28.833742] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.835390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.835477] Hardware name: linux,dummy-virt (DT) [ 28.835567] Call trace: [ 28.836409] show_stack+0x20/0x38 (C) [ 28.836690] dump_stack_lvl+0x8c/0xd0 [ 28.836838] print_report+0x310/0x608 [ 28.837455] kasan_report+0xdc/0x128 [ 28.839597] __asan_report_load1_noabort+0x20/0x30 [ 28.839758] kasan_alloca_oob_left+0x2b8/0x310 [ 28.839884] kunit_try_run_case+0x170/0x3f0 [ 28.840041] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.840173] kthread+0x328/0x630 [ 28.840284] ret_from_fork+0x10/0x20 [ 28.840406] [ 28.840459] The buggy address belongs to stack of task kunit_try_catch/251 [ 28.840617] [ 28.840682] The buggy address belongs to the virtual mapping at [ 28.840682] [ffff800080860000, ffff800080869000) created by: [ 28.840682] kernel_clone+0x150/0x7a8 [ 28.840885] [ 28.840983] The buggy address belongs to the physical page: [ 28.841086] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab9 [ 28.841302] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.841902] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.842059] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.842173] page dumped because: kasan: bad access detected [ 28.842260] [ 28.842307] Memory state around the buggy address: [ 28.842389] ffff800080867a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.842504] ffff800080867a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.845013] >ffff800080867b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 28.845625] ^ [ 28.845739] ffff800080867b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 28.845875] ffff800080867c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 28.846033] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 28.786393] ================================================================== [ 28.786557] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 28.786691] Read of size 1 at addr ffff800080a07c2a by task kunit_try_catch/249 [ 28.786829] [ 28.786958] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.787642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.787746] Hardware name: linux,dummy-virt (DT) [ 28.787956] Call trace: [ 28.788021] show_stack+0x20/0x38 (C) [ 28.788533] dump_stack_lvl+0x8c/0xd0 [ 28.788686] print_report+0x310/0x608 [ 28.789054] kasan_report+0xdc/0x128 [ 28.789180] __asan_report_load1_noabort+0x20/0x30 [ 28.789308] kasan_stack_oob+0x238/0x270 [ 28.789483] kunit_try_run_case+0x170/0x3f0 [ 28.789993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.790197] kthread+0x328/0x630 [ 28.790319] ret_from_fork+0x10/0x20 [ 28.790618] [ 28.790823] The buggy address belongs to stack of task kunit_try_catch/249 [ 28.791142] and is located at offset 138 in frame: [ 28.791237] kasan_stack_oob+0x0/0x270 [ 28.791561] [ 28.791647] This frame has 4 objects: [ 28.791951] [48, 49) '__assertion' [ 28.792489] [64, 72) 'array' [ 28.792583] [96, 112) '__assertion' [ 28.792971] [128, 138) 'stack_array' [ 28.793204] [ 28.793285] The buggy address belongs to the virtual mapping at [ 28.793285] [ffff800080a00000, ffff800080a09000) created by: [ 28.793285] kernel_clone+0x150/0x7a8 [ 28.793476] [ 28.793535] The buggy address belongs to the physical page: [ 28.793692] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063f6 [ 28.794417] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.794591] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.794998] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.795122] page dumped because: kasan: bad access detected [ 28.795225] [ 28.795290] Memory state around the buggy address: [ 28.795642] ffff800080a07b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.796092] ffff800080a07b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 28.796212] >ffff800080a07c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 28.796322] ^ [ 28.796408] ffff800080a07c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 28.796516] ffff800080a07d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 28.796781] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 28.731094] ================================================================== [ 28.731310] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 28.731566] Read of size 1 at addr ffffa6ed585af5cd by task kunit_try_catch/245 [ 28.731874] [ 28.732095] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.732574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.732656] Hardware name: linux,dummy-virt (DT) [ 28.732752] Call trace: [ 28.732821] show_stack+0x20/0x38 (C) [ 28.732976] dump_stack_lvl+0x8c/0xd0 [ 28.733138] print_report+0x310/0x608 [ 28.733268] kasan_report+0xdc/0x128 [ 28.733416] __asan_report_load1_noabort+0x20/0x30 [ 28.733856] kasan_global_oob_right+0x230/0x270 [ 28.734187] kunit_try_run_case+0x170/0x3f0 [ 28.734534] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.734720] kthread+0x328/0x630 [ 28.734880] ret_from_fork+0x10/0x20 [ 28.735200] [ 28.735404] The buggy address belongs to the variable: [ 28.735513] global_array+0xd/0x40 [ 28.736770] [ 28.737043] The buggy address belongs to the virtual mapping at [ 28.737043] [ffffa6ed56750000, ffffa6ed58661000) created by: [ 28.737043] paging_init+0x66c/0x7d0 [ 28.737251] [ 28.737411] The buggy address belongs to the physical page: [ 28.737547] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47daf [ 28.737779] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 28.737974] raw: 03fffe0000002000 ffffc1ffc01f6bc8 ffffc1ffc01f6bc8 0000000000000000 [ 28.738201] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.738486] page dumped because: kasan: bad access detected [ 28.738627] [ 28.738676] Memory state around the buggy address: [ 28.738852] ffffa6ed585af480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.740118] ffffa6ed585af500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.740318] >ffffa6ed585af580: 02 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 28.740555] ^ [ 28.740649] ffffa6ed585af600: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 28.740965] ffffa6ed585af680: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 28.742519] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 28.707709] ================================================================== [ 28.707877] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.708247] Free of addr fff00000c7874001 by task kunit_try_catch/243 [ 28.708397] [ 28.708490] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.708694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.709173] Hardware name: linux,dummy-virt (DT) [ 28.709273] Call trace: [ 28.709410] show_stack+0x20/0x38 (C) [ 28.709551] dump_stack_lvl+0x8c/0xd0 [ 28.709843] print_report+0x118/0x608 [ 28.710149] kasan_report_invalid_free+0xc0/0xe8 [ 28.710293] __kasan_mempool_poison_object+0xfc/0x150 [ 28.710434] mempool_free+0x28c/0x328 [ 28.710555] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.710705] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 28.711570] kunit_try_run_case+0x170/0x3f0 [ 28.712650] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.712927] kthread+0x328/0x630 [ 28.713150] ret_from_fork+0x10/0x20 [ 28.713282] [ 28.713333] The buggy address belongs to the physical page: [ 28.713416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107874 [ 28.713551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.713667] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.713862] page_type: f8(unknown) [ 28.714107] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714249] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.714374] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.714608] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.714736] head: 0bfffe0000000002 ffffc1ffc31e1d01 00000000ffffffff 00000000ffffffff [ 28.715211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.715337] page dumped because: kasan: bad access detected [ 28.715425] [ 28.715476] Memory state around the buggy address: [ 28.715567] fff00000c7873f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.715688] fff00000c7873f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.715919] >fff00000c7874000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716109] ^ [ 28.716289] fff00000c7874080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716473] fff00000c7874100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.716849] ================================================================== [ 28.672735] ================================================================== [ 28.672916] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.673102] Free of addr fff00000c6431901 by task kunit_try_catch/241 [ 28.673368] [ 28.673477] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.673707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.673780] Hardware name: linux,dummy-virt (DT) [ 28.673892] Call trace: [ 28.673967] show_stack+0x20/0x38 (C) [ 28.674100] dump_stack_lvl+0x8c/0xd0 [ 28.674219] print_report+0x118/0x608 [ 28.674340] kasan_report_invalid_free+0xc0/0xe8 [ 28.674460] check_slab_allocation+0xfc/0x108 [ 28.674586] __kasan_mempool_poison_object+0x78/0x150 [ 28.674717] mempool_free+0x28c/0x328 [ 28.674827] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 28.674983] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.675113] kunit_try_run_case+0x170/0x3f0 [ 28.675254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.675486] kthread+0x328/0x630 [ 28.675769] ret_from_fork+0x10/0x20 [ 28.675905] [ 28.675971] Allocated by task 241: [ 28.676046] kasan_save_stack+0x3c/0x68 [ 28.676161] kasan_save_track+0x20/0x40 [ 28.676274] kasan_save_alloc_info+0x40/0x58 [ 28.676454] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.676613] remove_element+0x130/0x1f8 [ 28.676722] mempool_alloc_preallocated+0x58/0xc0 [ 28.676832] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 28.676990] mempool_kmalloc_invalid_free+0xc0/0x118 [ 28.677135] kunit_try_run_case+0x170/0x3f0 [ 28.677232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.677340] kthread+0x328/0x630 [ 28.677442] ret_from_fork+0x10/0x20 [ 28.677853] [ 28.677955] The buggy address belongs to the object at fff00000c6431900 [ 28.677955] which belongs to the cache kmalloc-128 of size 128 [ 28.678110] The buggy address is located 1 bytes inside of [ 28.678110] 128-byte region [fff00000c6431900, fff00000c6431980) [ 28.678257] [ 28.678312] The buggy address belongs to the physical page: [ 28.678392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 28.678596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.678726] page_type: f5(slab) [ 28.678829] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.678989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.679104] page dumped because: kasan: bad access detected [ 28.679239] [ 28.679476] Memory state around the buggy address: [ 28.679905] fff00000c6431800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.680346] fff00000c6431880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.680479] >fff00000c6431900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.680854] ^ [ 28.681047] fff00000c6431980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.681190] fff00000c6431a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.681309] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 28.646200] ================================================================== [ 28.646343] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.646589] Free of addr fff00000c7870000 by task kunit_try_catch/239 [ 28.646736] [ 28.646918] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.647264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.647336] Hardware name: linux,dummy-virt (DT) [ 28.647423] Call trace: [ 28.647484] show_stack+0x20/0x38 (C) [ 28.647725] dump_stack_lvl+0x8c/0xd0 [ 28.647909] print_report+0x118/0x608 [ 28.648066] kasan_report_invalid_free+0xc0/0xe8 [ 28.648430] __kasan_mempool_poison_pages+0xe0/0xe8 [ 28.648743] mempool_free+0x24c/0x328 [ 28.648879] mempool_double_free_helper+0x150/0x2e8 [ 28.649221] mempool_page_alloc_double_free+0xbc/0x118 [ 28.649397] kunit_try_run_case+0x170/0x3f0 [ 28.649540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.649694] kthread+0x328/0x630 [ 28.649892] ret_from_fork+0x10/0x20 [ 28.650073] [ 28.650161] The buggy address belongs to the physical page: [ 28.650393] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107870 [ 28.650604] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.650780] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.651095] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.651255] page dumped because: kasan: bad access detected [ 28.651419] [ 28.651505] Memory state around the buggy address: [ 28.651590] fff00000c786ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651714] fff00000c786ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651830] >fff00000c7870000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.651964] ^ [ 28.652122] fff00000c7870080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.652241] fff00000c7870100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.652397] ================================================================== [ 28.623204] ================================================================== [ 28.623356] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.623546] Free of addr fff00000c786c000 by task kunit_try_catch/237 [ 28.623656] [ 28.623788] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.624031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.624115] Hardware name: linux,dummy-virt (DT) [ 28.624195] Call trace: [ 28.624248] show_stack+0x20/0x38 (C) [ 28.624380] dump_stack_lvl+0x8c/0xd0 [ 28.624540] print_report+0x118/0x608 [ 28.624798] kasan_report_invalid_free+0xc0/0xe8 [ 28.624953] __kasan_mempool_poison_object+0x14c/0x150 [ 28.625161] mempool_free+0x28c/0x328 [ 28.625294] mempool_double_free_helper+0x150/0x2e8 [ 28.625634] mempool_kmalloc_large_double_free+0xc0/0x118 [ 28.625832] kunit_try_run_case+0x170/0x3f0 [ 28.626066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.626226] kthread+0x328/0x630 [ 28.626365] ret_from_fork+0x10/0x20 [ 28.626735] [ 28.626795] The buggy address belongs to the physical page: [ 28.626904] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c [ 28.627076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.627450] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.627614] page_type: f8(unknown) [ 28.627675] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.627765] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.628102] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.628369] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.628499] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff [ 28.628676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.628965] page dumped because: kasan: bad access detected [ 28.629169] [ 28.629214] Memory state around the buggy address: [ 28.629294] fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629476] fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629764] >fff00000c786c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.629862] ^ [ 28.630205] fff00000c786c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.630335] fff00000c786c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.630444] ================================================================== [ 28.595444] ================================================================== [ 28.595923] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 28.596201] Free of addr fff00000c6431500 by task kunit_try_catch/235 [ 28.596363] [ 28.596477] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.596687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.596908] Hardware name: linux,dummy-virt (DT) [ 28.597008] Call trace: [ 28.597151] show_stack+0x20/0x38 (C) [ 28.597297] dump_stack_lvl+0x8c/0xd0 [ 28.597431] print_report+0x118/0x608 [ 28.597553] kasan_report_invalid_free+0xc0/0xe8 [ 28.597898] check_slab_allocation+0xd4/0x108 [ 28.598393] __kasan_mempool_poison_object+0x78/0x150 [ 28.598526] mempool_free+0x28c/0x328 [ 28.598965] mempool_double_free_helper+0x150/0x2e8 [ 28.599260] mempool_kmalloc_double_free+0xc0/0x118 [ 28.599520] kunit_try_run_case+0x170/0x3f0 [ 28.600551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.601145] kthread+0x328/0x630 [ 28.601531] ret_from_fork+0x10/0x20 [ 28.601662] [ 28.602092] Allocated by task 235: [ 28.602185] kasan_save_stack+0x3c/0x68 [ 28.602918] kasan_save_track+0x20/0x40 [ 28.603390] kasan_save_alloc_info+0x40/0x58 [ 28.604137] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.604259] remove_element+0x130/0x1f8 [ 28.604347] mempool_alloc_preallocated+0x58/0xc0 [ 28.604450] mempool_double_free_helper+0x94/0x2e8 [ 28.604731] mempool_kmalloc_double_free+0xc0/0x118 [ 28.604976] kunit_try_run_case+0x170/0x3f0 [ 28.605121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.605806] kthread+0x328/0x630 [ 28.606139] ret_from_fork+0x10/0x20 [ 28.606248] [ 28.606307] Freed by task 235: [ 28.606427] kasan_save_stack+0x3c/0x68 [ 28.606565] kasan_save_track+0x20/0x40 [ 28.606782] kasan_save_free_info+0x4c/0x78 [ 28.607056] __kasan_mempool_poison_object+0xc0/0x150 [ 28.607276] mempool_free+0x28c/0x328 [ 28.607389] mempool_double_free_helper+0x100/0x2e8 [ 28.607513] mempool_kmalloc_double_free+0xc0/0x118 [ 28.607626] kunit_try_run_case+0x170/0x3f0 [ 28.607738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.607864] kthread+0x328/0x630 [ 28.607999] ret_from_fork+0x10/0x20 [ 28.608095] [ 28.608140] The buggy address belongs to the object at fff00000c6431500 [ 28.608140] which belongs to the cache kmalloc-128 of size 128 [ 28.608282] The buggy address is located 0 bytes inside of [ 28.608282] 128-byte region [fff00000c6431500, fff00000c6431580) [ 28.608484] [ 28.608552] The buggy address belongs to the physical page: [ 28.608637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 28.608785] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.608920] page_type: f5(slab) [ 28.609083] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.609341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.609498] page dumped because: kasan: bad access detected [ 28.609611] [ 28.609676] Memory state around the buggy address: [ 28.609760] fff00000c6431400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.609983] fff00000c6431480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610092] >fff00000c6431500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.610207] ^ [ 28.610281] fff00000c6431580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610391] fff00000c6431600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.610488] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 26.249250] ================================================================== [ 26.249711] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 26.249970] Read of size 1 at addr fff00000c64220c8 by task kunit_try_catch/207 [ 26.250114] [ 26.250218] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.251123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.251240] Hardware name: linux,dummy-virt (DT) [ 26.251361] Call trace: [ 26.251549] show_stack+0x20/0x38 (C) [ 26.251784] dump_stack_lvl+0x8c/0xd0 [ 26.252278] print_report+0x118/0x608 [ 26.252416] kasan_report+0xdc/0x128 [ 26.252536] __asan_report_load1_noabort+0x20/0x30 [ 26.252725] kmem_cache_oob+0x344/0x430 [ 26.252845] kunit_try_run_case+0x170/0x3f0 [ 26.252995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.253443] kthread+0x328/0x630 [ 26.253804] ret_from_fork+0x10/0x20 [ 26.253964] [ 26.254146] Allocated by task 207: [ 26.254230] kasan_save_stack+0x3c/0x68 [ 26.254473] kasan_save_track+0x20/0x40 [ 26.254688] kasan_save_alloc_info+0x40/0x58 [ 26.254809] __kasan_slab_alloc+0xa8/0xb0 [ 26.254920] kmem_cache_alloc_noprof+0x10c/0x398 [ 26.255075] kmem_cache_oob+0x12c/0x430 [ 26.255244] kunit_try_run_case+0x170/0x3f0 [ 26.255420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.255536] kthread+0x328/0x630 [ 26.255650] ret_from_fork+0x10/0x20 [ 26.255914] [ 26.255987] The buggy address belongs to the object at fff00000c6422000 [ 26.255987] which belongs to the cache test_cache of size 200 [ 26.256463] The buggy address is located 0 bytes to the right of [ 26.256463] allocated 200-byte region [fff00000c6422000, fff00000c64220c8) [ 26.256765] [ 26.256921] The buggy address belongs to the physical page: [ 26.257023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106422 [ 26.257163] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.257647] page_type: f5(slab) [ 26.257790] raw: 0bfffe0000000000 fff00000c569f640 dead000000000122 0000000000000000 [ 26.258299] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.258427] page dumped because: kasan: bad access detected [ 26.258612] [ 26.258845] Memory state around the buggy address: [ 26.259185] fff00000c6421f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.259302] fff00000c6422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.259415] >fff00000c6422080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.259548] ^ [ 26.259641] fff00000c6422100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.259925] fff00000c6422180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.260063] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 26.112004] ================================================================== [ 26.112168] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 26.112661] Read of size 8 at addr fff00000c641c380 by task kunit_try_catch/200 [ 26.112881] [ 26.112984] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.113510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.113605] Hardware name: linux,dummy-virt (DT) [ 26.113822] Call trace: [ 26.113909] show_stack+0x20/0x38 (C) [ 26.114072] dump_stack_lvl+0x8c/0xd0 [ 26.114221] print_report+0x118/0x608 [ 26.114756] kasan_report+0xdc/0x128 [ 26.115018] __asan_report_load8_noabort+0x20/0x30 [ 26.115262] workqueue_uaf+0x480/0x4a8 [ 26.115397] kunit_try_run_case+0x170/0x3f0 [ 26.115746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.115925] kthread+0x328/0x630 [ 26.116105] ret_from_fork+0x10/0x20 [ 26.116426] [ 26.116503] Allocated by task 200: [ 26.116576] kasan_save_stack+0x3c/0x68 [ 26.116842] kasan_save_track+0x20/0x40 [ 26.116962] kasan_save_alloc_info+0x40/0x58 [ 26.117079] __kasan_kmalloc+0xd4/0xd8 [ 26.117341] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.117451] workqueue_uaf+0x13c/0x4a8 [ 26.117573] kunit_try_run_case+0x170/0x3f0 [ 26.117813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.117946] kthread+0x328/0x630 [ 26.118051] ret_from_fork+0x10/0x20 [ 26.118166] [ 26.118222] Freed by task 9: [ 26.118295] kasan_save_stack+0x3c/0x68 [ 26.118559] kasan_save_track+0x20/0x40 [ 26.119032] kasan_save_free_info+0x4c/0x78 [ 26.119511] __kasan_slab_free+0x6c/0x98 [ 26.119645] kfree+0x214/0x3c8 [ 26.119750] workqueue_uaf_work+0x18/0x30 [ 26.119953] process_one_work+0x530/0xf98 [ 26.120150] worker_thread+0x618/0xf38 [ 26.120347] kthread+0x328/0x630 [ 26.120443] ret_from_fork+0x10/0x20 [ 26.120589] [ 26.120656] Last potentially related work creation: [ 26.120732] kasan_save_stack+0x3c/0x68 [ 26.120847] kasan_record_aux_stack+0xb4/0xc8 [ 26.121158] __queue_work+0x65c/0x1008 [ 26.121527] queue_work_on+0xbc/0xf8 [ 26.121709] workqueue_uaf+0x210/0x4a8 [ 26.121816] kunit_try_run_case+0x170/0x3f0 [ 26.122026] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.122158] kthread+0x328/0x630 [ 26.122350] ret_from_fork+0x10/0x20 [ 26.122474] [ 26.122582] The buggy address belongs to the object at fff00000c641c380 [ 26.122582] which belongs to the cache kmalloc-32 of size 32 [ 26.122723] The buggy address is located 0 bytes inside of [ 26.122723] freed 32-byte region [fff00000c641c380, fff00000c641c3a0) [ 26.122919] [ 26.123099] The buggy address belongs to the physical page: [ 26.123254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641c [ 26.123644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.123904] page_type: f5(slab) [ 26.124110] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 26.124435] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.124546] page dumped because: kasan: bad access detected [ 26.124633] [ 26.124682] Memory state around the buggy address: [ 26.124816] fff00000c641c280: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 26.125119] fff00000c641c300: 00 00 00 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 26.125250] >fff00000c641c380: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 26.125345] ^ [ 26.125424] fff00000c641c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.125704] fff00000c641c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.125813] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 28.454308] ================================================================== [ 28.454476] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 28.454629] Read of size 1 at addr fff00000c786c000 by task kunit_try_catch/229 [ 28.454809] [ 28.454892] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.455177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.455257] Hardware name: linux,dummy-virt (DT) [ 28.455432] Call trace: [ 28.455488] show_stack+0x20/0x38 (C) [ 28.455693] dump_stack_lvl+0x8c/0xd0 [ 28.455829] print_report+0x118/0x608 [ 28.456031] kasan_report+0xdc/0x128 [ 28.456159] __asan_report_load1_noabort+0x20/0x30 [ 28.456299] mempool_uaf_helper+0x314/0x340 [ 28.456559] mempool_kmalloc_large_uaf+0xc4/0x120 [ 28.456728] kunit_try_run_case+0x170/0x3f0 [ 28.456948] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.457179] kthread+0x328/0x630 [ 28.457367] ret_from_fork+0x10/0x20 [ 28.457578] [ 28.457735] The buggy address belongs to the physical page: [ 28.459156] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c [ 28.459392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.459684] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.460092] page_type: f8(unknown) [ 28.460280] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.460426] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.460555] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.461243] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.461373] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff [ 28.462148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.462265] page dumped because: kasan: bad access detected [ 28.462347] [ 28.462436] Memory state around the buggy address: [ 28.463241] fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.463554] fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.463779] >fff00000c786c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.463883] ^ [ 28.464263] fff00000c786c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.464388] fff00000c786c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.464486] ================================================================== [ 28.566952] ================================================================== [ 28.567480] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 28.567655] Read of size 1 at addr fff00000c786c000 by task kunit_try_catch/233 [ 28.567768] [ 28.567861] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.568082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.568156] Hardware name: linux,dummy-virt (DT) [ 28.568242] Call trace: [ 28.568304] show_stack+0x20/0x38 (C) [ 28.568426] dump_stack_lvl+0x8c/0xd0 [ 28.571233] print_report+0x118/0x608 [ 28.571879] kasan_report+0xdc/0x128 [ 28.572032] __asan_report_load1_noabort+0x20/0x30 [ 28.572173] mempool_uaf_helper+0x314/0x340 [ 28.572296] mempool_page_alloc_uaf+0xc0/0x118 [ 28.572431] kunit_try_run_case+0x170/0x3f0 [ 28.572576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.572720] kthread+0x328/0x630 [ 28.572845] ret_from_fork+0x10/0x20 [ 28.572997] [ 28.573056] The buggy address belongs to the physical page: [ 28.573136] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c [ 28.573275] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.573429] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.573553] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.573650] page dumped because: kasan: bad access detected [ 28.573731] [ 28.573783] Memory state around the buggy address: [ 28.573868] fff00000c786bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.577046] fff00000c786bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.579626] >fff00000c786c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.579727] ^ [ 28.579807] fff00000c786c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.580297] fff00000c786c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.580520] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 28.431305] ================================================================== [ 28.431629] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 28.432276] Read of size 1 at addr fff00000c6431100 by task kunit_try_catch/227 [ 28.432419] [ 28.432532] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.432759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.432910] Hardware name: linux,dummy-virt (DT) [ 28.433038] Call trace: [ 28.433108] show_stack+0x20/0x38 (C) [ 28.433254] dump_stack_lvl+0x8c/0xd0 [ 28.433577] print_report+0x118/0x608 [ 28.433711] kasan_report+0xdc/0x128 [ 28.433902] __asan_report_load1_noabort+0x20/0x30 [ 28.434298] mempool_uaf_helper+0x314/0x340 [ 28.434453] mempool_kmalloc_uaf+0xc4/0x120 [ 28.434807] kunit_try_run_case+0x170/0x3f0 [ 28.435237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.435386] kthread+0x328/0x630 [ 28.435552] ret_from_fork+0x10/0x20 [ 28.435828] [ 28.435881] Allocated by task 227: [ 28.435985] kasan_save_stack+0x3c/0x68 [ 28.436247] kasan_save_track+0x20/0x40 [ 28.436348] kasan_save_alloc_info+0x40/0x58 [ 28.436497] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.436735] remove_element+0x130/0x1f8 [ 28.436860] mempool_alloc_preallocated+0x58/0xc0 [ 28.437023] mempool_uaf_helper+0xa4/0x340 [ 28.437144] mempool_kmalloc_uaf+0xc4/0x120 [ 28.437262] kunit_try_run_case+0x170/0x3f0 [ 28.437375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.437496] kthread+0x328/0x630 [ 28.437647] ret_from_fork+0x10/0x20 [ 28.437763] [ 28.437816] Freed by task 227: [ 28.437896] kasan_save_stack+0x3c/0x68 [ 28.438097] kasan_save_track+0x20/0x40 [ 28.438251] kasan_save_free_info+0x4c/0x78 [ 28.438478] __kasan_mempool_poison_object+0xc0/0x150 [ 28.438630] mempool_free+0x28c/0x328 [ 28.438887] mempool_uaf_helper+0x104/0x340 [ 28.439167] mempool_kmalloc_uaf+0xc4/0x120 [ 28.439364] kunit_try_run_case+0x170/0x3f0 [ 28.439472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.439636] kthread+0x328/0x630 [ 28.439741] ret_from_fork+0x10/0x20 [ 28.439865] [ 28.439922] The buggy address belongs to the object at fff00000c6431100 [ 28.439922] which belongs to the cache kmalloc-128 of size 128 [ 28.440117] The buggy address is located 0 bytes inside of [ 28.440117] freed 128-byte region [fff00000c6431100, fff00000c6431180) [ 28.440204] [ 28.440231] The buggy address belongs to the physical page: [ 28.440271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 28.440341] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.440406] page_type: f5(slab) [ 28.440455] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.440517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.440567] page dumped because: kasan: bad access detected [ 28.440608] [ 28.440630] Memory state around the buggy address: [ 28.440669] fff00000c6431000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.440721] fff00000c6431080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.440774] >fff00000c6431100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.440821] ^ [ 28.440855] fff00000c6431180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.440907] fff00000c6431200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.440981] ================================================================== [ 28.503144] ================================================================== [ 28.503545] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 28.503756] Read of size 1 at addr fff00000c6434240 by task kunit_try_catch/231 [ 28.504117] [ 28.504394] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.504613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.505133] Hardware name: linux,dummy-virt (DT) [ 28.505224] Call trace: [ 28.505283] show_stack+0x20/0x38 (C) [ 28.505416] dump_stack_lvl+0x8c/0xd0 [ 28.505713] print_report+0x118/0x608 [ 28.505899] kasan_report+0xdc/0x128 [ 28.506410] __asan_report_load1_noabort+0x20/0x30 [ 28.506662] mempool_uaf_helper+0x314/0x340 [ 28.507262] mempool_slab_uaf+0xc0/0x118 [ 28.507838] kunit_try_run_case+0x170/0x3f0 [ 28.507998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.508402] kthread+0x328/0x630 [ 28.508723] ret_from_fork+0x10/0x20 [ 28.508918] [ 28.509021] Allocated by task 231: [ 28.509111] kasan_save_stack+0x3c/0x68 [ 28.509227] kasan_save_track+0x20/0x40 [ 28.509329] kasan_save_alloc_info+0x40/0x58 [ 28.509862] __kasan_mempool_unpoison_object+0xbc/0x180 [ 28.510048] remove_element+0x16c/0x1f8 [ 28.510189] mempool_alloc_preallocated+0x58/0xc0 [ 28.510296] mempool_uaf_helper+0xa4/0x340 [ 28.510395] mempool_slab_uaf+0xc0/0x118 [ 28.510540] kunit_try_run_case+0x170/0x3f0 [ 28.510828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.511466] kthread+0x328/0x630 [ 28.511655] ret_from_fork+0x10/0x20 [ 28.511755] [ 28.511806] Freed by task 231: [ 28.511918] kasan_save_stack+0x3c/0x68 [ 28.512167] kasan_save_track+0x20/0x40 [ 28.512429] kasan_save_free_info+0x4c/0x78 [ 28.512535] __kasan_mempool_poison_object+0xc0/0x150 [ 28.512642] mempool_free+0x28c/0x328 [ 28.512738] mempool_uaf_helper+0x104/0x340 [ 28.512951] mempool_slab_uaf+0xc0/0x118 [ 28.513051] kunit_try_run_case+0x170/0x3f0 [ 28.513167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.513297] kthread+0x328/0x630 [ 28.513900] ret_from_fork+0x10/0x20 [ 28.514040] [ 28.514164] The buggy address belongs to the object at fff00000c6434240 [ 28.514164] which belongs to the cache test_cache of size 123 [ 28.514315] The buggy address is located 0 bytes inside of [ 28.514315] freed 123-byte region [fff00000c6434240, fff00000c64342bb) [ 28.514464] [ 28.514516] The buggy address belongs to the physical page: [ 28.514617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106434 [ 28.514764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.515228] page_type: f5(slab) [ 28.515408] raw: 0bfffe0000000000 fff00000c6432000 dead000000000122 0000000000000000 [ 28.515540] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.515687] page dumped because: kasan: bad access detected [ 28.515766] [ 28.515832] Memory state around the buggy address: [ 28.516022] fff00000c6434100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.516164] fff00000c6434180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.516305] >fff00000c6434200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 28.516414] ^ [ 28.516605] fff00000c6434280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.516714] fff00000c6434300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.516810] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 28.323633] ================================================================== [ 28.323790] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.323970] Read of size 1 at addr fff00000c6507d73 by task kunit_try_catch/221 [ 28.324123] [ 28.324179] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.324290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.324322] Hardware name: linux,dummy-virt (DT) [ 28.324365] Call trace: [ 28.324396] show_stack+0x20/0x38 (C) [ 28.324466] dump_stack_lvl+0x8c/0xd0 [ 28.324536] print_report+0x118/0x608 [ 28.324606] kasan_report+0xdc/0x128 [ 28.324665] __asan_report_load1_noabort+0x20/0x30 [ 28.324733] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.324795] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.324862] kunit_try_run_case+0x170/0x3f0 [ 28.324928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.325032] kthread+0x328/0x630 [ 28.325089] ret_from_fork+0x10/0x20 [ 28.325155] [ 28.325178] Allocated by task 221: [ 28.325215] kasan_save_stack+0x3c/0x68 [ 28.325273] kasan_save_track+0x20/0x40 [ 28.325322] kasan_save_alloc_info+0x40/0x58 [ 28.325376] __kasan_mempool_unpoison_object+0x11c/0x180 [ 28.325435] remove_element+0x130/0x1f8 [ 28.325482] mempool_alloc_preallocated+0x58/0xc0 [ 28.325535] mempool_oob_right_helper+0x98/0x2f0 [ 28.325586] mempool_kmalloc_oob_right+0xc4/0x120 [ 28.325639] kunit_try_run_case+0x170/0x3f0 [ 28.325690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.325745] kthread+0x328/0x630 [ 28.325791] ret_from_fork+0x10/0x20 [ 28.325838] [ 28.325863] The buggy address belongs to the object at fff00000c6507d00 [ 28.325863] which belongs to the cache kmalloc-128 of size 128 [ 28.325960] The buggy address is located 0 bytes to the right of [ 28.325960] allocated 115-byte region [fff00000c6507d00, fff00000c6507d73) [ 28.326045] [ 28.326071] The buggy address belongs to the physical page: [ 28.326113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 28.326185] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.326252] page_type: f5(slab) [ 28.326304] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.326367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.326418] page dumped because: kasan: bad access detected [ 28.326456] [ 28.326479] Memory state around the buggy address: [ 28.326519] fff00000c6507c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.326578] fff00000c6507c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.326633] >fff00000c6507d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.326682] ^ [ 28.326732] fff00000c6507d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.326784] fff00000c6507e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.326834] ================================================================== [ 28.341202] ================================================================== [ 28.341321] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.341434] Read of size 1 at addr fff00000c786a001 by task kunit_try_catch/223 [ 28.341552] [ 28.341622] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.341818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.341884] Hardware name: linux,dummy-virt (DT) [ 28.342002] Call trace: [ 28.342074] show_stack+0x20/0x38 (C) [ 28.342334] dump_stack_lvl+0x8c/0xd0 [ 28.342476] print_report+0x118/0x608 [ 28.342617] kasan_report+0xdc/0x128 [ 28.342739] __asan_report_load1_noabort+0x20/0x30 [ 28.343081] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.343338] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 28.343490] kunit_try_run_case+0x170/0x3f0 [ 28.343745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.343914] kthread+0x328/0x630 [ 28.344070] ret_from_fork+0x10/0x20 [ 28.344274] [ 28.344332] The buggy address belongs to the physical page: [ 28.344450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107868 [ 28.344638] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.344852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.344960] page_type: f8(unknown) [ 28.345163] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.345293] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.345414] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.345536] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 28.345667] head: 0bfffe0000000002 ffffc1ffc31e1a01 00000000ffffffff 00000000ffffffff [ 28.346008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.346126] page dumped because: kasan: bad access detected [ 28.346365] [ 28.346447] Memory state around the buggy address: [ 28.346614] fff00000c7869f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.346798] fff00000c7869f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.346973] >fff00000c786a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347084] ^ [ 28.347278] fff00000c786a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347453] fff00000c786a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.347565] ================================================================== [ 28.384127] ================================================================== [ 28.384267] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 28.385378] Read of size 1 at addr fff00000c64302bb by task kunit_try_catch/225 [ 28.385529] [ 28.385620] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 28.386284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.386402] Hardware name: linux,dummy-virt (DT) [ 28.386503] Call trace: [ 28.386684] show_stack+0x20/0x38 (C) [ 28.386815] dump_stack_lvl+0x8c/0xd0 [ 28.386987] print_report+0x118/0x608 [ 28.387266] kasan_report+0xdc/0x128 [ 28.387441] __asan_report_load1_noabort+0x20/0x30 [ 28.387593] mempool_oob_right_helper+0x2ac/0x2f0 [ 28.387974] mempool_slab_oob_right+0xc0/0x118 [ 28.388219] kunit_try_run_case+0x170/0x3f0 [ 28.388357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.388509] kthread+0x328/0x630 [ 28.388718] ret_from_fork+0x10/0x20 [ 28.388999] [ 28.389054] Allocated by task 225: [ 28.389154] kasan_save_stack+0x3c/0x68 [ 28.389407] kasan_save_track+0x20/0x40 [ 28.389537] kasan_save_alloc_info+0x40/0x58 [ 28.389705] __kasan_mempool_unpoison_object+0xbc/0x180 [ 28.389851] remove_element+0x16c/0x1f8 [ 28.390023] mempool_alloc_preallocated+0x58/0xc0 [ 28.390141] mempool_oob_right_helper+0x98/0x2f0 [ 28.390627] mempool_slab_oob_right+0xc0/0x118 [ 28.390881] kunit_try_run_case+0x170/0x3f0 [ 28.391011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.391208] kthread+0x328/0x630 [ 28.391322] ret_from_fork+0x10/0x20 [ 28.391666] [ 28.391813] The buggy address belongs to the object at fff00000c6430240 [ 28.391813] which belongs to the cache test_cache of size 123 [ 28.391974] The buggy address is located 0 bytes to the right of [ 28.391974] allocated 123-byte region [fff00000c6430240, fff00000c64302bb) [ 28.392125] [ 28.392178] The buggy address belongs to the physical page: [ 28.392250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106430 [ 28.392380] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.392500] page_type: f5(slab) [ 28.392607] raw: 0bfffe0000000000 fff00000c569fdc0 dead000000000122 0000000000000000 [ 28.392736] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.392870] page dumped because: kasan: bad access detected [ 28.392986] [ 28.393041] Memory state around the buggy address: [ 28.393452] fff00000c6430180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.393626] fff00000c6430200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.393909] >fff00000c6430280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.394052] ^ [ 28.394252] fff00000c6430300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394358] fff00000c6430380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394484] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 27.705377] ================================================================== [ 27.706104] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 27.706860] Read of size 1 at addr fff00000c569fb40 by task kunit_try_catch/215 [ 27.707298] [ 27.707399] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 27.707641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.707715] Hardware name: linux,dummy-virt (DT) [ 27.707806] Call trace: [ 27.707867] show_stack+0x20/0x38 (C) [ 27.708232] dump_stack_lvl+0x8c/0xd0 [ 27.708538] print_report+0x118/0x608 [ 27.708786] kasan_report+0xdc/0x128 [ 27.708917] __kasan_check_byte+0x54/0x70 [ 27.709062] kmem_cache_destroy+0x34/0x218 [ 27.709185] kmem_cache_double_destroy+0x174/0x300 [ 27.709304] kunit_try_run_case+0x170/0x3f0 [ 27.709464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.709669] kthread+0x328/0x630 [ 27.709878] ret_from_fork+0x10/0x20 [ 27.710177] [ 27.710225] Allocated by task 215: [ 27.710309] kasan_save_stack+0x3c/0x68 [ 27.710549] kasan_save_track+0x20/0x40 [ 27.710652] kasan_save_alloc_info+0x40/0x58 [ 27.710828] __kasan_slab_alloc+0xa8/0xb0 [ 27.710993] kmem_cache_alloc_noprof+0x10c/0x398 [ 27.711153] __kmem_cache_create_args+0x178/0x280 [ 27.711285] kmem_cache_double_destroy+0xc0/0x300 [ 27.711410] kunit_try_run_case+0x170/0x3f0 [ 27.712321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.712445] kthread+0x328/0x630 [ 27.712553] ret_from_fork+0x10/0x20 [ 27.712724] [ 27.713007] Freed by task 215: [ 27.713120] kasan_save_stack+0x3c/0x68 [ 27.713242] kasan_save_track+0x20/0x40 [ 27.713502] kasan_save_free_info+0x4c/0x78 [ 27.713622] __kasan_slab_free+0x6c/0x98 [ 27.713788] kmem_cache_free+0x260/0x468 [ 27.713891] slab_kmem_cache_release+0x38/0x50 [ 27.714008] kmem_cache_release+0x1c/0x30 [ 27.714114] kobject_put+0x17c/0x420 [ 27.714205] sysfs_slab_release+0x1c/0x30 [ 27.714311] kmem_cache_destroy+0x118/0x218 [ 27.714409] kmem_cache_double_destroy+0x128/0x300 [ 27.714522] kunit_try_run_case+0x170/0x3f0 [ 27.714656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.714769] kthread+0x328/0x630 [ 27.714854] ret_from_fork+0x10/0x20 [ 27.714989] [ 27.715045] The buggy address belongs to the object at fff00000c569fb40 [ 27.715045] which belongs to the cache kmem_cache of size 208 [ 27.715185] The buggy address is located 0 bytes inside of [ 27.715185] freed 208-byte region [fff00000c569fb40, fff00000c569fc10) [ 27.716141] [ 27.716202] The buggy address belongs to the physical page: [ 27.716573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10569f [ 27.716790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.717181] page_type: f5(slab) [ 27.717498] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 27.717861] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 27.717990] page dumped because: kasan: bad access detected [ 27.718071] [ 27.718120] Memory state around the buggy address: [ 27.718205] fff00000c569fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.718768] fff00000c569fa80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 27.719061] >fff00000c569fb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 27.719165] ^ [ 27.719696] fff00000c569fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.720227] fff00000c569fc00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.720437] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 27.285288] ================================================================== [ 27.285478] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 27.285636] Read of size 1 at addr fff00000c6427000 by task kunit_try_catch/213 [ 27.285757] [ 27.285848] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 27.288255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.288343] Hardware name: linux,dummy-virt (DT) [ 27.288435] Call trace: [ 27.288503] show_stack+0x20/0x38 (C) [ 27.288743] dump_stack_lvl+0x8c/0xd0 [ 27.290546] print_report+0x118/0x608 [ 27.291225] kasan_report+0xdc/0x128 [ 27.292235] __asan_report_load1_noabort+0x20/0x30 [ 27.292372] kmem_cache_rcu_uaf+0x388/0x468 [ 27.293034] kunit_try_run_case+0x170/0x3f0 [ 27.293728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.294212] kthread+0x328/0x630 [ 27.294884] ret_from_fork+0x10/0x20 [ 27.295045] [ 27.295097] Allocated by task 213: [ 27.295714] kasan_save_stack+0x3c/0x68 [ 27.295991] kasan_save_track+0x20/0x40 [ 27.296156] kasan_save_alloc_info+0x40/0x58 [ 27.296535] __kasan_slab_alloc+0xa8/0xb0 [ 27.296637] kmem_cache_alloc_noprof+0x10c/0x398 [ 27.297370] kmem_cache_rcu_uaf+0x12c/0x468 [ 27.297479] kunit_try_run_case+0x170/0x3f0 [ 27.297535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.297592] kthread+0x328/0x630 [ 27.297637] ret_from_fork+0x10/0x20 [ 27.297685] [ 27.297708] Freed by task 0: [ 27.297744] kasan_save_stack+0x3c/0x68 [ 27.297796] kasan_save_track+0x20/0x40 [ 27.297846] kasan_save_free_info+0x4c/0x78 [ 27.297898] __kasan_slab_free+0x6c/0x98 [ 27.298462] slab_free_after_rcu_debug+0xd4/0x2f8 [ 27.298573] rcu_core+0x9f4/0x1e20 [ 27.298667] rcu_core_si+0x18/0x30 [ 27.299182] handle_softirqs+0x374/0xb28 [ 27.299871] __do_softirq+0x1c/0x28 [ 27.299991] [ 27.300037] Last potentially related work creation: [ 27.300564] kasan_save_stack+0x3c/0x68 [ 27.300726] kasan_record_aux_stack+0xb4/0xc8 [ 27.301291] kmem_cache_free+0x120/0x468 [ 27.301394] kmem_cache_rcu_uaf+0x16c/0x468 [ 27.301492] kunit_try_run_case+0x170/0x3f0 [ 27.301584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.301970] kthread+0x328/0x630 [ 27.302085] ret_from_fork+0x10/0x20 [ 27.302390] [ 27.302483] The buggy address belongs to the object at fff00000c6427000 [ 27.302483] which belongs to the cache test_cache of size 200 [ 27.302776] The buggy address is located 0 bytes inside of [ 27.302776] freed 200-byte region [fff00000c6427000, fff00000c64270c8) [ 27.302952] [ 27.303086] The buggy address belongs to the physical page: [ 27.303492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106427 [ 27.303709] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.304550] page_type: f5(slab) [ 27.304967] raw: 0bfffe0000000000 fff00000c569fa00 dead000000000122 0000000000000000 [ 27.305134] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.305437] page dumped because: kasan: bad access detected [ 27.305516] [ 27.305962] Memory state around the buggy address: [ 27.306057] fff00000c6426f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.306165] fff00000c6426f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.306273] >fff00000c6427000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.306530] ^ [ 27.307014] fff00000c6427080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 27.307251] fff00000c6427100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.307694] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 26.573240] ================================================================== [ 26.573379] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 26.573520] Free of addr fff00000c6426001 by task kunit_try_catch/211 [ 26.573627] [ 26.573823] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.574111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.574310] Hardware name: linux,dummy-virt (DT) [ 26.574399] Call trace: [ 26.574460] show_stack+0x20/0x38 (C) [ 26.574589] dump_stack_lvl+0x8c/0xd0 [ 26.574718] print_report+0x118/0x608 [ 26.574848] kasan_report_invalid_free+0xc0/0xe8 [ 26.575003] check_slab_allocation+0xfc/0x108 [ 26.575161] __kasan_slab_pre_free+0x2c/0x48 [ 26.575320] kmem_cache_free+0xf0/0x468 [ 26.575578] kmem_cache_invalid_free+0x184/0x3c8 [ 26.575771] kunit_try_run_case+0x170/0x3f0 [ 26.576099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.576600] kthread+0x328/0x630 [ 26.576846] ret_from_fork+0x10/0x20 [ 26.577272] [ 26.577430] Allocated by task 211: [ 26.577827] kasan_save_stack+0x3c/0x68 [ 26.578003] kasan_save_track+0x20/0x40 [ 26.578490] kasan_save_alloc_info+0x40/0x58 [ 26.578597] __kasan_slab_alloc+0xa8/0xb0 [ 26.579708] kmem_cache_alloc_noprof+0x10c/0x398 [ 26.580429] kmem_cache_invalid_free+0x12c/0x3c8 [ 26.580851] kunit_try_run_case+0x170/0x3f0 [ 26.581034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.581507] kthread+0x328/0x630 [ 26.581763] ret_from_fork+0x10/0x20 [ 26.582000] [ 26.582209] The buggy address belongs to the object at fff00000c6426000 [ 26.582209] which belongs to the cache test_cache of size 200 [ 26.582484] The buggy address is located 1 bytes inside of [ 26.582484] 200-byte region [fff00000c6426000, fff00000c64260c8) [ 26.582644] [ 26.582701] The buggy address belongs to the physical page: [ 26.582777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106426 [ 26.582927] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.583063] page_type: f5(slab) [ 26.583166] raw: 0bfffe0000000000 fff00000c569f8c0 dead000000000122 0000000000000000 [ 26.583299] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.583404] page dumped because: kasan: bad access detected [ 26.583485] [ 26.583542] Memory state around the buggy address: [ 26.583702] fff00000c6425f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.583812] fff00000c6425f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.583918] >fff00000c6426000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.584043] ^ [ 26.584252] fff00000c6426080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.584364] fff00000c6426100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.584461] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 26.506813] ================================================================== [ 26.506999] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 26.507987] Free of addr fff00000c6424000 by task kunit_try_catch/209 [ 26.508125] [ 26.508229] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 26.508886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.509082] Hardware name: linux,dummy-virt (DT) [ 26.509210] Call trace: [ 26.509294] show_stack+0x20/0x38 (C) [ 26.509493] dump_stack_lvl+0x8c/0xd0 [ 26.509730] print_report+0x118/0x608 [ 26.510379] kasan_report_invalid_free+0xc0/0xe8 [ 26.510568] check_slab_allocation+0xd4/0x108 [ 26.510754] __kasan_slab_pre_free+0x2c/0x48 [ 26.510919] kmem_cache_free+0xf0/0x468 [ 26.511203] kmem_cache_double_free+0x190/0x3c8 [ 26.511584] kunit_try_run_case+0x170/0x3f0 [ 26.512027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.512603] kthread+0x328/0x630 [ 26.512736] ret_from_fork+0x10/0x20 [ 26.512917] [ 26.512994] Allocated by task 209: [ 26.513359] kasan_save_stack+0x3c/0x68 [ 26.513759] kasan_save_track+0x20/0x40 [ 26.513929] kasan_save_alloc_info+0x40/0x58 [ 26.514223] __kasan_slab_alloc+0xa8/0xb0 [ 26.514321] kmem_cache_alloc_noprof+0x10c/0x398 [ 26.514502] kmem_cache_double_free+0x12c/0x3c8 [ 26.514637] kunit_try_run_case+0x170/0x3f0 [ 26.514912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.515083] kthread+0x328/0x630 [ 26.515245] ret_from_fork+0x10/0x20 [ 26.515572] [ 26.515623] Freed by task 209: [ 26.515900] kasan_save_stack+0x3c/0x68 [ 26.516324] kasan_save_track+0x20/0x40 [ 26.516465] kasan_save_free_info+0x4c/0x78 [ 26.516573] __kasan_slab_free+0x6c/0x98 [ 26.516671] kmem_cache_free+0x260/0x468 [ 26.516788] kmem_cache_double_free+0x140/0x3c8 [ 26.517225] kunit_try_run_case+0x170/0x3f0 [ 26.517654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.517830] kthread+0x328/0x630 [ 26.517924] ret_from_fork+0x10/0x20 [ 26.518042] [ 26.518217] The buggy address belongs to the object at fff00000c6424000 [ 26.518217] which belongs to the cache test_cache of size 200 [ 26.518821] The buggy address is located 0 bytes inside of [ 26.518821] 200-byte region [fff00000c6424000, fff00000c64240c8) [ 26.519150] [ 26.519212] The buggy address belongs to the physical page: [ 26.519302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106424 [ 26.519740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.519877] page_type: f5(slab) [ 26.519994] raw: 0bfffe0000000000 fff00000c569f780 dead000000000122 0000000000000000 [ 26.520518] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.520639] page dumped because: kasan: bad access detected [ 26.521123] [ 26.521231] Memory state around the buggy address: [ 26.521317] fff00000c6423f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.521434] fff00000c6423f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.521538] >fff00000c6424000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.521633] ^ [ 26.521706] fff00000c6424080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.521812] fff00000c6424100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.521994] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.542277] ================================================================== [ 25.542410] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 25.542543] Read of size 1 at addr fff00000c62bd308 by task kunit_try_catch/184 [ 25.542719] [ 25.542790] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.543020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.543088] Hardware name: linux,dummy-virt (DT) [ 25.543187] Call trace: [ 25.543250] show_stack+0x20/0x38 (C) [ 25.543436] dump_stack_lvl+0x8c/0xd0 [ 25.543580] print_report+0x118/0x608 [ 25.543713] kasan_report+0xdc/0x128 [ 25.543838] __asan_report_load1_noabort+0x20/0x30 [ 25.544100] kmalloc_uaf+0x300/0x338 [ 25.544315] kunit_try_run_case+0x170/0x3f0 [ 25.544540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.544770] kthread+0x328/0x630 [ 25.545043] ret_from_fork+0x10/0x20 [ 25.545401] [ 25.545455] Allocated by task 184: [ 25.545655] kasan_save_stack+0x3c/0x68 [ 25.545914] kasan_save_track+0x20/0x40 [ 25.546204] kasan_save_alloc_info+0x40/0x58 [ 25.546312] __kasan_kmalloc+0xd4/0xd8 [ 25.546420] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.546710] kmalloc_uaf+0xb8/0x338 [ 25.546997] kunit_try_run_case+0x170/0x3f0 [ 25.547104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.547226] kthread+0x328/0x630 [ 25.547369] ret_from_fork+0x10/0x20 [ 25.547517] [ 25.547573] Freed by task 184: [ 25.547652] kasan_save_stack+0x3c/0x68 [ 25.547761] kasan_save_track+0x20/0x40 [ 25.547871] kasan_save_free_info+0x4c/0x78 [ 25.548119] __kasan_slab_free+0x6c/0x98 [ 25.548385] kfree+0x214/0x3c8 [ 25.548532] kmalloc_uaf+0x11c/0x338 [ 25.548652] kunit_try_run_case+0x170/0x3f0 [ 25.548757] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.548889] kthread+0x328/0x630 [ 25.549045] ret_from_fork+0x10/0x20 [ 25.549145] [ 25.549204] The buggy address belongs to the object at fff00000c62bd300 [ 25.549204] which belongs to the cache kmalloc-16 of size 16 [ 25.549438] The buggy address is located 8 bytes inside of [ 25.549438] freed 16-byte region [fff00000c62bd300, fff00000c62bd310) [ 25.549588] [ 25.549683] The buggy address belongs to the physical page: [ 25.549764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.549988] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.550239] page_type: f5(slab) [ 25.550332] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.550455] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.550554] page dumped because: kasan: bad access detected [ 25.550633] [ 25.550676] Memory state around the buggy address: [ 25.550798] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.551005] fff00000c62bd280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.551139] >fff00000c62bd300: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551324] ^ [ 25.551406] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551584] fff00000c62bd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551760] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.508678] ================================================================== [ 25.508802] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 25.508922] Read of size 64 at addr fff00000c6418284 by task kunit_try_catch/182 [ 25.509179] [ 25.509368] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.509898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.510097] Hardware name: linux,dummy-virt (DT) [ 25.510235] Call trace: [ 25.510291] show_stack+0x20/0x38 (C) [ 25.510609] dump_stack_lvl+0x8c/0xd0 [ 25.510773] print_report+0x118/0x608 [ 25.510904] kasan_report+0xdc/0x128 [ 25.511043] kasan_check_range+0x100/0x1a8 [ 25.511198] __asan_memmove+0x3c/0x98 [ 25.511650] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 25.511865] kunit_try_run_case+0x170/0x3f0 [ 25.512113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.512264] kthread+0x328/0x630 [ 25.512400] ret_from_fork+0x10/0x20 [ 25.512759] [ 25.512807] Allocated by task 182: [ 25.512963] kasan_save_stack+0x3c/0x68 [ 25.513112] kasan_save_track+0x20/0x40 [ 25.513284] kasan_save_alloc_info+0x40/0x58 [ 25.513409] __kasan_kmalloc+0xd4/0xd8 [ 25.513541] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.513667] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 25.513929] kunit_try_run_case+0x170/0x3f0 [ 25.514052] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.514249] kthread+0x328/0x630 [ 25.514342] ret_from_fork+0x10/0x20 [ 25.514436] [ 25.514482] The buggy address belongs to the object at fff00000c6418280 [ 25.514482] which belongs to the cache kmalloc-64 of size 64 [ 25.514620] The buggy address is located 4 bytes inside of [ 25.514620] allocated 64-byte region [fff00000c6418280, fff00000c64182c0) [ 25.514768] [ 25.514815] The buggy address belongs to the physical page: [ 25.514984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 25.515497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.515625] page_type: f5(slab) [ 25.515731] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 25.515872] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.516002] page dumped because: kasan: bad access detected [ 25.517119] [ 25.517192] Memory state around the buggy address: [ 25.517305] fff00000c6418180: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 25.517659] fff00000c6418200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.518017] >fff00000c6418280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.518127] ^ [ 25.518232] fff00000c6418300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.519214] fff00000c6418380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.519463] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.481988] ================================================================== [ 25.483026] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 25.483406] Read of size 18446744073709551614 at addr fff00000c6418084 by task kunit_try_catch/180 [ 25.483599] [ 25.483676] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.483868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.483951] Hardware name: linux,dummy-virt (DT) [ 25.484029] Call trace: [ 25.484093] show_stack+0x20/0x38 (C) [ 25.484252] dump_stack_lvl+0x8c/0xd0 [ 25.484567] print_report+0x118/0x608 [ 25.484688] kasan_report+0xdc/0x128 [ 25.484800] kasan_check_range+0x100/0x1a8 [ 25.484988] __asan_memmove+0x3c/0x98 [ 25.485160] kmalloc_memmove_negative_size+0x154/0x2e0 [ 25.485358] kunit_try_run_case+0x170/0x3f0 [ 25.485629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.485786] kthread+0x328/0x630 [ 25.485924] ret_from_fork+0x10/0x20 [ 25.486435] [ 25.486820] Allocated by task 180: [ 25.486915] kasan_save_stack+0x3c/0x68 [ 25.487317] kasan_save_track+0x20/0x40 [ 25.487426] kasan_save_alloc_info+0x40/0x58 [ 25.487807] __kasan_kmalloc+0xd4/0xd8 [ 25.488090] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.488216] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 25.488691] kunit_try_run_case+0x170/0x3f0 [ 25.489354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.489468] kthread+0x328/0x630 [ 25.489556] ret_from_fork+0x10/0x20 [ 25.491245] [ 25.491743] The buggy address belongs to the object at fff00000c6418080 [ 25.491743] which belongs to the cache kmalloc-64 of size 64 [ 25.492476] The buggy address is located 4 bytes inside of [ 25.492476] 64-byte region [fff00000c6418080, fff00000c64180c0) [ 25.493181] [ 25.493255] The buggy address belongs to the physical page: [ 25.493366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418 [ 25.493715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.493859] page_type: f5(slab) [ 25.494023] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 25.494214] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.494339] page dumped because: kasan: bad access detected [ 25.494552] [ 25.494599] Memory state around the buggy address: [ 25.494670] fff00000c6417f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.495638] fff00000c6418000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.495800] >fff00000c6418080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.495901] ^ [ 25.495991] fff00000c6418100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.496140] fff00000c6418180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.496309] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.431239] ================================================================== [ 25.432065] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 25.432414] Write of size 16 at addr fff00000c6507869 by task kunit_try_catch/178 [ 25.432760] [ 25.432844] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.433067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.433142] Hardware name: linux,dummy-virt (DT) [ 25.433681] Call trace: [ 25.433748] show_stack+0x20/0x38 (C) [ 25.433869] dump_stack_lvl+0x8c/0xd0 [ 25.434034] print_report+0x118/0x608 [ 25.434165] kasan_report+0xdc/0x128 [ 25.434277] kasan_check_range+0x100/0x1a8 [ 25.434408] __asan_memset+0x34/0x78 [ 25.435107] kmalloc_oob_memset_16+0x150/0x2f8 [ 25.435244] kunit_try_run_case+0x170/0x3f0 [ 25.435391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.435619] kthread+0x328/0x630 [ 25.435831] ret_from_fork+0x10/0x20 [ 25.435972] [ 25.436211] Allocated by task 178: [ 25.436316] kasan_save_stack+0x3c/0x68 [ 25.436417] kasan_save_track+0x20/0x40 [ 25.436798] kasan_save_alloc_info+0x40/0x58 [ 25.436911] __kasan_kmalloc+0xd4/0xd8 [ 25.437817] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.438708] kmalloc_oob_memset_16+0xb0/0x2f8 [ 25.438826] kunit_try_run_case+0x170/0x3f0 [ 25.439209] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.440093] kthread+0x328/0x630 [ 25.440371] ret_from_fork+0x10/0x20 [ 25.440544] [ 25.440593] The buggy address belongs to the object at fff00000c6507800 [ 25.440593] which belongs to the cache kmalloc-128 of size 128 [ 25.440725] The buggy address is located 105 bytes inside of [ 25.440725] allocated 120-byte region [fff00000c6507800, fff00000c6507878) [ 25.440872] [ 25.440923] The buggy address belongs to the physical page: [ 25.441017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.443141] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.443382] page_type: f5(slab) [ 25.443488] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.444627] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.444735] page dumped because: kasan: bad access detected [ 25.445568] [ 25.446270] Memory state around the buggy address: [ 25.446640] fff00000c6507700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.446749] fff00000c6507780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.446852] >fff00000c6507800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.446969] ^ [ 25.447064] fff00000c6507880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.447169] fff00000c6507900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.448075] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.391047] ================================================================== [ 25.391226] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 25.391545] Write of size 8 at addr fff00000c6507771 by task kunit_try_catch/176 [ 25.391679] [ 25.391765] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.392101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.392177] Hardware name: linux,dummy-virt (DT) [ 25.392260] Call trace: [ 25.392324] show_stack+0x20/0x38 (C) [ 25.392481] dump_stack_lvl+0x8c/0xd0 [ 25.392608] print_report+0x118/0x608 [ 25.392724] kasan_report+0xdc/0x128 [ 25.392861] kasan_check_range+0x100/0x1a8 [ 25.393007] __asan_memset+0x34/0x78 [ 25.393284] kmalloc_oob_memset_8+0x150/0x2f8 [ 25.393475] kunit_try_run_case+0x170/0x3f0 [ 25.393605] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.393735] kthread+0x328/0x630 [ 25.393896] ret_from_fork+0x10/0x20 [ 25.394362] [ 25.394414] Allocated by task 176: [ 25.394498] kasan_save_stack+0x3c/0x68 [ 25.394613] kasan_save_track+0x20/0x40 [ 25.394722] kasan_save_alloc_info+0x40/0x58 [ 25.394960] __kasan_kmalloc+0xd4/0xd8 [ 25.395227] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.395338] kmalloc_oob_memset_8+0xb0/0x2f8 [ 25.395436] kunit_try_run_case+0x170/0x3f0 [ 25.395528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.395630] kthread+0x328/0x630 [ 25.395713] ret_from_fork+0x10/0x20 [ 25.395799] [ 25.395876] The buggy address belongs to the object at fff00000c6507700 [ 25.395876] which belongs to the cache kmalloc-128 of size 128 [ 25.396059] The buggy address is located 113 bytes inside of [ 25.396059] allocated 120-byte region [fff00000c6507700, fff00000c6507778) [ 25.396228] [ 25.396286] The buggy address belongs to the physical page: [ 25.396494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.396680] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.396980] page_type: f5(slab) [ 25.397090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.397229] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.397340] page dumped because: kasan: bad access detected [ 25.397990] [ 25.398188] Memory state around the buggy address: [ 25.398271] fff00000c6507600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.398381] fff00000c6507680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.399043] >fff00000c6507700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.399215] ^ [ 25.399360] fff00000c6507780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.399552] fff00000c6507800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.399644] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.354136] ================================================================== [ 25.354817] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 25.355155] Write of size 4 at addr fff00000c6507675 by task kunit_try_catch/174 [ 25.355615] [ 25.355721] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.355925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.356104] Hardware name: linux,dummy-virt (DT) [ 25.356315] Call trace: [ 25.356642] show_stack+0x20/0x38 (C) [ 25.357214] dump_stack_lvl+0x8c/0xd0 [ 25.357569] print_report+0x118/0x608 [ 25.358314] kasan_report+0xdc/0x128 [ 25.358631] kasan_check_range+0x100/0x1a8 [ 25.358824] __asan_memset+0x34/0x78 [ 25.358976] kmalloc_oob_memset_4+0x150/0x300 [ 25.359139] kunit_try_run_case+0x170/0x3f0 [ 25.359275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.359589] kthread+0x328/0x630 [ 25.359762] ret_from_fork+0x10/0x20 [ 25.359984] [ 25.360029] Allocated by task 174: [ 25.360110] kasan_save_stack+0x3c/0x68 [ 25.360226] kasan_save_track+0x20/0x40 [ 25.360371] kasan_save_alloc_info+0x40/0x58 [ 25.360490] __kasan_kmalloc+0xd4/0xd8 [ 25.360596] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.360702] kmalloc_oob_memset_4+0xb0/0x300 [ 25.360804] kunit_try_run_case+0x170/0x3f0 [ 25.360969] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.361124] kthread+0x328/0x630 [ 25.361267] ret_from_fork+0x10/0x20 [ 25.361379] [ 25.361436] The buggy address belongs to the object at fff00000c6507600 [ 25.361436] which belongs to the cache kmalloc-128 of size 128 [ 25.361583] The buggy address is located 117 bytes inside of [ 25.361583] allocated 120-byte region [fff00000c6507600, fff00000c6507678) [ 25.361775] [ 25.361836] The buggy address belongs to the physical page: [ 25.361920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.362075] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.362199] page_type: f5(slab) [ 25.362297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.362532] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.362732] page dumped because: kasan: bad access detected [ 25.362953] [ 25.363065] Memory state around the buggy address: [ 25.363868] fff00000c6507500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.364104] fff00000c6507580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.364331] >fff00000c6507600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.364809] ^ [ 25.365314] fff00000c6507680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.365449] fff00000c6507700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.367018] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.306434] ================================================================== [ 25.306727] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 25.306839] Write of size 2 at addr fff00000c6507577 by task kunit_try_catch/172 [ 25.307330] [ 25.307425] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.308304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.308640] Hardware name: linux,dummy-virt (DT) [ 25.308758] Call trace: [ 25.308828] show_stack+0x20/0x38 (C) [ 25.308987] dump_stack_lvl+0x8c/0xd0 [ 25.309116] print_report+0x118/0x608 [ 25.309238] kasan_report+0xdc/0x128 [ 25.309653] kasan_check_range+0x100/0x1a8 [ 25.309832] __asan_memset+0x34/0x78 [ 25.310564] kmalloc_oob_memset_2+0x150/0x2f8 [ 25.311461] kunit_try_run_case+0x170/0x3f0 [ 25.311624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.312174] kthread+0x328/0x630 [ 25.312349] ret_from_fork+0x10/0x20 [ 25.312476] [ 25.312810] Allocated by task 172: [ 25.313068] kasan_save_stack+0x3c/0x68 [ 25.313338] kasan_save_track+0x20/0x40 [ 25.313575] kasan_save_alloc_info+0x40/0x58 [ 25.313682] __kasan_kmalloc+0xd4/0xd8 [ 25.313776] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.314732] kmalloc_oob_memset_2+0xb0/0x2f8 [ 25.315093] kunit_try_run_case+0x170/0x3f0 [ 25.315225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.315786] kthread+0x328/0x630 [ 25.315893] ret_from_fork+0x10/0x20 [ 25.316318] [ 25.316555] The buggy address belongs to the object at fff00000c6507500 [ 25.316555] which belongs to the cache kmalloc-128 of size 128 [ 25.316696] The buggy address is located 119 bytes inside of [ 25.316696] allocated 120-byte region [fff00000c6507500, fff00000c6507578) [ 25.318064] [ 25.318158] The buggy address belongs to the physical page: [ 25.318232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.318360] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.318472] page_type: f5(slab) [ 25.318564] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.319378] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.319655] page dumped because: kasan: bad access detected [ 25.319777] [ 25.319823] Memory state around the buggy address: [ 25.319895] fff00000c6507400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.320698] fff00000c6507480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.320831] >fff00000c6507500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.320929] ^ [ 25.321326] fff00000c6507580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.322214] fff00000c6507600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.322946] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.280167] ================================================================== [ 25.280293] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 25.280424] Write of size 128 at addr fff00000c6507400 by task kunit_try_catch/170 [ 25.280550] [ 25.280638] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.281445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.281862] Hardware name: linux,dummy-virt (DT) [ 25.282125] Call trace: [ 25.282191] show_stack+0x20/0x38 (C) [ 25.282454] dump_stack_lvl+0x8c/0xd0 [ 25.282600] print_report+0x118/0x608 [ 25.282826] kasan_report+0xdc/0x128 [ 25.283074] kasan_check_range+0x100/0x1a8 [ 25.283242] __asan_memset+0x34/0x78 [ 25.283358] kmalloc_oob_in_memset+0x144/0x2d0 [ 25.283773] kunit_try_run_case+0x170/0x3f0 [ 25.284218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.284465] kthread+0x328/0x630 [ 25.284987] ret_from_fork+0x10/0x20 [ 25.285439] [ 25.285521] Allocated by task 170: [ 25.285609] kasan_save_stack+0x3c/0x68 [ 25.285916] kasan_save_track+0x20/0x40 [ 25.286079] kasan_save_alloc_info+0x40/0x58 [ 25.286213] __kasan_kmalloc+0xd4/0xd8 [ 25.286343] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.286449] kmalloc_oob_in_memset+0xb0/0x2d0 [ 25.286728] kunit_try_run_case+0x170/0x3f0 [ 25.286853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.286994] kthread+0x328/0x630 [ 25.287083] ret_from_fork+0x10/0x20 [ 25.287771] [ 25.287844] The buggy address belongs to the object at fff00000c6507400 [ 25.287844] which belongs to the cache kmalloc-128 of size 128 [ 25.288011] The buggy address is located 0 bytes inside of [ 25.288011] allocated 120-byte region [fff00000c6507400, fff00000c6507478) [ 25.288223] [ 25.288293] The buggy address belongs to the physical page: [ 25.288493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 25.288750] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.288948] page_type: f5(slab) [ 25.289114] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 25.289239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.289429] page dumped because: kasan: bad access detected [ 25.289709] [ 25.289997] Memory state around the buggy address: [ 25.290166] fff00000c6507300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.290402] fff00000c6507380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.290683] >fff00000c6507400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.290778] ^ [ 25.291533] fff00000c6507480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.291643] fff00000c6507500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.291737] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.250024] ================================================================== [ 25.250175] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 25.250310] Read of size 16 at addr fff00000c62bd2e0 by task kunit_try_catch/168 [ 25.250429] [ 25.250511] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.250702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.250814] Hardware name: linux,dummy-virt (DT) [ 25.250911] Call trace: [ 25.250989] show_stack+0x20/0x38 (C) [ 25.251191] dump_stack_lvl+0x8c/0xd0 [ 25.252971] print_report+0x118/0x608 [ 25.253120] kasan_report+0xdc/0x128 [ 25.253325] __asan_report_load16_noabort+0x20/0x30 [ 25.253478] kmalloc_uaf_16+0x3bc/0x438 [ 25.253600] kunit_try_run_case+0x170/0x3f0 [ 25.253741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.254098] kthread+0x328/0x630 [ 25.254243] ret_from_fork+0x10/0x20 [ 25.254369] [ 25.254413] Allocated by task 168: [ 25.254541] kasan_save_stack+0x3c/0x68 [ 25.254747] kasan_save_track+0x20/0x40 [ 25.254875] kasan_save_alloc_info+0x40/0x58 [ 25.255040] __kasan_kmalloc+0xd4/0xd8 [ 25.255149] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.255269] kmalloc_uaf_16+0x140/0x438 [ 25.255405] kunit_try_run_case+0x170/0x3f0 [ 25.255544] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.255669] kthread+0x328/0x630 [ 25.255769] ret_from_fork+0x10/0x20 [ 25.255957] [ 25.256033] Freed by task 168: [ 25.256102] kasan_save_stack+0x3c/0x68 [ 25.256205] kasan_save_track+0x20/0x40 [ 25.256489] kasan_save_free_info+0x4c/0x78 [ 25.256639] __kasan_slab_free+0x6c/0x98 [ 25.256738] kfree+0x214/0x3c8 [ 25.256845] kmalloc_uaf_16+0x190/0x438 [ 25.256962] kunit_try_run_case+0x170/0x3f0 [ 25.257060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.257188] kthread+0x328/0x630 [ 25.257365] ret_from_fork+0x10/0x20 [ 25.257555] [ 25.257606] The buggy address belongs to the object at fff00000c62bd2e0 [ 25.257606] which belongs to the cache kmalloc-16 of size 16 [ 25.257842] The buggy address is located 0 bytes inside of [ 25.257842] freed 16-byte region [fff00000c62bd2e0, fff00000c62bd2f0) [ 25.258100] [ 25.258155] The buggy address belongs to the physical page: [ 25.258238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.258387] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.258634] page_type: f5(slab) [ 25.258745] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.259061] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.259285] page dumped because: kasan: bad access detected [ 25.259483] [ 25.259528] Memory state around the buggy address: [ 25.259686] fff00000c62bd180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.259836] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.260090] >fff00000c62bd280: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 25.260186] ^ [ 25.260284] fff00000c62bd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.260391] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.260484] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.212849] ================================================================== [ 25.214853] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 25.215185] Write of size 16 at addr fff00000c62bd280 by task kunit_try_catch/166 [ 25.215455] [ 25.216165] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.216509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.217178] Hardware name: linux,dummy-virt (DT) [ 25.217272] Call trace: [ 25.217525] show_stack+0x20/0x38 (C) [ 25.217687] dump_stack_lvl+0x8c/0xd0 [ 25.217812] print_report+0x118/0x608 [ 25.217952] kasan_report+0xdc/0x128 [ 25.218069] __asan_report_store16_noabort+0x20/0x30 [ 25.218191] kmalloc_oob_16+0x3a0/0x3f8 [ 25.218307] kunit_try_run_case+0x170/0x3f0 [ 25.219220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.219497] kthread+0x328/0x630 [ 25.220947] ret_from_fork+0x10/0x20 [ 25.221674] [ 25.221820] Allocated by task 166: [ 25.222265] kasan_save_stack+0x3c/0x68 [ 25.222449] kasan_save_track+0x20/0x40 [ 25.223057] kasan_save_alloc_info+0x40/0x58 [ 25.223455] __kasan_kmalloc+0xd4/0xd8 [ 25.224074] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.224208] kmalloc_oob_16+0xb4/0x3f8 [ 25.224303] kunit_try_run_case+0x170/0x3f0 [ 25.224440] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.224562] kthread+0x328/0x630 [ 25.224799] ret_from_fork+0x10/0x20 [ 25.224892] [ 25.224957] The buggy address belongs to the object at fff00000c62bd280 [ 25.224957] which belongs to the cache kmalloc-16 of size 16 [ 25.225090] The buggy address is located 0 bytes inside of [ 25.225090] allocated 13-byte region [fff00000c62bd280, fff00000c62bd28d) [ 25.225232] [ 25.225293] The buggy address belongs to the physical page: [ 25.225446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 25.225578] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 25.225729] page_type: f5(slab) [ 25.225958] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 25.226257] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.226393] page dumped because: kasan: bad access detected [ 25.226475] [ 25.226526] Memory state around the buggy address: [ 25.226610] fff00000c62bd180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.226721] fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.226824] >fff00000c62bd280: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.226923] ^ [ 25.227010] fff00000c62bd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227131] fff00000c62bd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227387] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.165772] ================================================================== [ 25.166900] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 25.167183] Read of size 1 at addr fff00000c178be00 by task kunit_try_catch/164 [ 25.167317] [ 25.167870] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.168594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.168997] Hardware name: linux,dummy-virt (DT) [ 25.169216] Call trace: [ 25.169428] show_stack+0x20/0x38 (C) [ 25.169581] dump_stack_lvl+0x8c/0xd0 [ 25.170373] print_report+0x118/0x608 [ 25.170843] kasan_report+0xdc/0x128 [ 25.171010] __asan_report_load1_noabort+0x20/0x30 [ 25.171704] krealloc_uaf+0x4c8/0x520 [ 25.172233] kunit_try_run_case+0x170/0x3f0 [ 25.173040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.173233] kthread+0x328/0x630 [ 25.173635] ret_from_fork+0x10/0x20 [ 25.173754] [ 25.173799] Allocated by task 164: [ 25.173868] kasan_save_stack+0x3c/0x68 [ 25.175246] kasan_save_track+0x20/0x40 [ 25.175352] kasan_save_alloc_info+0x40/0x58 [ 25.175458] __kasan_kmalloc+0xd4/0xd8 [ 25.175583] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.175694] krealloc_uaf+0xc8/0x520 [ 25.175798] kunit_try_run_case+0x170/0x3f0 [ 25.177991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.178123] kthread+0x328/0x630 [ 25.178225] ret_from_fork+0x10/0x20 [ 25.178393] [ 25.178474] Freed by task 164: [ 25.178724] kasan_save_stack+0x3c/0x68 [ 25.179185] kasan_save_track+0x20/0x40 [ 25.179423] kasan_save_free_info+0x4c/0x78 [ 25.179530] __kasan_slab_free+0x6c/0x98 [ 25.179632] kfree+0x214/0x3c8 [ 25.179723] krealloc_uaf+0x12c/0x520 [ 25.180144] kunit_try_run_case+0x170/0x3f0 [ 25.180457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.180589] kthread+0x328/0x630 [ 25.180678] ret_from_fork+0x10/0x20 [ 25.180765] [ 25.180810] The buggy address belongs to the object at fff00000c178be00 [ 25.180810] which belongs to the cache kmalloc-256 of size 256 [ 25.180962] The buggy address is located 0 bytes inside of [ 25.180962] freed 256-byte region [fff00000c178be00, fff00000c178bf00) [ 25.181106] [ 25.181167] The buggy address belongs to the physical page: [ 25.181323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 25.181505] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.181836] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.181978] page_type: f5(slab) [ 25.182073] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.182272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.182448] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.182760] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.184122] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 25.184653] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.184759] page dumped because: kasan: bad access detected [ 25.185101] [ 25.185433] Memory state around the buggy address: [ 25.185549] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185959] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.186695] >fff00000c178be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.186985] ^ [ 25.187067] fff00000c178be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.187245] fff00000c178bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.187343] ================================================================== [ 25.137021] ================================================================== [ 25.137233] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 25.137438] Read of size 1 at addr fff00000c178be00 by task kunit_try_catch/164 [ 25.137577] [ 25.138288] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.138533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.138655] Hardware name: linux,dummy-virt (DT) [ 25.138882] Call trace: [ 25.138961] show_stack+0x20/0x38 (C) [ 25.139110] dump_stack_lvl+0x8c/0xd0 [ 25.139258] print_report+0x118/0x608 [ 25.139813] kasan_report+0xdc/0x128 [ 25.139987] __kasan_check_byte+0x54/0x70 [ 25.140132] krealloc_noprof+0x44/0x360 [ 25.140950] krealloc_uaf+0x180/0x520 [ 25.141085] kunit_try_run_case+0x170/0x3f0 [ 25.141387] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.141530] kthread+0x328/0x630 [ 25.141664] ret_from_fork+0x10/0x20 [ 25.141803] [ 25.141858] Allocated by task 164: [ 25.141959] kasan_save_stack+0x3c/0x68 [ 25.142067] kasan_save_track+0x20/0x40 [ 25.143258] kasan_save_alloc_info+0x40/0x58 [ 25.143420] __kasan_kmalloc+0xd4/0xd8 [ 25.143524] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.144463] krealloc_uaf+0xc8/0x520 [ 25.145921] kunit_try_run_case+0x170/0x3f0 [ 25.146093] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.146761] kthread+0x328/0x630 [ 25.146877] ret_from_fork+0x10/0x20 [ 25.147614] [ 25.147739] Freed by task 164: [ 25.147982] kasan_save_stack+0x3c/0x68 [ 25.148329] kasan_save_track+0x20/0x40 [ 25.148723] kasan_save_free_info+0x4c/0x78 [ 25.148827] __kasan_slab_free+0x6c/0x98 [ 25.149171] kfree+0x214/0x3c8 [ 25.149371] krealloc_uaf+0x12c/0x520 [ 25.149567] kunit_try_run_case+0x170/0x3f0 [ 25.149995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.150110] kthread+0x328/0x630 [ 25.150196] ret_from_fork+0x10/0x20 [ 25.150304] [ 25.151505] The buggy address belongs to the object at fff00000c178be00 [ 25.151505] which belongs to the cache kmalloc-256 of size 256 [ 25.151826] The buggy address is located 0 bytes inside of [ 25.151826] freed 256-byte region [fff00000c178be00, fff00000c178bf00) [ 25.153194] [ 25.153291] The buggy address belongs to the physical page: [ 25.153366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 25.153492] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.154693] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.155375] page_type: f5(slab) [ 25.155482] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.155612] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.155736] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 25.155853] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.159005] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 25.159301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.159559] page dumped because: kasan: bad access detected [ 25.160033] [ 25.160419] Memory state around the buggy address: [ 25.160824] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.161493] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.161633] >fff00000c178be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.161992] ^ [ 25.162183] fff00000c178be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.162286] fff00000c178bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.163075] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 25.062020] ================================================================== [ 25.062113] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 25.062216] Write of size 1 at addr fff00000c64be0d0 by task kunit_try_catch/162 [ 25.062329] [ 25.062391] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.062575] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.062637] Hardware name: linux,dummy-virt (DT) [ 25.062709] Call trace: [ 25.062768] show_stack+0x20/0x38 (C) [ 25.063022] dump_stack_lvl+0x8c/0xd0 [ 25.063161] print_report+0x118/0x608 [ 25.063322] kasan_report+0xdc/0x128 [ 25.063463] __asan_report_store1_noabort+0x20/0x30 [ 25.063605] krealloc_less_oob_helper+0xb9c/0xc50 [ 25.063736] krealloc_large_less_oob+0x20/0x38 [ 25.064103] kunit_try_run_case+0x170/0x3f0 [ 25.064241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.064379] kthread+0x328/0x630 [ 25.064503] ret_from_fork+0x10/0x20 [ 25.064719] [ 25.064768] The buggy address belongs to the physical page: [ 25.064889] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.065040] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.065172] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.065311] page_type: f8(unknown) [ 25.065420] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.065676] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.065810] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.065927] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.066058] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.066175] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.066341] page dumped because: kasan: bad access detected [ 25.066452] [ 25.066541] Memory state around the buggy address: [ 25.066712] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.066818] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.066951] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.067155] ^ [ 25.067344] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.067522] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.067753] ================================================================== [ 24.952291] ================================================================== [ 24.952388] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 24.952493] Write of size 1 at addr fff00000c178bcda by task kunit_try_catch/158 [ 24.952606] [ 24.952669] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.952851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.952916] Hardware name: linux,dummy-virt (DT) [ 24.953520] Call trace: [ 24.953581] show_stack+0x20/0x38 (C) [ 24.953962] dump_stack_lvl+0x8c/0xd0 [ 24.954888] print_report+0x118/0x608 [ 24.955778] kasan_report+0xdc/0x128 [ 24.955915] __asan_report_store1_noabort+0x20/0x30 [ 24.956958] krealloc_less_oob_helper+0xa80/0xc50 [ 24.957778] krealloc_less_oob+0x20/0x38 [ 24.958116] kunit_try_run_case+0x170/0x3f0 [ 24.958961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.959136] kthread+0x328/0x630 [ 24.959270] ret_from_fork+0x10/0x20 [ 24.959395] [ 24.959441] Allocated by task 158: [ 24.959578] kasan_save_stack+0x3c/0x68 [ 24.959818] kasan_save_track+0x20/0x40 [ 24.960684] kasan_save_alloc_info+0x40/0x58 [ 24.960828] __kasan_krealloc+0x118/0x178 [ 24.960925] krealloc_noprof+0x128/0x360 [ 24.961399] krealloc_less_oob_helper+0x168/0xc50 [ 24.961920] krealloc_less_oob+0x20/0x38 [ 24.962302] kunit_try_run_case+0x170/0x3f0 [ 24.962612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.963092] kthread+0x328/0x630 [ 24.963206] ret_from_fork+0x10/0x20 [ 24.963311] [ 24.963363] The buggy address belongs to the object at fff00000c178bc00 [ 24.963363] which belongs to the cache kmalloc-256 of size 256 [ 24.963507] The buggy address is located 17 bytes to the right of [ 24.963507] allocated 201-byte region [fff00000c178bc00, fff00000c178bcc9) [ 24.963797] [ 24.964980] The buggy address belongs to the physical page: [ 24.965066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.965199] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.965375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.965500] page_type: f5(slab) [ 24.965588] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.965705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.965891] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.966047] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.966306] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.966576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.966675] page dumped because: kasan: bad access detected [ 24.966748] [ 24.966825] Memory state around the buggy address: [ 24.966993] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.967113] fff00000c178bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.967250] >fff00000c178bc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.967359] ^ [ 24.967461] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.967579] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.967750] ================================================================== [ 25.069635] ================================================================== [ 25.069731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 25.069838] Write of size 1 at addr fff00000c64be0da by task kunit_try_catch/162 [ 25.070172] [ 25.070260] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.070469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.070542] Hardware name: linux,dummy-virt (DT) [ 25.070730] Call trace: [ 25.070792] show_stack+0x20/0x38 (C) [ 25.070965] dump_stack_lvl+0x8c/0xd0 [ 25.071111] print_report+0x118/0x608 [ 25.071353] kasan_report+0xdc/0x128 [ 25.071600] __asan_report_store1_noabort+0x20/0x30 [ 25.071744] krealloc_less_oob_helper+0xa80/0xc50 [ 25.072215] krealloc_large_less_oob+0x20/0x38 [ 25.072699] kunit_try_run_case+0x170/0x3f0 [ 25.073430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.073711] kthread+0x328/0x630 [ 25.074223] ret_from_fork+0x10/0x20 [ 25.074675] [ 25.074845] The buggy address belongs to the physical page: [ 25.075024] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.075385] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.075517] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.075646] page_type: f8(unknown) [ 25.075738] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.075865] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.077244] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.077397] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.077790] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.078623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.078727] page dumped because: kasan: bad access detected [ 25.079147] [ 25.079345] Memory state around the buggy address: [ 25.079422] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.080156] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.080276] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.080377] ^ [ 25.080476] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.080590] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.081413] ================================================================== [ 24.969130] ================================================================== [ 24.969293] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 24.969530] Write of size 1 at addr fff00000c178bcea by task kunit_try_catch/158 [ 24.969734] [ 24.969821] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.970039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.970283] Hardware name: linux,dummy-virt (DT) [ 24.970377] Call trace: [ 24.970580] show_stack+0x20/0x38 (C) [ 24.970769] dump_stack_lvl+0x8c/0xd0 [ 24.970909] print_report+0x118/0x608 [ 24.971055] kasan_report+0xdc/0x128 [ 24.971351] __asan_report_store1_noabort+0x20/0x30 [ 24.971515] krealloc_less_oob_helper+0xae4/0xc50 [ 24.971647] krealloc_less_oob+0x20/0x38 [ 24.971972] kunit_try_run_case+0x170/0x3f0 [ 24.972136] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.972367] kthread+0x328/0x630 [ 24.972551] ret_from_fork+0x10/0x20 [ 24.972829] [ 24.973114] Allocated by task 158: [ 24.973190] kasan_save_stack+0x3c/0x68 [ 24.973287] kasan_save_track+0x20/0x40 [ 24.974034] kasan_save_alloc_info+0x40/0x58 [ 24.974167] __kasan_krealloc+0x118/0x178 [ 24.974283] krealloc_noprof+0x128/0x360 [ 24.974389] krealloc_less_oob_helper+0x168/0xc50 [ 24.974919] krealloc_less_oob+0x20/0x38 [ 24.975140] kunit_try_run_case+0x170/0x3f0 [ 24.975252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.975767] kthread+0x328/0x630 [ 24.975886] ret_from_fork+0x10/0x20 [ 24.976006] [ 24.976053] The buggy address belongs to the object at fff00000c178bc00 [ 24.976053] which belongs to the cache kmalloc-256 of size 256 [ 24.976515] The buggy address is located 33 bytes to the right of [ 24.976515] allocated 201-byte region [fff00000c178bc00, fff00000c178bcc9) [ 24.976670] [ 24.976716] The buggy address belongs to the physical page: [ 24.976784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.976907] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.977285] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.977831] page_type: f5(slab) [ 24.977965] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.978106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.978955] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.979256] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.979608] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.979928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.980218] page dumped because: kasan: bad access detected [ 24.980295] [ 24.980896] Memory state around the buggy address: [ 24.981051] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.981251] fff00000c178bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.981593] >fff00000c178bc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.981689] ^ [ 24.982059] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.982320] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.982611] ================================================================== [ 24.984804] ================================================================== [ 24.984903] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 24.985027] Write of size 1 at addr fff00000c178bceb by task kunit_try_catch/158 [ 24.985142] [ 24.985208] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.985393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.985454] Hardware name: linux,dummy-virt (DT) [ 24.986234] Call trace: [ 24.986305] show_stack+0x20/0x38 (C) [ 24.986535] dump_stack_lvl+0x8c/0xd0 [ 24.986787] print_report+0x118/0x608 [ 24.987558] kasan_report+0xdc/0x128 [ 24.987774] __asan_report_store1_noabort+0x20/0x30 [ 24.988636] krealloc_less_oob_helper+0xa58/0xc50 [ 24.988820] krealloc_less_oob+0x20/0x38 [ 24.989387] kunit_try_run_case+0x170/0x3f0 [ 24.989621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.990020] kthread+0x328/0x630 [ 24.990641] ret_from_fork+0x10/0x20 [ 24.991090] [ 24.991285] Allocated by task 158: [ 24.991362] kasan_save_stack+0x3c/0x68 [ 24.991664] kasan_save_track+0x20/0x40 [ 24.991800] kasan_save_alloc_info+0x40/0x58 [ 24.992097] __kasan_krealloc+0x118/0x178 [ 24.992231] krealloc_noprof+0x128/0x360 [ 24.992330] krealloc_less_oob_helper+0x168/0xc50 [ 24.992426] krealloc_less_oob+0x20/0x38 [ 24.992513] kunit_try_run_case+0x170/0x3f0 [ 24.992606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.992712] kthread+0x328/0x630 [ 24.992792] ret_from_fork+0x10/0x20 [ 24.992877] [ 24.992922] The buggy address belongs to the object at fff00000c178bc00 [ 24.992922] which belongs to the cache kmalloc-256 of size 256 [ 24.993269] The buggy address is located 34 bytes to the right of [ 24.993269] allocated 201-byte region [fff00000c178bc00, fff00000c178bcc9) [ 24.993423] [ 24.993527] The buggy address belongs to the physical page: [ 24.993719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.993990] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.994121] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.994296] page_type: f5(slab) [ 24.994407] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.994544] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.994697] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.994916] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.995095] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.995258] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.995668] page dumped because: kasan: bad access detected [ 24.995795] [ 24.996092] Memory state around the buggy address: [ 24.996651] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.997283] fff00000c178bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.997744] >fff00000c178bc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.997862] ^ [ 24.997972] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.998074] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.998164] ================================================================== [ 25.096187] ================================================================== [ 25.096913] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 25.097071] Write of size 1 at addr fff00000c64be0eb by task kunit_try_catch/162 [ 25.097366] [ 25.097448] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.097634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.097696] Hardware name: linux,dummy-virt (DT) [ 25.097763] Call trace: [ 25.097810] show_stack+0x20/0x38 (C) [ 25.097948] dump_stack_lvl+0x8c/0xd0 [ 25.098070] print_report+0x118/0x608 [ 25.098190] kasan_report+0xdc/0x128 [ 25.098307] __asan_report_store1_noabort+0x20/0x30 [ 25.098424] krealloc_less_oob_helper+0xa58/0xc50 [ 25.098540] krealloc_large_less_oob+0x20/0x38 [ 25.098654] kunit_try_run_case+0x170/0x3f0 [ 25.098770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.099959] kthread+0x328/0x630 [ 25.100094] ret_from_fork+0x10/0x20 [ 25.100222] [ 25.100276] The buggy address belongs to the physical page: [ 25.100351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.100478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.100593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.100709] page_type: f8(unknown) [ 25.100797] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.100913] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.101063] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.101198] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.101333] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.101461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.101553] page dumped because: kasan: bad access detected [ 25.101624] [ 25.101667] Memory state around the buggy address: [ 25.101735] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.101838] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.101969] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.102064] ^ [ 25.102157] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.102254] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.107203] ================================================================== [ 25.086124] ================================================================== [ 25.086325] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 25.086452] Write of size 1 at addr fff00000c64be0ea by task kunit_try_catch/162 [ 25.086583] [ 25.086650] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.087448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.087658] Hardware name: linux,dummy-virt (DT) [ 25.087717] Call trace: [ 25.087744] show_stack+0x20/0x38 (C) [ 25.087814] dump_stack_lvl+0x8c/0xd0 [ 25.087878] print_report+0x118/0x608 [ 25.087972] kasan_report+0xdc/0x128 [ 25.088109] __asan_report_store1_noabort+0x20/0x30 [ 25.088200] krealloc_less_oob_helper+0xae4/0xc50 [ 25.088264] krealloc_large_less_oob+0x20/0x38 [ 25.088382] kunit_try_run_case+0x170/0x3f0 [ 25.088516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.088659] kthread+0x328/0x630 [ 25.088860] ret_from_fork+0x10/0x20 [ 25.089147] [ 25.089202] The buggy address belongs to the physical page: [ 25.089330] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.089568] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.089905] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.090106] page_type: f8(unknown) [ 25.090217] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.090510] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.090705] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.091009] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.091314] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.091474] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.091584] page dumped because: kasan: bad access detected [ 25.092005] [ 25.092051] Memory state around the buggy address: [ 25.092497] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.092656] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.092967] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.093421] ^ [ 25.093576] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.094048] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.094169] ================================================================== [ 24.931803] ================================================================== [ 24.932533] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 24.933272] Write of size 1 at addr fff00000c178bcd0 by task kunit_try_catch/158 [ 24.933674] [ 24.933899] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.934797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.935051] Hardware name: linux,dummy-virt (DT) [ 24.935127] Call trace: [ 24.935423] show_stack+0x20/0x38 (C) [ 24.935923] dump_stack_lvl+0x8c/0xd0 [ 24.936068] print_report+0x118/0x608 [ 24.936513] kasan_report+0xdc/0x128 [ 24.936921] __asan_report_store1_noabort+0x20/0x30 [ 24.937687] krealloc_less_oob_helper+0xb9c/0xc50 [ 24.938586] krealloc_less_oob+0x20/0x38 [ 24.939229] kunit_try_run_case+0x170/0x3f0 [ 24.939371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.939512] kthread+0x328/0x630 [ 24.939784] ret_from_fork+0x10/0x20 [ 24.940101] [ 24.940236] Allocated by task 158: [ 24.940315] kasan_save_stack+0x3c/0x68 [ 24.940415] kasan_save_track+0x20/0x40 [ 24.940503] kasan_save_alloc_info+0x40/0x58 [ 24.940597] __kasan_krealloc+0x118/0x178 [ 24.940686] krealloc_noprof+0x128/0x360 [ 24.940860] krealloc_less_oob_helper+0x168/0xc50 [ 24.941154] krealloc_less_oob+0x20/0x38 [ 24.941270] kunit_try_run_case+0x170/0x3f0 [ 24.941922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.942109] kthread+0x328/0x630 [ 24.942653] ret_from_fork+0x10/0x20 [ 24.942765] [ 24.942838] The buggy address belongs to the object at fff00000c178bc00 [ 24.942838] which belongs to the cache kmalloc-256 of size 256 [ 24.943003] The buggy address is located 7 bytes to the right of [ 24.943003] allocated 201-byte region [fff00000c178bc00, fff00000c178bcc9) [ 24.943646] [ 24.943699] The buggy address belongs to the physical page: [ 24.944009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.944167] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.944389] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.944965] page_type: f5(slab) [ 24.945062] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.945640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.945797] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.946340] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.946759] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.946980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.947102] page dumped because: kasan: bad access detected [ 24.947713] [ 24.947769] Memory state around the buggy address: [ 24.947854] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.948443] fff00000c178bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.949018] >fff00000c178bc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.949246] ^ [ 24.949339] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.950060] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.950156] ================================================================== [ 25.053106] ================================================================== [ 25.053956] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 25.054214] Write of size 1 at addr fff00000c64be0c9 by task kunit_try_catch/162 [ 25.054772] [ 25.054879] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.055187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.055300] Hardware name: linux,dummy-virt (DT) [ 25.055503] Call trace: [ 25.055735] show_stack+0x20/0x38 (C) [ 25.055896] dump_stack_lvl+0x8c/0xd0 [ 25.056044] print_report+0x118/0x608 [ 25.056174] kasan_report+0xdc/0x128 [ 25.056299] __asan_report_store1_noabort+0x20/0x30 [ 25.056473] krealloc_less_oob_helper+0xa48/0xc50 [ 25.056645] krealloc_large_less_oob+0x20/0x38 [ 25.056830] kunit_try_run_case+0x170/0x3f0 [ 25.057203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.057381] kthread+0x328/0x630 [ 25.057653] ret_from_fork+0x10/0x20 [ 25.057806] [ 25.057922] The buggy address belongs to the physical page: [ 25.058020] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.058166] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.058300] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.058445] page_type: f8(unknown) [ 25.058562] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.058698] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.058847] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.059177] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.059301] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.059420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.059516] page dumped because: kasan: bad access detected [ 25.059592] [ 25.059642] Memory state around the buggy address: [ 25.059724] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.059832] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.059970] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.060082] ^ [ 25.060182] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.060300] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.060470] ================================================================== [ 24.913397] ================================================================== [ 24.913516] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 24.913658] Write of size 1 at addr fff00000c178bcc9 by task kunit_try_catch/158 [ 24.913782] [ 24.913866] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.914078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.914147] Hardware name: linux,dummy-virt (DT) [ 24.914228] Call trace: [ 24.914290] show_stack+0x20/0x38 (C) [ 24.914625] dump_stack_lvl+0x8c/0xd0 [ 24.914758] print_report+0x118/0x608 [ 24.914896] kasan_report+0xdc/0x128 [ 24.915037] __asan_report_store1_noabort+0x20/0x30 [ 24.915191] krealloc_less_oob_helper+0xa48/0xc50 [ 24.915444] krealloc_less_oob+0x20/0x38 [ 24.915589] kunit_try_run_case+0x170/0x3f0 [ 24.915724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.915865] kthread+0x328/0x630 [ 24.916537] ret_from_fork+0x10/0x20 [ 24.917583] [ 24.917631] Allocated by task 158: [ 24.917702] kasan_save_stack+0x3c/0x68 [ 24.918610] kasan_save_track+0x20/0x40 [ 24.919091] kasan_save_alloc_info+0x40/0x58 [ 24.919356] __kasan_krealloc+0x118/0x178 [ 24.919672] krealloc_noprof+0x128/0x360 [ 24.919803] krealloc_less_oob_helper+0x168/0xc50 [ 24.919918] krealloc_less_oob+0x20/0x38 [ 24.920526] kunit_try_run_case+0x170/0x3f0 [ 24.921006] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.921150] kthread+0x328/0x630 [ 24.921276] ret_from_fork+0x10/0x20 [ 24.921372] [ 24.921811] The buggy address belongs to the object at fff00000c178bc00 [ 24.921811] which belongs to the cache kmalloc-256 of size 256 [ 24.921995] The buggy address is located 0 bytes to the right of [ 24.921995] allocated 201-byte region [fff00000c178bc00, fff00000c178bcc9) [ 24.922147] [ 24.922199] The buggy address belongs to the physical page: [ 24.922652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.923141] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.923552] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.923713] page_type: f5(slab) [ 24.923812] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.924392] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.924700] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.924839] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.925552] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.925704] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.926038] page dumped because: kasan: bad access detected [ 24.926117] [ 24.926162] Memory state around the buggy address: [ 24.926234] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.926745] fff00000c178bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.926884] >fff00000c178bc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.927395] ^ [ 24.927776] fff00000c178bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.928267] fff00000c178bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.928629] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.881699] ================================================================== [ 24.881928] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 24.882471] Write of size 1 at addr fff00000c178baf0 by task kunit_try_catch/156 [ 24.882878] [ 24.883161] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.883374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.883486] Hardware name: linux,dummy-virt (DT) [ 24.883565] Call trace: [ 24.883614] show_stack+0x20/0x38 (C) [ 24.883747] dump_stack_lvl+0x8c/0xd0 [ 24.883869] print_report+0x118/0x608 [ 24.884051] kasan_report+0xdc/0x128 [ 24.884189] __asan_report_store1_noabort+0x20/0x30 [ 24.884317] krealloc_more_oob_helper+0x5c0/0x678 [ 24.884500] krealloc_more_oob+0x20/0x38 [ 24.884632] kunit_try_run_case+0x170/0x3f0 [ 24.884797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.885265] kthread+0x328/0x630 [ 24.885756] ret_from_fork+0x10/0x20 [ 24.885876] [ 24.886406] Allocated by task 156: [ 24.886614] kasan_save_stack+0x3c/0x68 [ 24.887064] kasan_save_track+0x20/0x40 [ 24.887168] kasan_save_alloc_info+0x40/0x58 [ 24.887759] __kasan_krealloc+0x118/0x178 [ 24.887870] krealloc_noprof+0x128/0x360 [ 24.889227] krealloc_more_oob_helper+0x168/0x678 [ 24.889337] krealloc_more_oob+0x20/0x38 [ 24.889430] kunit_try_run_case+0x170/0x3f0 [ 24.889534] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.889827] kthread+0x328/0x630 [ 24.890053] ret_from_fork+0x10/0x20 [ 24.890147] [ 24.890191] The buggy address belongs to the object at fff00000c178ba00 [ 24.890191] which belongs to the cache kmalloc-256 of size 256 [ 24.890328] The buggy address is located 5 bytes to the right of [ 24.890328] allocated 235-byte region [fff00000c178ba00, fff00000c178baeb) [ 24.890897] [ 24.890991] The buggy address belongs to the physical page: [ 24.891075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.891376] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.891510] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.892325] page_type: f5(slab) [ 24.892465] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.892799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.893060] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.893188] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.893313] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.893482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.893580] page dumped because: kasan: bad access detected [ 24.893689] [ 24.893797] Memory state around the buggy address: [ 24.893881] fff00000c178b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.894173] fff00000c178ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.894346] >fff00000c178ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.894436] ^ [ 24.894685] fff00000c178bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.894988] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.895157] ================================================================== [ 25.020689] ================================================================== [ 25.020783] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 25.020925] Write of size 1 at addr fff00000c64be0f0 by task kunit_try_catch/160 [ 25.021066] [ 25.021288] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.021481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.021545] Hardware name: linux,dummy-virt (DT) [ 25.022050] Call trace: [ 25.022193] show_stack+0x20/0x38 (C) [ 25.022982] dump_stack_lvl+0x8c/0xd0 [ 25.023101] print_report+0x118/0x608 [ 25.023233] kasan_report+0xdc/0x128 [ 25.023348] __asan_report_store1_noabort+0x20/0x30 [ 25.023470] krealloc_more_oob_helper+0x5c0/0x678 [ 25.023588] krealloc_large_more_oob+0x20/0x38 [ 25.023704] kunit_try_run_case+0x170/0x3f0 [ 25.023821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.026270] kthread+0x328/0x630 [ 25.026412] ret_from_fork+0x10/0x20 [ 25.026544] [ 25.026636] The buggy address belongs to the physical page: [ 25.026720] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.026857] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.026995] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.027990] page_type: f8(unknown) [ 25.028289] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.028549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.028669] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.028785] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.028902] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.030167] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.031348] page dumped because: kasan: bad access detected [ 25.031540] [ 25.031613] Memory state around the buggy address: [ 25.031689] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.031796] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.032878] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.032988] ^ [ 25.033088] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033838] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.034115] ================================================================== [ 24.867428] ================================================================== [ 24.867557] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 24.867671] Write of size 1 at addr fff00000c178baeb by task kunit_try_catch/156 [ 24.867784] [ 24.867849] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.868057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.868133] Hardware name: linux,dummy-virt (DT) [ 24.868218] Call trace: [ 24.868298] show_stack+0x20/0x38 (C) [ 24.868441] dump_stack_lvl+0x8c/0xd0 [ 24.868575] print_report+0x118/0x608 [ 24.868716] kasan_report+0xdc/0x128 [ 24.868884] __asan_report_store1_noabort+0x20/0x30 [ 24.869136] krealloc_more_oob_helper+0x60c/0x678 [ 24.870207] krealloc_more_oob+0x20/0x38 [ 24.870688] kunit_try_run_case+0x170/0x3f0 [ 24.870814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.873848] kthread+0x328/0x630 [ 24.874183] ret_from_fork+0x10/0x20 [ 24.874515] [ 24.874590] Allocated by task 156: [ 24.874663] kasan_save_stack+0x3c/0x68 [ 24.874818] kasan_save_track+0x20/0x40 [ 24.874948] kasan_save_alloc_info+0x40/0x58 [ 24.875200] __kasan_krealloc+0x118/0x178 [ 24.875311] krealloc_noprof+0x128/0x360 [ 24.875903] krealloc_more_oob_helper+0x168/0x678 [ 24.876029] krealloc_more_oob+0x20/0x38 [ 24.876134] kunit_try_run_case+0x170/0x3f0 [ 24.876332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.876459] kthread+0x328/0x630 [ 24.876582] ret_from_fork+0x10/0x20 [ 24.876679] [ 24.876733] The buggy address belongs to the object at fff00000c178ba00 [ 24.876733] which belongs to the cache kmalloc-256 of size 256 [ 24.877149] The buggy address is located 0 bytes to the right of [ 24.877149] allocated 235-byte region [fff00000c178ba00, fff00000c178baeb) [ 24.877232] [ 24.877258] The buggy address belongs to the physical page: [ 24.877298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10178a [ 24.877362] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.877420] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.877487] page_type: f5(slab) [ 24.877533] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.877595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.877656] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 24.877714] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.877772] head: 0bfffe0000000001 ffffc1ffc305e281 00000000ffffffff 00000000ffffffff [ 24.877833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.877881] page dumped because: kasan: bad access detected [ 24.877918] [ 24.877972] Memory state around the buggy address: [ 24.878047] fff00000c178b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.878201] fff00000c178ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.878634] >fff00000c178ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.879178] ^ [ 24.879550] fff00000c178bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.879868] fff00000c178bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.880114] ================================================================== [ 25.013055] ================================================================== [ 25.013173] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 25.013330] Write of size 1 at addr fff00000c64be0eb by task kunit_try_catch/160 [ 25.013533] [ 25.013739] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 25.014159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.014354] Hardware name: linux,dummy-virt (DT) [ 25.014432] Call trace: [ 25.014484] show_stack+0x20/0x38 (C) [ 25.014605] dump_stack_lvl+0x8c/0xd0 [ 25.014734] print_report+0x118/0x608 [ 25.014894] kasan_report+0xdc/0x128 [ 25.015167] __asan_report_store1_noabort+0x20/0x30 [ 25.015318] krealloc_more_oob_helper+0x60c/0x678 [ 25.015458] krealloc_large_more_oob+0x20/0x38 [ 25.015599] kunit_try_run_case+0x170/0x3f0 [ 25.015746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.016056] kthread+0x328/0x630 [ 25.016224] ret_from_fork+0x10/0x20 [ 25.016444] [ 25.016602] The buggy address belongs to the physical page: [ 25.016709] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064bc [ 25.016859] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.017039] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.017183] page_type: f8(unknown) [ 25.017304] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.017635] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.017958] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.018092] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 25.018230] head: 0bfffe0000000002 ffffc1ffc3192f01 00000000ffffffff 00000000ffffffff [ 25.018423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.018541] page dumped because: kasan: bad access detected [ 25.018648] [ 25.018769] Memory state around the buggy address: [ 25.018959] fff00000c64bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.019067] fff00000c64be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.019235] >fff00000c64be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.019339] ^ [ 25.019444] fff00000c64be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.019562] fff00000c64be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.019722] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 24.847548] ================================================================== [ 24.847671] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 24.847794] Read of size 1 at addr fff00000c77c0000 by task kunit_try_catch/154 [ 24.847909] [ 24.848107] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.848293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.848352] Hardware name: linux,dummy-virt (DT) [ 24.848419] Call trace: [ 24.848477] show_stack+0x20/0x38 (C) [ 24.848614] dump_stack_lvl+0x8c/0xd0 [ 24.848759] print_report+0x118/0x608 [ 24.848987] kasan_report+0xdc/0x128 [ 24.849808] __asan_report_load1_noabort+0x20/0x30 [ 24.849979] page_alloc_uaf+0x328/0x350 [ 24.850099] kunit_try_run_case+0x170/0x3f0 [ 24.850230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.850367] kthread+0x328/0x630 [ 24.850479] ret_from_fork+0x10/0x20 [ 24.850655] [ 24.850711] The buggy address belongs to the physical page: [ 24.851811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077c0 [ 24.851977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.852096] page_type: f0(buddy) [ 24.852215] raw: 0bfffe0000000000 fff00000ff616170 fff00000ff616170 0000000000000000 [ 24.852418] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 24.852518] page dumped because: kasan: bad access detected [ 24.852595] [ 24.852706] Memory state around the buggy address: [ 24.852854] fff00000c77bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853058] fff00000c77bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853240] >fff00000c77c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853505] ^ [ 24.853603] fff00000c77c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853778] fff00000c77c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853906] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 24.810487] ================================================================== [ 24.810700] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 24.810959] Free of addr fff00000c64b8001 by task kunit_try_catch/150 [ 24.811091] [ 24.811194] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.811453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.811531] Hardware name: linux,dummy-virt (DT) [ 24.811608] Call trace: [ 24.811730] show_stack+0x20/0x38 (C) [ 24.811865] dump_stack_lvl+0x8c/0xd0 [ 24.812006] print_report+0x118/0x608 [ 24.812125] kasan_report_invalid_free+0xc0/0xe8 [ 24.812249] __kasan_kfree_large+0x5c/0xa8 [ 24.812381] free_large_kmalloc+0x64/0x190 [ 24.812526] kfree+0x270/0x3c8 [ 24.812657] kmalloc_large_invalid_free+0x108/0x270 [ 24.812846] kunit_try_run_case+0x170/0x3f0 [ 24.813086] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.813346] kthread+0x328/0x630 [ 24.813562] ret_from_fork+0x10/0x20 [ 24.813803] [ 24.813857] The buggy address belongs to the physical page: [ 24.813949] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 24.814092] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.814264] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.814401] page_type: f8(unknown) [ 24.814496] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.814657] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.814916] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.815102] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.815238] head: 0bfffe0000000002 ffffc1ffc3192e01 00000000ffffffff 00000000ffffffff [ 24.815394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.815527] page dumped because: kasan: bad access detected [ 24.815607] [ 24.815720] Memory state around the buggy address: [ 24.815964] fff00000c64b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816132] fff00000c64b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816239] >fff00000c64b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.816334] ^ [ 24.816400] fff00000c64b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.816500] fff00000c64b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.816608] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 24.782157] ================================================================== [ 24.782314] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 24.782428] Read of size 1 at addr fff00000c64b8000 by task kunit_try_catch/148 [ 24.782553] [ 24.782748] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.782967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.783041] Hardware name: linux,dummy-virt (DT) [ 24.783335] Call trace: [ 24.783632] show_stack+0x20/0x38 (C) [ 24.784011] dump_stack_lvl+0x8c/0xd0 [ 24.784146] print_report+0x118/0x608 [ 24.784915] kasan_report+0xdc/0x128 [ 24.785153] __asan_report_load1_noabort+0x20/0x30 [ 24.785666] kmalloc_large_uaf+0x2cc/0x2f8 [ 24.786197] kunit_try_run_case+0x170/0x3f0 [ 24.786323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.786451] kthread+0x328/0x630 [ 24.786565] ret_from_fork+0x10/0x20 [ 24.786691] [ 24.787284] The buggy address belongs to the physical page: [ 24.787526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 24.787983] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.788911] raw: 0bfffe0000000000 ffffc1ffc3192f08 fff00000da44ac40 0000000000000000 [ 24.789734] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.789834] page dumped because: kasan: bad access detected [ 24.789910] [ 24.790354] Memory state around the buggy address: [ 24.790611] fff00000c64b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.791182] fff00000c64b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.791387] >fff00000c64b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.791482] ^ [ 24.792066] fff00000c64b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.792309] fff00000c64b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.792796] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 24.734411] ================================================================== [ 24.734544] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 24.734651] Write of size 1 at addr fff00000c64ba00a by task kunit_try_catch/146 [ 24.734763] [ 24.734839] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.735116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.735192] Hardware name: linux,dummy-virt (DT) [ 24.735296] Call trace: [ 24.735361] show_stack+0x20/0x38 (C) [ 24.735505] dump_stack_lvl+0x8c/0xd0 [ 24.735651] print_report+0x118/0x608 [ 24.735789] kasan_report+0xdc/0x128 [ 24.735989] __asan_report_store1_noabort+0x20/0x30 [ 24.736303] kmalloc_large_oob_right+0x278/0x2b8 [ 24.736553] kunit_try_run_case+0x170/0x3f0 [ 24.736687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.737056] kthread+0x328/0x630 [ 24.737229] ret_from_fork+0x10/0x20 [ 24.737676] [ 24.737761] The buggy address belongs to the physical page: [ 24.737847] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 24.738010] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.738238] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.738395] page_type: f8(unknown) [ 24.738512] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.738695] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.738912] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.739085] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 24.739272] head: 0bfffe0000000002 ffffc1ffc3192e01 00000000ffffffff 00000000ffffffff [ 24.739582] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.739838] page dumped because: kasan: bad access detected [ 24.739973] [ 24.740024] Memory state around the buggy address: [ 24.740296] fff00000c64b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.740418] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.740535] >fff00000c64ba000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.740739] ^ [ 24.740868] fff00000c64ba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.740994] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.741091] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 24.712999] ================================================================== [ 24.713247] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.713367] Write of size 1 at addr fff00000c7791f00 by task kunit_try_catch/144 [ 24.713599] [ 24.713728] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.713948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.714013] Hardware name: linux,dummy-virt (DT) [ 24.714084] Call trace: [ 24.714140] show_stack+0x20/0x38 (C) [ 24.714257] dump_stack_lvl+0x8c/0xd0 [ 24.714383] print_report+0x118/0x608 [ 24.714725] kasan_report+0xdc/0x128 [ 24.715075] __asan_report_store1_noabort+0x20/0x30 [ 24.715271] kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.715547] kunit_try_run_case+0x170/0x3f0 [ 24.715685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.715838] kthread+0x328/0x630 [ 24.715981] ret_from_fork+0x10/0x20 [ 24.716207] [ 24.716277] Allocated by task 144: [ 24.716350] kasan_save_stack+0x3c/0x68 [ 24.716480] kasan_save_track+0x20/0x40 [ 24.716799] kasan_save_alloc_info+0x40/0x58 [ 24.716999] __kasan_kmalloc+0xd4/0xd8 [ 24.717111] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.717361] kmalloc_big_oob_right+0xb8/0x2f0 [ 24.717456] kunit_try_run_case+0x170/0x3f0 [ 24.717550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.717690] kthread+0x328/0x630 [ 24.717879] ret_from_fork+0x10/0x20 [ 24.717988] [ 24.718045] The buggy address belongs to the object at fff00000c7790000 [ 24.718045] which belongs to the cache kmalloc-8k of size 8192 [ 24.718431] The buggy address is located 0 bytes to the right of [ 24.718431] allocated 7936-byte region [fff00000c7790000, fff00000c7791f00) [ 24.718955] [ 24.719011] The buggy address belongs to the physical page: [ 24.719304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107790 [ 24.719530] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.719682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.719808] page_type: f5(slab) [ 24.719912] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.720057] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.720727] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.721232] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.721525] head: 0bfffe0000000003 ffffc1ffc31de401 00000000ffffffff 00000000ffffffff [ 24.721664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.722170] page dumped because: kasan: bad access detected [ 24.722273] [ 24.722327] Memory state around the buggy address: [ 24.722413] fff00000c7791e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722658] fff00000c7791e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722812] >fff00000c7791f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723081] ^ [ 24.723154] fff00000c7791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723258] fff00000c7792000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723380] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 24.669057] ================================================================== [ 24.669178] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.669331] Write of size 1 at addr fff00000c6507278 by task kunit_try_catch/142 [ 24.669490] [ 24.669566] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.669797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.669867] Hardware name: linux,dummy-virt (DT) [ 24.669961] Call trace: [ 24.670064] show_stack+0x20/0x38 (C) [ 24.670913] dump_stack_lvl+0x8c/0xd0 [ 24.671096] print_report+0x118/0x608 [ 24.671318] kasan_report+0xdc/0x128 [ 24.671460] __asan_report_store1_noabort+0x20/0x30 [ 24.671732] kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.671887] kunit_try_run_case+0x170/0x3f0 [ 24.672066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.672221] kthread+0x328/0x630 [ 24.672408] ret_from_fork+0x10/0x20 [ 24.672721] [ 24.672776] Allocated by task 142: [ 24.672856] kasan_save_stack+0x3c/0x68 [ 24.673059] kasan_save_track+0x20/0x40 [ 24.673254] kasan_save_alloc_info+0x40/0x58 [ 24.673363] __kasan_kmalloc+0xd4/0xd8 [ 24.673461] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.673591] kmalloc_track_caller_oob_right+0xa8/0x488 [ 24.673869] kunit_try_run_case+0x170/0x3f0 [ 24.674043] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.674245] kthread+0x328/0x630 [ 24.674344] ret_from_fork+0x10/0x20 [ 24.674433] [ 24.674480] The buggy address belongs to the object at fff00000c6507200 [ 24.674480] which belongs to the cache kmalloc-128 of size 128 [ 24.674673] The buggy address is located 0 bytes to the right of [ 24.674673] allocated 120-byte region [fff00000c6507200, fff00000c6507278) [ 24.675154] [ 24.675219] The buggy address belongs to the physical page: [ 24.675425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.675568] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.675795] page_type: f5(slab) [ 24.675901] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.676117] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.676377] page dumped because: kasan: bad access detected [ 24.676454] [ 24.676496] Memory state around the buggy address: [ 24.676604] fff00000c6507100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.676744] fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.676906] >fff00000c6507200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.677071] ^ [ 24.677287] fff00000c6507280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.677429] fff00000c6507300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.677575] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 24.634815] ================================================================== [ 24.635322] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 24.635602] Read of size 1 at addr fff00000c6477000 by task kunit_try_catch/140 [ 24.635731] [ 24.636096] CPU: 0 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.636492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.636754] Hardware name: linux,dummy-virt (DT) [ 24.637091] Call trace: [ 24.637152] show_stack+0x20/0x38 (C) [ 24.637838] dump_stack_lvl+0x8c/0xd0 [ 24.638411] print_report+0x118/0x608 [ 24.638631] kasan_report+0xdc/0x128 [ 24.638749] __asan_report_load1_noabort+0x20/0x30 [ 24.639751] kmalloc_node_oob_right+0x2f4/0x330 [ 24.639902] kunit_try_run_case+0x170/0x3f0 [ 24.640419] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.640566] kthread+0x328/0x630 [ 24.640688] ret_from_fork+0x10/0x20 [ 24.641272] [ 24.641319] Allocated by task 140: [ 24.641760] kasan_save_stack+0x3c/0x68 [ 24.641955] kasan_save_track+0x20/0x40 [ 24.642465] kasan_save_alloc_info+0x40/0x58 [ 24.642991] __kasan_kmalloc+0xd4/0xd8 [ 24.643154] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 24.643265] kmalloc_node_oob_right+0xbc/0x330 [ 24.643358] kunit_try_run_case+0x170/0x3f0 [ 24.643446] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.644005] kthread+0x328/0x630 [ 24.644399] ret_from_fork+0x10/0x20 [ 24.644635] [ 24.644685] The buggy address belongs to the object at fff00000c6476000 [ 24.644685] which belongs to the cache kmalloc-4k of size 4096 [ 24.644924] The buggy address is located 0 bytes to the right of [ 24.644924] allocated 4096-byte region [fff00000c6476000, fff00000c6477000) [ 24.645165] [ 24.645730] The buggy address belongs to the physical page: [ 24.646126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106470 [ 24.646504] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.647364] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.649119] page_type: f5(slab) [ 24.649235] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 24.649807] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.650303] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 24.650608] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.651029] head: 0bfffe0000000003 ffffc1ffc3191c01 00000000ffffffff 00000000ffffffff [ 24.651417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.651639] page dumped because: kasan: bad access detected [ 24.651718] [ 24.651763] Memory state around the buggy address: [ 24.651841] fff00000c6476f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.651970] fff00000c6476f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.653267] >fff00000c6477000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.653469] ^ [ 24.653541] fff00000c6477080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.653791] fff00000c6477100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.654026] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 24.598249] ================================================================== [ 24.598402] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 24.598954] Read of size 1 at addr fff00000c62bd25f by task kunit_try_catch/138 [ 24.599335] [ 24.599429] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.600182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.600277] Hardware name: linux,dummy-virt (DT) [ 24.600462] Call trace: [ 24.600845] show_stack+0x20/0x38 (C) [ 24.601019] dump_stack_lvl+0x8c/0xd0 [ 24.601299] print_report+0x118/0x608 [ 24.601445] kasan_report+0xdc/0x128 [ 24.601564] __asan_report_load1_noabort+0x20/0x30 [ 24.601689] kmalloc_oob_left+0x2ec/0x320 [ 24.601858] kunit_try_run_case+0x170/0x3f0 [ 24.602047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.602953] kthread+0x328/0x630 [ 24.603328] ret_from_fork+0x10/0x20 [ 24.603543] [ 24.603597] Allocated by task 9: [ 24.603669] kasan_save_stack+0x3c/0x68 [ 24.603779] kasan_save_track+0x20/0x40 [ 24.603880] kasan_save_alloc_info+0x40/0x58 [ 24.603999] __kasan_kmalloc+0xd4/0xd8 [ 24.604153] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.604318] kvasprintf+0xe0/0x180 [ 24.604577] __kthread_create_on_node+0x16c/0x350 [ 24.604679] kthread_create_on_node+0xe4/0x130 [ 24.604776] create_worker+0x380/0x6b8 [ 24.604866] worker_thread+0x808/0xf38 [ 24.604981] kthread+0x328/0x630 [ 24.605228] ret_from_fork+0x10/0x20 [ 24.605322] [ 24.605425] The buggy address belongs to the object at fff00000c62bd240 [ 24.605425] which belongs to the cache kmalloc-16 of size 16 [ 24.605568] The buggy address is located 19 bytes to the right of [ 24.605568] allocated 12-byte region [fff00000c62bd240, fff00000c62bd24c) [ 24.605715] [ 24.605809] The buggy address belongs to the physical page: [ 24.605882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 24.606047] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.606183] page_type: f5(slab) [ 24.606294] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 24.606431] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.606538] page dumped because: kasan: bad access detected [ 24.606621] [ 24.606670] Memory state around the buggy address: [ 24.606752] fff00000c62bd100: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 24.606880] fff00000c62bd180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.607083] >fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc [ 24.607300] ^ [ 24.607461] fff00000c62bd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.607667] fff00000c62bd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.607836] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.517575] ================================================================== [ 24.518436] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 24.520829] Write of size 1 at addr fff00000c6507173 by task kunit_try_catch/136 [ 24.521108] [ 24.523703] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT [ 24.524372] Tainted: [N]=TEST [ 24.524457] Hardware name: linux,dummy-virt (DT) [ 24.526083] Call trace: [ 24.527217] show_stack+0x20/0x38 (C) [ 24.527866] dump_stack_lvl+0x8c/0xd0 [ 24.528112] print_report+0x118/0x608 [ 24.528277] kasan_report+0xdc/0x128 [ 24.528425] __asan_report_store1_noabort+0x20/0x30 [ 24.528608] kmalloc_oob_right+0x5a4/0x660 [ 24.528817] kunit_try_run_case+0x170/0x3f0 [ 24.529022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.529175] kthread+0x328/0x630 [ 24.529310] ret_from_fork+0x10/0x20 [ 24.529822] [ 24.529923] Allocated by task 136: [ 24.530710] kasan_save_stack+0x3c/0x68 [ 24.531613] kasan_save_track+0x20/0x40 [ 24.531922] kasan_save_alloc_info+0x40/0x58 [ 24.532663] __kasan_kmalloc+0xd4/0xd8 [ 24.532765] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.533763] kmalloc_oob_right+0xb0/0x660 [ 24.533865] kunit_try_run_case+0x170/0x3f0 [ 24.533973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.534079] kthread+0x328/0x630 [ 24.534167] ret_from_fork+0x10/0x20 [ 24.534307] [ 24.536437] The buggy address belongs to the object at fff00000c6507100 [ 24.536437] which belongs to the cache kmalloc-128 of size 128 [ 24.539040] The buggy address is located 0 bytes to the right of [ 24.539040] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.539253] [ 24.539581] The buggy address belongs to the physical page: [ 24.540288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.542202] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.544384] page_type: f5(slab) [ 24.544773] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.544855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.545057] page dumped because: kasan: bad access detected [ 24.545266] [ 24.545473] Memory state around the buggy address: [ 24.546463] fff00000c6507000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.546628] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.546795] >fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.546982] ^ [ 24.547183] fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.547317] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.547511] ================================================================== [ 24.564923] ================================================================== [ 24.565039] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 24.565149] Read of size 1 at addr fff00000c6507180 by task kunit_try_catch/136 [ 24.565259] [ 24.565332] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.565522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.565592] Hardware name: linux,dummy-virt (DT) [ 24.565669] Call trace: [ 24.565728] show_stack+0x20/0x38 (C) [ 24.565859] dump_stack_lvl+0x8c/0xd0 [ 24.566381] print_report+0x118/0x608 [ 24.566506] kasan_report+0xdc/0x128 [ 24.566620] __asan_report_load1_noabort+0x20/0x30 [ 24.566742] kmalloc_oob_right+0x5d0/0x660 [ 24.566969] kunit_try_run_case+0x170/0x3f0 [ 24.567106] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.567348] kthread+0x328/0x630 [ 24.567459] ret_from_fork+0x10/0x20 [ 24.567570] [ 24.567615] Allocated by task 136: [ 24.567677] kasan_save_stack+0x3c/0x68 [ 24.567771] kasan_save_track+0x20/0x40 [ 24.567861] kasan_save_alloc_info+0x40/0x58 [ 24.567990] __kasan_kmalloc+0xd4/0xd8 [ 24.568090] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.568194] kmalloc_oob_right+0xb0/0x660 [ 24.568289] kunit_try_run_case+0x170/0x3f0 [ 24.568380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.568483] kthread+0x328/0x630 [ 24.571844] ret_from_fork+0x10/0x20 [ 24.572959] [ 24.573018] The buggy address belongs to the object at fff00000c6507100 [ 24.573018] which belongs to the cache kmalloc-128 of size 128 [ 24.573163] The buggy address is located 13 bytes to the right of [ 24.573163] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.573555] [ 24.573780] The buggy address belongs to the physical page: [ 24.573853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.574884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.576473] page_type: f5(slab) [ 24.576576] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.576704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.576813] page dumped because: kasan: bad access detected [ 24.576894] [ 24.577924] Memory state around the buggy address: [ 24.578047] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578155] fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.578257] >fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578348] ^ [ 24.578414] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578514] fff00000c6507280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578607] ================================================================== [ 24.549858] ================================================================== [ 24.550022] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 24.550189] Write of size 1 at addr fff00000c6507178 by task kunit_try_catch/136 [ 24.550317] [ 24.550454] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.550769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.550839] Hardware name: linux,dummy-virt (DT) [ 24.550929] Call trace: [ 24.551000] show_stack+0x20/0x38 (C) [ 24.551254] dump_stack_lvl+0x8c/0xd0 [ 24.551492] print_report+0x118/0x608 [ 24.551638] kasan_report+0xdc/0x128 [ 24.551765] __asan_report_store1_noabort+0x20/0x30 [ 24.551885] kmalloc_oob_right+0x538/0x660 [ 24.552023] kunit_try_run_case+0x170/0x3f0 [ 24.552140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.552274] kthread+0x328/0x630 [ 24.553226] ret_from_fork+0x10/0x20 [ 24.553990] [ 24.554105] Allocated by task 136: [ 24.554188] kasan_save_stack+0x3c/0x68 [ 24.554959] kasan_save_track+0x20/0x40 [ 24.555175] kasan_save_alloc_info+0x40/0x58 [ 24.555284] __kasan_kmalloc+0xd4/0xd8 [ 24.555387] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.555491] kmalloc_oob_right+0xb0/0x660 [ 24.555585] kunit_try_run_case+0x170/0x3f0 [ 24.556048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.556358] kthread+0x328/0x630 [ 24.556859] ret_from_fork+0x10/0x20 [ 24.556978] [ 24.557028] The buggy address belongs to the object at fff00000c6507100 [ 24.557028] which belongs to the cache kmalloc-128 of size 128 [ 24.557192] The buggy address is located 5 bytes to the right of [ 24.557192] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.557346] [ 24.557725] The buggy address belongs to the physical page: [ 24.557811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.558441] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.558560] page_type: f5(slab) [ 24.558650] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.558768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.559161] page dumped because: kasan: bad access detected [ 24.559258] [ 24.559416] Memory state around the buggy address: [ 24.559638] fff00000c6507000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.559898] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560359] >fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.560740] ^ [ 24.561003] fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561130] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561503] ==================================================================
Failure - log-parser-boot - exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 119.048602] WARNING: CPU: 1 PID: 704 at lib/math/int_log.c:120 intlog10+0x38/0x48 [ 119.050198] Modules linked in: [ 119.050628] CPU: 1 UID: 0 PID: 704 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc1 #1 PREEMPT [ 119.051618] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 119.052598] Hardware name: linux,dummy-virt (DT) [ 119.053193] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 119.054136] pc : intlog10+0x38/0x48 [ 119.054549] lr : intlog10_test+0xe4/0x200 [ 119.055244] sp : ffff800082437c10 [ 119.055765] x29: ffff800082437c90 x28: 0000000000000000 x27: 0000000000000000 [ 119.056826] x26: 1ffe00001929b8e1 x25: 0000000000000000 x24: ffff800082437ce0 [ 119.057795] x23: ffff800082437d00 x22: 0000000000000000 x21: 1ffff00010486f82 [ 119.058747] x20: ffffa6ed546d2fc0 x19: ffff800080087990 x18: 00000000dcc55a8a [ 119.059699] x17: 000000006871e882 x16: 000000000381bb21 x15: 000000009393cbfc [ 119.060643] x14: 000000008c977a3a x13: 1ffe00001b48d189 x12: ffff74ddab0af381 [ 119.061602] x11: 1ffff4ddab0af380 x10: ffff74ddab0af380 x9 : ffffa6ed51c6a2dc [ 119.062562] x8 : ffffa6ed58579c03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 119.063507] x5 : ffff700010486f82 x4 : 1ffff00010010f3a x3 : 1ffff4ddaa8da5f8 [ 119.064452] x2 : 1ffff4ddaa8da5f8 x1 : 0000000000000003 x0 : 0000000000000000 [ 119.065400] Call trace: [ 119.065793] intlog10+0x38/0x48 (P) [ 119.066339] kunit_try_run_case+0x170/0x3f0 [ 119.066927] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 119.067656] kthread+0x328/0x630 [ 119.068180] ret_from_fork+0x10/0x20 [ 119.068811] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 118.962003] WARNING: CPU: 1 PID: 686 at lib/math/int_log.c:63 intlog2+0xd8/0xf8 [ 118.965425] Modules linked in: [ 118.966082] CPU: 1 UID: 0 PID: 686 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc1 #1 PREEMPT [ 118.967060] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 118.967576] Hardware name: linux,dummy-virt (DT) [ 118.968121] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 118.969048] pc : intlog2+0xd8/0xf8 [ 118.969402] lr : intlog2_test+0xe4/0x200 [ 118.969806] sp : ffff8000822d7c10 [ 118.970429] x29: ffff8000822d7c90 x28: 0000000000000000 x27: 0000000000000000 [ 118.971716] x26: 1ffe00001935bb21 x25: 0000000000000000 x24: ffff8000822d7ce0 [ 118.972586] x23: ffff8000822d7d00 x22: 0000000000000000 x21: 1ffff0001045af82 [ 118.973536] x20: ffffa6ed546d2ec0 x19: ffff800080087990 x18: 000000007ad6b4f3 [ 118.974509] x17: 000000003f8315b2 x16: fff00000c0975c3c x15: fff00000ff616b08 [ 118.975598] x14: 00000000f1f1f1f1 x13: 1ffe00001b488dcd x12: ffff74ddab0af381 [ 118.976988] x11: 1ffff4ddab0af380 x10: ffff74ddab0af380 x9 : ffffa6ed51c6a4dc [ 118.977923] x8 : ffffa6ed58579c03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 118.978843] x5 : ffff70001045af82 x4 : 1ffff00010010f3a x3 : 1ffff4ddaa8da5d8 [ 118.979956] x2 : 1ffff4ddaa8da5d8 x1 : 0000000000000003 x0 : 0000000000000000 [ 118.980881] Call trace: [ 118.981271] intlog2+0xd8/0xf8 (P) [ 118.981831] kunit_try_run_case+0x170/0x3f0 [ 118.982422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 118.983350] kthread+0x328/0x630 [ 118.983783] ret_from_fork+0x10/0x20 [ 118.984325] ---[ end trace 0000000000000000 ]---