Date
July 4, 2025, 11:11 p.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 11.215963] ================================================================== [ 11.216946] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 11.217479] Read of size 1 at addr ffff8881026cf000 by task kunit_try_catch/157 [ 11.218056] [ 11.218194] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.218255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.218267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.218290] Call Trace: [ 11.218306] <TASK> [ 11.218325] dump_stack_lvl+0x73/0xb0 [ 11.218358] print_report+0xd1/0x650 [ 11.218381] ? __virt_addr_valid+0x1db/0x2d0 [ 11.218404] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.218426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.218446] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.218468] kasan_report+0x141/0x180 [ 11.218489] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.218515] __asan_report_load1_noabort+0x18/0x20 [ 11.218537] kmalloc_node_oob_right+0x369/0x3c0 [ 11.218560] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 11.218582] ? __schedule+0x10cc/0x2b60 [ 11.218603] ? __pfx_read_tsc+0x10/0x10 [ 11.218623] ? ktime_get_ts64+0x86/0x230 [ 11.218647] kunit_try_run_case+0x1a5/0x480 [ 11.218672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.218693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.218714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.218736] ? __kthread_parkme+0x82/0x180 [ 11.218755] ? preempt_count_sub+0x50/0x80 [ 11.218777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.218799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.218819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.218840] kthread+0x337/0x6f0 [ 11.218858] ? trace_preempt_on+0x20/0xc0 [ 11.218880] ? __pfx_kthread+0x10/0x10 [ 11.218899] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.218919] ? calculate_sigpending+0x7b/0xa0 [ 11.218941] ? __pfx_kthread+0x10/0x10 [ 11.218961] ret_from_fork+0x116/0x1d0 [ 11.218977] ? __pfx_kthread+0x10/0x10 [ 11.218996] ret_from_fork_asm+0x1a/0x30 [ 11.219025] </TASK> [ 11.219036] [ 11.229299] Allocated by task 157: [ 11.229504] kasan_save_stack+0x45/0x70 [ 11.229669] kasan_save_track+0x18/0x40 [ 11.229864] kasan_save_alloc_info+0x3b/0x50 [ 11.230079] __kasan_kmalloc+0xb7/0xc0 [ 11.230439] __kmalloc_cache_node_noprof+0x188/0x420 [ 11.230655] kmalloc_node_oob_right+0xab/0x3c0 [ 11.230810] kunit_try_run_case+0x1a5/0x480 [ 11.231022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.231283] kthread+0x337/0x6f0 [ 11.231734] ret_from_fork+0x116/0x1d0 [ 11.231935] ret_from_fork_asm+0x1a/0x30 [ 11.232135] [ 11.232248] The buggy address belongs to the object at ffff8881026ce000 [ 11.232248] which belongs to the cache kmalloc-4k of size 4096 [ 11.232951] The buggy address is located 0 bytes to the right of [ 11.232951] allocated 4096-byte region [ffff8881026ce000, ffff8881026cf000) [ 11.233339] [ 11.233441] The buggy address belongs to the physical page: [ 11.233795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026c8 [ 11.234680] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.235079] flags: 0x200000000000040(head|node=0|zone=2) [ 11.235844] page_type: f5(slab) [ 11.235984] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.236532] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.236979] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.237430] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.237750] head: 0200000000000003 ffffea000409b201 00000000ffffffff 00000000ffffffff [ 11.238056] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.238547] page dumped because: kasan: bad access detected [ 11.238797] [ 11.238879] Memory state around the buggy address: [ 11.239086] ffff8881026cef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.239827] ffff8881026cef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.240108] >ffff8881026cf000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.240339] ^ [ 11.240475] ffff8881026cf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.240806] ffff8881026cf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.241129] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 11.177030] ================================================================== [ 11.177811] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 11.178330] Read of size 1 at addr ffff88810298e07f by task kunit_try_catch/155 [ 11.179130] [ 11.179396] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.179450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.179462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.179485] Call Trace: [ 11.179503] <TASK> [ 11.179527] dump_stack_lvl+0x73/0xb0 [ 11.179563] print_report+0xd1/0x650 [ 11.179587] ? __virt_addr_valid+0x1db/0x2d0 [ 11.179610] ? kmalloc_oob_left+0x361/0x3c0 [ 11.179630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.179651] ? kmalloc_oob_left+0x361/0x3c0 [ 11.179672] kasan_report+0x141/0x180 [ 11.179693] ? kmalloc_oob_left+0x361/0x3c0 [ 11.179717] __asan_report_load1_noabort+0x18/0x20 [ 11.179740] kmalloc_oob_left+0x361/0x3c0 [ 11.179760] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 11.179781] ? __schedule+0x10cc/0x2b60 [ 11.179801] ? __pfx_read_tsc+0x10/0x10 [ 11.179822] ? ktime_get_ts64+0x86/0x230 [ 11.179846] kunit_try_run_case+0x1a5/0x480 [ 11.179871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.179891] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.179914] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.179935] ? __kthread_parkme+0x82/0x180 [ 11.179955] ? preempt_count_sub+0x50/0x80 [ 11.179977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.179999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.180019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.180040] kthread+0x337/0x6f0 [ 11.180059] ? trace_preempt_on+0x20/0xc0 [ 11.180082] ? __pfx_kthread+0x10/0x10 [ 11.180100] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.180120] ? calculate_sigpending+0x7b/0xa0 [ 11.180143] ? __pfx_kthread+0x10/0x10 [ 11.180162] ret_from_fork+0x116/0x1d0 [ 11.180179] ? __pfx_kthread+0x10/0x10 [ 11.180230] ret_from_fork_asm+0x1a/0x30 [ 11.180261] </TASK> [ 11.180273] [ 11.191160] Allocated by task 1: [ 11.191832] kasan_save_stack+0x45/0x70 [ 11.192443] kasan_save_track+0x18/0x40 [ 11.192952] kasan_save_alloc_info+0x3b/0x50 [ 11.193683] __kasan_kmalloc+0xb7/0xc0 [ 11.194175] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.194869] kstrdup+0x3e/0xa0 [ 11.195380] kstrdup_const+0x2c/0x40 [ 11.195872] __kernfs_new_node+0xa7/0x6d0 [ 11.196028] kernfs_new_node+0x140/0x1e0 [ 11.196166] kernfs_create_dir_ns+0x30/0x140 [ 11.196744] sysfs_create_dir_ns+0x130/0x290 [ 11.197423] kobject_add_internal+0x222/0x9b0 [ 11.198097] kobject_init_and_add+0xf1/0x160 [ 11.198629] sysfs_slab_add+0x19a/0x1f0 [ 11.199156] slab_sysfs_init+0x76/0x110 [ 11.199732] do_one_initcall+0xd8/0x370 [ 11.199885] kernel_init_freeable+0x420/0x6f0 [ 11.200040] kernel_init+0x23/0x1e0 [ 11.200166] ret_from_fork+0x116/0x1d0 [ 11.200905] ret_from_fork_asm+0x1a/0x30 [ 11.201418] [ 11.201725] The buggy address belongs to the object at ffff88810298e060 [ 11.201725] which belongs to the cache kmalloc-16 of size 16 [ 11.203195] The buggy address is located 19 bytes to the right of [ 11.203195] allocated 12-byte region [ffff88810298e060, ffff88810298e06c) [ 11.203826] [ 11.203916] The buggy address belongs to the physical page: [ 11.204096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 11.204701] flags: 0x200000000000000(node=0|zone=2) [ 11.205066] page_type: f5(slab) [ 11.205711] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.206046] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.206767] page dumped because: kasan: bad access detected [ 11.207153] [ 11.207332] Memory state around the buggy address: [ 11.207546] ffff88810298df00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 11.207840] ffff88810298df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.208124] >ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 11.209082] ^ [ 11.209789] ffff88810298e080: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.210502] ffff88810298e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.211170] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 11.129646] ================================================================== [ 11.129910] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.130719] Write of size 1 at addr ffff88810262f778 by task kunit_try_catch/153 [ 11.131264] [ 11.131452] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.131501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.131512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.131545] Call Trace: [ 11.131571] <TASK> [ 11.131591] dump_stack_lvl+0x73/0xb0 [ 11.131624] print_report+0xd1/0x650 [ 11.131657] ? __virt_addr_valid+0x1db/0x2d0 [ 11.131679] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.131699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.131719] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.131739] kasan_report+0x141/0x180 [ 11.131759] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.131783] __asan_report_store1_noabort+0x1b/0x30 [ 11.131802] kmalloc_oob_right+0x6bd/0x7f0 [ 11.131823] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.131845] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.131869] kunit_try_run_case+0x1a5/0x480 [ 11.131893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.131914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.131936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.131957] ? __kthread_parkme+0x82/0x180 [ 11.131976] ? preempt_count_sub+0x50/0x80 [ 11.131999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.132020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.132041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.132062] kthread+0x337/0x6f0 [ 11.132080] ? trace_preempt_on+0x20/0xc0 [ 11.132102] ? __pfx_kthread+0x10/0x10 [ 11.132121] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.132141] ? calculate_sigpending+0x7b/0xa0 [ 11.132163] ? __pfx_kthread+0x10/0x10 [ 11.132183] ret_from_fork+0x116/0x1d0 [ 11.132201] ? __pfx_kthread+0x10/0x10 [ 11.132230] ret_from_fork_asm+0x1a/0x30 [ 11.132259] </TASK> [ 11.132270] [ 11.143312] Allocated by task 153: [ 11.143596] kasan_save_stack+0x45/0x70 [ 11.143999] kasan_save_track+0x18/0x40 [ 11.144255] kasan_save_alloc_info+0x3b/0x50 [ 11.144652] __kasan_kmalloc+0xb7/0xc0 [ 11.144805] __kmalloc_cache_noprof+0x189/0x420 [ 11.144963] kmalloc_oob_right+0xa9/0x7f0 [ 11.145103] kunit_try_run_case+0x1a5/0x480 [ 11.145280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.145545] kthread+0x337/0x6f0 [ 11.145685] ret_from_fork+0x116/0x1d0 [ 11.145881] ret_from_fork_asm+0x1a/0x30 [ 11.146081] [ 11.146187] The buggy address belongs to the object at ffff88810262f700 [ 11.146187] which belongs to the cache kmalloc-128 of size 128 [ 11.146636] The buggy address is located 5 bytes to the right of [ 11.146636] allocated 115-byte region [ffff88810262f700, ffff88810262f773) [ 11.147087] [ 11.147173] The buggy address belongs to the physical page: [ 11.147669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.148049] flags: 0x200000000000000(node=0|zone=2) [ 11.148271] page_type: f5(slab) [ 11.148444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.148770] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.149107] page dumped because: kasan: bad access detected [ 11.149366] [ 11.149472] Memory state around the buggy address: [ 11.149695] ffff88810262f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.150012] ffff88810262f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.150250] >ffff88810262f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.150562] ^ [ 11.150874] ffff88810262f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.151105] ffff88810262f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.151396] ================================================================== [ 11.152189] ================================================================== [ 11.152657] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 11.152974] Read of size 1 at addr ffff88810262f780 by task kunit_try_catch/153 [ 11.153215] [ 11.153404] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.153449] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.153460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.154500] Call Trace: [ 11.154526] <TASK> [ 11.154547] dump_stack_lvl+0x73/0xb0 [ 11.154583] print_report+0xd1/0x650 [ 11.154606] ? __virt_addr_valid+0x1db/0x2d0 [ 11.154628] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.154649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.154670] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.154691] kasan_report+0x141/0x180 [ 11.154711] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.154735] __asan_report_load1_noabort+0x18/0x20 [ 11.154758] kmalloc_oob_right+0x68a/0x7f0 [ 11.154778] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.154801] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.154825] kunit_try_run_case+0x1a5/0x480 [ 11.154849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.154869] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.154891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.154912] ? __kthread_parkme+0x82/0x180 [ 11.154932] ? preempt_count_sub+0x50/0x80 [ 11.154955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.154977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.154997] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.155018] kthread+0x337/0x6f0 [ 11.155036] ? trace_preempt_on+0x20/0xc0 [ 11.155058] ? __pfx_kthread+0x10/0x10 [ 11.155077] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.155096] ? calculate_sigpending+0x7b/0xa0 [ 11.155119] ? __pfx_kthread+0x10/0x10 [ 11.155139] ret_from_fork+0x116/0x1d0 [ 11.155157] ? __pfx_kthread+0x10/0x10 [ 11.155175] ret_from_fork_asm+0x1a/0x30 [ 11.155205] </TASK> [ 11.155215] [ 11.161779] Allocated by task 153: [ 11.162005] kasan_save_stack+0x45/0x70 [ 11.162250] kasan_save_track+0x18/0x40 [ 11.162455] kasan_save_alloc_info+0x3b/0x50 [ 11.162599] __kasan_kmalloc+0xb7/0xc0 [ 11.162726] __kmalloc_cache_noprof+0x189/0x420 [ 11.162875] kmalloc_oob_right+0xa9/0x7f0 [ 11.163010] kunit_try_run_case+0x1a5/0x480 [ 11.163162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.163557] kthread+0x337/0x6f0 [ 11.163901] ret_from_fork+0x116/0x1d0 [ 11.164119] ret_from_fork_asm+0x1a/0x30 [ 11.164856] [ 11.165121] The buggy address belongs to the object at ffff88810262f700 [ 11.165121] which belongs to the cache kmalloc-128 of size 128 [ 11.166272] The buggy address is located 13 bytes to the right of [ 11.166272] allocated 115-byte region [ffff88810262f700, ffff88810262f773) [ 11.167139] [ 11.167247] The buggy address belongs to the physical page: [ 11.167523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.168129] flags: 0x200000000000000(node=0|zone=2) [ 11.168704] page_type: f5(slab) [ 11.168841] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.169311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.169952] page dumped because: kasan: bad access detected [ 11.170190] [ 11.170351] Memory state around the buggy address: [ 11.170622] ffff88810262f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.170940] ffff88810262f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.171163] >ffff88810262f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.171763] ^ [ 11.171893] ffff88810262f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.172226] ffff88810262f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.173025] ================================================================== [ 11.096977] ================================================================== [ 11.097785] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.098544] Write of size 1 at addr ffff88810262f773 by task kunit_try_catch/153 [ 11.099008] [ 11.100260] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.100773] Tainted: [N]=TEST [ 11.100816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.101035] Call Trace: [ 11.101105] <TASK> [ 11.101283] dump_stack_lvl+0x73/0xb0 [ 11.101383] print_report+0xd1/0x650 [ 11.101412] ? __virt_addr_valid+0x1db/0x2d0 [ 11.101436] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.101457] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.101478] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.101498] kasan_report+0x141/0x180 [ 11.101518] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.101543] __asan_report_store1_noabort+0x1b/0x30 [ 11.101561] kmalloc_oob_right+0x6f0/0x7f0 [ 11.101582] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.101604] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.101629] kunit_try_run_case+0x1a5/0x480 [ 11.101654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.101674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.101697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.101718] ? __kthread_parkme+0x82/0x180 [ 11.101739] ? preempt_count_sub+0x50/0x80 [ 11.101762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.101784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.101805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.101826] kthread+0x337/0x6f0 [ 11.101843] ? trace_preempt_on+0x20/0xc0 [ 11.101866] ? __pfx_kthread+0x10/0x10 [ 11.101885] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.101904] ? calculate_sigpending+0x7b/0xa0 [ 11.101928] ? __pfx_kthread+0x10/0x10 [ 11.101947] ret_from_fork+0x116/0x1d0 [ 11.101966] ? __pfx_kthread+0x10/0x10 [ 11.101985] ret_from_fork_asm+0x1a/0x30 [ 11.102035] </TASK> [ 11.102097] [ 11.110964] Allocated by task 153: [ 11.111644] kasan_save_stack+0x45/0x70 [ 11.112054] kasan_save_track+0x18/0x40 [ 11.112516] kasan_save_alloc_info+0x3b/0x50 [ 11.112943] __kasan_kmalloc+0xb7/0xc0 [ 11.113344] __kmalloc_cache_noprof+0x189/0x420 [ 11.113788] kmalloc_oob_right+0xa9/0x7f0 [ 11.114183] kunit_try_run_case+0x1a5/0x480 [ 11.114470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.114642] kthread+0x337/0x6f0 [ 11.114758] ret_from_fork+0x116/0x1d0 [ 11.114887] ret_from_fork_asm+0x1a/0x30 [ 11.115077] [ 11.115206] The buggy address belongs to the object at ffff88810262f700 [ 11.115206] which belongs to the cache kmalloc-128 of size 128 [ 11.116672] The buggy address is located 0 bytes to the right of [ 11.116672] allocated 115-byte region [ffff88810262f700, ffff88810262f773) [ 11.117982] [ 11.118288] The buggy address belongs to the physical page: [ 11.119070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.120001] flags: 0x200000000000000(node=0|zone=2) [ 11.120919] page_type: f5(slab) [ 11.121576] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.121814] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.122098] page dumped because: kasan: bad access detected [ 11.122420] [ 11.122660] Memory state around the buggy address: [ 11.123411] ffff88810262f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.124046] ffff88810262f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.124743] >ffff88810262f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.125440] ^ [ 11.126096] ffff88810262f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.126732] ffff88810262f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.127413] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 142.442143] WARNING: CPU: 1 PID: 2763 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 142.443684] Modules linked in: [ 142.443868] CPU: 1 UID: 0 PID: 2763 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 142.444270] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 142.444496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 142.444835] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 142.445049] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 142.445983] RSP: 0000:ffff88810b867c78 EFLAGS: 00010286 [ 142.446472] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 142.447050] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb3032ebc [ 142.447625] RBP: ffff88810b867ca0 R08: 0000000000000000 R09: ffffed10203b0c40 [ 142.448104] R10: ffff888101d86207 R11: 0000000000000000 R12: ffffffffb3032ea8 [ 142.448650] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b867d38 [ 142.449104] FS: 0000000000000000(0000) GS:ffff8881a6174000(0000) knlGS:0000000000000000 [ 142.449837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.450091] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 142.450702] DR0: ffffffffb5050444 DR1: ffffffffb5050449 DR2: ffffffffb505044a [ 142.451409] DR3: ffffffffb505044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 142.451778] Call Trace: [ 142.451916] <TASK> [ 142.452053] drm_test_rect_calc_vscale+0x108/0x270 [ 142.452744] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 142.453138] ? __schedule+0x10cc/0x2b60 [ 142.453905] ? __pfx_read_tsc+0x10/0x10 [ 142.454380] ? ktime_get_ts64+0x86/0x230 [ 142.454605] kunit_try_run_case+0x1a5/0x480 [ 142.454806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.455013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 142.455704] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 142.456001] ? __kthread_parkme+0x82/0x180 [ 142.456458] ? preempt_count_sub+0x50/0x80 [ 142.456686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.456908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 142.457149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 142.458204] kthread+0x337/0x6f0 [ 142.458479] ? trace_preempt_on+0x20/0xc0 [ 142.458884] ? __pfx_kthread+0x10/0x10 [ 142.459437] ? _raw_spin_unlock_irq+0x47/0x80 [ 142.459803] ? calculate_sigpending+0x7b/0xa0 [ 142.460128] ? __pfx_kthread+0x10/0x10 [ 142.460297] ret_from_fork+0x116/0x1d0 [ 142.460521] ? __pfx_kthread+0x10/0x10 [ 142.460689] ret_from_fork_asm+0x1a/0x30 [ 142.460852] </TASK> [ 142.460945] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 142.467898] WARNING: CPU: 1 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 142.469480] Modules linked in: [ 142.470668] CPU: 1 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 142.471681] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 142.471875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 142.472144] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 142.473104] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 142.474491] RSP: 0000:ffff88810b527c78 EFLAGS: 00010286 [ 142.474687] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 142.474901] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb3032ef4 [ 142.475112] RBP: ffff88810b527ca0 R08: 0000000000000000 R09: ffffed1020371dc0 [ 142.475846] R10: ffff888101b8ee07 R11: 0000000000000000 R12: ffffffffb3032ee0 [ 142.476555] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b527d38 [ 142.477330] FS: 0000000000000000(0000) GS:ffff8881a6174000(0000) knlGS:0000000000000000 [ 142.478039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.478657] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 142.479394] DR0: ffffffffb5050444 DR1: ffffffffb5050449 DR2: ffffffffb505044a [ 142.480020] DR3: ffffffffb505044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 142.480325] Call Trace: [ 142.480661] <TASK> [ 142.480911] drm_test_rect_calc_vscale+0x108/0x270 [ 142.481583] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 142.482086] ? __schedule+0x10cc/0x2b60 [ 142.482493] ? __pfx_read_tsc+0x10/0x10 [ 142.482755] ? ktime_get_ts64+0x86/0x230 [ 142.482907] kunit_try_run_case+0x1a5/0x480 [ 142.483061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.483737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 142.484492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 142.485131] ? __kthread_parkme+0x82/0x180 [ 142.485737] ? preempt_count_sub+0x50/0x80 [ 142.486134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.486857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 142.487131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 142.487864] kthread+0x337/0x6f0 [ 142.488204] ? trace_preempt_on+0x20/0xc0 [ 142.488612] ? __pfx_kthread+0x10/0x10 [ 142.488919] ? _raw_spin_unlock_irq+0x47/0x80 [ 142.489076] ? calculate_sigpending+0x7b/0xa0 [ 142.489289] ? __pfx_kthread+0x10/0x10 [ 142.489696] ret_from_fork+0x116/0x1d0 [ 142.490069] ? __pfx_kthread+0x10/0x10 [ 142.490664] ret_from_fork_asm+0x1a/0x30 [ 142.491371] </TASK> [ 142.491800] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 142.386113] WARNING: CPU: 0 PID: 2751 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 142.386917] Modules linked in: [ 142.387595] CPU: 0 UID: 0 PID: 2751 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 142.388454] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 142.388800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 142.389444] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 142.390024] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 4b ce 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 142.391147] RSP: 0000:ffff88810b7cfc78 EFLAGS: 00010286 [ 142.391706] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 142.392112] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb3032ec0 [ 142.392731] RBP: ffff88810b7cfca0 R08: 0000000000000000 R09: ffffed1020371ca0 [ 142.393047] R10: ffff888101b8e507 R11: 0000000000000000 R12: ffffffffb3032ea8 [ 142.393543] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b7cfd38 [ 142.393971] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 142.394662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.394921] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 142.395461] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 142.395950] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 142.396627] Call Trace: [ 142.396789] <TASK> [ 142.397059] drm_test_rect_calc_hscale+0x108/0x270 [ 142.397520] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 142.397904] ? __schedule+0x10cc/0x2b60 [ 142.398117] ? __pfx_read_tsc+0x10/0x10 [ 142.398676] ? ktime_get_ts64+0x86/0x230 [ 142.398899] kunit_try_run_case+0x1a5/0x480 [ 142.399093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.399630] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 142.399868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 142.400138] ? __kthread_parkme+0x82/0x180 [ 142.400683] ? preempt_count_sub+0x50/0x80 [ 142.400914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.401365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 142.401732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 142.402129] kthread+0x337/0x6f0 [ 142.402467] ? trace_preempt_on+0x20/0xc0 [ 142.402792] ? __pfx_kthread+0x10/0x10 [ 142.403077] ? _raw_spin_unlock_irq+0x47/0x80 [ 142.403553] ? calculate_sigpending+0x7b/0xa0 [ 142.403930] ? __pfx_kthread+0x10/0x10 [ 142.404306] ret_from_fork+0x116/0x1d0 [ 142.404631] ? __pfx_kthread+0x10/0x10 [ 142.404933] ret_from_fork_asm+0x1a/0x30 [ 142.405342] </TASK> [ 142.405519] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 142.409628] WARNING: CPU: 0 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 142.410132] Modules linked in: [ 142.410344] CPU: 0 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 142.410985] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 142.411848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 142.412519] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 142.412827] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 4b ce 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 142.413745] RSP: 0000:ffff88810b527c78 EFLAGS: 00010286 [ 142.414177] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 142.414649] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb3032ef8 [ 142.414915] RBP: ffff88810b527ca0 R08: 0000000000000000 R09: ffffed1020371ce0 [ 142.415475] R10: ffff888101b8e707 R11: 0000000000000000 R12: ffffffffb3032ee0 [ 142.415894] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b527d38 [ 142.416574] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 142.416922] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.417406] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 142.417870] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 142.418478] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 142.418956] Call Trace: [ 142.419298] <TASK> [ 142.419557] drm_test_rect_calc_hscale+0x108/0x270 [ 142.419784] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 142.420037] ? __schedule+0x10cc/0x2b60 [ 142.420235] ? __pfx_read_tsc+0x10/0x10 [ 142.420789] ? ktime_get_ts64+0x86/0x230 [ 142.421102] kunit_try_run_case+0x1a5/0x480 [ 142.421505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.421887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 142.422358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 142.422749] ? __kthread_parkme+0x82/0x180 [ 142.423073] ? preempt_count_sub+0x50/0x80 [ 142.423575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 142.423803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 142.424023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 142.424668] kthread+0x337/0x6f0 [ 142.424854] ? trace_preempt_on+0x20/0xc0 [ 142.425557] ? __pfx_kthread+0x10/0x10 [ 142.425750] ? _raw_spin_unlock_irq+0x47/0x80 [ 142.426043] ? calculate_sigpending+0x7b/0xa0 [ 142.426486] ? __pfx_kthread+0x10/0x10 [ 142.426801] ret_from_fork+0x116/0x1d0 [ 142.426997] ? __pfx_kthread+0x10/0x10 [ 142.427200] ret_from_fork_asm+0x1a/0x30 [ 142.427665] </TASK> [ 142.427919] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 48.683237] ================================================================== [ 48.683663] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 48.683663] [ 48.684009] Use-after-free read at 0x(____ptrval____) (in kfence-#141): [ 48.684298] test_krealloc+0x6fc/0xbe0 [ 48.684471] kunit_try_run_case+0x1a5/0x480 [ 48.684738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.685019] kthread+0x337/0x6f0 [ 48.685152] ret_from_fork+0x116/0x1d0 [ 48.686293] ret_from_fork_asm+0x1a/0x30 [ 48.686475] [ 48.686555] kfence-#141: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 48.686555] [ 48.687986] allocated by task 354 on cpu 0 at 48.682599s (0.005383s ago): [ 48.688990] test_alloc+0x364/0x10f0 [ 48.689135] test_krealloc+0xad/0xbe0 [ 48.689288] kunit_try_run_case+0x1a5/0x480 [ 48.689437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.689608] kthread+0x337/0x6f0 [ 48.689730] ret_from_fork+0x116/0x1d0 [ 48.689861] ret_from_fork_asm+0x1a/0x30 [ 48.690000] [ 48.690074] freed by task 354 on cpu 0 at 48.682835s (0.007235s ago): [ 48.691565] krealloc_noprof+0x108/0x340 [ 48.692387] test_krealloc+0x226/0xbe0 [ 48.693042] kunit_try_run_case+0x1a5/0x480 [ 48.693770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.694672] kthread+0x337/0x6f0 [ 48.695227] ret_from_fork+0x116/0x1d0 [ 48.695661] ret_from_fork_asm+0x1a/0x30 [ 48.695853] [ 48.695989] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.696527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.696741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.697127] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 48.602675] ================================================================== [ 48.603106] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.603106] [ 48.603502] Use-after-free read at 0x(____ptrval____) (in kfence-#140): [ 48.603896] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.604139] kunit_try_run_case+0x1a5/0x480 [ 48.604444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.604621] kthread+0x337/0x6f0 [ 48.604745] ret_from_fork+0x116/0x1d0 [ 48.604906] ret_from_fork_asm+0x1a/0x30 [ 48.605106] [ 48.605220] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 48.605220] [ 48.605630] allocated by task 352 on cpu 0 at 48.578559s (0.027069s ago): [ 48.605919] test_alloc+0x2a6/0x10f0 [ 48.606080] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 48.606256] kunit_try_run_case+0x1a5/0x480 [ 48.606400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.606649] kthread+0x337/0x6f0 [ 48.606829] ret_from_fork+0x116/0x1d0 [ 48.607015] ret_from_fork_asm+0x1a/0x30 [ 48.607209] [ 48.607309] freed by task 352 on cpu 0 at 48.578682s (0.028624s ago): [ 48.607532] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 48.608525] kunit_try_run_case+0x1a5/0x480 [ 48.608768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.608983] kthread+0x337/0x6f0 [ 48.609120] ret_from_fork+0x116/0x1d0 [ 48.609278] ret_from_fork_asm+0x1a/0x30 [ 48.609585] [ 48.609715] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.610119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.610336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.610719] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 23.839041] ================================================================== [ 23.839633] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 23.839633] [ 23.840707] Invalid read at 0x(____ptrval____): [ 23.841435] test_invalid_access+0xf0/0x210 [ 23.841853] kunit_try_run_case+0x1a5/0x480 [ 23.842055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.842398] kthread+0x337/0x6f0 [ 23.842835] ret_from_fork+0x116/0x1d0 [ 23.843036] ret_from_fork_asm+0x1a/0x30 [ 23.843238] [ 23.843658] CPU: 0 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.844304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.844483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.844881] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 23.618849] ================================================================== [ 23.619382] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.619382] [ 23.619750] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#135): [ 23.620324] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.620689] kunit_try_run_case+0x1a5/0x480 [ 23.620941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.621179] kthread+0x337/0x6f0 [ 23.621318] ret_from_fork+0x116/0x1d0 [ 23.621507] ret_from_fork_asm+0x1a/0x30 [ 23.621708] [ 23.621892] kfence-#135: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.621892] [ 23.622246] allocated by task 342 on cpu 0 at 23.618578s (0.003666s ago): [ 23.622503] test_alloc+0x364/0x10f0 [ 23.622768] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 23.622964] kunit_try_run_case+0x1a5/0x480 [ 23.623164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.623534] kthread+0x337/0x6f0 [ 23.623684] ret_from_fork+0x116/0x1d0 [ 23.623854] ret_from_fork_asm+0x1a/0x30 [ 23.624003] [ 23.624103] freed by task 342 on cpu 0 at 23.618726s (0.005375s ago): [ 23.624414] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.624684] kunit_try_run_case+0x1a5/0x480 [ 23.624861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.625118] kthread+0x337/0x6f0 [ 23.625304] ret_from_fork+0x116/0x1d0 [ 23.625472] ret_from_fork_asm+0x1a/0x30 [ 23.625627] [ 23.625760] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.626239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.626406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.626788] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 23.410803] ================================================================== [ 23.411244] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.411244] [ 23.411711] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#133): [ 23.412076] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.412293] kunit_try_run_case+0x1a5/0x480 [ 23.412444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412816] kthread+0x337/0x6f0 [ 23.412994] ret_from_fork+0x116/0x1d0 [ 23.413159] ret_from_fork_asm+0x1a/0x30 [ 23.413316] [ 23.413414] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.413414] [ 23.413809] allocated by task 340 on cpu 1 at 23.410564s (0.003243s ago): [ 23.414039] test_alloc+0x364/0x10f0 [ 23.414238] test_kmalloc_aligned_oob_read+0x105/0x560 [ 23.414505] kunit_try_run_case+0x1a5/0x480 [ 23.414717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.414971] kthread+0x337/0x6f0 [ 23.415106] ret_from_fork+0x116/0x1d0 [ 23.415367] ret_from_fork_asm+0x1a/0x30 [ 23.415539] [ 23.415668] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.416098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.416282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.416654] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 18.730847] ================================================================== [ 18.731323] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 18.731323] [ 18.731673] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#88): [ 18.732824] test_corruption+0x2d2/0x3e0 [ 18.733030] kunit_try_run_case+0x1a5/0x480 [ 18.733240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.733867] kthread+0x337/0x6f0 [ 18.734139] ret_from_fork+0x116/0x1d0 [ 18.734414] ret_from_fork_asm+0x1a/0x30 [ 18.734768] [ 18.734875] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.734875] [ 18.735400] allocated by task 328 on cpu 0 at 18.730580s (0.004818s ago): [ 18.735839] test_alloc+0x364/0x10f0 [ 18.736005] test_corruption+0xe6/0x3e0 [ 18.736177] kunit_try_run_case+0x1a5/0x480 [ 18.736611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.736826] kthread+0x337/0x6f0 [ 18.737130] ret_from_fork+0x116/0x1d0 [ 18.737384] ret_from_fork_asm+0x1a/0x30 [ 18.737566] [ 18.737665] freed by task 328 on cpu 0 at 18.730688s (0.006975s ago): [ 18.737942] test_corruption+0x2d2/0x3e0 [ 18.738120] kunit_try_run_case+0x1a5/0x480 [ 18.738679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.738992] kthread+0x337/0x6f0 [ 18.739125] ret_from_fork+0x116/0x1d0 [ 18.739351] ret_from_fork_asm+0x1a/0x30 [ 18.739691] [ 18.739827] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.740436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.740701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.741064] ================================================================== [ 19.042823] ================================================================== [ 19.043296] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 19.043296] [ 19.043694] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#91): [ 19.044098] test_corruption+0x2df/0x3e0 [ 19.044305] kunit_try_run_case+0x1a5/0x480 [ 19.044531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.044713] kthread+0x337/0x6f0 [ 19.044896] ret_from_fork+0x116/0x1d0 [ 19.045089] ret_from_fork_asm+0x1a/0x30 [ 19.045309] [ 19.045392] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.045392] [ 19.045738] allocated by task 328 on cpu 0 at 19.042549s (0.003187s ago): [ 19.045976] test_alloc+0x364/0x10f0 [ 19.046158] test_corruption+0x1cb/0x3e0 [ 19.046371] kunit_try_run_case+0x1a5/0x480 [ 19.046590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.046834] kthread+0x337/0x6f0 [ 19.047005] ret_from_fork+0x116/0x1d0 [ 19.047189] ret_from_fork_asm+0x1a/0x30 [ 19.047340] [ 19.047414] freed by task 328 on cpu 0 at 19.042658s (0.004753s ago): [ 19.047708] test_corruption+0x2df/0x3e0 [ 19.047904] kunit_try_run_case+0x1a5/0x480 [ 19.048258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.048478] kthread+0x337/0x6f0 [ 19.048642] ret_from_fork+0x116/0x1d0 [ 19.048776] ret_from_fork_asm+0x1a/0x30 [ 19.048924] [ 19.049050] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.049627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.049828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.050196] ================================================================== [ 19.250728] ================================================================== [ 19.251120] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 19.251120] [ 19.251459] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#93): [ 19.251843] test_corruption+0x216/0x3e0 [ 19.252038] kunit_try_run_case+0x1a5/0x480 [ 19.252190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.252532] kthread+0x337/0x6f0 [ 19.252691] ret_from_fork+0x116/0x1d0 [ 19.252835] ret_from_fork_asm+0x1a/0x30 [ 19.253203] [ 19.253355] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.253355] [ 19.253638] allocated by task 330 on cpu 1 at 19.250596s (0.003040s ago): [ 19.253908] test_alloc+0x2a6/0x10f0 [ 19.254098] test_corruption+0x1cb/0x3e0 [ 19.254310] kunit_try_run_case+0x1a5/0x480 [ 19.254526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.254885] kthread+0x337/0x6f0 [ 19.255008] ret_from_fork+0x116/0x1d0 [ 19.255173] ret_from_fork_asm+0x1a/0x30 [ 19.255377] [ 19.255474] freed by task 330 on cpu 1 at 19.250656s (0.004815s ago): [ 19.255868] test_corruption+0x216/0x3e0 [ 19.256006] kunit_try_run_case+0x1a5/0x480 [ 19.256155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.256652] kthread+0x337/0x6f0 [ 19.256839] ret_from_fork+0x116/0x1d0 [ 19.257034] ret_from_fork_asm+0x1a/0x30 [ 19.257196] [ 19.257331] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.257834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.257996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.258276] ================================================================== [ 19.146713] ================================================================== [ 19.147122] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 19.147122] [ 19.147484] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#92): [ 19.148107] test_corruption+0x131/0x3e0 [ 19.148283] kunit_try_run_case+0x1a5/0x480 [ 19.148434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.148685] kthread+0x337/0x6f0 [ 19.148923] ret_from_fork+0x116/0x1d0 [ 19.149099] ret_from_fork_asm+0x1a/0x30 [ 19.149254] [ 19.149332] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.149332] [ 19.150053] allocated by task 330 on cpu 1 at 19.146594s (0.003457s ago): [ 19.150369] test_alloc+0x2a6/0x10f0 [ 19.150558] test_corruption+0xe6/0x3e0 [ 19.150734] kunit_try_run_case+0x1a5/0x480 [ 19.150922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.151095] kthread+0x337/0x6f0 [ 19.151289] ret_from_fork+0x116/0x1d0 [ 19.151482] ret_from_fork_asm+0x1a/0x30 [ 19.151681] [ 19.151753] freed by task 330 on cpu 1 at 19.146638s (0.005113s ago): [ 19.151964] test_corruption+0x131/0x3e0 [ 19.152130] kunit_try_run_case+0x1a5/0x480 [ 19.152343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.152601] kthread+0x337/0x6f0 [ 19.152749] ret_from_fork+0x116/0x1d0 [ 19.152891] ret_from_fork_asm+0x1a/0x30 [ 19.153031] [ 19.153134] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.154139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.154326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.154625] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 18.522703] ================================================================== [ 18.523108] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 18.523108] [ 18.523480] Invalid free of 0x(____ptrval____) (in kfence-#86): [ 18.523770] test_invalid_addr_free+0x1e1/0x260 [ 18.523970] kunit_try_run_case+0x1a5/0x480 [ 18.524137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.524401] kthread+0x337/0x6f0 [ 18.524565] ret_from_fork+0x116/0x1d0 [ 18.524702] ret_from_fork_asm+0x1a/0x30 [ 18.525398] [ 18.525524] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.525524] [ 18.525957] allocated by task 324 on cpu 1 at 18.522553s (0.003402s ago): [ 18.526205] test_alloc+0x364/0x10f0 [ 18.526402] test_invalid_addr_free+0xdb/0x260 [ 18.526596] kunit_try_run_case+0x1a5/0x480 [ 18.526842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.527062] kthread+0x337/0x6f0 [ 18.527268] ret_from_fork+0x116/0x1d0 [ 18.527498] ret_from_fork_asm+0x1a/0x30 [ 18.527678] [ 18.527830] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.528324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.528530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.528854] ================================================================== [ 18.626745] ================================================================== [ 18.627285] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 18.627285] [ 18.627632] Invalid free of 0x(____ptrval____) (in kfence-#87): [ 18.627925] test_invalid_addr_free+0xfb/0x260 [ 18.628127] kunit_try_run_case+0x1a5/0x480 [ 18.628331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.628565] kthread+0x337/0x6f0 [ 18.628736] ret_from_fork+0x116/0x1d0 [ 18.628916] ret_from_fork_asm+0x1a/0x30 [ 18.629059] [ 18.629134] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.629134] [ 18.629778] allocated by task 326 on cpu 0 at 18.626621s (0.003155s ago): [ 18.630083] test_alloc+0x2a6/0x10f0 [ 18.630284] test_invalid_addr_free+0xdb/0x260 [ 18.630474] kunit_try_run_case+0x1a5/0x480 [ 18.630652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.630827] kthread+0x337/0x6f0 [ 18.630999] ret_from_fork+0x116/0x1d0 [ 18.631186] ret_from_fork_asm+0x1a/0x30 [ 18.631398] [ 18.631534] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.631950] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.632145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.632590] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 18.314948] ================================================================== [ 18.315475] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 18.315475] [ 18.315825] Invalid free of 0x(____ptrval____) (in kfence-#84): [ 18.316115] test_double_free+0x1d3/0x260 [ 18.316309] kunit_try_run_case+0x1a5/0x480 [ 18.316974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.317716] kthread+0x337/0x6f0 [ 18.317929] ret_from_fork+0x116/0x1d0 [ 18.318086] ret_from_fork_asm+0x1a/0x30 [ 18.318527] [ 18.318613] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.318613] [ 18.319183] allocated by task 320 on cpu 0 at 18.314647s (0.004533s ago): [ 18.319651] test_alloc+0x364/0x10f0 [ 18.319923] test_double_free+0xdb/0x260 [ 18.320203] kunit_try_run_case+0x1a5/0x480 [ 18.320578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.320910] kthread+0x337/0x6f0 [ 18.321163] ret_from_fork+0x116/0x1d0 [ 18.321520] ret_from_fork_asm+0x1a/0x30 [ 18.321709] [ 18.321809] freed by task 320 on cpu 0 at 18.314721s (0.007085s ago): [ 18.322104] test_double_free+0x1e0/0x260 [ 18.322606] kunit_try_run_case+0x1a5/0x480 [ 18.322810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.323128] kthread+0x337/0x6f0 [ 18.323284] ret_from_fork+0x116/0x1d0 [ 18.323585] ret_from_fork_asm+0x1a/0x30 [ 18.323765] [ 18.323902] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.324294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.324601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.324999] ================================================================== [ 18.418800] ================================================================== [ 18.419258] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 18.419258] [ 18.419580] Invalid free of 0x(____ptrval____) (in kfence-#85): [ 18.420175] test_double_free+0x112/0x260 [ 18.420637] kunit_try_run_case+0x1a5/0x480 [ 18.420860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.421095] kthread+0x337/0x6f0 [ 18.421283] ret_from_fork+0x116/0x1d0 [ 18.421806] ret_from_fork_asm+0x1a/0x30 [ 18.422003] [ 18.422087] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.422087] [ 18.422460] allocated by task 322 on cpu 1 at 18.418598s (0.003860s ago): [ 18.422807] test_alloc+0x2a6/0x10f0 [ 18.423081] test_double_free+0xdb/0x260 [ 18.423253] kunit_try_run_case+0x1a5/0x480 [ 18.423801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.424090] kthread+0x337/0x6f0 [ 18.424233] ret_from_fork+0x116/0x1d0 [ 18.424591] ret_from_fork_asm+0x1a/0x30 [ 18.424803] [ 18.424897] freed by task 322 on cpu 1 at 18.418663s (0.006232s ago): [ 18.425189] test_double_free+0xfa/0x260 [ 18.425719] kunit_try_run_case+0x1a5/0x480 [ 18.426023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.426256] kthread+0x337/0x6f0 [ 18.426447] ret_from_fork+0x116/0x1d0 [ 18.426616] ret_from_fork_asm+0x1a/0x30 [ 18.426808] [ 18.426945] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.427391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.427557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.427917] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 17.898794] ================================================================== [ 17.899280] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.899280] [ 17.899688] Use-after-free read at 0x(____ptrval____) (in kfence-#80): [ 17.899974] test_use_after_free_read+0x129/0x270 [ 17.900187] kunit_try_run_case+0x1a5/0x480 [ 17.900367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.900586] kthread+0x337/0x6f0 [ 17.900714] ret_from_fork+0x116/0x1d0 [ 17.900859] ret_from_fork_asm+0x1a/0x30 [ 17.901203] [ 17.901316] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.901316] [ 17.901724] allocated by task 312 on cpu 1 at 17.898579s (0.003143s ago): [ 17.901952] test_alloc+0x364/0x10f0 [ 17.902352] test_use_after_free_read+0xdc/0x270 [ 17.902552] kunit_try_run_case+0x1a5/0x480 [ 17.902740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.902915] kthread+0x337/0x6f0 [ 17.903038] ret_from_fork+0x116/0x1d0 [ 17.903206] ret_from_fork_asm+0x1a/0x30 [ 17.903670] [ 17.903974] freed by task 312 on cpu 1 at 17.898634s (0.005221s ago): [ 17.904643] test_use_after_free_read+0x1e7/0x270 [ 17.905434] kunit_try_run_case+0x1a5/0x480 [ 17.905663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.905927] kthread+0x337/0x6f0 [ 17.906303] ret_from_fork+0x116/0x1d0 [ 17.906506] ret_from_fork_asm+0x1a/0x30 [ 17.906863] [ 17.907020] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.907745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.908067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.908558] ================================================================== [ 18.002741] ================================================================== [ 18.003173] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.003173] [ 18.003933] Use-after-free read at 0x(____ptrval____) (in kfence-#81): [ 18.004145] test_use_after_free_read+0x129/0x270 [ 18.004354] kunit_try_run_case+0x1a5/0x480 [ 18.004509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.004683] kthread+0x337/0x6f0 [ 18.004817] ret_from_fork+0x116/0x1d0 [ 18.004953] ret_from_fork_asm+0x1a/0x30 [ 18.005094] [ 18.005172] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.005172] [ 18.005525] allocated by task 314 on cpu 0 at 18.002596s (0.002927s ago): [ 18.005761] test_alloc+0x2a6/0x10f0 [ 18.005895] test_use_after_free_read+0xdc/0x270 [ 18.006051] kunit_try_run_case+0x1a5/0x480 [ 18.006200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.006652] kthread+0x337/0x6f0 [ 18.006949] ret_from_fork+0x116/0x1d0 [ 18.007306] ret_from_fork_asm+0x1a/0x30 [ 18.007657] [ 18.007817] freed by task 314 on cpu 0 at 18.002655s (0.005160s ago): [ 18.008454] test_use_after_free_read+0xfb/0x270 [ 18.008867] kunit_try_run_case+0x1a5/0x480 [ 18.009288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.009658] kthread+0x337/0x6f0 [ 18.009783] ret_from_fork+0x116/0x1d0 [ 18.009917] ret_from_fork_asm+0x1a/0x30 [ 18.010057] [ 18.010166] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.010638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.010812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.011167] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 17.794706] ================================================================== [ 17.795206] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.795206] [ 17.795620] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#79): [ 17.795955] test_out_of_bounds_write+0x10d/0x260 [ 17.796127] kunit_try_run_case+0x1a5/0x480 [ 17.796332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.796547] kthread+0x337/0x6f0 [ 17.796749] ret_from_fork+0x116/0x1d0 [ 17.796960] ret_from_fork_asm+0x1a/0x30 [ 17.797104] [ 17.797207] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.797207] [ 17.797822] allocated by task 310 on cpu 0 at 17.794640s (0.003179s ago): [ 17.798083] test_alloc+0x2a6/0x10f0 [ 17.798286] test_out_of_bounds_write+0xd4/0x260 [ 17.798485] kunit_try_run_case+0x1a5/0x480 [ 17.798719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.798942] kthread+0x337/0x6f0 [ 17.799100] ret_from_fork+0x116/0x1d0 [ 17.799272] ret_from_fork_asm+0x1a/0x30 [ 17.799475] [ 17.799601] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.800059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.800208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.800621] ================================================================== [ 17.588527] ================================================================== [ 17.588929] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.588929] [ 17.589298] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#77): [ 17.589707] test_out_of_bounds_write+0x10d/0x260 [ 17.589905] kunit_try_run_case+0x1a5/0x480 [ 17.590070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.590329] kthread+0x337/0x6f0 [ 17.590578] ret_from_fork+0x116/0x1d0 [ 17.590768] ret_from_fork_asm+0x1a/0x30 [ 17.590909] [ 17.591012] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.591012] [ 17.591466] allocated by task 308 on cpu 1 at 17.588306s (0.003158s ago): [ 17.591770] test_alloc+0x364/0x10f0 [ 17.591963] test_out_of_bounds_write+0xd4/0x260 [ 17.592228] kunit_try_run_case+0x1a5/0x480 [ 17.592440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.592729] kthread+0x337/0x6f0 [ 17.592865] ret_from_fork+0x116/0x1d0 [ 17.593012] ret_from_fork_asm+0x1a/0x30 [ 17.593212] [ 17.593345] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.593745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.593931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.594568] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 17.482613] ================================================================== [ 17.483086] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.483086] [ 17.483502] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#76): [ 17.483852] test_out_of_bounds_read+0x216/0x4e0 [ 17.484094] kunit_try_run_case+0x1a5/0x480 [ 17.484386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.484602] kthread+0x337/0x6f0 [ 17.484784] ret_from_fork+0x116/0x1d0 [ 17.484981] ret_from_fork_asm+0x1a/0x30 [ 17.485172] [ 17.485285] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.485285] [ 17.485626] allocated by task 306 on cpu 1 at 17.482548s (0.003076s ago): [ 17.485905] test_alloc+0x2a6/0x10f0 [ 17.486121] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.486386] kunit_try_run_case+0x1a5/0x480 [ 17.486690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.486940] kthread+0x337/0x6f0 [ 17.487143] ret_from_fork+0x116/0x1d0 [ 17.487341] ret_from_fork_asm+0x1a/0x30 [ 17.487551] [ 17.487690] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.488158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.488374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.488771] ================================================================== [ 16.339886] ================================================================== [ 16.340730] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.340730] [ 16.341541] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#65): [ 16.342437] test_out_of_bounds_read+0x126/0x4e0 [ 16.342930] kunit_try_run_case+0x1a5/0x480 [ 16.343090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.343297] kthread+0x337/0x6f0 [ 16.343671] ret_from_fork+0x116/0x1d0 [ 16.344054] ret_from_fork_asm+0x1a/0x30 [ 16.344519] [ 16.344981] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.344981] [ 16.346079] allocated by task 304 on cpu 0 at 16.338602s (0.007417s ago): [ 16.346933] test_alloc+0x364/0x10f0 [ 16.347099] test_out_of_bounds_read+0xed/0x4e0 [ 16.347274] kunit_try_run_case+0x1a5/0x480 [ 16.347622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.347856] kthread+0x337/0x6f0 [ 16.348024] ret_from_fork+0x116/0x1d0 [ 16.348171] ret_from_fork_asm+0x1a/0x30 [ 16.348605] [ 16.348779] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.349302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.349449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.350103] ================================================================== [ 16.962683] ================================================================== [ 16.963098] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.963098] [ 16.963589] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#71): [ 16.963940] test_out_of_bounds_read+0x126/0x4e0 [ 16.964145] kunit_try_run_case+0x1a5/0x480 [ 16.964368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.964545] kthread+0x337/0x6f0 [ 16.964669] ret_from_fork+0x116/0x1d0 [ 16.965011] ret_from_fork_asm+0x1a/0x30 [ 16.965350] [ 16.965454] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.965454] [ 16.966409] allocated by task 306 on cpu 1 at 16.962611s (0.003794s ago): [ 16.966840] test_alloc+0x2a6/0x10f0 [ 16.967007] test_out_of_bounds_read+0xed/0x4e0 [ 16.967164] kunit_try_run_case+0x1a5/0x480 [ 16.967448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.967710] kthread+0x337/0x6f0 [ 16.967863] ret_from_fork+0x116/0x1d0 [ 16.968033] ret_from_fork_asm+0x1a/0x30 [ 16.968240] [ 16.968347] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.968679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.968829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.969261] ================================================================== [ 16.858756] ================================================================== [ 16.859188] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.859188] [ 16.859645] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#70): [ 16.859999] test_out_of_bounds_read+0x216/0x4e0 [ 16.860208] kunit_try_run_case+0x1a5/0x480 [ 16.860518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.860744] kthread+0x337/0x6f0 [ 16.860885] ret_from_fork+0x116/0x1d0 [ 16.861080] ret_from_fork_asm+0x1a/0x30 [ 16.861293] [ 16.861397] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.861397] [ 16.861743] allocated by task 304 on cpu 0 at 16.858551s (0.003190s ago): [ 16.862076] test_alloc+0x364/0x10f0 [ 16.862285] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.862479] kunit_try_run_case+0x1a5/0x480 [ 16.862626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.862867] kthread+0x337/0x6f0 [ 16.863034] ret_from_fork+0x116/0x1d0 [ 16.863234] ret_from_fork_asm+0x1a/0x30 [ 16.863432] [ 16.863549] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.864005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.864177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.864658] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 16.256971] ================================================================== [ 16.257385] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.257688] Write of size 1 at addr ffff888103980f78 by task kunit_try_catch/302 [ 16.257976] [ 16.258095] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.258144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.258158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.258183] Call Trace: [ 16.258205] <TASK> [ 16.258238] dump_stack_lvl+0x73/0xb0 [ 16.258281] print_report+0xd1/0x650 [ 16.258306] ? __virt_addr_valid+0x1db/0x2d0 [ 16.258329] ? strncpy_from_user+0x1a5/0x1d0 [ 16.258351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.258374] ? strncpy_from_user+0x1a5/0x1d0 [ 16.258397] kasan_report+0x141/0x180 [ 16.258420] ? strncpy_from_user+0x1a5/0x1d0 [ 16.258448] __asan_report_store1_noabort+0x1b/0x30 [ 16.258468] strncpy_from_user+0x1a5/0x1d0 [ 16.258494] copy_user_test_oob+0x760/0x10f0 [ 16.258520] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.258543] ? finish_task_switch.isra.0+0x153/0x700 [ 16.258566] ? __switch_to+0x47/0xf50 [ 16.258592] ? __schedule+0x10cc/0x2b60 [ 16.258614] ? __pfx_read_tsc+0x10/0x10 [ 16.258636] ? ktime_get_ts64+0x86/0x230 [ 16.258661] kunit_try_run_case+0x1a5/0x480 [ 16.258686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.258709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.258733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.258756] ? __kthread_parkme+0x82/0x180 [ 16.258778] ? preempt_count_sub+0x50/0x80 [ 16.258801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.258824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.258847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.258870] kthread+0x337/0x6f0 [ 16.258890] ? trace_preempt_on+0x20/0xc0 [ 16.258914] ? __pfx_kthread+0x10/0x10 [ 16.258935] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.258956] ? calculate_sigpending+0x7b/0xa0 [ 16.258981] ? __pfx_kthread+0x10/0x10 [ 16.259002] ret_from_fork+0x116/0x1d0 [ 16.259021] ? __pfx_kthread+0x10/0x10 [ 16.259042] ret_from_fork_asm+0x1a/0x30 [ 16.259073] </TASK> [ 16.259085] [ 16.266177] Allocated by task 302: [ 16.266389] kasan_save_stack+0x45/0x70 [ 16.266594] kasan_save_track+0x18/0x40 [ 16.266791] kasan_save_alloc_info+0x3b/0x50 [ 16.267006] __kasan_kmalloc+0xb7/0xc0 [ 16.267140] __kmalloc_noprof+0x1c9/0x500 [ 16.267354] kunit_kmalloc_array+0x25/0x60 [ 16.267564] copy_user_test_oob+0xab/0x10f0 [ 16.267779] kunit_try_run_case+0x1a5/0x480 [ 16.267970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.268196] kthread+0x337/0x6f0 [ 16.268411] ret_from_fork+0x116/0x1d0 [ 16.268595] ret_from_fork_asm+0x1a/0x30 [ 16.268764] [ 16.268880] The buggy address belongs to the object at ffff888103980f00 [ 16.268880] which belongs to the cache kmalloc-128 of size 128 [ 16.269256] The buggy address is located 0 bytes to the right of [ 16.269256] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.269881] [ 16.269983] The buggy address belongs to the physical page: [ 16.270247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.270620] flags: 0x200000000000000(node=0|zone=2) [ 16.270913] page_type: f5(slab) [ 16.271059] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.271305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.271533] page dumped because: kasan: bad access detected [ 16.271746] [ 16.271849] Memory state around the buggy address: [ 16.272075] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.272399] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.272865] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.273106] ^ [ 16.273553] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.273883] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.274161] ================================================================== [ 16.234786] ================================================================== [ 16.235150] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.235506] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.235848] [ 16.235960] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.236008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.236023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.236061] Call Trace: [ 16.236084] <TASK> [ 16.236106] dump_stack_lvl+0x73/0xb0 [ 16.236138] print_report+0xd1/0x650 [ 16.236163] ? __virt_addr_valid+0x1db/0x2d0 [ 16.236189] ? strncpy_from_user+0x2e/0x1d0 [ 16.236211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.236246] ? strncpy_from_user+0x2e/0x1d0 [ 16.236278] kasan_report+0x141/0x180 [ 16.236300] ? strncpy_from_user+0x2e/0x1d0 [ 16.236328] kasan_check_range+0x10c/0x1c0 [ 16.236354] __kasan_check_write+0x18/0x20 [ 16.236377] strncpy_from_user+0x2e/0x1d0 [ 16.236401] ? __kasan_check_read+0x15/0x20 [ 16.236423] copy_user_test_oob+0x760/0x10f0 [ 16.236449] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.236472] ? finish_task_switch.isra.0+0x153/0x700 [ 16.236495] ? __switch_to+0x47/0xf50 [ 16.236522] ? __schedule+0x10cc/0x2b60 [ 16.236545] ? __pfx_read_tsc+0x10/0x10 [ 16.236568] ? ktime_get_ts64+0x86/0x230 [ 16.236594] kunit_try_run_case+0x1a5/0x480 [ 16.236621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.236643] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.236667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.236690] ? __kthread_parkme+0x82/0x180 [ 16.236712] ? preempt_count_sub+0x50/0x80 [ 16.236735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.236759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.236782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.236813] kthread+0x337/0x6f0 [ 16.236832] ? trace_preempt_on+0x20/0xc0 [ 16.236856] ? __pfx_kthread+0x10/0x10 [ 16.236877] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.236898] ? calculate_sigpending+0x7b/0xa0 [ 16.236923] ? __pfx_kthread+0x10/0x10 [ 16.236945] ret_from_fork+0x116/0x1d0 [ 16.236964] ? __pfx_kthread+0x10/0x10 [ 16.236986] ret_from_fork_asm+0x1a/0x30 [ 16.237018] </TASK> [ 16.237031] [ 16.244398] Allocated by task 302: [ 16.244638] kasan_save_stack+0x45/0x70 [ 16.244852] kasan_save_track+0x18/0x40 [ 16.245039] kasan_save_alloc_info+0x3b/0x50 [ 16.245258] __kasan_kmalloc+0xb7/0xc0 [ 16.245612] __kmalloc_noprof+0x1c9/0x500 [ 16.245812] kunit_kmalloc_array+0x25/0x60 [ 16.245968] copy_user_test_oob+0xab/0x10f0 [ 16.246116] kunit_try_run_case+0x1a5/0x480 [ 16.247457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.247743] kthread+0x337/0x6f0 [ 16.247917] ret_from_fork+0x116/0x1d0 [ 16.248105] ret_from_fork_asm+0x1a/0x30 [ 16.248676] [ 16.248808] The buggy address belongs to the object at ffff888103980f00 [ 16.248808] which belongs to the cache kmalloc-128 of size 128 [ 16.249488] The buggy address is located 0 bytes inside of [ 16.249488] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.250229] [ 16.250469] The buggy address belongs to the physical page: [ 16.250744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.251084] flags: 0x200000000000000(node=0|zone=2) [ 16.251527] page_type: f5(slab) [ 16.251842] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.252526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.252933] page dumped because: kasan: bad access detected [ 16.253181] [ 16.253469] Memory state around the buggy address: [ 16.253844] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.254522] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.254914] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.255211] ^ [ 16.255440] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.255977] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.256233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 16.192580] ================================================================== [ 16.192903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.193195] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.193518] [ 16.193645] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.193692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.193706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.193729] Call Trace: [ 16.193751] <TASK> [ 16.193771] dump_stack_lvl+0x73/0xb0 [ 16.193800] print_report+0xd1/0x650 [ 16.193824] ? __virt_addr_valid+0x1db/0x2d0 [ 16.193847] ? copy_user_test_oob+0x557/0x10f0 [ 16.193870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.193892] ? copy_user_test_oob+0x557/0x10f0 [ 16.193915] kasan_report+0x141/0x180 [ 16.193937] ? copy_user_test_oob+0x557/0x10f0 [ 16.193965] kasan_check_range+0x10c/0x1c0 [ 16.193992] __kasan_check_write+0x18/0x20 [ 16.194012] copy_user_test_oob+0x557/0x10f0 [ 16.194038] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.194059] ? finish_task_switch.isra.0+0x153/0x700 [ 16.194082] ? __switch_to+0x47/0xf50 [ 16.194108] ? __schedule+0x10cc/0x2b60 [ 16.194130] ? __pfx_read_tsc+0x10/0x10 [ 16.194152] ? ktime_get_ts64+0x86/0x230 [ 16.194178] kunit_try_run_case+0x1a5/0x480 [ 16.194204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.194238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.194262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.194285] ? __kthread_parkme+0x82/0x180 [ 16.194307] ? preempt_count_sub+0x50/0x80 [ 16.194330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.194353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.194376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.194401] kthread+0x337/0x6f0 [ 16.194420] ? trace_preempt_on+0x20/0xc0 [ 16.194443] ? __pfx_kthread+0x10/0x10 [ 16.194464] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.194485] ? calculate_sigpending+0x7b/0xa0 [ 16.194510] ? __pfx_kthread+0x10/0x10 [ 16.194531] ret_from_fork+0x116/0x1d0 [ 16.194550] ? __pfx_kthread+0x10/0x10 [ 16.194571] ret_from_fork_asm+0x1a/0x30 [ 16.194602] </TASK> [ 16.194614] [ 16.201756] Allocated by task 302: [ 16.201960] kasan_save_stack+0x45/0x70 [ 16.202171] kasan_save_track+0x18/0x40 [ 16.202377] kasan_save_alloc_info+0x3b/0x50 [ 16.202595] __kasan_kmalloc+0xb7/0xc0 [ 16.202787] __kmalloc_noprof+0x1c9/0x500 [ 16.202988] kunit_kmalloc_array+0x25/0x60 [ 16.203158] copy_user_test_oob+0xab/0x10f0 [ 16.203357] kunit_try_run_case+0x1a5/0x480 [ 16.203567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.203741] kthread+0x337/0x6f0 [ 16.203864] ret_from_fork+0x116/0x1d0 [ 16.204056] ret_from_fork_asm+0x1a/0x30 [ 16.204274] [ 16.204379] The buggy address belongs to the object at ffff888103980f00 [ 16.204379] which belongs to the cache kmalloc-128 of size 128 [ 16.205022] The buggy address is located 0 bytes inside of [ 16.205022] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.205461] [ 16.205538] The buggy address belongs to the physical page: [ 16.205716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.205959] flags: 0x200000000000000(node=0|zone=2) [ 16.206131] page_type: f5(slab) [ 16.206285] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.206628] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.206967] page dumped because: kasan: bad access detected [ 16.207229] [ 16.207395] Memory state around the buggy address: [ 16.207562] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.207778] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.207994] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.208208] ^ [ 16.208432] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.208651] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.208995] ================================================================== [ 16.156574] ================================================================== [ 16.156986] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.157325] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.157613] [ 16.157734] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.157786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.157799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.157825] Call Trace: [ 16.157842] <TASK> [ 16.157862] dump_stack_lvl+0x73/0xb0 [ 16.157893] print_report+0xd1/0x650 [ 16.157915] ? __virt_addr_valid+0x1db/0x2d0 [ 16.157939] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.157962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.157984] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.158008] kasan_report+0x141/0x180 [ 16.158029] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.158058] kasan_check_range+0x10c/0x1c0 [ 16.158082] __kasan_check_write+0x18/0x20 [ 16.158103] copy_user_test_oob+0x3fd/0x10f0 [ 16.158128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.158153] ? finish_task_switch.isra.0+0x153/0x700 [ 16.158177] ? __switch_to+0x47/0xf50 [ 16.158203] ? __schedule+0x10cc/0x2b60 [ 16.158240] ? __pfx_read_tsc+0x10/0x10 [ 16.158274] ? ktime_get_ts64+0x86/0x230 [ 16.158298] kunit_try_run_case+0x1a5/0x480 [ 16.158324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.158347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.158371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.158394] ? __kthread_parkme+0x82/0x180 [ 16.158416] ? preempt_count_sub+0x50/0x80 [ 16.158438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.158462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.158485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.158508] kthread+0x337/0x6f0 [ 16.158527] ? trace_preempt_on+0x20/0xc0 [ 16.158551] ? __pfx_kthread+0x10/0x10 [ 16.158573] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.158594] ? calculate_sigpending+0x7b/0xa0 [ 16.158618] ? __pfx_kthread+0x10/0x10 [ 16.158640] ret_from_fork+0x116/0x1d0 [ 16.158659] ? __pfx_kthread+0x10/0x10 [ 16.158680] ret_from_fork_asm+0x1a/0x30 [ 16.158711] </TASK> [ 16.158723] [ 16.165871] Allocated by task 302: [ 16.166031] kasan_save_stack+0x45/0x70 [ 16.166263] kasan_save_track+0x18/0x40 [ 16.166462] kasan_save_alloc_info+0x3b/0x50 [ 16.166679] __kasan_kmalloc+0xb7/0xc0 [ 16.166868] __kmalloc_noprof+0x1c9/0x500 [ 16.167075] kunit_kmalloc_array+0x25/0x60 [ 16.167315] copy_user_test_oob+0xab/0x10f0 [ 16.167534] kunit_try_run_case+0x1a5/0x480 [ 16.167699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.167946] kthread+0x337/0x6f0 [ 16.168118] ret_from_fork+0x116/0x1d0 [ 16.168275] ret_from_fork_asm+0x1a/0x30 [ 16.168479] [ 16.168581] The buggy address belongs to the object at ffff888103980f00 [ 16.168581] which belongs to the cache kmalloc-128 of size 128 [ 16.169054] The buggy address is located 0 bytes inside of [ 16.169054] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.169619] [ 16.169728] The buggy address belongs to the physical page: [ 16.169928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.170253] flags: 0x200000000000000(node=0|zone=2) [ 16.170498] page_type: f5(slab) [ 16.170624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.170857] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.171084] page dumped because: kasan: bad access detected [ 16.171396] [ 16.171491] Memory state around the buggy address: [ 16.171717] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.172030] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.172365] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.172582] ^ [ 16.172803] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.173020] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.173456] ================================================================== [ 16.174136] ================================================================== [ 16.174900] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.175237] Read of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.175544] [ 16.175637] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.175684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.175697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.175721] Call Trace: [ 16.175742] <TASK> [ 16.175764] dump_stack_lvl+0x73/0xb0 [ 16.175794] print_report+0xd1/0x650 [ 16.175817] ? __virt_addr_valid+0x1db/0x2d0 [ 16.175841] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175863] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.175886] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175910] kasan_report+0x141/0x180 [ 16.175932] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175960] kasan_check_range+0x10c/0x1c0 [ 16.175983] __kasan_check_read+0x15/0x20 [ 16.176003] copy_user_test_oob+0x4aa/0x10f0 [ 16.176028] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.176053] ? finish_task_switch.isra.0+0x153/0x700 [ 16.176076] ? __switch_to+0x47/0xf50 [ 16.176101] ? __schedule+0x10cc/0x2b60 [ 16.176124] ? __pfx_read_tsc+0x10/0x10 [ 16.176146] ? ktime_get_ts64+0x86/0x230 [ 16.176171] kunit_try_run_case+0x1a5/0x480 [ 16.176196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.176230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.176255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.176277] ? __kthread_parkme+0x82/0x180 [ 16.176299] ? preempt_count_sub+0x50/0x80 [ 16.176333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.176357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.176380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.176403] kthread+0x337/0x6f0 [ 16.176423] ? trace_preempt_on+0x20/0xc0 [ 16.176447] ? __pfx_kthread+0x10/0x10 [ 16.176469] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.176490] ? calculate_sigpending+0x7b/0xa0 [ 16.176514] ? __pfx_kthread+0x10/0x10 [ 16.176536] ret_from_fork+0x116/0x1d0 [ 16.176555] ? __pfx_kthread+0x10/0x10 [ 16.176576] ret_from_fork_asm+0x1a/0x30 [ 16.176607] </TASK> [ 16.176619] [ 16.183925] Allocated by task 302: [ 16.184132] kasan_save_stack+0x45/0x70 [ 16.184370] kasan_save_track+0x18/0x40 [ 16.184506] kasan_save_alloc_info+0x3b/0x50 [ 16.184655] __kasan_kmalloc+0xb7/0xc0 [ 16.184794] __kmalloc_noprof+0x1c9/0x500 [ 16.184935] kunit_kmalloc_array+0x25/0x60 [ 16.185079] copy_user_test_oob+0xab/0x10f0 [ 16.185236] kunit_try_run_case+0x1a5/0x480 [ 16.185443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.185696] kthread+0x337/0x6f0 [ 16.185866] ret_from_fork+0x116/0x1d0 [ 16.186056] ret_from_fork_asm+0x1a/0x30 [ 16.186417] [ 16.186515] The buggy address belongs to the object at ffff888103980f00 [ 16.186515] which belongs to the cache kmalloc-128 of size 128 [ 16.187001] The buggy address is located 0 bytes inside of [ 16.187001] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.187658] [ 16.187760] The buggy address belongs to the physical page: [ 16.188017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.188431] flags: 0x200000000000000(node=0|zone=2) [ 16.188599] page_type: f5(slab) [ 16.188724] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.189076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.189643] page dumped because: kasan: bad access detected [ 16.189870] [ 16.189952] Memory state around the buggy address: [ 16.190145] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.190486] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.190788] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.191073] ^ [ 16.191389] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.191673] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.191956] ================================================================== [ 16.209685] ================================================================== [ 16.210038] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.210394] Read of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.210847] [ 16.210967] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.211014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.211027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.211051] Call Trace: [ 16.211072] <TASK> [ 16.211092] dump_stack_lvl+0x73/0xb0 [ 16.211123] print_report+0xd1/0x650 [ 16.211146] ? __virt_addr_valid+0x1db/0x2d0 [ 16.211170] ? copy_user_test_oob+0x604/0x10f0 [ 16.211193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.211214] ? copy_user_test_oob+0x604/0x10f0 [ 16.211251] kasan_report+0x141/0x180 [ 16.211274] ? copy_user_test_oob+0x604/0x10f0 [ 16.211301] kasan_check_range+0x10c/0x1c0 [ 16.211325] __kasan_check_read+0x15/0x20 [ 16.211343] copy_user_test_oob+0x604/0x10f0 [ 16.211369] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.211391] ? finish_task_switch.isra.0+0x153/0x700 [ 16.211414] ? __switch_to+0x47/0xf50 [ 16.211441] ? __schedule+0x10cc/0x2b60 [ 16.211463] ? __pfx_read_tsc+0x10/0x10 [ 16.211484] ? ktime_get_ts64+0x86/0x230 [ 16.211508] kunit_try_run_case+0x1a5/0x480 [ 16.211534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.211556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.211580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.211603] ? __kthread_parkme+0x82/0x180 [ 16.211624] ? preempt_count_sub+0x50/0x80 [ 16.211647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.211671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.211694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.211717] kthread+0x337/0x6f0 [ 16.211745] ? trace_preempt_on+0x20/0xc0 [ 16.211768] ? __pfx_kthread+0x10/0x10 [ 16.211789] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.211810] ? calculate_sigpending+0x7b/0xa0 [ 16.211835] ? __pfx_kthread+0x10/0x10 [ 16.211856] ret_from_fork+0x116/0x1d0 [ 16.211875] ? __pfx_kthread+0x10/0x10 [ 16.211895] ret_from_fork_asm+0x1a/0x30 [ 16.211927] </TASK> [ 16.211940] [ 16.223337] Allocated by task 302: [ 16.223516] kasan_save_stack+0x45/0x70 [ 16.223682] kasan_save_track+0x18/0x40 [ 16.223828] kasan_save_alloc_info+0x3b/0x50 [ 16.223977] __kasan_kmalloc+0xb7/0xc0 [ 16.224110] __kmalloc_noprof+0x1c9/0x500 [ 16.224426] kunit_kmalloc_array+0x25/0x60 [ 16.227238] copy_user_test_oob+0xab/0x10f0 [ 16.227496] kunit_try_run_case+0x1a5/0x480 [ 16.227699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.227920] kthread+0x337/0x6f0 [ 16.228077] ret_from_fork+0x116/0x1d0 [ 16.228275] ret_from_fork_asm+0x1a/0x30 [ 16.228425] [ 16.228502] The buggy address belongs to the object at ffff888103980f00 [ 16.228502] which belongs to the cache kmalloc-128 of size 128 [ 16.228969] The buggy address is located 0 bytes inside of [ 16.228969] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.229768] [ 16.229850] The buggy address belongs to the physical page: [ 16.230091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.230478] flags: 0x200000000000000(node=0|zone=2) [ 16.230696] page_type: f5(slab) [ 16.230821] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.231123] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.231624] page dumped because: kasan: bad access detected [ 16.231859] [ 16.231932] Memory state around the buggy address: [ 16.232117] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.232504] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.232805] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.233097] ^ [ 16.233402] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.233705] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.233954] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 16.128608] ================================================================== [ 16.129016] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 16.129495] Read of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.129736] [ 16.129862] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.129913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.129926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.129951] Call Trace: [ 16.129972] <TASK> [ 16.129995] dump_stack_lvl+0x73/0xb0 [ 16.130028] print_report+0xd1/0x650 [ 16.130052] ? __virt_addr_valid+0x1db/0x2d0 [ 16.130076] ? _copy_to_user+0x3c/0x70 [ 16.130095] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.130117] ? _copy_to_user+0x3c/0x70 [ 16.130137] kasan_report+0x141/0x180 [ 16.130158] ? _copy_to_user+0x3c/0x70 [ 16.130182] kasan_check_range+0x10c/0x1c0 [ 16.130205] __kasan_check_read+0x15/0x20 [ 16.130239] _copy_to_user+0x3c/0x70 [ 16.130258] copy_user_test_oob+0x364/0x10f0 [ 16.130283] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.130307] ? finish_task_switch.isra.0+0x153/0x700 [ 16.130329] ? __switch_to+0x47/0xf50 [ 16.130354] ? __schedule+0x10cc/0x2b60 [ 16.130391] ? __pfx_read_tsc+0x10/0x10 [ 16.130412] ? ktime_get_ts64+0x86/0x230 [ 16.130436] kunit_try_run_case+0x1a5/0x480 [ 16.130461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.130484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.130508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.130531] ? __kthread_parkme+0x82/0x180 [ 16.130552] ? preempt_count_sub+0x50/0x80 [ 16.130575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.130599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.130622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.130645] kthread+0x337/0x6f0 [ 16.130664] ? trace_preempt_on+0x20/0xc0 [ 16.130689] ? __pfx_kthread+0x10/0x10 [ 16.130709] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.130732] ? calculate_sigpending+0x7b/0xa0 [ 16.130756] ? __pfx_kthread+0x10/0x10 [ 16.130778] ret_from_fork+0x116/0x1d0 [ 16.130797] ? __pfx_kthread+0x10/0x10 [ 16.130818] ret_from_fork_asm+0x1a/0x30 [ 16.130850] </TASK> [ 16.130863] [ 16.140555] Allocated by task 302: [ 16.141022] kasan_save_stack+0x45/0x70 [ 16.141312] kasan_save_track+0x18/0x40 [ 16.141602] kasan_save_alloc_info+0x3b/0x50 [ 16.141902] __kasan_kmalloc+0xb7/0xc0 [ 16.142085] __kmalloc_noprof+0x1c9/0x500 [ 16.142478] kunit_kmalloc_array+0x25/0x60 [ 16.142756] copy_user_test_oob+0xab/0x10f0 [ 16.143051] kunit_try_run_case+0x1a5/0x480 [ 16.143214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.143611] kthread+0x337/0x6f0 [ 16.143866] ret_from_fork+0x116/0x1d0 [ 16.144158] ret_from_fork_asm+0x1a/0x30 [ 16.144415] [ 16.144557] The buggy address belongs to the object at ffff888103980f00 [ 16.144557] which belongs to the cache kmalloc-128 of size 128 [ 16.145566] The buggy address is located 0 bytes inside of [ 16.145566] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.146200] [ 16.146328] The buggy address belongs to the physical page: [ 16.146713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.147091] flags: 0x200000000000000(node=0|zone=2) [ 16.147447] page_type: f5(slab) [ 16.147722] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.148148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.148700] page dumped because: kasan: bad access detected [ 16.149050] [ 16.149133] Memory state around the buggy address: [ 16.149491] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.149887] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.150273] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.150692] ^ [ 16.151083] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.151580] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.151883] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 16.100051] ================================================================== [ 16.100863] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.101278] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.101802] [ 16.101937] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.101994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.102007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.102034] Call Trace: [ 16.102050] <TASK> [ 16.102075] dump_stack_lvl+0x73/0xb0 [ 16.102111] print_report+0xd1/0x650 [ 16.102136] ? __virt_addr_valid+0x1db/0x2d0 [ 16.102163] ? _copy_from_user+0x32/0x90 [ 16.102183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.102206] ? _copy_from_user+0x32/0x90 [ 16.102237] kasan_report+0x141/0x180 [ 16.102278] ? _copy_from_user+0x32/0x90 [ 16.102303] kasan_check_range+0x10c/0x1c0 [ 16.102326] __kasan_check_write+0x18/0x20 [ 16.102347] _copy_from_user+0x32/0x90 [ 16.102366] copy_user_test_oob+0x2be/0x10f0 [ 16.102392] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.102415] ? finish_task_switch.isra.0+0x153/0x700 [ 16.102438] ? __switch_to+0x47/0xf50 [ 16.102464] ? __schedule+0x10cc/0x2b60 [ 16.102488] ? __pfx_read_tsc+0x10/0x10 [ 16.102511] ? ktime_get_ts64+0x86/0x230 [ 16.102537] kunit_try_run_case+0x1a5/0x480 [ 16.102561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.102583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.102608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.102632] ? __kthread_parkme+0x82/0x180 [ 16.102654] ? preempt_count_sub+0x50/0x80 [ 16.102677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.102701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.102724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.102747] kthread+0x337/0x6f0 [ 16.102767] ? trace_preempt_on+0x20/0xc0 [ 16.102792] ? __pfx_kthread+0x10/0x10 [ 16.102813] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.102834] ? calculate_sigpending+0x7b/0xa0 [ 16.102859] ? __pfx_kthread+0x10/0x10 [ 16.102881] ret_from_fork+0x116/0x1d0 [ 16.102900] ? __pfx_kthread+0x10/0x10 [ 16.102921] ret_from_fork_asm+0x1a/0x30 [ 16.102953] </TASK> [ 16.102966] [ 16.113314] Allocated by task 302: [ 16.113586] kasan_save_stack+0x45/0x70 [ 16.113923] kasan_save_track+0x18/0x40 [ 16.114116] kasan_save_alloc_info+0x3b/0x50 [ 16.114562] __kasan_kmalloc+0xb7/0xc0 [ 16.114773] __kmalloc_noprof+0x1c9/0x500 [ 16.115086] kunit_kmalloc_array+0x25/0x60 [ 16.115453] copy_user_test_oob+0xab/0x10f0 [ 16.115656] kunit_try_run_case+0x1a5/0x480 [ 16.115847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.116081] kthread+0x337/0x6f0 [ 16.116249] ret_from_fork+0x116/0x1d0 [ 16.116425] ret_from_fork_asm+0x1a/0x30 [ 16.116607] [ 16.116700] The buggy address belongs to the object at ffff888103980f00 [ 16.116700] which belongs to the cache kmalloc-128 of size 128 [ 16.117194] The buggy address is located 0 bytes inside of [ 16.117194] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.118174] [ 16.118472] The buggy address belongs to the physical page: [ 16.118768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.119383] flags: 0x200000000000000(node=0|zone=2) [ 16.119805] page_type: f5(slab) [ 16.120112] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.120612] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.121255] page dumped because: kasan: bad access detected [ 16.121654] [ 16.121752] Memory state around the buggy address: [ 16.121974] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.122539] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.122974] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.123587] ^ [ 16.123960] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.124430] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.124884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 16.059915] ================================================================== [ 16.060860] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.061571] Write of size 8 at addr ffff888103980e78 by task kunit_try_catch/298 [ 16.062155] [ 16.062419] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.062487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.062501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.062524] Call Trace: [ 16.062546] <TASK> [ 16.062568] dump_stack_lvl+0x73/0xb0 [ 16.062600] print_report+0xd1/0x650 [ 16.062625] ? __virt_addr_valid+0x1db/0x2d0 [ 16.062659] ? copy_to_kernel_nofault+0x99/0x260 [ 16.062683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.062717] ? copy_to_kernel_nofault+0x99/0x260 [ 16.062742] kasan_report+0x141/0x180 [ 16.062764] ? copy_to_kernel_nofault+0x99/0x260 [ 16.062793] kasan_check_range+0x10c/0x1c0 [ 16.062816] __kasan_check_write+0x18/0x20 [ 16.062836] copy_to_kernel_nofault+0x99/0x260 [ 16.062860] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.062885] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.062907] ? finish_task_switch.isra.0+0x153/0x700 [ 16.062930] ? __schedule+0x10cc/0x2b60 [ 16.062952] ? trace_hardirqs_on+0x37/0xe0 [ 16.062983] ? __pfx_read_tsc+0x10/0x10 [ 16.063005] ? ktime_get_ts64+0x86/0x230 [ 16.063029] kunit_try_run_case+0x1a5/0x480 [ 16.063055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.063078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.063101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.063125] ? __kthread_parkme+0x82/0x180 [ 16.063147] ? preempt_count_sub+0x50/0x80 [ 16.063173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.063211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.063244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.063293] kthread+0x337/0x6f0 [ 16.063326] ? trace_preempt_on+0x20/0xc0 [ 16.063347] ? __pfx_kthread+0x10/0x10 [ 16.063368] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.063390] ? calculate_sigpending+0x7b/0xa0 [ 16.063415] ? __pfx_kthread+0x10/0x10 [ 16.063436] ret_from_fork+0x116/0x1d0 [ 16.063455] ? __pfx_kthread+0x10/0x10 [ 16.063476] ret_from_fork_asm+0x1a/0x30 [ 16.063508] </TASK> [ 16.063521] [ 16.073932] Allocated by task 298: [ 16.074617] kasan_save_stack+0x45/0x70 [ 16.074938] kasan_save_track+0x18/0x40 [ 16.075136] kasan_save_alloc_info+0x3b/0x50 [ 16.075765] __kasan_kmalloc+0xb7/0xc0 [ 16.075950] __kmalloc_cache_noprof+0x189/0x420 [ 16.076287] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.076722] kunit_try_run_case+0x1a5/0x480 [ 16.077280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.077739] kthread+0x337/0x6f0 [ 16.077926] ret_from_fork+0x116/0x1d0 [ 16.078504] ret_from_fork_asm+0x1a/0x30 [ 16.078679] [ 16.078781] The buggy address belongs to the object at ffff888103980e00 [ 16.078781] which belongs to the cache kmalloc-128 of size 128 [ 16.079819] The buggy address is located 0 bytes to the right of [ 16.079819] allocated 120-byte region [ffff888103980e00, ffff888103980e78) [ 16.080740] [ 16.080844] The buggy address belongs to the physical page: [ 16.081199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.081892] flags: 0x200000000000000(node=0|zone=2) [ 16.082162] page_type: f5(slab) [ 16.082305] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.082994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.083528] page dumped because: kasan: bad access detected [ 16.083768] [ 16.083866] Memory state around the buggy address: [ 16.084323] ffff888103980d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.084820] ffff888103980d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.085126] >ffff888103980e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.085659] ^ [ 16.085930] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.086509] ffff888103980f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.086930] ================================================================== [ 16.025515] ================================================================== [ 16.026054] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.026975] Read of size 8 at addr ffff888103980e78 by task kunit_try_catch/298 [ 16.027872] [ 16.028071] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.028129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.028143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.028170] Call Trace: [ 16.028350] <TASK> [ 16.028375] dump_stack_lvl+0x73/0xb0 [ 16.028421] print_report+0xd1/0x650 [ 16.028449] ? __virt_addr_valid+0x1db/0x2d0 [ 16.028474] ? copy_to_kernel_nofault+0x225/0x260 [ 16.028500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.028523] ? copy_to_kernel_nofault+0x225/0x260 [ 16.028547] kasan_report+0x141/0x180 [ 16.028569] ? copy_to_kernel_nofault+0x225/0x260 [ 16.028598] __asan_report_load8_noabort+0x18/0x20 [ 16.028622] copy_to_kernel_nofault+0x225/0x260 [ 16.028647] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.028672] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.028695] ? finish_task_switch.isra.0+0x153/0x700 [ 16.028719] ? __schedule+0x10cc/0x2b60 [ 16.028767] ? trace_hardirqs_on+0x37/0xe0 [ 16.028808] ? __pfx_read_tsc+0x10/0x10 [ 16.028830] ? ktime_get_ts64+0x86/0x230 [ 16.028855] kunit_try_run_case+0x1a5/0x480 [ 16.028883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.028905] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.028930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.028954] ? __kthread_parkme+0x82/0x180 [ 16.028976] ? preempt_count_sub+0x50/0x80 [ 16.028999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.029022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.029045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.029069] kthread+0x337/0x6f0 [ 16.029088] ? trace_preempt_on+0x20/0xc0 [ 16.029110] ? __pfx_kthread+0x10/0x10 [ 16.029131] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.029153] ? calculate_sigpending+0x7b/0xa0 [ 16.029178] ? __pfx_kthread+0x10/0x10 [ 16.029212] ret_from_fork+0x116/0x1d0 [ 16.029242] ? __pfx_kthread+0x10/0x10 [ 16.029262] ret_from_fork_asm+0x1a/0x30 [ 16.029294] </TASK> [ 16.029307] [ 16.042880] Allocated by task 298: [ 16.043059] kasan_save_stack+0x45/0x70 [ 16.043241] kasan_save_track+0x18/0x40 [ 16.043986] kasan_save_alloc_info+0x3b/0x50 [ 16.044412] __kasan_kmalloc+0xb7/0xc0 [ 16.044877] __kmalloc_cache_noprof+0x189/0x420 [ 16.045372] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.045875] kunit_try_run_case+0x1a5/0x480 [ 16.046344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.046829] kthread+0x337/0x6f0 [ 16.047151] ret_from_fork+0x116/0x1d0 [ 16.047928] ret_from_fork_asm+0x1a/0x30 [ 16.048414] [ 16.048580] The buggy address belongs to the object at ffff888103980e00 [ 16.048580] which belongs to the cache kmalloc-128 of size 128 [ 16.049685] The buggy address is located 0 bytes to the right of [ 16.049685] allocated 120-byte region [ffff888103980e00, ffff888103980e78) [ 16.050641] [ 16.050782] The buggy address belongs to the physical page: [ 16.051244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.051549] flags: 0x200000000000000(node=0|zone=2) [ 16.051731] page_type: f5(slab) [ 16.051997] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.052912] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.053678] page dumped because: kasan: bad access detected [ 16.054298] [ 16.054457] Memory state around the buggy address: [ 16.055008] ffff888103980d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.055723] ffff888103980d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.056825] >ffff888103980e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.057282] ^ [ 16.057870] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.058738] ffff888103980f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.059269] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 15.377868] ================================================================== [ 15.378134] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 15.378496] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.379035] [ 15.379130] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.379178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.379192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.379228] Call Trace: [ 15.379250] <TASK> [ 15.379271] dump_stack_lvl+0x73/0xb0 [ 15.379302] print_report+0xd1/0x650 [ 15.379326] ? __virt_addr_valid+0x1db/0x2d0 [ 15.379350] ? kasan_atomics_helper+0x1467/0x5450 [ 15.379371] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.379394] ? kasan_atomics_helper+0x1467/0x5450 [ 15.379416] kasan_report+0x141/0x180 [ 15.379438] ? kasan_atomics_helper+0x1467/0x5450 [ 15.379464] kasan_check_range+0x10c/0x1c0 [ 15.379489] __kasan_check_write+0x18/0x20 [ 15.379508] kasan_atomics_helper+0x1467/0x5450 [ 15.379531] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.379554] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.379578] ? ret_from_fork_asm+0x1a/0x30 [ 15.379602] ? kasan_atomics+0x152/0x310 [ 15.379629] kasan_atomics+0x1dc/0x310 [ 15.379652] ? __pfx_kasan_atomics+0x10/0x10 [ 15.379676] ? __pfx_read_tsc+0x10/0x10 [ 15.379699] ? ktime_get_ts64+0x86/0x230 [ 15.379723] kunit_try_run_case+0x1a5/0x480 [ 15.379749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.379771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.379795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.379818] ? __kthread_parkme+0x82/0x180 [ 15.379839] ? preempt_count_sub+0x50/0x80 [ 15.379863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.379886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.379908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.379932] kthread+0x337/0x6f0 [ 15.379952] ? trace_preempt_on+0x20/0xc0 [ 15.379976] ? __pfx_kthread+0x10/0x10 [ 15.380009] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.380032] ? calculate_sigpending+0x7b/0xa0 [ 15.380057] ? __pfx_kthread+0x10/0x10 [ 15.380078] ret_from_fork+0x116/0x1d0 [ 15.380097] ? __pfx_kthread+0x10/0x10 [ 15.380118] ret_from_fork_asm+0x1a/0x30 [ 15.380148] </TASK> [ 15.380160] [ 15.387812] Allocated by task 282: [ 15.388003] kasan_save_stack+0x45/0x70 [ 15.388196] kasan_save_track+0x18/0x40 [ 15.388404] kasan_save_alloc_info+0x3b/0x50 [ 15.388601] __kasan_kmalloc+0xb7/0xc0 [ 15.388745] __kmalloc_cache_noprof+0x189/0x420 [ 15.388912] kasan_atomics+0x95/0x310 [ 15.389045] kunit_try_run_case+0x1a5/0x480 [ 15.389193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.389698] kthread+0x337/0x6f0 [ 15.389879] ret_from_fork+0x116/0x1d0 [ 15.390037] ret_from_fork_asm+0x1a/0x30 [ 15.390181] [ 15.390274] The buggy address belongs to the object at ffff888103991d00 [ 15.390274] which belongs to the cache kmalloc-64 of size 64 [ 15.390817] The buggy address is located 0 bytes to the right of [ 15.390817] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.391197] [ 15.391281] The buggy address belongs to the physical page: [ 15.391457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.391702] flags: 0x200000000000000(node=0|zone=2) [ 15.391920] page_type: f5(slab) [ 15.392089] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.392435] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.392978] page dumped because: kasan: bad access detected [ 15.393375] [ 15.393571] Memory state around the buggy address: [ 15.393799] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.394024] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.394255] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.394586] ^ [ 15.394814] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.395121] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.395568] ================================================================== [ 15.396120] ================================================================== [ 15.396495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 15.397033] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.397381] [ 15.397521] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.397575] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.397589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.397613] Call Trace: [ 15.397639] <TASK> [ 15.397661] dump_stack_lvl+0x73/0xb0 [ 15.397692] print_report+0xd1/0x650 [ 15.397718] ? __virt_addr_valid+0x1db/0x2d0 [ 15.397742] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.397764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.397786] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.397809] kasan_report+0x141/0x180 [ 15.397831] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.397857] __asan_report_store8_noabort+0x1b/0x30 [ 15.397878] kasan_atomics_helper+0x50d4/0x5450 [ 15.397901] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.397922] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.397948] ? ret_from_fork_asm+0x1a/0x30 [ 15.397971] ? kasan_atomics+0x152/0x310 [ 15.397997] kasan_atomics+0x1dc/0x310 [ 15.398021] ? __pfx_kasan_atomics+0x10/0x10 [ 15.398045] ? __pfx_read_tsc+0x10/0x10 [ 15.398066] ? ktime_get_ts64+0x86/0x230 [ 15.398091] kunit_try_run_case+0x1a5/0x480 [ 15.398116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.398139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.398162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.398185] ? __kthread_parkme+0x82/0x180 [ 15.398207] ? preempt_count_sub+0x50/0x80 [ 15.398243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.398279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.398303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.398326] kthread+0x337/0x6f0 [ 15.398346] ? trace_preempt_on+0x20/0xc0 [ 15.398370] ? __pfx_kthread+0x10/0x10 [ 15.398390] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.398411] ? calculate_sigpending+0x7b/0xa0 [ 15.398436] ? __pfx_kthread+0x10/0x10 [ 15.398458] ret_from_fork+0x116/0x1d0 [ 15.398476] ? __pfx_kthread+0x10/0x10 [ 15.398497] ret_from_fork_asm+0x1a/0x30 [ 15.398527] </TASK> [ 15.398540] [ 15.406132] Allocated by task 282: [ 15.406398] kasan_save_stack+0x45/0x70 [ 15.406556] kasan_save_track+0x18/0x40 [ 15.406691] kasan_save_alloc_info+0x3b/0x50 [ 15.406839] __kasan_kmalloc+0xb7/0xc0 [ 15.407017] __kmalloc_cache_noprof+0x189/0x420 [ 15.407250] kasan_atomics+0x95/0x310 [ 15.407441] kunit_try_run_case+0x1a5/0x480 [ 15.407663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.407913] kthread+0x337/0x6f0 [ 15.408086] ret_from_fork+0x116/0x1d0 [ 15.408270] ret_from_fork_asm+0x1a/0x30 [ 15.408441] [ 15.408522] The buggy address belongs to the object at ffff888103991d00 [ 15.408522] which belongs to the cache kmalloc-64 of size 64 [ 15.408991] The buggy address is located 0 bytes to the right of [ 15.408991] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.409514] [ 15.409616] The buggy address belongs to the physical page: [ 15.409863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.410170] flags: 0x200000000000000(node=0|zone=2) [ 15.410396] page_type: f5(slab) [ 15.410558] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.410875] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.411162] page dumped because: kasan: bad access detected [ 15.411485] [ 15.411558] Memory state around the buggy address: [ 15.411765] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.412026] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.412255] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.412590] ^ [ 15.412820] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.413079] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.413474] ================================================================== [ 15.937711] ================================================================== [ 15.937963] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.938212] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.938768] [ 15.938885] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.938932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.938944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.938968] Call Trace: [ 15.938988] <TASK> [ 15.939009] dump_stack_lvl+0x73/0xb0 [ 15.939039] print_report+0xd1/0x650 [ 15.939067] ? __virt_addr_valid+0x1db/0x2d0 [ 15.939091] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.939113] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.939135] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.939157] kasan_report+0x141/0x180 [ 15.939180] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.939247] __asan_report_load8_noabort+0x18/0x20 [ 15.939286] kasan_atomics_helper+0x4fa5/0x5450 [ 15.939322] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.939346] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.939370] ? ret_from_fork_asm+0x1a/0x30 [ 15.939394] ? kasan_atomics+0x152/0x310 [ 15.939421] kasan_atomics+0x1dc/0x310 [ 15.939444] ? __pfx_kasan_atomics+0x10/0x10 [ 15.939469] ? __pfx_read_tsc+0x10/0x10 [ 15.939490] ? ktime_get_ts64+0x86/0x230 [ 15.939515] kunit_try_run_case+0x1a5/0x480 [ 15.939540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.939563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.939589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.939612] ? __kthread_parkme+0x82/0x180 [ 15.939634] ? preempt_count_sub+0x50/0x80 [ 15.939658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.939691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.939715] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.939748] kthread+0x337/0x6f0 [ 15.939768] ? trace_preempt_on+0x20/0xc0 [ 15.939793] ? __pfx_kthread+0x10/0x10 [ 15.939813] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.939834] ? calculate_sigpending+0x7b/0xa0 [ 15.939859] ? __pfx_kthread+0x10/0x10 [ 15.939881] ret_from_fork+0x116/0x1d0 [ 15.939900] ? __pfx_kthread+0x10/0x10 [ 15.939921] ret_from_fork_asm+0x1a/0x30 [ 15.939952] </TASK> [ 15.939964] [ 15.948231] Allocated by task 282: [ 15.948464] kasan_save_stack+0x45/0x70 [ 15.948684] kasan_save_track+0x18/0x40 [ 15.948912] kasan_save_alloc_info+0x3b/0x50 [ 15.949122] __kasan_kmalloc+0xb7/0xc0 [ 15.949370] __kmalloc_cache_noprof+0x189/0x420 [ 15.949576] kasan_atomics+0x95/0x310 [ 15.949808] kunit_try_run_case+0x1a5/0x480 [ 15.949985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.950266] kthread+0x337/0x6f0 [ 15.950488] ret_from_fork+0x116/0x1d0 [ 15.950653] ret_from_fork_asm+0x1a/0x30 [ 15.950821] [ 15.950906] The buggy address belongs to the object at ffff888103991d00 [ 15.950906] which belongs to the cache kmalloc-64 of size 64 [ 15.951426] The buggy address is located 0 bytes to the right of [ 15.951426] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.951985] [ 15.952084] The buggy address belongs to the physical page: [ 15.952799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.953058] flags: 0x200000000000000(node=0|zone=2) [ 15.953237] page_type: f5(slab) [ 15.953361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.953586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.955970] page dumped because: kasan: bad access detected [ 15.956289] [ 15.956445] Memory state around the buggy address: [ 15.956681] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.957017] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.957370] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.957589] ^ [ 15.957749] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.958076] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.958356] ================================================================== [ 15.148454] ================================================================== [ 15.148751] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 15.149079] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.149599] [ 15.149733] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.149784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.149797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.149822] Call Trace: [ 15.149844] <TASK> [ 15.149865] dump_stack_lvl+0x73/0xb0 [ 15.149902] print_report+0xd1/0x650 [ 15.149926] ? __virt_addr_valid+0x1db/0x2d0 [ 15.149949] ? kasan_atomics_helper+0x1079/0x5450 [ 15.149972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.149995] ? kasan_atomics_helper+0x1079/0x5450 [ 15.150017] kasan_report+0x141/0x180 [ 15.150040] ? kasan_atomics_helper+0x1079/0x5450 [ 15.150067] kasan_check_range+0x10c/0x1c0 [ 15.150092] __kasan_check_write+0x18/0x20 [ 15.150111] kasan_atomics_helper+0x1079/0x5450 [ 15.150134] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.150157] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.150182] ? ret_from_fork_asm+0x1a/0x30 [ 15.150205] ? kasan_atomics+0x152/0x310 [ 15.150244] kasan_atomics+0x1dc/0x310 [ 15.150288] ? __pfx_kasan_atomics+0x10/0x10 [ 15.150314] ? __pfx_read_tsc+0x10/0x10 [ 15.150336] ? ktime_get_ts64+0x86/0x230 [ 15.150362] kunit_try_run_case+0x1a5/0x480 [ 15.150387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.150411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.150435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.150458] ? __kthread_parkme+0x82/0x180 [ 15.150481] ? preempt_count_sub+0x50/0x80 [ 15.150505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.150529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.150552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.150575] kthread+0x337/0x6f0 [ 15.150596] ? trace_preempt_on+0x20/0xc0 [ 15.150620] ? __pfx_kthread+0x10/0x10 [ 15.150641] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.150663] ? calculate_sigpending+0x7b/0xa0 [ 15.150688] ? __pfx_kthread+0x10/0x10 [ 15.150710] ret_from_fork+0x116/0x1d0 [ 15.150729] ? __pfx_kthread+0x10/0x10 [ 15.150751] ret_from_fork_asm+0x1a/0x30 [ 15.150781] </TASK> [ 15.150794] [ 15.160534] Allocated by task 282: [ 15.160748] kasan_save_stack+0x45/0x70 [ 15.160969] kasan_save_track+0x18/0x40 [ 15.161154] kasan_save_alloc_info+0x3b/0x50 [ 15.161763] __kasan_kmalloc+0xb7/0xc0 [ 15.162016] __kmalloc_cache_noprof+0x189/0x420 [ 15.162449] kasan_atomics+0x95/0x310 [ 15.162760] kunit_try_run_case+0x1a5/0x480 [ 15.163158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.163612] kthread+0x337/0x6f0 [ 15.163795] ret_from_fork+0x116/0x1d0 [ 15.163970] ret_from_fork_asm+0x1a/0x30 [ 15.164151] [ 15.164253] The buggy address belongs to the object at ffff888103991d00 [ 15.164253] which belongs to the cache kmalloc-64 of size 64 [ 15.164743] The buggy address is located 0 bytes to the right of [ 15.164743] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.167288] [ 15.167480] The buggy address belongs to the physical page: [ 15.167990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.168552] flags: 0x200000000000000(node=0|zone=2) [ 15.169644] page_type: f5(slab) [ 15.169793] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.170034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.170289] page dumped because: kasan: bad access detected [ 15.170467] [ 15.170540] Memory state around the buggy address: [ 15.170705] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.170923] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.171141] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.171924] ^ [ 15.173043] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.173700] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.174591] ================================================================== [ 14.493375] ================================================================== [ 14.493713] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 14.494091] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.494505] [ 14.494621] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.494671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.494706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.494729] Call Trace: [ 14.494744] <TASK> [ 14.494763] dump_stack_lvl+0x73/0xb0 [ 14.494793] print_report+0xd1/0x650 [ 14.494817] ? __virt_addr_valid+0x1db/0x2d0 [ 14.494839] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.494861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.494883] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.494905] kasan_report+0x141/0x180 [ 14.494927] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.494951] __asan_report_store4_noabort+0x1b/0x30 [ 14.494971] kasan_atomics_helper+0x4ba2/0x5450 [ 14.494992] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.495014] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.495037] ? ret_from_fork_asm+0x1a/0x30 [ 14.495057] ? kasan_atomics+0x152/0x310 [ 14.495239] kasan_atomics+0x1dc/0x310 [ 14.495270] ? __pfx_kasan_atomics+0x10/0x10 [ 14.495390] ? __pfx_read_tsc+0x10/0x10 [ 14.495419] ? ktime_get_ts64+0x86/0x230 [ 14.495445] kunit_try_run_case+0x1a5/0x480 [ 14.495471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.495516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.495538] ? __kthread_parkme+0x82/0x180 [ 14.495558] ? preempt_count_sub+0x50/0x80 [ 14.495582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.495606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.495627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.495650] kthread+0x337/0x6f0 [ 14.495668] ? trace_preempt_on+0x20/0xc0 [ 14.495691] ? __pfx_kthread+0x10/0x10 [ 14.495711] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.495731] ? calculate_sigpending+0x7b/0xa0 [ 14.495756] ? __pfx_kthread+0x10/0x10 [ 14.495776] ret_from_fork+0x116/0x1d0 [ 14.495794] ? __pfx_kthread+0x10/0x10 [ 14.495814] ret_from_fork_asm+0x1a/0x30 [ 14.495842] </TASK> [ 14.495854] [ 14.508048] Allocated by task 282: [ 14.508447] kasan_save_stack+0x45/0x70 [ 14.508911] kasan_save_track+0x18/0x40 [ 14.509117] kasan_save_alloc_info+0x3b/0x50 [ 14.509538] __kasan_kmalloc+0xb7/0xc0 [ 14.509989] __kmalloc_cache_noprof+0x189/0x420 [ 14.510514] kasan_atomics+0x95/0x310 [ 14.510683] kunit_try_run_case+0x1a5/0x480 [ 14.510895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.511129] kthread+0x337/0x6f0 [ 14.511634] ret_from_fork+0x116/0x1d0 [ 14.511915] ret_from_fork_asm+0x1a/0x30 [ 14.512363] [ 14.512615] The buggy address belongs to the object at ffff888103991d00 [ 14.512615] which belongs to the cache kmalloc-64 of size 64 [ 14.513397] The buggy address is located 0 bytes to the right of [ 14.513397] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.514413] [ 14.514526] The buggy address belongs to the physical page: [ 14.514763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.515083] flags: 0x200000000000000(node=0|zone=2) [ 14.515742] page_type: f5(slab) [ 14.516041] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.516574] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.517119] page dumped because: kasan: bad access detected [ 14.517670] [ 14.517916] Memory state around the buggy address: [ 14.518152] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.518879] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.519183] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.519684] ^ [ 14.519908] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.520439] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.520703] ================================================================== [ 15.548333] ================================================================== [ 15.548962] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 15.549595] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.550160] [ 15.550452] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.550512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.550527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.550594] Call Trace: [ 15.550619] <TASK> [ 15.550642] dump_stack_lvl+0x73/0xb0 [ 15.550679] print_report+0xd1/0x650 [ 15.550704] ? __virt_addr_valid+0x1db/0x2d0 [ 15.550728] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.550750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.550774] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.550796] kasan_report+0x141/0x180 [ 15.550817] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.550843] kasan_check_range+0x10c/0x1c0 [ 15.550867] __kasan_check_write+0x18/0x20 [ 15.550887] kasan_atomics_helper+0x18b1/0x5450 [ 15.550910] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.550933] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.550958] ? ret_from_fork_asm+0x1a/0x30 [ 15.550981] ? kasan_atomics+0x152/0x310 [ 15.551008] kasan_atomics+0x1dc/0x310 [ 15.551031] ? __pfx_kasan_atomics+0x10/0x10 [ 15.551056] ? __pfx_read_tsc+0x10/0x10 [ 15.551078] ? ktime_get_ts64+0x86/0x230 [ 15.551102] kunit_try_run_case+0x1a5/0x480 [ 15.551128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.551150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.551174] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.551197] ? __kthread_parkme+0x82/0x180 [ 15.551229] ? preempt_count_sub+0x50/0x80 [ 15.551253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.551277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.551301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.551324] kthread+0x337/0x6f0 [ 15.551344] ? trace_preempt_on+0x20/0xc0 [ 15.551369] ? __pfx_kthread+0x10/0x10 [ 15.551390] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.551411] ? calculate_sigpending+0x7b/0xa0 [ 15.551437] ? __pfx_kthread+0x10/0x10 [ 15.551459] ret_from_fork+0x116/0x1d0 [ 15.551478] ? __pfx_kthread+0x10/0x10 [ 15.551499] ret_from_fork_asm+0x1a/0x30 [ 15.551529] </TASK> [ 15.551542] [ 15.559194] Allocated by task 282: [ 15.559462] kasan_save_stack+0x45/0x70 [ 15.559701] kasan_save_track+0x18/0x40 [ 15.559873] kasan_save_alloc_info+0x3b/0x50 [ 15.560067] __kasan_kmalloc+0xb7/0xc0 [ 15.560320] __kmalloc_cache_noprof+0x189/0x420 [ 15.560523] kasan_atomics+0x95/0x310 [ 15.560659] kunit_try_run_case+0x1a5/0x480 [ 15.560878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.561163] kthread+0x337/0x6f0 [ 15.561382] ret_from_fork+0x116/0x1d0 [ 15.561553] ret_from_fork_asm+0x1a/0x30 [ 15.561757] [ 15.561858] The buggy address belongs to the object at ffff888103991d00 [ 15.561858] which belongs to the cache kmalloc-64 of size 64 [ 15.562448] The buggy address is located 0 bytes to the right of [ 15.562448] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.562823] [ 15.562900] The buggy address belongs to the physical page: [ 15.563097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.563526] flags: 0x200000000000000(node=0|zone=2) [ 15.564003] page_type: f5(slab) [ 15.564175] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.564511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.564804] page dumped because: kasan: bad access detected [ 15.564978] [ 15.565050] Memory state around the buggy address: [ 15.565211] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.565537] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.565889] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.566213] ^ [ 15.566502] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.566855] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.567144] ================================================================== [ 15.764901] ================================================================== [ 15.765356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.765659] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.765889] [ 15.765979] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.766027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.766041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.766065] Call Trace: [ 15.766086] <TASK> [ 15.766107] dump_stack_lvl+0x73/0xb0 [ 15.766137] print_report+0xd1/0x650 [ 15.766160] ? __virt_addr_valid+0x1db/0x2d0 [ 15.766184] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.766206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.766241] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.766271] kasan_report+0x141/0x180 [ 15.766293] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.766319] kasan_check_range+0x10c/0x1c0 [ 15.766342] __kasan_check_write+0x18/0x20 [ 15.766361] kasan_atomics_helper+0x1eaa/0x5450 [ 15.766384] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.766406] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.766430] ? ret_from_fork_asm+0x1a/0x30 [ 15.766453] ? kasan_atomics+0x152/0x310 [ 15.766480] kasan_atomics+0x1dc/0x310 [ 15.766503] ? __pfx_kasan_atomics+0x10/0x10 [ 15.766527] ? __pfx_read_tsc+0x10/0x10 [ 15.766549] ? ktime_get_ts64+0x86/0x230 [ 15.766574] kunit_try_run_case+0x1a5/0x480 [ 15.766599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.766621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.766645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.766668] ? __kthread_parkme+0x82/0x180 [ 15.766689] ? preempt_count_sub+0x50/0x80 [ 15.766713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.766737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.766760] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.766783] kthread+0x337/0x6f0 [ 15.766803] ? trace_preempt_on+0x20/0xc0 [ 15.766827] ? __pfx_kthread+0x10/0x10 [ 15.766848] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.766869] ? calculate_sigpending+0x7b/0xa0 [ 15.766894] ? __pfx_kthread+0x10/0x10 [ 15.766916] ret_from_fork+0x116/0x1d0 [ 15.766935] ? __pfx_kthread+0x10/0x10 [ 15.766956] ret_from_fork_asm+0x1a/0x30 [ 15.766988] </TASK> [ 15.767000] [ 15.775002] Allocated by task 282: [ 15.775193] kasan_save_stack+0x45/0x70 [ 15.775483] kasan_save_track+0x18/0x40 [ 15.775653] kasan_save_alloc_info+0x3b/0x50 [ 15.775856] __kasan_kmalloc+0xb7/0xc0 [ 15.775988] __kmalloc_cache_noprof+0x189/0x420 [ 15.776146] kasan_atomics+0x95/0x310 [ 15.777133] kunit_try_run_case+0x1a5/0x480 [ 15.777820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.778527] kthread+0x337/0x6f0 [ 15.778976] ret_from_fork+0x116/0x1d0 [ 15.779428] ret_from_fork_asm+0x1a/0x30 [ 15.779582] [ 15.779659] The buggy address belongs to the object at ffff888103991d00 [ 15.779659] which belongs to the cache kmalloc-64 of size 64 [ 15.780016] The buggy address is located 0 bytes to the right of [ 15.780016] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.780445] [ 15.780550] The buggy address belongs to the physical page: [ 15.780776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.781112] flags: 0x200000000000000(node=0|zone=2) [ 15.781292] page_type: f5(slab) [ 15.781463] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.781819] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.782098] page dumped because: kasan: bad access detected [ 15.782381] [ 15.782479] Memory state around the buggy address: [ 15.782713] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.782993] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.783291] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.783565] ^ [ 15.783773] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.784049] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.784280] ================================================================== [ 15.980724] ================================================================== [ 15.981308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.981621] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.981919] [ 15.982039] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.982088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.982101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.982126] Call Trace: [ 15.982149] <TASK> [ 15.982171] dump_stack_lvl+0x73/0xb0 [ 15.982202] print_report+0xd1/0x650 [ 15.982238] ? __virt_addr_valid+0x1db/0x2d0 [ 15.982263] ? kasan_atomics_helper+0x5115/0x5450 [ 15.982284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.982307] ? kasan_atomics_helper+0x5115/0x5450 [ 15.982329] kasan_report+0x141/0x180 [ 15.982350] ? kasan_atomics_helper+0x5115/0x5450 [ 15.982377] __asan_report_load8_noabort+0x18/0x20 [ 15.982403] kasan_atomics_helper+0x5115/0x5450 [ 15.982426] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.982449] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.982475] ? ret_from_fork_asm+0x1a/0x30 [ 15.982497] ? kasan_atomics+0x152/0x310 [ 15.982524] kasan_atomics+0x1dc/0x310 [ 15.982547] ? __pfx_kasan_atomics+0x10/0x10 [ 15.982570] ? __pfx_read_tsc+0x10/0x10 [ 15.982592] ? ktime_get_ts64+0x86/0x230 [ 15.982616] kunit_try_run_case+0x1a5/0x480 [ 15.982642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.982664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.982688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.982711] ? __kthread_parkme+0x82/0x180 [ 15.982732] ? preempt_count_sub+0x50/0x80 [ 15.982770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.982796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.982820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.982843] kthread+0x337/0x6f0 [ 15.982864] ? trace_preempt_on+0x20/0xc0 [ 15.982887] ? __pfx_kthread+0x10/0x10 [ 15.982907] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.982929] ? calculate_sigpending+0x7b/0xa0 [ 15.982954] ? __pfx_kthread+0x10/0x10 [ 15.982979] ret_from_fork+0x116/0x1d0 [ 15.982999] ? __pfx_kthread+0x10/0x10 [ 15.983020] ret_from_fork_asm+0x1a/0x30 [ 15.983051] </TASK> [ 15.983064] [ 15.990773] Allocated by task 282: [ 15.990955] kasan_save_stack+0x45/0x70 [ 15.991168] kasan_save_track+0x18/0x40 [ 15.991316] kasan_save_alloc_info+0x3b/0x50 [ 15.991714] __kasan_kmalloc+0xb7/0xc0 [ 15.991883] __kmalloc_cache_noprof+0x189/0x420 [ 15.992063] kasan_atomics+0x95/0x310 [ 15.992199] kunit_try_run_case+0x1a5/0x480 [ 15.992614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.992858] kthread+0x337/0x6f0 [ 15.992983] ret_from_fork+0x116/0x1d0 [ 15.993118] ret_from_fork_asm+0x1a/0x30 [ 15.993272] [ 15.993345] The buggy address belongs to the object at ffff888103991d00 [ 15.993345] which belongs to the cache kmalloc-64 of size 64 [ 15.993701] The buggy address is located 0 bytes to the right of [ 15.993701] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.994173] [ 15.994280] The buggy address belongs to the physical page: [ 15.994546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.994901] flags: 0x200000000000000(node=0|zone=2) [ 15.995138] page_type: f5(slab) [ 15.995361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.995702] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.996033] page dumped because: kasan: bad access detected [ 15.996264] [ 15.996359] Memory state around the buggy address: [ 15.996544] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.996763] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.996990] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.997393] ^ [ 15.997622] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.997943] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.998237] ================================================================== [ 14.881234] ================================================================== [ 14.881549] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.881905] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.882693] [ 14.882821] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.883286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.883307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.883332] Call Trace: [ 14.883356] <TASK> [ 14.883380] dump_stack_lvl+0x73/0xb0 [ 14.883422] print_report+0xd1/0x650 [ 14.883448] ? __virt_addr_valid+0x1db/0x2d0 [ 14.883473] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.883495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.883517] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.883540] kasan_report+0x141/0x180 [ 14.883562] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.883588] kasan_check_range+0x10c/0x1c0 [ 14.883613] __kasan_check_write+0x18/0x20 [ 14.883633] kasan_atomics_helper+0xa2b/0x5450 [ 14.883655] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.883678] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.883702] ? ret_from_fork_asm+0x1a/0x30 [ 14.883726] ? kasan_atomics+0x152/0x310 [ 14.883753] kasan_atomics+0x1dc/0x310 [ 14.883776] ? __pfx_kasan_atomics+0x10/0x10 [ 14.883799] ? __pfx_read_tsc+0x10/0x10 [ 14.883821] ? ktime_get_ts64+0x86/0x230 [ 14.883846] kunit_try_run_case+0x1a5/0x480 [ 14.883872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.883894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.883919] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.883941] ? __kthread_parkme+0x82/0x180 [ 14.883963] ? preempt_count_sub+0x50/0x80 [ 14.883987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.884011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.884035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.884058] kthread+0x337/0x6f0 [ 14.884077] ? trace_preempt_on+0x20/0xc0 [ 14.884104] ? __pfx_kthread+0x10/0x10 [ 14.884125] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.884147] ? calculate_sigpending+0x7b/0xa0 [ 14.884171] ? __pfx_kthread+0x10/0x10 [ 14.884193] ret_from_fork+0x116/0x1d0 [ 14.884214] ? __pfx_kthread+0x10/0x10 [ 14.884246] ret_from_fork_asm+0x1a/0x30 [ 14.884277] </TASK> [ 14.884290] [ 14.895404] Allocated by task 282: [ 14.895642] kasan_save_stack+0x45/0x70 [ 14.896142] kasan_save_track+0x18/0x40 [ 14.896504] kasan_save_alloc_info+0x3b/0x50 [ 14.896704] __kasan_kmalloc+0xb7/0xc0 [ 14.896851] __kmalloc_cache_noprof+0x189/0x420 [ 14.897010] kasan_atomics+0x95/0x310 [ 14.897212] kunit_try_run_case+0x1a5/0x480 [ 14.897650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.898236] kthread+0x337/0x6f0 [ 14.898507] ret_from_fork+0x116/0x1d0 [ 14.898711] ret_from_fork_asm+0x1a/0x30 [ 14.898933] [ 14.899266] The buggy address belongs to the object at ffff888103991d00 [ 14.899266] which belongs to the cache kmalloc-64 of size 64 [ 14.899955] The buggy address is located 0 bytes to the right of [ 14.899955] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.900718] [ 14.900813] The buggy address belongs to the physical page: [ 14.901053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.901493] flags: 0x200000000000000(node=0|zone=2) [ 14.901741] page_type: f5(slab) [ 14.901912] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.902283] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.902516] page dumped because: kasan: bad access detected [ 14.903770] [ 14.903897] Memory state around the buggy address: [ 14.904114] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.904367] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.905640] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.905889] ^ [ 14.906054] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.906295] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.906510] ================================================================== [ 15.747024] ================================================================== [ 15.747297] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.747800] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.748239] [ 15.748370] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.748420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.748434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.748458] Call Trace: [ 15.748479] <TASK> [ 15.748501] dump_stack_lvl+0x73/0xb0 [ 15.748531] print_report+0xd1/0x650 [ 15.748554] ? __virt_addr_valid+0x1db/0x2d0 [ 15.748577] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.748601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.748624] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.748646] kasan_report+0x141/0x180 [ 15.748668] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.748694] kasan_check_range+0x10c/0x1c0 [ 15.748718] __kasan_check_write+0x18/0x20 [ 15.748737] kasan_atomics_helper+0x1e12/0x5450 [ 15.748760] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.748783] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.748817] ? ret_from_fork_asm+0x1a/0x30 [ 15.748839] ? kasan_atomics+0x152/0x310 [ 15.748866] kasan_atomics+0x1dc/0x310 [ 15.748889] ? __pfx_kasan_atomics+0x10/0x10 [ 15.748914] ? __pfx_read_tsc+0x10/0x10 [ 15.748936] ? ktime_get_ts64+0x86/0x230 [ 15.748961] kunit_try_run_case+0x1a5/0x480 [ 15.748987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.749009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.749033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.749057] ? __kthread_parkme+0x82/0x180 [ 15.749079] ? preempt_count_sub+0x50/0x80 [ 15.749103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.749127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.749150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.749173] kthread+0x337/0x6f0 [ 15.749193] ? trace_preempt_on+0x20/0xc0 [ 15.749228] ? __pfx_kthread+0x10/0x10 [ 15.749249] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.749271] ? calculate_sigpending+0x7b/0xa0 [ 15.749306] ? __pfx_kthread+0x10/0x10 [ 15.749328] ret_from_fork+0x116/0x1d0 [ 15.749346] ? __pfx_kthread+0x10/0x10 [ 15.749367] ret_from_fork_asm+0x1a/0x30 [ 15.749398] </TASK> [ 15.749409] [ 15.756723] Allocated by task 282: [ 15.756930] kasan_save_stack+0x45/0x70 [ 15.757140] kasan_save_track+0x18/0x40 [ 15.757342] kasan_save_alloc_info+0x3b/0x50 [ 15.757527] __kasan_kmalloc+0xb7/0xc0 [ 15.757661] __kmalloc_cache_noprof+0x189/0x420 [ 15.757816] kasan_atomics+0x95/0x310 [ 15.758023] kunit_try_run_case+0x1a5/0x480 [ 15.758246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.758525] kthread+0x337/0x6f0 [ 15.758704] ret_from_fork+0x116/0x1d0 [ 15.758847] ret_from_fork_asm+0x1a/0x30 [ 15.758988] [ 15.759061] The buggy address belongs to the object at ffff888103991d00 [ 15.759061] which belongs to the cache kmalloc-64 of size 64 [ 15.759598] The buggy address is located 0 bytes to the right of [ 15.759598] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.760147] [ 15.760258] The buggy address belongs to the physical page: [ 15.760478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.760722] flags: 0x200000000000000(node=0|zone=2) [ 15.760896] page_type: f5(slab) [ 15.761074] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.761593] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.761941] page dumped because: kasan: bad access detected [ 15.762216] [ 15.762358] Memory state around the buggy address: [ 15.762559] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.762809] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.763027] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.763331] ^ [ 15.763560] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.763992] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.764215] ================================================================== [ 15.464805] ================================================================== [ 15.465176] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 15.466061] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.466440] [ 15.466578] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.466630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.466644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.466669] Call Trace: [ 15.466691] <TASK> [ 15.466713] dump_stack_lvl+0x73/0xb0 [ 15.466745] print_report+0xd1/0x650 [ 15.466769] ? __virt_addr_valid+0x1db/0x2d0 [ 15.466794] ? kasan_atomics_helper+0x164f/0x5450 [ 15.466816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.466839] ? kasan_atomics_helper+0x164f/0x5450 [ 15.466861] kasan_report+0x141/0x180 [ 15.466884] ? kasan_atomics_helper+0x164f/0x5450 [ 15.466911] kasan_check_range+0x10c/0x1c0 [ 15.466934] __kasan_check_write+0x18/0x20 [ 15.466954] kasan_atomics_helper+0x164f/0x5450 [ 15.466977] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.466999] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.467024] ? ret_from_fork_asm+0x1a/0x30 [ 15.467047] ? kasan_atomics+0x152/0x310 [ 15.467073] kasan_atomics+0x1dc/0x310 [ 15.467096] ? __pfx_kasan_atomics+0x10/0x10 [ 15.467121] ? __pfx_read_tsc+0x10/0x10 [ 15.467143] ? ktime_get_ts64+0x86/0x230 [ 15.467169] kunit_try_run_case+0x1a5/0x480 [ 15.467194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467227] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.467251] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.467275] ? __kthread_parkme+0x82/0x180 [ 15.467297] ? preempt_count_sub+0x50/0x80 [ 15.467321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.467377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.467401] kthread+0x337/0x6f0 [ 15.467421] ? trace_preempt_on+0x20/0xc0 [ 15.467444] ? __pfx_kthread+0x10/0x10 [ 15.467465] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.467486] ? calculate_sigpending+0x7b/0xa0 [ 15.467509] ? __pfx_kthread+0x10/0x10 [ 15.467532] ret_from_fork+0x116/0x1d0 [ 15.467550] ? __pfx_kthread+0x10/0x10 [ 15.467571] ret_from_fork_asm+0x1a/0x30 [ 15.467601] </TASK> [ 15.467614] [ 15.475042] Allocated by task 282: [ 15.475257] kasan_save_stack+0x45/0x70 [ 15.475468] kasan_save_track+0x18/0x40 [ 15.475659] kasan_save_alloc_info+0x3b/0x50 [ 15.475937] __kasan_kmalloc+0xb7/0xc0 [ 15.476087] __kmalloc_cache_noprof+0x189/0x420 [ 15.476254] kasan_atomics+0x95/0x310 [ 15.476446] kunit_try_run_case+0x1a5/0x480 [ 15.476661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.476909] kthread+0x337/0x6f0 [ 15.477044] ret_from_fork+0x116/0x1d0 [ 15.477177] ret_from_fork_asm+0x1a/0x30 [ 15.477511] [ 15.477613] The buggy address belongs to the object at ffff888103991d00 [ 15.477613] which belongs to the cache kmalloc-64 of size 64 [ 15.478055] The buggy address is located 0 bytes to the right of [ 15.478055] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.478441] [ 15.478520] The buggy address belongs to the physical page: [ 15.478942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.479356] flags: 0x200000000000000(node=0|zone=2) [ 15.479593] page_type: f5(slab) [ 15.479764] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.480104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.480494] page dumped because: kasan: bad access detected [ 15.480721] [ 15.480820] Memory state around the buggy address: [ 15.480999] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.481229] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.481477] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.481813] ^ [ 15.482039] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.482388] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.482725] ================================================================== [ 15.502807] ================================================================== [ 15.503333] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 15.503681] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.503993] [ 15.504141] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.504193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.504207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.504240] Call Trace: [ 15.504288] <TASK> [ 15.504311] dump_stack_lvl+0x73/0xb0 [ 15.504354] print_report+0xd1/0x650 [ 15.504379] ? __virt_addr_valid+0x1db/0x2d0 [ 15.504404] ? kasan_atomics_helper+0x177f/0x5450 [ 15.504426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.504459] ? kasan_atomics_helper+0x177f/0x5450 [ 15.504482] kasan_report+0x141/0x180 [ 15.504505] ? kasan_atomics_helper+0x177f/0x5450 [ 15.504542] kasan_check_range+0x10c/0x1c0 [ 15.504566] __kasan_check_write+0x18/0x20 [ 15.504585] kasan_atomics_helper+0x177f/0x5450 [ 15.504617] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.504640] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.504666] ? ret_from_fork_asm+0x1a/0x30 [ 15.504700] ? kasan_atomics+0x152/0x310 [ 15.504729] kasan_atomics+0x1dc/0x310 [ 15.504751] ? __pfx_kasan_atomics+0x10/0x10 [ 15.504777] ? __pfx_read_tsc+0x10/0x10 [ 15.504807] ? ktime_get_ts64+0x86/0x230 [ 15.504833] kunit_try_run_case+0x1a5/0x480 [ 15.504859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.504883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.504908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.504931] ? __kthread_parkme+0x82/0x180 [ 15.504953] ? preempt_count_sub+0x50/0x80 [ 15.504977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.505001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.505025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.505049] kthread+0x337/0x6f0 [ 15.505070] ? trace_preempt_on+0x20/0xc0 [ 15.505094] ? __pfx_kthread+0x10/0x10 [ 15.505116] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.505137] ? calculate_sigpending+0x7b/0xa0 [ 15.505162] ? __pfx_kthread+0x10/0x10 [ 15.505184] ret_from_fork+0x116/0x1d0 [ 15.505203] ? __pfx_kthread+0x10/0x10 [ 15.505233] ret_from_fork_asm+0x1a/0x30 [ 15.505292] </TASK> [ 15.505306] [ 15.513088] Allocated by task 282: [ 15.513322] kasan_save_stack+0x45/0x70 [ 15.513532] kasan_save_track+0x18/0x40 [ 15.513731] kasan_save_alloc_info+0x3b/0x50 [ 15.513896] __kasan_kmalloc+0xb7/0xc0 [ 15.514030] __kmalloc_cache_noprof+0x189/0x420 [ 15.514186] kasan_atomics+0x95/0x310 [ 15.514424] kunit_try_run_case+0x1a5/0x480 [ 15.514637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514903] kthread+0x337/0x6f0 [ 15.515097] ret_from_fork+0x116/0x1d0 [ 15.515359] ret_from_fork_asm+0x1a/0x30 [ 15.515596] [ 15.515670] The buggy address belongs to the object at ffff888103991d00 [ 15.515670] which belongs to the cache kmalloc-64 of size 64 [ 15.516146] The buggy address is located 0 bytes to the right of [ 15.516146] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.516518] [ 15.516594] The buggy address belongs to the physical page: [ 15.516846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.517263] flags: 0x200000000000000(node=0|zone=2) [ 15.517501] page_type: f5(slab) [ 15.517670] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.518005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.518349] page dumped because: kasan: bad access detected [ 15.518614] [ 15.518689] Memory state around the buggy address: [ 15.518848] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.519070] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.519429] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.519791] ^ [ 15.520058] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.520385] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.520713] ================================================================== [ 15.880361] ================================================================== [ 15.880733] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.881122] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.881621] [ 15.881745] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.881794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.881807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.881831] Call Trace: [ 15.881854] <TASK> [ 15.881875] dump_stack_lvl+0x73/0xb0 [ 15.881907] print_report+0xd1/0x650 [ 15.881931] ? __virt_addr_valid+0x1db/0x2d0 [ 15.881954] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.881976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.881999] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.882021] kasan_report+0x141/0x180 [ 15.882043] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.882069] kasan_check_range+0x10c/0x1c0 [ 15.882092] __kasan_check_write+0x18/0x20 [ 15.882112] kasan_atomics_helper+0x20c8/0x5450 [ 15.882146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.882169] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.882193] ? ret_from_fork_asm+0x1a/0x30 [ 15.882237] ? kasan_atomics+0x152/0x310 [ 15.882263] kasan_atomics+0x1dc/0x310 [ 15.882286] ? __pfx_kasan_atomics+0x10/0x10 [ 15.882310] ? __pfx_read_tsc+0x10/0x10 [ 15.882331] ? ktime_get_ts64+0x86/0x230 [ 15.882356] kunit_try_run_case+0x1a5/0x480 [ 15.882381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.882404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.882428] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.882451] ? __kthread_parkme+0x82/0x180 [ 15.882472] ? preempt_count_sub+0x50/0x80 [ 15.882495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.882519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.882542] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.882566] kthread+0x337/0x6f0 [ 15.882585] ? trace_preempt_on+0x20/0xc0 [ 15.882610] ? __pfx_kthread+0x10/0x10 [ 15.882631] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.882653] ? calculate_sigpending+0x7b/0xa0 [ 15.882677] ? __pfx_kthread+0x10/0x10 [ 15.882699] ret_from_fork+0x116/0x1d0 [ 15.882718] ? __pfx_kthread+0x10/0x10 [ 15.882738] ret_from_fork_asm+0x1a/0x30 [ 15.882768] </TASK> [ 15.882781] [ 15.890867] Allocated by task 282: [ 15.891128] kasan_save_stack+0x45/0x70 [ 15.891403] kasan_save_track+0x18/0x40 [ 15.891589] kasan_save_alloc_info+0x3b/0x50 [ 15.891740] __kasan_kmalloc+0xb7/0xc0 [ 15.891875] __kmalloc_cache_noprof+0x189/0x420 [ 15.892090] kasan_atomics+0x95/0x310 [ 15.892294] kunit_try_run_case+0x1a5/0x480 [ 15.892501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.892762] kthread+0x337/0x6f0 [ 15.892937] ret_from_fork+0x116/0x1d0 [ 15.893076] ret_from_fork_asm+0x1a/0x30 [ 15.893229] [ 15.893401] The buggy address belongs to the object at ffff888103991d00 [ 15.893401] which belongs to the cache kmalloc-64 of size 64 [ 15.893932] The buggy address is located 0 bytes to the right of [ 15.893932] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.894553] [ 15.894676] The buggy address belongs to the physical page: [ 15.894867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.895237] flags: 0x200000000000000(node=0|zone=2) [ 15.895500] page_type: f5(slab) [ 15.895669] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.896003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.896240] page dumped because: kasan: bad access detected [ 15.896533] [ 15.896628] Memory state around the buggy address: [ 15.896829] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.897050] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.897536] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.897884] ^ [ 15.898102] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.898443] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.898748] ================================================================== [ 15.327649] ================================================================== [ 15.328210] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 15.328727] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.328955] [ 15.329352] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.329447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.329462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.329497] Call Trace: [ 15.329521] <TASK> [ 15.329544] dump_stack_lvl+0x73/0xb0 [ 15.329577] print_report+0xd1/0x650 [ 15.329602] ? __virt_addr_valid+0x1db/0x2d0 [ 15.329690] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.329713] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.329754] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.329775] kasan_report+0x141/0x180 [ 15.329797] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.329824] kasan_check_range+0x10c/0x1c0 [ 15.329848] __kasan_check_read+0x15/0x20 [ 15.329866] kasan_atomics_helper+0x13b5/0x5450 [ 15.329890] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.329913] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.329938] ? ret_from_fork_asm+0x1a/0x30 [ 15.329961] ? kasan_atomics+0x152/0x310 [ 15.329988] kasan_atomics+0x1dc/0x310 [ 15.330010] ? __pfx_kasan_atomics+0x10/0x10 [ 15.330034] ? __pfx_read_tsc+0x10/0x10 [ 15.330056] ? ktime_get_ts64+0x86/0x230 [ 15.330082] kunit_try_run_case+0x1a5/0x480 [ 15.330108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.330130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.330154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.330177] ? __kthread_parkme+0x82/0x180 [ 15.330199] ? preempt_count_sub+0x50/0x80 [ 15.330233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.330278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.330301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.330325] kthread+0x337/0x6f0 [ 15.330345] ? trace_preempt_on+0x20/0xc0 [ 15.330369] ? __pfx_kthread+0x10/0x10 [ 15.330390] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.330411] ? calculate_sigpending+0x7b/0xa0 [ 15.330436] ? __pfx_kthread+0x10/0x10 [ 15.330458] ret_from_fork+0x116/0x1d0 [ 15.330476] ? __pfx_kthread+0x10/0x10 [ 15.330497] ret_from_fork_asm+0x1a/0x30 [ 15.330527] </TASK> [ 15.330540] [ 15.343391] Allocated by task 282: [ 15.343770] kasan_save_stack+0x45/0x70 [ 15.344162] kasan_save_track+0x18/0x40 [ 15.344557] kasan_save_alloc_info+0x3b/0x50 [ 15.344965] __kasan_kmalloc+0xb7/0xc0 [ 15.345351] __kmalloc_cache_noprof+0x189/0x420 [ 15.345768] kasan_atomics+0x95/0x310 [ 15.346120] kunit_try_run_case+0x1a5/0x480 [ 15.346535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.346933] kthread+0x337/0x6f0 [ 15.347059] ret_from_fork+0x116/0x1d0 [ 15.347192] ret_from_fork_asm+0x1a/0x30 [ 15.347579] [ 15.347755] The buggy address belongs to the object at ffff888103991d00 [ 15.347755] which belongs to the cache kmalloc-64 of size 64 [ 15.348845] The buggy address is located 0 bytes to the right of [ 15.348845] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.349600] [ 15.349679] The buggy address belongs to the physical page: [ 15.350187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.350910] flags: 0x200000000000000(node=0|zone=2) [ 15.351322] page_type: f5(slab) [ 15.351451] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.351685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.351919] page dumped because: kasan: bad access detected [ 15.352096] [ 15.352168] Memory state around the buggy address: [ 15.352538] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.353157] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.353803] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.354446] ^ [ 15.354872] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.355503] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.356116] ================================================================== [ 15.440137] ================================================================== [ 15.440804] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 15.441664] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.442367] [ 15.442722] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.442784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.442800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.442826] Call Trace: [ 15.442848] <TASK> [ 15.442872] dump_stack_lvl+0x73/0xb0 [ 15.442913] print_report+0xd1/0x650 [ 15.442938] ? __virt_addr_valid+0x1db/0x2d0 [ 15.442963] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.442985] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.443008] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.443030] kasan_report+0x141/0x180 [ 15.443052] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.443078] kasan_check_range+0x10c/0x1c0 [ 15.443103] __kasan_check_write+0x18/0x20 [ 15.443124] kasan_atomics_helper+0x15b6/0x5450 [ 15.443149] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.443172] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.443198] ? ret_from_fork_asm+0x1a/0x30 [ 15.443236] ? kasan_atomics+0x152/0x310 [ 15.443265] kasan_atomics+0x1dc/0x310 [ 15.443302] ? __pfx_kasan_atomics+0x10/0x10 [ 15.443328] ? __pfx_read_tsc+0x10/0x10 [ 15.443350] ? ktime_get_ts64+0x86/0x230 [ 15.443375] kunit_try_run_case+0x1a5/0x480 [ 15.443401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.443424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.443449] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.443471] ? __kthread_parkme+0x82/0x180 [ 15.443492] ? preempt_count_sub+0x50/0x80 [ 15.443517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.443545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.443569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.443592] kthread+0x337/0x6f0 [ 15.443611] ? trace_preempt_on+0x20/0xc0 [ 15.443635] ? __pfx_kthread+0x10/0x10 [ 15.443656] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.443678] ? calculate_sigpending+0x7b/0xa0 [ 15.443701] ? __pfx_kthread+0x10/0x10 [ 15.443723] ret_from_fork+0x116/0x1d0 [ 15.443742] ? __pfx_kthread+0x10/0x10 [ 15.443763] ret_from_fork_asm+0x1a/0x30 [ 15.443793] </TASK> [ 15.443807] [ 15.454936] Allocated by task 282: [ 15.455245] kasan_save_stack+0x45/0x70 [ 15.455470] kasan_save_track+0x18/0x40 [ 15.455660] kasan_save_alloc_info+0x3b/0x50 [ 15.455852] __kasan_kmalloc+0xb7/0xc0 [ 15.456007] __kmalloc_cache_noprof+0x189/0x420 [ 15.456206] kasan_atomics+0x95/0x310 [ 15.456843] kunit_try_run_case+0x1a5/0x480 [ 15.457113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.457423] kthread+0x337/0x6f0 [ 15.457739] ret_from_fork+0x116/0x1d0 [ 15.457950] ret_from_fork_asm+0x1a/0x30 [ 15.458269] [ 15.458475] The buggy address belongs to the object at ffff888103991d00 [ 15.458475] which belongs to the cache kmalloc-64 of size 64 [ 15.459137] The buggy address is located 0 bytes to the right of [ 15.459137] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.459745] [ 15.459830] The buggy address belongs to the physical page: [ 15.460089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.460506] flags: 0x200000000000000(node=0|zone=2) [ 15.460725] page_type: f5(slab) [ 15.460902] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.461191] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.461430] page dumped because: kasan: bad access detected [ 15.461859] [ 15.461978] Memory state around the buggy address: [ 15.462207] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.462598] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.462944] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.463246] ^ [ 15.463444] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463654] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463953] ================================================================== [ 14.606950] ================================================================== [ 14.607708] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.608077] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.608436] [ 14.608555] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.608604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.608617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.608641] Call Trace: [ 14.608664] <TASK> [ 14.608685] dump_stack_lvl+0x73/0xb0 [ 14.608718] print_report+0xd1/0x650 [ 14.608741] ? __virt_addr_valid+0x1db/0x2d0 [ 14.608766] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.608796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.608819] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.608841] kasan_report+0x141/0x180 [ 14.608865] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.608890] kasan_check_range+0x10c/0x1c0 [ 14.608915] __kasan_check_write+0x18/0x20 [ 14.608936] kasan_atomics_helper+0x4a0/0x5450 [ 14.608959] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.608981] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.609006] ? ret_from_fork_asm+0x1a/0x30 [ 14.609029] ? kasan_atomics+0x152/0x310 [ 14.609055] kasan_atomics+0x1dc/0x310 [ 14.609078] ? __pfx_kasan_atomics+0x10/0x10 [ 14.609103] ? __pfx_read_tsc+0x10/0x10 [ 14.609124] ? ktime_get_ts64+0x86/0x230 [ 14.609149] kunit_try_run_case+0x1a5/0x480 [ 14.609174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.609197] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.609232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.609257] ? __kthread_parkme+0x82/0x180 [ 14.609278] ? preempt_count_sub+0x50/0x80 [ 14.609302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.609326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.609348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.609371] kthread+0x337/0x6f0 [ 14.609392] ? trace_preempt_on+0x20/0xc0 [ 14.609418] ? __pfx_kthread+0x10/0x10 [ 14.609438] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.609460] ? calculate_sigpending+0x7b/0xa0 [ 14.609485] ? __pfx_kthread+0x10/0x10 [ 14.609506] ret_from_fork+0x116/0x1d0 [ 14.609525] ? __pfx_kthread+0x10/0x10 [ 14.609547] ret_from_fork_asm+0x1a/0x30 [ 14.609577] </TASK> [ 14.609591] [ 14.618427] Allocated by task 282: [ 14.618779] kasan_save_stack+0x45/0x70 [ 14.619037] kasan_save_track+0x18/0x40 [ 14.619177] kasan_save_alloc_info+0x3b/0x50 [ 14.619794] __kasan_kmalloc+0xb7/0xc0 [ 14.620003] __kmalloc_cache_noprof+0x189/0x420 [ 14.620289] kasan_atomics+0x95/0x310 [ 14.620472] kunit_try_run_case+0x1a5/0x480 [ 14.620624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.620808] kthread+0x337/0x6f0 [ 14.620965] ret_from_fork+0x116/0x1d0 [ 14.621158] ret_from_fork_asm+0x1a/0x30 [ 14.621376] [ 14.621478] The buggy address belongs to the object at ffff888103991d00 [ 14.621478] which belongs to the cache kmalloc-64 of size 64 [ 14.622165] The buggy address is located 0 bytes to the right of [ 14.622165] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.622542] [ 14.622725] The buggy address belongs to the physical page: [ 14.623113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.623555] flags: 0x200000000000000(node=0|zone=2) [ 14.623723] page_type: f5(slab) [ 14.623847] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.624078] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.624714] page dumped because: kasan: bad access detected [ 14.624988] [ 14.625087] Memory state around the buggy address: [ 14.625336] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.625663] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.626010] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.626243] ^ [ 14.626950] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.627590] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.627834] ================================================================== [ 14.977564] ================================================================== [ 14.977836] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.978150] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.979125] [ 14.979280] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.979332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.979346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.979370] Call Trace: [ 14.979385] <TASK> [ 14.979406] dump_stack_lvl+0x73/0xb0 [ 14.979442] print_report+0xd1/0x650 [ 14.979467] ? __virt_addr_valid+0x1db/0x2d0 [ 14.979491] ? kasan_atomics_helper+0xc70/0x5450 [ 14.979513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.979535] ? kasan_atomics_helper+0xc70/0x5450 [ 14.979556] kasan_report+0x141/0x180 [ 14.979579] ? kasan_atomics_helper+0xc70/0x5450 [ 14.979604] kasan_check_range+0x10c/0x1c0 [ 14.979628] __kasan_check_write+0x18/0x20 [ 14.979649] kasan_atomics_helper+0xc70/0x5450 [ 14.979672] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.979693] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.979718] ? ret_from_fork_asm+0x1a/0x30 [ 14.979741] ? kasan_atomics+0x152/0x310 [ 14.979766] kasan_atomics+0x1dc/0x310 [ 14.979789] ? __pfx_kasan_atomics+0x10/0x10 [ 14.979814] ? __pfx_read_tsc+0x10/0x10 [ 14.979835] ? ktime_get_ts64+0x86/0x230 [ 14.979860] kunit_try_run_case+0x1a5/0x480 [ 14.979885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.979907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.979931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.979955] ? __kthread_parkme+0x82/0x180 [ 14.979976] ? preempt_count_sub+0x50/0x80 [ 14.980000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.980024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.980047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.980070] kthread+0x337/0x6f0 [ 14.980089] ? trace_preempt_on+0x20/0xc0 [ 14.980113] ? __pfx_kthread+0x10/0x10 [ 14.980134] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.980155] ? calculate_sigpending+0x7b/0xa0 [ 14.980179] ? __pfx_kthread+0x10/0x10 [ 14.980201] ret_from_fork+0x116/0x1d0 [ 14.980231] ? __pfx_kthread+0x10/0x10 [ 14.980253] ret_from_fork_asm+0x1a/0x30 [ 14.980300] </TASK> [ 14.980313] [ 14.987671] Allocated by task 282: [ 14.987872] kasan_save_stack+0x45/0x70 [ 14.988023] kasan_save_track+0x18/0x40 [ 14.988214] kasan_save_alloc_info+0x3b/0x50 [ 14.988621] __kasan_kmalloc+0xb7/0xc0 [ 14.988794] __kmalloc_cache_noprof+0x189/0x420 [ 14.989012] kasan_atomics+0x95/0x310 [ 14.989182] kunit_try_run_case+0x1a5/0x480 [ 14.989346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.989597] kthread+0x337/0x6f0 [ 14.989762] ret_from_fork+0x116/0x1d0 [ 14.989892] ret_from_fork_asm+0x1a/0x30 [ 14.990056] [ 14.990153] The buggy address belongs to the object at ffff888103991d00 [ 14.990153] which belongs to the cache kmalloc-64 of size 64 [ 14.990786] The buggy address is located 0 bytes to the right of [ 14.990786] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.991348] [ 14.991423] The buggy address belongs to the physical page: [ 14.991650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.992007] flags: 0x200000000000000(node=0|zone=2) [ 14.992170] page_type: f5(slab) [ 14.992329] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.992666] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.993005] page dumped because: kasan: bad access detected [ 14.993172] [ 14.993253] Memory state around the buggy address: [ 14.993483] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.993801] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.994128] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.994416] ^ [ 14.994570] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.994786] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.994995] ================================================================== [ 15.289601] ================================================================== [ 15.289967] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 15.290335] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.290588] [ 15.290681] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.290729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.290742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.290768] Call Trace: [ 15.290791] <TASK> [ 15.290813] dump_stack_lvl+0x73/0xb0 [ 15.290845] print_report+0xd1/0x650 [ 15.290884] ? __virt_addr_valid+0x1db/0x2d0 [ 15.290907] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.290929] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.290953] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.290975] kasan_report+0x141/0x180 [ 15.290998] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.291024] kasan_check_range+0x10c/0x1c0 [ 15.291048] __kasan_check_write+0x18/0x20 [ 15.291068] kasan_atomics_helper+0x12e6/0x5450 [ 15.291091] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.291114] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.291138] ? ret_from_fork_asm+0x1a/0x30 [ 15.291161] ? kasan_atomics+0x152/0x310 [ 15.291188] kasan_atomics+0x1dc/0x310 [ 15.291211] ? __pfx_kasan_atomics+0x10/0x10 [ 15.291248] ? __pfx_read_tsc+0x10/0x10 [ 15.291270] ? ktime_get_ts64+0x86/0x230 [ 15.291294] kunit_try_run_case+0x1a5/0x480 [ 15.291320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.291343] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.291368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.291391] ? __kthread_parkme+0x82/0x180 [ 15.291412] ? preempt_count_sub+0x50/0x80 [ 15.291438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.291462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.291498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.291522] kthread+0x337/0x6f0 [ 15.291543] ? trace_preempt_on+0x20/0xc0 [ 15.291567] ? __pfx_kthread+0x10/0x10 [ 15.291587] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.291609] ? calculate_sigpending+0x7b/0xa0 [ 15.291634] ? __pfx_kthread+0x10/0x10 [ 15.291656] ret_from_fork+0x116/0x1d0 [ 15.291675] ? __pfx_kthread+0x10/0x10 [ 15.291696] ret_from_fork_asm+0x1a/0x30 [ 15.291727] </TASK> [ 15.291741] [ 15.299801] Allocated by task 282: [ 15.300001] kasan_save_stack+0x45/0x70 [ 15.300229] kasan_save_track+0x18/0x40 [ 15.300651] kasan_save_alloc_info+0x3b/0x50 [ 15.300815] __kasan_kmalloc+0xb7/0xc0 [ 15.300985] __kmalloc_cache_noprof+0x189/0x420 [ 15.301209] kasan_atomics+0x95/0x310 [ 15.301468] kunit_try_run_case+0x1a5/0x480 [ 15.301663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.301851] kthread+0x337/0x6f0 [ 15.301976] ret_from_fork+0x116/0x1d0 [ 15.302111] ret_from_fork_asm+0x1a/0x30 [ 15.302277] [ 15.302376] The buggy address belongs to the object at ffff888103991d00 [ 15.302376] which belongs to the cache kmalloc-64 of size 64 [ 15.302962] The buggy address is located 0 bytes to the right of [ 15.302962] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.303466] [ 15.303543] The buggy address belongs to the physical page: [ 15.304050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.304417] flags: 0x200000000000000(node=0|zone=2) [ 15.304640] page_type: f5(slab) [ 15.304817] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.305135] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.305527] page dumped because: kasan: bad access detected [ 15.305758] [ 15.305839] Memory state around the buggy address: [ 15.306062] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.306370] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.306667] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.306984] ^ [ 15.307176] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.307405] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.307622] ================================================================== [ 15.308136] ================================================================== [ 15.308903] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 15.309261] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.309486] [ 15.309578] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.309626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.309640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.309663] Call Trace: [ 15.309685] <TASK> [ 15.309708] dump_stack_lvl+0x73/0xb0 [ 15.309737] print_report+0xd1/0x650 [ 15.309761] ? __virt_addr_valid+0x1db/0x2d0 [ 15.309785] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.309807] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.309829] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.309852] kasan_report+0x141/0x180 [ 15.309874] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.309900] __asan_report_load4_noabort+0x18/0x20 [ 15.309925] kasan_atomics_helper+0x49ce/0x5450 [ 15.309948] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.309969] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.309995] ? ret_from_fork_asm+0x1a/0x30 [ 15.310019] ? kasan_atomics+0x152/0x310 [ 15.310046] kasan_atomics+0x1dc/0x310 [ 15.310069] ? __pfx_kasan_atomics+0x10/0x10 [ 15.310093] ? __pfx_read_tsc+0x10/0x10 [ 15.310125] ? ktime_get_ts64+0x86/0x230 [ 15.310150] kunit_try_run_case+0x1a5/0x480 [ 15.310176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.310198] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.310235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.310271] ? __kthread_parkme+0x82/0x180 [ 15.310293] ? preempt_count_sub+0x50/0x80 [ 15.310317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.310341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.310365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.310390] kthread+0x337/0x6f0 [ 15.310413] ? trace_preempt_on+0x20/0xc0 [ 15.310439] ? __pfx_kthread+0x10/0x10 [ 15.310461] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.310483] ? calculate_sigpending+0x7b/0xa0 [ 15.310508] ? __pfx_kthread+0x10/0x10 [ 15.310531] ret_from_fork+0x116/0x1d0 [ 15.310551] ? __pfx_kthread+0x10/0x10 [ 15.310572] ret_from_fork_asm+0x1a/0x30 [ 15.310604] </TASK> [ 15.310616] [ 15.318448] Allocated by task 282: [ 15.318662] kasan_save_stack+0x45/0x70 [ 15.318872] kasan_save_track+0x18/0x40 [ 15.319043] kasan_save_alloc_info+0x3b/0x50 [ 15.319254] __kasan_kmalloc+0xb7/0xc0 [ 15.319428] __kmalloc_cache_noprof+0x189/0x420 [ 15.319644] kasan_atomics+0x95/0x310 [ 15.319816] kunit_try_run_case+0x1a5/0x480 [ 15.320023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.320239] kthread+0x337/0x6f0 [ 15.320415] ret_from_fork+0x116/0x1d0 [ 15.320597] ret_from_fork_asm+0x1a/0x30 [ 15.320772] [ 15.320874] The buggy address belongs to the object at ffff888103991d00 [ 15.320874] which belongs to the cache kmalloc-64 of size 64 [ 15.321291] The buggy address is located 0 bytes to the right of [ 15.321291] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.321838] [ 15.321926] The buggy address belongs to the physical page: [ 15.322168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.322477] flags: 0x200000000000000(node=0|zone=2) [ 15.322647] page_type: f5(slab) [ 15.322774] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.323007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.323249] page dumped because: kasan: bad access detected [ 15.323625] [ 15.323740] Memory state around the buggy address: [ 15.323966] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.324995] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.325280] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.325494] ^ [ 15.325651] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.325863] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.326071] ================================================================== [ 15.626866] ================================================================== [ 15.627382] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 15.627830] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.628550] [ 15.628795] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.628957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.628984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.629008] Call Trace: [ 15.629037] <TASK> [ 15.629060] dump_stack_lvl+0x73/0xb0 [ 15.629096] print_report+0xd1/0x650 [ 15.629122] ? __virt_addr_valid+0x1db/0x2d0 [ 15.629146] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.629170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.629193] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.629215] kasan_report+0x141/0x180 [ 15.629254] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.629313] kasan_check_range+0x10c/0x1c0 [ 15.629338] __kasan_check_write+0x18/0x20 [ 15.629358] kasan_atomics_helper+0x1b22/0x5450 [ 15.629382] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.629405] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.629430] ? ret_from_fork_asm+0x1a/0x30 [ 15.629453] ? kasan_atomics+0x152/0x310 [ 15.629479] kasan_atomics+0x1dc/0x310 [ 15.629502] ? __pfx_kasan_atomics+0x10/0x10 [ 15.629526] ? __pfx_read_tsc+0x10/0x10 [ 15.629549] ? ktime_get_ts64+0x86/0x230 [ 15.629574] kunit_try_run_case+0x1a5/0x480 [ 15.629599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.629621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.629646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.629671] ? __kthread_parkme+0x82/0x180 [ 15.629692] ? preempt_count_sub+0x50/0x80 [ 15.629717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.629742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.629766] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.629789] kthread+0x337/0x6f0 [ 15.629809] ? trace_preempt_on+0x20/0xc0 [ 15.629832] ? __pfx_kthread+0x10/0x10 [ 15.629853] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.629875] ? calculate_sigpending+0x7b/0xa0 [ 15.629899] ? __pfx_kthread+0x10/0x10 [ 15.629921] ret_from_fork+0x116/0x1d0 [ 15.629940] ? __pfx_kthread+0x10/0x10 [ 15.629960] ret_from_fork_asm+0x1a/0x30 [ 15.629991] </TASK> [ 15.630004] [ 15.642578] Allocated by task 282: [ 15.642790] kasan_save_stack+0x45/0x70 [ 15.642993] kasan_save_track+0x18/0x40 [ 15.643173] kasan_save_alloc_info+0x3b/0x50 [ 15.643734] __kasan_kmalloc+0xb7/0xc0 [ 15.644136] __kmalloc_cache_noprof+0x189/0x420 [ 15.644572] kasan_atomics+0x95/0x310 [ 15.644910] kunit_try_run_case+0x1a5/0x480 [ 15.645119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.645714] kthread+0x337/0x6f0 [ 15.645971] ret_from_fork+0x116/0x1d0 [ 15.646303] ret_from_fork_asm+0x1a/0x30 [ 15.646510] [ 15.646606] The buggy address belongs to the object at ffff888103991d00 [ 15.646606] which belongs to the cache kmalloc-64 of size 64 [ 15.647089] The buggy address is located 0 bytes to the right of [ 15.647089] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.648048] [ 15.648308] The buggy address belongs to the physical page: [ 15.648761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.649526] flags: 0x200000000000000(node=0|zone=2) [ 15.649768] page_type: f5(slab) [ 15.649932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.650516] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.650867] page dumped because: kasan: bad access detected [ 15.651097] [ 15.651187] Memory state around the buggy address: [ 15.651872] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.652390] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.652865] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.653161] ^ [ 15.653793] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.654267] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.654720] ================================================================== [ 15.833168] ================================================================== [ 15.833945] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.834501] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.835157] [ 15.835265] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.835318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.835331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.835356] Call Trace: [ 15.835378] <TASK> [ 15.835401] dump_stack_lvl+0x73/0xb0 [ 15.835437] print_report+0xd1/0x650 [ 15.835461] ? __virt_addr_valid+0x1db/0x2d0 [ 15.835486] ? kasan_atomics_helper+0x2006/0x5450 [ 15.835508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.835531] ? kasan_atomics_helper+0x2006/0x5450 [ 15.835553] kasan_report+0x141/0x180 [ 15.835575] ? kasan_atomics_helper+0x2006/0x5450 [ 15.835601] kasan_check_range+0x10c/0x1c0 [ 15.835624] __kasan_check_write+0x18/0x20 [ 15.835644] kasan_atomics_helper+0x2006/0x5450 [ 15.835667] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.835688] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.835713] ? ret_from_fork_asm+0x1a/0x30 [ 15.835735] ? kasan_atomics+0x152/0x310 [ 15.835762] kasan_atomics+0x1dc/0x310 [ 15.835785] ? __pfx_kasan_atomics+0x10/0x10 [ 15.835810] ? __pfx_read_tsc+0x10/0x10 [ 15.835831] ? ktime_get_ts64+0x86/0x230 [ 15.835855] kunit_try_run_case+0x1a5/0x480 [ 15.835881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.835904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.835928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.835951] ? __kthread_parkme+0x82/0x180 [ 15.835973] ? preempt_count_sub+0x50/0x80 [ 15.835998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.836022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.836045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.836068] kthread+0x337/0x6f0 [ 15.836087] ? trace_preempt_on+0x20/0xc0 [ 15.836111] ? __pfx_kthread+0x10/0x10 [ 15.836133] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.836154] ? calculate_sigpending+0x7b/0xa0 [ 15.836179] ? __pfx_kthread+0x10/0x10 [ 15.836201] ret_from_fork+0x116/0x1d0 [ 15.836237] ? __pfx_kthread+0x10/0x10 [ 15.836258] ret_from_fork_asm+0x1a/0x30 [ 15.836289] </TASK> [ 15.836301] [ 15.851478] Allocated by task 282: [ 15.851868] kasan_save_stack+0x45/0x70 [ 15.852295] kasan_save_track+0x18/0x40 [ 15.852601] kasan_save_alloc_info+0x3b/0x50 [ 15.852968] __kasan_kmalloc+0xb7/0xc0 [ 15.853105] __kmalloc_cache_noprof+0x189/0x420 [ 15.853296] kasan_atomics+0x95/0x310 [ 15.853649] kunit_try_run_case+0x1a5/0x480 [ 15.854051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.854591] kthread+0x337/0x6f0 [ 15.854926] ret_from_fork+0x116/0x1d0 [ 15.855349] ret_from_fork_asm+0x1a/0x30 [ 15.855633] [ 15.855816] The buggy address belongs to the object at ffff888103991d00 [ 15.855816] which belongs to the cache kmalloc-64 of size 64 [ 15.856176] The buggy address is located 0 bytes to the right of [ 15.856176] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.856735] [ 15.856864] The buggy address belongs to the physical page: [ 15.857091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.857434] flags: 0x200000000000000(node=0|zone=2) [ 15.857669] page_type: f5(slab) [ 15.857841] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.858131] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.858472] page dumped because: kasan: bad access detected [ 15.858657] [ 15.858754] Memory state around the buggy address: [ 15.858984] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.859233] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.859575] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.859788] ^ [ 15.859967] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.860372] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.860636] ================================================================== [ 15.723432] ================================================================== [ 15.723766] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.724096] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.724597] [ 15.724872] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.724928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.724942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.724967] Call Trace: [ 15.724989] <TASK> [ 15.725011] dump_stack_lvl+0x73/0xb0 [ 15.725044] print_report+0xd1/0x650 [ 15.725066] ? __virt_addr_valid+0x1db/0x2d0 [ 15.725091] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.725113] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.725135] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.725158] kasan_report+0x141/0x180 [ 15.725180] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.725205] kasan_check_range+0x10c/0x1c0 [ 15.725245] __kasan_check_write+0x18/0x20 [ 15.725334] kasan_atomics_helper+0x1d7a/0x5450 [ 15.725360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.725383] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.725408] ? ret_from_fork_asm+0x1a/0x30 [ 15.725431] ? kasan_atomics+0x152/0x310 [ 15.725458] kasan_atomics+0x1dc/0x310 [ 15.725480] ? __pfx_kasan_atomics+0x10/0x10 [ 15.725505] ? __pfx_read_tsc+0x10/0x10 [ 15.725526] ? ktime_get_ts64+0x86/0x230 [ 15.725552] kunit_try_run_case+0x1a5/0x480 [ 15.725578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.725601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.725624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.725648] ? __kthread_parkme+0x82/0x180 [ 15.725669] ? preempt_count_sub+0x50/0x80 [ 15.725693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.725717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.725740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.725764] kthread+0x337/0x6f0 [ 15.725784] ? trace_preempt_on+0x20/0xc0 [ 15.725808] ? __pfx_kthread+0x10/0x10 [ 15.725830] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.725850] ? calculate_sigpending+0x7b/0xa0 [ 15.725875] ? __pfx_kthread+0x10/0x10 [ 15.725897] ret_from_fork+0x116/0x1d0 [ 15.725916] ? __pfx_kthread+0x10/0x10 [ 15.725937] ret_from_fork_asm+0x1a/0x30 [ 15.725967] </TASK> [ 15.725979] [ 15.736999] Allocated by task 282: [ 15.737168] kasan_save_stack+0x45/0x70 [ 15.737348] kasan_save_track+0x18/0x40 [ 15.737564] kasan_save_alloc_info+0x3b/0x50 [ 15.738137] __kasan_kmalloc+0xb7/0xc0 [ 15.738340] __kmalloc_cache_noprof+0x189/0x420 [ 15.738686] kasan_atomics+0x95/0x310 [ 15.738833] kunit_try_run_case+0x1a5/0x480 [ 15.739148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.739435] kthread+0x337/0x6f0 [ 15.739723] ret_from_fork+0x116/0x1d0 [ 15.739885] ret_from_fork_asm+0x1a/0x30 [ 15.740182] [ 15.740295] The buggy address belongs to the object at ffff888103991d00 [ 15.740295] which belongs to the cache kmalloc-64 of size 64 [ 15.740804] The buggy address is located 0 bytes to the right of [ 15.740804] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.741559] [ 15.741660] The buggy address belongs to the physical page: [ 15.741840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.742358] flags: 0x200000000000000(node=0|zone=2) [ 15.742658] page_type: f5(slab) [ 15.742804] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.743235] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.743623] page dumped because: kasan: bad access detected [ 15.743875] [ 15.744061] Memory state around the buggy address: [ 15.744336] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.744711] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.745027] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.745448] ^ [ 15.745617] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.746072] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.746352] ================================================================== [ 15.201572] ================================================================== [ 15.202016] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 15.202500] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.202830] [ 15.203091] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.203155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.203169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.203193] Call Trace: [ 15.203215] <TASK> [ 15.203249] dump_stack_lvl+0x73/0xb0 [ 15.203282] print_report+0xd1/0x650 [ 15.203306] ? __virt_addr_valid+0x1db/0x2d0 [ 15.203331] ? kasan_atomics_helper+0x1148/0x5450 [ 15.203397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.203457] ? kasan_atomics_helper+0x1148/0x5450 [ 15.203480] kasan_report+0x141/0x180 [ 15.203505] ? kasan_atomics_helper+0x1148/0x5450 [ 15.203533] kasan_check_range+0x10c/0x1c0 [ 15.203557] __kasan_check_write+0x18/0x20 [ 15.203577] kasan_atomics_helper+0x1148/0x5450 [ 15.203600] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.203624] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.203656] ? ret_from_fork_asm+0x1a/0x30 [ 15.203682] ? kasan_atomics+0x152/0x310 [ 15.203709] kasan_atomics+0x1dc/0x310 [ 15.203733] ? __pfx_kasan_atomics+0x10/0x10 [ 15.203760] ? __pfx_read_tsc+0x10/0x10 [ 15.203782] ? ktime_get_ts64+0x86/0x230 [ 15.203807] kunit_try_run_case+0x1a5/0x480 [ 15.203833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.203857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.203881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.203904] ? __kthread_parkme+0x82/0x180 [ 15.203926] ? preempt_count_sub+0x50/0x80 [ 15.203951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.203974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.203998] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.204022] kthread+0x337/0x6f0 [ 15.204041] ? trace_preempt_on+0x20/0xc0 [ 15.204065] ? __pfx_kthread+0x10/0x10 [ 15.204085] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.204107] ? calculate_sigpending+0x7b/0xa0 [ 15.204131] ? __pfx_kthread+0x10/0x10 [ 15.204153] ret_from_fork+0x116/0x1d0 [ 15.204173] ? __pfx_kthread+0x10/0x10 [ 15.204194] ret_from_fork_asm+0x1a/0x30 [ 15.204233] </TASK> [ 15.204246] [ 15.213735] Allocated by task 282: [ 15.213944] kasan_save_stack+0x45/0x70 [ 15.214202] kasan_save_track+0x18/0x40 [ 15.214544] kasan_save_alloc_info+0x3b/0x50 [ 15.214766] __kasan_kmalloc+0xb7/0xc0 [ 15.214958] __kmalloc_cache_noprof+0x189/0x420 [ 15.215169] kasan_atomics+0x95/0x310 [ 15.215479] kunit_try_run_case+0x1a5/0x480 [ 15.215695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.215873] kthread+0x337/0x6f0 [ 15.215997] ret_from_fork+0x116/0x1d0 [ 15.216133] ret_from_fork_asm+0x1a/0x30 [ 15.216384] [ 15.216484] The buggy address belongs to the object at ffff888103991d00 [ 15.216484] which belongs to the cache kmalloc-64 of size 64 [ 15.217038] The buggy address is located 0 bytes to the right of [ 15.217038] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.217678] [ 15.217759] The buggy address belongs to the physical page: [ 15.218053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.218310] flags: 0x200000000000000(node=0|zone=2) [ 15.218788] page_type: f5(slab) [ 15.218977] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.219261] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.219620] page dumped because: kasan: bad access detected [ 15.219971] [ 15.220111] Memory state around the buggy address: [ 15.220395] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.220633] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.220860] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.221168] ^ [ 15.221406] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.221735] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.222266] ================================================================== [ 15.802841] ================================================================== [ 15.803279] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.803657] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.803992] [ 15.804108] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.804157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.804170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.804194] Call Trace: [ 15.804240] <TASK> [ 15.804261] dump_stack_lvl+0x73/0xb0 [ 15.804292] print_report+0xd1/0x650 [ 15.804315] ? __virt_addr_valid+0x1db/0x2d0 [ 15.804340] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.804360] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.804383] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.804405] kasan_report+0x141/0x180 [ 15.804438] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.804464] __asan_report_load8_noabort+0x18/0x20 [ 15.804489] kasan_atomics_helper+0x4f71/0x5450 [ 15.804511] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.804534] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.804558] ? ret_from_fork_asm+0x1a/0x30 [ 15.804581] ? kasan_atomics+0x152/0x310 [ 15.804607] kasan_atomics+0x1dc/0x310 [ 15.804629] ? __pfx_kasan_atomics+0x10/0x10 [ 15.804654] ? __pfx_read_tsc+0x10/0x10 [ 15.804676] ? ktime_get_ts64+0x86/0x230 [ 15.804701] kunit_try_run_case+0x1a5/0x480 [ 15.804726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.804749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.804774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.804806] ? __kthread_parkme+0x82/0x180 [ 15.804828] ? preempt_count_sub+0x50/0x80 [ 15.804853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.804876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.804899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.804922] kthread+0x337/0x6f0 [ 15.804942] ? trace_preempt_on+0x20/0xc0 [ 15.804967] ? __pfx_kthread+0x10/0x10 [ 15.804988] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.805019] ? calculate_sigpending+0x7b/0xa0 [ 15.805044] ? __pfx_kthread+0x10/0x10 [ 15.805066] ret_from_fork+0x116/0x1d0 [ 15.805085] ? __pfx_kthread+0x10/0x10 [ 15.805105] ret_from_fork_asm+0x1a/0x30 [ 15.805137] </TASK> [ 15.805149] [ 15.818825] Allocated by task 282: [ 15.819008] kasan_save_stack+0x45/0x70 [ 15.819179] kasan_save_track+0x18/0x40 [ 15.819387] kasan_save_alloc_info+0x3b/0x50 [ 15.819665] __kasan_kmalloc+0xb7/0xc0 [ 15.820658] __kmalloc_cache_noprof+0x189/0x420 [ 15.821033] kasan_atomics+0x95/0x310 [ 15.821195] kunit_try_run_case+0x1a5/0x480 [ 15.821691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.822121] kthread+0x337/0x6f0 [ 15.822277] ret_from_fork+0x116/0x1d0 [ 15.822688] ret_from_fork_asm+0x1a/0x30 [ 15.823081] [ 15.823256] The buggy address belongs to the object at ffff888103991d00 [ 15.823256] which belongs to the cache kmalloc-64 of size 64 [ 15.823927] The buggy address is located 0 bytes to the right of [ 15.823927] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.824407] [ 15.824613] The buggy address belongs to the physical page: [ 15.825174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.826004] flags: 0x200000000000000(node=0|zone=2) [ 15.826549] page_type: f5(slab) [ 15.826889] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.827624] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.828155] page dumped because: kasan: bad access detected [ 15.828503] [ 15.828724] Memory state around the buggy address: [ 15.829100] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.829381] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.829841] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.830053] ^ [ 15.830208] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.831199] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.831999] ================================================================== [ 15.483580] ================================================================== [ 15.483872] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 15.484422] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.484702] [ 15.484827] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.484876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.484890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.484915] Call Trace: [ 15.484937] <TASK> [ 15.484959] dump_stack_lvl+0x73/0xb0 [ 15.484991] print_report+0xd1/0x650 [ 15.485016] ? __virt_addr_valid+0x1db/0x2d0 [ 15.485040] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.485062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.485085] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.485110] kasan_report+0x141/0x180 [ 15.485133] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.485160] kasan_check_range+0x10c/0x1c0 [ 15.485184] __kasan_check_write+0x18/0x20 [ 15.485204] kasan_atomics_helper+0x16e7/0x5450 [ 15.485239] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.485276] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.485302] ? ret_from_fork_asm+0x1a/0x30 [ 15.485325] ? kasan_atomics+0x152/0x310 [ 15.485352] kasan_atomics+0x1dc/0x310 [ 15.485375] ? __pfx_kasan_atomics+0x10/0x10 [ 15.485399] ? __pfx_read_tsc+0x10/0x10 [ 15.485422] ? ktime_get_ts64+0x86/0x230 [ 15.485447] kunit_try_run_case+0x1a5/0x480 [ 15.485472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.485495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.485519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.485543] ? __kthread_parkme+0x82/0x180 [ 15.485564] ? preempt_count_sub+0x50/0x80 [ 15.485589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.485613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.485636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.485660] kthread+0x337/0x6f0 [ 15.485680] ? trace_preempt_on+0x20/0xc0 [ 15.485704] ? __pfx_kthread+0x10/0x10 [ 15.485725] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.485746] ? calculate_sigpending+0x7b/0xa0 [ 15.485771] ? __pfx_kthread+0x10/0x10 [ 15.485792] ret_from_fork+0x116/0x1d0 [ 15.485812] ? __pfx_kthread+0x10/0x10 [ 15.485832] ret_from_fork_asm+0x1a/0x30 [ 15.485863] </TASK> [ 15.485875] [ 15.493374] Allocated by task 282: [ 15.493545] kasan_save_stack+0x45/0x70 [ 15.493756] kasan_save_track+0x18/0x40 [ 15.493954] kasan_save_alloc_info+0x3b/0x50 [ 15.494130] __kasan_kmalloc+0xb7/0xc0 [ 15.494354] __kmalloc_cache_noprof+0x189/0x420 [ 15.494511] kasan_atomics+0x95/0x310 [ 15.494646] kunit_try_run_case+0x1a5/0x480 [ 15.494792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.494968] kthread+0x337/0x6f0 [ 15.495089] ret_from_fork+0x116/0x1d0 [ 15.495233] ret_from_fork_asm+0x1a/0x30 [ 15.495431] [ 15.495543] The buggy address belongs to the object at ffff888103991d00 [ 15.495543] which belongs to the cache kmalloc-64 of size 64 [ 15.496074] The buggy address is located 0 bytes to the right of [ 15.496074] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.496624] [ 15.496705] The buggy address belongs to the physical page: [ 15.496891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.497135] flags: 0x200000000000000(node=0|zone=2) [ 15.497843] page_type: f5(slab) [ 15.498538] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.499139] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.499535] page dumped because: kasan: bad access detected [ 15.499789] [ 15.499865] Memory state around the buggy address: [ 15.500040] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.500422] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.500744] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.501050] ^ [ 15.501210] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.501554] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.501903] ================================================================== [ 15.917855] ================================================================== [ 15.918211] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.918746] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.918972] [ 15.919064] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.919111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.919124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.919148] Call Trace: [ 15.919169] <TASK> [ 15.919189] dump_stack_lvl+0x73/0xb0 [ 15.919232] print_report+0xd1/0x650 [ 15.919255] ? __virt_addr_valid+0x1db/0x2d0 [ 15.919280] ? kasan_atomics_helper+0x218a/0x5450 [ 15.919301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.919324] ? kasan_atomics_helper+0x218a/0x5450 [ 15.919346] kasan_report+0x141/0x180 [ 15.919368] ? kasan_atomics_helper+0x218a/0x5450 [ 15.919394] kasan_check_range+0x10c/0x1c0 [ 15.919419] __kasan_check_write+0x18/0x20 [ 15.919438] kasan_atomics_helper+0x218a/0x5450 [ 15.919461] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.919484] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.919509] ? ret_from_fork_asm+0x1a/0x30 [ 15.919532] ? kasan_atomics+0x152/0x310 [ 15.919558] kasan_atomics+0x1dc/0x310 [ 15.919581] ? __pfx_kasan_atomics+0x10/0x10 [ 15.919605] ? __pfx_read_tsc+0x10/0x10 [ 15.919626] ? ktime_get_ts64+0x86/0x230 [ 15.919651] kunit_try_run_case+0x1a5/0x480 [ 15.919676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.919699] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.919723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.919745] ? __kthread_parkme+0x82/0x180 [ 15.919766] ? preempt_count_sub+0x50/0x80 [ 15.919790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.919813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.919838] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.919861] kthread+0x337/0x6f0 [ 15.919881] ? trace_preempt_on+0x20/0xc0 [ 15.919906] ? __pfx_kthread+0x10/0x10 [ 15.919926] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.919947] ? calculate_sigpending+0x7b/0xa0 [ 15.919972] ? __pfx_kthread+0x10/0x10 [ 15.919994] ret_from_fork+0x116/0x1d0 [ 15.920013] ? __pfx_kthread+0x10/0x10 [ 15.920034] ret_from_fork_asm+0x1a/0x30 [ 15.920065] </TASK> [ 15.920092] [ 15.928472] Allocated by task 282: [ 15.928627] kasan_save_stack+0x45/0x70 [ 15.928879] kasan_save_track+0x18/0x40 [ 15.929075] kasan_save_alloc_info+0x3b/0x50 [ 15.929292] __kasan_kmalloc+0xb7/0xc0 [ 15.929479] __kmalloc_cache_noprof+0x189/0x420 [ 15.929700] kasan_atomics+0x95/0x310 [ 15.929886] kunit_try_run_case+0x1a5/0x480 [ 15.930297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.930550] kthread+0x337/0x6f0 [ 15.930716] ret_from_fork+0x116/0x1d0 [ 15.930902] ret_from_fork_asm+0x1a/0x30 [ 15.931098] [ 15.931196] The buggy address belongs to the object at ffff888103991d00 [ 15.931196] which belongs to the cache kmalloc-64 of size 64 [ 15.931742] The buggy address is located 0 bytes to the right of [ 15.931742] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.932146] [ 15.932231] The buggy address belongs to the physical page: [ 15.932802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.933141] flags: 0x200000000000000(node=0|zone=2) [ 15.933436] page_type: f5(slab) [ 15.933565] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.933797] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.934026] page dumped because: kasan: bad access detected [ 15.934198] [ 15.934297] Memory state around the buggy address: [ 15.934733] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.935464] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.935801] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.936018] ^ [ 15.936174] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.936818] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.937109] ================================================================== [ 15.567834] ================================================================== [ 15.568195] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 15.568590] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.568897] [ 15.569030] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.569090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.569104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.569129] Call Trace: [ 15.569151] <TASK> [ 15.569180] dump_stack_lvl+0x73/0xb0 [ 15.569214] print_report+0xd1/0x650 [ 15.569253] ? __virt_addr_valid+0x1db/0x2d0 [ 15.569288] ? kasan_atomics_helper+0x194a/0x5450 [ 15.569310] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.569333] ? kasan_atomics_helper+0x194a/0x5450 [ 15.569355] kasan_report+0x141/0x180 [ 15.569378] ? kasan_atomics_helper+0x194a/0x5450 [ 15.569404] kasan_check_range+0x10c/0x1c0 [ 15.569429] __kasan_check_write+0x18/0x20 [ 15.569449] kasan_atomics_helper+0x194a/0x5450 [ 15.569472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.569495] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.569520] ? ret_from_fork_asm+0x1a/0x30 [ 15.569543] ? kasan_atomics+0x152/0x310 [ 15.569570] kasan_atomics+0x1dc/0x310 [ 15.569593] ? __pfx_kasan_atomics+0x10/0x10 [ 15.569617] ? __pfx_read_tsc+0x10/0x10 [ 15.569639] ? ktime_get_ts64+0x86/0x230 [ 15.569663] kunit_try_run_case+0x1a5/0x480 [ 15.569690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.569712] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.569747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.569770] ? __kthread_parkme+0x82/0x180 [ 15.569792] ? preempt_count_sub+0x50/0x80 [ 15.569827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.569851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.569874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.569898] kthread+0x337/0x6f0 [ 15.569918] ? trace_preempt_on+0x20/0xc0 [ 15.569942] ? __pfx_kthread+0x10/0x10 [ 15.569962] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.569984] ? calculate_sigpending+0x7b/0xa0 [ 15.570009] ? __pfx_kthread+0x10/0x10 [ 15.570032] ret_from_fork+0x116/0x1d0 [ 15.570051] ? __pfx_kthread+0x10/0x10 [ 15.570073] ret_from_fork_asm+0x1a/0x30 [ 15.570105] </TASK> [ 15.570117] [ 15.578049] Allocated by task 282: [ 15.578208] kasan_save_stack+0x45/0x70 [ 15.578444] kasan_save_track+0x18/0x40 [ 15.578638] kasan_save_alloc_info+0x3b/0x50 [ 15.578847] __kasan_kmalloc+0xb7/0xc0 [ 15.579023] __kmalloc_cache_noprof+0x189/0x420 [ 15.579273] kasan_atomics+0x95/0x310 [ 15.579446] kunit_try_run_case+0x1a5/0x480 [ 15.579594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.579770] kthread+0x337/0x6f0 [ 15.579944] ret_from_fork+0x116/0x1d0 [ 15.580159] ret_from_fork_asm+0x1a/0x30 [ 15.580499] [ 15.580599] The buggy address belongs to the object at ffff888103991d00 [ 15.580599] which belongs to the cache kmalloc-64 of size 64 [ 15.581056] The buggy address is located 0 bytes to the right of [ 15.581056] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.581630] [ 15.581749] The buggy address belongs to the physical page: [ 15.581975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.582380] flags: 0x200000000000000(node=0|zone=2) [ 15.582608] page_type: f5(slab) [ 15.582792] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.583110] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.583484] page dumped because: kasan: bad access detected [ 15.583733] [ 15.583824] Memory state around the buggy address: [ 15.584044] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.584396] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.584640] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.584864] ^ [ 15.585022] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.585248] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.585703] ================================================================== [ 15.899381] ================================================================== [ 15.899666] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.899910] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.900131] [ 15.900269] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.900317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.900331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.900355] Call Trace: [ 15.900388] <TASK> [ 15.900410] dump_stack_lvl+0x73/0xb0 [ 15.900454] print_report+0xd1/0x650 [ 15.900479] ? __virt_addr_valid+0x1db/0x2d0 [ 15.900502] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.900524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.900546] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.900568] kasan_report+0x141/0x180 [ 15.900591] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.900617] __asan_report_load8_noabort+0x18/0x20 [ 15.900641] kasan_atomics_helper+0x4fb2/0x5450 [ 15.900664] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.900686] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.900711] ? ret_from_fork_asm+0x1a/0x30 [ 15.900734] ? kasan_atomics+0x152/0x310 [ 15.900761] kasan_atomics+0x1dc/0x310 [ 15.900784] ? __pfx_kasan_atomics+0x10/0x10 [ 15.900819] ? __pfx_read_tsc+0x10/0x10 [ 15.900843] ? ktime_get_ts64+0x86/0x230 [ 15.900868] kunit_try_run_case+0x1a5/0x480 [ 15.900894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.900917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.900941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.900965] ? __kthread_parkme+0x82/0x180 [ 15.900986] ? preempt_count_sub+0x50/0x80 [ 15.901011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.901037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.901061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.901085] kthread+0x337/0x6f0 [ 15.901105] ? trace_preempt_on+0x20/0xc0 [ 15.901129] ? __pfx_kthread+0x10/0x10 [ 15.901150] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.901171] ? calculate_sigpending+0x7b/0xa0 [ 15.901196] ? __pfx_kthread+0x10/0x10 [ 15.901226] ret_from_fork+0x116/0x1d0 [ 15.901246] ? __pfx_kthread+0x10/0x10 [ 15.901277] ret_from_fork_asm+0x1a/0x30 [ 15.901308] </TASK> [ 15.901321] [ 15.909440] Allocated by task 282: [ 15.909642] kasan_save_stack+0x45/0x70 [ 15.909865] kasan_save_track+0x18/0x40 [ 15.910134] kasan_save_alloc_info+0x3b/0x50 [ 15.910380] __kasan_kmalloc+0xb7/0xc0 [ 15.910573] __kmalloc_cache_noprof+0x189/0x420 [ 15.910742] kasan_atomics+0x95/0x310 [ 15.910904] kunit_try_run_case+0x1a5/0x480 [ 15.911140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.911388] kthread+0x337/0x6f0 [ 15.911562] ret_from_fork+0x116/0x1d0 [ 15.911697] ret_from_fork_asm+0x1a/0x30 [ 15.911858] [ 15.911931] The buggy address belongs to the object at ffff888103991d00 [ 15.911931] which belongs to the cache kmalloc-64 of size 64 [ 15.912766] The buggy address is located 0 bytes to the right of [ 15.912766] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.913277] [ 15.913377] The buggy address belongs to the physical page: [ 15.913608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.913849] flags: 0x200000000000000(node=0|zone=2) [ 15.914015] page_type: f5(slab) [ 15.914140] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.914379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.914608] page dumped because: kasan: bad access detected [ 15.914778] [ 15.914848] Memory state around the buggy address: [ 15.915085] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.915680] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.916003] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.916398] ^ [ 15.916631] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.916951] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.917256] ================================================================== [ 14.689401] ================================================================== [ 14.690167] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.690629] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.690952] [ 14.691079] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.691130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.691155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.691180] Call Trace: [ 14.691203] <TASK> [ 14.691243] dump_stack_lvl+0x73/0xb0 [ 14.691275] print_report+0xd1/0x650 [ 14.691299] ? __virt_addr_valid+0x1db/0x2d0 [ 14.691324] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.691347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.691430] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.691484] kasan_report+0x141/0x180 [ 14.691507] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.691534] kasan_check_range+0x10c/0x1c0 [ 14.691559] __kasan_check_write+0x18/0x20 [ 14.691579] kasan_atomics_helper+0x5fe/0x5450 [ 14.691602] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.691624] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.691649] ? ret_from_fork_asm+0x1a/0x30 [ 14.691671] ? kasan_atomics+0x152/0x310 [ 14.691698] kasan_atomics+0x1dc/0x310 [ 14.691721] ? __pfx_kasan_atomics+0x10/0x10 [ 14.691746] ? __pfx_read_tsc+0x10/0x10 [ 14.691768] ? ktime_get_ts64+0x86/0x230 [ 14.691793] kunit_try_run_case+0x1a5/0x480 [ 14.691818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.691841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.691865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.691888] ? __kthread_parkme+0x82/0x180 [ 14.691909] ? preempt_count_sub+0x50/0x80 [ 14.691933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.691957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.691991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.692014] kthread+0x337/0x6f0 [ 14.692034] ? trace_preempt_on+0x20/0xc0 [ 14.692071] ? __pfx_kthread+0x10/0x10 [ 14.692092] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.692115] ? calculate_sigpending+0x7b/0xa0 [ 14.692139] ? __pfx_kthread+0x10/0x10 [ 14.692161] ret_from_fork+0x116/0x1d0 [ 14.692179] ? __pfx_kthread+0x10/0x10 [ 14.692201] ret_from_fork_asm+0x1a/0x30 [ 14.692282] </TASK> [ 14.692296] [ 14.701961] Allocated by task 282: [ 14.702185] kasan_save_stack+0x45/0x70 [ 14.702402] kasan_save_track+0x18/0x40 [ 14.702645] kasan_save_alloc_info+0x3b/0x50 [ 14.702803] __kasan_kmalloc+0xb7/0xc0 [ 14.702974] __kmalloc_cache_noprof+0x189/0x420 [ 14.703191] kasan_atomics+0x95/0x310 [ 14.703396] kunit_try_run_case+0x1a5/0x480 [ 14.703546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.703723] kthread+0x337/0x6f0 [ 14.704021] ret_from_fork+0x116/0x1d0 [ 14.704295] ret_from_fork_asm+0x1a/0x30 [ 14.704850] [ 14.704960] The buggy address belongs to the object at ffff888103991d00 [ 14.704960] which belongs to the cache kmalloc-64 of size 64 [ 14.706148] The buggy address is located 0 bytes to the right of [ 14.706148] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.706912] [ 14.707018] The buggy address belongs to the physical page: [ 14.707637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.708282] flags: 0x200000000000000(node=0|zone=2) [ 14.708515] page_type: f5(slab) [ 14.708675] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.708983] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.709955] page dumped because: kasan: bad access detected [ 14.710483] [ 14.710619] Memory state around the buggy address: [ 14.711010] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.711250] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.711466] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.711676] ^ [ 14.711840] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.712058] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.713102] ================================================================== [ 15.126347] ================================================================== [ 15.126877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 15.127122] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.127462] [ 15.127603] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.127653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.127667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.127692] Call Trace: [ 15.127714] <TASK> [ 15.127736] dump_stack_lvl+0x73/0xb0 [ 15.127767] print_report+0xd1/0x650 [ 15.127791] ? __virt_addr_valid+0x1db/0x2d0 [ 15.127815] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.127837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.127860] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.127882] kasan_report+0x141/0x180 [ 15.127904] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.127931] __asan_report_load4_noabort+0x18/0x20 [ 15.127957] kasan_atomics_helper+0x4a36/0x5450 [ 15.127981] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.128003] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.128030] ? ret_from_fork_asm+0x1a/0x30 [ 15.128053] ? kasan_atomics+0x152/0x310 [ 15.128080] kasan_atomics+0x1dc/0x310 [ 15.128103] ? __pfx_kasan_atomics+0x10/0x10 [ 15.128128] ? __pfx_read_tsc+0x10/0x10 [ 15.128150] ? ktime_get_ts64+0x86/0x230 [ 15.128176] kunit_try_run_case+0x1a5/0x480 [ 15.128202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.128235] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.128259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.128284] ? __kthread_parkme+0x82/0x180 [ 15.128306] ? preempt_count_sub+0x50/0x80 [ 15.128331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.128355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.128380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.128404] kthread+0x337/0x6f0 [ 15.128425] ? trace_preempt_on+0x20/0xc0 [ 15.128449] ? __pfx_kthread+0x10/0x10 [ 15.128471] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.128494] ? calculate_sigpending+0x7b/0xa0 [ 15.128518] ? __pfx_kthread+0x10/0x10 [ 15.128540] ret_from_fork+0x116/0x1d0 [ 15.128574] ? __pfx_kthread+0x10/0x10 [ 15.128596] ret_from_fork_asm+0x1a/0x30 [ 15.128627] </TASK> [ 15.128640] [ 15.136074] Allocated by task 282: [ 15.136243] kasan_save_stack+0x45/0x70 [ 15.136488] kasan_save_track+0x18/0x40 [ 15.136706] kasan_save_alloc_info+0x3b/0x50 [ 15.136924] __kasan_kmalloc+0xb7/0xc0 [ 15.137134] __kmalloc_cache_noprof+0x189/0x420 [ 15.137521] kasan_atomics+0x95/0x310 [ 15.137720] kunit_try_run_case+0x1a5/0x480 [ 15.137892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.138066] kthread+0x337/0x6f0 [ 15.138191] ret_from_fork+0x116/0x1d0 [ 15.138334] ret_from_fork_asm+0x1a/0x30 [ 15.138473] [ 15.138547] The buggy address belongs to the object at ffff888103991d00 [ 15.138547] which belongs to the cache kmalloc-64 of size 64 [ 15.138918] The buggy address is located 0 bytes to the right of [ 15.138918] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.140117] [ 15.140231] The buggy address belongs to the physical page: [ 15.140890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.141409] flags: 0x200000000000000(node=0|zone=2) [ 15.142398] page_type: f5(slab) [ 15.142986] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.143499] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.143744] page dumped because: kasan: bad access detected [ 15.143918] [ 15.143993] Memory state around the buggy address: [ 15.144156] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.144800] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.145552] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.146182] ^ [ 15.146649] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.147294] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.147816] ================================================================== [ 15.521732] ================================================================== [ 15.522346] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 15.522665] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.522994] [ 15.523112] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.523160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.523174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.523198] Call Trace: [ 15.523233] <TASK> [ 15.523272] dump_stack_lvl+0x73/0xb0 [ 15.523305] print_report+0xd1/0x650 [ 15.523330] ? __virt_addr_valid+0x1db/0x2d0 [ 15.523354] ? kasan_atomics_helper+0x1818/0x5450 [ 15.523376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.523398] ? kasan_atomics_helper+0x1818/0x5450 [ 15.523421] kasan_report+0x141/0x180 [ 15.523443] ? kasan_atomics_helper+0x1818/0x5450 [ 15.523480] kasan_check_range+0x10c/0x1c0 [ 15.523504] __kasan_check_write+0x18/0x20 [ 15.523524] kasan_atomics_helper+0x1818/0x5450 [ 15.523558] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.523581] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.523606] ? ret_from_fork_asm+0x1a/0x30 [ 15.523629] ? kasan_atomics+0x152/0x310 [ 15.523656] kasan_atomics+0x1dc/0x310 [ 15.523680] ? __pfx_kasan_atomics+0x10/0x10 [ 15.523705] ? __pfx_read_tsc+0x10/0x10 [ 15.523727] ? ktime_get_ts64+0x86/0x230 [ 15.523752] kunit_try_run_case+0x1a5/0x480 [ 15.523777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.523799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.523824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.523847] ? __kthread_parkme+0x82/0x180 [ 15.523868] ? preempt_count_sub+0x50/0x80 [ 15.523893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.523917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.523940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.523964] kthread+0x337/0x6f0 [ 15.523984] ? trace_preempt_on+0x20/0xc0 [ 15.524008] ? __pfx_kthread+0x10/0x10 [ 15.524029] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.524052] ? calculate_sigpending+0x7b/0xa0 [ 15.524087] ? __pfx_kthread+0x10/0x10 [ 15.524109] ret_from_fork+0x116/0x1d0 [ 15.524128] ? __pfx_kthread+0x10/0x10 [ 15.524160] ret_from_fork_asm+0x1a/0x30 [ 15.524191] </TASK> [ 15.524204] [ 15.533864] Allocated by task 282: [ 15.534082] kasan_save_stack+0x45/0x70 [ 15.534563] kasan_save_track+0x18/0x40 [ 15.534761] kasan_save_alloc_info+0x3b/0x50 [ 15.534953] __kasan_kmalloc+0xb7/0xc0 [ 15.535136] __kmalloc_cache_noprof+0x189/0x420 [ 15.535770] kasan_atomics+0x95/0x310 [ 15.536048] kunit_try_run_case+0x1a5/0x480 [ 15.536468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.536906] kthread+0x337/0x6f0 [ 15.537207] ret_from_fork+0x116/0x1d0 [ 15.537642] ret_from_fork_asm+0x1a/0x30 [ 15.537972] [ 15.538075] The buggy address belongs to the object at ffff888103991d00 [ 15.538075] which belongs to the cache kmalloc-64 of size 64 [ 15.538895] The buggy address is located 0 bytes to the right of [ 15.538895] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.539681] [ 15.539932] The buggy address belongs to the physical page: [ 15.540386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.540914] flags: 0x200000000000000(node=0|zone=2) [ 15.541323] page_type: f5(slab) [ 15.541487] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.541796] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.542099] page dumped because: kasan: bad access detected [ 15.542730] [ 15.542835] Memory state around the buggy address: [ 15.543301] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.543950] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.544541] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.545084] ^ [ 15.545695] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546143] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546982] ================================================================== [ 15.247420] ================================================================== [ 15.248231] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 15.248688] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.249151] [ 15.249429] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.249487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.249560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.249587] Call Trace: [ 15.249609] <TASK> [ 15.249631] dump_stack_lvl+0x73/0xb0 [ 15.249667] print_report+0xd1/0x650 [ 15.249693] ? __virt_addr_valid+0x1db/0x2d0 [ 15.249716] ? kasan_atomics_helper+0x1217/0x5450 [ 15.249739] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.249762] ? kasan_atomics_helper+0x1217/0x5450 [ 15.249787] kasan_report+0x141/0x180 [ 15.249809] ? kasan_atomics_helper+0x1217/0x5450 [ 15.249836] kasan_check_range+0x10c/0x1c0 [ 15.249860] __kasan_check_write+0x18/0x20 [ 15.249880] kasan_atomics_helper+0x1217/0x5450 [ 15.249903] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.249925] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.249951] ? ret_from_fork_asm+0x1a/0x30 [ 15.249974] ? kasan_atomics+0x152/0x310 [ 15.250000] kasan_atomics+0x1dc/0x310 [ 15.250022] ? __pfx_kasan_atomics+0x10/0x10 [ 15.250047] ? __pfx_read_tsc+0x10/0x10 [ 15.250069] ? ktime_get_ts64+0x86/0x230 [ 15.250093] kunit_try_run_case+0x1a5/0x480 [ 15.250119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.250141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.250165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.250189] ? __kthread_parkme+0x82/0x180 [ 15.250211] ? preempt_count_sub+0x50/0x80 [ 15.250251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.250276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.250300] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.250324] kthread+0x337/0x6f0 [ 15.250344] ? trace_preempt_on+0x20/0xc0 [ 15.250368] ? __pfx_kthread+0x10/0x10 [ 15.250390] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.250411] ? calculate_sigpending+0x7b/0xa0 [ 15.250436] ? __pfx_kthread+0x10/0x10 [ 15.250458] ret_from_fork+0x116/0x1d0 [ 15.250477] ? __pfx_kthread+0x10/0x10 [ 15.250498] ret_from_fork_asm+0x1a/0x30 [ 15.250528] </TASK> [ 15.250541] [ 15.260740] Allocated by task 282: [ 15.261056] kasan_save_stack+0x45/0x70 [ 15.261280] kasan_save_track+0x18/0x40 [ 15.261600] kasan_save_alloc_info+0x3b/0x50 [ 15.261819] __kasan_kmalloc+0xb7/0xc0 [ 15.262069] __kmalloc_cache_noprof+0x189/0x420 [ 15.262324] kasan_atomics+0x95/0x310 [ 15.262658] kunit_try_run_case+0x1a5/0x480 [ 15.262871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.263238] kthread+0x337/0x6f0 [ 15.263403] ret_from_fork+0x116/0x1d0 [ 15.263698] ret_from_fork_asm+0x1a/0x30 [ 15.263972] [ 15.264067] The buggy address belongs to the object at ffff888103991d00 [ 15.264067] which belongs to the cache kmalloc-64 of size 64 [ 15.264745] The buggy address is located 0 bytes to the right of [ 15.264745] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.265469] [ 15.265573] The buggy address belongs to the physical page: [ 15.265789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.266200] flags: 0x200000000000000(node=0|zone=2) [ 15.266601] page_type: f5(slab) [ 15.266755] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.267231] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.267661] page dumped because: kasan: bad access detected [ 15.267861] [ 15.268026] Memory state around the buggy address: [ 15.268387] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.268682] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.268982] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.269287] ^ [ 15.269741] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.270020] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.270448] ================================================================== [ 14.587190] ================================================================== [ 14.587745] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.587999] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.588237] [ 14.588330] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.588379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.588393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.588417] Call Trace: [ 14.588440] <TASK> [ 14.588463] dump_stack_lvl+0x73/0xb0 [ 14.588494] print_report+0xd1/0x650 [ 14.588518] ? __virt_addr_valid+0x1db/0x2d0 [ 14.588543] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.588566] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.588588] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.588610] kasan_report+0x141/0x180 [ 14.588633] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.588659] __asan_report_load4_noabort+0x18/0x20 [ 14.588685] kasan_atomics_helper+0x4b54/0x5450 [ 14.588707] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.588730] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.588771] ? ret_from_fork_asm+0x1a/0x30 [ 14.588804] ? kasan_atomics+0x152/0x310 [ 14.588831] kasan_atomics+0x1dc/0x310 [ 14.588855] ? __pfx_kasan_atomics+0x10/0x10 [ 14.588879] ? __pfx_read_tsc+0x10/0x10 [ 14.588902] ? ktime_get_ts64+0x86/0x230 [ 14.588927] kunit_try_run_case+0x1a5/0x480 [ 14.588953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.588980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.589006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.589030] ? __kthread_parkme+0x82/0x180 [ 14.589053] ? preempt_count_sub+0x50/0x80 [ 14.589078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.589102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.589128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.589152] kthread+0x337/0x6f0 [ 14.589173] ? trace_preempt_on+0x20/0xc0 [ 14.589197] ? __pfx_kthread+0x10/0x10 [ 14.589230] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.589253] ? calculate_sigpending+0x7b/0xa0 [ 14.589279] ? __pfx_kthread+0x10/0x10 [ 14.589302] ret_from_fork+0x116/0x1d0 [ 14.589323] ? __pfx_kthread+0x10/0x10 [ 14.589344] ret_from_fork_asm+0x1a/0x30 [ 14.589376] </TASK> [ 14.589388] [ 14.598242] Allocated by task 282: [ 14.598506] kasan_save_stack+0x45/0x70 [ 14.598679] kasan_save_track+0x18/0x40 [ 14.598877] kasan_save_alloc_info+0x3b/0x50 [ 14.599071] __kasan_kmalloc+0xb7/0xc0 [ 14.599632] __kmalloc_cache_noprof+0x189/0x420 [ 14.599855] kasan_atomics+0x95/0x310 [ 14.600012] kunit_try_run_case+0x1a5/0x480 [ 14.600161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.600457] kthread+0x337/0x6f0 [ 14.600750] ret_from_fork+0x116/0x1d0 [ 14.600936] ret_from_fork_asm+0x1a/0x30 [ 14.601097] [ 14.601257] The buggy address belongs to the object at ffff888103991d00 [ 14.601257] which belongs to the cache kmalloc-64 of size 64 [ 14.601703] The buggy address is located 0 bytes to the right of [ 14.601703] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.602073] [ 14.602150] The buggy address belongs to the physical page: [ 14.602413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.602770] flags: 0x200000000000000(node=0|zone=2) [ 14.603009] page_type: f5(slab) [ 14.603429] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.603734] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.603964] page dumped because: kasan: bad access detected [ 14.604138] [ 14.604210] Memory state around the buggy address: [ 14.604383] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.604685] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.605215] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.605687] ^ [ 14.605920] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.606209] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.606456] ================================================================== [ 14.666267] ================================================================== [ 14.666918] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.667444] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.667949] [ 14.668177] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.668242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.668256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.668281] Call Trace: [ 14.668305] <TASK> [ 14.668328] dump_stack_lvl+0x73/0xb0 [ 14.668374] print_report+0xd1/0x650 [ 14.668399] ? __virt_addr_valid+0x1db/0x2d0 [ 14.668427] ? kasan_atomics_helper+0x565/0x5450 [ 14.668450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.668475] ? kasan_atomics_helper+0x565/0x5450 [ 14.668498] kasan_report+0x141/0x180 [ 14.668520] ? kasan_atomics_helper+0x565/0x5450 [ 14.668546] kasan_check_range+0x10c/0x1c0 [ 14.668571] __kasan_check_write+0x18/0x20 [ 14.668591] kasan_atomics_helper+0x565/0x5450 [ 14.668615] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.668638] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.668666] ? ret_from_fork_asm+0x1a/0x30 [ 14.668691] ? kasan_atomics+0x152/0x310 [ 14.668718] kasan_atomics+0x1dc/0x310 [ 14.668742] ? __pfx_kasan_atomics+0x10/0x10 [ 14.668767] ? __pfx_read_tsc+0x10/0x10 [ 14.668798] ? ktime_get_ts64+0x86/0x230 [ 14.668823] kunit_try_run_case+0x1a5/0x480 [ 14.668850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.668874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.668899] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.668922] ? __kthread_parkme+0x82/0x180 [ 14.668944] ? preempt_count_sub+0x50/0x80 [ 14.668968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.668991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.669016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.669039] kthread+0x337/0x6f0 [ 14.669060] ? trace_preempt_on+0x20/0xc0 [ 14.669084] ? __pfx_kthread+0x10/0x10 [ 14.669106] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.669127] ? calculate_sigpending+0x7b/0xa0 [ 14.669152] ? __pfx_kthread+0x10/0x10 [ 14.669173] ret_from_fork+0x116/0x1d0 [ 14.669193] ? __pfx_kthread+0x10/0x10 [ 14.669213] ret_from_fork_asm+0x1a/0x30 [ 14.669253] </TASK> [ 14.669276] [ 14.679854] Allocated by task 282: [ 14.680090] kasan_save_stack+0x45/0x70 [ 14.680512] kasan_save_track+0x18/0x40 [ 14.680719] kasan_save_alloc_info+0x3b/0x50 [ 14.680950] __kasan_kmalloc+0xb7/0xc0 [ 14.681170] __kmalloc_cache_noprof+0x189/0x420 [ 14.681463] kasan_atomics+0x95/0x310 [ 14.681619] kunit_try_run_case+0x1a5/0x480 [ 14.681772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.681991] kthread+0x337/0x6f0 [ 14.682170] ret_from_fork+0x116/0x1d0 [ 14.682468] ret_from_fork_asm+0x1a/0x30 [ 14.682711] [ 14.682812] The buggy address belongs to the object at ffff888103991d00 [ 14.682812] which belongs to the cache kmalloc-64 of size 64 [ 14.683804] The buggy address is located 0 bytes to the right of [ 14.683804] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.684236] [ 14.684363] The buggy address belongs to the physical page: [ 14.684636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.685115] flags: 0x200000000000000(node=0|zone=2) [ 14.685418] page_type: f5(slab) [ 14.685551] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.685859] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.686192] page dumped because: kasan: bad access detected [ 14.686451] [ 14.686523] Memory state around the buggy address: [ 14.686685] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.687420] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.687738] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.687969] ^ [ 14.688283] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.688610] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.688897] ================================================================== [ 15.034320] ================================================================== [ 15.034642] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 15.035024] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.035408] [ 15.035507] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.035556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.035570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.035593] Call Trace: [ 15.035615] <TASK> [ 15.035637] dump_stack_lvl+0x73/0xb0 [ 15.035669] print_report+0xd1/0x650 [ 15.035694] ? __virt_addr_valid+0x1db/0x2d0 [ 15.035719] ? kasan_atomics_helper+0xde0/0x5450 [ 15.035741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.035764] ? kasan_atomics_helper+0xde0/0x5450 [ 15.035786] kasan_report+0x141/0x180 [ 15.035809] ? kasan_atomics_helper+0xde0/0x5450 [ 15.035837] kasan_check_range+0x10c/0x1c0 [ 15.035864] __kasan_check_write+0x18/0x20 [ 15.035885] kasan_atomics_helper+0xde0/0x5450 [ 15.035909] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.035933] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.035958] ? ret_from_fork_asm+0x1a/0x30 [ 15.035982] ? kasan_atomics+0x152/0x310 [ 15.036009] kasan_atomics+0x1dc/0x310 [ 15.036035] ? __pfx_kasan_atomics+0x10/0x10 [ 15.036060] ? __pfx_read_tsc+0x10/0x10 [ 15.036083] ? ktime_get_ts64+0x86/0x230 [ 15.036108] kunit_try_run_case+0x1a5/0x480 [ 15.036133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.036156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.036181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.036204] ? __kthread_parkme+0x82/0x180 [ 15.036240] ? preempt_count_sub+0x50/0x80 [ 15.036264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.036288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.036312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.036337] kthread+0x337/0x6f0 [ 15.036357] ? trace_preempt_on+0x20/0xc0 [ 15.036382] ? __pfx_kthread+0x10/0x10 [ 15.036414] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.036458] ? calculate_sigpending+0x7b/0xa0 [ 15.036483] ? __pfx_kthread+0x10/0x10 [ 15.036505] ret_from_fork+0x116/0x1d0 [ 15.036525] ? __pfx_kthread+0x10/0x10 [ 15.036545] ret_from_fork_asm+0x1a/0x30 [ 15.036576] </TASK> [ 15.036589] [ 15.044595] Allocated by task 282: [ 15.044790] kasan_save_stack+0x45/0x70 [ 15.045030] kasan_save_track+0x18/0x40 [ 15.045187] kasan_save_alloc_info+0x3b/0x50 [ 15.045557] __kasan_kmalloc+0xb7/0xc0 [ 15.045696] __kmalloc_cache_noprof+0x189/0x420 [ 15.045854] kasan_atomics+0x95/0x310 [ 15.045988] kunit_try_run_case+0x1a5/0x480 [ 15.046231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.046503] kthread+0x337/0x6f0 [ 15.046672] ret_from_fork+0x116/0x1d0 [ 15.046860] ret_from_fork_asm+0x1a/0x30 [ 15.047035] [ 15.047108] The buggy address belongs to the object at ffff888103991d00 [ 15.047108] which belongs to the cache kmalloc-64 of size 64 [ 15.047642] The buggy address is located 0 bytes to the right of [ 15.047642] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.048086] [ 15.048163] The buggy address belongs to the physical page: [ 15.048428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.048836] flags: 0x200000000000000(node=0|zone=2) [ 15.049102] page_type: f5(slab) [ 15.049301] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.049612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.049840] page dumped because: kasan: bad access detected [ 15.050014] [ 15.050088] Memory state around the buggy address: [ 15.050264] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.050595] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.050930] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.051264] ^ [ 15.051555] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.051857] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.052180] ================================================================== [ 15.655500] ================================================================== [ 15.655809] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.656159] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.656518] [ 15.656653] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.656705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.656719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.656743] Call Trace: [ 15.656765] <TASK> [ 15.656801] dump_stack_lvl+0x73/0xb0 [ 15.656846] print_report+0xd1/0x650 [ 15.656870] ? __virt_addr_valid+0x1db/0x2d0 [ 15.656895] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.656931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.656964] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.656987] kasan_report+0x141/0x180 [ 15.657021] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.657048] kasan_check_range+0x10c/0x1c0 [ 15.657072] __kasan_check_write+0x18/0x20 [ 15.657092] kasan_atomics_helper+0x1c18/0x5450 [ 15.657114] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.657137] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.657162] ? ret_from_fork_asm+0x1a/0x30 [ 15.657185] ? kasan_atomics+0x152/0x310 [ 15.657211] kasan_atomics+0x1dc/0x310 [ 15.657243] ? __pfx_kasan_atomics+0x10/0x10 [ 15.657280] ? __pfx_read_tsc+0x10/0x10 [ 15.657311] ? ktime_get_ts64+0x86/0x230 [ 15.657337] kunit_try_run_case+0x1a5/0x480 [ 15.657363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.657397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.657422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.657446] ? __kthread_parkme+0x82/0x180 [ 15.657467] ? preempt_count_sub+0x50/0x80 [ 15.657491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.657515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.657538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.657561] kthread+0x337/0x6f0 [ 15.657581] ? trace_preempt_on+0x20/0xc0 [ 15.657606] ? __pfx_kthread+0x10/0x10 [ 15.657626] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.657647] ? calculate_sigpending+0x7b/0xa0 [ 15.657672] ? __pfx_kthread+0x10/0x10 [ 15.657694] ret_from_fork+0x116/0x1d0 [ 15.657713] ? __pfx_kthread+0x10/0x10 [ 15.657743] ret_from_fork_asm+0x1a/0x30 [ 15.657774] </TASK> [ 15.657786] [ 15.665710] Allocated by task 282: [ 15.665921] kasan_save_stack+0x45/0x70 [ 15.666115] kasan_save_track+0x18/0x40 [ 15.666338] kasan_save_alloc_info+0x3b/0x50 [ 15.666552] __kasan_kmalloc+0xb7/0xc0 [ 15.666739] __kmalloc_cache_noprof+0x189/0x420 [ 15.666960] kasan_atomics+0x95/0x310 [ 15.667097] kunit_try_run_case+0x1a5/0x480 [ 15.667319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.667595] kthread+0x337/0x6f0 [ 15.667766] ret_from_fork+0x116/0x1d0 [ 15.667946] ret_from_fork_asm+0x1a/0x30 [ 15.668088] [ 15.668185] The buggy address belongs to the object at ffff888103991d00 [ 15.668185] which belongs to the cache kmalloc-64 of size 64 [ 15.668886] The buggy address is located 0 bytes to the right of [ 15.668886] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.669359] [ 15.669459] The buggy address belongs to the physical page: [ 15.669825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.670317] flags: 0x200000000000000(node=0|zone=2) [ 15.670575] page_type: f5(slab) [ 15.670738] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.671080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.671424] page dumped because: kasan: bad access detected [ 15.671727] [ 15.671836] Memory state around the buggy address: [ 15.672060] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.672354] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.672684] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.672987] ^ [ 15.673172] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.673401] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.673617] ================================================================== [ 15.106528] ================================================================== [ 15.106988] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 15.107264] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.107637] [ 15.107773] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.107837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.107860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.107885] Call Trace: [ 15.107908] <TASK> [ 15.107930] dump_stack_lvl+0x73/0xb0 [ 15.107963] print_report+0xd1/0x650 [ 15.108005] ? __virt_addr_valid+0x1db/0x2d0 [ 15.108043] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.108065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.108087] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.108109] kasan_report+0x141/0x180 [ 15.108132] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.108158] kasan_check_range+0x10c/0x1c0 [ 15.108184] __kasan_check_write+0x18/0x20 [ 15.108204] kasan_atomics_helper+0xfa9/0x5450 [ 15.108240] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.108262] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.108287] ? ret_from_fork_asm+0x1a/0x30 [ 15.108311] ? kasan_atomics+0x152/0x310 [ 15.108337] kasan_atomics+0x1dc/0x310 [ 15.108360] ? __pfx_kasan_atomics+0x10/0x10 [ 15.108385] ? __pfx_read_tsc+0x10/0x10 [ 15.108419] ? ktime_get_ts64+0x86/0x230 [ 15.108444] kunit_try_run_case+0x1a5/0x480 [ 15.108470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.108492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.108517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.108541] ? __kthread_parkme+0x82/0x180 [ 15.108563] ? preempt_count_sub+0x50/0x80 [ 15.108587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.108612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.108637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.108661] kthread+0x337/0x6f0 [ 15.108680] ? trace_preempt_on+0x20/0xc0 [ 15.108704] ? __pfx_kthread+0x10/0x10 [ 15.108725] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.108747] ? calculate_sigpending+0x7b/0xa0 [ 15.108771] ? __pfx_kthread+0x10/0x10 [ 15.108802] ret_from_fork+0x116/0x1d0 [ 15.108821] ? __pfx_kthread+0x10/0x10 [ 15.108841] ret_from_fork_asm+0x1a/0x30 [ 15.108873] </TASK> [ 15.108885] [ 15.117791] Allocated by task 282: [ 15.118006] kasan_save_stack+0x45/0x70 [ 15.118254] kasan_save_track+0x18/0x40 [ 15.118470] kasan_save_alloc_info+0x3b/0x50 [ 15.118690] __kasan_kmalloc+0xb7/0xc0 [ 15.118886] __kmalloc_cache_noprof+0x189/0x420 [ 15.119117] kasan_atomics+0x95/0x310 [ 15.119330] kunit_try_run_case+0x1a5/0x480 [ 15.119544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.119800] kthread+0x337/0x6f0 [ 15.119953] ret_from_fork+0x116/0x1d0 [ 15.120089] ret_from_fork_asm+0x1a/0x30 [ 15.120320] [ 15.120402] The buggy address belongs to the object at ffff888103991d00 [ 15.120402] which belongs to the cache kmalloc-64 of size 64 [ 15.120825] The buggy address is located 0 bytes to the right of [ 15.120825] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.121427] [ 15.121504] The buggy address belongs to the physical page: [ 15.121681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.121919] flags: 0x200000000000000(node=0|zone=2) [ 15.122082] page_type: f5(slab) [ 15.122288] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.122623] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.122952] page dumped because: kasan: bad access detected [ 15.123306] [ 15.123400] Memory state around the buggy address: [ 15.123605] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.123816] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.124026] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.124244] ^ [ 15.124477] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.125040] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.125604] ================================================================== [ 14.714090] ================================================================== [ 14.714664] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.715052] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.715744] [ 14.715867] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.715926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.715941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.715967] Call Trace: [ 14.715990] <TASK> [ 14.716013] dump_stack_lvl+0x73/0xb0 [ 14.716047] print_report+0xd1/0x650 [ 14.716072] ? __virt_addr_valid+0x1db/0x2d0 [ 14.716095] ? kasan_atomics_helper+0x697/0x5450 [ 14.716117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.716140] ? kasan_atomics_helper+0x697/0x5450 [ 14.716161] kasan_report+0x141/0x180 [ 14.716185] ? kasan_atomics_helper+0x697/0x5450 [ 14.716491] kasan_check_range+0x10c/0x1c0 [ 14.716521] __kasan_check_write+0x18/0x20 [ 14.716541] kasan_atomics_helper+0x697/0x5450 [ 14.716564] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.716587] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.716657] ? ret_from_fork_asm+0x1a/0x30 [ 14.716682] ? kasan_atomics+0x152/0x310 [ 14.716710] kasan_atomics+0x1dc/0x310 [ 14.716734] ? __pfx_kasan_atomics+0x10/0x10 [ 14.716758] ? __pfx_read_tsc+0x10/0x10 [ 14.716781] ? ktime_get_ts64+0x86/0x230 [ 14.716815] kunit_try_run_case+0x1a5/0x480 [ 14.716842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.716864] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.716889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.716913] ? __kthread_parkme+0x82/0x180 [ 14.716935] ? preempt_count_sub+0x50/0x80 [ 14.716960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.716984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.717006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.717030] kthread+0x337/0x6f0 [ 14.717052] ? trace_preempt_on+0x20/0xc0 [ 14.717076] ? __pfx_kthread+0x10/0x10 [ 14.717097] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.717118] ? calculate_sigpending+0x7b/0xa0 [ 14.717143] ? __pfx_kthread+0x10/0x10 [ 14.717164] ret_from_fork+0x116/0x1d0 [ 14.717184] ? __pfx_kthread+0x10/0x10 [ 14.717206] ret_from_fork_asm+0x1a/0x30 [ 14.717246] </TASK> [ 14.717259] [ 14.730972] Allocated by task 282: [ 14.731198] kasan_save_stack+0x45/0x70 [ 14.731719] kasan_save_track+0x18/0x40 [ 14.732069] kasan_save_alloc_info+0x3b/0x50 [ 14.732453] __kasan_kmalloc+0xb7/0xc0 [ 14.732742] __kmalloc_cache_noprof+0x189/0x420 [ 14.732977] kasan_atomics+0x95/0x310 [ 14.733159] kunit_try_run_case+0x1a5/0x480 [ 14.733678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.733994] kthread+0x337/0x6f0 [ 14.734317] ret_from_fork+0x116/0x1d0 [ 14.734626] ret_from_fork_asm+0x1a/0x30 [ 14.734820] [ 14.734918] The buggy address belongs to the object at ffff888103991d00 [ 14.734918] which belongs to the cache kmalloc-64 of size 64 [ 14.735663] The buggy address is located 0 bytes to the right of [ 14.735663] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.736660] [ 14.736777] The buggy address belongs to the physical page: [ 14.737024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.737700] flags: 0x200000000000000(node=0|zone=2) [ 14.738016] page_type: f5(slab) [ 14.738325] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.739068] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.739632] page dumped because: kasan: bad access detected [ 14.739869] [ 14.739959] Memory state around the buggy address: [ 14.740174] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.741331] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.741654] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.741943] ^ [ 14.742147] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742899] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.743492] ================================================================== [ 14.521849] ================================================================== [ 14.522179] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 14.523048] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.523726] [ 14.523866] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.523920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.523932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.523957] Call Trace: [ 14.523979] <TASK> [ 14.524000] dump_stack_lvl+0x73/0xb0 [ 14.524035] print_report+0xd1/0x650 [ 14.524059] ? __virt_addr_valid+0x1db/0x2d0 [ 14.524082] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.524103] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.524123] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.524144] kasan_report+0x141/0x180 [ 14.524165] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.524190] __asan_report_load4_noabort+0x18/0x20 [ 14.524504] kasan_atomics_helper+0x4b88/0x5450 [ 14.524530] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.524551] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.524577] ? ret_from_fork_asm+0x1a/0x30 [ 14.524608] ? kasan_atomics+0x152/0x310 [ 14.524633] kasan_atomics+0x1dc/0x310 [ 14.524656] ? __pfx_kasan_atomics+0x10/0x10 [ 14.524680] ? __pfx_read_tsc+0x10/0x10 [ 14.524701] ? ktime_get_ts64+0x86/0x230 [ 14.524725] kunit_try_run_case+0x1a5/0x480 [ 14.524750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.524771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.524802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.524826] ? __kthread_parkme+0x82/0x180 [ 14.524847] ? preempt_count_sub+0x50/0x80 [ 14.524869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.524892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.524914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.524935] kthread+0x337/0x6f0 [ 14.524954] ? trace_preempt_on+0x20/0xc0 [ 14.524977] ? __pfx_kthread+0x10/0x10 [ 14.524997] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.525017] ? calculate_sigpending+0x7b/0xa0 [ 14.525041] ? __pfx_kthread+0x10/0x10 [ 14.525061] ret_from_fork+0x116/0x1d0 [ 14.525079] ? __pfx_kthread+0x10/0x10 [ 14.525099] ret_from_fork_asm+0x1a/0x30 [ 14.525127] </TASK> [ 14.525140] [ 14.537764] Allocated by task 282: [ 14.537982] kasan_save_stack+0x45/0x70 [ 14.538152] kasan_save_track+0x18/0x40 [ 14.538298] kasan_save_alloc_info+0x3b/0x50 [ 14.538593] __kasan_kmalloc+0xb7/0xc0 [ 14.539323] __kmalloc_cache_noprof+0x189/0x420 [ 14.539572] kasan_atomics+0x95/0x310 [ 14.539901] kunit_try_run_case+0x1a5/0x480 [ 14.540089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.540365] kthread+0x337/0x6f0 [ 14.540540] ret_from_fork+0x116/0x1d0 [ 14.540714] ret_from_fork_asm+0x1a/0x30 [ 14.540907] [ 14.540983] The buggy address belongs to the object at ffff888103991d00 [ 14.540983] which belongs to the cache kmalloc-64 of size 64 [ 14.541478] The buggy address is located 0 bytes to the right of [ 14.541478] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.542125] [ 14.542286] The buggy address belongs to the physical page: [ 14.542518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.542850] flags: 0x200000000000000(node=0|zone=2) [ 14.543070] page_type: f5(slab) [ 14.543285] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.543587] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.543877] page dumped because: kasan: bad access detected [ 14.544087] [ 14.544184] Memory state around the buggy address: [ 14.544835] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.545132] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.545422] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.545917] ^ [ 14.546084] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.546580] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.546963] ================================================================== [ 14.768902] ================================================================== [ 14.769589] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.770246] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.771034] [ 14.771314] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.771388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.771425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.771499] Call Trace: [ 14.771524] <TASK> [ 14.771547] dump_stack_lvl+0x73/0xb0 [ 14.771583] print_report+0xd1/0x650 [ 14.771608] ? __virt_addr_valid+0x1db/0x2d0 [ 14.771633] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.771655] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.771678] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.771701] kasan_report+0x141/0x180 [ 14.771724] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.771750] kasan_check_range+0x10c/0x1c0 [ 14.771774] __kasan_check_write+0x18/0x20 [ 14.771795] kasan_atomics_helper+0x7c7/0x5450 [ 14.771818] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.771840] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.771866] ? ret_from_fork_asm+0x1a/0x30 [ 14.771888] ? kasan_atomics+0x152/0x310 [ 14.771915] kasan_atomics+0x1dc/0x310 [ 14.771938] ? __pfx_kasan_atomics+0x10/0x10 [ 14.771962] ? __pfx_read_tsc+0x10/0x10 [ 14.771983] ? ktime_get_ts64+0x86/0x230 [ 14.772008] kunit_try_run_case+0x1a5/0x480 [ 14.772033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.772079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.772102] ? __kthread_parkme+0x82/0x180 [ 14.772127] ? preempt_count_sub+0x50/0x80 [ 14.772150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.772197] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.772234] kthread+0x337/0x6f0 [ 14.772267] ? trace_preempt_on+0x20/0xc0 [ 14.772291] ? __pfx_kthread+0x10/0x10 [ 14.772312] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.772334] ? calculate_sigpending+0x7b/0xa0 [ 14.772358] ? __pfx_kthread+0x10/0x10 [ 14.772380] ret_from_fork+0x116/0x1d0 [ 14.772399] ? __pfx_kthread+0x10/0x10 [ 14.772420] ret_from_fork_asm+0x1a/0x30 [ 14.772449] </TASK> [ 14.772462] [ 14.786724] Allocated by task 282: [ 14.787184] kasan_save_stack+0x45/0x70 [ 14.787633] kasan_save_track+0x18/0x40 [ 14.787793] kasan_save_alloc_info+0x3b/0x50 [ 14.787941] __kasan_kmalloc+0xb7/0xc0 [ 14.788073] __kmalloc_cache_noprof+0x189/0x420 [ 14.788513] kasan_atomics+0x95/0x310 [ 14.788875] kunit_try_run_case+0x1a5/0x480 [ 14.789335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.789604] kthread+0x337/0x6f0 [ 14.789760] ret_from_fork+0x116/0x1d0 [ 14.789933] ret_from_fork_asm+0x1a/0x30 [ 14.790118] [ 14.790211] The buggy address belongs to the object at ffff888103991d00 [ 14.790211] which belongs to the cache kmalloc-64 of size 64 [ 14.791622] The buggy address is located 0 bytes to the right of [ 14.791622] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.792170] [ 14.792572] The buggy address belongs to the physical page: [ 14.792968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.793974] flags: 0x200000000000000(node=0|zone=2) [ 14.794437] page_type: f5(slab) [ 14.794815] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.795134] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.795680] page dumped because: kasan: bad access detected [ 14.795958] [ 14.796057] Memory state around the buggy address: [ 14.796538] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.797108] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.797932] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.798452] ^ [ 14.798895] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.799379] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.799851] ================================================================== [ 14.800551] ================================================================== [ 14.800899] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.801571] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.802133] [ 14.802403] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.802462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.802487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.802513] Call Trace: [ 14.802544] <TASK> [ 14.802567] dump_stack_lvl+0x73/0xb0 [ 14.802605] print_report+0xd1/0x650 [ 14.802629] ? __virt_addr_valid+0x1db/0x2d0 [ 14.802654] ? kasan_atomics_helper+0x860/0x5450 [ 14.802677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.802700] ? kasan_atomics_helper+0x860/0x5450 [ 14.802722] kasan_report+0x141/0x180 [ 14.802744] ? kasan_atomics_helper+0x860/0x5450 [ 14.802770] kasan_check_range+0x10c/0x1c0 [ 14.802795] __kasan_check_write+0x18/0x20 [ 14.802815] kasan_atomics_helper+0x860/0x5450 [ 14.802840] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.802863] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.802890] ? ret_from_fork_asm+0x1a/0x30 [ 14.802913] ? kasan_atomics+0x152/0x310 [ 14.802940] kasan_atomics+0x1dc/0x310 [ 14.802963] ? __pfx_kasan_atomics+0x10/0x10 [ 14.802988] ? __pfx_read_tsc+0x10/0x10 [ 14.803010] ? ktime_get_ts64+0x86/0x230 [ 14.803036] kunit_try_run_case+0x1a5/0x480 [ 14.803061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.803083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.803107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.803130] ? __kthread_parkme+0x82/0x180 [ 14.803151] ? preempt_count_sub+0x50/0x80 [ 14.803175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.803199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.803236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.803260] kthread+0x337/0x6f0 [ 14.803281] ? trace_preempt_on+0x20/0xc0 [ 14.803305] ? __pfx_kthread+0x10/0x10 [ 14.803327] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.803348] ? calculate_sigpending+0x7b/0xa0 [ 14.803375] ? __pfx_kthread+0x10/0x10 [ 14.803399] ret_from_fork+0x116/0x1d0 [ 14.803418] ? __pfx_kthread+0x10/0x10 [ 14.803440] ret_from_fork_asm+0x1a/0x30 [ 14.803470] </TASK> [ 14.803482] [ 14.814465] Allocated by task 282: [ 14.814724] kasan_save_stack+0x45/0x70 [ 14.814901] kasan_save_track+0x18/0x40 [ 14.815039] kasan_save_alloc_info+0x3b/0x50 [ 14.815375] __kasan_kmalloc+0xb7/0xc0 [ 14.815635] __kmalloc_cache_noprof+0x189/0x420 [ 14.815833] kasan_atomics+0x95/0x310 [ 14.816093] kunit_try_run_case+0x1a5/0x480 [ 14.816350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.816522] kthread+0x337/0x6f0 [ 14.816668] ret_from_fork+0x116/0x1d0 [ 14.816867] ret_from_fork_asm+0x1a/0x30 [ 14.817069] [ 14.817168] The buggy address belongs to the object at ffff888103991d00 [ 14.817168] which belongs to the cache kmalloc-64 of size 64 [ 14.818517] The buggy address is located 0 bytes to the right of [ 14.818517] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.819045] [ 14.819409] The buggy address belongs to the physical page: [ 14.819784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.820175] flags: 0x200000000000000(node=0|zone=2) [ 14.820456] page_type: f5(slab) [ 14.821049] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.821734] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.822142] page dumped because: kasan: bad access detected [ 14.822561] [ 14.822885] Memory state around the buggy address: [ 14.823118] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.823583] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.823998] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.824451] ^ [ 14.824798] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.825131] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.825689] ================================================================== [ 15.084479] ================================================================== [ 15.084867] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 15.085339] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.085692] [ 15.085809] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.085861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.085876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.085900] Call Trace: [ 15.085922] <TASK> [ 15.085944] dump_stack_lvl+0x73/0xb0 [ 15.085976] print_report+0xd1/0x650 [ 15.086001] ? __virt_addr_valid+0x1db/0x2d0 [ 15.086025] ? kasan_atomics_helper+0xf10/0x5450 [ 15.086048] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.086071] ? kasan_atomics_helper+0xf10/0x5450 [ 15.086093] kasan_report+0x141/0x180 [ 15.086116] ? kasan_atomics_helper+0xf10/0x5450 [ 15.086142] kasan_check_range+0x10c/0x1c0 [ 15.086166] __kasan_check_write+0x18/0x20 [ 15.086185] kasan_atomics_helper+0xf10/0x5450 [ 15.086209] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.086248] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.086293] ? ret_from_fork_asm+0x1a/0x30 [ 15.086339] ? kasan_atomics+0x152/0x310 [ 15.086367] kasan_atomics+0x1dc/0x310 [ 15.086406] ? __pfx_kasan_atomics+0x10/0x10 [ 15.086432] ? __pfx_read_tsc+0x10/0x10 [ 15.086468] ? ktime_get_ts64+0x86/0x230 [ 15.086494] kunit_try_run_case+0x1a5/0x480 [ 15.086520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.086542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.086567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.086590] ? __kthread_parkme+0x82/0x180 [ 15.086612] ? preempt_count_sub+0x50/0x80 [ 15.086636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.086660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.086684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.086708] kthread+0x337/0x6f0 [ 15.086728] ? trace_preempt_on+0x20/0xc0 [ 15.086771] ? __pfx_kthread+0x10/0x10 [ 15.086793] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.086814] ? calculate_sigpending+0x7b/0xa0 [ 15.086839] ? __pfx_kthread+0x10/0x10 [ 15.086861] ret_from_fork+0x116/0x1d0 [ 15.086879] ? __pfx_kthread+0x10/0x10 [ 15.086900] ret_from_fork_asm+0x1a/0x30 [ 15.086948] </TASK> [ 15.086961] [ 15.097729] Allocated by task 282: [ 15.097887] kasan_save_stack+0x45/0x70 [ 15.098046] kasan_save_track+0x18/0x40 [ 15.098272] kasan_save_alloc_info+0x3b/0x50 [ 15.098513] __kasan_kmalloc+0xb7/0xc0 [ 15.098727] __kmalloc_cache_noprof+0x189/0x420 [ 15.099000] kasan_atomics+0x95/0x310 [ 15.099199] kunit_try_run_case+0x1a5/0x480 [ 15.099452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.099667] kthread+0x337/0x6f0 [ 15.099790] ret_from_fork+0x116/0x1d0 [ 15.099920] ret_from_fork_asm+0x1a/0x30 [ 15.100118] [ 15.100251] The buggy address belongs to the object at ffff888103991d00 [ 15.100251] which belongs to the cache kmalloc-64 of size 64 [ 15.100850] The buggy address is located 0 bytes to the right of [ 15.100850] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.101381] [ 15.101458] The buggy address belongs to the physical page: [ 15.101651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.102024] flags: 0x200000000000000(node=0|zone=2) [ 15.102343] page_type: f5(slab) [ 15.102534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.102849] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.103159] page dumped because: kasan: bad access detected [ 15.103442] [ 15.103543] Memory state around the buggy address: [ 15.103772] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.104059] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.104280] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.104730] ^ [ 15.104966] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.105380] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.105708] ================================================================== [ 15.271275] ================================================================== [ 15.272019] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 15.272514] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.272833] [ 15.272954] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.273005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.273019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.273043] Call Trace: [ 15.273065] <TASK> [ 15.273087] dump_stack_lvl+0x73/0xb0 [ 15.273122] print_report+0xd1/0x650 [ 15.273147] ? __virt_addr_valid+0x1db/0x2d0 [ 15.273173] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.273195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.273231] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.273254] kasan_report+0x141/0x180 [ 15.273277] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.273303] __asan_report_load4_noabort+0x18/0x20 [ 15.273327] kasan_atomics_helper+0x49e8/0x5450 [ 15.273350] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.273373] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.273399] ? ret_from_fork_asm+0x1a/0x30 [ 15.273421] ? kasan_atomics+0x152/0x310 [ 15.273447] kasan_atomics+0x1dc/0x310 [ 15.273471] ? __pfx_kasan_atomics+0x10/0x10 [ 15.273495] ? __pfx_read_tsc+0x10/0x10 [ 15.273517] ? ktime_get_ts64+0x86/0x230 [ 15.273542] kunit_try_run_case+0x1a5/0x480 [ 15.273568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.273603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.273628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.273651] ? __kthread_parkme+0x82/0x180 [ 15.273672] ? preempt_count_sub+0x50/0x80 [ 15.273697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.273721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.273744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.273768] kthread+0x337/0x6f0 [ 15.273787] ? trace_preempt_on+0x20/0xc0 [ 15.273812] ? __pfx_kthread+0x10/0x10 [ 15.273833] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.273855] ? calculate_sigpending+0x7b/0xa0 [ 15.273880] ? __pfx_kthread+0x10/0x10 [ 15.273901] ret_from_fork+0x116/0x1d0 [ 15.273920] ? __pfx_kthread+0x10/0x10 [ 15.273941] ret_from_fork_asm+0x1a/0x30 [ 15.273971] </TASK> [ 15.273983] [ 15.281439] Allocated by task 282: [ 15.281628] kasan_save_stack+0x45/0x70 [ 15.281831] kasan_save_track+0x18/0x40 [ 15.282006] kasan_save_alloc_info+0x3b/0x50 [ 15.282196] __kasan_kmalloc+0xb7/0xc0 [ 15.282434] __kmalloc_cache_noprof+0x189/0x420 [ 15.282592] kasan_atomics+0x95/0x310 [ 15.282727] kunit_try_run_case+0x1a5/0x480 [ 15.282879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.283131] kthread+0x337/0x6f0 [ 15.283315] ret_from_fork+0x116/0x1d0 [ 15.283571] ret_from_fork_asm+0x1a/0x30 [ 15.283718] [ 15.283791] The buggy address belongs to the object at ffff888103991d00 [ 15.283791] which belongs to the cache kmalloc-64 of size 64 [ 15.284386] The buggy address is located 0 bytes to the right of [ 15.284386] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.284896] [ 15.284990] The buggy address belongs to the physical page: [ 15.285167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.285424] flags: 0x200000000000000(node=0|zone=2) [ 15.285680] page_type: f5(slab) [ 15.285859] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.286234] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.286579] page dumped because: kasan: bad access detected [ 15.286837] [ 15.286919] Memory state around the buggy address: [ 15.287122] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.287449] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.287693] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.287997] ^ [ 15.288235] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.288551] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.288854] ================================================================== [ 14.744156] ================================================================== [ 14.744550] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.744919] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.745232] [ 14.745330] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.745382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.745397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.745421] Call Trace: [ 14.745444] <TASK> [ 14.745466] dump_stack_lvl+0x73/0xb0 [ 14.745518] print_report+0xd1/0x650 [ 14.745543] ? __virt_addr_valid+0x1db/0x2d0 [ 14.745566] ? kasan_atomics_helper+0x72f/0x5450 [ 14.745588] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.745611] ? kasan_atomics_helper+0x72f/0x5450 [ 14.745633] kasan_report+0x141/0x180 [ 14.745656] ? kasan_atomics_helper+0x72f/0x5450 [ 14.745682] kasan_check_range+0x10c/0x1c0 [ 14.745706] __kasan_check_write+0x18/0x20 [ 14.745724] kasan_atomics_helper+0x72f/0x5450 [ 14.745749] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.745771] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.745796] ? ret_from_fork_asm+0x1a/0x30 [ 14.745820] ? kasan_atomics+0x152/0x310 [ 14.745845] kasan_atomics+0x1dc/0x310 [ 14.745869] ? __pfx_kasan_atomics+0x10/0x10 [ 14.745892] ? __pfx_read_tsc+0x10/0x10 [ 14.745914] ? ktime_get_ts64+0x86/0x230 [ 14.745939] kunit_try_run_case+0x1a5/0x480 [ 14.745965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.745988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.746011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.746034] ? __kthread_parkme+0x82/0x180 [ 14.746056] ? preempt_count_sub+0x50/0x80 [ 14.746080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.746104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.746127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.746150] kthread+0x337/0x6f0 [ 14.746169] ? trace_preempt_on+0x20/0xc0 [ 14.746194] ? __pfx_kthread+0x10/0x10 [ 14.746214] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.746247] ? calculate_sigpending+0x7b/0xa0 [ 14.746271] ? __pfx_kthread+0x10/0x10 [ 14.746293] ret_from_fork+0x116/0x1d0 [ 14.746311] ? __pfx_kthread+0x10/0x10 [ 14.746332] ret_from_fork_asm+0x1a/0x30 [ 14.746362] </TASK> [ 14.746376] [ 14.755113] Allocated by task 282: [ 14.755330] kasan_save_stack+0x45/0x70 [ 14.755541] kasan_save_track+0x18/0x40 [ 14.755738] kasan_save_alloc_info+0x3b/0x50 [ 14.755912] __kasan_kmalloc+0xb7/0xc0 [ 14.756104] __kmalloc_cache_noprof+0x189/0x420 [ 14.757495] kasan_atomics+0x95/0x310 [ 14.757865] kunit_try_run_case+0x1a5/0x480 [ 14.758032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.758213] kthread+0x337/0x6f0 [ 14.758353] ret_from_fork+0x116/0x1d0 [ 14.758490] ret_from_fork_asm+0x1a/0x30 [ 14.758631] [ 14.758709] The buggy address belongs to the object at ffff888103991d00 [ 14.758709] which belongs to the cache kmalloc-64 of size 64 [ 14.759071] The buggy address is located 0 bytes to the right of [ 14.759071] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.760705] [ 14.761174] The buggy address belongs to the physical page: [ 14.762077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.762562] flags: 0x200000000000000(node=0|zone=2) [ 14.762742] page_type: f5(slab) [ 14.762872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.763108] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.763809] page dumped because: kasan: bad access detected [ 14.764296] [ 14.764558] Memory state around the buggy address: [ 14.764963] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.765247] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.765915] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.766627] ^ [ 14.766864] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.767157] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.767682] ================================================================== [ 14.856144] ================================================================== [ 14.856891] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.857439] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.857678] [ 14.857801] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.857852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.857866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.857890] Call Trace: [ 14.857913] <TASK> [ 14.857937] dump_stack_lvl+0x73/0xb0 [ 14.857973] print_report+0xd1/0x650 [ 14.857998] ? __virt_addr_valid+0x1db/0x2d0 [ 14.858021] ? kasan_atomics_helper+0x992/0x5450 [ 14.858043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.858066] ? kasan_atomics_helper+0x992/0x5450 [ 14.858357] kasan_report+0x141/0x180 [ 14.858382] ? kasan_atomics_helper+0x992/0x5450 [ 14.858408] kasan_check_range+0x10c/0x1c0 [ 14.858432] __kasan_check_write+0x18/0x20 [ 14.858453] kasan_atomics_helper+0x992/0x5450 [ 14.858475] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.858498] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.858523] ? ret_from_fork_asm+0x1a/0x30 [ 14.858547] ? kasan_atomics+0x152/0x310 [ 14.858573] kasan_atomics+0x1dc/0x310 [ 14.858596] ? __pfx_kasan_atomics+0x10/0x10 [ 14.858624] ? __pfx_read_tsc+0x10/0x10 [ 14.858648] ? ktime_get_ts64+0x86/0x230 [ 14.858673] kunit_try_run_case+0x1a5/0x480 [ 14.858699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.858722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.858748] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.858771] ? __kthread_parkme+0x82/0x180 [ 14.858793] ? preempt_count_sub+0x50/0x80 [ 14.858817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.858841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.858864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.858888] kthread+0x337/0x6f0 [ 14.858908] ? trace_preempt_on+0x20/0xc0 [ 14.858932] ? __pfx_kthread+0x10/0x10 [ 14.858952] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.858974] ? calculate_sigpending+0x7b/0xa0 [ 14.858999] ? __pfx_kthread+0x10/0x10 [ 14.859021] ret_from_fork+0x116/0x1d0 [ 14.859040] ? __pfx_kthread+0x10/0x10 [ 14.859061] ret_from_fork_asm+0x1a/0x30 [ 14.859092] </TASK> [ 14.859104] [ 14.869753] Allocated by task 282: [ 14.870003] kasan_save_stack+0x45/0x70 [ 14.870172] kasan_save_track+0x18/0x40 [ 14.870350] kasan_save_alloc_info+0x3b/0x50 [ 14.870613] __kasan_kmalloc+0xb7/0xc0 [ 14.871022] __kmalloc_cache_noprof+0x189/0x420 [ 14.871244] kasan_atomics+0x95/0x310 [ 14.871437] kunit_try_run_case+0x1a5/0x480 [ 14.871990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.872189] kthread+0x337/0x6f0 [ 14.872509] ret_from_fork+0x116/0x1d0 [ 14.872686] ret_from_fork_asm+0x1a/0x30 [ 14.872871] [ 14.872974] The buggy address belongs to the object at ffff888103991d00 [ 14.872974] which belongs to the cache kmalloc-64 of size 64 [ 14.873857] The buggy address is located 0 bytes to the right of [ 14.873857] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.874545] [ 14.874745] The buggy address belongs to the physical page: [ 14.874985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.875249] flags: 0x200000000000000(node=0|zone=2) [ 14.875493] page_type: f5(slab) [ 14.875944] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.876550] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.877050] page dumped because: kasan: bad access detected [ 14.877404] [ 14.877494] Memory state around the buggy address: [ 14.877754] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.878070] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.878567] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.878860] ^ [ 14.879185] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.879720] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.880041] ================================================================== [ 15.053918] ================================================================== [ 15.054872] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 15.055153] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.055412] [ 15.055510] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.055561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.055575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.055600] Call Trace: [ 15.055623] <TASK> [ 15.055647] dump_stack_lvl+0x73/0xb0 [ 15.055683] print_report+0xd1/0x650 [ 15.055708] ? __virt_addr_valid+0x1db/0x2d0 [ 15.055732] ? kasan_atomics_helper+0xe78/0x5450 [ 15.055754] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.055777] ? kasan_atomics_helper+0xe78/0x5450 [ 15.055799] kasan_report+0x141/0x180 [ 15.055821] ? kasan_atomics_helper+0xe78/0x5450 [ 15.055847] kasan_check_range+0x10c/0x1c0 [ 15.055871] __kasan_check_write+0x18/0x20 [ 15.055892] kasan_atomics_helper+0xe78/0x5450 [ 15.055917] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.055940] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.055965] ? ret_from_fork_asm+0x1a/0x30 [ 15.055988] ? kasan_atomics+0x152/0x310 [ 15.056015] kasan_atomics+0x1dc/0x310 [ 15.056038] ? __pfx_kasan_atomics+0x10/0x10 [ 15.056062] ? __pfx_read_tsc+0x10/0x10 [ 15.056084] ? ktime_get_ts64+0x86/0x230 [ 15.056110] kunit_try_run_case+0x1a5/0x480 [ 15.056135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.056158] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.056183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.056207] ? __kthread_parkme+0x82/0x180 [ 15.056239] ? preempt_count_sub+0x50/0x80 [ 15.056264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.056287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.056310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.056334] kthread+0x337/0x6f0 [ 15.056355] ? trace_preempt_on+0x20/0xc0 [ 15.056379] ? __pfx_kthread+0x10/0x10 [ 15.056401] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.056422] ? calculate_sigpending+0x7b/0xa0 [ 15.056447] ? __pfx_kthread+0x10/0x10 [ 15.056471] ret_from_fork+0x116/0x1d0 [ 15.056491] ? __pfx_kthread+0x10/0x10 [ 15.056512] ret_from_fork_asm+0x1a/0x30 [ 15.056543] </TASK> [ 15.056555] [ 15.071884] Allocated by task 282: [ 15.072058] kasan_save_stack+0x45/0x70 [ 15.072216] kasan_save_track+0x18/0x40 [ 15.072665] kasan_save_alloc_info+0x3b/0x50 [ 15.073089] __kasan_kmalloc+0xb7/0xc0 [ 15.073524] __kmalloc_cache_noprof+0x189/0x420 [ 15.073961] kasan_atomics+0x95/0x310 [ 15.074374] kunit_try_run_case+0x1a5/0x480 [ 15.074786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.075296] kthread+0x337/0x6f0 [ 15.075538] ret_from_fork+0x116/0x1d0 [ 15.075896] ret_from_fork_asm+0x1a/0x30 [ 15.076036] [ 15.076109] The buggy address belongs to the object at ffff888103991d00 [ 15.076109] which belongs to the cache kmalloc-64 of size 64 [ 15.076565] The buggy address is located 0 bytes to the right of [ 15.076565] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.077673] [ 15.077885] The buggy address belongs to the physical page: [ 15.078434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.079183] flags: 0x200000000000000(node=0|zone=2) [ 15.079709] page_type: f5(slab) [ 15.079937] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.080165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.080735] page dumped because: kasan: bad access detected [ 15.081243] [ 15.081428] Memory state around the buggy address: [ 15.081873] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.082512] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.082823] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.083033] ^ [ 15.083189] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.083495] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.083774] ================================================================== [ 15.605844] ================================================================== [ 15.606198] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 15.606526] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.606751] [ 15.606844] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.606890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.606903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.606927] Call Trace: [ 15.606950] <TASK> [ 15.606971] dump_stack_lvl+0x73/0xb0 [ 15.607002] print_report+0xd1/0x650 [ 15.607027] ? __virt_addr_valid+0x1db/0x2d0 [ 15.607050] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.607072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.607095] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.607116] kasan_report+0x141/0x180 [ 15.607139] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.607176] kasan_check_range+0x10c/0x1c0 [ 15.607200] __kasan_check_write+0x18/0x20 [ 15.607236] kasan_atomics_helper+0x1a7f/0x5450 [ 15.607270] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.607292] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.607317] ? ret_from_fork_asm+0x1a/0x30 [ 15.607340] ? kasan_atomics+0x152/0x310 [ 15.607367] kasan_atomics+0x1dc/0x310 [ 15.607390] ? __pfx_kasan_atomics+0x10/0x10 [ 15.607414] ? __pfx_read_tsc+0x10/0x10 [ 15.607436] ? ktime_get_ts64+0x86/0x230 [ 15.607460] kunit_try_run_case+0x1a5/0x480 [ 15.607486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.607509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.607533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.607557] ? __kthread_parkme+0x82/0x180 [ 15.607577] ? preempt_count_sub+0x50/0x80 [ 15.607602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.607627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.607650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.607673] kthread+0x337/0x6f0 [ 15.607692] ? trace_preempt_on+0x20/0xc0 [ 15.607716] ? __pfx_kthread+0x10/0x10 [ 15.607737] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.607758] ? calculate_sigpending+0x7b/0xa0 [ 15.607783] ? __pfx_kthread+0x10/0x10 [ 15.607805] ret_from_fork+0x116/0x1d0 [ 15.607824] ? __pfx_kthread+0x10/0x10 [ 15.607845] ret_from_fork_asm+0x1a/0x30 [ 15.607886] </TASK> [ 15.607901] [ 15.616024] Allocated by task 282: [ 15.616426] kasan_save_stack+0x45/0x70 [ 15.616693] kasan_save_track+0x18/0x40 [ 15.616903] kasan_save_alloc_info+0x3b/0x50 [ 15.617116] __kasan_kmalloc+0xb7/0xc0 [ 15.617275] __kmalloc_cache_noprof+0x189/0x420 [ 15.617505] kasan_atomics+0x95/0x310 [ 15.617703] kunit_try_run_case+0x1a5/0x480 [ 15.617899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.618126] kthread+0x337/0x6f0 [ 15.618369] ret_from_fork+0x116/0x1d0 [ 15.618569] ret_from_fork_asm+0x1a/0x30 [ 15.618795] [ 15.618897] The buggy address belongs to the object at ffff888103991d00 [ 15.618897] which belongs to the cache kmalloc-64 of size 64 [ 15.619512] The buggy address is located 0 bytes to the right of [ 15.619512] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.619882] [ 15.620031] The buggy address belongs to the physical page: [ 15.620366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.620741] flags: 0x200000000000000(node=0|zone=2) [ 15.620989] page_type: f5(slab) [ 15.621114] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.621363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.621597] page dumped because: kasan: bad access detected [ 15.621823] [ 15.621933] Memory state around the buggy address: [ 15.622161] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.622791] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.623113] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.624393] ^ [ 15.624673] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.624912] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.625129] ================================================================== [ 15.961526] ================================================================== [ 15.961988] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.963051] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.963342] [ 15.963442] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.963493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.963507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.963532] Call Trace: [ 15.963554] <TASK> [ 15.963577] dump_stack_lvl+0x73/0xb0 [ 15.963612] print_report+0xd1/0x650 [ 15.963637] ? __virt_addr_valid+0x1db/0x2d0 [ 15.963661] ? kasan_atomics_helper+0x224c/0x5450 [ 15.963683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.963705] ? kasan_atomics_helper+0x224c/0x5450 [ 15.963728] kasan_report+0x141/0x180 [ 15.963752] ? kasan_atomics_helper+0x224c/0x5450 [ 15.963778] kasan_check_range+0x10c/0x1c0 [ 15.963803] __kasan_check_write+0x18/0x20 [ 15.963823] kasan_atomics_helper+0x224c/0x5450 [ 15.963846] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.963869] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.963894] ? ret_from_fork_asm+0x1a/0x30 [ 15.963916] ? kasan_atomics+0x152/0x310 [ 15.963943] kasan_atomics+0x1dc/0x310 [ 15.963966] ? __pfx_kasan_atomics+0x10/0x10 [ 15.963989] ? __pfx_read_tsc+0x10/0x10 [ 15.964014] ? ktime_get_ts64+0x86/0x230 [ 15.964073] kunit_try_run_case+0x1a5/0x480 [ 15.964105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.964128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.964152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.964176] ? __kthread_parkme+0x82/0x180 [ 15.964196] ? preempt_count_sub+0x50/0x80 [ 15.964252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.964277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.964299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.964322] kthread+0x337/0x6f0 [ 15.964343] ? trace_preempt_on+0x20/0xc0 [ 15.964367] ? __pfx_kthread+0x10/0x10 [ 15.964387] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.964409] ? calculate_sigpending+0x7b/0xa0 [ 15.964434] ? __pfx_kthread+0x10/0x10 [ 15.964456] ret_from_fork+0x116/0x1d0 [ 15.964475] ? __pfx_kthread+0x10/0x10 [ 15.964496] ret_from_fork_asm+0x1a/0x30 [ 15.964527] </TASK> [ 15.964540] [ 15.972891] Allocated by task 282: [ 15.973118] kasan_save_stack+0x45/0x70 [ 15.973358] kasan_save_track+0x18/0x40 [ 15.973535] kasan_save_alloc_info+0x3b/0x50 [ 15.973682] __kasan_kmalloc+0xb7/0xc0 [ 15.973811] __kmalloc_cache_noprof+0x189/0x420 [ 15.973964] kasan_atomics+0x95/0x310 [ 15.974148] kunit_try_run_case+0x1a5/0x480 [ 15.974360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.974615] kthread+0x337/0x6f0 [ 15.974783] ret_from_fork+0x116/0x1d0 [ 15.974943] ret_from_fork_asm+0x1a/0x30 [ 15.975080] [ 15.975151] The buggy address belongs to the object at ffff888103991d00 [ 15.975151] which belongs to the cache kmalloc-64 of size 64 [ 15.975907] The buggy address is located 0 bytes to the right of [ 15.975907] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.976437] [ 15.976528] The buggy address belongs to the physical page: [ 15.976762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.977071] flags: 0x200000000000000(node=0|zone=2) [ 15.977249] page_type: f5(slab) [ 15.977371] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.977713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.978058] page dumped because: kasan: bad access detected [ 15.978238] [ 15.978346] Memory state around the buggy address: [ 15.978576] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.978865] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.979150] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.979427] ^ [ 15.979580] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.979790] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.980092] ================================================================== [ 14.457496] ================================================================== [ 14.458787] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 14.459571] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.460624] [ 14.461031] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.461309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.461368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.461394] Call Trace: [ 14.461414] <TASK> [ 14.461439] dump_stack_lvl+0x73/0xb0 [ 14.461482] print_report+0xd1/0x650 [ 14.461506] ? __virt_addr_valid+0x1db/0x2d0 [ 14.461528] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.461549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.461571] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.461591] kasan_report+0x141/0x180 [ 14.461612] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.461637] __asan_report_load4_noabort+0x18/0x20 [ 14.461660] kasan_atomics_helper+0x4bbc/0x5450 [ 14.461681] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.461702] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.461726] ? ret_from_fork_asm+0x1a/0x30 [ 14.461747] ? kasan_atomics+0x152/0x310 [ 14.461771] kasan_atomics+0x1dc/0x310 [ 14.461793] ? __pfx_kasan_atomics+0x10/0x10 [ 14.461816] ? __pfx_read_tsc+0x10/0x10 [ 14.461836] ? ktime_get_ts64+0x86/0x230 [ 14.461859] kunit_try_run_case+0x1a5/0x480 [ 14.461885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.461906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.461930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.461952] ? __kthread_parkme+0x82/0x180 [ 14.461972] ? preempt_count_sub+0x50/0x80 [ 14.461994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.462017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.462038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.462061] kthread+0x337/0x6f0 [ 14.462081] ? trace_preempt_on+0x20/0xc0 [ 14.462104] ? __pfx_kthread+0x10/0x10 [ 14.462123] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.462143] ? calculate_sigpending+0x7b/0xa0 [ 14.462166] ? __pfx_kthread+0x10/0x10 [ 14.462187] ret_from_fork+0x116/0x1d0 [ 14.462234] ? __pfx_kthread+0x10/0x10 [ 14.462254] ret_from_fork_asm+0x1a/0x30 [ 14.462284] </TASK> [ 14.462296] [ 14.479346] Allocated by task 282: [ 14.479559] kasan_save_stack+0x45/0x70 [ 14.479768] kasan_save_track+0x18/0x40 [ 14.479941] kasan_save_alloc_info+0x3b/0x50 [ 14.480133] __kasan_kmalloc+0xb7/0xc0 [ 14.480671] __kmalloc_cache_noprof+0x189/0x420 [ 14.481044] kasan_atomics+0x95/0x310 [ 14.481522] kunit_try_run_case+0x1a5/0x480 [ 14.481791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.482209] kthread+0x337/0x6f0 [ 14.482533] ret_from_fork+0x116/0x1d0 [ 14.482748] ret_from_fork_asm+0x1a/0x30 [ 14.482950] [ 14.483086] The buggy address belongs to the object at ffff888103991d00 [ 14.483086] which belongs to the cache kmalloc-64 of size 64 [ 14.484077] The buggy address is located 0 bytes to the right of [ 14.484077] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.484958] [ 14.485237] The buggy address belongs to the physical page: [ 14.485701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.486046] flags: 0x200000000000000(node=0|zone=2) [ 14.486569] page_type: f5(slab) [ 14.486801] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.487373] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.487877] page dumped because: kasan: bad access detected [ 14.488085] [ 14.488178] Memory state around the buggy address: [ 14.488721] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.489294] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.489595] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.489887] ^ [ 14.490096] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.490757] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.491256] ================================================================== [ 15.175725] ================================================================== [ 15.176903] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 15.177911] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.178905] [ 15.179229] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.179366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.179381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.179407] Call Trace: [ 15.179430] <TASK> [ 15.179453] dump_stack_lvl+0x73/0xb0 [ 15.179496] print_report+0xd1/0x650 [ 15.179523] ? __virt_addr_valid+0x1db/0x2d0 [ 15.179552] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.179575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.179714] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.179742] kasan_report+0x141/0x180 [ 15.179767] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.179794] __asan_report_load4_noabort+0x18/0x20 [ 15.179820] kasan_atomics_helper+0x4a1c/0x5450 [ 15.179842] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.179865] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.179891] ? ret_from_fork_asm+0x1a/0x30 [ 15.179914] ? kasan_atomics+0x152/0x310 [ 15.179940] kasan_atomics+0x1dc/0x310 [ 15.179965] ? __pfx_kasan_atomics+0x10/0x10 [ 15.179992] ? __pfx_read_tsc+0x10/0x10 [ 15.180017] ? ktime_get_ts64+0x86/0x230 [ 15.180042] kunit_try_run_case+0x1a5/0x480 [ 15.180068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.180091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.180116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.180139] ? __kthread_parkme+0x82/0x180 [ 15.180161] ? preempt_count_sub+0x50/0x80 [ 15.180186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.180209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.180270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.180295] kthread+0x337/0x6f0 [ 15.180314] ? trace_preempt_on+0x20/0xc0 [ 15.180338] ? __pfx_kthread+0x10/0x10 [ 15.180359] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.180381] ? calculate_sigpending+0x7b/0xa0 [ 15.180405] ? __pfx_kthread+0x10/0x10 [ 15.180427] ret_from_fork+0x116/0x1d0 [ 15.180447] ? __pfx_kthread+0x10/0x10 [ 15.180469] ret_from_fork_asm+0x1a/0x30 [ 15.180500] </TASK> [ 15.180512] [ 15.191303] Allocated by task 282: [ 15.191531] kasan_save_stack+0x45/0x70 [ 15.191883] kasan_save_track+0x18/0x40 [ 15.192080] kasan_save_alloc_info+0x3b/0x50 [ 15.192485] __kasan_kmalloc+0xb7/0xc0 [ 15.192663] __kmalloc_cache_noprof+0x189/0x420 [ 15.193003] kasan_atomics+0x95/0x310 [ 15.193190] kunit_try_run_case+0x1a5/0x480 [ 15.193600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.193786] kthread+0x337/0x6f0 [ 15.193913] ret_from_fork+0x116/0x1d0 [ 15.194108] ret_from_fork_asm+0x1a/0x30 [ 15.194463] [ 15.194673] The buggy address belongs to the object at ffff888103991d00 [ 15.194673] which belongs to the cache kmalloc-64 of size 64 [ 15.195228] The buggy address is located 0 bytes to the right of [ 15.195228] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.195755] [ 15.195980] The buggy address belongs to the physical page: [ 15.196370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.196813] flags: 0x200000000000000(node=0|zone=2) [ 15.197127] page_type: f5(slab) [ 15.197351] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.197745] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.198067] page dumped because: kasan: bad access detected [ 15.198294] [ 15.198401] Memory state around the buggy address: [ 15.198588] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.199059] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.199519] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.199875] ^ [ 15.200062] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.200415] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.200741] ================================================================== [ 15.674148] ================================================================== [ 15.674512] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.675164] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.675679] [ 15.675782] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.675841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.675856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.675888] Call Trace: [ 15.675910] <TASK> [ 15.675933] dump_stack_lvl+0x73/0xb0 [ 15.675966] print_report+0xd1/0x650 [ 15.675992] ? __virt_addr_valid+0x1db/0x2d0 [ 15.676017] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.676042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.676067] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.676090] kasan_report+0x141/0x180 [ 15.676113] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.676141] __asan_report_load8_noabort+0x18/0x20 [ 15.676166] kasan_atomics_helper+0x4f30/0x5450 [ 15.676190] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.676213] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.676250] ? ret_from_fork_asm+0x1a/0x30 [ 15.676286] ? kasan_atomics+0x152/0x310 [ 15.676314] kasan_atomics+0x1dc/0x310 [ 15.676339] ? __pfx_kasan_atomics+0x10/0x10 [ 15.676365] ? __pfx_read_tsc+0x10/0x10 [ 15.676388] ? ktime_get_ts64+0x86/0x230 [ 15.676414] kunit_try_run_case+0x1a5/0x480 [ 15.676441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.676467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.676495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.676521] ? __kthread_parkme+0x82/0x180 [ 15.676544] ? preempt_count_sub+0x50/0x80 [ 15.676582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.676609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.676633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.676677] kthread+0x337/0x6f0 [ 15.676699] ? trace_preempt_on+0x20/0xc0 [ 15.676723] ? __pfx_kthread+0x10/0x10 [ 15.676755] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.676777] ? calculate_sigpending+0x7b/0xa0 [ 15.676817] ? __pfx_kthread+0x10/0x10 [ 15.676839] ret_from_fork+0x116/0x1d0 [ 15.676857] ? __pfx_kthread+0x10/0x10 [ 15.676878] ret_from_fork_asm+0x1a/0x30 [ 15.676909] </TASK> [ 15.676923] [ 15.684758] Allocated by task 282: [ 15.684983] kasan_save_stack+0x45/0x70 [ 15.685246] kasan_save_track+0x18/0x40 [ 15.685472] kasan_save_alloc_info+0x3b/0x50 [ 15.685829] __kasan_kmalloc+0xb7/0xc0 [ 15.686025] __kmalloc_cache_noprof+0x189/0x420 [ 15.686286] kasan_atomics+0x95/0x310 [ 15.686488] kunit_try_run_case+0x1a5/0x480 [ 15.686651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.687001] kthread+0x337/0x6f0 [ 15.687199] ret_from_fork+0x116/0x1d0 [ 15.687406] ret_from_fork_asm+0x1a/0x30 [ 15.687694] [ 15.687783] The buggy address belongs to the object at ffff888103991d00 [ 15.687783] which belongs to the cache kmalloc-64 of size 64 [ 15.688294] The buggy address is located 0 bytes to the right of [ 15.688294] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.688814] [ 15.688936] The buggy address belongs to the physical page: [ 15.689131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.689535] flags: 0x200000000000000(node=0|zone=2) [ 15.689712] page_type: f5(slab) [ 15.689837] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.690069] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.690313] page dumped because: kasan: bad access detected [ 15.690486] [ 15.690556] Memory state around the buggy address: [ 15.692594] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.693002] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.693431] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.693653] ^ [ 15.693814] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.694096] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.694354] ================================================================== [ 15.784920] ================================================================== [ 15.785552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.785867] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.786179] [ 15.786324] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.786372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.786385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.786409] Call Trace: [ 15.786430] <TASK> [ 15.786451] dump_stack_lvl+0x73/0xb0 [ 15.786482] print_report+0xd1/0x650 [ 15.786505] ? __virt_addr_valid+0x1db/0x2d0 [ 15.786528] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.786550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.786573] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.786594] kasan_report+0x141/0x180 [ 15.786617] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.786644] kasan_check_range+0x10c/0x1c0 [ 15.786671] __kasan_check_write+0x18/0x20 [ 15.786691] kasan_atomics_helper+0x1f43/0x5450 [ 15.786715] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.786737] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.786763] ? ret_from_fork_asm+0x1a/0x30 [ 15.786787] ? kasan_atomics+0x152/0x310 [ 15.786813] kasan_atomics+0x1dc/0x310 [ 15.786836] ? __pfx_kasan_atomics+0x10/0x10 [ 15.786861] ? __pfx_read_tsc+0x10/0x10 [ 15.786883] ? ktime_get_ts64+0x86/0x230 [ 15.786909] kunit_try_run_case+0x1a5/0x480 [ 15.786934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.786956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.786981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.787004] ? __kthread_parkme+0x82/0x180 [ 15.787024] ? preempt_count_sub+0x50/0x80 [ 15.787049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.787072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.787096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.787119] kthread+0x337/0x6f0 [ 15.787138] ? trace_preempt_on+0x20/0xc0 [ 15.787162] ? __pfx_kthread+0x10/0x10 [ 15.787183] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.787204] ? calculate_sigpending+0x7b/0xa0 [ 15.787240] ? __pfx_kthread+0x10/0x10 [ 15.787276] ret_from_fork+0x116/0x1d0 [ 15.787295] ? __pfx_kthread+0x10/0x10 [ 15.787316] ret_from_fork_asm+0x1a/0x30 [ 15.787346] </TASK> [ 15.787358] [ 15.794533] Allocated by task 282: [ 15.794746] kasan_save_stack+0x45/0x70 [ 15.794956] kasan_save_track+0x18/0x40 [ 15.795149] kasan_save_alloc_info+0x3b/0x50 [ 15.795392] __kasan_kmalloc+0xb7/0xc0 [ 15.795585] __kmalloc_cache_noprof+0x189/0x420 [ 15.795812] kasan_atomics+0x95/0x310 [ 15.796002] kunit_try_run_case+0x1a5/0x480 [ 15.796214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.796509] kthread+0x337/0x6f0 [ 15.796667] ret_from_fork+0x116/0x1d0 [ 15.796857] ret_from_fork_asm+0x1a/0x30 [ 15.797020] [ 15.797093] The buggy address belongs to the object at ffff888103991d00 [ 15.797093] which belongs to the cache kmalloc-64 of size 64 [ 15.797701] The buggy address is located 0 bytes to the right of [ 15.797701] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.798425] [ 15.798529] The buggy address belongs to the physical page: [ 15.798770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.799087] flags: 0x200000000000000(node=0|zone=2) [ 15.799266] page_type: f5(slab) [ 15.799441] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.799788] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.800096] page dumped because: kasan: bad access detected [ 15.800280] [ 15.800351] Memory state around the buggy address: [ 15.800509] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.800726] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.801075] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.801419] ^ [ 15.801719] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.801933] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.802146] ================================================================== [ 14.826402] ================================================================== [ 14.826836] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.827253] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.828388] [ 14.828694] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.828757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.828773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.828810] Call Trace: [ 14.828833] <TASK> [ 14.828856] dump_stack_lvl+0x73/0xb0 [ 14.828899] print_report+0xd1/0x650 [ 14.828925] ? __virt_addr_valid+0x1db/0x2d0 [ 14.828950] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.828973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.828996] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.829018] kasan_report+0x141/0x180 [ 14.829041] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.829067] kasan_check_range+0x10c/0x1c0 [ 14.829092] __kasan_check_write+0x18/0x20 [ 14.829114] kasan_atomics_helper+0x8f9/0x5450 [ 14.829137] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.829160] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.829185] ? ret_from_fork_asm+0x1a/0x30 [ 14.829237] ? kasan_atomics+0x152/0x310 [ 14.829264] kasan_atomics+0x1dc/0x310 [ 14.829287] ? __pfx_kasan_atomics+0x10/0x10 [ 14.829313] ? __pfx_read_tsc+0x10/0x10 [ 14.829335] ? ktime_get_ts64+0x86/0x230 [ 14.829360] kunit_try_run_case+0x1a5/0x480 [ 14.829386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.829408] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.829433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.829456] ? __kthread_parkme+0x82/0x180 [ 14.829477] ? preempt_count_sub+0x50/0x80 [ 14.829502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.829525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.829548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.829571] kthread+0x337/0x6f0 [ 14.829591] ? trace_preempt_on+0x20/0xc0 [ 14.829615] ? __pfx_kthread+0x10/0x10 [ 14.829636] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.829657] ? calculate_sigpending+0x7b/0xa0 [ 14.829682] ? __pfx_kthread+0x10/0x10 [ 14.829703] ret_from_fork+0x116/0x1d0 [ 14.829722] ? __pfx_kthread+0x10/0x10 [ 14.829742] ret_from_fork_asm+0x1a/0x30 [ 14.829773] </TASK> [ 14.829784] [ 14.844408] Allocated by task 282: [ 14.844691] kasan_save_stack+0x45/0x70 [ 14.844870] kasan_save_track+0x18/0x40 [ 14.845008] kasan_save_alloc_info+0x3b/0x50 [ 14.845159] __kasan_kmalloc+0xb7/0xc0 [ 14.845315] __kmalloc_cache_noprof+0x189/0x420 [ 14.845587] kasan_atomics+0x95/0x310 [ 14.845807] kunit_try_run_case+0x1a5/0x480 [ 14.846000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.846365] kthread+0x337/0x6f0 [ 14.846593] ret_from_fork+0x116/0x1d0 [ 14.846824] ret_from_fork_asm+0x1a/0x30 [ 14.846965] [ 14.847069] The buggy address belongs to the object at ffff888103991d00 [ 14.847069] which belongs to the cache kmalloc-64 of size 64 [ 14.847819] The buggy address is located 0 bytes to the right of [ 14.847819] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.848439] [ 14.848523] The buggy address belongs to the physical page: [ 14.849009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.849760] flags: 0x200000000000000(node=0|zone=2) [ 14.850001] page_type: f5(slab) [ 14.850175] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.850924] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.851480] page dumped because: kasan: bad access detected [ 14.851897] [ 14.851979] Memory state around the buggy address: [ 14.852433] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.852862] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.853755] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.854065] ^ [ 14.854407] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.854742] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.855046] ================================================================== [ 15.861338] ================================================================== [ 15.861757] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.862032] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.862502] [ 15.862670] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.862733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.862746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.862782] Call Trace: [ 15.862804] <TASK> [ 15.862827] dump_stack_lvl+0x73/0xb0 [ 15.862858] print_report+0xd1/0x650 [ 15.862882] ? __virt_addr_valid+0x1db/0x2d0 [ 15.862915] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.862937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.862960] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.862993] kasan_report+0x141/0x180 [ 15.863015] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.863041] __asan_report_load8_noabort+0x18/0x20 [ 15.863066] kasan_atomics_helper+0x4f98/0x5450 [ 15.863098] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.863120] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.863145] ? ret_from_fork_asm+0x1a/0x30 [ 15.863178] ? kasan_atomics+0x152/0x310 [ 15.863205] kasan_atomics+0x1dc/0x310 [ 15.863238] ? __pfx_kasan_atomics+0x10/0x10 [ 15.863262] ? __pfx_read_tsc+0x10/0x10 [ 15.863292] ? ktime_get_ts64+0x86/0x230 [ 15.863318] kunit_try_run_case+0x1a5/0x480 [ 15.863353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.863377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.863400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.863424] ? __kthread_parkme+0x82/0x180 [ 15.863445] ? preempt_count_sub+0x50/0x80 [ 15.863469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.863493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.863516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.863540] kthread+0x337/0x6f0 [ 15.863560] ? trace_preempt_on+0x20/0xc0 [ 15.863583] ? __pfx_kthread+0x10/0x10 [ 15.863604] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.863625] ? calculate_sigpending+0x7b/0xa0 [ 15.863659] ? __pfx_kthread+0x10/0x10 [ 15.863681] ret_from_fork+0x116/0x1d0 [ 15.863700] ? __pfx_kthread+0x10/0x10 [ 15.863731] ret_from_fork_asm+0x1a/0x30 [ 15.863764] </TASK> [ 15.863777] [ 15.871563] Allocated by task 282: [ 15.871722] kasan_save_stack+0x45/0x70 [ 15.871920] kasan_save_track+0x18/0x40 [ 15.872112] kasan_save_alloc_info+0x3b/0x50 [ 15.872328] __kasan_kmalloc+0xb7/0xc0 [ 15.872499] __kmalloc_cache_noprof+0x189/0x420 [ 15.872664] kasan_atomics+0x95/0x310 [ 15.872808] kunit_try_run_case+0x1a5/0x480 [ 15.873188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.873725] kthread+0x337/0x6f0 [ 15.873870] ret_from_fork+0x116/0x1d0 [ 15.874046] ret_from_fork_asm+0x1a/0x30 [ 15.874189] [ 15.874272] The buggy address belongs to the object at ffff888103991d00 [ 15.874272] which belongs to the cache kmalloc-64 of size 64 [ 15.874821] The buggy address is located 0 bytes to the right of [ 15.874821] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.875529] [ 15.875720] The buggy address belongs to the physical page: [ 15.875920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.876163] flags: 0x200000000000000(node=0|zone=2) [ 15.876344] page_type: f5(slab) [ 15.876550] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.876906] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.877280] page dumped because: kasan: bad access detected [ 15.877582] [ 15.877735] Memory state around the buggy address: [ 15.877987] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.878214] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.878440] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.878749] ^ [ 15.878970] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.879334] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.879560] ================================================================== [ 14.995721] ================================================================== [ 14.996913] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.997408] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.997730] [ 14.997844] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.997893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.997906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.997930] Call Trace: [ 14.997952] <TASK> [ 14.997973] dump_stack_lvl+0x73/0xb0 [ 14.998006] print_report+0xd1/0x650 [ 14.998030] ? __virt_addr_valid+0x1db/0x2d0 [ 14.998054] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.998077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.998099] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.998121] kasan_report+0x141/0x180 [ 14.998143] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.998169] __asan_report_load4_noabort+0x18/0x20 [ 14.998194] kasan_atomics_helper+0x4a84/0x5450 [ 14.998216] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.998253] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.998292] ? ret_from_fork_asm+0x1a/0x30 [ 14.998316] ? kasan_atomics+0x152/0x310 [ 14.998342] kasan_atomics+0x1dc/0x310 [ 14.998365] ? __pfx_kasan_atomics+0x10/0x10 [ 14.998389] ? __pfx_read_tsc+0x10/0x10 [ 14.998411] ? ktime_get_ts64+0x86/0x230 [ 14.998437] kunit_try_run_case+0x1a5/0x480 [ 14.998462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.998485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.998509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.998532] ? __kthread_parkme+0x82/0x180 [ 14.998553] ? preempt_count_sub+0x50/0x80 [ 14.998579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.998603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.998625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.998649] kthread+0x337/0x6f0 [ 14.998670] ? trace_preempt_on+0x20/0xc0 [ 14.998694] ? __pfx_kthread+0x10/0x10 [ 14.998715] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.998736] ? calculate_sigpending+0x7b/0xa0 [ 14.998761] ? __pfx_kthread+0x10/0x10 [ 14.998782] ret_from_fork+0x116/0x1d0 [ 14.998801] ? __pfx_kthread+0x10/0x10 [ 14.998823] ret_from_fork_asm+0x1a/0x30 [ 14.998854] </TASK> [ 14.998867] [ 15.006256] Allocated by task 282: [ 15.006466] kasan_save_stack+0x45/0x70 [ 15.006677] kasan_save_track+0x18/0x40 [ 15.006866] kasan_save_alloc_info+0x3b/0x50 [ 15.007041] __kasan_kmalloc+0xb7/0xc0 [ 15.007225] __kmalloc_cache_noprof+0x189/0x420 [ 15.007382] kasan_atomics+0x95/0x310 [ 15.007516] kunit_try_run_case+0x1a5/0x480 [ 15.007664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.007838] kthread+0x337/0x6f0 [ 15.007962] ret_from_fork+0x116/0x1d0 [ 15.008096] ret_from_fork_asm+0x1a/0x30 [ 15.008354] [ 15.008466] The buggy address belongs to the object at ffff888103991d00 [ 15.008466] which belongs to the cache kmalloc-64 of size 64 [ 15.009004] The buggy address is located 0 bytes to the right of [ 15.009004] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.009757] [ 15.009833] The buggy address belongs to the physical page: [ 15.010007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.010259] flags: 0x200000000000000(node=0|zone=2) [ 15.010424] page_type: f5(slab) [ 15.010547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.010775] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.011558] page dumped because: kasan: bad access detected [ 15.011813] [ 15.011908] Memory state around the buggy address: [ 15.012138] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.012627] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.012958] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.013284] ^ [ 15.013567] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.013827] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.014129] ================================================================== [ 15.222987] ================================================================== [ 15.223412] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 15.224351] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.224997] [ 15.225109] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.225162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.225175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.225200] Call Trace: [ 15.225234] <TASK> [ 15.225256] dump_stack_lvl+0x73/0xb0 [ 15.225293] print_report+0xd1/0x650 [ 15.225318] ? __virt_addr_valid+0x1db/0x2d0 [ 15.225342] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.225365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.225388] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.225410] kasan_report+0x141/0x180 [ 15.225432] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.225459] __asan_report_load4_noabort+0x18/0x20 [ 15.225485] kasan_atomics_helper+0x4a02/0x5450 [ 15.225509] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.225531] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.225557] ? ret_from_fork_asm+0x1a/0x30 [ 15.225580] ? kasan_atomics+0x152/0x310 [ 15.225607] kasan_atomics+0x1dc/0x310 [ 15.225630] ? __pfx_kasan_atomics+0x10/0x10 [ 15.225655] ? __pfx_read_tsc+0x10/0x10 [ 15.225676] ? ktime_get_ts64+0x86/0x230 [ 15.225702] kunit_try_run_case+0x1a5/0x480 [ 15.225727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225750] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.225775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.225798] ? __kthread_parkme+0x82/0x180 [ 15.225820] ? preempt_count_sub+0x50/0x80 [ 15.225844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.225891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.225915] kthread+0x337/0x6f0 [ 15.225935] ? trace_preempt_on+0x20/0xc0 [ 15.225960] ? __pfx_kthread+0x10/0x10 [ 15.225981] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.226003] ? calculate_sigpending+0x7b/0xa0 [ 15.226027] ? __pfx_kthread+0x10/0x10 [ 15.226049] ret_from_fork+0x116/0x1d0 [ 15.226068] ? __pfx_kthread+0x10/0x10 [ 15.226089] ret_from_fork_asm+0x1a/0x30 [ 15.226119] </TASK> [ 15.226132] [ 15.236541] Allocated by task 282: [ 15.236764] kasan_save_stack+0x45/0x70 [ 15.236984] kasan_save_track+0x18/0x40 [ 15.237162] kasan_save_alloc_info+0x3b/0x50 [ 15.237818] __kasan_kmalloc+0xb7/0xc0 [ 15.238080] __kmalloc_cache_noprof+0x189/0x420 [ 15.238524] kasan_atomics+0x95/0x310 [ 15.238783] kunit_try_run_case+0x1a5/0x480 [ 15.239093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.239558] kthread+0x337/0x6f0 [ 15.239862] ret_from_fork+0x116/0x1d0 [ 15.240046] ret_from_fork_asm+0x1a/0x30 [ 15.240240] [ 15.240335] The buggy address belongs to the object at ffff888103991d00 [ 15.240335] which belongs to the cache kmalloc-64 of size 64 [ 15.240776] The buggy address is located 0 bytes to the right of [ 15.240776] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.241272] [ 15.241376] The buggy address belongs to the physical page: [ 15.241664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.242394] flags: 0x200000000000000(node=0|zone=2) [ 15.242616] page_type: f5(slab) [ 15.242800] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.243102] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.243801] page dumped because: kasan: bad access detected [ 15.244011] [ 15.244107] Memory state around the buggy address: [ 15.244626] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.244903] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.245340] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.245726] ^ [ 15.245945] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.246411] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.246718] ================================================================== [ 15.695080] ================================================================== [ 15.697607] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.699473] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.700020] [ 15.700157] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.700212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.700423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.700860] Call Trace: [ 15.700885] <TASK> [ 15.700911] dump_stack_lvl+0x73/0xb0 [ 15.700956] print_report+0xd1/0x650 [ 15.700981] ? __virt_addr_valid+0x1db/0x2d0 [ 15.701005] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.701027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.701050] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.701073] kasan_report+0x141/0x180 [ 15.701096] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.701122] kasan_check_range+0x10c/0x1c0 [ 15.701146] __kasan_check_write+0x18/0x20 [ 15.701167] kasan_atomics_helper+0x1ce1/0x5450 [ 15.701189] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.701212] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.701250] ? ret_from_fork_asm+0x1a/0x30 [ 15.701274] ? kasan_atomics+0x152/0x310 [ 15.701320] kasan_atomics+0x1dc/0x310 [ 15.701344] ? __pfx_kasan_atomics+0x10/0x10 [ 15.701368] ? __pfx_read_tsc+0x10/0x10 [ 15.701391] ? ktime_get_ts64+0x86/0x230 [ 15.701415] kunit_try_run_case+0x1a5/0x480 [ 15.701778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.701805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.701829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.701853] ? __kthread_parkme+0x82/0x180 [ 15.701875] ? preempt_count_sub+0x50/0x80 [ 15.701900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.701924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.701947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.701971] kthread+0x337/0x6f0 [ 15.701991] ? trace_preempt_on+0x20/0xc0 [ 15.702016] ? __pfx_kthread+0x10/0x10 [ 15.702037] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.702059] ? calculate_sigpending+0x7b/0xa0 [ 15.702084] ? __pfx_kthread+0x10/0x10 [ 15.702106] ret_from_fork+0x116/0x1d0 [ 15.702125] ? __pfx_kthread+0x10/0x10 [ 15.702146] ret_from_fork_asm+0x1a/0x30 [ 15.702177] </TASK> [ 15.702190] [ 15.712725] Allocated by task 282: [ 15.713010] kasan_save_stack+0x45/0x70 [ 15.713312] kasan_save_track+0x18/0x40 [ 15.713581] kasan_save_alloc_info+0x3b/0x50 [ 15.713751] __kasan_kmalloc+0xb7/0xc0 [ 15.713947] __kmalloc_cache_noprof+0x189/0x420 [ 15.714363] kasan_atomics+0x95/0x310 [ 15.714628] kunit_try_run_case+0x1a5/0x480 [ 15.714787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.715122] kthread+0x337/0x6f0 [ 15.715299] ret_from_fork+0x116/0x1d0 [ 15.715470] ret_from_fork_asm+0x1a/0x30 [ 15.715659] [ 15.715754] The buggy address belongs to the object at ffff888103991d00 [ 15.715754] which belongs to the cache kmalloc-64 of size 64 [ 15.716243] The buggy address is located 0 bytes to the right of [ 15.716243] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.717124] [ 15.717325] The buggy address belongs to the physical page: [ 15.717643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.717959] flags: 0x200000000000000(node=0|zone=2) [ 15.718343] page_type: f5(slab) [ 15.718560] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.718942] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.719326] page dumped because: kasan: bad access detected [ 15.719588] [ 15.719805] Memory state around the buggy address: [ 15.719980] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.720508] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.720829] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.721125] ^ [ 15.721569] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.721886] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.722233] ================================================================== [ 14.566497] ================================================================== [ 14.566783] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 14.567108] Read of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.567770] [ 14.567902] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.567952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.567966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.567990] Call Trace: [ 14.568012] <TASK> [ 14.568034] dump_stack_lvl+0x73/0xb0 [ 14.568069] print_report+0xd1/0x650 [ 14.568094] ? __virt_addr_valid+0x1db/0x2d0 [ 14.568119] ? kasan_atomics_helper+0x3df/0x5450 [ 14.568141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.568163] ? kasan_atomics_helper+0x3df/0x5450 [ 14.568185] kasan_report+0x141/0x180 [ 14.568207] ? kasan_atomics_helper+0x3df/0x5450 [ 14.568246] kasan_check_range+0x10c/0x1c0 [ 14.568271] __kasan_check_read+0x15/0x20 [ 14.568291] kasan_atomics_helper+0x3df/0x5450 [ 14.568314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.568336] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.568361] ? ret_from_fork_asm+0x1a/0x30 [ 14.568385] ? kasan_atomics+0x152/0x310 [ 14.568411] kasan_atomics+0x1dc/0x310 [ 14.568433] ? __pfx_kasan_atomics+0x10/0x10 [ 14.568545] ? __pfx_read_tsc+0x10/0x10 [ 14.568569] ? ktime_get_ts64+0x86/0x230 [ 14.568595] kunit_try_run_case+0x1a5/0x480 [ 14.568623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.568647] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.568672] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.568696] ? __kthread_parkme+0x82/0x180 [ 14.568718] ? preempt_count_sub+0x50/0x80 [ 14.568742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.568766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.568801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.568825] kthread+0x337/0x6f0 [ 14.568845] ? trace_preempt_on+0x20/0xc0 [ 14.568870] ? __pfx_kthread+0x10/0x10 [ 14.568891] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.568913] ? calculate_sigpending+0x7b/0xa0 [ 14.568937] ? __pfx_kthread+0x10/0x10 [ 14.568959] ret_from_fork+0x116/0x1d0 [ 14.568978] ? __pfx_kthread+0x10/0x10 [ 14.568999] ret_from_fork_asm+0x1a/0x30 [ 14.569029] </TASK> [ 14.569042] [ 14.577473] Allocated by task 282: [ 14.577844] kasan_save_stack+0x45/0x70 [ 14.578075] kasan_save_track+0x18/0x40 [ 14.578350] kasan_save_alloc_info+0x3b/0x50 [ 14.578569] __kasan_kmalloc+0xb7/0xc0 [ 14.578764] __kmalloc_cache_noprof+0x189/0x420 [ 14.578991] kasan_atomics+0x95/0x310 [ 14.579186] kunit_try_run_case+0x1a5/0x480 [ 14.579509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.579730] kthread+0x337/0x6f0 [ 14.579864] ret_from_fork+0x116/0x1d0 [ 14.579999] ret_from_fork_asm+0x1a/0x30 [ 14.580140] [ 14.580213] The buggy address belongs to the object at ffff888103991d00 [ 14.580213] which belongs to the cache kmalloc-64 of size 64 [ 14.581275] The buggy address is located 0 bytes to the right of [ 14.581275] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.581847] [ 14.581925] The buggy address belongs to the physical page: [ 14.582105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.582469] flags: 0x200000000000000(node=0|zone=2) [ 14.582744] page_type: f5(slab) [ 14.582871] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.583104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.583418] page dumped because: kasan: bad access detected [ 14.583756] [ 14.583855] Memory state around the buggy address: [ 14.584095] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.584797] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.585057] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.585290] ^ [ 14.585604] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.586028] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.586375] ================================================================== [ 14.907043] ================================================================== [ 14.908080] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.909944] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.910971] [ 14.911172] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.911341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.911357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.911382] Call Trace: [ 14.911405] <TASK> [ 14.911429] dump_stack_lvl+0x73/0xb0 [ 14.911473] print_report+0xd1/0x650 [ 14.911498] ? __virt_addr_valid+0x1db/0x2d0 [ 14.911522] ? kasan_atomics_helper+0xac7/0x5450 [ 14.911546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.911568] ? kasan_atomics_helper+0xac7/0x5450 [ 14.911591] kasan_report+0x141/0x180 [ 14.911613] ? kasan_atomics_helper+0xac7/0x5450 [ 14.911897] kasan_check_range+0x10c/0x1c0 [ 14.911936] __kasan_check_write+0x18/0x20 [ 14.911959] kasan_atomics_helper+0xac7/0x5450 [ 14.911984] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.912007] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.912032] ? ret_from_fork_asm+0x1a/0x30 [ 14.912054] ? kasan_atomics+0x152/0x310 [ 14.912082] kasan_atomics+0x1dc/0x310 [ 14.912104] ? __pfx_kasan_atomics+0x10/0x10 [ 14.912129] ? __pfx_read_tsc+0x10/0x10 [ 14.912151] ? ktime_get_ts64+0x86/0x230 [ 14.912175] kunit_try_run_case+0x1a5/0x480 [ 14.912690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.912722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.912766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.912798] ? __kthread_parkme+0x82/0x180 [ 14.912862] ? preempt_count_sub+0x50/0x80 [ 14.912888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.912924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.912947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.912971] kthread+0x337/0x6f0 [ 14.912991] ? trace_preempt_on+0x20/0xc0 [ 14.913016] ? __pfx_kthread+0x10/0x10 [ 14.913037] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.913059] ? calculate_sigpending+0x7b/0xa0 [ 14.913083] ? __pfx_kthread+0x10/0x10 [ 14.913105] ret_from_fork+0x116/0x1d0 [ 14.913125] ? __pfx_kthread+0x10/0x10 [ 14.913145] ret_from_fork_asm+0x1a/0x30 [ 14.913177] </TASK> [ 14.913316] [ 14.929860] Allocated by task 282: [ 14.930077] kasan_save_stack+0x45/0x70 [ 14.930553] kasan_save_track+0x18/0x40 [ 14.930798] kasan_save_alloc_info+0x3b/0x50 [ 14.931250] __kasan_kmalloc+0xb7/0xc0 [ 14.931674] __kmalloc_cache_noprof+0x189/0x420 [ 14.932090] kasan_atomics+0x95/0x310 [ 14.932335] kunit_try_run_case+0x1a5/0x480 [ 14.932535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.933029] kthread+0x337/0x6f0 [ 14.933345] ret_from_fork+0x116/0x1d0 [ 14.933656] ret_from_fork_asm+0x1a/0x30 [ 14.934102] [ 14.934315] The buggy address belongs to the object at ffff888103991d00 [ 14.934315] which belongs to the cache kmalloc-64 of size 64 [ 14.935136] The buggy address is located 0 bytes to the right of [ 14.935136] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.936661] [ 14.936943] The buggy address belongs to the physical page: [ 14.937436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.937813] flags: 0x200000000000000(node=0|zone=2) [ 14.938575] page_type: f5(slab) [ 14.938888] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.939404] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.939978] page dumped because: kasan: bad access detected [ 14.940161] [ 14.940333] Memory state around the buggy address: [ 14.941011] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.941795] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.942514] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.942759] ^ [ 14.942919] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.943137] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.943368] ================================================================== [ 15.015117] ================================================================== [ 15.015935] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 15.016182] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.016423] [ 15.016520] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.016569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.016584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.016608] Call Trace: [ 15.016630] <TASK> [ 15.016651] dump_stack_lvl+0x73/0xb0 [ 15.016681] print_report+0xd1/0x650 [ 15.016705] ? __virt_addr_valid+0x1db/0x2d0 [ 15.016731] ? kasan_atomics_helper+0xd47/0x5450 [ 15.016753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.016776] ? kasan_atomics_helper+0xd47/0x5450 [ 15.016806] kasan_report+0x141/0x180 [ 15.016828] ? kasan_atomics_helper+0xd47/0x5450 [ 15.016854] kasan_check_range+0x10c/0x1c0 [ 15.016879] __kasan_check_write+0x18/0x20 [ 15.016897] kasan_atomics_helper+0xd47/0x5450 [ 15.016921] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.016943] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.016969] ? ret_from_fork_asm+0x1a/0x30 [ 15.016990] ? kasan_atomics+0x152/0x310 [ 15.017034] kasan_atomics+0x1dc/0x310 [ 15.017082] ? __pfx_kasan_atomics+0x10/0x10 [ 15.017106] ? __pfx_read_tsc+0x10/0x10 [ 15.017127] ? ktime_get_ts64+0x86/0x230 [ 15.017153] kunit_try_run_case+0x1a5/0x480 [ 15.017178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.017200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.017236] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.017259] ? __kthread_parkme+0x82/0x180 [ 15.017281] ? preempt_count_sub+0x50/0x80 [ 15.017304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.017328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.017351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.017375] kthread+0x337/0x6f0 [ 15.017394] ? trace_preempt_on+0x20/0xc0 [ 15.017418] ? __pfx_kthread+0x10/0x10 [ 15.017439] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.017479] ? calculate_sigpending+0x7b/0xa0 [ 15.017504] ? __pfx_kthread+0x10/0x10 [ 15.017525] ret_from_fork+0x116/0x1d0 [ 15.017545] ? __pfx_kthread+0x10/0x10 [ 15.017565] ret_from_fork_asm+0x1a/0x30 [ 15.017596] </TASK> [ 15.017609] [ 15.025535] Allocated by task 282: [ 15.025757] kasan_save_stack+0x45/0x70 [ 15.026081] kasan_save_track+0x18/0x40 [ 15.026311] kasan_save_alloc_info+0x3b/0x50 [ 15.026544] __kasan_kmalloc+0xb7/0xc0 [ 15.026741] __kmalloc_cache_noprof+0x189/0x420 [ 15.026929] kasan_atomics+0x95/0x310 [ 15.027060] kunit_try_run_case+0x1a5/0x480 [ 15.027313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.027562] kthread+0x337/0x6f0 [ 15.027732] ret_from_fork+0x116/0x1d0 [ 15.027914] ret_from_fork_asm+0x1a/0x30 [ 15.028050] [ 15.028121] The buggy address belongs to the object at ffff888103991d00 [ 15.028121] which belongs to the cache kmalloc-64 of size 64 [ 15.028866] The buggy address is located 0 bytes to the right of [ 15.028866] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.029401] [ 15.029481] The buggy address belongs to the physical page: [ 15.029789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.030157] flags: 0x200000000000000(node=0|zone=2) [ 15.030410] page_type: f5(slab) [ 15.030534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.030758] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.030977] page dumped because: kasan: bad access detected [ 15.031144] [ 15.031213] Memory state around the buggy address: [ 15.031454] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.031788] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.032120] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.032466] ^ [ 15.032622] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.032986] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.033330] ================================================================== [ 15.414107] ================================================================== [ 15.414431] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 15.414776] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.415073] [ 15.415169] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.415216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.415240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.415278] Call Trace: [ 15.415300] <TASK> [ 15.415321] dump_stack_lvl+0x73/0xb0 [ 15.415351] print_report+0xd1/0x650 [ 15.415375] ? __virt_addr_valid+0x1db/0x2d0 [ 15.415399] ? kasan_atomics_helper+0x151d/0x5450 [ 15.415420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.415442] ? kasan_atomics_helper+0x151d/0x5450 [ 15.415463] kasan_report+0x141/0x180 [ 15.415485] ? kasan_atomics_helper+0x151d/0x5450 [ 15.415512] kasan_check_range+0x10c/0x1c0 [ 15.415535] __kasan_check_write+0x18/0x20 [ 15.415555] kasan_atomics_helper+0x151d/0x5450 [ 15.415577] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.415600] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.415629] ? ret_from_fork_asm+0x1a/0x30 [ 15.415651] ? kasan_atomics+0x152/0x310 [ 15.415678] kasan_atomics+0x1dc/0x310 [ 15.415700] ? __pfx_kasan_atomics+0x10/0x10 [ 15.415725] ? __pfx_read_tsc+0x10/0x10 [ 15.415746] ? ktime_get_ts64+0x86/0x230 [ 15.415771] kunit_try_run_case+0x1a5/0x480 [ 15.415797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.415819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.415843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.415866] ? __kthread_parkme+0x82/0x180 [ 15.415886] ? preempt_count_sub+0x50/0x80 [ 15.415911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.415934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.415957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.415979] kthread+0x337/0x6f0 [ 15.416000] ? trace_preempt_on+0x20/0xc0 [ 15.416023] ? __pfx_kthread+0x10/0x10 [ 15.416044] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.416065] ? calculate_sigpending+0x7b/0xa0 [ 15.416089] ? __pfx_kthread+0x10/0x10 [ 15.416110] ret_from_fork+0x116/0x1d0 [ 15.416129] ? __pfx_kthread+0x10/0x10 [ 15.416150] ret_from_fork_asm+0x1a/0x30 [ 15.416179] </TASK> [ 15.416191] [ 15.423542] Allocated by task 282: [ 15.423753] kasan_save_stack+0x45/0x70 [ 15.423975] kasan_save_track+0x18/0x40 [ 15.424171] kasan_save_alloc_info+0x3b/0x50 [ 15.424551] __kasan_kmalloc+0xb7/0xc0 [ 15.424746] __kmalloc_cache_noprof+0x189/0x420 [ 15.424978] kasan_atomics+0x95/0x310 [ 15.425171] kunit_try_run_case+0x1a5/0x480 [ 15.425412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.425614] kthread+0x337/0x6f0 [ 15.425783] ret_from_fork+0x116/0x1d0 [ 15.425939] ret_from_fork_asm+0x1a/0x30 [ 15.426081] [ 15.426153] The buggy address belongs to the object at ffff888103991d00 [ 15.426153] which belongs to the cache kmalloc-64 of size 64 [ 15.426963] The buggy address is located 0 bytes to the right of [ 15.426963] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.427470] [ 15.427579] The buggy address belongs to the physical page: [ 15.427770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.428126] flags: 0x200000000000000(node=0|zone=2) [ 15.428370] page_type: f5(slab) [ 15.428501] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.428740] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.428989] page dumped because: kasan: bad access detected [ 15.429163] [ 15.429244] Memory state around the buggy address: [ 15.429470] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.430110] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.435822] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.436853] ^ [ 15.437409] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.437646] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.437866] ================================================================== [ 15.586489] ================================================================== [ 15.587276] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 15.587579] Write of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.587911] [ 15.588035] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.588096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.588109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.588134] Call Trace: [ 15.588156] <TASK> [ 15.588178] dump_stack_lvl+0x73/0xb0 [ 15.588208] print_report+0xd1/0x650 [ 15.588242] ? __virt_addr_valid+0x1db/0x2d0 [ 15.588266] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.588287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.588310] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.588332] kasan_report+0x141/0x180 [ 15.588354] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.588380] kasan_check_range+0x10c/0x1c0 [ 15.588404] __kasan_check_write+0x18/0x20 [ 15.588424] kasan_atomics_helper+0x19e3/0x5450 [ 15.588446] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.588468] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.588493] ? ret_from_fork_asm+0x1a/0x30 [ 15.588516] ? kasan_atomics+0x152/0x310 [ 15.588542] kasan_atomics+0x1dc/0x310 [ 15.588565] ? __pfx_kasan_atomics+0x10/0x10 [ 15.588601] ? __pfx_read_tsc+0x10/0x10 [ 15.588624] ? ktime_get_ts64+0x86/0x230 [ 15.588650] kunit_try_run_case+0x1a5/0x480 [ 15.588700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.588730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.588765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.588796] ? __kthread_parkme+0x82/0x180 [ 15.588818] ? preempt_count_sub+0x50/0x80 [ 15.588843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.588867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.588890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.588914] kthread+0x337/0x6f0 [ 15.588934] ? trace_preempt_on+0x20/0xc0 [ 15.588960] ? __pfx_kthread+0x10/0x10 [ 15.588981] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.589002] ? calculate_sigpending+0x7b/0xa0 [ 15.589027] ? __pfx_kthread+0x10/0x10 [ 15.589049] ret_from_fork+0x116/0x1d0 [ 15.589092] ? __pfx_kthread+0x10/0x10 [ 15.589113] ret_from_fork_asm+0x1a/0x30 [ 15.589144] </TASK> [ 15.589157] [ 15.597243] Allocated by task 282: [ 15.597468] kasan_save_stack+0x45/0x70 [ 15.597635] kasan_save_track+0x18/0x40 [ 15.597801] kasan_save_alloc_info+0x3b/0x50 [ 15.598027] __kasan_kmalloc+0xb7/0xc0 [ 15.598174] __kmalloc_cache_noprof+0x189/0x420 [ 15.598558] kasan_atomics+0x95/0x310 [ 15.598728] kunit_try_run_case+0x1a5/0x480 [ 15.598911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.599139] kthread+0x337/0x6f0 [ 15.599372] ret_from_fork+0x116/0x1d0 [ 15.599520] ret_from_fork_asm+0x1a/0x30 [ 15.599661] [ 15.599736] The buggy address belongs to the object at ffff888103991d00 [ 15.599736] which belongs to the cache kmalloc-64 of size 64 [ 15.600090] The buggy address is located 0 bytes to the right of [ 15.600090] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.600467] [ 15.600544] The buggy address belongs to the physical page: [ 15.600808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.601556] flags: 0x200000000000000(node=0|zone=2) [ 15.601806] page_type: f5(slab) [ 15.601977] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.602330] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.602722] page dumped because: kasan: bad access detected [ 15.603169] [ 15.603252] Memory state around the buggy address: [ 15.603489] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.603728] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.603947] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.604161] ^ [ 15.604533] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.604865] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.605185] ================================================================== [ 14.628590] ================================================================== [ 14.628930] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.629729] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.630424] [ 14.630615] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.630670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.630684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.630709] Call Trace: [ 14.630731] <TASK> [ 14.630753] dump_stack_lvl+0x73/0xb0 [ 14.630791] print_report+0xd1/0x650 [ 14.630816] ? __virt_addr_valid+0x1db/0x2d0 [ 14.630840] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.630865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.630888] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.630912] kasan_report+0x141/0x180 [ 14.630934] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.630961] __asan_report_store4_noabort+0x1b/0x30 [ 14.630982] kasan_atomics_helper+0x4b3a/0x5450 [ 14.631005] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.631027] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.631052] ? ret_from_fork_asm+0x1a/0x30 [ 14.631075] ? kasan_atomics+0x152/0x310 [ 14.631101] kasan_atomics+0x1dc/0x310 [ 14.631124] ? __pfx_kasan_atomics+0x10/0x10 [ 14.631148] ? __pfx_read_tsc+0x10/0x10 [ 14.631171] ? ktime_get_ts64+0x86/0x230 [ 14.631195] kunit_try_run_case+0x1a5/0x480 [ 14.631349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.631390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.631415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.631439] ? __kthread_parkme+0x82/0x180 [ 14.631509] ? preempt_count_sub+0x50/0x80 [ 14.631535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.631559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.631583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.631606] kthread+0x337/0x6f0 [ 14.631628] ? trace_preempt_on+0x20/0xc0 [ 14.631651] ? __pfx_kthread+0x10/0x10 [ 14.631673] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.631694] ? calculate_sigpending+0x7b/0xa0 [ 14.631719] ? __pfx_kthread+0x10/0x10 [ 14.631741] ret_from_fork+0x116/0x1d0 [ 14.631760] ? __pfx_kthread+0x10/0x10 [ 14.631781] ret_from_fork_asm+0x1a/0x30 [ 14.631813] </TASK> [ 14.631826] [ 14.647519] Allocated by task 282: [ 14.649056] kasan_save_stack+0x45/0x70 [ 14.649781] kasan_save_track+0x18/0x40 [ 14.650693] kasan_save_alloc_info+0x3b/0x50 [ 14.651174] __kasan_kmalloc+0xb7/0xc0 [ 14.651844] __kmalloc_cache_noprof+0x189/0x420 [ 14.652019] kasan_atomics+0x95/0x310 [ 14.652159] kunit_try_run_case+0x1a5/0x480 [ 14.653388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.654047] kthread+0x337/0x6f0 [ 14.654568] ret_from_fork+0x116/0x1d0 [ 14.655138] ret_from_fork_asm+0x1a/0x30 [ 14.655670] [ 14.655981] The buggy address belongs to the object at ffff888103991d00 [ 14.655981] which belongs to the cache kmalloc-64 of size 64 [ 14.656767] The buggy address is located 0 bytes to the right of [ 14.656767] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.657164] [ 14.657274] The buggy address belongs to the physical page: [ 14.657946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.658739] flags: 0x200000000000000(node=0|zone=2) [ 14.658927] page_type: f5(slab) [ 14.659084] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.660024] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.660671] page dumped because: kasan: bad access detected [ 14.660860] [ 14.660935] Memory state around the buggy address: [ 14.661099] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.661715] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.662836] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.663604] ^ [ 14.664055] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.664780] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.665515] ================================================================== [ 14.944406] ================================================================== [ 14.945049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.945723] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.946500] [ 14.946762] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.946819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.946833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.946858] Call Trace: [ 14.946879] <TASK> [ 14.946902] dump_stack_lvl+0x73/0xb0 [ 14.946938] print_report+0xd1/0x650 [ 14.946963] ? __virt_addr_valid+0x1db/0x2d0 [ 14.946986] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.947008] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.947032] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.947053] kasan_report+0x141/0x180 [ 14.947076] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.947103] kasan_check_range+0x10c/0x1c0 [ 14.947127] __kasan_check_write+0x18/0x20 [ 14.947147] kasan_atomics_helper+0xb6a/0x5450 [ 14.947169] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.947192] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.947230] ? ret_from_fork_asm+0x1a/0x30 [ 14.947298] ? kasan_atomics+0x152/0x310 [ 14.947327] kasan_atomics+0x1dc/0x310 [ 14.947352] ? __pfx_kasan_atomics+0x10/0x10 [ 14.947376] ? __pfx_read_tsc+0x10/0x10 [ 14.947397] ? ktime_get_ts64+0x86/0x230 [ 14.947422] kunit_try_run_case+0x1a5/0x480 [ 14.947448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.947470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.947495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.947518] ? __kthread_parkme+0x82/0x180 [ 14.947540] ? preempt_count_sub+0x50/0x80 [ 14.947564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.947587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.947611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.947634] kthread+0x337/0x6f0 [ 14.947654] ? trace_preempt_on+0x20/0xc0 [ 14.947679] ? __pfx_kthread+0x10/0x10 [ 14.947700] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.947722] ? calculate_sigpending+0x7b/0xa0 [ 14.947747] ? __pfx_kthread+0x10/0x10 [ 14.947771] ret_from_fork+0x116/0x1d0 [ 14.947792] ? __pfx_kthread+0x10/0x10 [ 14.947815] ret_from_fork_asm+0x1a/0x30 [ 14.947847] </TASK> [ 14.947860] [ 14.962820] Allocated by task 282: [ 14.962996] kasan_save_stack+0x45/0x70 [ 14.963162] kasan_save_track+0x18/0x40 [ 14.963675] kasan_save_alloc_info+0x3b/0x50 [ 14.963875] __kasan_kmalloc+0xb7/0xc0 [ 14.964050] __kmalloc_cache_noprof+0x189/0x420 [ 14.964603] kasan_atomics+0x95/0x310 [ 14.964885] kunit_try_run_case+0x1a5/0x480 [ 14.965245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.965668] kthread+0x337/0x6f0 [ 14.965865] ret_from_fork+0x116/0x1d0 [ 14.966208] ret_from_fork_asm+0x1a/0x30 [ 14.966714] [ 14.966888] The buggy address belongs to the object at ffff888103991d00 [ 14.966888] which belongs to the cache kmalloc-64 of size 64 [ 14.967915] The buggy address is located 0 bytes to the right of [ 14.967915] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.968700] [ 14.968947] The buggy address belongs to the physical page: [ 14.969397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.969743] flags: 0x200000000000000(node=0|zone=2) [ 14.969975] page_type: f5(slab) [ 14.970142] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.971869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.972480] page dumped because: kasan: bad access detected [ 14.972718] [ 14.972817] Memory state around the buggy address: [ 14.973032] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.973791] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.974344] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.975000] ^ [ 14.975574] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.975987] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.976550] ================================================================== [ 14.547519] ================================================================== [ 14.547807] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 14.548163] Write of size 4 at addr ffff888103991d30 by task kunit_try_catch/282 [ 14.548543] [ 14.548670] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.548723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.548736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.548761] Call Trace: [ 14.548783] <TASK> [ 14.548812] dump_stack_lvl+0x73/0xb0 [ 14.548845] print_report+0xd1/0x650 [ 14.548870] ? __virt_addr_valid+0x1db/0x2d0 [ 14.548894] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.548915] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.548938] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.548960] kasan_report+0x141/0x180 [ 14.548982] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.549009] __asan_report_store4_noabort+0x1b/0x30 [ 14.549029] kasan_atomics_helper+0x4b6e/0x5450 [ 14.549052] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.549074] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.549099] ? ret_from_fork_asm+0x1a/0x30 [ 14.549122] ? kasan_atomics+0x152/0x310 [ 14.549148] kasan_atomics+0x1dc/0x310 [ 14.549171] ? __pfx_kasan_atomics+0x10/0x10 [ 14.549196] ? __pfx_read_tsc+0x10/0x10 [ 14.549231] ? ktime_get_ts64+0x86/0x230 [ 14.549256] kunit_try_run_case+0x1a5/0x480 [ 14.549283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.549306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.549330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.549353] ? __kthread_parkme+0x82/0x180 [ 14.549375] ? preempt_count_sub+0x50/0x80 [ 14.549399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.549423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.549446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.549469] kthread+0x337/0x6f0 [ 14.549489] ? trace_preempt_on+0x20/0xc0 [ 14.549535] ? __pfx_kthread+0x10/0x10 [ 14.549557] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.549579] ? calculate_sigpending+0x7b/0xa0 [ 14.549604] ? __pfx_kthread+0x10/0x10 [ 14.549627] ret_from_fork+0x116/0x1d0 [ 14.549646] ? __pfx_kthread+0x10/0x10 [ 14.549667] ret_from_fork_asm+0x1a/0x30 [ 14.549699] </TASK> [ 14.549711] [ 14.557499] Allocated by task 282: [ 14.557664] kasan_save_stack+0x45/0x70 [ 14.557876] kasan_save_track+0x18/0x40 [ 14.558070] kasan_save_alloc_info+0x3b/0x50 [ 14.558289] __kasan_kmalloc+0xb7/0xc0 [ 14.558548] __kmalloc_cache_noprof+0x189/0x420 [ 14.558784] kasan_atomics+0x95/0x310 [ 14.558974] kunit_try_run_case+0x1a5/0x480 [ 14.559170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.559471] kthread+0x337/0x6f0 [ 14.559629] ret_from_fork+0x116/0x1d0 [ 14.559809] ret_from_fork_asm+0x1a/0x30 [ 14.559976] [ 14.560074] The buggy address belongs to the object at ffff888103991d00 [ 14.560074] which belongs to the cache kmalloc-64 of size 64 [ 14.561199] The buggy address is located 0 bytes to the right of [ 14.561199] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 14.561809] [ 14.561887] The buggy address belongs to the physical page: [ 14.562064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 14.562377] flags: 0x200000000000000(node=0|zone=2) [ 14.562614] page_type: f5(slab) [ 14.562782] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.563263] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.563536] page dumped because: kasan: bad access detected [ 14.563712] [ 14.563784] Memory state around the buggy address: [ 14.563984] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.564386] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.564716] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.565043] ^ [ 14.565300] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.565620] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.565867] ================================================================== [ 15.357213] ================================================================== [ 15.357907] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 15.358727] Read of size 8 at addr ffff888103991d30 by task kunit_try_catch/282 [ 15.359002] [ 15.359184] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.359254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.359267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.359306] Call Trace: [ 15.359328] <TASK> [ 15.359351] dump_stack_lvl+0x73/0xb0 [ 15.359384] print_report+0xd1/0x650 [ 15.359415] ? __virt_addr_valid+0x1db/0x2d0 [ 15.359439] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.359462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.359484] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.359507] kasan_report+0x141/0x180 [ 15.359529] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.359556] __asan_report_load8_noabort+0x18/0x20 [ 15.359581] kasan_atomics_helper+0x4eae/0x5450 [ 15.359604] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.359626] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.359652] ? ret_from_fork_asm+0x1a/0x30 [ 15.359674] ? kasan_atomics+0x152/0x310 [ 15.359700] kasan_atomics+0x1dc/0x310 [ 15.359723] ? __pfx_kasan_atomics+0x10/0x10 [ 15.359747] ? __pfx_read_tsc+0x10/0x10 [ 15.359769] ? ktime_get_ts64+0x86/0x230 [ 15.359797] kunit_try_run_case+0x1a5/0x480 [ 15.359822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.359845] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.359870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.359893] ? __kthread_parkme+0x82/0x180 [ 15.359914] ? preempt_count_sub+0x50/0x80 [ 15.359939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.359963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.359986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.360010] kthread+0x337/0x6f0 [ 15.360029] ? trace_preempt_on+0x20/0xc0 [ 15.360053] ? __pfx_kthread+0x10/0x10 [ 15.360074] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.360096] ? calculate_sigpending+0x7b/0xa0 [ 15.360121] ? __pfx_kthread+0x10/0x10 [ 15.360143] ret_from_fork+0x116/0x1d0 [ 15.360161] ? __pfx_kthread+0x10/0x10 [ 15.360183] ret_from_fork_asm+0x1a/0x30 [ 15.360215] </TASK> [ 15.360240] [ 15.369698] Allocated by task 282: [ 15.369875] kasan_save_stack+0x45/0x70 [ 15.370031] kasan_save_track+0x18/0x40 [ 15.370240] kasan_save_alloc_info+0x3b/0x50 [ 15.370541] __kasan_kmalloc+0xb7/0xc0 [ 15.370706] __kmalloc_cache_noprof+0x189/0x420 [ 15.370909] kasan_atomics+0x95/0x310 [ 15.371087] kunit_try_run_case+0x1a5/0x480 [ 15.371331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.371545] kthread+0x337/0x6f0 [ 15.371713] ret_from_fork+0x116/0x1d0 [ 15.371847] ret_from_fork_asm+0x1a/0x30 [ 15.371989] [ 15.372074] The buggy address belongs to the object at ffff888103991d00 [ 15.372074] which belongs to the cache kmalloc-64 of size 64 [ 15.372739] The buggy address is located 0 bytes to the right of [ 15.372739] allocated 48-byte region [ffff888103991d00, ffff888103991d30) [ 15.373172] [ 15.373257] The buggy address belongs to the physical page: [ 15.373449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103991 [ 15.373905] flags: 0x200000000000000(node=0|zone=2) [ 15.374150] page_type: f5(slab) [ 15.374341] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.374664] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.374961] page dumped because: kasan: bad access detected [ 15.375188] [ 15.375319] Memory state around the buggy address: [ 15.375484] ffff888103991c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.375767] ffff888103991c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.376094] >ffff888103991d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.376421] ^ [ 15.376625] ffff888103991d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.376925] ffff888103991e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.377198] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 14.398793] ================================================================== [ 14.399626] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.400535] Read of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.401324] [ 14.401535] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.401585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.401599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.401622] Call Trace: [ 14.401643] <TASK> [ 14.401664] dump_stack_lvl+0x73/0xb0 [ 14.401697] print_report+0xd1/0x650 [ 14.401721] ? __virt_addr_valid+0x1db/0x2d0 [ 14.401743] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.401770] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.401792] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.401820] kasan_report+0x141/0x180 [ 14.401842] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.401872] kasan_check_range+0x10c/0x1c0 [ 14.401895] __kasan_check_read+0x15/0x20 [ 14.401914] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.401941] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.401968] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.401992] ? trace_hardirqs_on+0x37/0xe0 [ 14.402015] ? kasan_bitops_generic+0x92/0x1c0 [ 14.402041] kasan_bitops_generic+0x121/0x1c0 [ 14.402064] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.402088] ? __pfx_read_tsc+0x10/0x10 [ 14.402109] ? ktime_get_ts64+0x86/0x230 [ 14.402132] kunit_try_run_case+0x1a5/0x480 [ 14.402157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.402177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.402202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.402234] ? __kthread_parkme+0x82/0x180 [ 14.402269] ? preempt_count_sub+0x50/0x80 [ 14.402292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.402315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.402348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.402370] kthread+0x337/0x6f0 [ 14.402390] ? trace_preempt_on+0x20/0xc0 [ 14.402411] ? __pfx_kthread+0x10/0x10 [ 14.402431] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.402452] ? calculate_sigpending+0x7b/0xa0 [ 14.402475] ? __pfx_kthread+0x10/0x10 [ 14.402495] ret_from_fork+0x116/0x1d0 [ 14.402513] ? __pfx_kthread+0x10/0x10 [ 14.402533] ret_from_fork_asm+0x1a/0x30 [ 14.402563] </TASK> [ 14.402574] [ 14.414274] Allocated by task 278: [ 14.414582] kasan_save_stack+0x45/0x70 [ 14.414787] kasan_save_track+0x18/0x40 [ 14.415028] kasan_save_alloc_info+0x3b/0x50 [ 14.415183] __kasan_kmalloc+0xb7/0xc0 [ 14.415382] __kmalloc_cache_noprof+0x189/0x420 [ 14.415772] kasan_bitops_generic+0x92/0x1c0 [ 14.415954] kunit_try_run_case+0x1a5/0x480 [ 14.416102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.416467] kthread+0x337/0x6f0 [ 14.416649] ret_from_fork+0x116/0x1d0 [ 14.416902] ret_from_fork_asm+0x1a/0x30 [ 14.417079] [ 14.417155] The buggy address belongs to the object at ffff88810298e120 [ 14.417155] which belongs to the cache kmalloc-16 of size 16 [ 14.417812] The buggy address is located 8 bytes inside of [ 14.417812] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.418178] [ 14.418286] The buggy address belongs to the physical page: [ 14.418623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.418993] flags: 0x200000000000000(node=0|zone=2) [ 14.419242] page_type: f5(slab) [ 14.419410] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.419747] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.419978] page dumped because: kasan: bad access detected [ 14.420199] [ 14.420326] Memory state around the buggy address: [ 14.420799] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.421176] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.421550] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.421818] ^ [ 14.422086] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.422488] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.422723] ================================================================== [ 14.262741] ================================================================== [ 14.263893] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.264300] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.264611] [ 14.264705] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.264754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.264767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.264801] Call Trace: [ 14.264821] <TASK> [ 14.264841] dump_stack_lvl+0x73/0xb0 [ 14.264872] print_report+0xd1/0x650 [ 14.264895] ? __virt_addr_valid+0x1db/0x2d0 [ 14.264919] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.264945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.264966] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.264992] kasan_report+0x141/0x180 [ 14.265013] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.265043] kasan_check_range+0x10c/0x1c0 [ 14.265066] __kasan_check_write+0x18/0x20 [ 14.265085] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.265111] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.265136] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.265161] ? trace_hardirqs_on+0x37/0xe0 [ 14.265183] ? kasan_bitops_generic+0x92/0x1c0 [ 14.265209] kasan_bitops_generic+0x121/0x1c0 [ 14.265244] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.265279] ? __pfx_read_tsc+0x10/0x10 [ 14.265300] ? ktime_get_ts64+0x86/0x230 [ 14.265323] kunit_try_run_case+0x1a5/0x480 [ 14.265348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.265369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.265392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.265414] ? __kthread_parkme+0x82/0x180 [ 14.265434] ? preempt_count_sub+0x50/0x80 [ 14.265458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.265481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.265502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.265524] kthread+0x337/0x6f0 [ 14.265543] ? trace_preempt_on+0x20/0xc0 [ 14.265564] ? __pfx_kthread+0x10/0x10 [ 14.265583] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.265603] ? calculate_sigpending+0x7b/0xa0 [ 14.265627] ? __pfx_kthread+0x10/0x10 [ 14.265647] ret_from_fork+0x116/0x1d0 [ 14.265665] ? __pfx_kthread+0x10/0x10 [ 14.265684] ret_from_fork_asm+0x1a/0x30 [ 14.265715] </TASK> [ 14.265727] [ 14.274811] Allocated by task 278: [ 14.274997] kasan_save_stack+0x45/0x70 [ 14.275210] kasan_save_track+0x18/0x40 [ 14.275391] kasan_save_alloc_info+0x3b/0x50 [ 14.275540] __kasan_kmalloc+0xb7/0xc0 [ 14.275672] __kmalloc_cache_noprof+0x189/0x420 [ 14.276023] kasan_bitops_generic+0x92/0x1c0 [ 14.276242] kunit_try_run_case+0x1a5/0x480 [ 14.276465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.276643] kthread+0x337/0x6f0 [ 14.276770] ret_from_fork+0x116/0x1d0 [ 14.276933] ret_from_fork_asm+0x1a/0x30 [ 14.277135] [ 14.277242] The buggy address belongs to the object at ffff88810298e120 [ 14.277242] which belongs to the cache kmalloc-16 of size 16 [ 14.277770] The buggy address is located 8 bytes inside of [ 14.277770] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.278247] [ 14.278356] The buggy address belongs to the physical page: [ 14.278592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.278918] flags: 0x200000000000000(node=0|zone=2) [ 14.279118] page_type: f5(slab) [ 14.279261] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.279612] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.279947] page dumped because: kasan: bad access detected [ 14.280150] [ 14.280251] Memory state around the buggy address: [ 14.280438] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.280734] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.281023] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.281391] ^ [ 14.281582] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.281819] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.282033] ================================================================== [ 14.368746] ================================================================== [ 14.369048] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.370093] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.370428] [ 14.370548] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.370599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.370611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.370633] Call Trace: [ 14.370653] <TASK> [ 14.370673] dump_stack_lvl+0x73/0xb0 [ 14.370706] print_report+0xd1/0x650 [ 14.370729] ? __virt_addr_valid+0x1db/0x2d0 [ 14.370752] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.370778] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.370800] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.370826] kasan_report+0x141/0x180 [ 14.370847] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.370877] kasan_check_range+0x10c/0x1c0 [ 14.370900] __kasan_check_write+0x18/0x20 [ 14.370919] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.370949] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.370976] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.371000] ? trace_hardirqs_on+0x37/0xe0 [ 14.371021] ? kasan_bitops_generic+0x92/0x1c0 [ 14.371048] kasan_bitops_generic+0x121/0x1c0 [ 14.371071] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.371094] ? __pfx_read_tsc+0x10/0x10 [ 14.371115] ? ktime_get_ts64+0x86/0x230 [ 14.371137] kunit_try_run_case+0x1a5/0x480 [ 14.371161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.371183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.371205] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.371242] ? __kthread_parkme+0x82/0x180 [ 14.371263] ? preempt_count_sub+0x50/0x80 [ 14.371286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.371308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.371329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.371352] kthread+0x337/0x6f0 [ 14.371370] ? trace_preempt_on+0x20/0xc0 [ 14.371390] ? __pfx_kthread+0x10/0x10 [ 14.371410] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.371430] ? calculate_sigpending+0x7b/0xa0 [ 14.371453] ? __pfx_kthread+0x10/0x10 [ 14.371473] ret_from_fork+0x116/0x1d0 [ 14.371491] ? __pfx_kthread+0x10/0x10 [ 14.371511] ret_from_fork_asm+0x1a/0x30 [ 14.371542] </TASK> [ 14.371554] [ 14.384294] Allocated by task 278: [ 14.384659] kasan_save_stack+0x45/0x70 [ 14.385037] kasan_save_track+0x18/0x40 [ 14.385421] kasan_save_alloc_info+0x3b/0x50 [ 14.385797] __kasan_kmalloc+0xb7/0xc0 [ 14.386131] __kmalloc_cache_noprof+0x189/0x420 [ 14.386569] kasan_bitops_generic+0x92/0x1c0 [ 14.386944] kunit_try_run_case+0x1a5/0x480 [ 14.387361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.387816] kthread+0x337/0x6f0 [ 14.388103] ret_from_fork+0x116/0x1d0 [ 14.388338] ret_from_fork_asm+0x1a/0x30 [ 14.388706] [ 14.388873] The buggy address belongs to the object at ffff88810298e120 [ 14.388873] which belongs to the cache kmalloc-16 of size 16 [ 14.389682] The buggy address is located 8 bytes inside of [ 14.389682] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.390612] [ 14.390696] The buggy address belongs to the physical page: [ 14.390871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.391118] flags: 0x200000000000000(node=0|zone=2) [ 14.391489] page_type: f5(slab) [ 14.391844] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.392687] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.393429] page dumped because: kasan: bad access detected [ 14.393938] [ 14.394104] Memory state around the buggy address: [ 14.394599] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.395232] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.395507] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.396130] ^ [ 14.396561] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.397064] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.397518] ================================================================== [ 14.323799] ================================================================== [ 14.324156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.324809] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.325585] [ 14.325812] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.325868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.325882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.325905] Call Trace: [ 14.326013] <TASK> [ 14.326039] dump_stack_lvl+0x73/0xb0 [ 14.326076] print_report+0xd1/0x650 [ 14.326100] ? __virt_addr_valid+0x1db/0x2d0 [ 14.326124] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.326149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.326171] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.326197] kasan_report+0x141/0x180 [ 14.326229] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.326274] kasan_check_range+0x10c/0x1c0 [ 14.326297] __kasan_check_write+0x18/0x20 [ 14.326315] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.326341] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.326367] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.326392] ? trace_hardirqs_on+0x37/0xe0 [ 14.326414] ? kasan_bitops_generic+0x92/0x1c0 [ 14.326440] kasan_bitops_generic+0x121/0x1c0 [ 14.326462] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.326485] ? __pfx_read_tsc+0x10/0x10 [ 14.326506] ? ktime_get_ts64+0x86/0x230 [ 14.326529] kunit_try_run_case+0x1a5/0x480 [ 14.326553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.326575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.326598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.326619] ? __kthread_parkme+0x82/0x180 [ 14.326639] ? preempt_count_sub+0x50/0x80 [ 14.326662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.326685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.326707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.326728] kthread+0x337/0x6f0 [ 14.326747] ? trace_preempt_on+0x20/0xc0 [ 14.326769] ? __pfx_kthread+0x10/0x10 [ 14.326789] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.326808] ? calculate_sigpending+0x7b/0xa0 [ 14.326832] ? __pfx_kthread+0x10/0x10 [ 14.326853] ret_from_fork+0x116/0x1d0 [ 14.326871] ? __pfx_kthread+0x10/0x10 [ 14.326890] ret_from_fork_asm+0x1a/0x30 [ 14.326921] </TASK> [ 14.326933] [ 14.338122] Allocated by task 278: [ 14.338530] kasan_save_stack+0x45/0x70 [ 14.338840] kasan_save_track+0x18/0x40 [ 14.339125] kasan_save_alloc_info+0x3b/0x50 [ 14.339512] __kasan_kmalloc+0xb7/0xc0 [ 14.339789] __kmalloc_cache_noprof+0x189/0x420 [ 14.340057] kasan_bitops_generic+0x92/0x1c0 [ 14.340253] kunit_try_run_case+0x1a5/0x480 [ 14.340627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.340893] kthread+0x337/0x6f0 [ 14.341057] ret_from_fork+0x116/0x1d0 [ 14.341522] ret_from_fork_asm+0x1a/0x30 [ 14.341735] [ 14.341965] The buggy address belongs to the object at ffff88810298e120 [ 14.341965] which belongs to the cache kmalloc-16 of size 16 [ 14.342629] The buggy address is located 8 bytes inside of [ 14.342629] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.343215] [ 14.343388] The buggy address belongs to the physical page: [ 14.343841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.344202] flags: 0x200000000000000(node=0|zone=2) [ 14.344588] page_type: f5(slab) [ 14.344859] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.345272] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.345697] page dumped because: kasan: bad access detected [ 14.346013] [ 14.346095] Memory state around the buggy address: [ 14.346539] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.346931] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.347238] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.347673] ^ [ 14.347972] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.348403] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.348816] ================================================================== [ 14.302401] ================================================================== [ 14.302687] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.303076] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.303525] [ 14.303617] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.303664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.303676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.303699] Call Trace: [ 14.303720] <TASK> [ 14.303740] dump_stack_lvl+0x73/0xb0 [ 14.303772] print_report+0xd1/0x650 [ 14.303795] ? __virt_addr_valid+0x1db/0x2d0 [ 14.303819] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.303845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.303867] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.303894] kasan_report+0x141/0x180 [ 14.303915] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.303946] kasan_check_range+0x10c/0x1c0 [ 14.303968] __kasan_check_write+0x18/0x20 [ 14.303988] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.304015] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.304042] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.304065] ? trace_hardirqs_on+0x37/0xe0 [ 14.304087] ? kasan_bitops_generic+0x92/0x1c0 [ 14.304112] kasan_bitops_generic+0x121/0x1c0 [ 14.304140] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.304165] ? __pfx_read_tsc+0x10/0x10 [ 14.304186] ? ktime_get_ts64+0x86/0x230 [ 14.304210] kunit_try_run_case+0x1a5/0x480 [ 14.304248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.304775] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.304814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.304836] ? __kthread_parkme+0x82/0x180 [ 14.304857] ? preempt_count_sub+0x50/0x80 [ 14.304880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.304903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.304927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.304948] kthread+0x337/0x6f0 [ 14.304968] ? trace_preempt_on+0x20/0xc0 [ 14.304989] ? __pfx_kthread+0x10/0x10 [ 14.305009] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.305029] ? calculate_sigpending+0x7b/0xa0 [ 14.305053] ? __pfx_kthread+0x10/0x10 [ 14.305073] ret_from_fork+0x116/0x1d0 [ 14.305093] ? __pfx_kthread+0x10/0x10 [ 14.305112] ret_from_fork_asm+0x1a/0x30 [ 14.305143] </TASK> [ 14.305154] [ 14.313701] Allocated by task 278: [ 14.313918] kasan_save_stack+0x45/0x70 [ 14.314118] kasan_save_track+0x18/0x40 [ 14.314342] kasan_save_alloc_info+0x3b/0x50 [ 14.314545] __kasan_kmalloc+0xb7/0xc0 [ 14.314690] __kmalloc_cache_noprof+0x189/0x420 [ 14.314846] kasan_bitops_generic+0x92/0x1c0 [ 14.314994] kunit_try_run_case+0x1a5/0x480 [ 14.315154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.315412] kthread+0x337/0x6f0 [ 14.315617] ret_from_fork+0x116/0x1d0 [ 14.315801] ret_from_fork_asm+0x1a/0x30 [ 14.316134] [ 14.316206] The buggy address belongs to the object at ffff88810298e120 [ 14.316206] which belongs to the cache kmalloc-16 of size 16 [ 14.316780] The buggy address is located 8 bytes inside of [ 14.316780] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.317144] [ 14.317229] The buggy address belongs to the physical page: [ 14.317487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.317849] flags: 0x200000000000000(node=0|zone=2) [ 14.318186] page_type: f5(slab) [ 14.318499] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.318877] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.319102] page dumped because: kasan: bad access detected [ 14.319379] [ 14.319476] Memory state around the buggy address: [ 14.319696] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.320008] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.320377] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.320591] ^ [ 14.320734] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.320949] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.321208] ================================================================== [ 14.349755] ================================================================== [ 14.350424] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.350809] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.351063] [ 14.351184] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.351248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.351274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.351298] Call Trace: [ 14.351319] <TASK> [ 14.351339] dump_stack_lvl+0x73/0xb0 [ 14.351370] print_report+0xd1/0x650 [ 14.351393] ? __virt_addr_valid+0x1db/0x2d0 [ 14.351416] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.351441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.351462] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.351488] kasan_report+0x141/0x180 [ 14.351510] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.351540] kasan_check_range+0x10c/0x1c0 [ 14.351562] __kasan_check_write+0x18/0x20 [ 14.351580] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.351607] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.351632] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.351656] ? trace_hardirqs_on+0x37/0xe0 [ 14.351678] ? kasan_bitops_generic+0x92/0x1c0 [ 14.351704] kasan_bitops_generic+0x121/0x1c0 [ 14.351727] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.351751] ? __pfx_read_tsc+0x10/0x10 [ 14.351771] ? ktime_get_ts64+0x86/0x230 [ 14.351794] kunit_try_run_case+0x1a5/0x480 [ 14.351817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.351839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.351861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.351883] ? __kthread_parkme+0x82/0x180 [ 14.351902] ? preempt_count_sub+0x50/0x80 [ 14.351926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.351947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.351969] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.351991] kthread+0x337/0x6f0 [ 14.352009] ? trace_preempt_on+0x20/0xc0 [ 14.352030] ? __pfx_kthread+0x10/0x10 [ 14.352049] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.352068] ? calculate_sigpending+0x7b/0xa0 [ 14.352091] ? __pfx_kthread+0x10/0x10 [ 14.352112] ret_from_fork+0x116/0x1d0 [ 14.352129] ? __pfx_kthread+0x10/0x10 [ 14.352148] ret_from_fork_asm+0x1a/0x30 [ 14.352178] </TASK> [ 14.352189] [ 14.360140] Allocated by task 278: [ 14.360348] kasan_save_stack+0x45/0x70 [ 14.360554] kasan_save_track+0x18/0x40 [ 14.360758] kasan_save_alloc_info+0x3b/0x50 [ 14.360928] __kasan_kmalloc+0xb7/0xc0 [ 14.361114] __kmalloc_cache_noprof+0x189/0x420 [ 14.361297] kasan_bitops_generic+0x92/0x1c0 [ 14.361526] kunit_try_run_case+0x1a5/0x480 [ 14.361718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.361890] kthread+0x337/0x6f0 [ 14.362061] ret_from_fork+0x116/0x1d0 [ 14.362258] ret_from_fork_asm+0x1a/0x30 [ 14.362551] [ 14.362641] The buggy address belongs to the object at ffff88810298e120 [ 14.362641] which belongs to the cache kmalloc-16 of size 16 [ 14.363271] The buggy address is located 8 bytes inside of [ 14.363271] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.363775] [ 14.363879] The buggy address belongs to the physical page: [ 14.364069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.364324] flags: 0x200000000000000(node=0|zone=2) [ 14.364491] page_type: f5(slab) [ 14.364613] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.364927] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.365273] page dumped because: kasan: bad access detected [ 14.365531] [ 14.365622] Memory state around the buggy address: [ 14.365844] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.366085] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.366467] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.366781] ^ [ 14.366956] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.367171] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.367659] ================================================================== [ 14.237668] ================================================================== [ 14.238330] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.238874] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.239256] [ 14.239741] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.239797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.239810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.239833] Call Trace: [ 14.239855] <TASK> [ 14.239876] dump_stack_lvl+0x73/0xb0 [ 14.239912] print_report+0xd1/0x650 [ 14.239936] ? __virt_addr_valid+0x1db/0x2d0 [ 14.239958] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.239985] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.240009] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.240035] kasan_report+0x141/0x180 [ 14.240055] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.240087] kasan_check_range+0x10c/0x1c0 [ 14.240110] __kasan_check_write+0x18/0x20 [ 14.240128] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.240154] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.240180] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.240204] ? trace_hardirqs_on+0x37/0xe0 [ 14.240239] ? kasan_bitops_generic+0x92/0x1c0 [ 14.240278] kasan_bitops_generic+0x121/0x1c0 [ 14.240301] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.240325] ? __pfx_read_tsc+0x10/0x10 [ 14.240345] ? ktime_get_ts64+0x86/0x230 [ 14.240369] kunit_try_run_case+0x1a5/0x480 [ 14.240392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.240413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.240436] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.240458] ? __kthread_parkme+0x82/0x180 [ 14.240479] ? preempt_count_sub+0x50/0x80 [ 14.240501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.240523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.240545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.240566] kthread+0x337/0x6f0 [ 14.240585] ? trace_preempt_on+0x20/0xc0 [ 14.240607] ? __pfx_kthread+0x10/0x10 [ 14.240627] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.240648] ? calculate_sigpending+0x7b/0xa0 [ 14.240672] ? __pfx_kthread+0x10/0x10 [ 14.240693] ret_from_fork+0x116/0x1d0 [ 14.240710] ? __pfx_kthread+0x10/0x10 [ 14.240729] ret_from_fork_asm+0x1a/0x30 [ 14.240760] </TASK> [ 14.240772] [ 14.252934] Allocated by task 278: [ 14.253245] kasan_save_stack+0x45/0x70 [ 14.253580] kasan_save_track+0x18/0x40 [ 14.253769] kasan_save_alloc_info+0x3b/0x50 [ 14.253955] __kasan_kmalloc+0xb7/0xc0 [ 14.254140] __kmalloc_cache_noprof+0x189/0x420 [ 14.254380] kasan_bitops_generic+0x92/0x1c0 [ 14.254940] kunit_try_run_case+0x1a5/0x480 [ 14.255236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.255596] kthread+0x337/0x6f0 [ 14.255869] ret_from_fork+0x116/0x1d0 [ 14.256120] ret_from_fork_asm+0x1a/0x30 [ 14.256487] [ 14.256580] The buggy address belongs to the object at ffff88810298e120 [ 14.256580] which belongs to the cache kmalloc-16 of size 16 [ 14.257297] The buggy address is located 8 bytes inside of [ 14.257297] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.257779] [ 14.257874] The buggy address belongs to the physical page: [ 14.258117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.258441] flags: 0x200000000000000(node=0|zone=2) [ 14.258606] page_type: f5(slab) [ 14.258889] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.259248] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.259547] page dumped because: kasan: bad access detected [ 14.259811] [ 14.259920] Memory state around the buggy address: [ 14.260138] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.260433] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.260734] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.261037] ^ [ 14.261244] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.261459] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.261875] ================================================================== [ 14.282751] ================================================================== [ 14.283779] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.284130] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.284570] [ 14.284690] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.284738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.284751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.284774] Call Trace: [ 14.284803] <TASK> [ 14.284824] dump_stack_lvl+0x73/0xb0 [ 14.284855] print_report+0xd1/0x650 [ 14.284877] ? __virt_addr_valid+0x1db/0x2d0 [ 14.284901] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.284927] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.284948] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.284974] kasan_report+0x141/0x180 [ 14.284995] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.285025] kasan_check_range+0x10c/0x1c0 [ 14.285048] __kasan_check_write+0x18/0x20 [ 14.285067] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.285093] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.285120] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.285143] ? trace_hardirqs_on+0x37/0xe0 [ 14.285165] ? kasan_bitops_generic+0x92/0x1c0 [ 14.285192] kasan_bitops_generic+0x121/0x1c0 [ 14.285214] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.285251] ? __pfx_read_tsc+0x10/0x10 [ 14.285346] ? ktime_get_ts64+0x86/0x230 [ 14.285370] kunit_try_run_case+0x1a5/0x480 [ 14.285395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.285416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.285439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.285461] ? __kthread_parkme+0x82/0x180 [ 14.285481] ? preempt_count_sub+0x50/0x80 [ 14.285503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.285526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.285547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.285569] kthread+0x337/0x6f0 [ 14.285588] ? trace_preempt_on+0x20/0xc0 [ 14.285618] ? __pfx_kthread+0x10/0x10 [ 14.285638] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.285658] ? calculate_sigpending+0x7b/0xa0 [ 14.285682] ? __pfx_kthread+0x10/0x10 [ 14.285702] ret_from_fork+0x116/0x1d0 [ 14.285720] ? __pfx_kthread+0x10/0x10 [ 14.285740] ret_from_fork_asm+0x1a/0x30 [ 14.285770] </TASK> [ 14.285781] [ 14.293744] Allocated by task 278: [ 14.293899] kasan_save_stack+0x45/0x70 [ 14.294100] kasan_save_track+0x18/0x40 [ 14.294303] kasan_save_alloc_info+0x3b/0x50 [ 14.294630] __kasan_kmalloc+0xb7/0xc0 [ 14.294882] __kmalloc_cache_noprof+0x189/0x420 [ 14.295039] kasan_bitops_generic+0x92/0x1c0 [ 14.295274] kunit_try_run_case+0x1a5/0x480 [ 14.295482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.295716] kthread+0x337/0x6f0 [ 14.295837] ret_from_fork+0x116/0x1d0 [ 14.295975] ret_from_fork_asm+0x1a/0x30 [ 14.296154] [ 14.296260] The buggy address belongs to the object at ffff88810298e120 [ 14.296260] which belongs to the cache kmalloc-16 of size 16 [ 14.297068] The buggy address is located 8 bytes inside of [ 14.297068] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.297452] [ 14.297525] The buggy address belongs to the physical page: [ 14.297701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.297965] flags: 0x200000000000000(node=0|zone=2) [ 14.298202] page_type: f5(slab) [ 14.298501] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.298839] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.299151] page dumped because: kasan: bad access detected [ 14.299530] [ 14.299622] Memory state around the buggy address: [ 14.299780] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.299996] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.300230] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.300563] ^ [ 14.300780] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.301103] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.301658] ================================================================== [ 14.423587] ================================================================== [ 14.424002] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.425004] Read of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.425256] [ 14.425351] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.425401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.425413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.425435] Call Trace: [ 14.425457] <TASK> [ 14.425478] dump_stack_lvl+0x73/0xb0 [ 14.425513] print_report+0xd1/0x650 [ 14.425536] ? __virt_addr_valid+0x1db/0x2d0 [ 14.425559] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.425585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.425606] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.425633] kasan_report+0x141/0x180 [ 14.425654] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.425686] __asan_report_load8_noabort+0x18/0x20 [ 14.425710] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.425737] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.425763] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.425787] ? trace_hardirqs_on+0x37/0xe0 [ 14.425809] ? kasan_bitops_generic+0x92/0x1c0 [ 14.425836] kasan_bitops_generic+0x121/0x1c0 [ 14.425857] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.425881] ? __pfx_read_tsc+0x10/0x10 [ 14.425903] ? ktime_get_ts64+0x86/0x230 [ 14.425927] kunit_try_run_case+0x1a5/0x480 [ 14.425951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.425972] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.425996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.426018] ? __kthread_parkme+0x82/0x180 [ 14.426039] ? preempt_count_sub+0x50/0x80 [ 14.426062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.426085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.426107] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.426129] kthread+0x337/0x6f0 [ 14.426147] ? trace_preempt_on+0x20/0xc0 [ 14.426168] ? __pfx_kthread+0x10/0x10 [ 14.426188] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.426208] ? calculate_sigpending+0x7b/0xa0 [ 14.426242] ? __pfx_kthread+0x10/0x10 [ 14.426274] ret_from_fork+0x116/0x1d0 [ 14.426294] ? __pfx_kthread+0x10/0x10 [ 14.426314] ret_from_fork_asm+0x1a/0x30 [ 14.426358] </TASK> [ 14.426369] [ 14.437699] Allocated by task 278: [ 14.437983] kasan_save_stack+0x45/0x70 [ 14.438331] kasan_save_track+0x18/0x40 [ 14.438653] kasan_save_alloc_info+0x3b/0x50 [ 14.438869] __kasan_kmalloc+0xb7/0xc0 [ 14.439043] __kmalloc_cache_noprof+0x189/0x420 [ 14.439255] kasan_bitops_generic+0x92/0x1c0 [ 14.439688] kunit_try_run_case+0x1a5/0x480 [ 14.439882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.440116] kthread+0x337/0x6f0 [ 14.440576] ret_from_fork+0x116/0x1d0 [ 14.440864] ret_from_fork_asm+0x1a/0x30 [ 14.441301] [ 14.441544] The buggy address belongs to the object at ffff88810298e120 [ 14.441544] which belongs to the cache kmalloc-16 of size 16 [ 14.442054] The buggy address is located 8 bytes inside of [ 14.442054] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.442956] [ 14.443203] The buggy address belongs to the physical page: [ 14.443530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.443865] flags: 0x200000000000000(node=0|zone=2) [ 14.444087] page_type: f5(slab) [ 14.444255] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.444574] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.444890] page dumped because: kasan: bad access detected [ 14.445117] [ 14.445205] Memory state around the buggy address: [ 14.445971] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.446775] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.447445] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.448171] ^ [ 14.448683] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.449004] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.449944] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 14.186846] ================================================================== [ 14.188049] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.188627] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.188996] [ 14.189087] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.189169] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.189183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.189229] Call Trace: [ 14.189249] <TASK> [ 14.189284] dump_stack_lvl+0x73/0xb0 [ 14.189328] print_report+0xd1/0x650 [ 14.189364] ? __virt_addr_valid+0x1db/0x2d0 [ 14.189415] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.189439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.189461] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.189486] kasan_report+0x141/0x180 [ 14.189507] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.189537] kasan_check_range+0x10c/0x1c0 [ 14.189560] __kasan_check_write+0x18/0x20 [ 14.189579] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.189604] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.189629] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.189653] ? trace_hardirqs_on+0x37/0xe0 [ 14.189693] ? kasan_bitops_generic+0x92/0x1c0 [ 14.189722] kasan_bitops_generic+0x116/0x1c0 [ 14.189745] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.189769] ? __pfx_read_tsc+0x10/0x10 [ 14.189789] ? ktime_get_ts64+0x86/0x230 [ 14.189813] kunit_try_run_case+0x1a5/0x480 [ 14.189837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.189859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.189881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.189903] ? __kthread_parkme+0x82/0x180 [ 14.189923] ? preempt_count_sub+0x50/0x80 [ 14.189946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.189968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.189989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.190012] kthread+0x337/0x6f0 [ 14.190030] ? trace_preempt_on+0x20/0xc0 [ 14.190051] ? __pfx_kthread+0x10/0x10 [ 14.190071] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.190090] ? calculate_sigpending+0x7b/0xa0 [ 14.190113] ? __pfx_kthread+0x10/0x10 [ 14.190134] ret_from_fork+0x116/0x1d0 [ 14.190169] ? __pfx_kthread+0x10/0x10 [ 14.190189] ret_from_fork_asm+0x1a/0x30 [ 14.190231] </TASK> [ 14.190242] [ 14.198936] Allocated by task 278: [ 14.199164] kasan_save_stack+0x45/0x70 [ 14.199591] kasan_save_track+0x18/0x40 [ 14.199787] kasan_save_alloc_info+0x3b/0x50 [ 14.199974] __kasan_kmalloc+0xb7/0xc0 [ 14.200135] __kmalloc_cache_noprof+0x189/0x420 [ 14.200359] kasan_bitops_generic+0x92/0x1c0 [ 14.200699] kunit_try_run_case+0x1a5/0x480 [ 14.200898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.201067] kthread+0x337/0x6f0 [ 14.201185] ret_from_fork+0x116/0x1d0 [ 14.201371] ret_from_fork_asm+0x1a/0x30 [ 14.201602] [ 14.201695] The buggy address belongs to the object at ffff88810298e120 [ 14.201695] which belongs to the cache kmalloc-16 of size 16 [ 14.202132] The buggy address is located 8 bytes inside of [ 14.202132] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.202704] [ 14.202826] The buggy address belongs to the physical page: [ 14.203084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.203475] flags: 0x200000000000000(node=0|zone=2) [ 14.203738] page_type: f5(slab) [ 14.203861] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.204164] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.204660] page dumped because: kasan: bad access detected [ 14.204931] [ 14.205040] Memory state around the buggy address: [ 14.205299] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.205650] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.205960] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.206273] ^ [ 14.206418] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.206625] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.206829] ================================================================== [ 14.039865] ================================================================== [ 14.040418] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.041524] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.041883] [ 14.042002] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.042053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.042067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.042090] Call Trace: [ 14.042104] <TASK> [ 14.042125] dump_stack_lvl+0x73/0xb0 [ 14.042159] print_report+0xd1/0x650 [ 14.042183] ? __virt_addr_valid+0x1db/0x2d0 [ 14.042206] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.042269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.042292] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.042316] kasan_report+0x141/0x180 [ 14.042338] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.042366] kasan_check_range+0x10c/0x1c0 [ 14.042389] __kasan_check_write+0x18/0x20 [ 14.042409] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.042434] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.042460] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.042484] ? trace_hardirqs_on+0x37/0xe0 [ 14.042507] ? kasan_bitops_generic+0x92/0x1c0 [ 14.042533] kasan_bitops_generic+0x116/0x1c0 [ 14.042556] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.042580] ? __pfx_read_tsc+0x10/0x10 [ 14.042601] ? ktime_get_ts64+0x86/0x230 [ 14.042625] kunit_try_run_case+0x1a5/0x480 [ 14.042649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.042671] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.042695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.042717] ? __kthread_parkme+0x82/0x180 [ 14.042737] ? preempt_count_sub+0x50/0x80 [ 14.042760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.042782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.042805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.042827] kthread+0x337/0x6f0 [ 14.042845] ? trace_preempt_on+0x20/0xc0 [ 14.042866] ? __pfx_kthread+0x10/0x10 [ 14.042886] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.042907] ? calculate_sigpending+0x7b/0xa0 [ 14.042930] ? __pfx_kthread+0x10/0x10 [ 14.042949] ret_from_fork+0x116/0x1d0 [ 14.042967] ? __pfx_kthread+0x10/0x10 [ 14.042986] ret_from_fork_asm+0x1a/0x30 [ 14.043016] </TASK> [ 14.043026] [ 14.052291] Allocated by task 278: [ 14.052767] kasan_save_stack+0x45/0x70 [ 14.053000] kasan_save_track+0x18/0x40 [ 14.053148] kasan_save_alloc_info+0x3b/0x50 [ 14.053684] __kasan_kmalloc+0xb7/0xc0 [ 14.053864] __kmalloc_cache_noprof+0x189/0x420 [ 14.054156] kasan_bitops_generic+0x92/0x1c0 [ 14.054461] kunit_try_run_case+0x1a5/0x480 [ 14.054661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.055068] kthread+0x337/0x6f0 [ 14.055354] ret_from_fork+0x116/0x1d0 [ 14.055632] ret_from_fork_asm+0x1a/0x30 [ 14.055851] [ 14.055954] The buggy address belongs to the object at ffff88810298e120 [ 14.055954] which belongs to the cache kmalloc-16 of size 16 [ 14.056653] The buggy address is located 8 bytes inside of [ 14.056653] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.057393] [ 14.057504] The buggy address belongs to the physical page: [ 14.057912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.058266] flags: 0x200000000000000(node=0|zone=2) [ 14.058658] page_type: f5(slab) [ 14.058928] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.059399] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.059699] page dumped because: kasan: bad access detected [ 14.060037] [ 14.060147] Memory state around the buggy address: [ 14.060419] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.060933] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.061378] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.061745] ^ [ 14.061995] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.062453] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.062934] ================================================================== [ 14.141340] ================================================================== [ 14.142266] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.143338] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.143685] [ 14.143788] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.143840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.143853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.143877] Call Trace: [ 14.143899] <TASK> [ 14.143921] dump_stack_lvl+0x73/0xb0 [ 14.143956] print_report+0xd1/0x650 [ 14.143981] ? __virt_addr_valid+0x1db/0x2d0 [ 14.144004] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.144029] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.144051] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.144075] kasan_report+0x141/0x180 [ 14.144096] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.144125] kasan_check_range+0x10c/0x1c0 [ 14.144148] __kasan_check_write+0x18/0x20 [ 14.144167] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.144192] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.144233] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.144268] ? trace_hardirqs_on+0x37/0xe0 [ 14.144290] ? kasan_bitops_generic+0x92/0x1c0 [ 14.144316] kasan_bitops_generic+0x116/0x1c0 [ 14.144362] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.144402] ? __pfx_read_tsc+0x10/0x10 [ 14.144561] ? ktime_get_ts64+0x86/0x230 [ 14.144586] kunit_try_run_case+0x1a5/0x480 [ 14.144612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.144633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.144657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.144680] ? __kthread_parkme+0x82/0x180 [ 14.144700] ? preempt_count_sub+0x50/0x80 [ 14.144724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.144747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.144769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.144803] kthread+0x337/0x6f0 [ 14.144822] ? trace_preempt_on+0x20/0xc0 [ 14.144845] ? __pfx_kthread+0x10/0x10 [ 14.144865] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.144885] ? calculate_sigpending+0x7b/0xa0 [ 14.144907] ? __pfx_kthread+0x10/0x10 [ 14.144928] ret_from_fork+0x116/0x1d0 [ 14.144945] ? __pfx_kthread+0x10/0x10 [ 14.144965] ret_from_fork_asm+0x1a/0x30 [ 14.144994] </TASK> [ 14.145007] [ 14.157512] Allocated by task 278: [ 14.157751] kasan_save_stack+0x45/0x70 [ 14.157929] kasan_save_track+0x18/0x40 [ 14.158124] kasan_save_alloc_info+0x3b/0x50 [ 14.158384] __kasan_kmalloc+0xb7/0xc0 [ 14.158584] __kmalloc_cache_noprof+0x189/0x420 [ 14.158790] kasan_bitops_generic+0x92/0x1c0 [ 14.159019] kunit_try_run_case+0x1a5/0x480 [ 14.159274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.159530] kthread+0x337/0x6f0 [ 14.159696] ret_from_fork+0x116/0x1d0 [ 14.159879] ret_from_fork_asm+0x1a/0x30 [ 14.160045] [ 14.160115] The buggy address belongs to the object at ffff88810298e120 [ 14.160115] which belongs to the cache kmalloc-16 of size 16 [ 14.160717] The buggy address is located 8 bytes inside of [ 14.160717] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.161313] [ 14.161433] The buggy address belongs to the physical page: [ 14.161704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.161987] flags: 0x200000000000000(node=0|zone=2) [ 14.162193] page_type: f5(slab) [ 14.162504] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.162809] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.163129] page dumped because: kasan: bad access detected [ 14.163407] [ 14.163501] Memory state around the buggy address: [ 14.163711] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.164032] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.164378] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.164806] ^ [ 14.164996] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.165332] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.165651] ================================================================== [ 14.208246] ================================================================== [ 14.208611] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.209759] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.210094] [ 14.210247] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.211513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.211559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.211626] Call Trace: [ 14.211650] <TASK> [ 14.211676] dump_stack_lvl+0x73/0xb0 [ 14.211720] print_report+0xd1/0x650 [ 14.211745] ? __virt_addr_valid+0x1db/0x2d0 [ 14.211768] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.211794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.211817] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.211843] kasan_report+0x141/0x180 [ 14.211865] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.211895] kasan_check_range+0x10c/0x1c0 [ 14.211918] __kasan_check_write+0x18/0x20 [ 14.211943] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.211969] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.211997] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.212023] ? trace_hardirqs_on+0x37/0xe0 [ 14.212045] ? kasan_bitops_generic+0x92/0x1c0 [ 14.212073] kasan_bitops_generic+0x116/0x1c0 [ 14.212097] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.212123] ? __pfx_read_tsc+0x10/0x10 [ 14.212145] ? ktime_get_ts64+0x86/0x230 [ 14.212170] kunit_try_run_case+0x1a5/0x480 [ 14.212206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.212237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.212261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.212284] ? __kthread_parkme+0x82/0x180 [ 14.212304] ? preempt_count_sub+0x50/0x80 [ 14.212328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.212350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.212372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.212394] kthread+0x337/0x6f0 [ 14.212412] ? trace_preempt_on+0x20/0xc0 [ 14.212433] ? __pfx_kthread+0x10/0x10 [ 14.212452] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.212471] ? calculate_sigpending+0x7b/0xa0 [ 14.212494] ? __pfx_kthread+0x10/0x10 [ 14.212514] ret_from_fork+0x116/0x1d0 [ 14.212531] ? __pfx_kthread+0x10/0x10 [ 14.212551] ret_from_fork_asm+0x1a/0x30 [ 14.212581] </TASK> [ 14.212593] [ 14.225271] Allocated by task 278: [ 14.225664] kasan_save_stack+0x45/0x70 [ 14.225980] kasan_save_track+0x18/0x40 [ 14.226355] kasan_save_alloc_info+0x3b/0x50 [ 14.226691] __kasan_kmalloc+0xb7/0xc0 [ 14.226956] __kmalloc_cache_noprof+0x189/0x420 [ 14.227276] kasan_bitops_generic+0x92/0x1c0 [ 14.227503] kunit_try_run_case+0x1a5/0x480 [ 14.227703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.227954] kthread+0x337/0x6f0 [ 14.228114] ret_from_fork+0x116/0x1d0 [ 14.228621] ret_from_fork_asm+0x1a/0x30 [ 14.228801] [ 14.229078] The buggy address belongs to the object at ffff88810298e120 [ 14.229078] which belongs to the cache kmalloc-16 of size 16 [ 14.229873] The buggy address is located 8 bytes inside of [ 14.229873] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.230631] [ 14.230744] The buggy address belongs to the physical page: [ 14.230983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.231298] flags: 0x200000000000000(node=0|zone=2) [ 14.231848] page_type: f5(slab) [ 14.232130] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.232598] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.233029] page dumped because: kasan: bad access detected [ 14.233452] [ 14.233661] Memory state around the buggy address: [ 14.233988] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.234450] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.234772] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.235069] ^ [ 14.235518] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.235950] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.236603] ================================================================== [ 14.108803] ================================================================== [ 14.109658] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.110170] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.110536] [ 14.110632] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.110681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.110694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.110717] Call Trace: [ 14.110737] <TASK> [ 14.110772] dump_stack_lvl+0x73/0xb0 [ 14.110803] print_report+0xd1/0x650 [ 14.110838] ? __virt_addr_valid+0x1db/0x2d0 [ 14.110860] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.110886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.110907] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.110933] kasan_report+0x141/0x180 [ 14.110954] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.110984] kasan_check_range+0x10c/0x1c0 [ 14.111007] __kasan_check_write+0x18/0x20 [ 14.111027] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.111052] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.111091] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.111115] ? trace_hardirqs_on+0x37/0xe0 [ 14.111150] ? kasan_bitops_generic+0x92/0x1c0 [ 14.111177] kasan_bitops_generic+0x116/0x1c0 [ 14.111200] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.111241] ? __pfx_read_tsc+0x10/0x10 [ 14.111263] ? ktime_get_ts64+0x86/0x230 [ 14.111286] kunit_try_run_case+0x1a5/0x480 [ 14.111337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.111362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.111397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.111420] ? __kthread_parkme+0x82/0x180 [ 14.111450] ? preempt_count_sub+0x50/0x80 [ 14.111475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.111497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.111529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.111552] kthread+0x337/0x6f0 [ 14.111570] ? trace_preempt_on+0x20/0xc0 [ 14.111592] ? __pfx_kthread+0x10/0x10 [ 14.111613] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.111633] ? calculate_sigpending+0x7b/0xa0 [ 14.111657] ? __pfx_kthread+0x10/0x10 [ 14.111679] ret_from_fork+0x116/0x1d0 [ 14.111697] ? __pfx_kthread+0x10/0x10 [ 14.111716] ret_from_fork_asm+0x1a/0x30 [ 14.111747] </TASK> [ 14.111759] [ 14.123588] Allocated by task 278: [ 14.123767] kasan_save_stack+0x45/0x70 [ 14.123935] kasan_save_track+0x18/0x40 [ 14.124073] kasan_save_alloc_info+0x3b/0x50 [ 14.125505] __kasan_kmalloc+0xb7/0xc0 [ 14.126171] __kmalloc_cache_noprof+0x189/0x420 [ 14.127102] kasan_bitops_generic+0x92/0x1c0 [ 14.127785] kunit_try_run_case+0x1a5/0x480 [ 14.128472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.129193] kthread+0x337/0x6f0 [ 14.129765] ret_from_fork+0x116/0x1d0 [ 14.130362] ret_from_fork_asm+0x1a/0x30 [ 14.130919] [ 14.131260] The buggy address belongs to the object at ffff88810298e120 [ 14.131260] which belongs to the cache kmalloc-16 of size 16 [ 14.132406] The buggy address is located 8 bytes inside of [ 14.132406] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.133430] [ 14.133619] The buggy address belongs to the physical page: [ 14.133973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.134210] flags: 0x200000000000000(node=0|zone=2) [ 14.134763] page_type: f5(slab) [ 14.135081] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.135791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.136257] page dumped because: kasan: bad access detected [ 14.136776] [ 14.136968] Memory state around the buggy address: [ 14.137184] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.137903] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.138281] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.138808] ^ [ 14.138957] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.139167] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.139558] ================================================================== [ 14.167095] ================================================================== [ 14.167689] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.168064] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.168430] [ 14.168532] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.168580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.168592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.168615] Call Trace: [ 14.168630] <TASK> [ 14.168648] dump_stack_lvl+0x73/0xb0 [ 14.168680] print_report+0xd1/0x650 [ 14.168703] ? __virt_addr_valid+0x1db/0x2d0 [ 14.168726] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.168773] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.168802] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.168826] kasan_report+0x141/0x180 [ 14.168848] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.168877] kasan_check_range+0x10c/0x1c0 [ 14.168899] __kasan_check_write+0x18/0x20 [ 14.168937] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.168963] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.168989] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.169012] ? trace_hardirqs_on+0x37/0xe0 [ 14.169035] ? kasan_bitops_generic+0x92/0x1c0 [ 14.169062] kasan_bitops_generic+0x116/0x1c0 [ 14.169102] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.169127] ? __pfx_read_tsc+0x10/0x10 [ 14.169148] ? ktime_get_ts64+0x86/0x230 [ 14.169171] kunit_try_run_case+0x1a5/0x480 [ 14.169196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.169229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.169253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.169275] ? __kthread_parkme+0x82/0x180 [ 14.169295] ? preempt_count_sub+0x50/0x80 [ 14.169318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.169340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.169362] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.169402] kthread+0x337/0x6f0 [ 14.169420] ? trace_preempt_on+0x20/0xc0 [ 14.169441] ? __pfx_kthread+0x10/0x10 [ 14.169461] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.169498] ? calculate_sigpending+0x7b/0xa0 [ 14.169522] ? __pfx_kthread+0x10/0x10 [ 14.169545] ret_from_fork+0x116/0x1d0 [ 14.169563] ? __pfx_kthread+0x10/0x10 [ 14.169584] ret_from_fork_asm+0x1a/0x30 [ 14.169615] </TASK> [ 14.169627] [ 14.177888] Allocated by task 278: [ 14.178115] kasan_save_stack+0x45/0x70 [ 14.178361] kasan_save_track+0x18/0x40 [ 14.178576] kasan_save_alloc_info+0x3b/0x50 [ 14.178789] __kasan_kmalloc+0xb7/0xc0 [ 14.178953] __kmalloc_cache_noprof+0x189/0x420 [ 14.179102] kasan_bitops_generic+0x92/0x1c0 [ 14.179264] kunit_try_run_case+0x1a5/0x480 [ 14.179602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.180034] kthread+0x337/0x6f0 [ 14.180252] ret_from_fork+0x116/0x1d0 [ 14.180474] ret_from_fork_asm+0x1a/0x30 [ 14.180711] [ 14.180816] The buggy address belongs to the object at ffff88810298e120 [ 14.180816] which belongs to the cache kmalloc-16 of size 16 [ 14.181484] The buggy address is located 8 bytes inside of [ 14.181484] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.181990] [ 14.182061] The buggy address belongs to the physical page: [ 14.182241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.182600] flags: 0x200000000000000(node=0|zone=2) [ 14.182861] page_type: f5(slab) [ 14.183046] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.183448] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.183666] page dumped because: kasan: bad access detected [ 14.183854] [ 14.183944] Memory state around the buggy address: [ 14.184166] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.184548] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.184756] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.185031] ^ [ 14.185269] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.185605] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.185966] ================================================================== [ 14.064593] ================================================================== [ 14.065344] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.065904] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.066200] [ 14.066342] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.066427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.066439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.066463] Call Trace: [ 14.066497] <TASK> [ 14.066518] dump_stack_lvl+0x73/0xb0 [ 14.066552] print_report+0xd1/0x650 [ 14.066574] ? __virt_addr_valid+0x1db/0x2d0 [ 14.066597] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.066622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.066676] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.066712] kasan_report+0x141/0x180 [ 14.066745] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.066803] kasan_check_range+0x10c/0x1c0 [ 14.066826] __kasan_check_write+0x18/0x20 [ 14.066855] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.066880] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.066905] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.066929] ? trace_hardirqs_on+0x37/0xe0 [ 14.066952] ? kasan_bitops_generic+0x92/0x1c0 [ 14.066978] kasan_bitops_generic+0x116/0x1c0 [ 14.067001] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.067026] ? __pfx_read_tsc+0x10/0x10 [ 14.067046] ? ktime_get_ts64+0x86/0x230 [ 14.067070] kunit_try_run_case+0x1a5/0x480 [ 14.067094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.067116] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.067140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.067162] ? __kthread_parkme+0x82/0x180 [ 14.067182] ? preempt_count_sub+0x50/0x80 [ 14.067206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.067239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.067270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.067293] kthread+0x337/0x6f0 [ 14.067311] ? trace_preempt_on+0x20/0xc0 [ 14.067332] ? __pfx_kthread+0x10/0x10 [ 14.067352] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.067372] ? calculate_sigpending+0x7b/0xa0 [ 14.067395] ? __pfx_kthread+0x10/0x10 [ 14.067416] ret_from_fork+0x116/0x1d0 [ 14.067433] ? __pfx_kthread+0x10/0x10 [ 14.067453] ret_from_fork_asm+0x1a/0x30 [ 14.067483] </TASK> [ 14.067495] [ 14.078011] Allocated by task 278: [ 14.078430] kasan_save_stack+0x45/0x70 [ 14.078762] kasan_save_track+0x18/0x40 [ 14.079049] kasan_save_alloc_info+0x3b/0x50 [ 14.079417] __kasan_kmalloc+0xb7/0xc0 [ 14.079713] __kmalloc_cache_noprof+0x189/0x420 [ 14.080021] kasan_bitops_generic+0x92/0x1c0 [ 14.080363] kunit_try_run_case+0x1a5/0x480 [ 14.080691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.081060] kthread+0x337/0x6f0 [ 14.081354] ret_from_fork+0x116/0x1d0 [ 14.081566] ret_from_fork_asm+0x1a/0x30 [ 14.081913] [ 14.082017] The buggy address belongs to the object at ffff88810298e120 [ 14.082017] which belongs to the cache kmalloc-16 of size 16 [ 14.082877] The buggy address is located 8 bytes inside of [ 14.082877] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.083690] [ 14.083773] The buggy address belongs to the physical page: [ 14.084176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.084642] flags: 0x200000000000000(node=0|zone=2) [ 14.084889] page_type: f5(slab) [ 14.085050] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.085336] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.085701] page dumped because: kasan: bad access detected [ 14.085956] [ 14.086024] Memory state around the buggy address: [ 14.086290] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.086635] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.086893] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.087117] ^ [ 14.087425] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.087720] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.088059] ================================================================== [ 14.088749] ================================================================== [ 14.089661] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.090094] Write of size 8 at addr ffff88810298e128 by task kunit_try_catch/278 [ 14.090456] [ 14.090577] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.090636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.090649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.090672] Call Trace: [ 14.090704] <TASK> [ 14.090726] dump_stack_lvl+0x73/0xb0 [ 14.090757] print_report+0xd1/0x650 [ 14.090780] ? __virt_addr_valid+0x1db/0x2d0 [ 14.090804] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.090828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.090859] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.090883] kasan_report+0x141/0x180 [ 14.090904] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.090944] kasan_check_range+0x10c/0x1c0 [ 14.090967] __kasan_check_write+0x18/0x20 [ 14.090986] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.091010] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.091035] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.091060] ? trace_hardirqs_on+0x37/0xe0 [ 14.091082] ? kasan_bitops_generic+0x92/0x1c0 [ 14.091118] kasan_bitops_generic+0x116/0x1c0 [ 14.091140] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.091164] ? __pfx_read_tsc+0x10/0x10 [ 14.091196] ? ktime_get_ts64+0x86/0x230 [ 14.091229] kunit_try_run_case+0x1a5/0x480 [ 14.091254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.091318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.091339] ? __kthread_parkme+0x82/0x180 [ 14.091360] ? preempt_count_sub+0x50/0x80 [ 14.091394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.091439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.091462] kthread+0x337/0x6f0 [ 14.091480] ? trace_preempt_on+0x20/0xc0 [ 14.091501] ? __pfx_kthread+0x10/0x10 [ 14.091521] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.091542] ? calculate_sigpending+0x7b/0xa0 [ 14.091566] ? __pfx_kthread+0x10/0x10 [ 14.091586] ret_from_fork+0x116/0x1d0 [ 14.091604] ? __pfx_kthread+0x10/0x10 [ 14.091624] ret_from_fork_asm+0x1a/0x30 [ 14.091658] </TASK> [ 14.091670] [ 14.099936] Allocated by task 278: [ 14.100138] kasan_save_stack+0x45/0x70 [ 14.100409] kasan_save_track+0x18/0x40 [ 14.100577] kasan_save_alloc_info+0x3b/0x50 [ 14.100762] __kasan_kmalloc+0xb7/0xc0 [ 14.100920] __kmalloc_cache_noprof+0x189/0x420 [ 14.101096] kasan_bitops_generic+0x92/0x1c0 [ 14.101317] kunit_try_run_case+0x1a5/0x480 [ 14.101523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.101731] kthread+0x337/0x6f0 [ 14.101915] ret_from_fork+0x116/0x1d0 [ 14.102103] ret_from_fork_asm+0x1a/0x30 [ 14.102336] [ 14.102407] The buggy address belongs to the object at ffff88810298e120 [ 14.102407] which belongs to the cache kmalloc-16 of size 16 [ 14.102763] The buggy address is located 8 bytes inside of [ 14.102763] allocated 9-byte region [ffff88810298e120, ffff88810298e129) [ 14.103238] [ 14.103336] The buggy address belongs to the physical page: [ 14.103668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 14.103908] flags: 0x200000000000000(node=0|zone=2) [ 14.104073] page_type: f5(slab) [ 14.104197] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.104500] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.104853] page dumped because: kasan: bad access detected [ 14.105135] [ 14.105240] Memory state around the buggy address: [ 14.105583] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 14.105923] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.106277] >ffff88810298e100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.106636] ^ [ 14.106835] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.107057] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.107422] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 14.012803] ================================================================== [ 14.013796] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 14.014099] Read of size 1 at addr ffff888103994910 by task kunit_try_catch/276 [ 14.014478] [ 14.014574] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.014624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.014636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.014659] Call Trace: [ 14.014679] <TASK> [ 14.014700] dump_stack_lvl+0x73/0xb0 [ 14.014731] print_report+0xd1/0x650 [ 14.014755] ? __virt_addr_valid+0x1db/0x2d0 [ 14.014779] ? strnlen+0x73/0x80 [ 14.014796] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.014818] ? strnlen+0x73/0x80 [ 14.014835] kasan_report+0x141/0x180 [ 14.014856] ? strnlen+0x73/0x80 [ 14.014878] __asan_report_load1_noabort+0x18/0x20 [ 14.014904] strnlen+0x73/0x80 [ 14.014921] kasan_strings+0x615/0xe80 [ 14.014941] ? trace_hardirqs_on+0x37/0xe0 [ 14.014965] ? __pfx_kasan_strings+0x10/0x10 [ 14.014985] ? finish_task_switch.isra.0+0x153/0x700 [ 14.015006] ? __switch_to+0x47/0xf50 [ 14.015031] ? __schedule+0x10cc/0x2b60 [ 14.015053] ? __pfx_read_tsc+0x10/0x10 [ 14.015074] ? ktime_get_ts64+0x86/0x230 [ 14.015097] kunit_try_run_case+0x1a5/0x480 [ 14.015121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.015143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.015166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.015188] ? __kthread_parkme+0x82/0x180 [ 14.015208] ? preempt_count_sub+0x50/0x80 [ 14.015244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.015267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.015289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.015333] kthread+0x337/0x6f0 [ 14.015352] ? trace_preempt_on+0x20/0xc0 [ 14.015373] ? __pfx_kthread+0x10/0x10 [ 14.015392] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.015413] ? calculate_sigpending+0x7b/0xa0 [ 14.015436] ? __pfx_kthread+0x10/0x10 [ 14.015457] ret_from_fork+0x116/0x1d0 [ 14.015475] ? __pfx_kthread+0x10/0x10 [ 14.015495] ret_from_fork_asm+0x1a/0x30 [ 14.015526] </TASK> [ 14.015537] [ 14.023718] Allocated by task 276: [ 14.023880] kasan_save_stack+0x45/0x70 [ 14.024097] kasan_save_track+0x18/0x40 [ 14.024387] kasan_save_alloc_info+0x3b/0x50 [ 14.024611] __kasan_kmalloc+0xb7/0xc0 [ 14.024803] __kmalloc_cache_noprof+0x189/0x420 [ 14.025038] kasan_strings+0xc0/0xe80 [ 14.025319] kunit_try_run_case+0x1a5/0x480 [ 14.025541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.025793] kthread+0x337/0x6f0 [ 14.025941] ret_from_fork+0x116/0x1d0 [ 14.026079] ret_from_fork_asm+0x1a/0x30 [ 14.026617] [ 14.026725] Freed by task 276: [ 14.026866] kasan_save_stack+0x45/0x70 [ 14.027008] kasan_save_track+0x18/0x40 [ 14.027142] kasan_save_free_info+0x3f/0x60 [ 14.027305] __kasan_slab_free+0x56/0x70 [ 14.027561] kfree+0x222/0x3f0 [ 14.027734] kasan_strings+0x2aa/0xe80 [ 14.027929] kunit_try_run_case+0x1a5/0x480 [ 14.028144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.028414] kthread+0x337/0x6f0 [ 14.028622] ret_from_fork+0x116/0x1d0 [ 14.028830] ret_from_fork_asm+0x1a/0x30 [ 14.029032] [ 14.029131] The buggy address belongs to the object at ffff888103994900 [ 14.029131] which belongs to the cache kmalloc-32 of size 32 [ 14.029667] The buggy address is located 16 bytes inside of [ 14.029667] freed 32-byte region [ffff888103994900, ffff888103994920) [ 14.030021] [ 14.030111] The buggy address belongs to the physical page: [ 14.030376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 14.030729] flags: 0x200000000000000(node=0|zone=2) [ 14.030939] page_type: f5(slab) [ 14.031064] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.031783] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.032139] page dumped because: kasan: bad access detected [ 14.032572] [ 14.032655] Memory state around the buggy address: [ 14.032864] ffff888103994800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.033082] ffff888103994880: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.033312] >ffff888103994900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.033526] ^ [ 14.033656] ffff888103994980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.033871] ffff888103994a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.034144] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.990843] ================================================================== [ 13.991173] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.991472] Read of size 1 at addr ffff888103994910 by task kunit_try_catch/276 [ 13.991771] [ 13.991891] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.991938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.991950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.991972] Call Trace: [ 13.991992] <TASK> [ 13.992015] dump_stack_lvl+0x73/0xb0 [ 13.992042] print_report+0xd1/0x650 [ 13.992066] ? __virt_addr_valid+0x1db/0x2d0 [ 13.992089] ? strlen+0x8f/0xb0 [ 13.992105] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.992128] ? strlen+0x8f/0xb0 [ 13.992144] kasan_report+0x141/0x180 [ 13.992165] ? strlen+0x8f/0xb0 [ 13.992187] __asan_report_load1_noabort+0x18/0x20 [ 13.992210] strlen+0x8f/0xb0 [ 13.992238] kasan_strings+0x57b/0xe80 [ 13.992322] ? trace_hardirqs_on+0x37/0xe0 [ 13.992349] ? __pfx_kasan_strings+0x10/0x10 [ 13.992369] ? finish_task_switch.isra.0+0x153/0x700 [ 13.992390] ? __switch_to+0x47/0xf50 [ 13.992416] ? __schedule+0x10cc/0x2b60 [ 13.992437] ? __pfx_read_tsc+0x10/0x10 [ 13.992458] ? ktime_get_ts64+0x86/0x230 [ 13.992481] kunit_try_run_case+0x1a5/0x480 [ 13.992506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.992527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.992550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.992572] ? __kthread_parkme+0x82/0x180 [ 13.992593] ? preempt_count_sub+0x50/0x80 [ 13.992615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.992638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.992660] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.992682] kthread+0x337/0x6f0 [ 13.992701] ? trace_preempt_on+0x20/0xc0 [ 13.992722] ? __pfx_kthread+0x10/0x10 [ 13.992741] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.992762] ? calculate_sigpending+0x7b/0xa0 [ 13.992797] ? __pfx_kthread+0x10/0x10 [ 13.992818] ret_from_fork+0x116/0x1d0 [ 13.992835] ? __pfx_kthread+0x10/0x10 [ 13.992856] ret_from_fork_asm+0x1a/0x30 [ 13.992886] </TASK> [ 13.992897] [ 14.001476] Allocated by task 276: [ 14.001654] kasan_save_stack+0x45/0x70 [ 14.001857] kasan_save_track+0x18/0x40 [ 14.002059] kasan_save_alloc_info+0x3b/0x50 [ 14.002271] __kasan_kmalloc+0xb7/0xc0 [ 14.002424] __kmalloc_cache_noprof+0x189/0x420 [ 14.002639] kasan_strings+0xc0/0xe80 [ 14.002825] kunit_try_run_case+0x1a5/0x480 [ 14.002997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.003228] kthread+0x337/0x6f0 [ 14.003417] ret_from_fork+0x116/0x1d0 [ 14.003589] ret_from_fork_asm+0x1a/0x30 [ 14.003751] [ 14.003847] Freed by task 276: [ 14.004003] kasan_save_stack+0x45/0x70 [ 14.004170] kasan_save_track+0x18/0x40 [ 14.004387] kasan_save_free_info+0x3f/0x60 [ 14.004561] __kasan_slab_free+0x56/0x70 [ 14.004734] kfree+0x222/0x3f0 [ 14.004908] kasan_strings+0x2aa/0xe80 [ 14.005053] kunit_try_run_case+0x1a5/0x480 [ 14.005198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.005387] kthread+0x337/0x6f0 [ 14.005509] ret_from_fork+0x116/0x1d0 [ 14.005642] ret_from_fork_asm+0x1a/0x30 [ 14.005839] [ 14.006013] The buggy address belongs to the object at ffff888103994900 [ 14.006013] which belongs to the cache kmalloc-32 of size 32 [ 14.006763] The buggy address is located 16 bytes inside of [ 14.006763] freed 32-byte region [ffff888103994900, ffff888103994920) [ 14.007111] [ 14.007185] The buggy address belongs to the physical page: [ 14.008165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 14.008642] flags: 0x200000000000000(node=0|zone=2) [ 14.008911] page_type: f5(slab) [ 14.009081] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.009654] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.009969] page dumped because: kasan: bad access detected [ 14.010181] [ 14.010349] Memory state around the buggy address: [ 14.010522] ffff888103994800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.010829] ffff888103994880: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.011114] >ffff888103994900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.011473] ^ [ 14.011643] ffff888103994980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.011858] ffff888103994a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.012071] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.955397] ================================================================== [ 13.956077] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.956520] Read of size 1 at addr ffff888103994910 by task kunit_try_catch/276 [ 13.956747] [ 13.956847] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.956898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.956910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.956936] Call Trace: [ 13.956957] <TASK> [ 13.956979] dump_stack_lvl+0x73/0xb0 [ 13.957010] print_report+0xd1/0x650 [ 13.957043] ? __virt_addr_valid+0x1db/0x2d0 [ 13.957066] ? kasan_strings+0xcbc/0xe80 [ 13.957087] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.957109] ? kasan_strings+0xcbc/0xe80 [ 13.957129] kasan_report+0x141/0x180 [ 13.957150] ? kasan_strings+0xcbc/0xe80 [ 13.957174] __asan_report_load1_noabort+0x18/0x20 [ 13.957198] kasan_strings+0xcbc/0xe80 [ 13.957216] ? trace_hardirqs_on+0x37/0xe0 [ 13.957252] ? __pfx_kasan_strings+0x10/0x10 [ 13.957587] ? finish_task_switch.isra.0+0x153/0x700 [ 13.957621] ? __switch_to+0x47/0xf50 [ 13.957649] ? __schedule+0x10cc/0x2b60 [ 13.957672] ? __pfx_read_tsc+0x10/0x10 [ 13.957694] ? ktime_get_ts64+0x86/0x230 [ 13.957717] kunit_try_run_case+0x1a5/0x480 [ 13.957743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.957764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.957788] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.957810] ? __kthread_parkme+0x82/0x180 [ 13.957830] ? preempt_count_sub+0x50/0x80 [ 13.957852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.957875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.957897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.957920] kthread+0x337/0x6f0 [ 13.957939] ? trace_preempt_on+0x20/0xc0 [ 13.957961] ? __pfx_kthread+0x10/0x10 [ 13.957981] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.958001] ? calculate_sigpending+0x7b/0xa0 [ 13.958025] ? __pfx_kthread+0x10/0x10 [ 13.958046] ret_from_fork+0x116/0x1d0 [ 13.958063] ? __pfx_kthread+0x10/0x10 [ 13.958082] ret_from_fork_asm+0x1a/0x30 [ 13.958113] </TASK> [ 13.958124] [ 13.973732] Allocated by task 276: [ 13.974042] kasan_save_stack+0x45/0x70 [ 13.974433] kasan_save_track+0x18/0x40 [ 13.974817] kasan_save_alloc_info+0x3b/0x50 [ 13.975280] __kasan_kmalloc+0xb7/0xc0 [ 13.975577] __kmalloc_cache_noprof+0x189/0x420 [ 13.975735] kasan_strings+0xc0/0xe80 [ 13.975866] kunit_try_run_case+0x1a5/0x480 [ 13.976013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.976186] kthread+0x337/0x6f0 [ 13.976607] ret_from_fork+0x116/0x1d0 [ 13.976948] ret_from_fork_asm+0x1a/0x30 [ 13.977368] [ 13.977876] Freed by task 276: [ 13.978178] kasan_save_stack+0x45/0x70 [ 13.978627] kasan_save_track+0x18/0x40 [ 13.978977] kasan_save_free_info+0x3f/0x60 [ 13.979399] __kasan_slab_free+0x56/0x70 [ 13.979846] kfree+0x222/0x3f0 [ 13.980270] kasan_strings+0x2aa/0xe80 [ 13.980617] kunit_try_run_case+0x1a5/0x480 [ 13.980944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.981121] kthread+0x337/0x6f0 [ 13.981595] ret_from_fork+0x116/0x1d0 [ 13.981968] ret_from_fork_asm+0x1a/0x30 [ 13.982377] [ 13.982631] The buggy address belongs to the object at ffff888103994900 [ 13.982631] which belongs to the cache kmalloc-32 of size 32 [ 13.983764] The buggy address is located 16 bytes inside of [ 13.983764] freed 32-byte region [ffff888103994900, ffff888103994920) [ 13.984195] [ 13.984382] The buggy address belongs to the physical page: [ 13.984950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 13.986060] flags: 0x200000000000000(node=0|zone=2) [ 13.986794] page_type: f5(slab) [ 13.986928] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.987164] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.987432] page dumped because: kasan: bad access detected [ 13.987913] [ 13.988004] Memory state around the buggy address: [ 13.988178] ffff888103994800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.988581] ffff888103994880: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.988838] >ffff888103994900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.989167] ^ [ 13.989609] ffff888103994980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.989924] ffff888103994a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.990164] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.918047] ================================================================== [ 13.920456] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.920995] Read of size 1 at addr ffff888103994910 by task kunit_try_catch/276 [ 13.921478] [ 13.921587] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.921638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.921651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.921685] Call Trace: [ 13.921700] <TASK> [ 13.921720] dump_stack_lvl+0x73/0xb0 [ 13.921751] print_report+0xd1/0x650 [ 13.921775] ? __virt_addr_valid+0x1db/0x2d0 [ 13.921798] ? strcmp+0xb0/0xc0 [ 13.921818] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.921840] ? strcmp+0xb0/0xc0 [ 13.921860] kasan_report+0x141/0x180 [ 13.921882] ? strcmp+0xb0/0xc0 [ 13.921906] __asan_report_load1_noabort+0x18/0x20 [ 13.921930] strcmp+0xb0/0xc0 [ 13.921953] kasan_strings+0x431/0xe80 [ 13.921972] ? trace_hardirqs_on+0x37/0xe0 [ 13.921996] ? __pfx_kasan_strings+0x10/0x10 [ 13.922016] ? finish_task_switch.isra.0+0x153/0x700 [ 13.922038] ? __switch_to+0x47/0xf50 [ 13.922063] ? __schedule+0x10cc/0x2b60 [ 13.922085] ? __pfx_read_tsc+0x10/0x10 [ 13.922106] ? ktime_get_ts64+0x86/0x230 [ 13.922129] kunit_try_run_case+0x1a5/0x480 [ 13.922154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.922177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.922200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.922235] ? __kthread_parkme+0x82/0x180 [ 13.922255] ? preempt_count_sub+0x50/0x80 [ 13.922291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.922314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.922336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.922358] kthread+0x337/0x6f0 [ 13.922377] ? trace_preempt_on+0x20/0xc0 [ 13.922398] ? __pfx_kthread+0x10/0x10 [ 13.922418] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.922453] ? calculate_sigpending+0x7b/0xa0 [ 13.922476] ? __pfx_kthread+0x10/0x10 [ 13.922495] ret_from_fork+0x116/0x1d0 [ 13.922513] ? __pfx_kthread+0x10/0x10 [ 13.922533] ret_from_fork_asm+0x1a/0x30 [ 13.922562] </TASK> [ 13.922574] [ 13.935006] Allocated by task 276: [ 13.935172] kasan_save_stack+0x45/0x70 [ 13.935628] kasan_save_track+0x18/0x40 [ 13.936043] kasan_save_alloc_info+0x3b/0x50 [ 13.936544] __kasan_kmalloc+0xb7/0xc0 [ 13.936943] __kmalloc_cache_noprof+0x189/0x420 [ 13.937778] kasan_strings+0xc0/0xe80 [ 13.938136] kunit_try_run_case+0x1a5/0x480 [ 13.938619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.938811] kthread+0x337/0x6f0 [ 13.938936] ret_from_fork+0x116/0x1d0 [ 13.939070] ret_from_fork_asm+0x1a/0x30 [ 13.939241] [ 13.939464] Freed by task 276: [ 13.939742] kasan_save_stack+0x45/0x70 [ 13.940083] kasan_save_track+0x18/0x40 [ 13.940500] kasan_save_free_info+0x3f/0x60 [ 13.940919] __kasan_slab_free+0x56/0x70 [ 13.941664] kfree+0x222/0x3f0 [ 13.941976] kasan_strings+0x2aa/0xe80 [ 13.942406] kunit_try_run_case+0x1a5/0x480 [ 13.942804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.943053] kthread+0x337/0x6f0 [ 13.943178] ret_from_fork+0x116/0x1d0 [ 13.943731] ret_from_fork_asm+0x1a/0x30 [ 13.944106] [ 13.944281] The buggy address belongs to the object at ffff888103994900 [ 13.944281] which belongs to the cache kmalloc-32 of size 32 [ 13.945539] The buggy address is located 16 bytes inside of [ 13.945539] freed 32-byte region [ffff888103994900, ffff888103994920) [ 13.945923] [ 13.946001] The buggy address belongs to the physical page: [ 13.946177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 13.947033] flags: 0x200000000000000(node=0|zone=2) [ 13.947697] page_type: f5(slab) [ 13.948049] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.948943] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.949928] page dumped because: kasan: bad access detected [ 13.950646] [ 13.950725] Memory state around the buggy address: [ 13.950894] ffff888103994800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.951111] ffff888103994880: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.951704] >ffff888103994900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.952382] ^ [ 13.952762] ffff888103994980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.953745] ffff888103994a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.954457] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.877395] ================================================================== [ 13.878867] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.879740] Read of size 1 at addr ffff8881039947d8 by task kunit_try_catch/274 [ 13.880087] [ 13.880235] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.880288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.880301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.880326] Call Trace: [ 13.880341] <TASK> [ 13.880917] dump_stack_lvl+0x73/0xb0 [ 13.880970] print_report+0xd1/0x650 [ 13.880997] ? __virt_addr_valid+0x1db/0x2d0 [ 13.881021] ? memcmp+0x1b4/0x1d0 [ 13.881040] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.881062] ? memcmp+0x1b4/0x1d0 [ 13.881079] kasan_report+0x141/0x180 [ 13.881100] ? memcmp+0x1b4/0x1d0 [ 13.881121] __asan_report_load1_noabort+0x18/0x20 [ 13.881144] memcmp+0x1b4/0x1d0 [ 13.881164] kasan_memcmp+0x18f/0x390 [ 13.881183] ? trace_hardirqs_on+0x37/0xe0 [ 13.881519] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.881544] ? finish_task_switch.isra.0+0x153/0x700 [ 13.881568] ? __switch_to+0x47/0xf50 [ 13.881597] ? __pfx_read_tsc+0x10/0x10 [ 13.881618] ? ktime_get_ts64+0x86/0x230 [ 13.881641] kunit_try_run_case+0x1a5/0x480 [ 13.881668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.881689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.881713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.881734] ? __kthread_parkme+0x82/0x180 [ 13.881757] ? preempt_count_sub+0x50/0x80 [ 13.881779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.881801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.881823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.881845] kthread+0x337/0x6f0 [ 13.881864] ? trace_preempt_on+0x20/0xc0 [ 13.881885] ? __pfx_kthread+0x10/0x10 [ 13.881905] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.881925] ? calculate_sigpending+0x7b/0xa0 [ 13.881948] ? __pfx_kthread+0x10/0x10 [ 13.881968] ret_from_fork+0x116/0x1d0 [ 13.881986] ? __pfx_kthread+0x10/0x10 [ 13.882006] ret_from_fork_asm+0x1a/0x30 [ 13.882036] </TASK> [ 13.882048] [ 13.892924] Allocated by task 274: [ 13.893342] kasan_save_stack+0x45/0x70 [ 13.894113] kasan_save_track+0x18/0x40 [ 13.894576] kasan_save_alloc_info+0x3b/0x50 [ 13.894968] __kasan_kmalloc+0xb7/0xc0 [ 13.895346] __kmalloc_cache_noprof+0x189/0x420 [ 13.895918] kasan_memcmp+0xb7/0x390 [ 13.896373] kunit_try_run_case+0x1a5/0x480 [ 13.896754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.897562] kthread+0x337/0x6f0 [ 13.897870] ret_from_fork+0x116/0x1d0 [ 13.898216] ret_from_fork_asm+0x1a/0x30 [ 13.898675] [ 13.898840] The buggy address belongs to the object at ffff8881039947c0 [ 13.898840] which belongs to the cache kmalloc-32 of size 32 [ 13.899921] The buggy address is located 0 bytes to the right of [ 13.899921] allocated 24-byte region [ffff8881039947c0, ffff8881039947d8) [ 13.900911] [ 13.901091] The buggy address belongs to the physical page: [ 13.901584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 13.902272] flags: 0x200000000000000(node=0|zone=2) [ 13.902732] page_type: f5(slab) [ 13.903025] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.903681] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.903914] page dumped because: kasan: bad access detected [ 13.904088] [ 13.904157] Memory state around the buggy address: [ 13.904627] ffff888103994680: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.905569] ffff888103994700: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.906168] >ffff888103994780: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.906905] ^ [ 13.907558] ffff888103994800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.908300] ffff888103994880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.908522] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.842869] ================================================================== [ 13.843373] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.843745] Read of size 1 at addr ffff88810392fc4a by task kunit_try_catch/270 [ 13.844508] [ 13.844630] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.844682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.844695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.844718] Call Trace: [ 13.844733] <TASK> [ 13.844753] dump_stack_lvl+0x73/0xb0 [ 13.844796] print_report+0xd1/0x650 [ 13.844819] ? __virt_addr_valid+0x1db/0x2d0 [ 13.844841] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844863] ? kasan_addr_to_slab+0x11/0xa0 [ 13.844883] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844905] kasan_report+0x141/0x180 [ 13.844925] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844951] __asan_report_load1_noabort+0x18/0x20 [ 13.844974] kasan_alloca_oob_right+0x329/0x390 [ 13.844993] ? __kasan_check_write+0x18/0x20 [ 13.845013] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.845034] ? finish_task_switch.isra.0+0x153/0x700 [ 13.845056] ? ww_mutex_unlock+0x6e/0x150 [ 13.845079] ? trace_hardirqs_on+0x37/0xe0 [ 13.845104] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.845128] ? __schedule+0x10cc/0x2b60 [ 13.845149] ? __pfx_read_tsc+0x10/0x10 [ 13.845170] ? ktime_get_ts64+0x86/0x230 [ 13.845193] kunit_try_run_case+0x1a5/0x480 [ 13.845228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.845251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.845273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.845294] ? __kthread_parkme+0x82/0x180 [ 13.845314] ? preempt_count_sub+0x50/0x80 [ 13.845337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.845359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.845381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.845404] kthread+0x337/0x6f0 [ 13.845421] ? trace_preempt_on+0x20/0xc0 [ 13.845442] ? __pfx_kthread+0x10/0x10 [ 13.845461] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.845482] ? calculate_sigpending+0x7b/0xa0 [ 13.845505] ? __pfx_kthread+0x10/0x10 [ 13.845524] ret_from_fork+0x116/0x1d0 [ 13.845542] ? __pfx_kthread+0x10/0x10 [ 13.845560] ret_from_fork_asm+0x1a/0x30 [ 13.845591] </TASK> [ 13.845602] [ 13.856075] The buggy address belongs to stack of task kunit_try_catch/270 [ 13.857263] [ 13.857460] The buggy address belongs to the physical page: [ 13.858172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392f [ 13.858622] flags: 0x200000000000000(node=0|zone=2) [ 13.858813] raw: 0200000000000000 ffffea00040e4bc8 ffffea00040e4bc8 0000000000000000 [ 13.859037] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.859969] page dumped because: kasan: bad access detected [ 13.860962] [ 13.861444] Memory state around the buggy address: [ 13.862171] ffff88810392fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.863516] ffff88810392fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.864620] >ffff88810392fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.865116] ^ [ 13.865937] ffff88810392fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.866634] ffff88810392fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.867526] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.821088] ================================================================== [ 13.821938] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.822306] Read of size 1 at addr ffff888103a87c3f by task kunit_try_catch/268 [ 13.822754] [ 13.822888] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.822960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.822974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.822996] Call Trace: [ 13.823012] <TASK> [ 13.823033] dump_stack_lvl+0x73/0xb0 [ 13.823066] print_report+0xd1/0x650 [ 13.823089] ? __virt_addr_valid+0x1db/0x2d0 [ 13.823114] ? kasan_alloca_oob_left+0x320/0x380 [ 13.823135] ? kasan_addr_to_slab+0x11/0xa0 [ 13.823155] ? kasan_alloca_oob_left+0x320/0x380 [ 13.823176] kasan_report+0x141/0x180 [ 13.823197] ? kasan_alloca_oob_left+0x320/0x380 [ 13.823235] __asan_report_load1_noabort+0x18/0x20 [ 13.823259] kasan_alloca_oob_left+0x320/0x380 [ 13.823282] ? finish_task_switch.isra.0+0x153/0x700 [ 13.823304] ? ww_mutex_unlock+0x6e/0x150 [ 13.823327] ? trace_hardirqs_on+0x37/0xe0 [ 13.823350] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.823373] ? __schedule+0x10cc/0x2b60 [ 13.823394] ? __pfx_read_tsc+0x10/0x10 [ 13.823414] ? ktime_get_ts64+0x86/0x230 [ 13.823438] kunit_try_run_case+0x1a5/0x480 [ 13.823462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.823506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.823540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.823562] ? __kthread_parkme+0x82/0x180 [ 13.823583] ? preempt_count_sub+0x50/0x80 [ 13.823604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.823627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.823648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.823670] kthread+0x337/0x6f0 [ 13.823689] ? trace_preempt_on+0x20/0xc0 [ 13.823710] ? __pfx_kthread+0x10/0x10 [ 13.823730] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.823751] ? calculate_sigpending+0x7b/0xa0 [ 13.823774] ? __pfx_kthread+0x10/0x10 [ 13.823795] ret_from_fork+0x116/0x1d0 [ 13.823812] ? __pfx_kthread+0x10/0x10 [ 13.823832] ret_from_fork_asm+0x1a/0x30 [ 13.823864] </TASK> [ 13.823876] [ 13.833145] The buggy address belongs to stack of task kunit_try_catch/268 [ 13.833509] [ 13.833607] The buggy address belongs to the physical page: [ 13.833946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a87 [ 13.834596] flags: 0x200000000000000(node=0|zone=2) [ 13.834841] raw: 0200000000000000 ffffea00040ea1c8 ffffea00040ea1c8 0000000000000000 [ 13.835181] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.835890] page dumped because: kasan: bad access detected [ 13.836066] [ 13.836164] Memory state around the buggy address: [ 13.836564] ffff888103a87b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.837105] ffff888103a87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.837402] >ffff888103a87c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.837851] ^ [ 13.838327] ffff888103a87c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.838647] ffff888103a87d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.838967] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.794970] ================================================================== [ 13.795711] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.796061] Read of size 1 at addr ffff888103a77d02 by task kunit_try_catch/266 [ 13.796320] [ 13.796429] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.796480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.796492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.796517] Call Trace: [ 13.796533] <TASK> [ 13.796555] dump_stack_lvl+0x73/0xb0 [ 13.796587] print_report+0xd1/0x650 [ 13.796612] ? __virt_addr_valid+0x1db/0x2d0 [ 13.796636] ? kasan_stack_oob+0x2b5/0x300 [ 13.796655] ? kasan_addr_to_slab+0x11/0xa0 [ 13.796676] ? kasan_stack_oob+0x2b5/0x300 [ 13.796696] kasan_report+0x141/0x180 [ 13.796716] ? kasan_stack_oob+0x2b5/0x300 [ 13.796743] __asan_report_load1_noabort+0x18/0x20 [ 13.796768] kasan_stack_oob+0x2b5/0x300 [ 13.796796] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.796815] ? finish_task_switch.isra.0+0x153/0x700 [ 13.796839] ? __switch_to+0x47/0xf50 [ 13.796865] ? __schedule+0x10cc/0x2b60 [ 13.796886] ? __pfx_read_tsc+0x10/0x10 [ 13.796909] ? ktime_get_ts64+0x86/0x230 [ 13.796934] kunit_try_run_case+0x1a5/0x480 [ 13.796960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.796982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.797008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.797030] ? __kthread_parkme+0x82/0x180 [ 13.797052] ? preempt_count_sub+0x50/0x80 [ 13.797073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.797096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.797119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.797141] kthread+0x337/0x6f0 [ 13.797161] ? trace_preempt_on+0x20/0xc0 [ 13.797185] ? __pfx_kthread+0x10/0x10 [ 13.797205] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.797276] ? calculate_sigpending+0x7b/0xa0 [ 13.797302] ? __pfx_kthread+0x10/0x10 [ 13.797325] ret_from_fork+0x116/0x1d0 [ 13.797344] ? __pfx_kthread+0x10/0x10 [ 13.797364] ret_from_fork_asm+0x1a/0x30 [ 13.797409] </TASK> [ 13.797421] [ 13.808938] The buggy address belongs to stack of task kunit_try_catch/266 [ 13.809444] and is located at offset 138 in frame: [ 13.809800] kasan_stack_oob+0x0/0x300 [ 13.810126] [ 13.810483] This frame has 4 objects: [ 13.810755] [48, 49) '__assertion' [ 13.810780] [64, 72) 'array' [ 13.810928] [96, 112) '__assertion' [ 13.811090] [128, 138) 'stack_array' [ 13.811553] [ 13.811894] The buggy address belongs to the physical page: [ 13.812080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a77 [ 13.812682] flags: 0x200000000000000(node=0|zone=2) [ 13.813128] raw: 0200000000000000 ffffea00040e9dc8 ffffea00040e9dc8 0000000000000000 [ 13.813615] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.813965] page dumped because: kasan: bad access detected [ 13.814216] [ 13.814641] Memory state around the buggy address: [ 13.814873] ffff888103a77c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.815608] ffff888103a77c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.816054] >ffff888103a77d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.816490] ^ [ 13.816839] ffff888103a77d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.817152] ffff888103a77e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.817783] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.771999] ================================================================== [ 13.772622] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.773029] Read of size 1 at addr ffffffffb5061e8d by task kunit_try_catch/262 [ 13.773384] [ 13.773533] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.773584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.773598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.773621] Call Trace: [ 13.773638] <TASK> [ 13.773659] dump_stack_lvl+0x73/0xb0 [ 13.773691] print_report+0xd1/0x650 [ 13.773714] ? __virt_addr_valid+0x1db/0x2d0 [ 13.773737] ? kasan_global_oob_right+0x286/0x2d0 [ 13.773758] ? kasan_addr_to_slab+0x11/0xa0 [ 13.773777] ? kasan_global_oob_right+0x286/0x2d0 [ 13.773798] kasan_report+0x141/0x180 [ 13.773819] ? kasan_global_oob_right+0x286/0x2d0 [ 13.773843] __asan_report_load1_noabort+0x18/0x20 [ 13.773867] kasan_global_oob_right+0x286/0x2d0 [ 13.773888] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.773911] ? __schedule+0x10cc/0x2b60 [ 13.773932] ? __pfx_read_tsc+0x10/0x10 [ 13.773952] ? ktime_get_ts64+0x86/0x230 [ 13.773976] kunit_try_run_case+0x1a5/0x480 [ 13.774001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.774022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.774044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.774066] ? __kthread_parkme+0x82/0x180 [ 13.774086] ? preempt_count_sub+0x50/0x80 [ 13.774109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.774132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.774153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.774175] kthread+0x337/0x6f0 [ 13.774194] ? trace_preempt_on+0x20/0xc0 [ 13.774286] ? __pfx_kthread+0x10/0x10 [ 13.774310] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.774330] ? calculate_sigpending+0x7b/0xa0 [ 13.774354] ? __pfx_kthread+0x10/0x10 [ 13.774374] ret_from_fork+0x116/0x1d0 [ 13.774393] ? __pfx_kthread+0x10/0x10 [ 13.774412] ret_from_fork_asm+0x1a/0x30 [ 13.774443] </TASK> [ 13.774454] [ 13.782995] The buggy address belongs to the variable: [ 13.783397] global_array+0xd/0x40 [ 13.783622] [ 13.783739] The buggy address belongs to the physical page: [ 13.783991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78861 [ 13.784696] flags: 0x100000000002000(reserved|node=0|zone=1) [ 13.785018] raw: 0100000000002000 ffffea0001e21848 ffffea0001e21848 0000000000000000 [ 13.785480] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.785823] page dumped because: kasan: bad access detected [ 13.786075] [ 13.786170] Memory state around the buggy address: [ 13.786486] ffffffffb5061d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.786808] ffffffffb5061e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.787076] >ffffffffb5061e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.787435] ^ [ 13.787593] ffffffffb5061f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.787887] ffffffffb5061f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.788169] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.719684] ================================================================== [ 13.720228] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.720633] Free of addr ffff88810264c101 by task kunit_try_catch/258 [ 13.720862] [ 13.720979] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.721029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.721041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.721065] Call Trace: [ 13.721080] <TASK> [ 13.721100] dump_stack_lvl+0x73/0xb0 [ 13.721130] print_report+0xd1/0x650 [ 13.721153] ? __virt_addr_valid+0x1db/0x2d0 [ 13.721177] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.721199] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.721265] kasan_report_invalid_free+0x10a/0x130 [ 13.721293] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.721320] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.721343] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.721366] check_slab_allocation+0x11f/0x130 [ 13.721387] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.721410] mempool_free+0x2ec/0x380 [ 13.721433] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.721457] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.721480] ? update_curr+0x5c1/0x810 [ 13.721509] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.721531] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.721554] ? schedule+0x7c/0x2e0 [ 13.721576] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.721598] ? __pfx_mempool_kfree+0x10/0x10 [ 13.721622] ? __pfx_read_tsc+0x10/0x10 [ 13.721643] ? ktime_get_ts64+0x86/0x230 [ 13.721666] kunit_try_run_case+0x1a5/0x480 [ 13.721691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.721739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.721763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.721785] ? __kthread_parkme+0x82/0x180 [ 13.721805] ? preempt_count_sub+0x50/0x80 [ 13.721827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.721849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.721871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.721893] kthread+0x337/0x6f0 [ 13.721912] ? trace_preempt_on+0x20/0xc0 [ 13.721935] ? __pfx_kthread+0x10/0x10 [ 13.721955] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.721975] ? calculate_sigpending+0x7b/0xa0 [ 13.722000] ? __pfx_kthread+0x10/0x10 [ 13.722021] ret_from_fork+0x116/0x1d0 [ 13.722038] ? __pfx_kthread+0x10/0x10 [ 13.722058] ret_from_fork_asm+0x1a/0x30 [ 13.722088] </TASK> [ 13.722100] [ 13.731749] Allocated by task 258: [ 13.731925] kasan_save_stack+0x45/0x70 [ 13.732148] kasan_save_track+0x18/0x40 [ 13.732469] kasan_save_alloc_info+0x3b/0x50 [ 13.732694] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.732952] remove_element+0x11e/0x190 [ 13.733117] mempool_alloc_preallocated+0x4d/0x90 [ 13.733383] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.733649] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.733889] kunit_try_run_case+0x1a5/0x480 [ 13.734066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.734388] kthread+0x337/0x6f0 [ 13.734564] ret_from_fork+0x116/0x1d0 [ 13.734723] ret_from_fork_asm+0x1a/0x30 [ 13.734915] [ 13.734993] The buggy address belongs to the object at ffff88810264c100 [ 13.734993] which belongs to the cache kmalloc-128 of size 128 [ 13.735866] The buggy address is located 1 bytes inside of [ 13.735866] 128-byte region [ffff88810264c100, ffff88810264c180) [ 13.736522] [ 13.736633] The buggy address belongs to the physical page: [ 13.736868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10264c [ 13.737262] flags: 0x200000000000000(node=0|zone=2) [ 13.737491] page_type: f5(slab) [ 13.737643] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.737875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.738308] page dumped because: kasan: bad access detected [ 13.738571] [ 13.738669] Memory state around the buggy address: [ 13.738867] ffff88810264c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.739119] ffff88810264c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.739799] >ffff88810264c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.740125] ^ [ 13.740397] ffff88810264c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.740625] ffff88810264c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.740935] ================================================================== [ 13.747452] ================================================================== [ 13.748093] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.748497] Free of addr ffff888103a3c001 by task kunit_try_catch/260 [ 13.748738] [ 13.748872] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.748925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.748938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.748962] Call Trace: [ 13.748976] <TASK> [ 13.748996] dump_stack_lvl+0x73/0xb0 [ 13.749031] print_report+0xd1/0x650 [ 13.749054] ? __virt_addr_valid+0x1db/0x2d0 [ 13.749080] ? kasan_addr_to_slab+0x11/0xa0 [ 13.749099] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.749124] kasan_report_invalid_free+0x10a/0x130 [ 13.749147] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.749174] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.749321] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.749348] mempool_free+0x2ec/0x380 [ 13.749372] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.749396] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.749422] ? __kasan_check_write+0x18/0x20 [ 13.749441] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.749463] ? finish_task_switch.isra.0+0x153/0x700 [ 13.749488] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.749512] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.749538] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.749563] ? __pfx_mempool_kfree+0x10/0x10 [ 13.749589] ? __pfx_read_tsc+0x10/0x10 [ 13.749610] ? ktime_get_ts64+0x86/0x230 [ 13.749634] kunit_try_run_case+0x1a5/0x480 [ 13.749660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.749682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.749708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.749730] ? __kthread_parkme+0x82/0x180 [ 13.749751] ? preempt_count_sub+0x50/0x80 [ 13.749773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.749796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.749818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.749840] kthread+0x337/0x6f0 [ 13.749859] ? trace_preempt_on+0x20/0xc0 [ 13.749882] ? __pfx_kthread+0x10/0x10 [ 13.749901] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.749922] ? calculate_sigpending+0x7b/0xa0 [ 13.749946] ? __pfx_kthread+0x10/0x10 [ 13.749966] ret_from_fork+0x116/0x1d0 [ 13.749984] ? __pfx_kthread+0x10/0x10 [ 13.750005] ret_from_fork_asm+0x1a/0x30 [ 13.750037] </TASK> [ 13.750048] [ 13.759093] The buggy address belongs to the physical page: [ 13.759540] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a3c [ 13.759910] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.760143] flags: 0x200000000000040(head|node=0|zone=2) [ 13.760491] page_type: f8(unknown) [ 13.760674] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.761020] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.761468] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.761711] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.762027] head: 0200000000000002 ffffea00040e8f01 00000000ffffffff 00000000ffffffff [ 13.762485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.762802] page dumped because: kasan: bad access detected [ 13.763016] [ 13.763110] Memory state around the buggy address: [ 13.763404] ffff888103a3bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.763623] ffff888103a3bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.763931] >ffff888103a3c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.764861] ^ [ 13.765045] ffff888103a3c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.765695] ffff888103a3c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.765980] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.673854] ================================================================== [ 13.674813] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.675179] Free of addr ffff888103a3c000 by task kunit_try_catch/254 [ 13.675400] [ 13.675517] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.675567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.675580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.675603] Call Trace: [ 13.675619] <TASK> [ 13.675638] dump_stack_lvl+0x73/0xb0 [ 13.675753] print_report+0xd1/0x650 [ 13.675777] ? __virt_addr_valid+0x1db/0x2d0 [ 13.675801] ? kasan_addr_to_slab+0x11/0xa0 [ 13.675820] ? mempool_double_free_helper+0x184/0x370 [ 13.675843] kasan_report_invalid_free+0x10a/0x130 [ 13.675866] ? mempool_double_free_helper+0x184/0x370 [ 13.675892] ? mempool_double_free_helper+0x184/0x370 [ 13.675914] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.675938] mempool_free+0x2ec/0x380 [ 13.675961] mempool_double_free_helper+0x184/0x370 [ 13.675983] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.676008] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.676030] ? finish_task_switch.isra.0+0x153/0x700 [ 13.676055] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.676078] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.676105] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.676128] ? __pfx_mempool_kfree+0x10/0x10 [ 13.676154] ? __pfx_read_tsc+0x10/0x10 [ 13.676175] ? ktime_get_ts64+0x86/0x230 [ 13.676198] kunit_try_run_case+0x1a5/0x480 [ 13.676235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.676256] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.676279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.676302] ? __kthread_parkme+0x82/0x180 [ 13.676322] ? preempt_count_sub+0x50/0x80 [ 13.676343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.676366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.676387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.676409] kthread+0x337/0x6f0 [ 13.676426] ? trace_preempt_on+0x20/0xc0 [ 13.676448] ? __pfx_kthread+0x10/0x10 [ 13.676469] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.676488] ? calculate_sigpending+0x7b/0xa0 [ 13.676511] ? __pfx_kthread+0x10/0x10 [ 13.676531] ret_from_fork+0x116/0x1d0 [ 13.676549] ? __pfx_kthread+0x10/0x10 [ 13.676568] ret_from_fork_asm+0x1a/0x30 [ 13.676599] </TASK> [ 13.676609] [ 13.686602] The buggy address belongs to the physical page: [ 13.686883] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a3c [ 13.687147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.688582] flags: 0x200000000000040(head|node=0|zone=2) [ 13.688886] page_type: f8(unknown) [ 13.689067] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.689621] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.689962] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.690572] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.690923] head: 0200000000000002 ffffea00040e8f01 00000000ffffffff 00000000ffffffff [ 13.691638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.691975] page dumped because: kasan: bad access detected [ 13.692268] [ 13.692471] Memory state around the buggy address: [ 13.692719] ffff888103a3bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.693051] ffff888103a3bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.693523] >ffff888103a3c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.693883] ^ [ 13.694091] ffff888103a3c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.694549] ffff888103a3c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.694883] ================================================================== [ 13.699074] ================================================================== [ 13.699768] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.700138] Free of addr ffff888103a3c000 by task kunit_try_catch/256 [ 13.700935] [ 13.701063] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.701116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.701129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.701154] Call Trace: [ 13.701172] <TASK> [ 13.701193] dump_stack_lvl+0x73/0xb0 [ 13.701242] print_report+0xd1/0x650 [ 13.701266] ? __virt_addr_valid+0x1db/0x2d0 [ 13.701289] ? kasan_addr_to_slab+0x11/0xa0 [ 13.701308] ? mempool_double_free_helper+0x184/0x370 [ 13.701333] kasan_report_invalid_free+0x10a/0x130 [ 13.701356] ? mempool_double_free_helper+0x184/0x370 [ 13.701381] ? mempool_double_free_helper+0x184/0x370 [ 13.701403] __kasan_mempool_poison_pages+0x115/0x130 [ 13.701511] mempool_free+0x290/0x380 [ 13.701538] mempool_double_free_helper+0x184/0x370 [ 13.701561] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.701588] ? finish_task_switch.isra.0+0x153/0x700 [ 13.701614] mempool_page_alloc_double_free+0xe8/0x140 [ 13.701638] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.701665] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.701684] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.701706] ? __pfx_read_tsc+0x10/0x10 [ 13.701727] ? ktime_get_ts64+0x86/0x230 [ 13.701751] kunit_try_run_case+0x1a5/0x480 [ 13.701775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.701796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.701820] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.701841] ? __kthread_parkme+0x82/0x180 [ 13.701861] ? preempt_count_sub+0x50/0x80 [ 13.701883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.701906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.701928] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.701950] kthread+0x337/0x6f0 [ 13.701968] ? trace_preempt_on+0x20/0xc0 [ 13.701990] ? __pfx_kthread+0x10/0x10 [ 13.702009] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.702028] ? calculate_sigpending+0x7b/0xa0 [ 13.702051] ? __pfx_kthread+0x10/0x10 [ 13.702072] ret_from_fork+0x116/0x1d0 [ 13.702090] ? __pfx_kthread+0x10/0x10 [ 13.702109] ret_from_fork_asm+0x1a/0x30 [ 13.702138] </TASK> [ 13.702150] [ 13.710677] The buggy address belongs to the physical page: [ 13.710975] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a3c [ 13.711781] flags: 0x200000000000000(node=0|zone=2) [ 13.712014] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.712473] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.712745] page dumped because: kasan: bad access detected [ 13.712933] [ 13.713006] Memory state around the buggy address: [ 13.713331] ffff888103a3bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.713624] ffff888103a3bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.713939] >ffff888103a3c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.714287] ^ [ 13.714435] ffff888103a3c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.714759] ffff888103a3c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.715079] ================================================================== [ 13.639750] ================================================================== [ 13.640247] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.640900] Free of addr ffff888103980b00 by task kunit_try_catch/252 [ 13.641211] [ 13.641531] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.641586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.641681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.641708] Call Trace: [ 13.641723] <TASK> [ 13.641744] dump_stack_lvl+0x73/0xb0 [ 13.641781] print_report+0xd1/0x650 [ 13.641804] ? __virt_addr_valid+0x1db/0x2d0 [ 13.641831] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.641852] ? mempool_double_free_helper+0x184/0x370 [ 13.641876] kasan_report_invalid_free+0x10a/0x130 [ 13.641900] ? mempool_double_free_helper+0x184/0x370 [ 13.641924] ? mempool_double_free_helper+0x184/0x370 [ 13.641948] ? mempool_double_free_helper+0x184/0x370 [ 13.641969] check_slab_allocation+0x101/0x130 [ 13.641990] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.642013] mempool_free+0x2ec/0x380 [ 13.642037] mempool_double_free_helper+0x184/0x370 [ 13.642060] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.642082] ? update_load_avg+0x1be/0x21b0 [ 13.642105] ? update_load_avg+0x1be/0x21b0 [ 13.642719] ? update_curr+0x80/0x810 [ 13.642751] ? finish_task_switch.isra.0+0x153/0x700 [ 13.642778] mempool_kmalloc_double_free+0xed/0x140 [ 13.642802] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.642828] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.642853] ? __pfx_mempool_kfree+0x10/0x10 [ 13.642880] ? __pfx_read_tsc+0x10/0x10 [ 13.642902] ? ktime_get_ts64+0x86/0x230 [ 13.642926] kunit_try_run_case+0x1a5/0x480 [ 13.642952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.642974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.642999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.643021] ? __kthread_parkme+0x82/0x180 [ 13.643042] ? preempt_count_sub+0x50/0x80 [ 13.643064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.643087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.643109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.643131] kthread+0x337/0x6f0 [ 13.643150] ? trace_preempt_on+0x20/0xc0 [ 13.643173] ? __pfx_kthread+0x10/0x10 [ 13.643193] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.643244] ? calculate_sigpending+0x7b/0xa0 [ 13.643269] ? __pfx_kthread+0x10/0x10 [ 13.643289] ret_from_fork+0x116/0x1d0 [ 13.643308] ? __pfx_kthread+0x10/0x10 [ 13.643327] ret_from_fork_asm+0x1a/0x30 [ 13.643359] </TASK> [ 13.643371] [ 13.656718] Allocated by task 252: [ 13.656938] kasan_save_stack+0x45/0x70 [ 13.657155] kasan_save_track+0x18/0x40 [ 13.658073] kasan_save_alloc_info+0x3b/0x50 [ 13.658474] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.658751] remove_element+0x11e/0x190 [ 13.659025] mempool_alloc_preallocated+0x4d/0x90 [ 13.659206] mempool_double_free_helper+0x8a/0x370 [ 13.659647] mempool_kmalloc_double_free+0xed/0x140 [ 13.659963] kunit_try_run_case+0x1a5/0x480 [ 13.660127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.660536] kthread+0x337/0x6f0 [ 13.660847] ret_from_fork+0x116/0x1d0 [ 13.660999] ret_from_fork_asm+0x1a/0x30 [ 13.661202] [ 13.661543] Freed by task 252: [ 13.661722] kasan_save_stack+0x45/0x70 [ 13.661880] kasan_save_track+0x18/0x40 [ 13.662053] kasan_save_free_info+0x3f/0x60 [ 13.662280] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.662862] mempool_free+0x2ec/0x380 [ 13.663006] mempool_double_free_helper+0x109/0x370 [ 13.663257] mempool_kmalloc_double_free+0xed/0x140 [ 13.663625] kunit_try_run_case+0x1a5/0x480 [ 13.663922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.664113] kthread+0x337/0x6f0 [ 13.664283] ret_from_fork+0x116/0x1d0 [ 13.664490] ret_from_fork_asm+0x1a/0x30 [ 13.664680] [ 13.664754] The buggy address belongs to the object at ffff888103980b00 [ 13.664754] which belongs to the cache kmalloc-128 of size 128 [ 13.665288] The buggy address is located 0 bytes inside of [ 13.665288] 128-byte region [ffff888103980b00, ffff888103980b80) [ 13.665771] [ 13.665870] The buggy address belongs to the physical page: [ 13.666121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 13.666483] flags: 0x200000000000000(node=0|zone=2) [ 13.666712] page_type: f5(slab) [ 13.666893] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.667208] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.667446] page dumped because: kasan: bad access detected [ 13.667762] [ 13.667948] Memory state around the buggy address: [ 13.668179] ffff888103980a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.668471] ffff888103980a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.668698] >ffff888103980b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.669140] ^ [ 13.669336] ffff888103980b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.669659] ffff888103980c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.669944] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.614108] ================================================================== [ 13.615297] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.615847] Read of size 1 at addr ffff8881039bc000 by task kunit_try_catch/250 [ 13.616084] [ 13.616185] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.616301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.616317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.616341] Call Trace: [ 13.616358] <TASK> [ 13.616377] dump_stack_lvl+0x73/0xb0 [ 13.616412] print_report+0xd1/0x650 [ 13.616437] ? __virt_addr_valid+0x1db/0x2d0 [ 13.616474] ? mempool_uaf_helper+0x392/0x400 [ 13.616499] ? kasan_addr_to_slab+0x11/0xa0 [ 13.616519] ? mempool_uaf_helper+0x392/0x400 [ 13.616540] kasan_report+0x141/0x180 [ 13.616561] ? mempool_uaf_helper+0x392/0x400 [ 13.616588] __asan_report_load1_noabort+0x18/0x20 [ 13.616612] mempool_uaf_helper+0x392/0x400 [ 13.616634] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.616657] ? __kasan_check_write+0x18/0x20 [ 13.616676] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.616698] ? finish_task_switch.isra.0+0x153/0x700 [ 13.616724] mempool_page_alloc_uaf+0xed/0x140 [ 13.616746] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.616771] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.616799] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.616821] ? __pfx_read_tsc+0x10/0x10 [ 13.616842] ? ktime_get_ts64+0x86/0x230 [ 13.616867] kunit_try_run_case+0x1a5/0x480 [ 13.616893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.616914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.616938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.616961] ? __kthread_parkme+0x82/0x180 [ 13.616981] ? preempt_count_sub+0x50/0x80 [ 13.617004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.617049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.617072] kthread+0x337/0x6f0 [ 13.617091] ? trace_preempt_on+0x20/0xc0 [ 13.617114] ? __pfx_kthread+0x10/0x10 [ 13.617133] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.617153] ? calculate_sigpending+0x7b/0xa0 [ 13.617177] ? __pfx_kthread+0x10/0x10 [ 13.617198] ret_from_fork+0x116/0x1d0 [ 13.617227] ? __pfx_kthread+0x10/0x10 [ 13.617247] ret_from_fork_asm+0x1a/0x30 [ 13.617279] </TASK> [ 13.617290] [ 13.630250] The buggy address belongs to the physical page: [ 13.630893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bc [ 13.631422] flags: 0x200000000000000(node=0|zone=2) [ 13.631850] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.632113] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.632521] page dumped because: kasan: bad access detected [ 13.632737] [ 13.632847] Memory state around the buggy address: [ 13.633047] ffff8881039bbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.633449] ffff8881039bbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.633771] >ffff8881039bc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.634118] ^ [ 13.634319] ffff8881039bc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.634614] ffff8881039bc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.634871] ================================================================== [ 13.530749] ================================================================== [ 13.531268] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.531844] Read of size 1 at addr ffff8881039bc000 by task kunit_try_catch/246 [ 13.532194] [ 13.532479] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.532535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.532548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.532572] Call Trace: [ 13.532590] <TASK> [ 13.532610] dump_stack_lvl+0x73/0xb0 [ 13.532647] print_report+0xd1/0x650 [ 13.532672] ? __virt_addr_valid+0x1db/0x2d0 [ 13.532697] ? mempool_uaf_helper+0x392/0x400 [ 13.532719] ? kasan_addr_to_slab+0x11/0xa0 [ 13.532739] ? mempool_uaf_helper+0x392/0x400 [ 13.532817] kasan_report+0x141/0x180 [ 13.532839] ? mempool_uaf_helper+0x392/0x400 [ 13.532886] __asan_report_load1_noabort+0x18/0x20 [ 13.532911] mempool_uaf_helper+0x392/0x400 [ 13.532933] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.532956] ? __kasan_check_write+0x18/0x20 [ 13.532975] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.532999] ? finish_task_switch.isra.0+0x153/0x700 [ 13.533087] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.533129] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.533155] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.533181] ? __pfx_mempool_kfree+0x10/0x10 [ 13.533233] ? __pfx_read_tsc+0x10/0x10 [ 13.533255] ? ktime_get_ts64+0x86/0x230 [ 13.533280] kunit_try_run_case+0x1a5/0x480 [ 13.533307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.533329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.533354] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.533376] ? __kthread_parkme+0x82/0x180 [ 13.533398] ? preempt_count_sub+0x50/0x80 [ 13.533420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.533443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.533465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.533488] kthread+0x337/0x6f0 [ 13.533507] ? trace_preempt_on+0x20/0xc0 [ 13.533531] ? __pfx_kthread+0x10/0x10 [ 13.533551] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.533572] ? calculate_sigpending+0x7b/0xa0 [ 13.533597] ? __pfx_kthread+0x10/0x10 [ 13.533618] ret_from_fork+0x116/0x1d0 [ 13.533637] ? __pfx_kthread+0x10/0x10 [ 13.533657] ret_from_fork_asm+0x1a/0x30 [ 13.533689] </TASK> [ 13.533700] [ 13.547163] The buggy address belongs to the physical page: [ 13.547513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bc [ 13.547908] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.548241] flags: 0x200000000000040(head|node=0|zone=2) [ 13.548806] page_type: f8(unknown) [ 13.549034] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.550009] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.550623] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.550944] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.551677] head: 0200000000000002 ffffea00040e6f01 00000000ffffffff 00000000ffffffff [ 13.552026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.552561] page dumped because: kasan: bad access detected [ 13.553316] [ 13.553440] Memory state around the buggy address: [ 13.554071] ffff8881039bbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.554490] ffff8881039bbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.554914] >ffff8881039bc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.555555] ^ [ 13.555704] ffff8881039bc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.556109] ffff8881039bc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.556713] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 13.562930] ================================================================== [ 13.563756] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.564017] Read of size 1 at addr ffff888103994240 by task kunit_try_catch/248 [ 13.564391] [ 13.564660] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.564714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.564727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.564751] Call Trace: [ 13.564769] <TASK> [ 13.564800] dump_stack_lvl+0x73/0xb0 [ 13.564835] print_report+0xd1/0x650 [ 13.564858] ? __virt_addr_valid+0x1db/0x2d0 [ 13.564882] ? mempool_uaf_helper+0x392/0x400 [ 13.564903] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.564925] ? mempool_uaf_helper+0x392/0x400 [ 13.564946] kasan_report+0x141/0x180 [ 13.564967] ? mempool_uaf_helper+0x392/0x400 [ 13.564992] __asan_report_load1_noabort+0x18/0x20 [ 13.565016] mempool_uaf_helper+0x392/0x400 [ 13.565038] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.565057] ? update_load_avg+0x1be/0x21b0 [ 13.565084] ? finish_task_switch.isra.0+0x153/0x700 [ 13.565108] mempool_slab_uaf+0xea/0x140 [ 13.565129] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.565155] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.565177] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.565197] ? __pfx_read_tsc+0x10/0x10 [ 13.565235] ? ktime_get_ts64+0x86/0x230 [ 13.565259] kunit_try_run_case+0x1a5/0x480 [ 13.565284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.565305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.565328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.565351] ? __kthread_parkme+0x82/0x180 [ 13.565370] ? preempt_count_sub+0x50/0x80 [ 13.565391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.565414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.565436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.565458] kthread+0x337/0x6f0 [ 13.565476] ? trace_preempt_on+0x20/0xc0 [ 13.565499] ? __pfx_kthread+0x10/0x10 [ 13.565518] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.565538] ? calculate_sigpending+0x7b/0xa0 [ 13.565562] ? __pfx_kthread+0x10/0x10 [ 13.565581] ret_from_fork+0x116/0x1d0 [ 13.565599] ? __pfx_kthread+0x10/0x10 [ 13.565619] ret_from_fork_asm+0x1a/0x30 [ 13.565648] </TASK> [ 13.565659] [ 13.580608] Allocated by task 248: [ 13.580976] kasan_save_stack+0x45/0x70 [ 13.581552] kasan_save_track+0x18/0x40 [ 13.581983] kasan_save_alloc_info+0x3b/0x50 [ 13.582471] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.583030] remove_element+0x11e/0x190 [ 13.583512] mempool_alloc_preallocated+0x4d/0x90 [ 13.583692] mempool_uaf_helper+0x96/0x400 [ 13.583858] mempool_slab_uaf+0xea/0x140 [ 13.584038] kunit_try_run_case+0x1a5/0x480 [ 13.584721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.585622] kthread+0x337/0x6f0 [ 13.585929] ret_from_fork+0x116/0x1d0 [ 13.586064] ret_from_fork_asm+0x1a/0x30 [ 13.586216] [ 13.586495] Freed by task 248: [ 13.586782] kasan_save_stack+0x45/0x70 [ 13.587160] kasan_save_track+0x18/0x40 [ 13.587929] kasan_save_free_info+0x3f/0x60 [ 13.588324] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.588678] mempool_free+0x2ec/0x380 [ 13.588816] mempool_uaf_helper+0x11a/0x400 [ 13.588957] mempool_slab_uaf+0xea/0x140 [ 13.589100] kunit_try_run_case+0x1a5/0x480 [ 13.589471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.589945] kthread+0x337/0x6f0 [ 13.590352] ret_from_fork+0x116/0x1d0 [ 13.590697] ret_from_fork_asm+0x1a/0x30 [ 13.591059] [ 13.591527] The buggy address belongs to the object at ffff888103994240 [ 13.591527] which belongs to the cache test_cache of size 123 [ 13.592669] The buggy address is located 0 bytes inside of [ 13.592669] freed 123-byte region [ffff888103994240, ffff8881039942bb) [ 13.593318] [ 13.593512] The buggy address belongs to the physical page: [ 13.594010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 13.595244] flags: 0x200000000000000(node=0|zone=2) [ 13.595456] page_type: f5(slab) [ 13.595587] raw: 0200000000000000 ffff888101d0cb40 dead000000000122 0000000000000000 [ 13.595817] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.596043] page dumped because: kasan: bad access detected [ 13.596214] [ 13.596871] Memory state around the buggy address: [ 13.597315] ffff888103994100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.597898] ffff888103994180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.598573] >ffff888103994200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.599902] ^ [ 13.600654] ffff888103994280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.601975] ffff888103994300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.603004] ================================================================== [ 13.496109] ================================================================== [ 13.496752] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.497053] Read of size 1 at addr ffff888103980700 by task kunit_try_catch/244 [ 13.497444] [ 13.497566] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.497635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.497647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.497684] Call Trace: [ 13.497699] <TASK> [ 13.497719] dump_stack_lvl+0x73/0xb0 [ 13.497751] print_report+0xd1/0x650 [ 13.497774] ? __virt_addr_valid+0x1db/0x2d0 [ 13.497798] ? mempool_uaf_helper+0x392/0x400 [ 13.497819] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.497840] ? mempool_uaf_helper+0x392/0x400 [ 13.497861] kasan_report+0x141/0x180 [ 13.497882] ? mempool_uaf_helper+0x392/0x400 [ 13.497907] __asan_report_load1_noabort+0x18/0x20 [ 13.497930] mempool_uaf_helper+0x392/0x400 [ 13.497951] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.497974] ? __kasan_check_write+0x18/0x20 [ 13.497992] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.498025] ? finish_task_switch.isra.0+0x153/0x700 [ 13.498049] mempool_kmalloc_uaf+0xef/0x140 [ 13.498070] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 13.498105] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.498132] ? __pfx_mempool_kfree+0x10/0x10 [ 13.498158] ? __pfx_read_tsc+0x10/0x10 [ 13.498178] ? ktime_get_ts64+0x86/0x230 [ 13.498201] kunit_try_run_case+0x1a5/0x480 [ 13.498237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.498270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.498293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.498315] ? __kthread_parkme+0x82/0x180 [ 13.498336] ? preempt_count_sub+0x50/0x80 [ 13.498357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.498380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.498402] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.498424] kthread+0x337/0x6f0 [ 13.498445] ? trace_preempt_on+0x20/0xc0 [ 13.498469] ? __pfx_kthread+0x10/0x10 [ 13.498490] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.498511] ? calculate_sigpending+0x7b/0xa0 [ 13.498534] ? __pfx_kthread+0x10/0x10 [ 13.498555] ret_from_fork+0x116/0x1d0 [ 13.498572] ? __pfx_kthread+0x10/0x10 [ 13.498593] ret_from_fork_asm+0x1a/0x30 [ 13.498624] </TASK> [ 13.498635] [ 13.512088] Allocated by task 244: [ 13.512492] kasan_save_stack+0x45/0x70 [ 13.512713] kasan_save_track+0x18/0x40 [ 13.512894] kasan_save_alloc_info+0x3b/0x50 [ 13.513090] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.513716] remove_element+0x11e/0x190 [ 13.513904] mempool_alloc_preallocated+0x4d/0x90 [ 13.514117] mempool_uaf_helper+0x96/0x400 [ 13.514781] mempool_kmalloc_uaf+0xef/0x140 [ 13.514991] kunit_try_run_case+0x1a5/0x480 [ 13.515192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.515381] kthread+0x337/0x6f0 [ 13.515576] ret_from_fork+0x116/0x1d0 [ 13.515787] ret_from_fork_asm+0x1a/0x30 [ 13.515984] [ 13.516084] Freed by task 244: [ 13.516303] kasan_save_stack+0x45/0x70 [ 13.516466] kasan_save_track+0x18/0x40 [ 13.516630] kasan_save_free_info+0x3f/0x60 [ 13.516941] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.517151] mempool_free+0x2ec/0x380 [ 13.517294] mempool_uaf_helper+0x11a/0x400 [ 13.517494] mempool_kmalloc_uaf+0xef/0x140 [ 13.517880] kunit_try_run_case+0x1a5/0x480 [ 13.518201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.518657] kthread+0x337/0x6f0 [ 13.518850] ret_from_fork+0x116/0x1d0 [ 13.519028] ret_from_fork_asm+0x1a/0x30 [ 13.519276] [ 13.519389] The buggy address belongs to the object at ffff888103980700 [ 13.519389] which belongs to the cache kmalloc-128 of size 128 [ 13.520057] The buggy address is located 0 bytes inside of [ 13.520057] freed 128-byte region [ffff888103980700, ffff888103980780) [ 13.520658] [ 13.520763] The buggy address belongs to the physical page: [ 13.521028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 13.521302] flags: 0x200000000000000(node=0|zone=2) [ 13.521472] page_type: f5(slab) [ 13.521770] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.522135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.522633] page dumped because: kasan: bad access detected [ 13.522812] [ 13.522881] Memory state around the buggy address: [ 13.523040] ffff888103980600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.523511] ffff888103980680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.523835] >ffff888103980700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.524160] ^ [ 13.524566] ffff888103980780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.524910] ffff888103980800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.525309] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 13.404485] ================================================================== [ 13.404964] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.405564] Read of size 1 at addr ffff888103980373 by task kunit_try_catch/238 [ 13.405835] [ 13.405961] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.406012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.406024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.406047] Call Trace: [ 13.406061] <TASK> [ 13.406082] dump_stack_lvl+0x73/0xb0 [ 13.406112] print_report+0xd1/0x650 [ 13.406135] ? __virt_addr_valid+0x1db/0x2d0 [ 13.406157] ? mempool_oob_right_helper+0x318/0x380 [ 13.406179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.406199] ? mempool_oob_right_helper+0x318/0x380 [ 13.406235] kasan_report+0x141/0x180 [ 13.406257] ? mempool_oob_right_helper+0x318/0x380 [ 13.406283] __asan_report_load1_noabort+0x18/0x20 [ 13.406307] mempool_oob_right_helper+0x318/0x380 [ 13.406332] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.406355] ? __kasan_check_write+0x18/0x20 [ 13.406373] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.406395] ? finish_task_switch.isra.0+0x153/0x700 [ 13.406419] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.406441] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.406466] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.406493] ? __pfx_mempool_kfree+0x10/0x10 [ 13.406519] ? __pfx_read_tsc+0x10/0x10 [ 13.406539] ? ktime_get_ts64+0x86/0x230 [ 13.406563] kunit_try_run_case+0x1a5/0x480 [ 13.406587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.406608] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.406631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.406652] ? __kthread_parkme+0x82/0x180 [ 13.406672] ? preempt_count_sub+0x50/0x80 [ 13.406692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.406715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.406735] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.406758] kthread+0x337/0x6f0 [ 13.406776] ? trace_preempt_on+0x20/0xc0 [ 13.406798] ? __pfx_kthread+0x10/0x10 [ 13.406818] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.406838] ? calculate_sigpending+0x7b/0xa0 [ 13.406862] ? __pfx_kthread+0x10/0x10 [ 13.406883] ret_from_fork+0x116/0x1d0 [ 13.406900] ? __pfx_kthread+0x10/0x10 [ 13.406919] ret_from_fork_asm+0x1a/0x30 [ 13.406949] </TASK> [ 13.406961] [ 13.419532] Allocated by task 238: [ 13.419786] kasan_save_stack+0x45/0x70 [ 13.420094] kasan_save_track+0x18/0x40 [ 13.420370] kasan_save_alloc_info+0x3b/0x50 [ 13.420669] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.420944] remove_element+0x11e/0x190 [ 13.421117] mempool_alloc_preallocated+0x4d/0x90 [ 13.421431] mempool_oob_right_helper+0x8a/0x380 [ 13.421978] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.422335] kunit_try_run_case+0x1a5/0x480 [ 13.422586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.422914] kthread+0x337/0x6f0 [ 13.423072] ret_from_fork+0x116/0x1d0 [ 13.423439] ret_from_fork_asm+0x1a/0x30 [ 13.423636] [ 13.423726] The buggy address belongs to the object at ffff888103980300 [ 13.423726] which belongs to the cache kmalloc-128 of size 128 [ 13.424462] The buggy address is located 0 bytes to the right of [ 13.424462] allocated 115-byte region [ffff888103980300, ffff888103980373) [ 13.425058] [ 13.425162] The buggy address belongs to the physical page: [ 13.425931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 13.426764] flags: 0x200000000000000(node=0|zone=2) [ 13.427011] page_type: f5(slab) [ 13.427177] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.427782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.428109] page dumped because: kasan: bad access detected [ 13.428318] [ 13.428455] Memory state around the buggy address: [ 13.428811] ffff888103980200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.429125] ffff888103980280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.429416] >ffff888103980300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.429731] ^ [ 13.430002] ffff888103980380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.430710] ffff888103980400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.431035] ================================================================== [ 13.463951] ================================================================== [ 13.464639] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.465123] Read of size 1 at addr ffff8881026482bb by task kunit_try_catch/242 [ 13.465544] [ 13.465765] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.465849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.465862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.465886] Call Trace: [ 13.465902] <TASK> [ 13.465923] dump_stack_lvl+0x73/0xb0 [ 13.465960] print_report+0xd1/0x650 [ 13.465985] ? __virt_addr_valid+0x1db/0x2d0 [ 13.466009] ? mempool_oob_right_helper+0x318/0x380 [ 13.466032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.466053] ? mempool_oob_right_helper+0x318/0x380 [ 13.466076] kasan_report+0x141/0x180 [ 13.466097] ? mempool_oob_right_helper+0x318/0x380 [ 13.466124] __asan_report_load1_noabort+0x18/0x20 [ 13.466147] mempool_oob_right_helper+0x318/0x380 [ 13.466171] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.466326] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.466350] ? finish_task_switch.isra.0+0x153/0x700 [ 13.466376] mempool_slab_oob_right+0xed/0x140 [ 13.466399] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.466424] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.466477] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.466498] ? __pfx_read_tsc+0x10/0x10 [ 13.466520] ? ktime_get_ts64+0x86/0x230 [ 13.466556] kunit_try_run_case+0x1a5/0x480 [ 13.466582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.466603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.466627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.466649] ? __kthread_parkme+0x82/0x180 [ 13.466670] ? preempt_count_sub+0x50/0x80 [ 13.466692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.466714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.466736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.466758] kthread+0x337/0x6f0 [ 13.466776] ? trace_preempt_on+0x20/0xc0 [ 13.466799] ? __pfx_kthread+0x10/0x10 [ 13.466819] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.466839] ? calculate_sigpending+0x7b/0xa0 [ 13.466864] ? __pfx_kthread+0x10/0x10 [ 13.466885] ret_from_fork+0x116/0x1d0 [ 13.466904] ? __pfx_kthread+0x10/0x10 [ 13.466923] ret_from_fork_asm+0x1a/0x30 [ 13.466955] </TASK> [ 13.466967] [ 13.476810] Allocated by task 242: [ 13.477032] kasan_save_stack+0x45/0x70 [ 13.477345] kasan_save_track+0x18/0x40 [ 13.477555] kasan_save_alloc_info+0x3b/0x50 [ 13.477760] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.477960] remove_element+0x11e/0x190 [ 13.478091] mempool_alloc_preallocated+0x4d/0x90 [ 13.478524] mempool_oob_right_helper+0x8a/0x380 [ 13.478761] mempool_slab_oob_right+0xed/0x140 [ 13.478953] kunit_try_run_case+0x1a5/0x480 [ 13.479128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.479730] kthread+0x337/0x6f0 [ 13.479911] ret_from_fork+0x116/0x1d0 [ 13.480087] ret_from_fork_asm+0x1a/0x30 [ 13.480389] [ 13.480493] The buggy address belongs to the object at ffff888102648240 [ 13.480493] which belongs to the cache test_cache of size 123 [ 13.481036] The buggy address is located 0 bytes to the right of [ 13.481036] allocated 123-byte region [ffff888102648240, ffff8881026482bb) [ 13.481669] [ 13.481791] The buggy address belongs to the physical page: [ 13.482032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102648 [ 13.482469] flags: 0x200000000000000(node=0|zone=2) [ 13.482708] page_type: f5(slab) [ 13.482834] raw: 0200000000000000 ffff888101643640 dead000000000122 0000000000000000 [ 13.483573] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.483934] page dumped because: kasan: bad access detected [ 13.484169] [ 13.484270] Memory state around the buggy address: [ 13.484483] ffff888102648180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.484759] ffff888102648200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.485066] >ffff888102648280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.485610] ^ [ 13.485808] ffff888102648300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.486132] ffff888102648380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.486547] ================================================================== [ 13.434685] ================================================================== [ 13.435176] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.435726] Read of size 1 at addr ffff888102a5a001 by task kunit_try_catch/240 [ 13.436019] [ 13.436124] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.436178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.436190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.436214] Call Trace: [ 13.436241] <TASK> [ 13.436262] dump_stack_lvl+0x73/0xb0 [ 13.436297] print_report+0xd1/0x650 [ 13.436321] ? __virt_addr_valid+0x1db/0x2d0 [ 13.436421] ? mempool_oob_right_helper+0x318/0x380 [ 13.436447] ? kasan_addr_to_slab+0x11/0xa0 [ 13.436466] ? mempool_oob_right_helper+0x318/0x380 [ 13.436489] kasan_report+0x141/0x180 [ 13.436510] ? mempool_oob_right_helper+0x318/0x380 [ 13.436536] __asan_report_load1_noabort+0x18/0x20 [ 13.436560] mempool_oob_right_helper+0x318/0x380 [ 13.436583] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.436616] ? __kasan_check_write+0x18/0x20 [ 13.436636] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.436658] ? irqentry_exit+0x2a/0x60 [ 13.436679] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.436703] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.436726] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.436752] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.436777] ? __pfx_mempool_kfree+0x10/0x10 [ 13.436808] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.436834] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.436869] kunit_try_run_case+0x1a5/0x480 [ 13.436895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.436916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.436951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.436973] ? __kthread_parkme+0x82/0x180 [ 13.436994] ? preempt_count_sub+0x50/0x80 [ 13.437018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.437040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.437062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.437084] kthread+0x337/0x6f0 [ 13.437102] ? trace_preempt_on+0x20/0xc0 [ 13.437125] ? __pfx_kthread+0x10/0x10 [ 13.437145] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.437164] ? calculate_sigpending+0x7b/0xa0 [ 13.437189] ? __pfx_kthread+0x10/0x10 [ 13.437272] ret_from_fork+0x116/0x1d0 [ 13.437295] ? __pfx_kthread+0x10/0x10 [ 13.437315] ret_from_fork_asm+0x1a/0x30 [ 13.437347] </TASK> [ 13.437359] [ 13.449826] The buggy address belongs to the physical page: [ 13.450060] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58 [ 13.450563] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.451234] flags: 0x200000000000040(head|node=0|zone=2) [ 13.451584] page_type: f8(unknown) [ 13.451856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.452336] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.452698] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.453099] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.453550] head: 0200000000000002 ffffea00040a9601 00000000ffffffff 00000000ffffffff [ 13.453871] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.454268] page dumped because: kasan: bad access detected [ 13.454662] [ 13.454816] Memory state around the buggy address: [ 13.455049] ffff888102a59f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.455471] ffff888102a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.455861] >ffff888102a5a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.456171] ^ [ 13.456662] ffff888102a5a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.457031] ffff888102a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.457664] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.830381] ================================================================== [ 12.830921] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.831921] Read of size 1 at addr ffff888101d0ca00 by task kunit_try_catch/232 [ 12.832327] [ 12.832469] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.832523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.832537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.832561] Call Trace: [ 12.832580] <TASK> [ 12.832603] dump_stack_lvl+0x73/0xb0 [ 12.832644] print_report+0xd1/0x650 [ 12.832669] ? __virt_addr_valid+0x1db/0x2d0 [ 12.832694] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.832719] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.832740] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.832764] kasan_report+0x141/0x180 [ 12.832784] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.832819] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.832843] __kasan_check_byte+0x3d/0x50 [ 12.832864] kmem_cache_destroy+0x25/0x1d0 [ 12.832887] kmem_cache_double_destroy+0x1bf/0x380 [ 12.833163] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.833187] ? finish_task_switch.isra.0+0x153/0x700 [ 12.833231] ? __switch_to+0x47/0xf50 [ 12.833260] ? __pfx_read_tsc+0x10/0x10 [ 12.833281] ? ktime_get_ts64+0x86/0x230 [ 12.833305] kunit_try_run_case+0x1a5/0x480 [ 12.833330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.833351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.833376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.833398] ? __kthread_parkme+0x82/0x180 [ 12.833418] ? preempt_count_sub+0x50/0x80 [ 12.833439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.833462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.833483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.833506] kthread+0x337/0x6f0 [ 12.833524] ? trace_preempt_on+0x20/0xc0 [ 12.833546] ? __pfx_kthread+0x10/0x10 [ 12.833566] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.833586] ? calculate_sigpending+0x7b/0xa0 [ 12.833611] ? __pfx_kthread+0x10/0x10 [ 12.833631] ret_from_fork+0x116/0x1d0 [ 12.833649] ? __pfx_kthread+0x10/0x10 [ 12.833668] ret_from_fork_asm+0x1a/0x30 [ 12.833698] </TASK> [ 12.833710] [ 12.842938] Allocated by task 232: [ 12.843140] kasan_save_stack+0x45/0x70 [ 12.844059] kasan_save_track+0x18/0x40 [ 12.844215] kasan_save_alloc_info+0x3b/0x50 [ 12.844373] __kasan_slab_alloc+0x91/0xa0 [ 12.844508] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.845307] __kmem_cache_create_args+0x169/0x240 [ 12.845533] kmem_cache_double_destroy+0xd5/0x380 [ 12.845739] kunit_try_run_case+0x1a5/0x480 [ 12.845925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.846146] kthread+0x337/0x6f0 [ 12.847008] ret_from_fork+0x116/0x1d0 [ 12.847347] ret_from_fork_asm+0x1a/0x30 [ 12.847548] [ 12.847636] Freed by task 232: [ 12.847783] kasan_save_stack+0x45/0x70 [ 12.847956] kasan_save_track+0x18/0x40 [ 12.848124] kasan_save_free_info+0x3f/0x60 [ 12.848389] __kasan_slab_free+0x56/0x70 [ 12.848572] kmem_cache_free+0x249/0x420 [ 12.848757] slab_kmem_cache_release+0x2e/0x40 [ 12.848967] kmem_cache_release+0x16/0x20 [ 12.849152] kobject_put+0x181/0x450 [ 12.850091] sysfs_slab_release+0x16/0x20 [ 12.850631] kmem_cache_destroy+0xf0/0x1d0 [ 12.850824] kmem_cache_double_destroy+0x14e/0x380 [ 12.851047] kunit_try_run_case+0x1a5/0x480 [ 12.851557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.851866] kthread+0x337/0x6f0 [ 12.852155] ret_from_fork+0x116/0x1d0 [ 12.852679] ret_from_fork_asm+0x1a/0x30 [ 12.852884] [ 12.852980] The buggy address belongs to the object at ffff888101d0ca00 [ 12.852980] which belongs to the cache kmem_cache of size 208 [ 12.854097] The buggy address is located 0 bytes inside of [ 12.854097] freed 208-byte region [ffff888101d0ca00, ffff888101d0cad0) [ 12.854963] [ 12.855081] The buggy address belongs to the physical page: [ 12.855430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d0c [ 12.855758] flags: 0x200000000000000(node=0|zone=2) [ 12.855978] page_type: f5(slab) [ 12.856135] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.856932] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.857609] page dumped because: kasan: bad access detected [ 12.857933] [ 12.858168] Memory state around the buggy address: [ 12.858835] ffff888101d0c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.859148] ffff888101d0c980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.859705] >ffff888101d0ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.860001] ^ [ 12.860153] ffff888101d0ca80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.861085] ffff888101d0cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.861738] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.778474] ================================================================== [ 12.779086] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.779593] Read of size 1 at addr ffff88810398e000 by task kunit_try_catch/230 [ 12.779937] [ 12.780053] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.780135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.780148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.780172] Call Trace: [ 12.780187] <TASK> [ 12.780279] dump_stack_lvl+0x73/0xb0 [ 12.780318] print_report+0xd1/0x650 [ 12.780341] ? __virt_addr_valid+0x1db/0x2d0 [ 12.780365] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.780386] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.780407] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.780456] kasan_report+0x141/0x180 [ 12.780492] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.780518] __asan_report_load1_noabort+0x18/0x20 [ 12.780541] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.780563] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.780584] ? finish_task_switch.isra.0+0x153/0x700 [ 12.780606] ? __switch_to+0x47/0xf50 [ 12.780634] ? __pfx_read_tsc+0x10/0x10 [ 12.780654] ? ktime_get_ts64+0x86/0x230 [ 12.780677] kunit_try_run_case+0x1a5/0x480 [ 12.780702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.780723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.780746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.780767] ? __kthread_parkme+0x82/0x180 [ 12.780796] ? preempt_count_sub+0x50/0x80 [ 12.780818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.780839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.780860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.780881] kthread+0x337/0x6f0 [ 12.780900] ? trace_preempt_on+0x20/0xc0 [ 12.781169] ? __pfx_kthread+0x10/0x10 [ 12.781190] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.781540] ? calculate_sigpending+0x7b/0xa0 [ 12.781571] ? __pfx_kthread+0x10/0x10 [ 12.781593] ret_from_fork+0x116/0x1d0 [ 12.781612] ? __pfx_kthread+0x10/0x10 [ 12.781631] ret_from_fork_asm+0x1a/0x30 [ 12.781664] </TASK> [ 12.781676] [ 12.790672] Allocated by task 230: [ 12.790890] kasan_save_stack+0x45/0x70 [ 12.791052] kasan_save_track+0x18/0x40 [ 12.791719] kasan_save_alloc_info+0x3b/0x50 [ 12.792188] __kasan_slab_alloc+0x91/0xa0 [ 12.792530] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.792794] kmem_cache_rcu_uaf+0x155/0x510 [ 12.792966] kunit_try_run_case+0x1a5/0x480 [ 12.793272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.793478] kthread+0x337/0x6f0 [ 12.793626] ret_from_fork+0x116/0x1d0 [ 12.793889] ret_from_fork_asm+0x1a/0x30 [ 12.794105] [ 12.794277] Freed by task 0: [ 12.794457] kasan_save_stack+0x45/0x70 [ 12.794668] kasan_save_track+0x18/0x40 [ 12.794868] kasan_save_free_info+0x3f/0x60 [ 12.795033] __kasan_slab_free+0x56/0x70 [ 12.795449] slab_free_after_rcu_debug+0xe4/0x310 [ 12.795659] rcu_core+0x66f/0x1c40 [ 12.795798] rcu_core_si+0x12/0x20 [ 12.795951] handle_softirqs+0x209/0x730 [ 12.796149] __irq_exit_rcu+0xc9/0x110 [ 12.796475] irq_exit_rcu+0x12/0x20 [ 12.797039] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.797258] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.797518] [ 12.797746] Last potentially related work creation: [ 12.798028] kasan_save_stack+0x45/0x70 [ 12.798228] kasan_record_aux_stack+0xb2/0xc0 [ 12.798527] kmem_cache_free+0x131/0x420 [ 12.798788] kmem_cache_rcu_uaf+0x194/0x510 [ 12.798931] kunit_try_run_case+0x1a5/0x480 [ 12.799116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.799483] kthread+0x337/0x6f0 [ 12.799765] ret_from_fork+0x116/0x1d0 [ 12.800031] ret_from_fork_asm+0x1a/0x30 [ 12.800210] [ 12.800735] The buggy address belongs to the object at ffff88810398e000 [ 12.800735] which belongs to the cache test_cache of size 200 [ 12.801152] The buggy address is located 0 bytes inside of [ 12.801152] freed 200-byte region [ffff88810398e000, ffff88810398e0c8) [ 12.802122] [ 12.802300] The buggy address belongs to the physical page: [ 12.802566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398e [ 12.802949] flags: 0x200000000000000(node=0|zone=2) [ 12.803201] page_type: f5(slab) [ 12.803470] raw: 0200000000000000 ffff888101d0c8c0 dead000000000122 0000000000000000 [ 12.803847] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.804173] page dumped because: kasan: bad access detected [ 12.804542] [ 12.804617] Memory state around the buggy address: [ 12.804856] ffff88810398df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.805153] ffff88810398df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.805924] >ffff88810398e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.806297] ^ [ 12.806545] ffff88810398e080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.806874] ffff88810398e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.807329] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.723087] ================================================================== [ 12.723697] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.723955] Free of addr ffff88810398b001 by task kunit_try_catch/228 [ 12.724155] [ 12.724290] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.724340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.724352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.724375] Call Trace: [ 12.724388] <TASK> [ 12.724426] dump_stack_lvl+0x73/0xb0 [ 12.724461] print_report+0xd1/0x650 [ 12.724483] ? __virt_addr_valid+0x1db/0x2d0 [ 12.724508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.724529] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.724553] kasan_report_invalid_free+0x10a/0x130 [ 12.724576] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.724601] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.724624] check_slab_allocation+0x11f/0x130 [ 12.724644] __kasan_slab_pre_free+0x28/0x40 [ 12.724664] kmem_cache_free+0xed/0x420 [ 12.724722] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.724760] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.724805] kmem_cache_invalid_free+0x1d8/0x460 [ 12.724829] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.724854] ? finish_task_switch.isra.0+0x153/0x700 [ 12.724877] ? __switch_to+0x47/0xf50 [ 12.724905] ? __pfx_read_tsc+0x10/0x10 [ 12.724925] ? ktime_get_ts64+0x86/0x230 [ 12.724948] kunit_try_run_case+0x1a5/0x480 [ 12.724974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.724995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.725019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.725040] ? __kthread_parkme+0x82/0x180 [ 12.725061] ? preempt_count_sub+0x50/0x80 [ 12.725082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.725103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.725124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.725145] kthread+0x337/0x6f0 [ 12.725163] ? trace_preempt_on+0x20/0xc0 [ 12.725186] ? __pfx_kthread+0x10/0x10 [ 12.725484] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.725515] ? calculate_sigpending+0x7b/0xa0 [ 12.725541] ? __pfx_kthread+0x10/0x10 [ 12.725561] ret_from_fork+0x116/0x1d0 [ 12.725580] ? __pfx_kthread+0x10/0x10 [ 12.725598] ret_from_fork_asm+0x1a/0x30 [ 12.725629] </TASK> [ 12.725640] [ 12.737118] Allocated by task 228: [ 12.737367] kasan_save_stack+0x45/0x70 [ 12.737533] kasan_save_track+0x18/0x40 [ 12.737665] kasan_save_alloc_info+0x3b/0x50 [ 12.738132] __kasan_slab_alloc+0x91/0xa0 [ 12.738884] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.739091] kmem_cache_invalid_free+0x157/0x460 [ 12.739395] kunit_try_run_case+0x1a5/0x480 [ 12.739960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.740195] kthread+0x337/0x6f0 [ 12.740386] ret_from_fork+0x116/0x1d0 [ 12.740629] ret_from_fork_asm+0x1a/0x30 [ 12.740873] [ 12.740974] The buggy address belongs to the object at ffff88810398b000 [ 12.740974] which belongs to the cache test_cache of size 200 [ 12.741592] The buggy address is located 1 bytes inside of [ 12.741592] 200-byte region [ffff88810398b000, ffff88810398b0c8) [ 12.742025] [ 12.742129] The buggy address belongs to the physical page: [ 12.742332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398b [ 12.742642] flags: 0x200000000000000(node=0|zone=2) [ 12.742984] page_type: f5(slab) [ 12.743423] raw: 0200000000000000 ffff888101d0c780 dead000000000122 0000000000000000 [ 12.743667] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.745053] page dumped because: kasan: bad access detected [ 12.745529] [ 12.745818] Memory state around the buggy address: [ 12.746109] ffff88810398af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.746593] ffff88810398af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.747027] >ffff88810398b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.747474] ^ [ 12.747799] ffff88810398b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.748097] ffff88810398b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.748693] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.679893] ================================================================== [ 12.680680] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.681539] Free of addr ffff88810398a000 by task kunit_try_catch/226 [ 12.682325] [ 12.682464] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.682514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.682526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.682549] Call Trace: [ 12.682566] <TASK> [ 12.682588] dump_stack_lvl+0x73/0xb0 [ 12.682625] print_report+0xd1/0x650 [ 12.682693] ? __virt_addr_valid+0x1db/0x2d0 [ 12.682718] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.682739] ? kmem_cache_double_free+0x1e5/0x480 [ 12.682777] kasan_report_invalid_free+0x10a/0x130 [ 12.682800] ? kmem_cache_double_free+0x1e5/0x480 [ 12.682825] ? kmem_cache_double_free+0x1e5/0x480 [ 12.682851] check_slab_allocation+0x101/0x130 [ 12.682873] __kasan_slab_pre_free+0x28/0x40 [ 12.682894] kmem_cache_free+0xed/0x420 [ 12.682914] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.682934] ? kmem_cache_double_free+0x1e5/0x480 [ 12.682960] kmem_cache_double_free+0x1e5/0x480 [ 12.682986] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.683201] ? finish_task_switch.isra.0+0x153/0x700 [ 12.683246] ? __switch_to+0x47/0xf50 [ 12.683277] ? __pfx_read_tsc+0x10/0x10 [ 12.683297] ? ktime_get_ts64+0x86/0x230 [ 12.683321] kunit_try_run_case+0x1a5/0x480 [ 12.683347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.683368] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.683391] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.683412] ? __kthread_parkme+0x82/0x180 [ 12.683432] ? preempt_count_sub+0x50/0x80 [ 12.683452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.683474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.683495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.683516] kthread+0x337/0x6f0 [ 12.683535] ? trace_preempt_on+0x20/0xc0 [ 12.683559] ? __pfx_kthread+0x10/0x10 [ 12.683579] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.683598] ? calculate_sigpending+0x7b/0xa0 [ 12.683621] ? __pfx_kthread+0x10/0x10 [ 12.683640] ret_from_fork+0x116/0x1d0 [ 12.683658] ? __pfx_kthread+0x10/0x10 [ 12.683676] ret_from_fork_asm+0x1a/0x30 [ 12.683706] </TASK> [ 12.683718] [ 12.698019] Allocated by task 226: [ 12.698445] kasan_save_stack+0x45/0x70 [ 12.699199] kasan_save_track+0x18/0x40 [ 12.699679] kasan_save_alloc_info+0x3b/0x50 [ 12.699839] __kasan_slab_alloc+0x91/0xa0 [ 12.699977] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.700133] kmem_cache_double_free+0x14f/0x480 [ 12.700344] kunit_try_run_case+0x1a5/0x480 [ 12.700695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.701021] kthread+0x337/0x6f0 [ 12.701275] ret_from_fork+0x116/0x1d0 [ 12.701496] ret_from_fork_asm+0x1a/0x30 [ 12.701702] [ 12.701775] Freed by task 226: [ 12.701929] kasan_save_stack+0x45/0x70 [ 12.702166] kasan_save_track+0x18/0x40 [ 12.702684] kasan_save_free_info+0x3f/0x60 [ 12.702877] __kasan_slab_free+0x56/0x70 [ 12.703072] kmem_cache_free+0x249/0x420 [ 12.703290] kmem_cache_double_free+0x16a/0x480 [ 12.703858] kunit_try_run_case+0x1a5/0x480 [ 12.704050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.704366] kthread+0x337/0x6f0 [ 12.704485] ret_from_fork+0x116/0x1d0 [ 12.704611] ret_from_fork_asm+0x1a/0x30 [ 12.704805] [ 12.704921] The buggy address belongs to the object at ffff88810398a000 [ 12.704921] which belongs to the cache test_cache of size 200 [ 12.705874] The buggy address is located 0 bytes inside of [ 12.705874] 200-byte region [ffff88810398a000, ffff88810398a0c8) [ 12.706692] [ 12.707143] The buggy address belongs to the physical page: [ 12.707531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398a [ 12.708259] flags: 0x200000000000000(node=0|zone=2) [ 12.708506] page_type: f5(slab) [ 12.708893] raw: 0200000000000000 ffff888101d0c640 dead000000000122 0000000000000000 [ 12.709447] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.709842] page dumped because: kasan: bad access detected [ 12.710167] [ 12.710254] Memory state around the buggy address: [ 12.710884] ffff888103989f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.711136] ffff888103989f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.711515] >ffff88810398a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.712437] ^ [ 12.712714] ffff88810398a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.713101] ffff88810398a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.713680] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.636510] ================================================================== [ 12.636984] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.637373] Read of size 1 at addr ffff8881039870c8 by task kunit_try_catch/224 [ 12.637747] [ 12.637847] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.637907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.637919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.638279] Call Trace: [ 12.638296] <TASK> [ 12.638360] dump_stack_lvl+0x73/0xb0 [ 12.638397] print_report+0xd1/0x650 [ 12.638428] ? __virt_addr_valid+0x1db/0x2d0 [ 12.638454] ? kmem_cache_oob+0x402/0x530 [ 12.638476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.638497] ? kmem_cache_oob+0x402/0x530 [ 12.638518] kasan_report+0x141/0x180 [ 12.638539] ? kmem_cache_oob+0x402/0x530 [ 12.638565] __asan_report_load1_noabort+0x18/0x20 [ 12.638588] kmem_cache_oob+0x402/0x530 [ 12.638608] ? trace_hardirqs_on+0x37/0xe0 [ 12.638630] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.638653] ? __kasan_check_write+0x18/0x20 [ 12.638672] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.638696] ? irqentry_exit+0x2a/0x60 [ 12.638718] ? trace_hardirqs_on+0x37/0xe0 [ 12.638738] ? __pfx_read_tsc+0x10/0x10 [ 12.638759] ? ktime_get_ts64+0x86/0x230 [ 12.638783] kunit_try_run_case+0x1a5/0x480 [ 12.638809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.638831] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.638851] ? __kthread_parkme+0x82/0x180 [ 12.638872] ? preempt_count_sub+0x50/0x80 [ 12.638894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.638916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.638936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.638957] kthread+0x337/0x6f0 [ 12.638976] ? trace_preempt_on+0x20/0xc0 [ 12.638996] ? __pfx_kthread+0x10/0x10 [ 12.639015] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.639034] ? calculate_sigpending+0x7b/0xa0 [ 12.639057] ? __pfx_kthread+0x10/0x10 [ 12.639077] ret_from_fork+0x116/0x1d0 [ 12.639094] ? __pfx_kthread+0x10/0x10 [ 12.639113] ret_from_fork_asm+0x1a/0x30 [ 12.639143] </TASK> [ 12.639155] [ 12.650509] Allocated by task 224: [ 12.650722] kasan_save_stack+0x45/0x70 [ 12.650928] kasan_save_track+0x18/0x40 [ 12.651108] kasan_save_alloc_info+0x3b/0x50 [ 12.651713] __kasan_slab_alloc+0x91/0xa0 [ 12.651996] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.652435] kmem_cache_oob+0x157/0x530 [ 12.652733] kunit_try_run_case+0x1a5/0x480 [ 12.653110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.653564] kthread+0x337/0x6f0 [ 12.653840] ret_from_fork+0x116/0x1d0 [ 12.654158] ret_from_fork_asm+0x1a/0x30 [ 12.654602] [ 12.654862] The buggy address belongs to the object at ffff888103987000 [ 12.654862] which belongs to the cache test_cache of size 200 [ 12.655720] The buggy address is located 0 bytes to the right of [ 12.655720] allocated 200-byte region [ffff888103987000, ffff8881039870c8) [ 12.656659] [ 12.656745] The buggy address belongs to the physical page: [ 12.656990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103987 [ 12.657605] flags: 0x200000000000000(node=0|zone=2) [ 12.658011] page_type: f5(slab) [ 12.658534] raw: 0200000000000000 ffff888101d0c500 dead000000000122 0000000000000000 [ 12.658870] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.659174] page dumped because: kasan: bad access detected [ 12.659789] [ 12.659891] Memory state around the buggy address: [ 12.660104] ffff888103986f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.660775] ffff888103987000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.661624] >ffff888103987080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.661883] ^ [ 12.662144] ffff888103987100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.662431] ffff888103987180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.662771] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.591932] ================================================================== [ 12.593100] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.593968] Read of size 8 at addr ffff888103983200 by task kunit_try_catch/217 [ 12.594450] [ 12.594556] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.594607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.594618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.594640] Call Trace: [ 12.594658] <TASK> [ 12.594678] dump_stack_lvl+0x73/0xb0 [ 12.594713] print_report+0xd1/0x650 [ 12.594736] ? __virt_addr_valid+0x1db/0x2d0 [ 12.594758] ? workqueue_uaf+0x4d6/0x560 [ 12.594778] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.594799] ? workqueue_uaf+0x4d6/0x560 [ 12.594819] kasan_report+0x141/0x180 [ 12.594839] ? workqueue_uaf+0x4d6/0x560 [ 12.594863] __asan_report_load8_noabort+0x18/0x20 [ 12.594886] workqueue_uaf+0x4d6/0x560 [ 12.594906] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.594928] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.594952] kunit_try_run_case+0x1a5/0x480 [ 12.594976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.594996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.595019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.595041] ? __kthread_parkme+0x82/0x180 [ 12.595060] ? preempt_count_sub+0x50/0x80 [ 12.595082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.595104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.595125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.595146] kthread+0x337/0x6f0 [ 12.595164] ? trace_preempt_on+0x20/0xc0 [ 12.595186] ? __pfx_kthread+0x10/0x10 [ 12.595205] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.595236] ? calculate_sigpending+0x7b/0xa0 [ 12.595258] ? __pfx_kthread+0x10/0x10 [ 12.595278] ret_from_fork+0x116/0x1d0 [ 12.595296] ? __pfx_kthread+0x10/0x10 [ 12.595315] ret_from_fork_asm+0x1a/0x30 [ 12.595345] </TASK> [ 12.595356] [ 12.607107] Allocated by task 217: [ 12.607612] kasan_save_stack+0x45/0x70 [ 12.607805] kasan_save_track+0x18/0x40 [ 12.608006] kasan_save_alloc_info+0x3b/0x50 [ 12.608158] __kasan_kmalloc+0xb7/0xc0 [ 12.608310] __kmalloc_cache_noprof+0x189/0x420 [ 12.608643] workqueue_uaf+0x152/0x560 [ 12.608853] kunit_try_run_case+0x1a5/0x480 [ 12.609013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.609331] kthread+0x337/0x6f0 [ 12.609605] ret_from_fork+0x116/0x1d0 [ 12.609760] ret_from_fork_asm+0x1a/0x30 [ 12.609927] [ 12.610021] Freed by task 41: [ 12.610192] kasan_save_stack+0x45/0x70 [ 12.610616] kasan_save_track+0x18/0x40 [ 12.611022] kasan_save_free_info+0x3f/0x60 [ 12.611204] __kasan_slab_free+0x56/0x70 [ 12.611637] kfree+0x222/0x3f0 [ 12.611971] workqueue_uaf_work+0x12/0x20 [ 12.612371] process_one_work+0x5ee/0xf60 [ 12.612725] worker_thread+0x758/0x1220 [ 12.613167] kthread+0x337/0x6f0 [ 12.613537] ret_from_fork+0x116/0x1d0 [ 12.613724] ret_from_fork_asm+0x1a/0x30 [ 12.613908] [ 12.614004] Last potentially related work creation: [ 12.614492] kasan_save_stack+0x45/0x70 [ 12.614785] kasan_record_aux_stack+0xb2/0xc0 [ 12.615146] __queue_work+0x626/0xeb0 [ 12.615504] queue_work_on+0xb6/0xc0 [ 12.615691] workqueue_uaf+0x26d/0x560 [ 12.615871] kunit_try_run_case+0x1a5/0x480 [ 12.616061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.616593] kthread+0x337/0x6f0 [ 12.617019] ret_from_fork+0x116/0x1d0 [ 12.617751] ret_from_fork_asm+0x1a/0x30 [ 12.617916] [ 12.617991] The buggy address belongs to the object at ffff888103983200 [ 12.617991] which belongs to the cache kmalloc-32 of size 32 [ 12.618620] The buggy address is located 0 bytes inside of [ 12.618620] freed 32-byte region [ffff888103983200, ffff888103983220) [ 12.619119] [ 12.619226] The buggy address belongs to the physical page: [ 12.619485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103983 [ 12.619985] flags: 0x200000000000000(node=0|zone=2) [ 12.620351] page_type: f5(slab) [ 12.620581] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.620904] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.621235] page dumped because: kasan: bad access detected [ 12.621620] [ 12.621759] Memory state around the buggy address: [ 12.621972] ffff888103983100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.622404] ffff888103983180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.622851] >ffff888103983200: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 12.623075] ^ [ 12.623306] ffff888103983280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.623672] ffff888103983300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.624758] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.536379] ================================================================== [ 12.536998] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.537612] Read of size 4 at addr ffff888103983140 by task swapper/1/0 [ 12.538005] [ 12.538342] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.538396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.538408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.538431] Call Trace: [ 12.538534] <IRQ> [ 12.538606] dump_stack_lvl+0x73/0xb0 [ 12.538649] print_report+0xd1/0x650 [ 12.538673] ? __virt_addr_valid+0x1db/0x2d0 [ 12.538695] ? rcu_uaf_reclaim+0x50/0x60 [ 12.538716] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.538737] ? rcu_uaf_reclaim+0x50/0x60 [ 12.538756] kasan_report+0x141/0x180 [ 12.538777] ? rcu_uaf_reclaim+0x50/0x60 [ 12.538801] __asan_report_load4_noabort+0x18/0x20 [ 12.538870] rcu_uaf_reclaim+0x50/0x60 [ 12.538890] rcu_core+0x66f/0x1c40 [ 12.538966] ? __pfx_rcu_core+0x10/0x10 [ 12.538988] ? ktime_get+0x6b/0x150 [ 12.539023] rcu_core_si+0x12/0x20 [ 12.539042] handle_softirqs+0x209/0x730 [ 12.539062] ? hrtimer_interrupt+0x2fe/0x780 [ 12.539083] ? __pfx_handle_softirqs+0x10/0x10 [ 12.539106] __irq_exit_rcu+0xc9/0x110 [ 12.539125] irq_exit_rcu+0x12/0x20 [ 12.539143] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.539167] </IRQ> [ 12.539210] <TASK> [ 12.539233] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.539329] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.539546] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 9a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.539643] RSP: 0000:ffff888100877dc8 EFLAGS: 00010202 [ 12.539734] RAX: ffff8881a6174000 RBX: ffff888100853000 RCX: ffffffffb2a720e5 [ 12.539778] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 0000000000010644 [ 12.539819] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 12.539860] R10: ffff88815b130c53 R11: 000000000002e000 R12: 0000000000000001 [ 12.539901] R13: ffffed102010a600 R14: ffffffffb47b0e90 R15: 0000000000000000 [ 12.539956] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.540007] ? default_idle+0xd/0x20 [ 12.540028] arch_cpu_idle+0xd/0x20 [ 12.540048] default_idle_call+0x48/0x80 [ 12.540065] do_idle+0x379/0x4f0 [ 12.540087] ? complete+0x15b/0x1d0 [ 12.540104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.540128] ? __pfx_do_idle+0x10/0x10 [ 12.540148] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 12.540169] ? complete+0x15b/0x1d0 [ 12.540188] cpu_startup_entry+0x5c/0x70 [ 12.540211] start_secondary+0x211/0x290 [ 12.540245] ? __pfx_start_secondary+0x10/0x10 [ 12.540268] common_startup_64+0x13e/0x148 [ 12.540298] </TASK> [ 12.540310] [ 12.560832] Allocated by task 215: [ 12.561383] kasan_save_stack+0x45/0x70 [ 12.561559] kasan_save_track+0x18/0x40 [ 12.561696] kasan_save_alloc_info+0x3b/0x50 [ 12.561844] __kasan_kmalloc+0xb7/0xc0 [ 12.561976] __kmalloc_cache_noprof+0x189/0x420 [ 12.562134] rcu_uaf+0xb0/0x330 [ 12.562274] kunit_try_run_case+0x1a5/0x480 [ 12.562421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.562593] kthread+0x337/0x6f0 [ 12.562714] ret_from_fork+0x116/0x1d0 [ 12.562846] ret_from_fork_asm+0x1a/0x30 [ 12.562986] [ 12.563060] Freed by task 0: [ 12.563169] kasan_save_stack+0x45/0x70 [ 12.565853] kasan_save_track+0x18/0x40 [ 12.566954] kasan_save_free_info+0x3f/0x60 [ 12.567788] __kasan_slab_free+0x56/0x70 [ 12.568664] kfree+0x222/0x3f0 [ 12.568864] rcu_uaf_reclaim+0x1f/0x60 [ 12.569063] rcu_core+0x66f/0x1c40 [ 12.569660] rcu_core_si+0x12/0x20 [ 12.569844] handle_softirqs+0x209/0x730 [ 12.570115] __irq_exit_rcu+0xc9/0x110 [ 12.571363] irq_exit_rcu+0x12/0x20 [ 12.571551] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.571721] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.571891] [ 12.572015] Last potentially related work creation: [ 12.572626] kasan_save_stack+0x45/0x70 [ 12.573019] kasan_record_aux_stack+0xb2/0xc0 [ 12.573482] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.573656] call_rcu+0x12/0x20 [ 12.573773] rcu_uaf+0x168/0x330 [ 12.573895] kunit_try_run_case+0x1a5/0x480 [ 12.574041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.574213] kthread+0x337/0x6f0 [ 12.574650] ret_from_fork+0x116/0x1d0 [ 12.575000] ret_from_fork_asm+0x1a/0x30 [ 12.575503] [ 12.575746] The buggy address belongs to the object at ffff888103983140 [ 12.575746] which belongs to the cache kmalloc-32 of size 32 [ 12.577348] The buggy address is located 0 bytes inside of [ 12.577348] freed 32-byte region [ffff888103983140, ffff888103983160) [ 12.578637] [ 12.578837] The buggy address belongs to the physical page: [ 12.579408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103983 [ 12.579768] flags: 0x200000000000000(node=0|zone=2) [ 12.580603] page_type: f5(slab) [ 12.580912] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.581147] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.581794] page dumped because: kasan: bad access detected [ 12.582318] [ 12.582506] Memory state around the buggy address: [ 12.583049] ffff888103983000: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.583744] ffff888103983080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.584030] >ffff888103983100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.584626] ^ [ 12.585101] ffff888103983180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.585713] ffff888103983200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.586520] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 12.484619] ================================================================== [ 12.485870] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 12.486117] Read of size 1 at addr ffff88810262fe00 by task kunit_try_catch/213 [ 12.486741] [ 12.486864] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.486912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.486924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.486945] Call Trace: [ 12.486965] <TASK> [ 12.486985] dump_stack_lvl+0x73/0xb0 [ 12.487016] print_report+0xd1/0x650 [ 12.487038] ? __virt_addr_valid+0x1db/0x2d0 [ 12.487148] ? ksize_uaf+0x5fe/0x6c0 [ 12.487170] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.487191] ? ksize_uaf+0x5fe/0x6c0 [ 12.487211] kasan_report+0x141/0x180 [ 12.487245] ? ksize_uaf+0x5fe/0x6c0 [ 12.487269] __asan_report_load1_noabort+0x18/0x20 [ 12.487292] ksize_uaf+0x5fe/0x6c0 [ 12.487311] ? __pfx_ksize_uaf+0x10/0x10 [ 12.487332] ? __schedule+0x10cc/0x2b60 [ 12.487353] ? __pfx_read_tsc+0x10/0x10 [ 12.487373] ? ktime_get_ts64+0x86/0x230 [ 12.487397] kunit_try_run_case+0x1a5/0x480 [ 12.487423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.487446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.487469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.487491] ? __kthread_parkme+0x82/0x180 [ 12.487510] ? preempt_count_sub+0x50/0x80 [ 12.487532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.487555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.487577] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.487598] kthread+0x337/0x6f0 [ 12.487616] ? trace_preempt_on+0x20/0xc0 [ 12.487639] ? __pfx_kthread+0x10/0x10 [ 12.487658] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.487679] ? calculate_sigpending+0x7b/0xa0 [ 12.487701] ? __pfx_kthread+0x10/0x10 [ 12.487722] ret_from_fork+0x116/0x1d0 [ 12.487739] ? __pfx_kthread+0x10/0x10 [ 12.487758] ret_from_fork_asm+0x1a/0x30 [ 12.487788] </TASK> [ 12.487799] [ 12.494406] Allocated by task 213: [ 12.494778] kasan_save_stack+0x45/0x70 [ 12.494990] kasan_save_track+0x18/0x40 [ 12.495180] kasan_save_alloc_info+0x3b/0x50 [ 12.495405] __kasan_kmalloc+0xb7/0xc0 [ 12.495597] __kmalloc_cache_noprof+0x189/0x420 [ 12.495811] ksize_uaf+0xaa/0x6c0 [ 12.495934] kunit_try_run_case+0x1a5/0x480 [ 12.496113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.496373] kthread+0x337/0x6f0 [ 12.496541] ret_from_fork+0x116/0x1d0 [ 12.496764] ret_from_fork_asm+0x1a/0x30 [ 12.496914] [ 12.496984] Freed by task 213: [ 12.497094] kasan_save_stack+0x45/0x70 [ 12.497250] kasan_save_track+0x18/0x40 [ 12.497438] kasan_save_free_info+0x3f/0x60 [ 12.497647] __kasan_slab_free+0x56/0x70 [ 12.497842] kfree+0x222/0x3f0 [ 12.498005] ksize_uaf+0x12c/0x6c0 [ 12.498182] kunit_try_run_case+0x1a5/0x480 [ 12.498380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.498602] kthread+0x337/0x6f0 [ 12.498721] ret_from_fork+0x116/0x1d0 [ 12.498908] ret_from_fork_asm+0x1a/0x30 [ 12.499107] [ 12.499204] The buggy address belongs to the object at ffff88810262fe00 [ 12.499204] which belongs to the cache kmalloc-128 of size 128 [ 12.499665] The buggy address is located 0 bytes inside of [ 12.499665] freed 128-byte region [ffff88810262fe00, ffff88810262fe80) [ 12.500018] [ 12.500094] The buggy address belongs to the physical page: [ 12.500353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.500722] flags: 0x200000000000000(node=0|zone=2) [ 12.500961] page_type: f5(slab) [ 12.501123] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.501599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.501900] page dumped because: kasan: bad access detected [ 12.502070] [ 12.502138] Memory state around the buggy address: [ 12.502384] ffff88810262fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.502705] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.503025] >ffff88810262fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.503382] ^ [ 12.503522] ffff88810262fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.503799] ffff88810262ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.504060] ================================================================== [ 12.465360] ================================================================== [ 12.465876] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 12.466154] Read of size 1 at addr ffff88810262fe00 by task kunit_try_catch/213 [ 12.466495] [ 12.466613] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.466659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.466689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.466711] Call Trace: [ 12.466725] <TASK> [ 12.466744] dump_stack_lvl+0x73/0xb0 [ 12.466774] print_report+0xd1/0x650 [ 12.466796] ? __virt_addr_valid+0x1db/0x2d0 [ 12.466818] ? ksize_uaf+0x19d/0x6c0 [ 12.466837] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.466858] ? ksize_uaf+0x19d/0x6c0 [ 12.466878] kasan_report+0x141/0x180 [ 12.466898] ? ksize_uaf+0x19d/0x6c0 [ 12.466921] ? ksize_uaf+0x19d/0x6c0 [ 12.466941] __kasan_check_byte+0x3d/0x50 [ 12.466961] ksize+0x20/0x60 [ 12.466981] ksize_uaf+0x19d/0x6c0 [ 12.467001] ? __pfx_ksize_uaf+0x10/0x10 [ 12.467021] ? __schedule+0x10cc/0x2b60 [ 12.467042] ? __pfx_read_tsc+0x10/0x10 [ 12.467062] ? ktime_get_ts64+0x86/0x230 [ 12.467086] kunit_try_run_case+0x1a5/0x480 [ 12.467110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.467154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.467175] ? __kthread_parkme+0x82/0x180 [ 12.467195] ? preempt_count_sub+0x50/0x80 [ 12.467227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.467271] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.467292] kthread+0x337/0x6f0 [ 12.467310] ? trace_preempt_on+0x20/0xc0 [ 12.467333] ? __pfx_kthread+0x10/0x10 [ 12.467352] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.467372] ? calculate_sigpending+0x7b/0xa0 [ 12.467396] ? __pfx_kthread+0x10/0x10 [ 12.467416] ret_from_fork+0x116/0x1d0 [ 12.467432] ? __pfx_kthread+0x10/0x10 [ 12.467452] ret_from_fork_asm+0x1a/0x30 [ 12.467481] </TASK> [ 12.467492] [ 12.474193] Allocated by task 213: [ 12.474369] kasan_save_stack+0x45/0x70 [ 12.474583] kasan_save_track+0x18/0x40 [ 12.474776] kasan_save_alloc_info+0x3b/0x50 [ 12.474992] __kasan_kmalloc+0xb7/0xc0 [ 12.475157] __kmalloc_cache_noprof+0x189/0x420 [ 12.475327] ksize_uaf+0xaa/0x6c0 [ 12.475454] kunit_try_run_case+0x1a5/0x480 [ 12.475626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.475880] kthread+0x337/0x6f0 [ 12.476051] ret_from_fork+0x116/0x1d0 [ 12.476250] ret_from_fork_asm+0x1a/0x30 [ 12.476434] [ 12.476504] Freed by task 213: [ 12.476615] kasan_save_stack+0x45/0x70 [ 12.476749] kasan_save_track+0x18/0x40 [ 12.476889] kasan_save_free_info+0x3f/0x60 [ 12.477035] __kasan_slab_free+0x56/0x70 [ 12.477308] kfree+0x222/0x3f0 [ 12.477467] ksize_uaf+0x12c/0x6c0 [ 12.477639] kunit_try_run_case+0x1a5/0x480 [ 12.477842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.478088] kthread+0x337/0x6f0 [ 12.478275] ret_from_fork+0x116/0x1d0 [ 12.478457] ret_from_fork_asm+0x1a/0x30 [ 12.478594] [ 12.478667] The buggy address belongs to the object at ffff88810262fe00 [ 12.478667] which belongs to the cache kmalloc-128 of size 128 [ 12.479027] The buggy address is located 0 bytes inside of [ 12.479027] freed 128-byte region [ffff88810262fe00, ffff88810262fe80) [ 12.479869] [ 12.479969] The buggy address belongs to the physical page: [ 12.480238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.480544] flags: 0x200000000000000(node=0|zone=2) [ 12.480712] page_type: f5(slab) [ 12.480844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.481075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.481610] page dumped because: kasan: bad access detected [ 12.481862] [ 12.481955] Memory state around the buggy address: [ 12.482184] ffff88810262fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.482631] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.482848] >ffff88810262fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.483060] ^ [ 12.483175] ffff88810262fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.483449] ffff88810262ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.483768] ================================================================== [ 12.505403] ================================================================== [ 12.505697] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 12.506007] Read of size 1 at addr ffff88810262fe78 by task kunit_try_catch/213 [ 12.506344] [ 12.506462] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.506507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.506519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.506540] Call Trace: [ 12.506560] <TASK> [ 12.506579] dump_stack_lvl+0x73/0xb0 [ 12.506609] print_report+0xd1/0x650 [ 12.506630] ? __virt_addr_valid+0x1db/0x2d0 [ 12.506652] ? ksize_uaf+0x5e4/0x6c0 [ 12.506672] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.506692] ? ksize_uaf+0x5e4/0x6c0 [ 12.506712] kasan_report+0x141/0x180 [ 12.506732] ? ksize_uaf+0x5e4/0x6c0 [ 12.506756] __asan_report_load1_noabort+0x18/0x20 [ 12.506779] ksize_uaf+0x5e4/0x6c0 [ 12.506798] ? __pfx_ksize_uaf+0x10/0x10 [ 12.506819] ? __schedule+0x10cc/0x2b60 [ 12.506839] ? __pfx_read_tsc+0x10/0x10 [ 12.506859] ? ktime_get_ts64+0x86/0x230 [ 12.506884] kunit_try_run_case+0x1a5/0x480 [ 12.506907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.506927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.506949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.506971] ? __kthread_parkme+0x82/0x180 [ 12.506990] ? preempt_count_sub+0x50/0x80 [ 12.507013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.507035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.507055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.507076] kthread+0x337/0x6f0 [ 12.507094] ? trace_preempt_on+0x20/0xc0 [ 12.507117] ? __pfx_kthread+0x10/0x10 [ 12.507136] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.507155] ? calculate_sigpending+0x7b/0xa0 [ 12.507178] ? __pfx_kthread+0x10/0x10 [ 12.507198] ret_from_fork+0x116/0x1d0 [ 12.507215] ? __pfx_kthread+0x10/0x10 [ 12.507246] ret_from_fork_asm+0x1a/0x30 [ 12.507276] </TASK> [ 12.507286] [ 12.513924] Allocated by task 213: [ 12.514085] kasan_save_stack+0x45/0x70 [ 12.514303] kasan_save_track+0x18/0x40 [ 12.514570] kasan_save_alloc_info+0x3b/0x50 [ 12.514717] __kasan_kmalloc+0xb7/0xc0 [ 12.514847] __kmalloc_cache_noprof+0x189/0x420 [ 12.515070] ksize_uaf+0xaa/0x6c0 [ 12.515895] kunit_try_run_case+0x1a5/0x480 [ 12.516175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.516442] kthread+0x337/0x6f0 [ 12.516612] ret_from_fork+0x116/0x1d0 [ 12.516748] ret_from_fork_asm+0x1a/0x30 [ 12.516894] [ 12.516965] Freed by task 213: [ 12.517089] kasan_save_stack+0x45/0x70 [ 12.517321] kasan_save_track+0x18/0x40 [ 12.517514] kasan_save_free_info+0x3f/0x60 [ 12.517729] __kasan_slab_free+0x56/0x70 [ 12.517925] kfree+0x222/0x3f0 [ 12.518073] ksize_uaf+0x12c/0x6c0 [ 12.518234] kunit_try_run_case+0x1a5/0x480 [ 12.518445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.518673] kthread+0x337/0x6f0 [ 12.518804] ret_from_fork+0x116/0x1d0 [ 12.518983] ret_from_fork_asm+0x1a/0x30 [ 12.519120] [ 12.519193] The buggy address belongs to the object at ffff88810262fe00 [ 12.519193] which belongs to the cache kmalloc-128 of size 128 [ 12.519797] The buggy address is located 120 bytes inside of [ 12.519797] freed 128-byte region [ffff88810262fe00, ffff88810262fe80) [ 12.520181] [ 12.520272] The buggy address belongs to the physical page: [ 12.520525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.520889] flags: 0x200000000000000(node=0|zone=2) [ 12.521127] page_type: f5(slab) [ 12.521258] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.521595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.521863] page dumped because: kasan: bad access detected [ 12.522034] [ 12.522102] Memory state around the buggy address: [ 12.522373] ffff88810262fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.522698] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.523004] >ffff88810262fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.523271] ^ [ 12.523567] ffff88810262fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.523811] ffff88810262ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.524022] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 12.380740] ================================================================== [ 12.381182] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 12.382250] Read of size 1 at addr ffff88810262fd73 by task kunit_try_catch/211 [ 12.383330] [ 12.383671] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.383727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.383739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.383882] Call Trace: [ 12.383902] <TASK> [ 12.383925] dump_stack_lvl+0x73/0xb0 [ 12.383967] print_report+0xd1/0x650 [ 12.383990] ? __virt_addr_valid+0x1db/0x2d0 [ 12.384014] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.384036] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.384056] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.384078] kasan_report+0x141/0x180 [ 12.384099] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.384125] __asan_report_load1_noabort+0x18/0x20 [ 12.384147] ksize_unpoisons_memory+0x81c/0x9b0 [ 12.384170] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.384191] ? finish_task_switch.isra.0+0x153/0x700 [ 12.384213] ? __switch_to+0x47/0xf50 [ 12.384252] ? __schedule+0x10cc/0x2b60 [ 12.384273] ? __pfx_read_tsc+0x10/0x10 [ 12.384294] ? ktime_get_ts64+0x86/0x230 [ 12.384314] ? irqentry_exit+0x2a/0x60 [ 12.384337] kunit_try_run_case+0x1a5/0x480 [ 12.384362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.384383] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.384406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.384427] ? __kthread_parkme+0x82/0x180 [ 12.384447] ? preempt_count_sub+0x50/0x80 [ 12.384468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.384492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.384513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.384534] kthread+0x337/0x6f0 [ 12.384552] ? trace_preempt_on+0x20/0xc0 [ 12.384574] ? __pfx_kthread+0x10/0x10 [ 12.384594] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.384614] ? calculate_sigpending+0x7b/0xa0 [ 12.384638] ? __pfx_kthread+0x10/0x10 [ 12.384658] ret_from_fork+0x116/0x1d0 [ 12.384674] ? __pfx_kthread+0x10/0x10 [ 12.384693] ret_from_fork_asm+0x1a/0x30 [ 12.384723] </TASK> [ 12.384734] [ 12.400849] Allocated by task 211: [ 12.401022] kasan_save_stack+0x45/0x70 [ 12.401186] kasan_save_track+0x18/0x40 [ 12.401338] kasan_save_alloc_info+0x3b/0x50 [ 12.401486] __kasan_kmalloc+0xb7/0xc0 [ 12.402032] __kmalloc_cache_noprof+0x189/0x420 [ 12.402205] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.402729] kunit_try_run_case+0x1a5/0x480 [ 12.403114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.403676] kthread+0x337/0x6f0 [ 12.403966] ret_from_fork+0x116/0x1d0 [ 12.404099] ret_from_fork_asm+0x1a/0x30 [ 12.404611] [ 12.404776] The buggy address belongs to the object at ffff88810262fd00 [ 12.404776] which belongs to the cache kmalloc-128 of size 128 [ 12.406150] The buggy address is located 0 bytes to the right of [ 12.406150] allocated 115-byte region [ffff88810262fd00, ffff88810262fd73) [ 12.406998] [ 12.407078] The buggy address belongs to the physical page: [ 12.407352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.408064] flags: 0x200000000000000(node=0|zone=2) [ 12.408581] page_type: f5(slab) [ 12.408970] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.409855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.410698] page dumped because: kasan: bad access detected [ 12.410881] [ 12.410951] Memory state around the buggy address: [ 12.411112] ffff88810262fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.411720] ffff88810262fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.412483] >ffff88810262fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.413388] ^ [ 12.413996] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.414950] ffff88810262fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.415178] ================================================================== [ 12.441419] ================================================================== [ 12.441761] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.442077] Read of size 1 at addr ffff88810262fd7f by task kunit_try_catch/211 [ 12.442785] [ 12.442910] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.442957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.442969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.442990] Call Trace: [ 12.443005] <TASK> [ 12.443023] dump_stack_lvl+0x73/0xb0 [ 12.443056] print_report+0xd1/0x650 [ 12.443078] ? __virt_addr_valid+0x1db/0x2d0 [ 12.443100] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.443121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.443142] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.443163] kasan_report+0x141/0x180 [ 12.443184] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.443282] __asan_report_load1_noabort+0x18/0x20 [ 12.443309] ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.443332] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.443353] ? finish_task_switch.isra.0+0x153/0x700 [ 12.443376] ? __switch_to+0x47/0xf50 [ 12.443400] ? __schedule+0x10cc/0x2b60 [ 12.443421] ? __pfx_read_tsc+0x10/0x10 [ 12.443441] ? ktime_get_ts64+0x86/0x230 [ 12.443461] ? irqentry_exit+0x2a/0x60 [ 12.443483] kunit_try_run_case+0x1a5/0x480 [ 12.443507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.443528] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.443550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.443571] ? __kthread_parkme+0x82/0x180 [ 12.443591] ? preempt_count_sub+0x50/0x80 [ 12.443612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.443633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.443654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.443675] kthread+0x337/0x6f0 [ 12.443693] ? trace_preempt_on+0x20/0xc0 [ 12.443715] ? __pfx_kthread+0x10/0x10 [ 12.443734] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.443754] ? calculate_sigpending+0x7b/0xa0 [ 12.443777] ? __pfx_kthread+0x10/0x10 [ 12.443797] ret_from_fork+0x116/0x1d0 [ 12.443814] ? __pfx_kthread+0x10/0x10 [ 12.443833] ret_from_fork_asm+0x1a/0x30 [ 12.443863] </TASK> [ 12.443874] [ 12.452469] Allocated by task 211: [ 12.452631] kasan_save_stack+0x45/0x70 [ 12.452854] kasan_save_track+0x18/0x40 [ 12.453050] kasan_save_alloc_info+0x3b/0x50 [ 12.453326] __kasan_kmalloc+0xb7/0xc0 [ 12.453496] __kmalloc_cache_noprof+0x189/0x420 [ 12.453714] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.453865] kunit_try_run_case+0x1a5/0x480 [ 12.454061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.454322] kthread+0x337/0x6f0 [ 12.454470] ret_from_fork+0x116/0x1d0 [ 12.454611] ret_from_fork_asm+0x1a/0x30 [ 12.454814] [ 12.454912] The buggy address belongs to the object at ffff88810262fd00 [ 12.454912] which belongs to the cache kmalloc-128 of size 128 [ 12.455401] The buggy address is located 12 bytes to the right of [ 12.455401] allocated 115-byte region [ffff88810262fd00, ffff88810262fd73) [ 12.455830] [ 12.455903] The buggy address belongs to the physical page: [ 12.456077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.456411] flags: 0x200000000000000(node=0|zone=2) [ 12.456646] page_type: f5(slab) [ 12.456821] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.457165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.457685] page dumped because: kasan: bad access detected [ 12.457855] [ 12.457925] Memory state around the buggy address: [ 12.458083] ffff88810262fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.458873] ffff88810262fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.459301] >ffff88810262fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.459632] ^ [ 12.459946] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.460387] ffff88810262fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.460701] ================================================================== [ 12.416450] ================================================================== [ 12.417323] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.418110] Read of size 1 at addr ffff88810262fd78 by task kunit_try_catch/211 [ 12.418357] [ 12.418491] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.418540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.418552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.418573] Call Trace: [ 12.418586] <TASK> [ 12.418605] dump_stack_lvl+0x73/0xb0 [ 12.418638] print_report+0xd1/0x650 [ 12.418661] ? __virt_addr_valid+0x1db/0x2d0 [ 12.418683] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.418705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.418726] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.418748] kasan_report+0x141/0x180 [ 12.418768] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.418795] __asan_report_load1_noabort+0x18/0x20 [ 12.418817] ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.418839] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.418860] ? finish_task_switch.isra.0+0x153/0x700 [ 12.418881] ? __switch_to+0x47/0xf50 [ 12.418906] ? __schedule+0x10cc/0x2b60 [ 12.418927] ? __pfx_read_tsc+0x10/0x10 [ 12.418948] ? ktime_get_ts64+0x86/0x230 [ 12.418967] ? irqentry_exit+0x2a/0x60 [ 12.418990] kunit_try_run_case+0x1a5/0x480 [ 12.419013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.419034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.419056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.419077] ? __kthread_parkme+0x82/0x180 [ 12.419097] ? preempt_count_sub+0x50/0x80 [ 12.419118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.419140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.419160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.419182] kthread+0x337/0x6f0 [ 12.419200] ? trace_preempt_on+0x20/0xc0 [ 12.419234] ? __pfx_kthread+0x10/0x10 [ 12.419256] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.419277] ? calculate_sigpending+0x7b/0xa0 [ 12.419300] ? __pfx_kthread+0x10/0x10 [ 12.419320] ret_from_fork+0x116/0x1d0 [ 12.419336] ? __pfx_kthread+0x10/0x10 [ 12.419357] ret_from_fork_asm+0x1a/0x30 [ 12.419387] </TASK> [ 12.419398] [ 12.431926] Allocated by task 211: [ 12.432107] kasan_save_stack+0x45/0x70 [ 12.432328] kasan_save_track+0x18/0x40 [ 12.433030] kasan_save_alloc_info+0x3b/0x50 [ 12.433293] __kasan_kmalloc+0xb7/0xc0 [ 12.433471] __kmalloc_cache_noprof+0x189/0x420 [ 12.433635] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.433948] kunit_try_run_case+0x1a5/0x480 [ 12.434134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.434497] kthread+0x337/0x6f0 [ 12.434624] ret_from_fork+0x116/0x1d0 [ 12.434755] ret_from_fork_asm+0x1a/0x30 [ 12.434954] [ 12.435052] The buggy address belongs to the object at ffff88810262fd00 [ 12.435052] which belongs to the cache kmalloc-128 of size 128 [ 12.435804] The buggy address is located 5 bytes to the right of [ 12.435804] allocated 115-byte region [ffff88810262fd00, ffff88810262fd73) [ 12.436586] [ 12.436688] The buggy address belongs to the physical page: [ 12.436896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.437232] flags: 0x200000000000000(node=0|zone=2) [ 12.437512] page_type: f5(slab) [ 12.437723] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.438069] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.438409] page dumped because: kasan: bad access detected [ 12.438596] [ 12.438665] Memory state around the buggy address: [ 12.438893] ffff88810262fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.439204] ffff88810262fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.439563] >ffff88810262fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.439824] ^ [ 12.440090] ffff88810262fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.440407] ffff88810262fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.440712] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 12.343961] ================================================================== [ 12.344461] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 12.344750] Free of addr ffff88810298e100 by task kunit_try_catch/209 [ 12.345021] [ 12.345131] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.345179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.345190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.345212] Call Trace: [ 12.345244] <TASK> [ 12.345265] dump_stack_lvl+0x73/0xb0 [ 12.345296] print_report+0xd1/0x650 [ 12.345321] ? __virt_addr_valid+0x1db/0x2d0 [ 12.345347] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.345367] ? kfree_sensitive+0x2e/0x90 [ 12.345389] kasan_report_invalid_free+0x10a/0x130 [ 12.345412] ? kfree_sensitive+0x2e/0x90 [ 12.345433] ? kfree_sensitive+0x2e/0x90 [ 12.345451] check_slab_allocation+0x101/0x130 [ 12.345472] __kasan_slab_pre_free+0x28/0x40 [ 12.345492] kfree+0xf0/0x3f0 [ 12.345513] ? kfree_sensitive+0x2e/0x90 [ 12.345536] kfree_sensitive+0x2e/0x90 [ 12.345554] kmalloc_double_kzfree+0x19c/0x350 [ 12.345578] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.345603] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.345628] kunit_try_run_case+0x1a5/0x480 [ 12.345652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.345672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.345695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.345716] ? __kthread_parkme+0x82/0x180 [ 12.345736] ? preempt_count_sub+0x50/0x80 [ 12.345758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.345780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.345802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.345823] kthread+0x337/0x6f0 [ 12.345842] ? trace_preempt_on+0x20/0xc0 [ 12.345864] ? __pfx_kthread+0x10/0x10 [ 12.345883] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.345902] ? calculate_sigpending+0x7b/0xa0 [ 12.345924] ? __pfx_kthread+0x10/0x10 [ 12.345944] ret_from_fork+0x116/0x1d0 [ 12.345962] ? __pfx_kthread+0x10/0x10 [ 12.345981] ret_from_fork_asm+0x1a/0x30 [ 12.346012] </TASK> [ 12.346023] [ 12.358106] Allocated by task 209: [ 12.358624] kasan_save_stack+0x45/0x70 [ 12.358990] kasan_save_track+0x18/0x40 [ 12.359457] kasan_save_alloc_info+0x3b/0x50 [ 12.359818] __kasan_kmalloc+0xb7/0xc0 [ 12.360002] __kmalloc_cache_noprof+0x189/0x420 [ 12.360437] kmalloc_double_kzfree+0xa9/0x350 [ 12.360865] kunit_try_run_case+0x1a5/0x480 [ 12.361132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.362038] kthread+0x337/0x6f0 [ 12.362347] ret_from_fork+0x116/0x1d0 [ 12.362838] ret_from_fork_asm+0x1a/0x30 [ 12.363169] [ 12.363415] Freed by task 209: [ 12.363692] kasan_save_stack+0x45/0x70 [ 12.363885] kasan_save_track+0x18/0x40 [ 12.364061] kasan_save_free_info+0x3f/0x60 [ 12.364505] __kasan_slab_free+0x56/0x70 [ 12.364869] kfree+0x222/0x3f0 [ 12.365028] kfree_sensitive+0x67/0x90 [ 12.365415] kmalloc_double_kzfree+0x12b/0x350 [ 12.365636] kunit_try_run_case+0x1a5/0x480 [ 12.365828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.366060] kthread+0x337/0x6f0 [ 12.366472] ret_from_fork+0x116/0x1d0 [ 12.366770] ret_from_fork_asm+0x1a/0x30 [ 12.367190] [ 12.367711] The buggy address belongs to the object at ffff88810298e100 [ 12.367711] which belongs to the cache kmalloc-16 of size 16 [ 12.368506] The buggy address is located 0 bytes inside of [ 12.368506] 16-byte region [ffff88810298e100, ffff88810298e110) [ 12.369051] [ 12.369149] The buggy address belongs to the physical page: [ 12.369710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 12.370056] flags: 0x200000000000000(node=0|zone=2) [ 12.370649] page_type: f5(slab) [ 12.371029] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.371756] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.372070] page dumped because: kasan: bad access detected [ 12.372849] [ 12.373113] Memory state around the buggy address: [ 12.373464] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 12.373758] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.374040] >ffff88810298e100: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.374647] ^ [ 12.375107] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.375958] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.376682] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 12.311467] ================================================================== [ 12.312062] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 12.312423] Read of size 1 at addr ffff88810298e100 by task kunit_try_catch/209 [ 12.312774] [ 12.313020] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.313074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.313086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.313109] Call Trace: [ 12.313123] <TASK> [ 12.313144] dump_stack_lvl+0x73/0xb0 [ 12.313181] print_report+0xd1/0x650 [ 12.313361] ? __virt_addr_valid+0x1db/0x2d0 [ 12.313414] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.313450] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.313472] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.313493] kasan_report+0x141/0x180 [ 12.313515] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.313539] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.313561] __kasan_check_byte+0x3d/0x50 [ 12.313582] kfree_sensitive+0x22/0x90 [ 12.313605] kmalloc_double_kzfree+0x19c/0x350 [ 12.313626] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.313651] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.313676] kunit_try_run_case+0x1a5/0x480 [ 12.313702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.313740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.313764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.313800] ? __kthread_parkme+0x82/0x180 [ 12.313821] ? preempt_count_sub+0x50/0x80 [ 12.313854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.313876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.313897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.313930] kthread+0x337/0x6f0 [ 12.313950] ? trace_preempt_on+0x20/0xc0 [ 12.313973] ? __pfx_kthread+0x10/0x10 [ 12.313992] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.314012] ? calculate_sigpending+0x7b/0xa0 [ 12.314036] ? __pfx_kthread+0x10/0x10 [ 12.314056] ret_from_fork+0x116/0x1d0 [ 12.314074] ? __pfx_kthread+0x10/0x10 [ 12.314094] ret_from_fork_asm+0x1a/0x30 [ 12.314126] </TASK> [ 12.314137] [ 12.323938] Allocated by task 209: [ 12.324157] kasan_save_stack+0x45/0x70 [ 12.325021] kasan_save_track+0x18/0x40 [ 12.325185] kasan_save_alloc_info+0x3b/0x50 [ 12.325350] __kasan_kmalloc+0xb7/0xc0 [ 12.325905] __kmalloc_cache_noprof+0x189/0x420 [ 12.326123] kmalloc_double_kzfree+0xa9/0x350 [ 12.326622] kunit_try_run_case+0x1a5/0x480 [ 12.326829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.327065] kthread+0x337/0x6f0 [ 12.327942] ret_from_fork+0x116/0x1d0 [ 12.328261] ret_from_fork_asm+0x1a/0x30 [ 12.328745] [ 12.329095] Freed by task 209: [ 12.329355] kasan_save_stack+0x45/0x70 [ 12.329552] kasan_save_track+0x18/0x40 [ 12.329730] kasan_save_free_info+0x3f/0x60 [ 12.329922] __kasan_slab_free+0x56/0x70 [ 12.330103] kfree+0x222/0x3f0 [ 12.330727] kfree_sensitive+0x67/0x90 [ 12.330896] kmalloc_double_kzfree+0x12b/0x350 [ 12.331098] kunit_try_run_case+0x1a5/0x480 [ 12.331367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.331603] kthread+0x337/0x6f0 [ 12.331759] ret_from_fork+0x116/0x1d0 [ 12.331933] ret_from_fork_asm+0x1a/0x30 [ 12.332120] [ 12.333070] The buggy address belongs to the object at ffff88810298e100 [ 12.333070] which belongs to the cache kmalloc-16 of size 16 [ 12.333947] The buggy address is located 0 bytes inside of [ 12.333947] freed 16-byte region [ffff88810298e100, ffff88810298e110) [ 12.335122] [ 12.335413] The buggy address belongs to the physical page: [ 12.335905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 12.336714] flags: 0x200000000000000(node=0|zone=2) [ 12.337147] page_type: f5(slab) [ 12.337726] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.338052] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.338827] page dumped because: kasan: bad access detected [ 12.339092] [ 12.339186] Memory state around the buggy address: [ 12.339670] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 12.339975] ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.340561] >ffff88810298e100: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.341195] ^ [ 12.341545] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.342034] ffff88810298e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.342930] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 12.256758] ================================================================== [ 12.258522] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 12.259514] Read of size 1 at addr ffff888102639d28 by task kunit_try_catch/205 [ 12.260164] [ 12.260710] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.260768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.260780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.260813] Call Trace: [ 12.260830] <TASK> [ 12.260851] dump_stack_lvl+0x73/0xb0 [ 12.260891] print_report+0xd1/0x650 [ 12.260915] ? __virt_addr_valid+0x1db/0x2d0 [ 12.260937] ? kmalloc_uaf2+0x4a8/0x520 [ 12.260956] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.260977] ? kmalloc_uaf2+0x4a8/0x520 [ 12.260996] kasan_report+0x141/0x180 [ 12.261016] ? kmalloc_uaf2+0x4a8/0x520 [ 12.261040] __asan_report_load1_noabort+0x18/0x20 [ 12.261062] kmalloc_uaf2+0x4a8/0x520 [ 12.261081] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 12.261099] ? finish_task_switch.isra.0+0x153/0x700 [ 12.261120] ? __switch_to+0x47/0xf50 [ 12.261145] ? __schedule+0x10cc/0x2b60 [ 12.261166] ? __pfx_read_tsc+0x10/0x10 [ 12.261185] ? ktime_get_ts64+0x86/0x230 [ 12.261208] kunit_try_run_case+0x1a5/0x480 [ 12.261244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.261264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.261435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.261469] ? __kthread_parkme+0x82/0x180 [ 12.261490] ? preempt_count_sub+0x50/0x80 [ 12.261527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.261551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.261617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.261639] kthread+0x337/0x6f0 [ 12.261658] ? trace_preempt_on+0x20/0xc0 [ 12.261680] ? __pfx_kthread+0x10/0x10 [ 12.261700] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.261720] ? calculate_sigpending+0x7b/0xa0 [ 12.261743] ? __pfx_kthread+0x10/0x10 [ 12.261763] ret_from_fork+0x116/0x1d0 [ 12.261781] ? __pfx_kthread+0x10/0x10 [ 12.261799] ret_from_fork_asm+0x1a/0x30 [ 12.261830] </TASK> [ 12.261840] [ 12.275778] Allocated by task 205: [ 12.275949] kasan_save_stack+0x45/0x70 [ 12.276113] kasan_save_track+0x18/0x40 [ 12.276259] kasan_save_alloc_info+0x3b/0x50 [ 12.276580] __kasan_kmalloc+0xb7/0xc0 [ 12.277013] __kmalloc_cache_noprof+0x189/0x420 [ 12.277443] kmalloc_uaf2+0xc6/0x520 [ 12.277833] kunit_try_run_case+0x1a5/0x480 [ 12.278281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.278735] kthread+0x337/0x6f0 [ 12.279073] ret_from_fork+0x116/0x1d0 [ 12.279668] ret_from_fork_asm+0x1a/0x30 [ 12.280119] [ 12.280313] Freed by task 205: [ 12.280748] kasan_save_stack+0x45/0x70 [ 12.281146] kasan_save_track+0x18/0x40 [ 12.281595] kasan_save_free_info+0x3f/0x60 [ 12.282187] __kasan_slab_free+0x56/0x70 [ 12.282734] kfree+0x222/0x3f0 [ 12.283112] kmalloc_uaf2+0x14c/0x520 [ 12.283510] kunit_try_run_case+0x1a5/0x480 [ 12.283846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.284023] kthread+0x337/0x6f0 [ 12.284145] ret_from_fork+0x116/0x1d0 [ 12.284335] ret_from_fork_asm+0x1a/0x30 [ 12.284828] [ 12.284995] The buggy address belongs to the object at ffff888102639d00 [ 12.284995] which belongs to the cache kmalloc-64 of size 64 [ 12.286284] The buggy address is located 40 bytes inside of [ 12.286284] freed 64-byte region [ffff888102639d00, ffff888102639d40) [ 12.287754] [ 12.287886] The buggy address belongs to the physical page: [ 12.288437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102639 [ 12.288969] flags: 0x200000000000000(node=0|zone=2) [ 12.289142] page_type: f5(slab) [ 12.289506] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.290181] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.291024] page dumped because: kasan: bad access detected [ 12.291356] [ 12.291730] Memory state around the buggy address: [ 12.292263] ffff888102639c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.292738] ffff888102639c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.292973] >ffff888102639d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.293186] ^ [ 12.293734] ffff888102639d80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 12.294437] ffff888102639e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.295057] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 12.208665] ================================================================== [ 12.209763] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 12.210808] Write of size 33 at addr ffff888102639c80 by task kunit_try_catch/203 [ 12.211192] [ 12.211517] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.211687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.211702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.211725] Call Trace: [ 12.211751] <TASK> [ 12.211771] dump_stack_lvl+0x73/0xb0 [ 12.211986] print_report+0xd1/0x650 [ 12.212018] ? __virt_addr_valid+0x1db/0x2d0 [ 12.212041] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.212063] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.212083] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.212104] kasan_report+0x141/0x180 [ 12.212124] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.212148] kasan_check_range+0x10c/0x1c0 [ 12.212170] __asan_memset+0x27/0x50 [ 12.212188] kmalloc_uaf_memset+0x1a3/0x360 [ 12.212208] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 12.212243] ? __schedule+0x10cc/0x2b60 [ 12.212264] ? __pfx_read_tsc+0x10/0x10 [ 12.212284] ? ktime_get_ts64+0x86/0x230 [ 12.212309] kunit_try_run_case+0x1a5/0x480 [ 12.212333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.212353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.212375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.212398] ? __kthread_parkme+0x82/0x180 [ 12.212417] ? preempt_count_sub+0x50/0x80 [ 12.212439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.212461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.212482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.212503] kthread+0x337/0x6f0 [ 12.212521] ? trace_preempt_on+0x20/0xc0 [ 12.212543] ? __pfx_kthread+0x10/0x10 [ 12.212562] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.212581] ? calculate_sigpending+0x7b/0xa0 [ 12.212604] ? __pfx_kthread+0x10/0x10 [ 12.212624] ret_from_fork+0x116/0x1d0 [ 12.212641] ? __pfx_kthread+0x10/0x10 [ 12.212660] ret_from_fork_asm+0x1a/0x30 [ 12.212689] </TASK> [ 12.212700] [ 12.228666] Allocated by task 203: [ 12.229212] kasan_save_stack+0x45/0x70 [ 12.229858] kasan_save_track+0x18/0x40 [ 12.230450] kasan_save_alloc_info+0x3b/0x50 [ 12.230930] __kasan_kmalloc+0xb7/0xc0 [ 12.231076] __kmalloc_cache_noprof+0x189/0x420 [ 12.231495] kmalloc_uaf_memset+0xa9/0x360 [ 12.232068] kunit_try_run_case+0x1a5/0x480 [ 12.232751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.233523] kthread+0x337/0x6f0 [ 12.233955] ret_from_fork+0x116/0x1d0 [ 12.234098] ret_from_fork_asm+0x1a/0x30 [ 12.234634] [ 12.234873] Freed by task 203: [ 12.235329] kasan_save_stack+0x45/0x70 [ 12.235880] kasan_save_track+0x18/0x40 [ 12.236428] kasan_save_free_info+0x3f/0x60 [ 12.236920] __kasan_slab_free+0x56/0x70 [ 12.237074] kfree+0x222/0x3f0 [ 12.237191] kmalloc_uaf_memset+0x12b/0x360 [ 12.237348] kunit_try_run_case+0x1a5/0x480 [ 12.237770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.238481] kthread+0x337/0x6f0 [ 12.238951] ret_from_fork+0x116/0x1d0 [ 12.239554] ret_from_fork_asm+0x1a/0x30 [ 12.240137] [ 12.240540] The buggy address belongs to the object at ffff888102639c80 [ 12.240540] which belongs to the cache kmalloc-64 of size 64 [ 12.242129] The buggy address is located 0 bytes inside of [ 12.242129] freed 64-byte region [ffff888102639c80, ffff888102639cc0) [ 12.243253] [ 12.243563] The buggy address belongs to the physical page: [ 12.243784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102639 [ 12.244035] flags: 0x200000000000000(node=0|zone=2) [ 12.244487] page_type: f5(slab) [ 12.244945] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.245958] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.246996] page dumped because: kasan: bad access detected [ 12.247833] [ 12.248199] Memory state around the buggy address: [ 12.248678] ffff888102639b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.249208] ffff888102639c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.249679] >ffff888102639c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.250545] ^ [ 12.251033] ffff888102639d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.252072] ffff888102639d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.252823] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 12.177878] ================================================================== [ 12.178439] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 12.178777] Read of size 1 at addr ffff88810298e0e8 by task kunit_try_catch/201 [ 12.179110] [ 12.179212] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.179874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.179888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.179911] Call Trace: [ 12.179928] <TASK> [ 12.179949] dump_stack_lvl+0x73/0xb0 [ 12.179984] print_report+0xd1/0x650 [ 12.180007] ? __virt_addr_valid+0x1db/0x2d0 [ 12.180029] ? kmalloc_uaf+0x320/0x380 [ 12.180047] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.180068] ? kmalloc_uaf+0x320/0x380 [ 12.180087] kasan_report+0x141/0x180 [ 12.180107] ? kmalloc_uaf+0x320/0x380 [ 12.180130] __asan_report_load1_noabort+0x18/0x20 [ 12.180152] kmalloc_uaf+0x320/0x380 [ 12.180171] ? __pfx_kmalloc_uaf+0x10/0x10 [ 12.180216] ? __schedule+0x10cc/0x2b60 [ 12.180278] ? __pfx_read_tsc+0x10/0x10 [ 12.180300] ? ktime_get_ts64+0x86/0x230 [ 12.180324] kunit_try_run_case+0x1a5/0x480 [ 12.180349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.180370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.180393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.180414] ? __kthread_parkme+0x82/0x180 [ 12.180433] ? preempt_count_sub+0x50/0x80 [ 12.180455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.180476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.180497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.180518] kthread+0x337/0x6f0 [ 12.180537] ? trace_preempt_on+0x20/0xc0 [ 12.180559] ? __pfx_kthread+0x10/0x10 [ 12.180578] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.180597] ? calculate_sigpending+0x7b/0xa0 [ 12.180619] ? __pfx_kthread+0x10/0x10 [ 12.180639] ret_from_fork+0x116/0x1d0 [ 12.180655] ? __pfx_kthread+0x10/0x10 [ 12.180675] ret_from_fork_asm+0x1a/0x30 [ 12.180705] </TASK> [ 12.180716] [ 12.191029] Allocated by task 201: [ 12.191374] kasan_save_stack+0x45/0x70 [ 12.191542] kasan_save_track+0x18/0x40 [ 12.191677] kasan_save_alloc_info+0x3b/0x50 [ 12.191893] __kasan_kmalloc+0xb7/0xc0 [ 12.192084] __kmalloc_cache_noprof+0x189/0x420 [ 12.192546] kmalloc_uaf+0xaa/0x380 [ 12.192914] kunit_try_run_case+0x1a5/0x480 [ 12.193346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.193576] kthread+0x337/0x6f0 [ 12.193880] ret_from_fork+0x116/0x1d0 [ 12.194131] ret_from_fork_asm+0x1a/0x30 [ 12.194295] [ 12.194628] Freed by task 201: [ 12.194749] kasan_save_stack+0x45/0x70 [ 12.195027] kasan_save_track+0x18/0x40 [ 12.195360] kasan_save_free_info+0x3f/0x60 [ 12.195745] __kasan_slab_free+0x56/0x70 [ 12.195953] kfree+0x222/0x3f0 [ 12.196089] kmalloc_uaf+0x12c/0x380 [ 12.196286] kunit_try_run_case+0x1a5/0x480 [ 12.196914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.197130] kthread+0x337/0x6f0 [ 12.197317] ret_from_fork+0x116/0x1d0 [ 12.197524] ret_from_fork_asm+0x1a/0x30 [ 12.197888] [ 12.197971] The buggy address belongs to the object at ffff88810298e0e0 [ 12.197971] which belongs to the cache kmalloc-16 of size 16 [ 12.198963] The buggy address is located 8 bytes inside of [ 12.198963] freed 16-byte region [ffff88810298e0e0, ffff88810298e0f0) [ 12.199474] [ 12.199644] The buggy address belongs to the physical page: [ 12.199872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 12.200202] flags: 0x200000000000000(node=0|zone=2) [ 12.201117] page_type: f5(slab) [ 12.201290] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.201780] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.202099] page dumped because: kasan: bad access detected [ 12.202648] [ 12.202744] Memory state around the buggy address: [ 12.202940] ffff88810298df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.203491] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 12.203805] >ffff88810298e080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.204097] ^ [ 12.204662] ffff88810298e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.205052] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.205456] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 12.139996] ================================================================== [ 12.140898] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.141765] Read of size 64 at addr ffff888102639b04 by task kunit_try_catch/199 [ 12.142610] [ 12.142719] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.142770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.142782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.142806] Call Trace: [ 12.142823] <TASK> [ 12.142845] dump_stack_lvl+0x73/0xb0 [ 12.142883] print_report+0xd1/0x650 [ 12.142906] ? __virt_addr_valid+0x1db/0x2d0 [ 12.142931] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.142954] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.142975] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.142997] kasan_report+0x141/0x180 [ 12.143018] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.143045] kasan_check_range+0x10c/0x1c0 [ 12.143067] __asan_memmove+0x27/0x70 [ 12.143086] kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.143108] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 12.143132] ? __schedule+0x10cc/0x2b60 [ 12.143153] ? __pfx_read_tsc+0x10/0x10 [ 12.143173] ? ktime_get_ts64+0x86/0x230 [ 12.143210] kunit_try_run_case+0x1a5/0x480 [ 12.143252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.143273] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.143296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.143317] ? __kthread_parkme+0x82/0x180 [ 12.143338] ? preempt_count_sub+0x50/0x80 [ 12.143361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.143383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.143404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.143425] kthread+0x337/0x6f0 [ 12.143489] ? trace_preempt_on+0x20/0xc0 [ 12.143513] ? __pfx_kthread+0x10/0x10 [ 12.143532] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.143552] ? calculate_sigpending+0x7b/0xa0 [ 12.143587] ? __pfx_kthread+0x10/0x10 [ 12.143607] ret_from_fork+0x116/0x1d0 [ 12.143624] ? __pfx_kthread+0x10/0x10 [ 12.143644] ret_from_fork_asm+0x1a/0x30 [ 12.143675] </TASK> [ 12.143685] [ 12.158392] Allocated by task 199: [ 12.158773] kasan_save_stack+0x45/0x70 [ 12.159265] kasan_save_track+0x18/0x40 [ 12.160116] kasan_save_alloc_info+0x3b/0x50 [ 12.160568] __kasan_kmalloc+0xb7/0xc0 [ 12.160973] __kmalloc_cache_noprof+0x189/0x420 [ 12.161425] kmalloc_memmove_invalid_size+0xac/0x330 [ 12.161706] kunit_try_run_case+0x1a5/0x480 [ 12.161860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.162035] kthread+0x337/0x6f0 [ 12.162156] ret_from_fork+0x116/0x1d0 [ 12.162779] ret_from_fork_asm+0x1a/0x30 [ 12.163159] [ 12.163343] The buggy address belongs to the object at ffff888102639b00 [ 12.163343] which belongs to the cache kmalloc-64 of size 64 [ 12.164653] The buggy address is located 4 bytes inside of [ 12.164653] allocated 64-byte region [ffff888102639b00, ffff888102639b40) [ 12.165787] [ 12.165920] The buggy address belongs to the physical page: [ 12.166094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102639 [ 12.166945] flags: 0x200000000000000(node=0|zone=2) [ 12.167423] page_type: f5(slab) [ 12.167842] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.168584] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.168827] page dumped because: kasan: bad access detected [ 12.168999] [ 12.169069] Memory state around the buggy address: [ 12.169310] ffff888102639a00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 12.169972] ffff888102639a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.170692] >ffff888102639b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.171745] ^ [ 12.172294] ffff888102639b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.172991] ffff888102639c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.173540] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 12.111648] ================================================================== [ 12.112165] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.112680] Read of size 18446744073709551614 at addr ffff888102639984 by task kunit_try_catch/197 [ 12.113123] [ 12.113244] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.113292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.113304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.113326] Call Trace: [ 12.113342] <TASK> [ 12.113361] dump_stack_lvl+0x73/0xb0 [ 12.113393] print_report+0xd1/0x650 [ 12.113415] ? __virt_addr_valid+0x1db/0x2d0 [ 12.113437] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.113459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.113480] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.113521] kasan_report+0x141/0x180 [ 12.113542] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.113570] kasan_check_range+0x10c/0x1c0 [ 12.113591] __asan_memmove+0x27/0x70 [ 12.113610] kmalloc_memmove_negative_size+0x171/0x330 [ 12.113633] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.113657] ? __schedule+0x10cc/0x2b60 [ 12.113677] ? __pfx_read_tsc+0x10/0x10 [ 12.113698] ? ktime_get_ts64+0x86/0x230 [ 12.113721] kunit_try_run_case+0x1a5/0x480 [ 12.113746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.113804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.113827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.113848] ? __kthread_parkme+0x82/0x180 [ 12.113868] ? preempt_count_sub+0x50/0x80 [ 12.113890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.113912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.113932] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.113954] kthread+0x337/0x6f0 [ 12.113972] ? trace_preempt_on+0x20/0xc0 [ 12.113994] ? __pfx_kthread+0x10/0x10 [ 12.114013] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.114032] ? calculate_sigpending+0x7b/0xa0 [ 12.114055] ? __pfx_kthread+0x10/0x10 [ 12.114076] ret_from_fork+0x116/0x1d0 [ 12.114094] ? __pfx_kthread+0x10/0x10 [ 12.114113] ret_from_fork_asm+0x1a/0x30 [ 12.114143] </TASK> [ 12.114153] [ 12.124116] Allocated by task 197: [ 12.124877] kasan_save_stack+0x45/0x70 [ 12.125128] kasan_save_track+0x18/0x40 [ 12.125445] kasan_save_alloc_info+0x3b/0x50 [ 12.125646] __kasan_kmalloc+0xb7/0xc0 [ 12.125824] __kmalloc_cache_noprof+0x189/0x420 [ 12.126037] kmalloc_memmove_negative_size+0xac/0x330 [ 12.126592] kunit_try_run_case+0x1a5/0x480 [ 12.126780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.127012] kthread+0x337/0x6f0 [ 12.127170] ret_from_fork+0x116/0x1d0 [ 12.127422] ret_from_fork_asm+0x1a/0x30 [ 12.127610] [ 12.127704] The buggy address belongs to the object at ffff888102639980 [ 12.127704] which belongs to the cache kmalloc-64 of size 64 [ 12.128189] The buggy address is located 4 bytes inside of [ 12.128189] 64-byte region [ffff888102639980, ffff8881026399c0) [ 12.128693] [ 12.128769] The buggy address belongs to the physical page: [ 12.128954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102639 [ 12.129275] flags: 0x200000000000000(node=0|zone=2) [ 12.129512] page_type: f5(slab) [ 12.129684] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.129919] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.130423] page dumped because: kasan: bad access detected [ 12.130687] [ 12.130783] Memory state around the buggy address: [ 12.131018] ffff888102639880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.131837] ffff888102639900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.132170] >ffff888102639980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.132962] ^ [ 12.133094] ffff888102639a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.133826] ffff888102639a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.134205] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 12.081210] ================================================================== [ 12.081833] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.082090] Write of size 16 at addr ffff88810262fc69 by task kunit_try_catch/195 [ 12.082741] [ 12.082932] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.082982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.082994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.083018] Call Trace: [ 12.083032] <TASK> [ 12.083055] dump_stack_lvl+0x73/0xb0 [ 12.083109] print_report+0xd1/0x650 [ 12.083155] ? __virt_addr_valid+0x1db/0x2d0 [ 12.083180] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.083231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.083268] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.083289] kasan_report+0x141/0x180 [ 12.083310] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.083334] kasan_check_range+0x10c/0x1c0 [ 12.083357] __asan_memset+0x27/0x50 [ 12.083376] kmalloc_oob_memset_16+0x166/0x330 [ 12.083397] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.083418] ? __schedule+0x10cc/0x2b60 [ 12.083439] ? __pfx_read_tsc+0x10/0x10 [ 12.083460] ? ktime_get_ts64+0x86/0x230 [ 12.083484] kunit_try_run_case+0x1a5/0x480 [ 12.083510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.083530] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.083553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.083574] ? __kthread_parkme+0x82/0x180 [ 12.083596] ? preempt_count_sub+0x50/0x80 [ 12.083621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.083643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.083678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.083699] kthread+0x337/0x6f0 [ 12.083718] ? trace_preempt_on+0x20/0xc0 [ 12.083740] ? __pfx_kthread+0x10/0x10 [ 12.083759] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.083778] ? calculate_sigpending+0x7b/0xa0 [ 12.083801] ? __pfx_kthread+0x10/0x10 [ 12.083820] ret_from_fork+0x116/0x1d0 [ 12.083838] ? __pfx_kthread+0x10/0x10 [ 12.083856] ret_from_fork_asm+0x1a/0x30 [ 12.083887] </TASK> [ 12.083898] [ 12.097541] Allocated by task 195: [ 12.097946] kasan_save_stack+0x45/0x70 [ 12.098377] kasan_save_track+0x18/0x40 [ 12.098589] kasan_save_alloc_info+0x3b/0x50 [ 12.098740] __kasan_kmalloc+0xb7/0xc0 [ 12.098870] __kmalloc_cache_noprof+0x189/0x420 [ 12.099024] kmalloc_oob_memset_16+0xac/0x330 [ 12.099173] kunit_try_run_case+0x1a5/0x480 [ 12.099380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.099739] kthread+0x337/0x6f0 [ 12.099903] ret_from_fork+0x116/0x1d0 [ 12.100036] ret_from_fork_asm+0x1a/0x30 [ 12.100215] [ 12.100323] The buggy address belongs to the object at ffff88810262fc00 [ 12.100323] which belongs to the cache kmalloc-128 of size 128 [ 12.101276] The buggy address is located 105 bytes inside of [ 12.101276] allocated 120-byte region [ffff88810262fc00, ffff88810262fc78) [ 12.101786] [ 12.101881] The buggy address belongs to the physical page: [ 12.102098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.102926] flags: 0x200000000000000(node=0|zone=2) [ 12.103133] page_type: f5(slab) [ 12.103427] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.103971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.104417] page dumped because: kasan: bad access detected [ 12.104722] [ 12.104887] Memory state around the buggy address: [ 12.105237] ffff88810262fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.105620] ffff88810262fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.106046] >ffff88810262fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.106364] ^ [ 12.106897] ffff88810262fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.107233] ffff88810262fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.107588] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 12.044247] ================================================================== [ 12.046116] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.046939] Write of size 8 at addr ffff888103980071 by task kunit_try_catch/193 [ 12.047176] [ 12.048015] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.048176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.048347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.048377] Call Trace: [ 12.048409] <TASK> [ 12.048434] dump_stack_lvl+0x73/0xb0 [ 12.048475] print_report+0xd1/0x650 [ 12.048641] ? __virt_addr_valid+0x1db/0x2d0 [ 12.048667] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.048701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.048722] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.048743] kasan_report+0x141/0x180 [ 12.048763] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.048801] kasan_check_range+0x10c/0x1c0 [ 12.048823] __asan_memset+0x27/0x50 [ 12.048841] kmalloc_oob_memset_8+0x166/0x330 [ 12.048864] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.048885] ? __schedule+0x10cc/0x2b60 [ 12.048907] ? __pfx_read_tsc+0x10/0x10 [ 12.048927] ? ktime_get_ts64+0x86/0x230 [ 12.048951] kunit_try_run_case+0x1a5/0x480 [ 12.048976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.048996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.049019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.049040] ? __kthread_parkme+0x82/0x180 [ 12.049060] ? preempt_count_sub+0x50/0x80 [ 12.049082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.049103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.049124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.049145] kthread+0x337/0x6f0 [ 12.049163] ? trace_preempt_on+0x20/0xc0 [ 12.049526] ? __pfx_kthread+0x10/0x10 [ 12.049557] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.049579] ? calculate_sigpending+0x7b/0xa0 [ 12.049603] ? __pfx_kthread+0x10/0x10 [ 12.049623] ret_from_fork+0x116/0x1d0 [ 12.049642] ? __pfx_kthread+0x10/0x10 [ 12.049662] ret_from_fork_asm+0x1a/0x30 [ 12.049693] </TASK> [ 12.049719] [ 12.062615] Allocated by task 193: [ 12.063071] kasan_save_stack+0x45/0x70 [ 12.063504] kasan_save_track+0x18/0x40 [ 12.063919] kasan_save_alloc_info+0x3b/0x50 [ 12.064506] __kasan_kmalloc+0xb7/0xc0 [ 12.064873] __kmalloc_cache_noprof+0x189/0x420 [ 12.065329] kmalloc_oob_memset_8+0xac/0x330 [ 12.065769] kunit_try_run_case+0x1a5/0x480 [ 12.066385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.066966] kthread+0x337/0x6f0 [ 12.067338] ret_from_fork+0x116/0x1d0 [ 12.067713] ret_from_fork_asm+0x1a/0x30 [ 12.068081] [ 12.068276] The buggy address belongs to the object at ffff888103980000 [ 12.068276] which belongs to the cache kmalloc-128 of size 128 [ 12.068896] The buggy address is located 113 bytes inside of [ 12.068896] allocated 120-byte region [ffff888103980000, ffff888103980078) [ 12.070076] [ 12.070275] The buggy address belongs to the physical page: [ 12.070837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 12.071581] flags: 0x200000000000000(node=0|zone=2) [ 12.071955] page_type: f5(slab) [ 12.072082] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.072564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.073143] page dumped because: kasan: bad access detected [ 12.073766] [ 12.073968] Memory state around the buggy address: [ 12.074469] ffff88810397ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.074727] ffff88810397ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.074946] >ffff888103980000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.075159] ^ [ 12.075999] ffff888103980080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.076289] ffff888103980100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.077126] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 12.005828] ================================================================== [ 12.006318] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.007063] Write of size 4 at addr ffff88810262fb75 by task kunit_try_catch/191 [ 12.008099] [ 12.008473] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.008528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.008540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.008563] Call Trace: [ 12.008577] <TASK> [ 12.008597] dump_stack_lvl+0x73/0xb0 [ 12.008634] print_report+0xd1/0x650 [ 12.008657] ? __virt_addr_valid+0x1db/0x2d0 [ 12.008681] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.008701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.008722] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.008742] kasan_report+0x141/0x180 [ 12.008763] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.008795] kasan_check_range+0x10c/0x1c0 [ 12.008817] __asan_memset+0x27/0x50 [ 12.008835] kmalloc_oob_memset_4+0x166/0x330 [ 12.008856] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.008879] ? __schedule+0x10cc/0x2b60 [ 12.008900] ? __pfx_read_tsc+0x10/0x10 [ 12.008920] ? ktime_get_ts64+0x86/0x230 [ 12.008945] kunit_try_run_case+0x1a5/0x480 [ 12.008970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.008990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.009013] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.009034] ? __kthread_parkme+0x82/0x180 [ 12.009055] ? preempt_count_sub+0x50/0x80 [ 12.009078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.009099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.009120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.009141] kthread+0x337/0x6f0 [ 12.009159] ? trace_preempt_on+0x20/0xc0 [ 12.009181] ? __pfx_kthread+0x10/0x10 [ 12.009200] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.009234] ? calculate_sigpending+0x7b/0xa0 [ 12.009262] ? __pfx_kthread+0x10/0x10 [ 12.009282] ret_from_fork+0x116/0x1d0 [ 12.009299] ? __pfx_kthread+0x10/0x10 [ 12.009318] ret_from_fork_asm+0x1a/0x30 [ 12.009348] </TASK> [ 12.009359] [ 12.023112] Allocated by task 191: [ 12.023906] kasan_save_stack+0x45/0x70 [ 12.024137] kasan_save_track+0x18/0x40 [ 12.024289] kasan_save_alloc_info+0x3b/0x50 [ 12.024651] __kasan_kmalloc+0xb7/0xc0 [ 12.024998] __kmalloc_cache_noprof+0x189/0x420 [ 12.025496] kmalloc_oob_memset_4+0xac/0x330 [ 12.025717] kunit_try_run_case+0x1a5/0x480 [ 12.026077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.026525] kthread+0x337/0x6f0 [ 12.026774] ret_from_fork+0x116/0x1d0 [ 12.026946] ret_from_fork_asm+0x1a/0x30 [ 12.027147] [ 12.027618] The buggy address belongs to the object at ffff88810262fb00 [ 12.027618] which belongs to the cache kmalloc-128 of size 128 [ 12.028396] The buggy address is located 117 bytes inside of [ 12.028396] allocated 120-byte region [ffff88810262fb00, ffff88810262fb78) [ 12.028898] [ 12.029079] The buggy address belongs to the physical page: [ 12.029619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.030123] flags: 0x200000000000000(node=0|zone=2) [ 12.030730] page_type: f5(slab) [ 12.030930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.031292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.031909] page dumped because: kasan: bad access detected [ 12.032160] [ 12.032266] Memory state around the buggy address: [ 12.032869] ffff88810262fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.033280] ffff88810262fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.033596] >ffff88810262fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.033907] ^ [ 12.034207] ffff88810262fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.034916] ffff88810262fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.035493] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.972139] ================================================================== [ 11.973179] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.973871] Write of size 2 at addr ffff888102be6f77 by task kunit_try_catch/189 [ 11.974567] [ 11.974837] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.974891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.974913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.974936] Call Trace: [ 11.974952] <TASK> [ 11.974971] dump_stack_lvl+0x73/0xb0 [ 11.975009] print_report+0xd1/0x650 [ 11.975033] ? __virt_addr_valid+0x1db/0x2d0 [ 11.975056] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.975077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.975097] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.975118] kasan_report+0x141/0x180 [ 11.975138] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.975163] kasan_check_range+0x10c/0x1c0 [ 11.975186] __asan_memset+0x27/0x50 [ 11.975205] kmalloc_oob_memset_2+0x166/0x330 [ 11.975236] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.975363] ? __schedule+0x10cc/0x2b60 [ 11.975393] ? __pfx_read_tsc+0x10/0x10 [ 11.975495] ? ktime_get_ts64+0x86/0x230 [ 11.975576] kunit_try_run_case+0x1a5/0x480 [ 11.975602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.975624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.975647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.975668] ? __kthread_parkme+0x82/0x180 [ 11.975688] ? preempt_count_sub+0x50/0x80 [ 11.975710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.975732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.975753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.975774] kthread+0x337/0x6f0 [ 11.975792] ? trace_preempt_on+0x20/0xc0 [ 11.975815] ? __pfx_kthread+0x10/0x10 [ 11.975834] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.975853] ? calculate_sigpending+0x7b/0xa0 [ 11.975875] ? __pfx_kthread+0x10/0x10 [ 11.975895] ret_from_fork+0x116/0x1d0 [ 11.975914] ? __pfx_kthread+0x10/0x10 [ 11.975933] ret_from_fork_asm+0x1a/0x30 [ 11.975963] </TASK> [ 11.975974] [ 11.987122] Allocated by task 189: [ 11.987689] kasan_save_stack+0x45/0x70 [ 11.988157] kasan_save_track+0x18/0x40 [ 11.988996] kasan_save_alloc_info+0x3b/0x50 [ 11.989377] __kasan_kmalloc+0xb7/0xc0 [ 11.989545] __kmalloc_cache_noprof+0x189/0x420 [ 11.989709] kmalloc_oob_memset_2+0xac/0x330 [ 11.989865] kunit_try_run_case+0x1a5/0x480 [ 11.990056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.991017] kthread+0x337/0x6f0 [ 11.991867] ret_from_fork+0x116/0x1d0 [ 11.992058] ret_from_fork_asm+0x1a/0x30 [ 11.992427] [ 11.992533] The buggy address belongs to the object at ffff888102be6f00 [ 11.992533] which belongs to the cache kmalloc-128 of size 128 [ 11.993189] The buggy address is located 119 bytes inside of [ 11.993189] allocated 120-byte region [ffff888102be6f00, ffff888102be6f78) [ 11.994320] [ 11.994434] The buggy address belongs to the physical page: [ 11.994886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be6 [ 11.995718] flags: 0x200000000000000(node=0|zone=2) [ 11.996179] page_type: f5(slab) [ 11.996629] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.997099] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.997678] page dumped because: kasan: bad access detected [ 11.997993] [ 11.998084] Memory state around the buggy address: [ 11.998548] ffff888102be6e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.999258] ffff888102be6e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.999834] >ffff888102be6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.000331] ^ [ 12.000648] ffff888102be6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.000961] ffff888102be7000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.001519] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.932159] ================================================================== [ 11.933271] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.933958] Write of size 128 at addr ffff88810262fa00 by task kunit_try_catch/187 [ 11.934600] [ 11.935171] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.935241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.935254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.935277] Call Trace: [ 11.935295] <TASK> [ 11.935317] dump_stack_lvl+0x73/0xb0 [ 11.935353] print_report+0xd1/0x650 [ 11.935376] ? __virt_addr_valid+0x1db/0x2d0 [ 11.935400] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.935420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.935441] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.935462] kasan_report+0x141/0x180 [ 11.935482] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.935507] kasan_check_range+0x10c/0x1c0 [ 11.935529] __asan_memset+0x27/0x50 [ 11.935547] kmalloc_oob_in_memset+0x15f/0x320 [ 11.935568] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.935590] ? __schedule+0x10cc/0x2b60 [ 11.935612] ? __pfx_read_tsc+0x10/0x10 [ 11.935634] ? ktime_get_ts64+0x86/0x230 [ 11.935659] kunit_try_run_case+0x1a5/0x480 [ 11.935685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.935705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.935728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.935749] ? __kthread_parkme+0x82/0x180 [ 11.935770] ? preempt_count_sub+0x50/0x80 [ 11.935792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.935814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.935835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.935856] kthread+0x337/0x6f0 [ 11.935874] ? trace_preempt_on+0x20/0xc0 [ 11.935896] ? __pfx_kthread+0x10/0x10 [ 11.935915] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.935935] ? calculate_sigpending+0x7b/0xa0 [ 11.935958] ? __pfx_kthread+0x10/0x10 [ 11.935978] ret_from_fork+0x116/0x1d0 [ 11.935995] ? __pfx_kthread+0x10/0x10 [ 11.936013] ret_from_fork_asm+0x1a/0x30 [ 11.936044] </TASK> [ 11.936054] [ 11.951764] Allocated by task 187: [ 11.952150] kasan_save_stack+0x45/0x70 [ 11.952769] kasan_save_track+0x18/0x40 [ 11.952929] kasan_save_alloc_info+0x3b/0x50 [ 11.953077] __kasan_kmalloc+0xb7/0xc0 [ 11.953278] __kmalloc_cache_noprof+0x189/0x420 [ 11.953798] kmalloc_oob_in_memset+0xac/0x320 [ 11.954534] kunit_try_run_case+0x1a5/0x480 [ 11.955055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.955733] kthread+0x337/0x6f0 [ 11.956248] ret_from_fork+0x116/0x1d0 [ 11.956673] ret_from_fork_asm+0x1a/0x30 [ 11.956839] [ 11.956917] The buggy address belongs to the object at ffff88810262fa00 [ 11.956917] which belongs to the cache kmalloc-128 of size 128 [ 11.957503] The buggy address is located 0 bytes inside of [ 11.957503] allocated 120-byte region [ffff88810262fa00, ffff88810262fa78) [ 11.958836] [ 11.959062] The buggy address belongs to the physical page: [ 11.959782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.960856] flags: 0x200000000000000(node=0|zone=2) [ 11.961519] page_type: f5(slab) [ 11.961664] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.961901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.962128] page dumped because: kasan: bad access detected [ 11.962324] [ 11.962497] Memory state around the buggy address: [ 11.962930] ffff88810262f900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.963754] ffff88810262f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.964420] >ffff88810262fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.965384] ^ [ 11.966163] ffff88810262fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.966909] ffff88810262fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.967587] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.889802] ================================================================== [ 11.891378] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.891643] Read of size 16 at addr ffff88810253eee0 by task kunit_try_catch/185 [ 11.891869] [ 11.891967] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.892017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.892029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.892053] Call Trace: [ 11.892069] <TASK> [ 11.892090] dump_stack_lvl+0x73/0xb0 [ 11.892121] print_report+0xd1/0x650 [ 11.892144] ? __virt_addr_valid+0x1db/0x2d0 [ 11.892168] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.892187] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.892209] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.892278] kasan_report+0x141/0x180 [ 11.892299] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.892323] __asan_report_load16_noabort+0x18/0x20 [ 11.892361] kmalloc_uaf_16+0x47b/0x4c0 [ 11.892381] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.892401] ? __schedule+0x10cc/0x2b60 [ 11.892423] ? __pfx_read_tsc+0x10/0x10 [ 11.892444] ? ktime_get_ts64+0x86/0x230 [ 11.892469] kunit_try_run_case+0x1a5/0x480 [ 11.892494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.892514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.892537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.892589] ? __kthread_parkme+0x82/0x180 [ 11.892610] ? preempt_count_sub+0x50/0x80 [ 11.892633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.892687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.892709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.892770] kthread+0x337/0x6f0 [ 11.892797] ? trace_preempt_on+0x20/0xc0 [ 11.892821] ? __pfx_kthread+0x10/0x10 [ 11.892852] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.892871] ? calculate_sigpending+0x7b/0xa0 [ 11.892895] ? __pfx_kthread+0x10/0x10 [ 11.892914] ret_from_fork+0x116/0x1d0 [ 11.892932] ? __pfx_kthread+0x10/0x10 [ 11.892950] ret_from_fork_asm+0x1a/0x30 [ 11.892981] </TASK> [ 11.892992] [ 11.908053] Allocated by task 185: [ 11.908232] kasan_save_stack+0x45/0x70 [ 11.908676] kasan_save_track+0x18/0x40 [ 11.909123] kasan_save_alloc_info+0x3b/0x50 [ 11.909627] __kasan_kmalloc+0xb7/0xc0 [ 11.910046] __kmalloc_cache_noprof+0x189/0x420 [ 11.910567] kmalloc_uaf_16+0x15b/0x4c0 [ 11.910936] kunit_try_run_case+0x1a5/0x480 [ 11.911363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.911933] kthread+0x337/0x6f0 [ 11.912177] ret_from_fork+0x116/0x1d0 [ 11.912500] ret_from_fork_asm+0x1a/0x30 [ 11.912724] [ 11.912946] Freed by task 185: [ 11.913248] kasan_save_stack+0x45/0x70 [ 11.913699] kasan_save_track+0x18/0x40 [ 11.914101] kasan_save_free_info+0x3f/0x60 [ 11.914490] __kasan_slab_free+0x56/0x70 [ 11.914952] kfree+0x222/0x3f0 [ 11.915164] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.915610] kunit_try_run_case+0x1a5/0x480 [ 11.915763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.916118] kthread+0x337/0x6f0 [ 11.916506] ret_from_fork+0x116/0x1d0 [ 11.916956] ret_from_fork_asm+0x1a/0x30 [ 11.917342] [ 11.917505] The buggy address belongs to the object at ffff88810253eee0 [ 11.917505] which belongs to the cache kmalloc-16 of size 16 [ 11.918584] The buggy address is located 0 bytes inside of [ 11.918584] freed 16-byte region [ffff88810253eee0, ffff88810253eef0) [ 11.919695] [ 11.919909] The buggy address belongs to the physical page: [ 11.920428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10253e [ 11.920965] flags: 0x200000000000000(node=0|zone=2) [ 11.921548] page_type: f5(slab) [ 11.921741] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.922611] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.922831] page dumped because: kasan: bad access detected [ 11.922995] [ 11.923061] Memory state around the buggy address: [ 11.923213] ffff88810253ed80: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 11.923835] ffff88810253ee00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 11.924630] >ffff88810253ee80: fa fb fc fc 00 05 fc fc 00 00 fc fc fa fb fc fc [ 11.925371] ^ [ 11.925987] ffff88810253ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.926723] ffff88810253ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.927457] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.865775] ================================================================== [ 11.866550] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.867330] Write of size 16 at addr ffff88810298e0a0 by task kunit_try_catch/183 [ 11.868099] [ 11.868240] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.868338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.868350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.868384] Call Trace: [ 11.868400] <TASK> [ 11.868421] dump_stack_lvl+0x73/0xb0 [ 11.868459] print_report+0xd1/0x650 [ 11.868482] ? __virt_addr_valid+0x1db/0x2d0 [ 11.868504] ? kmalloc_oob_16+0x452/0x4a0 [ 11.868524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.868544] ? kmalloc_oob_16+0x452/0x4a0 [ 11.868565] kasan_report+0x141/0x180 [ 11.868585] ? kmalloc_oob_16+0x452/0x4a0 [ 11.868609] __asan_report_store16_noabort+0x1b/0x30 [ 11.868629] kmalloc_oob_16+0x452/0x4a0 [ 11.868648] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.868669] ? __schedule+0x10cc/0x2b60 [ 11.868690] ? __pfx_read_tsc+0x10/0x10 [ 11.868709] ? ktime_get_ts64+0x86/0x230 [ 11.868733] kunit_try_run_case+0x1a5/0x480 [ 11.868757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.868777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.868808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.868830] ? __kthread_parkme+0x82/0x180 [ 11.868849] ? preempt_count_sub+0x50/0x80 [ 11.868871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.868893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.868914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.868936] kthread+0x337/0x6f0 [ 11.868954] ? trace_preempt_on+0x20/0xc0 [ 11.868976] ? __pfx_kthread+0x10/0x10 [ 11.868994] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.869013] ? calculate_sigpending+0x7b/0xa0 [ 11.869036] ? __pfx_kthread+0x10/0x10 [ 11.869055] ret_from_fork+0x116/0x1d0 [ 11.869072] ? __pfx_kthread+0x10/0x10 [ 11.869091] ret_from_fork_asm+0x1a/0x30 [ 11.869120] </TASK> [ 11.869130] [ 11.876975] Allocated by task 183: [ 11.877182] kasan_save_stack+0x45/0x70 [ 11.877427] kasan_save_track+0x18/0x40 [ 11.877621] kasan_save_alloc_info+0x3b/0x50 [ 11.877831] __kasan_kmalloc+0xb7/0xc0 [ 11.878017] __kmalloc_cache_noprof+0x189/0x420 [ 11.878233] kmalloc_oob_16+0xa8/0x4a0 [ 11.878421] kunit_try_run_case+0x1a5/0x480 [ 11.878564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.878803] kthread+0x337/0x6f0 [ 11.878961] ret_from_fork+0x116/0x1d0 [ 11.879107] ret_from_fork_asm+0x1a/0x30 [ 11.879251] [ 11.879322] The buggy address belongs to the object at ffff88810298e0a0 [ 11.879322] which belongs to the cache kmalloc-16 of size 16 [ 11.879724] The buggy address is located 0 bytes inside of [ 11.879724] allocated 13-byte region [ffff88810298e0a0, ffff88810298e0ad) [ 11.880295] [ 11.880392] The buggy address belongs to the physical page: [ 11.880669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298e [ 11.880915] flags: 0x200000000000000(node=0|zone=2) [ 11.881075] page_type: f5(slab) [ 11.881351] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.881698] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.882032] page dumped because: kasan: bad access detected [ 11.882299] [ 11.882374] Memory state around the buggy address: [ 11.882582] ffff88810298df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.882832] ffff88810298e000: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc [ 11.883050] >ffff88810298e080: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 11.883511] ^ [ 11.883721] ffff88810298e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.883996] ffff88810298e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.884200] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.830380] ================================================================== [ 11.830672] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.830947] Read of size 1 at addr ffff888100aa3200 by task kunit_try_catch/181 [ 11.831504] [ 11.831644] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.831694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.831706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.831727] Call Trace: [ 11.831741] <TASK> [ 11.831759] dump_stack_lvl+0x73/0xb0 [ 11.831791] print_report+0xd1/0x650 [ 11.831813] ? __virt_addr_valid+0x1db/0x2d0 [ 11.831835] ? krealloc_uaf+0x53c/0x5e0 [ 11.831855] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.831876] ? krealloc_uaf+0x53c/0x5e0 [ 11.831896] kasan_report+0x141/0x180 [ 11.831917] ? krealloc_uaf+0x53c/0x5e0 [ 11.831942] __asan_report_load1_noabort+0x18/0x20 [ 11.831965] krealloc_uaf+0x53c/0x5e0 [ 11.831986] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.832006] ? finish_task_switch.isra.0+0x153/0x700 [ 11.832027] ? __switch_to+0x47/0xf50 [ 11.832052] ? __schedule+0x10cc/0x2b60 [ 11.832073] ? __pfx_read_tsc+0x10/0x10 [ 11.832093] ? ktime_get_ts64+0x86/0x230 [ 11.832115] kunit_try_run_case+0x1a5/0x480 [ 11.832138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.832159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.832181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.832527] ? __kthread_parkme+0x82/0x180 [ 11.832560] ? preempt_count_sub+0x50/0x80 [ 11.832582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.832605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.832628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.832649] kthread+0x337/0x6f0 [ 11.832668] ? trace_preempt_on+0x20/0xc0 [ 11.832981] ? __pfx_kthread+0x10/0x10 [ 11.833010] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.833032] ? calculate_sigpending+0x7b/0xa0 [ 11.833055] ? __pfx_kthread+0x10/0x10 [ 11.833075] ret_from_fork+0x116/0x1d0 [ 11.833093] ? __pfx_kthread+0x10/0x10 [ 11.833112] ret_from_fork_asm+0x1a/0x30 [ 11.833142] </TASK> [ 11.833154] [ 11.843789] Allocated by task 181: [ 11.844000] kasan_save_stack+0x45/0x70 [ 11.844678] kasan_save_track+0x18/0x40 [ 11.844858] kasan_save_alloc_info+0x3b/0x50 [ 11.845147] __kasan_kmalloc+0xb7/0xc0 [ 11.845383] __kmalloc_cache_noprof+0x189/0x420 [ 11.845928] krealloc_uaf+0xbb/0x5e0 [ 11.846139] kunit_try_run_case+0x1a5/0x480 [ 11.846544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.846727] kthread+0x337/0x6f0 [ 11.846901] ret_from_fork+0x116/0x1d0 [ 11.847091] ret_from_fork_asm+0x1a/0x30 [ 11.847541] [ 11.847641] Freed by task 181: [ 11.847792] kasan_save_stack+0x45/0x70 [ 11.847962] kasan_save_track+0x18/0x40 [ 11.848142] kasan_save_free_info+0x3f/0x60 [ 11.848731] __kasan_slab_free+0x56/0x70 [ 11.848910] kfree+0x222/0x3f0 [ 11.849406] krealloc_uaf+0x13d/0x5e0 [ 11.849561] kunit_try_run_case+0x1a5/0x480 [ 11.849990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.850456] kthread+0x337/0x6f0 [ 11.851027] ret_from_fork+0x116/0x1d0 [ 11.851193] ret_from_fork_asm+0x1a/0x30 [ 11.851770] [ 11.851910] The buggy address belongs to the object at ffff888100aa3200 [ 11.851910] which belongs to the cache kmalloc-256 of size 256 [ 11.852854] The buggy address is located 0 bytes inside of [ 11.852854] freed 256-byte region [ffff888100aa3200, ffff888100aa3300) [ 11.853454] [ 11.853545] The buggy address belongs to the physical page: [ 11.854087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2 [ 11.854625] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.855049] flags: 0x200000000000040(head|node=0|zone=2) [ 11.855735] page_type: f5(slab) [ 11.855992] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.856624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.856923] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.857527] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.857844] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff [ 11.858514] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.858930] page dumped because: kasan: bad access detected [ 11.859612] [ 11.859844] Memory state around the buggy address: [ 11.860090] ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.860713] ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.860995] >ffff888100aa3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.861257] ^ [ 11.861450] ffff888100aa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.861895] ffff888100aa3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.862185] ================================================================== [ 11.792811] ================================================================== [ 11.793820] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.794830] Read of size 1 at addr ffff888100aa3200 by task kunit_try_catch/181 [ 11.795918] [ 11.796267] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.796324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.796336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.796359] Call Trace: [ 11.796376] <TASK> [ 11.796396] dump_stack_lvl+0x73/0xb0 [ 11.796434] print_report+0xd1/0x650 [ 11.796457] ? __virt_addr_valid+0x1db/0x2d0 [ 11.796479] ? krealloc_uaf+0x1b8/0x5e0 [ 11.796499] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.796520] ? krealloc_uaf+0x1b8/0x5e0 [ 11.796539] kasan_report+0x141/0x180 [ 11.796560] ? krealloc_uaf+0x1b8/0x5e0 [ 11.796582] ? krealloc_uaf+0x1b8/0x5e0 [ 11.796602] __kasan_check_byte+0x3d/0x50 [ 11.796622] krealloc_noprof+0x3f/0x340 [ 11.796644] krealloc_uaf+0x1b8/0x5e0 [ 11.796664] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.796837] ? finish_task_switch.isra.0+0x153/0x700 [ 11.796874] ? __switch_to+0x47/0xf50 [ 11.796902] ? __schedule+0x10cc/0x2b60 [ 11.796924] ? __pfx_read_tsc+0x10/0x10 [ 11.796944] ? ktime_get_ts64+0x86/0x230 [ 11.796968] kunit_try_run_case+0x1a5/0x480 [ 11.796993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.797014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.797036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.797058] ? __kthread_parkme+0x82/0x180 [ 11.797077] ? preempt_count_sub+0x50/0x80 [ 11.797098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.797119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.797139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.797160] kthread+0x337/0x6f0 [ 11.797179] ? trace_preempt_on+0x20/0xc0 [ 11.797232] ? __pfx_kthread+0x10/0x10 [ 11.797292] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.797312] ? calculate_sigpending+0x7b/0xa0 [ 11.797334] ? __pfx_kthread+0x10/0x10 [ 11.797354] ret_from_fork+0x116/0x1d0 [ 11.797371] ? __pfx_kthread+0x10/0x10 [ 11.797390] ret_from_fork_asm+0x1a/0x30 [ 11.797419] </TASK> [ 11.797431] [ 11.812772] Allocated by task 181: [ 11.812946] kasan_save_stack+0x45/0x70 [ 11.813106] kasan_save_track+0x18/0x40 [ 11.813251] kasan_save_alloc_info+0x3b/0x50 [ 11.813540] __kasan_kmalloc+0xb7/0xc0 [ 11.813666] __kmalloc_cache_noprof+0x189/0x420 [ 11.813991] krealloc_uaf+0xbb/0x5e0 [ 11.814352] kunit_try_run_case+0x1a5/0x480 [ 11.814519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.814686] kthread+0x337/0x6f0 [ 11.814803] ret_from_fork+0x116/0x1d0 [ 11.814930] ret_from_fork_asm+0x1a/0x30 [ 11.815327] [ 11.815531] Freed by task 181: [ 11.815832] kasan_save_stack+0x45/0x70 [ 11.816277] kasan_save_track+0x18/0x40 [ 11.816673] kasan_save_free_info+0x3f/0x60 [ 11.817100] __kasan_slab_free+0x56/0x70 [ 11.817452] kfree+0x222/0x3f0 [ 11.817800] krealloc_uaf+0x13d/0x5e0 [ 11.818161] kunit_try_run_case+0x1a5/0x480 [ 11.818616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.819156] kthread+0x337/0x6f0 [ 11.819493] ret_from_fork+0x116/0x1d0 [ 11.819848] ret_from_fork_asm+0x1a/0x30 [ 11.820029] [ 11.820108] The buggy address belongs to the object at ffff888100aa3200 [ 11.820108] which belongs to the cache kmalloc-256 of size 256 [ 11.820537] The buggy address is located 0 bytes inside of [ 11.820537] freed 256-byte region [ffff888100aa3200, ffff888100aa3300) [ 11.821409] [ 11.821582] The buggy address belongs to the physical page: [ 11.821870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2 [ 11.822432] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.823128] flags: 0x200000000000040(head|node=0|zone=2) [ 11.823768] page_type: f5(slab) [ 11.824136] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.824868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.825095] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.825372] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.825631] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff [ 11.825874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.826473] page dumped because: kasan: bad access detected [ 11.826956] [ 11.827159] Memory state around the buggy address: [ 11.827672] ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828478] ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828933] >ffff888100aa3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.829141] ^ [ 11.829297] ffff888100aa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.829528] ffff888100aa3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.829747] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.604552] ================================================================== [ 11.604976] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.605365] Write of size 1 at addr ffff8881003514eb by task kunit_try_catch/175 [ 11.605657] [ 11.605776] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.605824] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.605835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.605855] Call Trace: [ 11.605877] <TASK> [ 11.605897] dump_stack_lvl+0x73/0xb0 [ 11.605927] print_report+0xd1/0x650 [ 11.605949] ? __virt_addr_valid+0x1db/0x2d0 [ 11.605971] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.605993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.606013] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.606035] kasan_report+0x141/0x180 [ 11.606056] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.606083] __asan_report_store1_noabort+0x1b/0x30 [ 11.606102] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.606126] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.606149] ? finish_task_switch.isra.0+0x153/0x700 [ 11.606171] ? __switch_to+0x47/0xf50 [ 11.606195] ? __schedule+0x10cc/0x2b60 [ 11.606215] ? __pfx_read_tsc+0x10/0x10 [ 11.606251] krealloc_less_oob+0x1c/0x30 [ 11.606271] kunit_try_run_case+0x1a5/0x480 [ 11.606295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.606315] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.606338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.606360] ? __kthread_parkme+0x82/0x180 [ 11.606382] ? preempt_count_sub+0x50/0x80 [ 11.606403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.606425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.606445] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.606466] kthread+0x337/0x6f0 [ 11.606484] ? trace_preempt_on+0x20/0xc0 [ 11.606507] ? __pfx_kthread+0x10/0x10 [ 11.606526] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.606545] ? calculate_sigpending+0x7b/0xa0 [ 11.606567] ? __pfx_kthread+0x10/0x10 [ 11.606587] ret_from_fork+0x116/0x1d0 [ 11.606604] ? __pfx_kthread+0x10/0x10 [ 11.606623] ret_from_fork_asm+0x1a/0x30 [ 11.606652] </TASK> [ 11.606662] [ 11.614781] Allocated by task 175: [ 11.615009] kasan_save_stack+0x45/0x70 [ 11.615299] kasan_save_track+0x18/0x40 [ 11.615464] kasan_save_alloc_info+0x3b/0x50 [ 11.615616] __kasan_krealloc+0x190/0x1f0 [ 11.615770] krealloc_noprof+0xf3/0x340 [ 11.615971] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.616270] krealloc_less_oob+0x1c/0x30 [ 11.616474] kunit_try_run_case+0x1a5/0x480 [ 11.616685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.616911] kthread+0x337/0x6f0 [ 11.617043] ret_from_fork+0x116/0x1d0 [ 11.617174] ret_from_fork_asm+0x1a/0x30 [ 11.617327] [ 11.617401] The buggy address belongs to the object at ffff888100351400 [ 11.617401] which belongs to the cache kmalloc-256 of size 256 [ 11.617757] The buggy address is located 34 bytes to the right of [ 11.617757] allocated 201-byte region [ffff888100351400, ffff8881003514c9) [ 11.619199] [ 11.619450] The buggy address belongs to the physical page: [ 11.619724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.620083] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.620425] flags: 0x200000000000040(head|node=0|zone=2) [ 11.620682] page_type: f5(slab) [ 11.620861] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.621174] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.621580] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.621995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.622804] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.623286] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.624337] page dumped because: kasan: bad access detected [ 11.624987] [ 11.625150] Memory state around the buggy address: [ 11.625327] ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.625544] ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.625757] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.626016] ^ [ 11.626302] ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.626575] ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.626859] ================================================================== [ 11.719455] ================================================================== [ 11.719848] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.720296] Write of size 1 at addr ffff888102a460da by task kunit_try_catch/179 [ 11.720558] [ 11.720710] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.720814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.720836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.720857] Call Trace: [ 11.720879] <TASK> [ 11.720900] dump_stack_lvl+0x73/0xb0 [ 11.720935] print_report+0xd1/0x650 [ 11.720960] ? __virt_addr_valid+0x1db/0x2d0 [ 11.720984] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.721008] ? kasan_addr_to_slab+0x11/0xa0 [ 11.721029] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.721053] kasan_report+0x141/0x180 [ 11.721076] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.721104] __asan_report_store1_noabort+0x1b/0x30 [ 11.721125] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.721151] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.721175] ? finish_task_switch.isra.0+0x153/0x700 [ 11.721198] ? __switch_to+0x47/0xf50 [ 11.721304] ? __schedule+0x10cc/0x2b60 [ 11.721329] ? __pfx_read_tsc+0x10/0x10 [ 11.721438] krealloc_large_less_oob+0x1c/0x30 [ 11.721463] kunit_try_run_case+0x1a5/0x480 [ 11.721488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.721523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.721548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.721571] ? __kthread_parkme+0x82/0x180 [ 11.721605] ? preempt_count_sub+0x50/0x80 [ 11.721628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.721652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.721689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.721712] kthread+0x337/0x6f0 [ 11.721734] ? trace_preempt_on+0x20/0xc0 [ 11.721770] ? __pfx_kthread+0x10/0x10 [ 11.721791] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.721812] ? calculate_sigpending+0x7b/0xa0 [ 11.721874] ? __pfx_kthread+0x10/0x10 [ 11.721907] ret_from_fork+0x116/0x1d0 [ 11.721926] ? __pfx_kthread+0x10/0x10 [ 11.721947] ret_from_fork_asm+0x1a/0x30 [ 11.721979] </TASK> [ 11.721991] [ 11.729926] The buggy address belongs to the physical page: [ 11.730243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.730611] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.730839] flags: 0x200000000000040(head|node=0|zone=2) [ 11.731160] page_type: f8(unknown) [ 11.731516] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.731760] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.732001] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.732248] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.732648] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.733018] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.733541] page dumped because: kasan: bad access detected [ 11.733795] [ 11.733867] Memory state around the buggy address: [ 11.734026] ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.734254] ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.734470] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.734904] ^ [ 11.735184] ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.735512] ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.735827] ================================================================== [ 11.560688] ================================================================== [ 11.561015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.561812] Write of size 1 at addr ffff8881003514da by task kunit_try_catch/175 [ 11.562162] [ 11.562448] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.562499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.562511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.562532] Call Trace: [ 11.562554] <TASK> [ 11.562573] dump_stack_lvl+0x73/0xb0 [ 11.562608] print_report+0xd1/0x650 [ 11.562631] ? __virt_addr_valid+0x1db/0x2d0 [ 11.562653] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.562676] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.562697] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.562719] kasan_report+0x141/0x180 [ 11.562739] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.562766] __asan_report_store1_noabort+0x1b/0x30 [ 11.562785] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.562808] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.562831] ? finish_task_switch.isra.0+0x153/0x700 [ 11.562852] ? __switch_to+0x47/0xf50 [ 11.562876] ? __schedule+0x10cc/0x2b60 [ 11.562897] ? __pfx_read_tsc+0x10/0x10 [ 11.562919] krealloc_less_oob+0x1c/0x30 [ 11.562939] kunit_try_run_case+0x1a5/0x480 [ 11.562963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.562983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.563006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.563027] ? __kthread_parkme+0x82/0x180 [ 11.563046] ? preempt_count_sub+0x50/0x80 [ 11.563067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.563088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.563109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.563130] kthread+0x337/0x6f0 [ 11.563148] ? trace_preempt_on+0x20/0xc0 [ 11.563170] ? __pfx_kthread+0x10/0x10 [ 11.563189] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.563208] ? calculate_sigpending+0x7b/0xa0 [ 11.563245] ? __pfx_kthread+0x10/0x10 [ 11.563282] ret_from_fork+0x116/0x1d0 [ 11.563300] ? __pfx_kthread+0x10/0x10 [ 11.563318] ret_from_fork_asm+0x1a/0x30 [ 11.563348] </TASK> [ 11.563359] [ 11.571346] Allocated by task 175: [ 11.571565] kasan_save_stack+0x45/0x70 [ 11.571783] kasan_save_track+0x18/0x40 [ 11.571916] kasan_save_alloc_info+0x3b/0x50 [ 11.572073] __kasan_krealloc+0x190/0x1f0 [ 11.572395] krealloc_noprof+0xf3/0x340 [ 11.572681] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.572924] krealloc_less_oob+0x1c/0x30 [ 11.573117] kunit_try_run_case+0x1a5/0x480 [ 11.573276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.573452] kthread+0x337/0x6f0 [ 11.573574] ret_from_fork+0x116/0x1d0 [ 11.573716] ret_from_fork_asm+0x1a/0x30 [ 11.573909] [ 11.574005] The buggy address belongs to the object at ffff888100351400 [ 11.574005] which belongs to the cache kmalloc-256 of size 256 [ 11.574739] The buggy address is located 17 bytes to the right of [ 11.574739] allocated 201-byte region [ffff888100351400, ffff8881003514c9) [ 11.575512] [ 11.575592] The buggy address belongs to the physical page: [ 11.575775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.576070] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.576620] flags: 0x200000000000040(head|node=0|zone=2) [ 11.576892] page_type: f5(slab) [ 11.577076] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.577512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.577805] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.578127] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.578483] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.578802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.579104] page dumped because: kasan: bad access detected [ 11.579844] [ 11.579976] Memory state around the buggy address: [ 11.580174] ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.580414] ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.580629] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.581323] ^ [ 11.581602] ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.581899] ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.582194] ================================================================== [ 11.582843] ================================================================== [ 11.583128] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.583635] Write of size 1 at addr ffff8881003514ea by task kunit_try_catch/175 [ 11.583928] [ 11.584045] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.584092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.584103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.584124] Call Trace: [ 11.584146] <TASK> [ 11.584165] dump_stack_lvl+0x73/0xb0 [ 11.584194] print_report+0xd1/0x650 [ 11.584216] ? __virt_addr_valid+0x1db/0x2d0 [ 11.584252] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.584274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.584295] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.584317] kasan_report+0x141/0x180 [ 11.584337] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.584364] __asan_report_store1_noabort+0x1b/0x30 [ 11.584383] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.584407] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.584429] ? finish_task_switch.isra.0+0x153/0x700 [ 11.584450] ? __switch_to+0x47/0xf50 [ 11.584474] ? __schedule+0x10cc/0x2b60 [ 11.584495] ? __pfx_read_tsc+0x10/0x10 [ 11.584518] krealloc_less_oob+0x1c/0x30 [ 11.584538] kunit_try_run_case+0x1a5/0x480 [ 11.584561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.584582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.584603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.584624] ? __kthread_parkme+0x82/0x180 [ 11.584643] ? preempt_count_sub+0x50/0x80 [ 11.584664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.584686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.584706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.584728] kthread+0x337/0x6f0 [ 11.584746] ? trace_preempt_on+0x20/0xc0 [ 11.584767] ? __pfx_kthread+0x10/0x10 [ 11.584796] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.584816] ? calculate_sigpending+0x7b/0xa0 [ 11.584839] ? __pfx_kthread+0x10/0x10 [ 11.584858] ret_from_fork+0x116/0x1d0 [ 11.584875] ? __pfx_kthread+0x10/0x10 [ 11.584894] ret_from_fork_asm+0x1a/0x30 [ 11.584923] </TASK> [ 11.584933] [ 11.592848] Allocated by task 175: [ 11.593007] kasan_save_stack+0x45/0x70 [ 11.593163] kasan_save_track+0x18/0x40 [ 11.593347] kasan_save_alloc_info+0x3b/0x50 [ 11.593559] __kasan_krealloc+0x190/0x1f0 [ 11.593760] krealloc_noprof+0xf3/0x340 [ 11.593996] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.594934] krealloc_less_oob+0x1c/0x30 [ 11.595167] kunit_try_run_case+0x1a5/0x480 [ 11.595478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.595717] kthread+0x337/0x6f0 [ 11.595871] ret_from_fork+0x116/0x1d0 [ 11.596034] ret_from_fork_asm+0x1a/0x30 [ 11.596190] [ 11.596276] The buggy address belongs to the object at ffff888100351400 [ 11.596276] which belongs to the cache kmalloc-256 of size 256 [ 11.596639] The buggy address is located 33 bytes to the right of [ 11.596639] allocated 201-byte region [ffff888100351400, ffff8881003514c9) [ 11.597263] [ 11.597360] The buggy address belongs to the physical page: [ 11.597622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.598318] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.598706] flags: 0x200000000000040(head|node=0|zone=2) [ 11.598958] page_type: f5(slab) [ 11.599109] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.599510] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.599769] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.599999] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.600306] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.600645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.601002] page dumped because: kasan: bad access detected [ 11.601424] [ 11.601521] Memory state around the buggy address: [ 11.601681] ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.601894] ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.602108] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.602331] ^ [ 11.602728] ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.603052] ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.603404] ================================================================== [ 11.736319] ================================================================== [ 11.736655] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.736947] Write of size 1 at addr ffff888102a460ea by task kunit_try_catch/179 [ 11.737176] [ 11.737385] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.737431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.737442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.737463] Call Trace: [ 11.737486] <TASK> [ 11.737506] dump_stack_lvl+0x73/0xb0 [ 11.737538] print_report+0xd1/0x650 [ 11.737563] ? __virt_addr_valid+0x1db/0x2d0 [ 11.737587] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.737611] ? kasan_addr_to_slab+0x11/0xa0 [ 11.737681] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.737719] kasan_report+0x141/0x180 [ 11.737754] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.737811] __asan_report_store1_noabort+0x1b/0x30 [ 11.737832] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.737894] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.737930] ? finish_task_switch.isra.0+0x153/0x700 [ 11.737991] ? __switch_to+0x47/0xf50 [ 11.738018] ? __schedule+0x10cc/0x2b60 [ 11.738041] ? __pfx_read_tsc+0x10/0x10 [ 11.738077] krealloc_large_less_oob+0x1c/0x30 [ 11.738100] kunit_try_run_case+0x1a5/0x480 [ 11.738126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.738148] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.738172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.738195] ? __kthread_parkme+0x82/0x180 [ 11.738244] ? preempt_count_sub+0x50/0x80 [ 11.738268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.738292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.738315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.738338] kthread+0x337/0x6f0 [ 11.738359] ? trace_preempt_on+0x20/0xc0 [ 11.738383] ? __pfx_kthread+0x10/0x10 [ 11.738405] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.738426] ? calculate_sigpending+0x7b/0xa0 [ 11.738451] ? __pfx_kthread+0x10/0x10 [ 11.738473] ret_from_fork+0x116/0x1d0 [ 11.738492] ? __pfx_kthread+0x10/0x10 [ 11.738513] ret_from_fork_asm+0x1a/0x30 [ 11.738544] </TASK> [ 11.738557] [ 11.747095] The buggy address belongs to the physical page: [ 11.747481] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.747744] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.748252] flags: 0x200000000000040(head|node=0|zone=2) [ 11.748632] page_type: f8(unknown) [ 11.748899] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.749337] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.749744] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.750034] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.750434] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.751794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.753348] page dumped because: kasan: bad access detected [ 11.753784] [ 11.753888] Memory state around the buggy address: [ 11.754066] ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.754795] ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.755119] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.755791] ^ [ 11.756612] ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.757098] ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.757711] ================================================================== [ 11.539591] ================================================================== [ 11.539934] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.540325] Write of size 1 at addr ffff8881003514d0 by task kunit_try_catch/175 [ 11.540551] [ 11.540644] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.540690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.540701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.540723] Call Trace: [ 11.540736] <TASK> [ 11.540756] dump_stack_lvl+0x73/0xb0 [ 11.540795] print_report+0xd1/0x650 [ 11.540817] ? __virt_addr_valid+0x1db/0x2d0 [ 11.540839] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.540861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.540881] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.540904] kasan_report+0x141/0x180 [ 11.540924] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.540951] __asan_report_store1_noabort+0x1b/0x30 [ 11.540969] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.540994] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.541016] ? finish_task_switch.isra.0+0x153/0x700 [ 11.541037] ? __switch_to+0x47/0xf50 [ 11.541061] ? __schedule+0x10cc/0x2b60 [ 11.541082] ? __pfx_read_tsc+0x10/0x10 [ 11.541105] krealloc_less_oob+0x1c/0x30 [ 11.541125] kunit_try_run_case+0x1a5/0x480 [ 11.541148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.541169] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.541191] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.541213] ? __kthread_parkme+0x82/0x180 [ 11.541245] ? preempt_count_sub+0x50/0x80 [ 11.541266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.541287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.541308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.541349] kthread+0x337/0x6f0 [ 11.541368] ? trace_preempt_on+0x20/0xc0 [ 11.541391] ? __pfx_kthread+0x10/0x10 [ 11.541410] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.541430] ? calculate_sigpending+0x7b/0xa0 [ 11.541452] ? __pfx_kthread+0x10/0x10 [ 11.541472] ret_from_fork+0x116/0x1d0 [ 11.541489] ? __pfx_kthread+0x10/0x10 [ 11.541508] ret_from_fork_asm+0x1a/0x30 [ 11.541537] </TASK> [ 11.541549] [ 11.549277] Allocated by task 175: [ 11.549509] kasan_save_stack+0x45/0x70 [ 11.549728] kasan_save_track+0x18/0x40 [ 11.549919] kasan_save_alloc_info+0x3b/0x50 [ 11.550094] __kasan_krealloc+0x190/0x1f0 [ 11.550290] krealloc_noprof+0xf3/0x340 [ 11.550460] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.550621] krealloc_less_oob+0x1c/0x30 [ 11.550758] kunit_try_run_case+0x1a5/0x480 [ 11.551029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.551293] kthread+0x337/0x6f0 [ 11.551464] ret_from_fork+0x116/0x1d0 [ 11.551663] ret_from_fork_asm+0x1a/0x30 [ 11.552289] [ 11.552375] The buggy address belongs to the object at ffff888100351400 [ 11.552375] which belongs to the cache kmalloc-256 of size 256 [ 11.552904] The buggy address is located 7 bytes to the right of [ 11.552904] allocated 201-byte region [ffff888100351400, ffff8881003514c9) [ 11.553509] [ 11.553602] The buggy address belongs to the physical page: [ 11.553827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.554173] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.554546] flags: 0x200000000000040(head|node=0|zone=2) [ 11.554750] page_type: f5(slab) [ 11.554923] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.555186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.555429] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.555659] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.555943] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.556505] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.556851] page dumped because: kasan: bad access detected [ 11.557103] [ 11.557196] Memory state around the buggy address: [ 11.557953] ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.558273] ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.558596] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.558908] ^ [ 11.559124] ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.559644] ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.559930] ================================================================== [ 11.507410] ================================================================== [ 11.508135] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.509157] Write of size 1 at addr ffff8881003514c9 by task kunit_try_catch/175 [ 11.510059] [ 11.510171] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.510235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.510247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.510270] Call Trace: [ 11.510285] <TASK> [ 11.510305] dump_stack_lvl+0x73/0xb0 [ 11.510345] print_report+0xd1/0x650 [ 11.510369] ? __virt_addr_valid+0x1db/0x2d0 [ 11.510393] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.510416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.510437] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.510460] kasan_report+0x141/0x180 [ 11.510481] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.510508] __asan_report_store1_noabort+0x1b/0x30 [ 11.510527] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.510552] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.510575] ? finish_task_switch.isra.0+0x153/0x700 [ 11.510598] ? __switch_to+0x47/0xf50 [ 11.510623] ? __schedule+0x10cc/0x2b60 [ 11.510644] ? __pfx_read_tsc+0x10/0x10 [ 11.510668] krealloc_less_oob+0x1c/0x30 [ 11.510688] kunit_try_run_case+0x1a5/0x480 [ 11.510713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.510734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.510757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.510779] ? __kthread_parkme+0x82/0x180 [ 11.510799] ? preempt_count_sub+0x50/0x80 [ 11.510820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.510845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.510869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.510893] kthread+0x337/0x6f0 [ 11.510912] ? trace_preempt_on+0x20/0xc0 [ 11.510935] ? __pfx_kthread+0x10/0x10 [ 11.510955] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.510975] ? calculate_sigpending+0x7b/0xa0 [ 11.510999] ? __pfx_kthread+0x10/0x10 [ 11.511020] ret_from_fork+0x116/0x1d0 [ 11.511037] ? __pfx_kthread+0x10/0x10 [ 11.511056] ret_from_fork_asm+0x1a/0x30 [ 11.511086] </TASK> [ 11.511097] [ 11.525746] Allocated by task 175: [ 11.526342] kasan_save_stack+0x45/0x70 [ 11.527041] kasan_save_track+0x18/0x40 [ 11.527538] kasan_save_alloc_info+0x3b/0x50 [ 11.528442] __kasan_krealloc+0x190/0x1f0 [ 11.528852] krealloc_noprof+0xf3/0x340 [ 11.529027] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.529337] krealloc_less_oob+0x1c/0x30 [ 11.529582] kunit_try_run_case+0x1a5/0x480 [ 11.529766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.529963] kthread+0x337/0x6f0 [ 11.530136] ret_from_fork+0x116/0x1d0 [ 11.530349] ret_from_fork_asm+0x1a/0x30 [ 11.530592] [ 11.530675] The buggy address belongs to the object at ffff888100351400 [ 11.530675] which belongs to the cache kmalloc-256 of size 256 [ 11.531172] The buggy address is located 0 bytes to the right of [ 11.531172] allocated 201-byte region [ffff888100351400, ffff8881003514c9) [ 11.532008] [ 11.532114] The buggy address belongs to the physical page: [ 11.532522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.532875] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.533199] flags: 0x200000000000040(head|node=0|zone=2) [ 11.533416] page_type: f5(slab) [ 11.533763] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.534068] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.534526] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.534847] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.535187] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.535578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.535857] page dumped because: kasan: bad access detected [ 11.536114] [ 11.536207] Memory state around the buggy address: [ 11.536433] ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.536740] ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.537042] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.537279] ^ [ 11.537556] ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.538335] ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.538862] ================================================================== [ 11.674134] ================================================================== [ 11.675294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.676888] Write of size 1 at addr ffff888102a460c9 by task kunit_try_catch/179 [ 11.677139] [ 11.677268] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.677321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.677333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.677412] Call Trace: [ 11.677430] <TASK> [ 11.677505] dump_stack_lvl+0x73/0xb0 [ 11.677551] print_report+0xd1/0x650 [ 11.677813] ? __virt_addr_valid+0x1db/0x2d0 [ 11.677844] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.677922] ? kasan_addr_to_slab+0x11/0xa0 [ 11.677946] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.677971] kasan_report+0x141/0x180 [ 11.678051] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.678080] __asan_report_store1_noabort+0x1b/0x30 [ 11.678396] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.678430] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.678455] ? finish_task_switch.isra.0+0x153/0x700 [ 11.678481] ? __switch_to+0x47/0xf50 [ 11.678510] ? __schedule+0x10cc/0x2b60 [ 11.678535] ? __pfx_read_tsc+0x10/0x10 [ 11.678561] krealloc_large_less_oob+0x1c/0x30 [ 11.678584] kunit_try_run_case+0x1a5/0x480 [ 11.678613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.678639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.678664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.678687] ? __kthread_parkme+0x82/0x180 [ 11.678709] ? preempt_count_sub+0x50/0x80 [ 11.678732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.678756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.678779] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.678802] kthread+0x337/0x6f0 [ 11.678822] ? trace_preempt_on+0x20/0xc0 [ 11.678846] ? __pfx_kthread+0x10/0x10 [ 11.678867] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.678888] ? calculate_sigpending+0x7b/0xa0 [ 11.678914] ? __pfx_kthread+0x10/0x10 [ 11.678935] ret_from_fork+0x116/0x1d0 [ 11.678954] ? __pfx_kthread+0x10/0x10 [ 11.678975] ret_from_fork_asm+0x1a/0x30 [ 11.679008] </TASK> [ 11.679022] [ 11.689664] The buggy address belongs to the physical page: [ 11.689942] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.690790] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.691585] flags: 0x200000000000040(head|node=0|zone=2) [ 11.692092] page_type: f8(unknown) [ 11.692502] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.692893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.693609] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.694080] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.694905] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.695422] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.695902] page dumped because: kasan: bad access detected [ 11.696138] [ 11.696492] Memory state around the buggy address: [ 11.696808] ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.697424] ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.698100] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.698706] ^ [ 11.699181] ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.699671] ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.699979] ================================================================== [ 11.759000] ================================================================== [ 11.759602] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.759955] Write of size 1 at addr ffff888102a460eb by task kunit_try_catch/179 [ 11.761200] [ 11.761544] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.761686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.761700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.761722] Call Trace: [ 11.761747] <TASK> [ 11.761770] dump_stack_lvl+0x73/0xb0 [ 11.761813] print_report+0xd1/0x650 [ 11.761839] ? __virt_addr_valid+0x1db/0x2d0 [ 11.761863] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.761889] ? kasan_addr_to_slab+0x11/0xa0 [ 11.761909] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.761934] kasan_report+0x141/0x180 [ 11.761956] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.761984] __asan_report_store1_noabort+0x1b/0x30 [ 11.762005] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.762031] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.762055] ? finish_task_switch.isra.0+0x153/0x700 [ 11.762078] ? __switch_to+0x47/0xf50 [ 11.762104] ? __schedule+0x10cc/0x2b60 [ 11.762127] ? __pfx_read_tsc+0x10/0x10 [ 11.762152] krealloc_large_less_oob+0x1c/0x30 [ 11.762175] kunit_try_run_case+0x1a5/0x480 [ 11.762251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.762290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.762315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.762338] ? __kthread_parkme+0x82/0x180 [ 11.762359] ? preempt_count_sub+0x50/0x80 [ 11.762383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.762407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.762430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.762453] kthread+0x337/0x6f0 [ 11.762473] ? trace_preempt_on+0x20/0xc0 [ 11.762499] ? __pfx_kthread+0x10/0x10 [ 11.762523] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.762546] ? calculate_sigpending+0x7b/0xa0 [ 11.762571] ? __pfx_kthread+0x10/0x10 [ 11.762592] ret_from_fork+0x116/0x1d0 [ 11.762612] ? __pfx_kthread+0x10/0x10 [ 11.762633] ret_from_fork_asm+0x1a/0x30 [ 11.762666] </TASK> [ 11.762679] [ 11.775333] The buggy address belongs to the physical page: [ 11.775882] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.776144] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.778033] flags: 0x200000000000040(head|node=0|zone=2) [ 11.778273] page_type: f8(unknown) [ 11.778409] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.778643] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.778874] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.779107] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.779788] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.781077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.782474] page dumped because: kasan: bad access detected [ 11.783097] [ 11.783378] Memory state around the buggy address: [ 11.784009] ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.784845] ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.785664] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.786178] ^ [ 11.787305] ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.787954] ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.788172] ================================================================== [ 11.700961] ================================================================== [ 11.701831] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.702431] Write of size 1 at addr ffff888102a460d0 by task kunit_try_catch/179 [ 11.702967] [ 11.703092] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.703141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.703152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.703176] Call Trace: [ 11.703202] <TASK> [ 11.703237] dump_stack_lvl+0x73/0xb0 [ 11.703276] print_report+0xd1/0x650 [ 11.703302] ? __virt_addr_valid+0x1db/0x2d0 [ 11.703326] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.703350] ? kasan_addr_to_slab+0x11/0xa0 [ 11.703371] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.703395] kasan_report+0x141/0x180 [ 11.703418] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.703446] __asan_report_store1_noabort+0x1b/0x30 [ 11.703467] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.703493] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.703517] ? finish_task_switch.isra.0+0x153/0x700 [ 11.703540] ? __switch_to+0x47/0xf50 [ 11.703606] ? __schedule+0x10cc/0x2b60 [ 11.703631] ? __pfx_read_tsc+0x10/0x10 [ 11.703656] krealloc_large_less_oob+0x1c/0x30 [ 11.703692] kunit_try_run_case+0x1a5/0x480 [ 11.703717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.703739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.703765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.703788] ? __kthread_parkme+0x82/0x180 [ 11.703810] ? preempt_count_sub+0x50/0x80 [ 11.703833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.703856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.703879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.703902] kthread+0x337/0x6f0 [ 11.703922] ? trace_preempt_on+0x20/0xc0 [ 11.703946] ? __pfx_kthread+0x10/0x10 [ 11.703967] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.703988] ? calculate_sigpending+0x7b/0xa0 [ 11.704013] ? __pfx_kthread+0x10/0x10 [ 11.704035] ret_from_fork+0x116/0x1d0 [ 11.704053] ? __pfx_kthread+0x10/0x10 [ 11.704074] ret_from_fork_asm+0x1a/0x30 [ 11.704106] </TASK> [ 11.704118] [ 11.712315] The buggy address belongs to the physical page: [ 11.712709] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.713125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.713635] flags: 0x200000000000040(head|node=0|zone=2) [ 11.713913] page_type: f8(unknown) [ 11.714048] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.714292] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.714573] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.715284] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.715635] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.715995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.716233] page dumped because: kasan: bad access detected [ 11.716742] [ 11.716896] Memory state around the buggy address: [ 11.717062] ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.717338] ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.717678] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.717981] ^ [ 11.718382] ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.718604] ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.718815] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.630500] ================================================================== [ 11.630977] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.631338] Write of size 1 at addr ffff8881027420eb by task kunit_try_catch/177 [ 11.631840] [ 11.631965] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.632015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.632027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.632049] Call Trace: [ 11.632064] <TASK> [ 11.632083] dump_stack_lvl+0x73/0xb0 [ 11.632116] print_report+0xd1/0x650 [ 11.632140] ? __virt_addr_valid+0x1db/0x2d0 [ 11.632161] ? krealloc_more_oob_helper+0x821/0x930 [ 11.632184] ? kasan_addr_to_slab+0x11/0xa0 [ 11.632203] ? krealloc_more_oob_helper+0x821/0x930 [ 11.632238] kasan_report+0x141/0x180 [ 11.632259] ? krealloc_more_oob_helper+0x821/0x930 [ 11.632286] __asan_report_store1_noabort+0x1b/0x30 [ 11.632305] krealloc_more_oob_helper+0x821/0x930 [ 11.632326] ? __schedule+0x10cc/0x2b60 [ 11.632347] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.632369] ? finish_task_switch.isra.0+0x153/0x700 [ 11.632391] ? __switch_to+0x47/0xf50 [ 11.632415] ? __schedule+0x10cc/0x2b60 [ 11.632434] ? __pfx_read_tsc+0x10/0x10 [ 11.632457] krealloc_large_more_oob+0x1c/0x30 [ 11.632478] kunit_try_run_case+0x1a5/0x480 [ 11.632503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.632524] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.632547] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.632569] ? __kthread_parkme+0x82/0x180 [ 11.632590] ? preempt_count_sub+0x50/0x80 [ 11.632611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.632633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.632655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.632676] kthread+0x337/0x6f0 [ 11.632694] ? trace_preempt_on+0x20/0xc0 [ 11.632717] ? __pfx_kthread+0x10/0x10 [ 11.632736] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.632755] ? calculate_sigpending+0x7b/0xa0 [ 11.632778] ? __pfx_kthread+0x10/0x10 [ 11.632805] ret_from_fork+0x116/0x1d0 [ 11.632822] ? __pfx_kthread+0x10/0x10 [ 11.632841] ret_from_fork_asm+0x1a/0x30 [ 11.632871] </TASK> [ 11.632882] [ 11.645000] The buggy address belongs to the physical page: [ 11.645349] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102740 [ 11.645694] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.646010] flags: 0x200000000000040(head|node=0|zone=2) [ 11.646255] page_type: f8(unknown) [ 11.646771] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.647080] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.647525] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.647875] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.648444] head: 0200000000000002 ffffea000409d001 00000000ffffffff 00000000ffffffff [ 11.648766] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.649095] page dumped because: kasan: bad access detected [ 11.649574] [ 11.649663] Memory state around the buggy address: [ 11.649946] ffff888102741f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.650722] ffff888102742000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.651136] >ffff888102742080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.651541] ^ [ 11.652000] ffff888102742100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.652592] ffff888102742180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.652997] ================================================================== [ 11.449990] ================================================================== [ 11.451157] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.451833] Write of size 1 at addr ffff888100aa30eb by task kunit_try_catch/173 [ 11.452140] [ 11.452255] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.452308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.452320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.452345] Call Trace: [ 11.452361] <TASK> [ 11.452381] dump_stack_lvl+0x73/0xb0 [ 11.452418] print_report+0xd1/0x650 [ 11.452441] ? __virt_addr_valid+0x1db/0x2d0 [ 11.452465] ? krealloc_more_oob_helper+0x821/0x930 [ 11.452487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.452509] ? krealloc_more_oob_helper+0x821/0x930 [ 11.452532] kasan_report+0x141/0x180 [ 11.452553] ? krealloc_more_oob_helper+0x821/0x930 [ 11.452580] __asan_report_store1_noabort+0x1b/0x30 [ 11.452599] krealloc_more_oob_helper+0x821/0x930 [ 11.452620] ? __schedule+0x10cc/0x2b60 [ 11.452641] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.452664] ? finish_task_switch.isra.0+0x153/0x700 [ 11.452686] ? __switch_to+0x47/0xf50 [ 11.452711] ? __schedule+0x10cc/0x2b60 [ 11.452731] ? __pfx_read_tsc+0x10/0x10 [ 11.452755] krealloc_more_oob+0x1c/0x30 [ 11.452775] kunit_try_run_case+0x1a5/0x480 [ 11.452809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.452829] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.452852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.452890] ? __kthread_parkme+0x82/0x180 [ 11.452911] ? preempt_count_sub+0x50/0x80 [ 11.452952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.452975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.452996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.453019] kthread+0x337/0x6f0 [ 11.453037] ? trace_preempt_on+0x20/0xc0 [ 11.453059] ? __pfx_kthread+0x10/0x10 [ 11.453078] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.453098] ? calculate_sigpending+0x7b/0xa0 [ 11.453121] ? __pfx_kthread+0x10/0x10 [ 11.453141] ret_from_fork+0x116/0x1d0 [ 11.453159] ? __pfx_kthread+0x10/0x10 [ 11.453178] ret_from_fork_asm+0x1a/0x30 [ 11.453208] </TASK> [ 11.453230] [ 11.464063] Allocated by task 173: [ 11.464531] kasan_save_stack+0x45/0x70 [ 11.464762] kasan_save_track+0x18/0x40 [ 11.464957] kasan_save_alloc_info+0x3b/0x50 [ 11.465153] __kasan_krealloc+0x190/0x1f0 [ 11.465865] krealloc_noprof+0xf3/0x340 [ 11.466128] krealloc_more_oob_helper+0x1a9/0x930 [ 11.466780] krealloc_more_oob+0x1c/0x30 [ 11.467046] kunit_try_run_case+0x1a5/0x480 [ 11.467533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.467910] kthread+0x337/0x6f0 [ 11.468076] ret_from_fork+0x116/0x1d0 [ 11.468580] ret_from_fork_asm+0x1a/0x30 [ 11.468858] [ 11.468957] The buggy address belongs to the object at ffff888100aa3000 [ 11.468957] which belongs to the cache kmalloc-256 of size 256 [ 11.469897] The buggy address is located 0 bytes to the right of [ 11.469897] allocated 235-byte region [ffff888100aa3000, ffff888100aa30eb) [ 11.470678] [ 11.470783] The buggy address belongs to the physical page: [ 11.471029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2 [ 11.471867] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.472166] flags: 0x200000000000040(head|node=0|zone=2) [ 11.472675] page_type: f5(slab) [ 11.472859] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.473171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.473851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.474170] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.474508] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff [ 11.474857] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.475131] page dumped because: kasan: bad access detected [ 11.475482] [ 11.475559] Memory state around the buggy address: [ 11.475837] ffff888100aa2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.476118] ffff888100aa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.476498] >ffff888100aa3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.476795] ^ [ 11.477138] ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.477707] ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.478002] ================================================================== [ 11.653738] ================================================================== [ 11.654011] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.654303] Write of size 1 at addr ffff8881027420f0 by task kunit_try_catch/177 [ 11.654630] [ 11.654743] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.654790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.654802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.654823] Call Trace: [ 11.654845] <TASK> [ 11.654864] dump_stack_lvl+0x73/0xb0 [ 11.654895] print_report+0xd1/0x650 [ 11.654916] ? __virt_addr_valid+0x1db/0x2d0 [ 11.654938] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.654959] ? kasan_addr_to_slab+0x11/0xa0 [ 11.654978] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.655000] kasan_report+0x141/0x180 [ 11.655020] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.655047] __asan_report_store1_noabort+0x1b/0x30 [ 11.655066] krealloc_more_oob_helper+0x7eb/0x930 [ 11.655087] ? __schedule+0x10cc/0x2b60 [ 11.655108] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.655130] ? finish_task_switch.isra.0+0x153/0x700 [ 11.655151] ? __switch_to+0x47/0xf50 [ 11.655175] ? __schedule+0x10cc/0x2b60 [ 11.655195] ? __pfx_read_tsc+0x10/0x10 [ 11.655733] krealloc_large_more_oob+0x1c/0x30 [ 11.655776] kunit_try_run_case+0x1a5/0x480 [ 11.655801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.655822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.655845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.655866] ? __kthread_parkme+0x82/0x180 [ 11.655886] ? preempt_count_sub+0x50/0x80 [ 11.655908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.655929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.655950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.655971] kthread+0x337/0x6f0 [ 11.655989] ? trace_preempt_on+0x20/0xc0 [ 11.656012] ? __pfx_kthread+0x10/0x10 [ 11.656031] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.656051] ? calculate_sigpending+0x7b/0xa0 [ 11.656074] ? __pfx_kthread+0x10/0x10 [ 11.656094] ret_from_fork+0x116/0x1d0 [ 11.656112] ? __pfx_kthread+0x10/0x10 [ 11.656131] ret_from_fork_asm+0x1a/0x30 [ 11.656160] </TASK> [ 11.656171] [ 11.664293] The buggy address belongs to the physical page: [ 11.664591] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102740 [ 11.664894] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.665279] flags: 0x200000000000040(head|node=0|zone=2) [ 11.665529] page_type: f8(unknown) [ 11.665675] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.665977] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.666352] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.666580] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.666871] head: 0200000000000002 ffffea000409d001 00000000ffffffff 00000000ffffffff [ 11.667532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.667853] page dumped because: kasan: bad access detected [ 11.668091] [ 11.668262] Memory state around the buggy address: [ 11.668465] ffff888102741f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.668680] ffff888102742000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.668984] >ffff888102742080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.669316] ^ [ 11.669599] ffff888102742100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.669843] ffff888102742180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.670080] ================================================================== [ 11.478765] ================================================================== [ 11.479023] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.479720] Write of size 1 at addr ffff888100aa30f0 by task kunit_try_catch/173 [ 11.480022] [ 11.480156] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.480205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.480230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.480253] Call Trace: [ 11.480274] <TASK> [ 11.480293] dump_stack_lvl+0x73/0xb0 [ 11.480328] print_report+0xd1/0x650 [ 11.480352] ? __virt_addr_valid+0x1db/0x2d0 [ 11.480373] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.480396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.480417] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.480440] kasan_report+0x141/0x180 [ 11.480533] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.480562] __asan_report_store1_noabort+0x1b/0x30 [ 11.480605] krealloc_more_oob_helper+0x7eb/0x930 [ 11.480626] ? __schedule+0x10cc/0x2b60 [ 11.480648] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.480684] ? finish_task_switch.isra.0+0x153/0x700 [ 11.480707] ? __switch_to+0x47/0xf50 [ 11.480732] ? __schedule+0x10cc/0x2b60 [ 11.480751] ? __pfx_read_tsc+0x10/0x10 [ 11.480776] krealloc_more_oob+0x1c/0x30 [ 11.480808] kunit_try_run_case+0x1a5/0x480 [ 11.480833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.480854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.480876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.480897] ? __kthread_parkme+0x82/0x180 [ 11.480916] ? preempt_count_sub+0x50/0x80 [ 11.480937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.480959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.480980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.481018] kthread+0x337/0x6f0 [ 11.481037] ? trace_preempt_on+0x20/0xc0 [ 11.481059] ? __pfx_kthread+0x10/0x10 [ 11.481078] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.481097] ? calculate_sigpending+0x7b/0xa0 [ 11.481120] ? __pfx_kthread+0x10/0x10 [ 11.481141] ret_from_fork+0x116/0x1d0 [ 11.481158] ? __pfx_kthread+0x10/0x10 [ 11.481177] ret_from_fork_asm+0x1a/0x30 [ 11.481664] </TASK> [ 11.481685] [ 11.491202] Allocated by task 173: [ 11.491382] kasan_save_stack+0x45/0x70 [ 11.491668] kasan_save_track+0x18/0x40 [ 11.492073] kasan_save_alloc_info+0x3b/0x50 [ 11.492305] __kasan_krealloc+0x190/0x1f0 [ 11.492651] krealloc_noprof+0xf3/0x340 [ 11.492808] krealloc_more_oob_helper+0x1a9/0x930 [ 11.493037] krealloc_more_oob+0x1c/0x30 [ 11.493404] kunit_try_run_case+0x1a5/0x480 [ 11.493617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.493855] kthread+0x337/0x6f0 [ 11.494011] ret_from_fork+0x116/0x1d0 [ 11.494142] ret_from_fork_asm+0x1a/0x30 [ 11.494604] [ 11.494765] The buggy address belongs to the object at ffff888100aa3000 [ 11.494765] which belongs to the cache kmalloc-256 of size 256 [ 11.495324] The buggy address is located 5 bytes to the right of [ 11.495324] allocated 235-byte region [ffff888100aa3000, ffff888100aa30eb) [ 11.495879] [ 11.495969] The buggy address belongs to the physical page: [ 11.496239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2 [ 11.496682] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.497039] flags: 0x200000000000040(head|node=0|zone=2) [ 11.497367] page_type: f5(slab) [ 11.497495] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.497832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.498170] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.498568] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.498898] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff [ 11.499199] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.499939] page dumped because: kasan: bad access detected [ 11.500567] [ 11.500663] Memory state around the buggy address: [ 11.500869] ffff888100aa2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.501194] ffff888100aa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.501631] >ffff888100aa3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.501920] ^ [ 11.502181] ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.502562] ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.502868] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 11.425002] ================================================================== [ 11.426032] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.426574] Read of size 1 at addr ffff8881039c0000 by task kunit_try_catch/171 [ 11.427064] [ 11.427188] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.427254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.427436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.427461] Call Trace: [ 11.427479] <TASK> [ 11.427500] dump_stack_lvl+0x73/0xb0 [ 11.427536] print_report+0xd1/0x650 [ 11.427559] ? __virt_addr_valid+0x1db/0x2d0 [ 11.427581] ? page_alloc_uaf+0x356/0x3d0 [ 11.427603] ? kasan_addr_to_slab+0x11/0xa0 [ 11.427622] ? page_alloc_uaf+0x356/0x3d0 [ 11.427642] kasan_report+0x141/0x180 [ 11.427663] ? page_alloc_uaf+0x356/0x3d0 [ 11.427689] __asan_report_load1_noabort+0x18/0x20 [ 11.427712] page_alloc_uaf+0x356/0x3d0 [ 11.427733] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.427754] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.427777] ? trace_hardirqs_on+0x37/0xe0 [ 11.427799] ? __pfx_read_tsc+0x10/0x10 [ 11.427819] ? ktime_get_ts64+0x86/0x230 [ 11.427842] kunit_try_run_case+0x1a5/0x480 [ 11.427866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.427889] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.427912] ? __kthread_parkme+0x82/0x180 [ 11.427931] ? preempt_count_sub+0x50/0x80 [ 11.427953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.427975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.427996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.428017] kthread+0x337/0x6f0 [ 11.428035] ? trace_preempt_on+0x20/0xc0 [ 11.428055] ? __pfx_kthread+0x10/0x10 [ 11.428074] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.428093] ? calculate_sigpending+0x7b/0xa0 [ 11.428115] ? __pfx_kthread+0x10/0x10 [ 11.428135] ret_from_fork+0x116/0x1d0 [ 11.428152] ? __pfx_kthread+0x10/0x10 [ 11.428171] ret_from_fork_asm+0x1a/0x30 [ 11.428200] </TASK> [ 11.428211] [ 11.438704] The buggy address belongs to the physical page: [ 11.439087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 11.439662] flags: 0x200000000000000(node=0|zone=2) [ 11.439889] page_type: f0(buddy) [ 11.440037] raw: 0200000000000000 ffff88817fffb4f0 ffff88817fffb4f0 0000000000000000 [ 11.440699] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 11.441015] page dumped because: kasan: bad access detected [ 11.441319] [ 11.441593] Memory state around the buggy address: [ 11.441813] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.442109] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.443019] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.443329] ^ [ 11.443611] ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.443917] ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.444204] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 11.388570] ================================================================== [ 11.390051] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.390863] Free of addr ffff888102a44001 by task kunit_try_catch/167 [ 11.391764] [ 11.392110] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.392166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.392178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.392208] Call Trace: [ 11.392234] <TASK> [ 11.392254] dump_stack_lvl+0x73/0xb0 [ 11.392294] print_report+0xd1/0x650 [ 11.392317] ? __virt_addr_valid+0x1db/0x2d0 [ 11.392340] ? kasan_addr_to_slab+0x11/0xa0 [ 11.392360] ? kfree+0x274/0x3f0 [ 11.392382] kasan_report_invalid_free+0x10a/0x130 [ 11.392404] ? kfree+0x274/0x3f0 [ 11.392426] ? kfree+0x274/0x3f0 [ 11.392445] __kasan_kfree_large+0x86/0xd0 [ 11.392465] free_large_kmalloc+0x4b/0x110 [ 11.392487] kfree+0x274/0x3f0 [ 11.392510] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.392532] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.392554] ? __schedule+0x10cc/0x2b60 [ 11.392575] ? __pfx_read_tsc+0x10/0x10 [ 11.392595] ? ktime_get_ts64+0x86/0x230 [ 11.392619] kunit_try_run_case+0x1a5/0x480 [ 11.392643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.392664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.392686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.392708] ? __kthread_parkme+0x82/0x180 [ 11.392727] ? preempt_count_sub+0x50/0x80 [ 11.392750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.392771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.392801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.392822] kthread+0x337/0x6f0 [ 11.392840] ? trace_preempt_on+0x20/0xc0 [ 11.392863] ? __pfx_kthread+0x10/0x10 [ 11.392881] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.392902] ? calculate_sigpending+0x7b/0xa0 [ 11.392924] ? __pfx_kthread+0x10/0x10 [ 11.392944] ret_from_fork+0x116/0x1d0 [ 11.392961] ? __pfx_kthread+0x10/0x10 [ 11.392979] ret_from_fork_asm+0x1a/0x30 [ 11.393009] </TASK> [ 11.393020] [ 11.408643] The buggy address belongs to the physical page: [ 11.408916] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.409397] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.410134] flags: 0x200000000000040(head|node=0|zone=2) [ 11.410510] page_type: f8(unknown) [ 11.411290] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.411797] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.412160] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.412576] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.413250] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff [ 11.413625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.413952] page dumped because: kasan: bad access detected [ 11.414190] [ 11.414610] Memory state around the buggy address: [ 11.414831] ffff888102a43f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.415193] ffff888102a43f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.415612] >ffff888102a44000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.415899] ^ [ 11.416174] ffff888102a44080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.416567] ffff888102a44100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.417064] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 11.364618] ================================================================== [ 11.365193] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 11.365898] Read of size 1 at addr ffff888102a44000 by task kunit_try_catch/165 [ 11.367205] [ 11.367544] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.367601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.367615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.367639] Call Trace: [ 11.367656] <TASK> [ 11.367676] dump_stack_lvl+0x73/0xb0 [ 11.367714] print_report+0xd1/0x650 [ 11.367738] ? __virt_addr_valid+0x1db/0x2d0 [ 11.367760] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.367780] ? kasan_addr_to_slab+0x11/0xa0 [ 11.367799] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.367819] kasan_report+0x141/0x180 [ 11.367839] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.367863] __asan_report_load1_noabort+0x18/0x20 [ 11.367886] kmalloc_large_uaf+0x2f1/0x340 [ 11.367906] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 11.367926] ? __schedule+0x10cc/0x2b60 [ 11.367947] ? __pfx_read_tsc+0x10/0x10 [ 11.367968] ? ktime_get_ts64+0x86/0x230 [ 11.367992] kunit_try_run_case+0x1a5/0x480 [ 11.368017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.368038] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.368060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.368081] ? __kthread_parkme+0x82/0x180 [ 11.368100] ? preempt_count_sub+0x50/0x80 [ 11.368122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.368144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.368165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.368186] kthread+0x337/0x6f0 [ 11.368204] ? trace_preempt_on+0x20/0xc0 [ 11.368236] ? __pfx_kthread+0x10/0x10 [ 11.368256] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.368275] ? calculate_sigpending+0x7b/0xa0 [ 11.368298] ? __pfx_kthread+0x10/0x10 [ 11.368351] ret_from_fork+0x116/0x1d0 [ 11.368369] ? __pfx_kthread+0x10/0x10 [ 11.368388] ret_from_fork_asm+0x1a/0x30 [ 11.368429] </TASK> [ 11.368441] [ 11.379597] The buggy address belongs to the physical page: [ 11.379957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44 [ 11.380330] flags: 0x200000000000000(node=0|zone=2) [ 11.380672] raw: 0200000000000000 ffffea00040a9208 ffff88815b039f80 0000000000000000 [ 11.381033] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 11.381441] page dumped because: kasan: bad access detected [ 11.381798] [ 11.381899] Memory state around the buggy address: [ 11.382294] ffff888102a43f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.382666] ffff888102a43f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.383020] >ffff888102a44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.383363] ^ [ 11.383515] ffff888102a44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.383829] ffff888102a44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.384131] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 11.330958] ================================================================== [ 11.331704] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.332893] Write of size 1 at addr ffff88810273e00a by task kunit_try_catch/163 [ 11.333772] [ 11.334129] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.334185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.334197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.334232] Call Trace: [ 11.334248] <TASK> [ 11.334427] dump_stack_lvl+0x73/0xb0 [ 11.334474] print_report+0xd1/0x650 [ 11.334498] ? __virt_addr_valid+0x1db/0x2d0 [ 11.334521] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334542] ? kasan_addr_to_slab+0x11/0xa0 [ 11.334561] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334582] kasan_report+0x141/0x180 [ 11.334602] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334627] __asan_report_store1_noabort+0x1b/0x30 [ 11.334646] kmalloc_large_oob_right+0x2e9/0x330 [ 11.334666] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.334688] ? __schedule+0x10cc/0x2b60 [ 11.334709] ? __pfx_read_tsc+0x10/0x10 [ 11.334729] ? ktime_get_ts64+0x86/0x230 [ 11.334754] kunit_try_run_case+0x1a5/0x480 [ 11.334779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.334799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.334821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.334842] ? __kthread_parkme+0x82/0x180 [ 11.334862] ? preempt_count_sub+0x50/0x80 [ 11.334884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.334905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.334926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.334946] kthread+0x337/0x6f0 [ 11.334964] ? trace_preempt_on+0x20/0xc0 [ 11.334987] ? __pfx_kthread+0x10/0x10 [ 11.335006] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.335026] ? calculate_sigpending+0x7b/0xa0 [ 11.335048] ? __pfx_kthread+0x10/0x10 [ 11.335068] ret_from_fork+0x116/0x1d0 [ 11.335084] ? __pfx_kthread+0x10/0x10 [ 11.335103] ret_from_fork_asm+0x1a/0x30 [ 11.335133] </TASK> [ 11.335144] [ 11.350966] The buggy address belongs to the physical page: [ 11.351192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10273c [ 11.351780] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.352250] flags: 0x200000000000040(head|node=0|zone=2) [ 11.352576] page_type: f8(unknown) [ 11.352771] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.353084] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.353539] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.353769] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.354050] head: 0200000000000002 ffffea000409cf01 00000000ffffffff 00000000ffffffff [ 11.354555] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.354948] page dumped because: kasan: bad access detected [ 11.355370] [ 11.355454] Memory state around the buggy address: [ 11.355680] ffff88810273df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.355980] ffff88810273df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.356292] >ffff88810273e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.356848] ^ [ 11.357416] ffff88810273e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.358056] ffff88810273e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.358696] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 11.300064] ================================================================== [ 11.300972] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 11.301252] Write of size 1 at addr ffff888102a9df00 by task kunit_try_catch/161 [ 11.301993] [ 11.302177] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.302236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.302248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.302270] Call Trace: [ 11.302284] <TASK> [ 11.302303] dump_stack_lvl+0x73/0xb0 [ 11.302334] print_report+0xd1/0x650 [ 11.302356] ? __virt_addr_valid+0x1db/0x2d0 [ 11.302378] ? kmalloc_big_oob_right+0x316/0x370 [ 11.302399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.302462] ? kmalloc_big_oob_right+0x316/0x370 [ 11.302485] kasan_report+0x141/0x180 [ 11.302505] ? kmalloc_big_oob_right+0x316/0x370 [ 11.302530] __asan_report_store1_noabort+0x1b/0x30 [ 11.302549] kmalloc_big_oob_right+0x316/0x370 [ 11.302570] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 11.302591] ? __schedule+0x10cc/0x2b60 [ 11.302613] ? __pfx_read_tsc+0x10/0x10 [ 11.302634] ? ktime_get_ts64+0x86/0x230 [ 11.302658] kunit_try_run_case+0x1a5/0x480 [ 11.302683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.302703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.302726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.302746] ? __kthread_parkme+0x82/0x180 [ 11.302766] ? preempt_count_sub+0x50/0x80 [ 11.302788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.302809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.302830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.302851] kthread+0x337/0x6f0 [ 11.302869] ? trace_preempt_on+0x20/0xc0 [ 11.302891] ? __pfx_kthread+0x10/0x10 [ 11.302910] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.302930] ? calculate_sigpending+0x7b/0xa0 [ 11.302953] ? __pfx_kthread+0x10/0x10 [ 11.302973] ret_from_fork+0x116/0x1d0 [ 11.302989] ? __pfx_kthread+0x10/0x10 [ 11.303008] ret_from_fork_asm+0x1a/0x30 [ 11.303038] </TASK> [ 11.303048] [ 11.311748] Allocated by task 161: [ 11.311918] kasan_save_stack+0x45/0x70 [ 11.312118] kasan_save_track+0x18/0x40 [ 11.312505] kasan_save_alloc_info+0x3b/0x50 [ 11.312906] __kasan_kmalloc+0xb7/0xc0 [ 11.313106] __kmalloc_cache_noprof+0x189/0x420 [ 11.313585] kmalloc_big_oob_right+0xa9/0x370 [ 11.313926] kunit_try_run_case+0x1a5/0x480 [ 11.314075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.314520] kthread+0x337/0x6f0 [ 11.314649] ret_from_fork+0x116/0x1d0 [ 11.314781] ret_from_fork_asm+0x1a/0x30 [ 11.314918] [ 11.314991] The buggy address belongs to the object at ffff888102a9c000 [ 11.314991] which belongs to the cache kmalloc-8k of size 8192 [ 11.316054] The buggy address is located 0 bytes to the right of [ 11.316054] allocated 7936-byte region [ffff888102a9c000, ffff888102a9df00) [ 11.316709] [ 11.316818] The buggy address belongs to the physical page: [ 11.317060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a98 [ 11.318152] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.318535] flags: 0x200000000000040(head|node=0|zone=2) [ 11.319210] page_type: f5(slab) [ 11.319636] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.320144] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.320893] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.321525] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.321844] head: 0200000000000003 ffffea00040aa601 00000000ffffffff 00000000ffffffff [ 11.322167] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.322906] page dumped because: kasan: bad access detected [ 11.323394] [ 11.323492] Memory state around the buggy address: [ 11.323712] ffff888102a9de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.324010] ffff888102a9de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.324818] >ffff888102a9df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.325471] ^ [ 11.325873] ffff888102a9df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.326175] ffff888102a9e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.327065] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 11.245851] ================================================================== [ 11.246343] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.246700] Write of size 1 at addr ffff88810262f878 by task kunit_try_catch/159 [ 11.247013] [ 11.247137] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.247184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.247196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.247277] Call Trace: [ 11.247292] <TASK> [ 11.247323] dump_stack_lvl+0x73/0xb0 [ 11.247369] print_report+0xd1/0x650 [ 11.247407] ? __virt_addr_valid+0x1db/0x2d0 [ 11.247432] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.247455] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.247476] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.247499] kasan_report+0x141/0x180 [ 11.247529] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.247557] __asan_report_store1_noabort+0x1b/0x30 [ 11.247576] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.247610] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.247634] ? __schedule+0x10cc/0x2b60 [ 11.247655] ? __pfx_read_tsc+0x10/0x10 [ 11.247676] ? ktime_get_ts64+0x86/0x230 [ 11.247700] kunit_try_run_case+0x1a5/0x480 [ 11.247725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.247745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.247768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.247789] ? __kthread_parkme+0x82/0x180 [ 11.247809] ? preempt_count_sub+0x50/0x80 [ 11.247832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.247853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.247874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.247895] kthread+0x337/0x6f0 [ 11.247913] ? trace_preempt_on+0x20/0xc0 [ 11.247935] ? __pfx_kthread+0x10/0x10 [ 11.247954] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.247974] ? calculate_sigpending+0x7b/0xa0 [ 11.247997] ? __pfx_kthread+0x10/0x10 [ 11.248016] ret_from_fork+0x116/0x1d0 [ 11.248033] ? __pfx_kthread+0x10/0x10 [ 11.248052] ret_from_fork_asm+0x1a/0x30 [ 11.248082] </TASK> [ 11.248093] [ 11.260259] Allocated by task 159: [ 11.260987] kasan_save_stack+0x45/0x70 [ 11.261736] kasan_save_track+0x18/0x40 [ 11.262487] kasan_save_alloc_info+0x3b/0x50 [ 11.263187] __kasan_kmalloc+0xb7/0xc0 [ 11.263346] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.263529] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.263699] kunit_try_run_case+0x1a5/0x480 [ 11.263844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.264014] kthread+0x337/0x6f0 [ 11.264133] ret_from_fork+0x116/0x1d0 [ 11.265056] ret_from_fork_asm+0x1a/0x30 [ 11.265975] [ 11.266078] The buggy address belongs to the object at ffff88810262f800 [ 11.266078] which belongs to the cache kmalloc-128 of size 128 [ 11.266695] The buggy address is located 0 bytes to the right of [ 11.266695] allocated 120-byte region [ffff88810262f800, ffff88810262f878) [ 11.267358] [ 11.267463] The buggy address belongs to the physical page: [ 11.267714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.268077] flags: 0x200000000000000(node=0|zone=2) [ 11.268425] page_type: f5(slab) [ 11.268611] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.268963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.269369] page dumped because: kasan: bad access detected [ 11.269609] [ 11.269704] Memory state around the buggy address: [ 11.269900] ffff88810262f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.270190] ffff88810262f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.271019] >ffff88810262f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.271438] ^ [ 11.271783] ffff88810262f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.272082] ffff88810262f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.272486] ================================================================== [ 11.273738] ================================================================== [ 11.274069] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.274811] Write of size 1 at addr ffff88810262f978 by task kunit_try_catch/159 [ 11.275122] [ 11.275366] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.275426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.275438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.275461] Call Trace: [ 11.275486] <TASK> [ 11.275505] dump_stack_lvl+0x73/0xb0 [ 11.275540] print_report+0xd1/0x650 [ 11.275563] ? __virt_addr_valid+0x1db/0x2d0 [ 11.275585] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.275608] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.275629] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.275651] kasan_report+0x141/0x180 [ 11.275672] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.275699] __asan_report_store1_noabort+0x1b/0x30 [ 11.275718] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.275741] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.275764] ? __schedule+0x10cc/0x2b60 [ 11.275785] ? __pfx_read_tsc+0x10/0x10 [ 11.275805] ? ktime_get_ts64+0x86/0x230 [ 11.275828] kunit_try_run_case+0x1a5/0x480 [ 11.275851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.275882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.275904] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.275925] ? __kthread_parkme+0x82/0x180 [ 11.275956] ? preempt_count_sub+0x50/0x80 [ 11.275979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.276009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.276030] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.276051] kthread+0x337/0x6f0 [ 11.276069] ? trace_preempt_on+0x20/0xc0 [ 11.276102] ? __pfx_kthread+0x10/0x10 [ 11.276121] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.276140] ? calculate_sigpending+0x7b/0xa0 [ 11.276163] ? __pfx_kthread+0x10/0x10 [ 11.276273] ret_from_fork+0x116/0x1d0 [ 11.276296] ? __pfx_kthread+0x10/0x10 [ 11.276316] ret_from_fork_asm+0x1a/0x30 [ 11.276345] </TASK> [ 11.276357] [ 11.284961] Allocated by task 159: [ 11.285265] kasan_save_stack+0x45/0x70 [ 11.285475] kasan_save_track+0x18/0x40 [ 11.285667] kasan_save_alloc_info+0x3b/0x50 [ 11.285815] __kasan_kmalloc+0xb7/0xc0 [ 11.285996] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.286363] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.286589] kunit_try_run_case+0x1a5/0x480 [ 11.286799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.287056] kthread+0x337/0x6f0 [ 11.287337] ret_from_fork+0x116/0x1d0 [ 11.287479] ret_from_fork_asm+0x1a/0x30 [ 11.287636] [ 11.287746] The buggy address belongs to the object at ffff88810262f900 [ 11.287746] which belongs to the cache kmalloc-128 of size 128 [ 11.288725] The buggy address is located 0 bytes to the right of [ 11.288725] allocated 120-byte region [ffff88810262f900, ffff88810262f978) [ 11.289363] [ 11.289455] The buggy address belongs to the physical page: [ 11.289681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 11.289989] flags: 0x200000000000000(node=0|zone=2) [ 11.290227] page_type: f5(slab) [ 11.290350] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.290689] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.290944] page dumped because: kasan: bad access detected [ 11.291195] [ 11.291485] Memory state around the buggy address: [ 11.291679] ffff88810262f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.292011] ffff88810262f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.292427] >ffff88810262f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.292730] ^ [ 11.293053] ffff88810262f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.293467] ffff88810262fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.293795] ==================================================================
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 141.634929] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 141.635027] WARNING: CPU: 0 PID: 2568 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 141.636351] Modules linked in: [ 141.636645] CPU: 0 UID: 0 PID: 2568 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 141.637105] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.637576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.638269] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 141.638583] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d 1d 80 00 48 c7 c1 a0 7d fe b2 4c 89 f2 48 c7 c7 60 7a fe b2 48 89 c6 e8 94 d1 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 141.639065] RSP: 0000:ffff88810b2d7d18 EFLAGS: 00010286 [ 141.639269] RAX: 0000000000000000 RBX: ffff8881059e6000 RCX: 1ffffffff67a4c80 [ 141.639732] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 141.640204] RBP: ffff88810b2d7d48 R08: 0000000000000000 R09: fffffbfff67a4c80 [ 141.640637] R10: 0000000000000003 R11: 0000000000039e20 R12: ffff88810b100800 [ 141.640933] R13: ffff8881059e60f8 R14: ffff888100edfe80 R15: ffff88810039fb40 [ 141.641388] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 141.641860] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.642071] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 141.642387] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 141.642879] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.643235] Call Trace: [ 141.643704] <TASK> [ 141.643835] ? trace_preempt_on+0x20/0xc0 [ 141.644041] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 141.644796] drm_gem_shmem_free_wrapper+0x12/0x20 [ 141.645111] __kunit_action_free+0x57/0x70 [ 141.645832] kunit_remove_resource+0x133/0x200 [ 141.646500] ? preempt_count_sub+0x50/0x80 [ 141.646956] kunit_cleanup+0x7a/0x120 [ 141.647424] kunit_try_run_case_cleanup+0xbd/0xf0 [ 141.647657] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 141.647883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.648109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.648695] kthread+0x337/0x6f0 [ 141.649220] ? trace_preempt_on+0x20/0xc0 [ 141.649732] ? __pfx_kthread+0x10/0x10 [ 141.649979] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.650315] ? calculate_sigpending+0x7b/0xa0 [ 141.650559] ? __pfx_kthread+0x10/0x10 [ 141.651015] ret_from_fork+0x116/0x1d0 [ 141.651594] ? __pfx_kthread+0x10/0x10 [ 141.651796] ret_from_fork_asm+0x1a/0x30 [ 141.652148] </TASK> [ 141.652615] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 141.488907] WARNING: CPU: 1 PID: 2549 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 141.489379] Modules linked in: [ 141.489903] CPU: 1 UID: 0 PID: 2549 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 141.490941] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.491432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.492376] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 141.492728] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 141.493258] RSP: 0000:ffff88810ad7fb30 EFLAGS: 00010246 [ 141.493664] RAX: dffffc0000000000 RBX: ffff88810ad7fc28 RCX: 0000000000000000 [ 141.493949] RDX: 1ffff110215aff8e RSI: ffff88810ad7fc28 RDI: ffff88810ad7fc70 [ 141.494304] RBP: ffff88810ad7fb70 R08: ffff88810affa000 R09: ffffffffb2fd80e0 [ 141.494619] R10: 0000000000000003 R11: 0000000063191761 R12: ffff88810affa000 [ 141.494945] R13: ffff88810039fae8 R14: ffff88810ad7fba8 R15: 0000000000000000 [ 141.495402] FS: 0000000000000000(0000) GS:ffff8881a6174000(0000) knlGS:0000000000000000 [ 141.495766] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.496005] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 141.496417] DR0: ffffffffb5050444 DR1: ffffffffb5050449 DR2: ffffffffb505044a [ 141.496746] DR3: ffffffffb505044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.497068] Call Trace: [ 141.497416] <TASK> [ 141.497705] ? add_dr+0xc1/0x1d0 [ 141.497883] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 141.498352] ? add_dr+0x148/0x1d0 [ 141.498527] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 141.498791] ? __drmm_add_action+0x1a4/0x280 [ 141.499030] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 141.499339] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 141.499513] ? __drmm_add_action_or_reset+0x22/0x50 [ 141.499871] ? __schedule+0x10cc/0x2b60 [ 141.500082] ? __pfx_read_tsc+0x10/0x10 [ 141.500362] ? ktime_get_ts64+0x86/0x230 [ 141.500667] kunit_try_run_case+0x1a5/0x480 [ 141.500976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.501668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.501940] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.502142] ? __kthread_parkme+0x82/0x180 [ 141.502465] ? preempt_count_sub+0x50/0x80 [ 141.502748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.503084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.504528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.504822] kthread+0x337/0x6f0 [ 141.504959] ? trace_preempt_on+0x20/0xc0 [ 141.505109] ? __pfx_kthread+0x10/0x10 [ 141.505265] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.505418] ? calculate_sigpending+0x7b/0xa0 [ 141.505575] ? __pfx_kthread+0x10/0x10 [ 141.505714] ret_from_fork+0x116/0x1d0 [ 141.505849] ? __pfx_kthread+0x10/0x10 [ 141.505984] ret_from_fork_asm+0x1a/0x30 [ 141.506135] </TASK> [ 141.507052] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 141.450609] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 141.450746] WARNING: CPU: 0 PID: 2545 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 141.452175] Modules linked in: [ 141.452624] CPU: 0 UID: 0 PID: 2545 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 141.453764] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.454471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.455760] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 141.456373] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b 3a 87 00 48 c7 c1 c0 2f fd b2 4c 89 fa 48 c7 c7 20 30 fd b2 48 89 c6 e8 62 ee 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 141.456884] RSP: 0000:ffff88810afefb68 EFLAGS: 00010282 [ 141.457070] RAX: 0000000000000000 RBX: ffff88810afefc40 RCX: 1ffffffff67a4c80 [ 141.457318] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 141.458095] RBP: ffff88810afefb90 R08: 0000000000000000 R09: fffffbfff67a4c80 [ 141.458966] R10: 0000000000000003 R11: 0000000000038538 R12: ffff88810afefc18 [ 141.459484] R13: ffff88810adac800 R14: ffff88810ac6a000 R15: ffff8881041f7000 [ 141.459703] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 141.459942] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.460120] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 141.460406] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 141.460752] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.461159] Call Trace: [ 141.461830] <TASK> [ 141.461970] drm_test_framebuffer_free+0x1ab/0x610 [ 141.462168] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 141.462496] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 141.462961] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 141.463416] ? __drmm_add_action_or_reset+0x22/0x50 [ 141.463742] ? __schedule+0x10cc/0x2b60 [ 141.463936] ? __pfx_read_tsc+0x10/0x10 [ 141.464134] ? ktime_get_ts64+0x86/0x230 [ 141.464368] kunit_try_run_case+0x1a5/0x480 [ 141.464534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.464888] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.465111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.465307] ? __kthread_parkme+0x82/0x180 [ 141.465596] ? preempt_count_sub+0x50/0x80 [ 141.465811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.466044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.466527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.466807] kthread+0x337/0x6f0 [ 141.466951] ? trace_preempt_on+0x20/0xc0 [ 141.467133] ? __pfx_kthread+0x10/0x10 [ 141.467513] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.467861] ? calculate_sigpending+0x7b/0xa0 [ 141.468038] ? __pfx_kthread+0x10/0x10 [ 141.468248] ret_from_fork+0x116/0x1d0 [ 141.468578] ? __pfx_kthread+0x10/0x10 [ 141.468727] ret_from_fork_asm+0x1a/0x30 [ 141.468947] </TASK> [ 141.469077] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 139.908275] WARNING: CPU: 0 PID: 1975 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 139.909049] Modules linked in: [ 139.909304] CPU: 0 UID: 0 PID: 1975 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 139.910237] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.910755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.911030] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 139.911303] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 139.913222] RSP: 0000:ffff88810a8b7c90 EFLAGS: 00010246 [ 139.913605] RAX: dffffc0000000000 RBX: ffff88810a9dc000 RCX: 0000000000000000 [ 139.914344] RDX: 1ffff1102153b832 RSI: ffffffffb0204658 RDI: ffff88810a9dc190 [ 139.914967] RBP: ffff88810a8b7ca0 R08: 1ffff11020073f69 R09: ffffed1021516f65 [ 139.915467] R10: 0000000000000003 R11: ffffffffaf786fb8 R12: 0000000000000000 [ 139.915685] R13: ffff88810a8b7d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 139.915897] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 139.916132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.916338] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 139.916859] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 139.917139] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.917631] Call Trace: [ 139.917776] <TASK> [ 139.917916] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 139.918331] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 139.919093] ? __schedule+0x10cc/0x2b60 [ 139.919535] ? __pfx_read_tsc+0x10/0x10 [ 139.919932] ? ktime_get_ts64+0x86/0x230 [ 139.920257] kunit_try_run_case+0x1a5/0x480 [ 139.920650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.920984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.921400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.921758] ? __kthread_parkme+0x82/0x180 [ 139.921974] ? preempt_count_sub+0x50/0x80 [ 139.922174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.922864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.923108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.923439] kthread+0x337/0x6f0 [ 139.923608] ? trace_preempt_on+0x20/0xc0 [ 139.923985] ? __pfx_kthread+0x10/0x10 [ 139.924173] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.924748] ? calculate_sigpending+0x7b/0xa0 [ 139.925080] ? __pfx_kthread+0x10/0x10 [ 139.925556] ret_from_fork+0x116/0x1d0 [ 139.925880] ? __pfx_kthread+0x10/0x10 [ 139.926170] ret_from_fork_asm+0x1a/0x30 [ 139.926699] </TASK> [ 139.926856] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 139.998812] WARNING: CPU: 0 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 139.999564] Modules linked in: [ 139.999948] CPU: 0 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 140.000656] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 140.001079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 140.001849] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 140.002131] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 140.003046] RSP: 0000:ffff888105d4fc90 EFLAGS: 00010246 [ 140.003685] RAX: dffffc0000000000 RBX: ffff88810aa2c000 RCX: 0000000000000000 [ 140.004112] RDX: 1ffff11021545832 RSI: ffffffffb0204658 RDI: ffff88810aa2c190 [ 140.004858] RBP: ffff888105d4fca0 R08: 1ffff11020073f69 R09: ffffed1020ba9f65 [ 140.005208] R10: 0000000000000003 R11: ffffffffaf786fb8 R12: 0000000000000000 [ 140.005780] R13: ffff888105d4fd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 140.006685] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 140.007026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.007572] CR2: 00007ffff7ffe000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 140.008010] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 140.008505] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 140.008837] Call Trace: [ 140.009012] <TASK> [ 140.009213] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 140.009733] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 140.010020] ? __schedule+0x10cc/0x2b60 [ 140.010505] ? __pfx_read_tsc+0x10/0x10 [ 140.010714] ? ktime_get_ts64+0x86/0x230 [ 140.010919] kunit_try_run_case+0x1a5/0x480 [ 140.011104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.011367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 140.011765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 140.012052] ? __kthread_parkme+0x82/0x180 [ 140.012211] ? preempt_count_sub+0x50/0x80 [ 140.012520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.012825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 140.013510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 140.013881] kthread+0x337/0x6f0 [ 140.014150] ? trace_preempt_on+0x20/0xc0 [ 140.015254] ? __pfx_kthread+0x10/0x10 [ 140.015467] ? _raw_spin_unlock_irq+0x47/0x80 [ 140.015634] ? calculate_sigpending+0x7b/0xa0 [ 140.015856] ? __pfx_kthread+0x10/0x10 [ 140.016385] ret_from_fork+0x116/0x1d0 [ 140.016559] ? __pfx_kthread+0x10/0x10 [ 140.016771] ret_from_fork_asm+0x1a/0x30 [ 140.016965] </TASK> [ 140.017081] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 109.085308] WARNING: CPU: 1 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 109.085581] Modules linked in: [ 109.085743] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 109.086071] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 109.087293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.088306] RIP: 0010:intlog10+0x2a/0x40 [ 109.088753] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 109.090604] RSP: 0000:ffff8881035efcb0 EFLAGS: 00010246 [ 109.091070] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110206bdfb4 [ 109.091654] RDX: 1ffffffff65d2c94 RSI: 1ffff110206bdfb3 RDI: 0000000000000000 [ 109.092116] RBP: ffff8881035efd60 R08: 0000000000000000 R09: ffffed10204d1580 [ 109.092342] R10: ffff88810268ac07 R11: 0000000000000000 R12: 1ffff110206bdf97 [ 109.092953] R13: ffffffffb2e964a0 R14: 0000000000000000 R15: ffff8881035efd38 [ 109.094123] FS: 0000000000000000(0000) GS:ffff8881a6174000(0000) knlGS:0000000000000000 [ 109.094853] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.095040] CR2: ffff88815a90d009 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 109.095435] DR0: ffffffffb5050444 DR1: ffffffffb5050449 DR2: ffffffffb505044a [ 109.096060] DR3: ffffffffb505044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.096783] Call Trace: [ 109.097165] <TASK> [ 109.097697] ? intlog10_test+0xf2/0x220 [ 109.098040] ? __pfx_intlog10_test+0x10/0x10 [ 109.098242] ? __schedule+0x10cc/0x2b60 [ 109.098744] ? __pfx_read_tsc+0x10/0x10 [ 109.100078] ? ktime_get_ts64+0x86/0x230 [ 109.100356] kunit_try_run_case+0x1a5/0x480 [ 109.100935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.101685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 109.101928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 109.102100] ? __kthread_parkme+0x82/0x180 [ 109.102417] ? preempt_count_sub+0x50/0x80 [ 109.102805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.103274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.103797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.104181] kthread+0x337/0x6f0 [ 109.104616] ? trace_preempt_on+0x20/0xc0 [ 109.104873] ? __pfx_kthread+0x10/0x10 [ 109.105012] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.105164] ? calculate_sigpending+0x7b/0xa0 [ 109.105826] ? __pfx_kthread+0x10/0x10 [ 109.106204] ret_from_fork+0x116/0x1d0 [ 109.106826] ? __pfx_kthread+0x10/0x10 [ 109.107181] ret_from_fork_asm+0x1a/0x30 [ 109.107708] </TASK> [ 109.107821] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 109.045006] WARNING: CPU: 0 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 109.046565] Modules linked in: [ 109.046761] CPU: 0 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 109.047103] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 109.047297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.047884] RIP: 0010:intlog2+0xdf/0x110 [ 109.048066] Code: e9 b2 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 12 9c 86 02 90 <0f> 0b 90 31 c0 e9 07 9c 86 02 89 45 e4 e8 0f 10 56 ff 8b 45 e4 eb [ 109.048845] RSP: 0000:ffff8881035e7cb0 EFLAGS: 00010246 [ 109.049226] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110206bcfb4 [ 109.049702] RDX: 1ffffffff65d2ce8 RSI: 1ffff110206bcfb3 RDI: 0000000000000000 [ 109.049995] RBP: ffff8881035e7d60 R08: 0000000000000000 R09: ffffed10204d1460 [ 109.050438] R10: ffff88810268a307 R11: 0000000000000000 R12: 1ffff110206bcf97 [ 109.051139] R13: ffffffffb2e96740 R14: 0000000000000000 R15: ffff8881035e7d38 [ 109.051696] FS: 0000000000000000(0000) GS:ffff8881a6074000(0000) knlGS:0000000000000000 [ 109.052169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.052663] CR2: dffffc0000000000 CR3: 00000000774bc000 CR4: 00000000000006f0 [ 109.053081] DR0: ffffffffb5050440 DR1: ffffffffb5050441 DR2: ffffffffb5050443 [ 109.053799] DR3: ffffffffb5050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.054084] Call Trace: [ 109.054458] <TASK> [ 109.054691] ? intlog2_test+0xf2/0x220 [ 109.054909] ? __pfx_intlog2_test+0x10/0x10 [ 109.055108] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 109.055778] ? trace_hardirqs_on+0x37/0xe0 [ 109.056005] ? __pfx_read_tsc+0x10/0x10 [ 109.056190] ? ktime_get_ts64+0x86/0x230 [ 109.056695] kunit_try_run_case+0x1a5/0x480 [ 109.057037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.057582] ? queued_spin_lock_slowpath+0x116/0xb40 [ 109.057842] ? __kthread_parkme+0x82/0x180 [ 109.058048] ? preempt_count_sub+0x50/0x80 [ 109.058505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.058846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.059188] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.059826] kthread+0x337/0x6f0 [ 109.060011] ? trace_preempt_on+0x20/0xc0 [ 109.060602] ? __pfx_kthread+0x10/0x10 [ 109.060800] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.061101] ? calculate_sigpending+0x7b/0xa0 [ 109.061587] ? __pfx_kthread+0x10/0x10 [ 109.061772] ret_from_fork+0x116/0x1d0 [ 109.061958] ? __pfx_kthread+0x10/0x10 [ 109.062136] ret_from_fork_asm+0x1a/0x30 [ 109.062769] </TASK> [ 109.063047] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 108.440186] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI