Date
July 1, 2025, 11:08 a.m.
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.331346] ================================================================== [ 13.332245] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.332550] Read of size 1 at addr ffff8881039e7d02 by task kunit_try_catch/266 [ 13.332989] [ 13.333101] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.333151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.333164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.333186] Call Trace: [ 13.333201] <TASK> [ 13.333220] dump_stack_lvl+0x73/0xb0 [ 13.333252] print_report+0xd1/0x650 [ 13.333277] ? __virt_addr_valid+0x1db/0x2d0 [ 13.333302] ? kasan_stack_oob+0x2b5/0x300 [ 13.333320] ? kasan_addr_to_slab+0x11/0xa0 [ 13.333340] ? kasan_stack_oob+0x2b5/0x300 [ 13.333359] kasan_report+0x141/0x180 [ 13.333392] ? kasan_stack_oob+0x2b5/0x300 [ 13.333416] __asan_report_load1_noabort+0x18/0x20 [ 13.333440] kasan_stack_oob+0x2b5/0x300 [ 13.333458] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.333477] ? finish_task_switch.isra.0+0x153/0x700 [ 13.333501] ? __switch_to+0x47/0xf50 [ 13.333528] ? __schedule+0x10cc/0x2b60 [ 13.333550] ? __pfx_read_tsc+0x10/0x10 [ 13.333583] ? ktime_get_ts64+0x86/0x230 [ 13.333608] kunit_try_run_case+0x1a5/0x480 [ 13.333634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.333679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.333700] ? __kthread_parkme+0x82/0x180 [ 13.333722] ? preempt_count_sub+0x50/0x80 [ 13.333744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.333789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.333811] kthread+0x337/0x6f0 [ 13.333830] ? trace_preempt_on+0x20/0xc0 [ 13.333854] ? __pfx_kthread+0x10/0x10 [ 13.333873] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.333894] ? calculate_sigpending+0x7b/0xa0 [ 13.333918] ? __pfx_kthread+0x10/0x10 [ 13.333949] ret_from_fork+0x116/0x1d0 [ 13.333966] ? __pfx_kthread+0x10/0x10 [ 13.333985] ret_from_fork_asm+0x1a/0x30 [ 13.334018] </TASK> [ 13.334030] [ 13.341707] The buggy address belongs to stack of task kunit_try_catch/266 [ 13.342002] and is located at offset 138 in frame: [ 13.342274] kasan_stack_oob+0x0/0x300 [ 13.342609] [ 13.342737] This frame has 4 objects: [ 13.342987] [48, 49) '__assertion' [ 13.343010] [64, 72) 'array' [ 13.343181] [96, 112) '__assertion' [ 13.343303] [128, 138) 'stack_array' [ 13.343488] [ 13.343861] The buggy address belongs to the physical page: [ 13.344080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e7 [ 13.344412] flags: 0x200000000000000(node=0|zone=2) [ 13.344639] raw: 0200000000000000 ffffea00040e79c8 ffffea00040e79c8 0000000000000000 [ 13.344869] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.345093] page dumped because: kasan: bad access detected [ 13.345303] [ 13.345649] Memory state around the buggy address: [ 13.345884] ffff8881039e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.346670] ffff8881039e7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.346894] >ffff8881039e7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.347249] ^ [ 13.347426] ffff8881039e7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.347730] ffff8881039e7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.348088] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 48.961921] ================================================================== [ 48.962343] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 48.962343] [ 48.962765] Use-after-free read at 0x(____ptrval____) (in kfence-#141): [ 48.963019] test_krealloc+0x6fc/0xbe0 [ 48.963227] kunit_try_run_case+0x1a5/0x480 [ 48.963441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.963678] kthread+0x337/0x6f0 [ 48.963808] ret_from_fork+0x116/0x1d0 [ 48.963945] ret_from_fork_asm+0x1a/0x30 [ 48.964147] [ 48.964250] kfence-#141: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 48.964250] [ 48.964701] allocated by task 354 on cpu 1 at 48.961294s (0.003405s ago): [ 48.965056] test_alloc+0x364/0x10f0 [ 48.965224] test_krealloc+0xad/0xbe0 [ 48.965393] kunit_try_run_case+0x1a5/0x480 [ 48.965555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.965794] kthread+0x337/0x6f0 [ 48.965966] ret_from_fork+0x116/0x1d0 [ 48.966153] ret_from_fork_asm+0x1a/0x30 [ 48.966328] [ 48.966442] freed by task 354 on cpu 1 at 48.961550s (0.004889s ago): [ 48.966746] krealloc_noprof+0x108/0x340 [ 48.966896] test_krealloc+0x226/0xbe0 [ 48.967029] kunit_try_run_case+0x1a5/0x480 [ 48.967183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.967448] kthread+0x337/0x6f0 [ 48.967614] ret_from_fork+0x116/0x1d0 [ 48.967895] ret_from_fork_asm+0x1a/0x30 [ 48.968090] [ 48.968193] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.968567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.968954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.969351] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 48.877506] ================================================================== [ 48.878082] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.878082] [ 48.878537] Use-after-free read at 0x(____ptrval____) (in kfence-#140): [ 48.879710] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.879978] kunit_try_run_case+0x1a5/0x480 [ 48.880174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.880424] kthread+0x337/0x6f0 [ 48.880553] ret_from_fork+0x116/0x1d0 [ 48.880688] ret_from_fork_asm+0x1a/0x30 [ 48.880946] [ 48.881047] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 48.881047] [ 48.881356] allocated by task 352 on cpu 1 at 48.857257s (0.024096s ago): [ 48.881693] test_alloc+0x2a6/0x10f0 [ 48.881914] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 48.882084] kunit_try_run_case+0x1a5/0x480 [ 48.882291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.882557] kthread+0x337/0x6f0 [ 48.882918] ret_from_fork+0x116/0x1d0 [ 48.883108] ret_from_fork_asm+0x1a/0x30 [ 48.883281] [ 48.883354] freed by task 352 on cpu 1 at 48.857380s (0.025971s ago): [ 48.884097] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 48.884304] kunit_try_run_case+0x1a5/0x480 [ 48.884700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.885046] kthread+0x337/0x6f0 [ 48.885204] ret_from_fork+0x116/0x1d0 [ 48.885503] ret_from_fork_asm+0x1a/0x30 [ 48.885715] [ 48.885834] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.886278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.886462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.887138] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 23.802565] ================================================================== [ 23.803164] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 23.803164] [ 23.803783] Invalid read at 0x(____ptrval____): [ 23.804015] test_invalid_access+0xf0/0x210 [ 23.804210] kunit_try_run_case+0x1a5/0x480 [ 23.804427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.804810] kthread+0x337/0x6f0 [ 23.804958] ret_from_fork+0x116/0x1d0 [ 23.805144] ret_from_fork_asm+0x1a/0x30 [ 23.805355] [ 23.805498] CPU: 1 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.805927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.806068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.806494] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 23.585588] ================================================================== [ 23.586091] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.586091] [ 23.586543] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#136): [ 23.587224] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.587439] kunit_try_run_case+0x1a5/0x480 [ 23.587605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.587865] kthread+0x337/0x6f0 [ 23.588166] ret_from_fork+0x116/0x1d0 [ 23.588360] ret_from_fork_asm+0x1a/0x30 [ 23.588610] [ 23.588717] kfence-#136: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.588717] [ 23.589074] allocated by task 342 on cpu 0 at 23.585302s (0.003769s ago): [ 23.589441] test_alloc+0x364/0x10f0 [ 23.589638] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 23.589806] kunit_try_run_case+0x1a5/0x480 [ 23.590038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.590312] kthread+0x337/0x6f0 [ 23.590516] ret_from_fork+0x116/0x1d0 [ 23.590719] ret_from_fork_asm+0x1a/0x30 [ 23.590920] [ 23.591010] freed by task 342 on cpu 0 at 23.585462s (0.005545s ago): [ 23.591311] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.591575] kunit_try_run_case+0x1a5/0x480 [ 23.591810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.592068] kthread+0x337/0x6f0 [ 23.592249] ret_from_fork+0x116/0x1d0 [ 23.592464] ret_from_fork_asm+0x1a/0x30 [ 23.592609] [ 23.592720] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.593398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.593687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.594087] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 23.273582] ================================================================== [ 23.274081] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.274081] [ 23.274501] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#133): [ 23.274905] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.275105] kunit_try_run_case+0x1a5/0x480 [ 23.275347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.275608] kthread+0x337/0x6f0 [ 23.275749] ret_from_fork+0x116/0x1d0 [ 23.275963] ret_from_fork_asm+0x1a/0x30 [ 23.276168] [ 23.276271] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.276271] [ 23.276745] allocated by task 340 on cpu 1 at 23.273307s (0.003435s ago): [ 23.276990] test_alloc+0x364/0x10f0 [ 23.277187] test_kmalloc_aligned_oob_read+0x105/0x560 [ 23.277453] kunit_try_run_case+0x1a5/0x480 [ 23.277684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.277926] kthread+0x337/0x6f0 [ 23.278086] ret_from_fork+0x116/0x1d0 [ 23.278229] ret_from_fork_asm+0x1a/0x30 [ 23.278401] [ 23.278533] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.279102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.279251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.279877] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 17.657563] ================================================================== [ 17.658010] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 17.658010] [ 17.658392] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#79): [ 17.658852] test_corruption+0x2df/0x3e0 [ 17.659000] kunit_try_run_case+0x1a5/0x480 [ 17.659329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.659708] kthread+0x337/0x6f0 [ 17.659836] ret_from_fork+0x116/0x1d0 [ 17.660143] ret_from_fork_asm+0x1a/0x30 [ 17.660343] [ 17.660463] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.660463] [ 17.660908] allocated by task 328 on cpu 1 at 17.657275s (0.003629s ago): [ 17.661219] test_alloc+0x364/0x10f0 [ 17.661439] test_corruption+0x1cb/0x3e0 [ 17.661708] kunit_try_run_case+0x1a5/0x480 [ 17.661878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.662175] kthread+0x337/0x6f0 [ 17.662349] ret_from_fork+0x116/0x1d0 [ 17.662547] ret_from_fork_asm+0x1a/0x30 [ 17.662739] [ 17.662810] freed by task 328 on cpu 1 at 17.657394s (0.005414s ago): [ 17.663197] test_corruption+0x2df/0x3e0 [ 17.663403] kunit_try_run_case+0x1a5/0x480 [ 17.663633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.663921] kthread+0x337/0x6f0 [ 17.664120] ret_from_fork+0x116/0x1d0 [ 17.664309] ret_from_fork_asm+0x1a/0x30 [ 17.664520] [ 17.664653] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.665102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.665304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.665762] ================================================================== [ 17.969430] ================================================================== [ 17.970005] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 17.970005] [ 17.970326] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#82): [ 17.970676] test_corruption+0x216/0x3e0 [ 17.970878] kunit_try_run_case+0x1a5/0x480 [ 17.971097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.971340] kthread+0x337/0x6f0 [ 17.971478] ret_from_fork+0x116/0x1d0 [ 17.971690] ret_from_fork_asm+0x1a/0x30 [ 17.971899] [ 17.971995] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.971995] [ 17.972359] allocated by task 330 on cpu 0 at 17.969287s (0.003070s ago): [ 17.972726] test_alloc+0x2a6/0x10f0 [ 17.972893] test_corruption+0x1cb/0x3e0 [ 17.973032] kunit_try_run_case+0x1a5/0x480 [ 17.973205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.973476] kthread+0x337/0x6f0 [ 17.973668] ret_from_fork+0x116/0x1d0 [ 17.973848] ret_from_fork_asm+0x1a/0x30 [ 17.974036] [ 17.974108] freed by task 330 on cpu 0 at 17.969348s (0.004758s ago): [ 17.974318] test_corruption+0x216/0x3e0 [ 17.974515] kunit_try_run_case+0x1a5/0x480 [ 17.974722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.974988] kthread+0x337/0x6f0 [ 17.975156] ret_from_fork+0x116/0x1d0 [ 17.975315] ret_from_fork_asm+0x1a/0x30 [ 17.975507] [ 17.975655] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.976071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.976254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.976566] ================================================================== [ 17.865437] ================================================================== [ 17.865858] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 17.865858] [ 17.866250] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#81): [ 17.866927] test_corruption+0x131/0x3e0 [ 17.867139] kunit_try_run_case+0x1a5/0x480 [ 17.867355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.867579] kthread+0x337/0x6f0 [ 17.867754] ret_from_fork+0x116/0x1d0 [ 17.867907] ret_from_fork_asm+0x1a/0x30 [ 17.868107] [ 17.868211] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.868211] [ 17.868576] allocated by task 330 on cpu 0 at 17.865282s (0.003292s ago): [ 17.868944] test_alloc+0x2a6/0x10f0 [ 17.869117] test_corruption+0xe6/0x3e0 [ 17.869292] kunit_try_run_case+0x1a5/0x480 [ 17.869507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.869720] kthread+0x337/0x6f0 [ 17.869847] ret_from_fork+0x116/0x1d0 [ 17.869982] ret_from_fork_asm+0x1a/0x30 [ 17.870182] [ 17.870281] freed by task 330 on cpu 0 at 17.865342s (0.004937s ago): [ 17.870600] test_corruption+0x131/0x3e0 [ 17.870767] kunit_try_run_case+0x1a5/0x480 [ 17.870913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.871124] kthread+0x337/0x6f0 [ 17.871294] ret_from_fork+0x116/0x1d0 [ 17.871494] ret_from_fork_asm+0x1a/0x30 [ 17.871732] [ 17.871860] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.872284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.872451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.872722] ================================================================== [ 17.449566] ================================================================== [ 17.450059] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 17.450059] [ 17.450506] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#77): [ 17.451748] test_corruption+0x2d2/0x3e0 [ 17.451992] kunit_try_run_case+0x1a5/0x480 [ 17.452214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.452481] kthread+0x337/0x6f0 [ 17.452697] ret_from_fork+0x116/0x1d0 [ 17.453187] ret_from_fork_asm+0x1a/0x30 [ 17.453592] [ 17.453694] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.453694] [ 17.454294] allocated by task 328 on cpu 1 at 17.449299s (0.004992s ago): [ 17.454848] test_alloc+0x364/0x10f0 [ 17.455030] test_corruption+0xe6/0x3e0 [ 17.455290] kunit_try_run_case+0x1a5/0x480 [ 17.455524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.455950] kthread+0x337/0x6f0 [ 17.456212] ret_from_fork+0x116/0x1d0 [ 17.456432] ret_from_fork_asm+0x1a/0x30 [ 17.456793] [ 17.457059] freed by task 328 on cpu 1 at 17.449406s (0.007597s ago): [ 17.457367] test_corruption+0x2d2/0x3e0 [ 17.457742] kunit_try_run_case+0x1a5/0x480 [ 17.457963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.458304] kthread+0x337/0x6f0 [ 17.458493] ret_from_fork+0x116/0x1d0 [ 17.458876] ret_from_fork_asm+0x1a/0x30 [ 17.459160] [ 17.459306] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.459931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.460229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.460816] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 17.345446] ================================================================== [ 17.345860] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 17.345860] [ 17.346195] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 17.346565] test_invalid_addr_free+0xfb/0x260 [ 17.346739] kunit_try_run_case+0x1a5/0x480 [ 17.347053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.347290] kthread+0x337/0x6f0 [ 17.347487] ret_from_fork+0x116/0x1d0 [ 17.347657] ret_from_fork_asm+0x1a/0x30 [ 17.347854] [ 17.347954] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.347954] [ 17.348290] allocated by task 326 on cpu 1 at 17.345307s (0.002981s ago): [ 17.348600] test_alloc+0x2a6/0x10f0 [ 17.348776] test_invalid_addr_free+0xdb/0x260 [ 17.348964] kunit_try_run_case+0x1a5/0x480 [ 17.349154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.349364] kthread+0x337/0x6f0 [ 17.349550] ret_from_fork+0x116/0x1d0 [ 17.349726] ret_from_fork_asm+0x1a/0x30 [ 17.349931] [ 17.350043] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.350471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.350690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.350959] ================================================================== [ 17.241449] ================================================================== [ 17.241849] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 17.241849] [ 17.242310] Invalid free of 0x(____ptrval____) (in kfence-#75): [ 17.243077] test_invalid_addr_free+0x1e1/0x260 [ 17.243469] kunit_try_run_case+0x1a5/0x480 [ 17.243933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.244186] kthread+0x337/0x6f0 [ 17.244514] ret_from_fork+0x116/0x1d0 [ 17.244851] ret_from_fork_asm+0x1a/0x30 [ 17.245263] [ 17.245364] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.245364] [ 17.245975] allocated by task 324 on cpu 0 at 17.241282s (0.004690s ago): [ 17.246315] test_alloc+0x364/0x10f0 [ 17.246717] test_invalid_addr_free+0xdb/0x260 [ 17.247040] kunit_try_run_case+0x1a5/0x480 [ 17.247352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.247718] kthread+0x337/0x6f0 [ 17.247863] ret_from_fork+0x116/0x1d0 [ 17.248238] ret_from_fork_asm+0x1a/0x30 [ 17.248463] [ 17.248586] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.249030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.249220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.249917] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 17.033519] ================================================================== [ 17.034067] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 17.034067] [ 17.034451] Invalid free of 0x(____ptrval____) (in kfence-#73): [ 17.034759] test_double_free+0x1d3/0x260 [ 17.034978] kunit_try_run_case+0x1a5/0x480 [ 17.035175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.035414] kthread+0x337/0x6f0 [ 17.035564] ret_from_fork+0x116/0x1d0 [ 17.035742] ret_from_fork_asm+0x1a/0x30 [ 17.035882] [ 17.036012] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.036012] [ 17.036458] allocated by task 320 on cpu 1 at 17.033247s (0.003208s ago): [ 17.036722] test_alloc+0x364/0x10f0 [ 17.036880] test_double_free+0xdb/0x260 [ 17.037720] kunit_try_run_case+0x1a5/0x480 [ 17.037924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.038153] kthread+0x337/0x6f0 [ 17.038308] ret_from_fork+0x116/0x1d0 [ 17.038499] ret_from_fork_asm+0x1a/0x30 [ 17.039025] [ 17.039123] freed by task 320 on cpu 1 at 17.033312s (0.005808s ago): [ 17.039553] test_double_free+0x1e0/0x260 [ 17.039730] kunit_try_run_case+0x1a5/0x480 [ 17.039923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.040157] kthread+0x337/0x6f0 [ 17.040309] ret_from_fork+0x116/0x1d0 [ 17.040506] ret_from_fork_asm+0x1a/0x30 [ 17.041067] [ 17.041202] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.041743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.041901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.042420] ================================================================== [ 17.137481] ================================================================== [ 17.137896] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.137896] [ 17.138224] Invalid free of 0x(____ptrval____) (in kfence-#74): [ 17.138912] test_double_free+0x112/0x260 [ 17.139151] kunit_try_run_case+0x1a5/0x480 [ 17.139337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.139578] kthread+0x337/0x6f0 [ 17.139731] ret_from_fork+0x116/0x1d0 [ 17.139910] ret_from_fork_asm+0x1a/0x30 [ 17.140113] [ 17.140193] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.140193] [ 17.141070] allocated by task 322 on cpu 0 at 17.137273s (0.003794s ago): [ 17.141529] test_alloc+0x2a6/0x10f0 [ 17.141829] test_double_free+0xdb/0x260 [ 17.142089] kunit_try_run_case+0x1a5/0x480 [ 17.142367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.142598] kthread+0x337/0x6f0 [ 17.142907] ret_from_fork+0x116/0x1d0 [ 17.143094] ret_from_fork_asm+0x1a/0x30 [ 17.143401] [ 17.143493] freed by task 322 on cpu 0 at 17.137336s (0.006155s ago): [ 17.143912] test_double_free+0xfa/0x260 [ 17.144174] kunit_try_run_case+0x1a5/0x480 [ 17.144373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.144702] kthread+0x337/0x6f0 [ 17.144971] ret_from_fork+0x116/0x1d0 [ 17.145152] ret_from_fork_asm+0x1a/0x30 [ 17.145476] [ 17.145602] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.146089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.146276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.146888] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 16.721267] ================================================================== [ 16.721763] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.721763] [ 16.722256] Use-after-free read at 0x(____ptrval____) (in kfence-#70): [ 16.722563] test_use_after_free_read+0x129/0x270 [ 16.722740] kunit_try_run_case+0x1a5/0x480 [ 16.723011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.723274] kthread+0x337/0x6f0 [ 16.723497] ret_from_fork+0x116/0x1d0 [ 16.723713] ret_from_fork_asm+0x1a/0x30 [ 16.723876] [ 16.723956] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.723956] [ 16.724342] allocated by task 314 on cpu 0 at 16.721143s (0.003197s ago): [ 16.724723] test_alloc+0x2a6/0x10f0 [ 16.724925] test_use_after_free_read+0xdc/0x270 [ 16.725168] kunit_try_run_case+0x1a5/0x480 [ 16.725365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.725571] kthread+0x337/0x6f0 [ 16.725800] ret_from_fork+0x116/0x1d0 [ 16.726045] ret_from_fork_asm+0x1a/0x30 [ 16.726258] [ 16.726371] freed by task 314 on cpu 0 at 16.721180s (0.005188s ago): [ 16.726752] test_use_after_free_read+0xfb/0x270 [ 16.726940] kunit_try_run_case+0x1a5/0x480 [ 16.727166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.727424] kthread+0x337/0x6f0 [ 16.727563] ret_from_fork+0x116/0x1d0 [ 16.727786] ret_from_fork_asm+0x1a/0x30 [ 16.727955] [ 16.728092] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.728555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.728696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.729041] ================================================================== [ 16.617542] ================================================================== [ 16.618047] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.618047] [ 16.618586] Use-after-free read at 0x(____ptrval____) (in kfence-#69): [ 16.618801] test_use_after_free_read+0x129/0x270 [ 16.619039] kunit_try_run_case+0x1a5/0x480 [ 16.619259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.619519] kthread+0x337/0x6f0 [ 16.620328] ret_from_fork+0x116/0x1d0 [ 16.620616] ret_from_fork_asm+0x1a/0x30 [ 16.620834] [ 16.621072] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.621072] [ 16.621493] allocated by task 312 on cpu 1 at 16.617293s (0.004198s ago): [ 16.622006] test_alloc+0x364/0x10f0 [ 16.622282] test_use_after_free_read+0xdc/0x270 [ 16.622627] kunit_try_run_case+0x1a5/0x480 [ 16.622845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.623219] kthread+0x337/0x6f0 [ 16.623493] ret_from_fork+0x116/0x1d0 [ 16.623788] ret_from_fork_asm+0x1a/0x30 [ 16.623991] [ 16.624478] freed by task 312 on cpu 1 at 16.617359s (0.006759s ago): [ 16.624862] test_use_after_free_read+0x1e7/0x270 [ 16.625084] kunit_try_run_case+0x1a5/0x480 [ 16.625461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.625838] kthread+0x337/0x6f0 [ 16.626093] ret_from_fork+0x116/0x1d0 [ 16.626296] ret_from_fork_asm+0x1a/0x30 [ 16.626660] [ 16.626920] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.627374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.627764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.628255] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 16.513343] ================================================================== [ 16.513806] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.513806] [ 16.514196] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#68): [ 16.514556] test_out_of_bounds_write+0x10d/0x260 [ 16.514792] kunit_try_run_case+0x1a5/0x480 [ 16.514983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.515215] kthread+0x337/0x6f0 [ 16.515345] ret_from_fork+0x116/0x1d0 [ 16.515551] ret_from_fork_asm+0x1a/0x30 [ 16.515752] [ 16.515835] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.515835] [ 16.516195] allocated by task 310 on cpu 0 at 16.513281s (0.002912s ago): [ 16.516479] test_alloc+0x2a6/0x10f0 [ 16.516675] test_out_of_bounds_write+0xd4/0x260 [ 16.516867] kunit_try_run_case+0x1a5/0x480 [ 16.517015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.517259] kthread+0x337/0x6f0 [ 16.517441] ret_from_fork+0x116/0x1d0 [ 16.517630] ret_from_fork_asm+0x1a/0x30 [ 16.517871] [ 16.517974] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.518318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.518471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.518865] ================================================================== [ 16.409441] ================================================================== [ 16.409847] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.409847] [ 16.410407] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#67): [ 16.410669] test_out_of_bounds_write+0x10d/0x260 [ 16.410878] kunit_try_run_case+0x1a5/0x480 [ 16.411368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.411949] kthread+0x337/0x6f0 [ 16.412263] ret_from_fork+0x116/0x1d0 [ 16.412426] ret_from_fork_asm+0x1a/0x30 [ 16.412599] [ 16.412806] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.412806] [ 16.413439] allocated by task 308 on cpu 1 at 16.409294s (0.004142s ago): [ 16.413822] test_alloc+0x364/0x10f0 [ 16.413988] test_out_of_bounds_write+0xd4/0x260 [ 16.414267] kunit_try_run_case+0x1a5/0x480 [ 16.414528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.414792] kthread+0x337/0x6f0 [ 16.415007] ret_from_fork+0x116/0x1d0 [ 16.415287] ret_from_fork_asm+0x1a/0x30 [ 16.415475] [ 16.415622] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.416133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.416338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.416796] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 16.201208] ================================================================== [ 16.201826] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.201826] [ 16.202265] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#65): [ 16.202879] test_out_of_bounds_read+0x126/0x4e0 [ 16.203117] kunit_try_run_case+0x1a5/0x480 [ 16.203801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.204056] kthread+0x337/0x6f0 [ 16.204238] ret_from_fork+0x116/0x1d0 [ 16.204673] ret_from_fork_asm+0x1a/0x30 [ 16.204872] [ 16.204959] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.204959] [ 16.205335] allocated by task 306 on cpu 1 at 16.201140s (0.004193s ago): [ 16.206065] test_alloc+0x2a6/0x10f0 [ 16.206239] test_out_of_bounds_read+0xed/0x4e0 [ 16.206450] kunit_try_run_case+0x1a5/0x480 [ 16.206952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.207205] kthread+0x337/0x6f0 [ 16.207404] ret_from_fork+0x116/0x1d0 [ 16.207786] ret_from_fork_asm+0x1a/0x30 [ 16.208077] [ 16.208226] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.208848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.209056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.209580] ================================================================== [ 15.785484] ================================================================== [ 15.785880] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.785880] [ 15.786341] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#61): [ 15.786671] test_out_of_bounds_read+0x216/0x4e0 [ 15.786907] kunit_try_run_case+0x1a5/0x480 [ 15.787174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.787361] kthread+0x337/0x6f0 [ 15.787550] ret_from_fork+0x116/0x1d0 [ 15.787771] ret_from_fork_asm+0x1a/0x30 [ 15.787935] [ 15.788033] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.788033] [ 15.788470] allocated by task 304 on cpu 0 at 15.785279s (0.003189s ago): [ 15.788855] test_alloc+0x364/0x10f0 [ 15.789044] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.789265] kunit_try_run_case+0x1a5/0x480 [ 15.789466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.789766] kthread+0x337/0x6f0 [ 15.789961] ret_from_fork+0x116/0x1d0 [ 15.790127] ret_from_fork_asm+0x1a/0x30 [ 15.790273] [ 15.790372] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.790876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.791082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.791485] ================================================================== [ 15.682332] ================================================================== [ 15.682822] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.682822] [ 15.683407] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#60): [ 15.683945] test_out_of_bounds_read+0x126/0x4e0 [ 15.684181] kunit_try_run_case+0x1a5/0x480 [ 15.684443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.684642] kthread+0x337/0x6f0 [ 15.684825] ret_from_fork+0x116/0x1d0 [ 15.685013] ret_from_fork_asm+0x1a/0x30 [ 15.685231] [ 15.685493] kfence-#60: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.685493] [ 15.686174] allocated by task 304 on cpu 0 at 15.681152s (0.004953s ago): [ 15.686744] test_alloc+0x364/0x10f0 [ 15.686976] test_out_of_bounds_read+0xed/0x4e0 [ 15.687188] kunit_try_run_case+0x1a5/0x480 [ 15.687408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.687722] kthread+0x337/0x6f0 [ 15.687890] ret_from_fork+0x116/0x1d0 [ 15.688053] ret_from_fork_asm+0x1a/0x30 [ 15.688299] [ 15.688450] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.688897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.689117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.689509] ================================================================== [ 16.305330] ================================================================== [ 16.305840] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.305840] [ 16.306174] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#66): [ 16.306596] test_out_of_bounds_read+0x216/0x4e0 [ 16.306827] kunit_try_run_case+0x1a5/0x480 [ 16.306979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.307227] kthread+0x337/0x6f0 [ 16.307440] ret_from_fork+0x116/0x1d0 [ 16.307653] ret_from_fork_asm+0x1a/0x30 [ 16.307841] [ 16.307941] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.307941] [ 16.308239] allocated by task 306 on cpu 1 at 16.305270s (0.002966s ago): [ 16.308595] test_alloc+0x2a6/0x10f0 [ 16.308934] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.309119] kunit_try_run_case+0x1a5/0x480 [ 16.309298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.309564] kthread+0x337/0x6f0 [ 16.309727] ret_from_fork+0x116/0x1d0 [ 16.309913] ret_from_fork_asm+0x1a/0x30 [ 16.310131] [ 16.310253] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.310709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.310844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.311432] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.600110] ================================================================== [ 15.600479] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.600910] Write of size 1 at addr ffff88810258dd78 by task kunit_try_catch/302 [ 15.601290] [ 15.601404] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.601449] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.601463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.601484] Call Trace: [ 15.601502] <TASK> [ 15.601521] dump_stack_lvl+0x73/0xb0 [ 15.601549] print_report+0xd1/0x650 [ 15.601575] ? __virt_addr_valid+0x1db/0x2d0 [ 15.601598] ? strncpy_from_user+0x1a5/0x1d0 [ 15.601622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.601659] ? strncpy_from_user+0x1a5/0x1d0 [ 15.601682] kasan_report+0x141/0x180 [ 15.601704] ? strncpy_from_user+0x1a5/0x1d0 [ 15.601767] __asan_report_store1_noabort+0x1b/0x30 [ 15.601790] strncpy_from_user+0x1a5/0x1d0 [ 15.601827] copy_user_test_oob+0x760/0x10f0 [ 15.601853] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.601876] ? finish_task_switch.isra.0+0x153/0x700 [ 15.601900] ? __switch_to+0x47/0xf50 [ 15.601926] ? __schedule+0x10cc/0x2b60 [ 15.601950] ? __pfx_read_tsc+0x10/0x10 [ 15.601972] ? ktime_get_ts64+0x86/0x230 [ 15.602026] kunit_try_run_case+0x1a5/0x480 [ 15.602051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.602084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.602109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.602132] ? __kthread_parkme+0x82/0x180 [ 15.602154] ? preempt_count_sub+0x50/0x80 [ 15.602178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.602203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.602254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.602278] kthread+0x337/0x6f0 [ 15.602298] ? trace_preempt_on+0x20/0xc0 [ 15.602334] ? __pfx_kthread+0x10/0x10 [ 15.602355] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.602385] ? calculate_sigpending+0x7b/0xa0 [ 15.602410] ? __pfx_kthread+0x10/0x10 [ 15.602432] ret_from_fork+0x116/0x1d0 [ 15.602451] ? __pfx_kthread+0x10/0x10 [ 15.602471] ret_from_fork_asm+0x1a/0x30 [ 15.602502] </TASK> [ 15.602513] [ 15.610620] Allocated by task 302: [ 15.610809] kasan_save_stack+0x45/0x70 [ 15.611022] kasan_save_track+0x18/0x40 [ 15.611195] kasan_save_alloc_info+0x3b/0x50 [ 15.611493] __kasan_kmalloc+0xb7/0xc0 [ 15.611787] __kmalloc_noprof+0x1c9/0x500 [ 15.611985] kunit_kmalloc_array+0x25/0x60 [ 15.612219] copy_user_test_oob+0xab/0x10f0 [ 15.612460] kunit_try_run_case+0x1a5/0x480 [ 15.612716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.612995] kthread+0x337/0x6f0 [ 15.613196] ret_from_fork+0x116/0x1d0 [ 15.613414] ret_from_fork_asm+0x1a/0x30 [ 15.613557] [ 15.613641] The buggy address belongs to the object at ffff88810258dd00 [ 15.613641] which belongs to the cache kmalloc-128 of size 128 [ 15.614318] The buggy address is located 0 bytes to the right of [ 15.614318] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.614904] [ 15.615012] The buggy address belongs to the physical page: [ 15.615427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.615779] flags: 0x200000000000000(node=0|zone=2) [ 15.615949] page_type: f5(slab) [ 15.616072] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.616418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.616989] page dumped because: kasan: bad access detected [ 15.617260] [ 15.617358] Memory state around the buggy address: [ 15.617567] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.617891] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.618112] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.618486] ^ [ 15.618918] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.619190] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.619555] ================================================================== [ 15.580519] ================================================================== [ 15.580876] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.581310] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.581847] [ 15.582054] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.582103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.582116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.582139] Call Trace: [ 15.582156] <TASK> [ 15.582176] dump_stack_lvl+0x73/0xb0 [ 15.582206] print_report+0xd1/0x650 [ 15.582231] ? __virt_addr_valid+0x1db/0x2d0 [ 15.582256] ? strncpy_from_user+0x2e/0x1d0 [ 15.582280] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.582304] ? strncpy_from_user+0x2e/0x1d0 [ 15.582328] kasan_report+0x141/0x180 [ 15.582351] ? strncpy_from_user+0x2e/0x1d0 [ 15.582389] kasan_check_range+0x10c/0x1c0 [ 15.582414] __kasan_check_write+0x18/0x20 [ 15.582435] strncpy_from_user+0x2e/0x1d0 [ 15.582458] ? __kasan_check_read+0x15/0x20 [ 15.582480] copy_user_test_oob+0x760/0x10f0 [ 15.582507] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.582532] ? finish_task_switch.isra.0+0x153/0x700 [ 15.582557] ? __switch_to+0x47/0xf50 [ 15.582607] ? __schedule+0x10cc/0x2b60 [ 15.582631] ? __pfx_read_tsc+0x10/0x10 [ 15.582653] ? ktime_get_ts64+0x86/0x230 [ 15.582678] kunit_try_run_case+0x1a5/0x480 [ 15.582703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.582726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.582751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.582775] ? __kthread_parkme+0x82/0x180 [ 15.582796] ? preempt_count_sub+0x50/0x80 [ 15.582819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.582844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.582867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.582891] kthread+0x337/0x6f0 [ 15.582911] ? trace_preempt_on+0x20/0xc0 [ 15.582936] ? __pfx_kthread+0x10/0x10 [ 15.582958] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.582979] ? calculate_sigpending+0x7b/0xa0 [ 15.583003] ? __pfx_kthread+0x10/0x10 [ 15.583024] ret_from_fork+0x116/0x1d0 [ 15.583044] ? __pfx_kthread+0x10/0x10 [ 15.583065] ret_from_fork_asm+0x1a/0x30 [ 15.583096] </TASK> [ 15.583109] [ 15.590883] Allocated by task 302: [ 15.591029] kasan_save_stack+0x45/0x70 [ 15.591176] kasan_save_track+0x18/0x40 [ 15.591361] kasan_save_alloc_info+0x3b/0x50 [ 15.591627] __kasan_kmalloc+0xb7/0xc0 [ 15.591814] __kmalloc_noprof+0x1c9/0x500 [ 15.592027] kunit_kmalloc_array+0x25/0x60 [ 15.592175] copy_user_test_oob+0xab/0x10f0 [ 15.592454] kunit_try_run_case+0x1a5/0x480 [ 15.592782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.593077] kthread+0x337/0x6f0 [ 15.593221] ret_from_fork+0x116/0x1d0 [ 15.593355] ret_from_fork_asm+0x1a/0x30 [ 15.593503] [ 15.593575] The buggy address belongs to the object at ffff88810258dd00 [ 15.593575] which belongs to the cache kmalloc-128 of size 128 [ 15.594184] The buggy address is located 0 bytes inside of [ 15.594184] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.594795] [ 15.594942] The buggy address belongs to the physical page: [ 15.595209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.595539] flags: 0x200000000000000(node=0|zone=2) [ 15.595711] page_type: f5(slab) [ 15.595834] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.596091] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.596581] page dumped because: kasan: bad access detected [ 15.596841] [ 15.596937] Memory state around the buggy address: [ 15.597274] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.597866] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.598191] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.598450] ^ [ 15.598865] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.599087] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.599316] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.495130] ================================================================== [ 15.495484] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.495838] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.496244] [ 15.496357] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.496421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.496434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.496458] Call Trace: [ 15.496472] <TASK> [ 15.496492] dump_stack_lvl+0x73/0xb0 [ 15.496522] print_report+0xd1/0x650 [ 15.496547] ? __virt_addr_valid+0x1db/0x2d0 [ 15.496572] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.496618] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496641] kasan_report+0x141/0x180 [ 15.496665] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496693] kasan_check_range+0x10c/0x1c0 [ 15.496718] __kasan_check_write+0x18/0x20 [ 15.496739] copy_user_test_oob+0x3fd/0x10f0 [ 15.496765] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.496788] ? finish_task_switch.isra.0+0x153/0x700 [ 15.496812] ? __switch_to+0x47/0xf50 [ 15.496839] ? __schedule+0x10cc/0x2b60 [ 15.496863] ? __pfx_read_tsc+0x10/0x10 [ 15.496885] ? ktime_get_ts64+0x86/0x230 [ 15.496910] kunit_try_run_case+0x1a5/0x480 [ 15.496935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.496957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.496982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.497006] ? __kthread_parkme+0x82/0x180 [ 15.497028] ? preempt_count_sub+0x50/0x80 [ 15.497051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.497075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.497099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.497122] kthread+0x337/0x6f0 [ 15.497143] ? trace_preempt_on+0x20/0xc0 [ 15.497168] ? __pfx_kthread+0x10/0x10 [ 15.497189] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.497210] ? calculate_sigpending+0x7b/0xa0 [ 15.497236] ? __pfx_kthread+0x10/0x10 [ 15.497258] ret_from_fork+0x116/0x1d0 [ 15.497277] ? __pfx_kthread+0x10/0x10 [ 15.497297] ret_from_fork_asm+0x1a/0x30 [ 15.497328] </TASK> [ 15.497341] [ 15.504168] Allocated by task 302: [ 15.504366] kasan_save_stack+0x45/0x70 [ 15.504593] kasan_save_track+0x18/0x40 [ 15.504787] kasan_save_alloc_info+0x3b/0x50 [ 15.505004] __kasan_kmalloc+0xb7/0xc0 [ 15.505195] __kmalloc_noprof+0x1c9/0x500 [ 15.505407] kunit_kmalloc_array+0x25/0x60 [ 15.505625] copy_user_test_oob+0xab/0x10f0 [ 15.505784] kunit_try_run_case+0x1a5/0x480 [ 15.505983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.506217] kthread+0x337/0x6f0 [ 15.506367] ret_from_fork+0x116/0x1d0 [ 15.506538] ret_from_fork_asm+0x1a/0x30 [ 15.506756] [ 15.506856] The buggy address belongs to the object at ffff88810258dd00 [ 15.506856] which belongs to the cache kmalloc-128 of size 128 [ 15.507321] The buggy address is located 0 bytes inside of [ 15.507321] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.507782] [ 15.507857] The buggy address belongs to the physical page: [ 15.508032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.508279] flags: 0x200000000000000(node=0|zone=2) [ 15.508543] page_type: f5(slab) [ 15.508716] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.509053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.509330] page dumped because: kasan: bad access detected [ 15.509513] [ 15.509585] Memory state around the buggy address: [ 15.509740] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.510095] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510424] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.510750] ^ [ 15.511362] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511691] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511943] ================================================================== [ 15.512615] ================================================================== [ 15.512986] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.513225] Read of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.513488] [ 15.513611] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.513655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.513692] Call Trace: [ 15.513708] <TASK> [ 15.513724] dump_stack_lvl+0x73/0xb0 [ 15.513753] print_report+0xd1/0x650 [ 15.513776] ? __virt_addr_valid+0x1db/0x2d0 [ 15.513799] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513823] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.513845] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513868] kasan_report+0x141/0x180 [ 15.513892] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513920] kasan_check_range+0x10c/0x1c0 [ 15.513944] __kasan_check_read+0x15/0x20 [ 15.513964] copy_user_test_oob+0x4aa/0x10f0 [ 15.513990] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.514012] ? finish_task_switch.isra.0+0x153/0x700 [ 15.514035] ? __switch_to+0x47/0xf50 [ 15.514061] ? __schedule+0x10cc/0x2b60 [ 15.514084] ? __pfx_read_tsc+0x10/0x10 [ 15.514105] ? ktime_get_ts64+0x86/0x230 [ 15.514129] kunit_try_run_case+0x1a5/0x480 [ 15.514154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.514200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.514223] ? __kthread_parkme+0x82/0x180 [ 15.514245] ? preempt_count_sub+0x50/0x80 [ 15.514268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.514340] kthread+0x337/0x6f0 [ 15.514360] ? trace_preempt_on+0x20/0xc0 [ 15.514395] ? __pfx_kthread+0x10/0x10 [ 15.514416] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514438] ? calculate_sigpending+0x7b/0xa0 [ 15.514463] ? __pfx_kthread+0x10/0x10 [ 15.514484] ret_from_fork+0x116/0x1d0 [ 15.514504] ? __pfx_kthread+0x10/0x10 [ 15.514525] ret_from_fork_asm+0x1a/0x30 [ 15.514555] </TASK> [ 15.514568] [ 15.521607] Allocated by task 302: [ 15.521932] kasan_save_stack+0x45/0x70 [ 15.522217] kasan_save_track+0x18/0x40 [ 15.522424] kasan_save_alloc_info+0x3b/0x50 [ 15.522709] __kasan_kmalloc+0xb7/0xc0 [ 15.522943] __kmalloc_noprof+0x1c9/0x500 [ 15.523099] kunit_kmalloc_array+0x25/0x60 [ 15.523246] copy_user_test_oob+0xab/0x10f0 [ 15.523402] kunit_try_run_case+0x1a5/0x480 [ 15.523626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.523880] kthread+0x337/0x6f0 [ 15.524058] ret_from_fork+0x116/0x1d0 [ 15.524246] ret_from_fork_asm+0x1a/0x30 [ 15.524461] [ 15.524558] The buggy address belongs to the object at ffff88810258dd00 [ 15.524558] which belongs to the cache kmalloc-128 of size 128 [ 15.525009] The buggy address is located 0 bytes inside of [ 15.525009] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.525505] [ 15.525603] The buggy address belongs to the physical page: [ 15.525819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.526062] flags: 0x200000000000000(node=0|zone=2) [ 15.526225] page_type: f5(slab) [ 15.526346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.526655] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.526989] page dumped because: kasan: bad access detected [ 15.527227] [ 15.527297] Memory state around the buggy address: [ 15.527518] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.527930] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.528187] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.528411] ^ [ 15.528742] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529063] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529407] ================================================================== [ 15.555506] ================================================================== [ 15.556107] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.556527] Read of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.557108] [ 15.557226] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.557430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.557448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.557471] Call Trace: [ 15.557488] <TASK> [ 15.557506] dump_stack_lvl+0x73/0xb0 [ 15.557536] print_report+0xd1/0x650 [ 15.557560] ? __virt_addr_valid+0x1db/0x2d0 [ 15.557593] ? copy_user_test_oob+0x604/0x10f0 [ 15.557616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.557639] ? copy_user_test_oob+0x604/0x10f0 [ 15.557662] kasan_report+0x141/0x180 [ 15.557684] ? copy_user_test_oob+0x604/0x10f0 [ 15.557713] kasan_check_range+0x10c/0x1c0 [ 15.557738] __kasan_check_read+0x15/0x20 [ 15.557758] copy_user_test_oob+0x604/0x10f0 [ 15.557783] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.557807] ? finish_task_switch.isra.0+0x153/0x700 [ 15.557831] ? __switch_to+0x47/0xf50 [ 15.557858] ? __schedule+0x10cc/0x2b60 [ 15.557882] ? __pfx_read_tsc+0x10/0x10 [ 15.557903] ? ktime_get_ts64+0x86/0x230 [ 15.557929] kunit_try_run_case+0x1a5/0x480 [ 15.557954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.557977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.558001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.558024] ? __kthread_parkme+0x82/0x180 [ 15.558045] ? preempt_count_sub+0x50/0x80 [ 15.558069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.558093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.558116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.558140] kthread+0x337/0x6f0 [ 15.558160] ? trace_preempt_on+0x20/0xc0 [ 15.558186] ? __pfx_kthread+0x10/0x10 [ 15.558207] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.558228] ? calculate_sigpending+0x7b/0xa0 [ 15.558253] ? __pfx_kthread+0x10/0x10 [ 15.558275] ret_from_fork+0x116/0x1d0 [ 15.558294] ? __pfx_kthread+0x10/0x10 [ 15.558315] ret_from_fork_asm+0x1a/0x30 [ 15.558344] </TASK> [ 15.558357] [ 15.568355] Allocated by task 302: [ 15.568557] kasan_save_stack+0x45/0x70 [ 15.569091] kasan_save_track+0x18/0x40 [ 15.569395] kasan_save_alloc_info+0x3b/0x50 [ 15.569626] __kasan_kmalloc+0xb7/0xc0 [ 15.569909] __kmalloc_noprof+0x1c9/0x500 [ 15.570187] kunit_kmalloc_array+0x25/0x60 [ 15.570513] copy_user_test_oob+0xab/0x10f0 [ 15.570803] kunit_try_run_case+0x1a5/0x480 [ 15.571103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.571355] kthread+0x337/0x6f0 [ 15.571544] ret_from_fork+0x116/0x1d0 [ 15.571927] ret_from_fork_asm+0x1a/0x30 [ 15.572206] [ 15.572481] The buggy address belongs to the object at ffff88810258dd00 [ 15.572481] which belongs to the cache kmalloc-128 of size 128 [ 15.573094] The buggy address is located 0 bytes inside of [ 15.573094] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.573672] [ 15.573779] The buggy address belongs to the physical page: [ 15.574024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.574342] flags: 0x200000000000000(node=0|zone=2) [ 15.574839] page_type: f5(slab) [ 15.575144] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.575492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.576045] page dumped because: kasan: bad access detected [ 15.576403] [ 15.576700] Memory state around the buggy address: [ 15.576934] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.577316] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.577720] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.578012] ^ [ 15.578317] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.578630] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579190] ================================================================== [ 15.530249] ================================================================== [ 15.531191] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.532322] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.532762] [ 15.532881] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.532926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.533117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.533141] Call Trace: [ 15.533157] <TASK> [ 15.533288] dump_stack_lvl+0x73/0xb0 [ 15.533325] print_report+0xd1/0x650 [ 15.533351] ? __virt_addr_valid+0x1db/0x2d0 [ 15.533387] ? copy_user_test_oob+0x557/0x10f0 [ 15.533410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.533433] ? copy_user_test_oob+0x557/0x10f0 [ 15.533456] kasan_report+0x141/0x180 [ 15.533478] ? copy_user_test_oob+0x557/0x10f0 [ 15.533508] kasan_check_range+0x10c/0x1c0 [ 15.533533] __kasan_check_write+0x18/0x20 [ 15.533553] copy_user_test_oob+0x557/0x10f0 [ 15.533591] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.533614] ? finish_task_switch.isra.0+0x153/0x700 [ 15.533636] ? __switch_to+0x47/0xf50 [ 15.533662] ? __schedule+0x10cc/0x2b60 [ 15.533685] ? __pfx_read_tsc+0x10/0x10 [ 15.533706] ? ktime_get_ts64+0x86/0x230 [ 15.533730] kunit_try_run_case+0x1a5/0x480 [ 15.533755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.533778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.533802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.533825] ? __kthread_parkme+0x82/0x180 [ 15.533847] ? preempt_count_sub+0x50/0x80 [ 15.533872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.533896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.533919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.533943] kthread+0x337/0x6f0 [ 15.533963] ? trace_preempt_on+0x20/0xc0 [ 15.533986] ? __pfx_kthread+0x10/0x10 [ 15.534008] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.534031] ? calculate_sigpending+0x7b/0xa0 [ 15.534056] ? __pfx_kthread+0x10/0x10 [ 15.534078] ret_from_fork+0x116/0x1d0 [ 15.534098] ? __pfx_kthread+0x10/0x10 [ 15.534119] ret_from_fork_asm+0x1a/0x30 [ 15.534150] </TASK> [ 15.534162] [ 15.544348] Allocated by task 302: [ 15.544745] kasan_save_stack+0x45/0x70 [ 15.545034] kasan_save_track+0x18/0x40 [ 15.545181] kasan_save_alloc_info+0x3b/0x50 [ 15.545402] __kasan_kmalloc+0xb7/0xc0 [ 15.545803] __kmalloc_noprof+0x1c9/0x500 [ 15.546004] kunit_kmalloc_array+0x25/0x60 [ 15.546163] copy_user_test_oob+0xab/0x10f0 [ 15.546513] kunit_try_run_case+0x1a5/0x480 [ 15.546865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.547200] kthread+0x337/0x6f0 [ 15.547459] ret_from_fork+0x116/0x1d0 [ 15.547748] ret_from_fork_asm+0x1a/0x30 [ 15.548045] [ 15.548125] The buggy address belongs to the object at ffff88810258dd00 [ 15.548125] which belongs to the cache kmalloc-128 of size 128 [ 15.548959] The buggy address is located 0 bytes inside of [ 15.548959] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.549428] [ 15.549532] The buggy address belongs to the physical page: [ 15.549846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.550183] flags: 0x200000000000000(node=0|zone=2) [ 15.550414] page_type: f5(slab) [ 15.550573] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.550885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.551193] page dumped because: kasan: bad access detected [ 15.551956] [ 15.552051] Memory state around the buggy address: [ 15.552207] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.552765] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.553152] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.553561] ^ [ 15.553954] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.554369] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.554806] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.473184] ================================================================== [ 15.473532] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.473882] Read of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.474454] [ 15.474575] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.474625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.474638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.474662] Call Trace: [ 15.474678] <TASK> [ 15.474702] dump_stack_lvl+0x73/0xb0 [ 15.474734] print_report+0xd1/0x650 [ 15.474760] ? __virt_addr_valid+0x1db/0x2d0 [ 15.474785] ? _copy_to_user+0x3c/0x70 [ 15.474805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.474828] ? _copy_to_user+0x3c/0x70 [ 15.474848] kasan_report+0x141/0x180 [ 15.474872] ? _copy_to_user+0x3c/0x70 [ 15.474896] kasan_check_range+0x10c/0x1c0 [ 15.474920] __kasan_check_read+0x15/0x20 [ 15.474940] _copy_to_user+0x3c/0x70 [ 15.474960] copy_user_test_oob+0x364/0x10f0 [ 15.474985] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.475009] ? finish_task_switch.isra.0+0x153/0x700 [ 15.475033] ? __switch_to+0x47/0xf50 [ 15.475060] ? __schedule+0x10cc/0x2b60 [ 15.475083] ? __pfx_read_tsc+0x10/0x10 [ 15.475105] ? ktime_get_ts64+0x86/0x230 [ 15.475130] kunit_try_run_case+0x1a5/0x480 [ 15.475154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.475178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.475203] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.475228] ? __kthread_parkme+0x82/0x180 [ 15.475251] ? preempt_count_sub+0x50/0x80 [ 15.475274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.475300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.475324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.475349] kthread+0x337/0x6f0 [ 15.475368] ? trace_preempt_on+0x20/0xc0 [ 15.475405] ? __pfx_kthread+0x10/0x10 [ 15.475427] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.475449] ? calculate_sigpending+0x7b/0xa0 [ 15.475473] ? __pfx_kthread+0x10/0x10 [ 15.475496] ret_from_fork+0x116/0x1d0 [ 15.475515] ? __pfx_kthread+0x10/0x10 [ 15.475536] ret_from_fork_asm+0x1a/0x30 [ 15.475567] </TASK> [ 15.475595] [ 15.482597] Allocated by task 302: [ 15.482891] kasan_save_stack+0x45/0x70 [ 15.483103] kasan_save_track+0x18/0x40 [ 15.483298] kasan_save_alloc_info+0x3b/0x50 [ 15.483512] __kasan_kmalloc+0xb7/0xc0 [ 15.483709] __kmalloc_noprof+0x1c9/0x500 [ 15.483886] kunit_kmalloc_array+0x25/0x60 [ 15.484083] copy_user_test_oob+0xab/0x10f0 [ 15.484275] kunit_try_run_case+0x1a5/0x480 [ 15.484452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.484630] kthread+0x337/0x6f0 [ 15.484762] ret_from_fork+0x116/0x1d0 [ 15.484958] ret_from_fork_asm+0x1a/0x30 [ 15.485155] [ 15.485252] The buggy address belongs to the object at ffff88810258dd00 [ 15.485252] which belongs to the cache kmalloc-128 of size 128 [ 15.485865] The buggy address is located 0 bytes inside of [ 15.485865] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.486222] [ 15.486301] The buggy address belongs to the physical page: [ 15.486490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.487175] flags: 0x200000000000000(node=0|zone=2) [ 15.487432] page_type: f5(slab) [ 15.487605] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.487944] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.488173] page dumped because: kasan: bad access detected [ 15.488442] [ 15.488538] Memory state around the buggy address: [ 15.488993] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.489216] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.489468] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.489953] ^ [ 15.490266] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.490545] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.490833] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.443136] ================================================================== [ 15.443814] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.444609] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.445163] [ 15.445298] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.445586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.445603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.445630] Call Trace: [ 15.445650] <TASK> [ 15.445676] dump_stack_lvl+0x73/0xb0 [ 15.445712] print_report+0xd1/0x650 [ 15.445739] ? __virt_addr_valid+0x1db/0x2d0 [ 15.445766] ? _copy_from_user+0x32/0x90 [ 15.445786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.445809] ? _copy_from_user+0x32/0x90 [ 15.445829] kasan_report+0x141/0x180 [ 15.445852] ? _copy_from_user+0x32/0x90 [ 15.445877] kasan_check_range+0x10c/0x1c0 [ 15.445902] __kasan_check_write+0x18/0x20 [ 15.445923] _copy_from_user+0x32/0x90 [ 15.445945] copy_user_test_oob+0x2be/0x10f0 [ 15.445971] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.445993] ? finish_task_switch.isra.0+0x153/0x700 [ 15.446020] ? __switch_to+0x47/0xf50 [ 15.446047] ? __schedule+0x10cc/0x2b60 [ 15.446072] ? __pfx_read_tsc+0x10/0x10 [ 15.446095] ? ktime_get_ts64+0x86/0x230 [ 15.446121] kunit_try_run_case+0x1a5/0x480 [ 15.446145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.446168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.446193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.446216] ? __kthread_parkme+0x82/0x180 [ 15.446239] ? preempt_count_sub+0x50/0x80 [ 15.446263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.446287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.446311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.446335] kthread+0x337/0x6f0 [ 15.446355] ? trace_preempt_on+0x20/0xc0 [ 15.446393] ? __pfx_kthread+0x10/0x10 [ 15.446413] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.446435] ? calculate_sigpending+0x7b/0xa0 [ 15.446461] ? __pfx_kthread+0x10/0x10 [ 15.446483] ret_from_fork+0x116/0x1d0 [ 15.446502] ? __pfx_kthread+0x10/0x10 [ 15.446522] ret_from_fork_asm+0x1a/0x30 [ 15.446554] </TASK> [ 15.446568] [ 15.457472] Allocated by task 302: [ 15.457736] kasan_save_stack+0x45/0x70 [ 15.457949] kasan_save_track+0x18/0x40 [ 15.458558] kasan_save_alloc_info+0x3b/0x50 [ 15.458766] __kasan_kmalloc+0xb7/0xc0 [ 15.459198] __kmalloc_noprof+0x1c9/0x500 [ 15.459563] kunit_kmalloc_array+0x25/0x60 [ 15.459762] copy_user_test_oob+0xab/0x10f0 [ 15.460109] kunit_try_run_case+0x1a5/0x480 [ 15.460402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.460583] kthread+0x337/0x6f0 [ 15.460711] ret_from_fork+0x116/0x1d0 [ 15.460846] ret_from_fork_asm+0x1a/0x30 [ 15.461154] [ 15.461260] The buggy address belongs to the object at ffff88810258dd00 [ 15.461260] which belongs to the cache kmalloc-128 of size 128 [ 15.462328] The buggy address is located 0 bytes inside of [ 15.462328] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.463013] [ 15.463270] The buggy address belongs to the physical page: [ 15.463527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.464035] flags: 0x200000000000000(node=0|zone=2) [ 15.464399] page_type: f5(slab) [ 15.464586] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.465147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.465523] page dumped because: kasan: bad access detected [ 15.465918] [ 15.466127] Memory state around the buggy address: [ 15.466433] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.466813] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.467436] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.467959] ^ [ 15.468338] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.468793] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.469304] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.396652] ================================================================== [ 15.397366] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.398216] Write of size 8 at addr ffff888103aae478 by task kunit_try_catch/298 [ 15.398903] [ 15.399080] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.399128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.399141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.399163] Call Trace: [ 15.399178] <TASK> [ 15.399199] dump_stack_lvl+0x73/0xb0 [ 15.399240] print_report+0xd1/0x650 [ 15.399267] ? __virt_addr_valid+0x1db/0x2d0 [ 15.399291] ? copy_to_kernel_nofault+0x99/0x260 [ 15.399326] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.399349] ? copy_to_kernel_nofault+0x99/0x260 [ 15.399373] kasan_report+0x141/0x180 [ 15.399402] ? copy_to_kernel_nofault+0x99/0x260 [ 15.399430] kasan_check_range+0x10c/0x1c0 [ 15.399455] __kasan_check_write+0x18/0x20 [ 15.399484] copy_to_kernel_nofault+0x99/0x260 [ 15.399519] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.399543] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.399577] ? finish_task_switch.isra.0+0x153/0x700 [ 15.399602] ? __schedule+0x10cc/0x2b60 [ 15.399625] ? trace_hardirqs_on+0x37/0xe0 [ 15.399668] ? __pfx_read_tsc+0x10/0x10 [ 15.399691] ? ktime_get_ts64+0x86/0x230 [ 15.399716] kunit_try_run_case+0x1a5/0x480 [ 15.399755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.399777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.399802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.399826] ? __kthread_parkme+0x82/0x180 [ 15.399848] ? preempt_count_sub+0x50/0x80 [ 15.399871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.399895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.399919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.399945] kthread+0x337/0x6f0 [ 15.399964] ? trace_preempt_on+0x20/0xc0 [ 15.399987] ? __pfx_kthread+0x10/0x10 [ 15.400008] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.400030] ? calculate_sigpending+0x7b/0xa0 [ 15.400055] ? __pfx_kthread+0x10/0x10 [ 15.400077] ret_from_fork+0x116/0x1d0 [ 15.400095] ? __pfx_kthread+0x10/0x10 [ 15.400116] ret_from_fork_asm+0x1a/0x30 [ 15.400149] </TASK> [ 15.400161] [ 15.415672] Allocated by task 298: [ 15.416027] kasan_save_stack+0x45/0x70 [ 15.416501] kasan_save_track+0x18/0x40 [ 15.416939] kasan_save_alloc_info+0x3b/0x50 [ 15.417178] __kasan_kmalloc+0xb7/0xc0 [ 15.417453] __kmalloc_cache_noprof+0x189/0x420 [ 15.417947] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.418420] kunit_try_run_case+0x1a5/0x480 [ 15.418703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.418881] kthread+0x337/0x6f0 [ 15.419221] ret_from_fork+0x116/0x1d0 [ 15.419611] ret_from_fork_asm+0x1a/0x30 [ 15.420028] [ 15.420216] The buggy address belongs to the object at ffff888103aae400 [ 15.420216] which belongs to the cache kmalloc-128 of size 128 [ 15.421488] The buggy address is located 0 bytes to the right of [ 15.421488] allocated 120-byte region [ffff888103aae400, ffff888103aae478) [ 15.422418] [ 15.422496] The buggy address belongs to the physical page: [ 15.422674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aae [ 15.423449] flags: 0x200000000000000(node=0|zone=2) [ 15.424012] page_type: f5(slab) [ 15.424401] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.425206] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.425861] page dumped because: kasan: bad access detected [ 15.426225] [ 15.426299] Memory state around the buggy address: [ 15.426875] ffff888103aae300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.427677] ffff888103aae380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.428178] >ffff888103aae400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.428684] ^ [ 15.429246] ffff888103aae480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.429931] ffff888103aae500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.430153] ================================================================== [ 15.363483] ================================================================== [ 15.365110] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.366143] Read of size 8 at addr ffff888103aae478 by task kunit_try_catch/298 [ 15.367034] [ 15.367268] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.367333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.367348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.367372] Call Trace: [ 15.367396] <TASK> [ 15.367546] dump_stack_lvl+0x73/0xb0 [ 15.367613] print_report+0xd1/0x650 [ 15.367675] ? __virt_addr_valid+0x1db/0x2d0 [ 15.367705] ? copy_to_kernel_nofault+0x225/0x260 [ 15.367729] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.367753] ? copy_to_kernel_nofault+0x225/0x260 [ 15.367778] kasan_report+0x141/0x180 [ 15.367800] ? copy_to_kernel_nofault+0x225/0x260 [ 15.367828] __asan_report_load8_noabort+0x18/0x20 [ 15.367853] copy_to_kernel_nofault+0x225/0x260 [ 15.367879] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.367903] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.367944] ? finish_task_switch.isra.0+0x153/0x700 [ 15.367970] ? __schedule+0x10cc/0x2b60 [ 15.367993] ? trace_hardirqs_on+0x37/0xe0 [ 15.368026] ? __pfx_read_tsc+0x10/0x10 [ 15.368049] ? ktime_get_ts64+0x86/0x230 [ 15.368075] kunit_try_run_case+0x1a5/0x480 [ 15.368103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.368126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.368151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.368175] ? __kthread_parkme+0x82/0x180 [ 15.368198] ? preempt_count_sub+0x50/0x80 [ 15.368221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.368244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.368268] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.368292] kthread+0x337/0x6f0 [ 15.368312] ? trace_preempt_on+0x20/0xc0 [ 15.368335] ? __pfx_kthread+0x10/0x10 [ 15.368357] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.368389] ? calculate_sigpending+0x7b/0xa0 [ 15.368419] ? __pfx_kthread+0x10/0x10 [ 15.368440] ret_from_fork+0x116/0x1d0 [ 15.368459] ? __pfx_kthread+0x10/0x10 [ 15.368481] ret_from_fork_asm+0x1a/0x30 [ 15.368513] </TASK> [ 15.368527] [ 15.382779] Allocated by task 298: [ 15.383211] kasan_save_stack+0x45/0x70 [ 15.383487] kasan_save_track+0x18/0x40 [ 15.383879] kasan_save_alloc_info+0x3b/0x50 [ 15.384320] __kasan_kmalloc+0xb7/0xc0 [ 15.384652] __kmalloc_cache_noprof+0x189/0x420 [ 15.384833] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.385402] kunit_try_run_case+0x1a5/0x480 [ 15.385877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.386291] kthread+0x337/0x6f0 [ 15.386572] ret_from_fork+0x116/0x1d0 [ 15.386709] ret_from_fork_asm+0x1a/0x30 [ 15.386849] [ 15.386922] The buggy address belongs to the object at ffff888103aae400 [ 15.386922] which belongs to the cache kmalloc-128 of size 128 [ 15.387282] The buggy address is located 0 bytes to the right of [ 15.387282] allocated 120-byte region [ffff888103aae400, ffff888103aae478) [ 15.387657] [ 15.387735] The buggy address belongs to the physical page: [ 15.387910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aae [ 15.388152] flags: 0x200000000000000(node=0|zone=2) [ 15.388318] page_type: f5(slab) [ 15.388555] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.389328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.390105] page dumped because: kasan: bad access detected [ 15.390587] [ 15.390752] Memory state around the buggy address: [ 15.391304] ffff888103aae300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.392018] ffff888103aae380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.392747] >ffff888103aae400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.393484] ^ [ 15.394175] ffff888103aae480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.394875] ffff888103aae500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.395587] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 13.959825] ================================================================== [ 13.960059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 13.960543] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 13.960936] [ 13.961026] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.961070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.961083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.961105] Call Trace: [ 13.961119] <TASK> [ 13.961135] dump_stack_lvl+0x73/0xb0 [ 13.961163] print_report+0xd1/0x650 [ 13.961186] ? __virt_addr_valid+0x1db/0x2d0 [ 13.961210] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.961231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.961253] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.961275] kasan_report+0x141/0x180 [ 13.961298] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.961324] __asan_report_store4_noabort+0x1b/0x30 [ 13.961345] kasan_atomics_helper+0x4b6e/0x5450 [ 13.961368] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.961402] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.961428] ? kasan_atomics+0x152/0x310 [ 13.961454] kasan_atomics+0x1dc/0x310 [ 13.961476] ? __pfx_kasan_atomics+0x10/0x10 [ 13.961499] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.961527] ? __pfx_read_tsc+0x10/0x10 [ 13.961548] ? ktime_get_ts64+0x86/0x230 [ 13.961618] kunit_try_run_case+0x1a5/0x480 [ 13.961645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.961669] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.961692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.961715] ? __kthread_parkme+0x82/0x180 [ 13.961736] ? preempt_count_sub+0x50/0x80 [ 13.961760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.961784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.961807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.961832] kthread+0x337/0x6f0 [ 13.961852] ? trace_preempt_on+0x20/0xc0 [ 13.961876] ? __pfx_kthread+0x10/0x10 [ 13.961897] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.961919] ? calculate_sigpending+0x7b/0xa0 [ 13.961943] ? __pfx_kthread+0x10/0x10 [ 13.961965] ret_from_fork+0x116/0x1d0 [ 13.961984] ? __pfx_kthread+0x10/0x10 [ 13.962004] ret_from_fork_asm+0x1a/0x30 [ 13.962035] </TASK> [ 13.962046] [ 13.970311] Allocated by task 282: [ 13.970528] kasan_save_stack+0x45/0x70 [ 13.970751] kasan_save_track+0x18/0x40 [ 13.970960] kasan_save_alloc_info+0x3b/0x50 [ 13.971424] __kasan_kmalloc+0xb7/0xc0 [ 13.971641] __kmalloc_cache_noprof+0x189/0x420 [ 13.971814] kasan_atomics+0x95/0x310 [ 13.971948] kunit_try_run_case+0x1a5/0x480 [ 13.972097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.972348] kthread+0x337/0x6f0 [ 13.972558] ret_from_fork+0x116/0x1d0 [ 13.972887] ret_from_fork_asm+0x1a/0x30 [ 13.973064] [ 13.973138] The buggy address belongs to the object at ffff8881025a0d80 [ 13.973138] which belongs to the cache kmalloc-64 of size 64 [ 13.973504] The buggy address is located 0 bytes to the right of [ 13.973504] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 13.974563] [ 13.974675] The buggy address belongs to the physical page: [ 13.974936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 13.975268] flags: 0x200000000000000(node=0|zone=2) [ 13.975446] page_type: f5(slab) [ 13.975676] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.976118] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.976502] page dumped because: kasan: bad access detected [ 13.976678] [ 13.976748] Memory state around the buggy address: [ 13.976904] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.977152] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.977482] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.977808] ^ [ 13.978034] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.978495] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.978769] ================================================================== [ 14.316575] ================================================================== [ 14.317047] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.317440] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.317806] [ 14.318071] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.318125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.318151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.318175] Call Trace: [ 14.318196] <TASK> [ 14.318219] dump_stack_lvl+0x73/0xb0 [ 14.318279] print_report+0xd1/0x650 [ 14.318305] ? __virt_addr_valid+0x1db/0x2d0 [ 14.318360] ? kasan_atomics_helper+0xc70/0x5450 [ 14.318390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.318413] ? kasan_atomics_helper+0xc70/0x5450 [ 14.318435] kasan_report+0x141/0x180 [ 14.318457] ? kasan_atomics_helper+0xc70/0x5450 [ 14.318484] kasan_check_range+0x10c/0x1c0 [ 14.318508] __kasan_check_write+0x18/0x20 [ 14.318527] kasan_atomics_helper+0xc70/0x5450 [ 14.318550] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.318583] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.318614] ? kasan_atomics+0x152/0x310 [ 14.318670] kasan_atomics+0x1dc/0x310 [ 14.318693] ? __pfx_kasan_atomics+0x10/0x10 [ 14.318727] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.318754] ? __pfx_read_tsc+0x10/0x10 [ 14.318777] ? ktime_get_ts64+0x86/0x230 [ 14.318831] kunit_try_run_case+0x1a5/0x480 [ 14.318857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.318890] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.318913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.318999] ? __kthread_parkme+0x82/0x180 [ 14.319024] ? preempt_count_sub+0x50/0x80 [ 14.319049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.319074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.319099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.319121] kthread+0x337/0x6f0 [ 14.319143] ? trace_preempt_on+0x20/0xc0 [ 14.319170] ? __pfx_kthread+0x10/0x10 [ 14.319191] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.319213] ? calculate_sigpending+0x7b/0xa0 [ 14.319238] ? __pfx_kthread+0x10/0x10 [ 14.319259] ret_from_fork+0x116/0x1d0 [ 14.319279] ? __pfx_kthread+0x10/0x10 [ 14.319299] ret_from_fork_asm+0x1a/0x30 [ 14.319332] </TASK> [ 14.319345] [ 14.330450] Allocated by task 282: [ 14.330756] kasan_save_stack+0x45/0x70 [ 14.331110] kasan_save_track+0x18/0x40 [ 14.331314] kasan_save_alloc_info+0x3b/0x50 [ 14.331588] __kasan_kmalloc+0xb7/0xc0 [ 14.331781] __kmalloc_cache_noprof+0x189/0x420 [ 14.332165] kasan_atomics+0x95/0x310 [ 14.332321] kunit_try_run_case+0x1a5/0x480 [ 14.332607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.332890] kthread+0x337/0x6f0 [ 14.333402] ret_from_fork+0x116/0x1d0 [ 14.333555] ret_from_fork_asm+0x1a/0x30 [ 14.333753] [ 14.334053] The buggy address belongs to the object at ffff8881025a0d80 [ 14.334053] which belongs to the cache kmalloc-64 of size 64 [ 14.334570] The buggy address is located 0 bytes to the right of [ 14.334570] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.335435] [ 14.335517] The buggy address belongs to the physical page: [ 14.335905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.336388] flags: 0x200000000000000(node=0|zone=2) [ 14.336653] page_type: f5(slab) [ 14.336847] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.337363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.338208] page dumped because: kasan: bad access detected [ 14.338525] [ 14.338613] Memory state around the buggy address: [ 14.338999] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.339359] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.339649] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.340016] ^ [ 14.340449] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.340782] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.341194] ================================================================== [ 14.646953] ================================================================== [ 14.647629] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.648390] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.649102] [ 14.649476] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.649525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.649538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.649561] Call Trace: [ 14.649578] <TASK> [ 14.649629] dump_stack_lvl+0x73/0xb0 [ 14.649659] print_report+0xd1/0x650 [ 14.649683] ? __virt_addr_valid+0x1db/0x2d0 [ 14.649707] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.649731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.649754] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.649778] kasan_report+0x141/0x180 [ 14.649800] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.649827] kasan_check_range+0x10c/0x1c0 [ 14.649851] __kasan_check_write+0x18/0x20 [ 14.649871] kasan_atomics_helper+0x12e6/0x5450 [ 14.649894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.649916] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.649943] ? kasan_atomics+0x152/0x310 [ 14.649971] kasan_atomics+0x1dc/0x310 [ 14.649994] ? __pfx_kasan_atomics+0x10/0x10 [ 14.650015] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.650042] ? __pfx_read_tsc+0x10/0x10 [ 14.650065] ? ktime_get_ts64+0x86/0x230 [ 14.650090] kunit_try_run_case+0x1a5/0x480 [ 14.650115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.650138] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.650160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.650184] ? __kthread_parkme+0x82/0x180 [ 14.650205] ? preempt_count_sub+0x50/0x80 [ 14.650229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.650253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.650276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.650300] kthread+0x337/0x6f0 [ 14.650320] ? trace_preempt_on+0x20/0xc0 [ 14.650345] ? __pfx_kthread+0x10/0x10 [ 14.650366] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.650399] ? calculate_sigpending+0x7b/0xa0 [ 14.650423] ? __pfx_kthread+0x10/0x10 [ 14.650445] ret_from_fork+0x116/0x1d0 [ 14.650464] ? __pfx_kthread+0x10/0x10 [ 14.650484] ret_from_fork_asm+0x1a/0x30 [ 14.650515] </TASK> [ 14.650528] [ 14.663556] Allocated by task 282: [ 14.663736] kasan_save_stack+0x45/0x70 [ 14.664126] kasan_save_track+0x18/0x40 [ 14.664434] kasan_save_alloc_info+0x3b/0x50 [ 14.664811] __kasan_kmalloc+0xb7/0xc0 [ 14.665243] __kmalloc_cache_noprof+0x189/0x420 [ 14.665486] kasan_atomics+0x95/0x310 [ 14.665946] kunit_try_run_case+0x1a5/0x480 [ 14.666428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.666672] kthread+0x337/0x6f0 [ 14.666841] ret_from_fork+0x116/0x1d0 [ 14.667223] ret_from_fork_asm+0x1a/0x30 [ 14.667567] [ 14.667806] The buggy address belongs to the object at ffff8881025a0d80 [ 14.667806] which belongs to the cache kmalloc-64 of size 64 [ 14.668584] The buggy address is located 0 bytes to the right of [ 14.668584] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.669548] [ 14.669782] The buggy address belongs to the physical page: [ 14.670236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.670800] flags: 0x200000000000000(node=0|zone=2) [ 14.671216] page_type: f5(slab) [ 14.671495] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.672106] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.672425] page dumped because: kasan: bad access detected [ 14.672959] [ 14.673207] Memory state around the buggy address: [ 14.673483] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.674179] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.674486] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.674944] ^ [ 14.675370] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.675989] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.676355] ================================================================== [ 14.894427] ================================================================== [ 14.894804] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 14.895270] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.895582] [ 14.895665] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.895716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.895763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.895784] Call Trace: [ 14.895799] <TASK> [ 14.895815] dump_stack_lvl+0x73/0xb0 [ 14.895860] print_report+0xd1/0x650 [ 14.895883] ? __virt_addr_valid+0x1db/0x2d0 [ 14.895905] ? kasan_atomics_helper+0x1818/0x5450 [ 14.895937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.895959] ? kasan_atomics_helper+0x1818/0x5450 [ 14.895981] kasan_report+0x141/0x180 [ 14.896003] ? kasan_atomics_helper+0x1818/0x5450 [ 14.896045] kasan_check_range+0x10c/0x1c0 [ 14.896069] __kasan_check_write+0x18/0x20 [ 14.896089] kasan_atomics_helper+0x1818/0x5450 [ 14.896112] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.896135] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.896160] ? kasan_atomics+0x152/0x310 [ 14.896187] kasan_atomics+0x1dc/0x310 [ 14.896209] ? __pfx_kasan_atomics+0x10/0x10 [ 14.896232] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.896258] ? __pfx_read_tsc+0x10/0x10 [ 14.896280] ? ktime_get_ts64+0x86/0x230 [ 14.896306] kunit_try_run_case+0x1a5/0x480 [ 14.896330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.896353] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.896387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.896414] ? __kthread_parkme+0x82/0x180 [ 14.896435] ? preempt_count_sub+0x50/0x80 [ 14.896459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.896483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.896507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.896532] kthread+0x337/0x6f0 [ 14.896552] ? trace_preempt_on+0x20/0xc0 [ 14.896586] ? __pfx_kthread+0x10/0x10 [ 14.896627] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.896649] ? calculate_sigpending+0x7b/0xa0 [ 14.896673] ? __pfx_kthread+0x10/0x10 [ 14.896695] ret_from_fork+0x116/0x1d0 [ 14.896714] ? __pfx_kthread+0x10/0x10 [ 14.896735] ret_from_fork_asm+0x1a/0x30 [ 14.896764] </TASK> [ 14.896793] [ 14.904422] Allocated by task 282: [ 14.904641] kasan_save_stack+0x45/0x70 [ 14.904860] kasan_save_track+0x18/0x40 [ 14.905071] kasan_save_alloc_info+0x3b/0x50 [ 14.905286] __kasan_kmalloc+0xb7/0xc0 [ 14.905482] __kmalloc_cache_noprof+0x189/0x420 [ 14.905829] kasan_atomics+0x95/0x310 [ 14.906030] kunit_try_run_case+0x1a5/0x480 [ 14.906340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.906581] kthread+0x337/0x6f0 [ 14.906705] ret_from_fork+0x116/0x1d0 [ 14.906836] ret_from_fork_asm+0x1a/0x30 [ 14.906971] [ 14.907042] The buggy address belongs to the object at ffff8881025a0d80 [ 14.907042] which belongs to the cache kmalloc-64 of size 64 [ 14.907551] The buggy address is located 0 bytes to the right of [ 14.907551] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.908004] [ 14.908079] The buggy address belongs to the physical page: [ 14.908252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.908563] flags: 0x200000000000000(node=0|zone=2) [ 14.908825] page_type: f5(slab) [ 14.908992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.909350] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.909857] page dumped because: kasan: bad access detected [ 14.910111] [ 14.910202] Memory state around the buggy address: [ 14.910431] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.910807] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.911096] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.911416] ^ [ 14.911582] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.911796] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.912255] ================================================================== [ 15.119212] ================================================================== [ 15.119787] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.120545] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.120892] [ 15.121028] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.121071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.121085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.121106] Call Trace: [ 15.121121] <TASK> [ 15.121147] dump_stack_lvl+0x73/0xb0 [ 15.121179] print_report+0xd1/0x650 [ 15.121203] ? __virt_addr_valid+0x1db/0x2d0 [ 15.121237] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.121259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.121281] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.121312] kasan_report+0x141/0x180 [ 15.121335] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.121362] kasan_check_range+0x10c/0x1c0 [ 15.121406] __kasan_check_write+0x18/0x20 [ 15.121426] kasan_atomics_helper+0x1eaa/0x5450 [ 15.121449] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.121479] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.121505] ? kasan_atomics+0x152/0x310 [ 15.121531] kasan_atomics+0x1dc/0x310 [ 15.121565] ? __pfx_kasan_atomics+0x10/0x10 [ 15.121598] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.121625] ? __pfx_read_tsc+0x10/0x10 [ 15.121647] ? ktime_get_ts64+0x86/0x230 [ 15.121680] kunit_try_run_case+0x1a5/0x480 [ 15.121705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.121738] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.121761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.121784] ? __kthread_parkme+0x82/0x180 [ 15.121805] ? preempt_count_sub+0x50/0x80 [ 15.121837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.121861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.121885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.121920] kthread+0x337/0x6f0 [ 15.121939] ? trace_preempt_on+0x20/0xc0 [ 15.121963] ? __pfx_kthread+0x10/0x10 [ 15.121985] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.122015] ? calculate_sigpending+0x7b/0xa0 [ 15.122040] ? __pfx_kthread+0x10/0x10 [ 15.122062] ret_from_fork+0x116/0x1d0 [ 15.122090] ? __pfx_kthread+0x10/0x10 [ 15.122111] ret_from_fork_asm+0x1a/0x30 [ 15.122142] </TASK> [ 15.122154] [ 15.130057] Allocated by task 282: [ 15.130189] kasan_save_stack+0x45/0x70 [ 15.130341] kasan_save_track+0x18/0x40 [ 15.130576] kasan_save_alloc_info+0x3b/0x50 [ 15.130817] __kasan_kmalloc+0xb7/0xc0 [ 15.131007] __kmalloc_cache_noprof+0x189/0x420 [ 15.131231] kasan_atomics+0x95/0x310 [ 15.131431] kunit_try_run_case+0x1a5/0x480 [ 15.131704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.131886] kthread+0x337/0x6f0 [ 15.132013] ret_from_fork+0x116/0x1d0 [ 15.132146] ret_from_fork_asm+0x1a/0x30 [ 15.132301] [ 15.132425] The buggy address belongs to the object at ffff8881025a0d80 [ 15.132425] which belongs to the cache kmalloc-64 of size 64 [ 15.133008] The buggy address is located 0 bytes to the right of [ 15.133008] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.133608] [ 15.133709] The buggy address belongs to the physical page: [ 15.133964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.134313] flags: 0x200000000000000(node=0|zone=2) [ 15.134566] page_type: f5(slab) [ 15.134735] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.135084] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.135423] page dumped because: kasan: bad access detected [ 15.135769] [ 15.135848] Memory state around the buggy address: [ 15.136004] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.136221] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.136586] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.136902] ^ [ 15.137090] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.137308] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.137660] ================================================================== [ 14.796788] ================================================================== [ 14.797272] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.797762] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.798100] [ 14.798201] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.798242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.798255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.798277] Call Trace: [ 14.798292] <TASK> [ 14.798309] dump_stack_lvl+0x73/0xb0 [ 14.798336] print_report+0xd1/0x650 [ 14.798359] ? __virt_addr_valid+0x1db/0x2d0 [ 14.798394] ? kasan_atomics_helper+0x151d/0x5450 [ 14.798415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.798437] ? kasan_atomics_helper+0x151d/0x5450 [ 14.798480] kasan_report+0x141/0x180 [ 14.798516] ? kasan_atomics_helper+0x151d/0x5450 [ 14.798554] kasan_check_range+0x10c/0x1c0 [ 14.798596] __kasan_check_write+0x18/0x20 [ 14.798616] kasan_atomics_helper+0x151d/0x5450 [ 14.798639] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.798662] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.798686] ? kasan_atomics+0x152/0x310 [ 14.798713] kasan_atomics+0x1dc/0x310 [ 14.798735] ? __pfx_kasan_atomics+0x10/0x10 [ 14.798758] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.798803] ? __pfx_read_tsc+0x10/0x10 [ 14.798824] ? ktime_get_ts64+0x86/0x230 [ 14.798850] kunit_try_run_case+0x1a5/0x480 [ 14.798888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.798911] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.798934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.798957] ? __kthread_parkme+0x82/0x180 [ 14.798976] ? preempt_count_sub+0x50/0x80 [ 14.799001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.799025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.799048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.799072] kthread+0x337/0x6f0 [ 14.799091] ? trace_preempt_on+0x20/0xc0 [ 14.799115] ? __pfx_kthread+0x10/0x10 [ 14.799135] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.799157] ? calculate_sigpending+0x7b/0xa0 [ 14.799181] ? __pfx_kthread+0x10/0x10 [ 14.799202] ret_from_fork+0x116/0x1d0 [ 14.799220] ? __pfx_kthread+0x10/0x10 [ 14.799242] ret_from_fork_asm+0x1a/0x30 [ 14.799271] </TASK> [ 14.799282] [ 14.807276] Allocated by task 282: [ 14.807463] kasan_save_stack+0x45/0x70 [ 14.807681] kasan_save_track+0x18/0x40 [ 14.807859] kasan_save_alloc_info+0x3b/0x50 [ 14.808065] __kasan_kmalloc+0xb7/0xc0 [ 14.808233] __kmalloc_cache_noprof+0x189/0x420 [ 14.808402] kasan_atomics+0x95/0x310 [ 14.808602] kunit_try_run_case+0x1a5/0x480 [ 14.808811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.809085] kthread+0x337/0x6f0 [ 14.809275] ret_from_fork+0x116/0x1d0 [ 14.809456] ret_from_fork_asm+0x1a/0x30 [ 14.809682] [ 14.809801] The buggy address belongs to the object at ffff8881025a0d80 [ 14.809801] which belongs to the cache kmalloc-64 of size 64 [ 14.810297] The buggy address is located 0 bytes to the right of [ 14.810297] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.810883] [ 14.810984] The buggy address belongs to the physical page: [ 14.811179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.811447] flags: 0x200000000000000(node=0|zone=2) [ 14.811732] page_type: f5(slab) [ 14.811896] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.812174] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.812413] page dumped because: kasan: bad access detected [ 14.812759] [ 14.812876] Memory state around the buggy address: [ 14.813115] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.813466] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.813815] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.814101] ^ [ 14.814332] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814694] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814962] ================================================================== [ 14.618596] ================================================================== [ 14.618942] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.619267] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.619756] [ 14.620124] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.620182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.620199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.620221] Call Trace: [ 14.620243] <TASK> [ 14.620272] dump_stack_lvl+0x73/0xb0 [ 14.620303] print_report+0xd1/0x650 [ 14.620330] ? __virt_addr_valid+0x1db/0x2d0 [ 14.620356] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.620387] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.620414] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.620435] kasan_report+0x141/0x180 [ 14.620459] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.620485] __asan_report_load4_noabort+0x18/0x20 [ 14.620510] kasan_atomics_helper+0x49e8/0x5450 [ 14.620533] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.620555] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.620628] ? kasan_atomics+0x152/0x310 [ 14.620655] kasan_atomics+0x1dc/0x310 [ 14.620677] ? __pfx_kasan_atomics+0x10/0x10 [ 14.620700] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.620727] ? __pfx_read_tsc+0x10/0x10 [ 14.620749] ? ktime_get_ts64+0x86/0x230 [ 14.620774] kunit_try_run_case+0x1a5/0x480 [ 14.620802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.620825] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.620849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.620872] ? __kthread_parkme+0x82/0x180 [ 14.620895] ? preempt_count_sub+0x50/0x80 [ 14.620940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.620964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.620988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.621012] kthread+0x337/0x6f0 [ 14.621032] ? trace_preempt_on+0x20/0xc0 [ 14.621058] ? __pfx_kthread+0x10/0x10 [ 14.621080] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.621101] ? calculate_sigpending+0x7b/0xa0 [ 14.621126] ? __pfx_kthread+0x10/0x10 [ 14.621147] ret_from_fork+0x116/0x1d0 [ 14.621167] ? __pfx_kthread+0x10/0x10 [ 14.621187] ret_from_fork_asm+0x1a/0x30 [ 14.621219] </TASK> [ 14.621231] [ 14.634121] Allocated by task 282: [ 14.634503] kasan_save_stack+0x45/0x70 [ 14.634739] kasan_save_track+0x18/0x40 [ 14.635066] kasan_save_alloc_info+0x3b/0x50 [ 14.635327] __kasan_kmalloc+0xb7/0xc0 [ 14.635655] __kmalloc_cache_noprof+0x189/0x420 [ 14.635869] kasan_atomics+0x95/0x310 [ 14.636441] kunit_try_run_case+0x1a5/0x480 [ 14.636733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.637340] kthread+0x337/0x6f0 [ 14.637647] ret_from_fork+0x116/0x1d0 [ 14.637839] ret_from_fork_asm+0x1a/0x30 [ 14.638186] [ 14.638428] The buggy address belongs to the object at ffff8881025a0d80 [ 14.638428] which belongs to the cache kmalloc-64 of size 64 [ 14.639443] The buggy address is located 0 bytes to the right of [ 14.639443] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.640330] [ 14.640581] The buggy address belongs to the physical page: [ 14.641109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.641687] flags: 0x200000000000000(node=0|zone=2) [ 14.642051] page_type: f5(slab) [ 14.642189] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.642509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.643445] page dumped because: kasan: bad access detected [ 14.643885] [ 14.643961] Memory state around the buggy address: [ 14.644174] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.644405] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.644620] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.644828] ^ [ 14.644980] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.645192] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.645757] ================================================================== [ 13.920994] ================================================================== [ 13.921412] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 13.921757] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 13.922125] [ 13.922214] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.922259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.922271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.922292] Call Trace: [ 13.922309] <TASK> [ 13.922325] dump_stack_lvl+0x73/0xb0 [ 13.922353] print_report+0xd1/0x650 [ 13.922388] ? __virt_addr_valid+0x1db/0x2d0 [ 13.922411] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.922430] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.922452] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.922473] kasan_report+0x141/0x180 [ 13.922494] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.922519] __asan_report_store4_noabort+0x1b/0x30 [ 13.922539] kasan_atomics_helper+0x4ba2/0x5450 [ 13.922561] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.922582] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.922606] ? kasan_atomics+0x152/0x310 [ 13.922631] kasan_atomics+0x1dc/0x310 [ 13.922653] ? __pfx_kasan_atomics+0x10/0x10 [ 13.922674] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.922700] ? __pfx_read_tsc+0x10/0x10 [ 13.922720] ? ktime_get_ts64+0x86/0x230 [ 13.922744] kunit_try_run_case+0x1a5/0x480 [ 13.922768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.922790] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.922811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.922835] ? __kthread_parkme+0x82/0x180 [ 13.922856] ? preempt_count_sub+0x50/0x80 [ 13.922880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.922904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.922926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.922948] kthread+0x337/0x6f0 [ 13.922967] ? trace_preempt_on+0x20/0xc0 [ 13.922993] ? __pfx_kthread+0x10/0x10 [ 13.923012] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.923034] ? calculate_sigpending+0x7b/0xa0 [ 13.923057] ? __pfx_kthread+0x10/0x10 [ 13.923078] ret_from_fork+0x116/0x1d0 [ 13.923096] ? __pfx_kthread+0x10/0x10 [ 13.923116] ret_from_fork_asm+0x1a/0x30 [ 13.923146] </TASK> [ 13.923157] [ 13.931164] Allocated by task 282: [ 13.931302] kasan_save_stack+0x45/0x70 [ 13.931519] kasan_save_track+0x18/0x40 [ 13.931731] kasan_save_alloc_info+0x3b/0x50 [ 13.931959] __kasan_kmalloc+0xb7/0xc0 [ 13.932119] __kmalloc_cache_noprof+0x189/0x420 [ 13.932327] kasan_atomics+0x95/0x310 [ 13.932494] kunit_try_run_case+0x1a5/0x480 [ 13.932642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.932860] kthread+0x337/0x6f0 [ 13.933025] ret_from_fork+0x116/0x1d0 [ 13.933211] ret_from_fork_asm+0x1a/0x30 [ 13.933623] [ 13.933705] The buggy address belongs to the object at ffff8881025a0d80 [ 13.933705] which belongs to the cache kmalloc-64 of size 64 [ 13.934321] The buggy address is located 0 bytes to the right of [ 13.934321] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 13.934810] [ 13.934885] The buggy address belongs to the physical page: [ 13.935058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 13.935297] flags: 0x200000000000000(node=0|zone=2) [ 13.935533] page_type: f5(slab) [ 13.935702] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.936305] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.936591] page dumped because: kasan: bad access detected [ 13.936841] [ 13.936944] Memory state around the buggy address: [ 13.937170] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.937488] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.938101] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.938411] ^ [ 13.938601] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.938905] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.939149] ================================================================== [ 15.244005] ================================================================== [ 15.244334] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.245508] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.245757] [ 15.245854] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.245903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.245916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.245941] Call Trace: [ 15.245955] <TASK> [ 15.245974] dump_stack_lvl+0x73/0xb0 [ 15.246007] print_report+0xd1/0x650 [ 15.246033] ? __virt_addr_valid+0x1db/0x2d0 [ 15.246059] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.246082] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.246104] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.246128] kasan_report+0x141/0x180 [ 15.246151] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.246177] __asan_report_load8_noabort+0x18/0x20 [ 15.246202] kasan_atomics_helper+0x4fb2/0x5450 [ 15.246226] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.246247] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.246273] ? kasan_atomics+0x152/0x310 [ 15.246299] kasan_atomics+0x1dc/0x310 [ 15.246323] ? __pfx_kasan_atomics+0x10/0x10 [ 15.246344] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.246372] ? __pfx_read_tsc+0x10/0x10 [ 15.246406] ? ktime_get_ts64+0x86/0x230 [ 15.246432] kunit_try_run_case+0x1a5/0x480 [ 15.246457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.246479] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.246503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.246526] ? __kthread_parkme+0x82/0x180 [ 15.246547] ? preempt_count_sub+0x50/0x80 [ 15.246573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.246597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.246654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.246677] kthread+0x337/0x6f0 [ 15.246697] ? trace_preempt_on+0x20/0xc0 [ 15.246726] ? __pfx_kthread+0x10/0x10 [ 15.246749] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.246773] ? calculate_sigpending+0x7b/0xa0 [ 15.246798] ? __pfx_kthread+0x10/0x10 [ 15.246820] ret_from_fork+0x116/0x1d0 [ 15.246839] ? __pfx_kthread+0x10/0x10 [ 15.246859] ret_from_fork_asm+0x1a/0x30 [ 15.246892] </TASK> [ 15.246905] [ 15.257681] Allocated by task 282: [ 15.258042] kasan_save_stack+0x45/0x70 [ 15.258467] kasan_save_track+0x18/0x40 [ 15.258874] kasan_save_alloc_info+0x3b/0x50 [ 15.259266] __kasan_kmalloc+0xb7/0xc0 [ 15.259663] __kmalloc_cache_noprof+0x189/0x420 [ 15.260074] kasan_atomics+0x95/0x310 [ 15.260429] kunit_try_run_case+0x1a5/0x480 [ 15.260829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.261312] kthread+0x337/0x6f0 [ 15.261629] ret_from_fork+0x116/0x1d0 [ 15.261937] ret_from_fork_asm+0x1a/0x30 [ 15.262080] [ 15.262153] The buggy address belongs to the object at ffff8881025a0d80 [ 15.262153] which belongs to the cache kmalloc-64 of size 64 [ 15.262516] The buggy address is located 0 bytes to the right of [ 15.262516] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.262972] [ 15.263070] The buggy address belongs to the physical page: [ 15.263320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.263604] flags: 0x200000000000000(node=0|zone=2) [ 15.263875] page_type: f5(slab) [ 15.264049] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.264353] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.264673] page dumped because: kasan: bad access detected [ 15.264965] [ 15.265041] Memory state around the buggy address: [ 15.265225] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.265564] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.265841] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.266168] ^ [ 15.266384] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.266721] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.267004] ================================================================== [ 14.492987] ================================================================== [ 14.493212] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.493955] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.494286] [ 14.494401] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.494443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.494455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.494476] Call Trace: [ 14.494491] <TASK> [ 14.494508] dump_stack_lvl+0x73/0xb0 [ 14.494535] print_report+0xd1/0x650 [ 14.494571] ? __virt_addr_valid+0x1db/0x2d0 [ 14.494595] ? kasan_atomics_helper+0x1079/0x5450 [ 14.494623] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.494645] ? kasan_atomics_helper+0x1079/0x5450 [ 14.494667] kasan_report+0x141/0x180 [ 14.494690] ? kasan_atomics_helper+0x1079/0x5450 [ 14.494717] kasan_check_range+0x10c/0x1c0 [ 14.494742] __kasan_check_write+0x18/0x20 [ 14.494762] kasan_atomics_helper+0x1079/0x5450 [ 14.494786] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.494811] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.494836] ? kasan_atomics+0x152/0x310 [ 14.494864] kasan_atomics+0x1dc/0x310 [ 14.494888] ? __pfx_kasan_atomics+0x10/0x10 [ 14.494912] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.494950] ? __pfx_read_tsc+0x10/0x10 [ 14.494970] ? ktime_get_ts64+0x86/0x230 [ 14.494995] kunit_try_run_case+0x1a5/0x480 [ 14.495019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495043] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.495066] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.495089] ? __kthread_parkme+0x82/0x180 [ 14.495110] ? preempt_count_sub+0x50/0x80 [ 14.495135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.495185] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.495208] kthread+0x337/0x6f0 [ 14.495228] ? trace_preempt_on+0x20/0xc0 [ 14.495264] ? __pfx_kthread+0x10/0x10 [ 14.495285] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.495306] ? calculate_sigpending+0x7b/0xa0 [ 14.495342] ? __pfx_kthread+0x10/0x10 [ 14.495364] ret_from_fork+0x116/0x1d0 [ 14.495391] ? __pfx_kthread+0x10/0x10 [ 14.495412] ret_from_fork_asm+0x1a/0x30 [ 14.495443] </TASK> [ 14.495455] [ 14.505311] Allocated by task 282: [ 14.505560] kasan_save_stack+0x45/0x70 [ 14.505878] kasan_save_track+0x18/0x40 [ 14.506021] kasan_save_alloc_info+0x3b/0x50 [ 14.506429] __kasan_kmalloc+0xb7/0xc0 [ 14.506683] __kmalloc_cache_noprof+0x189/0x420 [ 14.506922] kasan_atomics+0x95/0x310 [ 14.507190] kunit_try_run_case+0x1a5/0x480 [ 14.507423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.507700] kthread+0x337/0x6f0 [ 14.507896] ret_from_fork+0x116/0x1d0 [ 14.508132] ret_from_fork_asm+0x1a/0x30 [ 14.508422] [ 14.508571] The buggy address belongs to the object at ffff8881025a0d80 [ 14.508571] which belongs to the cache kmalloc-64 of size 64 [ 14.509183] The buggy address is located 0 bytes to the right of [ 14.509183] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.509808] [ 14.509920] The buggy address belongs to the physical page: [ 14.510205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.510585] flags: 0x200000000000000(node=0|zone=2) [ 14.510821] page_type: f5(slab) [ 14.511023] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.511406] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.511790] page dumped because: kasan: bad access detected [ 14.512245] [ 14.512337] Memory state around the buggy address: [ 14.512565] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.513244] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.513559] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.513775] ^ [ 14.513923] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.514129] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.514330] ================================================================== [ 14.291231] ================================================================== [ 14.291543] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.291887] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.292489] [ 14.292593] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.292641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.292653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.292676] Call Trace: [ 14.292696] <TASK> [ 14.292718] dump_stack_lvl+0x73/0xb0 [ 14.292750] print_report+0xd1/0x650 [ 14.292776] ? __virt_addr_valid+0x1db/0x2d0 [ 14.292799] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.292856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.292895] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.292980] kasan_report+0x141/0x180 [ 14.293006] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.293033] kasan_check_range+0x10c/0x1c0 [ 14.293057] __kasan_check_write+0x18/0x20 [ 14.293077] kasan_atomics_helper+0xb6a/0x5450 [ 14.293100] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.293122] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.293185] ? kasan_atomics+0x152/0x310 [ 14.293213] kasan_atomics+0x1dc/0x310 [ 14.293236] ? __pfx_kasan_atomics+0x10/0x10 [ 14.293270] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.293296] ? __pfx_read_tsc+0x10/0x10 [ 14.293347] ? ktime_get_ts64+0x86/0x230 [ 14.293389] kunit_try_run_case+0x1a5/0x480 [ 14.293415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.293438] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.293460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.293484] ? __kthread_parkme+0x82/0x180 [ 14.293505] ? preempt_count_sub+0x50/0x80 [ 14.293530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.293555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.293590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.293613] kthread+0x337/0x6f0 [ 14.293634] ? trace_preempt_on+0x20/0xc0 [ 14.293659] ? __pfx_kthread+0x10/0x10 [ 14.293680] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.293702] ? calculate_sigpending+0x7b/0xa0 [ 14.293726] ? __pfx_kthread+0x10/0x10 [ 14.293748] ret_from_fork+0x116/0x1d0 [ 14.293767] ? __pfx_kthread+0x10/0x10 [ 14.293788] ret_from_fork_asm+0x1a/0x30 [ 14.293820] </TASK> [ 14.293834] [ 14.304302] Allocated by task 282: [ 14.304476] kasan_save_stack+0x45/0x70 [ 14.305033] kasan_save_track+0x18/0x40 [ 14.305249] kasan_save_alloc_info+0x3b/0x50 [ 14.305568] __kasan_kmalloc+0xb7/0xc0 [ 14.305728] __kmalloc_cache_noprof+0x189/0x420 [ 14.306050] kasan_atomics+0x95/0x310 [ 14.306266] kunit_try_run_case+0x1a5/0x480 [ 14.306521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.306806] kthread+0x337/0x6f0 [ 14.307098] ret_from_fork+0x116/0x1d0 [ 14.307335] ret_from_fork_asm+0x1a/0x30 [ 14.307561] [ 14.307701] The buggy address belongs to the object at ffff8881025a0d80 [ 14.307701] which belongs to the cache kmalloc-64 of size 64 [ 14.308612] The buggy address is located 0 bytes to the right of [ 14.308612] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.309327] [ 14.309446] The buggy address belongs to the physical page: [ 14.309775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.310296] flags: 0x200000000000000(node=0|zone=2) [ 14.310486] page_type: f5(slab) [ 14.310636] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.311095] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.311494] page dumped because: kasan: bad access detected [ 14.311867] [ 14.312101] Memory state around the buggy address: [ 14.312866] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.313341] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.314184] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.314916] ^ [ 14.315081] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.315300] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.315538] ================================================================== [ 14.514654] ================================================================== [ 14.514984] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.515315] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.515989] [ 14.516099] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.516176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.516189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.516210] Call Trace: [ 14.516252] <TASK> [ 14.516281] dump_stack_lvl+0x73/0xb0 [ 14.516321] print_report+0xd1/0x650 [ 14.516358] ? __virt_addr_valid+0x1db/0x2d0 [ 14.516411] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.516456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.516497] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.516530] kasan_report+0x141/0x180 [ 14.516553] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.516590] __asan_report_load4_noabort+0x18/0x20 [ 14.516614] kasan_atomics_helper+0x4a1c/0x5450 [ 14.516638] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.516661] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.516687] ? kasan_atomics+0x152/0x310 [ 14.516732] kasan_atomics+0x1dc/0x310 [ 14.516765] ? __pfx_kasan_atomics+0x10/0x10 [ 14.516788] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.516824] ? __pfx_read_tsc+0x10/0x10 [ 14.516846] ? ktime_get_ts64+0x86/0x230 [ 14.516870] kunit_try_run_case+0x1a5/0x480 [ 14.516895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.516918] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.516941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.516964] ? __kthread_parkme+0x82/0x180 [ 14.516985] ? preempt_count_sub+0x50/0x80 [ 14.517008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.517032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.517081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.517105] kthread+0x337/0x6f0 [ 14.517125] ? trace_preempt_on+0x20/0xc0 [ 14.517158] ? __pfx_kthread+0x10/0x10 [ 14.517180] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.517202] ? calculate_sigpending+0x7b/0xa0 [ 14.517225] ? __pfx_kthread+0x10/0x10 [ 14.517247] ret_from_fork+0x116/0x1d0 [ 14.517265] ? __pfx_kthread+0x10/0x10 [ 14.517286] ret_from_fork_asm+0x1a/0x30 [ 14.517317] </TASK> [ 14.517329] [ 14.526342] Allocated by task 282: [ 14.526559] kasan_save_stack+0x45/0x70 [ 14.526882] kasan_save_track+0x18/0x40 [ 14.527228] kasan_save_alloc_info+0x3b/0x50 [ 14.527413] __kasan_kmalloc+0xb7/0xc0 [ 14.527608] __kmalloc_cache_noprof+0x189/0x420 [ 14.527811] kasan_atomics+0x95/0x310 [ 14.527986] kunit_try_run_case+0x1a5/0x480 [ 14.528286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.528575] kthread+0x337/0x6f0 [ 14.528719] ret_from_fork+0x116/0x1d0 [ 14.529036] ret_from_fork_asm+0x1a/0x30 [ 14.529221] [ 14.529333] The buggy address belongs to the object at ffff8881025a0d80 [ 14.529333] which belongs to the cache kmalloc-64 of size 64 [ 14.529805] The buggy address is located 0 bytes to the right of [ 14.529805] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.530397] [ 14.530520] The buggy address belongs to the physical page: [ 14.530824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.531256] flags: 0x200000000000000(node=0|zone=2) [ 14.531518] page_type: f5(slab) [ 14.531681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.532011] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.532336] page dumped because: kasan: bad access detected [ 14.532590] [ 14.532684] Memory state around the buggy address: [ 14.532899] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.533226] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.533501] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.533922] ^ [ 14.534071] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.534277] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.534732] ================================================================== [ 14.177804] ================================================================== [ 14.178159] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.178505] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.178903] [ 14.179047] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.179108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.179122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.179162] Call Trace: [ 14.179178] <TASK> [ 14.179196] dump_stack_lvl+0x73/0xb0 [ 14.179250] print_report+0xd1/0x650 [ 14.179275] ? __virt_addr_valid+0x1db/0x2d0 [ 14.179299] ? kasan_atomics_helper+0x860/0x5450 [ 14.179320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.179343] ? kasan_atomics_helper+0x860/0x5450 [ 14.179364] kasan_report+0x141/0x180 [ 14.179397] ? kasan_atomics_helper+0x860/0x5450 [ 14.179424] kasan_check_range+0x10c/0x1c0 [ 14.179448] __kasan_check_write+0x18/0x20 [ 14.179468] kasan_atomics_helper+0x860/0x5450 [ 14.179508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.179531] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.179575] ? kasan_atomics+0x152/0x310 [ 14.179602] kasan_atomics+0x1dc/0x310 [ 14.179625] ? __pfx_kasan_atomics+0x10/0x10 [ 14.179648] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.179674] ? __pfx_read_tsc+0x10/0x10 [ 14.179696] ? ktime_get_ts64+0x86/0x230 [ 14.179721] kunit_try_run_case+0x1a5/0x480 [ 14.179746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.179768] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.179806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.179842] ? __kthread_parkme+0x82/0x180 [ 14.179876] ? preempt_count_sub+0x50/0x80 [ 14.179901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.179957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.179993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.180030] kthread+0x337/0x6f0 [ 14.180051] ? trace_preempt_on+0x20/0xc0 [ 14.180075] ? __pfx_kthread+0x10/0x10 [ 14.180096] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.180118] ? calculate_sigpending+0x7b/0xa0 [ 14.180142] ? __pfx_kthread+0x10/0x10 [ 14.180163] ret_from_fork+0x116/0x1d0 [ 14.180182] ? __pfx_kthread+0x10/0x10 [ 14.180203] ret_from_fork_asm+0x1a/0x30 [ 14.180233] </TASK> [ 14.180245] [ 14.189113] Allocated by task 282: [ 14.189348] kasan_save_stack+0x45/0x70 [ 14.189523] kasan_save_track+0x18/0x40 [ 14.189878] kasan_save_alloc_info+0x3b/0x50 [ 14.190234] __kasan_kmalloc+0xb7/0xc0 [ 14.190513] __kmalloc_cache_noprof+0x189/0x420 [ 14.190742] kasan_atomics+0x95/0x310 [ 14.190930] kunit_try_run_case+0x1a5/0x480 [ 14.191115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.191290] kthread+0x337/0x6f0 [ 14.191464] ret_from_fork+0x116/0x1d0 [ 14.191654] ret_from_fork_asm+0x1a/0x30 [ 14.191851] [ 14.191937] The buggy address belongs to the object at ffff8881025a0d80 [ 14.191937] which belongs to the cache kmalloc-64 of size 64 [ 14.192317] The buggy address is located 0 bytes to the right of [ 14.192317] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.193047] [ 14.193138] The buggy address belongs to the physical page: [ 14.193312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.193577] flags: 0x200000000000000(node=0|zone=2) [ 14.193835] page_type: f5(slab) [ 14.194066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.194554] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.195011] page dumped because: kasan: bad access detected [ 14.195289] [ 14.195361] Memory state around the buggy address: [ 14.195527] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.195791] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.196348] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.196758] ^ [ 14.196992] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.197462] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.197883] ================================================================== [ 14.736676] ================================================================== [ 14.736966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.737390] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.737698] [ 14.737789] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.737841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.737855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.737877] Call Trace: [ 14.737903] <TASK> [ 14.737924] dump_stack_lvl+0x73/0xb0 [ 14.737953] print_report+0xd1/0x650 [ 14.737976] ? __virt_addr_valid+0x1db/0x2d0 [ 14.738001] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.738023] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.738046] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.738068] kasan_report+0x141/0x180 [ 14.738090] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.738117] __asan_report_load8_noabort+0x18/0x20 [ 14.738142] kasan_atomics_helper+0x4eae/0x5450 [ 14.738165] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.738188] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.738213] ? kasan_atomics+0x152/0x310 [ 14.738240] kasan_atomics+0x1dc/0x310 [ 14.738264] ? __pfx_kasan_atomics+0x10/0x10 [ 14.738287] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.738314] ? __pfx_read_tsc+0x10/0x10 [ 14.738337] ? ktime_get_ts64+0x86/0x230 [ 14.738361] kunit_try_run_case+0x1a5/0x480 [ 14.738398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.738421] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.738444] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.738467] ? __kthread_parkme+0x82/0x180 [ 14.738488] ? preempt_count_sub+0x50/0x80 [ 14.738513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.738538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.738562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.738587] kthread+0x337/0x6f0 [ 14.738607] ? trace_preempt_on+0x20/0xc0 [ 14.738631] ? __pfx_kthread+0x10/0x10 [ 14.738652] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.738675] ? calculate_sigpending+0x7b/0xa0 [ 14.738699] ? __pfx_kthread+0x10/0x10 [ 14.738721] ret_from_fork+0x116/0x1d0 [ 14.738740] ? __pfx_kthread+0x10/0x10 [ 14.738762] ret_from_fork_asm+0x1a/0x30 [ 14.738792] </TASK> [ 14.738804] [ 14.749131] Allocated by task 282: [ 14.749321] kasan_save_stack+0x45/0x70 [ 14.749553] kasan_save_track+0x18/0x40 [ 14.749985] kasan_save_alloc_info+0x3b/0x50 [ 14.750450] __kasan_kmalloc+0xb7/0xc0 [ 14.750769] __kmalloc_cache_noprof+0x189/0x420 [ 14.751184] kasan_atomics+0x95/0x310 [ 14.751337] kunit_try_run_case+0x1a5/0x480 [ 14.751565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.751877] kthread+0x337/0x6f0 [ 14.752216] ret_from_fork+0x116/0x1d0 [ 14.752372] ret_from_fork_asm+0x1a/0x30 [ 14.752571] [ 14.752793] The buggy address belongs to the object at ffff8881025a0d80 [ 14.752793] which belongs to the cache kmalloc-64 of size 64 [ 14.753410] The buggy address is located 0 bytes to the right of [ 14.753410] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.754098] [ 14.754196] The buggy address belongs to the physical page: [ 14.754426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.754945] flags: 0x200000000000000(node=0|zone=2) [ 14.755241] page_type: f5(slab) [ 14.755408] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.755879] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.756329] page dumped because: kasan: bad access detected [ 14.756568] [ 14.756746] Memory state around the buggy address: [ 14.757113] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.757422] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.757774] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.758229] ^ [ 14.758606] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.758865] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.759349] ================================================================== [ 14.815590] ================================================================== [ 14.815924] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.816296] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.816600] [ 14.816740] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.816819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.816832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.816854] Call Trace: [ 14.816870] <TASK> [ 14.816887] dump_stack_lvl+0x73/0xb0 [ 14.816914] print_report+0xd1/0x650 [ 14.816938] ? __virt_addr_valid+0x1db/0x2d0 [ 14.816961] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.816982] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.817005] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.817027] kasan_report+0x141/0x180 [ 14.817050] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.817077] kasan_check_range+0x10c/0x1c0 [ 14.817112] __kasan_check_write+0x18/0x20 [ 14.817133] kasan_atomics_helper+0x15b6/0x5450 [ 14.817157] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.817180] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.817205] ? kasan_atomics+0x152/0x310 [ 14.817232] kasan_atomics+0x1dc/0x310 [ 14.817255] ? __pfx_kasan_atomics+0x10/0x10 [ 14.817278] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.817304] ? __pfx_read_tsc+0x10/0x10 [ 14.817326] ? ktime_get_ts64+0x86/0x230 [ 14.817352] kunit_try_run_case+0x1a5/0x480 [ 14.817386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.817409] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.817433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.817456] ? __kthread_parkme+0x82/0x180 [ 14.817478] ? preempt_count_sub+0x50/0x80 [ 14.817503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.817528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.817551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.817576] kthread+0x337/0x6f0 [ 14.817596] ? trace_preempt_on+0x20/0xc0 [ 14.817621] ? __pfx_kthread+0x10/0x10 [ 14.817644] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.817666] ? calculate_sigpending+0x7b/0xa0 [ 14.817690] ? __pfx_kthread+0x10/0x10 [ 14.817712] ret_from_fork+0x116/0x1d0 [ 14.817731] ? __pfx_kthread+0x10/0x10 [ 14.817752] ret_from_fork_asm+0x1a/0x30 [ 14.817782] </TASK> [ 14.817815] [ 14.825951] Allocated by task 282: [ 14.826105] kasan_save_stack+0x45/0x70 [ 14.826300] kasan_save_track+0x18/0x40 [ 14.826492] kasan_save_alloc_info+0x3b/0x50 [ 14.826730] __kasan_kmalloc+0xb7/0xc0 [ 14.826973] __kmalloc_cache_noprof+0x189/0x420 [ 14.827249] kasan_atomics+0x95/0x310 [ 14.827464] kunit_try_run_case+0x1a5/0x480 [ 14.827677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.827942] kthread+0x337/0x6f0 [ 14.828287] ret_from_fork+0x116/0x1d0 [ 14.828488] ret_from_fork_asm+0x1a/0x30 [ 14.828680] [ 14.828774] The buggy address belongs to the object at ffff8881025a0d80 [ 14.828774] which belongs to the cache kmalloc-64 of size 64 [ 14.829285] The buggy address is located 0 bytes to the right of [ 14.829285] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.829690] [ 14.829765] The buggy address belongs to the physical page: [ 14.829939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.830178] flags: 0x200000000000000(node=0|zone=2) [ 14.830354] page_type: f5(slab) [ 14.830563] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.830934] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.831321] page dumped because: kasan: bad access detected [ 14.831591] [ 14.831690] Memory state around the buggy address: [ 14.831925] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.832236] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.832591] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.832916] ^ [ 14.833104] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.833412] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.833752] ================================================================== [ 14.054414] ================================================================== [ 14.054851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.055179] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.055462] [ 14.055573] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.055616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.055630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.055652] Call Trace: [ 14.055667] <TASK> [ 14.055684] dump_stack_lvl+0x73/0xb0 [ 14.055711] print_report+0xd1/0x650 [ 14.055734] ? __virt_addr_valid+0x1db/0x2d0 [ 14.055760] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.055782] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.055805] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.055827] kasan_report+0x141/0x180 [ 14.055849] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.055875] __asan_report_store4_noabort+0x1b/0x30 [ 14.055896] kasan_atomics_helper+0x4b3a/0x5450 [ 14.055930] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.055953] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.055979] ? kasan_atomics+0x152/0x310 [ 14.056005] kasan_atomics+0x1dc/0x310 [ 14.056028] ? __pfx_kasan_atomics+0x10/0x10 [ 14.056050] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.056077] ? __pfx_read_tsc+0x10/0x10 [ 14.056098] ? ktime_get_ts64+0x86/0x230 [ 14.056124] kunit_try_run_case+0x1a5/0x480 [ 14.056147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.056170] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.056193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.056216] ? __kthread_parkme+0x82/0x180 [ 14.056236] ? preempt_count_sub+0x50/0x80 [ 14.056260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.056283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.056306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.056330] kthread+0x337/0x6f0 [ 14.056349] ? trace_preempt_on+0x20/0xc0 [ 14.056384] ? __pfx_kthread+0x10/0x10 [ 14.056409] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.056430] ? calculate_sigpending+0x7b/0xa0 [ 14.056453] ? __pfx_kthread+0x10/0x10 [ 14.056475] ret_from_fork+0x116/0x1d0 [ 14.056494] ? __pfx_kthread+0x10/0x10 [ 14.056515] ret_from_fork_asm+0x1a/0x30 [ 14.056544] </TASK> [ 14.056557] [ 14.064773] Allocated by task 282: [ 14.065026] kasan_save_stack+0x45/0x70 [ 14.065230] kasan_save_track+0x18/0x40 [ 14.065432] kasan_save_alloc_info+0x3b/0x50 [ 14.066406] __kasan_kmalloc+0xb7/0xc0 [ 14.066795] __kmalloc_cache_noprof+0x189/0x420 [ 14.067296] kasan_atomics+0x95/0x310 [ 14.067563] kunit_try_run_case+0x1a5/0x480 [ 14.067772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.068451] kthread+0x337/0x6f0 [ 14.068729] ret_from_fork+0x116/0x1d0 [ 14.069137] ret_from_fork_asm+0x1a/0x30 [ 14.069342] [ 14.069444] The buggy address belongs to the object at ffff8881025a0d80 [ 14.069444] which belongs to the cache kmalloc-64 of size 64 [ 14.070408] The buggy address is located 0 bytes to the right of [ 14.070408] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.071545] [ 14.071743] The buggy address belongs to the physical page: [ 14.072408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.073031] flags: 0x200000000000000(node=0|zone=2) [ 14.073393] page_type: f5(slab) [ 14.073560] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.073866] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.074434] page dumped because: kasan: bad access detected [ 14.074861] [ 14.075117] Memory state around the buggy address: [ 14.075295] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.075625] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.075869] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.076188] ^ [ 14.076422] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.076660] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.077086] ================================================================== [ 14.912888] ================================================================== [ 14.913401] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 14.913831] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.914054] [ 14.914137] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.914180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.914193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.914215] Call Trace: [ 14.914230] <TASK> [ 14.914247] dump_stack_lvl+0x73/0xb0 [ 14.914276] print_report+0xd1/0x650 [ 14.914297] ? __virt_addr_valid+0x1db/0x2d0 [ 14.914324] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.914346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.914369] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.914403] kasan_report+0x141/0x180 [ 14.914437] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.914464] kasan_check_range+0x10c/0x1c0 [ 14.914489] __kasan_check_write+0x18/0x20 [ 14.914510] kasan_atomics_helper+0x18b1/0x5450 [ 14.914534] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.914556] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.914581] ? kasan_atomics+0x152/0x310 [ 14.914636] kasan_atomics+0x1dc/0x310 [ 14.914660] ? __pfx_kasan_atomics+0x10/0x10 [ 14.914682] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.914708] ? __pfx_read_tsc+0x10/0x10 [ 14.914730] ? ktime_get_ts64+0x86/0x230 [ 14.914754] kunit_try_run_case+0x1a5/0x480 [ 14.914778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.914800] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.914824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.914863] ? __kthread_parkme+0x82/0x180 [ 14.914883] ? preempt_count_sub+0x50/0x80 [ 14.914908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.914931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.914955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.914980] kthread+0x337/0x6f0 [ 14.915001] ? trace_preempt_on+0x20/0xc0 [ 14.915040] ? __pfx_kthread+0x10/0x10 [ 14.915062] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.915083] ? calculate_sigpending+0x7b/0xa0 [ 14.915107] ? __pfx_kthread+0x10/0x10 [ 14.915129] ret_from_fork+0x116/0x1d0 [ 14.915148] ? __pfx_kthread+0x10/0x10 [ 14.915168] ret_from_fork_asm+0x1a/0x30 [ 14.915199] </TASK> [ 14.915211] [ 14.922951] Allocated by task 282: [ 14.923088] kasan_save_stack+0x45/0x70 [ 14.923287] kasan_save_track+0x18/0x40 [ 14.923514] kasan_save_alloc_info+0x3b/0x50 [ 14.923665] __kasan_kmalloc+0xb7/0xc0 [ 14.923794] __kmalloc_cache_noprof+0x189/0x420 [ 14.924029] kasan_atomics+0x95/0x310 [ 14.924214] kunit_try_run_case+0x1a5/0x480 [ 14.924451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.924686] kthread+0x337/0x6f0 [ 14.924851] ret_from_fork+0x116/0x1d0 [ 14.924990] ret_from_fork_asm+0x1a/0x30 [ 14.925124] [ 14.925193] The buggy address belongs to the object at ffff8881025a0d80 [ 14.925193] which belongs to the cache kmalloc-64 of size 64 [ 14.926623] The buggy address is located 0 bytes to the right of [ 14.926623] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.928784] [ 14.929085] The buggy address belongs to the physical page: [ 14.929492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.930179] flags: 0x200000000000000(node=0|zone=2) [ 14.930353] page_type: f5(slab) [ 14.930484] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.931097] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.931976] page dumped because: kasan: bad access detected [ 14.932403] [ 14.932482] Memory state around the buggy address: [ 14.932821] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.933451] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.933793] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.934011] ^ [ 14.934170] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.934397] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.934773] ================================================================== [ 14.935482] ================================================================== [ 14.935776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 14.936095] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.936437] [ 14.936539] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.936583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.936596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.936618] Call Trace: [ 14.936634] <TASK> [ 14.936651] dump_stack_lvl+0x73/0xb0 [ 14.936676] print_report+0xd1/0x650 [ 14.936700] ? __virt_addr_valid+0x1db/0x2d0 [ 14.936723] ? kasan_atomics_helper+0x194a/0x5450 [ 14.936744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.936765] ? kasan_atomics_helper+0x194a/0x5450 [ 14.936787] kasan_report+0x141/0x180 [ 14.936810] ? kasan_atomics_helper+0x194a/0x5450 [ 14.936836] kasan_check_range+0x10c/0x1c0 [ 14.936860] __kasan_check_write+0x18/0x20 [ 14.936879] kasan_atomics_helper+0x194a/0x5450 [ 14.936902] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.936924] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.936950] ? kasan_atomics+0x152/0x310 [ 14.936976] kasan_atomics+0x1dc/0x310 [ 14.936999] ? __pfx_kasan_atomics+0x10/0x10 [ 14.937021] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.937047] ? __pfx_read_tsc+0x10/0x10 [ 14.937069] ? ktime_get_ts64+0x86/0x230 [ 14.937093] kunit_try_run_case+0x1a5/0x480 [ 14.937118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.937140] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.937162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.937186] ? __kthread_parkme+0x82/0x180 [ 14.937206] ? preempt_count_sub+0x50/0x80 [ 14.937232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.937256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.937279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.937302] kthread+0x337/0x6f0 [ 14.937322] ? trace_preempt_on+0x20/0xc0 [ 14.937347] ? __pfx_kthread+0x10/0x10 [ 14.937368] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.937716] ? calculate_sigpending+0x7b/0xa0 [ 14.937742] ? __pfx_kthread+0x10/0x10 [ 14.937779] ret_from_fork+0x116/0x1d0 [ 14.937799] ? __pfx_kthread+0x10/0x10 [ 14.937820] ret_from_fork_asm+0x1a/0x30 [ 14.937850] </TASK> [ 14.937862] [ 14.949220] Allocated by task 282: [ 14.949404] kasan_save_stack+0x45/0x70 [ 14.949578] kasan_save_track+0x18/0x40 [ 14.949753] kasan_save_alloc_info+0x3b/0x50 [ 14.949949] __kasan_kmalloc+0xb7/0xc0 [ 14.950106] __kmalloc_cache_noprof+0x189/0x420 [ 14.950310] kasan_atomics+0x95/0x310 [ 14.950593] kunit_try_run_case+0x1a5/0x480 [ 14.950768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.951107] kthread+0x337/0x6f0 [ 14.951241] ret_from_fork+0x116/0x1d0 [ 14.951486] ret_from_fork_asm+0x1a/0x30 [ 14.951657] [ 14.951816] The buggy address belongs to the object at ffff8881025a0d80 [ 14.951816] which belongs to the cache kmalloc-64 of size 64 [ 14.952239] The buggy address is located 0 bytes to the right of [ 14.952239] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.952750] [ 14.952882] The buggy address belongs to the physical page: [ 14.953269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.954429] flags: 0x200000000000000(node=0|zone=2) [ 14.954741] page_type: f5(slab) [ 14.954954] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.955439] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.955772] page dumped because: kasan: bad access detected [ 14.956085] [ 14.956165] Memory state around the buggy address: [ 14.956386] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.956791] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.957203] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.957551] ^ [ 14.957719] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.958103] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.958423] ================================================================== [ 14.999806] ================================================================== [ 15.000741] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 15.001233] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.001599] [ 15.001758] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.001819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.001833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.001856] Call Trace: [ 15.001904] <TASK> [ 15.001925] dump_stack_lvl+0x73/0xb0 [ 15.001954] print_report+0xd1/0x650 [ 15.001989] ? __virt_addr_valid+0x1db/0x2d0 [ 15.002013] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.002034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.002057] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.002079] kasan_report+0x141/0x180 [ 15.002101] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.002127] kasan_check_range+0x10c/0x1c0 [ 15.002152] __kasan_check_write+0x18/0x20 [ 15.002171] kasan_atomics_helper+0x1b22/0x5450 [ 15.002226] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.002249] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.002286] ? kasan_atomics+0x152/0x310 [ 15.002313] kasan_atomics+0x1dc/0x310 [ 15.002363] ? __pfx_kasan_atomics+0x10/0x10 [ 15.002402] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.002429] ? __pfx_read_tsc+0x10/0x10 [ 15.002452] ? ktime_get_ts64+0x86/0x230 [ 15.002477] kunit_try_run_case+0x1a5/0x480 [ 15.002501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.002524] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.002547] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.002570] ? __kthread_parkme+0x82/0x180 [ 15.002603] ? preempt_count_sub+0x50/0x80 [ 15.002628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.002652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.002676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.002699] kthread+0x337/0x6f0 [ 15.002719] ? trace_preempt_on+0x20/0xc0 [ 15.002745] ? __pfx_kthread+0x10/0x10 [ 15.002766] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.002788] ? calculate_sigpending+0x7b/0xa0 [ 15.002813] ? __pfx_kthread+0x10/0x10 [ 15.002835] ret_from_fork+0x116/0x1d0 [ 15.002854] ? __pfx_kthread+0x10/0x10 [ 15.002875] ret_from_fork_asm+0x1a/0x30 [ 15.002906] </TASK> [ 15.002918] [ 15.011327] Allocated by task 282: [ 15.011576] kasan_save_stack+0x45/0x70 [ 15.011874] kasan_save_track+0x18/0x40 [ 15.012069] kasan_save_alloc_info+0x3b/0x50 [ 15.012219] __kasan_kmalloc+0xb7/0xc0 [ 15.012548] __kmalloc_cache_noprof+0x189/0x420 [ 15.012788] kasan_atomics+0x95/0x310 [ 15.012981] kunit_try_run_case+0x1a5/0x480 [ 15.013189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.013373] kthread+0x337/0x6f0 [ 15.013515] ret_from_fork+0x116/0x1d0 [ 15.013870] ret_from_fork_asm+0x1a/0x30 [ 15.014089] [ 15.014190] The buggy address belongs to the object at ffff8881025a0d80 [ 15.014190] which belongs to the cache kmalloc-64 of size 64 [ 15.014836] The buggy address is located 0 bytes to the right of [ 15.014836] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.015381] [ 15.015483] The buggy address belongs to the physical page: [ 15.015768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.016110] flags: 0x200000000000000(node=0|zone=2) [ 15.016404] page_type: f5(slab) [ 15.016626] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.016878] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.017109] page dumped because: kasan: bad access detected [ 15.017305] [ 15.017418] Memory state around the buggy address: [ 15.017741] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.018142] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.018575] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.018796] ^ [ 15.018954] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.019320] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.019681] ================================================================== [ 14.006461] ================================================================== [ 14.007105] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.007726] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.008184] [ 14.008321] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.008364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.008387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.008412] Call Trace: [ 14.008430] <TASK> [ 14.008447] dump_stack_lvl+0x73/0xb0 [ 14.008475] print_report+0xd1/0x650 [ 14.008499] ? __virt_addr_valid+0x1db/0x2d0 [ 14.008522] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.008543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.008565] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.008598] kasan_report+0x141/0x180 [ 14.008620] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.008647] __asan_report_load4_noabort+0x18/0x20 [ 14.008672] kasan_atomics_helper+0x4b54/0x5450 [ 14.008695] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.008717] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.008743] ? kasan_atomics+0x152/0x310 [ 14.008770] kasan_atomics+0x1dc/0x310 [ 14.008792] ? __pfx_kasan_atomics+0x10/0x10 [ 14.008815] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.008840] ? __pfx_read_tsc+0x10/0x10 [ 14.008862] ? ktime_get_ts64+0x86/0x230 [ 14.008885] kunit_try_run_case+0x1a5/0x480 [ 14.008911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.008935] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.008958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.008981] ? __kthread_parkme+0x82/0x180 [ 14.009001] ? preempt_count_sub+0x50/0x80 [ 14.009026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.009050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.009073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.009097] kthread+0x337/0x6f0 [ 14.009116] ? trace_preempt_on+0x20/0xc0 [ 14.009141] ? __pfx_kthread+0x10/0x10 [ 14.009163] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.009185] ? calculate_sigpending+0x7b/0xa0 [ 14.009209] ? __pfx_kthread+0x10/0x10 [ 14.009232] ret_from_fork+0x116/0x1d0 [ 14.009251] ? __pfx_kthread+0x10/0x10 [ 14.009271] ret_from_fork_asm+0x1a/0x30 [ 14.009302] </TASK> [ 14.009314] [ 14.021808] Allocated by task 282: [ 14.021944] kasan_save_stack+0x45/0x70 [ 14.022096] kasan_save_track+0x18/0x40 [ 14.022271] kasan_save_alloc_info+0x3b/0x50 [ 14.022474] __kasan_kmalloc+0xb7/0xc0 [ 14.022655] __kmalloc_cache_noprof+0x189/0x420 [ 14.022835] kasan_atomics+0x95/0x310 [ 14.023049] kunit_try_run_case+0x1a5/0x480 [ 14.023351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.023546] kthread+0x337/0x6f0 [ 14.023726] ret_from_fork+0x116/0x1d0 [ 14.023907] ret_from_fork_asm+0x1a/0x30 [ 14.024049] [ 14.024122] The buggy address belongs to the object at ffff8881025a0d80 [ 14.024122] which belongs to the cache kmalloc-64 of size 64 [ 14.024712] The buggy address is located 0 bytes to the right of [ 14.024712] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.025476] [ 14.025554] The buggy address belongs to the physical page: [ 14.025917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.026257] flags: 0x200000000000000(node=0|zone=2) [ 14.026500] page_type: f5(slab) [ 14.026757] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.027058] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.027386] page dumped because: kasan: bad access detected [ 14.027682] [ 14.027772] Memory state around the buggy address: [ 14.027960] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.028180] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.028498] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.028815] ^ [ 14.029085] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.029390] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.029606] ================================================================== [ 15.322902] ================================================================== [ 15.323283] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.323681] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.324005] [ 15.324093] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.324134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.324147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.324168] Call Trace: [ 15.324185] <TASK> [ 15.324203] dump_stack_lvl+0x73/0xb0 [ 15.324230] print_report+0xd1/0x650 [ 15.324254] ? __virt_addr_valid+0x1db/0x2d0 [ 15.324276] ? kasan_atomics_helper+0x5115/0x5450 [ 15.324297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.324410] ? kasan_atomics_helper+0x5115/0x5450 [ 15.324436] kasan_report+0x141/0x180 [ 15.324459] ? kasan_atomics_helper+0x5115/0x5450 [ 15.324485] __asan_report_load8_noabort+0x18/0x20 [ 15.324510] kasan_atomics_helper+0x5115/0x5450 [ 15.324532] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.324555] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.324580] ? kasan_atomics+0x152/0x310 [ 15.324606] kasan_atomics+0x1dc/0x310 [ 15.324654] ? __pfx_kasan_atomics+0x10/0x10 [ 15.324722] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.324793] ? __pfx_read_tsc+0x10/0x10 [ 15.324881] ? ktime_get_ts64+0x86/0x230 [ 15.324971] kunit_try_run_case+0x1a5/0x480 [ 15.324997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.325019] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.325041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.325065] ? __kthread_parkme+0x82/0x180 [ 15.325086] ? preempt_count_sub+0x50/0x80 [ 15.325110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.325134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.325157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.325181] kthread+0x337/0x6f0 [ 15.325200] ? trace_preempt_on+0x20/0xc0 [ 15.325224] ? __pfx_kthread+0x10/0x10 [ 15.325245] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.325267] ? calculate_sigpending+0x7b/0xa0 [ 15.325290] ? __pfx_kthread+0x10/0x10 [ 15.325312] ret_from_fork+0x116/0x1d0 [ 15.325331] ? __pfx_kthread+0x10/0x10 [ 15.325352] ret_from_fork_asm+0x1a/0x30 [ 15.325391] </TASK> [ 15.325403] [ 15.333339] Allocated by task 282: [ 15.333559] kasan_save_stack+0x45/0x70 [ 15.333796] kasan_save_track+0x18/0x40 [ 15.333980] kasan_save_alloc_info+0x3b/0x50 [ 15.334124] __kasan_kmalloc+0xb7/0xc0 [ 15.334251] __kmalloc_cache_noprof+0x189/0x420 [ 15.334449] kasan_atomics+0x95/0x310 [ 15.334599] kunit_try_run_case+0x1a5/0x480 [ 15.334807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.335042] kthread+0x337/0x6f0 [ 15.335158] ret_from_fork+0x116/0x1d0 [ 15.335286] ret_from_fork_asm+0x1a/0x30 [ 15.335429] [ 15.335498] The buggy address belongs to the object at ffff8881025a0d80 [ 15.335498] which belongs to the cache kmalloc-64 of size 64 [ 15.335998] The buggy address is located 0 bytes to the right of [ 15.335998] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.336548] [ 15.336668] The buggy address belongs to the physical page: [ 15.336913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.337180] flags: 0x200000000000000(node=0|zone=2) [ 15.337338] page_type: f5(slab) [ 15.337506] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.337869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.338157] page dumped because: kasan: bad access detected [ 15.338323] [ 15.339497] Memory state around the buggy address: [ 15.340028] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.340938] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.341736] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.342122] ^ [ 15.342288] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.342806] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.343414] ================================================================== [ 14.385965] ================================================================== [ 14.386304] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.386646] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.386970] [ 14.387081] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.387124] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.387136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.387159] Call Trace: [ 14.387173] <TASK> [ 14.387190] dump_stack_lvl+0x73/0xb0 [ 14.387280] print_report+0xd1/0x650 [ 14.387317] ? __virt_addr_valid+0x1db/0x2d0 [ 14.387355] ? kasan_atomics_helper+0xde0/0x5450 [ 14.387399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.387438] ? kasan_atomics_helper+0xde0/0x5450 [ 14.387473] kasan_report+0x141/0x180 [ 14.387521] ? kasan_atomics_helper+0xde0/0x5450 [ 14.387588] kasan_check_range+0x10c/0x1c0 [ 14.387627] __kasan_check_write+0x18/0x20 [ 14.387660] kasan_atomics_helper+0xde0/0x5450 [ 14.387710] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.387748] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.387800] ? kasan_atomics+0x152/0x310 [ 14.387840] kasan_atomics+0x1dc/0x310 [ 14.387891] ? __pfx_kasan_atomics+0x10/0x10 [ 14.387940] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.387975] ? __pfx_read_tsc+0x10/0x10 [ 14.388009] ? ktime_get_ts64+0x86/0x230 [ 14.388034] kunit_try_run_case+0x1a5/0x480 [ 14.388060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.388094] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.388116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.388140] ? __kthread_parkme+0x82/0x180 [ 14.388162] ? preempt_count_sub+0x50/0x80 [ 14.388187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.388211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.388234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.388258] kthread+0x337/0x6f0 [ 14.388278] ? trace_preempt_on+0x20/0xc0 [ 14.388303] ? __pfx_kthread+0x10/0x10 [ 14.388325] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.388347] ? calculate_sigpending+0x7b/0xa0 [ 14.388371] ? __pfx_kthread+0x10/0x10 [ 14.388407] ret_from_fork+0x116/0x1d0 [ 14.388425] ? __pfx_kthread+0x10/0x10 [ 14.388446] ret_from_fork_asm+0x1a/0x30 [ 14.388477] </TASK> [ 14.388489] [ 14.397328] Allocated by task 282: [ 14.397520] kasan_save_stack+0x45/0x70 [ 14.397780] kasan_save_track+0x18/0x40 [ 14.398031] kasan_save_alloc_info+0x3b/0x50 [ 14.398339] __kasan_kmalloc+0xb7/0xc0 [ 14.398588] __kmalloc_cache_noprof+0x189/0x420 [ 14.398839] kasan_atomics+0x95/0x310 [ 14.399144] kunit_try_run_case+0x1a5/0x480 [ 14.399324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.399641] kthread+0x337/0x6f0 [ 14.399805] ret_from_fork+0x116/0x1d0 [ 14.400089] ret_from_fork_asm+0x1a/0x30 [ 14.400329] [ 14.400480] The buggy address belongs to the object at ffff8881025a0d80 [ 14.400480] which belongs to the cache kmalloc-64 of size 64 [ 14.401073] The buggy address is located 0 bytes to the right of [ 14.401073] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.401724] [ 14.401870] The buggy address belongs to the physical page: [ 14.402098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.402506] flags: 0x200000000000000(node=0|zone=2) [ 14.402783] page_type: f5(slab) [ 14.403097] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.403453] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.403785] page dumped because: kasan: bad access detected [ 14.404078] [ 14.404183] Memory state around the buggy address: [ 14.404426] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.404803] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.405273] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.405638] ^ [ 14.405891] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.406294] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.406707] ================================================================== [ 13.893915] ================================================================== [ 13.894905] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 13.895949] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 13.896449] [ 13.896546] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.896644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.896657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.896681] Call Trace: [ 13.896694] <TASK> [ 13.896713] dump_stack_lvl+0x73/0xb0 [ 13.896744] print_report+0xd1/0x650 [ 13.896768] ? __virt_addr_valid+0x1db/0x2d0 [ 13.896790] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.896812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.896834] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.896856] kasan_report+0x141/0x180 [ 13.896878] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.896904] __asan_report_load4_noabort+0x18/0x20 [ 13.896976] kasan_atomics_helper+0x4bbc/0x5450 [ 13.897002] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.897023] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.897048] ? kasan_atomics+0x152/0x310 [ 13.897075] kasan_atomics+0x1dc/0x310 [ 13.897099] ? __pfx_kasan_atomics+0x10/0x10 [ 13.897119] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.897146] ? __pfx_read_tsc+0x10/0x10 [ 13.897167] ? ktime_get_ts64+0x86/0x230 [ 13.897193] kunit_try_run_case+0x1a5/0x480 [ 13.897217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.897238] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.897261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.897282] ? __kthread_parkme+0x82/0x180 [ 13.897303] ? preempt_count_sub+0x50/0x80 [ 13.897328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.897352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.897387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.897411] kthread+0x337/0x6f0 [ 13.897429] ? trace_preempt_on+0x20/0xc0 [ 13.897453] ? __pfx_kthread+0x10/0x10 [ 13.897474] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.897495] ? calculate_sigpending+0x7b/0xa0 [ 13.897519] ? __pfx_kthread+0x10/0x10 [ 13.897539] ret_from_fork+0x116/0x1d0 [ 13.897557] ? __pfx_kthread+0x10/0x10 [ 13.897577] ret_from_fork_asm+0x1a/0x30 [ 13.897608] </TASK> [ 13.897620] [ 13.911917] Allocated by task 282: [ 13.912317] kasan_save_stack+0x45/0x70 [ 13.912748] kasan_save_track+0x18/0x40 [ 13.912984] kasan_save_alloc_info+0x3b/0x50 [ 13.913146] __kasan_kmalloc+0xb7/0xc0 [ 13.913280] __kmalloc_cache_noprof+0x189/0x420 [ 13.913450] kasan_atomics+0x95/0x310 [ 13.913597] kunit_try_run_case+0x1a5/0x480 [ 13.913788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.913996] kthread+0x337/0x6f0 [ 13.914237] ret_from_fork+0x116/0x1d0 [ 13.914404] ret_from_fork_asm+0x1a/0x30 [ 13.914612] [ 13.914698] The buggy address belongs to the object at ffff8881025a0d80 [ 13.914698] which belongs to the cache kmalloc-64 of size 64 [ 13.915231] The buggy address is located 0 bytes to the right of [ 13.915231] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 13.915983] [ 13.916101] The buggy address belongs to the physical page: [ 13.916328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 13.916784] flags: 0x200000000000000(node=0|zone=2) [ 13.917060] page_type: f5(slab) [ 13.917188] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.917543] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.917829] page dumped because: kasan: bad access detected [ 13.918164] [ 13.918263] Memory state around the buggy address: [ 13.918434] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.918722] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.919220] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.919536] ^ [ 13.919776] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.920167] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.920458] ================================================================== [ 14.472190] ================================================================== [ 14.472480] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.473848] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.474387] [ 14.474487] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.474531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.474545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.474567] Call Trace: [ 14.474581] <TASK> [ 14.474599] dump_stack_lvl+0x73/0xb0 [ 14.474628] print_report+0xd1/0x650 [ 14.474652] ? __virt_addr_valid+0x1db/0x2d0 [ 14.474676] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.474697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.474720] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.474742] kasan_report+0x141/0x180 [ 14.474765] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.474791] __asan_report_load4_noabort+0x18/0x20 [ 14.474816] kasan_atomics_helper+0x4a36/0x5450 [ 14.474839] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.474861] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.474886] ? kasan_atomics+0x152/0x310 [ 14.474914] kasan_atomics+0x1dc/0x310 [ 14.474957] ? __pfx_kasan_atomics+0x10/0x10 [ 14.474980] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.475013] ? __pfx_read_tsc+0x10/0x10 [ 14.475035] ? ktime_get_ts64+0x86/0x230 [ 14.475062] kunit_try_run_case+0x1a5/0x480 [ 14.475086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.475109] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.475131] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.475154] ? __kthread_parkme+0x82/0x180 [ 14.475175] ? preempt_count_sub+0x50/0x80 [ 14.475200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.475224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.475248] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.475272] kthread+0x337/0x6f0 [ 14.475292] ? trace_preempt_on+0x20/0xc0 [ 14.475317] ? __pfx_kthread+0x10/0x10 [ 14.475339] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.475360] ? calculate_sigpending+0x7b/0xa0 [ 14.475412] ? __pfx_kthread+0x10/0x10 [ 14.475434] ret_from_fork+0x116/0x1d0 [ 14.475454] ? __pfx_kthread+0x10/0x10 [ 14.475475] ret_from_fork_asm+0x1a/0x30 [ 14.475506] </TASK> [ 14.475518] [ 14.484124] Allocated by task 282: [ 14.484421] kasan_save_stack+0x45/0x70 [ 14.484771] kasan_save_track+0x18/0x40 [ 14.485002] kasan_save_alloc_info+0x3b/0x50 [ 14.485158] __kasan_kmalloc+0xb7/0xc0 [ 14.485293] __kmalloc_cache_noprof+0x189/0x420 [ 14.485460] kasan_atomics+0x95/0x310 [ 14.485593] kunit_try_run_case+0x1a5/0x480 [ 14.485746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.486178] kthread+0x337/0x6f0 [ 14.486347] ret_from_fork+0x116/0x1d0 [ 14.486685] ret_from_fork_asm+0x1a/0x30 [ 14.487047] [ 14.487143] The buggy address belongs to the object at ffff8881025a0d80 [ 14.487143] which belongs to the cache kmalloc-64 of size 64 [ 14.487571] The buggy address is located 0 bytes to the right of [ 14.487571] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.488102] [ 14.488221] The buggy address belongs to the physical page: [ 14.488427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.488909] flags: 0x200000000000000(node=0|zone=2) [ 14.489132] page_type: f5(slab) [ 14.489267] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.489627] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.489869] page dumped because: kasan: bad access detected [ 14.490042] [ 14.490112] Memory state around the buggy address: [ 14.490266] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.490512] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.491209] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.491710] ^ [ 14.492072] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.492407] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.492618] ================================================================== [ 14.853613] ================================================================== [ 14.854049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.854476] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.854830] [ 14.854918] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.854963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.854976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.855000] Call Trace: [ 14.855015] <TASK> [ 14.855030] dump_stack_lvl+0x73/0xb0 [ 14.855057] print_report+0xd1/0x650 [ 14.855083] ? __virt_addr_valid+0x1db/0x2d0 [ 14.855106] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.855128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.855152] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.855174] kasan_report+0x141/0x180 [ 14.855198] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.855224] kasan_check_range+0x10c/0x1c0 [ 14.855249] __kasan_check_write+0x18/0x20 [ 14.855270] kasan_atomics_helper+0x16e7/0x5450 [ 14.855294] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.855318] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.855344] ? kasan_atomics+0x152/0x310 [ 14.855372] kasan_atomics+0x1dc/0x310 [ 14.855407] ? __pfx_kasan_atomics+0x10/0x10 [ 14.855430] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.855458] ? __pfx_read_tsc+0x10/0x10 [ 14.855480] ? ktime_get_ts64+0x86/0x230 [ 14.855505] kunit_try_run_case+0x1a5/0x480 [ 14.855531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.855554] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.855586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.855632] ? __kthread_parkme+0x82/0x180 [ 14.855655] ? preempt_count_sub+0x50/0x80 [ 14.855694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.855720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.855758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.855794] kthread+0x337/0x6f0 [ 14.855815] ? trace_preempt_on+0x20/0xc0 [ 14.855854] ? __pfx_kthread+0x10/0x10 [ 14.855890] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.855925] ? calculate_sigpending+0x7b/0xa0 [ 14.855962] ? __pfx_kthread+0x10/0x10 [ 14.855997] ret_from_fork+0x116/0x1d0 [ 14.856016] ? __pfx_kthread+0x10/0x10 [ 14.856036] ret_from_fork_asm+0x1a/0x30 [ 14.856067] </TASK> [ 14.856078] [ 14.864024] Allocated by task 282: [ 14.864210] kasan_save_stack+0x45/0x70 [ 14.864449] kasan_save_track+0x18/0x40 [ 14.864726] kasan_save_alloc_info+0x3b/0x50 [ 14.864936] __kasan_kmalloc+0xb7/0xc0 [ 14.865137] __kmalloc_cache_noprof+0x189/0x420 [ 14.865371] kasan_atomics+0x95/0x310 [ 14.865636] kunit_try_run_case+0x1a5/0x480 [ 14.865841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.866050] kthread+0x337/0x6f0 [ 14.866167] ret_from_fork+0x116/0x1d0 [ 14.866296] ret_from_fork_asm+0x1a/0x30 [ 14.866469] [ 14.866566] The buggy address belongs to the object at ffff8881025a0d80 [ 14.866566] which belongs to the cache kmalloc-64 of size 64 [ 14.867131] The buggy address is located 0 bytes to the right of [ 14.867131] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.867678] [ 14.867794] The buggy address belongs to the physical page: [ 14.868014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.868411] flags: 0x200000000000000(node=0|zone=2) [ 14.868739] page_type: f5(slab) [ 14.868905] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.869231] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.869562] page dumped because: kasan: bad access detected [ 14.870214] [ 14.870356] Memory state around the buggy address: [ 14.870527] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.871178] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.871512] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.872089] ^ [ 14.872724] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.873430] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.874120] ================================================================== [ 14.198425] ================================================================== [ 14.198834] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.199293] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.199666] [ 14.199808] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.199854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.199879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.199900] Call Trace: [ 14.199956] <TASK> [ 14.199972] dump_stack_lvl+0x73/0xb0 [ 14.200001] print_report+0xd1/0x650 [ 14.200037] ? __virt_addr_valid+0x1db/0x2d0 [ 14.200061] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.200082] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.200105] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.200127] kasan_report+0x141/0x180 [ 14.200150] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.200176] kasan_check_range+0x10c/0x1c0 [ 14.200200] __kasan_check_write+0x18/0x20 [ 14.200220] kasan_atomics_helper+0x8f9/0x5450 [ 14.200243] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.200292] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.200319] ? kasan_atomics+0x152/0x310 [ 14.200347] kasan_atomics+0x1dc/0x310 [ 14.200388] ? __pfx_kasan_atomics+0x10/0x10 [ 14.200414] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.200466] ? __pfx_read_tsc+0x10/0x10 [ 14.200489] ? ktime_get_ts64+0x86/0x230 [ 14.200513] kunit_try_run_case+0x1a5/0x480 [ 14.200548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.200613] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.200636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.200677] ? __kthread_parkme+0x82/0x180 [ 14.200708] ? preempt_count_sub+0x50/0x80 [ 14.200731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.200755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.200778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.200802] kthread+0x337/0x6f0 [ 14.200822] ? trace_preempt_on+0x20/0xc0 [ 14.200869] ? __pfx_kthread+0x10/0x10 [ 14.200891] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.200952] ? calculate_sigpending+0x7b/0xa0 [ 14.200976] ? __pfx_kthread+0x10/0x10 [ 14.200998] ret_from_fork+0x116/0x1d0 [ 14.201017] ? __pfx_kthread+0x10/0x10 [ 14.201038] ret_from_fork_asm+0x1a/0x30 [ 14.201086] </TASK> [ 14.201097] [ 14.209973] Allocated by task 282: [ 14.210287] kasan_save_stack+0x45/0x70 [ 14.210508] kasan_save_track+0x18/0x40 [ 14.210709] kasan_save_alloc_info+0x3b/0x50 [ 14.210859] __kasan_kmalloc+0xb7/0xc0 [ 14.211015] __kmalloc_cache_noprof+0x189/0x420 [ 14.211215] kasan_atomics+0x95/0x310 [ 14.211485] kunit_try_run_case+0x1a5/0x480 [ 14.211804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.212257] kthread+0x337/0x6f0 [ 14.212452] ret_from_fork+0x116/0x1d0 [ 14.212661] ret_from_fork_asm+0x1a/0x30 [ 14.212876] [ 14.212994] The buggy address belongs to the object at ffff8881025a0d80 [ 14.212994] which belongs to the cache kmalloc-64 of size 64 [ 14.213549] The buggy address is located 0 bytes to the right of [ 14.213549] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.214340] [ 14.214427] The buggy address belongs to the physical page: [ 14.214730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.215178] flags: 0x200000000000000(node=0|zone=2) [ 14.215426] page_type: f5(slab) [ 14.215613] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.216017] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.216331] page dumped because: kasan: bad access detected [ 14.216618] [ 14.216751] Memory state around the buggy address: [ 14.217044] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.217321] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.217545] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.217937] ^ [ 14.218268] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.218673] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.219125] ================================================================== [ 14.874664] ================================================================== [ 14.875519] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 14.876186] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.877092] [ 14.877339] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.877435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.877451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.877474] Call Trace: [ 14.877489] <TASK> [ 14.877506] dump_stack_lvl+0x73/0xb0 [ 14.877536] print_report+0xd1/0x650 [ 14.877562] ? __virt_addr_valid+0x1db/0x2d0 [ 14.877598] ? kasan_atomics_helper+0x177f/0x5450 [ 14.877620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.877643] ? kasan_atomics_helper+0x177f/0x5450 [ 14.877666] kasan_report+0x141/0x180 [ 14.877690] ? kasan_atomics_helper+0x177f/0x5450 [ 14.877717] kasan_check_range+0x10c/0x1c0 [ 14.877741] __kasan_check_write+0x18/0x20 [ 14.877761] kasan_atomics_helper+0x177f/0x5450 [ 14.877785] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.877808] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.877834] ? kasan_atomics+0x152/0x310 [ 14.877862] kasan_atomics+0x1dc/0x310 [ 14.877886] ? __pfx_kasan_atomics+0x10/0x10 [ 14.877908] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.877936] ? __pfx_read_tsc+0x10/0x10 [ 14.877957] ? ktime_get_ts64+0x86/0x230 [ 14.877982] kunit_try_run_case+0x1a5/0x480 [ 14.878007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.878030] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.878053] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.878077] ? __kthread_parkme+0x82/0x180 [ 14.878099] ? preempt_count_sub+0x50/0x80 [ 14.878123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.878147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.878171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.878196] kthread+0x337/0x6f0 [ 14.878217] ? trace_preempt_on+0x20/0xc0 [ 14.878243] ? __pfx_kthread+0x10/0x10 [ 14.878264] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.878286] ? calculate_sigpending+0x7b/0xa0 [ 14.878310] ? __pfx_kthread+0x10/0x10 [ 14.878332] ret_from_fork+0x116/0x1d0 [ 14.878351] ? __pfx_kthread+0x10/0x10 [ 14.878372] ret_from_fork_asm+0x1a/0x30 [ 14.878414] </TASK> [ 14.878425] [ 14.886506] Allocated by task 282: [ 14.886693] kasan_save_stack+0x45/0x70 [ 14.886838] kasan_save_track+0x18/0x40 [ 14.886968] kasan_save_alloc_info+0x3b/0x50 [ 14.887149] __kasan_kmalloc+0xb7/0xc0 [ 14.887280] __kmalloc_cache_noprof+0x189/0x420 [ 14.887441] kasan_atomics+0x95/0x310 [ 14.887681] kunit_try_run_case+0x1a5/0x480 [ 14.887886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.888142] kthread+0x337/0x6f0 [ 14.888314] ret_from_fork+0x116/0x1d0 [ 14.888519] ret_from_fork_asm+0x1a/0x30 [ 14.888666] [ 14.888736] The buggy address belongs to the object at ffff8881025a0d80 [ 14.888736] which belongs to the cache kmalloc-64 of size 64 [ 14.889429] The buggy address is located 0 bytes to the right of [ 14.889429] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.890079] [ 14.890154] The buggy address belongs to the physical page: [ 14.890322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.890564] flags: 0x200000000000000(node=0|zone=2) [ 14.890724] page_type: f5(slab) [ 14.890841] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.891121] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.891487] page dumped because: kasan: bad access detected [ 14.891737] [ 14.891832] Memory state around the buggy address: [ 14.892056] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.892391] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.892767] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.893098] ^ [ 14.893302] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.893613] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.893873] ================================================================== [ 13.939558] ================================================================== [ 13.939891] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 13.940251] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 13.940491] [ 13.940574] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.940615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.940626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.940646] Call Trace: [ 13.940659] <TASK> [ 13.940674] dump_stack_lvl+0x73/0xb0 [ 13.940699] print_report+0xd1/0x650 [ 13.940721] ? __virt_addr_valid+0x1db/0x2d0 [ 13.940743] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.940763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.940784] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.940805] kasan_report+0x141/0x180 [ 13.940825] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.940851] __asan_report_load4_noabort+0x18/0x20 [ 13.940874] kasan_atomics_helper+0x4b88/0x5450 [ 13.940896] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.940916] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.940941] ? kasan_atomics+0x152/0x310 [ 13.940967] kasan_atomics+0x1dc/0x310 [ 13.941162] ? __pfx_kasan_atomics+0x10/0x10 [ 13.941186] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.941212] ? __pfx_read_tsc+0x10/0x10 [ 13.941233] ? ktime_get_ts64+0x86/0x230 [ 13.941256] kunit_try_run_case+0x1a5/0x480 [ 13.941278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.941301] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.941323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.941345] ? __kthread_parkme+0x82/0x180 [ 13.941365] ? preempt_count_sub+0x50/0x80 [ 13.941402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.941425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.941447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.941469] kthread+0x337/0x6f0 [ 13.941488] ? trace_preempt_on+0x20/0xc0 [ 13.941510] ? __pfx_kthread+0x10/0x10 [ 13.941530] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.941550] ? calculate_sigpending+0x7b/0xa0 [ 13.941583] ? __pfx_kthread+0x10/0x10 [ 13.941604] ret_from_fork+0x116/0x1d0 [ 13.941622] ? __pfx_kthread+0x10/0x10 [ 13.941642] ret_from_fork_asm+0x1a/0x30 [ 13.941671] </TASK> [ 13.941683] [ 13.950183] Allocated by task 282: [ 13.950355] kasan_save_stack+0x45/0x70 [ 13.950568] kasan_save_track+0x18/0x40 [ 13.951104] kasan_save_alloc_info+0x3b/0x50 [ 13.951415] __kasan_kmalloc+0xb7/0xc0 [ 13.951577] __kmalloc_cache_noprof+0x189/0x420 [ 13.951734] kasan_atomics+0x95/0x310 [ 13.952158] kunit_try_run_case+0x1a5/0x480 [ 13.952388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.952644] kthread+0x337/0x6f0 [ 13.952794] ret_from_fork+0x116/0x1d0 [ 13.952927] ret_from_fork_asm+0x1a/0x30 [ 13.953067] [ 13.953138] The buggy address belongs to the object at ffff8881025a0d80 [ 13.953138] which belongs to the cache kmalloc-64 of size 64 [ 13.954299] The buggy address is located 0 bytes to the right of [ 13.954299] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 13.954823] [ 13.954900] The buggy address belongs to the physical page: [ 13.955075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 13.955472] flags: 0x200000000000000(node=0|zone=2) [ 13.955954] page_type: f5(slab) [ 13.956131] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.956505] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.956762] page dumped because: kasan: bad access detected [ 13.956957] [ 13.957104] Memory state around the buggy address: [ 13.957330] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.957676] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.958151] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.958449] ^ [ 13.958700] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.958921] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.959242] ================================================================== [ 15.060912] ================================================================== [ 15.061523] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.061914] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.062255] [ 15.062448] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.062491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.062516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.062537] Call Trace: [ 15.062553] <TASK> [ 15.062570] dump_stack_lvl+0x73/0xb0 [ 15.062598] print_report+0xd1/0x650 [ 15.062622] ? __virt_addr_valid+0x1db/0x2d0 [ 15.062645] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.062667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.062721] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.062755] kasan_report+0x141/0x180 [ 15.062815] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.062853] kasan_check_range+0x10c/0x1c0 [ 15.062888] __kasan_check_write+0x18/0x20 [ 15.062908] kasan_atomics_helper+0x1ce1/0x5450 [ 15.062931] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.062954] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.062979] ? kasan_atomics+0x152/0x310 [ 15.063007] kasan_atomics+0x1dc/0x310 [ 15.063029] ? __pfx_kasan_atomics+0x10/0x10 [ 15.063052] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.063078] ? __pfx_read_tsc+0x10/0x10 [ 15.063100] ? ktime_get_ts64+0x86/0x230 [ 15.063125] kunit_try_run_case+0x1a5/0x480 [ 15.063150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.063172] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.063196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.063219] ? __kthread_parkme+0x82/0x180 [ 15.063240] ? preempt_count_sub+0x50/0x80 [ 15.063264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.063289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.063341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.063366] kthread+0x337/0x6f0 [ 15.063400] ? trace_preempt_on+0x20/0xc0 [ 15.063451] ? __pfx_kthread+0x10/0x10 [ 15.063473] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.063496] ? calculate_sigpending+0x7b/0xa0 [ 15.063531] ? __pfx_kthread+0x10/0x10 [ 15.063553] ret_from_fork+0x116/0x1d0 [ 15.063583] ? __pfx_kthread+0x10/0x10 [ 15.063604] ret_from_fork_asm+0x1a/0x30 [ 15.063635] </TASK> [ 15.063647] [ 15.072110] Allocated by task 282: [ 15.072364] kasan_save_stack+0x45/0x70 [ 15.072589] kasan_save_track+0x18/0x40 [ 15.072788] kasan_save_alloc_info+0x3b/0x50 [ 15.072980] __kasan_kmalloc+0xb7/0xc0 [ 15.073157] __kmalloc_cache_noprof+0x189/0x420 [ 15.073352] kasan_atomics+0x95/0x310 [ 15.073537] kunit_try_run_case+0x1a5/0x480 [ 15.073801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.074063] kthread+0x337/0x6f0 [ 15.074214] ret_from_fork+0x116/0x1d0 [ 15.074439] ret_from_fork_asm+0x1a/0x30 [ 15.074739] [ 15.074818] The buggy address belongs to the object at ffff8881025a0d80 [ 15.074818] which belongs to the cache kmalloc-64 of size 64 [ 15.075270] The buggy address is located 0 bytes to the right of [ 15.075270] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.075693] [ 15.075791] The buggy address belongs to the physical page: [ 15.076049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.076437] flags: 0x200000000000000(node=0|zone=2) [ 15.076797] page_type: f5(slab) [ 15.077029] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.077275] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.077512] page dumped because: kasan: bad access detected [ 15.077686] [ 15.077791] Memory state around the buggy address: [ 15.078048] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.078401] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.078728] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.079055] ^ [ 15.079293] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.079763] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.080045] ================================================================== [ 15.138962] ================================================================== [ 15.139393] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.139841] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.140214] [ 15.140358] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.140421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.140434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.140458] Call Trace: [ 15.140473] <TASK> [ 15.140492] dump_stack_lvl+0x73/0xb0 [ 15.140523] print_report+0xd1/0x650 [ 15.140547] ? __virt_addr_valid+0x1db/0x2d0 [ 15.140570] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.140592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.140614] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.140636] kasan_report+0x141/0x180 [ 15.140658] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.140684] kasan_check_range+0x10c/0x1c0 [ 15.140720] __kasan_check_write+0x18/0x20 [ 15.140741] kasan_atomics_helper+0x1f43/0x5450 [ 15.140775] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.140798] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.140824] ? kasan_atomics+0x152/0x310 [ 15.140861] kasan_atomics+0x1dc/0x310 [ 15.140884] ? __pfx_kasan_atomics+0x10/0x10 [ 15.140906] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.140933] ? __pfx_read_tsc+0x10/0x10 [ 15.140955] ? ktime_get_ts64+0x86/0x230 [ 15.140981] kunit_try_run_case+0x1a5/0x480 [ 15.141005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.141037] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.141060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.141082] ? __kthread_parkme+0x82/0x180 [ 15.141114] ? preempt_count_sub+0x50/0x80 [ 15.141138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.141162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.141186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.141210] kthread+0x337/0x6f0 [ 15.141230] ? trace_preempt_on+0x20/0xc0 [ 15.141255] ? __pfx_kthread+0x10/0x10 [ 15.141276] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.141298] ? calculate_sigpending+0x7b/0xa0 [ 15.141322] ? __pfx_kthread+0x10/0x10 [ 15.141343] ret_from_fork+0x116/0x1d0 [ 15.141362] ? __pfx_kthread+0x10/0x10 [ 15.141392] ret_from_fork_asm+0x1a/0x30 [ 15.141423] </TASK> [ 15.141435] [ 15.151463] Allocated by task 282: [ 15.151669] kasan_save_stack+0x45/0x70 [ 15.152047] kasan_save_track+0x18/0x40 [ 15.152400] kasan_save_alloc_info+0x3b/0x50 [ 15.152887] __kasan_kmalloc+0xb7/0xc0 [ 15.153246] __kmalloc_cache_noprof+0x189/0x420 [ 15.153664] kasan_atomics+0x95/0x310 [ 15.154010] kunit_try_run_case+0x1a5/0x480 [ 15.154413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.155055] kthread+0x337/0x6f0 [ 15.155397] ret_from_fork+0x116/0x1d0 [ 15.155757] ret_from_fork_asm+0x1a/0x30 [ 15.156133] [ 15.156313] The buggy address belongs to the object at ffff8881025a0d80 [ 15.156313] which belongs to the cache kmalloc-64 of size 64 [ 15.157158] The buggy address is located 0 bytes to the right of [ 15.157158] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.157537] [ 15.157631] The buggy address belongs to the physical page: [ 15.157901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.158572] flags: 0x200000000000000(node=0|zone=2) [ 15.159047] page_type: f5(slab) [ 15.159356] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.159617] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.160280] page dumped because: kasan: bad access detected [ 15.160896] [ 15.161062] Memory state around the buggy address: [ 15.161485] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.161745] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.162326] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.162550] ^ [ 15.162993] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.163594] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.164228] ================================================================== [ 15.303468] ================================================================== [ 15.303938] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.304212] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.304569] [ 15.304752] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.304793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.304805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.304827] Call Trace: [ 15.304840] <TASK> [ 15.304854] dump_stack_lvl+0x73/0xb0 [ 15.304881] print_report+0xd1/0x650 [ 15.304904] ? __virt_addr_valid+0x1db/0x2d0 [ 15.304927] ? kasan_atomics_helper+0x224c/0x5450 [ 15.304949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.304970] ? kasan_atomics_helper+0x224c/0x5450 [ 15.304992] kasan_report+0x141/0x180 [ 15.305014] ? kasan_atomics_helper+0x224c/0x5450 [ 15.305041] kasan_check_range+0x10c/0x1c0 [ 15.305064] __kasan_check_write+0x18/0x20 [ 15.305084] kasan_atomics_helper+0x224c/0x5450 [ 15.305106] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.305128] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.305153] ? kasan_atomics+0x152/0x310 [ 15.305179] kasan_atomics+0x1dc/0x310 [ 15.305202] ? __pfx_kasan_atomics+0x10/0x10 [ 15.305225] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.305252] ? __pfx_read_tsc+0x10/0x10 [ 15.305272] ? ktime_get_ts64+0x86/0x230 [ 15.305296] kunit_try_run_case+0x1a5/0x480 [ 15.305345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.305370] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.305403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.305428] ? __kthread_parkme+0x82/0x180 [ 15.305449] ? preempt_count_sub+0x50/0x80 [ 15.305473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.305497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.305520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.305543] kthread+0x337/0x6f0 [ 15.305563] ? trace_preempt_on+0x20/0xc0 [ 15.305594] ? __pfx_kthread+0x10/0x10 [ 15.305615] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.305637] ? calculate_sigpending+0x7b/0xa0 [ 15.305660] ? __pfx_kthread+0x10/0x10 [ 15.305682] ret_from_fork+0x116/0x1d0 [ 15.305700] ? __pfx_kthread+0x10/0x10 [ 15.305721] ret_from_fork_asm+0x1a/0x30 [ 15.305751] </TASK> [ 15.305762] [ 15.314105] Allocated by task 282: [ 15.314329] kasan_save_stack+0x45/0x70 [ 15.314523] kasan_save_track+0x18/0x40 [ 15.314896] kasan_save_alloc_info+0x3b/0x50 [ 15.315129] __kasan_kmalloc+0xb7/0xc0 [ 15.315328] __kmalloc_cache_noprof+0x189/0x420 [ 15.315562] kasan_atomics+0x95/0x310 [ 15.315745] kunit_try_run_case+0x1a5/0x480 [ 15.315974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.316216] kthread+0x337/0x6f0 [ 15.316402] ret_from_fork+0x116/0x1d0 [ 15.316617] ret_from_fork_asm+0x1a/0x30 [ 15.316817] [ 15.316894] The buggy address belongs to the object at ffff8881025a0d80 [ 15.316894] which belongs to the cache kmalloc-64 of size 64 [ 15.317425] The buggy address is located 0 bytes to the right of [ 15.317425] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.317984] [ 15.318110] The buggy address belongs to the physical page: [ 15.318305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.318555] flags: 0x200000000000000(node=0|zone=2) [ 15.318821] page_type: f5(slab) [ 15.318984] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.319352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.319739] page dumped because: kasan: bad access detected [ 15.319998] [ 15.320091] Memory state around the buggy address: [ 15.320314] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.320548] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.320805] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.321168] ^ [ 15.321456] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.321987] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.322298] ================================================================== [ 15.184777] ================================================================== [ 15.185705] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.186089] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.186451] [ 15.186557] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.186603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.186616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.186637] Call Trace: [ 15.186664] <TASK> [ 15.186682] dump_stack_lvl+0x73/0xb0 [ 15.186711] print_report+0xd1/0x650 [ 15.186747] ? __virt_addr_valid+0x1db/0x2d0 [ 15.186770] ? kasan_atomics_helper+0x2006/0x5450 [ 15.186791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.186814] ? kasan_atomics_helper+0x2006/0x5450 [ 15.186835] kasan_report+0x141/0x180 [ 15.186857] ? kasan_atomics_helper+0x2006/0x5450 [ 15.186884] kasan_check_range+0x10c/0x1c0 [ 15.186907] __kasan_check_write+0x18/0x20 [ 15.186926] kasan_atomics_helper+0x2006/0x5450 [ 15.186950] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.186972] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.186998] ? kasan_atomics+0x152/0x310 [ 15.187026] kasan_atomics+0x1dc/0x310 [ 15.187050] ? __pfx_kasan_atomics+0x10/0x10 [ 15.187081] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.187108] ? __pfx_read_tsc+0x10/0x10 [ 15.187140] ? ktime_get_ts64+0x86/0x230 [ 15.187166] kunit_try_run_case+0x1a5/0x480 [ 15.187191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.187214] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.187245] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.187269] ? __kthread_parkme+0x82/0x180 [ 15.187300] ? preempt_count_sub+0x50/0x80 [ 15.187325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.187349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.187389] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.187413] kthread+0x337/0x6f0 [ 15.187433] ? trace_preempt_on+0x20/0xc0 [ 15.187467] ? __pfx_kthread+0x10/0x10 [ 15.187488] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.187510] ? calculate_sigpending+0x7b/0xa0 [ 15.187535] ? __pfx_kthread+0x10/0x10 [ 15.187557] ret_from_fork+0x116/0x1d0 [ 15.187586] ? __pfx_kthread+0x10/0x10 [ 15.187615] ret_from_fork_asm+0x1a/0x30 [ 15.187646] </TASK> [ 15.187658] [ 15.195298] Allocated by task 282: [ 15.195441] kasan_save_stack+0x45/0x70 [ 15.195593] kasan_save_track+0x18/0x40 [ 15.195770] kasan_save_alloc_info+0x3b/0x50 [ 15.196032] __kasan_kmalloc+0xb7/0xc0 [ 15.196241] __kmalloc_cache_noprof+0x189/0x420 [ 15.196473] kasan_atomics+0x95/0x310 [ 15.196760] kunit_try_run_case+0x1a5/0x480 [ 15.196967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.197213] kthread+0x337/0x6f0 [ 15.197389] ret_from_fork+0x116/0x1d0 [ 15.197585] ret_from_fork_asm+0x1a/0x30 [ 15.197782] [ 15.197862] The buggy address belongs to the object at ffff8881025a0d80 [ 15.197862] which belongs to the cache kmalloc-64 of size 64 [ 15.198211] The buggy address is located 0 bytes to the right of [ 15.198211] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.198804] [ 15.198900] The buggy address belongs to the physical page: [ 15.199155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.199530] flags: 0x200000000000000(node=0|zone=2) [ 15.199838] page_type: f5(slab) [ 15.199997] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.200237] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.200474] page dumped because: kasan: bad access detected [ 15.200819] [ 15.200933] Memory state around the buggy address: [ 15.201155] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.201458] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.201673] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.201886] ^ [ 15.202119] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.202460] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.203039] ================================================================== [ 15.166068] ================================================================== [ 15.166886] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.167417] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.167801] [ 15.167895] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.167941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.167954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.167976] Call Trace: [ 15.167995] <TASK> [ 15.168014] dump_stack_lvl+0x73/0xb0 [ 15.168043] print_report+0xd1/0x650 [ 15.168068] ? __virt_addr_valid+0x1db/0x2d0 [ 15.168091] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.168112] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.168135] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.168156] kasan_report+0x141/0x180 [ 15.168178] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.168204] __asan_report_load8_noabort+0x18/0x20 [ 15.168229] kasan_atomics_helper+0x4f71/0x5450 [ 15.168251] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.168274] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.168300] ? kasan_atomics+0x152/0x310 [ 15.168328] kasan_atomics+0x1dc/0x310 [ 15.168351] ? __pfx_kasan_atomics+0x10/0x10 [ 15.168373] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.168415] ? __pfx_read_tsc+0x10/0x10 [ 15.168438] ? ktime_get_ts64+0x86/0x230 [ 15.168465] kunit_try_run_case+0x1a5/0x480 [ 15.168502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.168525] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.168548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.168584] ? __kthread_parkme+0x82/0x180 [ 15.168606] ? preempt_count_sub+0x50/0x80 [ 15.168631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.168654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.168677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.168713] kthread+0x337/0x6f0 [ 15.168734] ? trace_preempt_on+0x20/0xc0 [ 15.168771] ? __pfx_kthread+0x10/0x10 [ 15.168792] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.168813] ? calculate_sigpending+0x7b/0xa0 [ 15.168838] ? __pfx_kthread+0x10/0x10 [ 15.168859] ret_from_fork+0x116/0x1d0 [ 15.168887] ? __pfx_kthread+0x10/0x10 [ 15.168908] ret_from_fork_asm+0x1a/0x30 [ 15.168939] </TASK> [ 15.168961] [ 15.176769] Allocated by task 282: [ 15.176965] kasan_save_stack+0x45/0x70 [ 15.177138] kasan_save_track+0x18/0x40 [ 15.177277] kasan_save_alloc_info+0x3b/0x50 [ 15.177469] __kasan_kmalloc+0xb7/0xc0 [ 15.177666] __kmalloc_cache_noprof+0x189/0x420 [ 15.177902] kasan_atomics+0x95/0x310 [ 15.178145] kunit_try_run_case+0x1a5/0x480 [ 15.178301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.178570] kthread+0x337/0x6f0 [ 15.178760] ret_from_fork+0x116/0x1d0 [ 15.178926] ret_from_fork_asm+0x1a/0x30 [ 15.179071] [ 15.179179] The buggy address belongs to the object at ffff8881025a0d80 [ 15.179179] which belongs to the cache kmalloc-64 of size 64 [ 15.179720] The buggy address is located 0 bytes to the right of [ 15.179720] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.180238] [ 15.180356] The buggy address belongs to the physical page: [ 15.180551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.180932] flags: 0x200000000000000(node=0|zone=2) [ 15.181148] page_type: f5(slab) [ 15.181340] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.181746] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.182026] page dumped because: kasan: bad access detected [ 15.182306] [ 15.182406] Memory state around the buggy address: [ 15.182648] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.182934] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.183193] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.183415] ^ [ 15.183570] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.183784] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.184092] ================================================================== [ 14.219762] ================================================================== [ 14.220313] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.220725] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.221095] [ 14.221189] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.221232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.221246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.221267] Call Trace: [ 14.221281] <TASK> [ 14.221296] dump_stack_lvl+0x73/0xb0 [ 14.221326] print_report+0xd1/0x650 [ 14.221349] ? __virt_addr_valid+0x1db/0x2d0 [ 14.221418] ? kasan_atomics_helper+0x992/0x5450 [ 14.221440] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.221491] ? kasan_atomics_helper+0x992/0x5450 [ 14.221513] kasan_report+0x141/0x180 [ 14.221594] ? kasan_atomics_helper+0x992/0x5450 [ 14.221631] kasan_check_range+0x10c/0x1c0 [ 14.221655] __kasan_check_write+0x18/0x20 [ 14.221675] kasan_atomics_helper+0x992/0x5450 [ 14.221697] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.221719] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.221746] ? kasan_atomics+0x152/0x310 [ 14.221773] kasan_atomics+0x1dc/0x310 [ 14.221796] ? __pfx_kasan_atomics+0x10/0x10 [ 14.221819] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.221869] ? __pfx_read_tsc+0x10/0x10 [ 14.221890] ? ktime_get_ts64+0x86/0x230 [ 14.222015] kunit_try_run_case+0x1a5/0x480 [ 14.222045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.222069] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.222104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.222127] ? __kthread_parkme+0x82/0x180 [ 14.222176] ? preempt_count_sub+0x50/0x80 [ 14.222202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.222238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.222264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.222313] kthread+0x337/0x6f0 [ 14.222333] ? trace_preempt_on+0x20/0xc0 [ 14.222357] ? __pfx_kthread+0x10/0x10 [ 14.222393] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.222417] ? calculate_sigpending+0x7b/0xa0 [ 14.222440] ? __pfx_kthread+0x10/0x10 [ 14.222488] ret_from_fork+0x116/0x1d0 [ 14.222507] ? __pfx_kthread+0x10/0x10 [ 14.222528] ret_from_fork_asm+0x1a/0x30 [ 14.222583] </TASK> [ 14.222596] [ 14.232501] Allocated by task 282: [ 14.232653] kasan_save_stack+0x45/0x70 [ 14.232803] kasan_save_track+0x18/0x40 [ 14.232995] kasan_save_alloc_info+0x3b/0x50 [ 14.233209] __kasan_kmalloc+0xb7/0xc0 [ 14.233414] __kmalloc_cache_noprof+0x189/0x420 [ 14.233650] kasan_atomics+0x95/0x310 [ 14.233845] kunit_try_run_case+0x1a5/0x480 [ 14.234028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.234254] kthread+0x337/0x6f0 [ 14.234591] ret_from_fork+0x116/0x1d0 [ 14.234760] ret_from_fork_asm+0x1a/0x30 [ 14.234997] [ 14.235087] The buggy address belongs to the object at ffff8881025a0d80 [ 14.235087] which belongs to the cache kmalloc-64 of size 64 [ 14.235509] The buggy address is located 0 bytes to the right of [ 14.235509] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.236406] [ 14.236576] The buggy address belongs to the physical page: [ 14.236833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.237316] flags: 0x200000000000000(node=0|zone=2) [ 14.237633] page_type: f5(slab) [ 14.237809] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.238331] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.238715] page dumped because: kasan: bad access detected [ 14.238890] [ 14.238996] Memory state around the buggy address: [ 14.239333] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.239743] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.240302] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.240703] ^ [ 14.241082] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.241468] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.241851] ================================================================== [ 14.588835] ================================================================== [ 14.589361] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.589851] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.590367] [ 14.590499] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.590550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.590565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.590730] Call Trace: [ 14.590754] <TASK> [ 14.590776] dump_stack_lvl+0x73/0xb0 [ 14.590811] print_report+0xd1/0x650 [ 14.590837] ? __virt_addr_valid+0x1db/0x2d0 [ 14.590901] ? kasan_atomics_helper+0x1217/0x5450 [ 14.590939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.590963] ? kasan_atomics_helper+0x1217/0x5450 [ 14.590985] kasan_report+0x141/0x180 [ 14.591007] ? kasan_atomics_helper+0x1217/0x5450 [ 14.591034] kasan_check_range+0x10c/0x1c0 [ 14.591057] __kasan_check_write+0x18/0x20 [ 14.591077] kasan_atomics_helper+0x1217/0x5450 [ 14.591099] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.591122] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.591148] ? kasan_atomics+0x152/0x310 [ 14.591175] kasan_atomics+0x1dc/0x310 [ 14.591198] ? __pfx_kasan_atomics+0x10/0x10 [ 14.591220] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.591248] ? __pfx_read_tsc+0x10/0x10 [ 14.591271] ? ktime_get_ts64+0x86/0x230 [ 14.591296] kunit_try_run_case+0x1a5/0x480 [ 14.591322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.591345] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.591367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.591405] ? __kthread_parkme+0x82/0x180 [ 14.591428] ? preempt_count_sub+0x50/0x80 [ 14.591453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.591477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.591502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.591527] kthread+0x337/0x6f0 [ 14.591547] ? trace_preempt_on+0x20/0xc0 [ 14.591578] ? __pfx_kthread+0x10/0x10 [ 14.591600] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.591622] ? calculate_sigpending+0x7b/0xa0 [ 14.591647] ? __pfx_kthread+0x10/0x10 [ 14.591669] ret_from_fork+0x116/0x1d0 [ 14.591688] ? __pfx_kthread+0x10/0x10 [ 14.591709] ret_from_fork_asm+0x1a/0x30 [ 14.591740] </TASK> [ 14.591753] [ 14.604108] Allocated by task 282: [ 14.604280] kasan_save_stack+0x45/0x70 [ 14.604767] kasan_save_track+0x18/0x40 [ 14.604921] kasan_save_alloc_info+0x3b/0x50 [ 14.605073] __kasan_kmalloc+0xb7/0xc0 [ 14.605206] __kmalloc_cache_noprof+0x189/0x420 [ 14.605362] kasan_atomics+0x95/0x310 [ 14.606290] kunit_try_run_case+0x1a5/0x480 [ 14.606742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.607190] kthread+0x337/0x6f0 [ 14.607386] ret_from_fork+0x116/0x1d0 [ 14.607769] ret_from_fork_asm+0x1a/0x30 [ 14.608140] [ 14.608392] The buggy address belongs to the object at ffff8881025a0d80 [ 14.608392] which belongs to the cache kmalloc-64 of size 64 [ 14.609153] The buggy address is located 0 bytes to the right of [ 14.609153] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.610050] [ 14.610162] The buggy address belongs to the physical page: [ 14.610683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.611502] flags: 0x200000000000000(node=0|zone=2) [ 14.611885] page_type: f5(slab) [ 14.612194] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.612523] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.613215] page dumped because: kasan: bad access detected [ 14.613703] [ 14.613810] Memory state around the buggy address: [ 14.614274] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.614889] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.615401] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.615900] ^ [ 14.616352] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.616877] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.617362] ================================================================== [ 15.080733] ================================================================== [ 15.081461] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.081902] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.082249] [ 15.082365] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.082448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.082462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.082484] Call Trace: [ 15.082511] <TASK> [ 15.082528] dump_stack_lvl+0x73/0xb0 [ 15.082556] print_report+0xd1/0x650 [ 15.082580] ? __virt_addr_valid+0x1db/0x2d0 [ 15.082604] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.082625] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.082648] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.082680] kasan_report+0x141/0x180 [ 15.082704] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.082731] kasan_check_range+0x10c/0x1c0 [ 15.082754] __kasan_check_write+0x18/0x20 [ 15.082806] kasan_atomics_helper+0x1d7a/0x5450 [ 15.082829] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.082874] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.082900] ? kasan_atomics+0x152/0x310 [ 15.082927] kasan_atomics+0x1dc/0x310 [ 15.082950] ? __pfx_kasan_atomics+0x10/0x10 [ 15.082972] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.082998] ? __pfx_read_tsc+0x10/0x10 [ 15.083020] ? ktime_get_ts64+0x86/0x230 [ 15.083044] kunit_try_run_case+0x1a5/0x480 [ 15.083068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.083091] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.083114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.083137] ? __kthread_parkme+0x82/0x180 [ 15.083158] ? preempt_count_sub+0x50/0x80 [ 15.083182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.083206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.083230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.083255] kthread+0x337/0x6f0 [ 15.083275] ? trace_preempt_on+0x20/0xc0 [ 15.083298] ? __pfx_kthread+0x10/0x10 [ 15.083320] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.083342] ? calculate_sigpending+0x7b/0xa0 [ 15.083365] ? __pfx_kthread+0x10/0x10 [ 15.083397] ret_from_fork+0x116/0x1d0 [ 15.083424] ? __pfx_kthread+0x10/0x10 [ 15.083445] ret_from_fork_asm+0x1a/0x30 [ 15.083475] </TASK> [ 15.083498] [ 15.091435] Allocated by task 282: [ 15.091657] kasan_save_stack+0x45/0x70 [ 15.091837] kasan_save_track+0x18/0x40 [ 15.091976] kasan_save_alloc_info+0x3b/0x50 [ 15.092168] __kasan_kmalloc+0xb7/0xc0 [ 15.092383] __kmalloc_cache_noprof+0x189/0x420 [ 15.092606] kasan_atomics+0x95/0x310 [ 15.092823] kunit_try_run_case+0x1a5/0x480 [ 15.092984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.093239] kthread+0x337/0x6f0 [ 15.093443] ret_from_fork+0x116/0x1d0 [ 15.093679] ret_from_fork_asm+0x1a/0x30 [ 15.093862] [ 15.093937] The buggy address belongs to the object at ffff8881025a0d80 [ 15.093937] which belongs to the cache kmalloc-64 of size 64 [ 15.094465] The buggy address is located 0 bytes to the right of [ 15.094465] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.095018] [ 15.095093] The buggy address belongs to the physical page: [ 15.095265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.095512] flags: 0x200000000000000(node=0|zone=2) [ 15.095913] page_type: f5(slab) [ 15.096085] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.096442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.096959] page dumped because: kasan: bad access detected [ 15.097134] [ 15.097207] Memory state around the buggy address: [ 15.097370] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.097874] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.098202] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.098472] ^ [ 15.098628] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.099204] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.099513] ================================================================== [ 15.041199] ================================================================== [ 15.042044] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.042448] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.042878] [ 15.043006] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.043064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.043077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.043101] Call Trace: [ 15.043117] <TASK> [ 15.043164] dump_stack_lvl+0x73/0xb0 [ 15.043193] print_report+0xd1/0x650 [ 15.043228] ? __virt_addr_valid+0x1db/0x2d0 [ 15.043252] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.043274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.043296] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.043318] kasan_report+0x141/0x180 [ 15.043341] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.043367] __asan_report_load8_noabort+0x18/0x20 [ 15.043401] kasan_atomics_helper+0x4f30/0x5450 [ 15.043424] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.043446] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.043503] ? kasan_atomics+0x152/0x310 [ 15.043530] kasan_atomics+0x1dc/0x310 [ 15.043564] ? __pfx_kasan_atomics+0x10/0x10 [ 15.043599] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.043626] ? __pfx_read_tsc+0x10/0x10 [ 15.043678] ? ktime_get_ts64+0x86/0x230 [ 15.043703] kunit_try_run_case+0x1a5/0x480 [ 15.043739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.043762] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.043784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.043808] ? __kthread_parkme+0x82/0x180 [ 15.043829] ? preempt_count_sub+0x50/0x80 [ 15.043854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.043878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.043901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.043925] kthread+0x337/0x6f0 [ 15.043945] ? trace_preempt_on+0x20/0xc0 [ 15.043971] ? __pfx_kthread+0x10/0x10 [ 15.043992] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.044014] ? calculate_sigpending+0x7b/0xa0 [ 15.044038] ? __pfx_kthread+0x10/0x10 [ 15.044060] ret_from_fork+0x116/0x1d0 [ 15.044079] ? __pfx_kthread+0x10/0x10 [ 15.044100] ret_from_fork_asm+0x1a/0x30 [ 15.044132] </TASK> [ 15.044145] [ 15.052035] Allocated by task 282: [ 15.052274] kasan_save_stack+0x45/0x70 [ 15.052514] kasan_save_track+0x18/0x40 [ 15.052803] kasan_save_alloc_info+0x3b/0x50 [ 15.053038] __kasan_kmalloc+0xb7/0xc0 [ 15.053205] __kmalloc_cache_noprof+0x189/0x420 [ 15.053363] kasan_atomics+0x95/0x310 [ 15.053546] kunit_try_run_case+0x1a5/0x480 [ 15.053803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.054127] kthread+0x337/0x6f0 [ 15.054337] ret_from_fork+0x116/0x1d0 [ 15.054482] ret_from_fork_asm+0x1a/0x30 [ 15.054627] [ 15.054711] The buggy address belongs to the object at ffff8881025a0d80 [ 15.054711] which belongs to the cache kmalloc-64 of size 64 [ 15.055328] The buggy address is located 0 bytes to the right of [ 15.055328] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.055896] [ 15.056027] The buggy address belongs to the physical page: [ 15.056418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.056665] flags: 0x200000000000000(node=0|zone=2) [ 15.056894] page_type: f5(slab) [ 15.057065] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.057441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.057817] page dumped because: kasan: bad access detected [ 15.058123] [ 15.058241] Memory state around the buggy address: [ 15.058448] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.058817] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.059131] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.059501] ^ [ 15.059853] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.060119] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.060412] ================================================================== [ 14.449164] ================================================================== [ 14.449672] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.450026] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.450425] [ 14.450597] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.450642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.450655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.450677] Call Trace: [ 14.450722] <TASK> [ 14.450739] dump_stack_lvl+0x73/0xb0 [ 14.450768] print_report+0xd1/0x650 [ 14.450802] ? __virt_addr_valid+0x1db/0x2d0 [ 14.450825] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.450847] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.450895] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.450942] kasan_report+0x141/0x180 [ 14.450972] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.450999] kasan_check_range+0x10c/0x1c0 [ 14.451023] __kasan_check_write+0x18/0x20 [ 14.451042] kasan_atomics_helper+0xfa9/0x5450 [ 14.451065] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.451088] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.451113] ? kasan_atomics+0x152/0x310 [ 14.451140] kasan_atomics+0x1dc/0x310 [ 14.451163] ? __pfx_kasan_atomics+0x10/0x10 [ 14.451186] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.451213] ? __pfx_read_tsc+0x10/0x10 [ 14.451235] ? ktime_get_ts64+0x86/0x230 [ 14.451259] kunit_try_run_case+0x1a5/0x480 [ 14.451284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.451307] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.451331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.451354] ? __kthread_parkme+0x82/0x180 [ 14.451386] ? preempt_count_sub+0x50/0x80 [ 14.451410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.451434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.451458] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.451483] kthread+0x337/0x6f0 [ 14.451503] ? trace_preempt_on+0x20/0xc0 [ 14.451527] ? __pfx_kthread+0x10/0x10 [ 14.451549] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.451618] ? calculate_sigpending+0x7b/0xa0 [ 14.451644] ? __pfx_kthread+0x10/0x10 [ 14.451665] ret_from_fork+0x116/0x1d0 [ 14.451696] ? __pfx_kthread+0x10/0x10 [ 14.451717] ret_from_fork_asm+0x1a/0x30 [ 14.451748] </TASK> [ 14.451760] [ 14.460803] Allocated by task 282: [ 14.461066] kasan_save_stack+0x45/0x70 [ 14.461311] kasan_save_track+0x18/0x40 [ 14.461486] kasan_save_alloc_info+0x3b/0x50 [ 14.461745] __kasan_kmalloc+0xb7/0xc0 [ 14.462007] __kmalloc_cache_noprof+0x189/0x420 [ 14.462278] kasan_atomics+0x95/0x310 [ 14.462513] kunit_try_run_case+0x1a5/0x480 [ 14.462781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.463091] kthread+0x337/0x6f0 [ 14.463300] ret_from_fork+0x116/0x1d0 [ 14.463490] ret_from_fork_asm+0x1a/0x30 [ 14.463733] [ 14.463872] The buggy address belongs to the object at ffff8881025a0d80 [ 14.463872] which belongs to the cache kmalloc-64 of size 64 [ 14.464482] The buggy address is located 0 bytes to the right of [ 14.464482] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.465135] [ 14.465255] The buggy address belongs to the physical page: [ 14.465648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.465977] flags: 0x200000000000000(node=0|zone=2) [ 14.466234] page_type: f5(slab) [ 14.466453] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.466792] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.467287] page dumped because: kasan: bad access detected [ 14.467528] [ 14.467711] Memory state around the buggy address: [ 14.467968] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.468416] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.468768] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.469240] ^ [ 14.469484] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.471613] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.471845] ================================================================== [ 14.407236] ================================================================== [ 14.407630] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.407877] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.408115] [ 14.408201] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.408244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.408257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.408278] Call Trace: [ 14.408295] <TASK> [ 14.408311] dump_stack_lvl+0x73/0xb0 [ 14.408340] print_report+0xd1/0x650 [ 14.408364] ? __virt_addr_valid+0x1db/0x2d0 [ 14.408444] ? kasan_atomics_helper+0xe78/0x5450 [ 14.408467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.408489] ? kasan_atomics_helper+0xe78/0x5450 [ 14.408523] kasan_report+0x141/0x180 [ 14.408546] ? kasan_atomics_helper+0xe78/0x5450 [ 14.408590] kasan_check_range+0x10c/0x1c0 [ 14.408625] __kasan_check_write+0x18/0x20 [ 14.408652] kasan_atomics_helper+0xe78/0x5450 [ 14.408675] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.408720] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.408745] ? kasan_atomics+0x152/0x310 [ 14.408773] kasan_atomics+0x1dc/0x310 [ 14.408806] ? __pfx_kasan_atomics+0x10/0x10 [ 14.408828] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.408855] ? __pfx_read_tsc+0x10/0x10 [ 14.408878] ? ktime_get_ts64+0x86/0x230 [ 14.408921] kunit_try_run_case+0x1a5/0x480 [ 14.408947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.408970] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.408993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.409017] ? __kthread_parkme+0x82/0x180 [ 14.409038] ? preempt_count_sub+0x50/0x80 [ 14.409063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.409089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.409112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.409139] kthread+0x337/0x6f0 [ 14.409158] ? trace_preempt_on+0x20/0xc0 [ 14.409184] ? __pfx_kthread+0x10/0x10 [ 14.409205] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.409227] ? calculate_sigpending+0x7b/0xa0 [ 14.409252] ? __pfx_kthread+0x10/0x10 [ 14.409273] ret_from_fork+0x116/0x1d0 [ 14.409292] ? __pfx_kthread+0x10/0x10 [ 14.409313] ret_from_fork_asm+0x1a/0x30 [ 14.409344] </TASK> [ 14.409357] [ 14.418817] Allocated by task 282: [ 14.419069] kasan_save_stack+0x45/0x70 [ 14.419369] kasan_save_track+0x18/0x40 [ 14.419581] kasan_save_alloc_info+0x3b/0x50 [ 14.419746] __kasan_kmalloc+0xb7/0xc0 [ 14.419942] __kmalloc_cache_noprof+0x189/0x420 [ 14.420158] kasan_atomics+0x95/0x310 [ 14.420337] kunit_try_run_case+0x1a5/0x480 [ 14.420510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.420763] kthread+0x337/0x6f0 [ 14.420929] ret_from_fork+0x116/0x1d0 [ 14.421086] ret_from_fork_asm+0x1a/0x30 [ 14.421220] [ 14.421291] The buggy address belongs to the object at ffff8881025a0d80 [ 14.421291] which belongs to the cache kmalloc-64 of size 64 [ 14.422261] The buggy address is located 0 bytes to the right of [ 14.422261] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.422654] [ 14.422743] The buggy address belongs to the physical page: [ 14.423106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.423642] flags: 0x200000000000000(node=0|zone=2) [ 14.423919] page_type: f5(slab) [ 14.424257] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.424513] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.424745] page dumped because: kasan: bad access detected [ 14.424915] [ 14.424984] Memory state around the buggy address: [ 14.425137] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.425429] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.425764] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.426073] ^ [ 14.426296] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.426776] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.427064] ================================================================== [ 14.077657] ================================================================== [ 14.077916] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.078272] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.078528] [ 14.078619] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.078666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.078680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.078706] Call Trace: [ 14.078726] <TASK> [ 14.078746] dump_stack_lvl+0x73/0xb0 [ 14.078776] print_report+0xd1/0x650 [ 14.078816] ? __virt_addr_valid+0x1db/0x2d0 [ 14.078840] ? kasan_atomics_helper+0x565/0x5450 [ 14.078862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.078894] ? kasan_atomics_helper+0x565/0x5450 [ 14.078916] kasan_report+0x141/0x180 [ 14.078939] ? kasan_atomics_helper+0x565/0x5450 [ 14.078966] kasan_check_range+0x10c/0x1c0 [ 14.078990] __kasan_check_write+0x18/0x20 [ 14.079010] kasan_atomics_helper+0x565/0x5450 [ 14.079033] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.079055] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.079082] ? kasan_atomics+0x152/0x310 [ 14.079110] kasan_atomics+0x1dc/0x310 [ 14.079135] ? __pfx_kasan_atomics+0x10/0x10 [ 14.079157] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.079183] ? __pfx_read_tsc+0x10/0x10 [ 14.079205] ? ktime_get_ts64+0x86/0x230 [ 14.079230] kunit_try_run_case+0x1a5/0x480 [ 14.079254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.079277] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.079300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.079322] ? __kthread_parkme+0x82/0x180 [ 14.079344] ? preempt_count_sub+0x50/0x80 [ 14.079368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.079403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.079426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.079450] kthread+0x337/0x6f0 [ 14.079469] ? trace_preempt_on+0x20/0xc0 [ 14.079495] ? __pfx_kthread+0x10/0x10 [ 14.079515] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.079537] ? calculate_sigpending+0x7b/0xa0 [ 14.079562] ? __pfx_kthread+0x10/0x10 [ 14.079593] ret_from_fork+0x116/0x1d0 [ 14.079613] ? __pfx_kthread+0x10/0x10 [ 14.079633] ret_from_fork_asm+0x1a/0x30 [ 14.079664] </TASK> [ 14.079677] [ 14.088120] Allocated by task 282: [ 14.088350] kasan_save_stack+0x45/0x70 [ 14.088527] kasan_save_track+0x18/0x40 [ 14.088733] kasan_save_alloc_info+0x3b/0x50 [ 14.088922] __kasan_kmalloc+0xb7/0xc0 [ 14.089109] __kmalloc_cache_noprof+0x189/0x420 [ 14.089268] kasan_atomics+0x95/0x310 [ 14.089456] kunit_try_run_case+0x1a5/0x480 [ 14.089780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.089978] kthread+0x337/0x6f0 [ 14.090100] ret_from_fork+0x116/0x1d0 [ 14.090230] ret_from_fork_asm+0x1a/0x30 [ 14.090368] [ 14.090449] The buggy address belongs to the object at ffff8881025a0d80 [ 14.090449] which belongs to the cache kmalloc-64 of size 64 [ 14.090871] The buggy address is located 0 bytes to the right of [ 14.090871] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.091870] [ 14.091966] The buggy address belongs to the physical page: [ 14.092178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.092509] flags: 0x200000000000000(node=0|zone=2) [ 14.092961] page_type: f5(slab) [ 14.093125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.093435] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.093784] page dumped because: kasan: bad access detected [ 14.094044] [ 14.094120] Memory state around the buggy address: [ 14.094339] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.094758] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.094975] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.095187] ^ [ 14.095340] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.096783] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.097288] ================================================================== [ 14.708158] ================================================================== [ 14.708707] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.709477] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.709873] [ 14.710135] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.710188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.710202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.710225] Call Trace: [ 14.710257] <TASK> [ 14.710278] dump_stack_lvl+0x73/0xb0 [ 14.710311] print_report+0xd1/0x650 [ 14.710336] ? __virt_addr_valid+0x1db/0x2d0 [ 14.710361] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.710392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.710415] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.710438] kasan_report+0x141/0x180 [ 14.710460] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.710486] kasan_check_range+0x10c/0x1c0 [ 14.710511] __kasan_check_read+0x15/0x20 [ 14.710530] kasan_atomics_helper+0x13b5/0x5450 [ 14.710552] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.710605] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.710633] ? kasan_atomics+0x152/0x310 [ 14.710662] kasan_atomics+0x1dc/0x310 [ 14.710685] ? __pfx_kasan_atomics+0x10/0x10 [ 14.710708] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.710736] ? __pfx_read_tsc+0x10/0x10 [ 14.710759] ? ktime_get_ts64+0x86/0x230 [ 14.710785] kunit_try_run_case+0x1a5/0x480 [ 14.710811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.710834] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.710857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.710880] ? __kthread_parkme+0x82/0x180 [ 14.710902] ? preempt_count_sub+0x50/0x80 [ 14.710927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.710952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.710975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.710999] kthread+0x337/0x6f0 [ 14.711019] ? trace_preempt_on+0x20/0xc0 [ 14.711044] ? __pfx_kthread+0x10/0x10 [ 14.711065] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.711087] ? calculate_sigpending+0x7b/0xa0 [ 14.711112] ? __pfx_kthread+0x10/0x10 [ 14.711133] ret_from_fork+0x116/0x1d0 [ 14.711152] ? __pfx_kthread+0x10/0x10 [ 14.711173] ret_from_fork_asm+0x1a/0x30 [ 14.711205] </TASK> [ 14.711218] [ 14.723524] Allocated by task 282: [ 14.723922] kasan_save_stack+0x45/0x70 [ 14.724346] kasan_save_track+0x18/0x40 [ 14.724716] kasan_save_alloc_info+0x3b/0x50 [ 14.725046] __kasan_kmalloc+0xb7/0xc0 [ 14.725240] __kmalloc_cache_noprof+0x189/0x420 [ 14.725459] kasan_atomics+0x95/0x310 [ 14.725882] kunit_try_run_case+0x1a5/0x480 [ 14.726216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.726660] kthread+0x337/0x6f0 [ 14.726936] ret_from_fork+0x116/0x1d0 [ 14.727145] ret_from_fork_asm+0x1a/0x30 [ 14.727320] [ 14.727424] The buggy address belongs to the object at ffff8881025a0d80 [ 14.727424] which belongs to the cache kmalloc-64 of size 64 [ 14.728507] The buggy address is located 0 bytes to the right of [ 14.728507] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.729478] [ 14.729741] The buggy address belongs to the physical page: [ 14.729975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.730497] flags: 0x200000000000000(node=0|zone=2) [ 14.730911] page_type: f5(slab) [ 14.731338] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.731886] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.732316] page dumped because: kasan: bad access detected [ 14.732738] [ 14.732834] Memory state around the buggy address: [ 14.733192] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.733511] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.734076] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.734585] ^ [ 14.734802] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.735321] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.735988] ================================================================== [ 14.427444] ================================================================== [ 14.427678] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.427906] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.428129] [ 14.428214] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.428256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.428269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.428290] Call Trace: [ 14.428306] <TASK> [ 14.428321] dump_stack_lvl+0x73/0xb0 [ 14.428348] print_report+0xd1/0x650 [ 14.428371] ? __virt_addr_valid+0x1db/0x2d0 [ 14.428435] ? kasan_atomics_helper+0xf10/0x5450 [ 14.428457] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.428479] ? kasan_atomics_helper+0xf10/0x5450 [ 14.428501] kasan_report+0x141/0x180 [ 14.428523] ? kasan_atomics_helper+0xf10/0x5450 [ 14.428600] kasan_check_range+0x10c/0x1c0 [ 14.428625] __kasan_check_write+0x18/0x20 [ 14.428675] kasan_atomics_helper+0xf10/0x5450 [ 14.428725] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.428764] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.428826] ? kasan_atomics+0x152/0x310 [ 14.428854] kasan_atomics+0x1dc/0x310 [ 14.428940] ? __pfx_kasan_atomics+0x10/0x10 [ 14.428964] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.429000] ? __pfx_read_tsc+0x10/0x10 [ 14.429039] ? ktime_get_ts64+0x86/0x230 [ 14.429076] kunit_try_run_case+0x1a5/0x480 [ 14.429100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429123] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.429145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.429169] ? __kthread_parkme+0x82/0x180 [ 14.429189] ? preempt_count_sub+0x50/0x80 [ 14.429214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.429262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.429286] kthread+0x337/0x6f0 [ 14.429305] ? trace_preempt_on+0x20/0xc0 [ 14.429331] ? __pfx_kthread+0x10/0x10 [ 14.429352] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.429383] ? calculate_sigpending+0x7b/0xa0 [ 14.429408] ? __pfx_kthread+0x10/0x10 [ 14.429429] ret_from_fork+0x116/0x1d0 [ 14.429448] ? __pfx_kthread+0x10/0x10 [ 14.429468] ret_from_fork_asm+0x1a/0x30 [ 14.429525] </TASK> [ 14.429537] [ 14.439621] Allocated by task 282: [ 14.439793] kasan_save_stack+0x45/0x70 [ 14.440010] kasan_save_track+0x18/0x40 [ 14.440290] kasan_save_alloc_info+0x3b/0x50 [ 14.440534] __kasan_kmalloc+0xb7/0xc0 [ 14.440740] __kmalloc_cache_noprof+0x189/0x420 [ 14.441033] kasan_atomics+0x95/0x310 [ 14.441303] kunit_try_run_case+0x1a5/0x480 [ 14.441631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.441899] kthread+0x337/0x6f0 [ 14.442067] ret_from_fork+0x116/0x1d0 [ 14.442253] ret_from_fork_asm+0x1a/0x30 [ 14.442459] [ 14.442573] The buggy address belongs to the object at ffff8881025a0d80 [ 14.442573] which belongs to the cache kmalloc-64 of size 64 [ 14.443448] The buggy address is located 0 bytes to the right of [ 14.443448] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.444075] [ 14.444172] The buggy address belongs to the physical page: [ 14.444500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.444775] flags: 0x200000000000000(node=0|zone=2) [ 14.444940] page_type: f5(slab) [ 14.445062] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.445410] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.445753] page dumped because: kasan: bad access detected [ 14.446010] [ 14.446106] Memory state around the buggy address: [ 14.446275] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.446868] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.447335] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.447626] ^ [ 14.447788] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.448005] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.448529] ================================================================== [ 14.557030] ================================================================== [ 14.557371] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.557889] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.558446] [ 14.558560] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.558606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.558620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.558644] Call Trace: [ 14.558663] <TASK> [ 14.558684] dump_stack_lvl+0x73/0xb0 [ 14.558713] print_report+0xd1/0x650 [ 14.558736] ? __virt_addr_valid+0x1db/0x2d0 [ 14.558763] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.558784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.558807] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.558829] kasan_report+0x141/0x180 [ 14.558851] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.558878] __asan_report_load4_noabort+0x18/0x20 [ 14.558903] kasan_atomics_helper+0x4a02/0x5450 [ 14.558925] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.558947] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.558973] ? kasan_atomics+0x152/0x310 [ 14.559000] kasan_atomics+0x1dc/0x310 [ 14.559023] ? __pfx_kasan_atomics+0x10/0x10 [ 14.559046] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.559074] ? __pfx_read_tsc+0x10/0x10 [ 14.559098] ? ktime_get_ts64+0x86/0x230 [ 14.559123] kunit_try_run_case+0x1a5/0x480 [ 14.559149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559172] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.559194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.559217] ? __kthread_parkme+0x82/0x180 [ 14.559238] ? preempt_count_sub+0x50/0x80 [ 14.559263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.559372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.559428] kthread+0x337/0x6f0 [ 14.559460] ? trace_preempt_on+0x20/0xc0 [ 14.559499] ? __pfx_kthread+0x10/0x10 [ 14.559533] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.559568] ? calculate_sigpending+0x7b/0xa0 [ 14.559620] ? __pfx_kthread+0x10/0x10 [ 14.559655] ret_from_fork+0x116/0x1d0 [ 14.559686] ? __pfx_kthread+0x10/0x10 [ 14.559708] ret_from_fork_asm+0x1a/0x30 [ 14.559739] </TASK> [ 14.559750] [ 14.574489] Allocated by task 282: [ 14.575079] kasan_save_stack+0x45/0x70 [ 14.575504] kasan_save_track+0x18/0x40 [ 14.575776] kasan_save_alloc_info+0x3b/0x50 [ 14.576204] __kasan_kmalloc+0xb7/0xc0 [ 14.576461] __kmalloc_cache_noprof+0x189/0x420 [ 14.576854] kasan_atomics+0x95/0x310 [ 14.577235] kunit_try_run_case+0x1a5/0x480 [ 14.577432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.577865] kthread+0x337/0x6f0 [ 14.578296] ret_from_fork+0x116/0x1d0 [ 14.578565] ret_from_fork_asm+0x1a/0x30 [ 14.578759] [ 14.578858] The buggy address belongs to the object at ffff8881025a0d80 [ 14.578858] which belongs to the cache kmalloc-64 of size 64 [ 14.579724] The buggy address is located 0 bytes to the right of [ 14.579724] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.580468] [ 14.580566] The buggy address belongs to the physical page: [ 14.581120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.581420] flags: 0x200000000000000(node=0|zone=2) [ 14.581922] page_type: f5(slab) [ 14.582426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.583062] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.583716] page dumped because: kasan: bad access detected [ 14.584068] [ 14.584161] Memory state around the buggy address: [ 14.584367] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.584893] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.585514] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.586168] ^ [ 14.586418] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.586879] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.587520] ================================================================== [ 14.363414] ================================================================== [ 14.363647] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.364146] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.364636] [ 14.364842] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.364891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.364931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.364971] Call Trace: [ 14.365004] <TASK> [ 14.365025] dump_stack_lvl+0x73/0xb0 [ 14.365057] print_report+0xd1/0x650 [ 14.365093] ? __virt_addr_valid+0x1db/0x2d0 [ 14.365116] ? kasan_atomics_helper+0xd47/0x5450 [ 14.365138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.365161] ? kasan_atomics_helper+0xd47/0x5450 [ 14.365184] kasan_report+0x141/0x180 [ 14.365206] ? kasan_atomics_helper+0xd47/0x5450 [ 14.365233] kasan_check_range+0x10c/0x1c0 [ 14.365257] __kasan_check_write+0x18/0x20 [ 14.365276] kasan_atomics_helper+0xd47/0x5450 [ 14.365299] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.365340] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.365389] ? kasan_atomics+0x152/0x310 [ 14.365418] kasan_atomics+0x1dc/0x310 [ 14.365441] ? __pfx_kasan_atomics+0x10/0x10 [ 14.365464] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.365491] ? __pfx_read_tsc+0x10/0x10 [ 14.365513] ? ktime_get_ts64+0x86/0x230 [ 14.365540] kunit_try_run_case+0x1a5/0x480 [ 14.365565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.365599] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.365622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.365673] ? __kthread_parkme+0x82/0x180 [ 14.365694] ? preempt_count_sub+0x50/0x80 [ 14.365736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.365771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.365794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.365818] kthread+0x337/0x6f0 [ 14.365837] ? trace_preempt_on+0x20/0xc0 [ 14.365862] ? __pfx_kthread+0x10/0x10 [ 14.365883] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.365905] ? calculate_sigpending+0x7b/0xa0 [ 14.365930] ? __pfx_kthread+0x10/0x10 [ 14.365951] ret_from_fork+0x116/0x1d0 [ 14.365971] ? __pfx_kthread+0x10/0x10 [ 14.365992] ret_from_fork_asm+0x1a/0x30 [ 14.366024] </TASK> [ 14.366037] [ 14.375699] Allocated by task 282: [ 14.375875] kasan_save_stack+0x45/0x70 [ 14.376532] kasan_save_track+0x18/0x40 [ 14.376774] kasan_save_alloc_info+0x3b/0x50 [ 14.377029] __kasan_kmalloc+0xb7/0xc0 [ 14.377258] __kmalloc_cache_noprof+0x189/0x420 [ 14.377518] kasan_atomics+0x95/0x310 [ 14.377828] kunit_try_run_case+0x1a5/0x480 [ 14.378116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.378354] kthread+0x337/0x6f0 [ 14.378581] ret_from_fork+0x116/0x1d0 [ 14.378852] ret_from_fork_asm+0x1a/0x30 [ 14.379142] [ 14.379253] The buggy address belongs to the object at ffff8881025a0d80 [ 14.379253] which belongs to the cache kmalloc-64 of size 64 [ 14.379837] The buggy address is located 0 bytes to the right of [ 14.379837] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.380581] [ 14.380720] The buggy address belongs to the physical page: [ 14.381086] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.381518] flags: 0x200000000000000(node=0|zone=2) [ 14.381803] page_type: f5(slab) [ 14.381961] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.382348] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.382701] page dumped because: kasan: bad access detected [ 14.383056] [ 14.383129] Memory state around the buggy address: [ 14.383366] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.383829] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.384177] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.384635] ^ [ 14.384912] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.385133] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.385349] ================================================================== [ 14.030513] ================================================================== [ 14.030857] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.031304] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.031710] [ 14.031802] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.031847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.031859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.031881] Call Trace: [ 14.031897] <TASK> [ 14.031913] dump_stack_lvl+0x73/0xb0 [ 14.031942] print_report+0xd1/0x650 [ 14.031968] ? __virt_addr_valid+0x1db/0x2d0 [ 14.031992] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.032032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.032056] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.032080] kasan_report+0x141/0x180 [ 14.032102] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.032128] kasan_check_range+0x10c/0x1c0 [ 14.032152] __kasan_check_write+0x18/0x20 [ 14.032172] kasan_atomics_helper+0x4a0/0x5450 [ 14.032194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.032217] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.032243] ? kasan_atomics+0x152/0x310 [ 14.032269] kasan_atomics+0x1dc/0x310 [ 14.032293] ? __pfx_kasan_atomics+0x10/0x10 [ 14.032316] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.032342] ? __pfx_read_tsc+0x10/0x10 [ 14.032363] ? ktime_get_ts64+0x86/0x230 [ 14.032402] kunit_try_run_case+0x1a5/0x480 [ 14.032426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.032449] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.032473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.032496] ? __kthread_parkme+0x82/0x180 [ 14.032517] ? preempt_count_sub+0x50/0x80 [ 14.032543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.032567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.032600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.032623] kthread+0x337/0x6f0 [ 14.032644] ? trace_preempt_on+0x20/0xc0 [ 14.032667] ? __pfx_kthread+0x10/0x10 [ 14.032689] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.032710] ? calculate_sigpending+0x7b/0xa0 [ 14.032734] ? __pfx_kthread+0x10/0x10 [ 14.032756] ret_from_fork+0x116/0x1d0 [ 14.032775] ? __pfx_kthread+0x10/0x10 [ 14.032796] ret_from_fork_asm+0x1a/0x30 [ 14.032825] </TASK> [ 14.032838] [ 14.045262] Allocated by task 282: [ 14.045439] kasan_save_stack+0x45/0x70 [ 14.045869] kasan_save_track+0x18/0x40 [ 14.046319] kasan_save_alloc_info+0x3b/0x50 [ 14.046555] __kasan_kmalloc+0xb7/0xc0 [ 14.046708] __kmalloc_cache_noprof+0x189/0x420 [ 14.046902] kasan_atomics+0x95/0x310 [ 14.047194] kunit_try_run_case+0x1a5/0x480 [ 14.047392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.047567] kthread+0x337/0x6f0 [ 14.047688] ret_from_fork+0x116/0x1d0 [ 14.047962] ret_from_fork_asm+0x1a/0x30 [ 14.048131] [ 14.048265] The buggy address belongs to the object at ffff8881025a0d80 [ 14.048265] which belongs to the cache kmalloc-64 of size 64 [ 14.048827] The buggy address is located 0 bytes to the right of [ 14.048827] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.049413] [ 14.049518] The buggy address belongs to the physical page: [ 14.049708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.050043] flags: 0x200000000000000(node=0|zone=2) [ 14.050244] page_type: f5(slab) [ 14.050363] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.050827] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.051143] page dumped because: kasan: bad access detected [ 14.051462] [ 14.051537] Memory state around the buggy address: [ 14.051929] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.052366] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.052607] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.053053] ^ [ 14.053227] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.053470] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.054021] ================================================================== [ 14.266864] ================================================================== [ 14.267367] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.267731] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.268149] [ 14.268435] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.268522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.268536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.268558] Call Trace: [ 14.268585] <TASK> [ 14.268602] dump_stack_lvl+0x73/0xb0 [ 14.268661] print_report+0xd1/0x650 [ 14.268686] ? __virt_addr_valid+0x1db/0x2d0 [ 14.268710] ? kasan_atomics_helper+0xac7/0x5450 [ 14.268741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.268764] ? kasan_atomics_helper+0xac7/0x5450 [ 14.268786] kasan_report+0x141/0x180 [ 14.268808] ? kasan_atomics_helper+0xac7/0x5450 [ 14.268834] kasan_check_range+0x10c/0x1c0 [ 14.268884] __kasan_check_write+0x18/0x20 [ 14.268903] kasan_atomics_helper+0xac7/0x5450 [ 14.268947] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.268970] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.268995] ? kasan_atomics+0x152/0x310 [ 14.269023] kasan_atomics+0x1dc/0x310 [ 14.269046] ? __pfx_kasan_atomics+0x10/0x10 [ 14.269069] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.269168] ? __pfx_read_tsc+0x10/0x10 [ 14.269208] ? ktime_get_ts64+0x86/0x230 [ 14.269233] kunit_try_run_case+0x1a5/0x480 [ 14.269290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.269312] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.269336] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.269369] ? __kthread_parkme+0x82/0x180 [ 14.269400] ? preempt_count_sub+0x50/0x80 [ 14.269424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.269448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.269472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.269496] kthread+0x337/0x6f0 [ 14.269517] ? trace_preempt_on+0x20/0xc0 [ 14.269541] ? __pfx_kthread+0x10/0x10 [ 14.269561] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.269583] ? calculate_sigpending+0x7b/0xa0 [ 14.269608] ? __pfx_kthread+0x10/0x10 [ 14.269630] ret_from_fork+0x116/0x1d0 [ 14.269649] ? __pfx_kthread+0x10/0x10 [ 14.269670] ret_from_fork_asm+0x1a/0x30 [ 14.269700] </TASK> [ 14.269712] [ 14.279864] Allocated by task 282: [ 14.280136] kasan_save_stack+0x45/0x70 [ 14.280512] kasan_save_track+0x18/0x40 [ 14.280842] kasan_save_alloc_info+0x3b/0x50 [ 14.281018] __kasan_kmalloc+0xb7/0xc0 [ 14.281148] __kmalloc_cache_noprof+0x189/0x420 [ 14.281659] kasan_atomics+0x95/0x310 [ 14.281885] kunit_try_run_case+0x1a5/0x480 [ 14.282032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.282201] kthread+0x337/0x6f0 [ 14.282500] ret_from_fork+0x116/0x1d0 [ 14.282784] ret_from_fork_asm+0x1a/0x30 [ 14.283142] [ 14.283244] The buggy address belongs to the object at ffff8881025a0d80 [ 14.283244] which belongs to the cache kmalloc-64 of size 64 [ 14.283825] The buggy address is located 0 bytes to the right of [ 14.283825] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.284883] [ 14.285049] The buggy address belongs to the physical page: [ 14.285393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.285840] flags: 0x200000000000000(node=0|zone=2) [ 14.286186] page_type: f5(slab) [ 14.286401] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.286848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.287269] page dumped because: kasan: bad access detected [ 14.287744] [ 14.287886] Memory state around the buggy address: [ 14.288254] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.288739] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.289137] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.289476] ^ [ 14.289721] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.290022] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.290514] ================================================================== [ 14.098221] ================================================================== [ 14.098947] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.099612] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.100225] [ 14.100347] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.100410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.100424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.100447] Call Trace: [ 14.100464] <TASK> [ 14.100483] dump_stack_lvl+0x73/0xb0 [ 14.100513] print_report+0xd1/0x650 [ 14.100539] ? __virt_addr_valid+0x1db/0x2d0 [ 14.100583] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.100606] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.100629] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.100651] kasan_report+0x141/0x180 [ 14.100673] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.100700] kasan_check_range+0x10c/0x1c0 [ 14.100725] __kasan_check_write+0x18/0x20 [ 14.100744] kasan_atomics_helper+0x5fe/0x5450 [ 14.100768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.100790] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.100818] ? kasan_atomics+0x152/0x310 [ 14.100845] kasan_atomics+0x1dc/0x310 [ 14.100867] ? __pfx_kasan_atomics+0x10/0x10 [ 14.100890] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.100942] ? __pfx_read_tsc+0x10/0x10 [ 14.100969] ? ktime_get_ts64+0x86/0x230 [ 14.100996] kunit_try_run_case+0x1a5/0x480 [ 14.101021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.101043] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.101066] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.101089] ? __kthread_parkme+0x82/0x180 [ 14.101110] ? preempt_count_sub+0x50/0x80 [ 14.101134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.101158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.101181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.101205] kthread+0x337/0x6f0 [ 14.101224] ? trace_preempt_on+0x20/0xc0 [ 14.101250] ? __pfx_kthread+0x10/0x10 [ 14.101271] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.101292] ? calculate_sigpending+0x7b/0xa0 [ 14.101316] ? __pfx_kthread+0x10/0x10 [ 14.101337] ret_from_fork+0x116/0x1d0 [ 14.101357] ? __pfx_kthread+0x10/0x10 [ 14.101390] ret_from_fork_asm+0x1a/0x30 [ 14.101421] </TASK> [ 14.101433] [ 14.109459] Allocated by task 282: [ 14.109599] kasan_save_stack+0x45/0x70 [ 14.109744] kasan_save_track+0x18/0x40 [ 14.109880] kasan_save_alloc_info+0x3b/0x50 [ 14.110058] __kasan_kmalloc+0xb7/0xc0 [ 14.110247] __kmalloc_cache_noprof+0x189/0x420 [ 14.110480] kasan_atomics+0x95/0x310 [ 14.110675] kunit_try_run_case+0x1a5/0x480 [ 14.110887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.111135] kthread+0x337/0x6f0 [ 14.111304] ret_from_fork+0x116/0x1d0 [ 14.111659] ret_from_fork_asm+0x1a/0x30 [ 14.111857] [ 14.111972] The buggy address belongs to the object at ffff8881025a0d80 [ 14.111972] which belongs to the cache kmalloc-64 of size 64 [ 14.112439] The buggy address is located 0 bytes to the right of [ 14.112439] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.112881] [ 14.112979] The buggy address belongs to the physical page: [ 14.113152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.113411] flags: 0x200000000000000(node=0|zone=2) [ 14.113671] page_type: f5(slab) [ 14.113834] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.114160] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.114603] page dumped because: kasan: bad access detected [ 14.114858] [ 14.114950] Memory state around the buggy address: [ 14.115339] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.115582] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.115799] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.116014] ^ [ 14.116234] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.116557] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.116867] ================================================================== [ 14.535316] ================================================================== [ 14.535780] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.536210] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.536455] [ 14.536548] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.536596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.536608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.536631] Call Trace: [ 14.536685] <TASK> [ 14.536719] dump_stack_lvl+0x73/0xb0 [ 14.536780] print_report+0xd1/0x650 [ 14.536807] ? __virt_addr_valid+0x1db/0x2d0 [ 14.536832] ? kasan_atomics_helper+0x1148/0x5450 [ 14.536853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.536876] ? kasan_atomics_helper+0x1148/0x5450 [ 14.536898] kasan_report+0x141/0x180 [ 14.536921] ? kasan_atomics_helper+0x1148/0x5450 [ 14.536947] kasan_check_range+0x10c/0x1c0 [ 14.536971] __kasan_check_write+0x18/0x20 [ 14.537008] kasan_atomics_helper+0x1148/0x5450 [ 14.537031] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.537054] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.537080] ? kasan_atomics+0x152/0x310 [ 14.537107] kasan_atomics+0x1dc/0x310 [ 14.537130] ? __pfx_kasan_atomics+0x10/0x10 [ 14.537153] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.537179] ? __pfx_read_tsc+0x10/0x10 [ 14.537202] ? ktime_get_ts64+0x86/0x230 [ 14.537228] kunit_try_run_case+0x1a5/0x480 [ 14.537254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.537277] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.537300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.537323] ? __kthread_parkme+0x82/0x180 [ 14.537364] ? preempt_count_sub+0x50/0x80 [ 14.537411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.537436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.537470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.537493] kthread+0x337/0x6f0 [ 14.537513] ? trace_preempt_on+0x20/0xc0 [ 14.537565] ? __pfx_kthread+0x10/0x10 [ 14.537596] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.537618] ? calculate_sigpending+0x7b/0xa0 [ 14.537653] ? __pfx_kthread+0x10/0x10 [ 14.537675] ret_from_fork+0x116/0x1d0 [ 14.537695] ? __pfx_kthread+0x10/0x10 [ 14.537742] ret_from_fork_asm+0x1a/0x30 [ 14.537774] </TASK> [ 14.537787] [ 14.547651] Allocated by task 282: [ 14.547851] kasan_save_stack+0x45/0x70 [ 14.548005] kasan_save_track+0x18/0x40 [ 14.548412] kasan_save_alloc_info+0x3b/0x50 [ 14.548745] __kasan_kmalloc+0xb7/0xc0 [ 14.548930] __kmalloc_cache_noprof+0x189/0x420 [ 14.549086] kasan_atomics+0x95/0x310 [ 14.549221] kunit_try_run_case+0x1a5/0x480 [ 14.549482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.549732] kthread+0x337/0x6f0 [ 14.549929] ret_from_fork+0x116/0x1d0 [ 14.550120] ret_from_fork_asm+0x1a/0x30 [ 14.550357] [ 14.550498] The buggy address belongs to the object at ffff8881025a0d80 [ 14.550498] which belongs to the cache kmalloc-64 of size 64 [ 14.550958] The buggy address is located 0 bytes to the right of [ 14.550958] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.551545] [ 14.551718] The buggy address belongs to the physical page: [ 14.551976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.552419] flags: 0x200000000000000(node=0|zone=2) [ 14.552711] page_type: f5(slab) [ 14.552893] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.553243] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.553624] page dumped because: kasan: bad access detected [ 14.553871] [ 14.554030] Memory state around the buggy address: [ 14.554247] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.554598] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.555797] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.556074] ^ [ 14.556225] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.556451] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.556658] ================================================================== [ 14.677440] ================================================================== [ 14.677940] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.678589] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.679056] [ 14.679174] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.679314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.679330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.679352] Call Trace: [ 14.679371] <TASK> [ 14.679426] dump_stack_lvl+0x73/0xb0 [ 14.679458] print_report+0xd1/0x650 [ 14.679482] ? __virt_addr_valid+0x1db/0x2d0 [ 14.679507] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.679529] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.679552] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.679583] kasan_report+0x141/0x180 [ 14.679606] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.679632] __asan_report_load4_noabort+0x18/0x20 [ 14.679657] kasan_atomics_helper+0x49ce/0x5450 [ 14.679680] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.679702] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.679728] ? kasan_atomics+0x152/0x310 [ 14.679754] kasan_atomics+0x1dc/0x310 [ 14.679778] ? __pfx_kasan_atomics+0x10/0x10 [ 14.679801] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.679828] ? __pfx_read_tsc+0x10/0x10 [ 14.679850] ? ktime_get_ts64+0x86/0x230 [ 14.679876] kunit_try_run_case+0x1a5/0x480 [ 14.679901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.679924] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.679947] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.679969] ? __kthread_parkme+0x82/0x180 [ 14.679991] ? preempt_count_sub+0x50/0x80 [ 14.680015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.680038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.680062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.680085] kthread+0x337/0x6f0 [ 14.680105] ? trace_preempt_on+0x20/0xc0 [ 14.680130] ? __pfx_kthread+0x10/0x10 [ 14.680151] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.680172] ? calculate_sigpending+0x7b/0xa0 [ 14.680197] ? __pfx_kthread+0x10/0x10 [ 14.680219] ret_from_fork+0x116/0x1d0 [ 14.680237] ? __pfx_kthread+0x10/0x10 [ 14.680258] ret_from_fork_asm+0x1a/0x30 [ 14.680289] </TASK> [ 14.680301] [ 14.693504] Allocated by task 282: [ 14.694042] kasan_save_stack+0x45/0x70 [ 14.694322] kasan_save_track+0x18/0x40 [ 14.694776] kasan_save_alloc_info+0x3b/0x50 [ 14.695096] __kasan_kmalloc+0xb7/0xc0 [ 14.695290] __kmalloc_cache_noprof+0x189/0x420 [ 14.695511] kasan_atomics+0x95/0x310 [ 14.696000] kunit_try_run_case+0x1a5/0x480 [ 14.696355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.696805] kthread+0x337/0x6f0 [ 14.697059] ret_from_fork+0x116/0x1d0 [ 14.697526] ret_from_fork_asm+0x1a/0x30 [ 14.697748] [ 14.697843] The buggy address belongs to the object at ffff8881025a0d80 [ 14.697843] which belongs to the cache kmalloc-64 of size 64 [ 14.698815] The buggy address is located 0 bytes to the right of [ 14.698815] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.699783] [ 14.700009] The buggy address belongs to the physical page: [ 14.700419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.701007] flags: 0x200000000000000(node=0|zone=2) [ 14.701361] page_type: f5(slab) [ 14.701752] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.702357] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.703018] page dumped because: kasan: bad access detected [ 14.703260] [ 14.703355] Memory state around the buggy address: [ 14.703781] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.704322] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.704962] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.705262] ^ [ 14.705479] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.706232] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.706781] ================================================================== [ 14.242527] ================================================================== [ 14.242937] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.243403] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.243758] [ 14.243887] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.243978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.243991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.244014] Call Trace: [ 14.244138] <TASK> [ 14.244161] dump_stack_lvl+0x73/0xb0 [ 14.244191] print_report+0xd1/0x650 [ 14.244344] ? __virt_addr_valid+0x1db/0x2d0 [ 14.244391] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.244416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.244439] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.244461] kasan_report+0x141/0x180 [ 14.244511] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.244539] kasan_check_range+0x10c/0x1c0 [ 14.244588] __kasan_check_write+0x18/0x20 [ 14.244608] kasan_atomics_helper+0xa2b/0x5450 [ 14.244632] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.244671] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.244707] ? kasan_atomics+0x152/0x310 [ 14.244735] kasan_atomics+0x1dc/0x310 [ 14.244758] ? __pfx_kasan_atomics+0x10/0x10 [ 14.244790] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.244817] ? __pfx_read_tsc+0x10/0x10 [ 14.244839] ? ktime_get_ts64+0x86/0x230 [ 14.244864] kunit_try_run_case+0x1a5/0x480 [ 14.244888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.244917] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.244939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.244962] ? __kthread_parkme+0x82/0x180 [ 14.244984] ? preempt_count_sub+0x50/0x80 [ 14.245008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.245033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.245057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.245080] kthread+0x337/0x6f0 [ 14.245101] ? trace_preempt_on+0x20/0xc0 [ 14.245126] ? __pfx_kthread+0x10/0x10 [ 14.245146] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.245168] ? calculate_sigpending+0x7b/0xa0 [ 14.245193] ? __pfx_kthread+0x10/0x10 [ 14.245214] ret_from_fork+0x116/0x1d0 [ 14.245233] ? __pfx_kthread+0x10/0x10 [ 14.245253] ret_from_fork_asm+0x1a/0x30 [ 14.245284] </TASK> [ 14.245296] [ 14.256184] Allocated by task 282: [ 14.256355] kasan_save_stack+0x45/0x70 [ 14.256519] kasan_save_track+0x18/0x40 [ 14.256803] kasan_save_alloc_info+0x3b/0x50 [ 14.257206] __kasan_kmalloc+0xb7/0xc0 [ 14.257659] __kmalloc_cache_noprof+0x189/0x420 [ 14.257903] kasan_atomics+0x95/0x310 [ 14.258101] kunit_try_run_case+0x1a5/0x480 [ 14.258334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.258679] kthread+0x337/0x6f0 [ 14.259073] ret_from_fork+0x116/0x1d0 [ 14.259271] ret_from_fork_asm+0x1a/0x30 [ 14.259423] [ 14.259496] The buggy address belongs to the object at ffff8881025a0d80 [ 14.259496] which belongs to the cache kmalloc-64 of size 64 [ 14.260575] The buggy address is located 0 bytes to the right of [ 14.260575] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.261170] [ 14.261252] The buggy address belongs to the physical page: [ 14.261564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.261945] flags: 0x200000000000000(node=0|zone=2) [ 14.262262] page_type: f5(slab) [ 14.262458] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.262862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.263227] page dumped because: kasan: bad access detected [ 14.263517] [ 14.263653] Memory state around the buggy address: [ 14.263895] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.264391] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.264757] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.265072] ^ [ 14.265490] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.266053] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.266424] ================================================================== [ 15.100269] ================================================================== [ 15.101027] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.101399] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.101748] [ 15.101836] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.101879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.101891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.101913] Call Trace: [ 15.101928] <TASK> [ 15.101943] dump_stack_lvl+0x73/0xb0 [ 15.101970] print_report+0xd1/0x650 [ 15.101994] ? __virt_addr_valid+0x1db/0x2d0 [ 15.102015] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.102037] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.102060] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.102082] kasan_report+0x141/0x180 [ 15.102105] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.102132] kasan_check_range+0x10c/0x1c0 [ 15.102156] __kasan_check_write+0x18/0x20 [ 15.102176] kasan_atomics_helper+0x1e12/0x5450 [ 15.102198] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.102221] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.102247] ? kasan_atomics+0x152/0x310 [ 15.102275] kasan_atomics+0x1dc/0x310 [ 15.102299] ? __pfx_kasan_atomics+0x10/0x10 [ 15.102332] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.102358] ? __pfx_read_tsc+0x10/0x10 [ 15.102397] ? ktime_get_ts64+0x86/0x230 [ 15.102422] kunit_try_run_case+0x1a5/0x480 [ 15.102446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.102470] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.102493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.102516] ? __kthread_parkme+0x82/0x180 [ 15.102536] ? preempt_count_sub+0x50/0x80 [ 15.102561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.102594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.102617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.102641] kthread+0x337/0x6f0 [ 15.102661] ? trace_preempt_on+0x20/0xc0 [ 15.102695] ? __pfx_kthread+0x10/0x10 [ 15.102716] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.102738] ? calculate_sigpending+0x7b/0xa0 [ 15.102772] ? __pfx_kthread+0x10/0x10 [ 15.102794] ret_from_fork+0x116/0x1d0 [ 15.102813] ? __pfx_kthread+0x10/0x10 [ 15.102834] ret_from_fork_asm+0x1a/0x30 [ 15.102875] </TASK> [ 15.102886] [ 15.110862] Allocated by task 282: [ 15.110992] kasan_save_stack+0x45/0x70 [ 15.111135] kasan_save_track+0x18/0x40 [ 15.111316] kasan_save_alloc_info+0x3b/0x50 [ 15.111550] __kasan_kmalloc+0xb7/0xc0 [ 15.111749] __kmalloc_cache_noprof+0x189/0x420 [ 15.112061] kasan_atomics+0x95/0x310 [ 15.112239] kunit_try_run_case+0x1a5/0x480 [ 15.112400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.112666] kthread+0x337/0x6f0 [ 15.112838] ret_from_fork+0x116/0x1d0 [ 15.113059] ret_from_fork_asm+0x1a/0x30 [ 15.113261] [ 15.113355] The buggy address belongs to the object at ffff8881025a0d80 [ 15.113355] which belongs to the cache kmalloc-64 of size 64 [ 15.113911] The buggy address is located 0 bytes to the right of [ 15.113911] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.114429] [ 15.114513] The buggy address belongs to the physical page: [ 15.114783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.115073] flags: 0x200000000000000(node=0|zone=2) [ 15.115239] page_type: f5(slab) [ 15.115361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.115606] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.116006] page dumped because: kasan: bad access detected [ 15.116269] [ 15.116366] Memory state around the buggy address: [ 15.116659] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.116977] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.117299] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.117645] ^ [ 15.117809] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.118028] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.118241] ================================================================== [ 15.203861] ================================================================== [ 15.204121] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.204353] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.204588] [ 15.205131] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.205198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.205211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.205233] Call Trace: [ 15.205251] <TASK> [ 15.205270] dump_stack_lvl+0x73/0xb0 [ 15.205300] print_report+0xd1/0x650 [ 15.205324] ? __virt_addr_valid+0x1db/0x2d0 [ 15.205347] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.205369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.205400] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.205422] kasan_report+0x141/0x180 [ 15.205444] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.205470] __asan_report_load8_noabort+0x18/0x20 [ 15.205495] kasan_atomics_helper+0x4f98/0x5450 [ 15.205518] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.205540] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.205628] ? kasan_atomics+0x152/0x310 [ 15.205656] kasan_atomics+0x1dc/0x310 [ 15.205679] ? __pfx_kasan_atomics+0x10/0x10 [ 15.205711] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.205739] ? __pfx_read_tsc+0x10/0x10 [ 15.205762] ? ktime_get_ts64+0x86/0x230 [ 15.205799] kunit_try_run_case+0x1a5/0x480 [ 15.205824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.205847] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.205878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.205900] ? __kthread_parkme+0x82/0x180 [ 15.205922] ? preempt_count_sub+0x50/0x80 [ 15.205956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.205981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.206004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.206028] kthread+0x337/0x6f0 [ 15.206048] ? trace_preempt_on+0x20/0xc0 [ 15.206073] ? __pfx_kthread+0x10/0x10 [ 15.206093] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.206116] ? calculate_sigpending+0x7b/0xa0 [ 15.206149] ? __pfx_kthread+0x10/0x10 [ 15.206172] ret_from_fork+0x116/0x1d0 [ 15.206191] ? __pfx_kthread+0x10/0x10 [ 15.206212] ret_from_fork_asm+0x1a/0x30 [ 15.206253] </TASK> [ 15.206266] [ 15.214206] Allocated by task 282: [ 15.214343] kasan_save_stack+0x45/0x70 [ 15.214558] kasan_save_track+0x18/0x40 [ 15.214941] kasan_save_alloc_info+0x3b/0x50 [ 15.215135] __kasan_kmalloc+0xb7/0xc0 [ 15.215269] __kmalloc_cache_noprof+0x189/0x420 [ 15.215475] kasan_atomics+0x95/0x310 [ 15.215752] kunit_try_run_case+0x1a5/0x480 [ 15.216124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.216372] kthread+0x337/0x6f0 [ 15.216591] ret_from_fork+0x116/0x1d0 [ 15.216742] ret_from_fork_asm+0x1a/0x30 [ 15.216947] [ 15.217056] The buggy address belongs to the object at ffff8881025a0d80 [ 15.217056] which belongs to the cache kmalloc-64 of size 64 [ 15.217531] The buggy address is located 0 bytes to the right of [ 15.217531] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.218032] [ 15.218105] The buggy address belongs to the physical page: [ 15.218447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.218837] flags: 0x200000000000000(node=0|zone=2) [ 15.219094] page_type: f5(slab) [ 15.219241] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.219570] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.219891] page dumped because: kasan: bad access detected [ 15.220141] [ 15.220238] Memory state around the buggy address: [ 15.220475] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.220762] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.220975] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.221182] ^ [ 15.221335] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.221578] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.221916] ================================================================== [ 14.342121] ================================================================== [ 14.342442] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.342987] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.343331] [ 14.343505] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.343554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.343568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.343602] Call Trace: [ 14.343623] <TASK> [ 14.343676] dump_stack_lvl+0x73/0xb0 [ 14.343707] print_report+0xd1/0x650 [ 14.343733] ? __virt_addr_valid+0x1db/0x2d0 [ 14.343791] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.343813] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.343835] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.343867] kasan_report+0x141/0x180 [ 14.343889] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.343916] __asan_report_load4_noabort+0x18/0x20 [ 14.343959] kasan_atomics_helper+0x4a84/0x5450 [ 14.343982] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.344004] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.344031] ? kasan_atomics+0x152/0x310 [ 14.344057] kasan_atomics+0x1dc/0x310 [ 14.344081] ? __pfx_kasan_atomics+0x10/0x10 [ 14.344103] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.344130] ? __pfx_read_tsc+0x10/0x10 [ 14.344153] ? ktime_get_ts64+0x86/0x230 [ 14.344178] kunit_try_run_case+0x1a5/0x480 [ 14.344204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.344227] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.344249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.344272] ? __kthread_parkme+0x82/0x180 [ 14.344293] ? preempt_count_sub+0x50/0x80 [ 14.344340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.344363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.344409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.344433] kthread+0x337/0x6f0 [ 14.344452] ? trace_preempt_on+0x20/0xc0 [ 14.344478] ? __pfx_kthread+0x10/0x10 [ 14.344498] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.344520] ? calculate_sigpending+0x7b/0xa0 [ 14.344545] ? __pfx_kthread+0x10/0x10 [ 14.344567] ret_from_fork+0x116/0x1d0 [ 14.344586] ? __pfx_kthread+0x10/0x10 [ 14.344606] ret_from_fork_asm+0x1a/0x30 [ 14.344639] </TASK> [ 14.344650] [ 14.353559] Allocated by task 282: [ 14.353873] kasan_save_stack+0x45/0x70 [ 14.354066] kasan_save_track+0x18/0x40 [ 14.354307] kasan_save_alloc_info+0x3b/0x50 [ 14.354639] __kasan_kmalloc+0xb7/0xc0 [ 14.354863] __kmalloc_cache_noprof+0x189/0x420 [ 14.355127] kasan_atomics+0x95/0x310 [ 14.355317] kunit_try_run_case+0x1a5/0x480 [ 14.355479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.355953] kthread+0x337/0x6f0 [ 14.356153] ret_from_fork+0x116/0x1d0 [ 14.356291] ret_from_fork_asm+0x1a/0x30 [ 14.356472] [ 14.356572] The buggy address belongs to the object at ffff8881025a0d80 [ 14.356572] which belongs to the cache kmalloc-64 of size 64 [ 14.357187] The buggy address is located 0 bytes to the right of [ 14.357187] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.357562] [ 14.357639] The buggy address belongs to the physical page: [ 14.357814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.358509] flags: 0x200000000000000(node=0|zone=2) [ 14.358945] page_type: f5(slab) [ 14.359075] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.359308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.359947] page dumped because: kasan: bad access detected [ 14.360194] [ 14.360266] Memory state around the buggy address: [ 14.360621] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.361060] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.361429] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.361748] ^ [ 14.362140] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.362554] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.362812] ================================================================== [ 15.223053] ================================================================== [ 15.223635] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.224005] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.224346] [ 15.224452] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.224498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.224512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.224534] Call Trace: [ 15.224552] <TASK> [ 15.224571] dump_stack_lvl+0x73/0xb0 [ 15.224600] print_report+0xd1/0x650 [ 15.224623] ? __virt_addr_valid+0x1db/0x2d0 [ 15.224647] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.224669] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.224691] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.224713] kasan_report+0x141/0x180 [ 15.224735] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.224774] kasan_check_range+0x10c/0x1c0 [ 15.224798] __kasan_check_write+0x18/0x20 [ 15.224818] kasan_atomics_helper+0x20c8/0x5450 [ 15.224851] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.224874] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.224900] ? kasan_atomics+0x152/0x310 [ 15.224927] kasan_atomics+0x1dc/0x310 [ 15.224949] ? __pfx_kasan_atomics+0x10/0x10 [ 15.224972] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.224999] ? __pfx_read_tsc+0x10/0x10 [ 15.225021] ? ktime_get_ts64+0x86/0x230 [ 15.225045] kunit_try_run_case+0x1a5/0x480 [ 15.225071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225095] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.225118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.225141] ? __kthread_parkme+0x82/0x180 [ 15.225162] ? preempt_count_sub+0x50/0x80 [ 15.225187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.225234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.225258] kthread+0x337/0x6f0 [ 15.225278] ? trace_preempt_on+0x20/0xc0 [ 15.225304] ? __pfx_kthread+0x10/0x10 [ 15.225331] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.225353] ? calculate_sigpending+0x7b/0xa0 [ 15.225391] ? __pfx_kthread+0x10/0x10 [ 15.225412] ret_from_fork+0x116/0x1d0 [ 15.225432] ? __pfx_kthread+0x10/0x10 [ 15.225453] ret_from_fork_asm+0x1a/0x30 [ 15.225484] </TASK> [ 15.225495] [ 15.233331] Allocated by task 282: [ 15.233530] kasan_save_stack+0x45/0x70 [ 15.233854] kasan_save_track+0x18/0x40 [ 15.234051] kasan_save_alloc_info+0x3b/0x50 [ 15.234476] __kasan_kmalloc+0xb7/0xc0 [ 15.234625] __kmalloc_cache_noprof+0x189/0x420 [ 15.234781] kasan_atomics+0x95/0x310 [ 15.234945] kunit_try_run_case+0x1a5/0x480 [ 15.235175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.235435] kthread+0x337/0x6f0 [ 15.235603] ret_from_fork+0x116/0x1d0 [ 15.235762] ret_from_fork_asm+0x1a/0x30 [ 15.235901] [ 15.235973] The buggy address belongs to the object at ffff8881025a0d80 [ 15.235973] which belongs to the cache kmalloc-64 of size 64 [ 15.236587] The buggy address is located 0 bytes to the right of [ 15.236587] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.237147] [ 15.237259] The buggy address belongs to the physical page: [ 15.237543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.237885] flags: 0x200000000000000(node=0|zone=2) [ 15.238074] page_type: f5(slab) [ 15.238253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.238592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.238917] page dumped because: kasan: bad access detected [ 15.239179] [ 15.239279] Memory state around the buggy address: [ 15.239951] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.240531] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.241269] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.241744] ^ [ 15.241987] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.242281] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.242781] ================================================================== [ 14.760064] ================================================================== [ 14.760680] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.761068] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.761586] [ 14.761831] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.761886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.761900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.761934] Call Trace: [ 14.761949] <TASK> [ 14.761965] dump_stack_lvl+0x73/0xb0 [ 14.761997] print_report+0xd1/0x650 [ 14.762021] ? __virt_addr_valid+0x1db/0x2d0 [ 14.762045] ? kasan_atomics_helper+0x1467/0x5450 [ 14.762066] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.762089] ? kasan_atomics_helper+0x1467/0x5450 [ 14.762111] kasan_report+0x141/0x180 [ 14.762133] ? kasan_atomics_helper+0x1467/0x5450 [ 14.762159] kasan_check_range+0x10c/0x1c0 [ 14.762183] __kasan_check_write+0x18/0x20 [ 14.762203] kasan_atomics_helper+0x1467/0x5450 [ 14.762227] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.762249] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.762274] ? kasan_atomics+0x152/0x310 [ 14.762301] kasan_atomics+0x1dc/0x310 [ 14.762324] ? __pfx_kasan_atomics+0x10/0x10 [ 14.762347] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.762386] ? __pfx_read_tsc+0x10/0x10 [ 14.762408] ? ktime_get_ts64+0x86/0x230 [ 14.762434] kunit_try_run_case+0x1a5/0x480 [ 14.762458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.762482] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.762505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.762528] ? __kthread_parkme+0x82/0x180 [ 14.762549] ? preempt_count_sub+0x50/0x80 [ 14.762574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.762605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.762628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.762653] kthread+0x337/0x6f0 [ 14.762673] ? trace_preempt_on+0x20/0xc0 [ 14.762697] ? __pfx_kthread+0x10/0x10 [ 14.762718] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.762739] ? calculate_sigpending+0x7b/0xa0 [ 14.762765] ? __pfx_kthread+0x10/0x10 [ 14.762786] ret_from_fork+0x116/0x1d0 [ 14.762805] ? __pfx_kthread+0x10/0x10 [ 14.762827] ret_from_fork_asm+0x1a/0x30 [ 14.762857] </TASK> [ 14.762868] [ 14.770157] Allocated by task 282: [ 14.770314] kasan_save_stack+0x45/0x70 [ 14.770475] kasan_save_track+0x18/0x40 [ 14.770613] kasan_save_alloc_info+0x3b/0x50 [ 14.770816] __kasan_kmalloc+0xb7/0xc0 [ 14.771007] __kmalloc_cache_noprof+0x189/0x420 [ 14.771355] kasan_atomics+0x95/0x310 [ 14.771499] kunit_try_run_case+0x1a5/0x480 [ 14.771687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.771940] kthread+0x337/0x6f0 [ 14.772117] ret_from_fork+0x116/0x1d0 [ 14.772313] ret_from_fork_asm+0x1a/0x30 [ 14.772487] [ 14.772563] The buggy address belongs to the object at ffff8881025a0d80 [ 14.772563] which belongs to the cache kmalloc-64 of size 64 [ 14.772909] The buggy address is located 0 bytes to the right of [ 14.772909] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.773420] [ 14.773515] The buggy address belongs to the physical page: [ 14.773856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.774179] flags: 0x200000000000000(node=0|zone=2) [ 14.774392] page_type: f5(slab) [ 14.774554] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.774814] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.775041] page dumped because: kasan: bad access detected [ 14.775263] [ 14.775357] Memory state around the buggy address: [ 14.775652] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.776014] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.776354] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.776725] ^ [ 14.776941] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.777280] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.777602] ================================================================== [ 14.117339] ================================================================== [ 14.117791] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.118228] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.118529] [ 14.118654] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.118699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.118712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.118736] Call Trace: [ 14.118754] <TASK> [ 14.118772] dump_stack_lvl+0x73/0xb0 [ 14.118801] print_report+0xd1/0x650 [ 14.118824] ? __virt_addr_valid+0x1db/0x2d0 [ 14.118848] ? kasan_atomics_helper+0x697/0x5450 [ 14.118870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.118893] ? kasan_atomics_helper+0x697/0x5450 [ 14.118934] kasan_report+0x141/0x180 [ 14.118957] ? kasan_atomics_helper+0x697/0x5450 [ 14.118983] kasan_check_range+0x10c/0x1c0 [ 14.119007] __kasan_check_write+0x18/0x20 [ 14.119027] kasan_atomics_helper+0x697/0x5450 [ 14.119051] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.119072] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.119098] ? kasan_atomics+0x152/0x310 [ 14.119125] kasan_atomics+0x1dc/0x310 [ 14.119147] ? __pfx_kasan_atomics+0x10/0x10 [ 14.119169] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.119196] ? __pfx_read_tsc+0x10/0x10 [ 14.119218] ? ktime_get_ts64+0x86/0x230 [ 14.119243] kunit_try_run_case+0x1a5/0x480 [ 14.119267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.119290] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.119312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.119334] ? __kthread_parkme+0x82/0x180 [ 14.119356] ? preempt_count_sub+0x50/0x80 [ 14.119388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.119413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.119436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.119460] kthread+0x337/0x6f0 [ 14.119480] ? trace_preempt_on+0x20/0xc0 [ 14.119504] ? __pfx_kthread+0x10/0x10 [ 14.119525] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.119546] ? calculate_sigpending+0x7b/0xa0 [ 14.119586] ? __pfx_kthread+0x10/0x10 [ 14.119607] ret_from_fork+0x116/0x1d0 [ 14.119626] ? __pfx_kthread+0x10/0x10 [ 14.119646] ret_from_fork_asm+0x1a/0x30 [ 14.119677] </TASK> [ 14.119688] [ 14.127585] Allocated by task 282: [ 14.127765] kasan_save_stack+0x45/0x70 [ 14.127950] kasan_save_track+0x18/0x40 [ 14.128110] kasan_save_alloc_info+0x3b/0x50 [ 14.128308] __kasan_kmalloc+0xb7/0xc0 [ 14.128475] __kmalloc_cache_noprof+0x189/0x420 [ 14.128664] kasan_atomics+0x95/0x310 [ 14.128827] kunit_try_run_case+0x1a5/0x480 [ 14.129034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.129211] kthread+0x337/0x6f0 [ 14.129330] ret_from_fork+0x116/0x1d0 [ 14.129534] ret_from_fork_asm+0x1a/0x30 [ 14.129751] [ 14.129850] The buggy address belongs to the object at ffff8881025a0d80 [ 14.129850] which belongs to the cache kmalloc-64 of size 64 [ 14.130425] The buggy address is located 0 bytes to the right of [ 14.130425] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.130814] [ 14.130889] The buggy address belongs to the physical page: [ 14.131062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.131299] flags: 0x200000000000000(node=0|zone=2) [ 14.131534] page_type: f5(slab) [ 14.131723] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.132055] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.132611] page dumped because: kasan: bad access detected [ 14.132858] [ 14.132951] Memory state around the buggy address: [ 14.133272] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.133699] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.133916] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.134127] ^ [ 14.134582] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.134933] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.135287] ================================================================== [ 14.959596] ================================================================== [ 14.959987] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 14.960339] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.960591] [ 14.960761] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.960836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.960850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.960873] Call Trace: [ 14.960901] <TASK> [ 14.960918] dump_stack_lvl+0x73/0xb0 [ 14.960947] print_report+0xd1/0x650 [ 14.960971] ? __virt_addr_valid+0x1db/0x2d0 [ 14.960994] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.961016] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.961038] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.961060] kasan_report+0x141/0x180 [ 14.961112] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.961139] kasan_check_range+0x10c/0x1c0 [ 14.961163] __kasan_check_write+0x18/0x20 [ 14.961194] kasan_atomics_helper+0x19e3/0x5450 [ 14.961217] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.961241] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.961266] ? kasan_atomics+0x152/0x310 [ 14.961293] kasan_atomics+0x1dc/0x310 [ 14.961316] ? __pfx_kasan_atomics+0x10/0x10 [ 14.961339] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.961366] ? __pfx_read_tsc+0x10/0x10 [ 14.961397] ? ktime_get_ts64+0x86/0x230 [ 14.961423] kunit_try_run_case+0x1a5/0x480 [ 14.961448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.961472] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.961494] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.961518] ? __kthread_parkme+0x82/0x180 [ 14.961539] ? preempt_count_sub+0x50/0x80 [ 14.961563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.961600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.961624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.961647] kthread+0x337/0x6f0 [ 14.961668] ? trace_preempt_on+0x20/0xc0 [ 14.961694] ? __pfx_kthread+0x10/0x10 [ 14.961715] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.961737] ? calculate_sigpending+0x7b/0xa0 [ 14.961762] ? __pfx_kthread+0x10/0x10 [ 14.961784] ret_from_fork+0x116/0x1d0 [ 14.961803] ? __pfx_kthread+0x10/0x10 [ 14.961824] ret_from_fork_asm+0x1a/0x30 [ 14.961855] </TASK> [ 14.961867] [ 14.970208] Allocated by task 282: [ 14.970426] kasan_save_stack+0x45/0x70 [ 14.970650] kasan_save_track+0x18/0x40 [ 14.970838] kasan_save_alloc_info+0x3b/0x50 [ 14.971045] __kasan_kmalloc+0xb7/0xc0 [ 14.971282] __kmalloc_cache_noprof+0x189/0x420 [ 14.971593] kasan_atomics+0x95/0x310 [ 14.971775] kunit_try_run_case+0x1a5/0x480 [ 14.971966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.972177] kthread+0x337/0x6f0 [ 14.972354] ret_from_fork+0x116/0x1d0 [ 14.972541] ret_from_fork_asm+0x1a/0x30 [ 14.972763] [ 14.972869] The buggy address belongs to the object at ffff8881025a0d80 [ 14.972869] which belongs to the cache kmalloc-64 of size 64 [ 14.973386] The buggy address is located 0 bytes to the right of [ 14.973386] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.973806] [ 14.973906] The buggy address belongs to the physical page: [ 14.974213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.974569] flags: 0x200000000000000(node=0|zone=2) [ 14.974837] page_type: f5(slab) [ 14.975066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.975333] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.975573] page dumped because: kasan: bad access detected [ 14.975857] [ 14.976031] Memory state around the buggy address: [ 14.976352] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.976827] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.977055] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.977274] ^ [ 14.977519] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.978188] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.978497] ================================================================== [ 14.135800] ================================================================== [ 14.136110] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.136599] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.136870] [ 14.136980] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.137024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.137038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.137061] Call Trace: [ 14.137075] <TASK> [ 14.137091] dump_stack_lvl+0x73/0xb0 [ 14.137119] print_report+0xd1/0x650 [ 14.137145] ? __virt_addr_valid+0x1db/0x2d0 [ 14.137188] ? kasan_atomics_helper+0x72f/0x5450 [ 14.137210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.137232] ? kasan_atomics_helper+0x72f/0x5450 [ 14.137255] kasan_report+0x141/0x180 [ 14.137278] ? kasan_atomics_helper+0x72f/0x5450 [ 14.137305] kasan_check_range+0x10c/0x1c0 [ 14.137329] __kasan_check_write+0x18/0x20 [ 14.137349] kasan_atomics_helper+0x72f/0x5450 [ 14.137381] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.137405] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.137430] ? kasan_atomics+0x152/0x310 [ 14.137456] kasan_atomics+0x1dc/0x310 [ 14.137480] ? __pfx_kasan_atomics+0x10/0x10 [ 14.137502] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.137528] ? __pfx_read_tsc+0x10/0x10 [ 14.137549] ? ktime_get_ts64+0x86/0x230 [ 14.137593] kunit_try_run_case+0x1a5/0x480 [ 14.137617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.137640] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.137662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.137691] ? __kthread_parkme+0x82/0x180 [ 14.137712] ? preempt_count_sub+0x50/0x80 [ 14.137750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.137775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.137798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.137821] kthread+0x337/0x6f0 [ 14.137841] ? trace_preempt_on+0x20/0xc0 [ 14.137865] ? __pfx_kthread+0x10/0x10 [ 14.137886] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.137920] ? calculate_sigpending+0x7b/0xa0 [ 14.137945] ? __pfx_kthread+0x10/0x10 [ 14.137966] ret_from_fork+0x116/0x1d0 [ 14.137985] ? __pfx_kthread+0x10/0x10 [ 14.138005] ret_from_fork_asm+0x1a/0x30 [ 14.138035] </TASK> [ 14.138046] [ 14.146085] Allocated by task 282: [ 14.146328] kasan_save_stack+0x45/0x70 [ 14.146488] kasan_save_track+0x18/0x40 [ 14.146704] kasan_save_alloc_info+0x3b/0x50 [ 14.146917] __kasan_kmalloc+0xb7/0xc0 [ 14.147121] __kmalloc_cache_noprof+0x189/0x420 [ 14.147299] kasan_atomics+0x95/0x310 [ 14.147487] kunit_try_run_case+0x1a5/0x480 [ 14.147705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.147959] kthread+0x337/0x6f0 [ 14.148140] ret_from_fork+0x116/0x1d0 [ 14.148336] ret_from_fork_asm+0x1a/0x30 [ 14.148503] [ 14.148604] The buggy address belongs to the object at ffff8881025a0d80 [ 14.148604] which belongs to the cache kmalloc-64 of size 64 [ 14.148983] The buggy address is located 0 bytes to the right of [ 14.148983] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.149347] [ 14.149447] The buggy address belongs to the physical page: [ 14.149831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.150240] flags: 0x200000000000000(node=0|zone=2) [ 14.150484] page_type: f5(slab) [ 14.150674] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.151005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.151404] page dumped because: kasan: bad access detected [ 14.151602] [ 14.151673] Memory state around the buggy address: [ 14.151831] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.152070] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.152286] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.152914] ^ [ 14.153141] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.153470] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.153865] ================================================================== [ 14.979623] ================================================================== [ 14.980190] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 14.980588] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.980857] [ 14.980947] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.980992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.981006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.981028] Call Trace: [ 14.981045] <TASK> [ 14.981064] dump_stack_lvl+0x73/0xb0 [ 14.981093] print_report+0xd1/0x650 [ 14.981117] ? __virt_addr_valid+0x1db/0x2d0 [ 14.981140] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.981162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.981184] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.981206] kasan_report+0x141/0x180 [ 14.981229] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.981255] kasan_check_range+0x10c/0x1c0 [ 14.981279] __kasan_check_write+0x18/0x20 [ 14.981299] kasan_atomics_helper+0x1a7f/0x5450 [ 14.981322] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.981345] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.981370] ? kasan_atomics+0x152/0x310 [ 14.981409] kasan_atomics+0x1dc/0x310 [ 14.981432] ? __pfx_kasan_atomics+0x10/0x10 [ 14.981455] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.981482] ? __pfx_read_tsc+0x10/0x10 [ 14.981504] ? ktime_get_ts64+0x86/0x230 [ 14.981530] kunit_try_run_case+0x1a5/0x480 [ 14.981554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.981614] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.981637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.981672] ? __kthread_parkme+0x82/0x180 [ 14.981693] ? preempt_count_sub+0x50/0x80 [ 14.981717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.981741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.981765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.981789] kthread+0x337/0x6f0 [ 14.981809] ? trace_preempt_on+0x20/0xc0 [ 14.981834] ? __pfx_kthread+0x10/0x10 [ 14.981855] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.981878] ? calculate_sigpending+0x7b/0xa0 [ 14.981903] ? __pfx_kthread+0x10/0x10 [ 14.981925] ret_from_fork+0x116/0x1d0 [ 14.981944] ? __pfx_kthread+0x10/0x10 [ 14.981965] ret_from_fork_asm+0x1a/0x30 [ 14.981996] </TASK> [ 14.982008] [ 14.990428] Allocated by task 282: [ 14.990659] kasan_save_stack+0x45/0x70 [ 14.990920] kasan_save_track+0x18/0x40 [ 14.991120] kasan_save_alloc_info+0x3b/0x50 [ 14.991391] __kasan_kmalloc+0xb7/0xc0 [ 14.991573] __kmalloc_cache_noprof+0x189/0x420 [ 14.991809] kasan_atomics+0x95/0x310 [ 14.991975] kunit_try_run_case+0x1a5/0x480 [ 14.992267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.992651] kthread+0x337/0x6f0 [ 14.992844] ret_from_fork+0x116/0x1d0 [ 14.992983] ret_from_fork_asm+0x1a/0x30 [ 14.993170] [ 14.993297] The buggy address belongs to the object at ffff8881025a0d80 [ 14.993297] which belongs to the cache kmalloc-64 of size 64 [ 14.993864] The buggy address is located 0 bytes to the right of [ 14.993864] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.994420] [ 14.994524] The buggy address belongs to the physical page: [ 14.995008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.995258] flags: 0x200000000000000(node=0|zone=2) [ 14.995460] page_type: f5(slab) [ 14.995682] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.996034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.996499] page dumped because: kasan: bad access detected [ 14.996762] [ 14.996837] Memory state around the buggy address: [ 14.996995] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.997300] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.997674] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.998057] ^ [ 14.998334] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.998724] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.999094] ================================================================== [ 15.285761] ================================================================== [ 15.286111] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.286350] Read of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.286868] [ 15.286978] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.287021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.287033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.287080] Call Trace: [ 15.287096] <TASK> [ 15.287114] dump_stack_lvl+0x73/0xb0 [ 15.287145] print_report+0xd1/0x650 [ 15.287168] ? __virt_addr_valid+0x1db/0x2d0 [ 15.287192] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.287214] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.287236] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.287258] kasan_report+0x141/0x180 [ 15.287280] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.287309] __asan_report_load8_noabort+0x18/0x20 [ 15.287332] kasan_atomics_helper+0x4fa5/0x5450 [ 15.287355] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.287388] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.287413] ? kasan_atomics+0x152/0x310 [ 15.287440] kasan_atomics+0x1dc/0x310 [ 15.287462] ? __pfx_kasan_atomics+0x10/0x10 [ 15.287485] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.287531] ? __pfx_read_tsc+0x10/0x10 [ 15.287553] ? ktime_get_ts64+0x86/0x230 [ 15.287578] kunit_try_run_case+0x1a5/0x480 [ 15.287609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.287632] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.287654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.287677] ? __kthread_parkme+0x82/0x180 [ 15.287699] ? preempt_count_sub+0x50/0x80 [ 15.287723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.287746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.287769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.287812] kthread+0x337/0x6f0 [ 15.287832] ? trace_preempt_on+0x20/0xc0 [ 15.287856] ? __pfx_kthread+0x10/0x10 [ 15.287877] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.287899] ? calculate_sigpending+0x7b/0xa0 [ 15.287924] ? __pfx_kthread+0x10/0x10 [ 15.287945] ret_from_fork+0x116/0x1d0 [ 15.287963] ? __pfx_kthread+0x10/0x10 [ 15.287984] ret_from_fork_asm+0x1a/0x30 [ 15.288015] </TASK> [ 15.288026] [ 15.295349] Allocated by task 282: [ 15.295530] kasan_save_stack+0x45/0x70 [ 15.295723] kasan_save_track+0x18/0x40 [ 15.296062] kasan_save_alloc_info+0x3b/0x50 [ 15.296275] __kasan_kmalloc+0xb7/0xc0 [ 15.296459] __kmalloc_cache_noprof+0x189/0x420 [ 15.296727] kasan_atomics+0x95/0x310 [ 15.296914] kunit_try_run_case+0x1a5/0x480 [ 15.297062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.297303] kthread+0x337/0x6f0 [ 15.297485] ret_from_fork+0x116/0x1d0 [ 15.297722] ret_from_fork_asm+0x1a/0x30 [ 15.297887] [ 15.297982] The buggy address belongs to the object at ffff8881025a0d80 [ 15.297982] which belongs to the cache kmalloc-64 of size 64 [ 15.298401] The buggy address is located 0 bytes to the right of [ 15.298401] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.298901] [ 15.298998] The buggy address belongs to the physical page: [ 15.299241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.299501] flags: 0x200000000000000(node=0|zone=2) [ 15.299955] page_type: f5(slab) [ 15.300084] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.300315] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.300555] page dumped because: kasan: bad access detected [ 15.300821] [ 15.300915] Memory state around the buggy address: [ 15.301132] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.301459] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.301953] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.302164] ^ [ 15.302318] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.302595] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.302910] ================================================================== [ 13.979286] ================================================================== [ 13.979587] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 13.979942] Read of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 13.980279] [ 13.980400] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.980441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.980453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.980474] Call Trace: [ 13.980490] <TASK> [ 13.980505] dump_stack_lvl+0x73/0xb0 [ 13.980532] print_report+0xd1/0x650 [ 13.980555] ? __virt_addr_valid+0x1db/0x2d0 [ 13.980633] ? kasan_atomics_helper+0x3df/0x5450 [ 13.980657] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.980680] ? kasan_atomics_helper+0x3df/0x5450 [ 13.980702] kasan_report+0x141/0x180 [ 13.980726] ? kasan_atomics_helper+0x3df/0x5450 [ 13.980753] kasan_check_range+0x10c/0x1c0 [ 13.980778] __kasan_check_read+0x15/0x20 [ 13.980797] kasan_atomics_helper+0x3df/0x5450 [ 13.980820] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.980843] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.980870] ? kasan_atomics+0x152/0x310 [ 13.980897] kasan_atomics+0x1dc/0x310 [ 13.980957] ? __pfx_kasan_atomics+0x10/0x10 [ 13.980982] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 13.981008] ? __pfx_read_tsc+0x10/0x10 [ 13.981030] ? ktime_get_ts64+0x86/0x230 [ 13.981055] kunit_try_run_case+0x1a5/0x480 [ 13.981080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.981102] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.981125] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.981148] ? __kthread_parkme+0x82/0x180 [ 13.981169] ? preempt_count_sub+0x50/0x80 [ 13.981194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.981218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.981242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.981266] kthread+0x337/0x6f0 [ 13.981285] ? trace_preempt_on+0x20/0xc0 [ 13.981310] ? __pfx_kthread+0x10/0x10 [ 13.981331] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.981353] ? calculate_sigpending+0x7b/0xa0 [ 13.981389] ? __pfx_kthread+0x10/0x10 [ 13.981411] ret_from_fork+0x116/0x1d0 [ 13.981430] ? __pfx_kthread+0x10/0x10 [ 13.981451] ret_from_fork_asm+0x1a/0x30 [ 13.981482] </TASK> [ 13.981494] [ 13.991599] Allocated by task 282: [ 13.991909] kasan_save_stack+0x45/0x70 [ 13.992327] kasan_save_track+0x18/0x40 [ 13.992761] kasan_save_alloc_info+0x3b/0x50 [ 13.993211] __kasan_kmalloc+0xb7/0xc0 [ 13.993577] __kmalloc_cache_noprof+0x189/0x420 [ 13.994013] kasan_atomics+0x95/0x310 [ 13.994412] kunit_try_run_case+0x1a5/0x480 [ 13.994820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.995352] kthread+0x337/0x6f0 [ 13.995733] ret_from_fork+0x116/0x1d0 [ 13.995928] ret_from_fork_asm+0x1a/0x30 [ 13.996271] [ 13.996445] The buggy address belongs to the object at ffff8881025a0d80 [ 13.996445] which belongs to the cache kmalloc-64 of size 64 [ 13.997650] The buggy address is located 0 bytes to the right of [ 13.997650] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 13.998121] [ 13.998199] The buggy address belongs to the physical page: [ 13.998403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 13.998681] flags: 0x200000000000000(node=0|zone=2) [ 13.999140] page_type: f5(slab) [ 13.999484] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.000204] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.000993] page dumped because: kasan: bad access detected [ 14.001602] [ 14.001803] Memory state around the buggy address: [ 14.002295] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.002946] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.003626] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.004162] ^ [ 14.004647] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.005121] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.005693] ================================================================== [ 14.834512] ================================================================== [ 14.834915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.835240] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.835689] [ 14.835831] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.835875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.835888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.836012] Call Trace: [ 14.836029] <TASK> [ 14.836046] dump_stack_lvl+0x73/0xb0 [ 14.836074] print_report+0xd1/0x650 [ 14.836106] ? __virt_addr_valid+0x1db/0x2d0 [ 14.836129] ? kasan_atomics_helper+0x164f/0x5450 [ 14.836153] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.836176] ? kasan_atomics_helper+0x164f/0x5450 [ 14.836199] kasan_report+0x141/0x180 [ 14.836221] ? kasan_atomics_helper+0x164f/0x5450 [ 14.836249] kasan_check_range+0x10c/0x1c0 [ 14.836273] __kasan_check_write+0x18/0x20 [ 14.836294] kasan_atomics_helper+0x164f/0x5450 [ 14.836317] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.836340] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.836367] ? kasan_atomics+0x152/0x310 [ 14.836414] kasan_atomics+0x1dc/0x310 [ 14.836438] ? __pfx_kasan_atomics+0x10/0x10 [ 14.836461] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.836488] ? __pfx_read_tsc+0x10/0x10 [ 14.836511] ? ktime_get_ts64+0x86/0x230 [ 14.836535] kunit_try_run_case+0x1a5/0x480 [ 14.836560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.836592] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.836615] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.836640] ? __kthread_parkme+0x82/0x180 [ 14.836661] ? preempt_count_sub+0x50/0x80 [ 14.836686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.836709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.836734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.836757] kthread+0x337/0x6f0 [ 14.836777] ? trace_preempt_on+0x20/0xc0 [ 14.836803] ? __pfx_kthread+0x10/0x10 [ 14.836824] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.836846] ? calculate_sigpending+0x7b/0xa0 [ 14.836870] ? __pfx_kthread+0x10/0x10 [ 14.836892] ret_from_fork+0x116/0x1d0 [ 14.836912] ? __pfx_kthread+0x10/0x10 [ 14.836933] ret_from_fork_asm+0x1a/0x30 [ 14.836964] </TASK> [ 14.836976] [ 14.845207] Allocated by task 282: [ 14.845335] kasan_save_stack+0x45/0x70 [ 14.845489] kasan_save_track+0x18/0x40 [ 14.845624] kasan_save_alloc_info+0x3b/0x50 [ 14.845806] __kasan_kmalloc+0xb7/0xc0 [ 14.846009] __kmalloc_cache_noprof+0x189/0x420 [ 14.846225] kasan_atomics+0x95/0x310 [ 14.846419] kunit_try_run_case+0x1a5/0x480 [ 14.846669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.846927] kthread+0x337/0x6f0 [ 14.847092] ret_from_fork+0x116/0x1d0 [ 14.847277] ret_from_fork_asm+0x1a/0x30 [ 14.847479] [ 14.847585] The buggy address belongs to the object at ffff8881025a0d80 [ 14.847585] which belongs to the cache kmalloc-64 of size 64 [ 14.848074] The buggy address is located 0 bytes to the right of [ 14.848074] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.848732] [ 14.848832] The buggy address belongs to the physical page: [ 14.849076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.849429] flags: 0x200000000000000(node=0|zone=2) [ 14.849669] page_type: f5(slab) [ 14.849787] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.850011] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.850228] page dumped because: kasan: bad access detected [ 14.850410] [ 14.850507] Memory state around the buggy address: [ 14.850939] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.851300] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.851688] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.852020] ^ [ 14.852254] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.852519] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.853012] ================================================================== [ 14.778421] ================================================================== [ 14.778903] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.779262] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.779653] [ 14.779780] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.779825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.779838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.779861] Call Trace: [ 14.779875] <TASK> [ 14.779893] dump_stack_lvl+0x73/0xb0 [ 14.779921] print_report+0xd1/0x650 [ 14.779946] ? __virt_addr_valid+0x1db/0x2d0 [ 14.779969] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.779991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.780014] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.780035] kasan_report+0x141/0x180 [ 14.780057] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.780083] __asan_report_store8_noabort+0x1b/0x30 [ 14.780105] kasan_atomics_helper+0x50d4/0x5450 [ 14.780127] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.780149] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.780175] ? kasan_atomics+0x152/0x310 [ 14.780202] kasan_atomics+0x1dc/0x310 [ 14.780248] ? __pfx_kasan_atomics+0x10/0x10 [ 14.780270] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.780297] ? __pfx_read_tsc+0x10/0x10 [ 14.780320] ? ktime_get_ts64+0x86/0x230 [ 14.780356] kunit_try_run_case+0x1a5/0x480 [ 14.780391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.780417] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.780439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.780462] ? __kthread_parkme+0x82/0x180 [ 14.780483] ? preempt_count_sub+0x50/0x80 [ 14.780508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.780532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.780555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.780587] kthread+0x337/0x6f0 [ 14.780606] ? trace_preempt_on+0x20/0xc0 [ 14.780632] ? __pfx_kthread+0x10/0x10 [ 14.780653] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.780674] ? calculate_sigpending+0x7b/0xa0 [ 14.780698] ? __pfx_kthread+0x10/0x10 [ 14.780719] ret_from_fork+0x116/0x1d0 [ 14.780738] ? __pfx_kthread+0x10/0x10 [ 14.780759] ret_from_fork_asm+0x1a/0x30 [ 14.780790] </TASK> [ 14.780802] [ 14.788535] Allocated by task 282: [ 14.788731] kasan_save_stack+0x45/0x70 [ 14.788878] kasan_save_track+0x18/0x40 [ 14.789015] kasan_save_alloc_info+0x3b/0x50 [ 14.789164] __kasan_kmalloc+0xb7/0xc0 [ 14.789297] __kmalloc_cache_noprof+0x189/0x420 [ 14.789510] kasan_atomics+0x95/0x310 [ 14.789728] kunit_try_run_case+0x1a5/0x480 [ 14.789957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.790205] kthread+0x337/0x6f0 [ 14.790403] ret_from_fork+0x116/0x1d0 [ 14.790586] ret_from_fork_asm+0x1a/0x30 [ 14.790812] [ 14.790912] The buggy address belongs to the object at ffff8881025a0d80 [ 14.790912] which belongs to the cache kmalloc-64 of size 64 [ 14.791451] The buggy address is located 0 bytes to the right of [ 14.791451] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.792031] [ 14.792126] The buggy address belongs to the physical page: [ 14.792429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.792977] flags: 0x200000000000000(node=0|zone=2) [ 14.793213] page_type: f5(slab) [ 14.793335] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.793589] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.793950] page dumped because: kasan: bad access detected [ 14.794220] [ 14.794321] Memory state around the buggy address: [ 14.794563] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.794809] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.795017] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.795220] ^ [ 14.795367] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.795711] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.796061] ================================================================== [ 15.267630] ================================================================== [ 15.268236] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.268601] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.268926] [ 15.269038] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.269083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.269097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.269119] Call Trace: [ 15.269137] <TASK> [ 15.269157] dump_stack_lvl+0x73/0xb0 [ 15.269184] print_report+0xd1/0x650 [ 15.269230] ? __virt_addr_valid+0x1db/0x2d0 [ 15.269254] ? kasan_atomics_helper+0x218a/0x5450 [ 15.269275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.269297] ? kasan_atomics_helper+0x218a/0x5450 [ 15.269319] kasan_report+0x141/0x180 [ 15.269341] ? kasan_atomics_helper+0x218a/0x5450 [ 15.269397] kasan_check_range+0x10c/0x1c0 [ 15.269422] __kasan_check_write+0x18/0x20 [ 15.269441] kasan_atomics_helper+0x218a/0x5450 [ 15.269464] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.269486] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.269512] ? kasan_atomics+0x152/0x310 [ 15.269539] kasan_atomics+0x1dc/0x310 [ 15.269561] ? __pfx_kasan_atomics+0x10/0x10 [ 15.269592] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.269620] ? __pfx_read_tsc+0x10/0x10 [ 15.269642] ? ktime_get_ts64+0x86/0x230 [ 15.269668] kunit_try_run_case+0x1a5/0x480 [ 15.269692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.269715] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.269758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.269782] ? __kthread_parkme+0x82/0x180 [ 15.269804] ? preempt_count_sub+0x50/0x80 [ 15.269828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.269852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.269875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.269899] kthread+0x337/0x6f0 [ 15.269919] ? trace_preempt_on+0x20/0xc0 [ 15.269944] ? __pfx_kthread+0x10/0x10 [ 15.269966] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.269988] ? calculate_sigpending+0x7b/0xa0 [ 15.270014] ? __pfx_kthread+0x10/0x10 [ 15.270036] ret_from_fork+0x116/0x1d0 [ 15.270055] ? __pfx_kthread+0x10/0x10 [ 15.270076] ret_from_fork_asm+0x1a/0x30 [ 15.270108] </TASK> [ 15.270119] [ 15.277628] Allocated by task 282: [ 15.277811] kasan_save_stack+0x45/0x70 [ 15.278030] kasan_save_track+0x18/0x40 [ 15.278362] kasan_save_alloc_info+0x3b/0x50 [ 15.278521] __kasan_kmalloc+0xb7/0xc0 [ 15.278653] __kmalloc_cache_noprof+0x189/0x420 [ 15.278869] kasan_atomics+0x95/0x310 [ 15.279057] kunit_try_run_case+0x1a5/0x480 [ 15.279331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.279523] kthread+0x337/0x6f0 [ 15.279725] ret_from_fork+0x116/0x1d0 [ 15.279916] ret_from_fork_asm+0x1a/0x30 [ 15.280107] [ 15.280206] The buggy address belongs to the object at ffff8881025a0d80 [ 15.280206] which belongs to the cache kmalloc-64 of size 64 [ 15.280756] The buggy address is located 0 bytes to the right of [ 15.280756] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.281206] [ 15.281299] The buggy address belongs to the physical page: [ 15.281565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.281830] flags: 0x200000000000000(node=0|zone=2) [ 15.281996] page_type: f5(slab) [ 15.282175] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.282526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.283116] page dumped because: kasan: bad access detected [ 15.283383] [ 15.283478] Memory state around the buggy address: [ 15.283690] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.283905] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.284118] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.284357] ^ [ 15.284612] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.284929] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.285259] ================================================================== [ 15.020604] ================================================================== [ 15.020909] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.021886] Write of size 8 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 15.022230] [ 15.022357] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.022447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.022462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.022485] Call Trace: [ 15.022515] <TASK> [ 15.022533] dump_stack_lvl+0x73/0xb0 [ 15.022564] print_report+0xd1/0x650 [ 15.022587] ? __virt_addr_valid+0x1db/0x2d0 [ 15.022611] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.022633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.022656] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.022678] kasan_report+0x141/0x180 [ 15.022700] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.022727] kasan_check_range+0x10c/0x1c0 [ 15.022751] __kasan_check_write+0x18/0x20 [ 15.022770] kasan_atomics_helper+0x1c18/0x5450 [ 15.022793] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.022816] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.022843] ? kasan_atomics+0x152/0x310 [ 15.022870] kasan_atomics+0x1dc/0x310 [ 15.022892] ? __pfx_kasan_atomics+0x10/0x10 [ 15.022915] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 15.022943] ? __pfx_read_tsc+0x10/0x10 [ 15.022965] ? ktime_get_ts64+0x86/0x230 [ 15.022990] kunit_try_run_case+0x1a5/0x480 [ 15.023015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.023037] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.023060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.023084] ? __kthread_parkme+0x82/0x180 [ 15.023105] ? preempt_count_sub+0x50/0x80 [ 15.023129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.023153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.023177] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.023201] kthread+0x337/0x6f0 [ 15.023221] ? trace_preempt_on+0x20/0xc0 [ 15.023246] ? __pfx_kthread+0x10/0x10 [ 15.023267] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.023289] ? calculate_sigpending+0x7b/0xa0 [ 15.023397] ? __pfx_kthread+0x10/0x10 [ 15.023425] ret_from_fork+0x116/0x1d0 [ 15.023445] ? __pfx_kthread+0x10/0x10 [ 15.023501] ret_from_fork_asm+0x1a/0x30 [ 15.023532] </TASK> [ 15.023555] [ 15.031948] Allocated by task 282: [ 15.032087] kasan_save_stack+0x45/0x70 [ 15.032296] kasan_save_track+0x18/0x40 [ 15.032544] kasan_save_alloc_info+0x3b/0x50 [ 15.032779] __kasan_kmalloc+0xb7/0xc0 [ 15.033006] __kmalloc_cache_noprof+0x189/0x420 [ 15.033362] kasan_atomics+0x95/0x310 [ 15.033568] kunit_try_run_case+0x1a5/0x480 [ 15.033791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.033983] kthread+0x337/0x6f0 [ 15.034107] ret_from_fork+0x116/0x1d0 [ 15.034296] ret_from_fork_asm+0x1a/0x30 [ 15.034543] [ 15.034642] The buggy address belongs to the object at ffff8881025a0d80 [ 15.034642] which belongs to the cache kmalloc-64 of size 64 [ 15.035275] The buggy address is located 0 bytes to the right of [ 15.035275] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 15.036015] [ 15.036131] The buggy address belongs to the physical page: [ 15.036408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 15.036838] flags: 0x200000000000000(node=0|zone=2) [ 15.037106] page_type: f5(slab) [ 15.037235] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.037525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.037924] page dumped because: kasan: bad access detected [ 15.038352] [ 15.038499] Memory state around the buggy address: [ 15.038750] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.039090] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.039307] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.039594] ^ [ 15.039871] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.040201] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.040541] ================================================================== [ 14.154553] ================================================================== [ 14.154845] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.155123] Write of size 4 at addr ffff8881025a0db0 by task kunit_try_catch/282 [ 14.155349] [ 14.155572] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.155620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.155634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.155656] Call Trace: [ 14.155676] <TASK> [ 14.155696] dump_stack_lvl+0x73/0xb0 [ 14.155725] print_report+0xd1/0x650 [ 14.155748] ? __virt_addr_valid+0x1db/0x2d0 [ 14.155772] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.155793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.155816] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.155839] kasan_report+0x141/0x180 [ 14.155861] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.155887] kasan_check_range+0x10c/0x1c0 [ 14.155931] __kasan_check_write+0x18/0x20 [ 14.155952] kasan_atomics_helper+0x7c7/0x5450 [ 14.155975] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.155998] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.156023] ? kasan_atomics+0x152/0x310 [ 14.156051] kasan_atomics+0x1dc/0x310 [ 14.156074] ? __pfx_kasan_atomics+0x10/0x10 [ 14.156097] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 14.156124] ? __pfx_read_tsc+0x10/0x10 [ 14.156145] ? ktime_get_ts64+0x86/0x230 [ 14.156171] kunit_try_run_case+0x1a5/0x480 [ 14.156196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.156221] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.156246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.156269] ? __kthread_parkme+0x82/0x180 [ 14.156289] ? preempt_count_sub+0x50/0x80 [ 14.156313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.156338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.156361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.156399] kthread+0x337/0x6f0 [ 14.156419] ? trace_preempt_on+0x20/0xc0 [ 14.156444] ? __pfx_kthread+0x10/0x10 [ 14.156468] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.156489] ? calculate_sigpending+0x7b/0xa0 [ 14.156514] ? __pfx_kthread+0x10/0x10 [ 14.156535] ret_from_fork+0x116/0x1d0 [ 14.156554] ? __pfx_kthread+0x10/0x10 [ 14.156591] ret_from_fork_asm+0x1a/0x30 [ 14.156622] </TASK> [ 14.156633] [ 14.168539] Allocated by task 282: [ 14.168703] kasan_save_stack+0x45/0x70 [ 14.168853] kasan_save_track+0x18/0x40 [ 14.169019] kasan_save_alloc_info+0x3b/0x50 [ 14.169235] __kasan_kmalloc+0xb7/0xc0 [ 14.169469] __kmalloc_cache_noprof+0x189/0x420 [ 14.169782] kasan_atomics+0x95/0x310 [ 14.170203] kunit_try_run_case+0x1a5/0x480 [ 14.170424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.170719] kthread+0x337/0x6f0 [ 14.170938] ret_from_fork+0x116/0x1d0 [ 14.171131] ret_from_fork_asm+0x1a/0x30 [ 14.171351] [ 14.171434] The buggy address belongs to the object at ffff8881025a0d80 [ 14.171434] which belongs to the cache kmalloc-64 of size 64 [ 14.171809] The buggy address is located 0 bytes to the right of [ 14.171809] allocated 48-byte region [ffff8881025a0d80, ffff8881025a0db0) [ 14.172351] [ 14.172484] The buggy address belongs to the physical page: [ 14.172842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025a0 [ 14.173202] flags: 0x200000000000000(node=0|zone=2) [ 14.173644] page_type: f5(slab) [ 14.173805] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.174086] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.174309] page dumped because: kasan: bad access detected [ 14.174551] [ 14.174692] Memory state around the buggy address: [ 14.174965] ffff8881025a0c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.175590] ffff8881025a0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.175900] >ffff8881025a0d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.176383] ^ [ 14.176554] ffff8881025a0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.176933] ffff8881025a0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.177263] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.737309] ================================================================== [ 13.737592] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.738091] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.738435] [ 13.738529] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.738592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.738604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.738624] Call Trace: [ 13.738641] <TASK> [ 13.738656] dump_stack_lvl+0x73/0xb0 [ 13.738684] print_report+0xd1/0x650 [ 13.738706] ? __virt_addr_valid+0x1db/0x2d0 [ 13.738729] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.738755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.738776] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.738802] kasan_report+0x141/0x180 [ 13.738823] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.738854] kasan_check_range+0x10c/0x1c0 [ 13.738876] __kasan_check_write+0x18/0x20 [ 13.738895] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.738985] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.739014] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.739038] ? trace_hardirqs_on+0x37/0xe0 [ 13.739061] ? kasan_bitops_generic+0x92/0x1c0 [ 13.739086] kasan_bitops_generic+0x121/0x1c0 [ 13.739109] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.739132] ? __pfx_read_tsc+0x10/0x10 [ 13.739153] ? ktime_get_ts64+0x86/0x230 [ 13.739175] kunit_try_run_case+0x1a5/0x480 [ 13.739199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.739220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.739244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.739266] ? __kthread_parkme+0x82/0x180 [ 13.739285] ? preempt_count_sub+0x50/0x80 [ 13.739309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.739332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.739355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.739386] kthread+0x337/0x6f0 [ 13.739406] ? trace_preempt_on+0x20/0xc0 [ 13.739426] ? __pfx_kthread+0x10/0x10 [ 13.739446] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.739466] ? calculate_sigpending+0x7b/0xa0 [ 13.739489] ? __pfx_kthread+0x10/0x10 [ 13.739509] ret_from_fork+0x116/0x1d0 [ 13.739527] ? __pfx_kthread+0x10/0x10 [ 13.739546] ret_from_fork_asm+0x1a/0x30 [ 13.739594] </TASK> [ 13.739604] [ 13.750498] Allocated by task 278: [ 13.750699] kasan_save_stack+0x45/0x70 [ 13.750970] kasan_save_track+0x18/0x40 [ 13.751120] kasan_save_alloc_info+0x3b/0x50 [ 13.751271] __kasan_kmalloc+0xb7/0xc0 [ 13.751426] __kmalloc_cache_noprof+0x189/0x420 [ 13.751676] kasan_bitops_generic+0x92/0x1c0 [ 13.751885] kunit_try_run_case+0x1a5/0x480 [ 13.752283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.752538] kthread+0x337/0x6f0 [ 13.752683] ret_from_fork+0x116/0x1d0 [ 13.752872] ret_from_fork_asm+0x1a/0x30 [ 13.753111] [ 13.753211] The buggy address belongs to the object at ffff888102531780 [ 13.753211] which belongs to the cache kmalloc-16 of size 16 [ 13.753727] The buggy address is located 8 bytes inside of [ 13.753727] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.754212] [ 13.754288] The buggy address belongs to the physical page: [ 13.754525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.754897] flags: 0x200000000000000(node=0|zone=2) [ 13.755199] page_type: f5(slab) [ 13.755382] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.755673] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.756204] page dumped because: kasan: bad access detected [ 13.756433] [ 13.756526] Memory state around the buggy address: [ 13.756705] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.757041] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.757338] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.757642] ^ [ 13.757791] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.758077] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.758358] ================================================================== [ 13.697531] ================================================================== [ 13.697879] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.698309] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.698638] [ 13.698750] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.698793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.698805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.698825] Call Trace: [ 13.698840] <TASK> [ 13.698855] dump_stack_lvl+0x73/0xb0 [ 13.698882] print_report+0xd1/0x650 [ 13.698970] ? __virt_addr_valid+0x1db/0x2d0 [ 13.698997] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.699023] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.699044] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.699070] kasan_report+0x141/0x180 [ 13.699092] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.699123] kasan_check_range+0x10c/0x1c0 [ 13.699145] __kasan_check_write+0x18/0x20 [ 13.699163] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.699190] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.699217] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.699241] ? trace_hardirqs_on+0x37/0xe0 [ 13.699262] ? kasan_bitops_generic+0x92/0x1c0 [ 13.699288] kasan_bitops_generic+0x121/0x1c0 [ 13.699311] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.699334] ? __pfx_read_tsc+0x10/0x10 [ 13.699355] ? ktime_get_ts64+0x86/0x230 [ 13.699388] kunit_try_run_case+0x1a5/0x480 [ 13.699411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.699432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.699456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.699477] ? __kthread_parkme+0x82/0x180 [ 13.699497] ? preempt_count_sub+0x50/0x80 [ 13.699521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.699544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.699566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.699589] kthread+0x337/0x6f0 [ 13.699625] ? trace_preempt_on+0x20/0xc0 [ 13.699647] ? __pfx_kthread+0x10/0x10 [ 13.699667] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.699687] ? calculate_sigpending+0x7b/0xa0 [ 13.699711] ? __pfx_kthread+0x10/0x10 [ 13.699732] ret_from_fork+0x116/0x1d0 [ 13.699750] ? __pfx_kthread+0x10/0x10 [ 13.699770] ret_from_fork_asm+0x1a/0x30 [ 13.699799] </TASK> [ 13.699811] [ 13.708630] Allocated by task 278: [ 13.708855] kasan_save_stack+0x45/0x70 [ 13.709136] kasan_save_track+0x18/0x40 [ 13.709338] kasan_save_alloc_info+0x3b/0x50 [ 13.709561] __kasan_kmalloc+0xb7/0xc0 [ 13.709736] __kmalloc_cache_noprof+0x189/0x420 [ 13.710059] kasan_bitops_generic+0x92/0x1c0 [ 13.710239] kunit_try_run_case+0x1a5/0x480 [ 13.710437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.710696] kthread+0x337/0x6f0 [ 13.710828] ret_from_fork+0x116/0x1d0 [ 13.711028] ret_from_fork_asm+0x1a/0x30 [ 13.711175] [ 13.711246] The buggy address belongs to the object at ffff888102531780 [ 13.711246] which belongs to the cache kmalloc-16 of size 16 [ 13.711777] The buggy address is located 8 bytes inside of [ 13.711777] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.712501] [ 13.712582] The buggy address belongs to the physical page: [ 13.712764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.713034] flags: 0x200000000000000(node=0|zone=2) [ 13.713273] page_type: f5(slab) [ 13.713449] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.713803] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.714142] page dumped because: kasan: bad access detected [ 13.714479] [ 13.714611] Memory state around the buggy address: [ 13.714798] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.715153] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.715438] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.715746] ^ [ 13.716184] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.716477] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.716774] ================================================================== [ 13.717324] ================================================================== [ 13.717595] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.718111] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.718369] [ 13.718491] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.718533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.718545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.718568] Call Trace: [ 13.718585] <TASK> [ 13.718601] dump_stack_lvl+0x73/0xb0 [ 13.718652] print_report+0xd1/0x650 [ 13.718674] ? __virt_addr_valid+0x1db/0x2d0 [ 13.718697] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.718724] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.718745] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.718771] kasan_report+0x141/0x180 [ 13.718793] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.718823] kasan_check_range+0x10c/0x1c0 [ 13.718848] __kasan_check_write+0x18/0x20 [ 13.718868] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.718896] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.718996] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.719021] ? trace_hardirqs_on+0x37/0xe0 [ 13.719044] ? kasan_bitops_generic+0x92/0x1c0 [ 13.719071] kasan_bitops_generic+0x121/0x1c0 [ 13.719095] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.719120] ? __pfx_read_tsc+0x10/0x10 [ 13.719140] ? ktime_get_ts64+0x86/0x230 [ 13.719165] kunit_try_run_case+0x1a5/0x480 [ 13.719187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.719209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.719233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.719255] ? __kthread_parkme+0x82/0x180 [ 13.719274] ? preempt_count_sub+0x50/0x80 [ 13.719298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.719321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.719342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.719364] kthread+0x337/0x6f0 [ 13.719393] ? trace_preempt_on+0x20/0xc0 [ 13.719414] ? __pfx_kthread+0x10/0x10 [ 13.719435] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.719454] ? calculate_sigpending+0x7b/0xa0 [ 13.719477] ? __pfx_kthread+0x10/0x10 [ 13.719498] ret_from_fork+0x116/0x1d0 [ 13.719515] ? __pfx_kthread+0x10/0x10 [ 13.719534] ret_from_fork_asm+0x1a/0x30 [ 13.719564] </TASK> [ 13.719575] [ 13.728506] Allocated by task 278: [ 13.728644] kasan_save_stack+0x45/0x70 [ 13.728825] kasan_save_track+0x18/0x40 [ 13.729105] kasan_save_alloc_info+0x3b/0x50 [ 13.729332] __kasan_kmalloc+0xb7/0xc0 [ 13.729490] __kmalloc_cache_noprof+0x189/0x420 [ 13.729675] kasan_bitops_generic+0x92/0x1c0 [ 13.729827] kunit_try_run_case+0x1a5/0x480 [ 13.730110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.730386] kthread+0x337/0x6f0 [ 13.730562] ret_from_fork+0x116/0x1d0 [ 13.730773] ret_from_fork_asm+0x1a/0x30 [ 13.731047] [ 13.731145] The buggy address belongs to the object at ffff888102531780 [ 13.731145] which belongs to the cache kmalloc-16 of size 16 [ 13.731672] The buggy address is located 8 bytes inside of [ 13.731672] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.732451] [ 13.732578] The buggy address belongs to the physical page: [ 13.732838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.733232] flags: 0x200000000000000(node=0|zone=2) [ 13.733459] page_type: f5(slab) [ 13.733634] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.734061] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.734358] page dumped because: kasan: bad access detected [ 13.734577] [ 13.734698] Memory state around the buggy address: [ 13.734901] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.735264] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.735507] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.735735] ^ [ 13.735905] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.736222] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.736762] ================================================================== [ 13.855543] ================================================================== [ 13.856055] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.856775] Read of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.857467] [ 13.857708] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.857754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.857765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.857792] Call Trace: [ 13.857808] <TASK> [ 13.857824] dump_stack_lvl+0x73/0xb0 [ 13.857853] print_report+0xd1/0x650 [ 13.857875] ? __virt_addr_valid+0x1db/0x2d0 [ 13.857897] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.857922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.857944] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.857970] kasan_report+0x141/0x180 [ 13.857991] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.858021] __asan_report_load8_noabort+0x18/0x20 [ 13.858045] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.858071] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.858098] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.858122] ? trace_hardirqs_on+0x37/0xe0 [ 13.858144] ? kasan_bitops_generic+0x92/0x1c0 [ 13.858171] kasan_bitops_generic+0x121/0x1c0 [ 13.858193] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.858217] ? __pfx_read_tsc+0x10/0x10 [ 13.858239] ? ktime_get_ts64+0x86/0x230 [ 13.858262] kunit_try_run_case+0x1a5/0x480 [ 13.858287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.858307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.858331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.858353] ? __kthread_parkme+0x82/0x180 [ 13.858386] ? preempt_count_sub+0x50/0x80 [ 13.858409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.858432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.858455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.858477] kthread+0x337/0x6f0 [ 13.858497] ? trace_preempt_on+0x20/0xc0 [ 13.858518] ? __pfx_kthread+0x10/0x10 [ 13.858538] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.858560] ? calculate_sigpending+0x7b/0xa0 [ 13.858594] ? __pfx_kthread+0x10/0x10 [ 13.858614] ret_from_fork+0x116/0x1d0 [ 13.858633] ? __pfx_kthread+0x10/0x10 [ 13.858652] ret_from_fork_asm+0x1a/0x30 [ 13.858682] </TASK> [ 13.858693] [ 13.873727] Allocated by task 278: [ 13.874103] kasan_save_stack+0x45/0x70 [ 13.874569] kasan_save_track+0x18/0x40 [ 13.874952] kasan_save_alloc_info+0x3b/0x50 [ 13.875292] __kasan_kmalloc+0xb7/0xc0 [ 13.875449] __kmalloc_cache_noprof+0x189/0x420 [ 13.875623] kasan_bitops_generic+0x92/0x1c0 [ 13.876000] kunit_try_run_case+0x1a5/0x480 [ 13.876543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.877058] kthread+0x337/0x6f0 [ 13.877428] ret_from_fork+0x116/0x1d0 [ 13.877906] ret_from_fork_asm+0x1a/0x30 [ 13.878336] [ 13.878517] The buggy address belongs to the object at ffff888102531780 [ 13.878517] which belongs to the cache kmalloc-16 of size 16 [ 13.879410] The buggy address is located 8 bytes inside of [ 13.879410] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.880167] [ 13.880446] The buggy address belongs to the physical page: [ 13.880986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.881699] flags: 0x200000000000000(node=0|zone=2) [ 13.882151] page_type: f5(slab) [ 13.882393] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.882647] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.883494] page dumped because: kasan: bad access detected [ 13.884103] [ 13.884274] Memory state around the buggy address: [ 13.884741] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.885121] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.885832] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.886567] ^ [ 13.886734] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887218] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887886] ================================================================== [ 13.677796] ================================================================== [ 13.678245] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.678686] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.679085] [ 13.679202] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.679246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.679257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.679278] Call Trace: [ 13.679291] <TASK> [ 13.679306] dump_stack_lvl+0x73/0xb0 [ 13.679335] print_report+0xd1/0x650 [ 13.679356] ? __virt_addr_valid+0x1db/0x2d0 [ 13.679389] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.679414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.679436] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.679462] kasan_report+0x141/0x180 [ 13.679482] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.679513] kasan_check_range+0x10c/0x1c0 [ 13.679536] __kasan_check_write+0x18/0x20 [ 13.679554] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.679580] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.679627] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.679651] ? trace_hardirqs_on+0x37/0xe0 [ 13.679674] ? kasan_bitops_generic+0x92/0x1c0 [ 13.679699] kasan_bitops_generic+0x121/0x1c0 [ 13.679722] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.679747] ? __pfx_read_tsc+0x10/0x10 [ 13.679767] ? ktime_get_ts64+0x86/0x230 [ 13.679791] kunit_try_run_case+0x1a5/0x480 [ 13.679814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.679835] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.679858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.679880] ? __kthread_parkme+0x82/0x180 [ 13.679900] ? preempt_count_sub+0x50/0x80 [ 13.680174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.680200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.680223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.680246] kthread+0x337/0x6f0 [ 13.680265] ? trace_preempt_on+0x20/0xc0 [ 13.680285] ? __pfx_kthread+0x10/0x10 [ 13.680306] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.680327] ? calculate_sigpending+0x7b/0xa0 [ 13.680350] ? __pfx_kthread+0x10/0x10 [ 13.680370] ret_from_fork+0x116/0x1d0 [ 13.680406] ? __pfx_kthread+0x10/0x10 [ 13.680426] ret_from_fork_asm+0x1a/0x30 [ 13.680456] </TASK> [ 13.680468] [ 13.689023] Allocated by task 278: [ 13.689205] kasan_save_stack+0x45/0x70 [ 13.689416] kasan_save_track+0x18/0x40 [ 13.689626] kasan_save_alloc_info+0x3b/0x50 [ 13.689833] __kasan_kmalloc+0xb7/0xc0 [ 13.690023] __kmalloc_cache_noprof+0x189/0x420 [ 13.690242] kasan_bitops_generic+0x92/0x1c0 [ 13.690547] kunit_try_run_case+0x1a5/0x480 [ 13.690741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.691020] kthread+0x337/0x6f0 [ 13.691187] ret_from_fork+0x116/0x1d0 [ 13.691318] ret_from_fork_asm+0x1a/0x30 [ 13.691467] [ 13.691537] The buggy address belongs to the object at ffff888102531780 [ 13.691537] which belongs to the cache kmalloc-16 of size 16 [ 13.692244] The buggy address is located 8 bytes inside of [ 13.692244] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.692831] [ 13.693011] The buggy address belongs to the physical page: [ 13.693248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.693504] flags: 0x200000000000000(node=0|zone=2) [ 13.693736] page_type: f5(slab) [ 13.693903] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.694303] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.694643] page dumped because: kasan: bad access detected [ 13.694870] [ 13.694976] Memory state around the buggy address: [ 13.695157] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.695454] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.695740] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.695951] ^ [ 13.696072] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.696634] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.697037] ================================================================== [ 13.780913] ================================================================== [ 13.781228] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.781729] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.782084] [ 13.782174] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.782216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.782229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.782248] Call Trace: [ 13.782262] <TASK> [ 13.782275] dump_stack_lvl+0x73/0xb0 [ 13.782303] print_report+0xd1/0x650 [ 13.782326] ? __virt_addr_valid+0x1db/0x2d0 [ 13.782347] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.782384] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.782406] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.782433] kasan_report+0x141/0x180 [ 13.782454] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.782484] kasan_check_range+0x10c/0x1c0 [ 13.782506] __kasan_check_write+0x18/0x20 [ 13.782524] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.782551] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.782579] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.782623] ? trace_hardirqs_on+0x37/0xe0 [ 13.782645] ? kasan_bitops_generic+0x92/0x1c0 [ 13.782671] kasan_bitops_generic+0x121/0x1c0 [ 13.782693] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.782717] ? __pfx_read_tsc+0x10/0x10 [ 13.782737] ? ktime_get_ts64+0x86/0x230 [ 13.782761] kunit_try_run_case+0x1a5/0x480 [ 13.782785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.782807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.782830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.782852] ? __kthread_parkme+0x82/0x180 [ 13.782871] ? preempt_count_sub+0x50/0x80 [ 13.782894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.783164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.783192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.783216] kthread+0x337/0x6f0 [ 13.783235] ? trace_preempt_on+0x20/0xc0 [ 13.783257] ? __pfx_kthread+0x10/0x10 [ 13.783277] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.783298] ? calculate_sigpending+0x7b/0xa0 [ 13.783321] ? __pfx_kthread+0x10/0x10 [ 13.783341] ret_from_fork+0x116/0x1d0 [ 13.783359] ? __pfx_kthread+0x10/0x10 [ 13.783391] ret_from_fork_asm+0x1a/0x30 [ 13.783421] </TASK> [ 13.783432] [ 13.792036] Allocated by task 278: [ 13.792221] kasan_save_stack+0x45/0x70 [ 13.792438] kasan_save_track+0x18/0x40 [ 13.792644] kasan_save_alloc_info+0x3b/0x50 [ 13.792816] __kasan_kmalloc+0xb7/0xc0 [ 13.793073] __kmalloc_cache_noprof+0x189/0x420 [ 13.793235] kasan_bitops_generic+0x92/0x1c0 [ 13.793394] kunit_try_run_case+0x1a5/0x480 [ 13.793542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.793812] kthread+0x337/0x6f0 [ 13.793996] ret_from_fork+0x116/0x1d0 [ 13.794180] ret_from_fork_asm+0x1a/0x30 [ 13.794380] [ 13.794476] The buggy address belongs to the object at ffff888102531780 [ 13.794476] which belongs to the cache kmalloc-16 of size 16 [ 13.794967] The buggy address is located 8 bytes inside of [ 13.794967] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.795326] [ 13.795707] The buggy address belongs to the physical page: [ 13.796039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.796411] flags: 0x200000000000000(node=0|zone=2) [ 13.796653] page_type: f5(slab) [ 13.796812] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.797208] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.797506] page dumped because: kasan: bad access detected [ 13.797760] [ 13.797836] Memory state around the buggy address: [ 13.798071] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.798360] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.798713] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.799237] ^ [ 13.799432] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.799707] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.800062] ================================================================== [ 13.800599] ================================================================== [ 13.800883] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.801355] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.801701] [ 13.801799] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.801842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.801854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.801875] Call Trace: [ 13.801891] <TASK> [ 13.801974] dump_stack_lvl+0x73/0xb0 [ 13.802008] print_report+0xd1/0x650 [ 13.802029] ? __virt_addr_valid+0x1db/0x2d0 [ 13.802051] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.802077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.802098] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.802126] kasan_report+0x141/0x180 [ 13.802147] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.802177] kasan_check_range+0x10c/0x1c0 [ 13.802200] __kasan_check_write+0x18/0x20 [ 13.802220] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.802245] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.802272] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.802295] ? trace_hardirqs_on+0x37/0xe0 [ 13.802318] ? kasan_bitops_generic+0x92/0x1c0 [ 13.802344] kasan_bitops_generic+0x121/0x1c0 [ 13.802367] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.802405] ? __pfx_read_tsc+0x10/0x10 [ 13.802425] ? ktime_get_ts64+0x86/0x230 [ 13.802449] kunit_try_run_case+0x1a5/0x480 [ 13.802472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.802493] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.802517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.802538] ? __kthread_parkme+0x82/0x180 [ 13.802558] ? preempt_count_sub+0x50/0x80 [ 13.802581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.802622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.802645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.802667] kthread+0x337/0x6f0 [ 13.802686] ? trace_preempt_on+0x20/0xc0 [ 13.802707] ? __pfx_kthread+0x10/0x10 [ 13.802728] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.802750] ? calculate_sigpending+0x7b/0xa0 [ 13.802775] ? __pfx_kthread+0x10/0x10 [ 13.802796] ret_from_fork+0x116/0x1d0 [ 13.802813] ? __pfx_kthread+0x10/0x10 [ 13.802833] ret_from_fork_asm+0x1a/0x30 [ 13.802863] </TASK> [ 13.802874] [ 13.811756] Allocated by task 278: [ 13.811897] kasan_save_stack+0x45/0x70 [ 13.812175] kasan_save_track+0x18/0x40 [ 13.812347] kasan_save_alloc_info+0x3b/0x50 [ 13.812535] __kasan_kmalloc+0xb7/0xc0 [ 13.812741] __kmalloc_cache_noprof+0x189/0x420 [ 13.812992] kasan_bitops_generic+0x92/0x1c0 [ 13.813224] kunit_try_run_case+0x1a5/0x480 [ 13.813404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.813652] kthread+0x337/0x6f0 [ 13.813775] ret_from_fork+0x116/0x1d0 [ 13.813907] ret_from_fork_asm+0x1a/0x30 [ 13.814122] [ 13.814200] The buggy address belongs to the object at ffff888102531780 [ 13.814200] which belongs to the cache kmalloc-16 of size 16 [ 13.814768] The buggy address is located 8 bytes inside of [ 13.814768] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.815486] [ 13.815588] The buggy address belongs to the physical page: [ 13.815764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.816208] flags: 0x200000000000000(node=0|zone=2) [ 13.816465] page_type: f5(slab) [ 13.816658] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.817138] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.817460] page dumped because: kasan: bad access detected [ 13.818664] [ 13.818879] Memory state around the buggy address: [ 13.819490] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.819980] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.820243] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.820801] ^ [ 13.821214] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.821667] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.822167] ================================================================== [ 13.822736] ================================================================== [ 13.823524] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.823924] Read of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.824244] [ 13.824337] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.824401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.824412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.824433] Call Trace: [ 13.824452] <TASK> [ 13.824472] dump_stack_lvl+0x73/0xb0 [ 13.824503] print_report+0xd1/0x650 [ 13.824526] ? __virt_addr_valid+0x1db/0x2d0 [ 13.824549] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.824575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.824597] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.824623] kasan_report+0x141/0x180 [ 13.824644] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.824674] kasan_check_range+0x10c/0x1c0 [ 13.824697] __kasan_check_read+0x15/0x20 [ 13.824716] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.824742] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.824769] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.824794] ? trace_hardirqs_on+0x37/0xe0 [ 13.824816] ? kasan_bitops_generic+0x92/0x1c0 [ 13.824879] kasan_bitops_generic+0x121/0x1c0 [ 13.824901] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.824926] ? __pfx_read_tsc+0x10/0x10 [ 13.824946] ? ktime_get_ts64+0x86/0x230 [ 13.824971] kunit_try_run_case+0x1a5/0x480 [ 13.824997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.825017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.825041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.825063] ? __kthread_parkme+0x82/0x180 [ 13.825084] ? preempt_count_sub+0x50/0x80 [ 13.825107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.825130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.825152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.825174] kthread+0x337/0x6f0 [ 13.825192] ? trace_preempt_on+0x20/0xc0 [ 13.825213] ? __pfx_kthread+0x10/0x10 [ 13.825233] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.825252] ? calculate_sigpending+0x7b/0xa0 [ 13.825275] ? __pfx_kthread+0x10/0x10 [ 13.825297] ret_from_fork+0x116/0x1d0 [ 13.825314] ? __pfx_kthread+0x10/0x10 [ 13.825334] ret_from_fork_asm+0x1a/0x30 [ 13.825363] </TASK> [ 13.825384] [ 13.840336] Allocated by task 278: [ 13.840512] kasan_save_stack+0x45/0x70 [ 13.840834] kasan_save_track+0x18/0x40 [ 13.841306] kasan_save_alloc_info+0x3b/0x50 [ 13.841776] __kasan_kmalloc+0xb7/0xc0 [ 13.842131] __kmalloc_cache_noprof+0x189/0x420 [ 13.842295] kasan_bitops_generic+0x92/0x1c0 [ 13.842458] kunit_try_run_case+0x1a5/0x480 [ 13.842618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.843080] kthread+0x337/0x6f0 [ 13.843450] ret_from_fork+0x116/0x1d0 [ 13.844040] ret_from_fork_asm+0x1a/0x30 [ 13.844427] [ 13.844590] The buggy address belongs to the object at ffff888102531780 [ 13.844590] which belongs to the cache kmalloc-16 of size 16 [ 13.845837] The buggy address is located 8 bytes inside of [ 13.845837] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.847061] [ 13.847152] The buggy address belongs to the physical page: [ 13.847323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.847584] flags: 0x200000000000000(node=0|zone=2) [ 13.848011] page_type: f5(slab) [ 13.848370] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.849223] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.849980] page dumped because: kasan: bad access detected [ 13.850708] [ 13.850886] Memory state around the buggy address: [ 13.851476] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.851834] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.852607] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.853418] ^ [ 13.853689] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.853901] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.854627] ================================================================== [ 13.760417] ================================================================== [ 13.761177] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.761897] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.762259] [ 13.762389] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.762435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.762447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.762469] Call Trace: [ 13.762482] <TASK> [ 13.762497] dump_stack_lvl+0x73/0xb0 [ 13.762526] print_report+0xd1/0x650 [ 13.762548] ? __virt_addr_valid+0x1db/0x2d0 [ 13.762592] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.762618] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.762640] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.762665] kasan_report+0x141/0x180 [ 13.762687] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.762716] kasan_check_range+0x10c/0x1c0 [ 13.762739] __kasan_check_write+0x18/0x20 [ 13.762758] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.762784] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.762811] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.762835] ? trace_hardirqs_on+0x37/0xe0 [ 13.762858] ? kasan_bitops_generic+0x92/0x1c0 [ 13.762883] kasan_bitops_generic+0x121/0x1c0 [ 13.763071] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.763107] ? __pfx_read_tsc+0x10/0x10 [ 13.763128] ? ktime_get_ts64+0x86/0x230 [ 13.763153] kunit_try_run_case+0x1a5/0x480 [ 13.763178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.763199] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.763223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.763245] ? __kthread_parkme+0x82/0x180 [ 13.763264] ? preempt_count_sub+0x50/0x80 [ 13.763288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.763311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.763333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.763356] kthread+0x337/0x6f0 [ 13.763386] ? trace_preempt_on+0x20/0xc0 [ 13.763408] ? __pfx_kthread+0x10/0x10 [ 13.763429] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.763448] ? calculate_sigpending+0x7b/0xa0 [ 13.763471] ? __pfx_kthread+0x10/0x10 [ 13.763491] ret_from_fork+0x116/0x1d0 [ 13.763509] ? __pfx_kthread+0x10/0x10 [ 13.763528] ret_from_fork_asm+0x1a/0x30 [ 13.763580] </TASK> [ 13.763591] [ 13.772519] Allocated by task 278: [ 13.772688] kasan_save_stack+0x45/0x70 [ 13.772834] kasan_save_track+0x18/0x40 [ 13.773030] kasan_save_alloc_info+0x3b/0x50 [ 13.773243] __kasan_kmalloc+0xb7/0xc0 [ 13.773500] __kmalloc_cache_noprof+0x189/0x420 [ 13.773715] kasan_bitops_generic+0x92/0x1c0 [ 13.774011] kunit_try_run_case+0x1a5/0x480 [ 13.774210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.774466] kthread+0x337/0x6f0 [ 13.774631] ret_from_fork+0x116/0x1d0 [ 13.774793] ret_from_fork_asm+0x1a/0x30 [ 13.775094] [ 13.775171] The buggy address belongs to the object at ffff888102531780 [ 13.775171] which belongs to the cache kmalloc-16 of size 16 [ 13.775724] The buggy address is located 8 bytes inside of [ 13.775724] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.776156] [ 13.776228] The buggy address belongs to the physical page: [ 13.776409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.776762] flags: 0x200000000000000(node=0|zone=2) [ 13.776997] page_type: f5(slab) [ 13.777169] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.777600] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.777898] page dumped because: kasan: bad access detected [ 13.778181] [ 13.778270] Memory state around the buggy address: [ 13.778484] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.778744] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.779176] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.779507] ^ [ 13.779705] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.780096] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.780423] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.577492] ================================================================== [ 13.578403] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.578772] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.579118] [ 13.579371] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.579432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.579445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.579466] Call Trace: [ 13.579487] <TASK> [ 13.579505] dump_stack_lvl+0x73/0xb0 [ 13.579536] print_report+0xd1/0x650 [ 13.579559] ? __virt_addr_valid+0x1db/0x2d0 [ 13.579590] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.579614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.579635] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.579659] kasan_report+0x141/0x180 [ 13.579681] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.579709] kasan_check_range+0x10c/0x1c0 [ 13.579731] __kasan_check_write+0x18/0x20 [ 13.579751] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.579775] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.579801] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.579826] ? trace_hardirqs_on+0x37/0xe0 [ 13.579848] ? kasan_bitops_generic+0x92/0x1c0 [ 13.579875] kasan_bitops_generic+0x116/0x1c0 [ 13.579900] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.579926] ? __pfx_read_tsc+0x10/0x10 [ 13.579948] ? ktime_get_ts64+0x86/0x230 [ 13.579972] kunit_try_run_case+0x1a5/0x480 [ 13.579997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.580019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.580043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.580065] ? __kthread_parkme+0x82/0x180 [ 13.580086] ? preempt_count_sub+0x50/0x80 [ 13.580110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.580134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.580156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.580224] kthread+0x337/0x6f0 [ 13.580245] ? trace_preempt_on+0x20/0xc0 [ 13.580268] ? __pfx_kthread+0x10/0x10 [ 13.580288] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.580309] ? calculate_sigpending+0x7b/0xa0 [ 13.580332] ? __pfx_kthread+0x10/0x10 [ 13.580353] ret_from_fork+0x116/0x1d0 [ 13.580371] ? __pfx_kthread+0x10/0x10 [ 13.580407] ret_from_fork_asm+0x1a/0x30 [ 13.580436] </TASK> [ 13.580449] [ 13.588741] Allocated by task 278: [ 13.588958] kasan_save_stack+0x45/0x70 [ 13.589139] kasan_save_track+0x18/0x40 [ 13.589306] kasan_save_alloc_info+0x3b/0x50 [ 13.589467] __kasan_kmalloc+0xb7/0xc0 [ 13.589600] __kmalloc_cache_noprof+0x189/0x420 [ 13.589786] kasan_bitops_generic+0x92/0x1c0 [ 13.590096] kunit_try_run_case+0x1a5/0x480 [ 13.590306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.590908] kthread+0x337/0x6f0 [ 13.591047] ret_from_fork+0x116/0x1d0 [ 13.591182] ret_from_fork_asm+0x1a/0x30 [ 13.591386] [ 13.591482] The buggy address belongs to the object at ffff888102531780 [ 13.591482] which belongs to the cache kmalloc-16 of size 16 [ 13.592160] The buggy address is located 8 bytes inside of [ 13.592160] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.592696] [ 13.592791] The buggy address belongs to the physical page: [ 13.593017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.593286] flags: 0x200000000000000(node=0|zone=2) [ 13.593498] page_type: f5(slab) [ 13.593665] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.593993] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.594619] page dumped because: kasan: bad access detected [ 13.594825] [ 13.594896] Memory state around the buggy address: [ 13.595335] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.595588] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.595909] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.596179] ^ [ 13.596323] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.596647] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.596861] ================================================================== [ 13.515280] ================================================================== [ 13.515788] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.516663] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.516927] [ 13.517100] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.517148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.517161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.517183] Call Trace: [ 13.517195] <TASK> [ 13.517214] dump_stack_lvl+0x73/0xb0 [ 13.517244] print_report+0xd1/0x650 [ 13.517268] ? __virt_addr_valid+0x1db/0x2d0 [ 13.517292] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.517318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.517339] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.517364] kasan_report+0x141/0x180 [ 13.517398] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.517429] kasan_check_range+0x10c/0x1c0 [ 13.517452] __kasan_check_write+0x18/0x20 [ 13.517471] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.517495] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.517521] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.517545] ? trace_hardirqs_on+0x37/0xe0 [ 13.517568] ? kasan_bitops_generic+0x92/0x1c0 [ 13.517609] kasan_bitops_generic+0x116/0x1c0 [ 13.517632] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.517656] ? __pfx_read_tsc+0x10/0x10 [ 13.517679] ? ktime_get_ts64+0x86/0x230 [ 13.517704] kunit_try_run_case+0x1a5/0x480 [ 13.517731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.517754] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.517779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.517801] ? __kthread_parkme+0x82/0x180 [ 13.517823] ? preempt_count_sub+0x50/0x80 [ 13.517847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.517872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.517894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.517917] kthread+0x337/0x6f0 [ 13.517937] ? trace_preempt_on+0x20/0xc0 [ 13.517960] ? __pfx_kthread+0x10/0x10 [ 13.517981] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.518002] ? calculate_sigpending+0x7b/0xa0 [ 13.518025] ? __pfx_kthread+0x10/0x10 [ 13.518046] ret_from_fork+0x116/0x1d0 [ 13.518064] ? __pfx_kthread+0x10/0x10 [ 13.518083] ret_from_fork_asm+0x1a/0x30 [ 13.518114] </TASK> [ 13.518126] [ 13.526901] Allocated by task 278: [ 13.527256] kasan_save_stack+0x45/0x70 [ 13.527496] kasan_save_track+0x18/0x40 [ 13.527691] kasan_save_alloc_info+0x3b/0x50 [ 13.527856] __kasan_kmalloc+0xb7/0xc0 [ 13.528252] __kmalloc_cache_noprof+0x189/0x420 [ 13.528444] kasan_bitops_generic+0x92/0x1c0 [ 13.528595] kunit_try_run_case+0x1a5/0x480 [ 13.528745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.528995] kthread+0x337/0x6f0 [ 13.529167] ret_from_fork+0x116/0x1d0 [ 13.529530] ret_from_fork_asm+0x1a/0x30 [ 13.529726] [ 13.529797] The buggy address belongs to the object at ffff888102531780 [ 13.529797] which belongs to the cache kmalloc-16 of size 16 [ 13.530146] The buggy address is located 8 bytes inside of [ 13.530146] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.531181] [ 13.531280] The buggy address belongs to the physical page: [ 13.531514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.531758] flags: 0x200000000000000(node=0|zone=2) [ 13.531923] page_type: f5(slab) [ 13.532357] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.532962] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.533235] page dumped because: kasan: bad access detected [ 13.533419] [ 13.533488] Memory state around the buggy address: [ 13.533643] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.533943] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.534263] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.534804] ^ [ 13.535054] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.535356] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.535653] ================================================================== [ 13.536145] ================================================================== [ 13.536507] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.536892] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.537185] [ 13.537642] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.537691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.537703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.537724] Call Trace: [ 13.537739] <TASK> [ 13.537756] dump_stack_lvl+0x73/0xb0 [ 13.537784] print_report+0xd1/0x650 [ 13.537808] ? __virt_addr_valid+0x1db/0x2d0 [ 13.537832] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.537857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.537878] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.537903] kasan_report+0x141/0x180 [ 13.537994] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538028] kasan_check_range+0x10c/0x1c0 [ 13.538052] __kasan_check_write+0x18/0x20 [ 13.538071] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538095] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.538122] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.538147] ? trace_hardirqs_on+0x37/0xe0 [ 13.538170] ? kasan_bitops_generic+0x92/0x1c0 [ 13.538197] kasan_bitops_generic+0x116/0x1c0 [ 13.538220] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.538244] ? __pfx_read_tsc+0x10/0x10 [ 13.538265] ? ktime_get_ts64+0x86/0x230 [ 13.538289] kunit_try_run_case+0x1a5/0x480 [ 13.538313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.538334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.538359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.538395] ? __kthread_parkme+0x82/0x180 [ 13.538417] ? preempt_count_sub+0x50/0x80 [ 13.538441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.538464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.538487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.538510] kthread+0x337/0x6f0 [ 13.538530] ? trace_preempt_on+0x20/0xc0 [ 13.538553] ? __pfx_kthread+0x10/0x10 [ 13.538573] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.538594] ? calculate_sigpending+0x7b/0xa0 [ 13.538617] ? __pfx_kthread+0x10/0x10 [ 13.538638] ret_from_fork+0x116/0x1d0 [ 13.538656] ? __pfx_kthread+0x10/0x10 [ 13.538676] ret_from_fork_asm+0x1a/0x30 [ 13.538708] </TASK> [ 13.538719] [ 13.547151] Allocated by task 278: [ 13.547599] kasan_save_stack+0x45/0x70 [ 13.547779] kasan_save_track+0x18/0x40 [ 13.547917] kasan_save_alloc_info+0x3b/0x50 [ 13.548067] __kasan_kmalloc+0xb7/0xc0 [ 13.548255] __kmalloc_cache_noprof+0x189/0x420 [ 13.548496] kasan_bitops_generic+0x92/0x1c0 [ 13.548711] kunit_try_run_case+0x1a5/0x480 [ 13.549077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.549255] kthread+0x337/0x6f0 [ 13.549387] ret_from_fork+0x116/0x1d0 [ 13.549548] ret_from_fork_asm+0x1a/0x30 [ 13.549746] [ 13.549845] The buggy address belongs to the object at ffff888102531780 [ 13.549845] which belongs to the cache kmalloc-16 of size 16 [ 13.550750] The buggy address is located 8 bytes inside of [ 13.550750] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.551358] [ 13.551477] The buggy address belongs to the physical page: [ 13.551724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.551966] flags: 0x200000000000000(node=0|zone=2) [ 13.552144] page_type: f5(slab) [ 13.552316] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.552783] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.553283] page dumped because: kasan: bad access detected [ 13.554121] [ 13.554203] Memory state around the buggy address: [ 13.554364] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.554991] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.555326] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.555672] ^ [ 13.555849] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.556099] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.556463] ================================================================== [ 13.597228] ================================================================== [ 13.597574] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.598095] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.598451] [ 13.598562] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.598606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.598617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.598638] Call Trace: [ 13.598651] <TASK> [ 13.598665] dump_stack_lvl+0x73/0xb0 [ 13.598694] print_report+0xd1/0x650 [ 13.598717] ? __virt_addr_valid+0x1db/0x2d0 [ 13.598739] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.598764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.598785] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.598810] kasan_report+0x141/0x180 [ 13.598831] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.598860] kasan_check_range+0x10c/0x1c0 [ 13.598883] __kasan_check_write+0x18/0x20 [ 13.598902] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.598926] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.598951] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.598976] ? trace_hardirqs_on+0x37/0xe0 [ 13.598999] ? kasan_bitops_generic+0x92/0x1c0 [ 13.599025] kasan_bitops_generic+0x116/0x1c0 [ 13.599048] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.599072] ? __pfx_read_tsc+0x10/0x10 [ 13.599093] ? ktime_get_ts64+0x86/0x230 [ 13.599117] kunit_try_run_case+0x1a5/0x480 [ 13.599141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.599163] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.599187] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.599209] ? __kthread_parkme+0x82/0x180 [ 13.599230] ? preempt_count_sub+0x50/0x80 [ 13.599253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.599276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.599298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.599321] kthread+0x337/0x6f0 [ 13.599340] ? trace_preempt_on+0x20/0xc0 [ 13.599361] ? __pfx_kthread+0x10/0x10 [ 13.599390] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.599411] ? calculate_sigpending+0x7b/0xa0 [ 13.599434] ? __pfx_kthread+0x10/0x10 [ 13.599515] ret_from_fork+0x116/0x1d0 [ 13.599535] ? __pfx_kthread+0x10/0x10 [ 13.599555] ret_from_fork_asm+0x1a/0x30 [ 13.599586] </TASK> [ 13.599597] [ 13.608484] Allocated by task 278: [ 13.608755] kasan_save_stack+0x45/0x70 [ 13.609065] kasan_save_track+0x18/0x40 [ 13.609220] kasan_save_alloc_info+0x3b/0x50 [ 13.609385] __kasan_kmalloc+0xb7/0xc0 [ 13.609519] __kmalloc_cache_noprof+0x189/0x420 [ 13.609676] kasan_bitops_generic+0x92/0x1c0 [ 13.609823] kunit_try_run_case+0x1a5/0x480 [ 13.609970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.610222] kthread+0x337/0x6f0 [ 13.610401] ret_from_fork+0x116/0x1d0 [ 13.610590] ret_from_fork_asm+0x1a/0x30 [ 13.610790] [ 13.610885] The buggy address belongs to the object at ffff888102531780 [ 13.610885] which belongs to the cache kmalloc-16 of size 16 [ 13.611811] The buggy address is located 8 bytes inside of [ 13.611811] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.612357] [ 13.612477] The buggy address belongs to the physical page: [ 13.612732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.613091] flags: 0x200000000000000(node=0|zone=2) [ 13.613262] page_type: f5(slab) [ 13.613393] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.613740] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.614087] page dumped because: kasan: bad access detected [ 13.614443] [ 13.614538] Memory state around the buggy address: [ 13.614727] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.614955] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.615268] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.615806] ^ [ 13.615963] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.616180] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.616504] ================================================================== [ 13.557045] ================================================================== [ 13.557456] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.558197] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.558465] [ 13.558581] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.558624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.558636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.558657] Call Trace: [ 13.558676] <TASK> [ 13.558694] dump_stack_lvl+0x73/0xb0 [ 13.558723] print_report+0xd1/0x650 [ 13.558747] ? __virt_addr_valid+0x1db/0x2d0 [ 13.558770] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.558794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.558816] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.558840] kasan_report+0x141/0x180 [ 13.558861] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.558890] kasan_check_range+0x10c/0x1c0 [ 13.558913] __kasan_check_write+0x18/0x20 [ 13.558931] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.558956] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.558982] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.559007] ? trace_hardirqs_on+0x37/0xe0 [ 13.559029] ? kasan_bitops_generic+0x92/0x1c0 [ 13.559056] kasan_bitops_generic+0x116/0x1c0 [ 13.559078] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.559103] ? __pfx_read_tsc+0x10/0x10 [ 13.559124] ? ktime_get_ts64+0x86/0x230 [ 13.559147] kunit_try_run_case+0x1a5/0x480 [ 13.559171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.559193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.559217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.559240] ? __kthread_parkme+0x82/0x180 [ 13.559260] ? preempt_count_sub+0x50/0x80 [ 13.559283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.559306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.559328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.559444] kthread+0x337/0x6f0 [ 13.559466] ? trace_preempt_on+0x20/0xc0 [ 13.559487] ? __pfx_kthread+0x10/0x10 [ 13.559510] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.559531] ? calculate_sigpending+0x7b/0xa0 [ 13.559554] ? __pfx_kthread+0x10/0x10 [ 13.559575] ret_from_fork+0x116/0x1d0 [ 13.559593] ? __pfx_kthread+0x10/0x10 [ 13.559613] ret_from_fork_asm+0x1a/0x30 [ 13.559643] </TASK> [ 13.559654] [ 13.568468] Allocated by task 278: [ 13.568675] kasan_save_stack+0x45/0x70 [ 13.568835] kasan_save_track+0x18/0x40 [ 13.568972] kasan_save_alloc_info+0x3b/0x50 [ 13.569131] __kasan_kmalloc+0xb7/0xc0 [ 13.569341] __kmalloc_cache_noprof+0x189/0x420 [ 13.569593] kasan_bitops_generic+0x92/0x1c0 [ 13.569803] kunit_try_run_case+0x1a5/0x480 [ 13.570403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.570803] kthread+0x337/0x6f0 [ 13.571127] ret_from_fork+0x116/0x1d0 [ 13.571331] ret_from_fork_asm+0x1a/0x30 [ 13.571494] [ 13.571598] The buggy address belongs to the object at ffff888102531780 [ 13.571598] which belongs to the cache kmalloc-16 of size 16 [ 13.572162] The buggy address is located 8 bytes inside of [ 13.572162] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.572664] [ 13.572743] The buggy address belongs to the physical page: [ 13.572950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.573434] flags: 0x200000000000000(node=0|zone=2) [ 13.573658] page_type: f5(slab) [ 13.573797] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.574028] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.574254] page dumped because: kasan: bad access detected [ 13.574462] [ 13.574560] Memory state around the buggy address: [ 13.574789] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.575694] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.575921] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.576240] ^ [ 13.576441] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.576762] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.576978] ================================================================== [ 13.617069] ================================================================== [ 13.617425] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.617827] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.618194] [ 13.618310] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.618353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.618365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.618396] Call Trace: [ 13.618410] <TASK> [ 13.618424] dump_stack_lvl+0x73/0xb0 [ 13.618454] print_report+0xd1/0x650 [ 13.618476] ? __virt_addr_valid+0x1db/0x2d0 [ 13.618498] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.618522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.618544] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.618569] kasan_report+0x141/0x180 [ 13.618590] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.618640] kasan_check_range+0x10c/0x1c0 [ 13.618663] __kasan_check_write+0x18/0x20 [ 13.618682] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.618706] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.618731] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.618755] ? trace_hardirqs_on+0x37/0xe0 [ 13.618778] ? kasan_bitops_generic+0x92/0x1c0 [ 13.618805] kasan_bitops_generic+0x116/0x1c0 [ 13.618829] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.618853] ? __pfx_read_tsc+0x10/0x10 [ 13.618874] ? ktime_get_ts64+0x86/0x230 [ 13.618898] kunit_try_run_case+0x1a5/0x480 [ 13.619109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.619133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.619157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.619180] ? __kthread_parkme+0x82/0x180 [ 13.619202] ? preempt_count_sub+0x50/0x80 [ 13.619225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.619249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.619272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.619294] kthread+0x337/0x6f0 [ 13.619313] ? trace_preempt_on+0x20/0xc0 [ 13.619335] ? __pfx_kthread+0x10/0x10 [ 13.619354] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.619387] ? calculate_sigpending+0x7b/0xa0 [ 13.619411] ? __pfx_kthread+0x10/0x10 [ 13.619431] ret_from_fork+0x116/0x1d0 [ 13.619449] ? __pfx_kthread+0x10/0x10 [ 13.619468] ret_from_fork_asm+0x1a/0x30 [ 13.619498] </TASK> [ 13.619509] [ 13.627882] Allocated by task 278: [ 13.628124] kasan_save_stack+0x45/0x70 [ 13.628302] kasan_save_track+0x18/0x40 [ 13.628506] kasan_save_alloc_info+0x3b/0x50 [ 13.628715] __kasan_kmalloc+0xb7/0xc0 [ 13.628892] __kmalloc_cache_noprof+0x189/0x420 [ 13.629138] kasan_bitops_generic+0x92/0x1c0 [ 13.629344] kunit_try_run_case+0x1a5/0x480 [ 13.629531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.629785] kthread+0x337/0x6f0 [ 13.630040] ret_from_fork+0x116/0x1d0 [ 13.630234] ret_from_fork_asm+0x1a/0x30 [ 13.630407] [ 13.630502] The buggy address belongs to the object at ffff888102531780 [ 13.630502] which belongs to the cache kmalloc-16 of size 16 [ 13.631191] The buggy address is located 8 bytes inside of [ 13.631191] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.631673] [ 13.631788] The buggy address belongs to the physical page: [ 13.632041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.632289] flags: 0x200000000000000(node=0|zone=2) [ 13.632469] page_type: f5(slab) [ 13.632664] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.633081] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.633427] page dumped because: kasan: bad access detected [ 13.633703] [ 13.633798] Memory state around the buggy address: [ 13.634099] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.634439] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.634691] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.635107] ^ [ 13.635311] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.635641] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.636066] ================================================================== [ 13.658368] ================================================================== [ 13.658854] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.659297] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.659635] [ 13.659742] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.659785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.659797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.659818] Call Trace: [ 13.659834] <TASK> [ 13.659851] dump_stack_lvl+0x73/0xb0 [ 13.659879] print_report+0xd1/0x650 [ 13.659901] ? __virt_addr_valid+0x1db/0x2d0 [ 13.660161] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.660187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.660210] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.660236] kasan_report+0x141/0x180 [ 13.660258] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.660287] kasan_check_range+0x10c/0x1c0 [ 13.660309] __kasan_check_write+0x18/0x20 [ 13.660328] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.660353] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.660391] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.660422] ? trace_hardirqs_on+0x37/0xe0 [ 13.660444] ? kasan_bitops_generic+0x92/0x1c0 [ 13.660470] kasan_bitops_generic+0x116/0x1c0 [ 13.660492] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.660516] ? __pfx_read_tsc+0x10/0x10 [ 13.660536] ? ktime_get_ts64+0x86/0x230 [ 13.660559] kunit_try_run_case+0x1a5/0x480 [ 13.660583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.660603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.660627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.660649] ? __kthread_parkme+0x82/0x180 [ 13.660668] ? preempt_count_sub+0x50/0x80 [ 13.660692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.660715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.660737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.660780] kthread+0x337/0x6f0 [ 13.660801] ? trace_preempt_on+0x20/0xc0 [ 13.660822] ? __pfx_kthread+0x10/0x10 [ 13.660841] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.660861] ? calculate_sigpending+0x7b/0xa0 [ 13.660884] ? __pfx_kthread+0x10/0x10 [ 13.660973] ret_from_fork+0x116/0x1d0 [ 13.660995] ? __pfx_kthread+0x10/0x10 [ 13.661015] ret_from_fork_asm+0x1a/0x30 [ 13.661044] </TASK> [ 13.661056] [ 13.669591] Allocated by task 278: [ 13.669805] kasan_save_stack+0x45/0x70 [ 13.670034] kasan_save_track+0x18/0x40 [ 13.670227] kasan_save_alloc_info+0x3b/0x50 [ 13.670525] __kasan_kmalloc+0xb7/0xc0 [ 13.670697] __kmalloc_cache_noprof+0x189/0x420 [ 13.670882] kasan_bitops_generic+0x92/0x1c0 [ 13.671149] kunit_try_run_case+0x1a5/0x480 [ 13.671388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.671621] kthread+0x337/0x6f0 [ 13.671800] ret_from_fork+0x116/0x1d0 [ 13.672184] ret_from_fork_asm+0x1a/0x30 [ 13.672348] [ 13.672441] The buggy address belongs to the object at ffff888102531780 [ 13.672441] which belongs to the cache kmalloc-16 of size 16 [ 13.672969] The buggy address is located 8 bytes inside of [ 13.672969] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.673455] [ 13.673529] The buggy address belongs to the physical page: [ 13.673702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.674010] flags: 0x200000000000000(node=0|zone=2) [ 13.674249] page_type: f5(slab) [ 13.674533] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.674793] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.675080] page dumped because: kasan: bad access detected [ 13.675255] [ 13.675324] Memory state around the buggy address: [ 13.675490] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.675732] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.676154] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.676388] ^ [ 13.676519] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.676862] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677258] ================================================================== [ 13.638538] ================================================================== [ 13.638820] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.639189] Write of size 8 at addr ffff888102531788 by task kunit_try_catch/278 [ 13.639529] [ 13.639626] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.639668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.639680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.639701] Call Trace: [ 13.639716] <TASK> [ 13.639731] dump_stack_lvl+0x73/0xb0 [ 13.639758] print_report+0xd1/0x650 [ 13.639780] ? __virt_addr_valid+0x1db/0x2d0 [ 13.639802] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.639825] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.639847] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.639871] kasan_report+0x141/0x180 [ 13.639892] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.639921] kasan_check_range+0x10c/0x1c0 [ 13.639943] __kasan_check_write+0x18/0x20 [ 13.639962] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.639988] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.640014] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.640038] ? trace_hardirqs_on+0x37/0xe0 [ 13.640060] ? kasan_bitops_generic+0x92/0x1c0 [ 13.640087] kasan_bitops_generic+0x116/0x1c0 [ 13.640109] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.640133] ? __pfx_read_tsc+0x10/0x10 [ 13.640154] ? ktime_get_ts64+0x86/0x230 [ 13.640177] kunit_try_run_case+0x1a5/0x480 [ 13.640201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.640222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.640245] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.640266] ? __kthread_parkme+0x82/0x180 [ 13.640287] ? preempt_count_sub+0x50/0x80 [ 13.640309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.640332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.640354] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.640677] kthread+0x337/0x6f0 [ 13.640707] ? trace_preempt_on+0x20/0xc0 [ 13.640730] ? __pfx_kthread+0x10/0x10 [ 13.640750] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.640771] ? calculate_sigpending+0x7b/0xa0 [ 13.640794] ? __pfx_kthread+0x10/0x10 [ 13.640816] ret_from_fork+0x116/0x1d0 [ 13.640834] ? __pfx_kthread+0x10/0x10 [ 13.640854] ret_from_fork_asm+0x1a/0x30 [ 13.640883] </TASK> [ 13.640895] [ 13.649772] Allocated by task 278: [ 13.650035] kasan_save_stack+0x45/0x70 [ 13.650249] kasan_save_track+0x18/0x40 [ 13.650443] kasan_save_alloc_info+0x3b/0x50 [ 13.650663] __kasan_kmalloc+0xb7/0xc0 [ 13.650832] __kmalloc_cache_noprof+0x189/0x420 [ 13.651150] kasan_bitops_generic+0x92/0x1c0 [ 13.651307] kunit_try_run_case+0x1a5/0x480 [ 13.651473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.651749] kthread+0x337/0x6f0 [ 13.652107] ret_from_fork+0x116/0x1d0 [ 13.652304] ret_from_fork_asm+0x1a/0x30 [ 13.652523] [ 13.652620] The buggy address belongs to the object at ffff888102531780 [ 13.652620] which belongs to the cache kmalloc-16 of size 16 [ 13.653189] The buggy address is located 8 bytes inside of [ 13.653189] allocated 9-byte region [ffff888102531780, ffff888102531789) [ 13.653730] [ 13.653826] The buggy address belongs to the physical page: [ 13.654138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 13.654442] flags: 0x200000000000000(node=0|zone=2) [ 13.654702] page_type: f5(slab) [ 13.654825] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.655226] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.655569] page dumped because: kasan: bad access detected [ 13.655805] [ 13.655900] Memory state around the buggy address: [ 13.656299] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.656609] ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.656945] >ffff888102531780: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657216] ^ [ 13.657367] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657651] ffff888102531880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657894] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.489995] ================================================================== [ 13.490356] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.491018] Read of size 1 at addr ffff888103aaf390 by task kunit_try_catch/276 [ 13.491316] [ 13.491419] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.491464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.491475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.491496] Call Trace: [ 13.491515] <TASK> [ 13.491533] dump_stack_lvl+0x73/0xb0 [ 13.491559] print_report+0xd1/0x650 [ 13.491582] ? __virt_addr_valid+0x1db/0x2d0 [ 13.491605] ? strnlen+0x73/0x80 [ 13.491623] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.491644] ? strnlen+0x73/0x80 [ 13.491662] kasan_report+0x141/0x180 [ 13.491683] ? strnlen+0x73/0x80 [ 13.491704] __asan_report_load1_noabort+0x18/0x20 [ 13.491728] strnlen+0x73/0x80 [ 13.491746] kasan_strings+0x615/0xe80 [ 13.491766] ? trace_hardirqs_on+0x37/0xe0 [ 13.491790] ? __pfx_kasan_strings+0x10/0x10 [ 13.491809] ? finish_task_switch.isra.0+0x153/0x700 [ 13.491831] ? __switch_to+0x47/0xf50 [ 13.491855] ? __schedule+0x10cc/0x2b60 [ 13.491877] ? __pfx_read_tsc+0x10/0x10 [ 13.491897] ? ktime_get_ts64+0x86/0x230 [ 13.491920] kunit_try_run_case+0x1a5/0x480 [ 13.491944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.491966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.491989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.492011] ? __kthread_parkme+0x82/0x180 [ 13.492034] ? preempt_count_sub+0x50/0x80 [ 13.492058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.492082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.492104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.492127] kthread+0x337/0x6f0 [ 13.492145] ? trace_preempt_on+0x20/0xc0 [ 13.492166] ? __pfx_kthread+0x10/0x10 [ 13.492186] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.492207] ? calculate_sigpending+0x7b/0xa0 [ 13.492230] ? __pfx_kthread+0x10/0x10 [ 13.492250] ret_from_fork+0x116/0x1d0 [ 13.492267] ? __pfx_kthread+0x10/0x10 [ 13.492287] ret_from_fork_asm+0x1a/0x30 [ 13.492316] </TASK> [ 13.492327] [ 13.499830] Allocated by task 276: [ 13.499957] kasan_save_stack+0x45/0x70 [ 13.500100] kasan_save_track+0x18/0x40 [ 13.500232] kasan_save_alloc_info+0x3b/0x50 [ 13.500385] __kasan_kmalloc+0xb7/0xc0 [ 13.500590] __kmalloc_cache_noprof+0x189/0x420 [ 13.500810] kasan_strings+0xc0/0xe80 [ 13.500987] kunit_try_run_case+0x1a5/0x480 [ 13.501188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.501440] kthread+0x337/0x6f0 [ 13.501634] ret_from_fork+0x116/0x1d0 [ 13.501821] ret_from_fork_asm+0x1a/0x30 [ 13.502013] [ 13.502084] Freed by task 276: [ 13.502196] kasan_save_stack+0x45/0x70 [ 13.502333] kasan_save_track+0x18/0x40 [ 13.502479] kasan_save_free_info+0x3f/0x60 [ 13.502760] __kasan_slab_free+0x56/0x70 [ 13.502953] kfree+0x222/0x3f0 [ 13.503117] kasan_strings+0x2aa/0xe80 [ 13.503302] kunit_try_run_case+0x1a5/0x480 [ 13.503524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.503914] kthread+0x337/0x6f0 [ 13.504076] ret_from_fork+0x116/0x1d0 [ 13.504252] ret_from_fork_asm+0x1a/0x30 [ 13.504461] [ 13.504554] The buggy address belongs to the object at ffff888103aaf380 [ 13.504554] which belongs to the cache kmalloc-32 of size 32 [ 13.504935] The buggy address is located 16 bytes inside of [ 13.504935] freed 32-byte region [ffff888103aaf380, ffff888103aaf3a0) [ 13.505287] [ 13.505389] The buggy address belongs to the physical page: [ 13.505690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.506044] flags: 0x200000000000000(node=0|zone=2) [ 13.506281] page_type: f5(slab) [ 13.506459] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.507072] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.507357] page dumped because: kasan: bad access detected [ 13.507582] [ 13.507665] Memory state around the buggy address: [ 13.507817] ffff888103aaf280: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.508047] ffff888103aaf300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.508356] >ffff888103aaf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.508824] ^ [ 13.508992] ffff888103aaf400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.509260] ffff888103aaf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.509511] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.470427] ================================================================== [ 13.471219] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.471497] Read of size 1 at addr ffff888103aaf390 by task kunit_try_catch/276 [ 13.471801] [ 13.471897] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.471944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.471956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.471978] Call Trace: [ 13.471997] <TASK> [ 13.472017] dump_stack_lvl+0x73/0xb0 [ 13.472045] print_report+0xd1/0x650 [ 13.472069] ? __virt_addr_valid+0x1db/0x2d0 [ 13.472092] ? strlen+0x8f/0xb0 [ 13.472108] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.472130] ? strlen+0x8f/0xb0 [ 13.472147] kasan_report+0x141/0x180 [ 13.472168] ? strlen+0x8f/0xb0 [ 13.472188] __asan_report_load1_noabort+0x18/0x20 [ 13.472212] strlen+0x8f/0xb0 [ 13.472229] kasan_strings+0x57b/0xe80 [ 13.472248] ? trace_hardirqs_on+0x37/0xe0 [ 13.472271] ? __pfx_kasan_strings+0x10/0x10 [ 13.472289] ? finish_task_switch.isra.0+0x153/0x700 [ 13.472312] ? __switch_to+0x47/0xf50 [ 13.472337] ? __schedule+0x10cc/0x2b60 [ 13.472360] ? __pfx_read_tsc+0x10/0x10 [ 13.472391] ? ktime_get_ts64+0x86/0x230 [ 13.472419] kunit_try_run_case+0x1a5/0x480 [ 13.472443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.472465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.472489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.472511] ? __kthread_parkme+0x82/0x180 [ 13.472531] ? preempt_count_sub+0x50/0x80 [ 13.472554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.472589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.472612] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.472635] kthread+0x337/0x6f0 [ 13.472654] ? trace_preempt_on+0x20/0xc0 [ 13.472675] ? __pfx_kthread+0x10/0x10 [ 13.472695] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.472715] ? calculate_sigpending+0x7b/0xa0 [ 13.472738] ? __pfx_kthread+0x10/0x10 [ 13.472759] ret_from_fork+0x116/0x1d0 [ 13.472777] ? __pfx_kthread+0x10/0x10 [ 13.472796] ret_from_fork_asm+0x1a/0x30 [ 13.472825] </TASK> [ 13.472836] [ 13.479810] Allocated by task 276: [ 13.479971] kasan_save_stack+0x45/0x70 [ 13.480166] kasan_save_track+0x18/0x40 [ 13.480352] kasan_save_alloc_info+0x3b/0x50 [ 13.480571] __kasan_kmalloc+0xb7/0xc0 [ 13.480753] __kmalloc_cache_noprof+0x189/0x420 [ 13.480970] kasan_strings+0xc0/0xe80 [ 13.481135] kunit_try_run_case+0x1a5/0x480 [ 13.481278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.481494] kthread+0x337/0x6f0 [ 13.481821] ret_from_fork+0x116/0x1d0 [ 13.482002] ret_from_fork_asm+0x1a/0x30 [ 13.482194] [ 13.482287] Freed by task 276: [ 13.482422] kasan_save_stack+0x45/0x70 [ 13.482559] kasan_save_track+0x18/0x40 [ 13.482757] kasan_save_free_info+0x3f/0x60 [ 13.482955] __kasan_slab_free+0x56/0x70 [ 13.483133] kfree+0x222/0x3f0 [ 13.483273] kasan_strings+0x2aa/0xe80 [ 13.483443] kunit_try_run_case+0x1a5/0x480 [ 13.483656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.483828] kthread+0x337/0x6f0 [ 13.483985] ret_from_fork+0x116/0x1d0 [ 13.484171] ret_from_fork_asm+0x1a/0x30 [ 13.484363] [ 13.484471] The buggy address belongs to the object at ffff888103aaf380 [ 13.484471] which belongs to the cache kmalloc-32 of size 32 [ 13.484984] The buggy address is located 16 bytes inside of [ 13.484984] freed 32-byte region [ffff888103aaf380, ffff888103aaf3a0) [ 13.485415] [ 13.485517] The buggy address belongs to the physical page: [ 13.485795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.486127] flags: 0x200000000000000(node=0|zone=2) [ 13.486311] page_type: f5(slab) [ 13.486476] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.486885] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.487166] page dumped because: kasan: bad access detected [ 13.487426] [ 13.487511] Memory state around the buggy address: [ 13.487750] ffff888103aaf280: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.488042] ffff888103aaf300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.488332] >ffff888103aaf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.488589] ^ [ 13.488771] ffff888103aaf400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.489025] ffff888103aaf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.489317] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.446722] ================================================================== [ 13.447052] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.447625] Read of size 1 at addr ffff888103aaf390 by task kunit_try_catch/276 [ 13.448064] [ 13.448178] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.448223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.448234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.448256] Call Trace: [ 13.448273] <TASK> [ 13.448291] dump_stack_lvl+0x73/0xb0 [ 13.448320] print_report+0xd1/0x650 [ 13.448343] ? __virt_addr_valid+0x1db/0x2d0 [ 13.448366] ? kasan_strings+0xcbc/0xe80 [ 13.448404] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.448426] ? kasan_strings+0xcbc/0xe80 [ 13.448447] kasan_report+0x141/0x180 [ 13.448468] ? kasan_strings+0xcbc/0xe80 [ 13.448493] __asan_report_load1_noabort+0x18/0x20 [ 13.448516] kasan_strings+0xcbc/0xe80 [ 13.448535] ? trace_hardirqs_on+0x37/0xe0 [ 13.448559] ? __pfx_kasan_strings+0x10/0x10 [ 13.448579] ? finish_task_switch.isra.0+0x153/0x700 [ 13.448601] ? __switch_to+0x47/0xf50 [ 13.448627] ? __schedule+0x10cc/0x2b60 [ 13.448649] ? __pfx_read_tsc+0x10/0x10 [ 13.448669] ? ktime_get_ts64+0x86/0x230 [ 13.448693] kunit_try_run_case+0x1a5/0x480 [ 13.448717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.448739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.448762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.448784] ? __kthread_parkme+0x82/0x180 [ 13.448804] ? preempt_count_sub+0x50/0x80 [ 13.448826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.448850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.448872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.448894] kthread+0x337/0x6f0 [ 13.448913] ? trace_preempt_on+0x20/0xc0 [ 13.448935] ? __pfx_kthread+0x10/0x10 [ 13.448955] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.448975] ? calculate_sigpending+0x7b/0xa0 [ 13.448998] ? __pfx_kthread+0x10/0x10 [ 13.449017] ret_from_fork+0x116/0x1d0 [ 13.449035] ? __pfx_kthread+0x10/0x10 [ 13.449054] ret_from_fork_asm+0x1a/0x30 [ 13.449083] </TASK> [ 13.449094] [ 13.456648] Allocated by task 276: [ 13.456834] kasan_save_stack+0x45/0x70 [ 13.457014] kasan_save_track+0x18/0x40 [ 13.457183] kasan_save_alloc_info+0x3b/0x50 [ 13.457331] __kasan_kmalloc+0xb7/0xc0 [ 13.457472] __kmalloc_cache_noprof+0x189/0x420 [ 13.457630] kasan_strings+0xc0/0xe80 [ 13.457762] kunit_try_run_case+0x1a5/0x480 [ 13.457906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.458078] kthread+0x337/0x6f0 [ 13.458200] ret_from_fork+0x116/0x1d0 [ 13.458384] ret_from_fork_asm+0x1a/0x30 [ 13.458598] [ 13.458687] Freed by task 276: [ 13.458840] kasan_save_stack+0x45/0x70 [ 13.459025] kasan_save_track+0x18/0x40 [ 13.459208] kasan_save_free_info+0x3f/0x60 [ 13.459423] __kasan_slab_free+0x56/0x70 [ 13.459641] kfree+0x222/0x3f0 [ 13.459801] kasan_strings+0x2aa/0xe80 [ 13.459980] kunit_try_run_case+0x1a5/0x480 [ 13.460186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.460465] kthread+0x337/0x6f0 [ 13.461148] ret_from_fork+0x116/0x1d0 [ 13.461340] ret_from_fork_asm+0x1a/0x30 [ 13.461496] [ 13.461571] The buggy address belongs to the object at ffff888103aaf380 [ 13.461571] which belongs to the cache kmalloc-32 of size 32 [ 13.462093] The buggy address is located 16 bytes inside of [ 13.462093] freed 32-byte region [ffff888103aaf380, ffff888103aaf3a0) [ 13.462527] [ 13.463395] The buggy address belongs to the physical page: [ 13.463883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.464480] flags: 0x200000000000000(node=0|zone=2) [ 13.464791] page_type: f5(slab) [ 13.464962] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.465273] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.465823] page dumped because: kasan: bad access detected [ 13.466135] [ 13.466363] Memory state around the buggy address: [ 13.466822] ffff888103aaf280: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.467324] ffff888103aaf300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.467786] >ffff888103aaf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.468216] ^ [ 13.468407] ffff888103aaf400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.468954] ffff888103aaf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.469462] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.426606] ================================================================== [ 13.427589] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.427865] Read of size 1 at addr ffff888103aaf390 by task kunit_try_catch/276 [ 13.428180] [ 13.428271] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.428318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.428330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.428352] Call Trace: [ 13.428365] <TASK> [ 13.428397] dump_stack_lvl+0x73/0xb0 [ 13.428426] print_report+0xd1/0x650 [ 13.428451] ? __virt_addr_valid+0x1db/0x2d0 [ 13.428476] ? strcmp+0xb0/0xc0 [ 13.428495] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.428518] ? strcmp+0xb0/0xc0 [ 13.428538] kasan_report+0x141/0x180 [ 13.428559] ? strcmp+0xb0/0xc0 [ 13.428584] __asan_report_load1_noabort+0x18/0x20 [ 13.428608] strcmp+0xb0/0xc0 [ 13.428631] kasan_strings+0x431/0xe80 [ 13.428660] ? trace_hardirqs_on+0x37/0xe0 [ 13.428684] ? __pfx_kasan_strings+0x10/0x10 [ 13.428704] ? finish_task_switch.isra.0+0x153/0x700 [ 13.428726] ? __switch_to+0x47/0xf50 [ 13.428753] ? __schedule+0x10cc/0x2b60 [ 13.428775] ? __pfx_read_tsc+0x10/0x10 [ 13.428797] ? ktime_get_ts64+0x86/0x230 [ 13.428820] kunit_try_run_case+0x1a5/0x480 [ 13.428845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.428867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.428890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.428912] ? __kthread_parkme+0x82/0x180 [ 13.428933] ? preempt_count_sub+0x50/0x80 [ 13.428955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.428980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.429002] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.429025] kthread+0x337/0x6f0 [ 13.429044] ? trace_preempt_on+0x20/0xc0 [ 13.429065] ? __pfx_kthread+0x10/0x10 [ 13.429085] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.429105] ? calculate_sigpending+0x7b/0xa0 [ 13.429128] ? __pfx_kthread+0x10/0x10 [ 13.429148] ret_from_fork+0x116/0x1d0 [ 13.429166] ? __pfx_kthread+0x10/0x10 [ 13.429185] ret_from_fork_asm+0x1a/0x30 [ 13.429216] </TASK> [ 13.429227] [ 13.436162] Allocated by task 276: [ 13.436341] kasan_save_stack+0x45/0x70 [ 13.436554] kasan_save_track+0x18/0x40 [ 13.436750] kasan_save_alloc_info+0x3b/0x50 [ 13.436959] __kasan_kmalloc+0xb7/0xc0 [ 13.437147] __kmalloc_cache_noprof+0x189/0x420 [ 13.437327] kasan_strings+0xc0/0xe80 [ 13.437514] kunit_try_run_case+0x1a5/0x480 [ 13.437701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.437875] kthread+0x337/0x6f0 [ 13.437995] ret_from_fork+0x116/0x1d0 [ 13.438164] ret_from_fork_asm+0x1a/0x30 [ 13.438359] [ 13.438462] Freed by task 276: [ 13.438652] kasan_save_stack+0x45/0x70 [ 13.438845] kasan_save_track+0x18/0x40 [ 13.439036] kasan_save_free_info+0x3f/0x60 [ 13.439204] __kasan_slab_free+0x56/0x70 [ 13.439406] kfree+0x222/0x3f0 [ 13.439565] kasan_strings+0x2aa/0xe80 [ 13.439711] kunit_try_run_case+0x1a5/0x480 [ 13.439920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.440137] kthread+0x337/0x6f0 [ 13.440299] ret_from_fork+0x116/0x1d0 [ 13.440461] ret_from_fork_asm+0x1a/0x30 [ 13.440709] [ 13.440793] The buggy address belongs to the object at ffff888103aaf380 [ 13.440793] which belongs to the cache kmalloc-32 of size 32 [ 13.441254] The buggy address is located 16 bytes inside of [ 13.441254] freed 32-byte region [ffff888103aaf380, ffff888103aaf3a0) [ 13.441708] [ 13.441810] The buggy address belongs to the physical page: [ 13.442058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.442419] flags: 0x200000000000000(node=0|zone=2) [ 13.442688] page_type: f5(slab) [ 13.442813] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.443093] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.443440] page dumped because: kasan: bad access detected [ 13.443777] [ 13.443866] Memory state around the buggy address: [ 13.444072] ffff888103aaf280: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.444350] ffff888103aaf300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.444719] >ffff888103aaf380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.444992] ^ [ 13.445159] ffff888103aaf400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.445442] ffff888103aaf480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.445829] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.399233] ================================================================== [ 13.399752] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.400269] Read of size 1 at addr ffff888103aaf298 by task kunit_try_catch/274 [ 13.400569] [ 13.400685] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.400734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.400748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.400770] Call Trace: [ 13.400783] <TASK> [ 13.400803] dump_stack_lvl+0x73/0xb0 [ 13.400835] print_report+0xd1/0x650 [ 13.401041] ? __virt_addr_valid+0x1db/0x2d0 [ 13.401239] ? memcmp+0x1b4/0x1d0 [ 13.401260] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.401283] ? memcmp+0x1b4/0x1d0 [ 13.401301] kasan_report+0x141/0x180 [ 13.401323] ? memcmp+0x1b4/0x1d0 [ 13.401344] __asan_report_load1_noabort+0x18/0x20 [ 13.401368] memcmp+0x1b4/0x1d0 [ 13.401402] kasan_memcmp+0x18f/0x390 [ 13.401422] ? trace_hardirqs_on+0x37/0xe0 [ 13.401447] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.401467] ? finish_task_switch.isra.0+0x153/0x700 [ 13.401492] ? __switch_to+0x47/0xf50 [ 13.401521] ? __pfx_read_tsc+0x10/0x10 [ 13.401543] ? ktime_get_ts64+0x86/0x230 [ 13.401567] kunit_try_run_case+0x1a5/0x480 [ 13.401592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.401614] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.401639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.401661] ? __kthread_parkme+0x82/0x180 [ 13.401683] ? preempt_count_sub+0x50/0x80 [ 13.401705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.401728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.401750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.401773] kthread+0x337/0x6f0 [ 13.401791] ? trace_preempt_on+0x20/0xc0 [ 13.401812] ? __pfx_kthread+0x10/0x10 [ 13.401832] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.401852] ? calculate_sigpending+0x7b/0xa0 [ 13.401875] ? __pfx_kthread+0x10/0x10 [ 13.401895] ret_from_fork+0x116/0x1d0 [ 13.401913] ? __pfx_kthread+0x10/0x10 [ 13.401974] ret_from_fork_asm+0x1a/0x30 [ 13.402006] </TASK> [ 13.402017] [ 13.410108] Allocated by task 274: [ 13.410302] kasan_save_stack+0x45/0x70 [ 13.410520] kasan_save_track+0x18/0x40 [ 13.410704] kasan_save_alloc_info+0x3b/0x50 [ 13.410960] __kasan_kmalloc+0xb7/0xc0 [ 13.411126] __kmalloc_cache_noprof+0x189/0x420 [ 13.411328] kasan_memcmp+0xb7/0x390 [ 13.411521] kunit_try_run_case+0x1a5/0x480 [ 13.411768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.411941] kthread+0x337/0x6f0 [ 13.412061] ret_from_fork+0x116/0x1d0 [ 13.412192] ret_from_fork_asm+0x1a/0x30 [ 13.412398] [ 13.412493] The buggy address belongs to the object at ffff888103aaf280 [ 13.412493] which belongs to the cache kmalloc-32 of size 32 [ 13.413279] The buggy address is located 0 bytes to the right of [ 13.413279] allocated 24-byte region [ffff888103aaf280, ffff888103aaf298) [ 13.414137] [ 13.414217] The buggy address belongs to the physical page: [ 13.414437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.414685] flags: 0x200000000000000(node=0|zone=2) [ 13.414854] page_type: f5(slab) [ 13.415006] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.415349] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.415692] page dumped because: kasan: bad access detected [ 13.416025] [ 13.416389] Memory state around the buggy address: [ 13.416593] ffff888103aaf180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.416905] ffff888103aaf200: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.417158] >ffff888103aaf280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.417369] ^ [ 13.417528] ffff888103aaf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.418130] ffff888103aaf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.418747] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.372367] ================================================================== [ 13.372967] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.373761] Read of size 1 at addr ffff88810395fc4a by task kunit_try_catch/270 [ 13.374331] [ 13.374449] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.374501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.374515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.374538] Call Trace: [ 13.374552] <TASK> [ 13.374571] dump_stack_lvl+0x73/0xb0 [ 13.374603] print_report+0xd1/0x650 [ 13.374627] ? __virt_addr_valid+0x1db/0x2d0 [ 13.374651] ? kasan_alloca_oob_right+0x329/0x390 [ 13.374673] ? kasan_addr_to_slab+0x11/0xa0 [ 13.374693] ? kasan_alloca_oob_right+0x329/0x390 [ 13.374715] kasan_report+0x141/0x180 [ 13.374736] ? kasan_alloca_oob_right+0x329/0x390 [ 13.374765] __asan_report_load1_noabort+0x18/0x20 [ 13.374789] kasan_alloca_oob_right+0x329/0x390 [ 13.374813] ? finish_task_switch.isra.0+0x153/0x700 [ 13.374838] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.374864] ? trace_hardirqs_on+0x37/0xe0 [ 13.374890] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.374915] ? __schedule+0x10cc/0x2b60 [ 13.374950] ? __pfx_read_tsc+0x10/0x10 [ 13.374971] ? ktime_get_ts64+0x86/0x230 [ 13.374996] kunit_try_run_case+0x1a5/0x480 [ 13.375020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.375042] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.375066] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.375089] ? __kthread_parkme+0x82/0x180 [ 13.375110] ? preempt_count_sub+0x50/0x80 [ 13.375133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.375156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.375178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.375201] kthread+0x337/0x6f0 [ 13.375219] ? trace_preempt_on+0x20/0xc0 [ 13.375240] ? __pfx_kthread+0x10/0x10 [ 13.375260] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.375281] ? calculate_sigpending+0x7b/0xa0 [ 13.375304] ? __pfx_kthread+0x10/0x10 [ 13.375324] ret_from_fork+0x116/0x1d0 [ 13.375342] ? __pfx_kthread+0x10/0x10 [ 13.375362] ret_from_fork_asm+0x1a/0x30 [ 13.375403] </TASK> [ 13.375414] [ 13.383513] The buggy address belongs to stack of task kunit_try_catch/270 [ 13.384157] [ 13.384332] The buggy address belongs to the physical page: [ 13.384620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10395f [ 13.384950] flags: 0x200000000000000(node=0|zone=2) [ 13.385153] raw: 0200000000000000 ffffea00040e57c8 ffffea00040e57c8 0000000000000000 [ 13.385486] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.385852] page dumped because: kasan: bad access detected [ 13.386029] [ 13.386098] Memory state around the buggy address: [ 13.386487] ffff88810395fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.387052] ffff88810395fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.387331] >ffff88810395fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.387727] ^ [ 13.388055] ffff88810395fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.388333] ffff88810395fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.388689] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.352831] ================================================================== [ 13.353498] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.353853] Read of size 1 at addr ffff888103b0fc3f by task kunit_try_catch/268 [ 13.354153] [ 13.354271] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.354320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.354333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.354355] Call Trace: [ 13.354368] <TASK> [ 13.354397] dump_stack_lvl+0x73/0xb0 [ 13.354426] print_report+0xd1/0x650 [ 13.354450] ? __virt_addr_valid+0x1db/0x2d0 [ 13.354473] ? kasan_alloca_oob_left+0x320/0x380 [ 13.354494] ? kasan_addr_to_slab+0x11/0xa0 [ 13.354514] ? kasan_alloca_oob_left+0x320/0x380 [ 13.354536] kasan_report+0x141/0x180 [ 13.354557] ? kasan_alloca_oob_left+0x320/0x380 [ 13.354582] __asan_report_load1_noabort+0x18/0x20 [ 13.354607] kasan_alloca_oob_left+0x320/0x380 [ 13.354629] ? finish_task_switch.isra.0+0x153/0x700 [ 13.354653] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.354678] ? trace_hardirqs_on+0x37/0xe0 [ 13.354703] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.354728] ? __schedule+0x10cc/0x2b60 [ 13.354748] ? __pfx_read_tsc+0x10/0x10 [ 13.354770] ? ktime_get_ts64+0x86/0x230 [ 13.354795] kunit_try_run_case+0x1a5/0x480 [ 13.354820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.354841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.354865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.354887] ? __kthread_parkme+0x82/0x180 [ 13.354908] ? preempt_count_sub+0x50/0x80 [ 13.354931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.354953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.354976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.355022] kthread+0x337/0x6f0 [ 13.355041] ? trace_preempt_on+0x20/0xc0 [ 13.355062] ? __pfx_kthread+0x10/0x10 [ 13.355083] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.355104] ? calculate_sigpending+0x7b/0xa0 [ 13.355128] ? __pfx_kthread+0x10/0x10 [ 13.355148] ret_from_fork+0x116/0x1d0 [ 13.355166] ? __pfx_kthread+0x10/0x10 [ 13.355185] ret_from_fork_asm+0x1a/0x30 [ 13.355217] </TASK> [ 13.355229] [ 13.363658] The buggy address belongs to stack of task kunit_try_catch/268 [ 13.363988] [ 13.364059] The buggy address belongs to the physical page: [ 13.364394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b0f [ 13.364704] flags: 0x200000000000000(node=0|zone=2) [ 13.365056] raw: 0200000000000000 ffffea00040ec3c8 ffffea00040ec3c8 0000000000000000 [ 13.365328] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.365735] page dumped because: kasan: bad access detected [ 13.365998] [ 13.366094] Memory state around the buggy address: [ 13.366340] ffff888103b0fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.366573] ffff888103b0fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.366834] >ffff888103b0fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.367469] ^ [ 13.367817] ffff888103b0fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.368249] ffff888103b0fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.368491] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.306107] ================================================================== [ 13.306617] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.307250] Read of size 1 at addr ffffffff8da61e8d by task kunit_try_catch/262 [ 13.307559] [ 13.307763] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.307812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.307824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.307846] Call Trace: [ 13.307860] <TASK> [ 13.307878] dump_stack_lvl+0x73/0xb0 [ 13.307909] print_report+0xd1/0x650 [ 13.307946] ? __virt_addr_valid+0x1db/0x2d0 [ 13.307970] ? kasan_global_oob_right+0x286/0x2d0 [ 13.307991] ? kasan_addr_to_slab+0x11/0xa0 [ 13.308011] ? kasan_global_oob_right+0x286/0x2d0 [ 13.308032] kasan_report+0x141/0x180 [ 13.308053] ? kasan_global_oob_right+0x286/0x2d0 [ 13.308078] __asan_report_load1_noabort+0x18/0x20 [ 13.308102] kasan_global_oob_right+0x286/0x2d0 [ 13.308123] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.308147] ? __schedule+0x10cc/0x2b60 [ 13.308168] ? __pfx_read_tsc+0x10/0x10 [ 13.308190] ? ktime_get_ts64+0x86/0x230 [ 13.308214] kunit_try_run_case+0x1a5/0x480 [ 13.308239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.308261] ? irqentry_exit+0x2a/0x60 [ 13.308285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.308311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.308335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.308357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.308390] kthread+0x337/0x6f0 [ 13.308417] ? trace_preempt_on+0x20/0xc0 [ 13.308440] ? __pfx_kthread+0x10/0x10 [ 13.308460] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.308483] ? calculate_sigpending+0x7b/0xa0 [ 13.308507] ? __pfx_kthread+0x10/0x10 [ 13.308528] ret_from_fork+0x116/0x1d0 [ 13.308547] ? __pfx_kthread+0x10/0x10 [ 13.308566] ret_from_fork_asm+0x1a/0x30 [ 13.308610] </TASK> [ 13.308621] [ 13.318542] The buggy address belongs to the variable: [ 13.318786] global_array+0xd/0x40 [ 13.319296] [ 13.319499] The buggy address belongs to the physical page: [ 13.319986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b061 [ 13.320592] flags: 0x100000000002000(reserved|node=0|zone=1) [ 13.321054] raw: 0100000000002000 ffffea0001ac1848 ffffea0001ac1848 0000000000000000 [ 13.321493] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.321990] page dumped because: kasan: bad access detected [ 13.322240] [ 13.322330] Memory state around the buggy address: [ 13.322546] ffffffff8da61d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.323271] ffffffff8da61e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.323846] >ffffffff8da61e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.324300] ^ [ 13.324484] ffffffff8da61f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.325096] ffffffff8da61f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.325382] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.259198] ================================================================== [ 13.259781] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260159] Free of addr ffff888103aae101 by task kunit_try_catch/258 [ 13.260450] [ 13.260565] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.260610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.260625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.260647] Call Trace: [ 13.260660] <TASK> [ 13.260678] dump_stack_lvl+0x73/0xb0 [ 13.260707] print_report+0xd1/0x650 [ 13.260730] ? __virt_addr_valid+0x1db/0x2d0 [ 13.260756] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.260778] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260804] kasan_report_invalid_free+0x10a/0x130 [ 13.260828] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260855] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260878] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260903] check_slab_allocation+0x11f/0x130 [ 13.260924] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.260948] mempool_free+0x2ec/0x380 [ 13.260973] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.260999] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.261026] ? ret_from_fork+0x116/0x1d0 [ 13.261045] ? kthread+0x337/0x6f0 [ 13.261066] ? ret_from_fork_asm+0x1a/0x30 [ 13.261093] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.261116] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.261143] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.261167] ? __pfx_mempool_kfree+0x10/0x10 [ 13.261192] ? __pfx_read_tsc+0x10/0x10 [ 13.261213] ? ktime_get_ts64+0x86/0x230 [ 13.261237] kunit_try_run_case+0x1a5/0x480 [ 13.261262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.261284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.261309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.261332] ? __kthread_parkme+0x82/0x180 [ 13.261353] ? preempt_count_sub+0x50/0x80 [ 13.261387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.261412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.261435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.261459] kthread+0x337/0x6f0 [ 13.261479] ? trace_preempt_on+0x20/0xc0 [ 13.261505] ? __pfx_kthread+0x10/0x10 [ 13.261526] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.261547] ? calculate_sigpending+0x7b/0xa0 [ 13.261571] ? __pfx_kthread+0x10/0x10 [ 13.261592] ret_from_fork+0x116/0x1d0 [ 13.261611] ? __pfx_kthread+0x10/0x10 [ 13.261631] ret_from_fork_asm+0x1a/0x30 [ 13.261661] </TASK> [ 13.261673] [ 13.271210] Allocated by task 258: [ 13.271349] kasan_save_stack+0x45/0x70 [ 13.271511] kasan_save_track+0x18/0x40 [ 13.271667] kasan_save_alloc_info+0x3b/0x50 [ 13.271876] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.272268] remove_element+0x11e/0x190 [ 13.272496] mempool_alloc_preallocated+0x4d/0x90 [ 13.272679] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.272936] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.273152] kunit_try_run_case+0x1a5/0x480 [ 13.273298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.273537] kthread+0x337/0x6f0 [ 13.273713] ret_from_fork+0x116/0x1d0 [ 13.273916] ret_from_fork_asm+0x1a/0x30 [ 13.274155] [ 13.274247] The buggy address belongs to the object at ffff888103aae100 [ 13.274247] which belongs to the cache kmalloc-128 of size 128 [ 13.274758] The buggy address is located 1 bytes inside of [ 13.274758] 128-byte region [ffff888103aae100, ffff888103aae180) [ 13.275275] [ 13.275383] The buggy address belongs to the physical page: [ 13.275641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aae [ 13.276188] flags: 0x200000000000000(node=0|zone=2) [ 13.276414] page_type: f5(slab) [ 13.276545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.276940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.277167] page dumped because: kasan: bad access detected [ 13.277338] [ 13.277447] Memory state around the buggy address: [ 13.277987] ffff888103aae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.278322] ffff888103aae080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.278747] >ffff888103aae100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.279180] ^ [ 13.279320] ffff888103aae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.279610] ffff888103aae200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.279901] ================================================================== [ 13.283876] ================================================================== [ 13.284337] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.284820] Free of addr ffff888103980001 by task kunit_try_catch/260 [ 13.285119] [ 13.285223] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.285271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.285284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.285306] Call Trace: [ 13.285318] <TASK> [ 13.285338] dump_stack_lvl+0x73/0xb0 [ 13.285368] print_report+0xd1/0x650 [ 13.285404] ? __virt_addr_valid+0x1db/0x2d0 [ 13.285430] ? kasan_addr_to_slab+0x11/0xa0 [ 13.285450] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.285475] kasan_report_invalid_free+0x10a/0x130 [ 13.285499] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.285526] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.285549] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.285584] mempool_free+0x2ec/0x380 [ 13.285607] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.285643] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.285667] ? update_load_avg+0x1be/0x21b0 [ 13.285697] ? finish_task_switch.isra.0+0x153/0x700 [ 13.285723] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.285747] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.285774] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.285797] ? __pfx_mempool_kfree+0x10/0x10 [ 13.285821] ? __pfx_read_tsc+0x10/0x10 [ 13.285844] ? ktime_get_ts64+0x86/0x230 [ 13.285869] kunit_try_run_case+0x1a5/0x480 [ 13.285896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.285918] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.285943] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.285966] ? __kthread_parkme+0x82/0x180 [ 13.285988] ? preempt_count_sub+0x50/0x80 [ 13.286010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.286034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.286056] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.286079] kthread+0x337/0x6f0 [ 13.286098] ? trace_preempt_on+0x20/0xc0 [ 13.286123] ? __pfx_kthread+0x10/0x10 [ 13.286142] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.286162] ? calculate_sigpending+0x7b/0xa0 [ 13.286187] ? __pfx_kthread+0x10/0x10 [ 13.286207] ret_from_fork+0x116/0x1d0 [ 13.286224] ? __pfx_kthread+0x10/0x10 [ 13.286244] ret_from_fork_asm+0x1a/0x30 [ 13.286275] </TASK> [ 13.286287] [ 13.295286] The buggy address belongs to the physical page: [ 13.295588] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 13.295957] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.296299] flags: 0x200000000000040(head|node=0|zone=2) [ 13.296695] page_type: f8(unknown) [ 13.296858] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.297445] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.297819] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.298212] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.298541] head: 0200000000000002 ffffea00040e6001 00000000ffffffff 00000000ffffffff [ 13.298840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.299071] page dumped because: kasan: bad access detected [ 13.299287] [ 13.299391] Memory state around the buggy address: [ 13.299798] ffff88810397ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.300081] ffff88810397ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.300297] >ffff888103980000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.300526] ^ [ 13.300846] ffff888103980080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.301711] ffff888103980100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.302124] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.239534] ================================================================== [ 13.240139] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.240532] Free of addr ffff888103a80000 by task kunit_try_catch/256 [ 13.240814] [ 13.240908] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.240994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.241007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.241029] Call Trace: [ 13.241042] <TASK> [ 13.241059] dump_stack_lvl+0x73/0xb0 [ 13.241089] print_report+0xd1/0x650 [ 13.241111] ? __virt_addr_valid+0x1db/0x2d0 [ 13.241135] ? kasan_addr_to_slab+0x11/0xa0 [ 13.241155] ? mempool_double_free_helper+0x184/0x370 [ 13.241178] kasan_report_invalid_free+0x10a/0x130 [ 13.241201] ? mempool_double_free_helper+0x184/0x370 [ 13.241226] ? mempool_double_free_helper+0x184/0x370 [ 13.241249] __kasan_mempool_poison_pages+0x115/0x130 [ 13.241273] mempool_free+0x290/0x380 [ 13.241296] mempool_double_free_helper+0x184/0x370 [ 13.241319] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.241341] ? update_load_avg+0x1be/0x21b0 [ 13.241367] ? finish_task_switch.isra.0+0x153/0x700 [ 13.241405] mempool_page_alloc_double_free+0xe8/0x140 [ 13.241429] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.241457] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.241475] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.241497] ? __pfx_read_tsc+0x10/0x10 [ 13.241518] ? ktime_get_ts64+0x86/0x230 [ 13.241542] kunit_try_run_case+0x1a5/0x480 [ 13.241566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.241588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.241611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.241634] ? __kthread_parkme+0x82/0x180 [ 13.241655] ? preempt_count_sub+0x50/0x80 [ 13.241677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.241699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.241720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.241742] kthread+0x337/0x6f0 [ 13.241760] ? trace_preempt_on+0x20/0xc0 [ 13.241784] ? __pfx_kthread+0x10/0x10 [ 13.241803] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.241824] ? calculate_sigpending+0x7b/0xa0 [ 13.241846] ? __pfx_kthread+0x10/0x10 [ 13.241867] ret_from_fork+0x116/0x1d0 [ 13.241884] ? __pfx_kthread+0x10/0x10 [ 13.241903] ret_from_fork_asm+0x1a/0x30 [ 13.241944] </TASK> [ 13.241956] [ 13.251308] The buggy address belongs to the physical page: [ 13.251591] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a80 [ 13.251863] flags: 0x200000000000000(node=0|zone=2) [ 13.252046] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.252280] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.252693] page dumped because: kasan: bad access detected [ 13.252940] [ 13.253102] Memory state around the buggy address: [ 13.253255] ffff888103a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.253747] ffff888103a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.254191] >ffff888103a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.254421] ^ [ 13.254541] ffff888103a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.255301] ffff888103a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.255608] ================================================================== [ 13.212186] ================================================================== [ 13.212776] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.213732] Free of addr ffff888103a80000 by task kunit_try_catch/254 [ 13.214185] [ 13.214523] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.214700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.214715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.214738] Call Trace: [ 13.214752] <TASK> [ 13.214771] dump_stack_lvl+0x73/0xb0 [ 13.214805] print_report+0xd1/0x650 [ 13.214828] ? __virt_addr_valid+0x1db/0x2d0 [ 13.214854] ? kasan_addr_to_slab+0x11/0xa0 [ 13.214873] ? mempool_double_free_helper+0x184/0x370 [ 13.214896] kasan_report_invalid_free+0x10a/0x130 [ 13.214972] ? mempool_double_free_helper+0x184/0x370 [ 13.215001] ? mempool_double_free_helper+0x184/0x370 [ 13.215023] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.215046] mempool_free+0x2ec/0x380 [ 13.215070] mempool_double_free_helper+0x184/0x370 [ 13.215093] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.215114] ? update_load_avg+0x1be/0x21b0 [ 13.215142] ? finish_task_switch.isra.0+0x153/0x700 [ 13.215167] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.215191] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.215234] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.215257] ? __pfx_mempool_kfree+0x10/0x10 [ 13.215293] ? __pfx_read_tsc+0x10/0x10 [ 13.215315] ? ktime_get_ts64+0x86/0x230 [ 13.215339] kunit_try_run_case+0x1a5/0x480 [ 13.215383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.215404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.215428] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.215464] ? __kthread_parkme+0x82/0x180 [ 13.215485] ? preempt_count_sub+0x50/0x80 [ 13.215507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.215542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.215566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.215587] kthread+0x337/0x6f0 [ 13.215649] ? trace_preempt_on+0x20/0xc0 [ 13.215683] ? __pfx_kthread+0x10/0x10 [ 13.215703] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.215723] ? calculate_sigpending+0x7b/0xa0 [ 13.215748] ? __pfx_kthread+0x10/0x10 [ 13.215770] ret_from_fork+0x116/0x1d0 [ 13.215790] ? __pfx_kthread+0x10/0x10 [ 13.215810] ret_from_fork_asm+0x1a/0x30 [ 13.215841] </TASK> [ 13.215852] [ 13.229638] The buggy address belongs to the physical page: [ 13.230027] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a80 [ 13.230288] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.230532] flags: 0x200000000000040(head|node=0|zone=2) [ 13.230778] page_type: f8(unknown) [ 13.230982] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.231261] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.231714] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.232282] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.232690] head: 0200000000000002 ffffea00040ea001 00000000ffffffff 00000000ffffffff [ 13.233133] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.233428] page dumped because: kasan: bad access detected [ 13.233680] [ 13.233845] Memory state around the buggy address: [ 13.234130] ffff888103a7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.234429] ffff888103a7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.234794] >ffff888103a80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.235145] ^ [ 13.235302] ffff888103a80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.235666] ffff888103a80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.236216] ================================================================== [ 13.167510] ================================================================== [ 13.168348] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.169057] Free of addr ffff88810258da00 by task kunit_try_catch/252 [ 13.169725] [ 13.169934] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.169983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.170018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.170111] Call Trace: [ 13.170126] <TASK> [ 13.170144] dump_stack_lvl+0x73/0xb0 [ 13.170174] print_report+0xd1/0x650 [ 13.170197] ? __virt_addr_valid+0x1db/0x2d0 [ 13.170221] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.170242] ? mempool_double_free_helper+0x184/0x370 [ 13.170266] kasan_report_invalid_free+0x10a/0x130 [ 13.170289] ? mempool_double_free_helper+0x184/0x370 [ 13.170315] ? mempool_double_free_helper+0x184/0x370 [ 13.170336] ? mempool_double_free_helper+0x184/0x370 [ 13.170358] check_slab_allocation+0x101/0x130 [ 13.170390] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.170413] mempool_free+0x2ec/0x380 [ 13.170436] mempool_double_free_helper+0x184/0x370 [ 13.170459] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.170483] ? kasan_save_track+0x18/0x40 [ 13.170501] ? kasan_save_alloc_info+0x3b/0x50 [ 13.170524] ? kasan_save_stack+0x45/0x70 [ 13.170547] mempool_kmalloc_double_free+0xed/0x140 [ 13.170569] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.170595] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.170617] ? __pfx_mempool_kfree+0x10/0x10 [ 13.170641] ? __pfx_read_tsc+0x10/0x10 [ 13.170661] ? ktime_get_ts64+0x86/0x230 [ 13.170685] kunit_try_run_case+0x1a5/0x480 [ 13.170709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.170730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.170753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.170776] ? __kthread_parkme+0x82/0x180 [ 13.170796] ? preempt_count_sub+0x50/0x80 [ 13.170819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.170842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.170865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.170888] kthread+0x337/0x6f0 [ 13.170906] ? trace_preempt_on+0x20/0xc0 [ 13.170929] ? __pfx_kthread+0x10/0x10 [ 13.170949] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.170969] ? calculate_sigpending+0x7b/0xa0 [ 13.170992] ? __pfx_kthread+0x10/0x10 [ 13.171013] ret_from_fork+0x116/0x1d0 [ 13.171030] ? __pfx_kthread+0x10/0x10 [ 13.171050] ret_from_fork_asm+0x1a/0x30 [ 13.171081] </TASK> [ 13.171093] [ 13.186429] Allocated by task 252: [ 13.187198] kasan_save_stack+0x45/0x70 [ 13.187426] kasan_save_track+0x18/0x40 [ 13.187807] kasan_save_alloc_info+0x3b/0x50 [ 13.188189] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.188617] remove_element+0x11e/0x190 [ 13.188986] mempool_alloc_preallocated+0x4d/0x90 [ 13.189366] mempool_double_free_helper+0x8a/0x370 [ 13.189759] mempool_kmalloc_double_free+0xed/0x140 [ 13.190238] kunit_try_run_case+0x1a5/0x480 [ 13.190465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.190920] kthread+0x337/0x6f0 [ 13.191559] ret_from_fork+0x116/0x1d0 [ 13.191748] ret_from_fork_asm+0x1a/0x30 [ 13.191889] [ 13.192236] Freed by task 252: [ 13.192412] kasan_save_stack+0x45/0x70 [ 13.192901] kasan_save_track+0x18/0x40 [ 13.193138] kasan_save_free_info+0x3f/0x60 [ 13.193299] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.193559] mempool_free+0x2ec/0x380 [ 13.193990] mempool_double_free_helper+0x109/0x370 [ 13.194237] mempool_kmalloc_double_free+0xed/0x140 [ 13.194468] kunit_try_run_case+0x1a5/0x480 [ 13.194673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.195415] kthread+0x337/0x6f0 [ 13.195754] ret_from_fork+0x116/0x1d0 [ 13.196196] ret_from_fork_asm+0x1a/0x30 [ 13.196418] [ 13.196521] The buggy address belongs to the object at ffff88810258da00 [ 13.196521] which belongs to the cache kmalloc-128 of size 128 [ 13.197394] The buggy address is located 0 bytes inside of [ 13.197394] 128-byte region [ffff88810258da00, ffff88810258da80) [ 13.198282] [ 13.198400] The buggy address belongs to the physical page: [ 13.198830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 13.199365] flags: 0x200000000000000(node=0|zone=2) [ 13.199595] page_type: f5(slab) [ 13.200146] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.200453] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.201370] page dumped because: kasan: bad access detected [ 13.201815] [ 13.201914] Memory state around the buggy address: [ 13.202438] ffff88810258d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.202867] ffff88810258d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.203499] >ffff88810258da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.204030] ^ [ 13.204184] ffff88810258da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.204520] ffff88810258db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.205158] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.067672] ================================================================== [ 13.068160] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.068488] Read of size 1 at addr ffff888102bfc000 by task kunit_try_catch/246 [ 13.068793] [ 13.068912] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.068960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.068972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.068995] Call Trace: [ 13.069009] <TASK> [ 13.069026] dump_stack_lvl+0x73/0xb0 [ 13.069054] print_report+0xd1/0x650 [ 13.069077] ? __virt_addr_valid+0x1db/0x2d0 [ 13.069099] ? mempool_uaf_helper+0x392/0x400 [ 13.069120] ? kasan_addr_to_slab+0x11/0xa0 [ 13.069142] ? mempool_uaf_helper+0x392/0x400 [ 13.069163] kasan_report+0x141/0x180 [ 13.069184] ? mempool_uaf_helper+0x392/0x400 [ 13.069210] __asan_report_load1_noabort+0x18/0x20 [ 13.069234] mempool_uaf_helper+0x392/0x400 [ 13.069256] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.069279] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.069300] ? finish_task_switch.isra.0+0x153/0x700 [ 13.069324] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.069346] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.069371] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.070614] ? __pfx_mempool_kfree+0x10/0x10 [ 13.070643] ? __pfx_read_tsc+0x10/0x10 [ 13.070666] ? ktime_get_ts64+0x86/0x230 [ 13.070690] kunit_try_run_case+0x1a5/0x480 [ 13.070716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.070738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.070763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.070786] ? __kthread_parkme+0x82/0x180 [ 13.070806] ? preempt_count_sub+0x50/0x80 [ 13.070828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.070851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.070874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.070897] kthread+0x337/0x6f0 [ 13.070926] ? trace_preempt_on+0x20/0xc0 [ 13.070950] ? __pfx_kthread+0x10/0x10 [ 13.070970] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.070990] ? calculate_sigpending+0x7b/0xa0 [ 13.071013] ? __pfx_kthread+0x10/0x10 [ 13.071033] ret_from_fork+0x116/0x1d0 [ 13.071051] ? __pfx_kthread+0x10/0x10 [ 13.071072] ret_from_fork_asm+0x1a/0x30 [ 13.071103] </TASK> [ 13.071115] [ 13.088023] The buggy address belongs to the physical page: [ 13.088403] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bfc [ 13.088693] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.089451] flags: 0x200000000000040(head|node=0|zone=2) [ 13.090005] page_type: f8(unknown) [ 13.090458] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.091264] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.091710] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.092146] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.092401] head: 0200000000000002 ffffea00040aff01 00000000ffffffff 00000000ffffffff [ 13.092646] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.093110] page dumped because: kasan: bad access detected [ 13.093326] [ 13.093438] Memory state around the buggy address: [ 13.093673] ffff888102bfbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.093997] ffff888102bfbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.094232] >ffff888102bfc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.094514] ^ [ 13.094632] ffff888102bfc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.095092] ffff888102bfc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.095363] ================================================================== [ 13.137894] ================================================================== [ 13.138317] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.138586] Read of size 1 at addr ffff888103980000 by task kunit_try_catch/250 [ 13.139639] [ 13.139843] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.139894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.139907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.139929] Call Trace: [ 13.139942] <TASK> [ 13.139963] dump_stack_lvl+0x73/0xb0 [ 13.139996] print_report+0xd1/0x650 [ 13.140020] ? __virt_addr_valid+0x1db/0x2d0 [ 13.140045] ? mempool_uaf_helper+0x392/0x400 [ 13.140067] ? kasan_addr_to_slab+0x11/0xa0 [ 13.140087] ? mempool_uaf_helper+0x392/0x400 [ 13.140109] kasan_report+0x141/0x180 [ 13.140130] ? mempool_uaf_helper+0x392/0x400 [ 13.140156] __asan_report_load1_noabort+0x18/0x20 [ 13.140180] mempool_uaf_helper+0x392/0x400 [ 13.140202] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.140225] ? __kasan_check_write+0x18/0x20 [ 13.140243] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.140266] ? finish_task_switch.isra.0+0x153/0x700 [ 13.140292] mempool_page_alloc_uaf+0xed/0x140 [ 13.140314] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.140341] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.140362] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.140403] ? __pfx_read_tsc+0x10/0x10 [ 13.140425] ? ktime_get_ts64+0x86/0x230 [ 13.140449] kunit_try_run_case+0x1a5/0x480 [ 13.140476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.140498] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.140522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.140544] ? __kthread_parkme+0x82/0x180 [ 13.140566] ? preempt_count_sub+0x50/0x80 [ 13.140588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.140610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.140632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.140656] kthread+0x337/0x6f0 [ 13.140675] ? trace_preempt_on+0x20/0xc0 [ 13.140698] ? __pfx_kthread+0x10/0x10 [ 13.140718] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.140738] ? calculate_sigpending+0x7b/0xa0 [ 13.140761] ? __pfx_kthread+0x10/0x10 [ 13.140782] ret_from_fork+0x116/0x1d0 [ 13.140799] ? __pfx_kthread+0x10/0x10 [ 13.140818] ret_from_fork_asm+0x1a/0x30 [ 13.140876] </TASK> [ 13.140889] [ 13.156455] The buggy address belongs to the physical page: [ 13.157020] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 13.157274] flags: 0x200000000000000(node=0|zone=2) [ 13.157470] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.157897] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.158673] page dumped because: kasan: bad access detected [ 13.159256] [ 13.159534] Memory state around the buggy address: [ 13.159999] ffff88810397ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.160707] ffff88810397ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.161424] >ffff888103980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.161831] ^ [ 13.162021] ffff888103980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.162670] ffff888103980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.163289] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 13.024233] ================================================================== [ 13.025328] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.026218] Read of size 1 at addr ffff88810258d600 by task kunit_try_catch/244 [ 13.026760] [ 13.027283] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.027337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.027349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.027371] Call Trace: [ 13.027397] <TASK> [ 13.027415] dump_stack_lvl+0x73/0xb0 [ 13.027456] print_report+0xd1/0x650 [ 13.027480] ? __virt_addr_valid+0x1db/0x2d0 [ 13.027503] ? mempool_uaf_helper+0x392/0x400 [ 13.027536] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.027557] ? mempool_uaf_helper+0x392/0x400 [ 13.027580] kasan_report+0x141/0x180 [ 13.027602] ? mempool_uaf_helper+0x392/0x400 [ 13.027628] __asan_report_load1_noabort+0x18/0x20 [ 13.027652] mempool_uaf_helper+0x392/0x400 [ 13.027674] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.027697] ? __kasan_check_write+0x18/0x20 [ 13.027716] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.027739] ? finish_task_switch.isra.0+0x153/0x700 [ 13.027763] mempool_kmalloc_uaf+0xef/0x140 [ 13.027784] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 13.027808] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.027832] ? __pfx_mempool_kfree+0x10/0x10 [ 13.027855] ? __pfx_read_tsc+0x10/0x10 [ 13.027877] ? ktime_get_ts64+0x86/0x230 [ 13.027901] kunit_try_run_case+0x1a5/0x480 [ 13.027928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.027949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.027972] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.027995] ? __kthread_parkme+0x82/0x180 [ 13.028015] ? preempt_count_sub+0x50/0x80 [ 13.028037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.028060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.028081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.028103] kthread+0x337/0x6f0 [ 13.028121] ? trace_preempt_on+0x20/0xc0 [ 13.028143] ? __pfx_kthread+0x10/0x10 [ 13.028163] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.028182] ? calculate_sigpending+0x7b/0xa0 [ 13.028206] ? __pfx_kthread+0x10/0x10 [ 13.028227] ret_from_fork+0x116/0x1d0 [ 13.028245] ? __pfx_kthread+0x10/0x10 [ 13.028264] ret_from_fork_asm+0x1a/0x30 [ 13.028295] </TASK> [ 13.028306] [ 13.043182] Allocated by task 244: [ 13.043553] kasan_save_stack+0x45/0x70 [ 13.043759] kasan_save_track+0x18/0x40 [ 13.044190] kasan_save_alloc_info+0x3b/0x50 [ 13.044717] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.045256] remove_element+0x11e/0x190 [ 13.045692] mempool_alloc_preallocated+0x4d/0x90 [ 13.045849] mempool_uaf_helper+0x96/0x400 [ 13.046141] mempool_kmalloc_uaf+0xef/0x140 [ 13.046450] kunit_try_run_case+0x1a5/0x480 [ 13.046835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.047446] kthread+0x337/0x6f0 [ 13.047815] ret_from_fork+0x116/0x1d0 [ 13.048166] ret_from_fork_asm+0x1a/0x30 [ 13.048539] [ 13.048724] Freed by task 244: [ 13.048835] kasan_save_stack+0x45/0x70 [ 13.049254] kasan_save_track+0x18/0x40 [ 13.049769] kasan_save_free_info+0x3f/0x60 [ 13.049944] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.050531] mempool_free+0x2ec/0x380 [ 13.050923] mempool_uaf_helper+0x11a/0x400 [ 13.051280] mempool_kmalloc_uaf+0xef/0x140 [ 13.051589] kunit_try_run_case+0x1a5/0x480 [ 13.052008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.052614] kthread+0x337/0x6f0 [ 13.052836] ret_from_fork+0x116/0x1d0 [ 13.053278] ret_from_fork_asm+0x1a/0x30 [ 13.053650] [ 13.053824] The buggy address belongs to the object at ffff88810258d600 [ 13.053824] which belongs to the cache kmalloc-128 of size 128 [ 13.054809] The buggy address is located 0 bytes inside of [ 13.054809] freed 128-byte region [ffff88810258d600, ffff88810258d680) [ 13.055855] [ 13.056038] The buggy address belongs to the physical page: [ 13.056539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 13.056980] flags: 0x200000000000000(node=0|zone=2) [ 13.057435] page_type: f5(slab) [ 13.057791] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.058466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.059049] page dumped because: kasan: bad access detected [ 13.059506] [ 13.059694] Memory state around the buggy address: [ 13.060218] ffff88810258d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.060677] ffff88810258d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.061343] >ffff88810258d600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.061986] ^ [ 13.062335] ffff88810258d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.062658] ffff88810258d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.063325] ================================================================== [ 13.103141] ================================================================== [ 13.103658] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.104221] Read of size 1 at addr ffff888103aac240 by task kunit_try_catch/248 [ 13.104524] [ 13.104681] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.104731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.104744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.104767] Call Trace: [ 13.104781] <TASK> [ 13.104800] dump_stack_lvl+0x73/0xb0 [ 13.104833] print_report+0xd1/0x650 [ 13.104856] ? __virt_addr_valid+0x1db/0x2d0 [ 13.104882] ? mempool_uaf_helper+0x392/0x400 [ 13.104904] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.104924] ? mempool_uaf_helper+0x392/0x400 [ 13.104947] kasan_report+0x141/0x180 [ 13.104968] ? mempool_uaf_helper+0x392/0x400 [ 13.105192] __asan_report_load1_noabort+0x18/0x20 [ 13.105223] mempool_uaf_helper+0x392/0x400 [ 13.105247] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.105271] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.105295] ? finish_task_switch.isra.0+0x153/0x700 [ 13.105321] mempool_slab_uaf+0xea/0x140 [ 13.105344] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.105367] ? __kasan_check_write+0x18/0x20 [ 13.105402] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.105424] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.105446] ? __pfx_read_tsc+0x10/0x10 [ 13.105468] ? ktime_get_ts64+0x86/0x230 [ 13.105490] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.105518] kunit_try_run_case+0x1a5/0x480 [ 13.105544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.105568] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.105593] ? __kthread_parkme+0x82/0x180 [ 13.105615] ? preempt_count_sub+0x50/0x80 [ 13.105637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.105660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.105683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.105706] kthread+0x337/0x6f0 [ 13.105724] ? trace_preempt_on+0x20/0xc0 [ 13.105749] ? __pfx_kthread+0x10/0x10 [ 13.105770] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.105792] ? calculate_sigpending+0x7b/0xa0 [ 13.105819] ? __pfx_kthread+0x10/0x10 [ 13.105841] ret_from_fork+0x116/0x1d0 [ 13.105861] ? __pfx_kthread+0x10/0x10 [ 13.105882] ret_from_fork_asm+0x1a/0x30 [ 13.105915] </TASK> [ 13.105969] [ 13.115181] Allocated by task 248: [ 13.115335] kasan_save_stack+0x45/0x70 [ 13.115499] kasan_save_track+0x18/0x40 [ 13.115636] kasan_save_alloc_info+0x3b/0x50 [ 13.115847] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.116397] remove_element+0x11e/0x190 [ 13.116584] mempool_alloc_preallocated+0x4d/0x90 [ 13.116828] mempool_uaf_helper+0x96/0x400 [ 13.117201] mempool_slab_uaf+0xea/0x140 [ 13.117361] kunit_try_run_case+0x1a5/0x480 [ 13.117520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.118015] kthread+0x337/0x6f0 [ 13.118141] ret_from_fork+0x116/0x1d0 [ 13.118273] ret_from_fork_asm+0x1a/0x30 [ 13.118422] [ 13.118521] Freed by task 248: [ 13.118733] kasan_save_stack+0x45/0x70 [ 13.118958] kasan_save_track+0x18/0x40 [ 13.119154] kasan_save_free_info+0x3f/0x60 [ 13.119365] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.119628] mempool_free+0x2ec/0x380 [ 13.119814] mempool_uaf_helper+0x11a/0x400 [ 13.120314] mempool_slab_uaf+0xea/0x140 [ 13.120483] kunit_try_run_case+0x1a5/0x480 [ 13.120632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.120808] kthread+0x337/0x6f0 [ 13.121098] ret_from_fork+0x116/0x1d0 [ 13.121294] ret_from_fork_asm+0x1a/0x30 [ 13.121519] [ 13.121644] The buggy address belongs to the object at ffff888103aac240 [ 13.121644] which belongs to the cache test_cache of size 123 [ 13.122561] The buggy address is located 0 bytes inside of [ 13.122561] freed 123-byte region [ffff888103aac240, ffff888103aac2bb) [ 13.123656] [ 13.123753] The buggy address belongs to the physical page: [ 13.124101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aac [ 13.124468] flags: 0x200000000000000(node=0|zone=2) [ 13.125347] page_type: f5(slab) [ 13.125535] raw: 0200000000000000 ffff888101a2cdc0 dead000000000122 0000000000000000 [ 13.126023] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.126361] page dumped because: kasan: bad access detected [ 13.126801] [ 13.126885] Memory state around the buggy address: [ 13.127356] ffff888103aac100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.127673] ffff888103aac180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.128210] >ffff888103aac200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.128651] ^ [ 13.128884] ffff888103aac280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.129402] ffff888103aac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.129811] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 12.969211] ================================================================== [ 12.970066] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.970436] Read of size 1 at addr ffff888102bfa001 by task kunit_try_catch/240 [ 12.971089] [ 12.971278] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.971327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.971365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.971399] Call Trace: [ 12.971412] <TASK> [ 12.971431] dump_stack_lvl+0x73/0xb0 [ 12.971463] print_report+0xd1/0x650 [ 12.971486] ? __virt_addr_valid+0x1db/0x2d0 [ 12.971512] ? mempool_oob_right_helper+0x318/0x380 [ 12.971534] ? kasan_addr_to_slab+0x11/0xa0 [ 12.971580] ? mempool_oob_right_helper+0x318/0x380 [ 12.971602] kasan_report+0x141/0x180 [ 12.971623] ? mempool_oob_right_helper+0x318/0x380 [ 12.971650] __asan_report_load1_noabort+0x18/0x20 [ 12.971673] mempool_oob_right_helper+0x318/0x380 [ 12.971696] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.971720] ? __kasan_check_write+0x18/0x20 [ 12.971739] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.971760] ? irqentry_exit+0x2a/0x60 [ 12.971783] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.971807] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.971831] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.971857] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.971880] ? __pfx_mempool_kfree+0x10/0x10 [ 12.971904] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.971929] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.971954] kunit_try_run_case+0x1a5/0x480 [ 12.971979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.972000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.972024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.972045] ? __kthread_parkme+0x82/0x180 [ 12.972066] ? preempt_count_sub+0x50/0x80 [ 12.972088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.972111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.972133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.972154] kthread+0x337/0x6f0 [ 12.972173] ? trace_preempt_on+0x20/0xc0 [ 12.972197] ? __pfx_kthread+0x10/0x10 [ 12.972215] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.972235] ? calculate_sigpending+0x7b/0xa0 [ 12.972259] ? __pfx_kthread+0x10/0x10 [ 12.972279] ret_from_fork+0x116/0x1d0 [ 12.972297] ? __pfx_kthread+0x10/0x10 [ 12.972317] ret_from_fork_asm+0x1a/0x30 [ 12.972346] </TASK> [ 12.972358] [ 12.984367] The buggy address belongs to the physical page: [ 12.984704] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bf8 [ 12.985021] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.985444] flags: 0x200000000000040(head|node=0|zone=2) [ 12.985671] page_type: f8(unknown) [ 12.985849] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.986405] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.986776] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.987066] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.987528] head: 0200000000000002 ffffea00040afe01 00000000ffffffff 00000000ffffffff [ 12.987924] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.988183] page dumped because: kasan: bad access detected [ 12.988487] [ 12.988608] Memory state around the buggy address: [ 12.988794] ffff888102bf9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.989201] ffff888102bf9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.989504] >ffff888102bfa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.989874] ^ [ 12.990137] ffff888102bfa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.990419] ffff888102bfa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.990914] ================================================================== [ 12.938439] ================================================================== [ 12.938936] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.939563] Read of size 1 at addr ffff888102ef5d73 by task kunit_try_catch/238 [ 12.939948] [ 12.940051] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.940465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.940483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.940509] Call Trace: [ 12.940524] <TASK> [ 12.940544] dump_stack_lvl+0x73/0xb0 [ 12.940579] print_report+0xd1/0x650 [ 12.940604] ? __virt_addr_valid+0x1db/0x2d0 [ 12.940629] ? mempool_oob_right_helper+0x318/0x380 [ 12.940651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.940672] ? mempool_oob_right_helper+0x318/0x380 [ 12.940694] kasan_report+0x141/0x180 [ 12.940715] ? mempool_oob_right_helper+0x318/0x380 [ 12.940741] __asan_report_load1_noabort+0x18/0x20 [ 12.940766] mempool_oob_right_helper+0x318/0x380 [ 12.940790] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.940813] ? __kasan_check_write+0x18/0x20 [ 12.940832] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.940855] ? finish_task_switch.isra.0+0x153/0x700 [ 12.940880] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.940902] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.940929] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.940952] ? __pfx_mempool_kfree+0x10/0x10 [ 12.940976] ? __pfx_read_tsc+0x10/0x10 [ 12.940998] ? ktime_get_ts64+0x86/0x230 [ 12.941021] kunit_try_run_case+0x1a5/0x480 [ 12.941047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.941068] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.941092] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.941114] ? __kthread_parkme+0x82/0x180 [ 12.941134] ? preempt_count_sub+0x50/0x80 [ 12.941156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.941178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.941201] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.941223] kthread+0x337/0x6f0 [ 12.941242] ? trace_preempt_on+0x20/0xc0 [ 12.941265] ? __pfx_kthread+0x10/0x10 [ 12.941284] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.941304] ? calculate_sigpending+0x7b/0xa0 [ 12.941328] ? __pfx_kthread+0x10/0x10 [ 12.941348] ret_from_fork+0x116/0x1d0 [ 12.941365] ? __pfx_kthread+0x10/0x10 [ 12.941396] ret_from_fork_asm+0x1a/0x30 [ 12.941428] </TASK> [ 12.941439] [ 12.954051] Allocated by task 238: [ 12.954252] kasan_save_stack+0x45/0x70 [ 12.954443] kasan_save_track+0x18/0x40 [ 12.954628] kasan_save_alloc_info+0x3b/0x50 [ 12.955153] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.955428] remove_element+0x11e/0x190 [ 12.955656] mempool_alloc_preallocated+0x4d/0x90 [ 12.956000] mempool_oob_right_helper+0x8a/0x380 [ 12.956366] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.956624] kunit_try_run_case+0x1a5/0x480 [ 12.956812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.957240] kthread+0x337/0x6f0 [ 12.957396] ret_from_fork+0x116/0x1d0 [ 12.957596] ret_from_fork_asm+0x1a/0x30 [ 12.957966] [ 12.958143] The buggy address belongs to the object at ffff888102ef5d00 [ 12.958143] which belongs to the cache kmalloc-128 of size 128 [ 12.958734] The buggy address is located 0 bytes to the right of [ 12.958734] allocated 115-byte region [ffff888102ef5d00, ffff888102ef5d73) [ 12.959315] [ 12.959504] The buggy address belongs to the physical page: [ 12.959904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 12.960554] flags: 0x200000000000000(node=0|zone=2) [ 12.960890] page_type: f5(slab) [ 12.961107] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.961428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.962021] page dumped because: kasan: bad access detected [ 12.962259] [ 12.962335] Memory state around the buggy address: [ 12.962578] ffff888102ef5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.963139] ffff888102ef5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.963521] >ffff888102ef5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.963947] ^ [ 12.964197] ffff888102ef5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.964535] ffff888102ef5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.965015] ================================================================== [ 12.994869] ================================================================== [ 12.995431] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.995761] Read of size 1 at addr ffff888102f112bb by task kunit_try_catch/242 [ 12.996058] [ 12.996193] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.996241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.996253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.996298] Call Trace: [ 12.996311] <TASK> [ 12.996329] dump_stack_lvl+0x73/0xb0 [ 12.996389] print_report+0xd1/0x650 [ 12.996416] ? __virt_addr_valid+0x1db/0x2d0 [ 12.996440] ? mempool_oob_right_helper+0x318/0x380 [ 12.996461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.996482] ? mempool_oob_right_helper+0x318/0x380 [ 12.996505] kasan_report+0x141/0x180 [ 12.996526] ? mempool_oob_right_helper+0x318/0x380 [ 12.996554] __asan_report_load1_noabort+0x18/0x20 [ 12.996577] mempool_oob_right_helper+0x318/0x380 [ 12.996601] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.996622] ? update_load_avg+0x1be/0x21b0 [ 12.996649] ? finish_task_switch.isra.0+0x153/0x700 [ 12.996674] mempool_slab_oob_right+0xed/0x140 [ 12.996720] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.996745] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.996764] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.996785] ? __pfx_read_tsc+0x10/0x10 [ 12.996805] ? ktime_get_ts64+0x86/0x230 [ 12.996829] kunit_try_run_case+0x1a5/0x480 [ 12.996853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.996874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.996916] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.996939] ? __kthread_parkme+0x82/0x180 [ 12.996959] ? preempt_count_sub+0x50/0x80 [ 12.996981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.997003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.997026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.997049] kthread+0x337/0x6f0 [ 12.997068] ? trace_preempt_on+0x20/0xc0 [ 12.997091] ? __pfx_kthread+0x10/0x10 [ 12.997111] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.997132] ? calculate_sigpending+0x7b/0xa0 [ 12.997156] ? __pfx_kthread+0x10/0x10 [ 12.997176] ret_from_fork+0x116/0x1d0 [ 12.997193] ? __pfx_kthread+0x10/0x10 [ 12.997212] ret_from_fork_asm+0x1a/0x30 [ 12.997242] </TASK> [ 12.997253] [ 13.006541] Allocated by task 242: [ 13.006738] kasan_save_stack+0x45/0x70 [ 13.006915] kasan_save_track+0x18/0x40 [ 13.007049] kasan_save_alloc_info+0x3b/0x50 [ 13.007194] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.007552] remove_element+0x11e/0x190 [ 13.007812] mempool_alloc_preallocated+0x4d/0x90 [ 13.008144] mempool_oob_right_helper+0x8a/0x380 [ 13.008339] mempool_slab_oob_right+0xed/0x140 [ 13.008554] kunit_try_run_case+0x1a5/0x480 [ 13.008700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.008995] kthread+0x337/0x6f0 [ 13.009195] ret_from_fork+0x116/0x1d0 [ 13.009407] ret_from_fork_asm+0x1a/0x30 [ 13.009622] [ 13.009741] The buggy address belongs to the object at ffff888102f11240 [ 13.009741] which belongs to the cache test_cache of size 123 [ 13.010296] The buggy address is located 0 bytes to the right of [ 13.010296] allocated 123-byte region [ffff888102f11240, ffff888102f112bb) [ 13.010935] [ 13.011232] The buggy address belongs to the physical page: [ 13.011464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f11 [ 13.011800] flags: 0x200000000000000(node=0|zone=2) [ 13.012005] page_type: f5(slab) [ 13.012125] raw: 0200000000000000 ffff888101a2cc80 dead000000000122 0000000000000000 [ 13.012843] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.013250] page dumped because: kasan: bad access detected [ 13.013443] [ 13.013518] Memory state around the buggy address: [ 13.013692] ffff888102f11180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.014152] ffff888102f11200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.014691] >ffff888102f11280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.014939] ^ [ 13.015447] ffff888102f11300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.015791] ffff888102f11380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.016309] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.355520] ================================================================== [ 12.356053] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.356643] Read of size 1 at addr ffff888101a2ca00 by task kunit_try_catch/232 [ 12.356947] [ 12.357272] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.357322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.357334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.357360] Call Trace: [ 12.357383] <TASK> [ 12.357402] dump_stack_lvl+0x73/0xb0 [ 12.357435] print_report+0xd1/0x650 [ 12.357459] ? __virt_addr_valid+0x1db/0x2d0 [ 12.357483] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.357507] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.357528] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.357553] kasan_report+0x141/0x180 [ 12.357574] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.357600] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.357623] __kasan_check_byte+0x3d/0x50 [ 12.357645] kmem_cache_destroy+0x25/0x1d0 [ 12.357668] kmem_cache_double_destroy+0x1bf/0x380 [ 12.357725] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.357748] ? finish_task_switch.isra.0+0x153/0x700 [ 12.357811] ? __switch_to+0x47/0xf50 [ 12.357841] ? __pfx_read_tsc+0x10/0x10 [ 12.357863] ? ktime_get_ts64+0x86/0x230 [ 12.357887] kunit_try_run_case+0x1a5/0x480 [ 12.357913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.358153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.358182] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.358206] ? __kthread_parkme+0x82/0x180 [ 12.358227] ? preempt_count_sub+0x50/0x80 [ 12.358248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.358272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.358295] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.358318] kthread+0x337/0x6f0 [ 12.358337] ? trace_preempt_on+0x20/0xc0 [ 12.358360] ? __pfx_kthread+0x10/0x10 [ 12.358394] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.358415] ? calculate_sigpending+0x7b/0xa0 [ 12.358451] ? __pfx_kthread+0x10/0x10 [ 12.358472] ret_from_fork+0x116/0x1d0 [ 12.358490] ? __pfx_kthread+0x10/0x10 [ 12.358521] ret_from_fork_asm+0x1a/0x30 [ 12.358551] </TASK> [ 12.358563] [ 12.372133] Allocated by task 232: [ 12.372445] kasan_save_stack+0x45/0x70 [ 12.372711] kasan_save_track+0x18/0x40 [ 12.373184] kasan_save_alloc_info+0x3b/0x50 [ 12.373627] __kasan_slab_alloc+0x91/0xa0 [ 12.373963] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.374537] __kmem_cache_create_args+0x169/0x240 [ 12.374840] kmem_cache_double_destroy+0xd5/0x380 [ 12.375175] kunit_try_run_case+0x1a5/0x480 [ 12.375601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.376077] kthread+0x337/0x6f0 [ 12.376348] ret_from_fork+0x116/0x1d0 [ 12.376505] ret_from_fork_asm+0x1a/0x30 [ 12.376747] [ 12.376923] Freed by task 232: [ 12.377365] kasan_save_stack+0x45/0x70 [ 12.377770] kasan_save_track+0x18/0x40 [ 12.378458] kasan_save_free_info+0x3f/0x60 [ 12.378977] __kasan_slab_free+0x56/0x70 [ 12.379239] kmem_cache_free+0x249/0x420 [ 12.379546] slab_kmem_cache_release+0x2e/0x40 [ 12.379811] kmem_cache_release+0x16/0x20 [ 12.380025] kobject_put+0x181/0x450 [ 12.380447] sysfs_slab_release+0x16/0x20 [ 12.380846] kmem_cache_destroy+0xf0/0x1d0 [ 12.381443] kmem_cache_double_destroy+0x14e/0x380 [ 12.381921] kunit_try_run_case+0x1a5/0x480 [ 12.382828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.383320] kthread+0x337/0x6f0 [ 12.383465] ret_from_fork+0x116/0x1d0 [ 12.383631] ret_from_fork_asm+0x1a/0x30 [ 12.384084] [ 12.384247] The buggy address belongs to the object at ffff888101a2ca00 [ 12.384247] which belongs to the cache kmem_cache of size 208 [ 12.385522] The buggy address is located 0 bytes inside of [ 12.385522] freed 208-byte region [ffff888101a2ca00, ffff888101a2cad0) [ 12.386094] [ 12.386536] The buggy address belongs to the physical page: [ 12.387176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a2c [ 12.387821] flags: 0x200000000000000(node=0|zone=2) [ 12.388191] page_type: f5(slab) [ 12.388526] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.389255] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.389635] page dumped because: kasan: bad access detected [ 12.390429] [ 12.390608] Memory state around the buggy address: [ 12.391118] ffff888101a2c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.391962] ffff888101a2c980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.392383] >ffff888101a2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.392668] ^ [ 12.392961] ffff888101a2ca80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.393895] ffff888101a2cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.394883] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.297239] ================================================================== [ 12.297852] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.298371] Read of size 1 at addr ffff88810259d000 by task kunit_try_catch/230 [ 12.299298] [ 12.299427] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.299477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.299490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.299512] Call Trace: [ 12.299526] <TASK> [ 12.299547] dump_stack_lvl+0x73/0xb0 [ 12.299580] print_report+0xd1/0x650 [ 12.299604] ? __virt_addr_valid+0x1db/0x2d0 [ 12.299628] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.299649] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.299670] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.299691] kasan_report+0x141/0x180 [ 12.299712] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.299738] __asan_report_load1_noabort+0x18/0x20 [ 12.299761] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.299783] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.299803] ? finish_task_switch.isra.0+0x153/0x700 [ 12.299826] ? __switch_to+0x47/0xf50 [ 12.299854] ? __pfx_read_tsc+0x10/0x10 [ 12.299875] ? ktime_get_ts64+0x86/0x230 [ 12.299899] kunit_try_run_case+0x1a5/0x480 [ 12.299924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.299945] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.300207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.300231] ? __kthread_parkme+0x82/0x180 [ 12.300252] ? preempt_count_sub+0x50/0x80 [ 12.300274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.300297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.300319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.300342] kthread+0x337/0x6f0 [ 12.300362] ? trace_preempt_on+0x20/0xc0 [ 12.300615] ? __pfx_kthread+0x10/0x10 [ 12.300637] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.300660] ? calculate_sigpending+0x7b/0xa0 [ 12.300683] ? __pfx_kthread+0x10/0x10 [ 12.300704] ret_from_fork+0x116/0x1d0 [ 12.300722] ? __pfx_kthread+0x10/0x10 [ 12.300742] ret_from_fork_asm+0x1a/0x30 [ 12.300804] </TASK> [ 12.300817] [ 12.309935] Allocated by task 230: [ 12.310182] kasan_save_stack+0x45/0x70 [ 12.310734] kasan_save_track+0x18/0x40 [ 12.311002] kasan_save_alloc_info+0x3b/0x50 [ 12.311270] __kasan_slab_alloc+0x91/0xa0 [ 12.311436] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.311611] kmem_cache_rcu_uaf+0x155/0x510 [ 12.311874] kunit_try_run_case+0x1a5/0x480 [ 12.312083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.312665] kthread+0x337/0x6f0 [ 12.312828] ret_from_fork+0x116/0x1d0 [ 12.313099] ret_from_fork_asm+0x1a/0x30 [ 12.313259] [ 12.313535] Freed by task 0: [ 12.313860] kasan_save_stack+0x45/0x70 [ 12.314005] kasan_save_track+0x18/0x40 [ 12.314225] kasan_save_free_info+0x3f/0x60 [ 12.314489] __kasan_slab_free+0x56/0x70 [ 12.314744] slab_free_after_rcu_debug+0xe4/0x310 [ 12.315089] rcu_core+0x66f/0x1c40 [ 12.315306] rcu_core_si+0x12/0x20 [ 12.315465] handle_softirqs+0x209/0x730 [ 12.315720] __irq_exit_rcu+0xc9/0x110 [ 12.316201] irq_exit_rcu+0x12/0x20 [ 12.316508] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.316860] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.317086] [ 12.317161] Last potentially related work creation: [ 12.317413] kasan_save_stack+0x45/0x70 [ 12.317760] kasan_record_aux_stack+0xb2/0xc0 [ 12.318054] kmem_cache_free+0x131/0x420 [ 12.318242] kmem_cache_rcu_uaf+0x194/0x510 [ 12.318464] kunit_try_run_case+0x1a5/0x480 [ 12.318696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.319045] kthread+0x337/0x6f0 [ 12.319524] ret_from_fork+0x116/0x1d0 [ 12.319688] ret_from_fork_asm+0x1a/0x30 [ 12.319888] [ 12.320665] The buggy address belongs to the object at ffff88810259d000 [ 12.320665] which belongs to the cache test_cache of size 200 [ 12.321336] The buggy address is located 0 bytes inside of [ 12.321336] freed 200-byte region [ffff88810259d000, ffff88810259d0c8) [ 12.322352] [ 12.322605] The buggy address belongs to the physical page: [ 12.323015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10259d [ 12.323503] flags: 0x200000000000000(node=0|zone=2) [ 12.323914] page_type: f5(slab) [ 12.324228] raw: 0200000000000000 ffff888102596280 dead000000000122 0000000000000000 [ 12.324792] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.325242] page dumped because: kasan: bad access detected [ 12.325491] [ 12.325592] Memory state around the buggy address: [ 12.325770] ffff88810259cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.326158] ffff88810259cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.326478] >ffff88810259d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.326801] ^ [ 12.327098] ffff88810259d080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.327432] ffff88810259d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.327742] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.236638] ================================================================== [ 12.237179] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.237633] Free of addr ffff888102f0b001 by task kunit_try_catch/228 [ 12.237927] [ 12.238047] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.238095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.238106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.238128] Call Trace: [ 12.238141] <TASK> [ 12.238160] dump_stack_lvl+0x73/0xb0 [ 12.238192] print_report+0xd1/0x650 [ 12.238214] ? __virt_addr_valid+0x1db/0x2d0 [ 12.238239] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.238259] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.238361] kasan_report_invalid_free+0x10a/0x130 [ 12.238402] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.238427] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.238450] check_slab_allocation+0x11f/0x130 [ 12.238470] __kasan_slab_pre_free+0x28/0x40 [ 12.238489] kmem_cache_free+0xed/0x420 [ 12.238509] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.238528] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.238571] kmem_cache_invalid_free+0x1d8/0x460 [ 12.238595] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.238617] ? finish_task_switch.isra.0+0x153/0x700 [ 12.238641] ? __switch_to+0x47/0xf50 [ 12.238669] ? __pfx_read_tsc+0x10/0x10 [ 12.238690] ? ktime_get_ts64+0x86/0x230 [ 12.238713] kunit_try_run_case+0x1a5/0x480 [ 12.238738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.238782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.238803] ? __kthread_parkme+0x82/0x180 [ 12.238823] ? preempt_count_sub+0x50/0x80 [ 12.238844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.238897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.238977] kthread+0x337/0x6f0 [ 12.238996] ? trace_preempt_on+0x20/0xc0 [ 12.239019] ? __pfx_kthread+0x10/0x10 [ 12.239038] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.239058] ? calculate_sigpending+0x7b/0xa0 [ 12.239082] ? __pfx_kthread+0x10/0x10 [ 12.239102] ret_from_fork+0x116/0x1d0 [ 12.239119] ? __pfx_kthread+0x10/0x10 [ 12.239138] ret_from_fork_asm+0x1a/0x30 [ 12.239167] </TASK> [ 12.239179] [ 12.247601] Allocated by task 228: [ 12.247757] kasan_save_stack+0x45/0x70 [ 12.247909] kasan_save_track+0x18/0x40 [ 12.248231] kasan_save_alloc_info+0x3b/0x50 [ 12.248468] __kasan_slab_alloc+0x91/0xa0 [ 12.248715] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.248994] kmem_cache_invalid_free+0x157/0x460 [ 12.249250] kunit_try_run_case+0x1a5/0x480 [ 12.249433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.249708] kthread+0x337/0x6f0 [ 12.249901] ret_from_fork+0x116/0x1d0 [ 12.250132] ret_from_fork_asm+0x1a/0x30 [ 12.250338] [ 12.250430] The buggy address belongs to the object at ffff888102f0b000 [ 12.250430] which belongs to the cache test_cache of size 200 [ 12.251024] The buggy address is located 1 bytes inside of [ 12.251024] 200-byte region [ffff888102f0b000, ffff888102f0b0c8) [ 12.251511] [ 12.251619] The buggy address belongs to the physical page: [ 12.251899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f0b [ 12.252284] flags: 0x200000000000000(node=0|zone=2) [ 12.252541] page_type: f5(slab) [ 12.252736] raw: 0200000000000000 ffff888101a2c8c0 dead000000000122 0000000000000000 [ 12.253147] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.253467] page dumped because: kasan: bad access detected [ 12.253706] [ 12.253778] Memory state around the buggy address: [ 12.253949] ffff888102f0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.254186] ffff888102f0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.254610] >ffff888102f0b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.254987] ^ [ 12.255154] ffff888102f0b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.255387] ffff888102f0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.255671] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.185840] ================================================================== [ 12.187255] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.187972] Free of addr ffff88810259b000 by task kunit_try_catch/226 [ 12.188313] [ 12.188628] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.188680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.188692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.188714] Call Trace: [ 12.188727] <TASK> [ 12.188746] dump_stack_lvl+0x73/0xb0 [ 12.188778] print_report+0xd1/0x650 [ 12.188801] ? __virt_addr_valid+0x1db/0x2d0 [ 12.188826] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.188846] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189173] kasan_report_invalid_free+0x10a/0x130 [ 12.189202] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189228] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189251] check_slab_allocation+0x101/0x130 [ 12.189272] __kasan_slab_pre_free+0x28/0x40 [ 12.189291] kmem_cache_free+0xed/0x420 [ 12.189312] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.189331] ? kmem_cache_double_free+0x1e5/0x480 [ 12.189357] kmem_cache_double_free+0x1e5/0x480 [ 12.189394] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.189417] ? finish_task_switch.isra.0+0x153/0x700 [ 12.189439] ? __switch_to+0x47/0xf50 [ 12.189469] ? __pfx_read_tsc+0x10/0x10 [ 12.189491] ? ktime_get_ts64+0x86/0x230 [ 12.189514] kunit_try_run_case+0x1a5/0x480 [ 12.189540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.189560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.189584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.189606] ? __kthread_parkme+0x82/0x180 [ 12.189626] ? preempt_count_sub+0x50/0x80 [ 12.189648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.189670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.189691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.189712] kthread+0x337/0x6f0 [ 12.189731] ? trace_preempt_on+0x20/0xc0 [ 12.189753] ? __pfx_kthread+0x10/0x10 [ 12.189773] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.189793] ? calculate_sigpending+0x7b/0xa0 [ 12.189816] ? __pfx_kthread+0x10/0x10 [ 12.189835] ret_from_fork+0x116/0x1d0 [ 12.189852] ? __pfx_kthread+0x10/0x10 [ 12.189871] ret_from_fork_asm+0x1a/0x30 [ 12.189902] </TASK> [ 12.189913] [ 12.206046] Allocated by task 226: [ 12.206503] kasan_save_stack+0x45/0x70 [ 12.206940] kasan_save_track+0x18/0x40 [ 12.207102] kasan_save_alloc_info+0x3b/0x50 [ 12.207247] __kasan_slab_alloc+0x91/0xa0 [ 12.207392] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.207545] kmem_cache_double_free+0x14f/0x480 [ 12.208306] kunit_try_run_case+0x1a5/0x480 [ 12.208773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.209588] kthread+0x337/0x6f0 [ 12.210187] ret_from_fork+0x116/0x1d0 [ 12.210793] ret_from_fork_asm+0x1a/0x30 [ 12.211310] [ 12.211607] Freed by task 226: [ 12.211925] kasan_save_stack+0x45/0x70 [ 12.212430] kasan_save_track+0x18/0x40 [ 12.212765] kasan_save_free_info+0x3f/0x60 [ 12.213314] __kasan_slab_free+0x56/0x70 [ 12.213765] kmem_cache_free+0x249/0x420 [ 12.213913] kmem_cache_double_free+0x16a/0x480 [ 12.214557] kunit_try_run_case+0x1a5/0x480 [ 12.215116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.215499] kthread+0x337/0x6f0 [ 12.215880] ret_from_fork+0x116/0x1d0 [ 12.216451] ret_from_fork_asm+0x1a/0x30 [ 12.216618] [ 12.216941] The buggy address belongs to the object at ffff88810259b000 [ 12.216941] which belongs to the cache test_cache of size 200 [ 12.218136] The buggy address is located 0 bytes inside of [ 12.218136] 200-byte region [ffff88810259b000, ffff88810259b0c8) [ 12.218483] [ 12.218561] The buggy address belongs to the physical page: [ 12.218731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10259b [ 12.219173] flags: 0x200000000000000(node=0|zone=2) [ 12.219921] page_type: f5(slab) [ 12.220634] raw: 0200000000000000 ffff888102596140 dead000000000122 0000000000000000 [ 12.221492] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.222316] page dumped because: kasan: bad access detected [ 12.223072] [ 12.223348] Memory state around the buggy address: [ 12.224303] ffff88810259af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.224840] ffff88810259af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.225457] >ffff88810259b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.226040] ^ [ 12.226469] ffff88810259b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.227121] ffff88810259b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.227342] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.135627] ================================================================== [ 12.137166] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.137970] Read of size 1 at addr ffff8881025990c8 by task kunit_try_catch/224 [ 12.138610] [ 12.138715] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.138766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.138779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.138802] Call Trace: [ 12.138817] <TASK> [ 12.138836] dump_stack_lvl+0x73/0xb0 [ 12.138868] print_report+0xd1/0x650 [ 12.138891] ? __virt_addr_valid+0x1db/0x2d0 [ 12.138914] ? kmem_cache_oob+0x402/0x530 [ 12.138935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.138956] ? kmem_cache_oob+0x402/0x530 [ 12.138977] kasan_report+0x141/0x180 [ 12.138998] ? kmem_cache_oob+0x402/0x530 [ 12.139023] __asan_report_load1_noabort+0x18/0x20 [ 12.139046] kmem_cache_oob+0x402/0x530 [ 12.139066] ? trace_hardirqs_on+0x37/0xe0 [ 12.139090] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.139111] ? finish_task_switch.isra.0+0x153/0x700 [ 12.139133] ? __switch_to+0x47/0xf50 [ 12.139161] ? __pfx_read_tsc+0x10/0x10 [ 12.139182] ? ktime_get_ts64+0x86/0x230 [ 12.139204] kunit_try_run_case+0x1a5/0x480 [ 12.139229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.139250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.139274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.139295] ? __kthread_parkme+0x82/0x180 [ 12.139315] ? preempt_count_sub+0x50/0x80 [ 12.139337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.139359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.139425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.139447] kthread+0x337/0x6f0 [ 12.139465] ? trace_preempt_on+0x20/0xc0 [ 12.139486] ? __pfx_kthread+0x10/0x10 [ 12.139505] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.139524] ? calculate_sigpending+0x7b/0xa0 [ 12.139548] ? __pfx_kthread+0x10/0x10 [ 12.139586] ret_from_fork+0x116/0x1d0 [ 12.139603] ? __pfx_kthread+0x10/0x10 [ 12.139624] ret_from_fork_asm+0x1a/0x30 [ 12.139684] </TASK> [ 12.139695] [ 12.152085] Allocated by task 224: [ 12.152544] kasan_save_stack+0x45/0x70 [ 12.152944] kasan_save_track+0x18/0x40 [ 12.153315] kasan_save_alloc_info+0x3b/0x50 [ 12.153741] __kasan_slab_alloc+0x91/0xa0 [ 12.154174] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.154649] kmem_cache_oob+0x157/0x530 [ 12.155057] kunit_try_run_case+0x1a5/0x480 [ 12.155434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.155975] kthread+0x337/0x6f0 [ 12.156295] ret_from_fork+0x116/0x1d0 [ 12.156682] ret_from_fork_asm+0x1a/0x30 [ 12.157091] [ 12.157266] The buggy address belongs to the object at ffff888102599000 [ 12.157266] which belongs to the cache test_cache of size 200 [ 12.158385] The buggy address is located 0 bytes to the right of [ 12.158385] allocated 200-byte region [ffff888102599000, ffff8881025990c8) [ 12.159550] [ 12.159778] The buggy address belongs to the physical page: [ 12.160385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102599 [ 12.161081] flags: 0x200000000000000(node=0|zone=2) [ 12.161355] page_type: f5(slab) [ 12.161705] raw: 0200000000000000 ffff888102596000 dead000000000122 0000000000000000 [ 12.162354] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.162814] page dumped because: kasan: bad access detected [ 12.163107] [ 12.163264] Memory state around the buggy address: [ 12.163753] ffff888102598f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.164467] ffff888102599000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.165166] >ffff888102599080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.165394] ^ [ 12.165587] ffff888102599100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.166280] ffff888102599180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.166949] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.096000] ================================================================== [ 12.096537] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.096928] Read of size 8 at addr ffff888102f02cc0 by task kunit_try_catch/217 [ 12.097240] [ 12.097399] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.097449] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.097461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.097510] Call Trace: [ 12.097537] <TASK> [ 12.097571] dump_stack_lvl+0x73/0xb0 [ 12.097612] print_report+0xd1/0x650 [ 12.097635] ? __virt_addr_valid+0x1db/0x2d0 [ 12.097670] ? workqueue_uaf+0x4d6/0x560 [ 12.097690] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.097710] ? workqueue_uaf+0x4d6/0x560 [ 12.097730] kasan_report+0x141/0x180 [ 12.097750] ? workqueue_uaf+0x4d6/0x560 [ 12.097775] __asan_report_load8_noabort+0x18/0x20 [ 12.097798] workqueue_uaf+0x4d6/0x560 [ 12.097819] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.097839] ? __schedule+0x10cc/0x2b60 [ 12.097861] ? __pfx_read_tsc+0x10/0x10 [ 12.097882] ? ktime_get_ts64+0x86/0x230 [ 12.097907] kunit_try_run_case+0x1a5/0x480 [ 12.097942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.097962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.097985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.098006] ? __kthread_parkme+0x82/0x180 [ 12.098027] ? preempt_count_sub+0x50/0x80 [ 12.098050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.098072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.098093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.098114] kthread+0x337/0x6f0 [ 12.098133] ? trace_preempt_on+0x20/0xc0 [ 12.098157] ? __pfx_kthread+0x10/0x10 [ 12.098176] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.098196] ? calculate_sigpending+0x7b/0xa0 [ 12.098219] ? __pfx_kthread+0x10/0x10 [ 12.098259] ret_from_fork+0x116/0x1d0 [ 12.098287] ? __pfx_kthread+0x10/0x10 [ 12.098306] ret_from_fork_asm+0x1a/0x30 [ 12.098358] </TASK> [ 12.098369] [ 12.107223] Allocated by task 217: [ 12.107429] kasan_save_stack+0x45/0x70 [ 12.107642] kasan_save_track+0x18/0x40 [ 12.108218] kasan_save_alloc_info+0x3b/0x50 [ 12.108395] __kasan_kmalloc+0xb7/0xc0 [ 12.108529] __kmalloc_cache_noprof+0x189/0x420 [ 12.108686] workqueue_uaf+0x152/0x560 [ 12.108851] kunit_try_run_case+0x1a5/0x480 [ 12.109087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.109367] kthread+0x337/0x6f0 [ 12.109704] ret_from_fork+0x116/0x1d0 [ 12.109979] ret_from_fork_asm+0x1a/0x30 [ 12.110221] [ 12.110318] Freed by task 24: [ 12.110499] kasan_save_stack+0x45/0x70 [ 12.110797] kasan_save_track+0x18/0x40 [ 12.110996] kasan_save_free_info+0x3f/0x60 [ 12.111198] __kasan_slab_free+0x56/0x70 [ 12.111335] kfree+0x222/0x3f0 [ 12.111499] workqueue_uaf_work+0x12/0x20 [ 12.111699] process_one_work+0x5ee/0xf60 [ 12.112134] worker_thread+0x758/0x1220 [ 12.112369] kthread+0x337/0x6f0 [ 12.112551] ret_from_fork+0x116/0x1d0 [ 12.112742] ret_from_fork_asm+0x1a/0x30 [ 12.112993] [ 12.113114] Last potentially related work creation: [ 12.113354] kasan_save_stack+0x45/0x70 [ 12.113511] kasan_record_aux_stack+0xb2/0xc0 [ 12.113660] __queue_work+0x626/0xeb0 [ 12.113967] queue_work_on+0xb6/0xc0 [ 12.114183] workqueue_uaf+0x26d/0x560 [ 12.114382] kunit_try_run_case+0x1a5/0x480 [ 12.114611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.114900] kthread+0x337/0x6f0 [ 12.115020] ret_from_fork+0x116/0x1d0 [ 12.115172] ret_from_fork_asm+0x1a/0x30 [ 12.115448] [ 12.115555] The buggy address belongs to the object at ffff888102f02cc0 [ 12.115555] which belongs to the cache kmalloc-32 of size 32 [ 12.115965] The buggy address is located 0 bytes inside of [ 12.115965] freed 32-byte region [ffff888102f02cc0, ffff888102f02ce0) [ 12.116728] [ 12.116835] The buggy address belongs to the physical page: [ 12.117179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f02 [ 12.117459] flags: 0x200000000000000(node=0|zone=2) [ 12.117821] page_type: f5(slab) [ 12.118075] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.118442] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.118774] page dumped because: kasan: bad access detected [ 12.118989] [ 12.119059] Memory state around the buggy address: [ 12.119213] ffff888102f02b80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.119544] ffff888102f02c00: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 12.119870] >ffff888102f02c80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.120184] ^ [ 12.120583] ffff888102f02d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.121311] ffff888102f02d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.121685] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.055088] ================================================================== [ 12.055670] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.056237] Read of size 4 at addr ffff8881025931c0 by task swapper/0/0 [ 12.056560] [ 12.056780] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.056840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.056853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.056876] Call Trace: [ 12.056908] <IRQ> [ 12.056971] dump_stack_lvl+0x73/0xb0 [ 12.057007] print_report+0xd1/0x650 [ 12.057030] ? __virt_addr_valid+0x1db/0x2d0 [ 12.057054] ? rcu_uaf_reclaim+0x50/0x60 [ 12.057073] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.057093] ? rcu_uaf_reclaim+0x50/0x60 [ 12.057112] kasan_report+0x141/0x180 [ 12.057133] ? rcu_uaf_reclaim+0x50/0x60 [ 12.057157] __asan_report_load4_noabort+0x18/0x20 [ 12.057179] rcu_uaf_reclaim+0x50/0x60 [ 12.057234] rcu_core+0x66f/0x1c40 [ 12.057264] ? __pfx_rcu_core+0x10/0x10 [ 12.057315] ? ktime_get+0x6b/0x150 [ 12.057336] ? handle_softirqs+0x18e/0x730 [ 12.057361] rcu_core_si+0x12/0x20 [ 12.057413] handle_softirqs+0x209/0x730 [ 12.057431] ? hrtimer_interrupt+0x2fe/0x780 [ 12.057452] ? __pfx_handle_softirqs+0x10/0x10 [ 12.057486] __irq_exit_rcu+0xc9/0x110 [ 12.057505] irq_exit_rcu+0x12/0x20 [ 12.057524] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.057548] </IRQ> [ 12.057586] <TASK> [ 12.057612] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.057706] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.057920] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 8a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.058054] RSP: 0000:ffffffff8c607dd8 EFLAGS: 00010212 [ 12.058142] RAX: ffff8881cd674000 RBX: ffffffff8c61cac0 RCX: ffffffff8b4730e5 [ 12.058185] RDX: ffffed102b60618b RSI: 0000000000000004 RDI: 00000000000059ec [ 12.058226] RBP: ffffffff8c607de0 R08: 0000000000000001 R09: ffffed102b60618a [ 12.058266] R10: ffff88815b030c53 R11: 0000000000069800 R12: 0000000000000000 [ 12.058306] R13: fffffbfff18c3958 R14: ffffffff8d1b0690 R15: 0000000000000000 [ 12.058362] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.058430] ? default_idle+0xd/0x20 [ 12.058451] arch_cpu_idle+0xd/0x20 [ 12.058472] default_idle_call+0x48/0x80 [ 12.058493] do_idle+0x379/0x4f0 [ 12.058519] ? __pfx_do_idle+0x10/0x10 [ 12.058539] ? trace_preempt_on+0x20/0xc0 [ 12.058562] ? schedule+0x86/0x2e0 [ 12.058580] ? preempt_count_sub+0x50/0x80 [ 12.058603] cpu_startup_entry+0x5c/0x70 [ 12.058625] rest_init+0x11a/0x140 [ 12.058641] ? acpi_subsystem_init+0x5d/0x150 [ 12.058665] start_kernel+0x330/0x410 [ 12.058688] x86_64_start_reservations+0x1c/0x30 [ 12.058710] x86_64_start_kernel+0x10d/0x120 [ 12.058732] common_startup_64+0x13e/0x148 [ 12.058765] </TASK> [ 12.058778] [ 12.074458] Allocated by task 215: [ 12.074635] kasan_save_stack+0x45/0x70 [ 12.074801] kasan_save_track+0x18/0x40 [ 12.075106] kasan_save_alloc_info+0x3b/0x50 [ 12.075326] __kasan_kmalloc+0xb7/0xc0 [ 12.075479] __kmalloc_cache_noprof+0x189/0x420 [ 12.075843] rcu_uaf+0xb0/0x330 [ 12.076132] kunit_try_run_case+0x1a5/0x480 [ 12.076505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.076856] kthread+0x337/0x6f0 [ 12.077192] ret_from_fork+0x116/0x1d0 [ 12.077475] ret_from_fork_asm+0x1a/0x30 [ 12.077617] [ 12.077687] Freed by task 0: [ 12.077945] kasan_save_stack+0x45/0x70 [ 12.078260] kasan_save_track+0x18/0x40 [ 12.078459] kasan_save_free_info+0x3f/0x60 [ 12.078718] __kasan_slab_free+0x56/0x70 [ 12.078962] kfree+0x222/0x3f0 [ 12.079154] rcu_uaf_reclaim+0x1f/0x60 [ 12.079286] rcu_core+0x66f/0x1c40 [ 12.079515] rcu_core_si+0x12/0x20 [ 12.079740] handle_softirqs+0x209/0x730 [ 12.079964] __irq_exit_rcu+0xc9/0x110 [ 12.080201] irq_exit_rcu+0x12/0x20 [ 12.080410] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.080658] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.080935] [ 12.081210] Last potentially related work creation: [ 12.081434] kasan_save_stack+0x45/0x70 [ 12.081702] kasan_record_aux_stack+0xb2/0xc0 [ 12.082033] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.082255] call_rcu+0x12/0x20 [ 12.082443] rcu_uaf+0x168/0x330 [ 12.082698] kunit_try_run_case+0x1a5/0x480 [ 12.082913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.083222] kthread+0x337/0x6f0 [ 12.083339] ret_from_fork+0x116/0x1d0 [ 12.083692] ret_from_fork_asm+0x1a/0x30 [ 12.084038] [ 12.084299] The buggy address belongs to the object at ffff8881025931c0 [ 12.084299] which belongs to the cache kmalloc-32 of size 32 [ 12.084895] The buggy address is located 0 bytes inside of [ 12.084895] freed 32-byte region [ffff8881025931c0, ffff8881025931e0) [ 12.085477] [ 12.085597] The buggy address belongs to the physical page: [ 12.085806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102593 [ 12.086284] flags: 0x200000000000000(node=0|zone=2) [ 12.086545] page_type: f5(slab) [ 12.086800] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.087194] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.087560] page dumped because: kasan: bad access detected [ 12.087829] [ 12.087981] Memory state around the buggy address: [ 12.088243] ffff888102593080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.088553] ffff888102593100: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 12.088972] >ffff888102593180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.089363] ^ [ 12.089679] ffff888102593200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.090039] ffff888102593280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.090339] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 11.957628] ================================================================== [ 11.958406] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 11.958839] Read of size 1 at addr ffff888102ef5a00 by task kunit_try_catch/213 [ 11.959175] [ 11.959272] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.959319] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.959331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.959352] Call Trace: [ 11.959364] <TASK> [ 11.959394] dump_stack_lvl+0x73/0xb0 [ 11.959425] print_report+0xd1/0x650 [ 11.959448] ? __virt_addr_valid+0x1db/0x2d0 [ 11.959472] ? ksize_uaf+0x19d/0x6c0 [ 11.959491] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.959511] ? ksize_uaf+0x19d/0x6c0 [ 11.959531] kasan_report+0x141/0x180 [ 11.959551] ? ksize_uaf+0x19d/0x6c0 [ 11.959694] ? ksize_uaf+0x19d/0x6c0 [ 11.959717] __kasan_check_byte+0x3d/0x50 [ 11.959738] ksize+0x20/0x60 [ 11.959759] ksize_uaf+0x19d/0x6c0 [ 11.959779] ? __pfx_ksize_uaf+0x10/0x10 [ 11.959799] ? __schedule+0x10cc/0x2b60 [ 11.959821] ? __pfx_read_tsc+0x10/0x10 [ 11.959842] ? ktime_get_ts64+0x86/0x230 [ 11.959866] kunit_try_run_case+0x1a5/0x480 [ 11.959892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.959912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.960010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.960033] ? __kthread_parkme+0x82/0x180 [ 11.960054] ? preempt_count_sub+0x50/0x80 [ 11.960079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.960102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.960125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.960146] kthread+0x337/0x6f0 [ 11.960164] ? trace_preempt_on+0x20/0xc0 [ 11.960187] ? __pfx_kthread+0x10/0x10 [ 11.960206] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.960225] ? calculate_sigpending+0x7b/0xa0 [ 11.960249] ? __pfx_kthread+0x10/0x10 [ 11.960270] ret_from_fork+0x116/0x1d0 [ 11.960289] ? __pfx_kthread+0x10/0x10 [ 11.960308] ret_from_fork_asm+0x1a/0x30 [ 11.960338] </TASK> [ 11.960350] [ 11.971055] Allocated by task 213: [ 11.971367] kasan_save_stack+0x45/0x70 [ 11.971688] kasan_save_track+0x18/0x40 [ 11.971914] kasan_save_alloc_info+0x3b/0x50 [ 11.972364] __kasan_kmalloc+0xb7/0xc0 [ 11.972550] __kmalloc_cache_noprof+0x189/0x420 [ 11.972763] ksize_uaf+0xaa/0x6c0 [ 11.972924] kunit_try_run_case+0x1a5/0x480 [ 11.973117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.973354] kthread+0x337/0x6f0 [ 11.973521] ret_from_fork+0x116/0x1d0 [ 11.974176] ret_from_fork_asm+0x1a/0x30 [ 11.974360] [ 11.974560] Freed by task 213: [ 11.974859] kasan_save_stack+0x45/0x70 [ 11.975184] kasan_save_track+0x18/0x40 [ 11.975583] kasan_save_free_info+0x3f/0x60 [ 11.975891] __kasan_slab_free+0x56/0x70 [ 11.976278] kfree+0x222/0x3f0 [ 11.976551] ksize_uaf+0x12c/0x6c0 [ 11.976850] kunit_try_run_case+0x1a5/0x480 [ 11.977126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.977466] kthread+0x337/0x6f0 [ 11.977683] ret_from_fork+0x116/0x1d0 [ 11.977852] ret_from_fork_asm+0x1a/0x30 [ 11.978294] [ 11.978410] The buggy address belongs to the object at ffff888102ef5a00 [ 11.978410] which belongs to the cache kmalloc-128 of size 128 [ 11.979330] The buggy address is located 0 bytes inside of [ 11.979330] freed 128-byte region [ffff888102ef5a00, ffff888102ef5a80) [ 11.980160] [ 11.980270] The buggy address belongs to the physical page: [ 11.980804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 11.981284] flags: 0x200000000000000(node=0|zone=2) [ 11.981538] page_type: f5(slab) [ 11.981734] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.982397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.982798] page dumped because: kasan: bad access detected [ 11.983277] [ 11.983394] Memory state around the buggy address: [ 11.983859] ffff888102ef5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.984310] ffff888102ef5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.984807] >ffff888102ef5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.985801] ^ [ 11.985970] ffff888102ef5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986547] ffff888102ef5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.987325] ================================================================== [ 11.988506] ================================================================== [ 11.989529] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 11.990210] Read of size 1 at addr ffff888102ef5a00 by task kunit_try_catch/213 [ 11.990749] [ 11.990869] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.990916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.990928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.990947] Call Trace: [ 11.991204] <TASK> [ 11.991229] dump_stack_lvl+0x73/0xb0 [ 11.991263] print_report+0xd1/0x650 [ 11.991286] ? __virt_addr_valid+0x1db/0x2d0 [ 11.991310] ? ksize_uaf+0x5fe/0x6c0 [ 11.991329] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.991350] ? ksize_uaf+0x5fe/0x6c0 [ 11.991369] kasan_report+0x141/0x180 [ 11.991406] ? ksize_uaf+0x5fe/0x6c0 [ 11.991430] __asan_report_load1_noabort+0x18/0x20 [ 11.991453] ksize_uaf+0x5fe/0x6c0 [ 11.991472] ? __pfx_ksize_uaf+0x10/0x10 [ 11.991492] ? __schedule+0x10cc/0x2b60 [ 11.991513] ? __pfx_read_tsc+0x10/0x10 [ 11.991533] ? ktime_get_ts64+0x86/0x230 [ 11.991556] kunit_try_run_case+0x1a5/0x480 [ 11.991580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.991602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.991627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.991648] ? __kthread_parkme+0x82/0x180 [ 11.991669] ? preempt_count_sub+0x50/0x80 [ 11.991691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.991713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.991734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.991755] kthread+0x337/0x6f0 [ 11.991774] ? trace_preempt_on+0x20/0xc0 [ 11.991796] ? __pfx_kthread+0x10/0x10 [ 11.991816] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.991836] ? calculate_sigpending+0x7b/0xa0 [ 11.991858] ? __pfx_kthread+0x10/0x10 [ 11.991877] ret_from_fork+0x116/0x1d0 [ 11.991895] ? __pfx_kthread+0x10/0x10 [ 11.991914] ret_from_fork_asm+0x1a/0x30 [ 11.991943] </TASK> [ 11.991954] [ 12.004313] Allocated by task 213: [ 12.004520] kasan_save_stack+0x45/0x70 [ 12.004928] kasan_save_track+0x18/0x40 [ 12.005363] kasan_save_alloc_info+0x3b/0x50 [ 12.005922] __kasan_kmalloc+0xb7/0xc0 [ 12.006065] __kmalloc_cache_noprof+0x189/0x420 [ 12.006220] ksize_uaf+0xaa/0x6c0 [ 12.006342] kunit_try_run_case+0x1a5/0x480 [ 12.006798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.007343] kthread+0x337/0x6f0 [ 12.007656] ret_from_fork+0x116/0x1d0 [ 12.008043] ret_from_fork_asm+0x1a/0x30 [ 12.008559] [ 12.008731] Freed by task 213: [ 12.009240] kasan_save_stack+0x45/0x70 [ 12.009636] kasan_save_track+0x18/0x40 [ 12.010022] kasan_save_free_info+0x3f/0x60 [ 12.010291] __kasan_slab_free+0x56/0x70 [ 12.010441] kfree+0x222/0x3f0 [ 12.010560] ksize_uaf+0x12c/0x6c0 [ 12.010684] kunit_try_run_case+0x1a5/0x480 [ 12.010827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.010999] kthread+0x337/0x6f0 [ 12.011116] ret_from_fork+0x116/0x1d0 [ 12.011245] ret_from_fork_asm+0x1a/0x30 [ 12.011390] [ 12.011476] The buggy address belongs to the object at ffff888102ef5a00 [ 12.011476] which belongs to the cache kmalloc-128 of size 128 [ 12.012119] The buggy address is located 0 bytes inside of [ 12.012119] freed 128-byte region [ffff888102ef5a00, ffff888102ef5a80) [ 12.012736] [ 12.012814] The buggy address belongs to the physical page: [ 12.012986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 12.013344] flags: 0x200000000000000(node=0|zone=2) [ 12.013866] page_type: f5(slab) [ 12.014042] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.014467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.014773] page dumped because: kasan: bad access detected [ 12.015084] [ 12.015190] Memory state around the buggy address: [ 12.015399] ffff888102ef5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.015712] ffff888102ef5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.016076] >ffff888102ef5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.016288] ^ [ 12.016456] ffff888102ef5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.016786] ffff888102ef5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.017057] ================================================================== [ 12.017897] ================================================================== [ 12.018344] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 12.018780] Read of size 1 at addr ffff888102ef5a78 by task kunit_try_catch/213 [ 12.019189] [ 12.019306] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.019352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.019363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.019406] Call Trace: [ 12.019426] <TASK> [ 12.019445] dump_stack_lvl+0x73/0xb0 [ 12.019488] print_report+0xd1/0x650 [ 12.019512] ? __virt_addr_valid+0x1db/0x2d0 [ 12.019534] ? ksize_uaf+0x5e4/0x6c0 [ 12.019554] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.019587] ? ksize_uaf+0x5e4/0x6c0 [ 12.019606] kasan_report+0x141/0x180 [ 12.019627] ? ksize_uaf+0x5e4/0x6c0 [ 12.019652] __asan_report_load1_noabort+0x18/0x20 [ 12.019675] ksize_uaf+0x5e4/0x6c0 [ 12.019705] ? __pfx_ksize_uaf+0x10/0x10 [ 12.019725] ? __schedule+0x10cc/0x2b60 [ 12.019746] ? __pfx_read_tsc+0x10/0x10 [ 12.019777] ? ktime_get_ts64+0x86/0x230 [ 12.019800] kunit_try_run_case+0x1a5/0x480 [ 12.019824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.019845] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.019867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.019888] ? __kthread_parkme+0x82/0x180 [ 12.019908] ? preempt_count_sub+0x50/0x80 [ 12.019941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.019963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.019984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.020054] kthread+0x337/0x6f0 [ 12.020087] ? trace_preempt_on+0x20/0xc0 [ 12.020111] ? __pfx_kthread+0x10/0x10 [ 12.020132] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.020152] ? calculate_sigpending+0x7b/0xa0 [ 12.020174] ? __pfx_kthread+0x10/0x10 [ 12.020194] ret_from_fork+0x116/0x1d0 [ 12.020212] ? __pfx_kthread+0x10/0x10 [ 12.020231] ret_from_fork_asm+0x1a/0x30 [ 12.020270] </TASK> [ 12.020281] [ 12.029005] Allocated by task 213: [ 12.029195] kasan_save_stack+0x45/0x70 [ 12.029354] kasan_save_track+0x18/0x40 [ 12.029559] kasan_save_alloc_info+0x3b/0x50 [ 12.029799] __kasan_kmalloc+0xb7/0xc0 [ 12.030268] __kmalloc_cache_noprof+0x189/0x420 [ 12.030518] ksize_uaf+0xaa/0x6c0 [ 12.030686] kunit_try_run_case+0x1a5/0x480 [ 12.030878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.031237] kthread+0x337/0x6f0 [ 12.031393] ret_from_fork+0x116/0x1d0 [ 12.031525] ret_from_fork_asm+0x1a/0x30 [ 12.031662] [ 12.031732] Freed by task 213: [ 12.032105] kasan_save_stack+0x45/0x70 [ 12.032301] kasan_save_track+0x18/0x40 [ 12.032504] kasan_save_free_info+0x3f/0x60 [ 12.032712] __kasan_slab_free+0x56/0x70 [ 12.032939] kfree+0x222/0x3f0 [ 12.033070] ksize_uaf+0x12c/0x6c0 [ 12.033303] kunit_try_run_case+0x1a5/0x480 [ 12.033500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.033760] kthread+0x337/0x6f0 [ 12.033879] ret_from_fork+0x116/0x1d0 [ 12.034009] ret_from_fork_asm+0x1a/0x30 [ 12.034202] [ 12.034310] The buggy address belongs to the object at ffff888102ef5a00 [ 12.034310] which belongs to the cache kmalloc-128 of size 128 [ 12.034996] The buggy address is located 120 bytes inside of [ 12.034996] freed 128-byte region [ffff888102ef5a00, ffff888102ef5a80) [ 12.035341] [ 12.035690] The buggy address belongs to the physical page: [ 12.035978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 12.036466] flags: 0x200000000000000(node=0|zone=2) [ 12.036800] page_type: f5(slab) [ 12.037157] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.037416] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.037642] page dumped because: kasan: bad access detected [ 12.038035] [ 12.038152] Memory state around the buggy address: [ 12.038408] ffff888102ef5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.038911] ffff888102ef5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.039321] >ffff888102ef5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.039583] ^ [ 12.040177] ffff888102ef5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.040527] ffff888102ef5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.040797] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 11.932408] ================================================================== [ 11.932732] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.933019] Read of size 1 at addr ffff88810258d37f by task kunit_try_catch/211 [ 11.933246] [ 11.933495] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.933543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.933554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.933583] Call Trace: [ 11.933603] <TASK> [ 11.933623] dump_stack_lvl+0x73/0xb0 [ 11.933654] print_report+0xd1/0x650 [ 11.933678] ? __virt_addr_valid+0x1db/0x2d0 [ 11.933700] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.933721] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.933742] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.933763] kasan_report+0x141/0x180 [ 11.933784] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.933810] __asan_report_load1_noabort+0x18/0x20 [ 11.933833] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.933855] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.933875] ? finish_task_switch.isra.0+0x153/0x700 [ 11.933896] ? __switch_to+0x47/0xf50 [ 11.933921] ? __schedule+0x10cc/0x2b60 [ 11.933992] ? __pfx_read_tsc+0x10/0x10 [ 11.934013] ? ktime_get_ts64+0x86/0x230 [ 11.934036] kunit_try_run_case+0x1a5/0x480 [ 11.934061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.934081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.934105] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.934126] ? __kthread_parkme+0x82/0x180 [ 11.934146] ? preempt_count_sub+0x50/0x80 [ 11.934167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.934189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.934210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.934232] kthread+0x337/0x6f0 [ 11.934251] ? trace_preempt_on+0x20/0xc0 [ 11.934274] ? __pfx_kthread+0x10/0x10 [ 11.934293] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.934313] ? calculate_sigpending+0x7b/0xa0 [ 11.934336] ? __pfx_kthread+0x10/0x10 [ 11.934355] ret_from_fork+0x116/0x1d0 [ 11.934385] ? __pfx_kthread+0x10/0x10 [ 11.934404] ret_from_fork_asm+0x1a/0x30 [ 11.934435] </TASK> [ 11.934445] [ 11.943210] Allocated by task 211: [ 11.943396] kasan_save_stack+0x45/0x70 [ 11.943561] kasan_save_track+0x18/0x40 [ 11.943756] kasan_save_alloc_info+0x3b/0x50 [ 11.943965] __kasan_kmalloc+0xb7/0xc0 [ 11.944261] __kmalloc_cache_noprof+0x189/0x420 [ 11.944445] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.944604] kunit_try_run_case+0x1a5/0x480 [ 11.944819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.945122] kthread+0x337/0x6f0 [ 11.945368] ret_from_fork+0x116/0x1d0 [ 11.945737] ret_from_fork_asm+0x1a/0x30 [ 11.945926] [ 11.946014] The buggy address belongs to the object at ffff88810258d300 [ 11.946014] which belongs to the cache kmalloc-128 of size 128 [ 11.946539] The buggy address is located 12 bytes to the right of [ 11.946539] allocated 115-byte region [ffff88810258d300, ffff88810258d373) [ 11.947062] [ 11.947207] The buggy address belongs to the physical page: [ 11.947463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.947788] flags: 0x200000000000000(node=0|zone=2) [ 11.948045] page_type: f5(slab) [ 11.948215] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.948463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.948690] page dumped because: kasan: bad access detected [ 11.948860] [ 11.948928] Memory state around the buggy address: [ 11.949172] ffff88810258d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.949507] ffff88810258d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.949948] >ffff88810258d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.950257] ^ [ 11.951107] ffff88810258d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.951386] ffff88810258d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.951652] ================================================================== [ 11.912205] ================================================================== [ 11.913162] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.913867] Read of size 1 at addr ffff88810258d378 by task kunit_try_catch/211 [ 11.914474] [ 11.914572] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.914618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.914629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.914649] Call Trace: [ 11.914670] <TASK> [ 11.914692] dump_stack_lvl+0x73/0xb0 [ 11.914725] print_report+0xd1/0x650 [ 11.914749] ? __virt_addr_valid+0x1db/0x2d0 [ 11.914772] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.914794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.914814] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.914836] kasan_report+0x141/0x180 [ 11.914857] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.914883] __asan_report_load1_noabort+0x18/0x20 [ 11.914906] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.914928] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.914949] ? finish_task_switch.isra.0+0x153/0x700 [ 11.914971] ? __switch_to+0x47/0xf50 [ 11.914996] ? __schedule+0x10cc/0x2b60 [ 11.915018] ? __pfx_read_tsc+0x10/0x10 [ 11.915038] ? ktime_get_ts64+0x86/0x230 [ 11.915061] kunit_try_run_case+0x1a5/0x480 [ 11.915086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.915106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.915129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.915150] ? __kthread_parkme+0x82/0x180 [ 11.915170] ? preempt_count_sub+0x50/0x80 [ 11.915191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.915213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.915236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.915257] kthread+0x337/0x6f0 [ 11.915276] ? trace_preempt_on+0x20/0xc0 [ 11.915299] ? __pfx_kthread+0x10/0x10 [ 11.915318] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.915338] ? calculate_sigpending+0x7b/0xa0 [ 11.915361] ? __pfx_kthread+0x10/0x10 [ 11.915391] ret_from_fork+0x116/0x1d0 [ 11.915409] ? __pfx_kthread+0x10/0x10 [ 11.915428] ret_from_fork_asm+0x1a/0x30 [ 11.915458] </TASK> [ 11.915469] [ 11.922855] Allocated by task 211: [ 11.923475] kasan_save_stack+0x45/0x70 [ 11.923694] kasan_save_track+0x18/0x40 [ 11.923897] kasan_save_alloc_info+0x3b/0x50 [ 11.924176] __kasan_kmalloc+0xb7/0xc0 [ 11.924349] __kmalloc_cache_noprof+0x189/0x420 [ 11.924593] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.924757] kunit_try_run_case+0x1a5/0x480 [ 11.924904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.925076] kthread+0x337/0x6f0 [ 11.925245] ret_from_fork+0x116/0x1d0 [ 11.925445] ret_from_fork_asm+0x1a/0x30 [ 11.925643] [ 11.925871] The buggy address belongs to the object at ffff88810258d300 [ 11.925871] which belongs to the cache kmalloc-128 of size 128 [ 11.926636] The buggy address is located 5 bytes to the right of [ 11.926636] allocated 115-byte region [ffff88810258d300, ffff88810258d373) [ 11.927038] [ 11.927141] The buggy address belongs to the physical page: [ 11.927416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.927776] flags: 0x200000000000000(node=0|zone=2) [ 11.928040] page_type: f5(slab) [ 11.928294] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.928535] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.929264] page dumped because: kasan: bad access detected [ 11.929547] [ 11.929725] Memory state around the buggy address: [ 11.929958] ffff88810258d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.930189] ffff88810258d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.930416] >ffff88810258d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.930787] ^ [ 11.931108] ffff88810258d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.931453] ffff88810258d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.931836] ================================================================== [ 11.882173] ================================================================== [ 11.882693] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.883201] Read of size 1 at addr ffff88810258d373 by task kunit_try_catch/211 [ 11.883509] [ 11.883805] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.883855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.883890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.883912] Call Trace: [ 11.883968] <TASK> [ 11.883989] dump_stack_lvl+0x73/0xb0 [ 11.884023] print_report+0xd1/0x650 [ 11.884046] ? __virt_addr_valid+0x1db/0x2d0 [ 11.884070] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.884113] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.884135] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.884156] kasan_report+0x141/0x180 [ 11.884177] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.884203] __asan_report_load1_noabort+0x18/0x20 [ 11.884227] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.884249] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.884288] ? finish_task_switch.isra.0+0x153/0x700 [ 11.884314] ? __switch_to+0x47/0xf50 [ 11.884342] ? __schedule+0x10cc/0x2b60 [ 11.884365] ? __pfx_read_tsc+0x10/0x10 [ 11.884403] ? ktime_get_ts64+0x86/0x230 [ 11.884427] kunit_try_run_case+0x1a5/0x480 [ 11.884451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.884472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.884497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.884518] ? __kthread_parkme+0x82/0x180 [ 11.884557] ? preempt_count_sub+0x50/0x80 [ 11.884580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.884617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.884638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.884660] kthread+0x337/0x6f0 [ 11.884678] ? trace_preempt_on+0x20/0xc0 [ 11.884701] ? __pfx_kthread+0x10/0x10 [ 11.884722] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.884741] ? calculate_sigpending+0x7b/0xa0 [ 11.884765] ? __pfx_kthread+0x10/0x10 [ 11.884785] ret_from_fork+0x116/0x1d0 [ 11.884802] ? __pfx_kthread+0x10/0x10 [ 11.884820] ret_from_fork_asm+0x1a/0x30 [ 11.884851] </TASK> [ 11.884861] [ 11.897280] Allocated by task 211: [ 11.897669] kasan_save_stack+0x45/0x70 [ 11.897940] kasan_save_track+0x18/0x40 [ 11.898113] kasan_save_alloc_info+0x3b/0x50 [ 11.898895] __kasan_kmalloc+0xb7/0xc0 [ 11.899337] __kmalloc_cache_noprof+0x189/0x420 [ 11.899788] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.900176] kunit_try_run_case+0x1a5/0x480 [ 11.900465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.900725] kthread+0x337/0x6f0 [ 11.901046] ret_from_fork+0x116/0x1d0 [ 11.901467] ret_from_fork_asm+0x1a/0x30 [ 11.901841] [ 11.902039] The buggy address belongs to the object at ffff88810258d300 [ 11.902039] which belongs to the cache kmalloc-128 of size 128 [ 11.902490] The buggy address is located 0 bytes to the right of [ 11.902490] allocated 115-byte region [ffff88810258d300, ffff88810258d373) [ 11.903626] [ 11.903811] The buggy address belongs to the physical page: [ 11.904365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.905147] flags: 0x200000000000000(node=0|zone=2) [ 11.905617] page_type: f5(slab) [ 11.905915] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.906625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.906878] page dumped because: kasan: bad access detected [ 11.907355] [ 11.907541] Memory state around the buggy address: [ 11.908009] ffff88810258d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.909097] ffff88810258d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.909602] >ffff88810258d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.910141] ^ [ 11.910354] ffff88810258d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.910589] ffff88810258d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.911257] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.851524] ================================================================== [ 11.851930] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.852258] Free of addr ffff88810228a880 by task kunit_try_catch/209 [ 11.852562] [ 11.852727] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.852771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.852783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.852803] Call Trace: [ 11.852817] <TASK> [ 11.852835] dump_stack_lvl+0x73/0xb0 [ 11.852864] print_report+0xd1/0x650 [ 11.852909] ? __virt_addr_valid+0x1db/0x2d0 [ 11.852932] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.852953] ? kfree_sensitive+0x2e/0x90 [ 11.852987] kasan_report_invalid_free+0x10a/0x130 [ 11.853024] ? kfree_sensitive+0x2e/0x90 [ 11.853058] ? kfree_sensitive+0x2e/0x90 [ 11.853124] check_slab_allocation+0x101/0x130 [ 11.853148] __kasan_slab_pre_free+0x28/0x40 [ 11.853167] kfree+0xf0/0x3f0 [ 11.853188] ? kfree_sensitive+0x2e/0x90 [ 11.853209] kfree_sensitive+0x2e/0x90 [ 11.853228] kmalloc_double_kzfree+0x19c/0x350 [ 11.853250] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.853272] ? __schedule+0x10cc/0x2b60 [ 11.853294] ? __pfx_read_tsc+0x10/0x10 [ 11.853314] ? ktime_get_ts64+0x86/0x230 [ 11.853337] kunit_try_run_case+0x1a5/0x480 [ 11.853360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.853394] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.853439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.853460] ? __kthread_parkme+0x82/0x180 [ 11.853494] ? preempt_count_sub+0x50/0x80 [ 11.853517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.853540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.853562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.853584] kthread+0x337/0x6f0 [ 11.853602] ? trace_preempt_on+0x20/0xc0 [ 11.853624] ? __pfx_kthread+0x10/0x10 [ 11.853643] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.853663] ? calculate_sigpending+0x7b/0xa0 [ 11.853685] ? __pfx_kthread+0x10/0x10 [ 11.853705] ret_from_fork+0x116/0x1d0 [ 11.853722] ? __pfx_kthread+0x10/0x10 [ 11.853741] ret_from_fork_asm+0x1a/0x30 [ 11.853771] </TASK> [ 11.853782] [ 11.863421] Allocated by task 209: [ 11.863658] kasan_save_stack+0x45/0x70 [ 11.863996] kasan_save_track+0x18/0x40 [ 11.864209] kasan_save_alloc_info+0x3b/0x50 [ 11.864426] __kasan_kmalloc+0xb7/0xc0 [ 11.864634] __kmalloc_cache_noprof+0x189/0x420 [ 11.864861] kmalloc_double_kzfree+0xa9/0x350 [ 11.865078] kunit_try_run_case+0x1a5/0x480 [ 11.865286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.865508] kthread+0x337/0x6f0 [ 11.865632] ret_from_fork+0x116/0x1d0 [ 11.865764] ret_from_fork_asm+0x1a/0x30 [ 11.866326] [ 11.866459] Freed by task 209: [ 11.866693] kasan_save_stack+0x45/0x70 [ 11.866890] kasan_save_track+0x18/0x40 [ 11.867175] kasan_save_free_info+0x3f/0x60 [ 11.867329] __kasan_slab_free+0x56/0x70 [ 11.867511] kfree+0x222/0x3f0 [ 11.867719] kfree_sensitive+0x67/0x90 [ 11.867911] kmalloc_double_kzfree+0x12b/0x350 [ 11.868171] kunit_try_run_case+0x1a5/0x480 [ 11.868494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.868821] kthread+0x337/0x6f0 [ 11.868946] ret_from_fork+0x116/0x1d0 [ 11.869097] ret_from_fork_asm+0x1a/0x30 [ 11.869322] [ 11.869434] The buggy address belongs to the object at ffff88810228a880 [ 11.869434] which belongs to the cache kmalloc-16 of size 16 [ 11.870168] The buggy address is located 0 bytes inside of [ 11.870168] 16-byte region [ffff88810228a880, ffff88810228a890) [ 11.870769] [ 11.870904] The buggy address belongs to the physical page: [ 11.871181] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10228a [ 11.871706] flags: 0x200000000000000(node=0|zone=2) [ 11.871989] page_type: f5(slab) [ 11.872167] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.872594] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.872887] page dumped because: kasan: bad access detected [ 11.873058] [ 11.873191] Memory state around the buggy address: [ 11.873672] ffff88810228a780: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.874265] ffff88810228a800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.874664] >ffff88810228a880: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.875002] ^ [ 11.875301] ffff88810228a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.875714] ffff88810228a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.876023] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.820831] ================================================================== [ 11.822207] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.823270] Read of size 1 at addr ffff88810228a880 by task kunit_try_catch/209 [ 11.823652] [ 11.823752] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.823803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.823815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.823836] Call Trace: [ 11.823850] <TASK> [ 11.823869] dump_stack_lvl+0x73/0xb0 [ 11.823903] print_report+0xd1/0x650 [ 11.823926] ? __virt_addr_valid+0x1db/0x2d0 [ 11.823949] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.823971] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.823991] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.824014] kasan_report+0x141/0x180 [ 11.824035] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.824060] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.824081] __kasan_check_byte+0x3d/0x50 [ 11.824102] kfree_sensitive+0x22/0x90 [ 11.824124] kmalloc_double_kzfree+0x19c/0x350 [ 11.824145] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.824167] ? __schedule+0x10cc/0x2b60 [ 11.824189] ? __pfx_read_tsc+0x10/0x10 [ 11.824209] ? ktime_get_ts64+0x86/0x230 [ 11.824233] kunit_try_run_case+0x1a5/0x480 [ 11.824257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.824278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.824302] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.824323] ? __kthread_parkme+0x82/0x180 [ 11.824343] ? preempt_count_sub+0x50/0x80 [ 11.824367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.824406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.824428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.824449] kthread+0x337/0x6f0 [ 11.824468] ? trace_preempt_on+0x20/0xc0 [ 11.824490] ? __pfx_kthread+0x10/0x10 [ 11.824509] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.824528] ? calculate_sigpending+0x7b/0xa0 [ 11.824551] ? __pfx_kthread+0x10/0x10 [ 11.824571] ret_from_fork+0x116/0x1d0 [ 11.824588] ? __pfx_kthread+0x10/0x10 [ 11.824608] ret_from_fork_asm+0x1a/0x30 [ 11.824638] </TASK> [ 11.824650] [ 11.837641] Allocated by task 209: [ 11.838247] kasan_save_stack+0x45/0x70 [ 11.838575] kasan_save_track+0x18/0x40 [ 11.838932] kasan_save_alloc_info+0x3b/0x50 [ 11.839260] __kasan_kmalloc+0xb7/0xc0 [ 11.839431] __kmalloc_cache_noprof+0x189/0x420 [ 11.839727] kmalloc_double_kzfree+0xa9/0x350 [ 11.839992] kunit_try_run_case+0x1a5/0x480 [ 11.840171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.840411] kthread+0x337/0x6f0 [ 11.840547] ret_from_fork+0x116/0x1d0 [ 11.840812] ret_from_fork_asm+0x1a/0x30 [ 11.841024] [ 11.841155] Freed by task 209: [ 11.841332] kasan_save_stack+0x45/0x70 [ 11.841540] kasan_save_track+0x18/0x40 [ 11.841725] kasan_save_free_info+0x3f/0x60 [ 11.841951] __kasan_slab_free+0x56/0x70 [ 11.842422] kfree+0x222/0x3f0 [ 11.842604] kfree_sensitive+0x67/0x90 [ 11.842776] kmalloc_double_kzfree+0x12b/0x350 [ 11.842973] kunit_try_run_case+0x1a5/0x480 [ 11.843301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.843610] kthread+0x337/0x6f0 [ 11.843765] ret_from_fork+0x116/0x1d0 [ 11.843899] ret_from_fork_asm+0x1a/0x30 [ 11.844177] [ 11.844301] The buggy address belongs to the object at ffff88810228a880 [ 11.844301] which belongs to the cache kmalloc-16 of size 16 [ 11.844775] The buggy address is located 0 bytes inside of [ 11.844775] freed 16-byte region [ffff88810228a880, ffff88810228a890) [ 11.845527] [ 11.845649] The buggy address belongs to the physical page: [ 11.845907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10228a [ 11.846465] flags: 0x200000000000000(node=0|zone=2) [ 11.846826] page_type: f5(slab) [ 11.847000] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.847443] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.847950] page dumped because: kasan: bad access detected [ 11.848145] [ 11.848241] Memory state around the buggy address: [ 11.848489] ffff88810228a780: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.848958] ffff88810228a800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.849185] >ffff88810228a880: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.849482] ^ [ 11.849668] ffff88810228a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.850267] ffff88810228a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.850552] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.792470] ================================================================== [ 11.793272] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.793620] Read of size 1 at addr ffff888102f040a8 by task kunit_try_catch/205 [ 11.793900] [ 11.794016] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.794065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.794077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.794100] Call Trace: [ 11.794114] <TASK> [ 11.794136] dump_stack_lvl+0x73/0xb0 [ 11.794231] print_report+0xd1/0x650 [ 11.794258] ? __virt_addr_valid+0x1db/0x2d0 [ 11.794283] ? kmalloc_uaf2+0x4a8/0x520 [ 11.794301] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.794322] ? kmalloc_uaf2+0x4a8/0x520 [ 11.794341] kasan_report+0x141/0x180 [ 11.794361] ? kmalloc_uaf2+0x4a8/0x520 [ 11.794397] __asan_report_load1_noabort+0x18/0x20 [ 11.794420] kmalloc_uaf2+0x4a8/0x520 [ 11.794440] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.794459] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.794488] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.794511] kunit_try_run_case+0x1a5/0x480 [ 11.794536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.794556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.794579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.794601] ? __kthread_parkme+0x82/0x180 [ 11.794622] ? preempt_count_sub+0x50/0x80 [ 11.794646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.794668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.794689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.794710] kthread+0x337/0x6f0 [ 11.794729] ? trace_preempt_on+0x20/0xc0 [ 11.794752] ? __pfx_kthread+0x10/0x10 [ 11.794771] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.794790] ? calculate_sigpending+0x7b/0xa0 [ 11.794814] ? __pfx_kthread+0x10/0x10 [ 11.794834] ret_from_fork+0x116/0x1d0 [ 11.794852] ? __pfx_kthread+0x10/0x10 [ 11.794871] ret_from_fork_asm+0x1a/0x30 [ 11.794901] </TASK> [ 11.794913] [ 11.802549] Allocated by task 205: [ 11.802717] kasan_save_stack+0x45/0x70 [ 11.803128] kasan_save_track+0x18/0x40 [ 11.803291] kasan_save_alloc_info+0x3b/0x50 [ 11.803454] __kasan_kmalloc+0xb7/0xc0 [ 11.803657] __kmalloc_cache_noprof+0x189/0x420 [ 11.803881] kmalloc_uaf2+0xc6/0x520 [ 11.804263] kunit_try_run_case+0x1a5/0x480 [ 11.804466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.804693] kthread+0x337/0x6f0 [ 11.804818] ret_from_fork+0x116/0x1d0 [ 11.804964] ret_from_fork_asm+0x1a/0x30 [ 11.805163] [ 11.805263] Freed by task 205: [ 11.805432] kasan_save_stack+0x45/0x70 [ 11.805679] kasan_save_track+0x18/0x40 [ 11.805838] kasan_save_free_info+0x3f/0x60 [ 11.805982] __kasan_slab_free+0x56/0x70 [ 11.806118] kfree+0x222/0x3f0 [ 11.806233] kmalloc_uaf2+0x14c/0x520 [ 11.806465] kunit_try_run_case+0x1a5/0x480 [ 11.806671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.806919] kthread+0x337/0x6f0 [ 11.807089] ret_from_fork+0x116/0x1d0 [ 11.807616] ret_from_fork_asm+0x1a/0x30 [ 11.807845] [ 11.807992] The buggy address belongs to the object at ffff888102f04080 [ 11.807992] which belongs to the cache kmalloc-64 of size 64 [ 11.808481] The buggy address is located 40 bytes inside of [ 11.808481] freed 64-byte region [ffff888102f04080, ffff888102f040c0) [ 11.808900] [ 11.808976] The buggy address belongs to the physical page: [ 11.809216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f04 [ 11.809588] flags: 0x200000000000000(node=0|zone=2) [ 11.809931] page_type: f5(slab) [ 11.810132] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.810410] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.810738] page dumped because: kasan: bad access detected [ 11.811188] [ 11.811285] Memory state around the buggy address: [ 11.811504] ffff888102f03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.811740] ffff888102f04000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.812063] >ffff888102f04080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.812348] ^ [ 11.813056] ffff888102f04100: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.813289] ffff888102f04180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.814335] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.767236] ================================================================== [ 11.767680] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.768210] Write of size 33 at addr ffff888102590400 by task kunit_try_catch/203 [ 11.768529] [ 11.768671] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.768718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.768730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.768752] Call Trace: [ 11.768766] <TASK> [ 11.768783] dump_stack_lvl+0x73/0xb0 [ 11.768815] print_report+0xd1/0x650 [ 11.768839] ? __virt_addr_valid+0x1db/0x2d0 [ 11.768861] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.768881] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.768901] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.768921] kasan_report+0x141/0x180 [ 11.768942] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.768966] kasan_check_range+0x10c/0x1c0 [ 11.768988] __asan_memset+0x27/0x50 [ 11.769007] kmalloc_uaf_memset+0x1a3/0x360 [ 11.769027] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.769048] ? __schedule+0x10cc/0x2b60 [ 11.769070] ? __pfx_read_tsc+0x10/0x10 [ 11.769092] ? ktime_get_ts64+0x86/0x230 [ 11.769115] kunit_try_run_case+0x1a5/0x480 [ 11.769139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.769160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.769183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.769204] ? __kthread_parkme+0x82/0x180 [ 11.769225] ? preempt_count_sub+0x50/0x80 [ 11.769248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.769270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.769292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.769314] kthread+0x337/0x6f0 [ 11.769332] ? trace_preempt_on+0x20/0xc0 [ 11.769355] ? __pfx_kthread+0x10/0x10 [ 11.769387] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.769407] ? calculate_sigpending+0x7b/0xa0 [ 11.769430] ? __pfx_kthread+0x10/0x10 [ 11.769449] ret_from_fork+0x116/0x1d0 [ 11.769480] ? __pfx_kthread+0x10/0x10 [ 11.769499] ret_from_fork_asm+0x1a/0x30 [ 11.769530] </TASK> [ 11.769540] [ 11.777350] Allocated by task 203: [ 11.777586] kasan_save_stack+0x45/0x70 [ 11.777768] kasan_save_track+0x18/0x40 [ 11.777942] kasan_save_alloc_info+0x3b/0x50 [ 11.778164] __kasan_kmalloc+0xb7/0xc0 [ 11.778360] __kmalloc_cache_noprof+0x189/0x420 [ 11.778597] kmalloc_uaf_memset+0xa9/0x360 [ 11.778806] kunit_try_run_case+0x1a5/0x480 [ 11.779039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.779249] kthread+0x337/0x6f0 [ 11.779412] ret_from_fork+0x116/0x1d0 [ 11.779595] ret_from_fork_asm+0x1a/0x30 [ 11.779745] [ 11.779815] Freed by task 203: [ 11.780051] kasan_save_stack+0x45/0x70 [ 11.780248] kasan_save_track+0x18/0x40 [ 11.780459] kasan_save_free_info+0x3f/0x60 [ 11.780618] __kasan_slab_free+0x56/0x70 [ 11.780755] kfree+0x222/0x3f0 [ 11.780872] kmalloc_uaf_memset+0x12b/0x360 [ 11.781014] kunit_try_run_case+0x1a5/0x480 [ 11.781411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.781774] kthread+0x337/0x6f0 [ 11.781941] ret_from_fork+0x116/0x1d0 [ 11.782309] ret_from_fork_asm+0x1a/0x30 [ 11.782521] [ 11.782610] The buggy address belongs to the object at ffff888102590400 [ 11.782610] which belongs to the cache kmalloc-64 of size 64 [ 11.783018] The buggy address is located 0 bytes inside of [ 11.783018] freed 64-byte region [ffff888102590400, ffff888102590440) [ 11.783792] [ 11.783898] The buggy address belongs to the physical page: [ 11.784108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102590 [ 11.784359] flags: 0x200000000000000(node=0|zone=2) [ 11.784789] page_type: f5(slab) [ 11.785018] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.785356] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.785812] page dumped because: kasan: bad access detected [ 11.786113] [ 11.786207] Memory state around the buggy address: [ 11.786389] ffff888102590300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.786624] ffff888102590380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.787216] >ffff888102590400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.787530] ^ [ 11.787777] ffff888102590480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.788115] ffff888102590500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.788335] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.741685] ================================================================== [ 11.742210] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.742556] Read of size 1 at addr ffff888102531768 by task kunit_try_catch/201 [ 11.742903] [ 11.743001] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.743049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.743061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.743085] Call Trace: [ 11.743099] <TASK> [ 11.743120] dump_stack_lvl+0x73/0xb0 [ 11.743150] print_report+0xd1/0x650 [ 11.743174] ? __virt_addr_valid+0x1db/0x2d0 [ 11.743198] ? kmalloc_uaf+0x320/0x380 [ 11.743217] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.743238] ? kmalloc_uaf+0x320/0x380 [ 11.743257] kasan_report+0x141/0x180 [ 11.743278] ? kmalloc_uaf+0x320/0x380 [ 11.743301] __asan_report_load1_noabort+0x18/0x20 [ 11.743326] kmalloc_uaf+0x320/0x380 [ 11.743345] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.743365] ? __schedule+0x10cc/0x2b60 [ 11.743398] ? __pfx_read_tsc+0x10/0x10 [ 11.743419] ? ktime_get_ts64+0x86/0x230 [ 11.743443] kunit_try_run_case+0x1a5/0x480 [ 11.743468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.743489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.743512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.743533] ? __kthread_parkme+0x82/0x180 [ 11.743554] ? preempt_count_sub+0x50/0x80 [ 11.743734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.743763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.743785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.743807] kthread+0x337/0x6f0 [ 11.743827] ? trace_preempt_on+0x20/0xc0 [ 11.743851] ? __pfx_kthread+0x10/0x10 [ 11.743871] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.743892] ? calculate_sigpending+0x7b/0xa0 [ 11.743915] ? __pfx_kthread+0x10/0x10 [ 11.743935] ret_from_fork+0x116/0x1d0 [ 11.743952] ? __pfx_kthread+0x10/0x10 [ 11.744020] ret_from_fork_asm+0x1a/0x30 [ 11.744053] </TASK> [ 11.744065] [ 11.751910] Allocated by task 201: [ 11.752072] kasan_save_stack+0x45/0x70 [ 11.752270] kasan_save_track+0x18/0x40 [ 11.752459] kasan_save_alloc_info+0x3b/0x50 [ 11.752713] __kasan_kmalloc+0xb7/0xc0 [ 11.752878] __kmalloc_cache_noprof+0x189/0x420 [ 11.753082] kmalloc_uaf+0xaa/0x380 [ 11.753223] kunit_try_run_case+0x1a5/0x480 [ 11.753381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.753679] kthread+0x337/0x6f0 [ 11.753850] ret_from_fork+0x116/0x1d0 [ 11.754043] ret_from_fork_asm+0x1a/0x30 [ 11.754243] [ 11.754331] Freed by task 201: [ 11.754453] kasan_save_stack+0x45/0x70 [ 11.754589] kasan_save_track+0x18/0x40 [ 11.754723] kasan_save_free_info+0x3f/0x60 [ 11.754896] __kasan_slab_free+0x56/0x70 [ 11.755088] kfree+0x222/0x3f0 [ 11.755253] kmalloc_uaf+0x12c/0x380 [ 11.755508] kunit_try_run_case+0x1a5/0x480 [ 11.755883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.756341] kthread+0x337/0x6f0 [ 11.756540] ret_from_fork+0x116/0x1d0 [ 11.756719] ret_from_fork_asm+0x1a/0x30 [ 11.756888] [ 11.757106] The buggy address belongs to the object at ffff888102531760 [ 11.757106] which belongs to the cache kmalloc-16 of size 16 [ 11.757597] The buggy address is located 8 bytes inside of [ 11.757597] freed 16-byte region [ffff888102531760, ffff888102531770) [ 11.758126] [ 11.758205] The buggy address belongs to the physical page: [ 11.758390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102531 [ 11.758750] flags: 0x200000000000000(node=0|zone=2) [ 11.759208] page_type: f5(slab) [ 11.759383] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.759623] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.759850] page dumped because: kasan: bad access detected [ 11.760079] [ 11.760171] Memory state around the buggy address: [ 11.760456] ffff888102531600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.761162] ffff888102531680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.761464] >ffff888102531700: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 11.761749] ^ [ 11.761953] ffff888102531780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.762404] ffff888102531800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.762656] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.718174] ================================================================== [ 11.718704] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.719039] Read of size 64 at addr ffff888102efde84 by task kunit_try_catch/199 [ 11.719360] [ 11.719487] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.719532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.719544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.719565] Call Trace: [ 11.719578] <TASK> [ 11.719596] dump_stack_lvl+0x73/0xb0 [ 11.719624] print_report+0xd1/0x650 [ 11.719647] ? __virt_addr_valid+0x1db/0x2d0 [ 11.719670] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.719692] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.719712] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.719735] kasan_report+0x141/0x180 [ 11.719755] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.719782] kasan_check_range+0x10c/0x1c0 [ 11.719804] __asan_memmove+0x27/0x70 [ 11.719823] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.719845] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.719869] ? __schedule+0x10cc/0x2b60 [ 11.719890] ? __pfx_read_tsc+0x10/0x10 [ 11.719910] ? ktime_get_ts64+0x86/0x230 [ 11.719946] kunit_try_run_case+0x1a5/0x480 [ 11.719970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.719991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.720013] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.720034] ? __kthread_parkme+0x82/0x180 [ 11.720054] ? preempt_count_sub+0x50/0x80 [ 11.720078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.720100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.720121] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.720142] kthread+0x337/0x6f0 [ 11.720160] ? trace_preempt_on+0x20/0xc0 [ 11.720182] ? __pfx_kthread+0x10/0x10 [ 11.720202] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.720221] ? calculate_sigpending+0x7b/0xa0 [ 11.720244] ? __pfx_kthread+0x10/0x10 [ 11.720263] ret_from_fork+0x116/0x1d0 [ 11.720280] ? __pfx_kthread+0x10/0x10 [ 11.720299] ret_from_fork_asm+0x1a/0x30 [ 11.720329] </TASK> [ 11.720339] [ 11.728602] Allocated by task 199: [ 11.728788] kasan_save_stack+0x45/0x70 [ 11.729078] kasan_save_track+0x18/0x40 [ 11.729278] kasan_save_alloc_info+0x3b/0x50 [ 11.729591] __kasan_kmalloc+0xb7/0xc0 [ 11.729773] __kmalloc_cache_noprof+0x189/0x420 [ 11.730030] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.730202] kunit_try_run_case+0x1a5/0x480 [ 11.730349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.730572] kthread+0x337/0x6f0 [ 11.730741] ret_from_fork+0x116/0x1d0 [ 11.730924] ret_from_fork_asm+0x1a/0x30 [ 11.731385] [ 11.731483] The buggy address belongs to the object at ffff888102efde80 [ 11.731483] which belongs to the cache kmalloc-64 of size 64 [ 11.732126] The buggy address is located 4 bytes inside of [ 11.732126] allocated 64-byte region [ffff888102efde80, ffff888102efdec0) [ 11.732579] [ 11.732680] The buggy address belongs to the physical page: [ 11.732945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102efd [ 11.733313] flags: 0x200000000000000(node=0|zone=2) [ 11.733526] page_type: f5(slab) [ 11.733882] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.734248] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.734525] page dumped because: kasan: bad access detected [ 11.734846] [ 11.734920] Memory state around the buggy address: [ 11.735391] ffff888102efdd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.735669] ffff888102efde00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.736047] >ffff888102efde80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.736425] ^ [ 11.736677] ffff888102efdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.736900] ffff888102efdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.737117] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.695890] ================================================================== [ 11.696437] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.696813] Read of size 18446744073709551614 at addr ffff888102efde04 by task kunit_try_catch/197 [ 11.697275] [ 11.697397] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.697444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.697456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.697476] Call Trace: [ 11.697488] <TASK> [ 11.697506] dump_stack_lvl+0x73/0xb0 [ 11.697537] print_report+0xd1/0x650 [ 11.697560] ? __virt_addr_valid+0x1db/0x2d0 [ 11.697582] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.697605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.697625] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.697668] kasan_report+0x141/0x180 [ 11.697690] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.697719] kasan_check_range+0x10c/0x1c0 [ 11.697741] __asan_memmove+0x27/0x70 [ 11.697760] kmalloc_memmove_negative_size+0x171/0x330 [ 11.697783] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.697806] ? __schedule+0x10cc/0x2b60 [ 11.697827] ? __pfx_read_tsc+0x10/0x10 [ 11.697848] ? ktime_get_ts64+0x86/0x230 [ 11.697872] kunit_try_run_case+0x1a5/0x480 [ 11.697896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.698114] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.698151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.698174] ? __kthread_parkme+0x82/0x180 [ 11.698195] ? preempt_count_sub+0x50/0x80 [ 11.698219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.698242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.698266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.698289] kthread+0x337/0x6f0 [ 11.698307] ? trace_preempt_on+0x20/0xc0 [ 11.698330] ? __pfx_kthread+0x10/0x10 [ 11.698349] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.698369] ? calculate_sigpending+0x7b/0xa0 [ 11.698407] ? __pfx_kthread+0x10/0x10 [ 11.698427] ret_from_fork+0x116/0x1d0 [ 11.698445] ? __pfx_kthread+0x10/0x10 [ 11.698464] ret_from_fork_asm+0x1a/0x30 [ 11.698495] </TASK> [ 11.698506] [ 11.706366] Allocated by task 197: [ 11.706587] kasan_save_stack+0x45/0x70 [ 11.706774] kasan_save_track+0x18/0x40 [ 11.706921] kasan_save_alloc_info+0x3b/0x50 [ 11.707137] __kasan_kmalloc+0xb7/0xc0 [ 11.707571] __kmalloc_cache_noprof+0x189/0x420 [ 11.707844] kmalloc_memmove_negative_size+0xac/0x330 [ 11.708086] kunit_try_run_case+0x1a5/0x480 [ 11.708246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.708514] kthread+0x337/0x6f0 [ 11.708716] ret_from_fork+0x116/0x1d0 [ 11.708888] ret_from_fork_asm+0x1a/0x30 [ 11.709053] [ 11.709144] The buggy address belongs to the object at ffff888102efde00 [ 11.709144] which belongs to the cache kmalloc-64 of size 64 [ 11.709580] The buggy address is located 4 bytes inside of [ 11.709580] 64-byte region [ffff888102efde00, ffff888102efde40) [ 11.710012] [ 11.710200] The buggy address belongs to the physical page: [ 11.710476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102efd [ 11.710920] flags: 0x200000000000000(node=0|zone=2) [ 11.711398] page_type: f5(slab) [ 11.711542] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.711854] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.712242] page dumped because: kasan: bad access detected [ 11.712474] [ 11.712563] Memory state around the buggy address: [ 11.712719] ffff888102efdd00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 11.712932] ffff888102efdd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.713146] >ffff888102efde00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.713443] ^ [ 11.713605] ffff888102efde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.714262] ffff888102efdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.714505] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.670945] ================================================================== [ 11.671420] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.671772] Write of size 16 at addr ffff88810258d269 by task kunit_try_catch/195 [ 11.672101] [ 11.672229] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.672279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.672291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.672313] Call Trace: [ 11.672326] <TASK> [ 11.672345] dump_stack_lvl+0x73/0xb0 [ 11.672388] print_report+0xd1/0x650 [ 11.672418] ? __virt_addr_valid+0x1db/0x2d0 [ 11.672442] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.672463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.672484] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.672505] kasan_report+0x141/0x180 [ 11.672527] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.672552] kasan_check_range+0x10c/0x1c0 [ 11.672575] __asan_memset+0x27/0x50 [ 11.672593] kmalloc_oob_memset_16+0x166/0x330 [ 11.672615] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.672637] ? __schedule+0x10cc/0x2b60 [ 11.672658] ? __pfx_read_tsc+0x10/0x10 [ 11.672680] ? ktime_get_ts64+0x86/0x230 [ 11.672705] kunit_try_run_case+0x1a5/0x480 [ 11.672729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.672751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.672775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.672797] ? __kthread_parkme+0x82/0x180 [ 11.672818] ? preempt_count_sub+0x50/0x80 [ 11.672842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.672865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.672887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.672909] kthread+0x337/0x6f0 [ 11.672928] ? trace_preempt_on+0x20/0xc0 [ 11.672951] ? __pfx_kthread+0x10/0x10 [ 11.672971] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.672991] ? calculate_sigpending+0x7b/0xa0 [ 11.673014] ? __pfx_kthread+0x10/0x10 [ 11.673034] ret_from_fork+0x116/0x1d0 [ 11.673052] ? __pfx_kthread+0x10/0x10 [ 11.673071] ret_from_fork_asm+0x1a/0x30 [ 11.673102] </TASK> [ 11.673113] [ 11.680710] Allocated by task 195: [ 11.680900] kasan_save_stack+0x45/0x70 [ 11.681114] kasan_save_track+0x18/0x40 [ 11.681311] kasan_save_alloc_info+0x3b/0x50 [ 11.681531] __kasan_kmalloc+0xb7/0xc0 [ 11.681836] __kmalloc_cache_noprof+0x189/0x420 [ 11.682023] kmalloc_oob_memset_16+0xac/0x330 [ 11.682209] kunit_try_run_case+0x1a5/0x480 [ 11.682355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.682649] kthread+0x337/0x6f0 [ 11.682823] ret_from_fork+0x116/0x1d0 [ 11.683013] ret_from_fork_asm+0x1a/0x30 [ 11.683184] [ 11.683264] The buggy address belongs to the object at ffff88810258d200 [ 11.683264] which belongs to the cache kmalloc-128 of size 128 [ 11.683631] The buggy address is located 105 bytes inside of [ 11.683631] allocated 120-byte region [ffff88810258d200, ffff88810258d278) [ 11.684105] [ 11.684295] The buggy address belongs to the physical page: [ 11.684565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.685181] flags: 0x200000000000000(node=0|zone=2) [ 11.685466] page_type: f5(slab) [ 11.685641] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.686003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.686256] page dumped because: kasan: bad access detected [ 11.686502] [ 11.686604] Memory state around the buggy address: [ 11.686837] ffff88810258d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.687178] ffff88810258d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.687471] >ffff88810258d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.687859] ^ [ 11.688073] ffff88810258d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.688353] ffff88810258d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.688930] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.647081] ================================================================== [ 11.647750] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.648210] Write of size 8 at addr ffff88810258d171 by task kunit_try_catch/193 [ 11.648537] [ 11.648709] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.648756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.648768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.648789] Call Trace: [ 11.648803] <TASK> [ 11.648822] dump_stack_lvl+0x73/0xb0 [ 11.648854] print_report+0xd1/0x650 [ 11.648878] ? __virt_addr_valid+0x1db/0x2d0 [ 11.648902] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.648923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.648944] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.648965] kasan_report+0x141/0x180 [ 11.648995] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.649020] kasan_check_range+0x10c/0x1c0 [ 11.649043] __asan_memset+0x27/0x50 [ 11.649062] kmalloc_oob_memset_8+0x166/0x330 [ 11.649084] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.649106] ? __schedule+0x10cc/0x2b60 [ 11.649128] ? __pfx_read_tsc+0x10/0x10 [ 11.649153] ? ktime_get_ts64+0x86/0x230 [ 11.649180] kunit_try_run_case+0x1a5/0x480 [ 11.649207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.649229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.649253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.649275] ? __kthread_parkme+0x82/0x180 [ 11.649297] ? preempt_count_sub+0x50/0x80 [ 11.649321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.649344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.649366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.649400] kthread+0x337/0x6f0 [ 11.649419] ? trace_preempt_on+0x20/0xc0 [ 11.649444] ? __pfx_kthread+0x10/0x10 [ 11.649463] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.649483] ? calculate_sigpending+0x7b/0xa0 [ 11.649507] ? __pfx_kthread+0x10/0x10 [ 11.649527] ret_from_fork+0x116/0x1d0 [ 11.649545] ? __pfx_kthread+0x10/0x10 [ 11.649565] ret_from_fork_asm+0x1a/0x30 [ 11.649595] </TASK> [ 11.649607] [ 11.657435] Allocated by task 193: [ 11.657596] kasan_save_stack+0x45/0x70 [ 11.657819] kasan_save_track+0x18/0x40 [ 11.658137] kasan_save_alloc_info+0x3b/0x50 [ 11.658345] __kasan_kmalloc+0xb7/0xc0 [ 11.658522] __kmalloc_cache_noprof+0x189/0x420 [ 11.658737] kmalloc_oob_memset_8+0xac/0x330 [ 11.658885] kunit_try_run_case+0x1a5/0x480 [ 11.659032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.659286] kthread+0x337/0x6f0 [ 11.659580] ret_from_fork+0x116/0x1d0 [ 11.659838] ret_from_fork_asm+0x1a/0x30 [ 11.660356] [ 11.660480] The buggy address belongs to the object at ffff88810258d100 [ 11.660480] which belongs to the cache kmalloc-128 of size 128 [ 11.661225] The buggy address is located 113 bytes inside of [ 11.661225] allocated 120-byte region [ffff88810258d100, ffff88810258d178) [ 11.661826] [ 11.661907] The buggy address belongs to the physical page: [ 11.662139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.662395] flags: 0x200000000000000(node=0|zone=2) [ 11.662636] page_type: f5(slab) [ 11.662879] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.663259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.663534] page dumped because: kasan: bad access detected [ 11.663705] [ 11.663811] Memory state around the buggy address: [ 11.664040] ffff88810258d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.664520] ffff88810258d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.664872] >ffff88810258d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.665392] ^ [ 11.665866] ffff88810258d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.666083] ffff88810258d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.666596] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.625034] ================================================================== [ 11.625543] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.625949] Write of size 4 at addr ffff888102ef5975 by task kunit_try_catch/191 [ 11.626387] [ 11.626530] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.626579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.626591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.626611] Call Trace: [ 11.626625] <TASK> [ 11.626643] dump_stack_lvl+0x73/0xb0 [ 11.626675] print_report+0xd1/0x650 [ 11.626699] ? __virt_addr_valid+0x1db/0x2d0 [ 11.626722] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.626742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.626763] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.626783] kasan_report+0x141/0x180 [ 11.626804] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.626828] kasan_check_range+0x10c/0x1c0 [ 11.626851] __asan_memset+0x27/0x50 [ 11.626869] kmalloc_oob_memset_4+0x166/0x330 [ 11.626890] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.626911] ? __schedule+0x10cc/0x2b60 [ 11.627099] ? __pfx_read_tsc+0x10/0x10 [ 11.627123] ? ktime_get_ts64+0x86/0x230 [ 11.627146] kunit_try_run_case+0x1a5/0x480 [ 11.627172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.627194] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.627218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.627239] ? __kthread_parkme+0x82/0x180 [ 11.627260] ? preempt_count_sub+0x50/0x80 [ 11.627283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.627306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.627329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.627352] kthread+0x337/0x6f0 [ 11.627370] ? trace_preempt_on+0x20/0xc0 [ 11.627407] ? __pfx_kthread+0x10/0x10 [ 11.627426] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.627446] ? calculate_sigpending+0x7b/0xa0 [ 11.627469] ? __pfx_kthread+0x10/0x10 [ 11.627489] ret_from_fork+0x116/0x1d0 [ 11.627506] ? __pfx_kthread+0x10/0x10 [ 11.627525] ret_from_fork_asm+0x1a/0x30 [ 11.627556] </TASK> [ 11.627567] [ 11.635178] Allocated by task 191: [ 11.635385] kasan_save_stack+0x45/0x70 [ 11.635541] kasan_save_track+0x18/0x40 [ 11.635675] kasan_save_alloc_info+0x3b/0x50 [ 11.635908] __kasan_kmalloc+0xb7/0xc0 [ 11.636184] __kmalloc_cache_noprof+0x189/0x420 [ 11.636509] kmalloc_oob_memset_4+0xac/0x330 [ 11.636721] kunit_try_run_case+0x1a5/0x480 [ 11.636938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.637241] kthread+0x337/0x6f0 [ 11.637428] ret_from_fork+0x116/0x1d0 [ 11.637667] ret_from_fork_asm+0x1a/0x30 [ 11.637811] [ 11.637883] The buggy address belongs to the object at ffff888102ef5900 [ 11.637883] which belongs to the cache kmalloc-128 of size 128 [ 11.638614] The buggy address is located 117 bytes inside of [ 11.638614] allocated 120-byte region [ffff888102ef5900, ffff888102ef5978) [ 11.639322] [ 11.639429] The buggy address belongs to the physical page: [ 11.639607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 11.639852] flags: 0x200000000000000(node=0|zone=2) [ 11.640160] page_type: f5(slab) [ 11.640340] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.640704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.641046] page dumped because: kasan: bad access detected [ 11.641267] [ 11.641336] Memory state around the buggy address: [ 11.641501] ffff888102ef5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.642407] ffff888102ef5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.642911] >ffff888102ef5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.643353] ^ [ 11.643645] ffff888102ef5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.643860] ffff888102ef5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.644072] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.601579] ================================================================== [ 11.602051] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.602468] Write of size 2 at addr ffff888102ef5877 by task kunit_try_catch/189 [ 11.602922] [ 11.603039] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.603088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.603100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.603122] Call Trace: [ 11.603135] <TASK> [ 11.603154] dump_stack_lvl+0x73/0xb0 [ 11.603185] print_report+0xd1/0x650 [ 11.603209] ? __virt_addr_valid+0x1db/0x2d0 [ 11.603234] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.603254] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.603276] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.603298] kasan_report+0x141/0x180 [ 11.603318] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.603343] kasan_check_range+0x10c/0x1c0 [ 11.603366] __asan_memset+0x27/0x50 [ 11.603397] kmalloc_oob_memset_2+0x166/0x330 [ 11.603418] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.603440] ? __schedule+0x10cc/0x2b60 [ 11.603462] ? __pfx_read_tsc+0x10/0x10 [ 11.603483] ? ktime_get_ts64+0x86/0x230 [ 11.603509] kunit_try_run_case+0x1a5/0x480 [ 11.603535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.603555] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.603579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.603600] ? __kthread_parkme+0x82/0x180 [ 11.603621] ? preempt_count_sub+0x50/0x80 [ 11.603645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.603667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.603812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.603839] kthread+0x337/0x6f0 [ 11.603857] ? trace_preempt_on+0x20/0xc0 [ 11.603882] ? __pfx_kthread+0x10/0x10 [ 11.603901] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.603923] ? calculate_sigpending+0x7b/0xa0 [ 11.604016] ? __pfx_kthread+0x10/0x10 [ 11.604037] ret_from_fork+0x116/0x1d0 [ 11.604055] ? __pfx_kthread+0x10/0x10 [ 11.604074] ret_from_fork_asm+0x1a/0x30 [ 11.604105] </TASK> [ 11.604116] [ 11.611668] Allocated by task 189: [ 11.611867] kasan_save_stack+0x45/0x70 [ 11.612113] kasan_save_track+0x18/0x40 [ 11.612282] kasan_save_alloc_info+0x3b/0x50 [ 11.612448] __kasan_kmalloc+0xb7/0xc0 [ 11.612580] __kmalloc_cache_noprof+0x189/0x420 [ 11.612736] kmalloc_oob_memset_2+0xac/0x330 [ 11.612960] kunit_try_run_case+0x1a5/0x480 [ 11.613165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.613423] kthread+0x337/0x6f0 [ 11.613590] ret_from_fork+0x116/0x1d0 [ 11.613775] ret_from_fork_asm+0x1a/0x30 [ 11.613969] [ 11.614153] The buggy address belongs to the object at ffff888102ef5800 [ 11.614153] which belongs to the cache kmalloc-128 of size 128 [ 11.614696] The buggy address is located 119 bytes inside of [ 11.614696] allocated 120-byte region [ffff888102ef5800, ffff888102ef5878) [ 11.615245] [ 11.615340] The buggy address belongs to the physical page: [ 11.615592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 11.615910] flags: 0x200000000000000(node=0|zone=2) [ 11.616169] page_type: f5(slab) [ 11.616333] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.616686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.617067] page dumped because: kasan: bad access detected [ 11.617241] [ 11.617311] Memory state around the buggy address: [ 11.617483] ffff888102ef5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.617699] ffff888102ef5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.618102] >ffff888102ef5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.618431] ^ [ 11.618804] ffff888102ef5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.619019] ffff888102ef5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.619233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.578251] ================================================================== [ 11.578744] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.579277] Write of size 128 at addr ffff88810258d000 by task kunit_try_catch/187 [ 11.579579] [ 11.579724] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.579772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.579784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.579805] Call Trace: [ 11.579819] <TASK> [ 11.579838] dump_stack_lvl+0x73/0xb0 [ 11.579868] print_report+0xd1/0x650 [ 11.579892] ? __virt_addr_valid+0x1db/0x2d0 [ 11.579915] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.579936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.579956] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.579978] kasan_report+0x141/0x180 [ 11.579999] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.580024] kasan_check_range+0x10c/0x1c0 [ 11.580047] __asan_memset+0x27/0x50 [ 11.580065] kmalloc_oob_in_memset+0x15f/0x320 [ 11.580086] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.580108] ? __schedule+0x10cc/0x2b60 [ 11.580130] ? __pfx_read_tsc+0x10/0x10 [ 11.580150] ? ktime_get_ts64+0x86/0x230 [ 11.580175] kunit_try_run_case+0x1a5/0x480 [ 11.580199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.580220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.580244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.580265] ? __kthread_parkme+0x82/0x180 [ 11.580286] ? preempt_count_sub+0x50/0x80 [ 11.580310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.580332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.580353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.580386] kthread+0x337/0x6f0 [ 11.580411] ? trace_preempt_on+0x20/0xc0 [ 11.580434] ? __pfx_kthread+0x10/0x10 [ 11.580453] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.580473] ? calculate_sigpending+0x7b/0xa0 [ 11.580496] ? __pfx_kthread+0x10/0x10 [ 11.580516] ret_from_fork+0x116/0x1d0 [ 11.580535] ? __pfx_kthread+0x10/0x10 [ 11.580554] ret_from_fork_asm+0x1a/0x30 [ 11.580585] </TASK> [ 11.580596] [ 11.588310] Allocated by task 187: [ 11.588525] kasan_save_stack+0x45/0x70 [ 11.588683] kasan_save_track+0x18/0x40 [ 11.588817] kasan_save_alloc_info+0x3b/0x50 [ 11.588965] __kasan_kmalloc+0xb7/0xc0 [ 11.589096] __kmalloc_cache_noprof+0x189/0x420 [ 11.589381] kmalloc_oob_in_memset+0xac/0x320 [ 11.589590] kunit_try_run_case+0x1a5/0x480 [ 11.589962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.590225] kthread+0x337/0x6f0 [ 11.590348] ret_from_fork+0x116/0x1d0 [ 11.590488] ret_from_fork_asm+0x1a/0x30 [ 11.590814] [ 11.590914] The buggy address belongs to the object at ffff88810258d000 [ 11.590914] which belongs to the cache kmalloc-128 of size 128 [ 11.592034] The buggy address is located 0 bytes inside of [ 11.592034] allocated 120-byte region [ffff88810258d000, ffff88810258d078) [ 11.592465] [ 11.592540] The buggy address belongs to the physical page: [ 11.592717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 11.593405] flags: 0x200000000000000(node=0|zone=2) [ 11.593647] page_type: f5(slab) [ 11.593822] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.594109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.594337] page dumped because: kasan: bad access detected [ 11.594520] [ 11.594669] Memory state around the buggy address: [ 11.594896] ffff88810258cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.595252] ffff88810258cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.595596] >ffff88810258d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.595894] ^ [ 11.596174] ffff88810258d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.596444] ffff88810258d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.597258] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.553231] ================================================================== [ 11.553684] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.554341] Read of size 16 at addr ffff88810228a860 by task kunit_try_catch/185 [ 11.554715] [ 11.554829] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.554875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.554887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.554908] Call Trace: [ 11.554921] <TASK> [ 11.554937] dump_stack_lvl+0x73/0xb0 [ 11.554967] print_report+0xd1/0x650 [ 11.554990] ? __virt_addr_valid+0x1db/0x2d0 [ 11.555013] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.555032] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.555052] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.555072] kasan_report+0x141/0x180 [ 11.555092] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.555116] __asan_report_load16_noabort+0x18/0x20 [ 11.555139] kmalloc_uaf_16+0x47b/0x4c0 [ 11.555160] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.555182] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.555206] kunit_try_run_case+0x1a5/0x480 [ 11.555231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.555252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.555276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.555297] ? __kthread_parkme+0x82/0x180 [ 11.555317] ? preempt_count_sub+0x50/0x80 [ 11.555342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.555366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.555400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.555423] kthread+0x337/0x6f0 [ 11.555442] ? trace_preempt_on+0x20/0xc0 [ 11.555467] ? __pfx_kthread+0x10/0x10 [ 11.555487] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.555509] ? calculate_sigpending+0x7b/0xa0 [ 11.555531] ? __pfx_kthread+0x10/0x10 [ 11.555551] ret_from_fork+0x116/0x1d0 [ 11.555647] ? __pfx_kthread+0x10/0x10 [ 11.555671] ret_from_fork_asm+0x1a/0x30 [ 11.555703] </TASK> [ 11.555716] [ 11.563177] Allocated by task 185: [ 11.563366] kasan_save_stack+0x45/0x70 [ 11.563536] kasan_save_track+0x18/0x40 [ 11.563670] kasan_save_alloc_info+0x3b/0x50 [ 11.563854] __kasan_kmalloc+0xb7/0xc0 [ 11.564039] __kmalloc_cache_noprof+0x189/0x420 [ 11.564352] kmalloc_uaf_16+0x15b/0x4c0 [ 11.564581] kunit_try_run_case+0x1a5/0x480 [ 11.564762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.564955] kthread+0x337/0x6f0 [ 11.565124] ret_from_fork+0x116/0x1d0 [ 11.565318] ret_from_fork_asm+0x1a/0x30 [ 11.565486] [ 11.565564] Freed by task 185: [ 11.566033] kasan_save_stack+0x45/0x70 [ 11.566239] kasan_save_track+0x18/0x40 [ 11.566435] kasan_save_free_info+0x3f/0x60 [ 11.566657] __kasan_slab_free+0x56/0x70 [ 11.566823] kfree+0x222/0x3f0 [ 11.567059] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.567199] kunit_try_run_case+0x1a5/0x480 [ 11.567343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.567607] kthread+0x337/0x6f0 [ 11.567780] ret_from_fork+0x116/0x1d0 [ 11.567943] ret_from_fork_asm+0x1a/0x30 [ 11.568208] [ 11.568307] The buggy address belongs to the object at ffff88810228a860 [ 11.568307] which belongs to the cache kmalloc-16 of size 16 [ 11.568689] The buggy address is located 0 bytes inside of [ 11.568689] freed 16-byte region [ffff88810228a860, ffff88810228a870) [ 11.569337] [ 11.569448] The buggy address belongs to the physical page: [ 11.569971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10228a [ 11.570368] flags: 0x200000000000000(node=0|zone=2) [ 11.570585] page_type: f5(slab) [ 11.570758] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.571159] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.571422] page dumped because: kasan: bad access detected [ 11.571618] [ 11.571721] Memory state around the buggy address: [ 11.572006] ffff88810228a700: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 11.572325] ffff88810228a780: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.572562] >ffff88810228a800: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 11.572889] ^ [ 11.573517] ffff88810228a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.573821] ffff88810228a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.574182] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.528771] ================================================================== [ 11.529294] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.529631] Write of size 16 at addr ffff88810228a800 by task kunit_try_catch/183 [ 11.529949] [ 11.530295] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.530346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.530358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.530393] Call Trace: [ 11.530407] <TASK> [ 11.530424] dump_stack_lvl+0x73/0xb0 [ 11.530454] print_report+0xd1/0x650 [ 11.530476] ? __virt_addr_valid+0x1db/0x2d0 [ 11.530499] ? kmalloc_oob_16+0x452/0x4a0 [ 11.530518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.530538] ? kmalloc_oob_16+0x452/0x4a0 [ 11.530557] kasan_report+0x141/0x180 [ 11.530577] ? kmalloc_oob_16+0x452/0x4a0 [ 11.530601] __asan_report_store16_noabort+0x1b/0x30 [ 11.530621] kmalloc_oob_16+0x452/0x4a0 [ 11.530640] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.530661] ? __schedule+0x10cc/0x2b60 [ 11.530682] ? __pfx_read_tsc+0x10/0x10 [ 11.530703] ? ktime_get_ts64+0x86/0x230 [ 11.530729] kunit_try_run_case+0x1a5/0x480 [ 11.530753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.530774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.530797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.530818] ? __kthread_parkme+0x82/0x180 [ 11.530838] ? preempt_count_sub+0x50/0x80 [ 11.530860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.530883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.530904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.530985] kthread+0x337/0x6f0 [ 11.531006] ? trace_preempt_on+0x20/0xc0 [ 11.531030] ? __pfx_kthread+0x10/0x10 [ 11.531049] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.531070] ? calculate_sigpending+0x7b/0xa0 [ 11.531092] ? __pfx_kthread+0x10/0x10 [ 11.531112] ret_from_fork+0x116/0x1d0 [ 11.531129] ? __pfx_kthread+0x10/0x10 [ 11.531148] ret_from_fork_asm+0x1a/0x30 [ 11.531178] </TASK> [ 11.531188] [ 11.539203] Allocated by task 183: [ 11.539490] kasan_save_stack+0x45/0x70 [ 11.539701] kasan_save_track+0x18/0x40 [ 11.539879] kasan_save_alloc_info+0x3b/0x50 [ 11.540383] __kasan_kmalloc+0xb7/0xc0 [ 11.540553] __kmalloc_cache_noprof+0x189/0x420 [ 11.540772] kmalloc_oob_16+0xa8/0x4a0 [ 11.540904] kunit_try_run_case+0x1a5/0x480 [ 11.541129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.541361] kthread+0x337/0x6f0 [ 11.541492] ret_from_fork+0x116/0x1d0 [ 11.541622] ret_from_fork_asm+0x1a/0x30 [ 11.541815] [ 11.541910] The buggy address belongs to the object at ffff88810228a800 [ 11.541910] which belongs to the cache kmalloc-16 of size 16 [ 11.542739] The buggy address is located 0 bytes inside of [ 11.542739] allocated 13-byte region [ffff88810228a800, ffff88810228a80d) [ 11.543113] [ 11.543186] The buggy address belongs to the physical page: [ 11.543453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10228a [ 11.544132] flags: 0x200000000000000(node=0|zone=2) [ 11.544407] page_type: f5(slab) [ 11.544575] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.544846] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.545069] page dumped because: kasan: bad access detected [ 11.545304] [ 11.545425] Memory state around the buggy address: [ 11.545741] ffff88810228a700: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 11.546022] ffff88810228a780: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.546240] >ffff88810228a800: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 11.546506] ^ [ 11.546803] ffff88810228a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.547114] ffff88810228a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.547448] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.502816] ================================================================== [ 11.503333] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.503577] Read of size 1 at addr ffff88810033b800 by task kunit_try_catch/181 [ 11.503977] [ 11.504210] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.504256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.504268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.504287] Call Trace: [ 11.504300] <TASK> [ 11.504319] dump_stack_lvl+0x73/0xb0 [ 11.504348] print_report+0xd1/0x650 [ 11.504370] ? __virt_addr_valid+0x1db/0x2d0 [ 11.504411] ? krealloc_uaf+0x53c/0x5e0 [ 11.504430] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.504451] ? krealloc_uaf+0x53c/0x5e0 [ 11.504472] kasan_report+0x141/0x180 [ 11.504492] ? krealloc_uaf+0x53c/0x5e0 [ 11.504518] __asan_report_load1_noabort+0x18/0x20 [ 11.504540] krealloc_uaf+0x53c/0x5e0 [ 11.504560] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.504579] ? finish_task_switch.isra.0+0x153/0x700 [ 11.504601] ? __switch_to+0x47/0xf50 [ 11.504626] ? __schedule+0x10cc/0x2b60 [ 11.504647] ? __pfx_read_tsc+0x10/0x10 [ 11.504667] ? ktime_get_ts64+0x86/0x230 [ 11.504691] kunit_try_run_case+0x1a5/0x480 [ 11.504715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.504735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.504758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.504779] ? __kthread_parkme+0x82/0x180 [ 11.504798] ? preempt_count_sub+0x50/0x80 [ 11.504819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.504841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.504862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.504883] kthread+0x337/0x6f0 [ 11.504901] ? trace_preempt_on+0x20/0xc0 [ 11.504923] ? __pfx_kthread+0x10/0x10 [ 11.504942] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.504961] ? calculate_sigpending+0x7b/0xa0 [ 11.504984] ? __pfx_kthread+0x10/0x10 [ 11.505049] ret_from_fork+0x116/0x1d0 [ 11.505068] ? __pfx_kthread+0x10/0x10 [ 11.505087] ret_from_fork_asm+0x1a/0x30 [ 11.505119] </TASK> [ 11.505130] [ 11.512713] Allocated by task 181: [ 11.512893] kasan_save_stack+0x45/0x70 [ 11.513150] kasan_save_track+0x18/0x40 [ 11.513340] kasan_save_alloc_info+0x3b/0x50 [ 11.513542] __kasan_kmalloc+0xb7/0xc0 [ 11.513726] __kmalloc_cache_noprof+0x189/0x420 [ 11.513917] krealloc_uaf+0xbb/0x5e0 [ 11.514314] kunit_try_run_case+0x1a5/0x480 [ 11.514520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.514773] kthread+0x337/0x6f0 [ 11.515025] ret_from_fork+0x116/0x1d0 [ 11.515163] ret_from_fork_asm+0x1a/0x30 [ 11.515357] [ 11.515463] Freed by task 181: [ 11.515597] kasan_save_stack+0x45/0x70 [ 11.515761] kasan_save_track+0x18/0x40 [ 11.516013] kasan_save_free_info+0x3f/0x60 [ 11.516220] __kasan_slab_free+0x56/0x70 [ 11.516353] kfree+0x222/0x3f0 [ 11.516482] krealloc_uaf+0x13d/0x5e0 [ 11.516612] kunit_try_run_case+0x1a5/0x480 [ 11.516753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.517132] kthread+0x337/0x6f0 [ 11.517308] ret_from_fork+0x116/0x1d0 [ 11.517504] ret_from_fork_asm+0x1a/0x30 [ 11.517848] [ 11.517958] The buggy address belongs to the object at ffff88810033b800 [ 11.517958] which belongs to the cache kmalloc-256 of size 256 [ 11.518312] The buggy address is located 0 bytes inside of [ 11.518312] freed 256-byte region [ffff88810033b800, ffff88810033b900) [ 11.519324] [ 11.519416] The buggy address belongs to the physical page: [ 11.519689] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 11.519931] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.520565] flags: 0x200000000000040(head|node=0|zone=2) [ 11.520854] page_type: f5(slab) [ 11.521008] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.521240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.521850] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.522697] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.523051] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 11.523393] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.523756] page dumped because: kasan: bad access detected [ 11.523928] [ 11.523997] Memory state around the buggy address: [ 11.524191] ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524516] ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524750] >ffff88810033b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.525066] ^ [ 11.525232] ffff88810033b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.525506] ffff88810033b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.525879] ================================================================== [ 11.475769] ================================================================== [ 11.476544] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.476930] Read of size 1 at addr ffff88810033b800 by task kunit_try_catch/181 [ 11.477236] [ 11.477364] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.477423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.477435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.477456] Call Trace: [ 11.477470] <TASK> [ 11.477490] dump_stack_lvl+0x73/0xb0 [ 11.477523] print_report+0xd1/0x650 [ 11.477546] ? __virt_addr_valid+0x1db/0x2d0 [ 11.477571] ? krealloc_uaf+0x1b8/0x5e0 [ 11.477590] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.477611] ? krealloc_uaf+0x1b8/0x5e0 [ 11.477633] kasan_report+0x141/0x180 [ 11.477654] ? krealloc_uaf+0x1b8/0x5e0 [ 11.477678] ? krealloc_uaf+0x1b8/0x5e0 [ 11.477698] __kasan_check_byte+0x3d/0x50 [ 11.477719] krealloc_noprof+0x3f/0x340 [ 11.477741] krealloc_uaf+0x1b8/0x5e0 [ 11.477761] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.477781] ? finish_task_switch.isra.0+0x153/0x700 [ 11.477804] ? __switch_to+0x47/0xf50 [ 11.477829] ? __schedule+0x10cc/0x2b60 [ 11.477851] ? __pfx_read_tsc+0x10/0x10 [ 11.477872] ? ktime_get_ts64+0x86/0x230 [ 11.477895] kunit_try_run_case+0x1a5/0x480 [ 11.477920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.477942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.477965] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.477987] ? __kthread_parkme+0x82/0x180 [ 11.478008] ? preempt_count_sub+0x50/0x80 [ 11.478029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.478051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.478072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.478094] kthread+0x337/0x6f0 [ 11.478112] ? trace_preempt_on+0x20/0xc0 [ 11.478135] ? __pfx_kthread+0x10/0x10 [ 11.478154] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.478173] ? calculate_sigpending+0x7b/0xa0 [ 11.478196] ? __pfx_kthread+0x10/0x10 [ 11.478216] ret_from_fork+0x116/0x1d0 [ 11.478234] ? __pfx_kthread+0x10/0x10 [ 11.478268] ret_from_fork_asm+0x1a/0x30 [ 11.478299] </TASK> [ 11.478310] [ 11.486729] Allocated by task 181: [ 11.486934] kasan_save_stack+0x45/0x70 [ 11.487315] kasan_save_track+0x18/0x40 [ 11.487520] kasan_save_alloc_info+0x3b/0x50 [ 11.488056] __kasan_kmalloc+0xb7/0xc0 [ 11.488211] __kmalloc_cache_noprof+0x189/0x420 [ 11.488435] krealloc_uaf+0xbb/0x5e0 [ 11.488614] kunit_try_run_case+0x1a5/0x480 [ 11.488799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.489004] kthread+0x337/0x6f0 [ 11.489260] ret_from_fork+0x116/0x1d0 [ 11.489465] ret_from_fork_asm+0x1a/0x30 [ 11.489623] [ 11.489730] Freed by task 181: [ 11.489863] kasan_save_stack+0x45/0x70 [ 11.490016] kasan_save_track+0x18/0x40 [ 11.490260] kasan_save_free_info+0x3f/0x60 [ 11.490484] __kasan_slab_free+0x56/0x70 [ 11.490753] kfree+0x222/0x3f0 [ 11.491099] krealloc_uaf+0x13d/0x5e0 [ 11.491237] kunit_try_run_case+0x1a5/0x480 [ 11.491394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.491667] kthread+0x337/0x6f0 [ 11.491836] ret_from_fork+0x116/0x1d0 [ 11.492349] ret_from_fork_asm+0x1a/0x30 [ 11.492619] [ 11.492717] The buggy address belongs to the object at ffff88810033b800 [ 11.492717] which belongs to the cache kmalloc-256 of size 256 [ 11.493331] The buggy address is located 0 bytes inside of [ 11.493331] freed 256-byte region [ffff88810033b800, ffff88810033b900) [ 11.493756] [ 11.493833] The buggy address belongs to the physical page: [ 11.494020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 11.494559] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.494801] flags: 0x200000000000040(head|node=0|zone=2) [ 11.494981] page_type: f5(slab) [ 11.495104] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.495460] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.496046] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.496368] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.496767] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 11.497039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.497499] page dumped because: kasan: bad access detected [ 11.498512] [ 11.498917] Memory state around the buggy address: [ 11.499529] ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.499945] ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.500385] >ffff88810033b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.500846] ^ [ 11.500972] ffff88810033b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.501434] ffff88810033b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.501838] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.304033] ================================================================== [ 11.304389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.304755] Write of size 1 at addr ffff888100ab6eeb by task kunit_try_catch/175 [ 11.305311] [ 11.305425] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.305468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.305479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.305499] Call Trace: [ 11.305518] <TASK> [ 11.305539] dump_stack_lvl+0x73/0xb0 [ 11.305578] print_report+0xd1/0x650 [ 11.305602] ? __virt_addr_valid+0x1db/0x2d0 [ 11.305623] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.305665] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305687] kasan_report+0x141/0x180 [ 11.305708] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305735] __asan_report_store1_noabort+0x1b/0x30 [ 11.305754] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.305775] ? __perf_event_task_sched_in+0x151/0x360 [ 11.305801] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.305824] ? finish_task_switch.isra.0+0x153/0x700 [ 11.305845] ? __switch_to+0x47/0xf50 [ 11.305870] ? __schedule+0x10cc/0x2b60 [ 11.305891] ? __pfx_read_tsc+0x10/0x10 [ 11.305914] krealloc_less_oob+0x1c/0x30 [ 11.305934] kunit_try_run_case+0x1a5/0x480 [ 11.305958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.305978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.306000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.306021] ? __kthread_parkme+0x82/0x180 [ 11.306041] ? preempt_count_sub+0x50/0x80 [ 11.306062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.306084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.306105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.306126] kthread+0x337/0x6f0 [ 11.306144] ? trace_preempt_on+0x20/0xc0 [ 11.306166] ? __pfx_kthread+0x10/0x10 [ 11.306185] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.306206] ? calculate_sigpending+0x7b/0xa0 [ 11.306229] ? __pfx_kthread+0x10/0x10 [ 11.306248] ret_from_fork+0x116/0x1d0 [ 11.306265] ? __pfx_kthread+0x10/0x10 [ 11.306284] ret_from_fork_asm+0x1a/0x30 [ 11.306314] </TASK> [ 11.306324] [ 11.315221] Allocated by task 175: [ 11.315485] kasan_save_stack+0x45/0x70 [ 11.315720] kasan_save_track+0x18/0x40 [ 11.315906] kasan_save_alloc_info+0x3b/0x50 [ 11.316120] __kasan_krealloc+0x190/0x1f0 [ 11.316311] krealloc_noprof+0xf3/0x340 [ 11.316516] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.316748] krealloc_less_oob+0x1c/0x30 [ 11.316882] kunit_try_run_case+0x1a5/0x480 [ 11.317022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.317228] kthread+0x337/0x6f0 [ 11.317571] ret_from_fork+0x116/0x1d0 [ 11.317785] ret_from_fork_asm+0x1a/0x30 [ 11.318285] [ 11.318402] The buggy address belongs to the object at ffff888100ab6e00 [ 11.318402] which belongs to the cache kmalloc-256 of size 256 [ 11.319086] The buggy address is located 34 bytes to the right of [ 11.319086] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.319657] [ 11.319747] The buggy address belongs to the physical page: [ 11.319922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.320310] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.320772] flags: 0x200000000000040(head|node=0|zone=2) [ 11.321230] page_type: f5(slab) [ 11.321453] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.321796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.322129] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.322365] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.323120] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.323846] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.324266] page dumped because: kasan: bad access detected [ 11.324478] [ 11.324564] Memory state around the buggy address: [ 11.324828] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.325305] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.325596] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.326077] ^ [ 11.326590] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.327220] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.327550] ================================================================== [ 11.259216] ================================================================== [ 11.259544] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.259922] Write of size 1 at addr ffff888100ab6eda by task kunit_try_catch/175 [ 11.260249] [ 11.260355] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.260414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.260425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.260446] Call Trace: [ 11.260465] <TASK> [ 11.260485] dump_stack_lvl+0x73/0xb0 [ 11.260515] print_report+0xd1/0x650 [ 11.260539] ? __virt_addr_valid+0x1db/0x2d0 [ 11.260561] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.260604] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260626] kasan_report+0x141/0x180 [ 11.260646] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260673] __asan_report_store1_noabort+0x1b/0x30 [ 11.260692] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.260713] ? __perf_event_task_sched_in+0x151/0x360 [ 11.260739] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.260761] ? finish_task_switch.isra.0+0x153/0x700 [ 11.260782] ? __switch_to+0x47/0xf50 [ 11.260806] ? __schedule+0x10cc/0x2b60 [ 11.260827] ? __pfx_read_tsc+0x10/0x10 [ 11.260850] krealloc_less_oob+0x1c/0x30 [ 11.260870] kunit_try_run_case+0x1a5/0x480 [ 11.260893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.260914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.260936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.260957] ? __kthread_parkme+0x82/0x180 [ 11.260977] ? preempt_count_sub+0x50/0x80 [ 11.260998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.261020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.261041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.261062] kthread+0x337/0x6f0 [ 11.261080] ? trace_preempt_on+0x20/0xc0 [ 11.261102] ? __pfx_kthread+0x10/0x10 [ 11.261121] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.261140] ? calculate_sigpending+0x7b/0xa0 [ 11.261163] ? __pfx_kthread+0x10/0x10 [ 11.261182] ret_from_fork+0x116/0x1d0 [ 11.261199] ? __pfx_kthread+0x10/0x10 [ 11.261218] ret_from_fork_asm+0x1a/0x30 [ 11.261247] </TASK> [ 11.261258] [ 11.269833] Allocated by task 175: [ 11.269990] kasan_save_stack+0x45/0x70 [ 11.270172] kasan_save_track+0x18/0x40 [ 11.270367] kasan_save_alloc_info+0x3b/0x50 [ 11.270649] __kasan_krealloc+0x190/0x1f0 [ 11.270954] krealloc_noprof+0xf3/0x340 [ 11.271131] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.271290] krealloc_less_oob+0x1c/0x30 [ 11.271535] kunit_try_run_case+0x1a5/0x480 [ 11.271755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.272289] kthread+0x337/0x6f0 [ 11.272496] ret_from_fork+0x116/0x1d0 [ 11.272712] ret_from_fork_asm+0x1a/0x30 [ 11.272853] [ 11.272974] The buggy address belongs to the object at ffff888100ab6e00 [ 11.272974] which belongs to the cache kmalloc-256 of size 256 [ 11.273539] The buggy address is located 17 bytes to the right of [ 11.273539] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.274082] [ 11.274159] The buggy address belongs to the physical page: [ 11.274350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.274912] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.275213] flags: 0x200000000000040(head|node=0|zone=2) [ 11.275424] page_type: f5(slab) [ 11.275629] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.276233] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.276495] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.276725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.277033] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.277648] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.278068] page dumped because: kasan: bad access detected [ 11.278240] [ 11.278310] Memory state around the buggy address: [ 11.278525] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.279183] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.279487] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.279811] ^ [ 11.280431] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.280675] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.280895] ================================================================== [ 11.281536] ================================================================== [ 11.281900] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282356] Write of size 1 at addr ffff888100ab6eea by task kunit_try_catch/175 [ 11.282599] [ 11.282690] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.282733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.282744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.282764] Call Trace: [ 11.282783] <TASK> [ 11.282803] dump_stack_lvl+0x73/0xb0 [ 11.282831] print_report+0xd1/0x650 [ 11.282854] ? __virt_addr_valid+0x1db/0x2d0 [ 11.282876] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.282919] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282941] kasan_report+0x141/0x180 [ 11.282962] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.282988] __asan_report_store1_noabort+0x1b/0x30 [ 11.283007] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.283028] ? __perf_event_task_sched_in+0x151/0x360 [ 11.283055] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.283077] ? finish_task_switch.isra.0+0x153/0x700 [ 11.283097] ? __switch_to+0x47/0xf50 [ 11.283122] ? __schedule+0x10cc/0x2b60 [ 11.283143] ? __pfx_read_tsc+0x10/0x10 [ 11.283166] krealloc_less_oob+0x1c/0x30 [ 11.283186] kunit_try_run_case+0x1a5/0x480 [ 11.283210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.283231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.283253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.283274] ? __kthread_parkme+0x82/0x180 [ 11.283294] ? preempt_count_sub+0x50/0x80 [ 11.283315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.283337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.283358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.283389] kthread+0x337/0x6f0 [ 11.283407] ? trace_preempt_on+0x20/0xc0 [ 11.283429] ? __pfx_kthread+0x10/0x10 [ 11.283448] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.283468] ? calculate_sigpending+0x7b/0xa0 [ 11.283490] ? __pfx_kthread+0x10/0x10 [ 11.283510] ret_from_fork+0x116/0x1d0 [ 11.283528] ? __pfx_kthread+0x10/0x10 [ 11.283546] ret_from_fork_asm+0x1a/0x30 [ 11.283576] </TASK> [ 11.283587] [ 11.292361] Allocated by task 175: [ 11.292537] kasan_save_stack+0x45/0x70 [ 11.292754] kasan_save_track+0x18/0x40 [ 11.292943] kasan_save_alloc_info+0x3b/0x50 [ 11.293147] __kasan_krealloc+0x190/0x1f0 [ 11.293338] krealloc_noprof+0xf3/0x340 [ 11.293560] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.293721] krealloc_less_oob+0x1c/0x30 [ 11.293858] kunit_try_run_case+0x1a5/0x480 [ 11.294442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.294894] kthread+0x337/0x6f0 [ 11.295105] ret_from_fork+0x116/0x1d0 [ 11.295298] ret_from_fork_asm+0x1a/0x30 [ 11.295511] [ 11.295621] The buggy address belongs to the object at ffff888100ab6e00 [ 11.295621] which belongs to the cache kmalloc-256 of size 256 [ 11.296277] The buggy address is located 33 bytes to the right of [ 11.296277] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.296683] [ 11.296758] The buggy address belongs to the physical page: [ 11.297180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.297557] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.298179] flags: 0x200000000000040(head|node=0|zone=2) [ 11.298421] page_type: f5(slab) [ 11.298547] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.299177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.299512] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.299745] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.299975] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.300408] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.300752] page dumped because: kasan: bad access detected [ 11.300981] [ 11.301051] Memory state around the buggy address: [ 11.301270] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.301573] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.302301] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.302565] ^ [ 11.302912] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.303263] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.303601] ================================================================== [ 11.213270] ================================================================== [ 11.213735] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.214558] Write of size 1 at addr ffff888100ab6ec9 by task kunit_try_catch/175 [ 11.214859] [ 11.215286] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.215338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.215350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.215387] Call Trace: [ 11.215400] <TASK> [ 11.215420] dump_stack_lvl+0x73/0xb0 [ 11.215453] print_report+0xd1/0x650 [ 11.215477] ? __virt_addr_valid+0x1db/0x2d0 [ 11.215501] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215523] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.215544] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215566] kasan_report+0x141/0x180 [ 11.215586] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215613] __asan_report_store1_noabort+0x1b/0x30 [ 11.215632] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.215653] ? __perf_event_task_sched_in+0x151/0x360 [ 11.215681] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.215703] ? finish_task_switch.isra.0+0x153/0x700 [ 11.215725] ? __switch_to+0x47/0xf50 [ 11.215751] ? __schedule+0x10cc/0x2b60 [ 11.215772] ? __pfx_read_tsc+0x10/0x10 [ 11.215796] krealloc_less_oob+0x1c/0x30 [ 11.215818] kunit_try_run_case+0x1a5/0x480 [ 11.215843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.215863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.215886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.215907] ? __kthread_parkme+0x82/0x180 [ 11.215946] ? preempt_count_sub+0x50/0x80 [ 11.215968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.215990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.216011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.216032] kthread+0x337/0x6f0 [ 11.216050] ? trace_preempt_on+0x20/0xc0 [ 11.216072] ? __pfx_kthread+0x10/0x10 [ 11.216091] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.216111] ? calculate_sigpending+0x7b/0xa0 [ 11.216133] ? __pfx_kthread+0x10/0x10 [ 11.216153] ret_from_fork+0x116/0x1d0 [ 11.216170] ? __pfx_kthread+0x10/0x10 [ 11.216189] ret_from_fork_asm+0x1a/0x30 [ 11.216219] </TASK> [ 11.216230] [ 11.224687] Allocated by task 175: [ 11.224899] kasan_save_stack+0x45/0x70 [ 11.225195] kasan_save_track+0x18/0x40 [ 11.225675] kasan_save_alloc_info+0x3b/0x50 [ 11.225852] __kasan_krealloc+0x190/0x1f0 [ 11.225991] krealloc_noprof+0xf3/0x340 [ 11.226126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.226358] krealloc_less_oob+0x1c/0x30 [ 11.226566] kunit_try_run_case+0x1a5/0x480 [ 11.226778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.227133] kthread+0x337/0x6f0 [ 11.227275] ret_from_fork+0x116/0x1d0 [ 11.227467] ret_from_fork_asm+0x1a/0x30 [ 11.227688] [ 11.227788] The buggy address belongs to the object at ffff888100ab6e00 [ 11.227788] which belongs to the cache kmalloc-256 of size 256 [ 11.228250] The buggy address is located 0 bytes to the right of [ 11.228250] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.229248] [ 11.229367] The buggy address belongs to the physical page: [ 11.229684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.230009] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.230239] flags: 0x200000000000040(head|node=0|zone=2) [ 11.230495] page_type: f5(slab) [ 11.230665] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.231061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.231591] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.231895] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.232164] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.232407] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.232862] page dumped because: kasan: bad access detected [ 11.233525] [ 11.233634] Memory state around the buggy address: [ 11.233808] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.234082] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.234415] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.234729] ^ [ 11.235066] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.235365] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.235697] ================================================================== [ 11.400818] ================================================================== [ 11.401311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.401735] Write of size 1 at addr ffff888102bea0d0 by task kunit_try_catch/179 [ 11.402092] [ 11.402207] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.402250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.402262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.402282] Call Trace: [ 11.402301] <TASK> [ 11.402319] dump_stack_lvl+0x73/0xb0 [ 11.402349] print_report+0xd1/0x650 [ 11.402383] ? __virt_addr_valid+0x1db/0x2d0 [ 11.402405] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402427] ? kasan_addr_to_slab+0x11/0xa0 [ 11.402447] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402470] kasan_report+0x141/0x180 [ 11.402490] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402517] __asan_report_store1_noabort+0x1b/0x30 [ 11.402537] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.402561] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.402584] ? finish_task_switch.isra.0+0x153/0x700 [ 11.402606] ? __switch_to+0x47/0xf50 [ 11.402632] ? __schedule+0x10cc/0x2b60 [ 11.402653] ? __pfx_read_tsc+0x10/0x10 [ 11.402676] krealloc_large_less_oob+0x1c/0x30 [ 11.402697] kunit_try_run_case+0x1a5/0x480 [ 11.402722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.402743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.402766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.402787] ? __kthread_parkme+0x82/0x180 [ 11.402807] ? preempt_count_sub+0x50/0x80 [ 11.402829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.402851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.402872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.402894] kthread+0x337/0x6f0 [ 11.402912] ? trace_preempt_on+0x20/0xc0 [ 11.402935] ? __pfx_kthread+0x10/0x10 [ 11.402954] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.402973] ? calculate_sigpending+0x7b/0xa0 [ 11.402997] ? __pfx_kthread+0x10/0x10 [ 11.403017] ret_from_fork+0x116/0x1d0 [ 11.403034] ? __pfx_kthread+0x10/0x10 [ 11.403053] ret_from_fork_asm+0x1a/0x30 [ 11.403083] </TASK> [ 11.403093] [ 11.411602] The buggy address belongs to the physical page: [ 11.411832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.412220] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.412752] flags: 0x200000000000040(head|node=0|zone=2) [ 11.412948] page_type: f8(unknown) [ 11.413176] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.413465] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.413711] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.414341] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.414661] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.414958] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.415337] page dumped because: kasan: bad access detected [ 11.415532] [ 11.415602] Memory state around the buggy address: [ 11.415758] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.416072] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.416417] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.416676] ^ [ 11.416855] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.417451] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.417757] ================================================================== [ 11.436040] ================================================================== [ 11.436433] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437129] Write of size 1 at addr ffff888102bea0ea by task kunit_try_catch/179 [ 11.437391] [ 11.437507] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.437550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.437561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.437580] Call Trace: [ 11.437598] <TASK> [ 11.437617] dump_stack_lvl+0x73/0xb0 [ 11.437645] print_report+0xd1/0x650 [ 11.437668] ? __virt_addr_valid+0x1db/0x2d0 [ 11.437691] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437730] ? kasan_addr_to_slab+0x11/0xa0 [ 11.437750] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437773] kasan_report+0x141/0x180 [ 11.437793] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437820] __asan_report_store1_noabort+0x1b/0x30 [ 11.437839] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.437864] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.437886] ? finish_task_switch.isra.0+0x153/0x700 [ 11.437908] ? __switch_to+0x47/0xf50 [ 11.437975] ? __schedule+0x10cc/0x2b60 [ 11.437998] ? __pfx_read_tsc+0x10/0x10 [ 11.438022] krealloc_large_less_oob+0x1c/0x30 [ 11.438043] kunit_try_run_case+0x1a5/0x480 [ 11.438068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.438089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.438112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.438134] ? __kthread_parkme+0x82/0x180 [ 11.438154] ? preempt_count_sub+0x50/0x80 [ 11.438176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.438198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.438219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.438241] kthread+0x337/0x6f0 [ 11.438259] ? trace_preempt_on+0x20/0xc0 [ 11.438282] ? __pfx_kthread+0x10/0x10 [ 11.438302] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.438322] ? calculate_sigpending+0x7b/0xa0 [ 11.438345] ? __pfx_kthread+0x10/0x10 [ 11.438365] ret_from_fork+0x116/0x1d0 [ 11.438395] ? __pfx_kthread+0x10/0x10 [ 11.438414] ret_from_fork_asm+0x1a/0x30 [ 11.438445] </TASK> [ 11.438455] [ 11.446464] The buggy address belongs to the physical page: [ 11.446749] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.446997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.447306] flags: 0x200000000000040(head|node=0|zone=2) [ 11.447576] page_type: f8(unknown) [ 11.447915] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.448177] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.448459] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.448992] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.449311] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.449554] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.449933] page dumped because: kasan: bad access detected [ 11.450178] [ 11.450271] Memory state around the buggy address: [ 11.450700] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.451184] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.451537] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.452022] ^ [ 11.452279] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.452533] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.452777] ================================================================== [ 11.236223] ================================================================== [ 11.236599] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.236885] Write of size 1 at addr ffff888100ab6ed0 by task kunit_try_catch/175 [ 11.237582] [ 11.237709] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.237754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.237766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.237785] Call Trace: [ 11.237804] <TASK> [ 11.237823] dump_stack_lvl+0x73/0xb0 [ 11.237855] print_report+0xd1/0x650 [ 11.237878] ? __virt_addr_valid+0x1db/0x2d0 [ 11.237900] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.237922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.237942] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.237964] kasan_report+0x141/0x180 [ 11.237985] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.238012] __asan_report_store1_noabort+0x1b/0x30 [ 11.238031] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.238052] ? __perf_event_task_sched_in+0x151/0x360 [ 11.238079] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.238102] ? finish_task_switch.isra.0+0x153/0x700 [ 11.238126] ? __switch_to+0x47/0xf50 [ 11.238152] ? __schedule+0x10cc/0x2b60 [ 11.238175] ? __pfx_read_tsc+0x10/0x10 [ 11.238199] krealloc_less_oob+0x1c/0x30 [ 11.238219] kunit_try_run_case+0x1a5/0x480 [ 11.238242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.238262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.238285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.238307] ? __kthread_parkme+0x82/0x180 [ 11.238328] ? preempt_count_sub+0x50/0x80 [ 11.238349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.238384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.238406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.238428] kthread+0x337/0x6f0 [ 11.238446] ? trace_preempt_on+0x20/0xc0 [ 11.238469] ? __pfx_kthread+0x10/0x10 [ 11.238488] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.238508] ? calculate_sigpending+0x7b/0xa0 [ 11.238531] ? __pfx_kthread+0x10/0x10 [ 11.238551] ret_from_fork+0x116/0x1d0 [ 11.238568] ? __pfx_kthread+0x10/0x10 [ 11.238587] ret_from_fork_asm+0x1a/0x30 [ 11.238618] </TASK> [ 11.238629] [ 11.247228] Allocated by task 175: [ 11.247448] kasan_save_stack+0x45/0x70 [ 11.247718] kasan_save_track+0x18/0x40 [ 11.247855] kasan_save_alloc_info+0x3b/0x50 [ 11.248125] __kasan_krealloc+0x190/0x1f0 [ 11.248285] krealloc_noprof+0xf3/0x340 [ 11.248436] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.248750] krealloc_less_oob+0x1c/0x30 [ 11.248957] kunit_try_run_case+0x1a5/0x480 [ 11.249462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.249710] kthread+0x337/0x6f0 [ 11.249855] ret_from_fork+0x116/0x1d0 [ 11.249986] ret_from_fork_asm+0x1a/0x30 [ 11.250124] [ 11.250194] The buggy address belongs to the object at ffff888100ab6e00 [ 11.250194] which belongs to the cache kmalloc-256 of size 256 [ 11.250971] The buggy address is located 7 bytes to the right of [ 11.250971] allocated 201-byte region [ffff888100ab6e00, ffff888100ab6ec9) [ 11.251530] [ 11.251604] The buggy address belongs to the physical page: [ 11.251778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab6 [ 11.252039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.252445] flags: 0x200000000000040(head|node=0|zone=2) [ 11.252882] page_type: f5(slab) [ 11.253437] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.253822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.254051] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.254282] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.254774] head: 0200000000000001 ffffea000402ad81 00000000ffffffff 00000000ffffffff [ 11.255314] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.255669] page dumped because: kasan: bad access detected [ 11.255877] [ 11.255947] Memory state around the buggy address: [ 11.256213] ffff888100ab6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.256520] ffff888100ab6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.256770] >ffff888100ab6e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.257742] ^ [ 11.258063] ffff888100ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.258359] ffff888100ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.258673] ================================================================== [ 11.418172] ================================================================== [ 11.418468] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.418767] Write of size 1 at addr ffff888102bea0da by task kunit_try_catch/179 [ 11.419227] [ 11.419363] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.419420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.419431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.419451] Call Trace: [ 11.419468] <TASK> [ 11.419485] dump_stack_lvl+0x73/0xb0 [ 11.419515] print_report+0xd1/0x650 [ 11.419537] ? __virt_addr_valid+0x1db/0x2d0 [ 11.419560] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419582] ? kasan_addr_to_slab+0x11/0xa0 [ 11.419601] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419623] kasan_report+0x141/0x180 [ 11.419644] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419671] __asan_report_store1_noabort+0x1b/0x30 [ 11.419691] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.419715] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.419737] ? finish_task_switch.isra.0+0x153/0x700 [ 11.419758] ? __switch_to+0x47/0xf50 [ 11.419783] ? __schedule+0x10cc/0x2b60 [ 11.419804] ? __pfx_read_tsc+0x10/0x10 [ 11.419828] krealloc_large_less_oob+0x1c/0x30 [ 11.419849] kunit_try_run_case+0x1a5/0x480 [ 11.419873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.419894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.419917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.419938] ? __kthread_parkme+0x82/0x180 [ 11.419958] ? preempt_count_sub+0x50/0x80 [ 11.420034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.420059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.420081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.420103] kthread+0x337/0x6f0 [ 11.420122] ? trace_preempt_on+0x20/0xc0 [ 11.420146] ? __pfx_kthread+0x10/0x10 [ 11.420165] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.420185] ? calculate_sigpending+0x7b/0xa0 [ 11.420208] ? __pfx_kthread+0x10/0x10 [ 11.420228] ret_from_fork+0x116/0x1d0 [ 11.420245] ? __pfx_kthread+0x10/0x10 [ 11.420265] ret_from_fork_asm+0x1a/0x30 [ 11.420294] </TASK> [ 11.420304] [ 11.428135] The buggy address belongs to the physical page: [ 11.428420] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.428808] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.429165] flags: 0x200000000000040(head|node=0|zone=2) [ 11.429396] page_type: f8(unknown) [ 11.429578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.429875] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.430410] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.430747] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.431184] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.431488] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.431717] page dumped because: kasan: bad access detected [ 11.431887] [ 11.431957] Memory state around the buggy address: [ 11.432154] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.432549] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.432843] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.433055] ^ [ 11.433242] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.433467] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.434085] ================================================================== [ 11.378273] ================================================================== [ 11.378794] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.379148] Write of size 1 at addr ffff888102bea0c9 by task kunit_try_catch/179 [ 11.379587] [ 11.379691] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.379739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.379751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.379773] Call Trace: [ 11.379879] <TASK> [ 11.379899] dump_stack_lvl+0x73/0xb0 [ 11.379931] print_report+0xd1/0x650 [ 11.379954] ? __virt_addr_valid+0x1db/0x2d0 [ 11.379978] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380000] ? kasan_addr_to_slab+0x11/0xa0 [ 11.380019] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380087] kasan_report+0x141/0x180 [ 11.380109] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380159] __asan_report_store1_noabort+0x1b/0x30 [ 11.380183] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.380208] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.380231] ? finish_task_switch.isra.0+0x153/0x700 [ 11.380255] ? __switch_to+0x47/0xf50 [ 11.380281] ? __schedule+0x10cc/0x2b60 [ 11.380304] ? __pfx_read_tsc+0x10/0x10 [ 11.380346] krealloc_large_less_oob+0x1c/0x30 [ 11.380368] kunit_try_run_case+0x1a5/0x480 [ 11.380413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.380434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.380459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.380480] ? __kthread_parkme+0x82/0x180 [ 11.380501] ? preempt_count_sub+0x50/0x80 [ 11.380523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.380545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.380568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.380590] kthread+0x337/0x6f0 [ 11.380608] ? trace_preempt_on+0x20/0xc0 [ 11.380631] ? __pfx_kthread+0x10/0x10 [ 11.380650] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.380671] ? calculate_sigpending+0x7b/0xa0 [ 11.380694] ? __pfx_kthread+0x10/0x10 [ 11.380714] ret_from_fork+0x116/0x1d0 [ 11.380731] ? __pfx_kthread+0x10/0x10 [ 11.380750] ret_from_fork_asm+0x1a/0x30 [ 11.380781] </TASK> [ 11.380792] [ 11.393425] The buggy address belongs to the physical page: [ 11.393706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.394049] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.394474] flags: 0x200000000000040(head|node=0|zone=2) [ 11.394773] page_type: f8(unknown) [ 11.395028] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.395415] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.395692] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.396117] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.396521] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.396890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.397320] page dumped because: kasan: bad access detected [ 11.397601] [ 11.397681] Memory state around the buggy address: [ 11.398027] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398646] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398952] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.399421] ^ [ 11.399697] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.400054] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.400366] ================================================================== [ 11.453334] ================================================================== [ 11.453720] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454073] Write of size 1 at addr ffff888102bea0eb by task kunit_try_catch/179 [ 11.454339] [ 11.454458] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.454500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.454512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.454532] Call Trace: [ 11.454550] <TASK> [ 11.454567] dump_stack_lvl+0x73/0xb0 [ 11.454594] print_report+0xd1/0x650 [ 11.454617] ? __virt_addr_valid+0x1db/0x2d0 [ 11.454639] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454661] ? kasan_addr_to_slab+0x11/0xa0 [ 11.454680] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454703] kasan_report+0x141/0x180 [ 11.454723] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454815] __asan_report_store1_noabort+0x1b/0x30 [ 11.454838] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.454862] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.454885] ? finish_task_switch.isra.0+0x153/0x700 [ 11.454906] ? __switch_to+0x47/0xf50 [ 11.454960] ? __schedule+0x10cc/0x2b60 [ 11.454984] ? __pfx_read_tsc+0x10/0x10 [ 11.455007] krealloc_large_less_oob+0x1c/0x30 [ 11.455029] kunit_try_run_case+0x1a5/0x480 [ 11.455053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.455074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.455097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.455118] ? __kthread_parkme+0x82/0x180 [ 11.455138] ? preempt_count_sub+0x50/0x80 [ 11.455160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.455182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.455204] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.455226] kthread+0x337/0x6f0 [ 11.455244] ? trace_preempt_on+0x20/0xc0 [ 11.455268] ? __pfx_kthread+0x10/0x10 [ 11.455287] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.455307] ? calculate_sigpending+0x7b/0xa0 [ 11.455330] ? __pfx_kthread+0x10/0x10 [ 11.455350] ret_from_fork+0x116/0x1d0 [ 11.455367] ? __pfx_kthread+0x10/0x10 [ 11.455397] ret_from_fork_asm+0x1a/0x30 [ 11.455427] </TASK> [ 11.455438] [ 11.463737] The buggy address belongs to the physical page: [ 11.464072] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 11.464764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.465019] flags: 0x200000000000040(head|node=0|zone=2) [ 11.465391] page_type: f8(unknown) [ 11.465578] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.465959] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.466223] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.466520] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.467010] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 11.467400] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.467629] page dumped because: kasan: bad access detected [ 11.467800] [ 11.467898] Memory state around the buggy address: [ 11.468120] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.468716] ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.469073] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.469287] ^ [ 11.469501] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.470033] ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.470350] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.354551] ================================================================== [ 11.354853] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.355189] Write of size 1 at addr ffff8881027be0f0 by task kunit_try_catch/177 [ 11.355488] [ 11.355604] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.355757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.355769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.355789] Call Trace: [ 11.355808] <TASK> [ 11.355828] dump_stack_lvl+0x73/0xb0 [ 11.355858] print_report+0xd1/0x650 [ 11.355882] ? __virt_addr_valid+0x1db/0x2d0 [ 11.355904] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.356137] ? kasan_addr_to_slab+0x11/0xa0 [ 11.356162] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.356185] kasan_report+0x141/0x180 [ 11.356206] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.356233] __asan_report_store1_noabort+0x1b/0x30 [ 11.356253] krealloc_more_oob_helper+0x7eb/0x930 [ 11.356274] ? __schedule+0x10cc/0x2b60 [ 11.356295] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.356339] ? finish_task_switch.isra.0+0x153/0x700 [ 11.356360] ? __switch_to+0x47/0xf50 [ 11.356405] ? __schedule+0x10cc/0x2b60 [ 11.356424] ? __pfx_read_tsc+0x10/0x10 [ 11.356448] krealloc_large_more_oob+0x1c/0x30 [ 11.356488] kunit_try_run_case+0x1a5/0x480 [ 11.356512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.356533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.356556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.356578] ? __kthread_parkme+0x82/0x180 [ 11.356598] ? preempt_count_sub+0x50/0x80 [ 11.356619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.356641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.356662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.356684] kthread+0x337/0x6f0 [ 11.356701] ? trace_preempt_on+0x20/0xc0 [ 11.356724] ? __pfx_kthread+0x10/0x10 [ 11.356743] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.356763] ? calculate_sigpending+0x7b/0xa0 [ 11.356785] ? __pfx_kthread+0x10/0x10 [ 11.356805] ret_from_fork+0x116/0x1d0 [ 11.356822] ? __pfx_kthread+0x10/0x10 [ 11.356841] ret_from_fork_asm+0x1a/0x30 [ 11.356871] </TASK> [ 11.356881] [ 11.366130] The buggy address belongs to the physical page: [ 11.366362] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 11.366844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.367292] flags: 0x200000000000040(head|node=0|zone=2) [ 11.367600] page_type: f8(unknown) [ 11.367788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.368345] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.368634] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.368865] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.369202] head: 0200000000000002 ffffea000409ef01 00000000ffffffff 00000000ffffffff [ 11.369861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.370171] page dumped because: kasan: bad access detected [ 11.370506] [ 11.370592] Memory state around the buggy address: [ 11.370857] ffff8881027bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.371197] ffff8881027be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.371421] >ffff8881027be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.371807] ^ [ 11.372600] ffff8881027be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.373281] ffff8881027be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.373587] ================================================================== [ 11.332013] ================================================================== [ 11.332520] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.332908] Write of size 1 at addr ffff8881027be0eb by task kunit_try_catch/177 [ 11.333209] [ 11.333367] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.333426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.333438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.333479] Call Trace: [ 11.333493] <TASK> [ 11.333527] dump_stack_lvl+0x73/0xb0 [ 11.333572] print_report+0xd1/0x650 [ 11.333595] ? __virt_addr_valid+0x1db/0x2d0 [ 11.333620] ? krealloc_more_oob_helper+0x821/0x930 [ 11.333642] ? kasan_addr_to_slab+0x11/0xa0 [ 11.333661] ? krealloc_more_oob_helper+0x821/0x930 [ 11.333683] kasan_report+0x141/0x180 [ 11.333704] ? krealloc_more_oob_helper+0x821/0x930 [ 11.333739] __asan_report_store1_noabort+0x1b/0x30 [ 11.333759] krealloc_more_oob_helper+0x821/0x930 [ 11.333780] ? __schedule+0x10cc/0x2b60 [ 11.333801] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.333824] ? finish_task_switch.isra.0+0x153/0x700 [ 11.333847] ? __switch_to+0x47/0xf50 [ 11.333873] ? __schedule+0x10cc/0x2b60 [ 11.333893] ? __pfx_read_tsc+0x10/0x10 [ 11.333918] krealloc_large_more_oob+0x1c/0x30 [ 11.333940] kunit_try_run_case+0x1a5/0x480 [ 11.333966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.333987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.334010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.334032] ? __kthread_parkme+0x82/0x180 [ 11.334053] ? preempt_count_sub+0x50/0x80 [ 11.334074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.334096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.334117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.334158] kthread+0x337/0x6f0 [ 11.334176] ? trace_preempt_on+0x20/0xc0 [ 11.334200] ? __pfx_kthread+0x10/0x10 [ 11.334219] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.334239] ? calculate_sigpending+0x7b/0xa0 [ 11.334262] ? __pfx_kthread+0x10/0x10 [ 11.334282] ret_from_fork+0x116/0x1d0 [ 11.334299] ? __pfx_kthread+0x10/0x10 [ 11.334335] ret_from_fork_asm+0x1a/0x30 [ 11.334366] </TASK> [ 11.334387] [ 11.343862] The buggy address belongs to the physical page: [ 11.344070] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 11.345226] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.345736] flags: 0x200000000000040(head|node=0|zone=2) [ 11.346353] page_type: f8(unknown) [ 11.346541] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.347201] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.347530] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.348528] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.349224] head: 0200000000000002 ffffea000409ef01 00000000ffffffff 00000000ffffffff [ 11.349548] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.349856] page dumped because: kasan: bad access detected [ 11.350126] [ 11.350217] Memory state around the buggy address: [ 11.350423] ffff8881027bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.351326] ffff8881027be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.351624] >ffff8881027be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.352451] ^ [ 11.353155] ffff8881027be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.353451] ffff8881027be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.353918] ================================================================== [ 11.156709] ================================================================== [ 11.157578] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.158367] Write of size 1 at addr ffff88810033b6eb by task kunit_try_catch/173 [ 11.158858] [ 11.159080] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.159129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.159140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.159183] Call Trace: [ 11.159198] <TASK> [ 11.159216] dump_stack_lvl+0x73/0xb0 [ 11.159247] print_report+0xd1/0x650 [ 11.159270] ? __virt_addr_valid+0x1db/0x2d0 [ 11.159292] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.159335] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159357] kasan_report+0x141/0x180 [ 11.159387] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159414] __asan_report_store1_noabort+0x1b/0x30 [ 11.159433] krealloc_more_oob_helper+0x821/0x930 [ 11.159453] ? __schedule+0x10cc/0x2b60 [ 11.159474] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.159497] ? finish_task_switch.isra.0+0x153/0x700 [ 11.159519] ? __switch_to+0x47/0xf50 [ 11.159543] ? __schedule+0x10cc/0x2b60 [ 11.159580] ? __pfx_read_tsc+0x10/0x10 [ 11.159603] krealloc_more_oob+0x1c/0x30 [ 11.159623] kunit_try_run_case+0x1a5/0x480 [ 11.159647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.159667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.159689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.159710] ? __kthread_parkme+0x82/0x180 [ 11.159730] ? preempt_count_sub+0x50/0x80 [ 11.159751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.159773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.159794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.159815] kthread+0x337/0x6f0 [ 11.159833] ? trace_preempt_on+0x20/0xc0 [ 11.159855] ? __pfx_kthread+0x10/0x10 [ 11.159874] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.159894] ? calculate_sigpending+0x7b/0xa0 [ 11.159933] ? __pfx_kthread+0x10/0x10 [ 11.159953] ret_from_fork+0x116/0x1d0 [ 11.159970] ? __pfx_kthread+0x10/0x10 [ 11.159989] ret_from_fork_asm+0x1a/0x30 [ 11.160018] </TASK> [ 11.160029] [ 11.171205] Allocated by task 173: [ 11.171359] kasan_save_stack+0x45/0x70 [ 11.171519] kasan_save_track+0x18/0x40 [ 11.171820] kasan_save_alloc_info+0x3b/0x50 [ 11.172239] __kasan_krealloc+0x190/0x1f0 [ 11.172630] krealloc_noprof+0xf3/0x340 [ 11.173036] krealloc_more_oob_helper+0x1a9/0x930 [ 11.173480] krealloc_more_oob+0x1c/0x30 [ 11.173893] kunit_try_run_case+0x1a5/0x480 [ 11.174333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.174877] kthread+0x337/0x6f0 [ 11.175167] ret_from_fork+0x116/0x1d0 [ 11.175587] ret_from_fork_asm+0x1a/0x30 [ 11.175996] [ 11.176186] The buggy address belongs to the object at ffff88810033b600 [ 11.176186] which belongs to the cache kmalloc-256 of size 256 [ 11.176872] The buggy address is located 0 bytes to the right of [ 11.176872] allocated 235-byte region [ffff88810033b600, ffff88810033b6eb) [ 11.177443] [ 11.177531] The buggy address belongs to the physical page: [ 11.177871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 11.178598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.179073] flags: 0x200000000000040(head|node=0|zone=2) [ 11.179546] page_type: f5(slab) [ 11.179770] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.180230] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.180599] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.180832] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.181524] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 11.182303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.182894] page dumped because: kasan: bad access detected [ 11.183308] [ 11.183484] Memory state around the buggy address: [ 11.183999] ffff88810033b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.184244] ffff88810033b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.184477] >ffff88810033b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.184691] ^ [ 11.185057] ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.185514] ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.185793] ================================================================== [ 11.186764] ================================================================== [ 11.187022] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.187323] Write of size 1 at addr ffff88810033b6f0 by task kunit_try_catch/173 [ 11.188270] [ 11.188406] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.188452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.188464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.188484] Call Trace: [ 11.188495] <TASK> [ 11.188514] dump_stack_lvl+0x73/0xb0 [ 11.188544] print_report+0xd1/0x650 [ 11.188567] ? __virt_addr_valid+0x1db/0x2d0 [ 11.188589] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.188611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.188631] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.188654] kasan_report+0x141/0x180 [ 11.188674] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.188700] __asan_report_store1_noabort+0x1b/0x30 [ 11.188720] krealloc_more_oob_helper+0x7eb/0x930 [ 11.188741] ? __schedule+0x10cc/0x2b60 [ 11.188763] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.188786] ? finish_task_switch.isra.0+0x153/0x700 [ 11.188807] ? __switch_to+0x47/0xf50 [ 11.188832] ? __schedule+0x10cc/0x2b60 [ 11.188852] ? __pfx_read_tsc+0x10/0x10 [ 11.188875] krealloc_more_oob+0x1c/0x30 [ 11.188895] kunit_try_run_case+0x1a5/0x480 [ 11.188919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.188941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.188963] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.188984] ? __kthread_parkme+0x82/0x180 [ 11.189004] ? preempt_count_sub+0x50/0x80 [ 11.189025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.189047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.189068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.189089] kthread+0x337/0x6f0 [ 11.189107] ? trace_preempt_on+0x20/0xc0 [ 11.189129] ? __pfx_kthread+0x10/0x10 [ 11.189148] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.189167] ? calculate_sigpending+0x7b/0xa0 [ 11.189190] ? __pfx_kthread+0x10/0x10 [ 11.189210] ret_from_fork+0x116/0x1d0 [ 11.189227] ? __pfx_kthread+0x10/0x10 [ 11.189245] ret_from_fork_asm+0x1a/0x30 [ 11.189274] </TASK> [ 11.189285] [ 11.197195] Allocated by task 173: [ 11.197416] kasan_save_stack+0x45/0x70 [ 11.197621] kasan_save_track+0x18/0x40 [ 11.197809] kasan_save_alloc_info+0x3b/0x50 [ 11.198014] __kasan_krealloc+0x190/0x1f0 [ 11.198174] krealloc_noprof+0xf3/0x340 [ 11.198307] krealloc_more_oob_helper+0x1a9/0x930 [ 11.198938] krealloc_more_oob+0x1c/0x30 [ 11.199422] kunit_try_run_case+0x1a5/0x480 [ 11.199642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.199857] kthread+0x337/0x6f0 [ 11.200067] ret_from_fork+0x116/0x1d0 [ 11.200244] ret_from_fork_asm+0x1a/0x30 [ 11.200434] [ 11.200505] The buggy address belongs to the object at ffff88810033b600 [ 11.200505] which belongs to the cache kmalloc-256 of size 256 [ 11.201359] The buggy address is located 5 bytes to the right of [ 11.201359] allocated 235-byte region [ffff88810033b600, ffff88810033b6eb) [ 11.201894] [ 11.202280] The buggy address belongs to the physical page: [ 11.202480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 11.202734] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.203070] flags: 0x200000000000040(head|node=0|zone=2) [ 11.203492] page_type: f5(slab) [ 11.203716] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.204118] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.204444] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.204678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.205016] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 11.205363] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.205710] page dumped because: kasan: bad access detected [ 11.205963] [ 11.206036] Memory state around the buggy address: [ 11.206269] ffff88810033b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.206562] ffff88810033b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.206778] >ffff88810033b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.207057] ^ [ 11.207658] ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.207927] ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.208472] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 11.132023] ================================================================== [ 11.132682] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.134069] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/171 [ 11.134508] [ 11.134633] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.134683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.134820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.134842] Call Trace: [ 11.134855] <TASK> [ 11.134874] dump_stack_lvl+0x73/0xb0 [ 11.134909] print_report+0xd1/0x650 [ 11.134981] ? __virt_addr_valid+0x1db/0x2d0 [ 11.135008] ? page_alloc_uaf+0x356/0x3d0 [ 11.135028] ? kasan_addr_to_slab+0x11/0xa0 [ 11.135047] ? page_alloc_uaf+0x356/0x3d0 [ 11.135069] kasan_report+0x141/0x180 [ 11.135090] ? page_alloc_uaf+0x356/0x3d0 [ 11.135115] __asan_report_load1_noabort+0x18/0x20 [ 11.135137] page_alloc_uaf+0x356/0x3d0 [ 11.135158] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.135180] ? __schedule+0x10cc/0x2b60 [ 11.135202] ? __pfx_read_tsc+0x10/0x10 [ 11.135223] ? ktime_get_ts64+0x86/0x230 [ 11.135248] kunit_try_run_case+0x1a5/0x480 [ 11.135274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.135294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.135317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.135338] ? __kthread_parkme+0x82/0x180 [ 11.135359] ? preempt_count_sub+0x50/0x80 [ 11.135397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.135419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.135440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.135461] kthread+0x337/0x6f0 [ 11.135479] ? trace_preempt_on+0x20/0xc0 [ 11.135502] ? __pfx_kthread+0x10/0x10 [ 11.135521] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.135541] ? calculate_sigpending+0x7b/0xa0 [ 11.135564] ? __pfx_kthread+0x10/0x10 [ 11.135583] ret_from_fork+0x116/0x1d0 [ 11.135600] ? __pfx_kthread+0x10/0x10 [ 11.135620] ret_from_fork_asm+0x1a/0x30 [ 11.135650] </TASK> [ 11.135660] [ 11.146826] The buggy address belongs to the physical page: [ 11.147205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 11.147866] flags: 0x200000000000000(node=0|zone=2) [ 11.148276] page_type: f0(buddy) [ 11.148546] raw: 0200000000000000 ffff88817fffb5c8 ffff88817fffb5c8 0000000000000000 [ 11.149283] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 11.149783] page dumped because: kasan: bad access detected [ 11.150220] [ 11.150302] Memory state around the buggy address: [ 11.150569] ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.151237] ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.151539] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.152029] ^ [ 11.152185] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.152532] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.153224] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 11.096236] ================================================================== [ 11.097697] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.098720] Free of addr ffff888102be0001 by task kunit_try_catch/167 [ 11.099602] [ 11.099739] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.099788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.099800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.099821] Call Trace: [ 11.099838] <TASK> [ 11.099857] dump_stack_lvl+0x73/0xb0 [ 11.099889] print_report+0xd1/0x650 [ 11.099913] ? __virt_addr_valid+0x1db/0x2d0 [ 11.099937] ? kasan_addr_to_slab+0x11/0xa0 [ 11.099956] ? kfree+0x274/0x3f0 [ 11.099977] kasan_report_invalid_free+0x10a/0x130 [ 11.100000] ? kfree+0x274/0x3f0 [ 11.100022] ? kfree+0x274/0x3f0 [ 11.100042] __kasan_kfree_large+0x86/0xd0 [ 11.100062] free_large_kmalloc+0x4b/0x110 [ 11.100084] kfree+0x274/0x3f0 [ 11.100108] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.100130] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.100151] ? __schedule+0x10cc/0x2b60 [ 11.100173] ? __pfx_read_tsc+0x10/0x10 [ 11.100194] ? ktime_get_ts64+0x86/0x230 [ 11.100217] kunit_try_run_case+0x1a5/0x480 [ 11.100240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.100261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.100283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.100304] ? __kthread_parkme+0x82/0x180 [ 11.100324] ? preempt_count_sub+0x50/0x80 [ 11.100347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.100369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.100411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.100433] kthread+0x337/0x6f0 [ 11.100451] ? trace_preempt_on+0x20/0xc0 [ 11.100480] ? __pfx_kthread+0x10/0x10 [ 11.100500] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.100520] ? calculate_sigpending+0x7b/0xa0 [ 11.100543] ? __pfx_kthread+0x10/0x10 [ 11.100563] ret_from_fork+0x116/0x1d0 [ 11.100580] ? __pfx_kthread+0x10/0x10 [ 11.100600] ret_from_fork_asm+0x1a/0x30 [ 11.100630] </TASK> [ 11.100641] [ 11.112892] The buggy address belongs to the physical page: [ 11.113360] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be0 [ 11.113830] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.114329] flags: 0x200000000000040(head|node=0|zone=2) [ 11.114607] page_type: f8(unknown) [ 11.115219] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.115727] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.116124] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.116489] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.117097] head: 0200000000000002 ffffea00040af801 00000000ffffffff 00000000ffffffff [ 11.117536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.118098] page dumped because: kasan: bad access detected [ 11.118355] [ 11.118467] Memory state around the buggy address: [ 11.119152] ffff888102bdff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.119630] ffff888102bdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.120053] >ffff888102be0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.120404] ^ [ 11.120718] ffff888102be0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.121192] ffff888102be0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.121673] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 11.068991] ================================================================== [ 11.069702] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 11.070540] Read of size 1 at addr ffff888102be0000 by task kunit_try_catch/165 [ 11.071320] [ 11.071474] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.071522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.071534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.071555] Call Trace: [ 11.071568] <TASK> [ 11.071588] dump_stack_lvl+0x73/0xb0 [ 11.071619] print_report+0xd1/0x650 [ 11.071643] ? __virt_addr_valid+0x1db/0x2d0 [ 11.071666] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.071686] ? kasan_addr_to_slab+0x11/0xa0 [ 11.071705] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.071726] kasan_report+0x141/0x180 [ 11.071746] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.071770] __asan_report_load1_noabort+0x18/0x20 [ 11.071793] kmalloc_large_uaf+0x2f1/0x340 [ 11.071812] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 11.071832] ? __schedule+0x10cc/0x2b60 [ 11.071853] ? __pfx_read_tsc+0x10/0x10 [ 11.071874] ? ktime_get_ts64+0x86/0x230 [ 11.071897] kunit_try_run_case+0x1a5/0x480 [ 11.071930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.071951] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.071973] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.071994] ? __kthread_parkme+0x82/0x180 [ 11.072014] ? preempt_count_sub+0x50/0x80 [ 11.072037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.072059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.072080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.072101] kthread+0x337/0x6f0 [ 11.072119] ? trace_preempt_on+0x20/0xc0 [ 11.072142] ? __pfx_kthread+0x10/0x10 [ 11.072171] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.072192] ? calculate_sigpending+0x7b/0xa0 [ 11.072214] ? __pfx_kthread+0x10/0x10 [ 11.072234] ret_from_fork+0x116/0x1d0 [ 11.072252] ? __pfx_kthread+0x10/0x10 [ 11.072270] ret_from_fork_asm+0x1a/0x30 [ 11.072301] </TASK> [ 11.072312] [ 11.085656] The buggy address belongs to the physical page: [ 11.085866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be0 [ 11.086581] flags: 0x200000000000000(node=0|zone=2) [ 11.087168] raw: 0200000000000000 ffffea00040af908 ffff88815b039f80 0000000000000000 [ 11.087968] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 11.088539] page dumped because: kasan: bad access detected [ 11.088940] [ 11.089308] Memory state around the buggy address: [ 11.089713] ffff888102bdff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.089943] ffff888102bdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.090632] >ffff888102be0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.091338] ^ [ 11.091515] ffff888102be0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.092114] ffff888102be0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.092534] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 11.034415] ================================================================== [ 11.034872] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.035130] Write of size 1 at addr ffff888102be200a by task kunit_try_catch/163 [ 11.035353] [ 11.036691] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.036767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.036780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.036841] Call Trace: [ 11.036856] <TASK> [ 11.036875] dump_stack_lvl+0x73/0xb0 [ 11.036928] print_report+0xd1/0x650 [ 11.036952] ? __virt_addr_valid+0x1db/0x2d0 [ 11.036975] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.036996] ? kasan_addr_to_slab+0x11/0xa0 [ 11.037015] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.037037] kasan_report+0x141/0x180 [ 11.037057] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.037083] __asan_report_store1_noabort+0x1b/0x30 [ 11.037104] kmalloc_large_oob_right+0x2e9/0x330 [ 11.037125] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.037146] ? __schedule+0x10cc/0x2b60 [ 11.037167] ? __pfx_read_tsc+0x10/0x10 [ 11.037187] ? ktime_get_ts64+0x86/0x230 [ 11.037211] kunit_try_run_case+0x1a5/0x480 [ 11.037235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.037255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.037278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.037299] ? __kthread_parkme+0x82/0x180 [ 11.037319] ? preempt_count_sub+0x50/0x80 [ 11.037341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.037363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.037394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.037416] kthread+0x337/0x6f0 [ 11.037435] ? trace_preempt_on+0x20/0xc0 [ 11.037458] ? __pfx_kthread+0x10/0x10 [ 11.037477] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.037497] ? calculate_sigpending+0x7b/0xa0 [ 11.037520] ? __pfx_kthread+0x10/0x10 [ 11.037539] ret_from_fork+0x116/0x1d0 [ 11.037556] ? __pfx_kthread+0x10/0x10 [ 11.037592] ret_from_fork_asm+0x1a/0x30 [ 11.037622] </TASK> [ 11.037633] [ 11.052458] The buggy address belongs to the physical page: [ 11.053085] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be0 [ 11.053834] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.054332] flags: 0x200000000000040(head|node=0|zone=2) [ 11.054551] page_type: f8(unknown) [ 11.054697] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.055615] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.056507] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.057317] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.057724] head: 0200000000000002 ffffea00040af801 00000000ffffffff 00000000ffffffff [ 11.057952] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.058194] page dumped because: kasan: bad access detected [ 11.058735] [ 11.058922] Memory state around the buggy address: [ 11.059472] ffff888102be1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.060165] ffff888102be1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.060873] >ffff888102be2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.061697] ^ [ 11.062020] ffff888102be2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.062799] ffff888102be2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.063450] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 11.006861] ================================================================== [ 11.007396] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 11.007787] Write of size 1 at addr ffff8881039c9f00 by task kunit_try_catch/161 [ 11.008083] [ 11.008281] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.008331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.008343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.008363] Call Trace: [ 11.008387] <TASK> [ 11.008447] dump_stack_lvl+0x73/0xb0 [ 11.008480] print_report+0xd1/0x650 [ 11.008514] ? __virt_addr_valid+0x1db/0x2d0 [ 11.008539] ? kmalloc_big_oob_right+0x316/0x370 [ 11.008560] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.008581] ? kmalloc_big_oob_right+0x316/0x370 [ 11.008604] kasan_report+0x141/0x180 [ 11.008626] ? kmalloc_big_oob_right+0x316/0x370 [ 11.008651] __asan_report_store1_noabort+0x1b/0x30 [ 11.008671] kmalloc_big_oob_right+0x316/0x370 [ 11.008693] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 11.008714] ? __schedule+0x10cc/0x2b60 [ 11.008751] ? __pfx_read_tsc+0x10/0x10 [ 11.008772] ? ktime_get_ts64+0x86/0x230 [ 11.008796] kunit_try_run_case+0x1a5/0x480 [ 11.008822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.008844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.008867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.008888] ? __kthread_parkme+0x82/0x180 [ 11.008908] ? preempt_count_sub+0x50/0x80 [ 11.008933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.008955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.008977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.008998] kthread+0x337/0x6f0 [ 11.009016] ? trace_preempt_on+0x20/0xc0 [ 11.009040] ? __pfx_kthread+0x10/0x10 [ 11.009059] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.009078] ? calculate_sigpending+0x7b/0xa0 [ 11.009101] ? __pfx_kthread+0x10/0x10 [ 11.009121] ret_from_fork+0x116/0x1d0 [ 11.009138] ? __pfx_kthread+0x10/0x10 [ 11.009157] ret_from_fork_asm+0x1a/0x30 [ 11.009188] </TASK> [ 11.009199] [ 11.018310] Allocated by task 161: [ 11.018521] kasan_save_stack+0x45/0x70 [ 11.018741] kasan_save_track+0x18/0x40 [ 11.019015] kasan_save_alloc_info+0x3b/0x50 [ 11.019350] __kasan_kmalloc+0xb7/0xc0 [ 11.019507] __kmalloc_cache_noprof+0x189/0x420 [ 11.019796] kmalloc_big_oob_right+0xa9/0x370 [ 11.020167] kunit_try_run_case+0x1a5/0x480 [ 11.020322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.020525] kthread+0x337/0x6f0 [ 11.020648] ret_from_fork+0x116/0x1d0 [ 11.020818] ret_from_fork_asm+0x1a/0x30 [ 11.021014] [ 11.021155] The buggy address belongs to the object at ffff8881039c8000 [ 11.021155] which belongs to the cache kmalloc-8k of size 8192 [ 11.021722] The buggy address is located 0 bytes to the right of [ 11.021722] allocated 7936-byte region [ffff8881039c8000, ffff8881039c9f00) [ 11.022599] [ 11.022710] The buggy address belongs to the physical page: [ 11.023104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 11.023480] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.023750] flags: 0x200000000000040(head|node=0|zone=2) [ 11.024058] page_type: f5(slab) [ 11.024236] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.024830] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.025127] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.025607] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.026150] head: 0200000000000003 ffffea00040e7201 00000000ffffffff 00000000ffffffff [ 11.026576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.026962] page dumped because: kasan: bad access detected [ 11.027518] [ 11.027675] Memory state around the buggy address: [ 11.027882] ffff8881039c9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.028419] ffff8881039c9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.028800] >ffff8881039c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.029159] ^ [ 11.029324] ffff8881039c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.029680] ffff8881039ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.029903] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.970667] ================================================================== [ 10.971781] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.972462] Write of size 1 at addr ffff888102ef5778 by task kunit_try_catch/159 [ 10.972782] [ 10.973000] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.973045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.973057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.973077] Call Trace: [ 10.973090] <TASK> [ 10.973111] dump_stack_lvl+0x73/0xb0 [ 10.973139] print_report+0xd1/0x650 [ 10.973161] ? __virt_addr_valid+0x1db/0x2d0 [ 10.973183] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.973227] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973251] kasan_report+0x141/0x180 [ 10.973271] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973298] __asan_report_store1_noabort+0x1b/0x30 [ 10.973318] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973340] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.973366] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.973407] kunit_try_run_case+0x1a5/0x480 [ 10.973430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.973451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.973473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.973494] ? __kthread_parkme+0x82/0x180 [ 10.973513] ? preempt_count_sub+0x50/0x80 [ 10.973537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.973558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.973579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.973601] kthread+0x337/0x6f0 [ 10.973620] ? trace_preempt_on+0x20/0xc0 [ 10.973645] ? __pfx_kthread+0x10/0x10 [ 10.973665] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.973685] ? calculate_sigpending+0x7b/0xa0 [ 10.973707] ? __pfx_kthread+0x10/0x10 [ 10.973730] ret_from_fork+0x116/0x1d0 [ 10.973748] ? __pfx_kthread+0x10/0x10 [ 10.973768] ret_from_fork_asm+0x1a/0x30 [ 10.973798] </TASK> [ 10.973808] [ 10.987048] Allocated by task 159: [ 10.987455] kasan_save_stack+0x45/0x70 [ 10.987868] kasan_save_track+0x18/0x40 [ 10.988332] kasan_save_alloc_info+0x3b/0x50 [ 10.988554] __kasan_kmalloc+0xb7/0xc0 [ 10.988689] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.988868] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.989317] kunit_try_run_case+0x1a5/0x480 [ 10.989710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.990274] kthread+0x337/0x6f0 [ 10.990597] ret_from_fork+0x116/0x1d0 [ 10.991235] ret_from_fork_asm+0x1a/0x30 [ 10.991657] [ 10.991830] The buggy address belongs to the object at ffff888102ef5700 [ 10.991830] which belongs to the cache kmalloc-128 of size 128 [ 10.992567] The buggy address is located 0 bytes to the right of [ 10.992567] allocated 120-byte region [ffff888102ef5700, ffff888102ef5778) [ 10.992949] [ 10.993155] The buggy address belongs to the physical page: [ 10.993646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.994398] flags: 0x200000000000000(node=0|zone=2) [ 10.994957] page_type: f5(slab) [ 10.995307] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.996044] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.996826] page dumped because: kasan: bad access detected [ 10.997208] [ 10.997280] Memory state around the buggy address: [ 10.997450] ffff888102ef5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.997783] ffff888102ef5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.998408] >ffff888102ef5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.999122] ^ [ 11.000188] ffff888102ef5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.000957] ffff888102ef5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.001394] ================================================================== [ 10.939238] ================================================================== [ 10.939943] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.940637] Write of size 1 at addr ffff888102ef5678 by task kunit_try_catch/159 [ 10.941326] [ 10.941516] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.941564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.941576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.941597] Call Trace: [ 10.941610] <TASK> [ 10.941627] dump_stack_lvl+0x73/0xb0 [ 10.941722] print_report+0xd1/0x650 [ 10.941747] ? __virt_addr_valid+0x1db/0x2d0 [ 10.941770] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.941813] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941837] kasan_report+0x141/0x180 [ 10.941857] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941885] __asan_report_store1_noabort+0x1b/0x30 [ 10.941904] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941927] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.941953] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.942007] kunit_try_run_case+0x1a5/0x480 [ 10.942031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.942052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.942075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.942096] ? __kthread_parkme+0x82/0x180 [ 10.942116] ? preempt_count_sub+0x50/0x80 [ 10.942140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.942161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.942183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.942204] kthread+0x337/0x6f0 [ 10.942223] ? trace_preempt_on+0x20/0xc0 [ 10.942245] ? __pfx_kthread+0x10/0x10 [ 10.942264] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.942284] ? calculate_sigpending+0x7b/0xa0 [ 10.942307] ? __pfx_kthread+0x10/0x10 [ 10.942326] ret_from_fork+0x116/0x1d0 [ 10.942345] ? __pfx_kthread+0x10/0x10 [ 10.942364] ret_from_fork_asm+0x1a/0x30 [ 10.942406] </TASK> [ 10.942417] [ 10.955436] Allocated by task 159: [ 10.955716] kasan_save_stack+0x45/0x70 [ 10.955876] kasan_save_track+0x18/0x40 [ 10.956172] kasan_save_alloc_info+0x3b/0x50 [ 10.956562] __kasan_kmalloc+0xb7/0xc0 [ 10.957017] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.957512] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.957927] kunit_try_run_case+0x1a5/0x480 [ 10.958229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.958416] kthread+0x337/0x6f0 [ 10.958538] ret_from_fork+0x116/0x1d0 [ 10.958818] ret_from_fork_asm+0x1a/0x30 [ 10.959220] [ 10.959395] The buggy address belongs to the object at ffff888102ef5600 [ 10.959395] which belongs to the cache kmalloc-128 of size 128 [ 10.960809] The buggy address is located 0 bytes to the right of [ 10.960809] allocated 120-byte region [ffff888102ef5600, ffff888102ef5678) [ 10.962039] [ 10.962122] The buggy address belongs to the physical page: [ 10.962296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.962969] flags: 0x200000000000000(node=0|zone=2) [ 10.963420] page_type: f5(slab) [ 10.963732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.964475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.965516] page dumped because: kasan: bad access detected [ 10.966108] [ 10.966266] Memory state around the buggy address: [ 10.966627] ffff888102ef5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.967014] ffff888102ef5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.967714] >ffff888102ef5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.967962] ^ [ 10.968626] ffff888102ef5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.969341] ffff888102ef5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.969579] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.898617] ================================================================== [ 10.899799] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.900608] Read of size 1 at addr ffff8881039f1000 by task kunit_try_catch/157 [ 10.901489] [ 10.901692] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.901745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.901758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.901781] Call Trace: [ 10.901795] <TASK> [ 10.901817] dump_stack_lvl+0x73/0xb0 [ 10.901851] print_report+0xd1/0x650 [ 10.901874] ? __virt_addr_valid+0x1db/0x2d0 [ 10.901899] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.901920] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.901941] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.901963] kasan_report+0x141/0x180 [ 10.901983] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.902011] __asan_report_load1_noabort+0x18/0x20 [ 10.902034] kmalloc_node_oob_right+0x369/0x3c0 [ 10.902057] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.902080] ? __schedule+0x10cc/0x2b60 [ 10.902102] ? __pfx_read_tsc+0x10/0x10 [ 10.902124] ? ktime_get_ts64+0x86/0x230 [ 10.902149] kunit_try_run_case+0x1a5/0x480 [ 10.902174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.902195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.902218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.902239] ? __kthread_parkme+0x82/0x180 [ 10.902259] ? preempt_count_sub+0x50/0x80 [ 10.902283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.902305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.902327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.902348] kthread+0x337/0x6f0 [ 10.902366] ? trace_preempt_on+0x20/0xc0 [ 10.902405] ? __pfx_kthread+0x10/0x10 [ 10.902424] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.902444] ? calculate_sigpending+0x7b/0xa0 [ 10.902468] ? __pfx_kthread+0x10/0x10 [ 10.902488] ret_from_fork+0x116/0x1d0 [ 10.902557] ? __pfx_kthread+0x10/0x10 [ 10.902581] ret_from_fork_asm+0x1a/0x30 [ 10.902624] </TASK> [ 10.902637] [ 10.915096] Allocated by task 157: [ 10.915512] kasan_save_stack+0x45/0x70 [ 10.916069] kasan_save_track+0x18/0x40 [ 10.916487] kasan_save_alloc_info+0x3b/0x50 [ 10.917005] __kasan_kmalloc+0xb7/0xc0 [ 10.917415] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.917844] kmalloc_node_oob_right+0xab/0x3c0 [ 10.918233] kunit_try_run_case+0x1a5/0x480 [ 10.918394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.918566] kthread+0x337/0x6f0 [ 10.918685] ret_from_fork+0x116/0x1d0 [ 10.918813] ret_from_fork_asm+0x1a/0x30 [ 10.919073] [ 10.919277] The buggy address belongs to the object at ffff8881039f0000 [ 10.919277] which belongs to the cache kmalloc-4k of size 4096 [ 10.920588] The buggy address is located 0 bytes to the right of [ 10.920588] allocated 4096-byte region [ffff8881039f0000, ffff8881039f1000) [ 10.921990] [ 10.922197] The buggy address belongs to the physical page: [ 10.922809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f0 [ 10.923896] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.924182] flags: 0x200000000000040(head|node=0|zone=2) [ 10.924471] page_type: f5(slab) [ 10.924674] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.925502] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.926359] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.927216] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.928032] head: 0200000000000003 ffffea00040e7c01 00000000ffffffff 00000000ffffffff [ 10.928406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.928689] page dumped because: kasan: bad access detected [ 10.929204] [ 10.929361] Memory state around the buggy address: [ 10.929846] ffff8881039f0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.930520] ffff8881039f0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.931020] >ffff8881039f1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.931677] ^ [ 10.931802] ffff8881039f1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.932247] ffff8881039f1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.932891] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.870926] ================================================================== [ 10.871399] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.872145] Read of size 1 at addr ffff88810228a7df by task kunit_try_catch/155 [ 10.872951] [ 10.873223] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.873271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.873282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.873303] Call Trace: [ 10.873317] <TASK> [ 10.873336] dump_stack_lvl+0x73/0xb0 [ 10.873413] print_report+0xd1/0x650 [ 10.873436] ? __virt_addr_valid+0x1db/0x2d0 [ 10.873470] ? kmalloc_oob_left+0x361/0x3c0 [ 10.873490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.873511] ? kmalloc_oob_left+0x361/0x3c0 [ 10.873531] kasan_report+0x141/0x180 [ 10.873551] ? kmalloc_oob_left+0x361/0x3c0 [ 10.873589] __asan_report_load1_noabort+0x18/0x20 [ 10.873611] kmalloc_oob_left+0x361/0x3c0 [ 10.873632] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.873653] ? __schedule+0x10cc/0x2b60 [ 10.873674] ? __pfx_read_tsc+0x10/0x10 [ 10.873694] ? ktime_get_ts64+0x86/0x230 [ 10.873717] kunit_try_run_case+0x1a5/0x480 [ 10.873741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.873762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.873783] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.873804] ? __kthread_parkme+0x82/0x180 [ 10.873824] ? preempt_count_sub+0x50/0x80 [ 10.873846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.873868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.873889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.873911] kthread+0x337/0x6f0 [ 10.873929] ? trace_preempt_on+0x20/0xc0 [ 10.873952] ? __pfx_kthread+0x10/0x10 [ 10.873971] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.873990] ? calculate_sigpending+0x7b/0xa0 [ 10.874012] ? __pfx_kthread+0x10/0x10 [ 10.874032] ret_from_fork+0x116/0x1d0 [ 10.874049] ? __pfx_kthread+0x10/0x10 [ 10.874068] ret_from_fork_asm+0x1a/0x30 [ 10.874098] </TASK> [ 10.874109] [ 10.884570] Allocated by task 1: [ 10.884771] kasan_save_stack+0x45/0x70 [ 10.884993] kasan_save_track+0x18/0x40 [ 10.885170] kasan_save_alloc_info+0x3b/0x50 [ 10.885314] __kasan_kmalloc+0xb7/0xc0 [ 10.885450] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.885864] kstrdup+0x3e/0xa0 [ 10.886043] kstrdup_const+0x2c/0x40 [ 10.886235] __kernfs_new_node+0xa7/0x6d0 [ 10.886401] kernfs_new_node+0x140/0x1e0 [ 10.886533] __kernfs_create_file+0x2d/0x290 [ 10.886718] sysfs_add_bin_file_mode_ns+0x13f/0x4f0 [ 10.886959] sysfs_create_bin_file+0x150/0x200 [ 10.887171] pci_create_attr+0x1e2/0x460 [ 10.887435] pci_create_resource_files+0xb0/0x160 [ 10.887657] pci_sysfs_init+0x32/0x90 [ 10.887850] do_one_initcall+0xd8/0x370 [ 10.888065] kernel_init_freeable+0x420/0x6f0 [ 10.888269] kernel_init+0x23/0x1e0 [ 10.888403] ret_from_fork+0x116/0x1d0 [ 10.888543] ret_from_fork_asm+0x1a/0x30 [ 10.888773] [ 10.888881] The buggy address belongs to the object at ffff88810228a7c0 [ 10.888881] which belongs to the cache kmalloc-16 of size 16 [ 10.889364] The buggy address is located 21 bytes to the right of [ 10.889364] allocated 10-byte region [ffff88810228a7c0, ffff88810228a7ca) [ 10.889971] [ 10.890075] The buggy address belongs to the physical page: [ 10.890321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10228a [ 10.890680] flags: 0x200000000000000(node=0|zone=2) [ 10.890921] page_type: f5(slab) [ 10.891087] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.891423] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.891798] page dumped because: kasan: bad access detected [ 10.892045] [ 10.892140] Memory state around the buggy address: [ 10.892353] ffff88810228a680: 00 05 fc fc 00 05 fc fc 00 02 fc fc 00 03 fc fc [ 10.892703] ffff88810228a700: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 10.893024] >ffff88810228a780: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 07 fc fc [ 10.893331] ^ [ 10.893528] ffff88810228a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.893739] ffff88810228a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.893954] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.804651] ================================================================== [ 10.805428] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.806340] Write of size 1 at addr ffff888102ef5573 by task kunit_try_catch/153 [ 10.806693] [ 10.807897] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.808254] Tainted: [N]=TEST [ 10.808286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.808517] Call Trace: [ 10.808596] <TASK> [ 10.808759] dump_stack_lvl+0x73/0xb0 [ 10.808850] print_report+0xd1/0x650 [ 10.808879] ? __virt_addr_valid+0x1db/0x2d0 [ 10.808904] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.808924] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.808945] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.808965] kasan_report+0x141/0x180 [ 10.808986] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.809011] __asan_report_store1_noabort+0x1b/0x30 [ 10.809030] kmalloc_oob_right+0x6f0/0x7f0 [ 10.809051] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.809071] ? __schedule+0x10cc/0x2b60 [ 10.809093] ? __pfx_read_tsc+0x10/0x10 [ 10.809114] ? ktime_get_ts64+0x86/0x230 [ 10.809139] kunit_try_run_case+0x1a5/0x480 [ 10.809164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.809184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.809207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.809228] ? __kthread_parkme+0x82/0x180 [ 10.809248] ? preempt_count_sub+0x50/0x80 [ 10.809272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.809293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.809315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.809336] kthread+0x337/0x6f0 [ 10.809354] ? trace_preempt_on+0x20/0xc0 [ 10.809388] ? __pfx_kthread+0x10/0x10 [ 10.809408] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.809427] ? calculate_sigpending+0x7b/0xa0 [ 10.809450] ? __pfx_kthread+0x10/0x10 [ 10.809470] ret_from_fork+0x116/0x1d0 [ 10.809487] ? __pfx_kthread+0x10/0x10 [ 10.809506] ret_from_fork_asm+0x1a/0x30 [ 10.809558] </TASK> [ 10.809624] [ 10.820576] Allocated by task 153: [ 10.820933] kasan_save_stack+0x45/0x70 [ 10.821195] kasan_save_track+0x18/0x40 [ 10.821440] kasan_save_alloc_info+0x3b/0x50 [ 10.821638] __kasan_kmalloc+0xb7/0xc0 [ 10.821834] __kmalloc_cache_noprof+0x189/0x420 [ 10.822052] kmalloc_oob_right+0xa9/0x7f0 [ 10.822188] kunit_try_run_case+0x1a5/0x480 [ 10.822356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.822633] kthread+0x337/0x6f0 [ 10.822963] ret_from_fork+0x116/0x1d0 [ 10.823170] ret_from_fork_asm+0x1a/0x30 [ 10.823413] [ 10.823597] The buggy address belongs to the object at ffff888102ef5500 [ 10.823597] which belongs to the cache kmalloc-128 of size 128 [ 10.824203] The buggy address is located 0 bytes to the right of [ 10.824203] allocated 115-byte region [ffff888102ef5500, ffff888102ef5573) [ 10.824868] [ 10.825036] The buggy address belongs to the physical page: [ 10.825573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.826215] flags: 0x200000000000000(node=0|zone=2) [ 10.826860] page_type: f5(slab) [ 10.827321] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.827659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.828075] page dumped because: kasan: bad access detected [ 10.828306] [ 10.828430] Memory state around the buggy address: [ 10.828838] ffff888102ef5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.829206] ffff888102ef5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.829495] >ffff888102ef5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.829859] ^ [ 10.830153] ffff888102ef5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.830443] ffff888102ef5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.830777] ================================================================== [ 10.848788] ================================================================== [ 10.849144] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.849500] Read of size 1 at addr ffff888102ef5580 by task kunit_try_catch/153 [ 10.849766] [ 10.849854] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.849897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.849908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.849929] Call Trace: [ 10.849941] <TASK> [ 10.849956] dump_stack_lvl+0x73/0xb0 [ 10.849982] print_report+0xd1/0x650 [ 10.850004] ? __virt_addr_valid+0x1db/0x2d0 [ 10.850026] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.850045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.850065] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.850085] kasan_report+0x141/0x180 [ 10.850106] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.850130] __asan_report_load1_noabort+0x18/0x20 [ 10.850152] kmalloc_oob_right+0x68a/0x7f0 [ 10.850173] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.850193] ? __schedule+0x10cc/0x2b60 [ 10.850214] ? __pfx_read_tsc+0x10/0x10 [ 10.850234] ? ktime_get_ts64+0x86/0x230 [ 10.850257] kunit_try_run_case+0x1a5/0x480 [ 10.850280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.850300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.850321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.850342] ? __kthread_parkme+0x82/0x180 [ 10.850361] ? preempt_count_sub+0x50/0x80 [ 10.850395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.850417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.850437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.850459] kthread+0x337/0x6f0 [ 10.850476] ? trace_preempt_on+0x20/0xc0 [ 10.850499] ? __pfx_kthread+0x10/0x10 [ 10.850518] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.850537] ? calculate_sigpending+0x7b/0xa0 [ 10.850560] ? __pfx_kthread+0x10/0x10 [ 10.850580] ret_from_fork+0x116/0x1d0 [ 10.850597] ? __pfx_kthread+0x10/0x10 [ 10.850617] ret_from_fork_asm+0x1a/0x30 [ 10.850646] </TASK> [ 10.850669] [ 10.857272] Allocated by task 153: [ 10.857420] kasan_save_stack+0x45/0x70 [ 10.857590] kasan_save_track+0x18/0x40 [ 10.857783] kasan_save_alloc_info+0x3b/0x50 [ 10.857992] __kasan_kmalloc+0xb7/0xc0 [ 10.858181] __kmalloc_cache_noprof+0x189/0x420 [ 10.858414] kmalloc_oob_right+0xa9/0x7f0 [ 10.858684] kunit_try_run_case+0x1a5/0x480 [ 10.858891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.859065] kthread+0x337/0x6f0 [ 10.859221] ret_from_fork+0x116/0x1d0 [ 10.859416] ret_from_fork_asm+0x1a/0x30 [ 10.859662] [ 10.859747] The buggy address belongs to the object at ffff888102ef5500 [ 10.859747] which belongs to the cache kmalloc-128 of size 128 [ 10.860207] The buggy address is located 13 bytes to the right of [ 10.860207] allocated 115-byte region [ffff888102ef5500, ffff888102ef5573) [ 10.860590] [ 10.860661] The buggy address belongs to the physical page: [ 10.860830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.861071] flags: 0x200000000000000(node=0|zone=2) [ 10.861234] page_type: f5(slab) [ 10.861356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.861713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.862066] page dumped because: kasan: bad access detected [ 10.862326] [ 10.862427] Memory state around the buggy address: [ 10.862731] ffff888102ef5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.863041] ffff888102ef5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.863252] >ffff888102ef5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.863472] ^ [ 10.863604] ffff888102ef5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.863916] ffff888102ef5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.864233] ================================================================== [ 10.832107] ================================================================== [ 10.832436] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.832823] Write of size 1 at addr ffff888102ef5578 by task kunit_try_catch/153 [ 10.833108] [ 10.833204] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.833251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.833262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.833285] Call Trace: [ 10.833303] <TASK> [ 10.833322] dump_stack_lvl+0x73/0xb0 [ 10.833349] print_report+0xd1/0x650 [ 10.833384] ? __virt_addr_valid+0x1db/0x2d0 [ 10.833407] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.833427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.833447] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.833467] kasan_report+0x141/0x180 [ 10.833488] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.833513] __asan_report_store1_noabort+0x1b/0x30 [ 10.833532] kmalloc_oob_right+0x6bd/0x7f0 [ 10.833552] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.833574] ? __schedule+0x10cc/0x2b60 [ 10.833594] ? __pfx_read_tsc+0x10/0x10 [ 10.833614] ? ktime_get_ts64+0x86/0x230 [ 10.833637] kunit_try_run_case+0x1a5/0x480 [ 10.833661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.833681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.833703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.833724] ? __kthread_parkme+0x82/0x180 [ 10.833743] ? preempt_count_sub+0x50/0x80 [ 10.833766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.833788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.833809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.833830] kthread+0x337/0x6f0 [ 10.833847] ? trace_preempt_on+0x20/0xc0 [ 10.833870] ? __pfx_kthread+0x10/0x10 [ 10.833889] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.833908] ? calculate_sigpending+0x7b/0xa0 [ 10.833930] ? __pfx_kthread+0x10/0x10 [ 10.833950] ret_from_fork+0x116/0x1d0 [ 10.833967] ? __pfx_kthread+0x10/0x10 [ 10.833986] ret_from_fork_asm+0x1a/0x30 [ 10.834015] </TASK> [ 10.834027] [ 10.840640] Allocated by task 153: [ 10.840830] kasan_save_stack+0x45/0x70 [ 10.841048] kasan_save_track+0x18/0x40 [ 10.841196] kasan_save_alloc_info+0x3b/0x50 [ 10.841404] __kasan_kmalloc+0xb7/0xc0 [ 10.841534] __kmalloc_cache_noprof+0x189/0x420 [ 10.841912] kmalloc_oob_right+0xa9/0x7f0 [ 10.842088] kunit_try_run_case+0x1a5/0x480 [ 10.842236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.842419] kthread+0x337/0x6f0 [ 10.842584] ret_from_fork+0x116/0x1d0 [ 10.842779] ret_from_fork_asm+0x1a/0x30 [ 10.842979] [ 10.843076] The buggy address belongs to the object at ffff888102ef5500 [ 10.843076] which belongs to the cache kmalloc-128 of size 128 [ 10.843612] The buggy address is located 5 bytes to the right of [ 10.843612] allocated 115-byte region [ffff888102ef5500, ffff888102ef5573) [ 10.844087] [ 10.844159] The buggy address belongs to the physical page: [ 10.844332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.844594] flags: 0x200000000000000(node=0|zone=2) [ 10.844828] page_type: f5(slab) [ 10.844993] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.845411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.845711] page dumped because: kasan: bad access detected [ 10.845920] [ 10.845988] Memory state around the buggy address: [ 10.846141] ffff888102ef5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.846354] ffff888102ef5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.846821] >ffff888102ef5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.847145] ^ [ 10.847473] ffff888102ef5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.847770] ffff888102ef5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.848007] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 150.414365] WARNING: CPU: 0 PID: 2763 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 150.415709] Modules linked in: [ 150.415891] CPU: 0 UID: 0 PID: 2763 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 150.417453] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 150.418165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.419077] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 150.419746] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 80 cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 150.421612] RSP: 0000:ffff888103a57c78 EFLAGS: 00010286 [ 150.421844] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 150.422797] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff8ba3275c [ 150.423711] RBP: ffff888103a57ca0 R08: 0000000000000000 R09: ffffed1020558500 [ 150.424625] R10: ffff888102ac2807 R11: 0000000000000000 R12: ffffffff8ba32748 [ 150.425249] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103a57d38 [ 150.425479] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 150.425782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.426057] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 150.426384] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 150.426630] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.427387] Call Trace: [ 150.427535] <TASK> [ 150.427687] drm_test_rect_calc_vscale+0x108/0x270 [ 150.428245] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 150.428540] ? __schedule+0x10cc/0x2b60 [ 150.428708] ? __pfx_read_tsc+0x10/0x10 [ 150.428942] ? ktime_get_ts64+0x86/0x230 [ 150.429253] kunit_try_run_case+0x1a5/0x480 [ 150.429505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.429798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.430096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.430583] ? __kthread_parkme+0x82/0x180 [ 150.430863] ? preempt_count_sub+0x50/0x80 [ 150.431260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.431475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.432282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.432605] kthread+0x337/0x6f0 [ 150.432776] ? trace_preempt_on+0x20/0xc0 [ 150.433116] ? __pfx_kthread+0x10/0x10 [ 150.433329] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.433577] ? calculate_sigpending+0x7b/0xa0 [ 150.433777] ? __pfx_kthread+0x10/0x10 [ 150.433994] ret_from_fork+0x116/0x1d0 [ 150.434232] ? __pfx_kthread+0x10/0x10 [ 150.434419] ret_from_fork_asm+0x1a/0x30 [ 150.434768] </TASK> [ 150.434914] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 150.441400] WARNING: CPU: 0 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 150.442144] Modules linked in: [ 150.442336] CPU: 0 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 150.442913] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 150.443263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.443720] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 150.444722] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 80 cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 150.446736] RSP: 0000:ffff88810395fc78 EFLAGS: 00010286 [ 150.448219] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 150.449026] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff8ba32794 [ 150.450124] RBP: ffff88810395fca0 R08: 0000000000000000 R09: ffffed1020c9a6a0 [ 150.450357] R10: ffff8881064d3507 R11: 0000000000000000 R12: ffffffff8ba32780 [ 150.450651] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810395fd38 [ 150.451414] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 150.451750] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.452516] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 150.453444] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 150.454356] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.454651] Call Trace: [ 150.454779] <TASK> [ 150.454899] drm_test_rect_calc_vscale+0x108/0x270 [ 150.455116] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 150.455307] ? __schedule+0x10cc/0x2b60 [ 150.455462] ? __pfx_read_tsc+0x10/0x10 [ 150.455625] ? ktime_get_ts64+0x86/0x230 [ 150.455779] kunit_try_run_case+0x1a5/0x480 [ 150.455939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.456109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.456280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.456463] ? __kthread_parkme+0x82/0x180 [ 150.457271] ? preempt_count_sub+0x50/0x80 [ 150.457998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.458459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.459404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.460405] kthread+0x337/0x6f0 [ 150.460887] ? trace_preempt_on+0x20/0xc0 [ 150.461437] ? __pfx_kthread+0x10/0x10 [ 150.461890] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.462530] ? calculate_sigpending+0x7b/0xa0 [ 150.463122] ? __pfx_kthread+0x10/0x10 [ 150.463584] ret_from_fork+0x116/0x1d0 [ 150.464115] ? __pfx_kthread+0x10/0x10 [ 150.464552] ret_from_fork_asm+0x1a/0x30 [ 150.465188] </TASK> [ 150.465541] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 150.347124] WARNING: CPU: 0 PID: 2751 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 150.347839] Modules linked in: [ 150.348050] CPU: 0 UID: 0 PID: 2751 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 150.348891] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 150.349280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.349643] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 150.350141] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 150.351251] RSP: 0000:ffff888103b27c78 EFLAGS: 00010286 [ 150.351563] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 150.351850] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff8ba32760 [ 150.352409] RBP: ffff888103b27ca0 R08: 0000000000000000 R09: ffffed1020558460 [ 150.352806] R10: ffff888102ac2307 R11: 0000000000000000 R12: ffffffff8ba32748 [ 150.353297] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103b27d38 [ 150.353591] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 150.354571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.354845] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 150.355545] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 150.355920] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.356742] Call Trace: [ 150.356892] <TASK> [ 150.357010] drm_test_rect_calc_hscale+0x108/0x270 [ 150.357656] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 150.357895] ? __schedule+0x10cc/0x2b60 [ 150.358223] ? __pfx_read_tsc+0x10/0x10 [ 150.358429] ? ktime_get_ts64+0x86/0x230 [ 150.358659] kunit_try_run_case+0x1a5/0x480 [ 150.358844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.359087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.359250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.359606] ? __kthread_parkme+0x82/0x180 [ 150.360253] ? preempt_count_sub+0x50/0x80 [ 150.360426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.360693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.360966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.361340] kthread+0x337/0x6f0 [ 150.361594] ? trace_preempt_on+0x20/0xc0 [ 150.362293] ? __pfx_kthread+0x10/0x10 [ 150.362492] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.362799] ? calculate_sigpending+0x7b/0xa0 [ 150.363277] ? __pfx_kthread+0x10/0x10 [ 150.363759] ret_from_fork+0x116/0x1d0 [ 150.364076] ? __pfx_kthread+0x10/0x10 [ 150.364558] ret_from_fork_asm+0x1a/0x30 [ 150.365598] </TASK> [ 150.365838] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 150.370402] WARNING: CPU: 1 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 150.371312] Modules linked in: [ 150.371515] CPU: 1 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 150.371861] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 150.372046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.372321] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 150.372783] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 150.374717] RSP: 0000:ffff88810637fc78 EFLAGS: 00010286 [ 150.375417] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 150.376112] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff8ba32798 [ 150.376886] RBP: ffff88810637fca0 R08: 0000000000000000 R09: ffffed1020a0fbe0 [ 150.377784] R10: ffff88810507df07 R11: 0000000000000000 R12: ffffffff8ba32780 [ 150.378531] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810637fd38 [ 150.379061] FS: 0000000000000000(0000) GS:ffff8881cd774000(0000) knlGS:0000000000000000 [ 150.379491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.379761] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 150.380619] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50443 [ 150.381351] DR3: ffffffff8da50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.382070] Call Trace: [ 150.382314] <TASK> [ 150.382561] drm_test_rect_calc_hscale+0x108/0x270 [ 150.383074] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 150.383278] ? __schedule+0x10cc/0x2b60 [ 150.383437] ? __pfx_read_tsc+0x10/0x10 [ 150.383812] ? ktime_get_ts64+0x86/0x230 [ 150.384283] kunit_try_run_case+0x1a5/0x480 [ 150.384815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.385385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.385993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.386472] ? __kthread_parkme+0x82/0x180 [ 150.386899] ? preempt_count_sub+0x50/0x80 [ 150.387407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.387870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.388448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.389217] kthread+0x337/0x6f0 [ 150.389622] ? trace_preempt_on+0x20/0xc0 [ 150.390097] ? __pfx_kthread+0x10/0x10 [ 150.390565] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.391423] ? calculate_sigpending+0x7b/0xa0 [ 150.392001] ? __pfx_kthread+0x10/0x10 [ 150.392262] ret_from_fork+0x116/0x1d0 [ 150.392416] ? __pfx_kthread+0x10/0x10 [ 150.392593] ret_from_fork_asm+0x1a/0x30 [ 150.393048] </TASK> [ 150.393283] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 149.491811] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 149.491971] WARNING: CPU: 0 PID: 2568 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 149.493446] Modules linked in: [ 149.493811] CPU: 0 UID: 0 PID: 2568 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 149.494280] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.495050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.495590] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 149.496229] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 9d 24 80 00 48 c7 c1 40 76 9e 8b 4c 89 f2 48 c7 c7 00 73 9e 8b 48 89 c6 e8 b4 c7 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 149.497539] RSP: 0000:ffff888102af7d18 EFLAGS: 00010286 [ 149.497761] RAX: 0000000000000000 RBX: ffff888106ee5000 RCX: 1ffffffff18e4c80 [ 149.498773] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 149.499518] RBP: ffff888102af7d48 R08: 0000000000000000 R09: fffffbfff18e4c80 [ 149.500318] R10: 0000000000000003 R11: 000000000003a050 R12: ffff888106f87000 [ 149.501187] R13: ffff888106ee50f8 R14: ffff888100f2a180 R15: ffff88810039fb40 [ 149.501963] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 149.502456] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.502661] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 149.502887] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 149.503619] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.504459] Call Trace: [ 149.505014] <TASK> [ 149.505395] ? trace_preempt_on+0x20/0xc0 [ 149.506057] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 149.506722] drm_gem_shmem_free_wrapper+0x12/0x20 [ 149.507584] __kunit_action_free+0x57/0x70 [ 149.508171] kunit_remove_resource+0x133/0x200 [ 149.508659] ? preempt_count_sub+0x50/0x80 [ 149.508829] kunit_cleanup+0x7a/0x120 [ 149.509496] kunit_try_run_case_cleanup+0xbd/0xf0 [ 149.510162] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 149.510895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.511379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.511616] kthread+0x337/0x6f0 [ 149.511847] ? trace_preempt_on+0x20/0xc0 [ 149.512034] ? __pfx_kthread+0x10/0x10 [ 149.512747] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.513270] ? calculate_sigpending+0x7b/0xa0 [ 149.513800] ? __pfx_kthread+0x10/0x10 [ 149.514308] ret_from_fork+0x116/0x1d0 [ 149.514767] ? __pfx_kthread+0x10/0x10 [ 149.515335] ret_from_fork_asm+0x1a/0x30 [ 149.515832] </TASK> [ 149.516254] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 149.324787] WARNING: CPU: 1 PID: 2549 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 149.326063] Modules linked in: [ 149.326314] CPU: 1 UID: 0 PID: 2549 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 149.326805] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.327218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.327612] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 149.327877] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 149.328757] RSP: 0000:ffff888103ff7b30 EFLAGS: 00010246 [ 149.329206] RAX: dffffc0000000000 RBX: ffff888103ff7c28 RCX: 0000000000000000 [ 149.330138] RDX: 1ffff110207fef8e RSI: ffff888103ff7c28 RDI: ffff888103ff7c70 [ 149.330428] RBP: ffff888103ff7b70 R08: ffff888103f78000 R09: ffffffff8b9d7980 [ 149.330766] R10: 0000000000000003 R11: 00000000c46e0eda R12: ffff888103f78000 [ 149.331175] R13: ffff88810039fae8 R14: ffff888103ff7ba8 R15: 0000000000000000 [ 149.331510] FS: 0000000000000000(0000) GS:ffff8881cd774000(0000) knlGS:0000000000000000 [ 149.331889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.332714] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 149.333067] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50443 [ 149.333530] DR3: ffffffff8da50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.333804] Call Trace: [ 149.333963] <TASK> [ 149.334131] ? add_dr+0xc1/0x1d0 [ 149.334806] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 149.335302] ? add_dr+0x148/0x1d0 [ 149.335499] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 149.335847] ? __drmm_add_action+0x1a4/0x280 [ 149.336070] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 149.336534] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 149.336753] ? __drmm_add_action_or_reset+0x22/0x50 [ 149.337201] ? __schedule+0x10cc/0x2b60 [ 149.337441] ? __pfx_read_tsc+0x10/0x10 [ 149.337616] ? ktime_get_ts64+0x86/0x230 [ 149.337918] kunit_try_run_case+0x1a5/0x480 [ 149.338164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.338417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.338648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.339498] ? __kthread_parkme+0x82/0x180 [ 149.339781] ? preempt_count_sub+0x50/0x80 [ 149.340001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.340283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.340585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.340836] kthread+0x337/0x6f0 [ 149.341162] ? trace_preempt_on+0x20/0xc0 [ 149.341362] ? __pfx_kthread+0x10/0x10 [ 149.341556] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.341776] ? calculate_sigpending+0x7b/0xa0 [ 149.342119] ? __pfx_kthread+0x10/0x10 [ 149.342338] ret_from_fork+0x116/0x1d0 [ 149.342519] ? __pfx_kthread+0x10/0x10 [ 149.342667] ret_from_fork_asm+0x1a/0x30 [ 149.342897] </TASK> [ 149.343085] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 149.277647] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 149.277793] WARNING: CPU: 0 PID: 2545 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 149.280095] Modules linked in: [ 149.280329] CPU: 0 UID: 0 PID: 2545 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 149.281306] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.281799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.282462] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 149.282935] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 cb 3e 87 00 48 c7 c1 40 29 9d 8b 4c 89 fa 48 c7 c7 a0 29 9d 8b 48 89 c6 e8 e2 e1 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 149.284191] RSP: 0000:ffff888103f7fb68 EFLAGS: 00010282 [ 149.284692] RAX: 0000000000000000 RBX: ffff888103f7fc40 RCX: 1ffffffff18e4c80 [ 149.285275] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 149.285775] RBP: ffff888103f7fb90 R08: 0000000000000000 R09: fffffbfff18e4c80 [ 149.286372] R10: 0000000000000003 R11: 00000000000386d8 R12: ffff888103f7fc18 [ 149.286962] R13: ffff888106e83000 R14: ffff888103f72000 R15: ffff888106c94400 [ 149.287989] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 149.288883] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.289622] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 149.290501] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 149.291369] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.292441] Call Trace: [ 149.292600] <TASK> [ 149.292768] drm_test_framebuffer_free+0x1ab/0x610 [ 149.293393] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 149.294190] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 149.294558] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 149.294982] ? __drmm_add_action_or_reset+0x22/0x50 [ 149.295636] ? __schedule+0x10cc/0x2b60 [ 149.296123] ? __pfx_read_tsc+0x10/0x10 [ 149.296329] ? ktime_get_ts64+0x86/0x230 [ 149.296510] kunit_try_run_case+0x1a5/0x480 [ 149.296742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.297248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.297848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.298584] ? __kthread_parkme+0x82/0x180 [ 149.299198] ? preempt_count_sub+0x50/0x80 [ 149.299661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.299851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.300740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.301505] kthread+0x337/0x6f0 [ 149.301670] ? trace_preempt_on+0x20/0xc0 [ 149.301856] ? __pfx_kthread+0x10/0x10 [ 149.302083] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.302519] ? calculate_sigpending+0x7b/0xa0 [ 149.303049] ? __pfx_kthread+0x10/0x10 [ 149.303219] ret_from_fork+0x116/0x1d0 [ 149.303369] ? __pfx_kthread+0x10/0x10 [ 149.303532] ret_from_fork_asm+0x1a/0x30 [ 149.303706] </TASK> [ 149.303823] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 147.445803] WARNING: CPU: 1 PID: 1975 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 147.447463] Modules linked in: [ 147.447684] CPU: 1 UID: 0 PID: 1975 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.448970] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.449655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.450535] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 147.450982] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 147.452403] RSP: 0000:ffff888108567c90 EFLAGS: 00010246 [ 147.452995] RAX: dffffc0000000000 RBX: ffff888103eb8000 RCX: 0000000000000000 [ 147.454007] RDX: 1ffff110207d7032 RSI: ffffffff88c05658 RDI: ffff888103eb8190 [ 147.454951] RBP: ffff888108567ca0 R08: 1ffff11020073f69 R09: ffffed10210acf65 [ 147.455607] R10: 0000000000000003 R11: ffffffff88186fb8 R12: 0000000000000000 [ 147.456209] R13: ffff888108567d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 147.456650] FS: 0000000000000000(0000) GS:ffff8881cd774000(0000) knlGS:0000000000000000 [ 147.457439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.457862] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 147.458938] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50443 [ 147.459468] DR3: ffffffff8da50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.460473] Call Trace: [ 147.460772] <TASK> [ 147.461057] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 147.461686] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 147.461999] ? __schedule+0x10cc/0x2b60 [ 147.462421] ? __pfx_read_tsc+0x10/0x10 [ 147.462882] ? ktime_get_ts64+0x86/0x230 [ 147.463350] kunit_try_run_case+0x1a5/0x480 [ 147.463880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.464392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.464597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.465047] ? __kthread_parkme+0x82/0x180 [ 147.465713] ? preempt_count_sub+0x50/0x80 [ 147.466261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.466757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.467415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.467900] kthread+0x337/0x6f0 [ 147.468315] ? trace_preempt_on+0x20/0xc0 [ 147.468814] ? __pfx_kthread+0x10/0x10 [ 147.469530] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.469709] ? calculate_sigpending+0x7b/0xa0 [ 147.469877] ? __pfx_kthread+0x10/0x10 [ 147.470051] ret_from_fork+0x116/0x1d0 [ 147.470331] ? __pfx_kthread+0x10/0x10 [ 147.470566] ret_from_fork_asm+0x1a/0x30 [ 147.471002] </TASK> [ 147.471161] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 147.552628] WARNING: CPU: 0 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 147.553380] Modules linked in: [ 147.553624] CPU: 0 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.554561] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.554838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.555378] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 147.555732] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 147.557199] RSP: 0000:ffff888103defc90 EFLAGS: 00010246 [ 147.557525] RAX: dffffc0000000000 RBX: ffff8881080b4000 RCX: 0000000000000000 [ 147.558187] RDX: 1ffff11021016832 RSI: ffffffff88c05658 RDI: ffff8881080b4190 [ 147.558542] RBP: ffff888103defca0 R08: 1ffff11020073f69 R09: ffffed10207bdf65 [ 147.559270] R10: 0000000000000003 R11: ffffffff876049da R12: 0000000000000000 [ 147.559595] R13: ffff888103defd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 147.559951] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 147.560614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.561010] CR2: 00007ffff7ffe000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 147.561814] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 147.562236] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.562542] Call Trace: [ 147.562691] <TASK> [ 147.562853] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 147.563273] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 147.564029] ? __schedule+0x10cc/0x2b60 [ 147.564235] ? __pfx_read_tsc+0x10/0x10 [ 147.564454] ? ktime_get_ts64+0x86/0x230 [ 147.564702] kunit_try_run_case+0x1a5/0x480 [ 147.564898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.565538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.565830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.566027] ? __kthread_parkme+0x82/0x180 [ 147.566274] ? preempt_count_sub+0x50/0x80 [ 147.566688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.567106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.567399] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.567665] kthread+0x337/0x6f0 [ 147.567874] ? trace_preempt_on+0x20/0xc0 [ 147.568200] ? __pfx_kthread+0x10/0x10 [ 147.568417] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.568700] ? calculate_sigpending+0x7b/0xa0 [ 147.568877] ? __pfx_kthread+0x10/0x10 [ 147.569107] ret_from_fork+0x116/0x1d0 [ 147.569751] ? __pfx_kthread+0x10/0x10 [ 147.570069] ret_from_fork_asm+0x1a/0x30 [ 147.570249] </TASK> [ 147.570409] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 109.814159] WARNING: CPU: 0 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 109.814783] Modules linked in: [ 109.815362] CPU: 0 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 109.815996] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 109.816419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.817091] RIP: 0010:intlog10+0x2a/0x40 [ 109.817274] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 109.818635] RSP: 0000:ffff888101ddfcb0 EFLAGS: 00010246 [ 109.819205] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110203bbfb4 [ 109.819661] RDX: 1ffffffff1712bc4 RSI: 1ffff110203bbfb3 RDI: 0000000000000000 [ 109.820267] RBP: ffff888101ddfd60 R08: 0000000000000000 R09: ffffed102021cac0 [ 109.820783] R10: ffff8881010e5607 R11: 0000000000000000 R12: 1ffff110203bbf97 [ 109.821305] R13: ffffffff8b895e20 R14: 0000000000000000 R15: ffff888101ddfd38 [ 109.821904] FS: 0000000000000000(0000) GS:ffff8881cd674000(0000) knlGS:0000000000000000 [ 109.822493] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.822905] CR2: ffff88815a892fe0 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 109.823475] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50442 [ 109.823966] DR3: ffffffff8da50443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.824395] Call Trace: [ 109.824553] <TASK> [ 109.824670] ? intlog10_test+0xf2/0x220 [ 109.824886] ? __pfx_intlog10_test+0x10/0x10 [ 109.825412] ? __schedule+0x10cc/0x2b60 [ 109.825829] ? __pfx_read_tsc+0x10/0x10 [ 109.826209] ? ktime_get_ts64+0x86/0x230 [ 109.826400] kunit_try_run_case+0x1a5/0x480 [ 109.826610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.827147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 109.827394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 109.827625] ? __kthread_parkme+0x82/0x180 [ 109.827818] ? preempt_count_sub+0x50/0x80 [ 109.828403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.828796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.829446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.830044] kthread+0x337/0x6f0 [ 109.830216] ? trace_preempt_on+0x20/0xc0 [ 109.830408] ? __pfx_kthread+0x10/0x10 [ 109.830592] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.831261] ? calculate_sigpending+0x7b/0xa0 [ 109.831553] ? __pfx_kthread+0x10/0x10 [ 109.831883] ret_from_fork+0x116/0x1d0 [ 109.832237] ? __pfx_kthread+0x10/0x10 [ 109.832430] ret_from_fork_asm+0x1a/0x30 [ 109.832644] </TASK> [ 109.832761] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 109.774369] WARNING: CPU: 1 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 109.774671] Modules linked in: [ 109.774848] CPU: 1 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 109.776092] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 109.776299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.776892] RIP: 0010:intlog2+0xdf/0x110 [ 109.777212] Code: 89 8b c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 12 9c 86 02 90 <0f> 0b 90 31 c0 e9 07 9c 86 02 89 45 e4 e8 0f 00 56 ff 8b 45 e4 eb [ 109.778087] RSP: 0000:ffff888109317cb0 EFLAGS: 00010246 [ 109.778363] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021262fb4 [ 109.778679] RDX: 1ffffffff1712c18 RSI: 1ffff11021262fb3 RDI: 0000000000000000 [ 109.779048] RBP: ffff888109317d60 R08: 0000000000000000 R09: ffffed1020785b00 [ 109.779586] R10: ffff888103c2d807 R11: 0000000000000000 R12: 1ffff11021262f97 [ 109.780105] R13: ffffffff8b8960c0 R14: 0000000000000000 R15: ffff888109317d38 [ 109.780439] FS: 0000000000000000(0000) GS:ffff8881cd774000(0000) knlGS:0000000000000000 [ 109.780831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.781330] CR2: dffffc0000000000 CR3: 0000000069cbc000 CR4: 00000000000006f0 [ 109.781656] DR0: ffffffff8da50440 DR1: ffffffff8da50441 DR2: ffffffff8da50443 [ 109.782150] DR3: ffffffff8da50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.782497] Call Trace: [ 109.782637] <TASK> [ 109.782755] ? intlog2_test+0xf2/0x220 [ 109.783003] ? __pfx_intlog2_test+0x10/0x10 [ 109.783328] ? __schedule+0x10cc/0x2b60 [ 109.783605] ? __pfx_read_tsc+0x10/0x10 [ 109.783785] ? ktime_get_ts64+0x86/0x230 [ 109.784122] kunit_try_run_case+0x1a5/0x480 [ 109.784367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.784610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 109.784864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 109.785084] ? __kthread_parkme+0x82/0x180 [ 109.785272] ? preempt_count_sub+0x50/0x80 [ 109.785608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.785804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.786379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.786656] kthread+0x337/0x6f0 [ 109.786833] ? trace_preempt_on+0x20/0xc0 [ 109.787120] ? __pfx_kthread+0x10/0x10 [ 109.787266] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.787482] ? calculate_sigpending+0x7b/0xa0 [ 109.787829] ? __pfx_kthread+0x10/0x10 [ 109.788021] ret_from_fork+0x116/0x1d0 [ 109.788371] ? __pfx_kthread+0x10/0x10 [ 109.788554] ret_from_fork_asm+0x1a/0x30 [ 109.788984] </TASK> [ 109.789141] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 109.187711] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI