Date
July 5, 2025, 11:11 p.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 15.794687] ================================================================== [ 15.795112] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 15.795456] Read of size 1 at addr ffff888102a0d790 by task kunit_try_catch/277 [ 15.795964] [ 15.796079] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.796131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.796146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.796173] Call Trace: [ 15.796196] <TASK> [ 15.796216] dump_stack_lvl+0x73/0xb0 [ 15.796252] print_report+0xd1/0x650 [ 15.796279] ? __virt_addr_valid+0x1db/0x2d0 [ 15.796305] ? strnlen+0x73/0x80 [ 15.796326] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.796351] ? strnlen+0x73/0x80 [ 15.796372] kasan_report+0x141/0x180 [ 15.796398] ? strnlen+0x73/0x80 [ 15.796423] __asan_report_load1_noabort+0x18/0x20 [ 15.796451] strnlen+0x73/0x80 [ 15.796472] kasan_strings+0x615/0xe80 [ 15.796496] ? trace_hardirqs_on+0x37/0xe0 [ 15.796523] ? __pfx_kasan_strings+0x10/0x10 [ 15.796599] ? finish_task_switch.isra.0+0x153/0x700 [ 15.796628] ? __switch_to+0x47/0xf50 [ 15.796658] ? __schedule+0x10cc/0x2b60 [ 15.796685] ? __pfx_read_tsc+0x10/0x10 [ 15.796710] ? ktime_get_ts64+0x86/0x230 [ 15.796738] kunit_try_run_case+0x1a5/0x480 [ 15.796766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.796804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.796832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.796859] ? __kthread_parkme+0x82/0x180 [ 15.796881] ? preempt_count_sub+0x50/0x80 [ 15.796908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.796935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.796961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.796988] kthread+0x337/0x6f0 [ 15.797011] ? trace_preempt_on+0x20/0xc0 [ 15.797036] ? __pfx_kthread+0x10/0x10 [ 15.797060] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.797086] ? calculate_sigpending+0x7b/0xa0 [ 15.797114] ? __pfx_kthread+0x10/0x10 [ 15.797140] ret_from_fork+0x116/0x1d0 [ 15.797161] ? __pfx_kthread+0x10/0x10 [ 15.797185] ret_from_fork_asm+0x1a/0x30 [ 15.797222] </TASK> [ 15.797236] [ 15.807342] Allocated by task 277: [ 15.807573] kasan_save_stack+0x45/0x70 [ 15.807817] kasan_save_track+0x18/0x40 [ 15.808000] kasan_save_alloc_info+0x3b/0x50 [ 15.808344] __kasan_kmalloc+0xb7/0xc0 [ 15.808522] __kmalloc_cache_noprof+0x189/0x420 [ 15.808775] kasan_strings+0xc0/0xe80 [ 15.808943] kunit_try_run_case+0x1a5/0x480 [ 15.809328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.809646] kthread+0x337/0x6f0 [ 15.809864] ret_from_fork+0x116/0x1d0 [ 15.810085] ret_from_fork_asm+0x1a/0x30 [ 15.810358] [ 15.810475] Freed by task 277: [ 15.810652] kasan_save_stack+0x45/0x70 [ 15.810830] kasan_save_track+0x18/0x40 [ 15.811017] kasan_save_free_info+0x3f/0x60 [ 15.811461] __kasan_slab_free+0x56/0x70 [ 15.811714] kfree+0x222/0x3f0 [ 15.811924] kasan_strings+0x2aa/0xe80 [ 15.812218] kunit_try_run_case+0x1a5/0x480 [ 15.812437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.812639] kthread+0x337/0x6f0 [ 15.812779] ret_from_fork+0x116/0x1d0 [ 15.813012] ret_from_fork_asm+0x1a/0x30 [ 15.813237] [ 15.813356] The buggy address belongs to the object at ffff888102a0d780 [ 15.813356] which belongs to the cache kmalloc-32 of size 32 [ 15.814260] The buggy address is located 16 bytes inside of [ 15.814260] freed 32-byte region [ffff888102a0d780, ffff888102a0d7a0) [ 15.814767] [ 15.814900] The buggy address belongs to the physical page: [ 15.815169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0d [ 15.815536] flags: 0x200000000000000(node=0|zone=2) [ 15.815770] page_type: f5(slab) [ 15.816068] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 15.816532] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 15.816948] page dumped because: kasan: bad access detected [ 15.817216] [ 15.817550] Memory state around the buggy address: [ 15.817779] ffff888102a0d680: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.818052] ffff888102a0d700: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 15.818429] >ffff888102a0d780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.818833] ^ [ 15.819024] ffff888102a0d800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.819490] ffff888102a0d880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.819890] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 15.766903] ================================================================== [ 15.767380] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 15.767677] Read of size 1 at addr ffff888102a0d790 by task kunit_try_catch/277 [ 15.768002] [ 15.768477] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.768537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.768553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.768581] Call Trace: [ 15.768596] <TASK> [ 15.768617] dump_stack_lvl+0x73/0xb0 [ 15.768653] print_report+0xd1/0x650 [ 15.768681] ? __virt_addr_valid+0x1db/0x2d0 [ 15.768708] ? strlen+0x8f/0xb0 [ 15.768730] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.768756] ? strlen+0x8f/0xb0 [ 15.768778] kasan_report+0x141/0x180 [ 15.768820] ? strlen+0x8f/0xb0 [ 15.768847] __asan_report_load1_noabort+0x18/0x20 [ 15.768875] strlen+0x8f/0xb0 [ 15.768896] kasan_strings+0x57b/0xe80 [ 15.768920] ? trace_hardirqs_on+0x37/0xe0 [ 15.768949] ? __pfx_kasan_strings+0x10/0x10 [ 15.768973] ? finish_task_switch.isra.0+0x153/0x700 [ 15.769000] ? __switch_to+0x47/0xf50 [ 15.769030] ? __schedule+0x10cc/0x2b60 [ 15.769057] ? __pfx_read_tsc+0x10/0x10 [ 15.769082] ? ktime_get_ts64+0x86/0x230 [ 15.769110] kunit_try_run_case+0x1a5/0x480 [ 15.769230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.769262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.769290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.769318] ? __kthread_parkme+0x82/0x180 [ 15.769350] ? preempt_count_sub+0x50/0x80 [ 15.769377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.769404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.769432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.769459] kthread+0x337/0x6f0 [ 15.769482] ? trace_preempt_on+0x20/0xc0 [ 15.769508] ? __pfx_kthread+0x10/0x10 [ 15.769533] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.769558] ? calculate_sigpending+0x7b/0xa0 [ 15.769588] ? __pfx_kthread+0x10/0x10 [ 15.769614] ret_from_fork+0x116/0x1d0 [ 15.769636] ? __pfx_kthread+0x10/0x10 [ 15.769660] ret_from_fork_asm+0x1a/0x30 [ 15.769695] </TASK> [ 15.769710] [ 15.781979] Allocated by task 277: [ 15.782207] kasan_save_stack+0x45/0x70 [ 15.782456] kasan_save_track+0x18/0x40 [ 15.782736] kasan_save_alloc_info+0x3b/0x50 [ 15.783008] __kasan_kmalloc+0xb7/0xc0 [ 15.783346] __kmalloc_cache_noprof+0x189/0x420 [ 15.783563] kasan_strings+0xc0/0xe80 [ 15.783719] kunit_try_run_case+0x1a5/0x480 [ 15.783924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.784221] kthread+0x337/0x6f0 [ 15.784418] ret_from_fork+0x116/0x1d0 [ 15.784607] ret_from_fork_asm+0x1a/0x30 [ 15.784784] [ 15.784908] Freed by task 277: [ 15.785086] kasan_save_stack+0x45/0x70 [ 15.785297] kasan_save_track+0x18/0x40 [ 15.785545] kasan_save_free_info+0x3f/0x60 [ 15.785715] __kasan_slab_free+0x56/0x70 [ 15.785886] kfree+0x222/0x3f0 [ 15.786077] kasan_strings+0x2aa/0xe80 [ 15.786304] kunit_try_run_case+0x1a5/0x480 [ 15.786535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.786841] kthread+0x337/0x6f0 [ 15.787036] ret_from_fork+0x116/0x1d0 [ 15.787309] ret_from_fork_asm+0x1a/0x30 [ 15.787514] [ 15.787598] The buggy address belongs to the object at ffff888102a0d780 [ 15.787598] which belongs to the cache kmalloc-32 of size 32 [ 15.788261] The buggy address is located 16 bytes inside of [ 15.788261] freed 32-byte region [ffff888102a0d780, ffff888102a0d7a0) [ 15.788776] [ 15.788887] The buggy address belongs to the physical page: [ 15.789159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0d [ 15.789453] flags: 0x200000000000000(node=0|zone=2) [ 15.789643] page_type: f5(slab) [ 15.789784] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 15.790581] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 15.790988] page dumped because: kasan: bad access detected [ 15.791607] [ 15.791723] Memory state around the buggy address: [ 15.791997] ffff888102a0d680: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.792433] ffff888102a0d700: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 15.792751] >ffff888102a0d780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.793378] ^ [ 15.793582] ffff888102a0d800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.793892] ffff888102a0d880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.794137] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 15.740371] ================================================================== [ 15.740801] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 15.741123] Read of size 1 at addr ffff888102a0d790 by task kunit_try_catch/277 [ 15.741570] [ 15.741709] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.741762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.741777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.741815] Call Trace: [ 15.741834] <TASK> [ 15.741854] dump_stack_lvl+0x73/0xb0 [ 15.741888] print_report+0xd1/0x650 [ 15.741914] ? __virt_addr_valid+0x1db/0x2d0 [ 15.741940] ? kasan_strings+0xcbc/0xe80 [ 15.741963] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.741988] ? kasan_strings+0xcbc/0xe80 [ 15.742012] kasan_report+0x141/0x180 [ 15.742038] ? kasan_strings+0xcbc/0xe80 [ 15.742066] __asan_report_load1_noabort+0x18/0x20 [ 15.742395] kasan_strings+0xcbc/0xe80 [ 15.742430] ? trace_hardirqs_on+0x37/0xe0 [ 15.742458] ? __pfx_kasan_strings+0x10/0x10 [ 15.742482] ? finish_task_switch.isra.0+0x153/0x700 [ 15.742507] ? __switch_to+0x47/0xf50 [ 15.742537] ? __schedule+0x10cc/0x2b60 [ 15.742564] ? __pfx_read_tsc+0x10/0x10 [ 15.742587] ? ktime_get_ts64+0x86/0x230 [ 15.742614] kunit_try_run_case+0x1a5/0x480 [ 15.742643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.742668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.742695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.742721] ? __kthread_parkme+0x82/0x180 [ 15.742744] ? preempt_count_sub+0x50/0x80 [ 15.742770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.742812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.742838] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.742865] kthread+0x337/0x6f0 [ 15.742888] ? trace_preempt_on+0x20/0xc0 [ 15.742913] ? __pfx_kthread+0x10/0x10 [ 15.742936] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.742962] ? calculate_sigpending+0x7b/0xa0 [ 15.742990] ? __pfx_kthread+0x10/0x10 [ 15.743014] ret_from_fork+0x116/0x1d0 [ 15.743036] ? __pfx_kthread+0x10/0x10 [ 15.743059] ret_from_fork_asm+0x1a/0x30 [ 15.743095] </TASK> [ 15.743109] [ 15.752612] Allocated by task 277: [ 15.752854] kasan_save_stack+0x45/0x70 [ 15.753101] kasan_save_track+0x18/0x40 [ 15.753421] kasan_save_alloc_info+0x3b/0x50 [ 15.753641] __kasan_kmalloc+0xb7/0xc0 [ 15.753833] __kmalloc_cache_noprof+0x189/0x420 [ 15.754015] kasan_strings+0xc0/0xe80 [ 15.754190] kunit_try_run_case+0x1a5/0x480 [ 15.754429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.754726] kthread+0x337/0x6f0 [ 15.755061] ret_from_fork+0x116/0x1d0 [ 15.755297] ret_from_fork_asm+0x1a/0x30 [ 15.755458] [ 15.755540] Freed by task 277: [ 15.755704] kasan_save_stack+0x45/0x70 [ 15.755947] kasan_save_track+0x18/0x40 [ 15.756174] kasan_save_free_info+0x3f/0x60 [ 15.756611] __kasan_slab_free+0x56/0x70 [ 15.757134] kfree+0x222/0x3f0 [ 15.757484] kasan_strings+0x2aa/0xe80 [ 15.757778] kunit_try_run_case+0x1a5/0x480 [ 15.758041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.758605] kthread+0x337/0x6f0 [ 15.758752] ret_from_fork+0x116/0x1d0 [ 15.758919] ret_from_fork_asm+0x1a/0x30 [ 15.759275] [ 15.759396] The buggy address belongs to the object at ffff888102a0d780 [ 15.759396] which belongs to the cache kmalloc-32 of size 32 [ 15.760036] The buggy address is located 16 bytes inside of [ 15.760036] freed 32-byte region [ffff888102a0d780, ffff888102a0d7a0) [ 15.760745] [ 15.760887] The buggy address belongs to the physical page: [ 15.761293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0d [ 15.761591] flags: 0x200000000000000(node=0|zone=2) [ 15.761882] page_type: f5(slab) [ 15.762082] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 15.762412] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 15.762676] page dumped because: kasan: bad access detected [ 15.763064] [ 15.763177] Memory state around the buggy address: [ 15.763501] ffff888102a0d680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.763970] ffff888102a0d700: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 15.764537] >ffff888102a0d780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.764893] ^ [ 15.765076] ffff888102a0d800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.765607] ffff888102a0d880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.765876] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 15.713324] ================================================================== [ 15.714408] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 15.714745] Read of size 1 at addr ffff888102a0d790 by task kunit_try_catch/277 [ 15.715231] [ 15.715362] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.715420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.715434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.715461] Call Trace: [ 15.715477] <TASK> [ 15.715499] dump_stack_lvl+0x73/0xb0 [ 15.715536] print_report+0xd1/0x650 [ 15.715566] ? __virt_addr_valid+0x1db/0x2d0 [ 15.715595] ? strcmp+0xb0/0xc0 [ 15.715619] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.715646] ? strcmp+0xb0/0xc0 [ 15.715671] kasan_report+0x141/0x180 [ 15.715697] ? strcmp+0xb0/0xc0 [ 15.715727] __asan_report_load1_noabort+0x18/0x20 [ 15.715755] strcmp+0xb0/0xc0 [ 15.715782] kasan_strings+0x431/0xe80 [ 15.715821] ? trace_hardirqs_on+0x37/0xe0 [ 15.715849] ? __pfx_kasan_strings+0x10/0x10 [ 15.715874] ? finish_task_switch.isra.0+0x153/0x700 [ 15.715900] ? __switch_to+0x47/0xf50 [ 15.715929] ? __schedule+0x10cc/0x2b60 [ 15.715955] ? __pfx_read_tsc+0x10/0x10 [ 15.715980] ? ktime_get_ts64+0x86/0x230 [ 15.716008] kunit_try_run_case+0x1a5/0x480 [ 15.716038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.716063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.716091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.716119] ? __kthread_parkme+0x82/0x180 [ 15.716212] ? preempt_count_sub+0x50/0x80 [ 15.716244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.716272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.716299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.716326] kthread+0x337/0x6f0 [ 15.716350] ? trace_preempt_on+0x20/0xc0 [ 15.716377] ? __pfx_kthread+0x10/0x10 [ 15.716401] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.716428] ? calculate_sigpending+0x7b/0xa0 [ 15.716456] ? __pfx_kthread+0x10/0x10 [ 15.716481] ret_from_fork+0x116/0x1d0 [ 15.716505] ? __pfx_kthread+0x10/0x10 [ 15.716529] ret_from_fork_asm+0x1a/0x30 [ 15.716565] </TASK> [ 15.716580] [ 15.727298] Allocated by task 277: [ 15.727523] kasan_save_stack+0x45/0x70 [ 15.727756] kasan_save_track+0x18/0x40 [ 15.727932] kasan_save_alloc_info+0x3b/0x50 [ 15.728136] __kasan_kmalloc+0xb7/0xc0 [ 15.728368] __kmalloc_cache_noprof+0x189/0x420 [ 15.728625] kasan_strings+0xc0/0xe80 [ 15.728829] kunit_try_run_case+0x1a5/0x480 [ 15.729018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.729271] kthread+0x337/0x6f0 [ 15.729479] ret_from_fork+0x116/0x1d0 [ 15.729782] ret_from_fork_asm+0x1a/0x30 [ 15.729965] [ 15.730049] Freed by task 277: [ 15.730219] kasan_save_stack+0x45/0x70 [ 15.730529] kasan_save_track+0x18/0x40 [ 15.730741] kasan_save_free_info+0x3f/0x60 [ 15.730968] __kasan_slab_free+0x56/0x70 [ 15.731276] kfree+0x222/0x3f0 [ 15.731478] kasan_strings+0x2aa/0xe80 [ 15.731674] kunit_try_run_case+0x1a5/0x480 [ 15.731920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.732337] kthread+0x337/0x6f0 [ 15.732503] ret_from_fork+0x116/0x1d0 [ 15.732725] ret_from_fork_asm+0x1a/0x30 [ 15.732943] [ 15.733047] The buggy address belongs to the object at ffff888102a0d780 [ 15.733047] which belongs to the cache kmalloc-32 of size 32 [ 15.733461] The buggy address is located 16 bytes inside of [ 15.733461] freed 32-byte region [ffff888102a0d780, ffff888102a0d7a0) [ 15.734145] [ 15.734267] The buggy address belongs to the physical page: [ 15.734481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0d [ 15.734760] flags: 0x200000000000000(node=0|zone=2) [ 15.735048] page_type: f5(slab) [ 15.735375] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 15.735780] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 15.736276] page dumped because: kasan: bad access detected [ 15.736485] [ 15.736567] Memory state around the buggy address: [ 15.736798] ffff888102a0d680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.737167] ffff888102a0d700: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 15.737606] >ffff888102a0d780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.737859] ^ [ 15.738356] ffff888102a0d800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.739298] ffff888102a0d880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 15.739567] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 15.677994] ================================================================== [ 15.678596] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 15.678873] Read of size 1 at addr ffff888102a0d658 by task kunit_try_catch/275 [ 15.679266] [ 15.679374] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.679428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.679444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.679470] Call Trace: [ 15.679487] <TASK> [ 15.679525] dump_stack_lvl+0x73/0xb0 [ 15.679560] print_report+0xd1/0x650 [ 15.679592] ? __virt_addr_valid+0x1db/0x2d0 [ 15.679621] ? memcmp+0x1b4/0x1d0 [ 15.679642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.679667] ? memcmp+0x1b4/0x1d0 [ 15.679689] kasan_report+0x141/0x180 [ 15.679714] ? memcmp+0x1b4/0x1d0 [ 15.679740] __asan_report_load1_noabort+0x18/0x20 [ 15.679768] memcmp+0x1b4/0x1d0 [ 15.679802] kasan_memcmp+0x18f/0x390 [ 15.679828] ? trace_hardirqs_on+0x37/0xe0 [ 15.679855] ? __pfx_kasan_memcmp+0x10/0x10 [ 15.679878] ? finish_task_switch.isra.0+0x153/0x700 [ 15.679905] ? __switch_to+0x47/0xf50 [ 15.679938] ? __pfx_read_tsc+0x10/0x10 [ 15.679964] ? ktime_get_ts64+0x86/0x230 [ 15.679992] kunit_try_run_case+0x1a5/0x480 [ 15.680023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.680048] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.680076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.680102] ? __kthread_parkme+0x82/0x180 [ 15.680127] ? preempt_count_sub+0x50/0x80 [ 15.680163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.680191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.680217] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.680244] kthread+0x337/0x6f0 [ 15.680267] ? trace_preempt_on+0x20/0xc0 [ 15.680292] ? __pfx_kthread+0x10/0x10 [ 15.680315] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.680340] ? calculate_sigpending+0x7b/0xa0 [ 15.680368] ? __pfx_kthread+0x10/0x10 [ 15.680392] ret_from_fork+0x116/0x1d0 [ 15.680414] ? __pfx_kthread+0x10/0x10 [ 15.680437] ret_from_fork_asm+0x1a/0x30 [ 15.680474] </TASK> [ 15.680489] [ 15.691711] Allocated by task 275: [ 15.691935] kasan_save_stack+0x45/0x70 [ 15.692126] kasan_save_track+0x18/0x40 [ 15.692428] kasan_save_alloc_info+0x3b/0x50 [ 15.692649] __kasan_kmalloc+0xb7/0xc0 [ 15.692814] __kmalloc_cache_noprof+0x189/0x420 [ 15.693045] kasan_memcmp+0xb7/0x390 [ 15.693392] kunit_try_run_case+0x1a5/0x480 [ 15.693648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.693971] kthread+0x337/0x6f0 [ 15.694160] ret_from_fork+0x116/0x1d0 [ 15.694536] ret_from_fork_asm+0x1a/0x30 [ 15.694705] [ 15.694803] The buggy address belongs to the object at ffff888102a0d640 [ 15.694803] which belongs to the cache kmalloc-32 of size 32 [ 15.695388] The buggy address is located 0 bytes to the right of [ 15.695388] allocated 24-byte region [ffff888102a0d640, ffff888102a0d658) [ 15.696376] [ 15.696518] The buggy address belongs to the physical page: [ 15.696732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a0d [ 15.697031] flags: 0x200000000000000(node=0|zone=2) [ 15.697824] page_type: f5(slab) [ 15.698130] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 15.698834] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 15.699695] page dumped because: kasan: bad access detected [ 15.700001] [ 15.700351] Memory state around the buggy address: [ 15.700681] ffff888102a0d500: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 15.701219] ffff888102a0d580: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 15.702030] >ffff888102a0d600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 15.702909] ^ [ 15.703602] ffff888102a0d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.703987] ffff888102a0d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.704869] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 15.644607] ================================================================== [ 15.645185] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 15.646261] Read of size 1 at addr ffff888103a5fc4a by task kunit_try_catch/271 [ 15.647033] [ 15.647274] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.647328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.647345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.647372] Call Trace: [ 15.647388] <TASK> [ 15.647409] dump_stack_lvl+0x73/0xb0 [ 15.647447] print_report+0xd1/0x650 [ 15.647474] ? __virt_addr_valid+0x1db/0x2d0 [ 15.647500] ? kasan_alloca_oob_right+0x329/0x390 [ 15.647527] ? kasan_addr_to_slab+0x11/0xa0 [ 15.647551] ? kasan_alloca_oob_right+0x329/0x390 [ 15.647577] kasan_report+0x141/0x180 [ 15.647601] ? kasan_alloca_oob_right+0x329/0x390 [ 15.647633] __asan_report_load1_noabort+0x18/0x20 [ 15.647660] kasan_alloca_oob_right+0x329/0x390 [ 15.647683] ? pick_eevdf+0x3c9/0x590 [ 15.647710] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.647734] ? finish_task_switch.isra.0+0x153/0x700 [ 15.647783] ? ww_mutex_unlock+0x6e/0x150 [ 15.647822] ? trace_hardirqs_on+0x37/0xe0 [ 15.647851] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 15.647881] ? __schedule+0x10cc/0x2b60 [ 15.647904] ? __pfx_read_tsc+0x10/0x10 [ 15.647928] ? ktime_get_ts64+0x86/0x230 [ 15.647955] kunit_try_run_case+0x1a5/0x480 [ 15.647984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.648008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.648035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.648063] ? __kthread_parkme+0x82/0x180 [ 15.648088] ? preempt_count_sub+0x50/0x80 [ 15.648114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.648143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.648168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.648195] kthread+0x337/0x6f0 [ 15.648218] ? trace_preempt_on+0x20/0xc0 [ 15.648242] ? __pfx_kthread+0x10/0x10 [ 15.648266] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.648290] ? calculate_sigpending+0x7b/0xa0 [ 15.648317] ? __pfx_kthread+0x10/0x10 [ 15.648341] ret_from_fork+0x116/0x1d0 [ 15.648363] ? __pfx_kthread+0x10/0x10 [ 15.648386] ret_from_fork_asm+0x1a/0x30 [ 15.648423] </TASK> [ 15.648438] [ 15.664029] The buggy address belongs to stack of task kunit_try_catch/271 [ 15.664936] [ 15.665186] The buggy address belongs to the physical page: [ 15.665579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a5f [ 15.665985] flags: 0x200000000000000(node=0|zone=2) [ 15.666278] raw: 0200000000000000 ffffea00040e97c8 ffffea00040e97c8 0000000000000000 [ 15.667038] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 15.667598] page dumped because: kasan: bad access detected [ 15.667815] [ 15.667896] Memory state around the buggy address: [ 15.668079] ffff888103a5fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.668331] ffff888103a5fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.668769] >ffff888103a5fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 15.669077] ^ [ 15.669652] ffff888103a5fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 15.669956] ffff888103a5fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 15.670601] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 13.614623] ================================================================== [ 13.615192] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 13.615943] Write of size 128 at addr ffff8881029e8f00 by task kunit_try_catch/188 [ 13.616920] [ 13.617189] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.617249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.617263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.617290] Call Trace: [ 13.617306] <TASK> [ 13.617329] dump_stack_lvl+0x73/0xb0 [ 13.617376] print_report+0xd1/0x650 [ 13.617403] ? __virt_addr_valid+0x1db/0x2d0 [ 13.617431] ? kmalloc_oob_in_memset+0x15f/0x320 [ 13.617456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.617481] ? kmalloc_oob_in_memset+0x15f/0x320 [ 13.617506] kasan_report+0x141/0x180 [ 13.617531] ? kmalloc_oob_in_memset+0x15f/0x320 [ 13.617561] kasan_check_range+0x10c/0x1c0 [ 13.617588] __asan_memset+0x27/0x50 [ 13.617610] kmalloc_oob_in_memset+0x15f/0x320 [ 13.617635] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 13.617660] ? __schedule+0x10cc/0x2b60 [ 13.617687] ? __pfx_read_tsc+0x10/0x10 [ 13.617711] ? ktime_get_ts64+0x86/0x230 [ 13.617738] kunit_try_run_case+0x1a5/0x480 [ 13.617767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.617832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.617858] ? __kthread_parkme+0x82/0x180 [ 13.617882] ? preempt_count_sub+0x50/0x80 [ 13.617909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.617961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.617986] kthread+0x337/0x6f0 [ 13.618008] ? trace_preempt_on+0x20/0xc0 [ 13.618034] ? __pfx_kthread+0x10/0x10 [ 13.618059] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.618083] ? calculate_sigpending+0x7b/0xa0 [ 13.618112] ? __pfx_kthread+0x10/0x10 [ 13.618145] ret_from_fork+0x116/0x1d0 [ 13.618167] ? __pfx_kthread+0x10/0x10 [ 13.618190] ret_from_fork_asm+0x1a/0x30 [ 13.618226] </TASK> [ 13.618240] [ 13.632702] Allocated by task 188: [ 13.632887] kasan_save_stack+0x45/0x70 [ 13.633067] kasan_save_track+0x18/0x40 [ 13.633560] kasan_save_alloc_info+0x3b/0x50 [ 13.634028] __kasan_kmalloc+0xb7/0xc0 [ 13.634476] __kmalloc_cache_noprof+0x189/0x420 [ 13.635196] kmalloc_oob_in_memset+0xac/0x320 [ 13.635649] kunit_try_run_case+0x1a5/0x480 [ 13.636080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.636475] kthread+0x337/0x6f0 [ 13.636856] ret_from_fork+0x116/0x1d0 [ 13.637263] ret_from_fork_asm+0x1a/0x30 [ 13.637441] [ 13.637529] The buggy address belongs to the object at ffff8881029e8f00 [ 13.637529] which belongs to the cache kmalloc-128 of size 128 [ 13.638872] The buggy address is located 0 bytes inside of [ 13.638872] allocated 120-byte region [ffff8881029e8f00, ffff8881029e8f78) [ 13.640290] [ 13.640387] The buggy address belongs to the physical page: [ 13.640590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 13.640904] flags: 0x200000000000000(node=0|zone=2) [ 13.641107] page_type: f5(slab) [ 13.641311] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.641666] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.642088] page dumped because: kasan: bad access detected [ 13.642687] [ 13.642808] Memory state around the buggy address: [ 13.643054] ffff8881029e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.643396] ffff8881029e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.643802] >ffff8881029e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.644427] ^ [ 13.644725] ffff8881029e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.645062] ffff8881029e9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.645461] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 13.570644] ================================================================== [ 13.571277] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 13.572067] Read of size 16 at addr ffff88810216f0e0 by task kunit_try_catch/186 [ 13.573027] [ 13.573290] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.573350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.573364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.573389] Call Trace: [ 13.573405] <TASK> [ 13.573426] dump_stack_lvl+0x73/0xb0 [ 13.573520] print_report+0xd1/0x650 [ 13.573559] ? __virt_addr_valid+0x1db/0x2d0 [ 13.573586] ? kmalloc_uaf_16+0x47b/0x4c0 [ 13.573609] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.573634] ? kmalloc_uaf_16+0x47b/0x4c0 [ 13.573657] kasan_report+0x141/0x180 [ 13.573682] ? kmalloc_uaf_16+0x47b/0x4c0 [ 13.573710] __asan_report_load16_noabort+0x18/0x20 [ 13.573737] kmalloc_uaf_16+0x47b/0x4c0 [ 13.573760] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 13.573784] ? __schedule+0x10cc/0x2b60 [ 13.573820] ? __pfx_read_tsc+0x10/0x10 [ 13.573844] ? ktime_get_ts64+0x86/0x230 [ 13.573873] kunit_try_run_case+0x1a5/0x480 [ 13.573900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.573924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.573951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.573978] ? __kthread_parkme+0x82/0x180 [ 13.574001] ? preempt_count_sub+0x50/0x80 [ 13.574028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.574054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.574079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.574104] kthread+0x337/0x6f0 [ 13.574126] ? trace_preempt_on+0x20/0xc0 [ 13.574163] ? __pfx_kthread+0x10/0x10 [ 13.574187] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.574210] ? calculate_sigpending+0x7b/0xa0 [ 13.574237] ? __pfx_kthread+0x10/0x10 [ 13.574261] ret_from_fork+0x116/0x1d0 [ 13.574282] ? __pfx_kthread+0x10/0x10 [ 13.574304] ret_from_fork_asm+0x1a/0x30 [ 13.574339] </TASK> [ 13.574352] [ 13.588593] Allocated by task 186: [ 13.588823] kasan_save_stack+0x45/0x70 [ 13.589423] kasan_save_track+0x18/0x40 [ 13.590112] kasan_save_alloc_info+0x3b/0x50 [ 13.590783] __kasan_kmalloc+0xb7/0xc0 [ 13.591343] __kmalloc_cache_noprof+0x189/0x420 [ 13.591985] kmalloc_uaf_16+0x15b/0x4c0 [ 13.592171] kunit_try_run_case+0x1a5/0x480 [ 13.592662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.593150] kthread+0x337/0x6f0 [ 13.593302] ret_from_fork+0x116/0x1d0 [ 13.593462] ret_from_fork_asm+0x1a/0x30 [ 13.593620] [ 13.593702] Freed by task 186: [ 13.593883] kasan_save_stack+0x45/0x70 [ 13.594821] kasan_save_track+0x18/0x40 [ 13.595303] kasan_save_free_info+0x3f/0x60 [ 13.595765] __kasan_slab_free+0x56/0x70 [ 13.596216] kfree+0x222/0x3f0 [ 13.596361] kmalloc_uaf_16+0x1d6/0x4c0 [ 13.596692] kunit_try_run_case+0x1a5/0x480 [ 13.597190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.597760] kthread+0x337/0x6f0 [ 13.598090] ret_from_fork+0x116/0x1d0 [ 13.598768] ret_from_fork_asm+0x1a/0x30 [ 13.598964] [ 13.599051] The buggy address belongs to the object at ffff88810216f0e0 [ 13.599051] which belongs to the cache kmalloc-16 of size 16 [ 13.600412] The buggy address is located 0 bytes inside of [ 13.600412] freed 16-byte region [ffff88810216f0e0, ffff88810216f0f0) [ 13.601879] [ 13.601986] The buggy address belongs to the physical page: [ 13.602434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 13.603222] flags: 0x200000000000000(node=0|zone=2) [ 13.603672] page_type: f5(slab) [ 13.603830] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.604105] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.604989] page dumped because: kasan: bad access detected [ 13.605976] [ 13.606269] Memory state around the buggy address: [ 13.606767] ffff88810216ef80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.607553] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 13.607885] >ffff88810216f080: 00 05 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 13.608194] ^ [ 13.608876] ffff88810216f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.609691] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.610674] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 13.541652] ================================================================== [ 13.542513] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 13.542905] Write of size 16 at addr ffff888102509ec0 by task kunit_try_catch/184 [ 13.543315] [ 13.543464] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.543520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.543534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.543558] Call Trace: [ 13.543575] <TASK> [ 13.543597] dump_stack_lvl+0x73/0xb0 [ 13.543635] print_report+0xd1/0x650 [ 13.543661] ? __virt_addr_valid+0x1db/0x2d0 [ 13.543690] ? kmalloc_oob_16+0x452/0x4a0 [ 13.543713] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.543738] ? kmalloc_oob_16+0x452/0x4a0 [ 13.543761] kasan_report+0x141/0x180 [ 13.544035] ? kmalloc_oob_16+0x452/0x4a0 [ 13.544103] __asan_report_store16_noabort+0x1b/0x30 [ 13.544197] kmalloc_oob_16+0x452/0x4a0 [ 13.544225] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 13.544250] ? __schedule+0x10cc/0x2b60 [ 13.544278] ? __pfx_read_tsc+0x10/0x10 [ 13.544303] ? ktime_get_ts64+0x86/0x230 [ 13.544332] kunit_try_run_case+0x1a5/0x480 [ 13.544360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.544385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.544413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.544438] ? __kthread_parkme+0x82/0x180 [ 13.544462] ? preempt_count_sub+0x50/0x80 [ 13.544491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.544517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.544542] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.544567] kthread+0x337/0x6f0 [ 13.544589] ? trace_preempt_on+0x20/0xc0 [ 13.544616] ? __pfx_kthread+0x10/0x10 [ 13.544638] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.544661] ? calculate_sigpending+0x7b/0xa0 [ 13.544689] ? __pfx_kthread+0x10/0x10 [ 13.544713] ret_from_fork+0x116/0x1d0 [ 13.544733] ? __pfx_kthread+0x10/0x10 [ 13.544756] ret_from_fork_asm+0x1a/0x30 [ 13.544807] </TASK> [ 13.544822] [ 13.553388] Allocated by task 184: [ 13.553619] kasan_save_stack+0x45/0x70 [ 13.553844] kasan_save_track+0x18/0x40 [ 13.554030] kasan_save_alloc_info+0x3b/0x50 [ 13.554479] __kasan_kmalloc+0xb7/0xc0 [ 13.554646] __kmalloc_cache_noprof+0x189/0x420 [ 13.554883] kmalloc_oob_16+0xa8/0x4a0 [ 13.555110] kunit_try_run_case+0x1a5/0x480 [ 13.555437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.555736] kthread+0x337/0x6f0 [ 13.555922] ret_from_fork+0x116/0x1d0 [ 13.556101] ret_from_fork_asm+0x1a/0x30 [ 13.556335] [ 13.556445] The buggy address belongs to the object at ffff888102509ec0 [ 13.556445] which belongs to the cache kmalloc-16 of size 16 [ 13.557021] The buggy address is located 0 bytes inside of [ 13.557021] allocated 13-byte region [ffff888102509ec0, ffff888102509ecd) [ 13.557560] [ 13.557673] The buggy address belongs to the physical page: [ 13.558025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102509 [ 13.558710] flags: 0x200000000000000(node=0|zone=2) [ 13.558983] page_type: f5(slab) [ 13.559296] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.559641] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.559977] page dumped because: kasan: bad access detected [ 13.560277] [ 13.560362] Memory state around the buggy address: [ 13.560596] ffff888102509d80: 00 03 fc fc fa fb fc fc 00 02 fc fc 00 05 fc fc [ 13.560981] ffff888102509e00: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.561397] >ffff888102509e80: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 13.561647] ^ [ 13.561891] ffff888102509f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.562506] ffff888102509f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.562906] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 13.473453] ================================================================== [ 13.474042] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 13.474389] Read of size 1 at addr ffff88810033a400 by task kunit_try_catch/182 [ 13.474823] [ 13.475271] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.475331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.475345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.475370] Call Trace: [ 13.475385] <TASK> [ 13.475406] dump_stack_lvl+0x73/0xb0 [ 13.475446] print_report+0xd1/0x650 [ 13.475473] ? __virt_addr_valid+0x1db/0x2d0 [ 13.475501] ? krealloc_uaf+0x1b8/0x5e0 [ 13.475525] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.475550] ? krealloc_uaf+0x1b8/0x5e0 [ 13.475574] kasan_report+0x141/0x180 [ 13.475599] ? krealloc_uaf+0x1b8/0x5e0 [ 13.475626] ? krealloc_uaf+0x1b8/0x5e0 [ 13.475650] __kasan_check_byte+0x3d/0x50 [ 13.475675] krealloc_noprof+0x3f/0x340 [ 13.475701] krealloc_uaf+0x1b8/0x5e0 [ 13.475725] ? __pfx_krealloc_uaf+0x10/0x10 [ 13.475748] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.475784] ? __pfx_krealloc_uaf+0x10/0x10 [ 13.475828] kunit_try_run_case+0x1a5/0x480 [ 13.475858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.475882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.475911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.475938] ? __kthread_parkme+0x82/0x180 [ 13.475966] ? preempt_count_sub+0x50/0x80 [ 13.475997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.476025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.476050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.476076] kthread+0x337/0x6f0 [ 13.476098] ? trace_preempt_on+0x20/0xc0 [ 13.476126] ? __pfx_kthread+0x10/0x10 [ 13.476166] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.476191] ? calculate_sigpending+0x7b/0xa0 [ 13.476220] ? __pfx_kthread+0x10/0x10 [ 13.476244] ret_from_fork+0x116/0x1d0 [ 13.476268] ? __pfx_kthread+0x10/0x10 [ 13.476291] ret_from_fork_asm+0x1a/0x30 [ 13.476327] </TASK> [ 13.476341] [ 13.485912] Allocated by task 182: [ 13.486125] kasan_save_stack+0x45/0x70 [ 13.486303] kasan_save_track+0x18/0x40 [ 13.486459] kasan_save_alloc_info+0x3b/0x50 [ 13.486705] __kasan_kmalloc+0xb7/0xc0 [ 13.486978] __kmalloc_cache_noprof+0x189/0x420 [ 13.487565] krealloc_uaf+0xbb/0x5e0 [ 13.487738] kunit_try_run_case+0x1a5/0x480 [ 13.488443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.488718] kthread+0x337/0x6f0 [ 13.489103] ret_from_fork+0x116/0x1d0 [ 13.489555] ret_from_fork_asm+0x1a/0x30 [ 13.489748] [ 13.489915] Freed by task 182: [ 13.490163] kasan_save_stack+0x45/0x70 [ 13.490416] kasan_save_track+0x18/0x40 [ 13.490572] kasan_save_free_info+0x3f/0x60 [ 13.490906] __kasan_slab_free+0x56/0x70 [ 13.491151] kfree+0x222/0x3f0 [ 13.491509] krealloc_uaf+0x13d/0x5e0 [ 13.491734] kunit_try_run_case+0x1a5/0x480 [ 13.491976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.492618] kthread+0x337/0x6f0 [ 13.493005] ret_from_fork+0x116/0x1d0 [ 13.493278] ret_from_fork_asm+0x1a/0x30 [ 13.493709] [ 13.494034] The buggy address belongs to the object at ffff88810033a400 [ 13.494034] which belongs to the cache kmalloc-256 of size 256 [ 13.494903] The buggy address is located 0 bytes inside of [ 13.494903] freed 256-byte region [ffff88810033a400, ffff88810033a500) [ 13.495524] [ 13.495731] The buggy address belongs to the physical page: [ 13.496038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.496720] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.497551] flags: 0x200000000000040(head|node=0|zone=2) [ 13.497850] page_type: f5(slab) [ 13.498055] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.498496] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.499111] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.499687] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.500283] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.500654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.501305] page dumped because: kasan: bad access detected [ 13.501713] [ 13.501836] Memory state around the buggy address: [ 13.502467] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.502842] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.503143] >ffff88810033a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.503563] ^ [ 13.503746] ffff88810033a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.504084] ffff88810033a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.504417] ================================================================== [ 13.505051] ================================================================== [ 13.505362] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 13.505617] Read of size 1 at addr ffff88810033a400 by task kunit_try_catch/182 [ 13.506869] [ 13.507074] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.507256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.507274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.507300] Call Trace: [ 13.507322] <TASK> [ 13.507345] dump_stack_lvl+0x73/0xb0 [ 13.507384] print_report+0xd1/0x650 [ 13.507410] ? __virt_addr_valid+0x1db/0x2d0 [ 13.507435] ? krealloc_uaf+0x53c/0x5e0 [ 13.507459] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.507483] ? krealloc_uaf+0x53c/0x5e0 [ 13.507506] kasan_report+0x141/0x180 [ 13.507530] ? krealloc_uaf+0x53c/0x5e0 [ 13.507558] __asan_report_load1_noabort+0x18/0x20 [ 13.508148] krealloc_uaf+0x53c/0x5e0 [ 13.508187] ? __pfx_krealloc_uaf+0x10/0x10 [ 13.508213] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.508249] ? __pfx_krealloc_uaf+0x10/0x10 [ 13.508278] kunit_try_run_case+0x1a5/0x480 [ 13.508306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.508330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.508356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.508381] ? __kthread_parkme+0x82/0x180 [ 13.508404] ? preempt_count_sub+0x50/0x80 [ 13.508432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.508458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.508482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.508507] kthread+0x337/0x6f0 [ 13.508528] ? trace_preempt_on+0x20/0xc0 [ 13.508553] ? __pfx_kthread+0x10/0x10 [ 13.508576] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.508600] ? calculate_sigpending+0x7b/0xa0 [ 13.508625] ? __pfx_kthread+0x10/0x10 [ 13.508649] ret_from_fork+0x116/0x1d0 [ 13.508672] ? __pfx_kthread+0x10/0x10 [ 13.508694] ret_from_fork_asm+0x1a/0x30 [ 13.508879] </TASK> [ 13.508900] [ 13.522116] Allocated by task 182: [ 13.522427] kasan_save_stack+0x45/0x70 [ 13.522687] kasan_save_track+0x18/0x40 [ 13.522936] kasan_save_alloc_info+0x3b/0x50 [ 13.523508] __kasan_kmalloc+0xb7/0xc0 [ 13.523749] __kmalloc_cache_noprof+0x189/0x420 [ 13.524032] krealloc_uaf+0xbb/0x5e0 [ 13.524310] kunit_try_run_case+0x1a5/0x480 [ 13.524489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.524737] kthread+0x337/0x6f0 [ 13.524962] ret_from_fork+0x116/0x1d0 [ 13.525182] ret_from_fork_asm+0x1a/0x30 [ 13.525397] [ 13.525481] Freed by task 182: [ 13.525613] kasan_save_stack+0x45/0x70 [ 13.525873] kasan_save_track+0x18/0x40 [ 13.526185] kasan_save_free_info+0x3f/0x60 [ 13.526446] __kasan_slab_free+0x56/0x70 [ 13.526669] kfree+0x222/0x3f0 [ 13.526874] krealloc_uaf+0x13d/0x5e0 [ 13.527173] kunit_try_run_case+0x1a5/0x480 [ 13.527427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.527659] kthread+0x337/0x6f0 [ 13.527812] ret_from_fork+0x116/0x1d0 [ 13.528034] ret_from_fork_asm+0x1a/0x30 [ 13.528554] [ 13.528673] The buggy address belongs to the object at ffff88810033a400 [ 13.528673] which belongs to the cache kmalloc-256 of size 256 [ 13.529137] The buggy address is located 0 bytes inside of [ 13.529137] freed 256-byte region [ffff88810033a400, ffff88810033a500) [ 13.529837] [ 13.529953] The buggy address belongs to the physical page: [ 13.530262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.530594] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.531068] flags: 0x200000000000040(head|node=0|zone=2) [ 13.531413] page_type: f5(slab) [ 13.531591] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.531954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.532372] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.532716] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.533355] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.533739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.534116] page dumped because: kasan: bad access detected [ 13.534360] [ 13.534472] Memory state around the buggy address: [ 13.534725] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.535109] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.535497] >ffff88810033a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.535879] ^ [ 13.536099] ffff88810033a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.536511] ffff88810033a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.536851] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 13.380953] ================================================================== [ 13.381710] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.382021] Write of size 1 at addr ffff8881028ee0d0 by task kunit_try_catch/180 [ 13.382925] [ 13.383233] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.383299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.383315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.383348] Call Trace: [ 13.383365] <TASK> [ 13.383412] dump_stack_lvl+0x73/0xb0 [ 13.383453] print_report+0xd1/0x650 [ 13.383480] ? __virt_addr_valid+0x1db/0x2d0 [ 13.383508] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383537] ? kasan_addr_to_slab+0x11/0xa0 [ 13.383563] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383592] kasan_report+0x141/0x180 [ 13.383618] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383652] __asan_report_store1_noabort+0x1b/0x30 [ 13.383677] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.383708] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.383737] ? finish_task_switch.isra.0+0x153/0x700 [ 13.383764] ? __switch_to+0x47/0xf50 [ 13.383807] ? __schedule+0x10cc/0x2b60 [ 13.383836] ? __pfx_read_tsc+0x10/0x10 [ 13.383865] krealloc_large_less_oob+0x1c/0x30 [ 13.383892] kunit_try_run_case+0x1a5/0x480 [ 13.383921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.383948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.383976] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.384004] ? __kthread_parkme+0x82/0x180 [ 13.384029] ? preempt_count_sub+0x50/0x80 [ 13.384056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.384131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.384381] kthread+0x337/0x6f0 [ 13.384410] ? trace_preempt_on+0x20/0xc0 [ 13.384439] ? __pfx_kthread+0x10/0x10 [ 13.384463] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.384489] ? calculate_sigpending+0x7b/0xa0 [ 13.384518] ? __pfx_kthread+0x10/0x10 [ 13.384543] ret_from_fork+0x116/0x1d0 [ 13.384567] ? __pfx_kthread+0x10/0x10 [ 13.384591] ret_from_fork_asm+0x1a/0x30 [ 13.384627] </TASK> [ 13.384642] [ 13.399884] The buggy address belongs to the physical page: [ 13.400486] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.401034] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.401973] flags: 0x200000000000040(head|node=0|zone=2) [ 13.402838] page_type: f8(unknown) [ 13.403225] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.403603] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.403885] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.404173] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.404728] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.405553] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.406351] page dumped because: kasan: bad access detected [ 13.406980] [ 13.407188] Memory state around the buggy address: [ 13.407387] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407639] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407908] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.408537] ^ [ 13.408823] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.409163] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.409487] ================================================================== [ 13.229111] ================================================================== [ 13.229459] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.229905] Write of size 1 at addr ffff88810033a2ea by task kunit_try_catch/176 [ 13.230418] [ 13.230579] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.230643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.230657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.230681] Call Trace: [ 13.230702] <TASK> [ 13.230722] dump_stack_lvl+0x73/0xb0 [ 13.230759] print_report+0xd1/0x650 [ 13.230785] ? __virt_addr_valid+0x1db/0x2d0 [ 13.230820] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230855] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.230880] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230906] kasan_report+0x141/0x180 [ 13.230953] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.230985] __asan_report_store1_noabort+0x1b/0x30 [ 13.231007] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.231047] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.231071] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.231105] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.231135] krealloc_less_oob+0x1c/0x30 [ 13.231274] kunit_try_run_case+0x1a5/0x480 [ 13.231316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.231341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.231367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.231392] ? __kthread_parkme+0x82/0x180 [ 13.231415] ? preempt_count_sub+0x50/0x80 [ 13.231442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.231478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.231502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.231539] kthread+0x337/0x6f0 [ 13.231560] ? trace_preempt_on+0x20/0xc0 [ 13.231586] ? __pfx_kthread+0x10/0x10 [ 13.231609] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.231632] ? calculate_sigpending+0x7b/0xa0 [ 13.231658] ? __pfx_kthread+0x10/0x10 [ 13.231681] ret_from_fork+0x116/0x1d0 [ 13.231704] ? __pfx_kthread+0x10/0x10 [ 13.231726] ret_from_fork_asm+0x1a/0x30 [ 13.231761] </TASK> [ 13.231775] [ 13.241102] Allocated by task 176: [ 13.241387] kasan_save_stack+0x45/0x70 [ 13.241639] kasan_save_track+0x18/0x40 [ 13.241869] kasan_save_alloc_info+0x3b/0x50 [ 13.242038] __kasan_krealloc+0x190/0x1f0 [ 13.242418] krealloc_noprof+0xf3/0x340 [ 13.242674] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.242915] krealloc_less_oob+0x1c/0x30 [ 13.243094] kunit_try_run_case+0x1a5/0x480 [ 13.243365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.243588] kthread+0x337/0x6f0 [ 13.243748] ret_from_fork+0x116/0x1d0 [ 13.246501] ret_from_fork_asm+0x1a/0x30 [ 13.247293] [ 13.247816] The buggy address belongs to the object at ffff88810033a200 [ 13.247816] which belongs to the cache kmalloc-256 of size 256 [ 13.248544] The buggy address is located 33 bytes to the right of [ 13.248544] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.250959] [ 13.252200] The buggy address belongs to the physical page: [ 13.252417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.252781] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.253644] flags: 0x200000000000040(head|node=0|zone=2) [ 13.254337] page_type: f5(slab) [ 13.254482] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.255338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.255843] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.256356] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.256949] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.257304] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.257680] page dumped because: kasan: bad access detected [ 13.258045] [ 13.258272] Memory state around the buggy address: [ 13.258461] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.258858] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.259239] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.259741] ^ [ 13.260835] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.261218] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.261764] ================================================================== [ 13.345431] ================================================================== [ 13.347166] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.347848] Write of size 1 at addr ffff8881028ee0c9 by task kunit_try_catch/180 [ 13.348501] [ 13.348720] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.348802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.348819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.348885] Call Trace: [ 13.348903] <TASK> [ 13.348958] dump_stack_lvl+0x73/0xb0 [ 13.349003] print_report+0xd1/0x650 [ 13.349044] ? __virt_addr_valid+0x1db/0x2d0 [ 13.349097] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349127] ? kasan_addr_to_slab+0x11/0xa0 [ 13.349151] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349180] kasan_report+0x141/0x180 [ 13.349205] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349239] __asan_report_store1_noabort+0x1b/0x30 [ 13.349264] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.349294] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.349323] ? finish_task_switch.isra.0+0x153/0x700 [ 13.349377] ? __switch_to+0x47/0xf50 [ 13.349409] ? __schedule+0x10cc/0x2b60 [ 13.349436] ? __pfx_read_tsc+0x10/0x10 [ 13.349466] krealloc_large_less_oob+0x1c/0x30 [ 13.349493] kunit_try_run_case+0x1a5/0x480 [ 13.349525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.349580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.349608] ? __kthread_parkme+0x82/0x180 [ 13.349634] ? preempt_count_sub+0x50/0x80 [ 13.349660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.349689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.349716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.349745] kthread+0x337/0x6f0 [ 13.349767] ? trace_preempt_on+0x20/0xc0 [ 13.349805] ? __pfx_kthread+0x10/0x10 [ 13.349829] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.349854] ? calculate_sigpending+0x7b/0xa0 [ 13.349884] ? __pfx_kthread+0x10/0x10 [ 13.349909] ret_from_fork+0x116/0x1d0 [ 13.349931] ? __pfx_kthread+0x10/0x10 [ 13.349955] ret_from_fork_asm+0x1a/0x30 [ 13.349992] </TASK> [ 13.350006] [ 13.367335] The buggy address belongs to the physical page: [ 13.368555] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.369540] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.370683] flags: 0x200000000000040(head|node=0|zone=2) [ 13.371172] page_type: f8(unknown) [ 13.371519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.372250] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.372775] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.373062] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.374089] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.374942] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.375575] page dumped because: kasan: bad access detected [ 13.375781] [ 13.375879] Memory state around the buggy address: [ 13.376057] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376305] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.377184] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.377529] ^ [ 13.378075] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.378633] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.379521] ================================================================== [ 13.409947] ================================================================== [ 13.410328] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.410679] Write of size 1 at addr ffff8881028ee0da by task kunit_try_catch/180 [ 13.411068] [ 13.411224] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.411283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.411299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.411332] Call Trace: [ 13.411354] <TASK> [ 13.411482] dump_stack_lvl+0x73/0xb0 [ 13.411525] print_report+0xd1/0x650 [ 13.411553] ? __virt_addr_valid+0x1db/0x2d0 [ 13.411581] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411609] ? kasan_addr_to_slab+0x11/0xa0 [ 13.411634] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411662] kasan_report+0x141/0x180 [ 13.411688] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411721] __asan_report_store1_noabort+0x1b/0x30 [ 13.411746] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.411777] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.411822] ? finish_task_switch.isra.0+0x153/0x700 [ 13.411848] ? __switch_to+0x47/0xf50 [ 13.411878] ? __schedule+0x10cc/0x2b60 [ 13.411904] ? __pfx_read_tsc+0x10/0x10 [ 13.411933] krealloc_large_less_oob+0x1c/0x30 [ 13.411959] kunit_try_run_case+0x1a5/0x480 [ 13.411989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.412016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.412043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.412070] ? __kthread_parkme+0x82/0x180 [ 13.412095] ? preempt_count_sub+0x50/0x80 [ 13.412121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.412149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.412363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.412403] kthread+0x337/0x6f0 [ 13.412426] ? trace_preempt_on+0x20/0xc0 [ 13.412456] ? __pfx_kthread+0x10/0x10 [ 13.412480] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.412506] ? calculate_sigpending+0x7b/0xa0 [ 13.412535] ? __pfx_kthread+0x10/0x10 [ 13.412559] ret_from_fork+0x116/0x1d0 [ 13.412582] ? __pfx_kthread+0x10/0x10 [ 13.412606] ret_from_fork_asm+0x1a/0x30 [ 13.412642] </TASK> [ 13.412657] [ 13.421742] The buggy address belongs to the physical page: [ 13.421986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.422457] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.422881] flags: 0x200000000000040(head|node=0|zone=2) [ 13.423241] page_type: f8(unknown) [ 13.423402] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.423675] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.424064] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.424470] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.425278] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.425570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.425949] page dumped because: kasan: bad access detected [ 13.426434] [ 13.426551] Memory state around the buggy address: [ 13.426832] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.427230] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.427567] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.427937] ^ [ 13.428415] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.428761] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.429075] ================================================================== [ 13.201922] ================================================================== [ 13.202432] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.202854] Write of size 1 at addr ffff88810033a2da by task kunit_try_catch/176 [ 13.203380] [ 13.203522] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.203574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.203588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.203612] Call Trace: [ 13.203627] <TASK> [ 13.203649] dump_stack_lvl+0x73/0xb0 [ 13.203686] print_report+0xd1/0x650 [ 13.203712] ? __virt_addr_valid+0x1db/0x2d0 [ 13.203737] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.203799] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203826] kasan_report+0x141/0x180 [ 13.203863] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203895] __asan_report_store1_noabort+0x1b/0x30 [ 13.203918] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.203959] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.203984] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.204017] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.204046] krealloc_less_oob+0x1c/0x30 [ 13.204091] kunit_try_run_case+0x1a5/0x480 [ 13.204119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.204317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.204346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.204372] ? __kthread_parkme+0x82/0x180 [ 13.204396] ? preempt_count_sub+0x50/0x80 [ 13.204422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.204448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.204474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.204499] kthread+0x337/0x6f0 [ 13.204520] ? trace_preempt_on+0x20/0xc0 [ 13.204547] ? __pfx_kthread+0x10/0x10 [ 13.204570] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.204593] ? calculate_sigpending+0x7b/0xa0 [ 13.204619] ? __pfx_kthread+0x10/0x10 [ 13.204643] ret_from_fork+0x116/0x1d0 [ 13.204665] ? __pfx_kthread+0x10/0x10 [ 13.204687] ret_from_fork_asm+0x1a/0x30 [ 13.204722] </TASK> [ 13.204736] [ 13.213934] Allocated by task 176: [ 13.214259] kasan_save_stack+0x45/0x70 [ 13.214506] kasan_save_track+0x18/0x40 [ 13.214726] kasan_save_alloc_info+0x3b/0x50 [ 13.214985] __kasan_krealloc+0x190/0x1f0 [ 13.215193] krealloc_noprof+0xf3/0x340 [ 13.215349] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.215608] krealloc_less_oob+0x1c/0x30 [ 13.215920] kunit_try_run_case+0x1a5/0x480 [ 13.216439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.216750] kthread+0x337/0x6f0 [ 13.216929] ret_from_fork+0x116/0x1d0 [ 13.217117] ret_from_fork_asm+0x1a/0x30 [ 13.217468] [ 13.217582] The buggy address belongs to the object at ffff88810033a200 [ 13.217582] which belongs to the cache kmalloc-256 of size 256 [ 13.218714] The buggy address is located 17 bytes to the right of [ 13.218714] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.219335] [ 13.219441] The buggy address belongs to the physical page: [ 13.219708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.220958] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.221636] flags: 0x200000000000040(head|node=0|zone=2) [ 13.222237] page_type: f5(slab) [ 13.222437] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.222818] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.223115] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.223519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.223953] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.224612] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.225030] page dumped because: kasan: bad access detected [ 13.225447] [ 13.225563] Memory state around the buggy address: [ 13.225783] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.226171] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.226662] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.227017] ^ [ 13.227329] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.227807] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.228262] ================================================================== [ 13.262415] ================================================================== [ 13.262808] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.263359] Write of size 1 at addr ffff88810033a2eb by task kunit_try_catch/176 [ 13.263696] [ 13.263849] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.263902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.263916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.263941] Call Trace: [ 13.263963] <TASK> [ 13.263985] dump_stack_lvl+0x73/0xb0 [ 13.264022] print_report+0xd1/0x650 [ 13.264050] ? __virt_addr_valid+0x1db/0x2d0 [ 13.264100] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.264166] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264192] kasan_report+0x141/0x180 [ 13.264216] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264462] __asan_report_store1_noabort+0x1b/0x30 [ 13.264495] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.264556] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.264582] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.264632] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.264662] krealloc_less_oob+0x1c/0x30 [ 13.264685] kunit_try_run_case+0x1a5/0x480 [ 13.264712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.264736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.264763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.264804] ? __kthread_parkme+0x82/0x180 [ 13.264833] ? preempt_count_sub+0x50/0x80 [ 13.264861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.264889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.264913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.264938] kthread+0x337/0x6f0 [ 13.264959] ? trace_preempt_on+0x20/0xc0 [ 13.264985] ? __pfx_kthread+0x10/0x10 [ 13.265008] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.265031] ? calculate_sigpending+0x7b/0xa0 [ 13.265058] ? __pfx_kthread+0x10/0x10 [ 13.265082] ret_from_fork+0x116/0x1d0 [ 13.265106] ? __pfx_kthread+0x10/0x10 [ 13.265130] ret_from_fork_asm+0x1a/0x30 [ 13.265167] </TASK> [ 13.265181] [ 13.275732] Allocated by task 176: [ 13.276004] kasan_save_stack+0x45/0x70 [ 13.276188] kasan_save_track+0x18/0x40 [ 13.276527] kasan_save_alloc_info+0x3b/0x50 [ 13.276781] __kasan_krealloc+0x190/0x1f0 [ 13.277015] krealloc_noprof+0xf3/0x340 [ 13.277284] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.277534] krealloc_less_oob+0x1c/0x30 [ 13.277781] kunit_try_run_case+0x1a5/0x480 [ 13.278261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.278707] kthread+0x337/0x6f0 [ 13.278945] ret_from_fork+0x116/0x1d0 [ 13.279293] ret_from_fork_asm+0x1a/0x30 [ 13.279535] [ 13.279645] The buggy address belongs to the object at ffff88810033a200 [ 13.279645] which belongs to the cache kmalloc-256 of size 256 [ 13.280342] The buggy address is located 34 bytes to the right of [ 13.280342] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.280894] [ 13.281031] The buggy address belongs to the physical page: [ 13.281535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.281960] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.282488] flags: 0x200000000000040(head|node=0|zone=2) [ 13.283056] page_type: f5(slab) [ 13.283239] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.283875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.284287] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.284862] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.285513] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.285892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.286733] page dumped because: kasan: bad access detected [ 13.287050] [ 13.287141] Memory state around the buggy address: [ 13.287391] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.287757] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.288564] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.288906] ^ [ 13.289356] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.289640] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.290003] ================================================================== [ 13.132485] ================================================================== [ 13.133568] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 13.134690] Write of size 1 at addr ffff88810033a2c9 by task kunit_try_catch/176 [ 13.134978] [ 13.135120] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.135220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.135236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.135278] Call Trace: [ 13.135312] <TASK> [ 13.135335] dump_stack_lvl+0x73/0xb0 [ 13.135373] print_report+0xd1/0x650 [ 13.135400] ? __virt_addr_valid+0x1db/0x2d0 [ 13.135427] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.135478] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135504] kasan_report+0x141/0x180 [ 13.135529] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135561] __asan_report_store1_noabort+0x1b/0x30 [ 13.135583] krealloc_less_oob_helper+0xd70/0x11d0 [ 13.135613] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.135642] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.135677] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.135706] krealloc_less_oob+0x1c/0x30 [ 13.135730] kunit_try_run_case+0x1a5/0x480 [ 13.135758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.135823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.135849] ? __kthread_parkme+0x82/0x180 [ 13.135874] ? preempt_count_sub+0x50/0x80 [ 13.135901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.135927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.135952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.135977] kthread+0x337/0x6f0 [ 13.135998] ? trace_preempt_on+0x20/0xc0 [ 13.136024] ? __pfx_kthread+0x10/0x10 [ 13.136047] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.136091] ? calculate_sigpending+0x7b/0xa0 [ 13.136119] ? __pfx_kthread+0x10/0x10 [ 13.136161] ret_from_fork+0x116/0x1d0 [ 13.136183] ? __pfx_kthread+0x10/0x10 [ 13.136206] ret_from_fork_asm+0x1a/0x30 [ 13.136241] </TASK> [ 13.136254] [ 13.150102] Allocated by task 176: [ 13.150559] kasan_save_stack+0x45/0x70 [ 13.150977] kasan_save_track+0x18/0x40 [ 13.151395] kasan_save_alloc_info+0x3b/0x50 [ 13.151573] __kasan_krealloc+0x190/0x1f0 [ 13.151729] krealloc_noprof+0xf3/0x340 [ 13.151900] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.152085] krealloc_less_oob+0x1c/0x30 [ 13.152517] kunit_try_run_case+0x1a5/0x480 [ 13.152965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.153587] kthread+0x337/0x6f0 [ 13.153948] ret_from_fork+0x116/0x1d0 [ 13.154417] ret_from_fork_asm+0x1a/0x30 [ 13.154829] [ 13.155014] The buggy address belongs to the object at ffff88810033a200 [ 13.155014] which belongs to the cache kmalloc-256 of size 256 [ 13.156352] The buggy address is located 0 bytes to the right of [ 13.156352] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.156833] [ 13.156919] The buggy address belongs to the physical page: [ 13.157284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.158087] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.158898] flags: 0x200000000000040(head|node=0|zone=2) [ 13.159537] page_type: f5(slab) [ 13.159887] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.160495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.161368] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.161741] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.162028] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.162298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.162556] page dumped because: kasan: bad access detected [ 13.162757] [ 13.162848] Memory state around the buggy address: [ 13.163026] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.163266] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.163509] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.163748] ^ [ 13.164262] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.164947] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.165920] ================================================================== [ 13.429843] ================================================================== [ 13.430284] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 13.430579] Write of size 1 at addr ffff8881028ee0ea by task kunit_try_catch/180 [ 13.430967] [ 13.431103] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.431162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.431177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.431210] Call Trace: [ 13.431231] <TASK> [ 13.431250] dump_stack_lvl+0x73/0xb0 [ 13.431285] print_report+0xd1/0x650 [ 13.431312] ? __virt_addr_valid+0x1db/0x2d0 [ 13.431339] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431368] ? kasan_addr_to_slab+0x11/0xa0 [ 13.431393] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431421] kasan_report+0x141/0x180 [ 13.431447] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431481] __asan_report_store1_noabort+0x1b/0x30 [ 13.431506] krealloc_less_oob_helper+0xe90/0x11d0 [ 13.431537] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.431566] ? finish_task_switch.isra.0+0x153/0x700 [ 13.431593] ? __switch_to+0x47/0xf50 [ 13.431624] ? __schedule+0x10cc/0x2b60 [ 13.431651] ? __pfx_read_tsc+0x10/0x10 [ 13.431680] krealloc_large_less_oob+0x1c/0x30 [ 13.431709] kunit_try_run_case+0x1a5/0x480 [ 13.431737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.431764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.432072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.432112] ? __kthread_parkme+0x82/0x180 [ 13.432311] ? preempt_count_sub+0x50/0x80 [ 13.432348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.432378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.432407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.432435] kthread+0x337/0x6f0 [ 13.432458] ? trace_preempt_on+0x20/0xc0 [ 13.432487] ? __pfx_kthread+0x10/0x10 [ 13.432512] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.432540] ? calculate_sigpending+0x7b/0xa0 [ 13.432570] ? __pfx_kthread+0x10/0x10 [ 13.432597] ret_from_fork+0x116/0x1d0 [ 13.432623] ? __pfx_kthread+0x10/0x10 [ 13.432648] ret_from_fork_asm+0x1a/0x30 [ 13.432686] </TASK> [ 13.432700] [ 13.441936] The buggy address belongs to the physical page: [ 13.442327] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.442635] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.443025] flags: 0x200000000000040(head|node=0|zone=2) [ 13.443504] page_type: f8(unknown) [ 13.443668] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.443958] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.444354] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.444749] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.445034] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.445511] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.445913] page dumped because: kasan: bad access detected [ 13.446114] [ 13.446560] Memory state around the buggy address: [ 13.446858] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.447155] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.447475] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.448062] ^ [ 13.448556] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.448902] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.449355] ================================================================== [ 13.167156] ================================================================== [ 13.168382] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 13.169164] Write of size 1 at addr ffff88810033a2d0 by task kunit_try_catch/176 [ 13.169982] [ 13.170309] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.170367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.170381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.170406] Call Trace: [ 13.170430] <TASK> [ 13.170452] dump_stack_lvl+0x73/0xb0 [ 13.170489] print_report+0xd1/0x650 [ 13.170515] ? __virt_addr_valid+0x1db/0x2d0 [ 13.170541] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.170592] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170618] kasan_report+0x141/0x180 [ 13.170642] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170673] __asan_report_store1_noabort+0x1b/0x30 [ 13.170696] krealloc_less_oob_helper+0xe23/0x11d0 [ 13.170724] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.170749] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.170782] ? __pfx_krealloc_less_oob+0x10/0x10 [ 13.170828] krealloc_less_oob+0x1c/0x30 [ 13.170852] kunit_try_run_case+0x1a5/0x480 [ 13.170880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.170903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.170929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.170954] ? __kthread_parkme+0x82/0x180 [ 13.170977] ? preempt_count_sub+0x50/0x80 [ 13.171003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.171029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.171053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.171078] kthread+0x337/0x6f0 [ 13.171099] ? trace_preempt_on+0x20/0xc0 [ 13.171125] ? __pfx_kthread+0x10/0x10 [ 13.171147] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.171170] ? calculate_sigpending+0x7b/0xa0 [ 13.171196] ? __pfx_kthread+0x10/0x10 [ 13.171220] ret_from_fork+0x116/0x1d0 [ 13.171244] ? __pfx_kthread+0x10/0x10 [ 13.171267] ret_from_fork_asm+0x1a/0x30 [ 13.171305] </TASK> [ 13.171319] [ 13.184526] Allocated by task 176: [ 13.185290] kasan_save_stack+0x45/0x70 [ 13.185603] kasan_save_track+0x18/0x40 [ 13.185844] kasan_save_alloc_info+0x3b/0x50 [ 13.186085] __kasan_krealloc+0x190/0x1f0 [ 13.186926] krealloc_noprof+0xf3/0x340 [ 13.187126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.187317] krealloc_less_oob+0x1c/0x30 [ 13.187476] kunit_try_run_case+0x1a5/0x480 [ 13.187642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.187871] kthread+0x337/0x6f0 [ 13.188067] ret_from_fork+0x116/0x1d0 [ 13.188284] ret_from_fork_asm+0x1a/0x30 [ 13.188513] [ 13.188990] The buggy address belongs to the object at ffff88810033a200 [ 13.188990] which belongs to the cache kmalloc-256 of size 256 [ 13.190522] The buggy address is located 7 bytes to the right of [ 13.190522] allocated 201-byte region [ffff88810033a200, ffff88810033a2c9) [ 13.191463] [ 13.191676] The buggy address belongs to the physical page: [ 13.192063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a [ 13.192948] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.193632] flags: 0x200000000000040(head|node=0|zone=2) [ 13.194293] page_type: f5(slab) [ 13.194442] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.194703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.194982] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.195505] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.195827] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff [ 13.196458] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.196818] page dumped because: kasan: bad access detected [ 13.197107] [ 13.197218] Memory state around the buggy address: [ 13.197582] ffff88810033a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197951] ffff88810033a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.198462] >ffff88810033a280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.198821] ^ [ 13.199132] ffff88810033a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.199539] ffff88810033a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.199922] ================================================================== [ 13.449804] ================================================================== [ 13.450455] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 13.450889] Write of size 1 at addr ffff8881028ee0eb by task kunit_try_catch/180 [ 13.451366] [ 13.451498] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.451556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.451571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.451603] Call Trace: [ 13.451624] <TASK> [ 13.451642] dump_stack_lvl+0x73/0xb0 [ 13.451679] print_report+0xd1/0x650 [ 13.451706] ? __virt_addr_valid+0x1db/0x2d0 [ 13.451734] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451763] ? kasan_addr_to_slab+0x11/0xa0 [ 13.451803] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451833] kasan_report+0x141/0x180 [ 13.451859] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451893] __asan_report_store1_noabort+0x1b/0x30 [ 13.451919] krealloc_less_oob_helper+0xd47/0x11d0 [ 13.451950] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.451979] ? finish_task_switch.isra.0+0x153/0x700 [ 13.452005] ? __switch_to+0x47/0xf50 [ 13.452034] ? __schedule+0x10cc/0x2b60 [ 13.452060] ? __pfx_read_tsc+0x10/0x10 [ 13.452102] krealloc_large_less_oob+0x1c/0x30 [ 13.452129] kunit_try_run_case+0x1a5/0x480 [ 13.452157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.452183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.452212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.452241] ? __kthread_parkme+0x82/0x180 [ 13.452265] ? preempt_count_sub+0x50/0x80 [ 13.452292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.452320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.452348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.452377] kthread+0x337/0x6f0 [ 13.452399] ? trace_preempt_on+0x20/0xc0 [ 13.452426] ? __pfx_kthread+0x10/0x10 [ 13.452450] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.452476] ? calculate_sigpending+0x7b/0xa0 [ 13.452505] ? __pfx_kthread+0x10/0x10 [ 13.452530] ret_from_fork+0x116/0x1d0 [ 13.452552] ? __pfx_kthread+0x10/0x10 [ 13.452575] ret_from_fork_asm+0x1a/0x30 [ 13.452611] </TASK> [ 13.452624] [ 13.461414] The buggy address belongs to the physical page: [ 13.461630] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ec [ 13.461988] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.462376] flags: 0x200000000000040(head|node=0|zone=2) [ 13.462670] page_type: f8(unknown) [ 13.462884] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.463366] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.463636] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.464042] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.464436] head: 0200000000000002 ffffea00040a3b01 00000000ffffffff 00000000ffffffff [ 13.465002] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.465618] page dumped because: kasan: bad access detected [ 13.465897] [ 13.466006] Memory state around the buggy address: [ 13.466312] ffff8881028edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.466640] ffff8881028ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.466930] >ffff8881028ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 13.467174] ^ [ 13.467509] ffff8881028ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.467906] ffff8881028ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.468847] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 13.296647] ================================================================== [ 13.297191] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.297632] Write of size 1 at addr ffff888102afe0eb by task kunit_try_catch/178 [ 13.298209] [ 13.298355] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.298423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.298436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.298475] Call Trace: [ 13.298490] <TASK> [ 13.298511] dump_stack_lvl+0x73/0xb0 [ 13.298560] print_report+0xd1/0x650 [ 13.298586] ? __virt_addr_valid+0x1db/0x2d0 [ 13.298613] ? krealloc_more_oob_helper+0x821/0x930 [ 13.298652] ? kasan_addr_to_slab+0x11/0xa0 [ 13.298674] ? krealloc_more_oob_helper+0x821/0x930 [ 13.298702] kasan_report+0x141/0x180 [ 13.298727] ? krealloc_more_oob_helper+0x821/0x930 [ 13.298758] __asan_report_store1_noabort+0x1b/0x30 [ 13.298781] krealloc_more_oob_helper+0x821/0x930 [ 13.298816] ? __schedule+0x10cc/0x2b60 [ 13.298842] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.298869] ? finish_task_switch.isra.0+0x153/0x700 [ 13.298906] ? __switch_to+0x47/0xf50 [ 13.298936] ? __schedule+0x10cc/0x2b60 [ 13.298960] ? __pfx_read_tsc+0x10/0x10 [ 13.299001] krealloc_large_more_oob+0x1c/0x30 [ 13.299026] kunit_try_run_case+0x1a5/0x480 [ 13.299068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.299092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.299119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.299173] ? __kthread_parkme+0x82/0x180 [ 13.299197] ? preempt_count_sub+0x50/0x80 [ 13.299234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.299259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.299284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.299309] kthread+0x337/0x6f0 [ 13.299331] ? trace_preempt_on+0x20/0xc0 [ 13.299358] ? __pfx_kthread+0x10/0x10 [ 13.299380] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.299405] ? calculate_sigpending+0x7b/0xa0 [ 13.299432] ? __pfx_kthread+0x10/0x10 [ 13.299456] ret_from_fork+0x116/0x1d0 [ 13.299477] ? __pfx_kthread+0x10/0x10 [ 13.299499] ret_from_fork_asm+0x1a/0x30 [ 13.299534] </TASK> [ 13.299548] [ 13.311706] The buggy address belongs to the physical page: [ 13.312172] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 13.312713] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.313222] flags: 0x200000000000040(head|node=0|zone=2) [ 13.313636] page_type: f8(unknown) [ 13.313959] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.314543] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.314950] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.315491] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.315971] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 13.316475] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.316971] page dumped because: kasan: bad access detected [ 13.317402] [ 13.317520] Memory state around the buggy address: [ 13.317955] ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.318422] ffff888102afe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.318851] >ffff888102afe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.319324] ^ [ 13.319724] ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.320107] ffff888102afe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.320672] ================================================================== [ 13.058947] ================================================================== [ 13.060398] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 13.061339] Write of size 1 at addr ffff888100ab80eb by task kunit_try_catch/174 [ 13.062492] [ 13.062633] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.062689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.062704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.062729] Call Trace: [ 13.062744] <TASK> [ 13.062765] dump_stack_lvl+0x73/0xb0 [ 13.062820] print_report+0xd1/0x650 [ 13.062847] ? __virt_addr_valid+0x1db/0x2d0 [ 13.062874] ? krealloc_more_oob_helper+0x821/0x930 [ 13.062900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.062925] ? krealloc_more_oob_helper+0x821/0x930 [ 13.062951] kasan_report+0x141/0x180 [ 13.062975] ? krealloc_more_oob_helper+0x821/0x930 [ 13.063006] __asan_report_store1_noabort+0x1b/0x30 [ 13.063028] krealloc_more_oob_helper+0x821/0x930 [ 13.063052] ? __schedule+0x10cc/0x2b60 [ 13.063079] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.063106] ? finish_task_switch.isra.0+0x153/0x700 [ 13.063131] ? __switch_to+0x47/0xf50 [ 13.063160] ? __schedule+0x10cc/0x2b60 [ 13.063183] ? __pfx_read_tsc+0x10/0x10 [ 13.063211] krealloc_more_oob+0x1c/0x30 [ 13.063300] kunit_try_run_case+0x1a5/0x480 [ 13.063349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.063374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.063412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.063438] ? __kthread_parkme+0x82/0x180 [ 13.063462] ? preempt_count_sub+0x50/0x80 [ 13.063488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.063513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.063538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.063563] kthread+0x337/0x6f0 [ 13.063584] ? trace_preempt_on+0x20/0xc0 [ 13.063611] ? __pfx_kthread+0x10/0x10 [ 13.063635] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.063659] ? calculate_sigpending+0x7b/0xa0 [ 13.063686] ? __pfx_kthread+0x10/0x10 [ 13.063710] ret_from_fork+0x116/0x1d0 [ 13.063732] ? __pfx_kthread+0x10/0x10 [ 13.063754] ret_from_fork_asm+0x1a/0x30 [ 13.063800] </TASK> [ 13.063813] [ 13.074466] Allocated by task 174: [ 13.075032] kasan_save_stack+0x45/0x70 [ 13.075551] kasan_save_track+0x18/0x40 [ 13.075721] kasan_save_alloc_info+0x3b/0x50 [ 13.075921] __kasan_krealloc+0x190/0x1f0 [ 13.076532] krealloc_noprof+0xf3/0x340 [ 13.077808] krealloc_more_oob_helper+0x1a9/0x930 [ 13.078819] krealloc_more_oob+0x1c/0x30 [ 13.079669] kunit_try_run_case+0x1a5/0x480 [ 13.080133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.080371] kthread+0x337/0x6f0 [ 13.080514] ret_from_fork+0x116/0x1d0 [ 13.080669] ret_from_fork_asm+0x1a/0x30 [ 13.080843] [ 13.080928] The buggy address belongs to the object at ffff888100ab8000 [ 13.080928] which belongs to the cache kmalloc-256 of size 256 [ 13.081496] The buggy address is located 0 bytes to the right of [ 13.081496] allocated 235-byte region [ffff888100ab8000, ffff888100ab80eb) [ 13.082036] [ 13.082348] The buggy address belongs to the physical page: [ 13.082575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 13.082877] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.083215] flags: 0x200000000000040(head|node=0|zone=2) [ 13.083818] page_type: f5(slab) [ 13.084186] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.085098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.086045] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.087472] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.088090] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff [ 13.089536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.090205] page dumped because: kasan: bad access detected [ 13.090408] [ 13.090490] Memory state around the buggy address: [ 13.090666] ffff888100ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.090920] ffff888100ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.091159] >ffff888100ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.091390] ^ [ 13.091613] ffff888100ab8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.092151] ffff888100ab8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.093706] ================================================================== [ 13.321542] ================================================================== [ 13.321942] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.322994] Write of size 1 at addr ffff888102afe0f0 by task kunit_try_catch/178 [ 13.323337] [ 13.323478] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.323532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.323547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.323572] Call Trace: [ 13.323596] <TASK> [ 13.323618] dump_stack_lvl+0x73/0xb0 [ 13.323657] print_report+0xd1/0x650 [ 13.323684] ? __virt_addr_valid+0x1db/0x2d0 [ 13.323710] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.323737] ? kasan_addr_to_slab+0x11/0xa0 [ 13.323760] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.323802] kasan_report+0x141/0x180 [ 13.323827] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.323858] __asan_report_store1_noabort+0x1b/0x30 [ 13.323881] krealloc_more_oob_helper+0x7eb/0x930 [ 13.323906] ? __schedule+0x10cc/0x2b60 [ 13.323931] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.323958] ? finish_task_switch.isra.0+0x153/0x700 [ 13.323983] ? __switch_to+0x47/0xf50 [ 13.324012] ? __schedule+0x10cc/0x2b60 [ 13.324036] ? __pfx_read_tsc+0x10/0x10 [ 13.324063] krealloc_large_more_oob+0x1c/0x30 [ 13.324088] kunit_try_run_case+0x1a5/0x480 [ 13.324115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.324139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.324165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.324190] ? __kthread_parkme+0x82/0x180 [ 13.324214] ? preempt_count_sub+0x50/0x80 [ 13.324239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.324265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.324289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.324314] kthread+0x337/0x6f0 [ 13.324335] ? trace_preempt_on+0x20/0xc0 [ 13.324362] ? __pfx_kthread+0x10/0x10 [ 13.324384] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.324408] ? calculate_sigpending+0x7b/0xa0 [ 13.324434] ? __pfx_kthread+0x10/0x10 [ 13.324457] ret_from_fork+0x116/0x1d0 [ 13.324478] ? __pfx_kthread+0x10/0x10 [ 13.324501] ret_from_fork_asm+0x1a/0x30 [ 13.324535] </TASK> [ 13.324548] [ 13.332640] The buggy address belongs to the physical page: [ 13.333125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 13.333545] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.333860] flags: 0x200000000000040(head|node=0|zone=2) [ 13.334067] page_type: f8(unknown) [ 13.334239] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.334725] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.335268] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.335570] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.335861] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 13.336144] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.336539] page dumped because: kasan: bad access detected [ 13.336844] [ 13.336981] Memory state around the buggy address: [ 13.337241] ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.337620] ffff888102afe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.337982] >ffff888102afe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 13.338354] ^ [ 13.338620] ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.338920] ffff888102afe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.339287] ================================================================== [ 13.095274] ================================================================== [ 13.095662] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 13.095973] Write of size 1 at addr ffff888100ab80f0 by task kunit_try_catch/174 [ 13.096351] [ 13.096721] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.096779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.096808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.096833] Call Trace: [ 13.096849] <TASK> [ 13.096871] dump_stack_lvl+0x73/0xb0 [ 13.096909] print_report+0xd1/0x650 [ 13.097194] ? __virt_addr_valid+0x1db/0x2d0 [ 13.097224] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.097266] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.097343] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.097371] kasan_report+0x141/0x180 [ 13.097409] ? krealloc_more_oob_helper+0x7eb/0x930 [ 13.097441] __asan_report_store1_noabort+0x1b/0x30 [ 13.097466] krealloc_more_oob_helper+0x7eb/0x930 [ 13.097491] ? __schedule+0x10cc/0x2b60 [ 13.097517] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 13.097545] ? finish_task_switch.isra.0+0x153/0x700 [ 13.097571] ? __switch_to+0x47/0xf50 [ 13.097600] ? __schedule+0x10cc/0x2b60 [ 13.097624] ? __pfx_read_tsc+0x10/0x10 [ 13.097652] krealloc_more_oob+0x1c/0x30 [ 13.097677] kunit_try_run_case+0x1a5/0x480 [ 13.097705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.097756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.097782] ? __kthread_parkme+0x82/0x180 [ 13.097829] ? preempt_count_sub+0x50/0x80 [ 13.097854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.097906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.097932] kthread+0x337/0x6f0 [ 13.097954] ? trace_preempt_on+0x20/0xc0 [ 13.097981] ? __pfx_kthread+0x10/0x10 [ 13.098005] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.098029] ? calculate_sigpending+0x7b/0xa0 [ 13.098056] ? __pfx_kthread+0x10/0x10 [ 13.098080] ret_from_fork+0x116/0x1d0 [ 13.098101] ? __pfx_kthread+0x10/0x10 [ 13.098124] ret_from_fork_asm+0x1a/0x30 [ 13.098159] </TASK> [ 13.098173] [ 13.110662] Allocated by task 174: [ 13.110857] kasan_save_stack+0x45/0x70 [ 13.111033] kasan_save_track+0x18/0x40 [ 13.111222] kasan_save_alloc_info+0x3b/0x50 [ 13.111591] __kasan_krealloc+0x190/0x1f0 [ 13.111810] krealloc_noprof+0xf3/0x340 [ 13.112088] krealloc_more_oob_helper+0x1a9/0x930 [ 13.112591] krealloc_more_oob+0x1c/0x30 [ 13.112871] kunit_try_run_case+0x1a5/0x480 [ 13.113089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.113524] kthread+0x337/0x6f0 [ 13.113859] ret_from_fork+0x116/0x1d0 [ 13.114153] ret_from_fork_asm+0x1a/0x30 [ 13.114318] [ 13.114400] The buggy address belongs to the object at ffff888100ab8000 [ 13.114400] which belongs to the cache kmalloc-256 of size 256 [ 13.115256] The buggy address is located 5 bytes to the right of [ 13.115256] allocated 235-byte region [ffff888100ab8000, ffff888100ab80eb) [ 13.116052] [ 13.116399] The buggy address belongs to the physical page: [ 13.116685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 13.117053] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.117766] flags: 0x200000000000040(head|node=0|zone=2) [ 13.118079] page_type: f5(slab) [ 13.118244] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.118808] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.119375] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.119775] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.120186] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff [ 13.120738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.121159] page dumped because: kasan: bad access detected [ 13.121566] [ 13.121682] Memory state around the buggy address: [ 13.121925] ffff888100ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.122494] ffff888100ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.122910] >ffff888100ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 13.123355] ^ [ 13.123780] ffff888100ab8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.124124] ffff888100ab8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.124734] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 51.384340] ================================================================== [ 51.384805] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 51.384805] [ 51.385307] Use-after-free read at 0x(____ptrval____) (in kfence-#153): [ 51.385897] test_krealloc+0x6fc/0xbe0 [ 51.386202] kunit_try_run_case+0x1a5/0x480 [ 51.386466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.386837] kthread+0x337/0x6f0 [ 51.387183] ret_from_fork+0x116/0x1d0 [ 51.387668] ret_from_fork_asm+0x1a/0x30 [ 51.388140] [ 51.388262] kfence-#153: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 51.388262] [ 51.388729] allocated by task 355 on cpu 1 at 51.383524s (0.005203s ago): [ 51.389054] test_alloc+0x364/0x10f0 [ 51.389310] test_krealloc+0xad/0xbe0 [ 51.389510] kunit_try_run_case+0x1a5/0x480 [ 51.389748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.390075] kthread+0x337/0x6f0 [ 51.390264] ret_from_fork+0x116/0x1d0 [ 51.390707] ret_from_fork_asm+0x1a/0x30 [ 51.390949] [ 51.391061] freed by task 355 on cpu 1 at 51.383850s (0.007208s ago): [ 51.391744] krealloc_noprof+0x108/0x340 [ 51.391964] test_krealloc+0x226/0xbe0 [ 51.392201] kunit_try_run_case+0x1a5/0x480 [ 51.392466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.392743] kthread+0x337/0x6f0 [ 51.392955] ret_from_fork+0x116/0x1d0 [ 51.393146] ret_from_fork_asm+0x1a/0x30 [ 51.393419] [ 51.393567] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 51.394075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.394280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 51.394680] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 51.287662] ================================================================== [ 51.288103] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 51.288103] [ 51.288495] Use-after-free read at 0x(____ptrval____) (in kfence-#152): [ 51.288739] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 51.289374] kunit_try_run_case+0x1a5/0x480 [ 51.289632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.289947] kthread+0x337/0x6f0 [ 51.290150] ret_from_fork+0x116/0x1d0 [ 51.290345] ret_from_fork_asm+0x1a/0x30 [ 51.290508] [ 51.291174] kfence-#152: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 51.291174] [ 51.292047] allocated by task 353 on cpu 1 at 51.279665s (0.012379s ago): [ 51.292695] test_alloc+0x2a6/0x10f0 [ 51.293250] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 51.293928] kunit_try_run_case+0x1a5/0x480 [ 51.294468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.294686] kthread+0x337/0x6f0 [ 51.294850] ret_from_fork+0x116/0x1d0 [ 51.295011] ret_from_fork_asm+0x1a/0x30 [ 51.295197] [ 51.295285] freed by task 353 on cpu 1 at 51.279820s (0.015462s ago): [ 51.296225] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 51.296604] kunit_try_run_case+0x1a5/0x480 [ 51.296965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.297373] kthread+0x337/0x6f0 [ 51.297714] ret_from_fork+0x116/0x1d0 [ 51.297978] ret_from_fork_asm+0x1a/0x30 [ 51.298393] [ 51.298545] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 51.299305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.299643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 51.300215] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 26.550903] ================================================================== [ 26.551453] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 26.551453] [ 26.551866] Invalid read at 0x(____ptrval____): [ 26.552068] test_invalid_access+0xf0/0x210 [ 26.552251] kunit_try_run_case+0x1a5/0x480 [ 26.552435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.552641] kthread+0x337/0x6f0 [ 26.553067] ret_from_fork+0x116/0x1d0 [ 26.553532] ret_from_fork_asm+0x1a/0x30 [ 26.553835] [ 26.553989] CPU: 0 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 26.554387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.554552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.554874] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 26.319872] ================================================================== [ 26.320444] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 26.320444] [ 26.320907] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#148): [ 26.321624] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 26.321946] kunit_try_run_case+0x1a5/0x480 [ 26.322257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.322456] kthread+0x337/0x6f0 [ 26.322601] ret_from_fork+0x116/0x1d0 [ 26.322753] ret_from_fork_asm+0x1a/0x30 [ 26.322997] [ 26.323111] kfence-#148: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 26.323111] [ 26.323661] allocated by task 343 on cpu 1 at 26.319554s (0.004104s ago): [ 26.323972] test_alloc+0x364/0x10f0 [ 26.324442] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 26.325322] kunit_try_run_case+0x1a5/0x480 [ 26.325708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.326134] kthread+0x337/0x6f0 [ 26.326435] ret_from_fork+0x116/0x1d0 [ 26.326773] ret_from_fork_asm+0x1a/0x30 [ 26.327204] [ 26.327315] freed by task 343 on cpu 1 at 26.319721s (0.007591s ago): [ 26.327816] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 26.328083] kunit_try_run_case+0x1a5/0x480 [ 26.328498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.328906] kthread+0x337/0x6f0 [ 26.329244] ret_from_fork+0x116/0x1d0 [ 26.329585] ret_from_fork_asm+0x1a/0x30 [ 26.329949] [ 26.330097] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 26.330819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.331215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.331799] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 26.215754] ================================================================== [ 26.216249] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 26.216249] [ 26.217285] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#147): [ 26.217638] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 26.218381] kunit_try_run_case+0x1a5/0x480 [ 26.218748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.218967] kthread+0x337/0x6f0 [ 26.219172] ret_from_fork+0x116/0x1d0 [ 26.219634] ret_from_fork_asm+0x1a/0x30 [ 26.220146] [ 26.220374] kfence-#147: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 26.220374] [ 26.220882] allocated by task 341 on cpu 0 at 26.215480s (0.005400s ago): [ 26.221180] test_alloc+0x364/0x10f0 [ 26.221662] test_kmalloc_aligned_oob_read+0x105/0x560 [ 26.221910] kunit_try_run_case+0x1a5/0x480 [ 26.222222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.222523] kthread+0x337/0x6f0 [ 26.222706] ret_from_fork+0x116/0x1d0 [ 26.222949] ret_from_fork_asm+0x1a/0x30 [ 26.223189] [ 26.223523] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 26.224132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.224404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.224904] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 20.703719] ================================================================== [ 20.704350] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 20.704350] [ 20.704762] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#94): [ 20.705430] test_corruption+0x2d2/0x3e0 [ 20.706146] kunit_try_run_case+0x1a5/0x480 [ 20.706532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.706977] kthread+0x337/0x6f0 [ 20.707190] ret_from_fork+0x116/0x1d0 [ 20.707392] ret_from_fork_asm+0x1a/0x30 [ 20.707613] [ 20.707714] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.707714] [ 20.708156] allocated by task 329 on cpu 0 at 20.703519s (0.004634s ago): [ 20.708875] test_alloc+0x364/0x10f0 [ 20.709244] test_corruption+0xe6/0x3e0 [ 20.709468] kunit_try_run_case+0x1a5/0x480 [ 20.709847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.710247] kthread+0x337/0x6f0 [ 20.710522] ret_from_fork+0x116/0x1d0 [ 20.710815] ret_from_fork_asm+0x1a/0x30 [ 20.711104] [ 20.711304] freed by task 329 on cpu 0 at 20.703636s (0.007665s ago): [ 20.711641] test_corruption+0x2d2/0x3e0 [ 20.711869] kunit_try_run_case+0x1a5/0x480 [ 20.712098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.712615] kthread+0x337/0x6f0 [ 20.712899] ret_from_fork+0x116/0x1d0 [ 20.713088] ret_from_fork_asm+0x1a/0x30 [ 20.713487] [ 20.713641] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.714372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.714674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.715213] ================================================================== [ 21.119724] ================================================================== [ 21.120279] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 21.120279] [ 21.120733] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#98): [ 21.121462] test_corruption+0x131/0x3e0 [ 21.122145] kunit_try_run_case+0x1a5/0x480 [ 21.122434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.122684] kthread+0x337/0x6f0 [ 21.122907] ret_from_fork+0x116/0x1d0 [ 21.123131] ret_from_fork_asm+0x1a/0x30 [ 21.123329] [ 21.123423] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 21.123423] [ 21.123906] allocated by task 331 on cpu 1 at 21.119563s (0.004341s ago): [ 21.124182] test_alloc+0x2a6/0x10f0 [ 21.124399] test_corruption+0xe6/0x3e0 [ 21.124640] kunit_try_run_case+0x1a5/0x480 [ 21.124852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.125169] kthread+0x337/0x6f0 [ 21.125379] ret_from_fork+0x116/0x1d0 [ 21.125585] ret_from_fork_asm+0x1a/0x30 [ 21.125808] [ 21.125895] freed by task 331 on cpu 1 at 21.119636s (0.006256s ago): [ 21.126313] test_corruption+0x131/0x3e0 [ 21.126536] kunit_try_run_case+0x1a5/0x480 [ 21.126706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.126919] kthread+0x337/0x6f0 [ 21.127117] ret_from_fork+0x116/0x1d0 [ 21.127336] ret_from_fork_asm+0x1a/0x30 [ 21.127597] [ 21.127857] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 21.128242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.128523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.128987] ================================================================== [ 21.223679] ================================================================== [ 21.224133] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 21.224133] [ 21.224513] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#99): [ 21.224979] test_corruption+0x216/0x3e0 [ 21.225190] kunit_try_run_case+0x1a5/0x480 [ 21.225498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.225799] kthread+0x337/0x6f0 [ 21.225974] ret_from_fork+0x116/0x1d0 [ 21.226135] ret_from_fork_asm+0x1a/0x30 [ 21.226428] [ 21.226558] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 21.226558] [ 21.227055] allocated by task 331 on cpu 1 at 21.223531s (0.003522s ago): [ 21.227316] test_alloc+0x2a6/0x10f0 [ 21.227709] test_corruption+0x1cb/0x3e0 [ 21.227893] kunit_try_run_case+0x1a5/0x480 [ 21.228066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.228541] kthread+0x337/0x6f0 [ 21.228747] ret_from_fork+0x116/0x1d0 [ 21.228986] ret_from_fork_asm+0x1a/0x30 [ 21.229229] [ 21.229382] freed by task 331 on cpu 1 at 21.223604s (0.005776s ago): [ 21.229636] test_corruption+0x216/0x3e0 [ 21.229878] kunit_try_run_case+0x1a5/0x480 [ 21.230106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.230360] kthread+0x337/0x6f0 [ 21.230508] ret_from_fork+0x116/0x1d0 [ 21.230702] ret_from_fork_asm+0x1a/0x30 [ 21.230944] [ 21.231085] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 21.231645] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.231857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.232319] ================================================================== [ 20.911816] ================================================================== [ 20.912353] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 20.912353] [ 20.912671] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#96): [ 20.913609] test_corruption+0x2df/0x3e0 [ 20.913861] kunit_try_run_case+0x1a5/0x480 [ 20.914059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.914717] kthread+0x337/0x6f0 [ 20.914896] ret_from_fork+0x116/0x1d0 [ 20.915249] ret_from_fork_asm+0x1a/0x30 [ 20.915628] [ 20.915750] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.915750] [ 20.916213] allocated by task 329 on cpu 0 at 20.911499s (0.004711s ago): [ 20.916843] test_alloc+0x364/0x10f0 [ 20.917189] test_corruption+0x1cb/0x3e0 [ 20.917509] kunit_try_run_case+0x1a5/0x480 [ 20.917830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.918220] kthread+0x337/0x6f0 [ 20.918409] ret_from_fork+0x116/0x1d0 [ 20.918737] ret_from_fork_asm+0x1a/0x30 [ 20.918982] [ 20.919079] freed by task 329 on cpu 0 at 20.911611s (0.007465s ago): [ 20.919612] test_corruption+0x2df/0x3e0 [ 20.919925] kunit_try_run_case+0x1a5/0x480 [ 20.920261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.920550] kthread+0x337/0x6f0 [ 20.920752] ret_from_fork+0x116/0x1d0 [ 20.920972] ret_from_fork_asm+0x1a/0x30 [ 20.921171] [ 20.921593] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.922248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.922567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.923098] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 20.391668] ================================================================== [ 20.392093] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 20.392093] [ 20.392419] Invalid free of 0x(____ptrval____) (in kfence-#91): [ 20.392646] test_invalid_addr_free+0x1e1/0x260 [ 20.392858] kunit_try_run_case+0x1a5/0x480 [ 20.393036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.393445] kthread+0x337/0x6f0 [ 20.393707] ret_from_fork+0x116/0x1d0 [ 20.393883] ret_from_fork_asm+0x1a/0x30 [ 20.394051] [ 20.394166] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.394166] [ 20.394664] allocated by task 325 on cpu 0 at 20.391505s (0.003157s ago): [ 20.394971] test_alloc+0x364/0x10f0 [ 20.395128] test_invalid_addr_free+0xdb/0x260 [ 20.396104] kunit_try_run_case+0x1a5/0x480 [ 20.396408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.396710] kthread+0x337/0x6f0 [ 20.396879] ret_from_fork+0x116/0x1d0 [ 20.397066] ret_from_fork_asm+0x1a/0x30 [ 20.397330] [ 20.397483] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.397880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.398116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.398664] ================================================================== [ 20.495657] ================================================================== [ 20.496128] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 20.496128] [ 20.496494] Invalid free of 0x(____ptrval____) (in kfence-#92): [ 20.496837] test_invalid_addr_free+0xfb/0x260 [ 20.497085] kunit_try_run_case+0x1a5/0x480 [ 20.497311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.497571] kthread+0x337/0x6f0 [ 20.497764] ret_from_fork+0x116/0x1d0 [ 20.498743] ret_from_fork_asm+0x1a/0x30 [ 20.499069] [ 20.499271] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 20.499271] [ 20.499757] allocated by task 327 on cpu 1 at 20.495524s (0.004230s ago): [ 20.500316] test_alloc+0x2a6/0x10f0 [ 20.500601] test_invalid_addr_free+0xdb/0x260 [ 20.500846] kunit_try_run_case+0x1a5/0x480 [ 20.501065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.501544] kthread+0x337/0x6f0 [ 20.501843] ret_from_fork+0x116/0x1d0 [ 20.502143] ret_from_fork_asm+0x1a/0x30 [ 20.502364] [ 20.502489] CPU: 1 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.503296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.503602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.504128] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 20.287719] ================================================================== [ 20.288270] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 20.288270] [ 20.288678] Invalid free of 0x(____ptrval____) (in kfence-#90): [ 20.289629] test_double_free+0x112/0x260 [ 20.290079] kunit_try_run_case+0x1a5/0x480 [ 20.290358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.290672] kthread+0x337/0x6f0 [ 20.290875] ret_from_fork+0x116/0x1d0 [ 20.291395] ret_from_fork_asm+0x1a/0x30 [ 20.291633] [ 20.291728] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 20.291728] [ 20.292397] allocated by task 323 on cpu 0 at 20.287525s (0.004869s ago): [ 20.292928] test_alloc+0x2a6/0x10f0 [ 20.293256] test_double_free+0xdb/0x260 [ 20.293565] kunit_try_run_case+0x1a5/0x480 [ 20.293886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.294319] kthread+0x337/0x6f0 [ 20.294573] ret_from_fork+0x116/0x1d0 [ 20.294926] ret_from_fork_asm+0x1a/0x30 [ 20.295300] [ 20.295396] freed by task 323 on cpu 0 at 20.287595s (0.007797s ago): [ 20.295739] test_double_free+0xfa/0x260 [ 20.295962] kunit_try_run_case+0x1a5/0x480 [ 20.296467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.296751] kthread+0x337/0x6f0 [ 20.296953] ret_from_fork+0x116/0x1d0 [ 20.297349] ret_from_fork_asm+0x1a/0x30 [ 20.297586] [ 20.297917] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.298531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.298744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.299310] ================================================================== [ 20.183747] ================================================================== [ 20.184295] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 20.184295] [ 20.184777] Invalid free of 0x(____ptrval____) (in kfence-#89): [ 20.185159] test_double_free+0x1d3/0x260 [ 20.186055] kunit_try_run_case+0x1a5/0x480 [ 20.186287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.186591] kthread+0x337/0x6f0 [ 20.186814] ret_from_fork+0x116/0x1d0 [ 20.187037] ret_from_fork_asm+0x1a/0x30 [ 20.187689] [ 20.187829] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.187829] [ 20.188538] allocated by task 321 on cpu 0 at 20.183494s (0.005041s ago): [ 20.189088] test_alloc+0x364/0x10f0 [ 20.189349] test_double_free+0xdb/0x260 [ 20.189753] kunit_try_run_case+0x1a5/0x480 [ 20.190124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.190455] kthread+0x337/0x6f0 [ 20.190808] ret_from_fork+0x116/0x1d0 [ 20.191141] ret_from_fork_asm+0x1a/0x30 [ 20.191462] [ 20.191602] freed by task 321 on cpu 0 at 20.183578s (0.008022s ago): [ 20.192121] test_double_free+0x1e0/0x260 [ 20.192357] kunit_try_run_case+0x1a5/0x480 [ 20.192762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.193075] kthread+0x337/0x6f0 [ 20.193531] ret_from_fork+0x116/0x1d0 [ 20.193942] ret_from_fork_asm+0x1a/0x30 [ 20.194199] [ 20.194602] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 20.195341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.195573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.196133] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 19.871694] ================================================================== [ 19.872201] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 19.872201] [ 19.872692] Use-after-free read at 0x(____ptrval____) (in kfence-#86): [ 19.873053] test_use_after_free_read+0x129/0x270 [ 19.873367] kunit_try_run_case+0x1a5/0x480 [ 19.873541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.873734] kthread+0x337/0x6f0 [ 19.873948] ret_from_fork+0x116/0x1d0 [ 19.874221] ret_from_fork_asm+0x1a/0x30 [ 19.874504] [ 19.874627] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.874627] [ 19.875235] allocated by task 315 on cpu 0 at 19.871530s (0.003701s ago): [ 19.876352] test_alloc+0x2a6/0x10f0 [ 19.876571] test_use_after_free_read+0xdc/0x270 [ 19.876871] kunit_try_run_case+0x1a5/0x480 [ 19.877111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.877699] kthread+0x337/0x6f0 [ 19.877919] ret_from_fork+0x116/0x1d0 [ 19.878269] ret_from_fork_asm+0x1a/0x30 [ 19.878608] [ 19.878709] freed by task 315 on cpu 0 at 19.871599s (0.007107s ago): [ 19.879363] test_use_after_free_read+0xfb/0x270 [ 19.879639] kunit_try_run_case+0x1a5/0x480 [ 19.880083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.880464] kthread+0x337/0x6f0 [ 19.880759] ret_from_fork+0x116/0x1d0 [ 19.880994] ret_from_fork_asm+0x1a/0x30 [ 19.881383] [ 19.881718] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.882267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.882515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.882958] ================================================================== [ 19.767771] ================================================================== [ 19.768378] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 19.768378] [ 19.768916] Use-after-free read at 0x(____ptrval____) (in kfence-#85): [ 19.769326] test_use_after_free_read+0x129/0x270 [ 19.769549] kunit_try_run_case+0x1a5/0x480 [ 19.769722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.770028] kthread+0x337/0x6f0 [ 19.770234] ret_from_fork+0x116/0x1d0 [ 19.770482] ret_from_fork_asm+0x1a/0x30 [ 19.770943] [ 19.771046] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.771046] [ 19.771809] allocated by task 313 on cpu 1 at 19.767536s (0.004270s ago): [ 19.772579] test_alloc+0x364/0x10f0 [ 19.772801] test_use_after_free_read+0xdc/0x270 [ 19.773036] kunit_try_run_case+0x1a5/0x480 [ 19.773481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.773843] kthread+0x337/0x6f0 [ 19.774008] ret_from_fork+0x116/0x1d0 [ 19.774387] ret_from_fork_asm+0x1a/0x30 [ 19.774608] [ 19.774867] freed by task 313 on cpu 1 at 19.767597s (0.007266s ago): [ 19.775247] test_use_after_free_read+0x1e7/0x270 [ 19.775498] kunit_try_run_case+0x1a5/0x480 [ 19.775717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.776001] kthread+0x337/0x6f0 [ 19.776185] ret_from_fork+0x116/0x1d0 [ 19.776751] ret_from_fork_asm+0x1a/0x30 [ 19.776977] [ 19.777350] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.778013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.778706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.779054] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 19.351614] ================================================================== [ 19.352229] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 19.352229] [ 19.352745] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#81): [ 19.353061] test_out_of_bounds_write+0x10d/0x260 [ 19.353753] kunit_try_run_case+0x1a5/0x480 [ 19.354010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.354634] kthread+0x337/0x6f0 [ 19.354842] ret_from_fork+0x116/0x1d0 [ 19.355094] ret_from_fork_asm+0x1a/0x30 [ 19.355597] [ 19.355738] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.355738] [ 19.356436] allocated by task 309 on cpu 0 at 19.351499s (0.004934s ago): [ 19.356838] test_alloc+0x364/0x10f0 [ 19.357018] test_out_of_bounds_write+0xd4/0x260 [ 19.357340] kunit_try_run_case+0x1a5/0x480 [ 19.357631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.357944] kthread+0x337/0x6f0 [ 19.358230] ret_from_fork+0x116/0x1d0 [ 19.358421] ret_from_fork_asm+0x1a/0x30 [ 19.358654] [ 19.358807] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.359311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.359554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.359892] ================================================================== [ 19.663594] ================================================================== [ 19.664082] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 19.664082] [ 19.664560] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#84): [ 19.664910] test_out_of_bounds_write+0x10d/0x260 [ 19.665656] kunit_try_run_case+0x1a5/0x480 [ 19.665939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.666165] kthread+0x337/0x6f0 [ 19.666420] ret_from_fork+0x116/0x1d0 [ 19.666993] ret_from_fork_asm+0x1a/0x30 [ 19.667358] [ 19.667460] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.667460] [ 19.668104] allocated by task 311 on cpu 1 at 19.663526s (0.004574s ago): [ 19.668551] test_alloc+0x2a6/0x10f0 [ 19.668756] test_out_of_bounds_write+0xd4/0x260 [ 19.669009] kunit_try_run_case+0x1a5/0x480 [ 19.669482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.669730] kthread+0x337/0x6f0 [ 19.670106] ret_from_fork+0x116/0x1d0 [ 19.670411] ret_from_fork_asm+0x1a/0x30 [ 19.670717] [ 19.670865] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 19.671648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.671983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.672560] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 18.831577] ================================================================== [ 18.832040] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 18.832040] [ 18.832541] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#76): [ 18.833243] test_out_of_bounds_read+0x126/0x4e0 [ 18.833536] kunit_try_run_case+0x1a5/0x480 [ 18.833749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.834029] kthread+0x337/0x6f0 [ 18.834291] ret_from_fork+0x116/0x1d0 [ 18.834931] ret_from_fork_asm+0x1a/0x30 [ 18.835310] [ 18.835409] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.835409] [ 18.835864] allocated by task 307 on cpu 0 at 18.831503s (0.004358s ago): [ 18.836568] test_alloc+0x2a6/0x10f0 [ 18.836764] test_out_of_bounds_read+0xed/0x4e0 [ 18.837019] kunit_try_run_case+0x1a5/0x480 [ 18.837506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.837924] kthread+0x337/0x6f0 [ 18.838133] ret_from_fork+0x116/0x1d0 [ 18.838457] ret_from_fork_asm+0x1a/0x30 [ 18.838776] [ 18.839018] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.839712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.840065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.840615] ================================================================== [ 18.935522] ================================================================== [ 18.935984] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 18.935984] [ 18.936490] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#77): [ 18.936857] test_out_of_bounds_read+0x216/0x4e0 [ 18.937130] kunit_try_run_case+0x1a5/0x480 [ 18.937374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.937613] kthread+0x337/0x6f0 [ 18.937760] ret_from_fork+0x116/0x1d0 [ 18.937998] ret_from_fork_asm+0x1a/0x30 [ 18.938238] [ 18.938454] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.938454] [ 18.938867] allocated by task 307 on cpu 0 at 18.935461s (0.003404s ago): [ 18.939183] test_alloc+0x2a6/0x10f0 [ 18.939404] test_out_of_bounds_read+0x1e2/0x4e0 [ 18.939671] kunit_try_run_case+0x1a5/0x480 [ 18.939863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.940085] kthread+0x337/0x6f0 [ 18.940294] ret_from_fork+0x116/0x1d0 [ 18.940513] ret_from_fork_asm+0x1a/0x30 [ 18.940714] [ 18.940869] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.941375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.941537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.942018] ================================================================== [ 18.624532] ================================================================== [ 18.625020] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 18.625020] [ 18.625447] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#74): [ 18.625736] test_out_of_bounds_read+0x126/0x4e0 [ 18.625954] kunit_try_run_case+0x1a5/0x480 [ 18.626310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.626611] kthread+0x337/0x6f0 [ 18.626829] ret_from_fork+0x116/0x1d0 [ 18.627049] ret_from_fork_asm+0x1a/0x30 [ 18.627320] [ 18.627439] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.627439] [ 18.627984] allocated by task 305 on cpu 1 at 18.623479s (0.004502s ago): [ 18.628444] test_alloc+0x364/0x10f0 [ 18.628600] test_out_of_bounds_read+0xed/0x4e0 [ 18.628772] kunit_try_run_case+0x1a5/0x480 [ 18.629712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.630569] kthread+0x337/0x6f0 [ 18.630775] ret_from_fork+0x116/0x1d0 [ 18.631015] ret_from_fork_asm+0x1a/0x30 [ 18.631302] [ 18.631485] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.632009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.632317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.632758] ================================================================== [ 18.727745] ================================================================== [ 18.728243] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 18.728243] [ 18.728752] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#75): [ 18.729107] test_out_of_bounds_read+0x216/0x4e0 [ 18.729300] kunit_try_run_case+0x1a5/0x480 [ 18.729555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.729870] kthread+0x337/0x6f0 [ 18.730066] ret_from_fork+0x116/0x1d0 [ 18.730714] ret_from_fork_asm+0x1a/0x30 [ 18.730999] [ 18.731138] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.731138] [ 18.731598] allocated by task 305 on cpu 1 at 18.727517s (0.004079s ago): [ 18.731947] test_alloc+0x364/0x10f0 [ 18.732595] test_out_of_bounds_read+0x1e2/0x4e0 [ 18.732820] kunit_try_run_case+0x1a5/0x480 [ 18.733260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.733642] kthread+0x337/0x6f0 [ 18.733851] ret_from_fork+0x116/0x1d0 [ 18.734201] ret_from_fork_asm+0x1a/0x30 [ 18.734451] [ 18.734598] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.735376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.735679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.736200] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 12.868718] ================================================================== [ 12.870264] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 12.870264] [ 12.870728] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#39): [ 12.871867] kmalloc_track_caller_oob_right+0x288/0x520 [ 12.872296] kunit_try_run_case+0x1a5/0x480 [ 12.872634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.873014] kthread+0x337/0x6f0 [ 12.873384] ret_from_fork+0x116/0x1d0 [ 12.873566] ret_from_fork_asm+0x1a/0x30 [ 12.873934] [ 12.874479] kfence-#39: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 12.874479] [ 12.875327] allocated by task 160 on cpu 1 at 12.866628s (0.008628s ago): [ 12.875905] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.876267] kunit_try_run_case+0x1a5/0x480 [ 12.876534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.876821] kthread+0x337/0x6f0 [ 12.877017] ret_from_fork+0x116/0x1d0 [ 12.877579] ret_from_fork_asm+0x1a/0x30 [ 12.877880] [ 12.878449] freed by task 160 on cpu 1 at 12.868087s (0.010124s ago): [ 12.878828] kmalloc_track_caller_oob_right+0x288/0x520 [ 12.879381] kunit_try_run_case+0x1a5/0x480 [ 12.879774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.880271] kthread+0x337/0x6f0 [ 12.880575] ret_from_fork+0x116/0x1d0 [ 12.880782] ret_from_fork_asm+0x1a/0x30 [ 12.881044] [ 12.881505] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.882198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.882563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.883192] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 18.266261] ================================================================== [ 18.266741] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 18.267371] Write of size 1 at addr ffff888103929778 by task kunit_try_catch/303 [ 18.267772] [ 18.268211] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.268271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.268288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.268319] Call Trace: [ 18.268344] <TASK> [ 18.268367] dump_stack_lvl+0x73/0xb0 [ 18.268406] print_report+0xd1/0x650 [ 18.268435] ? __virt_addr_valid+0x1db/0x2d0 [ 18.268463] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.268519] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268548] kasan_report+0x141/0x180 [ 18.268575] ? strncpy_from_user+0x1a5/0x1d0 [ 18.268608] __asan_report_store1_noabort+0x1b/0x30 [ 18.268634] strncpy_from_user+0x1a5/0x1d0 [ 18.268665] copy_user_test_oob+0x760/0x10f0 [ 18.268697] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.268725] ? finish_task_switch.isra.0+0x153/0x700 [ 18.268752] ? __switch_to+0x47/0xf50 [ 18.268784] ? __schedule+0x10cc/0x2b60 [ 18.268826] ? __pfx_read_tsc+0x10/0x10 [ 18.268852] ? ktime_get_ts64+0x86/0x230 [ 18.268882] kunit_try_run_case+0x1a5/0x480 [ 18.268911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.268940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.268969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.268997] ? __kthread_parkme+0x82/0x180 [ 18.269023] ? preempt_count_sub+0x50/0x80 [ 18.269052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.269081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.269109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.269137] kthread+0x337/0x6f0 [ 18.269162] ? trace_preempt_on+0x20/0xc0 [ 18.269191] ? __pfx_kthread+0x10/0x10 [ 18.269218] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.269244] ? calculate_sigpending+0x7b/0xa0 [ 18.269273] ? __pfx_kthread+0x10/0x10 [ 18.269300] ret_from_fork+0x116/0x1d0 [ 18.269324] ? __pfx_kthread+0x10/0x10 [ 18.269354] ret_from_fork_asm+0x1a/0x30 [ 18.269392] </TASK> [ 18.269408] [ 18.281590] Allocated by task 303: [ 18.281959] kasan_save_stack+0x45/0x70 [ 18.282349] kasan_save_track+0x18/0x40 [ 18.282665] kasan_save_alloc_info+0x3b/0x50 [ 18.283055] __kasan_kmalloc+0xb7/0xc0 [ 18.283382] __kmalloc_noprof+0x1c9/0x500 [ 18.283569] kunit_kmalloc_array+0x25/0x60 [ 18.283979] copy_user_test_oob+0xab/0x10f0 [ 18.284384] kunit_try_run_case+0x1a5/0x480 [ 18.284718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.285019] kthread+0x337/0x6f0 [ 18.285408] ret_from_fork+0x116/0x1d0 [ 18.285759] ret_from_fork_asm+0x1a/0x30 [ 18.285976] [ 18.286295] The buggy address belongs to the object at ffff888103929700 [ 18.286295] which belongs to the cache kmalloc-128 of size 128 [ 18.286936] The buggy address is located 0 bytes to the right of [ 18.286936] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.287844] [ 18.288043] The buggy address belongs to the physical page: [ 18.288572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.289004] flags: 0x200000000000000(node=0|zone=2) [ 18.289388] page_type: f5(slab) [ 18.289595] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.290114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.290645] page dumped because: kasan: bad access detected [ 18.291049] [ 18.291156] Memory state around the buggy address: [ 18.291688] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.292148] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.292486] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.292999] ^ [ 18.293665] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.294035] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.294535] ================================================================== [ 18.239186] ================================================================== [ 18.239548] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 18.240237] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.240678] [ 18.240811] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.240865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.240883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.240912] Call Trace: [ 18.240937] <TASK> [ 18.240960] dump_stack_lvl+0x73/0xb0 [ 18.240999] print_report+0xd1/0x650 [ 18.241029] ? __virt_addr_valid+0x1db/0x2d0 [ 18.241058] ? strncpy_from_user+0x2e/0x1d0 [ 18.241103] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.241131] ? strncpy_from_user+0x2e/0x1d0 [ 18.241159] kasan_report+0x141/0x180 [ 18.241186] ? strncpy_from_user+0x2e/0x1d0 [ 18.241219] kasan_check_range+0x10c/0x1c0 [ 18.241247] __kasan_check_write+0x18/0x20 [ 18.241271] strncpy_from_user+0x2e/0x1d0 [ 18.241298] ? __kasan_check_read+0x15/0x20 [ 18.241325] copy_user_test_oob+0x760/0x10f0 [ 18.241362] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.241391] ? finish_task_switch.isra.0+0x153/0x700 [ 18.241419] ? __switch_to+0x47/0xf50 [ 18.241451] ? __schedule+0x10cc/0x2b60 [ 18.241479] ? __pfx_read_tsc+0x10/0x10 [ 18.241506] ? ktime_get_ts64+0x86/0x230 [ 18.241535] kunit_try_run_case+0x1a5/0x480 [ 18.241565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.241593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.241621] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.241650] ? __kthread_parkme+0x82/0x180 [ 18.241675] ? preempt_count_sub+0x50/0x80 [ 18.241703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.241732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.241759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.241798] kthread+0x337/0x6f0 [ 18.241823] ? trace_preempt_on+0x20/0xc0 [ 18.241852] ? __pfx_kthread+0x10/0x10 [ 18.241877] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.241903] ? calculate_sigpending+0x7b/0xa0 [ 18.241932] ? __pfx_kthread+0x10/0x10 [ 18.241958] ret_from_fork+0x116/0x1d0 [ 18.241981] ? __pfx_kthread+0x10/0x10 [ 18.242005] ret_from_fork_asm+0x1a/0x30 [ 18.242041] </TASK> [ 18.242059] [ 18.252582] Allocated by task 303: [ 18.252767] kasan_save_stack+0x45/0x70 [ 18.253107] kasan_save_track+0x18/0x40 [ 18.253344] kasan_save_alloc_info+0x3b/0x50 [ 18.253611] __kasan_kmalloc+0xb7/0xc0 [ 18.253812] __kmalloc_noprof+0x1c9/0x500 [ 18.254123] kunit_kmalloc_array+0x25/0x60 [ 18.254355] copy_user_test_oob+0xab/0x10f0 [ 18.254576] kunit_try_run_case+0x1a5/0x480 [ 18.254867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.255227] kthread+0x337/0x6f0 [ 18.255408] ret_from_fork+0x116/0x1d0 [ 18.255632] ret_from_fork_asm+0x1a/0x30 [ 18.255922] [ 18.256039] The buggy address belongs to the object at ffff888103929700 [ 18.256039] which belongs to the cache kmalloc-128 of size 128 [ 18.256660] The buggy address is located 0 bytes inside of [ 18.256660] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.257188] [ 18.257276] The buggy address belongs to the physical page: [ 18.257568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.257970] flags: 0x200000000000000(node=0|zone=2) [ 18.258346] page_type: f5(slab) [ 18.258542] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.259085] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.259659] page dumped because: kasan: bad access detected [ 18.260048] [ 18.260422] Memory state around the buggy address: [ 18.261000] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.261913] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.262665] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.263436] ^ [ 18.263984] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.264934] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.265532] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 18.204458] ================================================================== [ 18.205306] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 18.206031] Read of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.206498] [ 18.206766] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.206840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.206859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.206888] Call Trace: [ 18.207032] <TASK> [ 18.207057] dump_stack_lvl+0x73/0xb0 [ 18.207097] print_report+0xd1/0x650 [ 18.207125] ? __virt_addr_valid+0x1db/0x2d0 [ 18.207153] ? copy_user_test_oob+0x604/0x10f0 [ 18.207182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.207209] ? copy_user_test_oob+0x604/0x10f0 [ 18.207238] kasan_report+0x141/0x180 [ 18.207265] ? copy_user_test_oob+0x604/0x10f0 [ 18.207299] kasan_check_range+0x10c/0x1c0 [ 18.207328] __kasan_check_read+0x15/0x20 [ 18.207351] copy_user_test_oob+0x604/0x10f0 [ 18.207382] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.207409] ? finish_task_switch.isra.0+0x153/0x700 [ 18.207438] ? __switch_to+0x47/0xf50 [ 18.207470] ? __schedule+0x10cc/0x2b60 [ 18.207497] ? __pfx_read_tsc+0x10/0x10 [ 18.207524] ? ktime_get_ts64+0x86/0x230 [ 18.207554] kunit_try_run_case+0x1a5/0x480 [ 18.207584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.207613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.207646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.207677] ? __kthread_parkme+0x82/0x180 [ 18.207703] ? preempt_count_sub+0x50/0x80 [ 18.207731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.207759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.207800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.207828] kthread+0x337/0x6f0 [ 18.207852] ? trace_preempt_on+0x20/0xc0 [ 18.207881] ? __pfx_kthread+0x10/0x10 [ 18.207906] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.207932] ? calculate_sigpending+0x7b/0xa0 [ 18.207961] ? __pfx_kthread+0x10/0x10 [ 18.207988] ret_from_fork+0x116/0x1d0 [ 18.208012] ? __pfx_kthread+0x10/0x10 [ 18.208037] ret_from_fork_asm+0x1a/0x30 [ 18.208076] </TASK> [ 18.208103] [ 18.218736] Allocated by task 303: [ 18.219700] kasan_save_stack+0x45/0x70 [ 18.220522] kasan_save_track+0x18/0x40 [ 18.221869] kasan_save_alloc_info+0x3b/0x50 [ 18.222390] __kasan_kmalloc+0xb7/0xc0 [ 18.222921] __kmalloc_noprof+0x1c9/0x500 [ 18.223659] kunit_kmalloc_array+0x25/0x60 [ 18.223915] copy_user_test_oob+0xab/0x10f0 [ 18.224997] kunit_try_run_case+0x1a5/0x480 [ 18.225390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.225713] kthread+0x337/0x6f0 [ 18.225927] ret_from_fork+0x116/0x1d0 [ 18.226320] ret_from_fork_asm+0x1a/0x30 [ 18.226904] [ 18.227119] The buggy address belongs to the object at ffff888103929700 [ 18.227119] which belongs to the cache kmalloc-128 of size 128 [ 18.227603] The buggy address is located 0 bytes inside of [ 18.227603] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.228853] [ 18.229077] The buggy address belongs to the physical page: [ 18.229548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.229966] flags: 0x200000000000000(node=0|zone=2) [ 18.230676] page_type: f5(slab) [ 18.230994] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.231674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.232369] page dumped because: kasan: bad access detected [ 18.232665] [ 18.232775] Memory state around the buggy address: [ 18.233574] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.234262] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.234874] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.235623] ^ [ 18.236457] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.236842] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.237598] ================================================================== [ 18.124775] ================================================================== [ 18.125213] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 18.125577] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.125932] [ 18.126079] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.126135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.126153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.126180] Call Trace: [ 18.126448] <TASK> [ 18.126483] dump_stack_lvl+0x73/0xb0 [ 18.126523] print_report+0xd1/0x650 [ 18.126553] ? __virt_addr_valid+0x1db/0x2d0 [ 18.126584] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.126642] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126671] kasan_report+0x141/0x180 [ 18.126699] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126734] kasan_check_range+0x10c/0x1c0 [ 18.126763] __kasan_check_write+0x18/0x20 [ 18.126806] copy_user_test_oob+0x3fd/0x10f0 [ 18.126837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.126865] ? finish_task_switch.isra.0+0x153/0x700 [ 18.126893] ? __switch_to+0x47/0xf50 [ 18.126925] ? __schedule+0x10cc/0x2b60 [ 18.126953] ? __pfx_read_tsc+0x10/0x10 [ 18.126980] ? ktime_get_ts64+0x86/0x230 [ 18.127010] kunit_try_run_case+0x1a5/0x480 [ 18.127041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.127069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.127222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.127255] ? __kthread_parkme+0x82/0x180 [ 18.127282] ? preempt_count_sub+0x50/0x80 [ 18.127312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.127341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.127371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.127400] kthread+0x337/0x6f0 [ 18.127425] ? trace_preempt_on+0x20/0xc0 [ 18.127455] ? __pfx_kthread+0x10/0x10 [ 18.127481] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.127507] ? calculate_sigpending+0x7b/0xa0 [ 18.127537] ? __pfx_kthread+0x10/0x10 [ 18.127564] ret_from_fork+0x116/0x1d0 [ 18.127589] ? __pfx_kthread+0x10/0x10 [ 18.127615] ret_from_fork_asm+0x1a/0x30 [ 18.127653] </TASK> [ 18.127669] [ 18.138770] Allocated by task 303: [ 18.139210] kasan_save_stack+0x45/0x70 [ 18.139453] kasan_save_track+0x18/0x40 [ 18.139651] kasan_save_alloc_info+0x3b/0x50 [ 18.139894] __kasan_kmalloc+0xb7/0xc0 [ 18.140362] __kmalloc_noprof+0x1c9/0x500 [ 18.140582] kunit_kmalloc_array+0x25/0x60 [ 18.140775] copy_user_test_oob+0xab/0x10f0 [ 18.141167] kunit_try_run_case+0x1a5/0x480 [ 18.141511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.141879] kthread+0x337/0x6f0 [ 18.142154] ret_from_fork+0x116/0x1d0 [ 18.142383] ret_from_fork_asm+0x1a/0x30 [ 18.142589] [ 18.142686] The buggy address belongs to the object at ffff888103929700 [ 18.142686] which belongs to the cache kmalloc-128 of size 128 [ 18.143587] The buggy address is located 0 bytes inside of [ 18.143587] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.144191] [ 18.144444] The buggy address belongs to the physical page: [ 18.144680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.145236] flags: 0x200000000000000(node=0|zone=2) [ 18.145599] page_type: f5(slab) [ 18.145784] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.146279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.146689] page dumped because: kasan: bad access detected [ 18.147037] [ 18.147141] Memory state around the buggy address: [ 18.147564] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.147897] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.148441] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.148809] ^ [ 18.149230] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.149585] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.150055] ================================================================== [ 18.177815] ================================================================== [ 18.178456] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 18.178904] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.179377] [ 18.179648] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.179707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.179723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.179752] Call Trace: [ 18.179774] <TASK> [ 18.179811] dump_stack_lvl+0x73/0xb0 [ 18.179850] print_report+0xd1/0x650 [ 18.179879] ? __virt_addr_valid+0x1db/0x2d0 [ 18.179908] ? copy_user_test_oob+0x557/0x10f0 [ 18.179938] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.179966] ? copy_user_test_oob+0x557/0x10f0 [ 18.179995] kasan_report+0x141/0x180 [ 18.180023] ? copy_user_test_oob+0x557/0x10f0 [ 18.180057] kasan_check_range+0x10c/0x1c0 [ 18.180215] __kasan_check_write+0x18/0x20 [ 18.180244] copy_user_test_oob+0x557/0x10f0 [ 18.180277] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.180305] ? finish_task_switch.isra.0+0x153/0x700 [ 18.180334] ? __switch_to+0x47/0xf50 [ 18.180365] ? __schedule+0x10cc/0x2b60 [ 18.180394] ? __pfx_read_tsc+0x10/0x10 [ 18.180421] ? ktime_get_ts64+0x86/0x230 [ 18.180450] kunit_try_run_case+0x1a5/0x480 [ 18.180481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.180508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.180537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.180567] ? __kthread_parkme+0x82/0x180 [ 18.180593] ? preempt_count_sub+0x50/0x80 [ 18.180621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.180651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.180678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.180707] kthread+0x337/0x6f0 [ 18.180731] ? trace_preempt_on+0x20/0xc0 [ 18.180761] ? __pfx_kthread+0x10/0x10 [ 18.180798] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.180825] ? calculate_sigpending+0x7b/0xa0 [ 18.180854] ? __pfx_kthread+0x10/0x10 [ 18.180881] ret_from_fork+0x116/0x1d0 [ 18.180905] ? __pfx_kthread+0x10/0x10 [ 18.180930] ret_from_fork_asm+0x1a/0x30 [ 18.180966] </TASK> [ 18.180983] [ 18.191929] Allocated by task 303: [ 18.192359] kasan_save_stack+0x45/0x70 [ 18.192702] kasan_save_track+0x18/0x40 [ 18.192935] kasan_save_alloc_info+0x3b/0x50 [ 18.193158] __kasan_kmalloc+0xb7/0xc0 [ 18.193364] __kmalloc_noprof+0x1c9/0x500 [ 18.193582] kunit_kmalloc_array+0x25/0x60 [ 18.193806] copy_user_test_oob+0xab/0x10f0 [ 18.194032] kunit_try_run_case+0x1a5/0x480 [ 18.194612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.195016] kthread+0x337/0x6f0 [ 18.195204] ret_from_fork+0x116/0x1d0 [ 18.195509] ret_from_fork_asm+0x1a/0x30 [ 18.195884] [ 18.195997] The buggy address belongs to the object at ffff888103929700 [ 18.195997] which belongs to the cache kmalloc-128 of size 128 [ 18.196781] The buggy address is located 0 bytes inside of [ 18.196781] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.197480] [ 18.197735] The buggy address belongs to the physical page: [ 18.198002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.198564] flags: 0x200000000000000(node=0|zone=2) [ 18.198954] page_type: f5(slab) [ 18.199131] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.199804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.200172] page dumped because: kasan: bad access detected [ 18.200586] [ 18.200707] Memory state around the buggy address: [ 18.201084] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.201532] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.201955] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.202402] ^ [ 18.202722] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.203314] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.203668] ================================================================== [ 18.150902] ================================================================== [ 18.151485] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 18.151872] Read of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.152473] [ 18.152589] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.152838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.152916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.152947] Call Trace: [ 18.152972] <TASK> [ 18.152994] dump_stack_lvl+0x73/0xb0 [ 18.153033] print_report+0xd1/0x650 [ 18.153062] ? __virt_addr_valid+0x1db/0x2d0 [ 18.153101] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.153157] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153186] kasan_report+0x141/0x180 [ 18.153214] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153248] kasan_check_range+0x10c/0x1c0 [ 18.153276] __kasan_check_read+0x15/0x20 [ 18.153300] copy_user_test_oob+0x4aa/0x10f0 [ 18.153331] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.153365] ? finish_task_switch.isra.0+0x153/0x700 [ 18.153391] ? __switch_to+0x47/0xf50 [ 18.153423] ? __schedule+0x10cc/0x2b60 [ 18.153450] ? __pfx_read_tsc+0x10/0x10 [ 18.153477] ? ktime_get_ts64+0x86/0x230 [ 18.153507] kunit_try_run_case+0x1a5/0x480 [ 18.153537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.153565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.153594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.153622] ? __kthread_parkme+0x82/0x180 [ 18.153648] ? preempt_count_sub+0x50/0x80 [ 18.153677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.153705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.153733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.153763] kthread+0x337/0x6f0 [ 18.153798] ? trace_preempt_on+0x20/0xc0 [ 18.153827] ? __pfx_kthread+0x10/0x10 [ 18.153853] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.153879] ? calculate_sigpending+0x7b/0xa0 [ 18.153908] ? __pfx_kthread+0x10/0x10 [ 18.153934] ret_from_fork+0x116/0x1d0 [ 18.153959] ? __pfx_kthread+0x10/0x10 [ 18.153983] ret_from_fork_asm+0x1a/0x30 [ 18.154020] </TASK> [ 18.154035] [ 18.165174] Allocated by task 303: [ 18.165571] kasan_save_stack+0x45/0x70 [ 18.165772] kasan_save_track+0x18/0x40 [ 18.166022] kasan_save_alloc_info+0x3b/0x50 [ 18.166432] __kasan_kmalloc+0xb7/0xc0 [ 18.166726] __kmalloc_noprof+0x1c9/0x500 [ 18.166947] kunit_kmalloc_array+0x25/0x60 [ 18.167342] copy_user_test_oob+0xab/0x10f0 [ 18.167566] kunit_try_run_case+0x1a5/0x480 [ 18.167926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.168381] kthread+0x337/0x6f0 [ 18.168568] ret_from_fork+0x116/0x1d0 [ 18.168906] ret_from_fork_asm+0x1a/0x30 [ 18.169138] [ 18.169346] The buggy address belongs to the object at ffff888103929700 [ 18.169346] which belongs to the cache kmalloc-128 of size 128 [ 18.169909] The buggy address is located 0 bytes inside of [ 18.169909] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.170680] [ 18.170929] The buggy address belongs to the physical page: [ 18.171252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.171803] flags: 0x200000000000000(node=0|zone=2) [ 18.172159] page_type: f5(slab) [ 18.172318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.172865] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.173297] page dumped because: kasan: bad access detected [ 18.173691] [ 18.173832] Memory state around the buggy address: [ 18.174088] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.174618] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.175103] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.175469] ^ [ 18.175840] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.176383] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.176802] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 18.093062] ================================================================== [ 18.093485] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 18.093865] Read of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.094553] [ 18.094998] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.095163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.095183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.095211] Call Trace: [ 18.095233] <TASK> [ 18.095257] dump_stack_lvl+0x73/0xb0 [ 18.095296] print_report+0xd1/0x650 [ 18.095325] ? __virt_addr_valid+0x1db/0x2d0 [ 18.095354] ? _copy_to_user+0x3c/0x70 [ 18.095378] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.095406] ? _copy_to_user+0x3c/0x70 [ 18.095430] kasan_report+0x141/0x180 [ 18.095457] ? _copy_to_user+0x3c/0x70 [ 18.095487] kasan_check_range+0x10c/0x1c0 [ 18.095516] __kasan_check_read+0x15/0x20 [ 18.095542] _copy_to_user+0x3c/0x70 [ 18.095566] copy_user_test_oob+0x364/0x10f0 [ 18.095597] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.095624] ? finish_task_switch.isra.0+0x153/0x700 [ 18.095652] ? __switch_to+0x47/0xf50 [ 18.095682] ? __schedule+0x10cc/0x2b60 [ 18.095710] ? __pfx_read_tsc+0x10/0x10 [ 18.095736] ? ktime_get_ts64+0x86/0x230 [ 18.095764] kunit_try_run_case+0x1a5/0x480 [ 18.095807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.095833] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.095863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.095890] ? __kthread_parkme+0x82/0x180 [ 18.095916] ? preempt_count_sub+0x50/0x80 [ 18.095944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.095974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.096001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.096029] kthread+0x337/0x6f0 [ 18.096054] ? trace_preempt_on+0x20/0xc0 [ 18.096108] ? __pfx_kthread+0x10/0x10 [ 18.096134] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.096160] ? calculate_sigpending+0x7b/0xa0 [ 18.096188] ? __pfx_kthread+0x10/0x10 [ 18.096214] ret_from_fork+0x116/0x1d0 [ 18.096240] ? __pfx_kthread+0x10/0x10 [ 18.096266] ret_from_fork_asm+0x1a/0x30 [ 18.096304] </TASK> [ 18.096319] [ 18.107733] Allocated by task 303: [ 18.108256] kasan_save_stack+0x45/0x70 [ 18.108539] kasan_save_track+0x18/0x40 [ 18.108713] kasan_save_alloc_info+0x3b/0x50 [ 18.108974] __kasan_kmalloc+0xb7/0xc0 [ 18.109241] __kmalloc_noprof+0x1c9/0x500 [ 18.109513] kunit_kmalloc_array+0x25/0x60 [ 18.109743] copy_user_test_oob+0xab/0x10f0 [ 18.109954] kunit_try_run_case+0x1a5/0x480 [ 18.110216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.110583] kthread+0x337/0x6f0 [ 18.110773] ret_from_fork+0x116/0x1d0 [ 18.111018] ret_from_fork_asm+0x1a/0x30 [ 18.111254] [ 18.111376] The buggy address belongs to the object at ffff888103929700 [ 18.111376] which belongs to the cache kmalloc-128 of size 128 [ 18.112164] The buggy address is located 0 bytes inside of [ 18.112164] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.112686] [ 18.112782] The buggy address belongs to the physical page: [ 18.113120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.113510] flags: 0x200000000000000(node=0|zone=2) [ 18.113754] page_type: f5(slab) [ 18.113998] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.114387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.114959] page dumped because: kasan: bad access detected [ 18.115552] [ 18.115857] Memory state around the buggy address: [ 18.116287] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.116745] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.117353] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.117816] ^ [ 18.118461] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.118989] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.119570] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 18.058589] ================================================================== [ 18.059346] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 18.060579] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.061765] [ 18.062139] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.062210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.062328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.062360] Call Trace: [ 18.062380] <TASK> [ 18.062410] dump_stack_lvl+0x73/0xb0 [ 18.062456] print_report+0xd1/0x650 [ 18.062487] ? __virt_addr_valid+0x1db/0x2d0 [ 18.062520] ? _copy_from_user+0x32/0x90 [ 18.062544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.062572] ? _copy_from_user+0x32/0x90 [ 18.062596] kasan_report+0x141/0x180 [ 18.062623] ? _copy_from_user+0x32/0x90 [ 18.062651] kasan_check_range+0x10c/0x1c0 [ 18.062680] __kasan_check_write+0x18/0x20 [ 18.062704] _copy_from_user+0x32/0x90 [ 18.062730] copy_user_test_oob+0x2be/0x10f0 [ 18.062763] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.062802] ? finish_task_switch.isra.0+0x153/0x700 [ 18.062831] ? __switch_to+0x47/0xf50 [ 18.062864] ? __schedule+0x10cc/0x2b60 [ 18.062891] ? __pfx_read_tsc+0x10/0x10 [ 18.062918] ? ktime_get_ts64+0x86/0x230 [ 18.062949] kunit_try_run_case+0x1a5/0x480 [ 18.062978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.063004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.063034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.063063] ? __kthread_parkme+0x82/0x180 [ 18.063102] ? preempt_count_sub+0x50/0x80 [ 18.063131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.063161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.063189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.063219] kthread+0x337/0x6f0 [ 18.063244] ? trace_preempt_on+0x20/0xc0 [ 18.063274] ? __pfx_kthread+0x10/0x10 [ 18.063300] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.063326] ? calculate_sigpending+0x7b/0xa0 [ 18.063357] ? __pfx_kthread+0x10/0x10 [ 18.063383] ret_from_fork+0x116/0x1d0 [ 18.063408] ? __pfx_kthread+0x10/0x10 [ 18.063433] ret_from_fork_asm+0x1a/0x30 [ 18.063471] </TASK> [ 18.063489] [ 18.075343] Allocated by task 303: [ 18.075647] kasan_save_stack+0x45/0x70 [ 18.076037] kasan_save_track+0x18/0x40 [ 18.076485] kasan_save_alloc_info+0x3b/0x50 [ 18.076883] __kasan_kmalloc+0xb7/0xc0 [ 18.077098] __kmalloc_noprof+0x1c9/0x500 [ 18.077320] kunit_kmalloc_array+0x25/0x60 [ 18.077551] copy_user_test_oob+0xab/0x10f0 [ 18.077776] kunit_try_run_case+0x1a5/0x480 [ 18.077963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.078164] kthread+0x337/0x6f0 [ 18.078407] ret_from_fork+0x116/0x1d0 [ 18.078633] ret_from_fork_asm+0x1a/0x30 [ 18.078854] [ 18.078966] The buggy address belongs to the object at ffff888103929700 [ 18.078966] which belongs to the cache kmalloc-128 of size 128 [ 18.079485] The buggy address is located 0 bytes inside of [ 18.079485] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.080079] [ 18.080389] The buggy address belongs to the physical page: [ 18.080676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.081075] flags: 0x200000000000000(node=0|zone=2) [ 18.081944] page_type: f5(slab) [ 18.082296] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.082669] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.083037] page dumped because: kasan: bad access detected [ 18.083621] [ 18.083953] Memory state around the buggy address: [ 18.084476] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.084924] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.085508] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.086313] ^ [ 18.086666] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.087013] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.087703] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 18.006326] ================================================================== [ 18.007002] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 18.007693] Write of size 8 at addr ffff888103929678 by task kunit_try_catch/299 [ 18.008078] [ 18.008211] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.008282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.008301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.008343] Call Trace: [ 18.008361] <TASK> [ 18.008383] dump_stack_lvl+0x73/0xb0 [ 18.008422] print_report+0xd1/0x650 [ 18.008452] ? __virt_addr_valid+0x1db/0x2d0 [ 18.008484] ? copy_to_kernel_nofault+0x99/0x260 [ 18.008517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.008549] ? copy_to_kernel_nofault+0x99/0x260 [ 18.008582] kasan_report+0x141/0x180 [ 18.008611] ? copy_to_kernel_nofault+0x99/0x260 [ 18.008649] kasan_check_range+0x10c/0x1c0 [ 18.008680] __kasan_check_write+0x18/0x20 [ 18.008707] copy_to_kernel_nofault+0x99/0x260 [ 18.008741] copy_to_kernel_nofault_oob+0x288/0x560 [ 18.008774] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 18.009062] ? finish_task_switch.isra.0+0x153/0x700 [ 18.009116] ? __schedule+0x10cc/0x2b60 [ 18.009152] ? trace_hardirqs_on+0x37/0xe0 [ 18.009401] ? __pfx_read_tsc+0x10/0x10 [ 18.009450] ? ktime_get_ts64+0x86/0x230 [ 18.009483] kunit_try_run_case+0x1a5/0x480 [ 18.009517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.009549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.009584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.009619] ? __kthread_parkme+0x82/0x180 [ 18.009648] ? preempt_count_sub+0x50/0x80 [ 18.009680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.009713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.009747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.009783] kthread+0x337/0x6f0 [ 18.009820] ? trace_preempt_on+0x20/0xc0 [ 18.009849] ? __pfx_kthread+0x10/0x10 [ 18.009878] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.009908] ? calculate_sigpending+0x7b/0xa0 [ 18.009941] ? __pfx_kthread+0x10/0x10 [ 18.009970] ret_from_fork+0x116/0x1d0 [ 18.009997] ? __pfx_kthread+0x10/0x10 [ 18.010024] ret_from_fork_asm+0x1a/0x30 [ 18.010064] </TASK> [ 18.010081] [ 18.028124] Allocated by task 299: [ 18.028774] kasan_save_stack+0x45/0x70 [ 18.029049] kasan_save_track+0x18/0x40 [ 18.029508] kasan_save_alloc_info+0x3b/0x50 [ 18.029753] __kasan_kmalloc+0xb7/0xc0 [ 18.029971] __kmalloc_cache_noprof+0x189/0x420 [ 18.030659] copy_to_kernel_nofault_oob+0x12f/0x560 [ 18.031085] kunit_try_run_case+0x1a5/0x480 [ 18.031567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.032084] kthread+0x337/0x6f0 [ 18.032572] ret_from_fork+0x116/0x1d0 [ 18.032858] ret_from_fork_asm+0x1a/0x30 [ 18.033068] [ 18.033464] The buggy address belongs to the object at ffff888103929600 [ 18.033464] which belongs to the cache kmalloc-128 of size 128 [ 18.034360] The buggy address is located 0 bytes to the right of [ 18.034360] allocated 120-byte region [ffff888103929600, ffff888103929678) [ 18.034983] [ 18.035388] The buggy address belongs to the physical page: [ 18.035727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.036562] flags: 0x200000000000000(node=0|zone=2) [ 18.036852] page_type: f5(slab) [ 18.037040] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.037712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.038695] page dumped because: kasan: bad access detected [ 18.038921] [ 18.039007] Memory state around the buggy address: [ 18.039333] ffff888103929500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.039736] ffff888103929580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.040009] >ffff888103929600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.040395] ^ [ 18.040684] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.041269] ffff888103929700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.041601] ================================================================== [ 17.973357] ================================================================== [ 17.973914] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 17.974377] Read of size 8 at addr ffff888103929678 by task kunit_try_catch/299 [ 17.974752] [ 17.974914] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.974975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.974992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.975021] Call Trace: [ 17.975039] <TASK> [ 17.975065] dump_stack_lvl+0x73/0xb0 [ 17.975109] print_report+0xd1/0x650 [ 17.975140] ? __virt_addr_valid+0x1db/0x2d0 [ 17.975171] ? copy_to_kernel_nofault+0x225/0x260 [ 17.975200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.975227] ? copy_to_kernel_nofault+0x225/0x260 [ 17.975285] kasan_report+0x141/0x180 [ 17.975313] ? copy_to_kernel_nofault+0x225/0x260 [ 17.975347] __asan_report_load8_noabort+0x18/0x20 [ 17.975392] copy_to_kernel_nofault+0x225/0x260 [ 17.975422] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 17.975451] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 17.975479] ? finish_task_switch.isra.0+0x153/0x700 [ 17.975508] ? __schedule+0x10cc/0x2b60 [ 17.975536] ? trace_hardirqs_on+0x37/0xe0 [ 17.975574] ? __pfx_read_tsc+0x10/0x10 [ 17.975602] ? ktime_get_ts64+0x86/0x230 [ 17.975632] kunit_try_run_case+0x1a5/0x480 [ 17.975663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.975690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.975722] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.975750] ? __kthread_parkme+0x82/0x180 [ 17.975778] ? preempt_count_sub+0x50/0x80 [ 17.975818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.975847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.975874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.975902] kthread+0x337/0x6f0 [ 17.975926] ? trace_preempt_on+0x20/0xc0 [ 17.975953] ? __pfx_kthread+0x10/0x10 [ 17.975992] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.976017] ? calculate_sigpending+0x7b/0xa0 [ 17.976048] ? __pfx_kthread+0x10/0x10 [ 17.976106] ret_from_fork+0x116/0x1d0 [ 17.976130] ? __pfx_kthread+0x10/0x10 [ 17.976166] ret_from_fork_asm+0x1a/0x30 [ 17.976204] </TASK> [ 17.976221] [ 17.988882] Allocated by task 299: [ 17.989350] kasan_save_stack+0x45/0x70 [ 17.989736] kasan_save_track+0x18/0x40 [ 17.990111] kasan_save_alloc_info+0x3b/0x50 [ 17.990525] __kasan_kmalloc+0xb7/0xc0 [ 17.990731] __kmalloc_cache_noprof+0x189/0x420 [ 17.990980] copy_to_kernel_nofault_oob+0x12f/0x560 [ 17.991483] kunit_try_run_case+0x1a5/0x480 [ 17.991884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.992409] kthread+0x337/0x6f0 [ 17.992759] ret_from_fork+0x116/0x1d0 [ 17.992986] ret_from_fork_asm+0x1a/0x30 [ 17.993543] [ 17.993672] The buggy address belongs to the object at ffff888103929600 [ 17.993672] which belongs to the cache kmalloc-128 of size 128 [ 17.994695] The buggy address is located 0 bytes to the right of [ 17.994695] allocated 120-byte region [ffff888103929600, ffff888103929678) [ 17.995831] [ 17.995953] The buggy address belongs to the physical page: [ 17.996574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 17.997359] flags: 0x200000000000000(node=0|zone=2) [ 17.997855] page_type: f5(slab) [ 17.998052] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.998899] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.999496] page dumped because: kasan: bad access detected [ 18.000025] [ 18.000452] Memory state around the buggy address: [ 18.000957] ffff888103929500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.001560] ffff888103929580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.002399] >ffff888103929600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.002948] ^ [ 18.003645] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.004411] ffff888103929700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.004796] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 16.684351] ================================================================== [ 16.684727] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 16.685597] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.686107] [ 16.686278] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.686338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.686354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.686537] Call Trace: [ 16.686566] <TASK> [ 16.686591] dump_stack_lvl+0x73/0xb0 [ 16.686633] print_report+0xd1/0x650 [ 16.686663] ? __virt_addr_valid+0x1db/0x2d0 [ 16.686692] ? kasan_atomics_helper+0x992/0x5450 [ 16.686719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.686747] ? kasan_atomics_helper+0x992/0x5450 [ 16.686773] kasan_report+0x141/0x180 [ 16.686815] ? kasan_atomics_helper+0x992/0x5450 [ 16.686848] kasan_check_range+0x10c/0x1c0 [ 16.686878] __kasan_check_write+0x18/0x20 [ 16.686901] kasan_atomics_helper+0x992/0x5450 [ 16.686929] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.686956] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.686986] ? kasan_atomics+0x152/0x310 [ 16.687018] kasan_atomics+0x1dc/0x310 [ 16.687045] ? __pfx_kasan_atomics+0x10/0x10 [ 16.687075] ? __pfx_read_tsc+0x10/0x10 [ 16.687116] ? ktime_get_ts64+0x86/0x230 [ 16.687148] kunit_try_run_case+0x1a5/0x480 [ 16.687180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.687208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.687238] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.687267] ? __kthread_parkme+0x82/0x180 [ 16.687293] ? preempt_count_sub+0x50/0x80 [ 16.687323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.687351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.687379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.687407] kthread+0x337/0x6f0 [ 16.687431] ? trace_preempt_on+0x20/0xc0 [ 16.687461] ? __pfx_kthread+0x10/0x10 [ 16.687486] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.687512] ? calculate_sigpending+0x7b/0xa0 [ 16.687541] ? __pfx_kthread+0x10/0x10 [ 16.687568] ret_from_fork+0x116/0x1d0 [ 16.687591] ? __pfx_kthread+0x10/0x10 [ 16.687616] ret_from_fork_asm+0x1a/0x30 [ 16.687654] </TASK> [ 16.687670] [ 16.699047] Allocated by task 283: [ 16.699403] kasan_save_stack+0x45/0x70 [ 16.699589] kasan_save_track+0x18/0x40 [ 16.699940] kasan_save_alloc_info+0x3b/0x50 [ 16.700214] __kasan_kmalloc+0xb7/0xc0 [ 16.700429] __kmalloc_cache_noprof+0x189/0x420 [ 16.700651] kasan_atomics+0x95/0x310 [ 16.700872] kunit_try_run_case+0x1a5/0x480 [ 16.701099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.701690] kthread+0x337/0x6f0 [ 16.701898] ret_from_fork+0x116/0x1d0 [ 16.702280] ret_from_fork_asm+0x1a/0x30 [ 16.702517] [ 16.702759] The buggy address belongs to the object at ffff88810392bb00 [ 16.702759] which belongs to the cache kmalloc-64 of size 64 [ 16.703413] The buggy address is located 0 bytes to the right of [ 16.703413] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.704174] [ 16.704486] The buggy address belongs to the physical page: [ 16.704859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.705353] flags: 0x200000000000000(node=0|zone=2) [ 16.705594] page_type: f5(slab) [ 16.705807] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.706451] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.706816] page dumped because: kasan: bad access detected [ 16.707194] [ 16.707283] Memory state around the buggy address: [ 16.707530] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.708034] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.708511] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.708853] ^ [ 16.709086] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.709626] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.710094] ================================================================== [ 16.970483] ================================================================== [ 16.970881] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 16.971330] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.971648] [ 16.971753] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.971817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.971832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.971860] Call Trace: [ 16.971882] <TASK> [ 16.971903] dump_stack_lvl+0x73/0xb0 [ 16.971936] print_report+0xd1/0x650 [ 16.971964] ? __virt_addr_valid+0x1db/0x2d0 [ 16.971992] ? kasan_atomics_helper+0x1079/0x5450 [ 16.972018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.972044] ? kasan_atomics_helper+0x1079/0x5450 [ 16.972070] kasan_report+0x141/0x180 [ 16.972110] ? kasan_atomics_helper+0x1079/0x5450 [ 16.972143] kasan_check_range+0x10c/0x1c0 [ 16.972172] __kasan_check_write+0x18/0x20 [ 16.972195] kasan_atomics_helper+0x1079/0x5450 [ 16.972223] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.972249] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.972280] ? kasan_atomics+0x152/0x310 [ 16.972312] kasan_atomics+0x1dc/0x310 [ 16.972340] ? __pfx_kasan_atomics+0x10/0x10 [ 16.972370] ? __pfx_read_tsc+0x10/0x10 [ 16.972396] ? ktime_get_ts64+0x86/0x230 [ 16.972425] kunit_try_run_case+0x1a5/0x480 [ 16.972454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.972481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.972510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.972538] ? __kthread_parkme+0x82/0x180 [ 16.972564] ? preempt_count_sub+0x50/0x80 [ 16.972592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.972620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.972649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.972676] kthread+0x337/0x6f0 [ 16.972702] ? trace_preempt_on+0x20/0xc0 [ 16.972732] ? __pfx_kthread+0x10/0x10 [ 16.972757] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.972783] ? calculate_sigpending+0x7b/0xa0 [ 16.972826] ? __pfx_kthread+0x10/0x10 [ 16.972853] ret_from_fork+0x116/0x1d0 [ 16.972877] ? __pfx_kthread+0x10/0x10 [ 16.972903] ret_from_fork_asm+0x1a/0x30 [ 16.972939] </TASK> [ 16.972954] [ 16.981550] Allocated by task 283: [ 16.981755] kasan_save_stack+0x45/0x70 [ 16.981980] kasan_save_track+0x18/0x40 [ 16.982243] kasan_save_alloc_info+0x3b/0x50 [ 16.982450] __kasan_kmalloc+0xb7/0xc0 [ 16.982672] __kmalloc_cache_noprof+0x189/0x420 [ 16.982918] kasan_atomics+0x95/0x310 [ 16.983125] kunit_try_run_case+0x1a5/0x480 [ 16.983299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.983500] kthread+0x337/0x6f0 [ 16.983649] ret_from_fork+0x116/0x1d0 [ 16.983962] ret_from_fork_asm+0x1a/0x30 [ 16.984190] [ 16.984349] The buggy address belongs to the object at ffff88810392bb00 [ 16.984349] which belongs to the cache kmalloc-64 of size 64 [ 16.984910] The buggy address is located 0 bytes to the right of [ 16.984910] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.985601] [ 16.985698] The buggy address belongs to the physical page: [ 16.985908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.986183] flags: 0x200000000000000(node=0|zone=2) [ 16.986372] page_type: f5(slab) [ 16.986512] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.986957] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.987654] page dumped because: kasan: bad access detected [ 16.988053] [ 16.988198] Memory state around the buggy address: [ 16.988384] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.988639] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.988903] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.989305] ^ [ 16.989577] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.989973] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.990696] ================================================================== [ 17.318540] ================================================================== [ 17.318876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 17.319527] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.319955] [ 17.320117] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.320210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.320226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.320255] Call Trace: [ 17.320278] <TASK> [ 17.320331] dump_stack_lvl+0x73/0xb0 [ 17.320368] print_report+0xd1/0x650 [ 17.320395] ? __virt_addr_valid+0x1db/0x2d0 [ 17.320423] ? kasan_atomics_helper+0x164f/0x5450 [ 17.320450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.320477] ? kasan_atomics_helper+0x164f/0x5450 [ 17.320538] kasan_report+0x141/0x180 [ 17.320565] ? kasan_atomics_helper+0x164f/0x5450 [ 17.320597] kasan_check_range+0x10c/0x1c0 [ 17.320625] __kasan_check_write+0x18/0x20 [ 17.320648] kasan_atomics_helper+0x164f/0x5450 [ 17.320676] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.320703] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.320733] ? kasan_atomics+0x152/0x310 [ 17.320766] kasan_atomics+0x1dc/0x310 [ 17.320805] ? __pfx_kasan_atomics+0x10/0x10 [ 17.320835] ? __pfx_read_tsc+0x10/0x10 [ 17.320861] ? ktime_get_ts64+0x86/0x230 [ 17.320891] kunit_try_run_case+0x1a5/0x480 [ 17.320920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.320947] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.320977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.321005] ? __kthread_parkme+0x82/0x180 [ 17.321032] ? preempt_count_sub+0x50/0x80 [ 17.321062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.321146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.321174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.321203] kthread+0x337/0x6f0 [ 17.321228] ? trace_preempt_on+0x20/0xc0 [ 17.321257] ? __pfx_kthread+0x10/0x10 [ 17.321283] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.321309] ? calculate_sigpending+0x7b/0xa0 [ 17.321344] ? __pfx_kthread+0x10/0x10 [ 17.321371] ret_from_fork+0x116/0x1d0 [ 17.321394] ? __pfx_kthread+0x10/0x10 [ 17.321420] ret_from_fork_asm+0x1a/0x30 [ 17.321458] </TASK> [ 17.321473] [ 17.330800] Allocated by task 283: [ 17.331021] kasan_save_stack+0x45/0x70 [ 17.331324] kasan_save_track+0x18/0x40 [ 17.331558] kasan_save_alloc_info+0x3b/0x50 [ 17.331733] __kasan_kmalloc+0xb7/0xc0 [ 17.331902] __kmalloc_cache_noprof+0x189/0x420 [ 17.332268] kasan_atomics+0x95/0x310 [ 17.332563] kunit_try_run_case+0x1a5/0x480 [ 17.332857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.333228] kthread+0x337/0x6f0 [ 17.333428] ret_from_fork+0x116/0x1d0 [ 17.333591] ret_from_fork_asm+0x1a/0x30 [ 17.333878] [ 17.334000] The buggy address belongs to the object at ffff88810392bb00 [ 17.334000] which belongs to the cache kmalloc-64 of size 64 [ 17.334657] The buggy address is located 0 bytes to the right of [ 17.334657] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.335375] [ 17.335497] The buggy address belongs to the physical page: [ 17.335811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.336288] flags: 0x200000000000000(node=0|zone=2) [ 17.336499] page_type: f5(slab) [ 17.336642] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.337053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.337494] page dumped because: kasan: bad access detected [ 17.337804] [ 17.337909] Memory state around the buggy address: [ 17.338255] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.338626] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.338997] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.339418] ^ [ 17.339680] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.340020] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.340385] ================================================================== [ 16.873199] ================================================================== [ 16.873667] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 16.874067] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.874418] [ 16.874567] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.874614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.874630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.874656] Call Trace: [ 16.874676] <TASK> [ 16.874696] dump_stack_lvl+0x73/0xb0 [ 16.874731] print_report+0xd1/0x650 [ 16.874758] ? __virt_addr_valid+0x1db/0x2d0 [ 16.874786] ? kasan_atomics_helper+0xe78/0x5450 [ 16.874828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.874855] ? kasan_atomics_helper+0xe78/0x5450 [ 16.874881] kasan_report+0x141/0x180 [ 16.874908] ? kasan_atomics_helper+0xe78/0x5450 [ 16.874940] kasan_check_range+0x10c/0x1c0 [ 16.874970] __kasan_check_write+0x18/0x20 [ 16.874993] kasan_atomics_helper+0xe78/0x5450 [ 16.875023] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.875050] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.875080] ? kasan_atomics+0x152/0x310 [ 16.875125] kasan_atomics+0x1dc/0x310 [ 16.875152] ? __pfx_kasan_atomics+0x10/0x10 [ 16.875182] ? __pfx_read_tsc+0x10/0x10 [ 16.875207] ? ktime_get_ts64+0x86/0x230 [ 16.875236] kunit_try_run_case+0x1a5/0x480 [ 16.875265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.875291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.875321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.875349] ? __kthread_parkme+0x82/0x180 [ 16.875374] ? preempt_count_sub+0x50/0x80 [ 16.875402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.875430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.875459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.875486] kthread+0x337/0x6f0 [ 16.875510] ? trace_preempt_on+0x20/0xc0 [ 16.875539] ? __pfx_kthread+0x10/0x10 [ 16.875563] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.875588] ? calculate_sigpending+0x7b/0xa0 [ 16.875617] ? __pfx_kthread+0x10/0x10 [ 16.875643] ret_from_fork+0x116/0x1d0 [ 16.875665] ? __pfx_kthread+0x10/0x10 [ 16.875690] ret_from_fork_asm+0x1a/0x30 [ 16.875727] </TASK> [ 16.875741] [ 16.884115] Allocated by task 283: [ 16.884279] kasan_save_stack+0x45/0x70 [ 16.884449] kasan_save_track+0x18/0x40 [ 16.884619] kasan_save_alloc_info+0x3b/0x50 [ 16.884879] __kasan_kmalloc+0xb7/0xc0 [ 16.885104] __kmalloc_cache_noprof+0x189/0x420 [ 16.885372] kasan_atomics+0x95/0x310 [ 16.885594] kunit_try_run_case+0x1a5/0x480 [ 16.885843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.886360] kthread+0x337/0x6f0 [ 16.886516] ret_from_fork+0x116/0x1d0 [ 16.886715] ret_from_fork_asm+0x1a/0x30 [ 16.886893] [ 16.886977] The buggy address belongs to the object at ffff88810392bb00 [ 16.886977] which belongs to the cache kmalloc-64 of size 64 [ 16.887413] The buggy address is located 0 bytes to the right of [ 16.887413] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.888512] [ 16.888628] The buggy address belongs to the physical page: [ 16.888905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.889287] flags: 0x200000000000000(node=0|zone=2) [ 16.889544] page_type: f5(slab) [ 16.889731] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.890080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.890470] page dumped because: kasan: bad access detected [ 16.890735] [ 16.890838] Memory state around the buggy address: [ 16.891088] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.891408] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.891760] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.892107] ^ [ 16.892325] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.892579] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.892898] ================================================================== [ 16.852921] ================================================================== [ 16.853225] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 16.853683] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.853984] [ 16.854118] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.854170] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.854189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.854218] Call Trace: [ 16.854238] <TASK> [ 16.854260] dump_stack_lvl+0x73/0xb0 [ 16.854295] print_report+0xd1/0x650 [ 16.854323] ? __virt_addr_valid+0x1db/0x2d0 [ 16.854350] ? kasan_atomics_helper+0xde0/0x5450 [ 16.854376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.854402] ? kasan_atomics_helper+0xde0/0x5450 [ 16.854428] kasan_report+0x141/0x180 [ 16.854454] ? kasan_atomics_helper+0xde0/0x5450 [ 16.854485] kasan_check_range+0x10c/0x1c0 [ 16.854513] __kasan_check_write+0x18/0x20 [ 16.854536] kasan_atomics_helper+0xde0/0x5450 [ 16.854563] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.854589] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.854619] ? kasan_atomics+0x152/0x310 [ 16.854651] kasan_atomics+0x1dc/0x310 [ 16.854678] ? __pfx_kasan_atomics+0x10/0x10 [ 16.854708] ? __pfx_read_tsc+0x10/0x10 [ 16.854733] ? ktime_get_ts64+0x86/0x230 [ 16.854762] kunit_try_run_case+0x1a5/0x480 [ 16.854806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.854833] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.854863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.854891] ? __kthread_parkme+0x82/0x180 [ 16.854916] ? preempt_count_sub+0x50/0x80 [ 16.854946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.854976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.855004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.855033] kthread+0x337/0x6f0 [ 16.855057] ? trace_preempt_on+0x20/0xc0 [ 16.855085] ? __pfx_kthread+0x10/0x10 [ 16.855111] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.855136] ? calculate_sigpending+0x7b/0xa0 [ 16.855166] ? __pfx_kthread+0x10/0x10 [ 16.855192] ret_from_fork+0x116/0x1d0 [ 16.855216] ? __pfx_kthread+0x10/0x10 [ 16.855241] ret_from_fork_asm+0x1a/0x30 [ 16.855278] </TASK> [ 16.855294] [ 16.863826] Allocated by task 283: [ 16.863999] kasan_save_stack+0x45/0x70 [ 16.864354] kasan_save_track+0x18/0x40 [ 16.864543] kasan_save_alloc_info+0x3b/0x50 [ 16.864732] __kasan_kmalloc+0xb7/0xc0 [ 16.864890] __kmalloc_cache_noprof+0x189/0x420 [ 16.865064] kasan_atomics+0x95/0x310 [ 16.865254] kunit_try_run_case+0x1a5/0x480 [ 16.865499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.865781] kthread+0x337/0x6f0 [ 16.866000] ret_from_fork+0x116/0x1d0 [ 16.866215] ret_from_fork_asm+0x1a/0x30 [ 16.866480] [ 16.866560] The buggy address belongs to the object at ffff88810392bb00 [ 16.866560] which belongs to the cache kmalloc-64 of size 64 [ 16.866960] The buggy address is located 0 bytes to the right of [ 16.866960] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.867972] [ 16.868060] The buggy address belongs to the physical page: [ 16.868368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.868647] flags: 0x200000000000000(node=0|zone=2) [ 16.868854] page_type: f5(slab) [ 16.869049] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.869730] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.870115] page dumped because: kasan: bad access detected [ 16.870307] [ 16.870387] Memory state around the buggy address: [ 16.870558] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.870898] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.871373] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.871626] ^ [ 16.871807] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.872274] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.872636] ================================================================== [ 16.425739] ================================================================== [ 16.426172] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 16.426849] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.427587] [ 16.427899] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.428129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.428359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.428402] Call Trace: [ 16.428425] <TASK> [ 16.428448] dump_stack_lvl+0x73/0xb0 [ 16.428491] print_report+0xd1/0x650 [ 16.428519] ? __virt_addr_valid+0x1db/0x2d0 [ 16.428551] ? kasan_atomics_helper+0x4b54/0x5450 [ 16.428579] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.428611] ? kasan_atomics_helper+0x4b54/0x5450 [ 16.428641] kasan_report+0x141/0x180 [ 16.428671] ? kasan_atomics_helper+0x4b54/0x5450 [ 16.428705] __asan_report_load4_noabort+0x18/0x20 [ 16.428738] kasan_atomics_helper+0x4b54/0x5450 [ 16.428769] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.428816] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.428851] ? kasan_atomics+0x152/0x310 [ 16.428885] kasan_atomics+0x1dc/0x310 [ 16.428914] ? __pfx_kasan_atomics+0x10/0x10 [ 16.428945] ? __pfx_read_tsc+0x10/0x10 [ 16.428973] ? ktime_get_ts64+0x86/0x230 [ 16.429004] kunit_try_run_case+0x1a5/0x480 [ 16.429035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.429066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.429098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.429129] ? __kthread_parkme+0x82/0x180 [ 16.429157] ? preempt_count_sub+0x50/0x80 [ 16.429188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.429221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.429253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.429287] kthread+0x337/0x6f0 [ 16.429311] ? trace_preempt_on+0x20/0xc0 [ 16.429349] ? __pfx_kthread+0x10/0x10 [ 16.429377] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.429407] ? calculate_sigpending+0x7b/0xa0 [ 16.429439] ? __pfx_kthread+0x10/0x10 [ 16.429467] ret_from_fork+0x116/0x1d0 [ 16.429492] ? __pfx_kthread+0x10/0x10 [ 16.429519] ret_from_fork_asm+0x1a/0x30 [ 16.429558] </TASK> [ 16.429573] [ 16.442243] Allocated by task 283: [ 16.442576] kasan_save_stack+0x45/0x70 [ 16.442971] kasan_save_track+0x18/0x40 [ 16.443401] kasan_save_alloc_info+0x3b/0x50 [ 16.443760] __kasan_kmalloc+0xb7/0xc0 [ 16.444031] __kmalloc_cache_noprof+0x189/0x420 [ 16.444554] kasan_atomics+0x95/0x310 [ 16.444812] kunit_try_run_case+0x1a5/0x480 [ 16.445253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.445561] kthread+0x337/0x6f0 [ 16.445753] ret_from_fork+0x116/0x1d0 [ 16.446233] ret_from_fork_asm+0x1a/0x30 [ 16.446504] [ 16.446619] The buggy address belongs to the object at ffff88810392bb00 [ 16.446619] which belongs to the cache kmalloc-64 of size 64 [ 16.447632] The buggy address is located 0 bytes to the right of [ 16.447632] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.448460] [ 16.448564] The buggy address belongs to the physical page: [ 16.448878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.449648] flags: 0x200000000000000(node=0|zone=2) [ 16.450107] page_type: f5(slab) [ 16.450259] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.450711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.451334] page dumped because: kasan: bad access detected [ 16.451661] [ 16.451769] Memory state around the buggy address: [ 16.452006] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.452684] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.453180] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.453490] ^ [ 16.453765] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.454421] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.454742] ================================================================== [ 16.575523] ================================================================== [ 16.576039] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 16.576477] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.576871] [ 16.577099] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.577205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.577298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.577326] Call Trace: [ 16.577350] <TASK> [ 16.577384] dump_stack_lvl+0x73/0xb0 [ 16.577421] print_report+0xd1/0x650 [ 16.577448] ? __virt_addr_valid+0x1db/0x2d0 [ 16.577477] ? kasan_atomics_helper+0x72f/0x5450 [ 16.577503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.577581] ? kasan_atomics_helper+0x72f/0x5450 [ 16.577610] kasan_report+0x141/0x180 [ 16.577651] ? kasan_atomics_helper+0x72f/0x5450 [ 16.577725] kasan_check_range+0x10c/0x1c0 [ 16.577755] __kasan_check_write+0x18/0x20 [ 16.577801] kasan_atomics_helper+0x72f/0x5450 [ 16.577829] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.577856] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.577887] ? kasan_atomics+0x152/0x310 [ 16.577920] kasan_atomics+0x1dc/0x310 [ 16.577948] ? __pfx_kasan_atomics+0x10/0x10 [ 16.577978] ? __pfx_read_tsc+0x10/0x10 [ 16.578005] ? ktime_get_ts64+0x86/0x230 [ 16.578036] kunit_try_run_case+0x1a5/0x480 [ 16.578091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.578118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.578147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.578175] ? __kthread_parkme+0x82/0x180 [ 16.578200] ? preempt_count_sub+0x50/0x80 [ 16.578229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.578258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.578285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.578314] kthread+0x337/0x6f0 [ 16.578339] ? trace_preempt_on+0x20/0xc0 [ 16.578369] ? __pfx_kthread+0x10/0x10 [ 16.578394] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.578421] ? calculate_sigpending+0x7b/0xa0 [ 16.578449] ? __pfx_kthread+0x10/0x10 [ 16.578475] ret_from_fork+0x116/0x1d0 [ 16.578497] ? __pfx_kthread+0x10/0x10 [ 16.578524] ret_from_fork_asm+0x1a/0x30 [ 16.578561] </TASK> [ 16.578576] [ 16.588962] Allocated by task 283: [ 16.589272] kasan_save_stack+0x45/0x70 [ 16.589607] kasan_save_track+0x18/0x40 [ 16.589856] kasan_save_alloc_info+0x3b/0x50 [ 16.590258] __kasan_kmalloc+0xb7/0xc0 [ 16.590483] __kmalloc_cache_noprof+0x189/0x420 [ 16.590688] kasan_atomics+0x95/0x310 [ 16.591004] kunit_try_run_case+0x1a5/0x480 [ 16.591339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.591665] kthread+0x337/0x6f0 [ 16.591850] ret_from_fork+0x116/0x1d0 [ 16.592216] ret_from_fork_asm+0x1a/0x30 [ 16.592395] [ 16.592576] The buggy address belongs to the object at ffff88810392bb00 [ 16.592576] which belongs to the cache kmalloc-64 of size 64 [ 16.593345] The buggy address is located 0 bytes to the right of [ 16.593345] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.593978] [ 16.594185] The buggy address belongs to the physical page: [ 16.594461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.594956] flags: 0x200000000000000(node=0|zone=2) [ 16.595253] page_type: f5(slab) [ 16.595465] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.595986] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.596463] page dumped because: kasan: bad access detected [ 16.596800] [ 16.596908] Memory state around the buggy address: [ 16.597321] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.597690] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.598056] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.598448] ^ [ 16.598693] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599036] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599426] ================================================================== [ 16.923405] ================================================================== [ 16.923776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 16.924165] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.924584] [ 16.924699] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.924754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.924773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.924821] Call Trace: [ 16.924846] <TASK> [ 16.924870] dump_stack_lvl+0x73/0xb0 [ 16.924909] print_report+0xd1/0x650 [ 16.924939] ? __virt_addr_valid+0x1db/0x2d0 [ 16.924970] ? kasan_atomics_helper+0xfa9/0x5450 [ 16.924997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.925024] ? kasan_atomics_helper+0xfa9/0x5450 [ 16.925052] kasan_report+0x141/0x180 [ 16.925080] ? kasan_atomics_helper+0xfa9/0x5450 [ 16.925112] kasan_check_range+0x10c/0x1c0 [ 16.925141] __kasan_check_write+0x18/0x20 [ 16.925166] kasan_atomics_helper+0xfa9/0x5450 [ 16.925193] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.925220] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.925251] ? kasan_atomics+0x152/0x310 [ 16.925284] kasan_atomics+0x1dc/0x310 [ 16.925312] ? __pfx_kasan_atomics+0x10/0x10 [ 16.925347] ? __pfx_read_tsc+0x10/0x10 [ 16.925374] ? ktime_get_ts64+0x86/0x230 [ 16.925404] kunit_try_run_case+0x1a5/0x480 [ 16.925433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.925461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.925490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.925521] ? __kthread_parkme+0x82/0x180 [ 16.925548] ? preempt_count_sub+0x50/0x80 [ 16.925578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.925607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.925635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.925664] kthread+0x337/0x6f0 [ 16.925687] ? trace_preempt_on+0x20/0xc0 [ 16.925717] ? __pfx_kthread+0x10/0x10 [ 16.925742] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.925768] ? calculate_sigpending+0x7b/0xa0 [ 16.925808] ? __pfx_kthread+0x10/0x10 [ 16.925835] ret_from_fork+0x116/0x1d0 [ 16.925859] ? __pfx_kthread+0x10/0x10 [ 16.925884] ret_from_fork_asm+0x1a/0x30 [ 16.925922] </TASK> [ 16.925940] [ 16.936998] Allocated by task 283: [ 16.937569] kasan_save_stack+0x45/0x70 [ 16.937759] kasan_save_track+0x18/0x40 [ 16.938159] kasan_save_alloc_info+0x3b/0x50 [ 16.938487] __kasan_kmalloc+0xb7/0xc0 [ 16.938780] __kmalloc_cache_noprof+0x189/0x420 [ 16.939118] kasan_atomics+0x95/0x310 [ 16.939487] kunit_try_run_case+0x1a5/0x480 [ 16.939817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.940192] kthread+0x337/0x6f0 [ 16.940347] ret_from_fork+0x116/0x1d0 [ 16.940569] ret_from_fork_asm+0x1a/0x30 [ 16.940785] [ 16.940915] The buggy address belongs to the object at ffff88810392bb00 [ 16.940915] which belongs to the cache kmalloc-64 of size 64 [ 16.941757] The buggy address is located 0 bytes to the right of [ 16.941757] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.942610] [ 16.942712] The buggy address belongs to the physical page: [ 16.943183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.943554] flags: 0x200000000000000(node=0|zone=2) [ 16.943944] page_type: f5(slab) [ 16.944212] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.944576] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.944971] page dumped because: kasan: bad access detected [ 16.945467] [ 16.945592] Memory state around the buggy address: [ 16.945918] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.946414] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.946836] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.947334] ^ [ 16.947719] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.948167] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.948599] ================================================================== [ 17.341329] ================================================================== [ 17.341785] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 17.342263] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.342691] [ 17.342829] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.342922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.342939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.342966] Call Trace: [ 17.342988] <TASK> [ 17.343010] dump_stack_lvl+0x73/0xb0 [ 17.343107] print_report+0xd1/0x650 [ 17.343136] ? __virt_addr_valid+0x1db/0x2d0 [ 17.343163] ? kasan_atomics_helper+0x16e7/0x5450 [ 17.343189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.343253] ? kasan_atomics_helper+0x16e7/0x5450 [ 17.343279] kasan_report+0x141/0x180 [ 17.343308] ? kasan_atomics_helper+0x16e7/0x5450 [ 17.343339] kasan_check_range+0x10c/0x1c0 [ 17.343367] __kasan_check_write+0x18/0x20 [ 17.343422] kasan_atomics_helper+0x16e7/0x5450 [ 17.343450] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.343477] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.343508] ? kasan_atomics+0x152/0x310 [ 17.343540] kasan_atomics+0x1dc/0x310 [ 17.343568] ? __pfx_kasan_atomics+0x10/0x10 [ 17.343598] ? __pfx_read_tsc+0x10/0x10 [ 17.343623] ? ktime_get_ts64+0x86/0x230 [ 17.343708] kunit_try_run_case+0x1a5/0x480 [ 17.343739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.343765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.343804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.343833] ? __kthread_parkme+0x82/0x180 [ 17.343860] ? preempt_count_sub+0x50/0x80 [ 17.343889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.343918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.343945] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.343974] kthread+0x337/0x6f0 [ 17.343999] ? trace_preempt_on+0x20/0xc0 [ 17.344027] ? __pfx_kthread+0x10/0x10 [ 17.344054] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.344103] ? calculate_sigpending+0x7b/0xa0 [ 17.344133] ? __pfx_kthread+0x10/0x10 [ 17.344159] ret_from_fork+0x116/0x1d0 [ 17.344182] ? __pfx_kthread+0x10/0x10 [ 17.344209] ret_from_fork_asm+0x1a/0x30 [ 17.344250] </TASK> [ 17.344267] [ 17.353685] Allocated by task 283: [ 17.353913] kasan_save_stack+0x45/0x70 [ 17.354219] kasan_save_track+0x18/0x40 [ 17.354480] kasan_save_alloc_info+0x3b/0x50 [ 17.354747] __kasan_kmalloc+0xb7/0xc0 [ 17.355015] __kmalloc_cache_noprof+0x189/0x420 [ 17.355336] kasan_atomics+0x95/0x310 [ 17.355540] kunit_try_run_case+0x1a5/0x480 [ 17.355774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.356100] kthread+0x337/0x6f0 [ 17.356330] ret_from_fork+0x116/0x1d0 [ 17.356596] ret_from_fork_asm+0x1a/0x30 [ 17.356854] [ 17.357216] The buggy address belongs to the object at ffff88810392bb00 [ 17.357216] which belongs to the cache kmalloc-64 of size 64 [ 17.357917] The buggy address is located 0 bytes to the right of [ 17.357917] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.358476] [ 17.358569] The buggy address belongs to the physical page: [ 17.358770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.359264] flags: 0x200000000000000(node=0|zone=2) [ 17.359610] page_type: f5(slab) [ 17.359932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.360402] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.360739] page dumped because: kasan: bad access detected [ 17.361033] [ 17.361233] Memory state around the buggy address: [ 17.361519] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.361898] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.362240] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.362500] ^ [ 17.362806] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.363241] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.363598] ================================================================== [ 16.829929] ================================================================== [ 16.830803] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 16.831877] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.832596] [ 16.832831] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.832885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.832903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.832932] Call Trace: [ 16.832954] <TASK> [ 16.832977] dump_stack_lvl+0x73/0xb0 [ 16.833014] print_report+0xd1/0x650 [ 16.833042] ? __virt_addr_valid+0x1db/0x2d0 [ 16.833071] ? kasan_atomics_helper+0xd47/0x5450 [ 16.833096] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.833122] ? kasan_atomics_helper+0xd47/0x5450 [ 16.833148] kasan_report+0x141/0x180 [ 16.833175] ? kasan_atomics_helper+0xd47/0x5450 [ 16.833206] kasan_check_range+0x10c/0x1c0 [ 16.833234] __kasan_check_write+0x18/0x20 [ 16.833259] kasan_atomics_helper+0xd47/0x5450 [ 16.833287] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.833315] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.833350] ? kasan_atomics+0x152/0x310 [ 16.833382] kasan_atomics+0x1dc/0x310 [ 16.833410] ? __pfx_kasan_atomics+0x10/0x10 [ 16.833439] ? __pfx_read_tsc+0x10/0x10 [ 16.833465] ? ktime_get_ts64+0x86/0x230 [ 16.833494] kunit_try_run_case+0x1a5/0x480 [ 16.833523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.833550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.833578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.833606] ? __kthread_parkme+0x82/0x180 [ 16.833632] ? preempt_count_sub+0x50/0x80 [ 16.833660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.833690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.833717] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.833745] kthread+0x337/0x6f0 [ 16.833767] ? trace_preempt_on+0x20/0xc0 [ 16.833806] ? __pfx_kthread+0x10/0x10 [ 16.833832] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.833858] ? calculate_sigpending+0x7b/0xa0 [ 16.833887] ? __pfx_kthread+0x10/0x10 [ 16.833913] ret_from_fork+0x116/0x1d0 [ 16.833935] ? __pfx_kthread+0x10/0x10 [ 16.833959] ret_from_fork_asm+0x1a/0x30 [ 16.833996] </TASK> [ 16.834011] [ 16.843740] Allocated by task 283: [ 16.843916] kasan_save_stack+0x45/0x70 [ 16.844174] kasan_save_track+0x18/0x40 [ 16.844399] kasan_save_alloc_info+0x3b/0x50 [ 16.844646] __kasan_kmalloc+0xb7/0xc0 [ 16.844873] __kmalloc_cache_noprof+0x189/0x420 [ 16.845161] kasan_atomics+0x95/0x310 [ 16.845348] kunit_try_run_case+0x1a5/0x480 [ 16.845564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.845779] kthread+0x337/0x6f0 [ 16.845932] ret_from_fork+0x116/0x1d0 [ 16.846126] ret_from_fork_asm+0x1a/0x30 [ 16.846362] [ 16.846473] The buggy address belongs to the object at ffff88810392bb00 [ 16.846473] which belongs to the cache kmalloc-64 of size 64 [ 16.847130] The buggy address is located 0 bytes to the right of [ 16.847130] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.847618] [ 16.847704] The buggy address belongs to the physical page: [ 16.847914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.848321] flags: 0x200000000000000(node=0|zone=2) [ 16.848594] page_type: f5(slab) [ 16.848753] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.849031] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.849419] page dumped because: kasan: bad access detected [ 16.849719] [ 16.849845] Memory state around the buggy address: [ 16.850103] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.850704] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.850981] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.851255] ^ [ 16.851524] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.851899] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.852278] ================================================================== [ 17.663837] ================================================================== [ 17.664291] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 17.664679] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.664948] [ 17.665057] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.665110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.665137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.665166] Call Trace: [ 17.665191] <TASK> [ 17.665213] dump_stack_lvl+0x73/0xb0 [ 17.665253] print_report+0xd1/0x650 [ 17.665295] ? __virt_addr_valid+0x1db/0x2d0 [ 17.665325] ? kasan_atomics_helper+0x1eaa/0x5450 [ 17.665356] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.665398] ? kasan_atomics_helper+0x1eaa/0x5450 [ 17.665425] kasan_report+0x141/0x180 [ 17.665453] ? kasan_atomics_helper+0x1eaa/0x5450 [ 17.665485] kasan_check_range+0x10c/0x1c0 [ 17.665514] __kasan_check_write+0x18/0x20 [ 17.665542] kasan_atomics_helper+0x1eaa/0x5450 [ 17.665572] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.665611] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.665644] ? kasan_atomics+0x152/0x310 [ 17.665689] kasan_atomics+0x1dc/0x310 [ 17.665718] ? __pfx_kasan_atomics+0x10/0x10 [ 17.665749] ? __pfx_read_tsc+0x10/0x10 [ 17.665776] ? ktime_get_ts64+0x86/0x230 [ 17.665818] kunit_try_run_case+0x1a5/0x480 [ 17.665849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.665877] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.665908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.665936] ? __kthread_parkme+0x82/0x180 [ 17.665963] ? preempt_count_sub+0x50/0x80 [ 17.665993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.666022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.666050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.666079] kthread+0x337/0x6f0 [ 17.666116] ? trace_preempt_on+0x20/0xc0 [ 17.666145] ? __pfx_kthread+0x10/0x10 [ 17.666171] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.666196] ? calculate_sigpending+0x7b/0xa0 [ 17.666236] ? __pfx_kthread+0x10/0x10 [ 17.666262] ret_from_fork+0x116/0x1d0 [ 17.666285] ? __pfx_kthread+0x10/0x10 [ 17.666322] ret_from_fork_asm+0x1a/0x30 [ 17.666361] </TASK> [ 17.666377] [ 17.675802] Allocated by task 283: [ 17.676064] kasan_save_stack+0x45/0x70 [ 17.676301] kasan_save_track+0x18/0x40 [ 17.676523] kasan_save_alloc_info+0x3b/0x50 [ 17.676765] __kasan_kmalloc+0xb7/0xc0 [ 17.677225] __kmalloc_cache_noprof+0x189/0x420 [ 17.677490] kasan_atomics+0x95/0x310 [ 17.677683] kunit_try_run_case+0x1a5/0x480 [ 17.677951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.678237] kthread+0x337/0x6f0 [ 17.678387] ret_from_fork+0x116/0x1d0 [ 17.678544] ret_from_fork_asm+0x1a/0x30 [ 17.678708] [ 17.678826] The buggy address belongs to the object at ffff88810392bb00 [ 17.678826] which belongs to the cache kmalloc-64 of size 64 [ 17.679669] The buggy address is located 0 bytes to the right of [ 17.679669] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.680341] [ 17.680465] The buggy address belongs to the physical page: [ 17.680745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.681218] flags: 0x200000000000000(node=0|zone=2) [ 17.681481] page_type: f5(slab) [ 17.681681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.682073] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.682455] page dumped because: kasan: bad access detected [ 17.682657] [ 17.682743] Memory state around the buggy address: [ 17.682935] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.683348] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.683727] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.684094] ^ [ 17.684354] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.684948] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.685494] ================================================================== [ 17.774186] ================================================================== [ 17.774519] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 17.774921] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.775244] [ 17.775419] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.775473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.775506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.775535] Call Trace: [ 17.775558] <TASK> [ 17.775582] dump_stack_lvl+0x73/0xb0 [ 17.775619] print_report+0xd1/0x650 [ 17.775649] ? __virt_addr_valid+0x1db/0x2d0 [ 17.775678] ? kasan_atomics_helper+0x4f98/0x5450 [ 17.775704] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.775732] ? kasan_atomics_helper+0x4f98/0x5450 [ 17.775760] kasan_report+0x141/0x180 [ 17.775801] ? kasan_atomics_helper+0x4f98/0x5450 [ 17.775833] __asan_report_load8_noabort+0x18/0x20 [ 17.775863] kasan_atomics_helper+0x4f98/0x5450 [ 17.775891] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.775917] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.775950] ? kasan_atomics+0x152/0x310 [ 17.775982] kasan_atomics+0x1dc/0x310 [ 17.776010] ? __pfx_kasan_atomics+0x10/0x10 [ 17.776040] ? __pfx_read_tsc+0x10/0x10 [ 17.776067] ? ktime_get_ts64+0x86/0x230 [ 17.776111] kunit_try_run_case+0x1a5/0x480 [ 17.776141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.776168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.776197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.776226] ? __kthread_parkme+0x82/0x180 [ 17.776252] ? preempt_count_sub+0x50/0x80 [ 17.776281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.776310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.776337] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.776365] kthread+0x337/0x6f0 [ 17.776390] ? trace_preempt_on+0x20/0xc0 [ 17.776418] ? __pfx_kthread+0x10/0x10 [ 17.776444] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.776470] ? calculate_sigpending+0x7b/0xa0 [ 17.776499] ? __pfx_kthread+0x10/0x10 [ 17.776526] ret_from_fork+0x116/0x1d0 [ 17.776550] ? __pfx_kthread+0x10/0x10 [ 17.776576] ret_from_fork_asm+0x1a/0x30 [ 17.776613] </TASK> [ 17.776629] [ 17.788127] Allocated by task 283: [ 17.788359] kasan_save_stack+0x45/0x70 [ 17.788594] kasan_save_track+0x18/0x40 [ 17.788814] kasan_save_alloc_info+0x3b/0x50 [ 17.789068] __kasan_kmalloc+0xb7/0xc0 [ 17.789660] __kmalloc_cache_noprof+0x189/0x420 [ 17.789924] kasan_atomics+0x95/0x310 [ 17.790285] kunit_try_run_case+0x1a5/0x480 [ 17.790618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.790885] kthread+0x337/0x6f0 [ 17.791331] ret_from_fork+0x116/0x1d0 [ 17.791639] ret_from_fork_asm+0x1a/0x30 [ 17.791839] [ 17.791940] The buggy address belongs to the object at ffff88810392bb00 [ 17.791940] which belongs to the cache kmalloc-64 of size 64 [ 17.792875] The buggy address is located 0 bytes to the right of [ 17.792875] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.793817] [ 17.794017] The buggy address belongs to the physical page: [ 17.794367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.794846] flags: 0x200000000000000(node=0|zone=2) [ 17.795236] page_type: f5(slab) [ 17.795435] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.795825] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.796405] page dumped because: kasan: bad access detected [ 17.796643] [ 17.796730] Memory state around the buggy address: [ 17.796979] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.797726] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.798020] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.798274] ^ [ 17.798454] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.798702] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.798960] ================================================================== [ 16.753592] ================================================================== [ 16.754026] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 16.754541] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.754893] [ 16.754998] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.755049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.755065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.755112] Call Trace: [ 16.755132] <TASK> [ 16.755153] dump_stack_lvl+0x73/0xb0 [ 16.755187] print_report+0xd1/0x650 [ 16.755213] ? __virt_addr_valid+0x1db/0x2d0 [ 16.755241] ? kasan_atomics_helper+0xb6a/0x5450 [ 16.755266] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.755294] ? kasan_atomics_helper+0xb6a/0x5450 [ 16.755319] kasan_report+0x141/0x180 [ 16.755346] ? kasan_atomics_helper+0xb6a/0x5450 [ 16.755379] kasan_check_range+0x10c/0x1c0 [ 16.755413] __kasan_check_write+0x18/0x20 [ 16.755438] kasan_atomics_helper+0xb6a/0x5450 [ 16.755465] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.755491] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.755521] ? kasan_atomics+0x152/0x310 [ 16.755554] kasan_atomics+0x1dc/0x310 [ 16.755580] ? __pfx_kasan_atomics+0x10/0x10 [ 16.755610] ? __pfx_read_tsc+0x10/0x10 [ 16.755637] ? ktime_get_ts64+0x86/0x230 [ 16.755666] kunit_try_run_case+0x1a5/0x480 [ 16.755695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.755721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.755749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.755777] ? __kthread_parkme+0x82/0x180 [ 16.755815] ? preempt_count_sub+0x50/0x80 [ 16.755843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.755872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.755899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.755927] kthread+0x337/0x6f0 [ 16.755951] ? trace_preempt_on+0x20/0xc0 [ 16.755980] ? __pfx_kthread+0x10/0x10 [ 16.756005] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.756030] ? calculate_sigpending+0x7b/0xa0 [ 16.756059] ? __pfx_kthread+0x10/0x10 [ 16.756085] ret_from_fork+0x116/0x1d0 [ 16.756121] ? __pfx_kthread+0x10/0x10 [ 16.756146] ret_from_fork_asm+0x1a/0x30 [ 16.756182] </TASK> [ 16.756198] [ 16.764620] Allocated by task 283: [ 16.764802] kasan_save_stack+0x45/0x70 [ 16.765034] kasan_save_track+0x18/0x40 [ 16.765510] kasan_save_alloc_info+0x3b/0x50 [ 16.765758] __kasan_kmalloc+0xb7/0xc0 [ 16.765991] __kmalloc_cache_noprof+0x189/0x420 [ 16.766266] kasan_atomics+0x95/0x310 [ 16.766425] kunit_try_run_case+0x1a5/0x480 [ 16.766598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.766812] kthread+0x337/0x6f0 [ 16.766979] ret_from_fork+0x116/0x1d0 [ 16.767255] ret_from_fork_asm+0x1a/0x30 [ 16.767488] [ 16.767602] The buggy address belongs to the object at ffff88810392bb00 [ 16.767602] which belongs to the cache kmalloc-64 of size 64 [ 16.768418] The buggy address is located 0 bytes to the right of [ 16.768418] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.769013] [ 16.769122] The buggy address belongs to the physical page: [ 16.769416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.769697] flags: 0x200000000000000(node=0|zone=2) [ 16.769903] page_type: f5(slab) [ 16.770047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.770439] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.770873] page dumped because: kasan: bad access detected [ 16.771263] [ 16.771375] Memory state around the buggy address: [ 16.771606] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.771867] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.772121] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.772813] ^ [ 16.773078] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.773454] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.773805] ================================================================== [ 17.295675] ================================================================== [ 17.296001] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 17.296509] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.296939] [ 17.297133] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.297187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.297203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.297231] Call Trace: [ 17.297253] <TASK> [ 17.297275] dump_stack_lvl+0x73/0xb0 [ 17.297311] print_report+0xd1/0x650 [ 17.297343] ? __virt_addr_valid+0x1db/0x2d0 [ 17.297371] ? kasan_atomics_helper+0x15b6/0x5450 [ 17.297397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.297423] ? kasan_atomics_helper+0x15b6/0x5450 [ 17.297450] kasan_report+0x141/0x180 [ 17.297477] ? kasan_atomics_helper+0x15b6/0x5450 [ 17.297508] kasan_check_range+0x10c/0x1c0 [ 17.297536] __kasan_check_write+0x18/0x20 [ 17.297562] kasan_atomics_helper+0x15b6/0x5450 [ 17.297634] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.297690] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.297721] ? kasan_atomics+0x152/0x310 [ 17.297781] kasan_atomics+0x1dc/0x310 [ 17.297821] ? __pfx_kasan_atomics+0x10/0x10 [ 17.297851] ? __pfx_read_tsc+0x10/0x10 [ 17.297877] ? ktime_get_ts64+0x86/0x230 [ 17.297907] kunit_try_run_case+0x1a5/0x480 [ 17.297936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.297962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.297993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.298021] ? __kthread_parkme+0x82/0x180 [ 17.298047] ? preempt_count_sub+0x50/0x80 [ 17.298099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.298129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.298156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.298185] kthread+0x337/0x6f0 [ 17.298208] ? trace_preempt_on+0x20/0xc0 [ 17.298236] ? __pfx_kthread+0x10/0x10 [ 17.298262] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.298288] ? calculate_sigpending+0x7b/0xa0 [ 17.298316] ? __pfx_kthread+0x10/0x10 [ 17.298342] ret_from_fork+0x116/0x1d0 [ 17.298365] ? __pfx_kthread+0x10/0x10 [ 17.298390] ret_from_fork_asm+0x1a/0x30 [ 17.298427] </TASK> [ 17.298443] [ 17.308042] Allocated by task 283: [ 17.308341] kasan_save_stack+0x45/0x70 [ 17.308566] kasan_save_track+0x18/0x40 [ 17.308813] kasan_save_alloc_info+0x3b/0x50 [ 17.309099] __kasan_kmalloc+0xb7/0xc0 [ 17.309317] __kmalloc_cache_noprof+0x189/0x420 [ 17.309598] kasan_atomics+0x95/0x310 [ 17.309890] kunit_try_run_case+0x1a5/0x480 [ 17.310183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.310499] kthread+0x337/0x6f0 [ 17.310686] ret_from_fork+0x116/0x1d0 [ 17.310988] ret_from_fork_asm+0x1a/0x30 [ 17.311283] [ 17.311391] The buggy address belongs to the object at ffff88810392bb00 [ 17.311391] which belongs to the cache kmalloc-64 of size 64 [ 17.312028] The buggy address is located 0 bytes to the right of [ 17.312028] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.312683] [ 17.312814] The buggy address belongs to the physical page: [ 17.313139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.313606] flags: 0x200000000000000(node=0|zone=2) [ 17.313903] page_type: f5(slab) [ 17.314155] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.314579] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.314952] page dumped because: kasan: bad access detected [ 17.315266] [ 17.315370] Memory state around the buggy address: [ 17.315652] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.315941] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.316278] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.316730] ^ [ 17.317029] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.317440] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.317852] ================================================================== [ 16.710885] ================================================================== [ 16.711577] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 16.711946] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.712467] [ 16.712579] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.712631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.712848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.712880] Call Trace: [ 16.712965] <TASK> [ 16.712987] dump_stack_lvl+0x73/0xb0 [ 16.713025] print_report+0xd1/0x650 [ 16.713052] ? __virt_addr_valid+0x1db/0x2d0 [ 16.713081] ? kasan_atomics_helper+0xa2b/0x5450 [ 16.713118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.713145] ? kasan_atomics_helper+0xa2b/0x5450 [ 16.713171] kasan_report+0x141/0x180 [ 16.713197] ? kasan_atomics_helper+0xa2b/0x5450 [ 16.713229] kasan_check_range+0x10c/0x1c0 [ 16.713257] __kasan_check_write+0x18/0x20 [ 16.713281] kasan_atomics_helper+0xa2b/0x5450 [ 16.713307] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.713339] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.713370] ? kasan_atomics+0x152/0x310 [ 16.713401] kasan_atomics+0x1dc/0x310 [ 16.713429] ? __pfx_kasan_atomics+0x10/0x10 [ 16.713458] ? __pfx_read_tsc+0x10/0x10 [ 16.713484] ? ktime_get_ts64+0x86/0x230 [ 16.713513] kunit_try_run_case+0x1a5/0x480 [ 16.713541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.713566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.713596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.713623] ? __kthread_parkme+0x82/0x180 [ 16.713648] ? preempt_count_sub+0x50/0x80 [ 16.713677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.713704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.713731] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.713759] kthread+0x337/0x6f0 [ 16.713784] ? trace_preempt_on+0x20/0xc0 [ 16.713825] ? __pfx_kthread+0x10/0x10 [ 16.713850] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.713875] ? calculate_sigpending+0x7b/0xa0 [ 16.713903] ? __pfx_kthread+0x10/0x10 [ 16.713929] ret_from_fork+0x116/0x1d0 [ 16.713952] ? __pfx_kthread+0x10/0x10 [ 16.713977] ret_from_fork_asm+0x1a/0x30 [ 16.714014] </TASK> [ 16.714030] [ 16.723700] Allocated by task 283: [ 16.724019] kasan_save_stack+0x45/0x70 [ 16.724322] kasan_save_track+0x18/0x40 [ 16.724477] kasan_save_alloc_info+0x3b/0x50 [ 16.724645] __kasan_kmalloc+0xb7/0xc0 [ 16.724831] __kmalloc_cache_noprof+0x189/0x420 [ 16.725098] kasan_atomics+0x95/0x310 [ 16.725319] kunit_try_run_case+0x1a5/0x480 [ 16.725565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.725873] kthread+0x337/0x6f0 [ 16.726053] ret_from_fork+0x116/0x1d0 [ 16.726240] ret_from_fork_asm+0x1a/0x30 [ 16.726417] [ 16.726532] The buggy address belongs to the object at ffff88810392bb00 [ 16.726532] which belongs to the cache kmalloc-64 of size 64 [ 16.727194] The buggy address is located 0 bytes to the right of [ 16.727194] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.727735] [ 16.727861] The buggy address belongs to the physical page: [ 16.728082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.728497] flags: 0x200000000000000(node=0|zone=2) [ 16.728732] page_type: f5(slab) [ 16.728936] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.729223] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.729569] page dumped because: kasan: bad access detected [ 16.729940] [ 16.730052] Memory state around the buggy address: [ 16.730242] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.730500] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.730880] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.731391] ^ [ 16.731588] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.731849] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.732223] ================================================================== [ 16.503295] ================================================================== [ 16.503683] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 16.504154] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.504654] [ 16.504843] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.504898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.504915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.504944] Call Trace: [ 16.504962] <TASK> [ 16.505016] dump_stack_lvl+0x73/0xb0 [ 16.505053] print_report+0xd1/0x650 [ 16.505081] ? __virt_addr_valid+0x1db/0x2d0 [ 16.505109] ? kasan_atomics_helper+0x565/0x5450 [ 16.505147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.505175] ? kasan_atomics_helper+0x565/0x5450 [ 16.505238] kasan_report+0x141/0x180 [ 16.505266] ? kasan_atomics_helper+0x565/0x5450 [ 16.505298] kasan_check_range+0x10c/0x1c0 [ 16.505328] __kasan_check_write+0x18/0x20 [ 16.505371] kasan_atomics_helper+0x565/0x5450 [ 16.505399] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.505426] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.505457] ? kasan_atomics+0x152/0x310 [ 16.505492] kasan_atomics+0x1dc/0x310 [ 16.505559] ? __pfx_kasan_atomics+0x10/0x10 [ 16.505590] ? __pfx_read_tsc+0x10/0x10 [ 16.505617] ? ktime_get_ts64+0x86/0x230 [ 16.505646] kunit_try_run_case+0x1a5/0x480 [ 16.505676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.505704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.505770] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.505808] ? __kthread_parkme+0x82/0x180 [ 16.505833] ? preempt_count_sub+0x50/0x80 [ 16.505862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.505925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.505954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.505982] kthread+0x337/0x6f0 [ 16.506007] ? trace_preempt_on+0x20/0xc0 [ 16.506070] ? __pfx_kthread+0x10/0x10 [ 16.506097] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.506124] ? calculate_sigpending+0x7b/0xa0 [ 16.506167] ? __pfx_kthread+0x10/0x10 [ 16.506194] ret_from_fork+0x116/0x1d0 [ 16.506217] ? __pfx_kthread+0x10/0x10 [ 16.506242] ret_from_fork_asm+0x1a/0x30 [ 16.506314] </TASK> [ 16.506332] [ 16.515850] Allocated by task 283: [ 16.516072] kasan_save_stack+0x45/0x70 [ 16.516444] kasan_save_track+0x18/0x40 [ 16.516641] kasan_save_alloc_info+0x3b/0x50 [ 16.516897] __kasan_kmalloc+0xb7/0xc0 [ 16.517054] __kmalloc_cache_noprof+0x189/0x420 [ 16.517237] kasan_atomics+0x95/0x310 [ 16.517408] kunit_try_run_case+0x1a5/0x480 [ 16.517582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.517784] kthread+0x337/0x6f0 [ 16.518041] ret_from_fork+0x116/0x1d0 [ 16.518454] ret_from_fork_asm+0x1a/0x30 [ 16.518682] [ 16.518803] The buggy address belongs to the object at ffff88810392bb00 [ 16.518803] which belongs to the cache kmalloc-64 of size 64 [ 16.519857] The buggy address is located 0 bytes to the right of [ 16.519857] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.520629] [ 16.520716] The buggy address belongs to the physical page: [ 16.520923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.521261] flags: 0x200000000000000(node=0|zone=2) [ 16.521573] page_type: f5(slab) [ 16.521796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.522385] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.522768] page dumped because: kasan: bad access detected [ 16.523037] [ 16.523120] Memory state around the buggy address: [ 16.523300] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.523540] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.524200] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.525656] ^ [ 16.525954] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.526979] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.527621] ================================================================== [ 17.746554] ================================================================== [ 17.746900] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 17.747624] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.747997] [ 17.748135] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.748192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.748209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.748238] Call Trace: [ 17.748260] <TASK> [ 17.748281] dump_stack_lvl+0x73/0xb0 [ 17.748319] print_report+0xd1/0x650 [ 17.748349] ? __virt_addr_valid+0x1db/0x2d0 [ 17.748377] ? kasan_atomics_helper+0x2006/0x5450 [ 17.748403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.748430] ? kasan_atomics_helper+0x2006/0x5450 [ 17.748456] kasan_report+0x141/0x180 [ 17.748482] ? kasan_atomics_helper+0x2006/0x5450 [ 17.748515] kasan_check_range+0x10c/0x1c0 [ 17.748544] __kasan_check_write+0x18/0x20 [ 17.748567] kasan_atomics_helper+0x2006/0x5450 [ 17.748595] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.748621] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.748652] ? kasan_atomics+0x152/0x310 [ 17.748684] kasan_atomics+0x1dc/0x310 [ 17.748713] ? __pfx_kasan_atomics+0x10/0x10 [ 17.748741] ? __pfx_read_tsc+0x10/0x10 [ 17.748767] ? ktime_get_ts64+0x86/0x230 [ 17.748810] kunit_try_run_case+0x1a5/0x480 [ 17.748839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.748865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.748894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.748921] ? __kthread_parkme+0x82/0x180 [ 17.748948] ? preempt_count_sub+0x50/0x80 [ 17.748977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.749006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.749033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.749061] kthread+0x337/0x6f0 [ 17.749103] ? trace_preempt_on+0x20/0xc0 [ 17.749133] ? __pfx_kthread+0x10/0x10 [ 17.749158] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.749184] ? calculate_sigpending+0x7b/0xa0 [ 17.749214] ? __pfx_kthread+0x10/0x10 [ 17.749240] ret_from_fork+0x116/0x1d0 [ 17.749262] ? __pfx_kthread+0x10/0x10 [ 17.749288] ret_from_fork_asm+0x1a/0x30 [ 17.749325] </TASK> [ 17.749347] [ 17.762239] Allocated by task 283: [ 17.762621] kasan_save_stack+0x45/0x70 [ 17.763039] kasan_save_track+0x18/0x40 [ 17.763472] kasan_save_alloc_info+0x3b/0x50 [ 17.763996] __kasan_kmalloc+0xb7/0xc0 [ 17.764479] __kmalloc_cache_noprof+0x189/0x420 [ 17.764944] kasan_atomics+0x95/0x310 [ 17.765410] kunit_try_run_case+0x1a5/0x480 [ 17.765831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.766034] kthread+0x337/0x6f0 [ 17.766263] ret_from_fork+0x116/0x1d0 [ 17.766657] ret_from_fork_asm+0x1a/0x30 [ 17.767078] [ 17.767273] The buggy address belongs to the object at ffff88810392bb00 [ 17.767273] which belongs to the cache kmalloc-64 of size 64 [ 17.768249] The buggy address is located 0 bytes to the right of [ 17.768249] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.768663] [ 17.768748] The buggy address belongs to the physical page: [ 17.768971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.769438] flags: 0x200000000000000(node=0|zone=2) [ 17.769673] page_type: f5(slab) [ 17.769885] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.770203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.770573] page dumped because: kasan: bad access detected [ 17.770924] [ 17.771022] Memory state around the buggy address: [ 17.771340] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.771670] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.772029] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.772341] ^ [ 17.772531] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.772890] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.773138] ================================================================== [ 16.652055] ================================================================== [ 16.652359] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 16.652635] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.652909] [ 16.653018] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.653073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.653089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.653117] Call Trace: [ 16.653142] <TASK> [ 16.653164] dump_stack_lvl+0x73/0xb0 [ 16.653201] print_report+0xd1/0x650 [ 16.653229] ? __virt_addr_valid+0x1db/0x2d0 [ 16.653256] ? kasan_atomics_helper+0x8f9/0x5450 [ 16.653281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.653308] ? kasan_atomics_helper+0x8f9/0x5450 [ 16.653339] kasan_report+0x141/0x180 [ 16.653366] ? kasan_atomics_helper+0x8f9/0x5450 [ 16.653397] kasan_check_range+0x10c/0x1c0 [ 16.653425] __kasan_check_write+0x18/0x20 [ 16.653448] kasan_atomics_helper+0x8f9/0x5450 [ 16.653475] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.653503] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.653534] ? kasan_atomics+0x152/0x310 [ 16.653566] kasan_atomics+0x1dc/0x310 [ 16.653593] ? __pfx_kasan_atomics+0x10/0x10 [ 16.653622] ? __pfx_read_tsc+0x10/0x10 [ 16.653650] ? ktime_get_ts64+0x86/0x230 [ 16.653680] kunit_try_run_case+0x1a5/0x480 [ 16.653709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.653738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.653769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.656139] ? __kthread_parkme+0x82/0x180 [ 16.656188] ? preempt_count_sub+0x50/0x80 [ 16.656220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.656253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.656283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.656313] kthread+0x337/0x6f0 [ 16.656340] ? trace_preempt_on+0x20/0xc0 [ 16.656370] ? __pfx_kthread+0x10/0x10 [ 16.656396] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.656424] ? calculate_sigpending+0x7b/0xa0 [ 16.656453] ? __pfx_kthread+0x10/0x10 [ 16.656480] ret_from_fork+0x116/0x1d0 [ 16.656506] ? __pfx_kthread+0x10/0x10 [ 16.656533] ret_from_fork_asm+0x1a/0x30 [ 16.656572] </TASK> [ 16.656589] [ 16.671633] Allocated by task 283: [ 16.671869] kasan_save_stack+0x45/0x70 [ 16.672419] kasan_save_track+0x18/0x40 [ 16.672676] kasan_save_alloc_info+0x3b/0x50 [ 16.673326] __kasan_kmalloc+0xb7/0xc0 [ 16.673554] __kmalloc_cache_noprof+0x189/0x420 [ 16.673837] kasan_atomics+0x95/0x310 [ 16.674031] kunit_try_run_case+0x1a5/0x480 [ 16.674207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.674533] kthread+0x337/0x6f0 [ 16.674712] ret_from_fork+0x116/0x1d0 [ 16.674962] ret_from_fork_asm+0x1a/0x30 [ 16.675220] [ 16.675306] The buggy address belongs to the object at ffff88810392bb00 [ 16.675306] which belongs to the cache kmalloc-64 of size 64 [ 16.675858] The buggy address is located 0 bytes to the right of [ 16.675858] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.676450] [ 16.676536] The buggy address belongs to the physical page: [ 16.676990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.677526] flags: 0x200000000000000(node=0|zone=2) [ 16.677782] page_type: f5(slab) [ 16.677984] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.678750] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.679293] page dumped because: kasan: bad access detected [ 16.679655] [ 16.679748] Memory state around the buggy address: [ 16.680191] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.680641] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.681223] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.682005] ^ [ 16.682539] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.683191] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.683441] ================================================================== [ 17.424817] ================================================================== [ 17.425377] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 17.425749] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.426067] [ 17.426194] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.426245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.426263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.426291] Call Trace: [ 17.426312] <TASK> [ 17.426333] dump_stack_lvl+0x73/0xb0 [ 17.426366] print_report+0xd1/0x650 [ 17.426395] ? __virt_addr_valid+0x1db/0x2d0 [ 17.426423] ? kasan_atomics_helper+0x194a/0x5450 [ 17.426449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.426478] ? kasan_atomics_helper+0x194a/0x5450 [ 17.426508] kasan_report+0x141/0x180 [ 17.426536] ? kasan_atomics_helper+0x194a/0x5450 [ 17.426566] kasan_check_range+0x10c/0x1c0 [ 17.426596] __kasan_check_write+0x18/0x20 [ 17.426619] kasan_atomics_helper+0x194a/0x5450 [ 17.426647] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.426673] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.426704] ? kasan_atomics+0x152/0x310 [ 17.426737] kasan_atomics+0x1dc/0x310 [ 17.426764] ? __pfx_kasan_atomics+0x10/0x10 [ 17.426806] ? __pfx_read_tsc+0x10/0x10 [ 17.426832] ? ktime_get_ts64+0x86/0x230 [ 17.426862] kunit_try_run_case+0x1a5/0x480 [ 17.426891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.426919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.426947] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.426977] ? __kthread_parkme+0x82/0x180 [ 17.427002] ? preempt_count_sub+0x50/0x80 [ 17.427031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.427058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.427109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.427138] kthread+0x337/0x6f0 [ 17.427161] ? trace_preempt_on+0x20/0xc0 [ 17.427190] ? __pfx_kthread+0x10/0x10 [ 17.427215] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.427241] ? calculate_sigpending+0x7b/0xa0 [ 17.427269] ? __pfx_kthread+0x10/0x10 [ 17.427295] ret_from_fork+0x116/0x1d0 [ 17.427318] ? __pfx_kthread+0x10/0x10 [ 17.427344] ret_from_fork_asm+0x1a/0x30 [ 17.427380] </TASK> [ 17.427395] [ 17.443527] Allocated by task 283: [ 17.443829] kasan_save_stack+0x45/0x70 [ 17.444088] kasan_save_track+0x18/0x40 [ 17.444508] kasan_save_alloc_info+0x3b/0x50 [ 17.444816] __kasan_kmalloc+0xb7/0xc0 [ 17.445248] __kmalloc_cache_noprof+0x189/0x420 [ 17.445642] kasan_atomics+0x95/0x310 [ 17.445893] kunit_try_run_case+0x1a5/0x480 [ 17.446344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.446758] kthread+0x337/0x6f0 [ 17.446965] ret_from_fork+0x116/0x1d0 [ 17.447584] ret_from_fork_asm+0x1a/0x30 [ 17.447840] [ 17.447936] The buggy address belongs to the object at ffff88810392bb00 [ 17.447936] which belongs to the cache kmalloc-64 of size 64 [ 17.449004] The buggy address is located 0 bytes to the right of [ 17.449004] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.449785] [ 17.450035] The buggy address belongs to the physical page: [ 17.450494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.451000] flags: 0x200000000000000(node=0|zone=2) [ 17.451372] page_type: f5(slab) [ 17.451659] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.452081] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.452457] page dumped because: kasan: bad access detected [ 17.452748] [ 17.452861] Memory state around the buggy address: [ 17.453540] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.453892] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.454484] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.454932] ^ [ 17.455384] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.455874] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.456405] ================================================================== [ 16.455509] ================================================================== [ 16.455844] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 16.456740] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.457512] [ 16.457671] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.457859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.457882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.457912] Call Trace: [ 16.457936] <TASK> [ 16.457961] dump_stack_lvl+0x73/0xb0 [ 16.458002] print_report+0xd1/0x650 [ 16.458031] ? __virt_addr_valid+0x1db/0x2d0 [ 16.458060] ? kasan_atomics_helper+0x4a0/0x5450 [ 16.458087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.458115] ? kasan_atomics_helper+0x4a0/0x5450 [ 16.458141] kasan_report+0x141/0x180 [ 16.458169] ? kasan_atomics_helper+0x4a0/0x5450 [ 16.458201] kasan_check_range+0x10c/0x1c0 [ 16.458232] __kasan_check_write+0x18/0x20 [ 16.458255] kasan_atomics_helper+0x4a0/0x5450 [ 16.458311] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.458338] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.458370] ? kasan_atomics+0x152/0x310 [ 16.458404] kasan_atomics+0x1dc/0x310 [ 16.458431] ? __pfx_kasan_atomics+0x10/0x10 [ 16.458461] ? __pfx_read_tsc+0x10/0x10 [ 16.458486] ? ktime_get_ts64+0x86/0x230 [ 16.458516] kunit_try_run_case+0x1a5/0x480 [ 16.458546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.458572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.458601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.458629] ? __kthread_parkme+0x82/0x180 [ 16.458655] ? preempt_count_sub+0x50/0x80 [ 16.458684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.458714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.458742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.458770] kthread+0x337/0x6f0 [ 16.458809] ? trace_preempt_on+0x20/0xc0 [ 16.458839] ? __pfx_kthread+0x10/0x10 [ 16.458865] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.458890] ? calculate_sigpending+0x7b/0xa0 [ 16.458919] ? __pfx_kthread+0x10/0x10 [ 16.458945] ret_from_fork+0x116/0x1d0 [ 16.458969] ? __pfx_kthread+0x10/0x10 [ 16.458994] ret_from_fork_asm+0x1a/0x30 [ 16.459031] </TASK> [ 16.459045] [ 16.469474] Allocated by task 283: [ 16.469694] kasan_save_stack+0x45/0x70 [ 16.469941] kasan_save_track+0x18/0x40 [ 16.470160] kasan_save_alloc_info+0x3b/0x50 [ 16.470483] __kasan_kmalloc+0xb7/0xc0 [ 16.470676] __kmalloc_cache_noprof+0x189/0x420 [ 16.470935] kasan_atomics+0x95/0x310 [ 16.471133] kunit_try_run_case+0x1a5/0x480 [ 16.471396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.471593] kthread+0x337/0x6f0 [ 16.471730] ret_from_fork+0x116/0x1d0 [ 16.471910] ret_from_fork_asm+0x1a/0x30 [ 16.472195] [ 16.472369] The buggy address belongs to the object at ffff88810392bb00 [ 16.472369] which belongs to the cache kmalloc-64 of size 64 [ 16.473018] The buggy address is located 0 bytes to the right of [ 16.473018] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.473745] [ 16.473854] The buggy address belongs to the physical page: [ 16.474185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.474635] flags: 0x200000000000000(node=0|zone=2) [ 16.475045] page_type: f5(slab) [ 16.475449] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.475848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.476358] page dumped because: kasan: bad access detected [ 16.476551] [ 16.476633] Memory state around the buggy address: [ 16.476819] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.477067] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.477505] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.477886] ^ [ 16.478280] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.478651] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.479028] ================================================================== [ 17.272952] ================================================================== [ 17.273825] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 17.274131] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.274521] [ 17.274707] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.274765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.274784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.274862] Call Trace: [ 17.274887] <TASK> [ 17.274911] dump_stack_lvl+0x73/0xb0 [ 17.274949] print_report+0xd1/0x650 [ 17.274977] ? __virt_addr_valid+0x1db/0x2d0 [ 17.275042] ? kasan_atomics_helper+0x151d/0x5450 [ 17.275068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.275111] ? kasan_atomics_helper+0x151d/0x5450 [ 17.275138] kasan_report+0x141/0x180 [ 17.275200] ? kasan_atomics_helper+0x151d/0x5450 [ 17.275233] kasan_check_range+0x10c/0x1c0 [ 17.275333] __kasan_check_write+0x18/0x20 [ 17.275362] kasan_atomics_helper+0x151d/0x5450 [ 17.275391] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.275418] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.275450] ? kasan_atomics+0x152/0x310 [ 17.275528] kasan_atomics+0x1dc/0x310 [ 17.275557] ? __pfx_kasan_atomics+0x10/0x10 [ 17.275588] ? __pfx_read_tsc+0x10/0x10 [ 17.275614] ? ktime_get_ts64+0x86/0x230 [ 17.275681] kunit_try_run_case+0x1a5/0x480 [ 17.275712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.275739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.275768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.275809] ? __kthread_parkme+0x82/0x180 [ 17.275836] ? preempt_count_sub+0x50/0x80 [ 17.275866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.275896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.275924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.275953] kthread+0x337/0x6f0 [ 17.275977] ? trace_preempt_on+0x20/0xc0 [ 17.276007] ? __pfx_kthread+0x10/0x10 [ 17.276032] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.276059] ? calculate_sigpending+0x7b/0xa0 [ 17.276089] ? __pfx_kthread+0x10/0x10 [ 17.276128] ret_from_fork+0x116/0x1d0 [ 17.276153] ? __pfx_kthread+0x10/0x10 [ 17.276178] ret_from_fork_asm+0x1a/0x30 [ 17.276216] </TASK> [ 17.276231] [ 17.285386] Allocated by task 283: [ 17.285617] kasan_save_stack+0x45/0x70 [ 17.285876] kasan_save_track+0x18/0x40 [ 17.286159] kasan_save_alloc_info+0x3b/0x50 [ 17.286431] __kasan_kmalloc+0xb7/0xc0 [ 17.286660] __kmalloc_cache_noprof+0x189/0x420 [ 17.286966] kasan_atomics+0x95/0x310 [ 17.287313] kunit_try_run_case+0x1a5/0x480 [ 17.287565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.287877] kthread+0x337/0x6f0 [ 17.288094] ret_from_fork+0x116/0x1d0 [ 17.288312] ret_from_fork_asm+0x1a/0x30 [ 17.288536] [ 17.288652] The buggy address belongs to the object at ffff88810392bb00 [ 17.288652] which belongs to the cache kmalloc-64 of size 64 [ 17.289192] The buggy address is located 0 bytes to the right of [ 17.289192] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.289882] [ 17.290002] The buggy address belongs to the physical page: [ 17.290357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.290706] flags: 0x200000000000000(node=0|zone=2) [ 17.290911] page_type: f5(slab) [ 17.291184] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.291586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.291957] page dumped because: kasan: bad access detected [ 17.292193] [ 17.292343] Memory state around the buggy address: [ 17.292606] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.292996] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.293431] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.293806] ^ [ 17.294013] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.294347] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.294715] ================================================================== [ 16.395651] ================================================================== [ 16.396014] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 16.396302] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.396557] [ 16.396691] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.396743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.396759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.397692] Call Trace: [ 16.397726] <TASK> [ 16.397748] dump_stack_lvl+0x73/0xb0 [ 16.397804] print_report+0xd1/0x650 [ 16.397833] ? __virt_addr_valid+0x1db/0x2d0 [ 16.397861] ? kasan_atomics_helper+0x3df/0x5450 [ 16.397885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.397912] ? kasan_atomics_helper+0x3df/0x5450 [ 16.397937] kasan_report+0x141/0x180 [ 16.397964] ? kasan_atomics_helper+0x3df/0x5450 [ 16.397994] kasan_check_range+0x10c/0x1c0 [ 16.398022] __kasan_check_read+0x15/0x20 [ 16.398044] kasan_atomics_helper+0x3df/0x5450 [ 16.398071] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.398097] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.398127] ? kasan_atomics+0x152/0x310 [ 16.398158] kasan_atomics+0x1dc/0x310 [ 16.398184] ? __pfx_kasan_atomics+0x10/0x10 [ 16.398213] ? __pfx_read_tsc+0x10/0x10 [ 16.398239] ? ktime_get_ts64+0x86/0x230 [ 16.398267] kunit_try_run_case+0x1a5/0x480 [ 16.398294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.398322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.398350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.398377] ? __kthread_parkme+0x82/0x180 [ 16.398403] ? preempt_count_sub+0x50/0x80 [ 16.398467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.398496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.398523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.398552] kthread+0x337/0x6f0 [ 16.398576] ? trace_preempt_on+0x20/0xc0 [ 16.398605] ? __pfx_kthread+0x10/0x10 [ 16.398631] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.398657] ? calculate_sigpending+0x7b/0xa0 [ 16.398686] ? __pfx_kthread+0x10/0x10 [ 16.398711] ret_from_fork+0x116/0x1d0 [ 16.398735] ? __pfx_kthread+0x10/0x10 [ 16.398760] ret_from_fork_asm+0x1a/0x30 [ 16.398807] </TASK> [ 16.398823] [ 16.411813] Allocated by task 283: [ 16.412037] kasan_save_stack+0x45/0x70 [ 16.412482] kasan_save_track+0x18/0x40 [ 16.413018] kasan_save_alloc_info+0x3b/0x50 [ 16.413587] __kasan_kmalloc+0xb7/0xc0 [ 16.413873] __kmalloc_cache_noprof+0x189/0x420 [ 16.414512] kasan_atomics+0x95/0x310 [ 16.414779] kunit_try_run_case+0x1a5/0x480 [ 16.415344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.415617] kthread+0x337/0x6f0 [ 16.415812] ret_from_fork+0x116/0x1d0 [ 16.416018] ret_from_fork_asm+0x1a/0x30 [ 16.416668] [ 16.416943] The buggy address belongs to the object at ffff88810392bb00 [ 16.416943] which belongs to the cache kmalloc-64 of size 64 [ 16.417961] The buggy address is located 0 bytes to the right of [ 16.417961] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.419058] [ 16.419180] The buggy address belongs to the physical page: [ 16.419662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.420323] flags: 0x200000000000000(node=0|zone=2) [ 16.420598] page_type: f5(slab) [ 16.420784] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.421103] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.421572] page dumped because: kasan: bad access detected [ 16.421847] [ 16.421934] Memory state around the buggy address: [ 16.422175] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.422920] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.423351] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.423815] ^ [ 16.424053] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.424559] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.424896] ================================================================== [ 17.405250] ================================================================== [ 17.405661] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 17.406027] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.406433] [ 17.406569] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.406623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.406639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.406667] Call Trace: [ 17.406688] <TASK> [ 17.406708] dump_stack_lvl+0x73/0xb0 [ 17.406744] print_report+0xd1/0x650 [ 17.406772] ? __virt_addr_valid+0x1db/0x2d0 [ 17.406812] ? kasan_atomics_helper+0x18b1/0x5450 [ 17.406839] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.406865] ? kasan_atomics_helper+0x18b1/0x5450 [ 17.406892] kasan_report+0x141/0x180 [ 17.406920] ? kasan_atomics_helper+0x18b1/0x5450 [ 17.406952] kasan_check_range+0x10c/0x1c0 [ 17.406979] __kasan_check_write+0x18/0x20 [ 17.407003] kasan_atomics_helper+0x18b1/0x5450 [ 17.407030] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.407056] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.407111] ? kasan_atomics+0x152/0x310 [ 17.407142] kasan_atomics+0x1dc/0x310 [ 17.407169] ? __pfx_kasan_atomics+0x10/0x10 [ 17.407197] ? __pfx_read_tsc+0x10/0x10 [ 17.407224] ? ktime_get_ts64+0x86/0x230 [ 17.407252] kunit_try_run_case+0x1a5/0x480 [ 17.407282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.407309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.407338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.407366] ? __kthread_parkme+0x82/0x180 [ 17.407392] ? preempt_count_sub+0x50/0x80 [ 17.407421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.407448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.407476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.407504] kthread+0x337/0x6f0 [ 17.407527] ? trace_preempt_on+0x20/0xc0 [ 17.407555] ? __pfx_kthread+0x10/0x10 [ 17.407580] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.407605] ? calculate_sigpending+0x7b/0xa0 [ 17.407634] ? __pfx_kthread+0x10/0x10 [ 17.407660] ret_from_fork+0x116/0x1d0 [ 17.407683] ? __pfx_kthread+0x10/0x10 [ 17.407708] ret_from_fork_asm+0x1a/0x30 [ 17.407744] </TASK> [ 17.407760] [ 17.415992] Allocated by task 283: [ 17.416226] kasan_save_stack+0x45/0x70 [ 17.416434] kasan_save_track+0x18/0x40 [ 17.416617] kasan_save_alloc_info+0x3b/0x50 [ 17.416800] __kasan_kmalloc+0xb7/0xc0 [ 17.416954] __kmalloc_cache_noprof+0x189/0x420 [ 17.417164] kasan_atomics+0x95/0x310 [ 17.417387] kunit_try_run_case+0x1a5/0x480 [ 17.417634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.417962] kthread+0x337/0x6f0 [ 17.418172] ret_from_fork+0x116/0x1d0 [ 17.418330] ret_from_fork_asm+0x1a/0x30 [ 17.418492] [ 17.418578] The buggy address belongs to the object at ffff88810392bb00 [ 17.418578] which belongs to the cache kmalloc-64 of size 64 [ 17.419223] The buggy address is located 0 bytes to the right of [ 17.419223] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.419873] [ 17.419961] The buggy address belongs to the physical page: [ 17.420262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.420618] flags: 0x200000000000000(node=0|zone=2) [ 17.420821] page_type: f5(slab) [ 17.421017] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.421440] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.421723] page dumped because: kasan: bad access detected [ 17.422030] [ 17.422168] Memory state around the buggy address: [ 17.422396] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.422736] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.423064] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.423362] ^ [ 17.423548] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.423808] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.424199] ================================================================== [ 17.503678] ================================================================== [ 17.504299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 17.505313] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.505995] [ 17.506115] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.506171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.506187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.506215] Call Trace: [ 17.506237] <TASK> [ 17.506259] dump_stack_lvl+0x73/0xb0 [ 17.506299] print_report+0xd1/0x650 [ 17.506342] ? __virt_addr_valid+0x1db/0x2d0 [ 17.506370] ? kasan_atomics_helper+0x1b22/0x5450 [ 17.506396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.506422] ? kasan_atomics_helper+0x1b22/0x5450 [ 17.506489] kasan_report+0x141/0x180 [ 17.506517] ? kasan_atomics_helper+0x1b22/0x5450 [ 17.506593] kasan_check_range+0x10c/0x1c0 [ 17.506623] __kasan_check_write+0x18/0x20 [ 17.506659] kasan_atomics_helper+0x1b22/0x5450 [ 17.506687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.506714] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.506743] ? kasan_atomics+0x152/0x310 [ 17.506775] kasan_atomics+0x1dc/0x310 [ 17.506812] ? __pfx_kasan_atomics+0x10/0x10 [ 17.506841] ? __pfx_read_tsc+0x10/0x10 [ 17.506867] ? ktime_get_ts64+0x86/0x230 [ 17.506896] kunit_try_run_case+0x1a5/0x480 [ 17.506924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.506952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.506982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.507010] ? __kthread_parkme+0x82/0x180 [ 17.507036] ? preempt_count_sub+0x50/0x80 [ 17.507066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.507108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.507136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.507164] kthread+0x337/0x6f0 [ 17.507188] ? trace_preempt_on+0x20/0xc0 [ 17.507216] ? __pfx_kthread+0x10/0x10 [ 17.507241] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.507267] ? calculate_sigpending+0x7b/0xa0 [ 17.507295] ? __pfx_kthread+0x10/0x10 [ 17.507321] ret_from_fork+0x116/0x1d0 [ 17.507344] ? __pfx_kthread+0x10/0x10 [ 17.507368] ret_from_fork_asm+0x1a/0x30 [ 17.507406] </TASK> [ 17.507421] [ 17.521121] Allocated by task 283: [ 17.521491] kasan_save_stack+0x45/0x70 [ 17.521741] kasan_save_track+0x18/0x40 [ 17.521975] kasan_save_alloc_info+0x3b/0x50 [ 17.522572] __kasan_kmalloc+0xb7/0xc0 [ 17.522749] __kmalloc_cache_noprof+0x189/0x420 [ 17.523287] kasan_atomics+0x95/0x310 [ 17.523677] kunit_try_run_case+0x1a5/0x480 [ 17.523951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.524390] kthread+0x337/0x6f0 [ 17.524728] ret_from_fork+0x116/0x1d0 [ 17.524918] ret_from_fork_asm+0x1a/0x30 [ 17.525464] [ 17.525620] The buggy address belongs to the object at ffff88810392bb00 [ 17.525620] which belongs to the cache kmalloc-64 of size 64 [ 17.526271] The buggy address is located 0 bytes to the right of [ 17.526271] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.527031] [ 17.527399] The buggy address belongs to the physical page: [ 17.527701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.528234] flags: 0x200000000000000(node=0|zone=2) [ 17.528516] page_type: f5(slab) [ 17.528762] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.529153] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.529594] page dumped because: kasan: bad access detected [ 17.529904] [ 17.530033] Memory state around the buggy address: [ 17.530249] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.530627] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.531130] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.531418] ^ [ 17.531703] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.532026] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.532508] ================================================================== [ 17.717980] ================================================================== [ 17.718459] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 17.718882] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.719566] [ 17.719714] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.720060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.720083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.720127] Call Trace: [ 17.720153] <TASK> [ 17.720177] dump_stack_lvl+0x73/0xb0 [ 17.720217] print_report+0xd1/0x650 [ 17.720245] ? __virt_addr_valid+0x1db/0x2d0 [ 17.720274] ? kasan_atomics_helper+0x4f71/0x5450 [ 17.720302] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.720330] ? kasan_atomics_helper+0x4f71/0x5450 [ 17.720357] kasan_report+0x141/0x180 [ 17.720384] ? kasan_atomics_helper+0x4f71/0x5450 [ 17.720415] __asan_report_load8_noabort+0x18/0x20 [ 17.720445] kasan_atomics_helper+0x4f71/0x5450 [ 17.720472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.720499] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.720530] ? kasan_atomics+0x152/0x310 [ 17.720563] kasan_atomics+0x1dc/0x310 [ 17.720590] ? __pfx_kasan_atomics+0x10/0x10 [ 17.720620] ? __pfx_read_tsc+0x10/0x10 [ 17.720645] ? ktime_get_ts64+0x86/0x230 [ 17.720676] kunit_try_run_case+0x1a5/0x480 [ 17.720706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.720733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.720763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.720805] ? __kthread_parkme+0x82/0x180 [ 17.720832] ? preempt_count_sub+0x50/0x80 [ 17.720861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.720891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.720919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.720948] kthread+0x337/0x6f0 [ 17.720972] ? trace_preempt_on+0x20/0xc0 [ 17.721001] ? __pfx_kthread+0x10/0x10 [ 17.721026] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.721053] ? calculate_sigpending+0x7b/0xa0 [ 17.721200] ? __pfx_kthread+0x10/0x10 [ 17.721232] ret_from_fork+0x116/0x1d0 [ 17.721260] ? __pfx_kthread+0x10/0x10 [ 17.721286] ret_from_fork_asm+0x1a/0x30 [ 17.721325] </TASK> [ 17.721347] [ 17.732828] Allocated by task 283: [ 17.733323] kasan_save_stack+0x45/0x70 [ 17.733676] kasan_save_track+0x18/0x40 [ 17.734025] kasan_save_alloc_info+0x3b/0x50 [ 17.734353] __kasan_kmalloc+0xb7/0xc0 [ 17.734568] __kmalloc_cache_noprof+0x189/0x420 [ 17.734828] kasan_atomics+0x95/0x310 [ 17.735035] kunit_try_run_case+0x1a5/0x480 [ 17.735554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.735784] kthread+0x337/0x6f0 [ 17.736183] ret_from_fork+0x116/0x1d0 [ 17.736497] ret_from_fork_asm+0x1a/0x30 [ 17.736836] [ 17.736932] The buggy address belongs to the object at ffff88810392bb00 [ 17.736932] which belongs to the cache kmalloc-64 of size 64 [ 17.737841] The buggy address is located 0 bytes to the right of [ 17.737841] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.738659] [ 17.738889] The buggy address belongs to the physical page: [ 17.739330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.739808] flags: 0x200000000000000(node=0|zone=2) [ 17.740070] page_type: f5(slab) [ 17.740411] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.740901] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.741465] page dumped because: kasan: bad access detected [ 17.741822] [ 17.741944] Memory state around the buggy address: [ 17.742363] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.742866] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.743382] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.743820] ^ [ 17.744254] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.744696] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.745210] ================================================================== [ 16.949401] ================================================================== [ 16.949703] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 16.950469] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.950860] [ 16.950997] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.951050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.951067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.951282] Call Trace: [ 16.951307] <TASK> [ 16.951331] dump_stack_lvl+0x73/0xb0 [ 16.951370] print_report+0xd1/0x650 [ 16.951469] ? __virt_addr_valid+0x1db/0x2d0 [ 16.951499] ? kasan_atomics_helper+0x4a36/0x5450 [ 16.951525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.951552] ? kasan_atomics_helper+0x4a36/0x5450 [ 16.951579] kasan_report+0x141/0x180 [ 16.951607] ? kasan_atomics_helper+0x4a36/0x5450 [ 16.951639] __asan_report_load4_noabort+0x18/0x20 [ 16.951668] kasan_atomics_helper+0x4a36/0x5450 [ 16.951695] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.951723] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.951754] ? kasan_atomics+0x152/0x310 [ 16.951800] kasan_atomics+0x1dc/0x310 [ 16.951829] ? __pfx_kasan_atomics+0x10/0x10 [ 16.951861] ? __pfx_read_tsc+0x10/0x10 [ 16.951890] ? ktime_get_ts64+0x86/0x230 [ 16.951923] kunit_try_run_case+0x1a5/0x480 [ 16.951953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.951981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.952011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.952041] ? __kthread_parkme+0x82/0x180 [ 16.952068] ? preempt_count_sub+0x50/0x80 [ 16.952098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.952129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.952157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.952185] kthread+0x337/0x6f0 [ 16.952210] ? trace_preempt_on+0x20/0xc0 [ 16.952239] ? __pfx_kthread+0x10/0x10 [ 16.952264] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.952291] ? calculate_sigpending+0x7b/0xa0 [ 16.952320] ? __pfx_kthread+0x10/0x10 [ 16.952347] ret_from_fork+0x116/0x1d0 [ 16.952370] ? __pfx_kthread+0x10/0x10 [ 16.952395] ret_from_fork_asm+0x1a/0x30 [ 16.952433] </TASK> [ 16.952450] [ 16.960933] Allocated by task 283: [ 16.961108] kasan_save_stack+0x45/0x70 [ 16.961298] kasan_save_track+0x18/0x40 [ 16.961526] kasan_save_alloc_info+0x3b/0x50 [ 16.961773] __kasan_kmalloc+0xb7/0xc0 [ 16.961958] __kmalloc_cache_noprof+0x189/0x420 [ 16.962274] kasan_atomics+0x95/0x310 [ 16.962500] kunit_try_run_case+0x1a5/0x480 [ 16.962694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.962998] kthread+0x337/0x6f0 [ 16.963217] ret_from_fork+0x116/0x1d0 [ 16.963409] ret_from_fork_asm+0x1a/0x30 [ 16.963597] [ 16.963716] The buggy address belongs to the object at ffff88810392bb00 [ 16.963716] which belongs to the cache kmalloc-64 of size 64 [ 16.964293] The buggy address is located 0 bytes to the right of [ 16.964293] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.964807] [ 16.964895] The buggy address belongs to the physical page: [ 16.965098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.965395] flags: 0x200000000000000(node=0|zone=2) [ 16.965671] page_type: f5(slab) [ 16.965878] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.966501] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.966767] page dumped because: kasan: bad access detected [ 16.967095] [ 16.967213] Memory state around the buggy address: [ 16.967477] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.967826] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.968087] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.968336] ^ [ 16.968619] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969015] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969645] ================================================================== [ 16.625171] ================================================================== [ 16.625575] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 16.626135] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.626543] [ 16.626672] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.626765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.626782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.626870] Call Trace: [ 16.626894] <TASK> [ 16.626929] dump_stack_lvl+0x73/0xb0 [ 16.626966] print_report+0xd1/0x650 [ 16.626994] ? __virt_addr_valid+0x1db/0x2d0 [ 16.627053] ? kasan_atomics_helper+0x860/0x5450 [ 16.627080] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.627153] ? kasan_atomics_helper+0x860/0x5450 [ 16.627193] kasan_report+0x141/0x180 [ 16.627220] ? kasan_atomics_helper+0x860/0x5450 [ 16.627251] kasan_check_range+0x10c/0x1c0 [ 16.627281] __kasan_check_write+0x18/0x20 [ 16.627306] kasan_atomics_helper+0x860/0x5450 [ 16.627333] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.627360] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.627391] ? kasan_atomics+0x152/0x310 [ 16.627424] kasan_atomics+0x1dc/0x310 [ 16.627453] ? __pfx_kasan_atomics+0x10/0x10 [ 16.627483] ? __pfx_read_tsc+0x10/0x10 [ 16.627509] ? ktime_get_ts64+0x86/0x230 [ 16.627539] kunit_try_run_case+0x1a5/0x480 [ 16.627569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.627597] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.627627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.627656] ? __kthread_parkme+0x82/0x180 [ 16.627681] ? preempt_count_sub+0x50/0x80 [ 16.627711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.627741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.627770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.627810] kthread+0x337/0x6f0 [ 16.627835] ? trace_preempt_on+0x20/0xc0 [ 16.627864] ? __pfx_kthread+0x10/0x10 [ 16.627889] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.627916] ? calculate_sigpending+0x7b/0xa0 [ 16.627944] ? __pfx_kthread+0x10/0x10 [ 16.627970] ret_from_fork+0x116/0x1d0 [ 16.627995] ? __pfx_kthread+0x10/0x10 [ 16.628021] ret_from_fork_asm+0x1a/0x30 [ 16.628058] </TASK> [ 16.628074] [ 16.638874] Allocated by task 283: [ 16.639223] kasan_save_stack+0x45/0x70 [ 16.639533] kasan_save_track+0x18/0x40 [ 16.639695] kasan_save_alloc_info+0x3b/0x50 [ 16.639921] __kasan_kmalloc+0xb7/0xc0 [ 16.640145] __kmalloc_cache_noprof+0x189/0x420 [ 16.640629] kasan_atomics+0x95/0x310 [ 16.640863] kunit_try_run_case+0x1a5/0x480 [ 16.641066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.641436] kthread+0x337/0x6f0 [ 16.641662] ret_from_fork+0x116/0x1d0 [ 16.642051] ret_from_fork_asm+0x1a/0x30 [ 16.642306] [ 16.642409] The buggy address belongs to the object at ffff88810392bb00 [ 16.642409] which belongs to the cache kmalloc-64 of size 64 [ 16.643179] The buggy address is located 0 bytes to the right of [ 16.643179] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.643894] [ 16.643986] The buggy address belongs to the physical page: [ 16.644430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.644931] flags: 0x200000000000000(node=0|zone=2) [ 16.645284] page_type: f5(slab) [ 16.645479] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.645859] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.646364] page dumped because: kasan: bad access detected [ 16.646674] [ 16.646798] Memory state around the buggy address: [ 16.647183] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.647584] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.648006] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.648421] ^ [ 16.649279] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.649703] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.650588] ================================================================== [ 17.480251] ================================================================== [ 17.480719] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 17.481300] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.481735] [ 17.481898] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.481955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.481972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.482002] Call Trace: [ 17.482028] <TASK> [ 17.482052] dump_stack_lvl+0x73/0xb0 [ 17.482103] print_report+0xd1/0x650 [ 17.482133] ? __virt_addr_valid+0x1db/0x2d0 [ 17.482164] ? kasan_atomics_helper+0x1a7f/0x5450 [ 17.482191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.482246] ? kasan_atomics_helper+0x1a7f/0x5450 [ 17.482274] kasan_report+0x141/0x180 [ 17.482302] ? kasan_atomics_helper+0x1a7f/0x5450 [ 17.482335] kasan_check_range+0x10c/0x1c0 [ 17.482364] __kasan_check_write+0x18/0x20 [ 17.482387] kasan_atomics_helper+0x1a7f/0x5450 [ 17.482436] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.482462] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.482493] ? kasan_atomics+0x152/0x310 [ 17.482527] kasan_atomics+0x1dc/0x310 [ 17.482555] ? __pfx_kasan_atomics+0x10/0x10 [ 17.482586] ? __pfx_read_tsc+0x10/0x10 [ 17.482612] ? ktime_get_ts64+0x86/0x230 [ 17.482642] kunit_try_run_case+0x1a5/0x480 [ 17.482673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.482719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.482766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.482825] ? __kthread_parkme+0x82/0x180 [ 17.482868] ? preempt_count_sub+0x50/0x80 [ 17.482898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.482927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.482972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.483016] kthread+0x337/0x6f0 [ 17.483042] ? trace_preempt_on+0x20/0xc0 [ 17.483070] ? __pfx_kthread+0x10/0x10 [ 17.483108] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.483135] ? calculate_sigpending+0x7b/0xa0 [ 17.483164] ? __pfx_kthread+0x10/0x10 [ 17.483191] ret_from_fork+0x116/0x1d0 [ 17.483215] ? __pfx_kthread+0x10/0x10 [ 17.483241] ret_from_fork_asm+0x1a/0x30 [ 17.483278] </TASK> [ 17.483294] [ 17.492571] Allocated by task 283: [ 17.492761] kasan_save_stack+0x45/0x70 [ 17.493033] kasan_save_track+0x18/0x40 [ 17.493304] kasan_save_alloc_info+0x3b/0x50 [ 17.493555] __kasan_kmalloc+0xb7/0xc0 [ 17.493774] __kmalloc_cache_noprof+0x189/0x420 [ 17.494005] kasan_atomics+0x95/0x310 [ 17.494189] kunit_try_run_case+0x1a5/0x480 [ 17.494498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.494845] kthread+0x337/0x6f0 [ 17.495048] ret_from_fork+0x116/0x1d0 [ 17.495272] ret_from_fork_asm+0x1a/0x30 [ 17.495449] [ 17.495567] The buggy address belongs to the object at ffff88810392bb00 [ 17.495567] which belongs to the cache kmalloc-64 of size 64 [ 17.496253] The buggy address is located 0 bytes to the right of [ 17.496253] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.497113] [ 17.497205] The buggy address belongs to the physical page: [ 17.497415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.497881] flags: 0x200000000000000(node=0|zone=2) [ 17.498261] page_type: f5(slab) [ 17.498465] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.498829] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.499121] page dumped because: kasan: bad access detected [ 17.499444] [ 17.499597] Memory state around the buggy address: [ 17.499915] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.500575] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.501672] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.501965] ^ [ 17.502161] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.502415] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.502671] ================================================================== [ 16.600385] ================================================================== [ 16.600959] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 16.601388] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.602016] [ 16.602208] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.602262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.602278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.602306] Call Trace: [ 16.602328] <TASK> [ 16.602350] dump_stack_lvl+0x73/0xb0 [ 16.602440] print_report+0xd1/0x650 [ 16.602469] ? __virt_addr_valid+0x1db/0x2d0 [ 16.602510] ? kasan_atomics_helper+0x7c7/0x5450 [ 16.602537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.602565] ? kasan_atomics_helper+0x7c7/0x5450 [ 16.602591] kasan_report+0x141/0x180 [ 16.602619] ? kasan_atomics_helper+0x7c7/0x5450 [ 16.602695] kasan_check_range+0x10c/0x1c0 [ 16.602724] __kasan_check_write+0x18/0x20 [ 16.602809] kasan_atomics_helper+0x7c7/0x5450 [ 16.602836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.602876] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.602908] ? kasan_atomics+0x152/0x310 [ 16.602940] kasan_atomics+0x1dc/0x310 [ 16.602968] ? __pfx_kasan_atomics+0x10/0x10 [ 16.602998] ? __pfx_read_tsc+0x10/0x10 [ 16.603025] ? ktime_get_ts64+0x86/0x230 [ 16.603054] kunit_try_run_case+0x1a5/0x480 [ 16.603084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.603125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.603155] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.603184] ? __kthread_parkme+0x82/0x180 [ 16.603209] ? preempt_count_sub+0x50/0x80 [ 16.603238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.603267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.603297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.603326] kthread+0x337/0x6f0 [ 16.603350] ? trace_preempt_on+0x20/0xc0 [ 16.603380] ? __pfx_kthread+0x10/0x10 [ 16.603405] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.603430] ? calculate_sigpending+0x7b/0xa0 [ 16.603459] ? __pfx_kthread+0x10/0x10 [ 16.603484] ret_from_fork+0x116/0x1d0 [ 16.603508] ? __pfx_kthread+0x10/0x10 [ 16.603532] ret_from_fork_asm+0x1a/0x30 [ 16.603569] </TASK> [ 16.603584] [ 16.613717] Allocated by task 283: [ 16.613998] kasan_save_stack+0x45/0x70 [ 16.614537] kasan_save_track+0x18/0x40 [ 16.614770] kasan_save_alloc_info+0x3b/0x50 [ 16.615153] __kasan_kmalloc+0xb7/0xc0 [ 16.615387] __kmalloc_cache_noprof+0x189/0x420 [ 16.615610] kasan_atomics+0x95/0x310 [ 16.615766] kunit_try_run_case+0x1a5/0x480 [ 16.616073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.616538] kthread+0x337/0x6f0 [ 16.616708] ret_from_fork+0x116/0x1d0 [ 16.616997] ret_from_fork_asm+0x1a/0x30 [ 16.617259] [ 16.617352] The buggy address belongs to the object at ffff88810392bb00 [ 16.617352] which belongs to the cache kmalloc-64 of size 64 [ 16.617956] The buggy address is located 0 bytes to the right of [ 16.617956] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.618803] [ 16.618908] The buggy address belongs to the physical page: [ 16.619189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.619704] flags: 0x200000000000000(node=0|zone=2) [ 16.620021] page_type: f5(slab) [ 16.620232] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.620673] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.621079] page dumped because: kasan: bad access detected [ 16.621458] [ 16.621672] Memory state around the buggy address: [ 16.621913] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.622259] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.622696] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.623048] ^ [ 16.623473] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.623874] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.624302] ================================================================== [ 17.094840] ================================================================== [ 17.095439] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 17.095735] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.096151] [ 17.096284] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.096335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.096350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.096377] Call Trace: [ 17.096399] <TASK> [ 17.096418] dump_stack_lvl+0x73/0xb0 [ 17.096454] print_report+0xd1/0x650 [ 17.096481] ? __virt_addr_valid+0x1db/0x2d0 [ 17.096509] ? kasan_atomics_helper+0x49e8/0x5450 [ 17.096535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.096563] ? kasan_atomics_helper+0x49e8/0x5450 [ 17.096590] kasan_report+0x141/0x180 [ 17.096617] ? kasan_atomics_helper+0x49e8/0x5450 [ 17.096648] __asan_report_load4_noabort+0x18/0x20 [ 17.096677] kasan_atomics_helper+0x49e8/0x5450 [ 17.096703] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.096729] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.096760] ? kasan_atomics+0x152/0x310 [ 17.096803] kasan_atomics+0x1dc/0x310 [ 17.096831] ? __pfx_kasan_atomics+0x10/0x10 [ 17.096859] ? __pfx_read_tsc+0x10/0x10 [ 17.096885] ? ktime_get_ts64+0x86/0x230 [ 17.096913] kunit_try_run_case+0x1a5/0x480 [ 17.096941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.096979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.097008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.097034] ? __kthread_parkme+0x82/0x180 [ 17.097067] ? preempt_count_sub+0x50/0x80 [ 17.097117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.097146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.097188] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.097216] kthread+0x337/0x6f0 [ 17.097240] ? trace_preempt_on+0x20/0xc0 [ 17.097268] ? __pfx_kthread+0x10/0x10 [ 17.097294] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.097318] ? calculate_sigpending+0x7b/0xa0 [ 17.097352] ? __pfx_kthread+0x10/0x10 [ 17.097379] ret_from_fork+0x116/0x1d0 [ 17.097402] ? __pfx_kthread+0x10/0x10 [ 17.097427] ret_from_fork_asm+0x1a/0x30 [ 17.097464] </TASK> [ 17.097480] [ 17.106259] Allocated by task 283: [ 17.106484] kasan_save_stack+0x45/0x70 [ 17.106711] kasan_save_track+0x18/0x40 [ 17.106930] kasan_save_alloc_info+0x3b/0x50 [ 17.107117] __kasan_kmalloc+0xb7/0xc0 [ 17.107362] __kmalloc_cache_noprof+0x189/0x420 [ 17.107614] kasan_atomics+0x95/0x310 [ 17.107769] kunit_try_run_case+0x1a5/0x480 [ 17.108018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.108365] kthread+0x337/0x6f0 [ 17.108505] ret_from_fork+0x116/0x1d0 [ 17.108728] ret_from_fork_asm+0x1a/0x30 [ 17.108985] [ 17.109099] The buggy address belongs to the object at ffff88810392bb00 [ 17.109099] which belongs to the cache kmalloc-64 of size 64 [ 17.109679] The buggy address is located 0 bytes to the right of [ 17.109679] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.110297] [ 17.110415] The buggy address belongs to the physical page: [ 17.110622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.111013] flags: 0x200000000000000(node=0|zone=2) [ 17.111215] page_type: f5(slab) [ 17.111357] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.111778] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.112224] page dumped because: kasan: bad access detected [ 17.112546] [ 17.112672] Memory state around the buggy address: [ 17.112867] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.113117] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.113368] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.113611] ^ [ 17.113809] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.114171] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.114529] ================================================================== [ 17.226027] ================================================================== [ 17.226531] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 17.226975] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.227420] [ 17.227527] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.227582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.227598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.227627] Call Trace: [ 17.227648] <TASK> [ 17.227667] dump_stack_lvl+0x73/0xb0 [ 17.227704] print_report+0xd1/0x650 [ 17.227732] ? __virt_addr_valid+0x1db/0x2d0 [ 17.227762] ? kasan_atomics_helper+0x1467/0x5450 [ 17.227801] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.227829] ? kasan_atomics_helper+0x1467/0x5450 [ 17.227856] kasan_report+0x141/0x180 [ 17.227883] ? kasan_atomics_helper+0x1467/0x5450 [ 17.227916] kasan_check_range+0x10c/0x1c0 [ 17.227947] __kasan_check_write+0x18/0x20 [ 17.228017] kasan_atomics_helper+0x1467/0x5450 [ 17.228068] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.228111] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.228144] ? kasan_atomics+0x152/0x310 [ 17.228176] kasan_atomics+0x1dc/0x310 [ 17.228204] ? __pfx_kasan_atomics+0x10/0x10 [ 17.228234] ? __pfx_read_tsc+0x10/0x10 [ 17.228260] ? ktime_get_ts64+0x86/0x230 [ 17.228327] kunit_try_run_case+0x1a5/0x480 [ 17.228357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.228384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.228414] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.228443] ? __kthread_parkme+0x82/0x180 [ 17.228469] ? preempt_count_sub+0x50/0x80 [ 17.228498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.228527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.228581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.228610] kthread+0x337/0x6f0 [ 17.228636] ? trace_preempt_on+0x20/0xc0 [ 17.228666] ? __pfx_kthread+0x10/0x10 [ 17.228691] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.228717] ? calculate_sigpending+0x7b/0xa0 [ 17.228747] ? __pfx_kthread+0x10/0x10 [ 17.228773] ret_from_fork+0x116/0x1d0 [ 17.228808] ? __pfx_kthread+0x10/0x10 [ 17.228833] ret_from_fork_asm+0x1a/0x30 [ 17.228872] </TASK> [ 17.228887] [ 17.238701] Allocated by task 283: [ 17.238981] kasan_save_stack+0x45/0x70 [ 17.239281] kasan_save_track+0x18/0x40 [ 17.239469] kasan_save_alloc_info+0x3b/0x50 [ 17.239672] __kasan_kmalloc+0xb7/0xc0 [ 17.239896] __kmalloc_cache_noprof+0x189/0x420 [ 17.240257] kasan_atomics+0x95/0x310 [ 17.240457] kunit_try_run_case+0x1a5/0x480 [ 17.240624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.240923] kthread+0x337/0x6f0 [ 17.241218] ret_from_fork+0x116/0x1d0 [ 17.241585] ret_from_fork_asm+0x1a/0x30 [ 17.241749] [ 17.241915] The buggy address belongs to the object at ffff88810392bb00 [ 17.241915] which belongs to the cache kmalloc-64 of size 64 [ 17.242713] The buggy address is located 0 bytes to the right of [ 17.242713] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.243380] [ 17.243495] The buggy address belongs to the physical page: [ 17.243846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.244310] flags: 0x200000000000000(node=0|zone=2) [ 17.244596] page_type: f5(slab) [ 17.244800] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.245237] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.245615] page dumped because: kasan: bad access detected [ 17.245939] [ 17.246085] Memory state around the buggy address: [ 17.246447] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.246829] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.247215] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.247567] ^ [ 17.247846] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.248272] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.248670] ================================================================== [ 16.315980] ================================================================== [ 16.316616] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 16.317068] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.317579] [ 16.317762] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.317919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.317935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.317961] Call Trace: [ 16.317979] <TASK> [ 16.317999] dump_stack_lvl+0x73/0xb0 [ 16.318034] print_report+0xd1/0x650 [ 16.318061] ? __virt_addr_valid+0x1db/0x2d0 [ 16.318087] ? kasan_atomics_helper+0x4ba2/0x5450 [ 16.318235] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.318262] ? kasan_atomics_helper+0x4ba2/0x5450 [ 16.318287] kasan_report+0x141/0x180 [ 16.318313] ? kasan_atomics_helper+0x4ba2/0x5450 [ 16.318342] __asan_report_store4_noabort+0x1b/0x30 [ 16.318365] kasan_atomics_helper+0x4ba2/0x5450 [ 16.318389] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.318415] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.318444] ? kasan_atomics+0x152/0x310 [ 16.318473] kasan_atomics+0x1dc/0x310 [ 16.318499] ? __pfx_kasan_atomics+0x10/0x10 [ 16.318526] ? __pfx_read_tsc+0x10/0x10 [ 16.318550] ? ktime_get_ts64+0x86/0x230 [ 16.318578] kunit_try_run_case+0x1a5/0x480 [ 16.318607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.318631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.318660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.318687] ? __kthread_parkme+0x82/0x180 [ 16.318711] ? preempt_count_sub+0x50/0x80 [ 16.318738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.318765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.318802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.318828] kthread+0x337/0x6f0 [ 16.318850] ? trace_preempt_on+0x20/0xc0 [ 16.318876] ? __pfx_kthread+0x10/0x10 [ 16.318900] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.318924] ? calculate_sigpending+0x7b/0xa0 [ 16.318951] ? __pfx_kthread+0x10/0x10 [ 16.318976] ret_from_fork+0x116/0x1d0 [ 16.318998] ? __pfx_kthread+0x10/0x10 [ 16.319021] ret_from_fork_asm+0x1a/0x30 [ 16.319055] </TASK> [ 16.319069] [ 16.334578] Allocated by task 283: [ 16.334979] kasan_save_stack+0x45/0x70 [ 16.335289] kasan_save_track+0x18/0x40 [ 16.335708] kasan_save_alloc_info+0x3b/0x50 [ 16.336021] __kasan_kmalloc+0xb7/0xc0 [ 16.336201] __kmalloc_cache_noprof+0x189/0x420 [ 16.336384] kasan_atomics+0x95/0x310 [ 16.336799] kunit_try_run_case+0x1a5/0x480 [ 16.337353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.337931] kthread+0x337/0x6f0 [ 16.338324] ret_from_fork+0x116/0x1d0 [ 16.338624] ret_from_fork_asm+0x1a/0x30 [ 16.338804] [ 16.338889] The buggy address belongs to the object at ffff88810392bb00 [ 16.338889] which belongs to the cache kmalloc-64 of size 64 [ 16.339333] The buggy address is located 0 bytes to the right of [ 16.339333] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.340042] [ 16.340401] The buggy address belongs to the physical page: [ 16.340706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.341054] flags: 0x200000000000000(node=0|zone=2) [ 16.341371] page_type: f5(slab) [ 16.341571] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.341962] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.342502] page dumped because: kasan: bad access detected [ 16.342749] [ 16.342870] Memory state around the buggy address: [ 16.343117] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.343536] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.343823] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.344160] ^ [ 16.344547] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.344912] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.345386] ================================================================== [ 16.528301] ================================================================== [ 16.528782] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 16.529071] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.530851] [ 16.531191] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.531420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.531444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.531517] Call Trace: [ 16.531540] <TASK> [ 16.531565] dump_stack_lvl+0x73/0xb0 [ 16.531608] print_report+0xd1/0x650 [ 16.531639] ? __virt_addr_valid+0x1db/0x2d0 [ 16.531669] ? kasan_atomics_helper+0x5fe/0x5450 [ 16.531695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.531721] ? kasan_atomics_helper+0x5fe/0x5450 [ 16.531748] kasan_report+0x141/0x180 [ 16.531775] ? kasan_atomics_helper+0x5fe/0x5450 [ 16.531819] kasan_check_range+0x10c/0x1c0 [ 16.531849] __kasan_check_write+0x18/0x20 [ 16.531872] kasan_atomics_helper+0x5fe/0x5450 [ 16.531899] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.531926] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.531957] ? kasan_atomics+0x152/0x310 [ 16.531989] kasan_atomics+0x1dc/0x310 [ 16.532017] ? __pfx_kasan_atomics+0x10/0x10 [ 16.532046] ? __pfx_read_tsc+0x10/0x10 [ 16.532080] ? ktime_get_ts64+0x86/0x230 [ 16.532123] kunit_try_run_case+0x1a5/0x480 [ 16.532155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.532183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.532212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.532239] ? __kthread_parkme+0x82/0x180 [ 16.532265] ? preempt_count_sub+0x50/0x80 [ 16.532293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.532322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.532349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.532377] kthread+0x337/0x6f0 [ 16.532401] ? trace_preempt_on+0x20/0xc0 [ 16.532430] ? __pfx_kthread+0x10/0x10 [ 16.532458] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.532485] ? calculate_sigpending+0x7b/0xa0 [ 16.532514] ? __pfx_kthread+0x10/0x10 [ 16.532539] ret_from_fork+0x116/0x1d0 [ 16.532563] ? __pfx_kthread+0x10/0x10 [ 16.532588] ret_from_fork_asm+0x1a/0x30 [ 16.532626] </TASK> [ 16.532641] [ 16.541925] Allocated by task 283: [ 16.542182] kasan_save_stack+0x45/0x70 [ 16.542452] kasan_save_track+0x18/0x40 [ 16.542708] kasan_save_alloc_info+0x3b/0x50 [ 16.542904] __kasan_kmalloc+0xb7/0xc0 [ 16.543056] __kmalloc_cache_noprof+0x189/0x420 [ 16.543232] kasan_atomics+0x95/0x310 [ 16.543690] kunit_try_run_case+0x1a5/0x480 [ 16.543944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.544445] kthread+0x337/0x6f0 [ 16.544627] ret_from_fork+0x116/0x1d0 [ 16.545010] ret_from_fork_asm+0x1a/0x30 [ 16.545384] [ 16.545496] The buggy address belongs to the object at ffff88810392bb00 [ 16.545496] which belongs to the cache kmalloc-64 of size 64 [ 16.546189] The buggy address is located 0 bytes to the right of [ 16.546189] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.546712] [ 16.546811] The buggy address belongs to the physical page: [ 16.547120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.547593] flags: 0x200000000000000(node=0|zone=2) [ 16.547918] page_type: f5(slab) [ 16.548166] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.548526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.548782] page dumped because: kasan: bad access detected [ 16.549128] [ 16.549278] Memory state around the buggy address: [ 16.549575] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.549956] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.550387] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.550742] ^ [ 16.551020] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.551396] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.551635] ================================================================== [ 17.074064] ================================================================== [ 17.074397] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 17.075040] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.075468] [ 17.075606] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.075658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.075675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.075704] Call Trace: [ 17.075725] <TASK> [ 17.075754] dump_stack_lvl+0x73/0xb0 [ 17.075811] print_report+0xd1/0x650 [ 17.075839] ? __virt_addr_valid+0x1db/0x2d0 [ 17.075868] ? kasan_atomics_helper+0x1217/0x5450 [ 17.075894] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.075922] ? kasan_atomics_helper+0x1217/0x5450 [ 17.075950] kasan_report+0x141/0x180 [ 17.075977] ? kasan_atomics_helper+0x1217/0x5450 [ 17.076009] kasan_check_range+0x10c/0x1c0 [ 17.076038] __kasan_check_write+0x18/0x20 [ 17.076063] kasan_atomics_helper+0x1217/0x5450 [ 17.076104] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.076132] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.076173] ? kasan_atomics+0x152/0x310 [ 17.076205] kasan_atomics+0x1dc/0x310 [ 17.076245] ? __pfx_kasan_atomics+0x10/0x10 [ 17.076274] ? __pfx_read_tsc+0x10/0x10 [ 17.076299] ? ktime_get_ts64+0x86/0x230 [ 17.076330] kunit_try_run_case+0x1a5/0x480 [ 17.076370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.076396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.076437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.076465] ? __kthread_parkme+0x82/0x180 [ 17.076491] ? preempt_count_sub+0x50/0x80 [ 17.076519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.076557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.076585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.076625] kthread+0x337/0x6f0 [ 17.076649] ? trace_preempt_on+0x20/0xc0 [ 17.076678] ? __pfx_kthread+0x10/0x10 [ 17.076703] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.076736] ? calculate_sigpending+0x7b/0xa0 [ 17.076765] ? __pfx_kthread+0x10/0x10 [ 17.076808] ret_from_fork+0x116/0x1d0 [ 17.076832] ? __pfx_kthread+0x10/0x10 [ 17.076857] ret_from_fork_asm+0x1a/0x30 [ 17.076893] </TASK> [ 17.076909] [ 17.085689] Allocated by task 283: [ 17.085914] kasan_save_stack+0x45/0x70 [ 17.086116] kasan_save_track+0x18/0x40 [ 17.086367] kasan_save_alloc_info+0x3b/0x50 [ 17.086578] __kasan_kmalloc+0xb7/0xc0 [ 17.086730] __kmalloc_cache_noprof+0x189/0x420 [ 17.086914] kasan_atomics+0x95/0x310 [ 17.087065] kunit_try_run_case+0x1a5/0x480 [ 17.087230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.087424] kthread+0x337/0x6f0 [ 17.087625] ret_from_fork+0x116/0x1d0 [ 17.087882] ret_from_fork_asm+0x1a/0x30 [ 17.088106] [ 17.088214] The buggy address belongs to the object at ffff88810392bb00 [ 17.088214] which belongs to the cache kmalloc-64 of size 64 [ 17.088864] The buggy address is located 0 bytes to the right of [ 17.088864] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.089493] [ 17.089577] The buggy address belongs to the physical page: [ 17.089772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.090061] flags: 0x200000000000000(node=0|zone=2) [ 17.090345] page_type: f5(slab) [ 17.090576] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.090992] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.091456] page dumped because: kasan: bad access detected [ 17.091752] [ 17.091883] Memory state around the buggy address: [ 17.092164] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.092501] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.092869] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.093327] ^ [ 17.093565] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.093917] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.094323] ================================================================== [ 16.345902] ================================================================== [ 16.346251] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 16.346591] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.346970] [ 16.347104] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.347155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.347170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.347196] Call Trace: [ 16.347216] <TASK> [ 16.347235] dump_stack_lvl+0x73/0xb0 [ 16.347269] print_report+0xd1/0x650 [ 16.347295] ? __virt_addr_valid+0x1db/0x2d0 [ 16.347321] ? kasan_atomics_helper+0x4b88/0x5450 [ 16.347345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.347370] ? kasan_atomics_helper+0x4b88/0x5450 [ 16.347393] kasan_report+0x141/0x180 [ 16.347419] ? kasan_atomics_helper+0x4b88/0x5450 [ 16.347449] __asan_report_load4_noabort+0x18/0x20 [ 16.347475] kasan_atomics_helper+0x4b88/0x5450 [ 16.347502] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.347526] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.347555] ? kasan_atomics+0x152/0x310 [ 16.347585] kasan_atomics+0x1dc/0x310 [ 16.347611] ? __pfx_kasan_atomics+0x10/0x10 [ 16.347637] ? __pfx_read_tsc+0x10/0x10 [ 16.347662] ? ktime_get_ts64+0x86/0x230 [ 16.347690] kunit_try_run_case+0x1a5/0x480 [ 16.347718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.347743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.347770] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.347868] ? __kthread_parkme+0x82/0x180 [ 16.347895] ? preempt_count_sub+0x50/0x80 [ 16.347923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.347950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.347977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.348003] kthread+0x337/0x6f0 [ 16.348025] ? trace_preempt_on+0x20/0xc0 [ 16.348053] ? __pfx_kthread+0x10/0x10 [ 16.348076] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.348111] ? calculate_sigpending+0x7b/0xa0 [ 16.348139] ? __pfx_kthread+0x10/0x10 [ 16.348331] ret_from_fork+0x116/0x1d0 [ 16.348357] ? __pfx_kthread+0x10/0x10 [ 16.348381] ret_from_fork_asm+0x1a/0x30 [ 16.348417] </TASK> [ 16.348431] [ 16.357753] Allocated by task 283: [ 16.357937] kasan_save_stack+0x45/0x70 [ 16.358337] kasan_save_track+0x18/0x40 [ 16.358543] kasan_save_alloc_info+0x3b/0x50 [ 16.358739] __kasan_kmalloc+0xb7/0xc0 [ 16.358909] __kmalloc_cache_noprof+0x189/0x420 [ 16.359126] kasan_atomics+0x95/0x310 [ 16.359342] kunit_try_run_case+0x1a5/0x480 [ 16.359582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.359856] kthread+0x337/0x6f0 [ 16.359998] ret_from_fork+0x116/0x1d0 [ 16.360154] ret_from_fork_asm+0x1a/0x30 [ 16.360390] [ 16.360508] The buggy address belongs to the object at ffff88810392bb00 [ 16.360508] which belongs to the cache kmalloc-64 of size 64 [ 16.361135] The buggy address is located 0 bytes to the right of [ 16.361135] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.361865] [ 16.361950] The buggy address belongs to the physical page: [ 16.362150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.362424] flags: 0x200000000000000(node=0|zone=2) [ 16.363057] page_type: f5(slab) [ 16.363275] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.363630] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.364238] page dumped because: kasan: bad access detected [ 16.364508] [ 16.364592] Memory state around the buggy address: [ 16.364777] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.365229] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.365613] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.366005] ^ [ 16.366456] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.366830] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.367109] ================================================================== [ 17.148065] ================================================================== [ 17.149169] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 17.149607] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.149943] [ 17.150060] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.150117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.150134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.150165] Call Trace: [ 17.150189] <TASK> [ 17.150213] dump_stack_lvl+0x73/0xb0 [ 17.150251] print_report+0xd1/0x650 [ 17.150279] ? __virt_addr_valid+0x1db/0x2d0 [ 17.150307] ? kasan_atomics_helper+0x49ce/0x5450 [ 17.150333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.150360] ? kasan_atomics_helper+0x49ce/0x5450 [ 17.150388] kasan_report+0x141/0x180 [ 17.150417] ? kasan_atomics_helper+0x49ce/0x5450 [ 17.150449] __asan_report_load4_noabort+0x18/0x20 [ 17.150480] kasan_atomics_helper+0x49ce/0x5450 [ 17.150507] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.150533] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.150564] ? kasan_atomics+0x152/0x310 [ 17.150596] kasan_atomics+0x1dc/0x310 [ 17.150624] ? __pfx_kasan_atomics+0x10/0x10 [ 17.150652] ? __pfx_read_tsc+0x10/0x10 [ 17.150679] ? ktime_get_ts64+0x86/0x230 [ 17.150708] kunit_try_run_case+0x1a5/0x480 [ 17.150738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.150765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.150808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.150836] ? __kthread_parkme+0x82/0x180 [ 17.150861] ? preempt_count_sub+0x50/0x80 [ 17.150891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.150920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.150948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.150975] kthread+0x337/0x6f0 [ 17.150999] ? trace_preempt_on+0x20/0xc0 [ 17.151028] ? __pfx_kthread+0x10/0x10 [ 17.151055] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.151082] ? calculate_sigpending+0x7b/0xa0 [ 17.151125] ? __pfx_kthread+0x10/0x10 [ 17.151151] ret_from_fork+0x116/0x1d0 [ 17.151175] ? __pfx_kthread+0x10/0x10 [ 17.151199] ret_from_fork_asm+0x1a/0x30 [ 17.151236] </TASK> [ 17.151253] [ 17.160690] Allocated by task 283: [ 17.160857] kasan_save_stack+0x45/0x70 [ 17.161025] kasan_save_track+0x18/0x40 [ 17.161182] kasan_save_alloc_info+0x3b/0x50 [ 17.161467] __kasan_kmalloc+0xb7/0xc0 [ 17.161683] __kmalloc_cache_noprof+0x189/0x420 [ 17.162195] kasan_atomics+0x95/0x310 [ 17.162428] kunit_try_run_case+0x1a5/0x480 [ 17.162663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.162911] kthread+0x337/0x6f0 [ 17.163651] ret_from_fork+0x116/0x1d0 [ 17.163982] ret_from_fork_asm+0x1a/0x30 [ 17.164385] [ 17.164504] The buggy address belongs to the object at ffff88810392bb00 [ 17.164504] which belongs to the cache kmalloc-64 of size 64 [ 17.164970] The buggy address is located 0 bytes to the right of [ 17.164970] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.165608] [ 17.165710] The buggy address belongs to the physical page: [ 17.166025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.166568] flags: 0x200000000000000(node=0|zone=2) [ 17.166815] page_type: f5(slab) [ 17.167006] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.167316] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.167854] page dumped because: kasan: bad access detected [ 17.168060] [ 17.168156] Memory state around the buggy address: [ 17.168422] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.168779] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.169038] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.170929] ^ [ 17.171167] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.171431] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.171684] ================================================================== [ 16.479634] ================================================================== [ 16.480031] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 16.480412] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.480816] [ 16.480925] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.480976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.480993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.481021] Call Trace: [ 16.481042] <TASK> [ 16.481062] dump_stack_lvl+0x73/0xb0 [ 16.481097] print_report+0xd1/0x650 [ 16.481141] ? __virt_addr_valid+0x1db/0x2d0 [ 16.481170] ? kasan_atomics_helper+0x4b3a/0x5450 [ 16.481196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.481225] ? kasan_atomics_helper+0x4b3a/0x5450 [ 16.481252] kasan_report+0x141/0x180 [ 16.481279] ? kasan_atomics_helper+0x4b3a/0x5450 [ 16.481348] __asan_report_store4_noabort+0x1b/0x30 [ 16.481377] kasan_atomics_helper+0x4b3a/0x5450 [ 16.481422] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.481466] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.481513] ? kasan_atomics+0x152/0x310 [ 16.481560] kasan_atomics+0x1dc/0x310 [ 16.481602] ? __pfx_kasan_atomics+0x10/0x10 [ 16.481647] ? __pfx_read_tsc+0x10/0x10 [ 16.481687] ? ktime_get_ts64+0x86/0x230 [ 16.481732] kunit_try_run_case+0x1a5/0x480 [ 16.481770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.481808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.481838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.481865] ? __kthread_parkme+0x82/0x180 [ 16.481890] ? preempt_count_sub+0x50/0x80 [ 16.481919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.481947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.481974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.482002] kthread+0x337/0x6f0 [ 16.482025] ? trace_preempt_on+0x20/0xc0 [ 16.482054] ? __pfx_kthread+0x10/0x10 [ 16.482078] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.482104] ? calculate_sigpending+0x7b/0xa0 [ 16.482133] ? __pfx_kthread+0x10/0x10 [ 16.482159] ret_from_fork+0x116/0x1d0 [ 16.482181] ? __pfx_kthread+0x10/0x10 [ 16.482206] ret_from_fork_asm+0x1a/0x30 [ 16.482242] </TASK> [ 16.482258] [ 16.491669] Allocated by task 283: [ 16.491943] kasan_save_stack+0x45/0x70 [ 16.492126] kasan_save_track+0x18/0x40 [ 16.492281] kasan_save_alloc_info+0x3b/0x50 [ 16.492674] __kasan_kmalloc+0xb7/0xc0 [ 16.493095] __kmalloc_cache_noprof+0x189/0x420 [ 16.493346] kasan_atomics+0x95/0x310 [ 16.494177] kunit_try_run_case+0x1a5/0x480 [ 16.494450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.494647] kthread+0x337/0x6f0 [ 16.494863] ret_from_fork+0x116/0x1d0 [ 16.495023] ret_from_fork_asm+0x1a/0x30 [ 16.495237] [ 16.495879] The buggy address belongs to the object at ffff88810392bb00 [ 16.495879] which belongs to the cache kmalloc-64 of size 64 [ 16.496492] The buggy address is located 0 bytes to the right of [ 16.496492] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.497188] [ 16.497300] The buggy address belongs to the physical page: [ 16.497596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.497992] flags: 0x200000000000000(node=0|zone=2) [ 16.498408] page_type: f5(slab) [ 16.498550] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.498818] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.499342] page dumped because: kasan: bad access detected [ 16.499759] [ 16.499860] Memory state around the buggy address: [ 16.500154] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.500709] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.501090] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.501510] ^ [ 16.501770] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.502194] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.502542] ================================================================== [ 17.614506] ================================================================== [ 17.614845] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 17.615166] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.615830] [ 17.616044] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.616095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.616112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.616139] Call Trace: [ 17.616159] <TASK> [ 17.616179] dump_stack_lvl+0x73/0xb0 [ 17.616216] print_report+0xd1/0x650 [ 17.616243] ? __virt_addr_valid+0x1db/0x2d0 [ 17.616271] ? kasan_atomics_helper+0x1d7a/0x5450 [ 17.616297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.616324] ? kasan_atomics_helper+0x1d7a/0x5450 [ 17.616351] kasan_report+0x141/0x180 [ 17.616378] ? kasan_atomics_helper+0x1d7a/0x5450 [ 17.616410] kasan_check_range+0x10c/0x1c0 [ 17.616439] __kasan_check_write+0x18/0x20 [ 17.616463] kasan_atomics_helper+0x1d7a/0x5450 [ 17.616491] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.616519] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.616550] ? kasan_atomics+0x152/0x310 [ 17.616582] kasan_atomics+0x1dc/0x310 [ 17.616609] ? __pfx_kasan_atomics+0x10/0x10 [ 17.616660] ? __pfx_read_tsc+0x10/0x10 [ 17.616686] ? ktime_get_ts64+0x86/0x230 [ 17.616716] kunit_try_run_case+0x1a5/0x480 [ 17.616746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.616796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.616835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.616876] ? __kthread_parkme+0x82/0x180 [ 17.616904] ? preempt_count_sub+0x50/0x80 [ 17.616933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.616961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.616989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.617017] kthread+0x337/0x6f0 [ 17.617041] ? trace_preempt_on+0x20/0xc0 [ 17.617071] ? __pfx_kthread+0x10/0x10 [ 17.617102] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.617129] ? calculate_sigpending+0x7b/0xa0 [ 17.617157] ? __pfx_kthread+0x10/0x10 [ 17.617195] ret_from_fork+0x116/0x1d0 [ 17.617218] ? __pfx_kthread+0x10/0x10 [ 17.617242] ret_from_fork_asm+0x1a/0x30 [ 17.617292] </TASK> [ 17.617307] [ 17.627037] Allocated by task 283: [ 17.627328] kasan_save_stack+0x45/0x70 [ 17.627563] kasan_save_track+0x18/0x40 [ 17.627781] kasan_save_alloc_info+0x3b/0x50 [ 17.628047] __kasan_kmalloc+0xb7/0xc0 [ 17.628206] __kmalloc_cache_noprof+0x189/0x420 [ 17.628390] kasan_atomics+0x95/0x310 [ 17.628549] kunit_try_run_case+0x1a5/0x480 [ 17.628722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.629247] kthread+0x337/0x6f0 [ 17.629492] ret_from_fork+0x116/0x1d0 [ 17.629712] ret_from_fork_asm+0x1a/0x30 [ 17.629950] [ 17.630058] The buggy address belongs to the object at ffff88810392bb00 [ 17.630058] which belongs to the cache kmalloc-64 of size 64 [ 17.630466] The buggy address is located 0 bytes to the right of [ 17.630466] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.630901] [ 17.631130] The buggy address belongs to the physical page: [ 17.631484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.631924] flags: 0x200000000000000(node=0|zone=2) [ 17.632210] page_type: f5(slab) [ 17.632414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.632976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.633474] page dumped because: kasan: bad access detected [ 17.633818] [ 17.633999] Memory state around the buggy address: [ 17.634281] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.634594] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.634944] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.635535] ^ [ 17.635813] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.636444] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.636953] ================================================================== [ 16.774719] ================================================================== [ 16.775708] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 16.776112] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.776377] [ 16.776588] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.776643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.776660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.776688] Call Trace: [ 16.776711] <TASK> [ 16.776734] dump_stack_lvl+0x73/0xb0 [ 16.776771] print_report+0xd1/0x650 [ 16.776814] ? __virt_addr_valid+0x1db/0x2d0 [ 16.776843] ? kasan_atomics_helper+0xc70/0x5450 [ 16.776870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.776898] ? kasan_atomics_helper+0xc70/0x5450 [ 16.776924] kasan_report+0x141/0x180 [ 16.776951] ? kasan_atomics_helper+0xc70/0x5450 [ 16.776983] kasan_check_range+0x10c/0x1c0 [ 16.777011] __kasan_check_write+0x18/0x20 [ 16.777035] kasan_atomics_helper+0xc70/0x5450 [ 16.777062] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.777100] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.777131] ? kasan_atomics+0x152/0x310 [ 16.777164] kasan_atomics+0x1dc/0x310 [ 16.777191] ? __pfx_kasan_atomics+0x10/0x10 [ 16.777219] ? __pfx_read_tsc+0x10/0x10 [ 16.777245] ? ktime_get_ts64+0x86/0x230 [ 16.777274] kunit_try_run_case+0x1a5/0x480 [ 16.777304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.777330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.777365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.777393] ? __kthread_parkme+0x82/0x180 [ 16.777417] ? preempt_count_sub+0x50/0x80 [ 16.777447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.777474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.777501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.777528] kthread+0x337/0x6f0 [ 16.777552] ? trace_preempt_on+0x20/0xc0 [ 16.777581] ? __pfx_kthread+0x10/0x10 [ 16.777606] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.777631] ? calculate_sigpending+0x7b/0xa0 [ 16.777660] ? __pfx_kthread+0x10/0x10 [ 16.777685] ret_from_fork+0x116/0x1d0 [ 16.777708] ? __pfx_kthread+0x10/0x10 [ 16.777732] ret_from_fork_asm+0x1a/0x30 [ 16.777769] </TASK> [ 16.777784] [ 16.786452] Allocated by task 283: [ 16.786613] kasan_save_stack+0x45/0x70 [ 16.786838] kasan_save_track+0x18/0x40 [ 16.787062] kasan_save_alloc_info+0x3b/0x50 [ 16.787324] __kasan_kmalloc+0xb7/0xc0 [ 16.787543] __kmalloc_cache_noprof+0x189/0x420 [ 16.787817] kasan_atomics+0x95/0x310 [ 16.788016] kunit_try_run_case+0x1a5/0x480 [ 16.788253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.788517] kthread+0x337/0x6f0 [ 16.788714] ret_from_fork+0x116/0x1d0 [ 16.788893] ret_from_fork_asm+0x1a/0x30 [ 16.789159] [ 16.789259] The buggy address belongs to the object at ffff88810392bb00 [ 16.789259] which belongs to the cache kmalloc-64 of size 64 [ 16.789667] The buggy address is located 0 bytes to the right of [ 16.789667] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.790099] [ 16.790188] The buggy address belongs to the physical page: [ 16.790451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.790881] flags: 0x200000000000000(node=0|zone=2) [ 16.791210] page_type: f5(slab) [ 16.791404] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.791822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.792101] page dumped because: kasan: bad access detected [ 16.792392] [ 16.792504] Memory state around the buggy address: [ 16.792764] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.793140] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.793409] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.793663] ^ [ 16.793910] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.794509] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.794882] ================================================================== [ 17.799725] ================================================================== [ 17.800245] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 17.801233] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.801640] [ 17.801782] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.801852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.801868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.801897] Call Trace: [ 17.801920] <TASK> [ 17.801943] dump_stack_lvl+0x73/0xb0 [ 17.801980] print_report+0xd1/0x650 [ 17.802009] ? __virt_addr_valid+0x1db/0x2d0 [ 17.802036] ? kasan_atomics_helper+0x20c8/0x5450 [ 17.802062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.802089] ? kasan_atomics_helper+0x20c8/0x5450 [ 17.802115] kasan_report+0x141/0x180 [ 17.802142] ? kasan_atomics_helper+0x20c8/0x5450 [ 17.802174] kasan_check_range+0x10c/0x1c0 [ 17.802204] __kasan_check_write+0x18/0x20 [ 17.802229] kasan_atomics_helper+0x20c8/0x5450 [ 17.802256] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.802283] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.802313] ? kasan_atomics+0x152/0x310 [ 17.802346] kasan_atomics+0x1dc/0x310 [ 17.802373] ? __pfx_kasan_atomics+0x10/0x10 [ 17.802404] ? __pfx_read_tsc+0x10/0x10 [ 17.802433] ? ktime_get_ts64+0x86/0x230 [ 17.802464] kunit_try_run_case+0x1a5/0x480 [ 17.802493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.802521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.802552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.802581] ? __kthread_parkme+0x82/0x180 [ 17.802607] ? preempt_count_sub+0x50/0x80 [ 17.802638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.802667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.802697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.802724] kthread+0x337/0x6f0 [ 17.802748] ? trace_preempt_on+0x20/0xc0 [ 17.802776] ? __pfx_kthread+0x10/0x10 [ 17.802969] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.803000] ? calculate_sigpending+0x7b/0xa0 [ 17.803030] ? __pfx_kthread+0x10/0x10 [ 17.803056] ret_from_fork+0x116/0x1d0 [ 17.803081] ? __pfx_kthread+0x10/0x10 [ 17.803107] ret_from_fork_asm+0x1a/0x30 [ 17.803145] </TASK> [ 17.803160] [ 17.812021] Allocated by task 283: [ 17.812179] kasan_save_stack+0x45/0x70 [ 17.812346] kasan_save_track+0x18/0x40 [ 17.812495] kasan_save_alloc_info+0x3b/0x50 [ 17.812658] __kasan_kmalloc+0xb7/0xc0 [ 17.812833] __kmalloc_cache_noprof+0x189/0x420 [ 17.814022] kasan_atomics+0x95/0x310 [ 17.814445] kunit_try_run_case+0x1a5/0x480 [ 17.814779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.815114] kthread+0x337/0x6f0 [ 17.815318] ret_from_fork+0x116/0x1d0 [ 17.815540] ret_from_fork_asm+0x1a/0x30 [ 17.815877] [ 17.815995] The buggy address belongs to the object at ffff88810392bb00 [ 17.815995] which belongs to the cache kmalloc-64 of size 64 [ 17.816537] The buggy address is located 0 bytes to the right of [ 17.816537] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.817079] [ 17.817620] The buggy address belongs to the physical page: [ 17.818194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.818989] flags: 0x200000000000000(node=0|zone=2) [ 17.819245] page_type: f5(slab) [ 17.819430] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.819735] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.820736] page dumped because: kasan: bad access detected [ 17.821015] [ 17.821218] Memory state around the buggy address: [ 17.821591] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.821951] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.822439] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.822846] ^ [ 17.823134] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.823651] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.824007] ================================================================== [ 16.991219] ================================================================== [ 16.991558] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 16.991933] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.992346] [ 16.992475] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.992524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.992540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.992566] Call Trace: [ 16.992584] <TASK> [ 16.992603] dump_stack_lvl+0x73/0xb0 [ 16.992637] print_report+0xd1/0x650 [ 16.992665] ? __virt_addr_valid+0x1db/0x2d0 [ 16.992693] ? kasan_atomics_helper+0x4a1c/0x5450 [ 16.992718] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.992745] ? kasan_atomics_helper+0x4a1c/0x5450 [ 16.992771] kasan_report+0x141/0x180 [ 16.992811] ? kasan_atomics_helper+0x4a1c/0x5450 [ 16.992844] __asan_report_load4_noabort+0x18/0x20 [ 16.992873] kasan_atomics_helper+0x4a1c/0x5450 [ 16.992900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.992927] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.992957] ? kasan_atomics+0x152/0x310 [ 16.992991] kasan_atomics+0x1dc/0x310 [ 16.993018] ? __pfx_kasan_atomics+0x10/0x10 [ 16.993047] ? __pfx_read_tsc+0x10/0x10 [ 16.993073] ? ktime_get_ts64+0x86/0x230 [ 16.993102] kunit_try_run_case+0x1a5/0x480 [ 16.993131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.993157] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.993185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.993229] ? __kthread_parkme+0x82/0x180 [ 16.993254] ? preempt_count_sub+0x50/0x80 [ 16.993282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.993311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.993343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.993373] kthread+0x337/0x6f0 [ 16.993399] ? trace_preempt_on+0x20/0xc0 [ 16.993428] ? __pfx_kthread+0x10/0x10 [ 16.993453] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.993479] ? calculate_sigpending+0x7b/0xa0 [ 16.993508] ? __pfx_kthread+0x10/0x10 [ 16.993535] ret_from_fork+0x116/0x1d0 [ 16.993558] ? __pfx_kthread+0x10/0x10 [ 16.993583] ret_from_fork_asm+0x1a/0x30 [ 16.993620] </TASK> [ 16.993636] [ 17.006186] Allocated by task 283: [ 17.006673] kasan_save_stack+0x45/0x70 [ 17.007150] kasan_save_track+0x18/0x40 [ 17.007626] kasan_save_alloc_info+0x3b/0x50 [ 17.008071] __kasan_kmalloc+0xb7/0xc0 [ 17.008308] __kmalloc_cache_noprof+0x189/0x420 [ 17.008496] kasan_atomics+0x95/0x310 [ 17.008657] kunit_try_run_case+0x1a5/0x480 [ 17.008871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.009479] kthread+0x337/0x6f0 [ 17.009868] ret_from_fork+0x116/0x1d0 [ 17.010327] ret_from_fork_asm+0x1a/0x30 [ 17.010756] [ 17.010962] The buggy address belongs to the object at ffff88810392bb00 [ 17.010962] which belongs to the cache kmalloc-64 of size 64 [ 17.012399] The buggy address is located 0 bytes to the right of [ 17.012399] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.013721] [ 17.013823] The buggy address belongs to the physical page: [ 17.014025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.014675] flags: 0x200000000000000(node=0|zone=2) [ 17.015268] page_type: f5(slab) [ 17.015687] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.016528] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.017343] page dumped because: kasan: bad access detected [ 17.018018] [ 17.018207] Memory state around the buggy address: [ 17.018681] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.019082] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.019828] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.020448] ^ [ 17.020645] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.020920] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.021191] ================================================================== [ 17.825146] ================================================================== [ 17.825779] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 17.826315] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.826596] [ 17.826740] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.826807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.826824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.826854] Call Trace: [ 17.826876] <TASK> [ 17.826895] dump_stack_lvl+0x73/0xb0 [ 17.826931] print_report+0xd1/0x650 [ 17.826960] ? __virt_addr_valid+0x1db/0x2d0 [ 17.826990] ? kasan_atomics_helper+0x4fb2/0x5450 [ 17.827016] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.827043] ? kasan_atomics_helper+0x4fb2/0x5450 [ 17.827070] kasan_report+0x141/0x180 [ 17.827098] ? kasan_atomics_helper+0x4fb2/0x5450 [ 17.827130] __asan_report_load8_noabort+0x18/0x20 [ 17.827158] kasan_atomics_helper+0x4fb2/0x5450 [ 17.827186] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.827212] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.827243] ? kasan_atomics+0x152/0x310 [ 17.827276] kasan_atomics+0x1dc/0x310 [ 17.827303] ? __pfx_kasan_atomics+0x10/0x10 [ 17.827332] ? __pfx_read_tsc+0x10/0x10 [ 17.827360] ? ktime_get_ts64+0x86/0x230 [ 17.827389] kunit_try_run_case+0x1a5/0x480 [ 17.827418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.827446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.827475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.827503] ? __kthread_parkme+0x82/0x180 [ 17.827529] ? preempt_count_sub+0x50/0x80 [ 17.827559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.827587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.827615] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.827645] kthread+0x337/0x6f0 [ 17.827669] ? trace_preempt_on+0x20/0xc0 [ 17.827698] ? __pfx_kthread+0x10/0x10 [ 17.827724] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.827751] ? calculate_sigpending+0x7b/0xa0 [ 17.827780] ? __pfx_kthread+0x10/0x10 [ 17.827818] ret_from_fork+0x116/0x1d0 [ 17.827842] ? __pfx_kthread+0x10/0x10 [ 17.827868] ret_from_fork_asm+0x1a/0x30 [ 17.827905] </TASK> [ 17.827921] [ 17.836569] Allocated by task 283: [ 17.836757] kasan_save_stack+0x45/0x70 [ 17.836939] kasan_save_track+0x18/0x40 [ 17.837107] kasan_save_alloc_info+0x3b/0x50 [ 17.837371] __kasan_kmalloc+0xb7/0xc0 [ 17.837606] __kmalloc_cache_noprof+0x189/0x420 [ 17.837875] kasan_atomics+0x95/0x310 [ 17.838098] kunit_try_run_case+0x1a5/0x480 [ 17.838329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.838569] kthread+0x337/0x6f0 [ 17.838750] ret_from_fork+0x116/0x1d0 [ 17.838989] ret_from_fork_asm+0x1a/0x30 [ 17.839217] [ 17.839334] The buggy address belongs to the object at ffff88810392bb00 [ 17.839334] which belongs to the cache kmalloc-64 of size 64 [ 17.839859] The buggy address is located 0 bytes to the right of [ 17.839859] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.840479] [ 17.840582] The buggy address belongs to the physical page: [ 17.840839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.841124] flags: 0x200000000000000(node=0|zone=2) [ 17.841319] page_type: f5(slab) [ 17.841468] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.841843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.842286] page dumped because: kasan: bad access detected [ 17.842578] [ 17.842669] Memory state around the buggy address: [ 17.842863] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.843157] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.843530] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.843914] ^ [ 17.844195] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.844512] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.844816] ================================================================== [ 17.592611] ================================================================== [ 17.592996] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 17.594203] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.594583] [ 17.594719] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.594774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.594801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.594828] Call Trace: [ 17.594850] <TASK> [ 17.594872] dump_stack_lvl+0x73/0xb0 [ 17.594910] print_report+0xd1/0x650 [ 17.594938] ? __virt_addr_valid+0x1db/0x2d0 [ 17.594966] ? kasan_atomics_helper+0x1ce1/0x5450 [ 17.594992] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.595032] ? kasan_atomics_helper+0x1ce1/0x5450 [ 17.595060] kasan_report+0x141/0x180 [ 17.595111] ? kasan_atomics_helper+0x1ce1/0x5450 [ 17.595145] kasan_check_range+0x10c/0x1c0 [ 17.595174] __kasan_check_write+0x18/0x20 [ 17.595198] kasan_atomics_helper+0x1ce1/0x5450 [ 17.595226] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.595252] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.595283] ? kasan_atomics+0x152/0x310 [ 17.595314] kasan_atomics+0x1dc/0x310 [ 17.595342] ? __pfx_kasan_atomics+0x10/0x10 [ 17.595371] ? __pfx_read_tsc+0x10/0x10 [ 17.595397] ? ktime_get_ts64+0x86/0x230 [ 17.595429] kunit_try_run_case+0x1a5/0x480 [ 17.595460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.595487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.595517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.595545] ? __kthread_parkme+0x82/0x180 [ 17.595570] ? preempt_count_sub+0x50/0x80 [ 17.595598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.595627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.595655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.595684] kthread+0x337/0x6f0 [ 17.595708] ? trace_preempt_on+0x20/0xc0 [ 17.595737] ? __pfx_kthread+0x10/0x10 [ 17.595762] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.595799] ? calculate_sigpending+0x7b/0xa0 [ 17.595829] ? __pfx_kthread+0x10/0x10 [ 17.595856] ret_from_fork+0x116/0x1d0 [ 17.595881] ? __pfx_kthread+0x10/0x10 [ 17.595909] ret_from_fork_asm+0x1a/0x30 [ 17.595946] </TASK> [ 17.595963] [ 17.604882] Allocated by task 283: [ 17.605062] kasan_save_stack+0x45/0x70 [ 17.605321] kasan_save_track+0x18/0x40 [ 17.605538] kasan_save_alloc_info+0x3b/0x50 [ 17.605808] __kasan_kmalloc+0xb7/0xc0 [ 17.606013] __kmalloc_cache_noprof+0x189/0x420 [ 17.606345] kasan_atomics+0x95/0x310 [ 17.606543] kunit_try_run_case+0x1a5/0x480 [ 17.606806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.607080] kthread+0x337/0x6f0 [ 17.607281] ret_from_fork+0x116/0x1d0 [ 17.607492] ret_from_fork_asm+0x1a/0x30 [ 17.607711] [ 17.607814] The buggy address belongs to the object at ffff88810392bb00 [ 17.607814] which belongs to the cache kmalloc-64 of size 64 [ 17.608217] The buggy address is located 0 bytes to the right of [ 17.608217] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.608768] [ 17.608944] The buggy address belongs to the physical page: [ 17.609379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.609655] flags: 0x200000000000000(node=0|zone=2) [ 17.609884] page_type: f5(slab) [ 17.610081] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.610502] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.610913] page dumped because: kasan: bad access detected [ 17.611237] [ 17.611320] Memory state around the buggy address: [ 17.611499] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.611839] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.612426] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.612772] ^ [ 17.613006] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.613394] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.613758] ================================================================== [ 17.364538] ================================================================== [ 17.364964] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 17.365395] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.365777] [ 17.365952] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.366039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.366056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.366106] Call Trace: [ 17.366125] <TASK> [ 17.366146] dump_stack_lvl+0x73/0xb0 [ 17.366184] print_report+0xd1/0x650 [ 17.366211] ? __virt_addr_valid+0x1db/0x2d0 [ 17.366239] ? kasan_atomics_helper+0x177f/0x5450 [ 17.366263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.366290] ? kasan_atomics_helper+0x177f/0x5450 [ 17.366317] kasan_report+0x141/0x180 [ 17.366343] ? kasan_atomics_helper+0x177f/0x5450 [ 17.366374] kasan_check_range+0x10c/0x1c0 [ 17.366403] __kasan_check_write+0x18/0x20 [ 17.366425] kasan_atomics_helper+0x177f/0x5450 [ 17.366452] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.366479] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.366509] ? kasan_atomics+0x152/0x310 [ 17.366539] kasan_atomics+0x1dc/0x310 [ 17.366566] ? __pfx_kasan_atomics+0x10/0x10 [ 17.366595] ? __pfx_read_tsc+0x10/0x10 [ 17.366620] ? ktime_get_ts64+0x86/0x230 [ 17.366648] kunit_try_run_case+0x1a5/0x480 [ 17.366677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.366704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.366758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.366795] ? __kthread_parkme+0x82/0x180 [ 17.366821] ? preempt_count_sub+0x50/0x80 [ 17.366849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.366876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.366903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.366930] kthread+0x337/0x6f0 [ 17.366954] ? trace_preempt_on+0x20/0xc0 [ 17.366983] ? __pfx_kthread+0x10/0x10 [ 17.367008] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.367033] ? calculate_sigpending+0x7b/0xa0 [ 17.367062] ? __pfx_kthread+0x10/0x10 [ 17.367110] ret_from_fork+0x116/0x1d0 [ 17.367133] ? __pfx_kthread+0x10/0x10 [ 17.367158] ret_from_fork_asm+0x1a/0x30 [ 17.367195] </TASK> [ 17.367210] [ 17.375890] Allocated by task 283: [ 17.376118] kasan_save_stack+0x45/0x70 [ 17.376288] kasan_save_track+0x18/0x40 [ 17.376533] kasan_save_alloc_info+0x3b/0x50 [ 17.376776] __kasan_kmalloc+0xb7/0xc0 [ 17.376996] __kmalloc_cache_noprof+0x189/0x420 [ 17.377249] kasan_atomics+0x95/0x310 [ 17.377477] kunit_try_run_case+0x1a5/0x480 [ 17.377721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.378019] kthread+0x337/0x6f0 [ 17.378264] ret_from_fork+0x116/0x1d0 [ 17.378455] ret_from_fork_asm+0x1a/0x30 [ 17.378621] [ 17.378710] The buggy address belongs to the object at ffff88810392bb00 [ 17.378710] which belongs to the cache kmalloc-64 of size 64 [ 17.379290] The buggy address is located 0 bytes to the right of [ 17.379290] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.379935] [ 17.380050] The buggy address belongs to the physical page: [ 17.380343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.380629] flags: 0x200000000000000(node=0|zone=2) [ 17.380918] page_type: f5(slab) [ 17.381179] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.381591] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.381965] page dumped because: kasan: bad access detected [ 17.382229] [ 17.382342] Memory state around the buggy address: [ 17.382610] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.382959] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.383366] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.383715] ^ [ 17.383976] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.384281] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.384615] ================================================================== [ 16.287936] ================================================================== [ 16.288845] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 16.289670] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.290425] [ 16.290609] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.290667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.290684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.290711] Call Trace: [ 16.290726] <TASK> [ 16.290748] dump_stack_lvl+0x73/0xb0 [ 16.290802] print_report+0xd1/0x650 [ 16.290829] ? __virt_addr_valid+0x1db/0x2d0 [ 16.290895] ? kasan_atomics_helper+0x4bbc/0x5450 [ 16.290920] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.290958] ? kasan_atomics_helper+0x4bbc/0x5450 [ 16.290984] kasan_report+0x141/0x180 [ 16.291009] ? kasan_atomics_helper+0x4bbc/0x5450 [ 16.291039] __asan_report_load4_noabort+0x18/0x20 [ 16.291065] kasan_atomics_helper+0x4bbc/0x5450 [ 16.291113] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.291205] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.291240] ? kasan_atomics+0x152/0x310 [ 16.291270] kasan_atomics+0x1dc/0x310 [ 16.291297] ? __pfx_kasan_atomics+0x10/0x10 [ 16.291326] ? __pfx_read_tsc+0x10/0x10 [ 16.291351] ? ktime_get_ts64+0x86/0x230 [ 16.291380] kunit_try_run_case+0x1a5/0x480 [ 16.291410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.291435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.291465] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.291491] ? __kthread_parkme+0x82/0x180 [ 16.291515] ? preempt_count_sub+0x50/0x80 [ 16.291542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.291569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.291594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.291621] kthread+0x337/0x6f0 [ 16.291642] ? trace_preempt_on+0x20/0xc0 [ 16.291669] ? __pfx_kthread+0x10/0x10 [ 16.291692] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.291716] ? calculate_sigpending+0x7b/0xa0 [ 16.291745] ? __pfx_kthread+0x10/0x10 [ 16.291769] ret_from_fork+0x116/0x1d0 [ 16.291803] ? __pfx_kthread+0x10/0x10 [ 16.291827] ret_from_fork_asm+0x1a/0x30 [ 16.291864] </TASK> [ 16.291878] [ 16.302971] Allocated by task 283: [ 16.303471] kasan_save_stack+0x45/0x70 [ 16.303710] kasan_save_track+0x18/0x40 [ 16.304001] kasan_save_alloc_info+0x3b/0x50 [ 16.304195] __kasan_kmalloc+0xb7/0xc0 [ 16.304731] __kmalloc_cache_noprof+0x189/0x420 [ 16.304989] kasan_atomics+0x95/0x310 [ 16.305347] kunit_try_run_case+0x1a5/0x480 [ 16.305552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.305810] kthread+0x337/0x6f0 [ 16.306006] ret_from_fork+0x116/0x1d0 [ 16.306459] ret_from_fork_asm+0x1a/0x30 [ 16.306740] [ 16.306847] The buggy address belongs to the object at ffff88810392bb00 [ 16.306847] which belongs to the cache kmalloc-64 of size 64 [ 16.307755] The buggy address is located 0 bytes to the right of [ 16.307755] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.308578] [ 16.308703] The buggy address belongs to the physical page: [ 16.309011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.309540] flags: 0x200000000000000(node=0|zone=2) [ 16.309894] page_type: f5(slab) [ 16.310103] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.310611] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.311023] page dumped because: kasan: bad access detected [ 16.311510] [ 16.311632] Memory state around the buggy address: [ 16.311995] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.312391] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.313007] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.313560] ^ [ 16.313840] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.314379] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.314706] ================================================================== [ 17.913940] ================================================================== [ 17.914677] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 17.915005] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.915509] [ 17.915635] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.915686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.915702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.915730] Call Trace: [ 17.915751] <TASK> [ 17.915772] dump_stack_lvl+0x73/0xb0 [ 17.915821] print_report+0xd1/0x650 [ 17.915848] ? __virt_addr_valid+0x1db/0x2d0 [ 17.915875] ? kasan_atomics_helper+0x5115/0x5450 [ 17.915902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.915927] ? kasan_atomics_helper+0x5115/0x5450 [ 17.915953] kasan_report+0x141/0x180 [ 17.915981] ? kasan_atomics_helper+0x5115/0x5450 [ 17.916013] __asan_report_load8_noabort+0x18/0x20 [ 17.916042] kasan_atomics_helper+0x5115/0x5450 [ 17.916070] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.916096] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.916130] ? kasan_atomics+0x152/0x310 [ 17.916163] kasan_atomics+0x1dc/0x310 [ 17.916190] ? __pfx_kasan_atomics+0x10/0x10 [ 17.916219] ? __pfx_read_tsc+0x10/0x10 [ 17.916244] ? ktime_get_ts64+0x86/0x230 [ 17.916273] kunit_try_run_case+0x1a5/0x480 [ 17.916302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.916329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.916357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.916385] ? __kthread_parkme+0x82/0x180 [ 17.916411] ? preempt_count_sub+0x50/0x80 [ 17.916440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.916469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.916497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.916525] kthread+0x337/0x6f0 [ 17.916548] ? trace_preempt_on+0x20/0xc0 [ 17.916577] ? __pfx_kthread+0x10/0x10 [ 17.916602] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.916629] ? calculate_sigpending+0x7b/0xa0 [ 17.916658] ? __pfx_kthread+0x10/0x10 [ 17.916683] ret_from_fork+0x116/0x1d0 [ 17.916707] ? __pfx_kthread+0x10/0x10 [ 17.916732] ret_from_fork_asm+0x1a/0x30 [ 17.916769] </TASK> [ 17.916783] [ 17.928953] Allocated by task 283: [ 17.929429] kasan_save_stack+0x45/0x70 [ 17.929670] kasan_save_track+0x18/0x40 [ 17.929905] kasan_save_alloc_info+0x3b/0x50 [ 17.930407] __kasan_kmalloc+0xb7/0xc0 [ 17.930667] __kmalloc_cache_noprof+0x189/0x420 [ 17.931106] kasan_atomics+0x95/0x310 [ 17.931457] kunit_try_run_case+0x1a5/0x480 [ 17.931854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.932336] kthread+0x337/0x6f0 [ 17.932631] ret_from_fork+0x116/0x1d0 [ 17.932977] ret_from_fork_asm+0x1a/0x30 [ 17.933322] [ 17.933592] The buggy address belongs to the object at ffff88810392bb00 [ 17.933592] which belongs to the cache kmalloc-64 of size 64 [ 17.934401] The buggy address is located 0 bytes to the right of [ 17.934401] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.935481] [ 17.935604] The buggy address belongs to the physical page: [ 17.935889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.936568] flags: 0x200000000000000(node=0|zone=2) [ 17.937075] page_type: f5(slab) [ 17.937435] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.937825] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.938453] page dumped because: kasan: bad access detected [ 17.938975] [ 17.939273] Memory state around the buggy address: [ 17.939725] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.940287] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.940802] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.941406] ^ [ 17.941742] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.942379] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.942730] ================================================================== [ 16.732986] ================================================================== [ 16.733400] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 16.733700] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.734088] [ 16.734225] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.734277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.734293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.734320] Call Trace: [ 16.734340] <TASK> [ 16.734357] dump_stack_lvl+0x73/0xb0 [ 16.734393] print_report+0xd1/0x650 [ 16.734420] ? __virt_addr_valid+0x1db/0x2d0 [ 16.734449] ? kasan_atomics_helper+0xac7/0x5450 [ 16.734473] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.734500] ? kasan_atomics_helper+0xac7/0x5450 [ 16.734525] kasan_report+0x141/0x180 [ 16.734552] ? kasan_atomics_helper+0xac7/0x5450 [ 16.734584] kasan_check_range+0x10c/0x1c0 [ 16.734612] __kasan_check_write+0x18/0x20 [ 16.734636] kasan_atomics_helper+0xac7/0x5450 [ 16.734663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.734690] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.734721] ? kasan_atomics+0x152/0x310 [ 16.734752] kasan_atomics+0x1dc/0x310 [ 16.734780] ? __pfx_kasan_atomics+0x10/0x10 [ 16.734822] ? __pfx_read_tsc+0x10/0x10 [ 16.734848] ? ktime_get_ts64+0x86/0x230 [ 16.734876] kunit_try_run_case+0x1a5/0x480 [ 16.734907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.734933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.734962] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.734990] ? __kthread_parkme+0x82/0x180 [ 16.735015] ? preempt_count_sub+0x50/0x80 [ 16.735043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.735072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.735114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.735142] kthread+0x337/0x6f0 [ 16.735166] ? trace_preempt_on+0x20/0xc0 [ 16.735194] ? __pfx_kthread+0x10/0x10 [ 16.735219] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.735245] ? calculate_sigpending+0x7b/0xa0 [ 16.735275] ? __pfx_kthread+0x10/0x10 [ 16.735300] ret_from_fork+0x116/0x1d0 [ 16.735323] ? __pfx_kthread+0x10/0x10 [ 16.735348] ret_from_fork_asm+0x1a/0x30 [ 16.735385] </TASK> [ 16.735399] [ 16.744040] Allocated by task 283: [ 16.744276] kasan_save_stack+0x45/0x70 [ 16.744440] kasan_save_track+0x18/0x40 [ 16.744663] kasan_save_alloc_info+0x3b/0x50 [ 16.744921] __kasan_kmalloc+0xb7/0xc0 [ 16.745151] __kmalloc_cache_noprof+0x189/0x420 [ 16.745350] kasan_atomics+0x95/0x310 [ 16.745506] kunit_try_run_case+0x1a5/0x480 [ 16.745676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.745889] kthread+0x337/0x6f0 [ 16.746050] ret_from_fork+0x116/0x1d0 [ 16.746426] ret_from_fork_asm+0x1a/0x30 [ 16.746664] [ 16.746784] The buggy address belongs to the object at ffff88810392bb00 [ 16.746784] which belongs to the cache kmalloc-64 of size 64 [ 16.747425] The buggy address is located 0 bytes to the right of [ 16.747425] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.748204] [ 16.748326] The buggy address belongs to the physical page: [ 16.748564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.748880] flags: 0x200000000000000(node=0|zone=2) [ 16.749070] page_type: f5(slab) [ 16.749456] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.750101] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.750483] page dumped because: kasan: bad access detected [ 16.750684] [ 16.750767] Memory state around the buggy address: [ 16.750957] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.751277] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.751641] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.752124] ^ [ 16.752318] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.752566] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.752819] ================================================================== [ 17.022308] ================================================================== [ 17.023053] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 17.023916] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.024778] [ 17.025128] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.025200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.025216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.025258] Call Trace: [ 17.025283] <TASK> [ 17.025306] dump_stack_lvl+0x73/0xb0 [ 17.025350] print_report+0xd1/0x650 [ 17.025391] ? __virt_addr_valid+0x1db/0x2d0 [ 17.025421] ? kasan_atomics_helper+0x1148/0x5450 [ 17.025447] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.025488] ? kasan_atomics_helper+0x1148/0x5450 [ 17.025515] kasan_report+0x141/0x180 [ 17.025542] ? kasan_atomics_helper+0x1148/0x5450 [ 17.025573] kasan_check_range+0x10c/0x1c0 [ 17.025603] __kasan_check_write+0x18/0x20 [ 17.025627] kasan_atomics_helper+0x1148/0x5450 [ 17.025656] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.025683] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.025714] ? kasan_atomics+0x152/0x310 [ 17.025748] kasan_atomics+0x1dc/0x310 [ 17.025775] ? __pfx_kasan_atomics+0x10/0x10 [ 17.025818] ? __pfx_read_tsc+0x10/0x10 [ 17.025844] ? ktime_get_ts64+0x86/0x230 [ 17.025874] kunit_try_run_case+0x1a5/0x480 [ 17.025904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.025931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.025960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.025989] ? __kthread_parkme+0x82/0x180 [ 17.026014] ? preempt_count_sub+0x50/0x80 [ 17.026044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.026073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.026113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.026141] kthread+0x337/0x6f0 [ 17.026165] ? trace_preempt_on+0x20/0xc0 [ 17.026194] ? __pfx_kthread+0x10/0x10 [ 17.026219] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.026245] ? calculate_sigpending+0x7b/0xa0 [ 17.026274] ? __pfx_kthread+0x10/0x10 [ 17.026300] ret_from_fork+0x116/0x1d0 [ 17.026323] ? __pfx_kthread+0x10/0x10 [ 17.026348] ret_from_fork_asm+0x1a/0x30 [ 17.026386] </TASK> [ 17.026402] [ 17.039155] Allocated by task 283: [ 17.039379] kasan_save_stack+0x45/0x70 [ 17.039604] kasan_save_track+0x18/0x40 [ 17.039831] kasan_save_alloc_info+0x3b/0x50 [ 17.040062] __kasan_kmalloc+0xb7/0xc0 [ 17.040645] __kmalloc_cache_noprof+0x189/0x420 [ 17.041107] kasan_atomics+0x95/0x310 [ 17.041323] kunit_try_run_case+0x1a5/0x480 [ 17.041554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.041836] kthread+0x337/0x6f0 [ 17.042021] ret_from_fork+0x116/0x1d0 [ 17.042696] ret_from_fork_asm+0x1a/0x30 [ 17.043005] [ 17.043299] The buggy address belongs to the object at ffff88810392bb00 [ 17.043299] which belongs to the cache kmalloc-64 of size 64 [ 17.044399] The buggy address is located 0 bytes to the right of [ 17.044399] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.045012] [ 17.045422] The buggy address belongs to the physical page: [ 17.045937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.046601] flags: 0x200000000000000(node=0|zone=2) [ 17.046883] page_type: f5(slab) [ 17.047071] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.047443] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.048112] page dumped because: kasan: bad access detected [ 17.048635] [ 17.048917] Memory state around the buggy address: [ 17.049429] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.050108] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.050852] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.051369] ^ [ 17.051621] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051971] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.052607] ================================================================== [ 17.865995] ================================================================== [ 17.867300] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 17.867681] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.868034] [ 17.868200] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.868251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.868266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.868292] Call Trace: [ 17.868314] <TASK> [ 17.868334] dump_stack_lvl+0x73/0xb0 [ 17.868370] print_report+0xd1/0x650 [ 17.868398] ? __virt_addr_valid+0x1db/0x2d0 [ 17.868424] ? kasan_atomics_helper+0x4fa5/0x5450 [ 17.868450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.868477] ? kasan_atomics_helper+0x4fa5/0x5450 [ 17.868502] kasan_report+0x141/0x180 [ 17.868529] ? kasan_atomics_helper+0x4fa5/0x5450 [ 17.868561] __asan_report_load8_noabort+0x18/0x20 [ 17.868591] kasan_atomics_helper+0x4fa5/0x5450 [ 17.868618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.868644] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.868674] ? kasan_atomics+0x152/0x310 [ 17.868706] kasan_atomics+0x1dc/0x310 [ 17.868733] ? __pfx_kasan_atomics+0x10/0x10 [ 17.868762] ? __pfx_read_tsc+0x10/0x10 [ 17.868802] ? ktime_get_ts64+0x86/0x230 [ 17.868832] kunit_try_run_case+0x1a5/0x480 [ 17.868861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.868887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.868917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.868945] ? __kthread_parkme+0x82/0x180 [ 17.868970] ? preempt_count_sub+0x50/0x80 [ 17.868999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.869027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.869055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.869094] kthread+0x337/0x6f0 [ 17.869119] ? trace_preempt_on+0x20/0xc0 [ 17.869146] ? __pfx_kthread+0x10/0x10 [ 17.869172] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.869197] ? calculate_sigpending+0x7b/0xa0 [ 17.869226] ? __pfx_kthread+0x10/0x10 [ 17.869251] ret_from_fork+0x116/0x1d0 [ 17.869274] ? __pfx_kthread+0x10/0x10 [ 17.869299] ret_from_fork_asm+0x1a/0x30 [ 17.869342] </TASK> [ 17.869356] [ 17.880945] Allocated by task 283: [ 17.881306] kasan_save_stack+0x45/0x70 [ 17.881509] kasan_save_track+0x18/0x40 [ 17.881740] kasan_save_alloc_info+0x3b/0x50 [ 17.881989] __kasan_kmalloc+0xb7/0xc0 [ 17.882184] __kmalloc_cache_noprof+0x189/0x420 [ 17.882699] kasan_atomics+0x95/0x310 [ 17.882986] kunit_try_run_case+0x1a5/0x480 [ 17.883299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.883648] kthread+0x337/0x6f0 [ 17.883876] ret_from_fork+0x116/0x1d0 [ 17.884249] ret_from_fork_asm+0x1a/0x30 [ 17.884476] [ 17.884577] The buggy address belongs to the object at ffff88810392bb00 [ 17.884577] which belongs to the cache kmalloc-64 of size 64 [ 17.885474] The buggy address is located 0 bytes to the right of [ 17.885474] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.886148] [ 17.886245] The buggy address belongs to the physical page: [ 17.886541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.886949] flags: 0x200000000000000(node=0|zone=2) [ 17.887510] page_type: f5(slab) [ 17.887682] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.888303] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.888751] page dumped because: kasan: bad access detected [ 17.889024] [ 17.889329] Memory state around the buggy address: [ 17.889581] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.890103] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.890562] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.890949] ^ [ 17.891319] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.891810] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.892285] ================================================================== [ 17.385598] ================================================================== [ 17.385993] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 17.386358] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.386702] [ 17.386852] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.386905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.386922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.386949] Call Trace: [ 17.386971] <TASK> [ 17.386992] dump_stack_lvl+0x73/0xb0 [ 17.387028] print_report+0xd1/0x650 [ 17.387055] ? __virt_addr_valid+0x1db/0x2d0 [ 17.387081] ? kasan_atomics_helper+0x1818/0x5450 [ 17.387107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.387133] ? kasan_atomics_helper+0x1818/0x5450 [ 17.387158] kasan_report+0x141/0x180 [ 17.387185] ? kasan_atomics_helper+0x1818/0x5450 [ 17.387216] kasan_check_range+0x10c/0x1c0 [ 17.387244] __kasan_check_write+0x18/0x20 [ 17.387267] kasan_atomics_helper+0x1818/0x5450 [ 17.387293] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.387319] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.387349] ? kasan_atomics+0x152/0x310 [ 17.387421] kasan_atomics+0x1dc/0x310 [ 17.387449] ? __pfx_kasan_atomics+0x10/0x10 [ 17.387492] ? __pfx_read_tsc+0x10/0x10 [ 17.387518] ? ktime_get_ts64+0x86/0x230 [ 17.387546] kunit_try_run_case+0x1a5/0x480 [ 17.387574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.387601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.387630] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.387656] ? __kthread_parkme+0x82/0x180 [ 17.387681] ? preempt_count_sub+0x50/0x80 [ 17.387710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.387737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.387808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.387838] kthread+0x337/0x6f0 [ 17.387864] ? trace_preempt_on+0x20/0xc0 [ 17.387893] ? __pfx_kthread+0x10/0x10 [ 17.387919] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.387945] ? calculate_sigpending+0x7b/0xa0 [ 17.387974] ? __pfx_kthread+0x10/0x10 [ 17.387999] ret_from_fork+0x116/0x1d0 [ 17.388022] ? __pfx_kthread+0x10/0x10 [ 17.388048] ret_from_fork_asm+0x1a/0x30 [ 17.388105] </TASK> [ 17.388119] [ 17.396293] Allocated by task 283: [ 17.396445] kasan_save_stack+0x45/0x70 [ 17.396615] kasan_save_track+0x18/0x40 [ 17.396822] kasan_save_alloc_info+0x3b/0x50 [ 17.397067] __kasan_kmalloc+0xb7/0xc0 [ 17.397308] __kmalloc_cache_noprof+0x189/0x420 [ 17.397577] kasan_atomics+0x95/0x310 [ 17.397809] kunit_try_run_case+0x1a5/0x480 [ 17.398021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.398313] kthread+0x337/0x6f0 [ 17.398511] ret_from_fork+0x116/0x1d0 [ 17.398715] ret_from_fork_asm+0x1a/0x30 [ 17.398917] [ 17.399036] The buggy address belongs to the object at ffff88810392bb00 [ 17.399036] which belongs to the cache kmalloc-64 of size 64 [ 17.399557] The buggy address is located 0 bytes to the right of [ 17.399557] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.400158] [ 17.400250] The buggy address belongs to the physical page: [ 17.400451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.400730] flags: 0x200000000000000(node=0|zone=2) [ 17.400933] page_type: f5(slab) [ 17.401134] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.401536] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.401928] page dumped because: kasan: bad access detected [ 17.402251] [ 17.402365] Memory state around the buggy address: [ 17.402551] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.402809] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.403062] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.403447] ^ [ 17.403708] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.404104] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.404473] ================================================================== [ 16.795665] ================================================================== [ 16.796055] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 16.798033] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.800605] [ 16.800740] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.800817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.800834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.800863] Call Trace: [ 16.800888] <TASK> [ 16.800912] dump_stack_lvl+0x73/0xb0 [ 16.800955] print_report+0xd1/0x650 [ 16.800983] ? __virt_addr_valid+0x1db/0x2d0 [ 16.801012] ? kasan_atomics_helper+0x4a84/0x5450 [ 16.801039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.801066] ? kasan_atomics_helper+0x4a84/0x5450 [ 16.801502] kasan_report+0x141/0x180 [ 16.801535] ? kasan_atomics_helper+0x4a84/0x5450 [ 16.801569] __asan_report_load4_noabort+0x18/0x20 [ 16.801600] kasan_atomics_helper+0x4a84/0x5450 [ 16.801628] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.801656] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.801689] ? kasan_atomics+0x152/0x310 [ 16.801722] kasan_atomics+0x1dc/0x310 [ 16.801749] ? __pfx_kasan_atomics+0x10/0x10 [ 16.801778] ? __pfx_read_tsc+0x10/0x10 [ 16.801819] ? ktime_get_ts64+0x86/0x230 [ 16.801849] kunit_try_run_case+0x1a5/0x480 [ 16.801877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.801906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.801937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.801964] ? __kthread_parkme+0x82/0x180 [ 16.801990] ? preempt_count_sub+0x50/0x80 [ 16.802022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.802051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.802125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.802285] kthread+0x337/0x6f0 [ 16.802313] ? trace_preempt_on+0x20/0xc0 [ 16.802343] ? __pfx_kthread+0x10/0x10 [ 16.802368] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.802395] ? calculate_sigpending+0x7b/0xa0 [ 16.802425] ? __pfx_kthread+0x10/0x10 [ 16.802450] ret_from_fork+0x116/0x1d0 [ 16.802477] ? __pfx_kthread+0x10/0x10 [ 16.802503] ret_from_fork_asm+0x1a/0x30 [ 16.802540] </TASK> [ 16.802558] [ 16.814698] Allocated by task 283: [ 16.815116] kasan_save_stack+0x45/0x70 [ 16.815373] kasan_save_track+0x18/0x40 [ 16.815531] kasan_save_alloc_info+0x3b/0x50 [ 16.815701] __kasan_kmalloc+0xb7/0xc0 [ 16.815869] __kmalloc_cache_noprof+0x189/0x420 [ 16.816051] kasan_atomics+0x95/0x310 [ 16.816769] kunit_try_run_case+0x1a5/0x480 [ 16.817349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.818001] kthread+0x337/0x6f0 [ 16.818479] ret_from_fork+0x116/0x1d0 [ 16.819032] ret_from_fork_asm+0x1a/0x30 [ 16.819641] [ 16.819968] The buggy address belongs to the object at ffff88810392bb00 [ 16.819968] which belongs to the cache kmalloc-64 of size 64 [ 16.821286] The buggy address is located 0 bytes to the right of [ 16.821286] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.822022] [ 16.822137] The buggy address belongs to the physical page: [ 16.822692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.823521] flags: 0x200000000000000(node=0|zone=2) [ 16.824062] page_type: f5(slab) [ 16.824365] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.824625] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.825620] page dumped because: kasan: bad access detected [ 16.826202] [ 16.826408] Memory state around the buggy address: [ 16.826902] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.827169] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.827415] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.827653] ^ [ 16.827842] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.828083] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.828753] ================================================================== [ 17.686156] ================================================================== [ 17.686577] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 17.686865] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.687272] [ 17.687410] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.687476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.687491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.687532] Call Trace: [ 17.687555] <TASK> [ 17.687576] dump_stack_lvl+0x73/0xb0 [ 17.687612] print_report+0xd1/0x650 [ 17.687640] ? __virt_addr_valid+0x1db/0x2d0 [ 17.687669] ? kasan_atomics_helper+0x1f43/0x5450 [ 17.687695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.687724] ? kasan_atomics_helper+0x1f43/0x5450 [ 17.687762] kasan_report+0x141/0x180 [ 17.687807] ? kasan_atomics_helper+0x1f43/0x5450 [ 17.687840] kasan_check_range+0x10c/0x1c0 [ 17.687869] __kasan_check_write+0x18/0x20 [ 17.687893] kasan_atomics_helper+0x1f43/0x5450 [ 17.687920] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.687947] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.687978] ? kasan_atomics+0x152/0x310 [ 17.688011] kasan_atomics+0x1dc/0x310 [ 17.688039] ? __pfx_kasan_atomics+0x10/0x10 [ 17.688069] ? __pfx_read_tsc+0x10/0x10 [ 17.688095] ? ktime_get_ts64+0x86/0x230 [ 17.688125] kunit_try_run_case+0x1a5/0x480 [ 17.688156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.688184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.688213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.688243] ? __kthread_parkme+0x82/0x180 [ 17.688270] ? preempt_count_sub+0x50/0x80 [ 17.688300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.688330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.688358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.688387] kthread+0x337/0x6f0 [ 17.688410] ? trace_preempt_on+0x20/0xc0 [ 17.688439] ? __pfx_kthread+0x10/0x10 [ 17.688465] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.688491] ? calculate_sigpending+0x7b/0xa0 [ 17.688520] ? __pfx_kthread+0x10/0x10 [ 17.688548] ret_from_fork+0x116/0x1d0 [ 17.688572] ? __pfx_kthread+0x10/0x10 [ 17.688596] ret_from_fork_asm+0x1a/0x30 [ 17.688645] </TASK> [ 17.688659] [ 17.705069] Allocated by task 283: [ 17.705846] kasan_save_stack+0x45/0x70 [ 17.706235] kasan_save_track+0x18/0x40 [ 17.706556] kasan_save_alloc_info+0x3b/0x50 [ 17.706920] __kasan_kmalloc+0xb7/0xc0 [ 17.707263] __kmalloc_cache_noprof+0x189/0x420 [ 17.707529] kasan_atomics+0x95/0x310 [ 17.707943] kunit_try_run_case+0x1a5/0x480 [ 17.708281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.708566] kthread+0x337/0x6f0 [ 17.708903] ret_from_fork+0x116/0x1d0 [ 17.709273] ret_from_fork_asm+0x1a/0x30 [ 17.709595] [ 17.709739] The buggy address belongs to the object at ffff88810392bb00 [ 17.709739] which belongs to the cache kmalloc-64 of size 64 [ 17.710686] The buggy address is located 0 bytes to the right of [ 17.710686] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.711505] [ 17.711631] The buggy address belongs to the physical page: [ 17.712097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.712632] flags: 0x200000000000000(node=0|zone=2) [ 17.713025] page_type: f5(slab) [ 17.713284] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.713842] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.714352] page dumped because: kasan: bad access detected [ 17.714612] [ 17.714734] Memory state around the buggy address: [ 17.715012] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.715415] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.715746] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.716105] ^ [ 17.716313] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.716659] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.717019] ================================================================== [ 17.845575] ================================================================== [ 17.846007] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 17.846657] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.847027] [ 17.847209] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.847262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.847278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.847305] Call Trace: [ 17.847326] <TASK> [ 17.847347] dump_stack_lvl+0x73/0xb0 [ 17.847381] print_report+0xd1/0x650 [ 17.847410] ? __virt_addr_valid+0x1db/0x2d0 [ 17.847438] ? kasan_atomics_helper+0x218a/0x5450 [ 17.847463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.847492] ? kasan_atomics_helper+0x218a/0x5450 [ 17.847519] kasan_report+0x141/0x180 [ 17.847548] ? kasan_atomics_helper+0x218a/0x5450 [ 17.847583] kasan_check_range+0x10c/0x1c0 [ 17.847613] __kasan_check_write+0x18/0x20 [ 17.847637] kasan_atomics_helper+0x218a/0x5450 [ 17.847666] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.847695] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.847726] ? kasan_atomics+0x152/0x310 [ 17.847759] kasan_atomics+0x1dc/0x310 [ 17.847800] ? __pfx_kasan_atomics+0x10/0x10 [ 17.847833] ? __pfx_read_tsc+0x10/0x10 [ 17.847860] ? ktime_get_ts64+0x86/0x230 [ 17.847889] kunit_try_run_case+0x1a5/0x480 [ 17.847918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.847945] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.847975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.848003] ? __kthread_parkme+0x82/0x180 [ 17.848029] ? preempt_count_sub+0x50/0x80 [ 17.848059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.848088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.848130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.848159] kthread+0x337/0x6f0 [ 17.848184] ? trace_preempt_on+0x20/0xc0 [ 17.848212] ? __pfx_kthread+0x10/0x10 [ 17.848237] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.848263] ? calculate_sigpending+0x7b/0xa0 [ 17.848292] ? __pfx_kthread+0x10/0x10 [ 17.848319] ret_from_fork+0x116/0x1d0 [ 17.848342] ? __pfx_kthread+0x10/0x10 [ 17.848367] ret_from_fork_asm+0x1a/0x30 [ 17.848405] </TASK> [ 17.848420] [ 17.857248] Allocated by task 283: [ 17.857469] kasan_save_stack+0x45/0x70 [ 17.857686] kasan_save_track+0x18/0x40 [ 17.857891] kasan_save_alloc_info+0x3b/0x50 [ 17.858120] __kasan_kmalloc+0xb7/0xc0 [ 17.858289] __kmalloc_cache_noprof+0x189/0x420 [ 17.858543] kasan_atomics+0x95/0x310 [ 17.858728] kunit_try_run_case+0x1a5/0x480 [ 17.858923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.859126] kthread+0x337/0x6f0 [ 17.859317] ret_from_fork+0x116/0x1d0 [ 17.859539] ret_from_fork_asm+0x1a/0x30 [ 17.859771] [ 17.859991] The buggy address belongs to the object at ffff88810392bb00 [ 17.859991] which belongs to the cache kmalloc-64 of size 64 [ 17.860455] The buggy address is located 0 bytes to the right of [ 17.860455] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.861076] [ 17.861197] The buggy address belongs to the physical page: [ 17.861466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.861774] flags: 0x200000000000000(node=0|zone=2) [ 17.861972] page_type: f5(slab) [ 17.862113] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.862375] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.862743] page dumped because: kasan: bad access detected [ 17.863053] [ 17.863226] Memory state around the buggy address: [ 17.863481] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.863749] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.864136] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.864436] ^ [ 17.864612] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.864870] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.865299] ================================================================== [ 16.552809] ================================================================== [ 16.553120] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 16.553530] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.554354] [ 16.554468] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.554521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.554538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.554564] Call Trace: [ 16.554582] <TASK> [ 16.554654] dump_stack_lvl+0x73/0xb0 [ 16.554723] print_report+0xd1/0x650 [ 16.554781] ? __virt_addr_valid+0x1db/0x2d0 [ 16.554850] ? kasan_atomics_helper+0x697/0x5450 [ 16.554876] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.554957] ? kasan_atomics_helper+0x697/0x5450 [ 16.554983] kasan_report+0x141/0x180 [ 16.555036] ? kasan_atomics_helper+0x697/0x5450 [ 16.555112] kasan_check_range+0x10c/0x1c0 [ 16.555141] __kasan_check_write+0x18/0x20 [ 16.555166] kasan_atomics_helper+0x697/0x5450 [ 16.555193] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.555220] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.555252] ? kasan_atomics+0x152/0x310 [ 16.555283] kasan_atomics+0x1dc/0x310 [ 16.555311] ? __pfx_kasan_atomics+0x10/0x10 [ 16.555341] ? __pfx_read_tsc+0x10/0x10 [ 16.555367] ? ktime_get_ts64+0x86/0x230 [ 16.555396] kunit_try_run_case+0x1a5/0x480 [ 16.555426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.555453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.555482] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.555510] ? __kthread_parkme+0x82/0x180 [ 16.555534] ? preempt_count_sub+0x50/0x80 [ 16.555562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.555591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.555618] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.555646] kthread+0x337/0x6f0 [ 16.555669] ? trace_preempt_on+0x20/0xc0 [ 16.555697] ? __pfx_kthread+0x10/0x10 [ 16.555722] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.555747] ? calculate_sigpending+0x7b/0xa0 [ 16.555776] ? __pfx_kthread+0x10/0x10 [ 16.555815] ret_from_fork+0x116/0x1d0 [ 16.555838] ? __pfx_kthread+0x10/0x10 [ 16.555864] ret_from_fork_asm+0x1a/0x30 [ 16.555900] </TASK> [ 16.555916] [ 16.564716] Allocated by task 283: [ 16.565197] kasan_save_stack+0x45/0x70 [ 16.565508] kasan_save_track+0x18/0x40 [ 16.565837] kasan_save_alloc_info+0x3b/0x50 [ 16.566104] __kasan_kmalloc+0xb7/0xc0 [ 16.566320] __kmalloc_cache_noprof+0x189/0x420 [ 16.566578] kasan_atomics+0x95/0x310 [ 16.566898] kunit_try_run_case+0x1a5/0x480 [ 16.567107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.567305] kthread+0x337/0x6f0 [ 16.567442] ret_from_fork+0x116/0x1d0 [ 16.567708] ret_from_fork_asm+0x1a/0x30 [ 16.568210] [ 16.568327] The buggy address belongs to the object at ffff88810392bb00 [ 16.568327] which belongs to the cache kmalloc-64 of size 64 [ 16.569039] The buggy address is located 0 bytes to the right of [ 16.569039] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.569775] [ 16.569921] The buggy address belongs to the physical page: [ 16.570144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.570546] flags: 0x200000000000000(node=0|zone=2) [ 16.571055] page_type: f5(slab) [ 16.571326] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.571645] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.572157] page dumped because: kasan: bad access detected [ 16.572463] [ 16.572574] Memory state around the buggy address: [ 16.572869] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.573212] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.573541] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.573883] ^ [ 16.574119] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.574449] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.574856] ================================================================== [ 17.637962] ================================================================== [ 17.638867] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 17.639897] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.640718] [ 17.640953] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.641008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.641024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.641052] Call Trace: [ 17.641074] <TASK> [ 17.641137] dump_stack_lvl+0x73/0xb0 [ 17.641175] print_report+0xd1/0x650 [ 17.641218] ? __virt_addr_valid+0x1db/0x2d0 [ 17.641246] ? kasan_atomics_helper+0x1e12/0x5450 [ 17.641272] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.641299] ? kasan_atomics_helper+0x1e12/0x5450 [ 17.641326] kasan_report+0x141/0x180 [ 17.641359] ? kasan_atomics_helper+0x1e12/0x5450 [ 17.641390] kasan_check_range+0x10c/0x1c0 [ 17.641419] __kasan_check_write+0x18/0x20 [ 17.641443] kasan_atomics_helper+0x1e12/0x5450 [ 17.641470] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.641498] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.641527] ? kasan_atomics+0x152/0x310 [ 17.641560] kasan_atomics+0x1dc/0x310 [ 17.641588] ? __pfx_kasan_atomics+0x10/0x10 [ 17.641617] ? __pfx_read_tsc+0x10/0x10 [ 17.641642] ? ktime_get_ts64+0x86/0x230 [ 17.641672] kunit_try_run_case+0x1a5/0x480 [ 17.641701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.641728] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.641757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.641785] ? __kthread_parkme+0x82/0x180 [ 17.641821] ? preempt_count_sub+0x50/0x80 [ 17.641850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.641878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.641909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.641935] kthread+0x337/0x6f0 [ 17.641958] ? trace_preempt_on+0x20/0xc0 [ 17.641987] ? __pfx_kthread+0x10/0x10 [ 17.642011] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.642036] ? calculate_sigpending+0x7b/0xa0 [ 17.642066] ? __pfx_kthread+0x10/0x10 [ 17.642105] ret_from_fork+0x116/0x1d0 [ 17.642129] ? __pfx_kthread+0x10/0x10 [ 17.642153] ret_from_fork_asm+0x1a/0x30 [ 17.642191] </TASK> [ 17.642207] [ 17.654005] Allocated by task 283: [ 17.654266] kasan_save_stack+0x45/0x70 [ 17.654504] kasan_save_track+0x18/0x40 [ 17.654664] kasan_save_alloc_info+0x3b/0x50 [ 17.654848] __kasan_kmalloc+0xb7/0xc0 [ 17.655065] __kmalloc_cache_noprof+0x189/0x420 [ 17.655344] kasan_atomics+0x95/0x310 [ 17.655558] kunit_try_run_case+0x1a5/0x480 [ 17.655810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.656138] kthread+0x337/0x6f0 [ 17.656323] ret_from_fork+0x116/0x1d0 [ 17.656499] ret_from_fork_asm+0x1a/0x30 [ 17.656758] [ 17.656873] The buggy address belongs to the object at ffff88810392bb00 [ 17.656873] which belongs to the cache kmalloc-64 of size 64 [ 17.657482] The buggy address is located 0 bytes to the right of [ 17.657482] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.657975] [ 17.658097] The buggy address belongs to the physical page: [ 17.658385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.659069] flags: 0x200000000000000(node=0|zone=2) [ 17.659327] page_type: f5(slab) [ 17.659473] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.659865] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.660313] page dumped because: kasan: bad access detected [ 17.660611] [ 17.660724] Memory state around the buggy address: [ 17.660984] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.661368] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.661799] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.662140] ^ [ 17.662413] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.662716] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.663093] ================================================================== [ 17.053255] ================================================================== [ 17.053699] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 17.054112] Read of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.054442] [ 17.054585] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.054639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.054656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.054683] Call Trace: [ 17.054706] <TASK> [ 17.054728] dump_stack_lvl+0x73/0xb0 [ 17.054774] print_report+0xd1/0x650 [ 17.054820] ? __virt_addr_valid+0x1db/0x2d0 [ 17.054848] ? kasan_atomics_helper+0x4a02/0x5450 [ 17.054873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.054900] ? kasan_atomics_helper+0x4a02/0x5450 [ 17.054928] kasan_report+0x141/0x180 [ 17.054956] ? kasan_atomics_helper+0x4a02/0x5450 [ 17.054990] __asan_report_load4_noabort+0x18/0x20 [ 17.055021] kasan_atomics_helper+0x4a02/0x5450 [ 17.055048] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.055075] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.055118] ? kasan_atomics+0x152/0x310 [ 17.055162] kasan_atomics+0x1dc/0x310 [ 17.055189] ? __pfx_kasan_atomics+0x10/0x10 [ 17.055219] ? __pfx_read_tsc+0x10/0x10 [ 17.055258] ? ktime_get_ts64+0x86/0x230 [ 17.055287] kunit_try_run_case+0x1a5/0x480 [ 17.055315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.055343] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.055372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.055400] ? __kthread_parkme+0x82/0x180 [ 17.055426] ? preempt_count_sub+0x50/0x80 [ 17.055454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.055484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.055511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.055539] kthread+0x337/0x6f0 [ 17.055564] ? trace_preempt_on+0x20/0xc0 [ 17.055592] ? __pfx_kthread+0x10/0x10 [ 17.055618] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.055655] ? calculate_sigpending+0x7b/0xa0 [ 17.055684] ? __pfx_kthread+0x10/0x10 [ 17.055723] ret_from_fork+0x116/0x1d0 [ 17.055747] ? __pfx_kthread+0x10/0x10 [ 17.055772] ret_from_fork_asm+0x1a/0x30 [ 17.055819] </TASK> [ 17.055834] [ 17.064707] Allocated by task 283: [ 17.064923] kasan_save_stack+0x45/0x70 [ 17.065204] kasan_save_track+0x18/0x40 [ 17.065387] kasan_save_alloc_info+0x3b/0x50 [ 17.065644] __kasan_kmalloc+0xb7/0xc0 [ 17.065888] __kmalloc_cache_noprof+0x189/0x420 [ 17.066135] kasan_atomics+0x95/0x310 [ 17.066352] kunit_try_run_case+0x1a5/0x480 [ 17.066522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.066764] kthread+0x337/0x6f0 [ 17.066979] ret_from_fork+0x116/0x1d0 [ 17.067194] ret_from_fork_asm+0x1a/0x30 [ 17.067424] [ 17.067626] The buggy address belongs to the object at ffff88810392bb00 [ 17.067626] which belongs to the cache kmalloc-64 of size 64 [ 17.068210] The buggy address is located 0 bytes to the right of [ 17.068210] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.068838] [ 17.068945] The buggy address belongs to the physical page: [ 17.069301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.069695] flags: 0x200000000000000(node=0|zone=2) [ 17.069972] page_type: f5(slab) [ 17.070202] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.070577] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.070963] page dumped because: kasan: bad access detected [ 17.071312] [ 17.071414] Memory state around the buggy address: [ 17.071594] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.071858] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.072109] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.072492] ^ [ 17.072751] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.073161] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.073503] ================================================================== [ 16.367738] ================================================================== [ 16.368089] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 16.368474] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.368760] [ 16.368988] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.369043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.369056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.369082] Call Trace: [ 16.369104] <TASK> [ 16.369127] dump_stack_lvl+0x73/0xb0 [ 16.369206] print_report+0xd1/0x650 [ 16.369233] ? __virt_addr_valid+0x1db/0x2d0 [ 16.369258] ? kasan_atomics_helper+0x4b6e/0x5450 [ 16.369282] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.369307] ? kasan_atomics_helper+0x4b6e/0x5450 [ 16.369338] kasan_report+0x141/0x180 [ 16.369362] ? kasan_atomics_helper+0x4b6e/0x5450 [ 16.369393] __asan_report_store4_noabort+0x1b/0x30 [ 16.369417] kasan_atomics_helper+0x4b6e/0x5450 [ 16.369443] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.369467] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.369497] ? kasan_atomics+0x152/0x310 [ 16.369529] kasan_atomics+0x1dc/0x310 [ 16.369554] ? __pfx_kasan_atomics+0x10/0x10 [ 16.369582] ? __pfx_read_tsc+0x10/0x10 [ 16.369608] ? ktime_get_ts64+0x86/0x230 [ 16.369636] kunit_try_run_case+0x1a5/0x480 [ 16.369665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.369690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.369719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.369890] ? __kthread_parkme+0x82/0x180 [ 16.369918] ? preempt_count_sub+0x50/0x80 [ 16.369990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.370020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.370048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.370077] kthread+0x337/0x6f0 [ 16.370115] ? trace_preempt_on+0x20/0xc0 [ 16.370358] ? __pfx_kthread+0x10/0x10 [ 16.370394] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.370423] ? calculate_sigpending+0x7b/0xa0 [ 16.370453] ? __pfx_kthread+0x10/0x10 [ 16.370480] ret_from_fork+0x116/0x1d0 [ 16.370505] ? __pfx_kthread+0x10/0x10 [ 16.370530] ret_from_fork_asm+0x1a/0x30 [ 16.370568] </TASK> [ 16.370585] [ 16.379954] Allocated by task 283: [ 16.380339] kasan_save_stack+0x45/0x70 [ 16.380588] kasan_save_track+0x18/0x40 [ 16.380841] kasan_save_alloc_info+0x3b/0x50 [ 16.381079] __kasan_kmalloc+0xb7/0xc0 [ 16.381322] __kmalloc_cache_noprof+0x189/0x420 [ 16.381577] kasan_atomics+0x95/0x310 [ 16.381809] kunit_try_run_case+0x1a5/0x480 [ 16.382073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.382415] kthread+0x337/0x6f0 [ 16.382883] ret_from_fork+0x116/0x1d0 [ 16.383059] ret_from_fork_asm+0x1a/0x30 [ 16.383382] [ 16.383523] The buggy address belongs to the object at ffff88810392bb00 [ 16.383523] which belongs to the cache kmalloc-64 of size 64 [ 16.384013] The buggy address is located 0 bytes to the right of [ 16.384013] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.384522] [ 16.384623] The buggy address belongs to the physical page: [ 16.386855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.387266] flags: 0x200000000000000(node=0|zone=2) [ 16.388116] page_type: f5(slab) [ 16.388304] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.388566] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.388883] page dumped because: kasan: bad access detected [ 16.389112] [ 16.389196] Memory state around the buggy address: [ 16.389379] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.389711] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.390836] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.391104] ^ [ 16.391579] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.392746] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.394989] ================================================================== [ 17.457938] ================================================================== [ 17.458426] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 17.458784] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.459197] [ 17.459354] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.459410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.459451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.459481] Call Trace: [ 17.459507] <TASK> [ 17.459530] dump_stack_lvl+0x73/0xb0 [ 17.459585] print_report+0xd1/0x650 [ 17.459614] ? __virt_addr_valid+0x1db/0x2d0 [ 17.459642] ? kasan_atomics_helper+0x19e3/0x5450 [ 17.459667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.459694] ? kasan_atomics_helper+0x19e3/0x5450 [ 17.459721] kasan_report+0x141/0x180 [ 17.459747] ? kasan_atomics_helper+0x19e3/0x5450 [ 17.459777] kasan_check_range+0x10c/0x1c0 [ 17.459818] __kasan_check_write+0x18/0x20 [ 17.459862] kasan_atomics_helper+0x19e3/0x5450 [ 17.459889] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.459916] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.459946] ? kasan_atomics+0x152/0x310 [ 17.459977] kasan_atomics+0x1dc/0x310 [ 17.460004] ? __pfx_kasan_atomics+0x10/0x10 [ 17.460052] ? __pfx_read_tsc+0x10/0x10 [ 17.460077] ? ktime_get_ts64+0x86/0x230 [ 17.460106] kunit_try_run_case+0x1a5/0x480 [ 17.460135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.460161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.460204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.460232] ? __kthread_parkme+0x82/0x180 [ 17.460257] ? preempt_count_sub+0x50/0x80 [ 17.460285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.460314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.460340] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.460367] kthread+0x337/0x6f0 [ 17.460390] ? trace_preempt_on+0x20/0xc0 [ 17.460418] ? __pfx_kthread+0x10/0x10 [ 17.460443] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.460468] ? calculate_sigpending+0x7b/0xa0 [ 17.460497] ? __pfx_kthread+0x10/0x10 [ 17.460522] ret_from_fork+0x116/0x1d0 [ 17.460544] ? __pfx_kthread+0x10/0x10 [ 17.460568] ret_from_fork_asm+0x1a/0x30 [ 17.460605] </TASK> [ 17.460620] [ 17.469662] Allocated by task 283: [ 17.469879] kasan_save_stack+0x45/0x70 [ 17.470140] kasan_save_track+0x18/0x40 [ 17.470365] kasan_save_alloc_info+0x3b/0x50 [ 17.470613] __kasan_kmalloc+0xb7/0xc0 [ 17.470813] __kmalloc_cache_noprof+0x189/0x420 [ 17.471094] kasan_atomics+0x95/0x310 [ 17.471356] kunit_try_run_case+0x1a5/0x480 [ 17.471590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.471874] kthread+0x337/0x6f0 [ 17.472089] ret_from_fork+0x116/0x1d0 [ 17.472313] ret_from_fork_asm+0x1a/0x30 [ 17.472548] [ 17.472635] The buggy address belongs to the object at ffff88810392bb00 [ 17.472635] which belongs to the cache kmalloc-64 of size 64 [ 17.473336] The buggy address is located 0 bytes to the right of [ 17.473336] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.473982] [ 17.474123] The buggy address belongs to the physical page: [ 17.474476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.474948] flags: 0x200000000000000(node=0|zone=2) [ 17.475225] page_type: f5(slab) [ 17.475424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.476061] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.476338] page dumped because: kasan: bad access detected [ 17.476536] [ 17.476620] Memory state around the buggy address: [ 17.476813] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.477138] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.477516] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.477959] ^ [ 17.478403] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.478799] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.479264] ================================================================== [ 17.203432] ================================================================== [ 17.203903] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 17.204223] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.204642] [ 17.204809] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.204864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.204881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.204908] Call Trace: [ 17.204931] <TASK> [ 17.204953] dump_stack_lvl+0x73/0xb0 [ 17.204990] print_report+0xd1/0x650 [ 17.205017] ? __virt_addr_valid+0x1db/0x2d0 [ 17.205046] ? kasan_atomics_helper+0x4eae/0x5450 [ 17.205072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.205140] ? kasan_atomics_helper+0x4eae/0x5450 [ 17.205169] kasan_report+0x141/0x180 [ 17.205196] ? kasan_atomics_helper+0x4eae/0x5450 [ 17.205248] __asan_report_load8_noabort+0x18/0x20 [ 17.205278] kasan_atomics_helper+0x4eae/0x5450 [ 17.205306] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.205338] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.205370] ? kasan_atomics+0x152/0x310 [ 17.205403] kasan_atomics+0x1dc/0x310 [ 17.205431] ? __pfx_kasan_atomics+0x10/0x10 [ 17.205480] ? __pfx_read_tsc+0x10/0x10 [ 17.205521] ? ktime_get_ts64+0x86/0x230 [ 17.205552] kunit_try_run_case+0x1a5/0x480 [ 17.205582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.205610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.205639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.205668] ? __kthread_parkme+0x82/0x180 [ 17.205693] ? preempt_count_sub+0x50/0x80 [ 17.205724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.205753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.205781] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.205821] kthread+0x337/0x6f0 [ 17.205845] ? trace_preempt_on+0x20/0xc0 [ 17.205874] ? __pfx_kthread+0x10/0x10 [ 17.205900] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.205926] ? calculate_sigpending+0x7b/0xa0 [ 17.205956] ? __pfx_kthread+0x10/0x10 [ 17.205982] ret_from_fork+0x116/0x1d0 [ 17.206006] ? __pfx_kthread+0x10/0x10 [ 17.206031] ret_from_fork_asm+0x1a/0x30 [ 17.206069] </TASK> [ 17.206086] [ 17.215338] Allocated by task 283: [ 17.215599] kasan_save_stack+0x45/0x70 [ 17.215893] kasan_save_track+0x18/0x40 [ 17.216119] kasan_save_alloc_info+0x3b/0x50 [ 17.216440] __kasan_kmalloc+0xb7/0xc0 [ 17.216626] __kmalloc_cache_noprof+0x189/0x420 [ 17.216874] kasan_atomics+0x95/0x310 [ 17.217172] kunit_try_run_case+0x1a5/0x480 [ 17.217465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.217751] kthread+0x337/0x6f0 [ 17.218010] ret_from_fork+0x116/0x1d0 [ 17.218284] ret_from_fork_asm+0x1a/0x30 [ 17.218613] [ 17.218731] The buggy address belongs to the object at ffff88810392bb00 [ 17.218731] which belongs to the cache kmalloc-64 of size 64 [ 17.219288] The buggy address is located 0 bytes to the right of [ 17.219288] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.219976] [ 17.220130] The buggy address belongs to the physical page: [ 17.220371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.220655] flags: 0x200000000000000(node=0|zone=2) [ 17.220891] page_type: f5(slab) [ 17.221096] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.221504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.221948] page dumped because: kasan: bad access detected [ 17.222213] [ 17.222296] Memory state around the buggy address: [ 17.222479] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.222733] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.222998] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.223580] ^ [ 17.224111] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.224589] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.225084] ================================================================== [ 17.893423] ================================================================== [ 17.893723] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 17.894133] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.894521] [ 17.894659] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.894714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.894730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.894757] Call Trace: [ 17.894782] <TASK> [ 17.894817] dump_stack_lvl+0x73/0xb0 [ 17.894853] print_report+0xd1/0x650 [ 17.894881] ? __virt_addr_valid+0x1db/0x2d0 [ 17.894909] ? kasan_atomics_helper+0x224c/0x5450 [ 17.894934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.894962] ? kasan_atomics_helper+0x224c/0x5450 [ 17.894988] kasan_report+0x141/0x180 [ 17.895015] ? kasan_atomics_helper+0x224c/0x5450 [ 17.895049] kasan_check_range+0x10c/0x1c0 [ 17.895078] __kasan_check_write+0x18/0x20 [ 17.895102] kasan_atomics_helper+0x224c/0x5450 [ 17.895130] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.895171] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.895201] ? kasan_atomics+0x152/0x310 [ 17.895234] kasan_atomics+0x1dc/0x310 [ 17.895262] ? __pfx_kasan_atomics+0x10/0x10 [ 17.895292] ? __pfx_read_tsc+0x10/0x10 [ 17.895318] ? ktime_get_ts64+0x86/0x230 [ 17.895348] kunit_try_run_case+0x1a5/0x480 [ 17.895377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.895404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.895434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.895464] ? __kthread_parkme+0x82/0x180 [ 17.895489] ? preempt_count_sub+0x50/0x80 [ 17.895519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.895548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.895576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.895604] kthread+0x337/0x6f0 [ 17.895628] ? trace_preempt_on+0x20/0xc0 [ 17.895657] ? __pfx_kthread+0x10/0x10 [ 17.895682] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.895709] ? calculate_sigpending+0x7b/0xa0 [ 17.895739] ? __pfx_kthread+0x10/0x10 [ 17.895764] ret_from_fork+0x116/0x1d0 [ 17.895801] ? __pfx_kthread+0x10/0x10 [ 17.895826] ret_from_fork_asm+0x1a/0x30 [ 17.895864] </TASK> [ 17.895879] [ 17.904599] Allocated by task 283: [ 17.904823] kasan_save_stack+0x45/0x70 [ 17.905054] kasan_save_track+0x18/0x40 [ 17.905236] kasan_save_alloc_info+0x3b/0x50 [ 17.905420] __kasan_kmalloc+0xb7/0xc0 [ 17.905577] __kmalloc_cache_noprof+0x189/0x420 [ 17.905818] kasan_atomics+0x95/0x310 [ 17.906003] kunit_try_run_case+0x1a5/0x480 [ 17.906300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.906578] kthread+0x337/0x6f0 [ 17.906748] ret_from_fork+0x116/0x1d0 [ 17.906918] ret_from_fork_asm+0x1a/0x30 [ 17.907083] [ 17.907168] The buggy address belongs to the object at ffff88810392bb00 [ 17.907168] which belongs to the cache kmalloc-64 of size 64 [ 17.907733] The buggy address is located 0 bytes to the right of [ 17.907733] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.908240] [ 17.908325] The buggy address belongs to the physical page: [ 17.908525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.909276] flags: 0x200000000000000(node=0|zone=2) [ 17.909558] page_type: f5(slab) [ 17.909758] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.910249] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.910620] page dumped because: kasan: bad access detected [ 17.910899] [ 17.911012] Memory state around the buggy address: [ 17.911325] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.911619] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.911883] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.912242] ^ [ 17.912523] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.912822] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.913305] ================================================================== [ 17.249555] ================================================================== [ 17.249907] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 17.250407] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.250777] [ 17.250934] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.250994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.251010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.251037] Call Trace: [ 17.251058] <TASK> [ 17.251079] dump_stack_lvl+0x73/0xb0 [ 17.251117] print_report+0xd1/0x650 [ 17.251146] ? __virt_addr_valid+0x1db/0x2d0 [ 17.251213] ? kasan_atomics_helper+0x50d4/0x5450 [ 17.251238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.251266] ? kasan_atomics_helper+0x50d4/0x5450 [ 17.251293] kasan_report+0x141/0x180 [ 17.251353] ? kasan_atomics_helper+0x50d4/0x5450 [ 17.251387] __asan_report_store8_noabort+0x1b/0x30 [ 17.251414] kasan_atomics_helper+0x50d4/0x5450 [ 17.251441] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.251500] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.251531] ? kasan_atomics+0x152/0x310 [ 17.251564] kasan_atomics+0x1dc/0x310 [ 17.251592] ? __pfx_kasan_atomics+0x10/0x10 [ 17.251653] ? __pfx_read_tsc+0x10/0x10 [ 17.251681] ? ktime_get_ts64+0x86/0x230 [ 17.251711] kunit_try_run_case+0x1a5/0x480 [ 17.251739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.251809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.251841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.251869] ? __kthread_parkme+0x82/0x180 [ 17.251895] ? preempt_count_sub+0x50/0x80 [ 17.251925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.251982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.252009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.252038] kthread+0x337/0x6f0 [ 17.252063] ? trace_preempt_on+0x20/0xc0 [ 17.252092] ? __pfx_kthread+0x10/0x10 [ 17.252118] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.252144] ? calculate_sigpending+0x7b/0xa0 [ 17.252208] ? __pfx_kthread+0x10/0x10 [ 17.252236] ret_from_fork+0x116/0x1d0 [ 17.252259] ? __pfx_kthread+0x10/0x10 [ 17.252285] ret_from_fork_asm+0x1a/0x30 [ 17.252323] </TASK> [ 17.252339] [ 17.261462] Allocated by task 283: [ 17.261693] kasan_save_stack+0x45/0x70 [ 17.261986] kasan_save_track+0x18/0x40 [ 17.262292] kasan_save_alloc_info+0x3b/0x50 [ 17.262695] __kasan_kmalloc+0xb7/0xc0 [ 17.262925] __kmalloc_cache_noprof+0x189/0x420 [ 17.263179] kasan_atomics+0x95/0x310 [ 17.263508] kunit_try_run_case+0x1a5/0x480 [ 17.263675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.263879] kthread+0x337/0x6f0 [ 17.264017] ret_from_fork+0x116/0x1d0 [ 17.264453] ret_from_fork_asm+0x1a/0x30 [ 17.264685] [ 17.264859] The buggy address belongs to the object at ffff88810392bb00 [ 17.264859] which belongs to the cache kmalloc-64 of size 64 [ 17.265544] The buggy address is located 0 bytes to the right of [ 17.265544] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.265962] [ 17.266130] The buggy address belongs to the physical page: [ 17.266420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.266831] flags: 0x200000000000000(node=0|zone=2) [ 17.267118] page_type: f5(slab) [ 17.267315] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.267724] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.267996] page dumped because: kasan: bad access detected [ 17.268471] [ 17.268626] Memory state around the buggy address: [ 17.268999] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.269591] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.269934] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.270331] ^ [ 17.270507] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.270749] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.271160] ================================================================== [ 17.533259] ================================================================== [ 17.533643] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 17.534056] Write of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.534527] [ 17.534680] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.534747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.534764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.534802] Call Trace: [ 17.534824] <TASK> [ 17.534846] dump_stack_lvl+0x73/0xb0 [ 17.534896] print_report+0xd1/0x650 [ 17.534925] ? __virt_addr_valid+0x1db/0x2d0 [ 17.534953] ? kasan_atomics_helper+0x1c18/0x5450 [ 17.534979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.535007] ? kasan_atomics_helper+0x1c18/0x5450 [ 17.535033] kasan_report+0x141/0x180 [ 17.535059] ? kasan_atomics_helper+0x1c18/0x5450 [ 17.535103] kasan_check_range+0x10c/0x1c0 [ 17.535131] __kasan_check_write+0x18/0x20 [ 17.535166] kasan_atomics_helper+0x1c18/0x5450 [ 17.535194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.535221] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.535274] ? kasan_atomics+0x152/0x310 [ 17.535305] kasan_atomics+0x1dc/0x310 [ 17.535344] ? __pfx_kasan_atomics+0x10/0x10 [ 17.535374] ? __pfx_read_tsc+0x10/0x10 [ 17.535399] ? ktime_get_ts64+0x86/0x230 [ 17.535428] kunit_try_run_case+0x1a5/0x480 [ 17.535457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.535484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.535514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.535542] ? __kthread_parkme+0x82/0x180 [ 17.535567] ? preempt_count_sub+0x50/0x80 [ 17.535596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.535634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.535663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.535697] kthread+0x337/0x6f0 [ 17.535721] ? trace_preempt_on+0x20/0xc0 [ 17.535750] ? __pfx_kthread+0x10/0x10 [ 17.535775] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.535810] ? calculate_sigpending+0x7b/0xa0 [ 17.535840] ? __pfx_kthread+0x10/0x10 [ 17.535865] ret_from_fork+0x116/0x1d0 [ 17.535888] ? __pfx_kthread+0x10/0x10 [ 17.535913] ret_from_fork_asm+0x1a/0x30 [ 17.535950] </TASK> [ 17.535966] [ 17.544635] Allocated by task 283: [ 17.544885] kasan_save_stack+0x45/0x70 [ 17.545199] kasan_save_track+0x18/0x40 [ 17.545377] kasan_save_alloc_info+0x3b/0x50 [ 17.545633] __kasan_kmalloc+0xb7/0xc0 [ 17.545839] __kmalloc_cache_noprof+0x189/0x420 [ 17.546055] kasan_atomics+0x95/0x310 [ 17.546296] kunit_try_run_case+0x1a5/0x480 [ 17.546525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.546826] kthread+0x337/0x6f0 [ 17.547057] ret_from_fork+0x116/0x1d0 [ 17.547278] ret_from_fork_asm+0x1a/0x30 [ 17.547474] [ 17.547561] The buggy address belongs to the object at ffff88810392bb00 [ 17.547561] which belongs to the cache kmalloc-64 of size 64 [ 17.548080] The buggy address is located 0 bytes to the right of [ 17.548080] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.548711] [ 17.548841] The buggy address belongs to the physical page: [ 17.549190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.549484] flags: 0x200000000000000(node=0|zone=2) [ 17.549675] page_type: f5(slab) [ 17.549825] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.550242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.550627] page dumped because: kasan: bad access detected [ 17.551444] [ 17.551653] Memory state around the buggy address: [ 17.551859] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.552947] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.553372] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.553708] ^ [ 17.553967] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.554963] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.555685] ================================================================== [ 17.115372] ================================================================== [ 17.115750] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 17.116223] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.116484] [ 17.116588] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.116638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.116654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.116682] Call Trace: [ 17.116702] <TASK> [ 17.116722] dump_stack_lvl+0x73/0xb0 [ 17.116758] print_report+0xd1/0x650 [ 17.116801] ? __virt_addr_valid+0x1db/0x2d0 [ 17.116829] ? kasan_atomics_helper+0x12e6/0x5450 [ 17.116856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.116883] ? kasan_atomics_helper+0x12e6/0x5450 [ 17.116910] kasan_report+0x141/0x180 [ 17.116949] ? kasan_atomics_helper+0x12e6/0x5450 [ 17.116981] kasan_check_range+0x10c/0x1c0 [ 17.117022] __kasan_check_write+0x18/0x20 [ 17.117046] kasan_atomics_helper+0x12e6/0x5450 [ 17.117074] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.117114] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.117145] ? kasan_atomics+0x152/0x310 [ 17.117178] kasan_atomics+0x1dc/0x310 [ 17.117206] ? __pfx_kasan_atomics+0x10/0x10 [ 17.117234] ? __pfx_read_tsc+0x10/0x10 [ 17.117261] ? ktime_get_ts64+0x86/0x230 [ 17.117300] kunit_try_run_case+0x1a5/0x480 [ 17.117328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.117372] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.117401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.117429] ? __kthread_parkme+0x82/0x180 [ 17.117454] ? preempt_count_sub+0x50/0x80 [ 17.117483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.117511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.117539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.117566] kthread+0x337/0x6f0 [ 17.117590] ? trace_preempt_on+0x20/0xc0 [ 17.117618] ? __pfx_kthread+0x10/0x10 [ 17.117654] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.117680] ? calculate_sigpending+0x7b/0xa0 [ 17.117721] ? __pfx_kthread+0x10/0x10 [ 17.117747] ret_from_fork+0x116/0x1d0 [ 17.117770] ? __pfx_kthread+0x10/0x10 [ 17.117804] ret_from_fork_asm+0x1a/0x30 [ 17.117841] </TASK> [ 17.117855] [ 17.130535] Allocated by task 283: [ 17.131219] kasan_save_stack+0x45/0x70 [ 17.131559] kasan_save_track+0x18/0x40 [ 17.131735] kasan_save_alloc_info+0x3b/0x50 [ 17.131969] __kasan_kmalloc+0xb7/0xc0 [ 17.132469] __kmalloc_cache_noprof+0x189/0x420 [ 17.132990] kasan_atomics+0x95/0x310 [ 17.133563] kunit_try_run_case+0x1a5/0x480 [ 17.134056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.134558] kthread+0x337/0x6f0 [ 17.134718] ret_from_fork+0x116/0x1d0 [ 17.134899] ret_from_fork_asm+0x1a/0x30 [ 17.135069] [ 17.135604] The buggy address belongs to the object at ffff88810392bb00 [ 17.135604] which belongs to the cache kmalloc-64 of size 64 [ 17.137251] The buggy address is located 0 bytes to the right of [ 17.137251] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.138877] [ 17.138991] The buggy address belongs to the physical page: [ 17.139549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.140744] flags: 0x200000000000000(node=0|zone=2) [ 17.141468] page_type: f5(slab) [ 17.141639] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.141927] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.142635] page dumped because: kasan: bad access detected [ 17.143116] [ 17.143241] Memory state around the buggy address: [ 17.143501] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.143868] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.144585] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.145390] ^ [ 17.145735] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.146606] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.147142] ================================================================== [ 17.172272] ================================================================== [ 17.172554] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 17.174899] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.175982] [ 17.176558] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.176627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.176647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.176678] Call Trace: [ 17.176704] <TASK> [ 17.176730] dump_stack_lvl+0x73/0xb0 [ 17.176774] print_report+0xd1/0x650 [ 17.176820] ? __virt_addr_valid+0x1db/0x2d0 [ 17.176850] ? kasan_atomics_helper+0x13b5/0x5450 [ 17.176878] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.176907] ? kasan_atomics_helper+0x13b5/0x5450 [ 17.176934] kasan_report+0x141/0x180 [ 17.176961] ? kasan_atomics_helper+0x13b5/0x5450 [ 17.176993] kasan_check_range+0x10c/0x1c0 [ 17.177021] __kasan_check_read+0x15/0x20 [ 17.177045] kasan_atomics_helper+0x13b5/0x5450 [ 17.177433] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.177480] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.177514] ? kasan_atomics+0x152/0x310 [ 17.177547] kasan_atomics+0x1dc/0x310 [ 17.177576] ? __pfx_kasan_atomics+0x10/0x10 [ 17.177606] ? __pfx_read_tsc+0x10/0x10 [ 17.177634] ? ktime_get_ts64+0x86/0x230 [ 17.177665] kunit_try_run_case+0x1a5/0x480 [ 17.177695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.177722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.177753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.177781] ? __kthread_parkme+0x82/0x180 [ 17.177828] ? preempt_count_sub+0x50/0x80 [ 17.177859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.177888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.177914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.177943] kthread+0x337/0x6f0 [ 17.177968] ? trace_preempt_on+0x20/0xc0 [ 17.177996] ? __pfx_kthread+0x10/0x10 [ 17.178022] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.178049] ? calculate_sigpending+0x7b/0xa0 [ 17.178107] ? __pfx_kthread+0x10/0x10 [ 17.178133] ret_from_fork+0x116/0x1d0 [ 17.178160] ? __pfx_kthread+0x10/0x10 [ 17.178185] ret_from_fork_asm+0x1a/0x30 [ 17.178224] </TASK> [ 17.178242] [ 17.191170] Allocated by task 283: [ 17.191410] kasan_save_stack+0x45/0x70 [ 17.191802] kasan_save_track+0x18/0x40 [ 17.192115] kasan_save_alloc_info+0x3b/0x50 [ 17.192373] __kasan_kmalloc+0xb7/0xc0 [ 17.192745] __kmalloc_cache_noprof+0x189/0x420 [ 17.193103] kasan_atomics+0x95/0x310 [ 17.193519] kunit_try_run_case+0x1a5/0x480 [ 17.193739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.194267] kthread+0x337/0x6f0 [ 17.194481] ret_from_fork+0x116/0x1d0 [ 17.194774] ret_from_fork_asm+0x1a/0x30 [ 17.195037] [ 17.195157] The buggy address belongs to the object at ffff88810392bb00 [ 17.195157] which belongs to the cache kmalloc-64 of size 64 [ 17.195941] The buggy address is located 0 bytes to the right of [ 17.195941] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.196700] [ 17.197056] The buggy address belongs to the physical page: [ 17.197386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.197805] flags: 0x200000000000000(node=0|zone=2) [ 17.198390] page_type: f5(slab) [ 17.198767] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.199253] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.199514] page dumped because: kasan: bad access detected [ 17.199711] [ 17.199806] Memory state around the buggy address: [ 17.200052] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.200399] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.200873] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.201168] ^ [ 17.201440] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.201815] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.202163] ================================================================== [ 17.556948] ================================================================== [ 17.557915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 17.558515] Read of size 8 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 17.559108] [ 17.559246] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.559301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.559319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.559348] Call Trace: [ 17.559372] <TASK> [ 17.559395] dump_stack_lvl+0x73/0xb0 [ 17.559434] print_report+0xd1/0x650 [ 17.559463] ? __virt_addr_valid+0x1db/0x2d0 [ 17.559491] ? kasan_atomics_helper+0x4f30/0x5450 [ 17.559518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.559546] ? kasan_atomics_helper+0x4f30/0x5450 [ 17.559575] kasan_report+0x141/0x180 [ 17.559604] ? kasan_atomics_helper+0x4f30/0x5450 [ 17.559636] __asan_report_load8_noabort+0x18/0x20 [ 17.559667] kasan_atomics_helper+0x4f30/0x5450 [ 17.559695] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 17.559723] ? __kmalloc_cache_noprof+0x189/0x420 [ 17.559754] ? kasan_atomics+0x152/0x310 [ 17.560011] kasan_atomics+0x1dc/0x310 [ 17.560056] ? __pfx_kasan_atomics+0x10/0x10 [ 17.560105] ? __pfx_read_tsc+0x10/0x10 [ 17.560189] ? ktime_get_ts64+0x86/0x230 [ 17.560222] kunit_try_run_case+0x1a5/0x480 [ 17.560252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.560280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.560310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.560339] ? __kthread_parkme+0x82/0x180 [ 17.560364] ? preempt_count_sub+0x50/0x80 [ 17.560394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.560422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.560451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.560480] kthread+0x337/0x6f0 [ 17.560504] ? trace_preempt_on+0x20/0xc0 [ 17.560533] ? __pfx_kthread+0x10/0x10 [ 17.560558] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.560585] ? calculate_sigpending+0x7b/0xa0 [ 17.560616] ? __pfx_kthread+0x10/0x10 [ 17.560642] ret_from_fork+0x116/0x1d0 [ 17.560667] ? __pfx_kthread+0x10/0x10 [ 17.560692] ret_from_fork_asm+0x1a/0x30 [ 17.560730] </TASK> [ 17.560745] [ 17.575555] Allocated by task 283: [ 17.575979] kasan_save_stack+0x45/0x70 [ 17.576644] kasan_save_track+0x18/0x40 [ 17.576967] kasan_save_alloc_info+0x3b/0x50 [ 17.577494] __kasan_kmalloc+0xb7/0xc0 [ 17.577856] __kmalloc_cache_noprof+0x189/0x420 [ 17.578703] kasan_atomics+0x95/0x310 [ 17.578945] kunit_try_run_case+0x1a5/0x480 [ 17.579317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.579749] kthread+0x337/0x6f0 [ 17.579950] ret_from_fork+0x116/0x1d0 [ 17.580464] ret_from_fork_asm+0x1a/0x30 [ 17.580930] [ 17.581209] The buggy address belongs to the object at ffff88810392bb00 [ 17.581209] which belongs to the cache kmalloc-64 of size 64 [ 17.581828] The buggy address is located 0 bytes to the right of [ 17.581828] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 17.582983] [ 17.583253] The buggy address belongs to the physical page: [ 17.583685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 17.584583] flags: 0x200000000000000(node=0|zone=2) [ 17.584953] page_type: f5(slab) [ 17.585300] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 17.585870] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.586584] page dumped because: kasan: bad access detected [ 17.586907] [ 17.587014] Memory state around the buggy address: [ 17.587525] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.588247] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.588781] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 17.589726] ^ [ 17.590184] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.590846] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.591531] ================================================================== [ 16.893741] ================================================================== [ 16.894247] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 16.894763] Write of size 4 at addr ffff88810392bb30 by task kunit_try_catch/283 [ 16.895070] [ 16.895178] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.895229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.895246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.895273] Call Trace: [ 16.895296] <TASK> [ 16.895316] dump_stack_lvl+0x73/0xb0 [ 16.895351] print_report+0xd1/0x650 [ 16.895378] ? __virt_addr_valid+0x1db/0x2d0 [ 16.895407] ? kasan_atomics_helper+0xf10/0x5450 [ 16.895432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.895459] ? kasan_atomics_helper+0xf10/0x5450 [ 16.895498] kasan_report+0x141/0x180 [ 16.895524] ? kasan_atomics_helper+0xf10/0x5450 [ 16.895556] kasan_check_range+0x10c/0x1c0 [ 16.895586] __kasan_check_write+0x18/0x20 [ 16.895614] kasan_atomics_helper+0xf10/0x5450 [ 16.895642] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.895670] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.895702] ? kasan_atomics+0x152/0x310 [ 16.895735] kasan_atomics+0x1dc/0x310 [ 16.895763] ? __pfx_kasan_atomics+0x10/0x10 [ 16.895806] ? __pfx_read_tsc+0x10/0x10 [ 16.895833] ? ktime_get_ts64+0x86/0x230 [ 16.895863] kunit_try_run_case+0x1a5/0x480 [ 16.895891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.895919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.895949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.895978] ? __kthread_parkme+0x82/0x180 [ 16.896002] ? preempt_count_sub+0x50/0x80 [ 16.896034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.896064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.896093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.896121] kthread+0x337/0x6f0 [ 16.896146] ? trace_preempt_on+0x20/0xc0 [ 16.896174] ? __pfx_kthread+0x10/0x10 [ 16.896200] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.896236] ? calculate_sigpending+0x7b/0xa0 [ 16.896265] ? __pfx_kthread+0x10/0x10 [ 16.896292] ret_from_fork+0x116/0x1d0 [ 16.896316] ? __pfx_kthread+0x10/0x10 [ 16.896342] ret_from_fork_asm+0x1a/0x30 [ 16.896380] </TASK> [ 16.896395] [ 16.905760] Allocated by task 283: [ 16.905935] kasan_save_stack+0x45/0x70 [ 16.906131] kasan_save_track+0x18/0x40 [ 16.906363] kasan_save_alloc_info+0x3b/0x50 [ 16.906607] __kasan_kmalloc+0xb7/0xc0 [ 16.906837] __kmalloc_cache_noprof+0x189/0x420 [ 16.907069] kasan_atomics+0x95/0x310 [ 16.907270] kunit_try_run_case+0x1a5/0x480 [ 16.907462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.907761] kthread+0x337/0x6f0 [ 16.907923] ret_from_fork+0x116/0x1d0 [ 16.908084] ret_from_fork_asm+0x1a/0x30 [ 16.908246] [ 16.908333] The buggy address belongs to the object at ffff88810392bb00 [ 16.908333] which belongs to the cache kmalloc-64 of size 64 [ 16.908742] The buggy address is located 0 bytes to the right of [ 16.908742] allocated 48-byte region [ffff88810392bb00, ffff88810392bb30) [ 16.913257] [ 16.913721] The buggy address belongs to the physical page: [ 16.914876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392b [ 16.915938] flags: 0x200000000000000(node=0|zone=2) [ 16.916846] page_type: f5(slab) [ 16.918148] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.919234] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.919932] page dumped because: kasan: bad access detected [ 16.920261] [ 16.920361] Memory state around the buggy address: [ 16.920605] ffff88810392ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.920956] ffff88810392ba80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.921323] >ffff88810392bb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.921693] ^ [ 16.921951] ffff88810392bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.922351] ffff88810392bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.922627] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 16.080910] ================================================================== [ 16.081505] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 16.082027] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.082492] [ 16.082664] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.082743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.082759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.082785] Call Trace: [ 16.082821] <TASK> [ 16.082841] dump_stack_lvl+0x73/0xb0 [ 16.082875] print_report+0xd1/0x650 [ 16.082901] ? __virt_addr_valid+0x1db/0x2d0 [ 16.082958] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 16.083019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.083059] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 16.083100] kasan_report+0x141/0x180 [ 16.083135] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 16.083171] kasan_check_range+0x10c/0x1c0 [ 16.083210] __kasan_check_write+0x18/0x20 [ 16.083232] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 16.083263] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.083295] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.083323] ? trace_hardirqs_on+0x37/0xe0 [ 16.083348] ? kasan_bitops_generic+0x92/0x1c0 [ 16.083379] kasan_bitops_generic+0x121/0x1c0 [ 16.083405] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.083465] ? __pfx_read_tsc+0x10/0x10 [ 16.083489] ? ktime_get_ts64+0x86/0x230 [ 16.083518] kunit_try_run_case+0x1a5/0x480 [ 16.083557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.083583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.083628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.083653] ? __kthread_parkme+0x82/0x180 [ 16.083692] ? preempt_count_sub+0x50/0x80 [ 16.083735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.083761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.083815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.083841] kthread+0x337/0x6f0 [ 16.083879] ? trace_preempt_on+0x20/0xc0 [ 16.083915] ? __pfx_kthread+0x10/0x10 [ 16.083938] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.083963] ? calculate_sigpending+0x7b/0xa0 [ 16.084003] ? __pfx_kthread+0x10/0x10 [ 16.084027] ret_from_fork+0x116/0x1d0 [ 16.084050] ? __pfx_kthread+0x10/0x10 [ 16.084073] ret_from_fork_asm+0x1a/0x30 [ 16.084116] </TASK> [ 16.084130] [ 16.094543] Allocated by task 279: [ 16.094705] kasan_save_stack+0x45/0x70 [ 16.094941] kasan_save_track+0x18/0x40 [ 16.095209] kasan_save_alloc_info+0x3b/0x50 [ 16.095582] __kasan_kmalloc+0xb7/0xc0 [ 16.095730] __kmalloc_cache_noprof+0x189/0x420 [ 16.095914] kasan_bitops_generic+0x92/0x1c0 [ 16.096395] kunit_try_run_case+0x1a5/0x480 [ 16.096684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.097030] kthread+0x337/0x6f0 [ 16.097280] ret_from_fork+0x116/0x1d0 [ 16.097480] ret_from_fork_asm+0x1a/0x30 [ 16.097637] [ 16.097718] The buggy address belongs to the object at ffff88810216f120 [ 16.097718] which belongs to the cache kmalloc-16 of size 16 [ 16.098386] The buggy address is located 8 bytes inside of [ 16.098386] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.099284] [ 16.099399] The buggy address belongs to the physical page: [ 16.099651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.099931] flags: 0x200000000000000(node=0|zone=2) [ 16.100119] page_type: f5(slab) [ 16.100256] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.100512] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.100899] page dumped because: kasan: bad access detected [ 16.101263] [ 16.101395] Memory state around the buggy address: [ 16.101739] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.102398] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.102820] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.103110] ^ [ 16.103361] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.103714] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.104148] ================================================================== [ 16.105412] ================================================================== [ 16.105840] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 16.107008] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.107452] [ 16.107592] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.107681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.107696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.107735] Call Trace: [ 16.107756] <TASK> [ 16.107777] dump_stack_lvl+0x73/0xb0 [ 16.107859] print_report+0xd1/0x650 [ 16.107887] ? __virt_addr_valid+0x1db/0x2d0 [ 16.107915] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 16.107959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.107984] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 16.108046] kasan_report+0x141/0x180 [ 16.108072] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 16.108131] kasan_check_range+0x10c/0x1c0 [ 16.108158] __kasan_check_write+0x18/0x20 [ 16.108193] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 16.108223] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.108255] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.108304] ? trace_hardirqs_on+0x37/0xe0 [ 16.108345] ? kasan_bitops_generic+0x92/0x1c0 [ 16.108388] kasan_bitops_generic+0x121/0x1c0 [ 16.108415] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.108443] ? __pfx_read_tsc+0x10/0x10 [ 16.108482] ? ktime_get_ts64+0x86/0x230 [ 16.108509] kunit_try_run_case+0x1a5/0x480 [ 16.108550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.108576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.108603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.108630] ? __kthread_parkme+0x82/0x180 [ 16.108655] ? preempt_count_sub+0x50/0x80 [ 16.108682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.108710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.108735] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.108761] kthread+0x337/0x6f0 [ 16.108784] ? trace_preempt_on+0x20/0xc0 [ 16.108819] ? __pfx_kthread+0x10/0x10 [ 16.108843] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.108867] ? calculate_sigpending+0x7b/0xa0 [ 16.108894] ? __pfx_kthread+0x10/0x10 [ 16.108919] ret_from_fork+0x116/0x1d0 [ 16.108941] ? __pfx_kthread+0x10/0x10 [ 16.108964] ret_from_fork_asm+0x1a/0x30 [ 16.109000] </TASK> [ 16.109015] [ 16.120044] Allocated by task 279: [ 16.120305] kasan_save_stack+0x45/0x70 [ 16.120562] kasan_save_track+0x18/0x40 [ 16.120804] kasan_save_alloc_info+0x3b/0x50 [ 16.121102] __kasan_kmalloc+0xb7/0xc0 [ 16.121343] __kmalloc_cache_noprof+0x189/0x420 [ 16.121641] kasan_bitops_generic+0x92/0x1c0 [ 16.121856] kunit_try_run_case+0x1a5/0x480 [ 16.122126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.122467] kthread+0x337/0x6f0 [ 16.122611] ret_from_fork+0x116/0x1d0 [ 16.122765] ret_from_fork_asm+0x1a/0x30 [ 16.123099] [ 16.123249] The buggy address belongs to the object at ffff88810216f120 [ 16.123249] which belongs to the cache kmalloc-16 of size 16 [ 16.126349] The buggy address is located 8 bytes inside of [ 16.126349] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.127848] [ 16.127953] The buggy address belongs to the physical page: [ 16.128907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.130411] flags: 0x200000000000000(node=0|zone=2) [ 16.130807] page_type: f5(slab) [ 16.130960] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.132188] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.133310] page dumped because: kasan: bad access detected [ 16.133540] [ 16.133626] Memory state around the buggy address: [ 16.134158] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.134672] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.135032] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.135377] ^ [ 16.135616] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.136349] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.136635] ================================================================== [ 16.137731] ================================================================== [ 16.138201] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 16.138583] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.138976] [ 16.139139] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.139193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.139208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.139235] Call Trace: [ 16.139257] <TASK> [ 16.139278] dump_stack_lvl+0x73/0xb0 [ 16.139313] print_report+0xd1/0x650 [ 16.139339] ? __virt_addr_valid+0x1db/0x2d0 [ 16.139366] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 16.139398] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.139423] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 16.139453] kasan_report+0x141/0x180 [ 16.139477] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 16.139513] kasan_check_range+0x10c/0x1c0 [ 16.139539] __kasan_check_write+0x18/0x20 [ 16.139561] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 16.139591] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.139625] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.139653] ? trace_hardirqs_on+0x37/0xe0 [ 16.139678] ? kasan_bitops_generic+0x92/0x1c0 [ 16.139709] kasan_bitops_generic+0x121/0x1c0 [ 16.139735] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.139762] ? __pfx_read_tsc+0x10/0x10 [ 16.139798] ? ktime_get_ts64+0x86/0x230 [ 16.139825] kunit_try_run_case+0x1a5/0x480 [ 16.139853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.139878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.139905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.139931] ? __kthread_parkme+0x82/0x180 [ 16.139955] ? preempt_count_sub+0x50/0x80 [ 16.139982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.140007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.140032] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.140059] kthread+0x337/0x6f0 [ 16.140104] ? trace_preempt_on+0x20/0xc0 [ 16.140129] ? __pfx_kthread+0x10/0x10 [ 16.140151] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.140175] ? calculate_sigpending+0x7b/0xa0 [ 16.140202] ? __pfx_kthread+0x10/0x10 [ 16.140225] ret_from_fork+0x116/0x1d0 [ 16.140246] ? __pfx_kthread+0x10/0x10 [ 16.140270] ret_from_fork_asm+0x1a/0x30 [ 16.140306] </TASK> [ 16.140320] [ 16.152362] Allocated by task 279: [ 16.152858] kasan_save_stack+0x45/0x70 [ 16.153348] kasan_save_track+0x18/0x40 [ 16.153571] kasan_save_alloc_info+0x3b/0x50 [ 16.153811] __kasan_kmalloc+0xb7/0xc0 [ 16.154013] __kmalloc_cache_noprof+0x189/0x420 [ 16.154662] kasan_bitops_generic+0x92/0x1c0 [ 16.154981] kunit_try_run_case+0x1a5/0x480 [ 16.155446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.155922] kthread+0x337/0x6f0 [ 16.156410] ret_from_fork+0x116/0x1d0 [ 16.156639] ret_from_fork_asm+0x1a/0x30 [ 16.156866] [ 16.156970] The buggy address belongs to the object at ffff88810216f120 [ 16.156970] which belongs to the cache kmalloc-16 of size 16 [ 16.158034] The buggy address is located 8 bytes inside of [ 16.158034] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.158742] [ 16.158867] The buggy address belongs to the physical page: [ 16.159435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.159966] flags: 0x200000000000000(node=0|zone=2) [ 16.160447] page_type: f5(slab) [ 16.160776] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.161409] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.161915] page dumped because: kasan: bad access detected [ 16.162443] [ 16.162561] Memory state around the buggy address: [ 16.162810] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.163494] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.163979] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.164666] ^ [ 16.164932] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.165501] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.165997] ================================================================== [ 16.200608] ================================================================== [ 16.201016] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 16.201586] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.201978] [ 16.202096] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.202149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.202163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.202189] Call Trace: [ 16.202209] <TASK> [ 16.202229] dump_stack_lvl+0x73/0xb0 [ 16.202265] print_report+0xd1/0x650 [ 16.202291] ? __virt_addr_valid+0x1db/0x2d0 [ 16.202318] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 16.202349] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.202375] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 16.202406] kasan_report+0x141/0x180 [ 16.202431] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 16.202466] kasan_check_range+0x10c/0x1c0 [ 16.202493] __kasan_check_write+0x18/0x20 [ 16.202516] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 16.202547] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.202579] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.202606] ? trace_hardirqs_on+0x37/0xe0 [ 16.202632] ? kasan_bitops_generic+0x92/0x1c0 [ 16.202663] kasan_bitops_generic+0x121/0x1c0 [ 16.202691] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.202719] ? __pfx_read_tsc+0x10/0x10 [ 16.202743] ? ktime_get_ts64+0x86/0x230 [ 16.202770] kunit_try_run_case+0x1a5/0x480 [ 16.202810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.202834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.202862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.202888] ? __kthread_parkme+0x82/0x180 [ 16.202912] ? preempt_count_sub+0x50/0x80 [ 16.202939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.202966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.202992] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.203017] kthread+0x337/0x6f0 [ 16.203039] ? trace_preempt_on+0x20/0xc0 [ 16.203064] ? __pfx_kthread+0x10/0x10 [ 16.203101] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.203125] ? calculate_sigpending+0x7b/0xa0 [ 16.203153] ? __pfx_kthread+0x10/0x10 [ 16.203179] ret_from_fork+0x116/0x1d0 [ 16.203200] ? __pfx_kthread+0x10/0x10 [ 16.203224] ret_from_fork_asm+0x1a/0x30 [ 16.203259] </TASK> [ 16.203274] [ 16.212199] Allocated by task 279: [ 16.212419] kasan_save_stack+0x45/0x70 [ 16.212682] kasan_save_track+0x18/0x40 [ 16.212922] kasan_save_alloc_info+0x3b/0x50 [ 16.213253] __kasan_kmalloc+0xb7/0xc0 [ 16.213473] __kmalloc_cache_noprof+0x189/0x420 [ 16.213686] kasan_bitops_generic+0x92/0x1c0 [ 16.213910] kunit_try_run_case+0x1a5/0x480 [ 16.214077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.214274] kthread+0x337/0x6f0 [ 16.214410] ret_from_fork+0x116/0x1d0 [ 16.214624] ret_from_fork_asm+0x1a/0x30 [ 16.214856] [ 16.214985] The buggy address belongs to the object at ffff88810216f120 [ 16.214985] which belongs to the cache kmalloc-16 of size 16 [ 16.215648] The buggy address is located 8 bytes inside of [ 16.215648] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.216057] [ 16.216271] The buggy address belongs to the physical page: [ 16.216563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.216994] flags: 0x200000000000000(node=0|zone=2) [ 16.217499] page_type: f5(slab) [ 16.217666] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.218030] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.218442] page dumped because: kasan: bad access detected [ 16.218699] [ 16.218799] Memory state around the buggy address: [ 16.218978] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.219501] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.219846] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.220089] ^ [ 16.220260] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.221002] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.221375] ================================================================== [ 16.027743] ================================================================== [ 16.028360] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 16.029017] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.029536] [ 16.029730] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.029825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.029870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.029898] Call Trace: [ 16.029919] <TASK> [ 16.029951] dump_stack_lvl+0x73/0xb0 [ 16.029989] print_report+0xd1/0x650 [ 16.030015] ? __virt_addr_valid+0x1db/0x2d0 [ 16.030041] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 16.030072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.030097] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 16.030129] kasan_report+0x141/0x180 [ 16.030154] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 16.030190] kasan_check_range+0x10c/0x1c0 [ 16.030217] __kasan_check_write+0x18/0x20 [ 16.030272] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 16.030304] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.030348] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.030376] ? trace_hardirqs_on+0x37/0xe0 [ 16.030402] ? kasan_bitops_generic+0x92/0x1c0 [ 16.030471] kasan_bitops_generic+0x121/0x1c0 [ 16.030498] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.030527] ? __pfx_read_tsc+0x10/0x10 [ 16.030564] ? ktime_get_ts64+0x86/0x230 [ 16.030592] kunit_try_run_case+0x1a5/0x480 [ 16.030620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.030646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.030674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.030699] ? __kthread_parkme+0x82/0x180 [ 16.030723] ? preempt_count_sub+0x50/0x80 [ 16.030750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.030777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.030818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.030843] kthread+0x337/0x6f0 [ 16.030866] ? trace_preempt_on+0x20/0xc0 [ 16.030891] ? __pfx_kthread+0x10/0x10 [ 16.030914] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.030937] ? calculate_sigpending+0x7b/0xa0 [ 16.030965] ? __pfx_kthread+0x10/0x10 [ 16.030990] ret_from_fork+0x116/0x1d0 [ 16.031012] ? __pfx_kthread+0x10/0x10 [ 16.031036] ret_from_fork_asm+0x1a/0x30 [ 16.031072] </TASK> [ 16.031086] [ 16.044911] Allocated by task 279: [ 16.045213] kasan_save_stack+0x45/0x70 [ 16.045672] kasan_save_track+0x18/0x40 [ 16.045901] kasan_save_alloc_info+0x3b/0x50 [ 16.046102] __kasan_kmalloc+0xb7/0xc0 [ 16.046377] __kmalloc_cache_noprof+0x189/0x420 [ 16.046689] kasan_bitops_generic+0x92/0x1c0 [ 16.046992] kunit_try_run_case+0x1a5/0x480 [ 16.047305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.047611] kthread+0x337/0x6f0 [ 16.047756] ret_from_fork+0x116/0x1d0 [ 16.048043] ret_from_fork_asm+0x1a/0x30 [ 16.048329] [ 16.048419] The buggy address belongs to the object at ffff88810216f120 [ 16.048419] which belongs to the cache kmalloc-16 of size 16 [ 16.049063] The buggy address is located 8 bytes inside of [ 16.049063] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.049673] [ 16.049841] The buggy address belongs to the physical page: [ 16.050149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.050569] flags: 0x200000000000000(node=0|zone=2) [ 16.050889] page_type: f5(slab) [ 16.051130] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.051538] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.051961] page dumped because: kasan: bad access detected [ 16.052366] [ 16.052513] Memory state around the buggy address: [ 16.052805] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.053180] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.053573] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.053935] ^ [ 16.054104] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.054367] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.054844] ================================================================== [ 16.167614] ================================================================== [ 16.168209] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 16.168708] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.169075] [ 16.169617] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.169682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.169699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.169726] Call Trace: [ 16.169748] <TASK> [ 16.169819] dump_stack_lvl+0x73/0xb0 [ 16.169863] print_report+0xd1/0x650 [ 16.169890] ? __virt_addr_valid+0x1db/0x2d0 [ 16.169915] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 16.169948] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.169974] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 16.170008] kasan_report+0x141/0x180 [ 16.170033] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 16.170072] kasan_check_range+0x10c/0x1c0 [ 16.170118] __kasan_check_write+0x18/0x20 [ 16.170141] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 16.170172] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.170204] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.170232] ? trace_hardirqs_on+0x37/0xe0 [ 16.170257] ? kasan_bitops_generic+0x92/0x1c0 [ 16.170289] kasan_bitops_generic+0x121/0x1c0 [ 16.170316] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.170343] ? __pfx_read_tsc+0x10/0x10 [ 16.170368] ? ktime_get_ts64+0x86/0x230 [ 16.170395] kunit_try_run_case+0x1a5/0x480 [ 16.170423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.170448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.170475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.170502] ? __kthread_parkme+0x82/0x180 [ 16.170526] ? preempt_count_sub+0x50/0x80 [ 16.170552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.170579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.170605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.170631] kthread+0x337/0x6f0 [ 16.170654] ? trace_preempt_on+0x20/0xc0 [ 16.170678] ? __pfx_kthread+0x10/0x10 [ 16.170701] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.170725] ? calculate_sigpending+0x7b/0xa0 [ 16.170752] ? __pfx_kthread+0x10/0x10 [ 16.170776] ret_from_fork+0x116/0x1d0 [ 16.170808] ? __pfx_kthread+0x10/0x10 [ 16.170832] ret_from_fork_asm+0x1a/0x30 [ 16.170868] </TASK> [ 16.170881] [ 16.184905] Allocated by task 279: [ 16.185364] kasan_save_stack+0x45/0x70 [ 16.185721] kasan_save_track+0x18/0x40 [ 16.186012] kasan_save_alloc_info+0x3b/0x50 [ 16.186663] __kasan_kmalloc+0xb7/0xc0 [ 16.186934] __kmalloc_cache_noprof+0x189/0x420 [ 16.187396] kasan_bitops_generic+0x92/0x1c0 [ 16.187649] kunit_try_run_case+0x1a5/0x480 [ 16.187886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.188508] kthread+0x337/0x6f0 [ 16.188762] ret_from_fork+0x116/0x1d0 [ 16.189103] ret_from_fork_asm+0x1a/0x30 [ 16.189566] [ 16.189831] The buggy address belongs to the object at ffff88810216f120 [ 16.189831] which belongs to the cache kmalloc-16 of size 16 [ 16.190671] The buggy address is located 8 bytes inside of [ 16.190671] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.191548] [ 16.191823] The buggy address belongs to the physical page: [ 16.192274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.192679] flags: 0x200000000000000(node=0|zone=2) [ 16.192944] page_type: f5(slab) [ 16.193317] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.194051] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.194563] page dumped because: kasan: bad access detected [ 16.194978] [ 16.195277] Memory state around the buggy address: [ 16.195532] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.195892] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.196657] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.197401] ^ [ 16.197731] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.198408] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.198932] ================================================================== [ 16.222131] ================================================================== [ 16.222544] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 16.223586] Read of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.223994] [ 16.224141] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.224194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.224209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.224234] Call Trace: [ 16.224256] <TASK> [ 16.224275] dump_stack_lvl+0x73/0xb0 [ 16.224310] print_report+0xd1/0x650 [ 16.224336] ? __virt_addr_valid+0x1db/0x2d0 [ 16.224362] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 16.224393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.224419] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 16.224450] kasan_report+0x141/0x180 [ 16.224474] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 16.224511] kasan_check_range+0x10c/0x1c0 [ 16.224538] __kasan_check_read+0x15/0x20 [ 16.224559] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 16.224590] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.224623] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.224651] ? trace_hardirqs_on+0x37/0xe0 [ 16.224675] ? kasan_bitops_generic+0x92/0x1c0 [ 16.224706] kasan_bitops_generic+0x121/0x1c0 [ 16.224733] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.224762] ? __pfx_read_tsc+0x10/0x10 [ 16.224785] ? ktime_get_ts64+0x86/0x230 [ 16.224828] kunit_try_run_case+0x1a5/0x480 [ 16.224855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.224880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.224908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.224934] ? __kthread_parkme+0x82/0x180 [ 16.224956] ? preempt_count_sub+0x50/0x80 [ 16.224984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.225011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.225036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.225063] kthread+0x337/0x6f0 [ 16.225098] ? trace_preempt_on+0x20/0xc0 [ 16.225123] ? __pfx_kthread+0x10/0x10 [ 16.225147] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.225171] ? calculate_sigpending+0x7b/0xa0 [ 16.225197] ? __pfx_kthread+0x10/0x10 [ 16.225222] ret_from_fork+0x116/0x1d0 [ 16.225244] ? __pfx_kthread+0x10/0x10 [ 16.225267] ret_from_fork_asm+0x1a/0x30 [ 16.225303] </TASK> [ 16.225316] [ 16.234192] Allocated by task 279: [ 16.234769] kasan_save_stack+0x45/0x70 [ 16.234944] kasan_save_track+0x18/0x40 [ 16.235096] kasan_save_alloc_info+0x3b/0x50 [ 16.235333] __kasan_kmalloc+0xb7/0xc0 [ 16.235613] __kmalloc_cache_noprof+0x189/0x420 [ 16.235933] kasan_bitops_generic+0x92/0x1c0 [ 16.236175] kunit_try_run_case+0x1a5/0x480 [ 16.236340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.236536] kthread+0x337/0x6f0 [ 16.236671] ret_from_fork+0x116/0x1d0 [ 16.237109] ret_from_fork_asm+0x1a/0x30 [ 16.237363] [ 16.237475] The buggy address belongs to the object at ffff88810216f120 [ 16.237475] which belongs to the cache kmalloc-16 of size 16 [ 16.238052] The buggy address is located 8 bytes inside of [ 16.238052] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.239798] [ 16.239902] The buggy address belongs to the physical page: [ 16.240409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.241581] flags: 0x200000000000000(node=0|zone=2) [ 16.242225] page_type: f5(slab) [ 16.242676] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.243677] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.244354] page dumped because: kasan: bad access detected [ 16.244566] [ 16.244651] Memory state around the buggy address: [ 16.245378] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.246327] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.247296] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.248058] ^ [ 16.248727] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.249453] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.249706] ================================================================== [ 16.056060] ================================================================== [ 16.056754] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 16.057330] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.057730] [ 16.057899] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.057953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.057967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.057994] Call Trace: [ 16.058010] <TASK> [ 16.058029] dump_stack_lvl+0x73/0xb0 [ 16.058064] print_report+0xd1/0x650 [ 16.058108] ? __virt_addr_valid+0x1db/0x2d0 [ 16.058135] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 16.058166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.058229] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 16.058261] kasan_report+0x141/0x180 [ 16.058299] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 16.058336] kasan_check_range+0x10c/0x1c0 [ 16.058384] __kasan_check_write+0x18/0x20 [ 16.058416] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 16.058448] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.058493] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.058522] ? trace_hardirqs_on+0x37/0xe0 [ 16.058578] ? kasan_bitops_generic+0x92/0x1c0 [ 16.058610] kasan_bitops_generic+0x121/0x1c0 [ 16.058650] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.058679] ? __pfx_read_tsc+0x10/0x10 [ 16.058703] ? ktime_get_ts64+0x86/0x230 [ 16.058731] kunit_try_run_case+0x1a5/0x480 [ 16.058759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.058784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.058844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.058888] ? __kthread_parkme+0x82/0x180 [ 16.058912] ? preempt_count_sub+0x50/0x80 [ 16.058952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.058979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.059018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.059045] kthread+0x337/0x6f0 [ 16.059068] ? trace_preempt_on+0x20/0xc0 [ 16.059103] ? __pfx_kthread+0x10/0x10 [ 16.059128] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.059152] ? calculate_sigpending+0x7b/0xa0 [ 16.059180] ? __pfx_kthread+0x10/0x10 [ 16.059205] ret_from_fork+0x116/0x1d0 [ 16.059227] ? __pfx_kthread+0x10/0x10 [ 16.059250] ret_from_fork_asm+0x1a/0x30 [ 16.059286] </TASK> [ 16.059300] [ 16.069843] Allocated by task 279: [ 16.070081] kasan_save_stack+0x45/0x70 [ 16.070413] kasan_save_track+0x18/0x40 [ 16.070646] kasan_save_alloc_info+0x3b/0x50 [ 16.070936] __kasan_kmalloc+0xb7/0xc0 [ 16.071245] __kmalloc_cache_noprof+0x189/0x420 [ 16.071476] kasan_bitops_generic+0x92/0x1c0 [ 16.071774] kunit_try_run_case+0x1a5/0x480 [ 16.072043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.072404] kthread+0x337/0x6f0 [ 16.072622] ret_from_fork+0x116/0x1d0 [ 16.072876] ret_from_fork_asm+0x1a/0x30 [ 16.073103] [ 16.073212] The buggy address belongs to the object at ffff88810216f120 [ 16.073212] which belongs to the cache kmalloc-16 of size 16 [ 16.073955] The buggy address is located 8 bytes inside of [ 16.073955] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.074686] [ 16.074773] The buggy address belongs to the physical page: [ 16.075049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.075474] flags: 0x200000000000000(node=0|zone=2) [ 16.075754] page_type: f5(slab) [ 16.075906] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.076403] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.076876] page dumped because: kasan: bad access detected [ 16.077290] [ 16.077378] Memory state around the buggy address: [ 16.077557] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.077813] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.078117] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.078541] ^ [ 16.078896] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.079446] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.080019] ================================================================== [ 16.250260] ================================================================== [ 16.251003] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 16.252025] Read of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.252830] [ 16.252941] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.252993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.253007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.253032] Call Trace: [ 16.253052] <TASK> [ 16.253104] dump_stack_lvl+0x73/0xb0 [ 16.253139] print_report+0xd1/0x650 [ 16.253165] ? __virt_addr_valid+0x1db/0x2d0 [ 16.253216] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 16.253246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.253289] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 16.253321] kasan_report+0x141/0x180 [ 16.253354] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 16.253390] __asan_report_load8_noabort+0x18/0x20 [ 16.253417] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 16.253448] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 16.253479] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.253508] ? trace_hardirqs_on+0x37/0xe0 [ 16.253533] ? kasan_bitops_generic+0x92/0x1c0 [ 16.253564] kasan_bitops_generic+0x121/0x1c0 [ 16.253591] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.253619] ? __pfx_read_tsc+0x10/0x10 [ 16.253643] ? ktime_get_ts64+0x86/0x230 [ 16.253671] kunit_try_run_case+0x1a5/0x480 [ 16.253703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.253729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.253756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.253782] ? __kthread_parkme+0x82/0x180 [ 16.253820] ? preempt_count_sub+0x50/0x80 [ 16.253849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.253877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.253904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.253931] kthread+0x337/0x6f0 [ 16.253954] ? trace_preempt_on+0x20/0xc0 [ 16.253979] ? __pfx_kthread+0x10/0x10 [ 16.254002] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.254026] ? calculate_sigpending+0x7b/0xa0 [ 16.254054] ? __pfx_kthread+0x10/0x10 [ 16.254101] ret_from_fork+0x116/0x1d0 [ 16.254124] ? __pfx_kthread+0x10/0x10 [ 16.254147] ret_from_fork_asm+0x1a/0x30 [ 16.254183] </TASK> [ 16.254200] [ 16.267728] Allocated by task 279: [ 16.267918] kasan_save_stack+0x45/0x70 [ 16.268437] kasan_save_track+0x18/0x40 [ 16.268689] kasan_save_alloc_info+0x3b/0x50 [ 16.268932] __kasan_kmalloc+0xb7/0xc0 [ 16.269416] __kmalloc_cache_noprof+0x189/0x420 [ 16.269934] kasan_bitops_generic+0x92/0x1c0 [ 16.270427] kunit_try_run_case+0x1a5/0x480 [ 16.270666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.270953] kthread+0x337/0x6f0 [ 16.271379] ret_from_fork+0x116/0x1d0 [ 16.271728] ret_from_fork_asm+0x1a/0x30 [ 16.272375] [ 16.272492] The buggy address belongs to the object at ffff88810216f120 [ 16.272492] which belongs to the cache kmalloc-16 of size 16 [ 16.273082] The buggy address is located 8 bytes inside of [ 16.273082] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.273652] [ 16.273760] The buggy address belongs to the physical page: [ 16.274523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.275340] flags: 0x200000000000000(node=0|zone=2) [ 16.275853] page_type: f5(slab) [ 16.276354] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.276755] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.277362] page dumped because: kasan: bad access detected [ 16.277832] [ 16.278149] Memory state around the buggy address: [ 16.278752] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.279641] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.280191] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.280552] ^ [ 16.280783] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.281091] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.281444] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 15.849092] ================================================================== [ 15.849520] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.850341] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.850731] [ 15.850874] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.850926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.850941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.850968] Call Trace: [ 15.850985] <TASK> [ 15.851005] dump_stack_lvl+0x73/0xb0 [ 15.851041] print_report+0xd1/0x650 [ 15.851068] ? __virt_addr_valid+0x1db/0x2d0 [ 15.851095] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851125] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.851150] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851180] kasan_report+0x141/0x180 [ 15.851205] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851240] kasan_check_range+0x10c/0x1c0 [ 15.851267] __kasan_check_write+0x18/0x20 [ 15.851291] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 15.851322] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.851352] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.851382] ? trace_hardirqs_on+0x37/0xe0 [ 15.851409] ? kasan_bitops_generic+0x92/0x1c0 [ 15.851441] kasan_bitops_generic+0x116/0x1c0 [ 15.851484] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.851514] ? __pfx_read_tsc+0x10/0x10 [ 15.851538] ? ktime_get_ts64+0x86/0x230 [ 15.851566] kunit_try_run_case+0x1a5/0x480 [ 15.851597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.851622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.851651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.851678] ? __kthread_parkme+0x82/0x180 [ 15.851702] ? preempt_count_sub+0x50/0x80 [ 15.851730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.851757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.851784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.851822] kthread+0x337/0x6f0 [ 15.851845] ? trace_preempt_on+0x20/0xc0 [ 15.851870] ? __pfx_kthread+0x10/0x10 [ 15.851895] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.851920] ? calculate_sigpending+0x7b/0xa0 [ 15.851948] ? __pfx_kthread+0x10/0x10 [ 15.851973] ret_from_fork+0x116/0x1d0 [ 15.851996] ? __pfx_kthread+0x10/0x10 [ 15.852020] ret_from_fork_asm+0x1a/0x30 [ 15.852055] </TASK> [ 15.852069] [ 15.861863] Allocated by task 279: [ 15.862067] kasan_save_stack+0x45/0x70 [ 15.862505] kasan_save_track+0x18/0x40 [ 15.862719] kasan_save_alloc_info+0x3b/0x50 [ 15.862975] __kasan_kmalloc+0xb7/0xc0 [ 15.863238] __kmalloc_cache_noprof+0x189/0x420 [ 15.863450] kasan_bitops_generic+0x92/0x1c0 [ 15.863713] kunit_try_run_case+0x1a5/0x480 [ 15.863948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.864196] kthread+0x337/0x6f0 [ 15.864335] ret_from_fork+0x116/0x1d0 [ 15.867377] ret_from_fork_asm+0x1a/0x30 [ 15.868644] [ 15.868797] The buggy address belongs to the object at ffff88810216f120 [ 15.868797] which belongs to the cache kmalloc-16 of size 16 [ 15.870561] The buggy address is located 8 bytes inside of [ 15.870561] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.871899] [ 15.872001] The buggy address belongs to the physical page: [ 15.872213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.872497] flags: 0x200000000000000(node=0|zone=2) [ 15.872692] page_type: f5(slab) [ 15.873914] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.874393] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.874820] page dumped because: kasan: bad access detected [ 15.875691] [ 15.875827] Memory state around the buggy address: [ 15.876289] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.876912] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.877221] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.877667] ^ [ 15.877921] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.878322] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.878747] ================================================================== [ 15.902118] ================================================================== [ 15.902526] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.902968] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.903341] [ 15.903521] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.903572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.903586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.903612] Call Trace: [ 15.903629] <TASK> [ 15.903647] dump_stack_lvl+0x73/0xb0 [ 15.903681] print_report+0xd1/0x650 [ 15.903707] ? __virt_addr_valid+0x1db/0x2d0 [ 15.903733] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.903803] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903834] kasan_report+0x141/0x180 [ 15.903860] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903894] kasan_check_range+0x10c/0x1c0 [ 15.903927] __kasan_check_write+0x18/0x20 [ 15.903952] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 15.903981] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.904012] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.904040] ? trace_hardirqs_on+0x37/0xe0 [ 15.904067] ? kasan_bitops_generic+0x92/0x1c0 [ 15.904115] kasan_bitops_generic+0x116/0x1c0 [ 15.904143] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.904173] ? __pfx_read_tsc+0x10/0x10 [ 15.904198] ? ktime_get_ts64+0x86/0x230 [ 15.904225] kunit_try_run_case+0x1a5/0x480 [ 15.904255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.904309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.904336] ? __kthread_parkme+0x82/0x180 [ 15.904360] ? preempt_count_sub+0x50/0x80 [ 15.904388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.904441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.904468] kthread+0x337/0x6f0 [ 15.904489] ? trace_preempt_on+0x20/0xc0 [ 15.904514] ? __pfx_kthread+0x10/0x10 [ 15.904538] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.904562] ? calculate_sigpending+0x7b/0xa0 [ 15.904590] ? __pfx_kthread+0x10/0x10 [ 15.904613] ret_from_fork+0x116/0x1d0 [ 15.904635] ? __pfx_kthread+0x10/0x10 [ 15.904659] ret_from_fork_asm+0x1a/0x30 [ 15.904694] </TASK> [ 15.904708] [ 15.913619] Allocated by task 279: [ 15.913841] kasan_save_stack+0x45/0x70 [ 15.914066] kasan_save_track+0x18/0x40 [ 15.914281] kasan_save_alloc_info+0x3b/0x50 [ 15.914697] __kasan_kmalloc+0xb7/0xc0 [ 15.914858] __kmalloc_cache_noprof+0x189/0x420 [ 15.915032] kasan_bitops_generic+0x92/0x1c0 [ 15.915197] kunit_try_run_case+0x1a5/0x480 [ 15.915392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.915834] kthread+0x337/0x6f0 [ 15.916193] ret_from_fork+0x116/0x1d0 [ 15.916439] ret_from_fork_asm+0x1a/0x30 [ 15.916678] [ 15.916823] The buggy address belongs to the object at ffff88810216f120 [ 15.916823] which belongs to the cache kmalloc-16 of size 16 [ 15.917464] The buggy address is located 8 bytes inside of [ 15.917464] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.918016] [ 15.918159] The buggy address belongs to the physical page: [ 15.918448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.918814] flags: 0x200000000000000(node=0|zone=2) [ 15.919009] page_type: f5(slab) [ 15.919147] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.919403] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.919916] page dumped because: kasan: bad access detected [ 15.920346] [ 15.920428] Memory state around the buggy address: [ 15.920604] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.920863] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.921103] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.921340] ^ [ 15.921654] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.922038] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.922620] ================================================================== [ 15.825834] ================================================================== [ 15.826390] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.827035] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.827686] [ 15.827841] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.827900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.827915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.827942] Call Trace: [ 15.827957] <TASK> [ 15.827979] dump_stack_lvl+0x73/0xb0 [ 15.828020] print_report+0xd1/0x650 [ 15.828048] ? __virt_addr_valid+0x1db/0x2d0 [ 15.828075] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.828130] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828160] kasan_report+0x141/0x180 [ 15.828185] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828392] kasan_check_range+0x10c/0x1c0 [ 15.828430] __kasan_check_write+0x18/0x20 [ 15.828453] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 15.828483] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.828514] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.828543] ? trace_hardirqs_on+0x37/0xe0 [ 15.828570] ? kasan_bitops_generic+0x92/0x1c0 [ 15.828601] kasan_bitops_generic+0x116/0x1c0 [ 15.828630] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.828659] ? __pfx_read_tsc+0x10/0x10 [ 15.828684] ? ktime_get_ts64+0x86/0x230 [ 15.828714] kunit_try_run_case+0x1a5/0x480 [ 15.828743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.828769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.828815] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.828842] ? __kthread_parkme+0x82/0x180 [ 15.828867] ? preempt_count_sub+0x50/0x80 [ 15.828898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.828925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.828953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.828979] kthread+0x337/0x6f0 [ 15.829001] ? trace_preempt_on+0x20/0xc0 [ 15.829026] ? __pfx_kthread+0x10/0x10 [ 15.829050] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.829075] ? calculate_sigpending+0x7b/0xa0 [ 15.829117] ? __pfx_kthread+0x10/0x10 [ 15.829161] ret_from_fork+0x116/0x1d0 [ 15.829184] ? __pfx_kthread+0x10/0x10 [ 15.829208] ret_from_fork_asm+0x1a/0x30 [ 15.829245] </TASK> [ 15.829261] [ 15.839254] Allocated by task 279: [ 15.839424] kasan_save_stack+0x45/0x70 [ 15.839594] kasan_save_track+0x18/0x40 [ 15.839748] kasan_save_alloc_info+0x3b/0x50 [ 15.840005] __kasan_kmalloc+0xb7/0xc0 [ 15.840421] __kmalloc_cache_noprof+0x189/0x420 [ 15.840692] kasan_bitops_generic+0x92/0x1c0 [ 15.840958] kunit_try_run_case+0x1a5/0x480 [ 15.841165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.841374] kthread+0x337/0x6f0 [ 15.841515] ret_from_fork+0x116/0x1d0 [ 15.841691] ret_from_fork_asm+0x1a/0x30 [ 15.841988] [ 15.842113] The buggy address belongs to the object at ffff88810216f120 [ 15.842113] which belongs to the cache kmalloc-16 of size 16 [ 15.842726] The buggy address is located 8 bytes inside of [ 15.842726] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.843629] [ 15.843751] The buggy address belongs to the physical page: [ 15.844027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.844429] flags: 0x200000000000000(node=0|zone=2) [ 15.844628] page_type: f5(slab) [ 15.844772] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.845250] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.845657] page dumped because: kasan: bad access detected [ 15.845970] [ 15.846097] Memory state around the buggy address: [ 15.846482] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.846890] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.847146] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.847537] ^ [ 15.847771] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.848177] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.848503] ================================================================== [ 15.972154] ================================================================== [ 15.972744] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.973133] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.973683] [ 15.973808] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.973863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.973878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.973905] Call Trace: [ 15.973926] <TASK> [ 15.973948] dump_stack_lvl+0x73/0xb0 [ 15.973983] print_report+0xd1/0x650 [ 15.974233] ? __virt_addr_valid+0x1db/0x2d0 [ 15.974267] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.974323] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974353] kasan_report+0x141/0x180 [ 15.974379] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974414] kasan_check_range+0x10c/0x1c0 [ 15.974442] __kasan_check_write+0x18/0x20 [ 15.974465] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 15.974494] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.974525] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.974554] ? trace_hardirqs_on+0x37/0xe0 [ 15.974581] ? kasan_bitops_generic+0x92/0x1c0 [ 15.974613] kasan_bitops_generic+0x116/0x1c0 [ 15.974639] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.974668] ? __pfx_read_tsc+0x10/0x10 [ 15.974693] ? ktime_get_ts64+0x86/0x230 [ 15.974721] kunit_try_run_case+0x1a5/0x480 [ 15.974750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.974776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.974817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.974843] ? __kthread_parkme+0x82/0x180 [ 15.974868] ? preempt_count_sub+0x50/0x80 [ 15.974895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.974921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.974947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.974973] kthread+0x337/0x6f0 [ 15.974997] ? trace_preempt_on+0x20/0xc0 [ 15.975021] ? __pfx_kthread+0x10/0x10 [ 15.975045] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.975070] ? calculate_sigpending+0x7b/0xa0 [ 15.975112] ? __pfx_kthread+0x10/0x10 [ 15.975137] ret_from_fork+0x116/0x1d0 [ 15.975158] ? __pfx_kthread+0x10/0x10 [ 15.975182] ret_from_fork_asm+0x1a/0x30 [ 15.975218] </TASK> [ 15.975234] [ 15.986569] Allocated by task 279: [ 15.986767] kasan_save_stack+0x45/0x70 [ 15.987139] kasan_save_track+0x18/0x40 [ 15.987359] kasan_save_alloc_info+0x3b/0x50 [ 15.987727] __kasan_kmalloc+0xb7/0xc0 [ 15.988047] __kmalloc_cache_noprof+0x189/0x420 [ 15.988378] kasan_bitops_generic+0x92/0x1c0 [ 15.988633] kunit_try_run_case+0x1a5/0x480 [ 15.988864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.989118] kthread+0x337/0x6f0 [ 15.989545] ret_from_fork+0x116/0x1d0 [ 15.989757] ret_from_fork_asm+0x1a/0x30 [ 15.990101] [ 15.990286] The buggy address belongs to the object at ffff88810216f120 [ 15.990286] which belongs to the cache kmalloc-16 of size 16 [ 15.990955] The buggy address is located 8 bytes inside of [ 15.990955] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.991746] [ 15.991883] The buggy address belongs to the physical page: [ 15.992138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.992519] flags: 0x200000000000000(node=0|zone=2) [ 15.992776] page_type: f5(slab) [ 15.992983] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.993742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.994211] page dumped because: kasan: bad access detected [ 15.994444] [ 15.994726] Memory state around the buggy address: [ 15.994965] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.995634] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.996059] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.996517] ^ [ 15.996708] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.997305] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.997673] ================================================================== [ 15.923885] ================================================================== [ 15.924622] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925085] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.925447] [ 15.925582] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.925635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.925650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.925676] Call Trace: [ 15.925696] <TASK> [ 15.925715] dump_stack_lvl+0x73/0xb0 [ 15.925750] print_report+0xd1/0x650 [ 15.925776] ? __virt_addr_valid+0x1db/0x2d0 [ 15.925816] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.925872] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925903] kasan_report+0x141/0x180 [ 15.925929] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.925964] kasan_check_range+0x10c/0x1c0 [ 15.925992] __kasan_check_write+0x18/0x20 [ 15.926015] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 15.926069] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.926102] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.926132] ? trace_hardirqs_on+0x37/0xe0 [ 15.926158] ? kasan_bitops_generic+0x92/0x1c0 [ 15.926189] kasan_bitops_generic+0x116/0x1c0 [ 15.926217] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.926246] ? __pfx_read_tsc+0x10/0x10 [ 15.926271] ? ktime_get_ts64+0x86/0x230 [ 15.926299] kunit_try_run_case+0x1a5/0x480 [ 15.926326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.926352] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.926381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.926408] ? __kthread_parkme+0x82/0x180 [ 15.926431] ? preempt_count_sub+0x50/0x80 [ 15.926459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.926486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.926513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.926540] kthread+0x337/0x6f0 [ 15.926564] ? trace_preempt_on+0x20/0xc0 [ 15.926590] ? __pfx_kthread+0x10/0x10 [ 15.926614] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.926638] ? calculate_sigpending+0x7b/0xa0 [ 15.926667] ? __pfx_kthread+0x10/0x10 [ 15.926693] ret_from_fork+0x116/0x1d0 [ 15.926714] ? __pfx_kthread+0x10/0x10 [ 15.926739] ret_from_fork_asm+0x1a/0x30 [ 15.926774] </TASK> [ 15.926797] [ 15.936033] Allocated by task 279: [ 15.936270] kasan_save_stack+0x45/0x70 [ 15.936521] kasan_save_track+0x18/0x40 [ 15.936741] kasan_save_alloc_info+0x3b/0x50 [ 15.936944] __kasan_kmalloc+0xb7/0xc0 [ 15.937120] __kmalloc_cache_noprof+0x189/0x420 [ 15.937400] kasan_bitops_generic+0x92/0x1c0 [ 15.937642] kunit_try_run_case+0x1a5/0x480 [ 15.937900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.938205] kthread+0x337/0x6f0 [ 15.938364] ret_from_fork+0x116/0x1d0 [ 15.938517] ret_from_fork_asm+0x1a/0x30 [ 15.938729] [ 15.938852] The buggy address belongs to the object at ffff88810216f120 [ 15.938852] which belongs to the cache kmalloc-16 of size 16 [ 15.939405] The buggy address is located 8 bytes inside of [ 15.939405] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.940149] [ 15.940263] The buggy address belongs to the physical page: [ 15.940548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.940832] flags: 0x200000000000000(node=0|zone=2) [ 15.941097] page_type: f5(slab) [ 15.941359] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.941708] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.941977] page dumped because: kasan: bad access detected [ 15.942173] [ 15.942252] Memory state around the buggy address: [ 15.942497] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.942881] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.943441] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.943847] ^ [ 15.944101] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.944461] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.944783] ================================================================== [ 15.945408] ================================================================== [ 15.946293] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.946700] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.946979] [ 15.947085] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.947137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.947152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.947178] Call Trace: [ 15.947198] <TASK> [ 15.947217] dump_stack_lvl+0x73/0xb0 [ 15.947251] print_report+0xd1/0x650 [ 15.947278] ? __virt_addr_valid+0x1db/0x2d0 [ 15.947335] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.947392] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947422] kasan_report+0x141/0x180 [ 15.947447] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947483] kasan_check_range+0x10c/0x1c0 [ 15.947510] __kasan_check_write+0x18/0x20 [ 15.947532] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 15.947562] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.947592] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.947638] ? trace_hardirqs_on+0x37/0xe0 [ 15.947664] ? kasan_bitops_generic+0x92/0x1c0 [ 15.947696] kasan_bitops_generic+0x116/0x1c0 [ 15.947723] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.947751] ? __pfx_read_tsc+0x10/0x10 [ 15.947775] ? ktime_get_ts64+0x86/0x230 [ 15.947815] kunit_try_run_case+0x1a5/0x480 [ 15.947842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.947867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.947896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.947923] ? __kthread_parkme+0x82/0x180 [ 15.947947] ? preempt_count_sub+0x50/0x80 [ 15.947974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.948001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.948027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.948052] kthread+0x337/0x6f0 [ 15.948074] ? trace_preempt_on+0x20/0xc0 [ 15.948099] ? __pfx_kthread+0x10/0x10 [ 15.948123] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.948146] ? calculate_sigpending+0x7b/0xa0 [ 15.948174] ? __pfx_kthread+0x10/0x10 [ 15.948197] ret_from_fork+0x116/0x1d0 [ 15.948219] ? __pfx_kthread+0x10/0x10 [ 15.948242] ret_from_fork_asm+0x1a/0x30 [ 15.948278] </TASK> [ 15.948291] [ 15.960925] Allocated by task 279: [ 15.961151] kasan_save_stack+0x45/0x70 [ 15.961387] kasan_save_track+0x18/0x40 [ 15.961546] kasan_save_alloc_info+0x3b/0x50 [ 15.961810] __kasan_kmalloc+0xb7/0xc0 [ 15.962055] __kmalloc_cache_noprof+0x189/0x420 [ 15.962306] kasan_bitops_generic+0x92/0x1c0 [ 15.962563] kunit_try_run_case+0x1a5/0x480 [ 15.962818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.963068] kthread+0x337/0x6f0 [ 15.963381] ret_from_fork+0x116/0x1d0 [ 15.963594] ret_from_fork_asm+0x1a/0x30 [ 15.963809] [ 15.963893] The buggy address belongs to the object at ffff88810216f120 [ 15.963893] which belongs to the cache kmalloc-16 of size 16 [ 15.964407] The buggy address is located 8 bytes inside of [ 15.964407] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.965104] [ 15.965190] The buggy address belongs to the physical page: [ 15.965399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.966027] flags: 0x200000000000000(node=0|zone=2) [ 15.966653] page_type: f5(slab) [ 15.966842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.967111] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.967594] page dumped because: kasan: bad access detected [ 15.968290] [ 15.968414] Memory state around the buggy address: [ 15.968651] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.969024] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.969647] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.970117] ^ [ 15.970332] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.970686] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.971039] ================================================================== [ 15.998705] ================================================================== [ 15.999088] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000124] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 16.000402] [ 16.000523] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.000579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.000595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.000621] Call Trace: [ 16.000643] <TASK> [ 16.000664] dump_stack_lvl+0x73/0xb0 [ 16.000701] print_report+0xd1/0x650 [ 16.000728] ? __virt_addr_valid+0x1db/0x2d0 [ 16.000755] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000799] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.000827] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000857] kasan_report+0x141/0x180 [ 16.000883] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000918] kasan_check_range+0x10c/0x1c0 [ 16.000946] __kasan_check_write+0x18/0x20 [ 16.000968] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 16.000997] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 16.001028] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.001057] ? trace_hardirqs_on+0x37/0xe0 [ 16.001082] ? kasan_bitops_generic+0x92/0x1c0 [ 16.001115] kasan_bitops_generic+0x116/0x1c0 [ 16.001142] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 16.001172] ? __pfx_read_tsc+0x10/0x10 [ 16.001197] ? ktime_get_ts64+0x86/0x230 [ 16.001225] kunit_try_run_case+0x1a5/0x480 [ 16.001252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.001277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.001305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.001339] ? __kthread_parkme+0x82/0x180 [ 16.001363] ? preempt_count_sub+0x50/0x80 [ 16.001391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.001478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.001506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.001547] kthread+0x337/0x6f0 [ 16.001570] ? trace_preempt_on+0x20/0xc0 [ 16.001595] ? __pfx_kthread+0x10/0x10 [ 16.001619] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.001645] ? calculate_sigpending+0x7b/0xa0 [ 16.001672] ? __pfx_kthread+0x10/0x10 [ 16.001697] ret_from_fork+0x116/0x1d0 [ 16.001719] ? __pfx_kthread+0x10/0x10 [ 16.001744] ret_from_fork_asm+0x1a/0x30 [ 16.001806] </TASK> [ 16.001820] [ 16.016180] Allocated by task 279: [ 16.016435] kasan_save_stack+0x45/0x70 [ 16.016694] kasan_save_track+0x18/0x40 [ 16.016869] kasan_save_alloc_info+0x3b/0x50 [ 16.017126] __kasan_kmalloc+0xb7/0xc0 [ 16.017411] __kmalloc_cache_noprof+0x189/0x420 [ 16.017762] kasan_bitops_generic+0x92/0x1c0 [ 16.018076] kunit_try_run_case+0x1a5/0x480 [ 16.018367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.018615] kthread+0x337/0x6f0 [ 16.018878] ret_from_fork+0x116/0x1d0 [ 16.019157] ret_from_fork_asm+0x1a/0x30 [ 16.019455] [ 16.019546] The buggy address belongs to the object at ffff88810216f120 [ 16.019546] which belongs to the cache kmalloc-16 of size 16 [ 16.020124] The buggy address is located 8 bytes inside of [ 16.020124] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 16.020886] [ 16.020977] The buggy address belongs to the physical page: [ 16.021233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 16.021760] flags: 0x200000000000000(node=0|zone=2) [ 16.022054] page_type: f5(slab) [ 16.022266] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.022759] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.023117] page dumped because: kasan: bad access detected [ 16.023482] [ 16.023612] Memory state around the buggy address: [ 16.023862] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 16.024291] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.024668] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.025054] ^ [ 16.025347] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.025688] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.026078] ================================================================== [ 15.880424] ================================================================== [ 15.881115] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.881754] Write of size 8 at addr ffff88810216f128 by task kunit_try_catch/279 [ 15.882094] [ 15.882238] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.882292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.882307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.882333] Call Trace: [ 15.882350] <TASK> [ 15.882371] dump_stack_lvl+0x73/0xb0 [ 15.882406] print_report+0xd1/0x650 [ 15.882434] ? __virt_addr_valid+0x1db/0x2d0 [ 15.882459] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882489] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.882515] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882546] kasan_report+0x141/0x180 [ 15.882573] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882608] kasan_check_range+0x10c/0x1c0 [ 15.882635] __kasan_check_write+0x18/0x20 [ 15.882657] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 15.882686] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 15.882715] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.882744] ? trace_hardirqs_on+0x37/0xe0 [ 15.882770] ? kasan_bitops_generic+0x92/0x1c0 [ 15.882814] kasan_bitops_generic+0x116/0x1c0 [ 15.882841] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.882870] ? __pfx_read_tsc+0x10/0x10 [ 15.882895] ? ktime_get_ts64+0x86/0x230 [ 15.882923] kunit_try_run_case+0x1a5/0x480 [ 15.882951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.882977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.883004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.883031] ? __kthread_parkme+0x82/0x180 [ 15.883055] ? preempt_count_sub+0x50/0x80 [ 15.883082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.883126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.883152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.883178] kthread+0x337/0x6f0 [ 15.883201] ? trace_preempt_on+0x20/0xc0 [ 15.883226] ? __pfx_kthread+0x10/0x10 [ 15.883250] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.883274] ? calculate_sigpending+0x7b/0xa0 [ 15.883302] ? __pfx_kthread+0x10/0x10 [ 15.883327] ret_from_fork+0x116/0x1d0 [ 15.883349] ? __pfx_kthread+0x10/0x10 [ 15.883372] ret_from_fork_asm+0x1a/0x30 [ 15.883408] </TASK> [ 15.883422] [ 15.892472] Allocated by task 279: [ 15.892679] kasan_save_stack+0x45/0x70 [ 15.892918] kasan_save_track+0x18/0x40 [ 15.893075] kasan_save_alloc_info+0x3b/0x50 [ 15.893338] __kasan_kmalloc+0xb7/0xc0 [ 15.893556] __kmalloc_cache_noprof+0x189/0x420 [ 15.893781] kasan_bitops_generic+0x92/0x1c0 [ 15.894021] kunit_try_run_case+0x1a5/0x480 [ 15.894347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.894566] kthread+0x337/0x6f0 [ 15.894711] ret_from_fork+0x116/0x1d0 [ 15.894941] ret_from_fork_asm+0x1a/0x30 [ 15.895166] [ 15.895286] The buggy address belongs to the object at ffff88810216f120 [ 15.895286] which belongs to the cache kmalloc-16 of size 16 [ 15.895853] The buggy address is located 8 bytes inside of [ 15.895853] allocated 9-byte region [ffff88810216f120, ffff88810216f129) [ 15.896402] [ 15.896608] The buggy address belongs to the physical page: [ 15.896874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 15.897346] flags: 0x200000000000000(node=0|zone=2) [ 15.897545] page_type: f5(slab) [ 15.897685] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.898042] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.898434] page dumped because: kasan: bad access detected [ 15.898833] [ 15.898931] Memory state around the buggy address: [ 15.899116] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.899481] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.899977] >ffff88810216f100: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.900351] ^ [ 15.900563] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.900899] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.901208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 15.616566] ================================================================== [ 15.617519] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 15.618342] Read of size 1 at addr ffff888103a4fc3f by task kunit_try_catch/269 [ 15.618731] [ 15.618886] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.618948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.618962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.618988] Call Trace: [ 15.619006] <TASK> [ 15.619029] dump_stack_lvl+0x73/0xb0 [ 15.619068] print_report+0xd1/0x650 [ 15.619096] ? __virt_addr_valid+0x1db/0x2d0 [ 15.619124] ? kasan_alloca_oob_left+0x320/0x380 [ 15.619329] ? kasan_addr_to_slab+0x11/0xa0 [ 15.619357] ? kasan_alloca_oob_left+0x320/0x380 [ 15.619384] kasan_report+0x141/0x180 [ 15.619410] ? kasan_alloca_oob_left+0x320/0x380 [ 15.619486] __asan_report_load1_noabort+0x18/0x20 [ 15.619516] kasan_alloca_oob_left+0x320/0x380 [ 15.619544] ? irqentry_exit+0x2a/0x60 [ 15.619571] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.619600] ? trace_hardirqs_on+0x37/0xe0 [ 15.619631] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 15.619662] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 15.619693] kunit_try_run_case+0x1a5/0x480 [ 15.619723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.619748] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.619776] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.619819] ? __kthread_parkme+0x82/0x180 [ 15.619844] ? preempt_count_sub+0x50/0x80 [ 15.619873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.619899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.619925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.619951] kthread+0x337/0x6f0 [ 15.619973] ? trace_preempt_on+0x20/0xc0 [ 15.619998] ? __pfx_kthread+0x10/0x10 [ 15.620022] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.620047] ? calculate_sigpending+0x7b/0xa0 [ 15.620076] ? __pfx_kthread+0x10/0x10 [ 15.620101] ret_from_fork+0x116/0x1d0 [ 15.620124] ? __pfx_kthread+0x10/0x10 [ 15.620148] ret_from_fork_asm+0x1a/0x30 [ 15.620187] </TASK> [ 15.620203] [ 15.633861] The buggy address belongs to stack of task kunit_try_catch/269 [ 15.634704] [ 15.634906] The buggy address belongs to the physical page: [ 15.635390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a4f [ 15.635801] flags: 0x200000000000000(node=0|zone=2) [ 15.636016] raw: 0200000000000000 ffffea00040e93c8 ffffea00040e93c8 0000000000000000 [ 15.636544] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 15.636906] page dumped because: kasan: bad access detected [ 15.637778] [ 15.637911] Memory state around the buggy address: [ 15.638101] ffff888103a4fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.638578] ffff888103a4fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.639358] >ffff888103a4fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 15.639693] ^ [ 15.639956] ffff888103a4fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 15.640549] ffff888103a4fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 15.640900] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 15.584193] ================================================================== [ 15.585399] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 15.585813] Read of size 1 at addr ffff888103ae7d02 by task kunit_try_catch/267 [ 15.586380] [ 15.586495] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.586550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.586565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.586591] Call Trace: [ 15.586608] <TASK> [ 15.586630] dump_stack_lvl+0x73/0xb0 [ 15.586670] print_report+0xd1/0x650 [ 15.586698] ? __virt_addr_valid+0x1db/0x2d0 [ 15.586729] ? kasan_stack_oob+0x2b5/0x300 [ 15.586752] ? kasan_addr_to_slab+0x11/0xa0 [ 15.586775] ? kasan_stack_oob+0x2b5/0x300 [ 15.586812] kasan_report+0x141/0x180 [ 15.586837] ? kasan_stack_oob+0x2b5/0x300 [ 15.586866] __asan_report_load1_noabort+0x18/0x20 [ 15.586894] kasan_stack_oob+0x2b5/0x300 [ 15.586918] ? __pfx_kasan_stack_oob+0x10/0x10 [ 15.586940] ? finish_task_switch.isra.0+0x153/0x700 [ 15.586967] ? __switch_to+0x47/0xf50 [ 15.586998] ? __schedule+0x10cc/0x2b60 [ 15.587024] ? __pfx_read_tsc+0x10/0x10 [ 15.587049] ? ktime_get_ts64+0x86/0x230 [ 15.587076] kunit_try_run_case+0x1a5/0x480 [ 15.587108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.587133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.587161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.587187] ? __kthread_parkme+0x82/0x180 [ 15.587213] ? preempt_count_sub+0x50/0x80 [ 15.587239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.587265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.587292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.587318] kthread+0x337/0x6f0 [ 15.587340] ? trace_preempt_on+0x20/0xc0 [ 15.587368] ? __pfx_kthread+0x10/0x10 [ 15.587392] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.587417] ? calculate_sigpending+0x7b/0xa0 [ 15.587445] ? __pfx_kthread+0x10/0x10 [ 15.587470] ret_from_fork+0x116/0x1d0 [ 15.587492] ? __pfx_kthread+0x10/0x10 [ 15.587518] ret_from_fork_asm+0x1a/0x30 [ 15.587567] </TASK> [ 15.587582] [ 15.598565] The buggy address belongs to stack of task kunit_try_catch/267 [ 15.599035] and is located at offset 138 in frame: [ 15.599732] kasan_stack_oob+0x0/0x300 [ 15.600464] [ 15.600623] This frame has 4 objects: [ 15.600944] [48, 49) '__assertion' [ 15.600973] [64, 72) 'array' [ 15.601122] [96, 112) '__assertion' [ 15.601265] [128, 138) 'stack_array' [ 15.601916] [ 15.603006] The buggy address belongs to the physical page: [ 15.603242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae7 [ 15.603522] flags: 0x200000000000000(node=0|zone=2) [ 15.603729] raw: 0200000000000000 ffffea00040eb9c8 ffffea00040eb9c8 0000000000000000 [ 15.604008] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 15.604260] page dumped because: kasan: bad access detected [ 15.604453] [ 15.604532] Memory state around the buggy address: [ 15.604708] ffff888103ae7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 15.605853] ffff888103ae7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 15.607415] >ffff888103ae7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 15.607960] ^ [ 15.608144] ffff888103ae7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 15.608466] ffff888103ae7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.608719] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 15.547980] ================================================================== [ 15.548519] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 15.548823] Read of size 1 at addr ffffffffbc461e8d by task kunit_try_catch/263 [ 15.549077] [ 15.549212] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.549266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.549280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.549307] Call Trace: [ 15.549323] <TASK> [ 15.549351] dump_stack_lvl+0x73/0xb0 [ 15.549385] print_report+0xd1/0x650 [ 15.549410] ? __virt_addr_valid+0x1db/0x2d0 [ 15.549436] ? kasan_global_oob_right+0x286/0x2d0 [ 15.549459] ? kasan_addr_to_slab+0x11/0xa0 [ 15.549483] ? kasan_global_oob_right+0x286/0x2d0 [ 15.549509] kasan_report+0x141/0x180 [ 15.549534] ? kasan_global_oob_right+0x286/0x2d0 [ 15.549563] __asan_report_load1_noabort+0x18/0x20 [ 15.549590] kasan_global_oob_right+0x286/0x2d0 [ 15.549615] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 15.549642] ? __schedule+0x10cc/0x2b60 [ 15.549668] ? __pfx_read_tsc+0x10/0x10 [ 15.549692] ? ktime_get_ts64+0x86/0x230 [ 15.549721] kunit_try_run_case+0x1a5/0x480 [ 15.549751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.549776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.550237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.550268] ? __kthread_parkme+0x82/0x180 [ 15.550295] ? preempt_count_sub+0x50/0x80 [ 15.550323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.550581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.550610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.550639] kthread+0x337/0x6f0 [ 15.550663] ? trace_preempt_on+0x20/0xc0 [ 15.550692] ? __pfx_kthread+0x10/0x10 [ 15.550716] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.550741] ? calculate_sigpending+0x7b/0xa0 [ 15.550768] ? __pfx_kthread+0x10/0x10 [ 15.550808] ret_from_fork+0x116/0x1d0 [ 15.550832] ? __pfx_kthread+0x10/0x10 [ 15.550856] ret_from_fork_asm+0x1a/0x30 [ 15.550893] </TASK> [ 15.550909] [ 15.567376] The buggy address belongs to the variable: [ 15.567916] global_array+0xd/0x40 [ 15.568395] [ 15.568615] The buggy address belongs to the physical page: [ 15.569176] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73261 [ 15.570033] flags: 0x100000000002000(reserved|node=0|zone=1) [ 15.570860] raw: 0100000000002000 ffffea0001cc9848 ffffea0001cc9848 0000000000000000 [ 15.571367] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 15.572100] page dumped because: kasan: bad access detected [ 15.572679] [ 15.572768] Memory state around the buggy address: [ 15.572966] ffffffffbc461d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.573338] ffffffffbc461e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.573639] >ffffffffbc461e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 15.574009] ^ [ 15.574177] ffffffffbc461f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 15.574518] ffffffffbc461f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 15.575385] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 15.516074] ================================================================== [ 15.517394] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.517699] Free of addr ffff888103aac001 by task kunit_try_catch/261 [ 15.517941] [ 15.518048] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.518110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.518125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.518152] Call Trace: [ 15.518169] <TASK> [ 15.518189] dump_stack_lvl+0x73/0xb0 [ 15.518224] print_report+0xd1/0x650 [ 15.518251] ? __virt_addr_valid+0x1db/0x2d0 [ 15.518279] ? kasan_addr_to_slab+0x11/0xa0 [ 15.518303] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518332] kasan_report_invalid_free+0x10a/0x130 [ 15.518360] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518391] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518419] __kasan_mempool_poison_object+0x102/0x1d0 [ 15.518447] mempool_free+0x2ec/0x380 [ 15.518475] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.518532] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.518562] ? __kasan_check_write+0x18/0x20 [ 15.518584] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.518609] ? finish_task_switch.isra.0+0x153/0x700 [ 15.518639] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 15.518666] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 15.518697] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.518722] ? __pfx_mempool_kfree+0x10/0x10 [ 15.518751] ? __pfx_read_tsc+0x10/0x10 [ 15.518775] ? ktime_get_ts64+0x86/0x230 [ 15.518813] kunit_try_run_case+0x1a5/0x480 [ 15.518841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.518866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.518894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.518920] ? __kthread_parkme+0x82/0x180 [ 15.518944] ? preempt_count_sub+0x50/0x80 [ 15.518970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.518997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.519047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.519076] kthread+0x337/0x6f0 [ 15.519098] ? trace_preempt_on+0x20/0xc0 [ 15.519124] ? __pfx_kthread+0x10/0x10 [ 15.519150] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.519175] ? calculate_sigpending+0x7b/0xa0 [ 15.519204] ? __pfx_kthread+0x10/0x10 [ 15.519228] ret_from_fork+0x116/0x1d0 [ 15.519250] ? __pfx_kthread+0x10/0x10 [ 15.519273] ret_from_fork_asm+0x1a/0x30 [ 15.519308] </TASK> [ 15.519322] [ 15.537070] The buggy address belongs to the physical page: [ 15.537304] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aac [ 15.538007] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.538472] flags: 0x200000000000040(head|node=0|zone=2) [ 15.538765] page_type: f8(unknown) [ 15.538992] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.539433] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.539843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.540247] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.540749] head: 0200000000000002 ffffea00040eab01 00000000ffffffff 00000000ffffffff [ 15.541122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.541776] page dumped because: kasan: bad access detected [ 15.542049] [ 15.542158] Memory state around the buggy address: [ 15.542450] ffff888103aabf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.542779] ffff888103aabf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.543133] >ffff888103aac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.543479] ^ [ 15.543679] ffff888103aac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.543987] ffff888103aac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.544432] ================================================================== [ 15.482410] ================================================================== [ 15.483721] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.484289] Free of addr ffff888103929301 by task kunit_try_catch/259 [ 15.484972] [ 15.485235] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.485303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.485318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.485349] Call Trace: [ 15.485380] <TASK> [ 15.485401] dump_stack_lvl+0x73/0xb0 [ 15.485439] print_report+0xd1/0x650 [ 15.485480] ? __virt_addr_valid+0x1db/0x2d0 [ 15.485509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.485535] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485565] kasan_report_invalid_free+0x10a/0x130 [ 15.485593] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485624] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485651] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485679] check_slab_allocation+0x11f/0x130 [ 15.485704] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.485731] mempool_free+0x2ec/0x380 [ 15.485754] ? mempool_alloc_preallocated+0x5b/0x90 [ 15.485782] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 15.485821] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 15.485852] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.485876] ? finish_task_switch.isra.0+0x153/0x700 [ 15.485905] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.485932] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 15.485963] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.485989] ? __pfx_mempool_kfree+0x10/0x10 [ 15.486017] ? __pfx_read_tsc+0x10/0x10 [ 15.486043] ? ktime_get_ts64+0x86/0x230 [ 15.486092] kunit_try_run_case+0x1a5/0x480 [ 15.486123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.486147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.486176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.486202] ? __kthread_parkme+0x82/0x180 [ 15.486227] ? preempt_count_sub+0x50/0x80 [ 15.486252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.486279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.486305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.486331] kthread+0x337/0x6f0 [ 15.486353] ? trace_preempt_on+0x20/0xc0 [ 15.486379] ? __pfx_kthread+0x10/0x10 [ 15.486402] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.486427] ? calculate_sigpending+0x7b/0xa0 [ 15.486457] ? __pfx_kthread+0x10/0x10 [ 15.486481] ret_from_fork+0x116/0x1d0 [ 15.486503] ? __pfx_kthread+0x10/0x10 [ 15.486525] ret_from_fork_asm+0x1a/0x30 [ 15.486561] </TASK> [ 15.486574] [ 15.502441] Allocated by task 259: [ 15.502646] kasan_save_stack+0x45/0x70 [ 15.502888] kasan_save_track+0x18/0x40 [ 15.503042] kasan_save_alloc_info+0x3b/0x50 [ 15.503266] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.503572] remove_element+0x11e/0x190 [ 15.503749] mempool_alloc_preallocated+0x4d/0x90 [ 15.503937] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 15.504268] mempool_kmalloc_invalid_free+0xed/0x140 [ 15.504566] kunit_try_run_case+0x1a5/0x480 [ 15.504783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.505020] kthread+0x337/0x6f0 [ 15.505177] ret_from_fork+0x116/0x1d0 [ 15.505395] ret_from_fork_asm+0x1a/0x30 [ 15.505640] [ 15.505748] The buggy address belongs to the object at ffff888103929300 [ 15.505748] which belongs to the cache kmalloc-128 of size 128 [ 15.506296] The buggy address is located 1 bytes inside of [ 15.506296] 128-byte region [ffff888103929300, ffff888103929380) [ 15.506868] [ 15.506953] The buggy address belongs to the physical page: [ 15.507282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 15.507672] flags: 0x200000000000000(node=0|zone=2) [ 15.507939] page_type: f5(slab) [ 15.508169] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.508534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.508902] page dumped because: kasan: bad access detected [ 15.509201] [ 15.509320] Memory state around the buggy address: [ 15.509558] ffff888103929200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.509864] ffff888103929280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510267] >ffff888103929300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.510651] ^ [ 15.510842] ffff888103929380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511224] ffff888103929400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.511542] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 15.427847] ================================================================== [ 15.428543] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 15.428897] Free of addr ffff888103a6c000 by task kunit_try_catch/255 [ 15.429277] [ 15.429429] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.429548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.429565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.429592] Call Trace: [ 15.429608] <TASK> [ 15.429632] dump_stack_lvl+0x73/0xb0 [ 15.429709] print_report+0xd1/0x650 [ 15.429736] ? __virt_addr_valid+0x1db/0x2d0 [ 15.429765] ? kasan_addr_to_slab+0x11/0xa0 [ 15.429802] ? mempool_double_free_helper+0x184/0x370 [ 15.429830] kasan_report_invalid_free+0x10a/0x130 [ 15.429892] ? mempool_double_free_helper+0x184/0x370 [ 15.429923] ? mempool_double_free_helper+0x184/0x370 [ 15.429949] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 15.429977] mempool_free+0x2ec/0x380 [ 15.430005] mempool_double_free_helper+0x184/0x370 [ 15.430032] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 15.430061] ? __kasan_check_write+0x18/0x20 [ 15.430082] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.430109] ? finish_task_switch.isra.0+0x153/0x700 [ 15.430138] mempool_kmalloc_large_double_free+0xed/0x140 [ 15.430203] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 15.430235] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.430261] ? __pfx_mempool_kfree+0x10/0x10 [ 15.430288] ? __pfx_read_tsc+0x10/0x10 [ 15.430313] ? ktime_get_ts64+0x86/0x230 [ 15.430422] kunit_try_run_case+0x1a5/0x480 [ 15.430455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.430480] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.430510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.430536] ? __kthread_parkme+0x82/0x180 [ 15.430560] ? preempt_count_sub+0x50/0x80 [ 15.430586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.430614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.430640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.430666] kthread+0x337/0x6f0 [ 15.430687] ? trace_preempt_on+0x20/0xc0 [ 15.430716] ? __pfx_kthread+0x10/0x10 [ 15.430739] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.430762] ? calculate_sigpending+0x7b/0xa0 [ 15.430804] ? __pfx_kthread+0x10/0x10 [ 15.430829] ret_from_fork+0x116/0x1d0 [ 15.430851] ? __pfx_kthread+0x10/0x10 [ 15.430874] ret_from_fork_asm+0x1a/0x30 [ 15.430911] </TASK> [ 15.430927] [ 15.445115] The buggy address belongs to the physical page: [ 15.445436] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a6c [ 15.446302] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.446812] flags: 0x200000000000040(head|node=0|zone=2) [ 15.447140] page_type: f8(unknown) [ 15.447484] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.447874] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.448441] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.449050] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.449770] head: 0200000000000002 ffffea00040e9b01 00000000ffffffff 00000000ffffffff [ 15.450452] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.451010] page dumped because: kasan: bad access detected [ 15.451429] [ 15.451695] Memory state around the buggy address: [ 15.451976] ffff888103a6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.452515] ffff888103a6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.452858] >ffff888103a6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.453196] ^ [ 15.453500] ffff888103a6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.453835] ffff888103a6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.454217] ================================================================== [ 15.386501] ================================================================== [ 15.387017] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 15.387325] Free of addr ffff8881029f9800 by task kunit_try_catch/253 [ 15.388175] [ 15.388428] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.388486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.388502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.388528] Call Trace: [ 15.388545] <TASK> [ 15.388564] dump_stack_lvl+0x73/0xb0 [ 15.388858] print_report+0xd1/0x650 [ 15.388887] ? __virt_addr_valid+0x1db/0x2d0 [ 15.388916] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.388941] ? mempool_double_free_helper+0x184/0x370 [ 15.388969] kasan_report_invalid_free+0x10a/0x130 [ 15.388998] ? mempool_double_free_helper+0x184/0x370 [ 15.389028] ? mempool_double_free_helper+0x184/0x370 [ 15.389054] ? mempool_double_free_helper+0x184/0x370 [ 15.389081] check_slab_allocation+0x101/0x130 [ 15.389107] __kasan_mempool_poison_object+0x91/0x1d0 [ 15.389280] mempool_free+0x2ec/0x380 [ 15.389314] mempool_double_free_helper+0x184/0x370 [ 15.389349] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 15.389378] ? irqentry_exit+0x2a/0x60 [ 15.389404] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.389431] ? trace_hardirqs_on+0x37/0xe0 [ 15.389461] mempool_kmalloc_double_free+0xed/0x140 [ 15.389488] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 15.389519] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.389545] ? __pfx_mempool_kfree+0x10/0x10 [ 15.389574] ? mempool_kmalloc_double_free+0x32/0x140 [ 15.389605] kunit_try_run_case+0x1a5/0x480 [ 15.389633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.389659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.389685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.389712] ? __kthread_parkme+0x82/0x180 [ 15.389735] ? preempt_count_sub+0x50/0x80 [ 15.389761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.389802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.389831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.389857] kthread+0x337/0x6f0 [ 15.389879] ? trace_preempt_on+0x20/0xc0 [ 15.389905] ? __pfx_kthread+0x10/0x10 [ 15.389927] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.389952] ? calculate_sigpending+0x7b/0xa0 [ 15.389979] ? __pfx_kthread+0x10/0x10 [ 15.390004] ret_from_fork+0x116/0x1d0 [ 15.390026] ? __pfx_kthread+0x10/0x10 [ 15.390050] ret_from_fork_asm+0x1a/0x30 [ 15.390086] </TASK> [ 15.390102] [ 15.404954] Allocated by task 253: [ 15.405269] kasan_save_stack+0x45/0x70 [ 15.406080] kasan_save_track+0x18/0x40 [ 15.406572] kasan_save_alloc_info+0x3b/0x50 [ 15.407014] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.407830] remove_element+0x11e/0x190 [ 15.407999] mempool_alloc_preallocated+0x4d/0x90 [ 15.408412] mempool_double_free_helper+0x8a/0x370 [ 15.408925] mempool_kmalloc_double_free+0xed/0x140 [ 15.409498] kunit_try_run_case+0x1a5/0x480 [ 15.410056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.410570] kthread+0x337/0x6f0 [ 15.410857] ret_from_fork+0x116/0x1d0 [ 15.411012] ret_from_fork_asm+0x1a/0x30 [ 15.411373] [ 15.411562] Freed by task 253: [ 15.411903] kasan_save_stack+0x45/0x70 [ 15.412328] kasan_save_track+0x18/0x40 [ 15.412856] kasan_save_free_info+0x3f/0x60 [ 15.413479] __kasan_mempool_poison_object+0x131/0x1d0 [ 15.413817] mempool_free+0x2ec/0x380 [ 15.413969] mempool_double_free_helper+0x109/0x370 [ 15.414194] mempool_kmalloc_double_free+0xed/0x140 [ 15.414752] kunit_try_run_case+0x1a5/0x480 [ 15.415216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.416009] kthread+0x337/0x6f0 [ 15.416555] ret_from_fork+0x116/0x1d0 [ 15.416968] ret_from_fork_asm+0x1a/0x30 [ 15.417499] [ 15.417699] The buggy address belongs to the object at ffff8881029f9800 [ 15.417699] which belongs to the cache kmalloc-128 of size 128 [ 15.418171] The buggy address is located 0 bytes inside of [ 15.418171] 128-byte region [ffff8881029f9800, ffff8881029f9880) [ 15.419059] [ 15.419383] The buggy address belongs to the physical page: [ 15.419624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 15.419929] flags: 0x200000000000000(node=0|zone=2) [ 15.420148] page_type: f5(slab) [ 15.420397] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.420736] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.421169] page dumped because: kasan: bad access detected [ 15.421510] [ 15.421630] Memory state around the buggy address: [ 15.421893] ffff8881029f9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.422336] ffff8881029f9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.422655] >ffff8881029f9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.422991] ^ [ 15.423177] ffff8881029f9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.423471] ffff8881029f9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.423969] ================================================================== [ 15.458430] ================================================================== [ 15.459284] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 15.459831] Free of addr ffff888103a6c000 by task kunit_try_catch/257 [ 15.460254] [ 15.460396] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.460453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.460484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.460510] Call Trace: [ 15.460540] <TASK> [ 15.460561] dump_stack_lvl+0x73/0xb0 [ 15.460598] print_report+0xd1/0x650 [ 15.460625] ? __virt_addr_valid+0x1db/0x2d0 [ 15.460653] ? kasan_addr_to_slab+0x11/0xa0 [ 15.460676] ? mempool_double_free_helper+0x184/0x370 [ 15.460704] kasan_report_invalid_free+0x10a/0x130 [ 15.460754] ? mempool_double_free_helper+0x184/0x370 [ 15.460784] ? mempool_double_free_helper+0x184/0x370 [ 15.460823] __kasan_mempool_poison_pages+0x115/0x130 [ 15.460851] mempool_free+0x290/0x380 [ 15.460878] mempool_double_free_helper+0x184/0x370 [ 15.460905] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 15.460931] ? update_load_avg+0x1be/0x21b0 [ 15.460957] ? dequeue_entities+0x27e/0x1740 [ 15.460985] ? finish_task_switch.isra.0+0x153/0x700 [ 15.461014] mempool_page_alloc_double_free+0xe8/0x140 [ 15.461043] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 15.461074] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 15.461110] ? __pfx_mempool_free_pages+0x10/0x10 [ 15.461185] ? __pfx_read_tsc+0x10/0x10 [ 15.461213] ? ktime_get_ts64+0x86/0x230 [ 15.461241] kunit_try_run_case+0x1a5/0x480 [ 15.461271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.461323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.461357] ? __kthread_parkme+0x82/0x180 [ 15.461382] ? preempt_count_sub+0x50/0x80 [ 15.461408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.461460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.461486] kthread+0x337/0x6f0 [ 15.461507] ? trace_preempt_on+0x20/0xc0 [ 15.461534] ? __pfx_kthread+0x10/0x10 [ 15.461557] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.461580] ? calculate_sigpending+0x7b/0xa0 [ 15.461608] ? __pfx_kthread+0x10/0x10 [ 15.461631] ret_from_fork+0x116/0x1d0 [ 15.461654] ? __pfx_kthread+0x10/0x10 [ 15.461676] ret_from_fork_asm+0x1a/0x30 [ 15.461713] </TASK> [ 15.461727] [ 15.472938] The buggy address belongs to the physical page: [ 15.473275] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a6c [ 15.473737] flags: 0x200000000000000(node=0|zone=2) [ 15.474035] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 15.474608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 15.474898] page dumped because: kasan: bad access detected [ 15.475091] [ 15.475205] Memory state around the buggy address: [ 15.475457] ffff888103a6bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.475840] ffff888103a6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.476296] >ffff888103a6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.476611] ^ [ 15.476837] ffff888103a6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.477211] ffff888103a6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.477868] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 15.357677] ================================================================== [ 15.358288] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 15.358727] Read of size 1 at addr ffff888103aa8000 by task kunit_try_catch/251 [ 15.359078] [ 15.359212] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.359267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.359284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.359311] Call Trace: [ 15.359328] <TASK> [ 15.359352] dump_stack_lvl+0x73/0xb0 [ 15.359442] print_report+0xd1/0x650 [ 15.359472] ? __virt_addr_valid+0x1db/0x2d0 [ 15.359499] ? mempool_uaf_helper+0x392/0x400 [ 15.359525] ? kasan_addr_to_slab+0x11/0xa0 [ 15.359548] ? mempool_uaf_helper+0x392/0x400 [ 15.359573] kasan_report+0x141/0x180 [ 15.359599] ? mempool_uaf_helper+0x392/0x400 [ 15.359629] __asan_report_load1_noabort+0x18/0x20 [ 15.359656] mempool_uaf_helper+0x392/0x400 [ 15.359681] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 15.359709] ? __kasan_check_write+0x18/0x20 [ 15.359730] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.359755] ? irqentry_exit+0x2a/0x60 [ 15.359781] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.359825] mempool_page_alloc_uaf+0xed/0x140 [ 15.359850] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 15.359878] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 15.359902] ? __pfx_mempool_free_pages+0x10/0x10 [ 15.359925] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 15.359954] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 15.359983] kunit_try_run_case+0x1a5/0x480 [ 15.360011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.360036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.360063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.360088] ? __kthread_parkme+0x82/0x180 [ 15.360111] ? preempt_count_sub+0x50/0x80 [ 15.360138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.360164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.360189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.360215] kthread+0x337/0x6f0 [ 15.360237] ? trace_preempt_on+0x20/0xc0 [ 15.360264] ? __pfx_kthread+0x10/0x10 [ 15.360286] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.360358] ? calculate_sigpending+0x7b/0xa0 [ 15.360385] ? __pfx_kthread+0x10/0x10 [ 15.360409] ret_from_fork+0x116/0x1d0 [ 15.360432] ? __pfx_kthread+0x10/0x10 [ 15.360455] ret_from_fork_asm+0x1a/0x30 [ 15.360489] </TASK> [ 15.360504] [ 15.373992] The buggy address belongs to the physical page: [ 15.374566] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aa8 [ 15.374960] flags: 0x200000000000000(node=0|zone=2) [ 15.375690] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 15.376027] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 15.377278] page dumped because: kasan: bad access detected [ 15.377568] [ 15.377677] Memory state around the buggy address: [ 15.377938] ffff888103aa7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.379043] ffff888103aa7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.379347] >ffff888103aa8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.379812] ^ [ 15.380070] ffff888103aa8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.380836] ffff888103aa8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.381736] ================================================================== [ 15.277854] ================================================================== [ 15.278767] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 15.279055] Read of size 1 at addr ffff888103aa8000 by task kunit_try_catch/247 [ 15.279323] [ 15.279435] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.279489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.279505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.279532] Call Trace: [ 15.279549] <TASK> [ 15.279572] dump_stack_lvl+0x73/0xb0 [ 15.279608] print_report+0xd1/0x650 [ 15.279636] ? __virt_addr_valid+0x1db/0x2d0 [ 15.279664] ? mempool_uaf_helper+0x392/0x400 [ 15.279690] ? kasan_addr_to_slab+0x11/0xa0 [ 15.279714] ? mempool_uaf_helper+0x392/0x400 [ 15.279739] kasan_report+0x141/0x180 [ 15.279765] ? mempool_uaf_helper+0x392/0x400 [ 15.279810] __asan_report_load1_noabort+0x18/0x20 [ 15.279838] mempool_uaf_helper+0x392/0x400 [ 15.279864] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 15.279891] ? __kasan_check_write+0x18/0x20 [ 15.279914] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.279939] ? finish_task_switch.isra.0+0x153/0x700 [ 15.279969] mempool_kmalloc_large_uaf+0xef/0x140 [ 15.280067] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 15.280316] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.280350] ? __pfx_mempool_kfree+0x10/0x10 [ 15.280379] ? __pfx_read_tsc+0x10/0x10 [ 15.280758] ? ktime_get_ts64+0x86/0x230 [ 15.280833] kunit_try_run_case+0x1a5/0x480 [ 15.280877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.280905] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.280934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.281120] ? __kthread_parkme+0x82/0x180 [ 15.281168] ? preempt_count_sub+0x50/0x80 [ 15.281194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.281221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.281248] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.281274] kthread+0x337/0x6f0 [ 15.281296] ? trace_preempt_on+0x20/0xc0 [ 15.281325] ? __pfx_kthread+0x10/0x10 [ 15.281352] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.281377] ? calculate_sigpending+0x7b/0xa0 [ 15.281405] ? __pfx_kthread+0x10/0x10 [ 15.281430] ret_from_fork+0x116/0x1d0 [ 15.281451] ? __pfx_kthread+0x10/0x10 [ 15.281475] ret_from_fork_asm+0x1a/0x30 [ 15.281511] </TASK> [ 15.281526] [ 15.297395] The buggy address belongs to the physical page: [ 15.298064] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aa8 [ 15.298778] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.299530] flags: 0x200000000000040(head|node=0|zone=2) [ 15.299938] page_type: f8(unknown) [ 15.300432] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.300852] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.301563] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.302308] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.302865] head: 0200000000000002 ffffea00040eaa01 00000000ffffffff 00000000ffffffff [ 15.303722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.304386] page dumped because: kasan: bad access detected [ 15.304673] [ 15.304778] Memory state around the buggy address: [ 15.304975] ffff888103aa7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.305328] ffff888103aa7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.305683] >ffff888103aa8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.306070] ^ [ 15.306470] ffff888103aa8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.306828] ffff888103aa8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 15.307204] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 15.313443] ================================================================== [ 15.314016] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 15.314427] Read of size 1 at addr ffff88810392e240 by task kunit_try_catch/249 [ 15.314894] [ 15.315148] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.315208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.315223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.315295] Call Trace: [ 15.315327] <TASK> [ 15.315348] dump_stack_lvl+0x73/0xb0 [ 15.315388] print_report+0xd1/0x650 [ 15.315414] ? __virt_addr_valid+0x1db/0x2d0 [ 15.315443] ? mempool_uaf_helper+0x392/0x400 [ 15.315468] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.315496] ? mempool_uaf_helper+0x392/0x400 [ 15.315522] kasan_report+0x141/0x180 [ 15.315548] ? mempool_uaf_helper+0x392/0x400 [ 15.315579] __asan_report_load1_noabort+0x18/0x20 [ 15.315623] mempool_uaf_helper+0x392/0x400 [ 15.315649] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 15.315687] ? update_load_avg+0x1be/0x21b0 [ 15.315720] ? finish_task_switch.isra.0+0x153/0x700 [ 15.315750] mempool_slab_uaf+0xea/0x140 [ 15.315785] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 15.315827] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 15.315864] ? __pfx_mempool_free_slab+0x10/0x10 [ 15.315889] ? __pfx_read_tsc+0x10/0x10 [ 15.315914] ? ktime_get_ts64+0x86/0x230 [ 15.315943] kunit_try_run_case+0x1a5/0x480 [ 15.315974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.316000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.316029] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.316056] ? __kthread_parkme+0x82/0x180 [ 15.316082] ? preempt_count_sub+0x50/0x80 [ 15.316125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.316198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.316226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.316252] kthread+0x337/0x6f0 [ 15.316276] ? trace_preempt_on+0x20/0xc0 [ 15.316303] ? __pfx_kthread+0x10/0x10 [ 15.316327] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.316354] ? calculate_sigpending+0x7b/0xa0 [ 15.316384] ? __pfx_kthread+0x10/0x10 [ 15.316409] ret_from_fork+0x116/0x1d0 [ 15.316433] ? __pfx_kthread+0x10/0x10 [ 15.316457] ret_from_fork_asm+0x1a/0x30 [ 15.316493] </TASK> [ 15.316507] [ 15.327427] Allocated by task 249: [ 15.327607] kasan_save_stack+0x45/0x70 [ 15.327899] kasan_save_track+0x18/0x40 [ 15.328170] kasan_save_alloc_info+0x3b/0x50 [ 15.328358] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 15.328834] remove_element+0x11e/0x190 [ 15.329130] mempool_alloc_preallocated+0x4d/0x90 [ 15.329391] mempool_uaf_helper+0x96/0x400 [ 15.329561] mempool_slab_uaf+0xea/0x140 [ 15.329720] kunit_try_run_case+0x1a5/0x480 [ 15.330182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.330476] kthread+0x337/0x6f0 [ 15.330655] ret_from_fork+0x116/0x1d0 [ 15.330821] ret_from_fork_asm+0x1a/0x30 [ 15.331397] [ 15.331555] Freed by task 249: [ 15.331769] kasan_save_stack+0x45/0x70 [ 15.332047] kasan_save_track+0x18/0x40 [ 15.332377] kasan_save_free_info+0x3f/0x60 [ 15.332625] __kasan_mempool_poison_object+0x131/0x1d0 [ 15.332970] mempool_free+0x2ec/0x380 [ 15.333276] mempool_uaf_helper+0x11a/0x400 [ 15.333579] mempool_slab_uaf+0xea/0x140 [ 15.333861] kunit_try_run_case+0x1a5/0x480 [ 15.334140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.334438] kthread+0x337/0x6f0 [ 15.334617] ret_from_fork+0x116/0x1d0 [ 15.334958] ret_from_fork_asm+0x1a/0x30 [ 15.335277] [ 15.335377] The buggy address belongs to the object at ffff88810392e240 [ 15.335377] which belongs to the cache test_cache of size 123 [ 15.336002] The buggy address is located 0 bytes inside of [ 15.336002] freed 123-byte region [ffff88810392e240, ffff88810392e2bb) [ 15.336970] [ 15.337190] The buggy address belongs to the physical page: [ 15.337478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10392e [ 15.337960] flags: 0x200000000000000(node=0|zone=2) [ 15.338383] page_type: f5(slab) [ 15.338566] raw: 0200000000000000 ffff88815a87cf00 dead000000000122 0000000000000000 [ 15.338997] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 15.339432] page dumped because: kasan: bad access detected [ 15.339670] [ 15.340578] Memory state around the buggy address: [ 15.340847] ffff88810392e100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.342061] ffff88810392e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.342340] >ffff88810392e200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 15.342589] ^ [ 15.342798] ffff88810392e280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.345315] ffff88810392e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.346898] ================================================================== [ 15.239453] ================================================================== [ 15.240041] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 15.241379] Read of size 1 at addr ffff8881021dbf00 by task kunit_try_catch/245 [ 15.241698] [ 15.241822] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.241881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.241896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.241925] Call Trace: [ 15.241941] <TASK> [ 15.241962] dump_stack_lvl+0x73/0xb0 [ 15.242005] print_report+0xd1/0x650 [ 15.242033] ? __virt_addr_valid+0x1db/0x2d0 [ 15.242065] ? mempool_uaf_helper+0x392/0x400 [ 15.242094] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.242120] ? mempool_uaf_helper+0x392/0x400 [ 15.242145] kasan_report+0x141/0x180 [ 15.242171] ? mempool_uaf_helper+0x392/0x400 [ 15.242201] __asan_report_load1_noabort+0x18/0x20 [ 15.242228] mempool_uaf_helper+0x392/0x400 [ 15.242255] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 15.242282] ? __kasan_check_write+0x18/0x20 [ 15.242305] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.242330] ? finish_task_switch.isra.0+0x153/0x700 [ 15.242362] mempool_kmalloc_uaf+0xef/0x140 [ 15.242388] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 15.242417] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.242448] ? __pfx_mempool_kfree+0x10/0x10 [ 15.242477] ? __pfx_read_tsc+0x10/0x10 [ 15.242503] ? ktime_get_ts64+0x86/0x230 [ 15.242531] kunit_try_run_case+0x1a5/0x480 [ 15.242560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.242586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.242616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.242642] ? __kthread_parkme+0x82/0x180 [ 15.242667] ? preempt_count_sub+0x50/0x80 [ 15.242693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.242720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.242747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.242774] kthread+0x337/0x6f0 [ 15.242807] ? trace_preempt_on+0x20/0xc0 [ 15.242836] ? __pfx_kthread+0x10/0x10 [ 15.242860] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.242885] ? calculate_sigpending+0x7b/0xa0 [ 15.242914] ? __pfx_kthread+0x10/0x10 [ 15.242938] ret_from_fork+0x116/0x1d0 [ 15.242960] ? __pfx_kthread+0x10/0x10 [ 15.242984] ret_from_fork_asm+0x1a/0x30 [ 15.243019] </TASK> [ 15.243034] [ 15.256893] Allocated by task 245: [ 15.257102] kasan_save_stack+0x45/0x70 [ 15.257328] kasan_save_track+0x18/0x40 [ 15.257560] kasan_save_alloc_info+0x3b/0x50 [ 15.257784] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.258095] remove_element+0x11e/0x190 [ 15.258306] mempool_alloc_preallocated+0x4d/0x90 [ 15.258534] mempool_uaf_helper+0x96/0x400 [ 15.258761] mempool_kmalloc_uaf+0xef/0x140 [ 15.259570] kunit_try_run_case+0x1a5/0x480 [ 15.259908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.260393] kthread+0x337/0x6f0 [ 15.260551] ret_from_fork+0x116/0x1d0 [ 15.260970] ret_from_fork_asm+0x1a/0x30 [ 15.261188] [ 15.261307] Freed by task 245: [ 15.261498] kasan_save_stack+0x45/0x70 [ 15.261704] kasan_save_track+0x18/0x40 [ 15.261943] kasan_save_free_info+0x3f/0x60 [ 15.262144] __kasan_mempool_poison_object+0x131/0x1d0 [ 15.262884] mempool_free+0x2ec/0x380 [ 15.263135] mempool_uaf_helper+0x11a/0x400 [ 15.263610] mempool_kmalloc_uaf+0xef/0x140 [ 15.263872] kunit_try_run_case+0x1a5/0x480 [ 15.264460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.264740] kthread+0x337/0x6f0 [ 15.265092] ret_from_fork+0x116/0x1d0 [ 15.265405] ret_from_fork_asm+0x1a/0x30 [ 15.265742] [ 15.265878] The buggy address belongs to the object at ffff8881021dbf00 [ 15.265878] which belongs to the cache kmalloc-128 of size 128 [ 15.266700] The buggy address is located 0 bytes inside of [ 15.266700] freed 128-byte region [ffff8881021dbf00, ffff8881021dbf80) [ 15.267636] [ 15.267759] The buggy address belongs to the physical page: [ 15.268113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 15.268773] flags: 0x200000000000000(node=0|zone=2) [ 15.269074] page_type: f5(slab) [ 15.269395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.269743] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 15.270329] page dumped because: kasan: bad access detected [ 15.270672] [ 15.270882] Memory state around the buggy address: [ 15.271318] ffff8881021dbe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.271613] ffff8881021dbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.272402] >ffff8881021dbf00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.272771] ^ [ 15.272971] ffff8881021dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.273466] ffff8881021dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.273938] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 15.197846] ================================================================== [ 15.198458] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.198752] Read of size 1 at addr ffff888102a092bb by task kunit_try_catch/243 [ 15.200310] [ 15.200703] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.200765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.200782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.200824] Call Trace: [ 15.200841] <TASK> [ 15.200863] dump_stack_lvl+0x73/0xb0 [ 15.200903] print_report+0xd1/0x650 [ 15.200929] ? __virt_addr_valid+0x1db/0x2d0 [ 15.200957] ? mempool_oob_right_helper+0x318/0x380 [ 15.200984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.201010] ? mempool_oob_right_helper+0x318/0x380 [ 15.201037] kasan_report+0x141/0x180 [ 15.201062] ? mempool_oob_right_helper+0x318/0x380 [ 15.201351] __asan_report_load1_noabort+0x18/0x20 [ 15.201399] mempool_oob_right_helper+0x318/0x380 [ 15.201431] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.201465] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.201490] ? finish_task_switch.isra.0+0x153/0x700 [ 15.201521] mempool_slab_oob_right+0xed/0x140 [ 15.201553] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 15.201585] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 15.201610] ? __pfx_mempool_free_slab+0x10/0x10 [ 15.201635] ? __pfx_read_tsc+0x10/0x10 [ 15.201660] ? ktime_get_ts64+0x86/0x230 [ 15.201689] kunit_try_run_case+0x1a5/0x480 [ 15.201718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.201743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.201771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.201808] ? __kthread_parkme+0x82/0x180 [ 15.201834] ? preempt_count_sub+0x50/0x80 [ 15.201861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.201889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.201918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.201946] kthread+0x337/0x6f0 [ 15.201969] ? trace_preempt_on+0x20/0xc0 [ 15.201996] ? __pfx_kthread+0x10/0x10 [ 15.202021] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.202048] ? calculate_sigpending+0x7b/0xa0 [ 15.202077] ? __pfx_kthread+0x10/0x10 [ 15.202101] ret_from_fork+0x116/0x1d0 [ 15.202125] ? __pfx_kthread+0x10/0x10 [ 15.202241] ret_from_fork_asm+0x1a/0x30 [ 15.202278] </TASK> [ 15.202293] [ 15.213739] Allocated by task 243: [ 15.214530] kasan_save_stack+0x45/0x70 [ 15.214902] kasan_save_track+0x18/0x40 [ 15.215423] kasan_save_alloc_info+0x3b/0x50 [ 15.215801] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 15.216369] remove_element+0x11e/0x190 [ 15.216736] mempool_alloc_preallocated+0x4d/0x90 [ 15.217065] mempool_oob_right_helper+0x8a/0x380 [ 15.217732] mempool_slab_oob_right+0xed/0x140 [ 15.218212] kunit_try_run_case+0x1a5/0x480 [ 15.218457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.218720] kthread+0x337/0x6f0 [ 15.218925] ret_from_fork+0x116/0x1d0 [ 15.219524] ret_from_fork_asm+0x1a/0x30 [ 15.219762] [ 15.219869] The buggy address belongs to the object at ffff888102a09240 [ 15.219869] which belongs to the cache test_cache of size 123 [ 15.220944] The buggy address is located 0 bytes to the right of [ 15.220944] allocated 123-byte region [ffff888102a09240, ffff888102a092bb) [ 15.222051] [ 15.222189] The buggy address belongs to the physical page: [ 15.222453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a09 [ 15.222850] flags: 0x200000000000000(node=0|zone=2) [ 15.223122] page_type: f5(slab) [ 15.223587] raw: 0200000000000000 ffff888101a64dc0 dead000000000122 0000000000000000 [ 15.223916] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 15.224507] page dumped because: kasan: bad access detected [ 15.224765] [ 15.225030] Memory state around the buggy address: [ 15.225250] ffff888102a09180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.225691] ffff888102a09200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 15.226171] >ffff888102a09280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 15.226803] ^ [ 15.227090] ffff888102a09300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.227559] ffff888102a09380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.227949] ================================================================== [ 15.129857] ================================================================== [ 15.130516] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.131503] Read of size 1 at addr ffff8881029f9473 by task kunit_try_catch/239 [ 15.131962] [ 15.132276] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.132340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.132355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.132383] Call Trace: [ 15.132399] <TASK> [ 15.132421] dump_stack_lvl+0x73/0xb0 [ 15.132463] print_report+0xd1/0x650 [ 15.132491] ? __virt_addr_valid+0x1db/0x2d0 [ 15.132518] ? mempool_oob_right_helper+0x318/0x380 [ 15.132545] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.132570] ? mempool_oob_right_helper+0x318/0x380 [ 15.132596] kasan_report+0x141/0x180 [ 15.132621] ? mempool_oob_right_helper+0x318/0x380 [ 15.132653] __asan_report_load1_noabort+0x18/0x20 [ 15.132680] mempool_oob_right_helper+0x318/0x380 [ 15.132707] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.132735] ? __kasan_check_write+0x18/0x20 [ 15.132758] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.132783] ? irqentry_exit+0x2a/0x60 [ 15.132823] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.132854] mempool_kmalloc_oob_right+0xf2/0x150 [ 15.132881] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 15.132911] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.132939] ? __pfx_mempool_kfree+0x10/0x10 [ 15.132966] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 15.132996] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 15.133024] kunit_try_run_case+0x1a5/0x480 [ 15.133054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.133079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.133108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.133135] ? __kthread_parkme+0x82/0x180 [ 15.133159] ? preempt_count_sub+0x50/0x80 [ 15.133187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.133213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.133239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.133265] kthread+0x337/0x6f0 [ 15.133288] ? trace_preempt_on+0x20/0xc0 [ 15.133315] ? __pfx_kthread+0x10/0x10 [ 15.133342] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.133368] ? calculate_sigpending+0x7b/0xa0 [ 15.133395] ? __pfx_kthread+0x10/0x10 [ 15.133420] ret_from_fork+0x116/0x1d0 [ 15.133441] ? __pfx_kthread+0x10/0x10 [ 15.133465] ret_from_fork_asm+0x1a/0x30 [ 15.133500] </TASK> [ 15.133514] [ 15.147447] Allocated by task 239: [ 15.147671] kasan_save_stack+0x45/0x70 [ 15.148029] kasan_save_track+0x18/0x40 [ 15.148472] kasan_save_alloc_info+0x3b/0x50 [ 15.148744] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.149337] remove_element+0x11e/0x190 [ 15.149555] mempool_alloc_preallocated+0x4d/0x90 [ 15.150014] mempool_oob_right_helper+0x8a/0x380 [ 15.150611] mempool_kmalloc_oob_right+0xf2/0x150 [ 15.150884] kunit_try_run_case+0x1a5/0x480 [ 15.151387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.151683] kthread+0x337/0x6f0 [ 15.151878] ret_from_fork+0x116/0x1d0 [ 15.152071] ret_from_fork_asm+0x1a/0x30 [ 15.152267] [ 15.152749] The buggy address belongs to the object at ffff8881029f9400 [ 15.152749] which belongs to the cache kmalloc-128 of size 128 [ 15.153597] The buggy address is located 0 bytes to the right of [ 15.153597] allocated 115-byte region [ffff8881029f9400, ffff8881029f9473) [ 15.154565] [ 15.154836] The buggy address belongs to the physical page: [ 15.155345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 15.155731] flags: 0x200000000000000(node=0|zone=2) [ 15.156215] page_type: f5(slab) [ 15.156625] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.157367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.157702] page dumped because: kasan: bad access detected [ 15.158032] [ 15.158145] Memory state around the buggy address: [ 15.158756] ffff8881029f9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.159144] ffff8881029f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.159723] >ffff8881029f9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.160097] ^ [ 15.160680] ffff8881029f9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.161052] ffff8881029f9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.161660] ================================================================== [ 15.166004] ================================================================== [ 15.166768] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.167388] Read of size 1 at addr ffff888103a6a001 by task kunit_try_catch/241 [ 15.167963] [ 15.168095] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.168268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.168288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.168332] Call Trace: [ 15.168465] <TASK> [ 15.168494] dump_stack_lvl+0x73/0xb0 [ 15.168538] print_report+0xd1/0x650 [ 15.168566] ? __virt_addr_valid+0x1db/0x2d0 [ 15.168596] ? mempool_oob_right_helper+0x318/0x380 [ 15.168626] ? kasan_addr_to_slab+0x11/0xa0 [ 15.168651] ? mempool_oob_right_helper+0x318/0x380 [ 15.168678] kasan_report+0x141/0x180 [ 15.168704] ? mempool_oob_right_helper+0x318/0x380 [ 15.168735] __asan_report_load1_noabort+0x18/0x20 [ 15.168763] mempool_oob_right_helper+0x318/0x380 [ 15.168806] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.168838] ? __kasan_check_write+0x18/0x20 [ 15.168861] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.168887] ? finish_task_switch.isra.0+0x153/0x700 [ 15.168918] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 15.168946] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 15.168977] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.169009] ? __pfx_mempool_kfree+0x10/0x10 [ 15.169038] ? __pfx_read_tsc+0x10/0x10 [ 15.169063] ? ktime_get_ts64+0x86/0x230 [ 15.169104] kunit_try_run_case+0x1a5/0x480 [ 15.169150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.169177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.169206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.169233] ? __kthread_parkme+0x82/0x180 [ 15.169260] ? preempt_count_sub+0x50/0x80 [ 15.169286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.169313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.169345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.169371] kthread+0x337/0x6f0 [ 15.169394] ? trace_preempt_on+0x20/0xc0 [ 15.169421] ? __pfx_kthread+0x10/0x10 [ 15.169447] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.169472] ? calculate_sigpending+0x7b/0xa0 [ 15.169503] ? __pfx_kthread+0x10/0x10 [ 15.169528] ret_from_fork+0x116/0x1d0 [ 15.169551] ? __pfx_kthread+0x10/0x10 [ 15.169575] ret_from_fork_asm+0x1a/0x30 [ 15.169612] </TASK> [ 15.169627] [ 15.182532] The buggy address belongs to the physical page: [ 15.182754] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a68 [ 15.183250] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.184375] flags: 0x200000000000040(head|node=0|zone=2) [ 15.184658] page_type: f8(unknown) [ 15.185139] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.185630] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.186152] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.186710] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.187235] head: 0200000000000002 ffffea00040e9a01 00000000ffffffff 00000000ffffffff [ 15.187625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.188022] page dumped because: kasan: bad access detected [ 15.188654] [ 15.188770] Memory state around the buggy address: [ 15.188972] ffff888103a69f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.189898] ffff888103a69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.190502] >ffff888103a6a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.190976] ^ [ 15.191188] ffff888103a6a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.191810] ffff888103a6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.192456] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 14.547621] ================================================================== [ 14.548139] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 14.549545] Read of size 1 at addr ffff888101a64c80 by task kunit_try_catch/233 [ 14.550464] [ 14.550683] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.550895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.550914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.550941] Call Trace: [ 14.550959] <TASK> [ 14.550983] dump_stack_lvl+0x73/0xb0 [ 14.551026] print_report+0xd1/0x650 [ 14.551054] ? __virt_addr_valid+0x1db/0x2d0 [ 14.551190] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.551223] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.551273] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.551303] kasan_report+0x141/0x180 [ 14.551329] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.551359] ? kmem_cache_double_destroy+0x1bf/0x380 [ 14.551388] __kasan_check_byte+0x3d/0x50 [ 14.551414] kmem_cache_destroy+0x25/0x1d0 [ 14.551442] kmem_cache_double_destroy+0x1bf/0x380 [ 14.551470] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 14.551497] ? finish_task_switch.isra.0+0x153/0x700 [ 14.551524] ? __switch_to+0x47/0xf50 [ 14.551558] ? __pfx_read_tsc+0x10/0x10 [ 14.551583] ? ktime_get_ts64+0x86/0x230 [ 14.551611] kunit_try_run_case+0x1a5/0x480 [ 14.551642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.551667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.551697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.551723] ? __kthread_parkme+0x82/0x180 [ 14.551748] ? preempt_count_sub+0x50/0x80 [ 14.551774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.551817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.551843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.551869] kthread+0x337/0x6f0 [ 14.551891] ? trace_preempt_on+0x20/0xc0 [ 14.551920] ? __pfx_kthread+0x10/0x10 [ 14.551943] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.551968] ? calculate_sigpending+0x7b/0xa0 [ 14.551996] ? __pfx_kthread+0x10/0x10 [ 14.552021] ret_from_fork+0x116/0x1d0 [ 14.552042] ? __pfx_kthread+0x10/0x10 [ 14.552065] ret_from_fork_asm+0x1a/0x30 [ 14.552101] </TASK> [ 14.552116] [ 14.563579] Allocated by task 233: [ 14.563750] kasan_save_stack+0x45/0x70 [ 14.563941] kasan_save_track+0x18/0x40 [ 14.564098] kasan_save_alloc_info+0x3b/0x50 [ 14.564334] __kasan_slab_alloc+0x91/0xa0 [ 14.564503] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.564707] __kmem_cache_create_args+0x169/0x240 [ 14.564910] kmem_cache_double_destroy+0xd5/0x380 [ 14.565103] kunit_try_run_case+0x1a5/0x480 [ 14.565612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.565951] kthread+0x337/0x6f0 [ 14.566886] ret_from_fork+0x116/0x1d0 [ 14.567612] ret_from_fork_asm+0x1a/0x30 [ 14.568561] [ 14.569283] Freed by task 233: [ 14.570028] kasan_save_stack+0x45/0x70 [ 14.570217] kasan_save_track+0x18/0x40 [ 14.570376] kasan_save_free_info+0x3f/0x60 [ 14.570545] __kasan_slab_free+0x56/0x70 [ 14.570704] kmem_cache_free+0x249/0x420 [ 14.572231] slab_kmem_cache_release+0x2e/0x40 [ 14.573966] kmem_cache_release+0x16/0x20 [ 14.574654] kobject_put+0x181/0x450 [ 14.574892] sysfs_slab_release+0x16/0x20 [ 14.575310] kmem_cache_destroy+0xf0/0x1d0 [ 14.575611] kmem_cache_double_destroy+0x14e/0x380 [ 14.575828] kunit_try_run_case+0x1a5/0x480 [ 14.576088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.576450] kthread+0x337/0x6f0 [ 14.576611] ret_from_fork+0x116/0x1d0 [ 14.577029] ret_from_fork_asm+0x1a/0x30 [ 14.577211] [ 14.577332] The buggy address belongs to the object at ffff888101a64c80 [ 14.577332] which belongs to the cache kmem_cache of size 208 [ 14.578309] The buggy address is located 0 bytes inside of [ 14.578309] freed 208-byte region [ffff888101a64c80, ffff888101a64d50) [ 14.578815] [ 14.578937] The buggy address belongs to the physical page: [ 14.579247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a64 [ 14.579718] flags: 0x200000000000000(node=0|zone=2) [ 14.579967] page_type: f5(slab) [ 14.580315] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 14.580745] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 14.581122] page dumped because: kasan: bad access detected [ 14.581521] [ 14.581603] Memory state around the buggy address: [ 14.582195] ffff888101a64b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.582694] ffff888101a64c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.583106] >ffff888101a64c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.583592] ^ [ 14.583811] ffff888101a64d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 14.584347] ffff888101a64d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.584731] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 14.486347] ================================================================== [ 14.487006] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 14.487526] Read of size 1 at addr ffff888103926000 by task kunit_try_catch/231 [ 14.487899] [ 14.488012] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.488067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.488080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.488105] Call Trace: [ 14.488121] <TASK> [ 14.488143] dump_stack_lvl+0x73/0xb0 [ 14.488181] print_report+0xd1/0x650 [ 14.488207] ? __virt_addr_valid+0x1db/0x2d0 [ 14.488235] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 14.488261] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.488288] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 14.488313] kasan_report+0x141/0x180 [ 14.488338] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 14.488369] __asan_report_load1_noabort+0x18/0x20 [ 14.488397] kmem_cache_rcu_uaf+0x3e3/0x510 [ 14.488422] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 14.488532] ? finish_task_switch.isra.0+0x153/0x700 [ 14.488560] ? __switch_to+0x47/0xf50 [ 14.488594] ? __pfx_read_tsc+0x10/0x10 [ 14.488618] ? ktime_get_ts64+0x86/0x230 [ 14.488645] kunit_try_run_case+0x1a5/0x480 [ 14.488675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.488699] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.488726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.488751] ? __kthread_parkme+0x82/0x180 [ 14.488775] ? preempt_count_sub+0x50/0x80 [ 14.488809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.488835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.488860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.488886] kthread+0x337/0x6f0 [ 14.488907] ? trace_preempt_on+0x20/0xc0 [ 14.488934] ? __pfx_kthread+0x10/0x10 [ 14.488956] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.488979] ? calculate_sigpending+0x7b/0xa0 [ 14.489006] ? __pfx_kthread+0x10/0x10 [ 14.489029] ret_from_fork+0x116/0x1d0 [ 14.489050] ? __pfx_kthread+0x10/0x10 [ 14.489072] ret_from_fork_asm+0x1a/0x30 [ 14.489107] </TASK> [ 14.489121] [ 14.500477] Allocated by task 231: [ 14.500746] kasan_save_stack+0x45/0x70 [ 14.501019] kasan_save_track+0x18/0x40 [ 14.501218] kasan_save_alloc_info+0x3b/0x50 [ 14.501390] __kasan_slab_alloc+0x91/0xa0 [ 14.501731] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.502014] kmem_cache_rcu_uaf+0x155/0x510 [ 14.502240] kunit_try_run_case+0x1a5/0x480 [ 14.502810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.503086] kthread+0x337/0x6f0 [ 14.503290] ret_from_fork+0x116/0x1d0 [ 14.503605] ret_from_fork_asm+0x1a/0x30 [ 14.503885] [ 14.504005] Freed by task 0: [ 14.504238] kasan_save_stack+0x45/0x70 [ 14.504393] kasan_save_track+0x18/0x40 [ 14.504541] kasan_save_free_info+0x3f/0x60 [ 14.504718] __kasan_slab_free+0x56/0x70 [ 14.504958] slab_free_after_rcu_debug+0xe4/0x310 [ 14.505325] rcu_core+0x66f/0x1c40 [ 14.505629] rcu_core_si+0x12/0x20 [ 14.505859] handle_softirqs+0x209/0x730 [ 14.506082] __irq_exit_rcu+0xc9/0x110 [ 14.506232] irq_exit_rcu+0x12/0x20 [ 14.506373] sysvec_apic_timer_interrupt+0x81/0x90 [ 14.506613] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 14.506923] [ 14.507050] Last potentially related work creation: [ 14.507675] kasan_save_stack+0x45/0x70 [ 14.507958] kasan_record_aux_stack+0xb2/0xc0 [ 14.508331] kmem_cache_free+0x131/0x420 [ 14.508723] kmem_cache_rcu_uaf+0x194/0x510 [ 14.509667] kunit_try_run_case+0x1a5/0x480 [ 14.509872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.510176] kthread+0x337/0x6f0 [ 14.510670] ret_from_fork+0x116/0x1d0 [ 14.510908] ret_from_fork_asm+0x1a/0x30 [ 14.511138] [ 14.511480] The buggy address belongs to the object at ffff888103926000 [ 14.511480] which belongs to the cache test_cache of size 200 [ 14.512587] The buggy address is located 0 bytes inside of [ 14.512587] freed 200-byte region [ffff888103926000, ffff8881039260c8) [ 14.513445] [ 14.513682] The buggy address belongs to the physical page: [ 14.513954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103926 [ 14.514429] flags: 0x200000000000000(node=0|zone=2) [ 14.514749] page_type: f5(slab) [ 14.514958] raw: 0200000000000000 ffff888103923000 dead000000000122 0000000000000000 [ 14.515521] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.515931] page dumped because: kasan: bad access detected [ 14.516363] [ 14.516876] Memory state around the buggy address: [ 14.517128] ffff888103925f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.517660] ffff888103925f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.518004] >ffff888103926000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.518487] ^ [ 14.518637] ffff888103926080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 14.519574] ffff888103926100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.519916] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 14.411655] ================================================================== [ 14.412361] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 14.412740] Free of addr ffff888102a05001 by task kunit_try_catch/229 [ 14.413100] [ 14.413287] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.413349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.413363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.413388] Call Trace: [ 14.413404] <TASK> [ 14.413425] dump_stack_lvl+0x73/0xb0 [ 14.413462] print_report+0xd1/0x650 [ 14.413488] ? __virt_addr_valid+0x1db/0x2d0 [ 14.413517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.413541] ? kmem_cache_invalid_free+0x1d8/0x460 [ 14.413571] kasan_report_invalid_free+0x10a/0x130 [ 14.413598] ? kmem_cache_invalid_free+0x1d8/0x460 [ 14.413630] ? kmem_cache_invalid_free+0x1d8/0x460 [ 14.413658] check_slab_allocation+0x11f/0x130 [ 14.413684] __kasan_slab_pre_free+0x28/0x40 [ 14.413707] kmem_cache_free+0xed/0x420 [ 14.413731] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.413753] ? kmem_cache_invalid_free+0x1d8/0x460 [ 14.413784] kmem_cache_invalid_free+0x1d8/0x460 [ 14.413824] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 14.413850] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.413884] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 14.413916] kunit_try_run_case+0x1a5/0x480 [ 14.413945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.413971] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.413999] ? __kthread_parkme+0x82/0x180 [ 14.414023] ? preempt_count_sub+0x50/0x80 [ 14.414050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.414099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.414310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.414344] kthread+0x337/0x6f0 [ 14.414367] ? trace_preempt_on+0x20/0xc0 [ 14.414395] ? __pfx_kthread+0x10/0x10 [ 14.414419] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.414445] ? calculate_sigpending+0x7b/0xa0 [ 14.414472] ? __pfx_kthread+0x10/0x10 [ 14.414496] ret_from_fork+0x116/0x1d0 [ 14.414519] ? __pfx_kthread+0x10/0x10 [ 14.414542] ret_from_fork_asm+0x1a/0x30 [ 14.414578] </TASK> [ 14.414594] [ 14.431307] Allocated by task 229: [ 14.431848] kasan_save_stack+0x45/0x70 [ 14.432405] kasan_save_track+0x18/0x40 [ 14.432779] kasan_save_alloc_info+0x3b/0x50 [ 14.432969] __kasan_slab_alloc+0x91/0xa0 [ 14.433204] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.433858] kmem_cache_invalid_free+0x157/0x460 [ 14.434454] kunit_try_run_case+0x1a5/0x480 [ 14.434920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.435578] kthread+0x337/0x6f0 [ 14.435734] ret_from_fork+0x116/0x1d0 [ 14.435906] ret_from_fork_asm+0x1a/0x30 [ 14.436068] [ 14.436184] The buggy address belongs to the object at ffff888102a05000 [ 14.436184] which belongs to the cache test_cache of size 200 [ 14.437033] The buggy address is located 1 bytes inside of [ 14.437033] 200-byte region [ffff888102a05000, ffff888102a050c8) [ 14.438039] [ 14.438276] The buggy address belongs to the physical page: [ 14.438710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a05 [ 14.439568] flags: 0x200000000000000(node=0|zone=2) [ 14.439971] page_type: f5(slab) [ 14.440177] raw: 0200000000000000 ffff888101a64b40 dead000000000122 0000000000000000 [ 14.440802] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.441508] page dumped because: kasan: bad access detected [ 14.441926] [ 14.442066] Memory state around the buggy address: [ 14.442827] ffff888102a04f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.443180] ffff888102a04f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.443651] >ffff888102a05000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.444021] ^ [ 14.444643] ffff888102a05080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 14.445140] ffff888102a05100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.445833] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 14.372624] ================================================================== [ 14.373252] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 14.373657] Free of addr ffff888103921000 by task kunit_try_catch/227 [ 14.373941] [ 14.374096] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.374153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.374166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.374193] Call Trace: [ 14.374209] <TASK> [ 14.374231] dump_stack_lvl+0x73/0xb0 [ 14.374269] print_report+0xd1/0x650 [ 14.374296] ? __virt_addr_valid+0x1db/0x2d0 [ 14.374325] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.374349] ? kmem_cache_double_free+0x1e5/0x480 [ 14.374377] kasan_report_invalid_free+0x10a/0x130 [ 14.374403] ? kmem_cache_double_free+0x1e5/0x480 [ 14.374432] ? kmem_cache_double_free+0x1e5/0x480 [ 14.374459] check_slab_allocation+0x101/0x130 [ 14.374483] __kasan_slab_pre_free+0x28/0x40 [ 14.374506] kmem_cache_free+0xed/0x420 [ 14.374529] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.374552] ? kmem_cache_double_free+0x1e5/0x480 [ 14.374582] kmem_cache_double_free+0x1e5/0x480 [ 14.374610] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 14.374635] ? finish_task_switch.isra.0+0x153/0x700 [ 14.374661] ? __switch_to+0x47/0xf50 [ 14.374695] ? __pfx_read_tsc+0x10/0x10 [ 14.374719] ? ktime_get_ts64+0x86/0x230 [ 14.374747] kunit_try_run_case+0x1a5/0x480 [ 14.374777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.374817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.374845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.374871] ? __kthread_parkme+0x82/0x180 [ 14.374895] ? preempt_count_sub+0x50/0x80 [ 14.374922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.374948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.374974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.374999] kthread+0x337/0x6f0 [ 14.375021] ? trace_preempt_on+0x20/0xc0 [ 14.375047] ? __pfx_kthread+0x10/0x10 [ 14.375091] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.375116] ? calculate_sigpending+0x7b/0xa0 [ 14.375144] ? __pfx_kthread+0x10/0x10 [ 14.375167] ret_from_fork+0x116/0x1d0 [ 14.375188] ? __pfx_kthread+0x10/0x10 [ 14.375211] ret_from_fork_asm+0x1a/0x30 [ 14.375246] </TASK> [ 14.375260] [ 14.383566] Allocated by task 227: [ 14.383739] kasan_save_stack+0x45/0x70 [ 14.383915] kasan_save_track+0x18/0x40 [ 14.384166] kasan_save_alloc_info+0x3b/0x50 [ 14.384391] __kasan_slab_alloc+0x91/0xa0 [ 14.384590] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.384850] kmem_cache_double_free+0x14f/0x480 [ 14.385104] kunit_try_run_case+0x1a5/0x480 [ 14.385321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.385603] kthread+0x337/0x6f0 [ 14.385776] ret_from_fork+0x116/0x1d0 [ 14.385972] ret_from_fork_asm+0x1a/0x30 [ 14.386156] [ 14.386239] Freed by task 227: [ 14.386368] kasan_save_stack+0x45/0x70 [ 14.386538] kasan_save_track+0x18/0x40 [ 14.386756] kasan_save_free_info+0x3f/0x60 [ 14.387008] __kasan_slab_free+0x56/0x70 [ 14.387261] kmem_cache_free+0x249/0x420 [ 14.387488] kmem_cache_double_free+0x16a/0x480 [ 14.387737] kunit_try_run_case+0x1a5/0x480 [ 14.387930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.388158] kthread+0x337/0x6f0 [ 14.388337] ret_from_fork+0x116/0x1d0 [ 14.388557] ret_from_fork_asm+0x1a/0x30 [ 14.388801] [ 14.388912] The buggy address belongs to the object at ffff888103921000 [ 14.388912] which belongs to the cache test_cache of size 200 [ 14.389477] The buggy address is located 0 bytes inside of [ 14.389477] 200-byte region [ffff888103921000, ffff8881039210c8) [ 14.389983] [ 14.390126] The buggy address belongs to the physical page: [ 14.390380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103921 [ 14.390725] flags: 0x200000000000000(node=0|zone=2) [ 14.390964] page_type: f5(slab) [ 14.391129] raw: 0200000000000000 ffff888100a13dc0 dead000000000122 0000000000000000 [ 14.391391] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.391774] page dumped because: kasan: bad access detected [ 14.392089] [ 14.392196] Memory state around the buggy address: [ 14.392449] ffff888103920f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.392700] ffff888103920f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.392960] >ffff888103921000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.393355] ^ [ 14.393544] ffff888103921080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 14.393926] ffff888103921100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.394315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 14.322385] ================================================================== [ 14.323142] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 14.323889] Read of size 1 at addr ffff888102a020c8 by task kunit_try_catch/225 [ 14.324712] [ 14.324893] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.324949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.324964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.324991] Call Trace: [ 14.325008] <TASK> [ 14.325030] dump_stack_lvl+0x73/0xb0 [ 14.325068] print_report+0xd1/0x650 [ 14.325108] ? __virt_addr_valid+0x1db/0x2d0 [ 14.325135] ? kmem_cache_oob+0x402/0x530 [ 14.325161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.325186] ? kmem_cache_oob+0x402/0x530 [ 14.325211] kasan_report+0x141/0x180 [ 14.325236] ? kmem_cache_oob+0x402/0x530 [ 14.325267] __asan_report_load1_noabort+0x18/0x20 [ 14.325293] kmem_cache_oob+0x402/0x530 [ 14.325319] ? __pfx_kmem_cache_oob+0x10/0x10 [ 14.325348] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.325382] ? __pfx_kmem_cache_oob+0x10/0x10 [ 14.325411] kunit_try_run_case+0x1a5/0x480 [ 14.325439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.325463] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.325490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.325515] ? __kthread_parkme+0x82/0x180 [ 14.325538] ? preempt_count_sub+0x50/0x80 [ 14.325565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.325591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.325616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.325641] kthread+0x337/0x6f0 [ 14.325664] ? trace_preempt_on+0x20/0xc0 [ 14.325691] ? __pfx_kthread+0x10/0x10 [ 14.325714] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.325737] ? calculate_sigpending+0x7b/0xa0 [ 14.325764] ? __pfx_kthread+0x10/0x10 [ 14.325799] ret_from_fork+0x116/0x1d0 [ 14.325822] ? __pfx_kthread+0x10/0x10 [ 14.325844] ret_from_fork_asm+0x1a/0x30 [ 14.325879] </TASK> [ 14.325892] [ 14.339652] Allocated by task 225: [ 14.339892] kasan_save_stack+0x45/0x70 [ 14.340234] kasan_save_track+0x18/0x40 [ 14.340482] kasan_save_alloc_info+0x3b/0x50 [ 14.340746] __kasan_slab_alloc+0x91/0xa0 [ 14.340992] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.341488] kmem_cache_oob+0x157/0x530 [ 14.341666] kunit_try_run_case+0x1a5/0x480 [ 14.341862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.342769] kthread+0x337/0x6f0 [ 14.343017] ret_from_fork+0x116/0x1d0 [ 14.343705] ret_from_fork_asm+0x1a/0x30 [ 14.343968] [ 14.344082] The buggy address belongs to the object at ffff888102a02000 [ 14.344082] which belongs to the cache test_cache of size 200 [ 14.344733] The buggy address is located 0 bytes to the right of [ 14.344733] allocated 200-byte region [ffff888102a02000, ffff888102a020c8) [ 14.345982] [ 14.346239] The buggy address belongs to the physical page: [ 14.346694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a02 [ 14.347334] flags: 0x200000000000000(node=0|zone=2) [ 14.347611] page_type: f5(slab) [ 14.347808] raw: 0200000000000000 ffff888101a64a00 dead000000000122 0000000000000000 [ 14.348074] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.348573] page dumped because: kasan: bad access detected [ 14.348895] [ 14.349000] Memory state around the buggy address: [ 14.349801] ffff888102a01f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.350106] ffff888102a02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.350701] >ffff888102a02080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 14.351212] ^ [ 14.351499] ffff888102a02100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.351881] ffff888102a02180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.352503] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 14.270074] ================================================================== [ 14.270661] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 14.270947] Read of size 8 at addr ffff8881029fd180 by task kunit_try_catch/218 [ 14.271393] [ 14.272125] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.272211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.272225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.272251] Call Trace: [ 14.272267] <TASK> [ 14.272289] dump_stack_lvl+0x73/0xb0 [ 14.272332] print_report+0xd1/0x650 [ 14.272360] ? __virt_addr_valid+0x1db/0x2d0 [ 14.272388] ? workqueue_uaf+0x4d6/0x560 [ 14.272413] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.272437] ? workqueue_uaf+0x4d6/0x560 [ 14.272461] kasan_report+0x141/0x180 [ 14.272486] ? workqueue_uaf+0x4d6/0x560 [ 14.272515] __asan_report_load8_noabort+0x18/0x20 [ 14.272542] workqueue_uaf+0x4d6/0x560 [ 14.272567] ? __pfx_workqueue_uaf+0x10/0x10 [ 14.272592] ? __schedule+0x10cc/0x2b60 [ 14.272617] ? __pfx_read_tsc+0x10/0x10 [ 14.272642] ? ktime_get_ts64+0x86/0x230 [ 14.272670] kunit_try_run_case+0x1a5/0x480 [ 14.272699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.272724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.272752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.272779] ? __kthread_parkme+0x82/0x180 [ 14.272817] ? preempt_count_sub+0x50/0x80 [ 14.272845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.272871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.272897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.272922] kthread+0x337/0x6f0 [ 14.272944] ? trace_preempt_on+0x20/0xc0 [ 14.272970] ? __pfx_kthread+0x10/0x10 [ 14.272993] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.273017] ? calculate_sigpending+0x7b/0xa0 [ 14.273044] ? __pfx_kthread+0x10/0x10 [ 14.273068] ret_from_fork+0x116/0x1d0 [ 14.273104] ? __pfx_kthread+0x10/0x10 [ 14.273127] ret_from_fork_asm+0x1a/0x30 [ 14.273184] </TASK> [ 14.273199] [ 14.285400] Allocated by task 218: [ 14.285624] kasan_save_stack+0x45/0x70 [ 14.285869] kasan_save_track+0x18/0x40 [ 14.286326] kasan_save_alloc_info+0x3b/0x50 [ 14.286576] __kasan_kmalloc+0xb7/0xc0 [ 14.286741] __kmalloc_cache_noprof+0x189/0x420 [ 14.286976] workqueue_uaf+0x152/0x560 [ 14.287668] kunit_try_run_case+0x1a5/0x480 [ 14.288057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.288695] kthread+0x337/0x6f0 [ 14.289049] ret_from_fork+0x116/0x1d0 [ 14.289549] ret_from_fork_asm+0x1a/0x30 [ 14.289780] [ 14.289885] Freed by task 41: [ 14.290461] kasan_save_stack+0x45/0x70 [ 14.290825] kasan_save_track+0x18/0x40 [ 14.291058] kasan_save_free_info+0x3f/0x60 [ 14.291538] __kasan_slab_free+0x56/0x70 [ 14.291987] kfree+0x222/0x3f0 [ 14.292396] workqueue_uaf_work+0x12/0x20 [ 14.292576] process_one_work+0x5ee/0xf60 [ 14.293035] worker_thread+0x758/0x1220 [ 14.293475] kthread+0x337/0x6f0 [ 14.293694] ret_from_fork+0x116/0x1d0 [ 14.293931] ret_from_fork_asm+0x1a/0x30 [ 14.294569] [ 14.294697] Last potentially related work creation: [ 14.294933] kasan_save_stack+0x45/0x70 [ 14.295435] kasan_record_aux_stack+0xb2/0xc0 [ 14.296304] __queue_work+0x626/0xeb0 [ 14.296483] queue_work_on+0xb6/0xc0 [ 14.296631] workqueue_uaf+0x26d/0x560 [ 14.296780] kunit_try_run_case+0x1a5/0x480 [ 14.297142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.297354] kthread+0x337/0x6f0 [ 14.297492] ret_from_fork+0x116/0x1d0 [ 14.297642] ret_from_fork_asm+0x1a/0x30 [ 14.298561] [ 14.299420] The buggy address belongs to the object at ffff8881029fd180 [ 14.299420] which belongs to the cache kmalloc-32 of size 32 [ 14.301341] The buggy address is located 0 bytes inside of [ 14.301341] freed 32-byte region [ffff8881029fd180, ffff8881029fd1a0) [ 14.302037] [ 14.302758] The buggy address belongs to the physical page: [ 14.303622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fd [ 14.303940] flags: 0x200000000000000(node=0|zone=2) [ 14.304149] page_type: f5(slab) [ 14.304315] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.304713] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.307058] page dumped because: kasan: bad access detected [ 14.307919] [ 14.308010] Memory state around the buggy address: [ 14.308543] ffff8881029fd080: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.308947] ffff8881029fd100: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.309483] >ffff8881029fd180: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 14.309815] ^ [ 14.310003] ffff8881029fd200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.310608] ffff8881029fd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.310965] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 14.218369] ================================================================== [ 14.218983] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 14.220119] Read of size 4 at addr ffff888103918b80 by task swapper/0/0 [ 14.220521] [ 14.220638] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.220691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.220706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.220731] Call Trace: [ 14.220769] <IRQ> [ 14.220810] dump_stack_lvl+0x73/0xb0 [ 14.220852] print_report+0xd1/0x650 [ 14.220878] ? __virt_addr_valid+0x1db/0x2d0 [ 14.220907] ? rcu_uaf_reclaim+0x50/0x60 [ 14.220930] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.220955] ? rcu_uaf_reclaim+0x50/0x60 [ 14.220978] kasan_report+0x141/0x180 [ 14.221002] ? rcu_uaf_reclaim+0x50/0x60 [ 14.221030] __asan_report_load4_noabort+0x18/0x20 [ 14.221056] rcu_uaf_reclaim+0x50/0x60 [ 14.221088] rcu_core+0x66f/0x1c40 [ 14.221120] ? __pfx_rcu_core+0x10/0x10 [ 14.221144] ? ktime_get+0x6b/0x150 [ 14.221168] ? handle_softirqs+0x18e/0x730 [ 14.221197] rcu_core_si+0x12/0x20 [ 14.221219] handle_softirqs+0x209/0x730 [ 14.221240] ? hrtimer_interrupt+0x2fe/0x780 [ 14.221265] ? __pfx_handle_softirqs+0x10/0x10 [ 14.221292] __irq_exit_rcu+0xc9/0x110 [ 14.221315] irq_exit_rcu+0x12/0x20 [ 14.221341] sysvec_apic_timer_interrupt+0x81/0x90 [ 14.221369] </IRQ> [ 14.221402] <TASK> [ 14.221414] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 14.221524] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 14.221777] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 9a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 14.222231] RSP: 0000:ffffffffbb007dd8 EFLAGS: 00010206 [ 14.222356] RAX: ffff88819ec74000 RBX: ffffffffbb01cac0 RCX: ffffffffb9e720e5 [ 14.222410] RDX: ffffed102b60618b RSI: 0000000000000004 RDI: 0000000000014904 [ 14.222459] RBP: ffffffffbb007de0 R08: 0000000000000001 R09: ffffed102b60618a [ 14.222507] R10: ffff88815b030c53 R11: 0000000000052800 R12: 0000000000000000 [ 14.222554] R13: fffffbfff7603958 R14: ffffffffbbbb0e90 R15: 0000000000000000 [ 14.222621] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 14.222686] ? default_idle+0xd/0x20 [ 14.222712] arch_cpu_idle+0xd/0x20 [ 14.222737] default_idle_call+0x48/0x80 [ 14.222758] do_idle+0x379/0x4f0 [ 14.222801] ? __pfx_do_idle+0x10/0x10 [ 14.222826] ? complete+0x15b/0x1d0 [ 14.222846] ? trace_preempt_on+0x20/0xc0 [ 14.222872] ? schedule+0x86/0x2e0 [ 14.222895] ? preempt_count_sub+0x50/0x80 [ 14.222921] cpu_startup_entry+0x5c/0x70 [ 14.222947] rest_init+0x11a/0x140 [ 14.222967] ? acpi_subsystem_init+0x5d/0x150 [ 14.222995] start_kernel+0x330/0x410 [ 14.223024] x86_64_start_reservations+0x1c/0x30 [ 14.223052] x86_64_start_kernel+0x10d/0x120 [ 14.223107] common_startup_64+0x13e/0x148 [ 14.223144] </TASK> [ 14.223158] [ 14.245820] Allocated by task 216: [ 14.246293] kasan_save_stack+0x45/0x70 [ 14.246740] kasan_save_track+0x18/0x40 [ 14.247187] kasan_save_alloc_info+0x3b/0x50 [ 14.247665] __kasan_kmalloc+0xb7/0xc0 [ 14.247952] __kmalloc_cache_noprof+0x189/0x420 [ 14.248298] rcu_uaf+0xb0/0x330 [ 14.248648] kunit_try_run_case+0x1a5/0x480 [ 14.249107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.249419] kthread+0x337/0x6f0 [ 14.249559] ret_from_fork+0x116/0x1d0 [ 14.249708] ret_from_fork_asm+0x1a/0x30 [ 14.250018] [ 14.250178] Freed by task 0: [ 14.250299] kasan_save_stack+0x45/0x70 [ 14.250450] kasan_save_track+0x18/0x40 [ 14.250600] kasan_save_free_info+0x3f/0x60 [ 14.250762] __kasan_slab_free+0x56/0x70 [ 14.250933] kfree+0x222/0x3f0 [ 14.251065] rcu_uaf_reclaim+0x1f/0x60 [ 14.251524] rcu_core+0x66f/0x1c40 [ 14.251963] rcu_core_si+0x12/0x20 [ 14.252349] handle_softirqs+0x209/0x730 [ 14.252804] __irq_exit_rcu+0xc9/0x110 [ 14.253227] irq_exit_rcu+0x12/0x20 [ 14.253612] sysvec_apic_timer_interrupt+0x81/0x90 [ 14.254135] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 14.254670] [ 14.254894] Last potentially related work creation: [ 14.255464] kasan_save_stack+0x45/0x70 [ 14.255888] kasan_record_aux_stack+0xb2/0xc0 [ 14.256141] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 14.256640] call_rcu+0x12/0x20 [ 14.257004] rcu_uaf+0x168/0x330 [ 14.257263] kunit_try_run_case+0x1a5/0x480 [ 14.257434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.257628] kthread+0x337/0x6f0 [ 14.257763] ret_from_fork+0x116/0x1d0 [ 14.257936] ret_from_fork_asm+0x1a/0x30 [ 14.258201] [ 14.258303] The buggy address belongs to the object at ffff888103918b80 [ 14.258303] which belongs to the cache kmalloc-32 of size 32 [ 14.258754] The buggy address is located 0 bytes inside of [ 14.258754] freed 32-byte region [ffff888103918b80, ffff888103918ba0) [ 14.259273] [ 14.259373] The buggy address belongs to the physical page: [ 14.259672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103918 [ 14.260101] flags: 0x200000000000000(node=0|zone=2) [ 14.260317] page_type: f5(slab) [ 14.260513] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.260856] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.261205] page dumped because: kasan: bad access detected [ 14.261493] [ 14.261598] Memory state around the buggy address: [ 14.261840] ffff888103918a80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.262197] ffff888103918b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.262448] >ffff888103918b80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 14.262778] ^ [ 14.262982] ffff888103918c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.263309] ffff888103918c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.263593] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 14.142007] ================================================================== [ 14.142405] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 14.142719] Read of size 1 at addr ffff8881021dbc00 by task kunit_try_catch/214 [ 14.142994] [ 14.143107] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.143156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.143171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.143195] Call Trace: [ 14.143214] <TASK> [ 14.143233] dump_stack_lvl+0x73/0xb0 [ 14.143266] print_report+0xd1/0x650 [ 14.143291] ? __virt_addr_valid+0x1db/0x2d0 [ 14.143316] ? ksize_uaf+0x5fe/0x6c0 [ 14.143339] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.143364] ? ksize_uaf+0x5fe/0x6c0 [ 14.143387] kasan_report+0x141/0x180 [ 14.143412] ? ksize_uaf+0x5fe/0x6c0 [ 14.143440] __asan_report_load1_noabort+0x18/0x20 [ 14.143467] ksize_uaf+0x5fe/0x6c0 [ 14.143490] ? __pfx_ksize_uaf+0x10/0x10 [ 14.143514] ? __schedule+0x10cc/0x2b60 [ 14.143540] ? __pfx_read_tsc+0x10/0x10 [ 14.143564] ? ktime_get_ts64+0x86/0x230 [ 14.143591] kunit_try_run_case+0x1a5/0x480 [ 14.143617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.143642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.143668] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.143694] ? __kthread_parkme+0x82/0x180 [ 14.143717] ? preempt_count_sub+0x50/0x80 [ 14.143743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.143769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.144012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.144046] kthread+0x337/0x6f0 [ 14.144069] ? trace_preempt_on+0x20/0xc0 [ 14.144108] ? __pfx_kthread+0x10/0x10 [ 14.144131] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.144204] ? calculate_sigpending+0x7b/0xa0 [ 14.144231] ? __pfx_kthread+0x10/0x10 [ 14.144255] ret_from_fork+0x116/0x1d0 [ 14.144278] ? __pfx_kthread+0x10/0x10 [ 14.144301] ret_from_fork_asm+0x1a/0x30 [ 14.144335] </TASK> [ 14.144349] [ 14.152781] Allocated by task 214: [ 14.153021] kasan_save_stack+0x45/0x70 [ 14.153437] kasan_save_track+0x18/0x40 [ 14.153678] kasan_save_alloc_info+0x3b/0x50 [ 14.153905] __kasan_kmalloc+0xb7/0xc0 [ 14.154205] __kmalloc_cache_noprof+0x189/0x420 [ 14.154427] ksize_uaf+0xaa/0x6c0 [ 14.154612] kunit_try_run_case+0x1a5/0x480 [ 14.154845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.155088] kthread+0x337/0x6f0 [ 14.155343] ret_from_fork+0x116/0x1d0 [ 14.155611] ret_from_fork_asm+0x1a/0x30 [ 14.155840] [ 14.155953] Freed by task 214: [ 14.156106] kasan_save_stack+0x45/0x70 [ 14.156301] kasan_save_track+0x18/0x40 [ 14.156579] kasan_save_free_info+0x3f/0x60 [ 14.156876] __kasan_slab_free+0x56/0x70 [ 14.157039] kfree+0x222/0x3f0 [ 14.157408] ksize_uaf+0x12c/0x6c0 [ 14.157637] kunit_try_run_case+0x1a5/0x480 [ 14.157898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.158222] kthread+0x337/0x6f0 [ 14.158427] ret_from_fork+0x116/0x1d0 [ 14.158579] ret_from_fork_asm+0x1a/0x30 [ 14.158738] [ 14.158832] The buggy address belongs to the object at ffff8881021dbc00 [ 14.158832] which belongs to the cache kmalloc-128 of size 128 [ 14.159233] The buggy address is located 0 bytes inside of [ 14.159233] freed 128-byte region [ffff8881021dbc00, ffff8881021dbc80) [ 14.159830] [ 14.159942] The buggy address belongs to the physical page: [ 14.160230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.160532] flags: 0x200000000000000(node=0|zone=2) [ 14.160719] page_type: f5(slab) [ 14.160869] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.161131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.161391] page dumped because: kasan: bad access detected [ 14.162047] [ 14.162173] Memory state around the buggy address: [ 14.162440] ffff8881021dbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.163084] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.163732] >ffff8881021dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.164123] ^ [ 14.164303] ffff8881021dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.164664] ffff8881021dbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.164997] ================================================================== [ 14.115534] ================================================================== [ 14.116895] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 14.117832] Read of size 1 at addr ffff8881021dbc00 by task kunit_try_catch/214 [ 14.118384] [ 14.118643] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.118709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.118725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.118749] Call Trace: [ 14.118764] <TASK> [ 14.118785] dump_stack_lvl+0x73/0xb0 [ 14.118835] print_report+0xd1/0x650 [ 14.118861] ? __virt_addr_valid+0x1db/0x2d0 [ 14.118887] ? ksize_uaf+0x19d/0x6c0 [ 14.118910] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.118935] ? ksize_uaf+0x19d/0x6c0 [ 14.118958] kasan_report+0x141/0x180 [ 14.118982] ? ksize_uaf+0x19d/0x6c0 [ 14.119009] ? ksize_uaf+0x19d/0x6c0 [ 14.119031] __kasan_check_byte+0x3d/0x50 [ 14.119055] ksize+0x20/0x60 [ 14.119079] ksize_uaf+0x19d/0x6c0 [ 14.119102] ? __pfx_ksize_uaf+0x10/0x10 [ 14.119126] ? __schedule+0x10cc/0x2b60 [ 14.119151] ? __pfx_read_tsc+0x10/0x10 [ 14.119175] ? ktime_get_ts64+0x86/0x230 [ 14.119203] kunit_try_run_case+0x1a5/0x480 [ 14.119230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.119313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.119344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.119370] ? __kthread_parkme+0x82/0x180 [ 14.119395] ? preempt_count_sub+0x50/0x80 [ 14.119422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.119448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.119473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.119499] kthread+0x337/0x6f0 [ 14.119520] ? trace_preempt_on+0x20/0xc0 [ 14.119546] ? __pfx_kthread+0x10/0x10 [ 14.119569] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.119593] ? calculate_sigpending+0x7b/0xa0 [ 14.119619] ? __pfx_kthread+0x10/0x10 [ 14.119643] ret_from_fork+0x116/0x1d0 [ 14.119665] ? __pfx_kthread+0x10/0x10 [ 14.119688] ret_from_fork_asm+0x1a/0x30 [ 14.119722] </TASK> [ 14.119736] [ 14.128684] Allocated by task 214: [ 14.128858] kasan_save_stack+0x45/0x70 [ 14.129056] kasan_save_track+0x18/0x40 [ 14.129672] kasan_save_alloc_info+0x3b/0x50 [ 14.129956] __kasan_kmalloc+0xb7/0xc0 [ 14.130179] __kmalloc_cache_noprof+0x189/0x420 [ 14.130391] ksize_uaf+0xaa/0x6c0 [ 14.130591] kunit_try_run_case+0x1a5/0x480 [ 14.130880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.131092] kthread+0x337/0x6f0 [ 14.131268] ret_from_fork+0x116/0x1d0 [ 14.131480] ret_from_fork_asm+0x1a/0x30 [ 14.131747] [ 14.131937] Freed by task 214: [ 14.132071] kasan_save_stack+0x45/0x70 [ 14.132295] kasan_save_track+0x18/0x40 [ 14.132466] kasan_save_free_info+0x3f/0x60 [ 14.132635] __kasan_slab_free+0x56/0x70 [ 14.132807] kfree+0x222/0x3f0 [ 14.132943] ksize_uaf+0x12c/0x6c0 [ 14.133142] kunit_try_run_case+0x1a5/0x480 [ 14.133626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.133951] kthread+0x337/0x6f0 [ 14.134227] ret_from_fork+0x116/0x1d0 [ 14.134399] ret_from_fork_asm+0x1a/0x30 [ 14.134627] [ 14.134730] The buggy address belongs to the object at ffff8881021dbc00 [ 14.134730] which belongs to the cache kmalloc-128 of size 128 [ 14.135405] The buggy address is located 0 bytes inside of [ 14.135405] freed 128-byte region [ffff8881021dbc00, ffff8881021dbc80) [ 14.135929] [ 14.136046] The buggy address belongs to the physical page: [ 14.136449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.136860] flags: 0x200000000000000(node=0|zone=2) [ 14.137308] page_type: f5(slab) [ 14.137486] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.137752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.138070] page dumped because: kasan: bad access detected [ 14.138489] [ 14.138607] Memory state around the buggy address: [ 14.138884] ffff8881021dbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.139253] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.139645] >ffff8881021dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.139986] ^ [ 14.140319] ffff8881021dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.140693] ffff8881021dbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.140992] ================================================================== [ 14.165685] ================================================================== [ 14.166079] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 14.166631] Read of size 1 at addr ffff8881021dbc78 by task kunit_try_catch/214 [ 14.166941] [ 14.167045] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.167093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.167106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.167130] Call Trace: [ 14.167149] <TASK> [ 14.167167] dump_stack_lvl+0x73/0xb0 [ 14.167200] print_report+0xd1/0x650 [ 14.167225] ? __virt_addr_valid+0x1db/0x2d0 [ 14.167250] ? ksize_uaf+0x5e4/0x6c0 [ 14.167273] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.167297] ? ksize_uaf+0x5e4/0x6c0 [ 14.167321] kasan_report+0x141/0x180 [ 14.167346] ? ksize_uaf+0x5e4/0x6c0 [ 14.167374] __asan_report_load1_noabort+0x18/0x20 [ 14.167401] ksize_uaf+0x5e4/0x6c0 [ 14.167424] ? __pfx_ksize_uaf+0x10/0x10 [ 14.167448] ? __schedule+0x10cc/0x2b60 [ 14.167474] ? __pfx_read_tsc+0x10/0x10 [ 14.167498] ? ktime_get_ts64+0x86/0x230 [ 14.167525] kunit_try_run_case+0x1a5/0x480 [ 14.167552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.167603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.167629] ? __kthread_parkme+0x82/0x180 [ 14.167652] ? preempt_count_sub+0x50/0x80 [ 14.167679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.167731] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.167842] kthread+0x337/0x6f0 [ 14.167870] ? trace_preempt_on+0x20/0xc0 [ 14.167897] ? __pfx_kthread+0x10/0x10 [ 14.167920] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.167944] ? calculate_sigpending+0x7b/0xa0 [ 14.167971] ? __pfx_kthread+0x10/0x10 [ 14.167995] ret_from_fork+0x116/0x1d0 [ 14.168016] ? __pfx_kthread+0x10/0x10 [ 14.168039] ret_from_fork_asm+0x1a/0x30 [ 14.168073] </TASK> [ 14.168087] [ 14.176312] Allocated by task 214: [ 14.176472] kasan_save_stack+0x45/0x70 [ 14.176665] kasan_save_track+0x18/0x40 [ 14.179251] kasan_save_alloc_info+0x3b/0x50 [ 14.179705] __kasan_kmalloc+0xb7/0xc0 [ 14.179894] __kmalloc_cache_noprof+0x189/0x420 [ 14.180455] ksize_uaf+0xaa/0x6c0 [ 14.180991] kunit_try_run_case+0x1a5/0x480 [ 14.181873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.182907] kthread+0x337/0x6f0 [ 14.183638] ret_from_fork+0x116/0x1d0 [ 14.184317] ret_from_fork_asm+0x1a/0x30 [ 14.184746] [ 14.185172] Freed by task 214: [ 14.185721] kasan_save_stack+0x45/0x70 [ 14.186642] kasan_save_track+0x18/0x40 [ 14.187028] kasan_save_free_info+0x3f/0x60 [ 14.187942] __kasan_slab_free+0x56/0x70 [ 14.188425] kfree+0x222/0x3f0 [ 14.188579] ksize_uaf+0x12c/0x6c0 [ 14.188726] kunit_try_run_case+0x1a5/0x480 [ 14.188917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.189607] kthread+0x337/0x6f0 [ 14.189983] ret_from_fork+0x116/0x1d0 [ 14.190492] ret_from_fork_asm+0x1a/0x30 [ 14.190813] [ 14.191013] The buggy address belongs to the object at ffff8881021dbc00 [ 14.191013] which belongs to the cache kmalloc-128 of size 128 [ 14.191680] The buggy address is located 120 bytes inside of [ 14.191680] freed 128-byte region [ffff8881021dbc00, ffff8881021dbc80) [ 14.192322] [ 14.192653] The buggy address belongs to the physical page: [ 14.193305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.194159] flags: 0x200000000000000(node=0|zone=2) [ 14.194749] page_type: f5(slab) [ 14.195187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.196006] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.196825] page dumped because: kasan: bad access detected [ 14.197032] [ 14.197322] Memory state around the buggy address: [ 14.197834] ffff8881021dbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.198646] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.199393] >ffff8881021dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.199643] ^ [ 14.200325] ffff8881021dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.201111] ffff8881021dbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.201899] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 14.029878] ================================================================== [ 14.031341] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 14.031653] Read of size 1 at addr ffff8881021dbb73 by task kunit_try_catch/212 [ 14.031941] [ 14.032186] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.032244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.032259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.032284] Call Trace: [ 14.032301] <TASK> [ 14.032324] dump_stack_lvl+0x73/0xb0 [ 14.032364] print_report+0xd1/0x650 [ 14.032393] ? __virt_addr_valid+0x1db/0x2d0 [ 14.032422] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.032448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.032473] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.032500] kasan_report+0x141/0x180 [ 14.032524] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.032555] __asan_report_load1_noabort+0x18/0x20 [ 14.032582] ksize_unpoisons_memory+0x81c/0x9b0 [ 14.032609] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.032634] ? finish_task_switch.isra.0+0x153/0x700 [ 14.032660] ? __switch_to+0x47/0xf50 [ 14.032690] ? __schedule+0x10cc/0x2b60 [ 14.032716] ? __pfx_read_tsc+0x10/0x10 [ 14.032740] ? ktime_get_ts64+0x86/0x230 [ 14.032768] kunit_try_run_case+0x1a5/0x480 [ 14.032810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.032835] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.032863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.032889] ? __kthread_parkme+0x82/0x180 [ 14.032912] ? preempt_count_sub+0x50/0x80 [ 14.032938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.032964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.032990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.033017] kthread+0x337/0x6f0 [ 14.033040] ? trace_preempt_on+0x20/0xc0 [ 14.033067] ? __pfx_kthread+0x10/0x10 [ 14.033090] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.033114] ? calculate_sigpending+0x7b/0xa0 [ 14.033142] ? __pfx_kthread+0x10/0x10 [ 14.033166] ret_from_fork+0x116/0x1d0 [ 14.033187] ? __pfx_kthread+0x10/0x10 [ 14.033210] ret_from_fork_asm+0x1a/0x30 [ 14.033246] </TASK> [ 14.033260] [ 14.050646] Allocated by task 212: [ 14.051333] kasan_save_stack+0x45/0x70 [ 14.051763] kasan_save_track+0x18/0x40 [ 14.051940] kasan_save_alloc_info+0x3b/0x50 [ 14.052121] __kasan_kmalloc+0xb7/0xc0 [ 14.052530] __kmalloc_cache_noprof+0x189/0x420 [ 14.053120] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.053655] kunit_try_run_case+0x1a5/0x480 [ 14.054125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.054592] kthread+0x337/0x6f0 [ 14.054738] ret_from_fork+0x116/0x1d0 [ 14.054906] ret_from_fork_asm+0x1a/0x30 [ 14.055065] [ 14.055254] The buggy address belongs to the object at ffff8881021dbb00 [ 14.055254] which belongs to the cache kmalloc-128 of size 128 [ 14.056748] The buggy address is located 0 bytes to the right of [ 14.056748] allocated 115-byte region [ffff8881021dbb00, ffff8881021dbb73) [ 14.058237] [ 14.058459] The buggy address belongs to the physical page: [ 14.058923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.059536] flags: 0x200000000000000(node=0|zone=2) [ 14.060165] page_type: f5(slab) [ 14.060721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.061029] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.061774] page dumped because: kasan: bad access detected [ 14.062452] [ 14.062637] Memory state around the buggy address: [ 14.063117] ffff8881021dba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.063549] ffff8881021dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.063818] >ffff8881021dbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.064062] ^ [ 14.065002] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.066037] ffff8881021dbc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.066836] ================================================================== [ 14.067914] ================================================================== [ 14.068634] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.069506] Read of size 1 at addr ffff8881021dbb78 by task kunit_try_catch/212 [ 14.069767] [ 14.069890] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.069941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.069955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.069979] Call Trace: [ 14.070000] <TASK> [ 14.070022] dump_stack_lvl+0x73/0xb0 [ 14.070061] print_report+0xd1/0x650 [ 14.070087] ? __virt_addr_valid+0x1db/0x2d0 [ 14.070112] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.070138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.070162] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.070188] kasan_report+0x141/0x180 [ 14.070212] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.070243] __asan_report_load1_noabort+0x18/0x20 [ 14.070269] ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.070295] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.070319] ? finish_task_switch.isra.0+0x153/0x700 [ 14.070344] ? __switch_to+0x47/0xf50 [ 14.070372] ? __schedule+0x10cc/0x2b60 [ 14.070397] ? __pfx_read_tsc+0x10/0x10 [ 14.070421] ? ktime_get_ts64+0x86/0x230 [ 14.070447] kunit_try_run_case+0x1a5/0x480 [ 14.070475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.070499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.070525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.070550] ? __kthread_parkme+0x82/0x180 [ 14.070573] ? preempt_count_sub+0x50/0x80 [ 14.070598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.070634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.070659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.070684] kthread+0x337/0x6f0 [ 14.070706] ? trace_preempt_on+0x20/0xc0 [ 14.070732] ? __pfx_kthread+0x10/0x10 [ 14.070755] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.070778] ? calculate_sigpending+0x7b/0xa0 [ 14.070817] ? __pfx_kthread+0x10/0x10 [ 14.070841] ret_from_fork+0x116/0x1d0 [ 14.070862] ? __pfx_kthread+0x10/0x10 [ 14.070884] ret_from_fork_asm+0x1a/0x30 [ 14.070919] </TASK> [ 14.070933] [ 14.080044] Allocated by task 212: [ 14.080541] kasan_save_stack+0x45/0x70 [ 14.080809] kasan_save_track+0x18/0x40 [ 14.080999] kasan_save_alloc_info+0x3b/0x50 [ 14.081327] __kasan_kmalloc+0xb7/0xc0 [ 14.081494] __kmalloc_cache_noprof+0x189/0x420 [ 14.081703] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.081966] kunit_try_run_case+0x1a5/0x480 [ 14.082201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.082506] kthread+0x337/0x6f0 [ 14.082650] ret_from_fork+0x116/0x1d0 [ 14.082881] ret_from_fork_asm+0x1a/0x30 [ 14.083085] [ 14.083167] The buggy address belongs to the object at ffff8881021dbb00 [ 14.083167] which belongs to the cache kmalloc-128 of size 128 [ 14.083567] The buggy address is located 5 bytes to the right of [ 14.083567] allocated 115-byte region [ffff8881021dbb00, ffff8881021dbb73) [ 14.084441] [ 14.084579] The buggy address belongs to the physical page: [ 14.084889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.085431] flags: 0x200000000000000(node=0|zone=2) [ 14.085672] page_type: f5(slab) [ 14.085867] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.086316] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.086663] page dumped because: kasan: bad access detected [ 14.086933] [ 14.087041] Memory state around the buggy address: [ 14.087322] ffff8881021dba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.087640] ffff8881021dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.088029] >ffff8881021dbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.088528] ^ [ 14.088862] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.089111] ffff8881021dbc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.089472] ================================================================== [ 14.090052] ================================================================== [ 14.090622] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.091001] Read of size 1 at addr ffff8881021dbb7f by task kunit_try_catch/212 [ 14.091540] [ 14.091674] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.091721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.091734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.091758] Call Trace: [ 14.091777] <TASK> [ 14.091810] dump_stack_lvl+0x73/0xb0 [ 14.091844] print_report+0xd1/0x650 [ 14.091870] ? __virt_addr_valid+0x1db/0x2d0 [ 14.091896] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.091921] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.091946] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.091973] kasan_report+0x141/0x180 [ 14.091997] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.092028] __asan_report_load1_noabort+0x18/0x20 [ 14.092054] ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.092081] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.092105] ? finish_task_switch.isra.0+0x153/0x700 [ 14.092130] ? __switch_to+0x47/0xf50 [ 14.092157] ? __schedule+0x10cc/0x2b60 [ 14.092182] ? __pfx_read_tsc+0x10/0x10 [ 14.092206] ? ktime_get_ts64+0x86/0x230 [ 14.092232] kunit_try_run_case+0x1a5/0x480 [ 14.092260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.092284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.092310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.092335] ? __kthread_parkme+0x82/0x180 [ 14.092358] ? preempt_count_sub+0x50/0x80 [ 14.092383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.092409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.092434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.092459] kthread+0x337/0x6f0 [ 14.092480] ? trace_preempt_on+0x20/0xc0 [ 14.092506] ? __pfx_kthread+0x10/0x10 [ 14.092529] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.092552] ? calculate_sigpending+0x7b/0xa0 [ 14.092578] ? __pfx_kthread+0x10/0x10 [ 14.092602] ret_from_fork+0x116/0x1d0 [ 14.092622] ? __pfx_kthread+0x10/0x10 [ 14.092645] ret_from_fork_asm+0x1a/0x30 [ 14.092678] </TASK> [ 14.092691] [ 14.101819] Allocated by task 212: [ 14.101983] kasan_save_stack+0x45/0x70 [ 14.102153] kasan_save_track+0x18/0x40 [ 14.102351] kasan_save_alloc_info+0x3b/0x50 [ 14.102597] __kasan_kmalloc+0xb7/0xc0 [ 14.102956] __kmalloc_cache_noprof+0x189/0x420 [ 14.103216] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.103390] kunit_try_run_case+0x1a5/0x480 [ 14.103555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.103919] kthread+0x337/0x6f0 [ 14.104138] ret_from_fork+0x116/0x1d0 [ 14.104365] ret_from_fork_asm+0x1a/0x30 [ 14.104593] [ 14.104704] The buggy address belongs to the object at ffff8881021dbb00 [ 14.104704] which belongs to the cache kmalloc-128 of size 128 [ 14.105502] The buggy address is located 12 bytes to the right of [ 14.105502] allocated 115-byte region [ffff8881021dbb00, ffff8881021dbb73) [ 14.106230] [ 14.106347] The buggy address belongs to the physical page: [ 14.106620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 14.107016] flags: 0x200000000000000(node=0|zone=2) [ 14.107932] page_type: f5(slab) [ 14.108121] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.108548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.108904] page dumped because: kasan: bad access detected [ 14.109156] [ 14.109239] Memory state around the buggy address: [ 14.109425] ffff8881021dba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.109861] ffff8881021dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.110476] >ffff8881021dbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.110811] ^ [ 14.111139] ffff8881021dbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.111438] ffff8881021dbc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.111687] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 13.986195] ================================================================== [ 13.987278] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 13.988157] Free of addr ffff888102509f00 by task kunit_try_catch/210 [ 13.988495] [ 13.988600] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.988650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.988663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.988688] Call Trace: [ 13.988704] <TASK> [ 13.988725] dump_stack_lvl+0x73/0xb0 [ 13.988764] print_report+0xd1/0x650 [ 13.988806] ? __virt_addr_valid+0x1db/0x2d0 [ 13.988833] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.988857] ? kfree_sensitive+0x2e/0x90 [ 13.988882] kasan_report_invalid_free+0x10a/0x130 [ 13.988910] ? kfree_sensitive+0x2e/0x90 [ 13.988935] ? kfree_sensitive+0x2e/0x90 [ 13.988957] check_slab_allocation+0x101/0x130 [ 13.988982] __kasan_slab_pre_free+0x28/0x40 [ 13.989008] kfree+0xf0/0x3f0 [ 13.989034] ? add_taint+0x2e/0xa0 [ 13.989055] ? kfree_sensitive+0x2e/0x90 [ 13.989080] kfree_sensitive+0x2e/0x90 [ 13.989102] kmalloc_double_kzfree+0x19c/0x350 [ 13.989128] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 13.989154] ? __schedule+0x10cc/0x2b60 [ 13.989179] ? __pfx_read_tsc+0x10/0x10 [ 13.989203] ? ktime_get_ts64+0x86/0x230 [ 13.989231] kunit_try_run_case+0x1a5/0x480 [ 13.989257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.989281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.989308] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.989339] ? __kthread_parkme+0x82/0x180 [ 13.989362] ? preempt_count_sub+0x50/0x80 [ 13.989388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.989414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.989439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.989464] kthread+0x337/0x6f0 [ 13.989485] ? trace_preempt_on+0x20/0xc0 [ 13.989510] ? __pfx_kthread+0x10/0x10 [ 13.989533] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.989556] ? calculate_sigpending+0x7b/0xa0 [ 13.989583] ? __pfx_kthread+0x10/0x10 [ 13.989606] ret_from_fork+0x116/0x1d0 [ 13.989628] ? __pfx_kthread+0x10/0x10 [ 13.989652] ret_from_fork_asm+0x1a/0x30 [ 13.989686] </TASK> [ 13.989699] [ 14.005052] Allocated by task 210: [ 14.005455] kasan_save_stack+0x45/0x70 [ 14.005909] kasan_save_track+0x18/0x40 [ 14.006391] kasan_save_alloc_info+0x3b/0x50 [ 14.006898] __kasan_kmalloc+0xb7/0xc0 [ 14.007511] __kmalloc_cache_noprof+0x189/0x420 [ 14.007996] kmalloc_double_kzfree+0xa9/0x350 [ 14.008560] kunit_try_run_case+0x1a5/0x480 [ 14.009024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.009296] kthread+0x337/0x6f0 [ 14.009653] ret_from_fork+0x116/0x1d0 [ 14.010051] ret_from_fork_asm+0x1a/0x30 [ 14.010347] [ 14.010531] Freed by task 210: [ 14.010864] kasan_save_stack+0x45/0x70 [ 14.011417] kasan_save_track+0x18/0x40 [ 14.011644] kasan_save_free_info+0x3f/0x60 [ 14.011826] __kasan_slab_free+0x56/0x70 [ 14.011981] kfree+0x222/0x3f0 [ 14.012417] kfree_sensitive+0x67/0x90 [ 14.012625] kmalloc_double_kzfree+0x12b/0x350 [ 14.012869] kunit_try_run_case+0x1a5/0x480 [ 14.013323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.013720] kthread+0x337/0x6f0 [ 14.013925] ret_from_fork+0x116/0x1d0 [ 14.014322] ret_from_fork_asm+0x1a/0x30 [ 14.014858] [ 14.014994] The buggy address belongs to the object at ffff888102509f00 [ 14.014994] which belongs to the cache kmalloc-16 of size 16 [ 14.015679] The buggy address is located 0 bytes inside of [ 14.015679] 16-byte region [ffff888102509f00, ffff888102509f10) [ 14.016589] [ 14.016875] The buggy address belongs to the physical page: [ 14.017461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102509 [ 14.018418] flags: 0x200000000000000(node=0|zone=2) [ 14.018685] page_type: f5(slab) [ 14.018878] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.019605] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.020368] page dumped because: kasan: bad access detected [ 14.020653] [ 14.020761] Memory state around the buggy address: [ 14.021023] ffff888102509e00: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 14.022329] ffff888102509e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.022696] >ffff888102509f00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.023041] ^ [ 14.023676] ffff888102509f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.024433] ffff88810250a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.024805] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 13.943165] ================================================================== [ 13.944658] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 13.944985] Read of size 1 at addr ffff888102509f00 by task kunit_try_catch/210 [ 13.945252] [ 13.945369] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.945421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.945435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.945460] Call Trace: [ 13.945476] <TASK> [ 13.945497] dump_stack_lvl+0x73/0xb0 [ 13.945534] print_report+0xd1/0x650 [ 13.945561] ? __virt_addr_valid+0x1db/0x2d0 [ 13.945586] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.945613] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.945638] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.945664] kasan_report+0x141/0x180 [ 13.945690] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.945719] ? kmalloc_double_kzfree+0x19c/0x350 [ 13.945745] __kasan_check_byte+0x3d/0x50 [ 13.945769] kfree_sensitive+0x22/0x90 [ 13.945806] kmalloc_double_kzfree+0x19c/0x350 [ 13.945833] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 13.945859] ? __schedule+0x10cc/0x2b60 [ 13.945885] ? __pfx_read_tsc+0x10/0x10 [ 13.945908] ? ktime_get_ts64+0x86/0x230 [ 13.945935] kunit_try_run_case+0x1a5/0x480 [ 13.945962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.945986] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.946015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.946042] ? __kthread_parkme+0x82/0x180 [ 13.946066] ? preempt_count_sub+0x50/0x80 [ 13.946093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.946118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.946143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.946168] kthread+0x337/0x6f0 [ 13.946191] ? trace_preempt_on+0x20/0xc0 [ 13.946218] ? __pfx_kthread+0x10/0x10 [ 13.946242] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.946266] ? calculate_sigpending+0x7b/0xa0 [ 13.946293] ? __pfx_kthread+0x10/0x10 [ 13.946319] ret_from_fork+0x116/0x1d0 [ 13.946341] ? __pfx_kthread+0x10/0x10 [ 13.946364] ret_from_fork_asm+0x1a/0x30 [ 13.946399] </TASK> [ 13.946414] [ 13.964525] Allocated by task 210: [ 13.964993] kasan_save_stack+0x45/0x70 [ 13.965460] kasan_save_track+0x18/0x40 [ 13.965883] kasan_save_alloc_info+0x3b/0x50 [ 13.966387] __kasan_kmalloc+0xb7/0xc0 [ 13.966865] __kmalloc_cache_noprof+0x189/0x420 [ 13.967356] kmalloc_double_kzfree+0xa9/0x350 [ 13.967531] kunit_try_run_case+0x1a5/0x480 [ 13.967699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.967916] kthread+0x337/0x6f0 [ 13.968056] ret_from_fork+0x116/0x1d0 [ 13.968472] ret_from_fork_asm+0x1a/0x30 [ 13.968963] [ 13.969189] Freed by task 210: [ 13.969623] kasan_save_stack+0x45/0x70 [ 13.970032] kasan_save_track+0x18/0x40 [ 13.970568] kasan_save_free_info+0x3f/0x60 [ 13.971178] __kasan_slab_free+0x56/0x70 [ 13.971639] kfree+0x222/0x3f0 [ 13.972004] kfree_sensitive+0x67/0x90 [ 13.972452] kmalloc_double_kzfree+0x12b/0x350 [ 13.972919] kunit_try_run_case+0x1a5/0x480 [ 13.973485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.974035] kthread+0x337/0x6f0 [ 13.974471] ret_from_fork+0x116/0x1d0 [ 13.974936] ret_from_fork_asm+0x1a/0x30 [ 13.975522] [ 13.975697] The buggy address belongs to the object at ffff888102509f00 [ 13.975697] which belongs to the cache kmalloc-16 of size 16 [ 13.976154] The buggy address is located 0 bytes inside of [ 13.976154] freed 16-byte region [ffff888102509f00, ffff888102509f10) [ 13.977501] [ 13.977696] The buggy address belongs to the physical page: [ 13.978291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102509 [ 13.979383] flags: 0x200000000000000(node=0|zone=2) [ 13.979929] page_type: f5(slab) [ 13.980291] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.980835] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.981109] page dumped because: kasan: bad access detected [ 13.981878] [ 13.982066] Memory state around the buggy address: [ 13.982699] ffff888102509e00: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.983623] ffff888102509e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.984363] >ffff888102509f00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.984604] ^ [ 13.984735] ffff888102509f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.984989] ffff88810250a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.985242] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 13.911647] ================================================================== [ 13.912217] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 13.912720] Read of size 1 at addr ffff8881029fb2a8 by task kunit_try_catch/206 [ 13.913060] [ 13.913263] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.913340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.913357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.913394] Call Trace: [ 13.913409] <TASK> [ 13.913431] dump_stack_lvl+0x73/0xb0 [ 13.913471] print_report+0xd1/0x650 [ 13.913499] ? __virt_addr_valid+0x1db/0x2d0 [ 13.913529] ? kmalloc_uaf2+0x4a8/0x520 [ 13.913555] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.913584] ? kmalloc_uaf2+0x4a8/0x520 [ 13.913609] kasan_report+0x141/0x180 [ 13.913636] ? kmalloc_uaf2+0x4a8/0x520 [ 13.913665] __asan_report_load1_noabort+0x18/0x20 [ 13.913697] kmalloc_uaf2+0x4a8/0x520 [ 13.913722] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 13.913746] ? finish_task_switch.isra.0+0x153/0x700 [ 13.913776] ? __switch_to+0x47/0xf50 [ 13.913823] ? __schedule+0x10cc/0x2b60 [ 13.913850] ? __pfx_read_tsc+0x10/0x10 [ 13.913877] ? ktime_get_ts64+0x86/0x230 [ 13.913907] kunit_try_run_case+0x1a5/0x480 [ 13.913940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.913969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.913999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.914029] ? __kthread_parkme+0x82/0x180 [ 13.914056] ? preempt_count_sub+0x50/0x80 [ 13.914084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.914126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.914164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.914195] kthread+0x337/0x6f0 [ 13.914219] ? trace_preempt_on+0x20/0xc0 [ 13.914248] ? __pfx_kthread+0x10/0x10 [ 13.914273] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.914300] ? calculate_sigpending+0x7b/0xa0 [ 13.914332] ? __pfx_kthread+0x10/0x10 [ 13.914359] ret_from_fork+0x116/0x1d0 [ 13.914382] ? __pfx_kthread+0x10/0x10 [ 13.914407] ret_from_fork_asm+0x1a/0x30 [ 13.914445] </TASK> [ 13.914459] [ 13.924047] Allocated by task 206: [ 13.924302] kasan_save_stack+0x45/0x70 [ 13.924683] kasan_save_track+0x18/0x40 [ 13.924896] kasan_save_alloc_info+0x3b/0x50 [ 13.925120] __kasan_kmalloc+0xb7/0xc0 [ 13.925367] __kmalloc_cache_noprof+0x189/0x420 [ 13.925554] kmalloc_uaf2+0xc6/0x520 [ 13.925705] kunit_try_run_case+0x1a5/0x480 [ 13.925889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.926204] kthread+0x337/0x6f0 [ 13.926474] ret_from_fork+0x116/0x1d0 [ 13.926705] ret_from_fork_asm+0x1a/0x30 [ 13.926956] [ 13.927077] Freed by task 206: [ 13.927325] kasan_save_stack+0x45/0x70 [ 13.927529] kasan_save_track+0x18/0x40 [ 13.927685] kasan_save_free_info+0x3f/0x60 [ 13.927939] __kasan_slab_free+0x56/0x70 [ 13.928162] kfree+0x222/0x3f0 [ 13.928467] kmalloc_uaf2+0x14c/0x520 [ 13.928666] kunit_try_run_case+0x1a5/0x480 [ 13.928884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.929111] kthread+0x337/0x6f0 [ 13.929249] ret_from_fork+0x116/0x1d0 [ 13.929486] ret_from_fork_asm+0x1a/0x30 [ 13.929813] [ 13.929925] The buggy address belongs to the object at ffff8881029fb280 [ 13.929925] which belongs to the cache kmalloc-64 of size 64 [ 13.930525] The buggy address is located 40 bytes inside of [ 13.930525] freed 64-byte region [ffff8881029fb280, ffff8881029fb2c0) [ 13.930952] [ 13.931073] The buggy address belongs to the physical page: [ 13.931363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fb [ 13.931773] flags: 0x200000000000000(node=0|zone=2) [ 13.932065] page_type: f5(slab) [ 13.932291] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.932552] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.932815] page dumped because: kasan: bad access detected [ 13.933493] [ 13.933610] Memory state around the buggy address: [ 13.933892] ffff8881029fb180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.934531] ffff8881029fb200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.934874] >ffff8881029fb280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.935292] ^ [ 13.935501] ffff8881029fb300: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 13.935747] ffff8881029fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.936138] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 13.877660] ================================================================== [ 13.878258] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 13.878809] Write of size 33 at addr ffff88810391d500 by task kunit_try_catch/204 [ 13.879323] [ 13.879454] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.879509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.879561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.879587] Call Trace: [ 13.879601] <TASK> [ 13.879621] dump_stack_lvl+0x73/0xb0 [ 13.879673] print_report+0xd1/0x650 [ 13.879700] ? __virt_addr_valid+0x1db/0x2d0 [ 13.879757] ? kmalloc_uaf_memset+0x1a3/0x360 [ 13.879781] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.879824] ? kmalloc_uaf_memset+0x1a3/0x360 [ 13.879867] kasan_report+0x141/0x180 [ 13.879892] ? kmalloc_uaf_memset+0x1a3/0x360 [ 13.879937] kasan_check_range+0x10c/0x1c0 [ 13.879964] __asan_memset+0x27/0x50 [ 13.879985] kmalloc_uaf_memset+0x1a3/0x360 [ 13.880019] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 13.880044] ? __schedule+0x10cc/0x2b60 [ 13.880070] ? __pfx_read_tsc+0x10/0x10 [ 13.880106] ? ktime_get_ts64+0x86/0x230 [ 13.880133] kunit_try_run_case+0x1a5/0x480 [ 13.880226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.880253] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.880280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.880306] ? __kthread_parkme+0x82/0x180 [ 13.880330] ? preempt_count_sub+0x50/0x80 [ 13.880358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.880384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.880409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.880435] kthread+0x337/0x6f0 [ 13.880456] ? trace_preempt_on+0x20/0xc0 [ 13.880483] ? __pfx_kthread+0x10/0x10 [ 13.880506] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.880530] ? calculate_sigpending+0x7b/0xa0 [ 13.880557] ? __pfx_kthread+0x10/0x10 [ 13.880580] ret_from_fork+0x116/0x1d0 [ 13.880603] ? __pfx_kthread+0x10/0x10 [ 13.880626] ret_from_fork_asm+0x1a/0x30 [ 13.880661] </TASK> [ 13.880676] [ 13.892946] Allocated by task 204: [ 13.893135] kasan_save_stack+0x45/0x70 [ 13.893309] kasan_save_track+0x18/0x40 [ 13.893528] kasan_save_alloc_info+0x3b/0x50 [ 13.893777] __kasan_kmalloc+0xb7/0xc0 [ 13.894055] __kmalloc_cache_noprof+0x189/0x420 [ 13.894574] kmalloc_uaf_memset+0xa9/0x360 [ 13.894759] kunit_try_run_case+0x1a5/0x480 [ 13.894972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.895560] kthread+0x337/0x6f0 [ 13.895777] ret_from_fork+0x116/0x1d0 [ 13.896021] ret_from_fork_asm+0x1a/0x30 [ 13.896286] [ 13.896375] Freed by task 204: [ 13.896506] kasan_save_stack+0x45/0x70 [ 13.896735] kasan_save_track+0x18/0x40 [ 13.896972] kasan_save_free_info+0x3f/0x60 [ 13.897255] __kasan_slab_free+0x56/0x70 [ 13.897442] kfree+0x222/0x3f0 [ 13.897580] kmalloc_uaf_memset+0x12b/0x360 [ 13.897783] kunit_try_run_case+0x1a5/0x480 [ 13.898035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.898539] kthread+0x337/0x6f0 [ 13.898718] ret_from_fork+0x116/0x1d0 [ 13.898961] ret_from_fork_asm+0x1a/0x30 [ 13.899146] [ 13.899260] The buggy address belongs to the object at ffff88810391d500 [ 13.899260] which belongs to the cache kmalloc-64 of size 64 [ 13.899926] The buggy address is located 0 bytes inside of [ 13.899926] freed 64-byte region [ffff88810391d500, ffff88810391d540) [ 13.900496] [ 13.900613] The buggy address belongs to the physical page: [ 13.900927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10391d [ 13.901524] flags: 0x200000000000000(node=0|zone=2) [ 13.901807] page_type: f5(slab) [ 13.901965] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.902354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.902620] page dumped because: kasan: bad access detected [ 13.903239] [ 13.903539] Memory state around the buggy address: [ 13.903778] ffff88810391d400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.904212] ffff88810391d480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.904544] >ffff88810391d500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.904808] ^ [ 13.904950] ffff88810391d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.905324] ffff88810391d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.905747] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 13.841027] ================================================================== [ 13.841810] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 13.842172] Read of size 1 at addr ffff88810216f108 by task kunit_try_catch/202 [ 13.842608] [ 13.842765] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.842839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.842854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.842878] Call Trace: [ 13.842893] <TASK> [ 13.842915] dump_stack_lvl+0x73/0xb0 [ 13.842954] print_report+0xd1/0x650 [ 13.842991] ? __virt_addr_valid+0x1db/0x2d0 [ 13.843020] ? kmalloc_uaf+0x320/0x380 [ 13.843054] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.843079] ? kmalloc_uaf+0x320/0x380 [ 13.843101] kasan_report+0x141/0x180 [ 13.843135] ? kmalloc_uaf+0x320/0x380 [ 13.843163] __asan_report_load1_noabort+0x18/0x20 [ 13.843190] kmalloc_uaf+0x320/0x380 [ 13.843378] ? __pfx_kmalloc_uaf+0x10/0x10 [ 13.843418] ? __schedule+0x10cc/0x2b60 [ 13.843445] ? __pfx_read_tsc+0x10/0x10 [ 13.843483] ? ktime_get_ts64+0x86/0x230 [ 13.843513] kunit_try_run_case+0x1a5/0x480 [ 13.843553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.843577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.843604] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.843641] ? __kthread_parkme+0x82/0x180 [ 13.843665] ? preempt_count_sub+0x50/0x80 [ 13.843693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.843719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.843743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.843768] kthread+0x337/0x6f0 [ 13.843799] ? trace_preempt_on+0x20/0xc0 [ 13.843826] ? __pfx_kthread+0x10/0x10 [ 13.843848] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.843871] ? calculate_sigpending+0x7b/0xa0 [ 13.843899] ? __pfx_kthread+0x10/0x10 [ 13.843922] ret_from_fork+0x116/0x1d0 [ 13.843943] ? __pfx_kthread+0x10/0x10 [ 13.843965] ret_from_fork_asm+0x1a/0x30 [ 13.844001] </TASK> [ 13.844015] [ 13.854417] Allocated by task 202: [ 13.854632] kasan_save_stack+0x45/0x70 [ 13.854860] kasan_save_track+0x18/0x40 [ 13.855061] kasan_save_alloc_info+0x3b/0x50 [ 13.856155] __kasan_kmalloc+0xb7/0xc0 [ 13.856409] __kmalloc_cache_noprof+0x189/0x420 [ 13.856741] kmalloc_uaf+0xaa/0x380 [ 13.856933] kunit_try_run_case+0x1a5/0x480 [ 13.857448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.857866] kthread+0x337/0x6f0 [ 13.858281] ret_from_fork+0x116/0x1d0 [ 13.858650] ret_from_fork_asm+0x1a/0x30 [ 13.858979] [ 13.859378] Freed by task 202: [ 13.859578] kasan_save_stack+0x45/0x70 [ 13.859976] kasan_save_track+0x18/0x40 [ 13.860447] kasan_save_free_info+0x3f/0x60 [ 13.860826] __kasan_slab_free+0x56/0x70 [ 13.861367] kfree+0x222/0x3f0 [ 13.861652] kmalloc_uaf+0x12c/0x380 [ 13.861866] kunit_try_run_case+0x1a5/0x480 [ 13.862317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.862697] kthread+0x337/0x6f0 [ 13.862920] ret_from_fork+0x116/0x1d0 [ 13.863368] ret_from_fork_asm+0x1a/0x30 [ 13.863594] [ 13.863852] The buggy address belongs to the object at ffff88810216f100 [ 13.863852] which belongs to the cache kmalloc-16 of size 16 [ 13.864613] The buggy address is located 8 bytes inside of [ 13.864613] freed 16-byte region [ffff88810216f100, ffff88810216f110) [ 13.865641] [ 13.865769] The buggy address belongs to the physical page: [ 13.866114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 13.866633] flags: 0x200000000000000(node=0|zone=2) [ 13.867078] page_type: f5(slab) [ 13.867735] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.868117] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.868989] page dumped because: kasan: bad access detected [ 13.869406] [ 13.869525] Memory state around the buggy address: [ 13.869863] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 13.870609] ffff88810216f080: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.871050] >ffff88810216f100: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.871631] ^ [ 13.872070] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.872463] ffff88810216f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.872905] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 13.803607] ================================================================== [ 13.804650] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.805768] Read of size 64 at addr ffff8881029fb184 by task kunit_try_catch/200 [ 13.806541] [ 13.806665] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.806733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.806753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.806801] Call Trace: [ 13.806818] <TASK> [ 13.806839] dump_stack_lvl+0x73/0xb0 [ 13.806883] print_report+0xd1/0x650 [ 13.806910] ? __virt_addr_valid+0x1db/0x2d0 [ 13.806940] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.806970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.806998] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.807029] kasan_report+0x141/0x180 [ 13.807054] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.807101] kasan_check_range+0x10c/0x1c0 [ 13.807129] __asan_memmove+0x27/0x70 [ 13.807152] kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.807181] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 13.807212] ? __schedule+0x10cc/0x2b60 [ 13.807239] ? __pfx_read_tsc+0x10/0x10 [ 13.807380] ? ktime_get_ts64+0x86/0x230 [ 13.807416] kunit_try_run_case+0x1a5/0x480 [ 13.807449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.807476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.807506] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.807533] ? __kthread_parkme+0x82/0x180 [ 13.807560] ? preempt_count_sub+0x50/0x80 [ 13.807589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.807617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.807645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.807673] kthread+0x337/0x6f0 [ 13.807696] ? trace_preempt_on+0x20/0xc0 [ 13.807723] ? __pfx_kthread+0x10/0x10 [ 13.807747] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.807773] ? calculate_sigpending+0x7b/0xa0 [ 13.807813] ? __pfx_kthread+0x10/0x10 [ 13.807838] ret_from_fork+0x116/0x1d0 [ 13.807860] ? __pfx_kthread+0x10/0x10 [ 13.807884] ret_from_fork_asm+0x1a/0x30 [ 13.807921] </TASK> [ 13.807935] [ 13.826202] Allocated by task 200: [ 13.826644] kasan_save_stack+0x45/0x70 [ 13.827103] kasan_save_track+0x18/0x40 [ 13.827458] kasan_save_alloc_info+0x3b/0x50 [ 13.827716] __kasan_kmalloc+0xb7/0xc0 [ 13.828226] __kmalloc_cache_noprof+0x189/0x420 [ 13.828562] kmalloc_memmove_invalid_size+0xac/0x330 [ 13.828759] kunit_try_run_case+0x1a5/0x480 [ 13.828946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.829241] kthread+0x337/0x6f0 [ 13.829712] ret_from_fork+0x116/0x1d0 [ 13.830208] ret_from_fork_asm+0x1a/0x30 [ 13.830477] [ 13.830690] The buggy address belongs to the object at ffff8881029fb180 [ 13.830690] which belongs to the cache kmalloc-64 of size 64 [ 13.831335] The buggy address is located 4 bytes inside of [ 13.831335] allocated 64-byte region [ffff8881029fb180, ffff8881029fb1c0) [ 13.831750] [ 13.831855] The buggy address belongs to the physical page: [ 13.832156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fb [ 13.832569] flags: 0x200000000000000(node=0|zone=2) [ 13.832832] page_type: f5(slab) [ 13.833056] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.833420] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.833897] page dumped because: kasan: bad access detected [ 13.834155] [ 13.834253] Memory state around the buggy address: [ 13.834650] ffff8881029fb080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.834942] ffff8881029fb100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.835320] >ffff8881029fb180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.835641] ^ [ 13.835949] ffff8881029fb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.836210] ffff8881029fb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.836670] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 13.777475] ================================================================== [ 13.778560] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 13.778988] Read of size 18446744073709551614 at addr ffff8881029fb104 by task kunit_try_catch/198 [ 13.779540] [ 13.779660] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.779716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.779731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.779756] Call Trace: [ 13.779772] <TASK> [ 13.779808] dump_stack_lvl+0x73/0xb0 [ 13.779860] print_report+0xd1/0x650 [ 13.779887] ? __virt_addr_valid+0x1db/0x2d0 [ 13.779914] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.779942] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.779966] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.780016] kasan_report+0x141/0x180 [ 13.780042] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.780101] kasan_check_range+0x10c/0x1c0 [ 13.780390] __asan_memmove+0x27/0x70 [ 13.780423] kmalloc_memmove_negative_size+0x171/0x330 [ 13.780451] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 13.780480] ? __schedule+0x10cc/0x2b60 [ 13.780507] ? __pfx_read_tsc+0x10/0x10 [ 13.780530] ? ktime_get_ts64+0x86/0x230 [ 13.780557] kunit_try_run_case+0x1a5/0x480 [ 13.780586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.780610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.780638] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.780664] ? __kthread_parkme+0x82/0x180 [ 13.780688] ? preempt_count_sub+0x50/0x80 [ 13.780715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.780742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.780767] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.780818] kthread+0x337/0x6f0 [ 13.780840] ? trace_preempt_on+0x20/0xc0 [ 13.780867] ? __pfx_kthread+0x10/0x10 [ 13.780890] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.780914] ? calculate_sigpending+0x7b/0xa0 [ 13.780940] ? __pfx_kthread+0x10/0x10 [ 13.780964] ret_from_fork+0x116/0x1d0 [ 13.780985] ? __pfx_kthread+0x10/0x10 [ 13.781007] ret_from_fork_asm+0x1a/0x30 [ 13.781041] </TASK> [ 13.781056] [ 13.789737] Allocated by task 198: [ 13.789935] kasan_save_stack+0x45/0x70 [ 13.790204] kasan_save_track+0x18/0x40 [ 13.790444] kasan_save_alloc_info+0x3b/0x50 [ 13.790684] __kasan_kmalloc+0xb7/0xc0 [ 13.790911] __kmalloc_cache_noprof+0x189/0x420 [ 13.791214] kmalloc_memmove_negative_size+0xac/0x330 [ 13.791412] kunit_try_run_case+0x1a5/0x480 [ 13.791577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.791785] kthread+0x337/0x6f0 [ 13.791984] ret_from_fork+0x116/0x1d0 [ 13.792410] ret_from_fork_asm+0x1a/0x30 [ 13.792644] [ 13.792753] The buggy address belongs to the object at ffff8881029fb100 [ 13.792753] which belongs to the cache kmalloc-64 of size 64 [ 13.793451] The buggy address is located 4 bytes inside of [ 13.793451] 64-byte region [ffff8881029fb100, ffff8881029fb140) [ 13.794029] [ 13.794150] The buggy address belongs to the physical page: [ 13.794410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fb [ 13.794743] flags: 0x200000000000000(node=0|zone=2) [ 13.794943] page_type: f5(slab) [ 13.795128] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.795521] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.795969] page dumped because: kasan: bad access detected [ 13.796436] [ 13.796526] Memory state around the buggy address: [ 13.796804] ffff8881029fb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.797264] ffff8881029fb080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.797614] >ffff8881029fb100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.797904] ^ [ 13.798036] ffff8881029fb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.798484] ffff8881029fb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.798853] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 13.743620] ================================================================== [ 13.744382] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 13.744665] Write of size 16 at addr ffff8881021dba69 by task kunit_try_catch/196 [ 13.744945] [ 13.745053] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.745117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.745131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.745156] Call Trace: [ 13.745171] <TASK> [ 13.745192] dump_stack_lvl+0x73/0xb0 [ 13.745228] print_report+0xd1/0x650 [ 13.745255] ? __virt_addr_valid+0x1db/0x2d0 [ 13.745281] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.745305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.745330] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.745362] kasan_report+0x141/0x180 [ 13.745386] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.745416] kasan_check_range+0x10c/0x1c0 [ 13.745441] __asan_memset+0x27/0x50 [ 13.745463] kmalloc_oob_memset_16+0x166/0x330 [ 13.745487] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 13.745513] ? __schedule+0x10cc/0x2b60 [ 13.745538] ? __pfx_read_tsc+0x10/0x10 [ 13.745561] ? ktime_get_ts64+0x86/0x230 [ 13.745588] kunit_try_run_case+0x1a5/0x480 [ 13.745616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.745640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.745666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.745691] ? __kthread_parkme+0x82/0x180 [ 13.745714] ? preempt_count_sub+0x50/0x80 [ 13.745743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.745769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.745806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.745831] kthread+0x337/0x6f0 [ 13.745852] ? trace_preempt_on+0x20/0xc0 [ 13.745878] ? __pfx_kthread+0x10/0x10 [ 13.745901] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.745925] ? calculate_sigpending+0x7b/0xa0 [ 13.745953] ? __pfx_kthread+0x10/0x10 [ 13.745976] ret_from_fork+0x116/0x1d0 [ 13.745997] ? __pfx_kthread+0x10/0x10 [ 13.746019] ret_from_fork_asm+0x1a/0x30 [ 13.746054] </TASK> [ 13.746067] [ 13.758747] Allocated by task 196: [ 13.758932] kasan_save_stack+0x45/0x70 [ 13.759165] kasan_save_track+0x18/0x40 [ 13.759551] kasan_save_alloc_info+0x3b/0x50 [ 13.759747] __kasan_kmalloc+0xb7/0xc0 [ 13.759974] __kmalloc_cache_noprof+0x189/0x420 [ 13.760279] kmalloc_oob_memset_16+0xac/0x330 [ 13.760571] kunit_try_run_case+0x1a5/0x480 [ 13.760828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.761076] kthread+0x337/0x6f0 [ 13.761344] ret_from_fork+0x116/0x1d0 [ 13.761508] ret_from_fork_asm+0x1a/0x30 [ 13.761743] [ 13.761875] The buggy address belongs to the object at ffff8881021dba00 [ 13.761875] which belongs to the cache kmalloc-128 of size 128 [ 13.762426] The buggy address is located 105 bytes inside of [ 13.762426] allocated 120-byte region [ffff8881021dba00, ffff8881021dba78) [ 13.763055] [ 13.763179] The buggy address belongs to the physical page: [ 13.763447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 13.763731] flags: 0x200000000000000(node=0|zone=2) [ 13.763947] page_type: f5(slab) [ 13.764229] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.764640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.765038] page dumped because: kasan: bad access detected [ 13.765730] [ 13.765839] Memory state around the buggy address: [ 13.766094] ffff8881021db900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.766458] ffff8881021db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.766854] >ffff8881021dba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.767555] ^ [ 13.768424] ffff8881021dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.768929] ffff8881021dbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.770133] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 13.714289] ================================================================== [ 13.715586] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 13.716106] Write of size 8 at addr ffff8881029f9171 by task kunit_try_catch/194 [ 13.716359] [ 13.716465] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.716517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.716531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.716555] Call Trace: [ 13.716570] <TASK> [ 13.716591] dump_stack_lvl+0x73/0xb0 [ 13.716628] print_report+0xd1/0x650 [ 13.716654] ? __virt_addr_valid+0x1db/0x2d0 [ 13.716681] ? kmalloc_oob_memset_8+0x166/0x330 [ 13.716706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.716732] ? kmalloc_oob_memset_8+0x166/0x330 [ 13.716756] kasan_report+0x141/0x180 [ 13.716781] ? kmalloc_oob_memset_8+0x166/0x330 [ 13.716825] kasan_check_range+0x10c/0x1c0 [ 13.716851] __asan_memset+0x27/0x50 [ 13.716873] kmalloc_oob_memset_8+0x166/0x330 [ 13.716898] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 13.716923] ? __schedule+0x10cc/0x2b60 [ 13.716949] ? __pfx_read_tsc+0x10/0x10 [ 13.716973] ? ktime_get_ts64+0x86/0x230 [ 13.716999] kunit_try_run_case+0x1a5/0x480 [ 13.717027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717053] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.717080] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.717106] ? __kthread_parkme+0x82/0x180 [ 13.717130] ? preempt_count_sub+0x50/0x80 [ 13.717157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.717221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.717247] kthread+0x337/0x6f0 [ 13.717283] ? trace_preempt_on+0x20/0xc0 [ 13.717310] ? __pfx_kthread+0x10/0x10 [ 13.717341] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.717366] ? calculate_sigpending+0x7b/0xa0 [ 13.717393] ? __pfx_kthread+0x10/0x10 [ 13.717416] ret_from_fork+0x116/0x1d0 [ 13.717437] ? __pfx_kthread+0x10/0x10 [ 13.717460] ret_from_fork_asm+0x1a/0x30 [ 13.717497] </TASK> [ 13.717510] [ 13.728940] Allocated by task 194: [ 13.729128] kasan_save_stack+0x45/0x70 [ 13.729362] kasan_save_track+0x18/0x40 [ 13.729569] kasan_save_alloc_info+0x3b/0x50 [ 13.730042] __kasan_kmalloc+0xb7/0xc0 [ 13.730289] __kmalloc_cache_noprof+0x189/0x420 [ 13.730473] kmalloc_oob_memset_8+0xac/0x330 [ 13.730660] kunit_try_run_case+0x1a5/0x480 [ 13.730924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.731355] kthread+0x337/0x6f0 [ 13.732145] ret_from_fork+0x116/0x1d0 [ 13.732382] ret_from_fork_asm+0x1a/0x30 [ 13.732558] [ 13.732646] The buggy address belongs to the object at ffff8881029f9100 [ 13.732646] which belongs to the cache kmalloc-128 of size 128 [ 13.733069] The buggy address is located 113 bytes inside of [ 13.733069] allocated 120-byte region [ffff8881029f9100, ffff8881029f9178) [ 13.733699] [ 13.734033] The buggy address belongs to the physical page: [ 13.734409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 13.734920] flags: 0x200000000000000(node=0|zone=2) [ 13.735396] page_type: f5(slab) [ 13.735659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.736060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.736563] page dumped because: kasan: bad access detected [ 13.736859] [ 13.736948] Memory state around the buggy address: [ 13.737297] ffff8881029f9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.737614] ffff8881029f9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.737965] >ffff8881029f9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.738410] ^ [ 13.738753] ffff8881029f9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.739044] ffff8881029f9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.739408] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 13.681927] ================================================================== [ 13.682485] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 13.682767] Write of size 4 at addr ffff8881021db975 by task kunit_try_catch/192 [ 13.683033] [ 13.683143] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.683199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.683212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.683238] Call Trace: [ 13.683254] <TASK> [ 13.683277] dump_stack_lvl+0x73/0xb0 [ 13.683314] print_report+0xd1/0x650 [ 13.683339] ? __virt_addr_valid+0x1db/0x2d0 [ 13.683367] ? kmalloc_oob_memset_4+0x166/0x330 [ 13.683390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.683414] ? kmalloc_oob_memset_4+0x166/0x330 [ 13.683439] kasan_report+0x141/0x180 [ 13.683464] ? kmalloc_oob_memset_4+0x166/0x330 [ 13.683494] kasan_check_range+0x10c/0x1c0 [ 13.683520] __asan_memset+0x27/0x50 [ 13.683541] kmalloc_oob_memset_4+0x166/0x330 [ 13.683566] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 13.683591] ? __schedule+0x10cc/0x2b60 [ 13.683617] ? __pfx_read_tsc+0x10/0x10 [ 13.683641] ? ktime_get_ts64+0x86/0x230 [ 13.683669] kunit_try_run_case+0x1a5/0x480 [ 13.683697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.683721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.683747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.683772] ? __kthread_parkme+0x82/0x180 [ 13.684710] ? preempt_count_sub+0x50/0x80 [ 13.684751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.684779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.684819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.684844] kthread+0x337/0x6f0 [ 13.684868] ? trace_preempt_on+0x20/0xc0 [ 13.684895] ? __pfx_kthread+0x10/0x10 [ 13.684918] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.684943] ? calculate_sigpending+0x7b/0xa0 [ 13.684971] ? __pfx_kthread+0x10/0x10 [ 13.684996] ret_from_fork+0x116/0x1d0 [ 13.685017] ? __pfx_kthread+0x10/0x10 [ 13.685040] ret_from_fork_asm+0x1a/0x30 [ 13.685077] </TASK> [ 13.685130] [ 13.697714] Allocated by task 192: [ 13.698150] kasan_save_stack+0x45/0x70 [ 13.698414] kasan_save_track+0x18/0x40 [ 13.698621] kasan_save_alloc_info+0x3b/0x50 [ 13.698815] __kasan_kmalloc+0xb7/0xc0 [ 13.699029] __kmalloc_cache_noprof+0x189/0x420 [ 13.699385] kmalloc_oob_memset_4+0xac/0x330 [ 13.699558] kunit_try_run_case+0x1a5/0x480 [ 13.699754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.700073] kthread+0x337/0x6f0 [ 13.700269] ret_from_fork+0x116/0x1d0 [ 13.700500] ret_from_fork_asm+0x1a/0x30 [ 13.700716] [ 13.700837] The buggy address belongs to the object at ffff8881021db900 [ 13.700837] which belongs to the cache kmalloc-128 of size 128 [ 13.702023] The buggy address is located 117 bytes inside of [ 13.702023] allocated 120-byte region [ffff8881021db900, ffff8881021db978) [ 13.702687] [ 13.702815] The buggy address belongs to the physical page: [ 13.703051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021db [ 13.703410] flags: 0x200000000000000(node=0|zone=2) [ 13.703676] page_type: f5(slab) [ 13.703998] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.704420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.704778] page dumped because: kasan: bad access detected [ 13.705054] [ 13.705665] Memory state around the buggy address: [ 13.705980] ffff8881021db800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.706754] ffff8881021db880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.707398] >ffff8881021db900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.707908] ^ [ 13.708676] ffff8881021db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.709048] ffff8881021dba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.709969] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 13.648963] ================================================================== [ 13.649556] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 13.649936] Write of size 2 at addr ffff8881029f9077 by task kunit_try_catch/190 [ 13.650324] [ 13.650537] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.650592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.650606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.650631] Call Trace: [ 13.650647] <TASK> [ 13.650669] dump_stack_lvl+0x73/0xb0 [ 13.650707] print_report+0xd1/0x650 [ 13.650733] ? __virt_addr_valid+0x1db/0x2d0 [ 13.650761] ? kmalloc_oob_memset_2+0x166/0x330 [ 13.650800] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.650826] ? kmalloc_oob_memset_2+0x166/0x330 [ 13.650852] kasan_report+0x141/0x180 [ 13.650877] ? kmalloc_oob_memset_2+0x166/0x330 [ 13.650907] kasan_check_range+0x10c/0x1c0 [ 13.650934] __asan_memset+0x27/0x50 [ 13.650957] kmalloc_oob_memset_2+0x166/0x330 [ 13.650982] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 13.651008] ? __schedule+0x10cc/0x2b60 [ 13.651035] ? __pfx_read_tsc+0x10/0x10 [ 13.651060] ? ktime_get_ts64+0x86/0x230 [ 13.651088] kunit_try_run_case+0x1a5/0x480 [ 13.651117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.651142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.651170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.651197] ? __kthread_parkme+0x82/0x180 [ 13.651402] ? preempt_count_sub+0x50/0x80 [ 13.651432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.651460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.651488] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.651514] kthread+0x337/0x6f0 [ 13.651538] ? trace_preempt_on+0x20/0xc0 [ 13.651569] ? __pfx_kthread+0x10/0x10 [ 13.651595] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.651622] ? calculate_sigpending+0x7b/0xa0 [ 13.651650] ? __pfx_kthread+0x10/0x10 [ 13.651674] ret_from_fork+0x116/0x1d0 [ 13.651698] ? __pfx_kthread+0x10/0x10 [ 13.651722] ret_from_fork_asm+0x1a/0x30 [ 13.651758] </TASK> [ 13.651772] [ 13.664507] Allocated by task 190: [ 13.664743] kasan_save_stack+0x45/0x70 [ 13.664983] kasan_save_track+0x18/0x40 [ 13.665629] kasan_save_alloc_info+0x3b/0x50 [ 13.665904] __kasan_kmalloc+0xb7/0xc0 [ 13.666362] __kmalloc_cache_noprof+0x189/0x420 [ 13.666639] kmalloc_oob_memset_2+0xac/0x330 [ 13.666881] kunit_try_run_case+0x1a5/0x480 [ 13.667098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.667812] kthread+0x337/0x6f0 [ 13.668016] ret_from_fork+0x116/0x1d0 [ 13.668644] ret_from_fork_asm+0x1a/0x30 [ 13.668888] [ 13.668995] The buggy address belongs to the object at ffff8881029f9000 [ 13.668995] which belongs to the cache kmalloc-128 of size 128 [ 13.669802] The buggy address is located 119 bytes inside of [ 13.669802] allocated 120-byte region [ffff8881029f9000, ffff8881029f9078) [ 13.670721] [ 13.670853] The buggy address belongs to the physical page: [ 13.671308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 13.671708] flags: 0x200000000000000(node=0|zone=2) [ 13.671982] page_type: f5(slab) [ 13.672640] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.673026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.673520] page dumped because: kasan: bad access detected [ 13.673808] [ 13.673894] Memory state around the buggy address: [ 13.674157] ffff8881029f8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.674546] ffff8881029f8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.674852] >ffff8881029f9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.675203] ^ [ 13.675532] ffff8881029f9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.676275] ffff8881029f9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.676769] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 13.028856] ================================================================== [ 13.029666] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 13.030024] Read of size 1 at addr ffff8881039c0000 by task kunit_try_catch/172 [ 13.030651] [ 13.031026] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.031186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.031202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.031227] Call Trace: [ 13.031243] <TASK> [ 13.031265] dump_stack_lvl+0x73/0xb0 [ 13.031305] print_report+0xd1/0x650 [ 13.031332] ? __virt_addr_valid+0x1db/0x2d0 [ 13.031360] ? page_alloc_uaf+0x356/0x3d0 [ 13.031386] ? kasan_addr_to_slab+0x11/0xa0 [ 13.031409] ? page_alloc_uaf+0x356/0x3d0 [ 13.031433] kasan_report+0x141/0x180 [ 13.031458] ? page_alloc_uaf+0x356/0x3d0 [ 13.031488] __asan_report_load1_noabort+0x18/0x20 [ 13.031516] page_alloc_uaf+0x356/0x3d0 [ 13.031540] ? __pfx_page_alloc_uaf+0x10/0x10 [ 13.031565] ? __schedule+0x10cc/0x2b60 [ 13.031591] ? __pfx_read_tsc+0x10/0x10 [ 13.031615] ? ktime_get_ts64+0x86/0x230 [ 13.031642] kunit_try_run_case+0x1a5/0x480 [ 13.031671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.031695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.031722] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.031748] ? __kthread_parkme+0x82/0x180 [ 13.031773] ? preempt_count_sub+0x50/0x80 [ 13.031815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.031841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.031866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.031892] kthread+0x337/0x6f0 [ 13.031914] ? trace_preempt_on+0x20/0xc0 [ 13.031941] ? __pfx_kthread+0x10/0x10 [ 13.031964] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.031988] ? calculate_sigpending+0x7b/0xa0 [ 13.032016] ? __pfx_kthread+0x10/0x10 [ 13.032040] ret_from_fork+0x116/0x1d0 [ 13.032061] ? __pfx_kthread+0x10/0x10 [ 13.032095] ret_from_fork_asm+0x1a/0x30 [ 13.032131] </TASK> [ 13.032145] [ 13.046075] The buggy address belongs to the physical page: [ 13.046726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 13.047812] flags: 0x200000000000000(node=0|zone=2) [ 13.048425] page_type: f0(buddy) [ 13.048577] raw: 0200000000000000 ffff88817fffb4f0 ffff88817fffb4f0 0000000000000000 [ 13.048847] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 13.049110] page dumped because: kasan: bad access detected [ 13.049809] [ 13.050024] Memory state around the buggy address: [ 13.050739] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.051656] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.052702] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.053416] ^ [ 13.053561] ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.053822] ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.054068] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 12.993292] ================================================================== [ 12.994095] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.994372] Free of addr ffff888102afc001 by task kunit_try_catch/168 [ 12.994626] [ 12.994804] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.994865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.994878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.994904] Call Trace: [ 12.994922] <TASK> [ 12.994946] dump_stack_lvl+0x73/0xb0 [ 12.994984] print_report+0xd1/0x650 [ 12.995011] ? __virt_addr_valid+0x1db/0x2d0 [ 12.995041] ? kasan_addr_to_slab+0x11/0xa0 [ 12.995064] ? kfree+0x274/0x3f0 [ 12.995089] kasan_report_invalid_free+0x10a/0x130 [ 12.995116] ? kfree+0x274/0x3f0 [ 12.995593] ? kfree+0x274/0x3f0 [ 12.995631] __kasan_kfree_large+0x86/0xd0 [ 12.995659] free_large_kmalloc+0x4b/0x110 [ 12.995687] kfree+0x274/0x3f0 [ 12.995716] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.995744] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.995770] ? __schedule+0x10cc/0x2b60 [ 12.995812] ? __pfx_read_tsc+0x10/0x10 [ 12.995838] ? ktime_get_ts64+0x86/0x230 [ 12.995867] kunit_try_run_case+0x1a5/0x480 [ 12.995897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.995922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.995949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.995974] ? __kthread_parkme+0x82/0x180 [ 12.995998] ? preempt_count_sub+0x50/0x80 [ 12.996026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.996053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.996078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.996104] kthread+0x337/0x6f0 [ 12.996127] ? trace_preempt_on+0x20/0xc0 [ 12.996156] ? __pfx_kthread+0x10/0x10 [ 12.996180] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.996203] ? calculate_sigpending+0x7b/0xa0 [ 12.996232] ? __pfx_kthread+0x10/0x10 [ 12.996256] ret_from_fork+0x116/0x1d0 [ 12.996277] ? __pfx_kthread+0x10/0x10 [ 12.996300] ret_from_fork_asm+0x1a/0x30 [ 12.996336] </TASK> [ 12.996350] [ 13.010160] The buggy address belongs to the physical page: [ 13.010813] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 13.011714] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.012328] flags: 0x200000000000040(head|node=0|zone=2) [ 13.012837] page_type: f8(unknown) [ 13.013046] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.013837] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.014372] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.014747] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.015346] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 13.015954] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.016879] page dumped because: kasan: bad access detected [ 13.017495] [ 13.017588] Memory state around the buggy address: [ 13.018011] ffff888102afbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.018841] ffff888102afbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.019955] >ffff888102afc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.020531] ^ [ 13.020716] ffff888102afc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.021077] ffff888102afc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.021905] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 12.961037] ================================================================== [ 12.961756] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 12.962033] Read of size 1 at addr ffff888102af8000 by task kunit_try_catch/166 [ 12.963026] [ 12.963357] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.963416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.963431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.963455] Call Trace: [ 12.963471] <TASK> [ 12.963492] dump_stack_lvl+0x73/0xb0 [ 12.963530] print_report+0xd1/0x650 [ 12.963555] ? __virt_addr_valid+0x1db/0x2d0 [ 12.963581] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.963604] ? kasan_addr_to_slab+0x11/0xa0 [ 12.963626] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.963649] kasan_report+0x141/0x180 [ 12.963673] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.963701] __asan_report_load1_noabort+0x18/0x20 [ 12.963727] kmalloc_large_uaf+0x2f1/0x340 [ 12.963749] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 12.963773] ? __schedule+0x10cc/0x2b60 [ 12.963814] ? __pfx_read_tsc+0x10/0x10 [ 12.963837] ? ktime_get_ts64+0x86/0x230 [ 12.963864] kunit_try_run_case+0x1a5/0x480 [ 12.963892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.963915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.963941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.963965] ? __kthread_parkme+0x82/0x180 [ 12.963988] ? preempt_count_sub+0x50/0x80 [ 12.964014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.964041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.964065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.964090] kthread+0x337/0x6f0 [ 12.964111] ? trace_preempt_on+0x20/0xc0 [ 12.964148] ? __pfx_kthread+0x10/0x10 [ 12.964171] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.964194] ? calculate_sigpending+0x7b/0xa0 [ 12.964221] ? __pfx_kthread+0x10/0x10 [ 12.964244] ret_from_fork+0x116/0x1d0 [ 12.964265] ? __pfx_kthread+0x10/0x10 [ 12.964287] ret_from_fork_asm+0x1a/0x30 [ 12.964321] </TASK> [ 12.964334] [ 12.976862] The buggy address belongs to the physical page: [ 12.977428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af8 [ 12.977825] flags: 0x200000000000000(node=0|zone=2) [ 12.978329] raw: 0200000000000000 ffffea00040abf08 ffff88815b039f80 0000000000000000 [ 12.978694] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.979090] page dumped because: kasan: bad access detected [ 12.979583] [ 12.979881] Memory state around the buggy address: [ 12.980155] ffff888102af7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.980770] ffff888102af7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.981823] >ffff888102af8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.982085] ^ [ 12.982233] ffff888102af8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.982490] ffff888102af8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.982736] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 12.929598] ================================================================== [ 12.930280] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.931448] Write of size 1 at addr ffff8881028ea00a by task kunit_try_catch/164 [ 12.932492] [ 12.932691] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.932751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.932766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.932806] Call Trace: [ 12.932824] <TASK> [ 12.932847] dump_stack_lvl+0x73/0xb0 [ 12.932889] print_report+0xd1/0x650 [ 12.932917] ? __virt_addr_valid+0x1db/0x2d0 [ 12.932946] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.932972] ? kasan_addr_to_slab+0x11/0xa0 [ 12.932995] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.933020] kasan_report+0x141/0x180 [ 12.933045] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.933106] __asan_report_store1_noabort+0x1b/0x30 [ 12.933130] kmalloc_large_oob_right+0x2e9/0x330 [ 12.933155] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.933181] ? __schedule+0x10cc/0x2b60 [ 12.933207] ? __pfx_read_tsc+0x10/0x10 [ 12.933262] ? ktime_get_ts64+0x86/0x230 [ 12.933291] kunit_try_run_case+0x1a5/0x480 [ 12.933338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.933392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.933419] ? __kthread_parkme+0x82/0x180 [ 12.933444] ? preempt_count_sub+0x50/0x80 [ 12.933471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.933523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.933548] kthread+0x337/0x6f0 [ 12.933570] ? trace_preempt_on+0x20/0xc0 [ 12.933598] ? __pfx_kthread+0x10/0x10 [ 12.933621] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.933645] ? calculate_sigpending+0x7b/0xa0 [ 12.933693] ? __pfx_kthread+0x10/0x10 [ 12.933718] ret_from_fork+0x116/0x1d0 [ 12.933739] ? __pfx_kthread+0x10/0x10 [ 12.933762] ret_from_fork_asm+0x1a/0x30 [ 12.933810] </TASK> [ 12.933824] [ 12.948905] The buggy address belongs to the physical page: [ 12.949194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e8 [ 12.950177] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.950958] flags: 0x200000000000040(head|node=0|zone=2) [ 12.951475] page_type: f8(unknown) [ 12.951636] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.951913] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.952194] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.952834] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.953274] head: 0200000000000002 ffffea00040a3a01 00000000ffffffff 00000000ffffffff [ 12.953633] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.953966] page dumped because: kasan: bad access detected [ 12.954463] [ 12.954564] Memory state around the buggy address: [ 12.954838] ffff8881028e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.955254] ffff8881028e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.955656] >ffff8881028ea000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.956017] ^ [ 12.956316] ffff8881028ea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.956640] ffff8881028ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.957006] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 12.887336] ================================================================== [ 12.887913] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 12.888366] Write of size 1 at addr ffff888103999f00 by task kunit_try_catch/162 [ 12.889050] [ 12.889370] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.889426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.889440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.889464] Call Trace: [ 12.889481] <TASK> [ 12.889502] dump_stack_lvl+0x73/0xb0 [ 12.889540] print_report+0xd1/0x650 [ 12.889566] ? __virt_addr_valid+0x1db/0x2d0 [ 12.889593] ? kmalloc_big_oob_right+0x316/0x370 [ 12.889617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.889642] ? kmalloc_big_oob_right+0x316/0x370 [ 12.889666] kasan_report+0x141/0x180 [ 12.889691] ? kmalloc_big_oob_right+0x316/0x370 [ 12.889721] __asan_report_store1_noabort+0x1b/0x30 [ 12.889744] kmalloc_big_oob_right+0x316/0x370 [ 12.889768] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 12.889806] ? __schedule+0x10cc/0x2b60 [ 12.889831] ? __pfx_read_tsc+0x10/0x10 [ 12.889855] ? ktime_get_ts64+0x86/0x230 [ 12.889882] kunit_try_run_case+0x1a5/0x480 [ 12.889909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.889933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.889959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.889984] ? __kthread_parkme+0x82/0x180 [ 12.890008] ? preempt_count_sub+0x50/0x80 [ 12.890034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.890060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.890085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.890109] kthread+0x337/0x6f0 [ 12.890130] ? trace_preempt_on+0x20/0xc0 [ 12.890156] ? __pfx_kthread+0x10/0x10 [ 12.890179] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.890202] ? calculate_sigpending+0x7b/0xa0 [ 12.890231] ? __pfx_kthread+0x10/0x10 [ 12.890254] ret_from_fork+0x116/0x1d0 [ 12.890275] ? __pfx_kthread+0x10/0x10 [ 12.890297] ret_from_fork_asm+0x1a/0x30 [ 12.890332] </TASK> [ 12.890345] [ 12.901060] Allocated by task 162: [ 12.901395] kasan_save_stack+0x45/0x70 [ 12.901849] kasan_save_track+0x18/0x40 [ 12.902176] kasan_save_alloc_info+0x3b/0x50 [ 12.902603] __kasan_kmalloc+0xb7/0xc0 [ 12.902815] __kmalloc_cache_noprof+0x189/0x420 [ 12.903067] kmalloc_big_oob_right+0xa9/0x370 [ 12.903251] kunit_try_run_case+0x1a5/0x480 [ 12.903908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.904331] kthread+0x337/0x6f0 [ 12.904509] ret_from_fork+0x116/0x1d0 [ 12.904717] ret_from_fork_asm+0x1a/0x30 [ 12.904986] [ 12.905140] The buggy address belongs to the object at ffff888103998000 [ 12.905140] which belongs to the cache kmalloc-8k of size 8192 [ 12.905934] The buggy address is located 0 bytes to the right of [ 12.905934] allocated 7936-byte region [ffff888103998000, ffff888103999f00) [ 12.907113] [ 12.907262] The buggy address belongs to the physical page: [ 12.907471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103998 [ 12.907755] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.908347] flags: 0x200000000000040(head|node=0|zone=2) [ 12.908560] page_type: f5(slab) [ 12.908704] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.910149] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.911482] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.912752] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.913971] head: 0200000000000003 ffffea00040e6601 00000000ffffffff 00000000ffffffff [ 12.914938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.915222] page dumped because: kasan: bad access detected [ 12.915418] [ 12.915500] Memory state around the buggy address: [ 12.915679] ffff888103999e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916858] ffff888103999e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.917922] >ffff888103999f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.919517] ^ [ 12.920068] ffff888103999f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.921115] ffff88810399a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.922111] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 12.835502] ================================================================== [ 12.836090] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.836770] Write of size 1 at addr ffff8881029e8d78 by task kunit_try_catch/160 [ 12.837202] [ 12.837669] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.837727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.837741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.837766] Call Trace: [ 12.837934] <TASK> [ 12.837966] dump_stack_lvl+0x73/0xb0 [ 12.838006] print_report+0xd1/0x650 [ 12.838033] ? __virt_addr_valid+0x1db/0x2d0 [ 12.838059] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.838097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.838121] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.838150] kasan_report+0x141/0x180 [ 12.838175] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.838207] __asan_report_store1_noabort+0x1b/0x30 [ 12.838230] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.838256] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.838284] ? __schedule+0x10cc/0x2b60 [ 12.838308] ? __pfx_read_tsc+0x10/0x10 [ 12.838332] ? ktime_get_ts64+0x86/0x230 [ 12.838359] kunit_try_run_case+0x1a5/0x480 [ 12.838388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.838412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.838437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.838461] ? __kthread_parkme+0x82/0x180 [ 12.838484] ? preempt_count_sub+0x50/0x80 [ 12.838510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.838536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.838560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.838585] kthread+0x337/0x6f0 [ 12.838606] ? trace_preempt_on+0x20/0xc0 [ 12.838632] ? __pfx_kthread+0x10/0x10 [ 12.838654] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.838676] ? calculate_sigpending+0x7b/0xa0 [ 12.838703] ? __pfx_kthread+0x10/0x10 [ 12.838726] ret_from_fork+0x116/0x1d0 [ 12.838746] ? __pfx_kthread+0x10/0x10 [ 12.838768] ret_from_fork_asm+0x1a/0x30 [ 12.838815] </TASK> [ 12.838829] [ 12.849622] Allocated by task 160: [ 12.849797] kasan_save_stack+0x45/0x70 [ 12.849968] kasan_save_track+0x18/0x40 [ 12.850691] kasan_save_alloc_info+0x3b/0x50 [ 12.851683] __kasan_kmalloc+0xb7/0xc0 [ 12.852410] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.853300] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.853999] kunit_try_run_case+0x1a5/0x480 [ 12.854675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.855359] kthread+0x337/0x6f0 [ 12.855506] ret_from_fork+0x116/0x1d0 [ 12.855653] ret_from_fork_asm+0x1a/0x30 [ 12.855818] [ 12.855898] The buggy address belongs to the object at ffff8881029e8d00 [ 12.855898] which belongs to the cache kmalloc-128 of size 128 [ 12.857443] The buggy address is located 0 bytes to the right of [ 12.857443] allocated 120-byte region [ffff8881029e8d00, ffff8881029e8d78) [ 12.857992] [ 12.858419] The buggy address belongs to the physical page: [ 12.858679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 12.859252] flags: 0x200000000000000(node=0|zone=2) [ 12.859659] page_type: f5(slab) [ 12.859977] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.860541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.860941] page dumped because: kasan: bad access detected [ 12.861449] [ 12.861533] Memory state around the buggy address: [ 12.861797] ffff8881029e8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.862668] ffff8881029e8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.863062] >ffff8881029e8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.863632] ^ [ 12.863987] ffff8881029e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.864588] ffff8881029e8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.865051] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 12.804694] ================================================================== [ 12.805427] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 12.805805] Read of size 1 at addr ffff888102aad000 by task kunit_try_catch/158 [ 12.806363] [ 12.806530] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.806588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.806603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.806629] Call Trace: [ 12.806647] <TASK> [ 12.806671] dump_stack_lvl+0x73/0xb0 [ 12.806711] print_report+0xd1/0x650 [ 12.806738] ? __virt_addr_valid+0x1db/0x2d0 [ 12.806766] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.806807] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.806832] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.806858] kasan_report+0x141/0x180 [ 12.806883] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.806915] __asan_report_load1_noabort+0x18/0x20 [ 12.806942] kmalloc_node_oob_right+0x369/0x3c0 [ 12.806969] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 12.806998] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 12.807029] kunit_try_run_case+0x1a5/0x480 [ 12.807058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.807082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.807110] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.807135] ? __kthread_parkme+0x82/0x180 [ 12.807160] ? preempt_count_sub+0x50/0x80 [ 12.807188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.807213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.807239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.807264] kthread+0x337/0x6f0 [ 12.807285] ? trace_preempt_on+0x20/0xc0 [ 12.807312] ? __pfx_kthread+0x10/0x10 [ 12.807334] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.807358] ? calculate_sigpending+0x7b/0xa0 [ 12.807385] ? __pfx_kthread+0x10/0x10 [ 12.807409] ret_from_fork+0x116/0x1d0 [ 12.807432] ? __pfx_kthread+0x10/0x10 [ 12.807458] ret_from_fork_asm+0x1a/0x30 [ 12.807494] </TASK> [ 12.807508] [ 12.817832] Allocated by task 158: [ 12.818171] kasan_save_stack+0x45/0x70 [ 12.818554] kasan_save_track+0x18/0x40 [ 12.818722] kasan_save_alloc_info+0x3b/0x50 [ 12.819252] __kasan_kmalloc+0xb7/0xc0 [ 12.819571] __kmalloc_cache_node_noprof+0x188/0x420 [ 12.819945] kmalloc_node_oob_right+0xab/0x3c0 [ 12.820233] kunit_try_run_case+0x1a5/0x480 [ 12.820615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.820906] kthread+0x337/0x6f0 [ 12.821082] ret_from_fork+0x116/0x1d0 [ 12.821418] ret_from_fork_asm+0x1a/0x30 [ 12.821633] [ 12.821747] The buggy address belongs to the object at ffff888102aac000 [ 12.821747] which belongs to the cache kmalloc-4k of size 4096 [ 12.822811] The buggy address is located 0 bytes to the right of [ 12.822811] allocated 4096-byte region [ffff888102aac000, ffff888102aad000) [ 12.823560] [ 12.823855] The buggy address belongs to the physical page: [ 12.824268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa8 [ 12.824950] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.825486] flags: 0x200000000000040(head|node=0|zone=2) [ 12.825872] page_type: f5(slab) [ 12.826028] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.826486] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.826871] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.827316] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.827659] head: 0200000000000003 ffffea00040aaa01 00000000ffffffff 00000000ffffffff [ 12.827997] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.828369] page dumped because: kasan: bad access detected [ 12.829013] [ 12.829129] Memory state around the buggy address: [ 12.829346] ffff888102aacf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.829761] ffff888102aacf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.830086] >ffff888102aad000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.830588] ^ [ 12.830751] ffff888102aad080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.831128] ffff888102aad100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.831407] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 12.770060] ================================================================== [ 12.771274] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 12.771658] Read of size 1 at addr ffff88810216f09f by task kunit_try_catch/156 [ 12.771993] [ 12.772240] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.772301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.772315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.772344] Call Trace: [ 12.772360] <TASK> [ 12.772385] dump_stack_lvl+0x73/0xb0 [ 12.772425] print_report+0xd1/0x650 [ 12.772454] ? __virt_addr_valid+0x1db/0x2d0 [ 12.772484] ? kmalloc_oob_left+0x361/0x3c0 [ 12.772509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.772533] ? kmalloc_oob_left+0x361/0x3c0 [ 12.772557] kasan_report+0x141/0x180 [ 12.772582] ? kmalloc_oob_left+0x361/0x3c0 [ 12.772612] __asan_report_load1_noabort+0x18/0x20 [ 12.772639] kmalloc_oob_left+0x361/0x3c0 [ 12.772664] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 12.772689] ? __schedule+0x10cc/0x2b60 [ 12.772716] ? __pfx_read_tsc+0x10/0x10 [ 12.772740] ? ktime_get_ts64+0x86/0x230 [ 12.772770] kunit_try_run_case+0x1a5/0x480 [ 12.772814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.772838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.772865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.772891] ? __kthread_parkme+0x82/0x180 [ 12.772915] ? preempt_count_sub+0x50/0x80 [ 12.772943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.772968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.772994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.773019] kthread+0x337/0x6f0 [ 12.773041] ? trace_preempt_on+0x20/0xc0 [ 12.773092] ? __pfx_kthread+0x10/0x10 [ 12.773116] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.773432] ? calculate_sigpending+0x7b/0xa0 [ 12.773462] ? __pfx_kthread+0x10/0x10 [ 12.773487] ret_from_fork+0x116/0x1d0 [ 12.773509] ? __pfx_kthread+0x10/0x10 [ 12.773532] ret_from_fork_asm+0x1a/0x30 [ 12.773568] </TASK> [ 12.773581] [ 12.786502] Allocated by task 1: [ 12.786810] kasan_save_stack+0x45/0x70 [ 12.787148] kasan_save_track+0x18/0x40 [ 12.787601] kasan_save_alloc_info+0x3b/0x50 [ 12.788117] __kasan_kmalloc+0xb7/0xc0 [ 12.788379] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.788588] kvasprintf+0xc5/0x150 [ 12.788729] __kthread_create_on_node+0x18b/0x3a0 [ 12.788929] kthread_create_on_node+0xab/0xe0 [ 12.789149] create_worker+0x3e5/0x7b0 [ 12.789755] alloc_unbound_pwq+0x8ea/0xdb0 [ 12.789991] apply_wqattrs_prepare+0x332/0xd20 [ 12.790293] apply_workqueue_attrs_locked+0x4d/0xa0 [ 12.790610] alloc_workqueue+0xcc7/0x1ad0 [ 12.790832] latency_fsnotify_init+0x1b/0x50 [ 12.791030] do_one_initcall+0xd8/0x370 [ 12.791663] kernel_init_freeable+0x420/0x6f0 [ 12.791959] kernel_init+0x23/0x1e0 [ 12.792135] ret_from_fork+0x116/0x1d0 [ 12.792382] ret_from_fork_asm+0x1a/0x30 [ 12.792566] [ 12.792680] The buggy address belongs to the object at ffff88810216f080 [ 12.792680] which belongs to the cache kmalloc-16 of size 16 [ 12.793858] The buggy address is located 18 bytes to the right of [ 12.793858] allocated 13-byte region [ffff88810216f080, ffff88810216f08d) [ 12.794768] [ 12.794900] The buggy address belongs to the physical page: [ 12.795407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10216f [ 12.795918] flags: 0x200000000000000(node=0|zone=2) [ 12.796353] page_type: f5(slab) [ 12.796517] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.797036] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.797725] page dumped because: kasan: bad access detected [ 12.798036] [ 12.798144] Memory state around the buggy address: [ 12.798699] ffff88810216ef80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.799224] ffff88810216f000: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 12.799662] >ffff88810216f080: 00 05 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 12.800110] ^ [ 12.800402] ffff88810216f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.800714] ffff88810216f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.801059] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 12.744092] ================================================================== [ 12.744528] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 12.744892] Read of size 1 at addr ffff8881029e8c80 by task kunit_try_catch/154 [ 12.745243] [ 12.745400] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.745450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.745464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.745490] Call Trace: [ 12.745512] <TASK> [ 12.745535] dump_stack_lvl+0x73/0xb0 [ 12.745568] print_report+0xd1/0x650 [ 12.745594] ? __virt_addr_valid+0x1db/0x2d0 [ 12.745620] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.745643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.745667] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.745691] kasan_report+0x141/0x180 [ 12.745715] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.745744] __asan_report_load1_noabort+0x18/0x20 [ 12.745771] kmalloc_oob_right+0x68a/0x7f0 [ 12.745807] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.745832] ? __schedule+0x10cc/0x2b60 [ 12.745857] ? __pfx_read_tsc+0x10/0x10 [ 12.745881] ? ktime_get_ts64+0x86/0x230 [ 12.745908] kunit_try_run_case+0x1a5/0x480 [ 12.745935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.745959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.745984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.746009] ? __kthread_parkme+0x82/0x180 [ 12.746031] ? preempt_count_sub+0x50/0x80 [ 12.746058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.746084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.746108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.746336] kthread+0x337/0x6f0 [ 12.746363] ? trace_preempt_on+0x20/0xc0 [ 12.746392] ? __pfx_kthread+0x10/0x10 [ 12.746415] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.746439] ? calculate_sigpending+0x7b/0xa0 [ 12.746466] ? __pfx_kthread+0x10/0x10 [ 12.746490] ret_from_fork+0x116/0x1d0 [ 12.746511] ? __pfx_kthread+0x10/0x10 [ 12.746534] ret_from_fork_asm+0x1a/0x30 [ 12.746569] </TASK> [ 12.746583] [ 12.754948] Allocated by task 154: [ 12.755171] kasan_save_stack+0x45/0x70 [ 12.755503] kasan_save_track+0x18/0x40 [ 12.755705] kasan_save_alloc_info+0x3b/0x50 [ 12.755935] __kasan_kmalloc+0xb7/0xc0 [ 12.756246] __kmalloc_cache_noprof+0x189/0x420 [ 12.756486] kmalloc_oob_right+0xa9/0x7f0 [ 12.756672] kunit_try_run_case+0x1a5/0x480 [ 12.756850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.757129] kthread+0x337/0x6f0 [ 12.757419] ret_from_fork+0x116/0x1d0 [ 12.757648] ret_from_fork_asm+0x1a/0x30 [ 12.757896] [ 12.757982] The buggy address belongs to the object at ffff8881029e8c00 [ 12.757982] which belongs to the cache kmalloc-128 of size 128 [ 12.758841] The buggy address is located 13 bytes to the right of [ 12.758841] allocated 115-byte region [ffff8881029e8c00, ffff8881029e8c73) [ 12.759627] [ 12.759749] The buggy address belongs to the physical page: [ 12.760050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 12.760540] flags: 0x200000000000000(node=0|zone=2) [ 12.760735] page_type: f5(slab) [ 12.760940] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.761452] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.761866] page dumped because: kasan: bad access detected [ 12.762347] [ 12.762477] Memory state around the buggy address: [ 12.762693] ffff8881029e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.763067] ffff8881029e8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.763507] >ffff8881029e8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.763839] ^ [ 12.764036] ffff8881029e8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.764355] ffff8881029e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.764663] ================================================================== [ 12.715492] ================================================================== [ 12.715780] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 12.716073] Write of size 1 at addr ffff8881029e8c78 by task kunit_try_catch/154 [ 12.716348] [ 12.716456] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.716508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.716522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.716549] Call Trace: [ 12.716571] <TASK> [ 12.716593] dump_stack_lvl+0x73/0xb0 [ 12.717521] print_report+0xd1/0x650 [ 12.717565] ? __virt_addr_valid+0x1db/0x2d0 [ 12.717610] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.717634] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.717658] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.717682] kasan_report+0x141/0x180 [ 12.717707] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.717737] __asan_report_store1_noabort+0x1b/0x30 [ 12.717760] kmalloc_oob_right+0x6bd/0x7f0 [ 12.717797] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.717833] ? __schedule+0x10cc/0x2b60 [ 12.717858] ? __pfx_read_tsc+0x10/0x10 [ 12.717882] ? ktime_get_ts64+0x86/0x230 [ 12.717910] kunit_try_run_case+0x1a5/0x480 [ 12.717937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.717961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.717987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.718011] ? __kthread_parkme+0x82/0x180 [ 12.718035] ? preempt_count_sub+0x50/0x80 [ 12.718062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.718087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.718112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.718136] kthread+0x337/0x6f0 [ 12.718157] ? trace_preempt_on+0x20/0xc0 [ 12.718311] ? __pfx_kthread+0x10/0x10 [ 12.718335] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.718359] ? calculate_sigpending+0x7b/0xa0 [ 12.718386] ? __pfx_kthread+0x10/0x10 [ 12.718410] ret_from_fork+0x116/0x1d0 [ 12.718431] ? __pfx_kthread+0x10/0x10 [ 12.718454] ret_from_fork_asm+0x1a/0x30 [ 12.718490] </TASK> [ 12.718503] [ 12.732030] Allocated by task 154: [ 12.732542] kasan_save_stack+0x45/0x70 [ 12.733002] kasan_save_track+0x18/0x40 [ 12.733503] kasan_save_alloc_info+0x3b/0x50 [ 12.733686] __kasan_kmalloc+0xb7/0xc0 [ 12.733856] __kmalloc_cache_noprof+0x189/0x420 [ 12.734046] kmalloc_oob_right+0xa9/0x7f0 [ 12.734699] kunit_try_run_case+0x1a5/0x480 [ 12.735212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.735832] kthread+0x337/0x6f0 [ 12.736293] ret_from_fork+0x116/0x1d0 [ 12.736690] ret_from_fork_asm+0x1a/0x30 [ 12.737200] [ 12.737302] The buggy address belongs to the object at ffff8881029e8c00 [ 12.737302] which belongs to the cache kmalloc-128 of size 128 [ 12.737705] The buggy address is located 5 bytes to the right of [ 12.737705] allocated 115-byte region [ffff8881029e8c00, ffff8881029e8c73) [ 12.738452] [ 12.738554] The buggy address belongs to the physical page: [ 12.738838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 12.739262] flags: 0x200000000000000(node=0|zone=2) [ 12.739487] page_type: f5(slab) [ 12.739644] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.740009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.740311] page dumped because: kasan: bad access detected [ 12.740595] [ 12.740702] Memory state around the buggy address: [ 12.741026] ffff8881029e8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.741444] ffff8881029e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.741821] >ffff8881029e8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.742360] ^ [ 12.742697] ffff8881029e8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.743041] ffff8881029e8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.743439] ================================================================== [ 12.681833] ================================================================== [ 12.682592] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 12.683437] Write of size 1 at addr ffff8881029e8c73 by task kunit_try_catch/154 [ 12.683912] [ 12.685066] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.685545] Tainted: [N]=TEST [ 12.685586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.685835] Call Trace: [ 12.685913] <TASK> [ 12.686098] dump_stack_lvl+0x73/0xb0 [ 12.686224] print_report+0xd1/0x650 [ 12.686258] ? __virt_addr_valid+0x1db/0x2d0 [ 12.686286] ? kmalloc_oob_right+0x6f0/0x7f0 [ 12.686310] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.686335] ? kmalloc_oob_right+0x6f0/0x7f0 [ 12.686359] kasan_report+0x141/0x180 [ 12.686383] ? kmalloc_oob_right+0x6f0/0x7f0 [ 12.686412] __asan_report_store1_noabort+0x1b/0x30 [ 12.686435] kmalloc_oob_right+0x6f0/0x7f0 [ 12.686460] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.686484] ? __schedule+0x10cc/0x2b60 [ 12.686510] ? __pfx_read_tsc+0x10/0x10 [ 12.686534] ? ktime_get_ts64+0x86/0x230 [ 12.686563] kunit_try_run_case+0x1a5/0x480 [ 12.686593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.686617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.686644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.686669] ? __kthread_parkme+0x82/0x180 [ 12.686693] ? preempt_count_sub+0x50/0x80 [ 12.686720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.686745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.686770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.686809] kthread+0x337/0x6f0 [ 12.686831] ? trace_preempt_on+0x20/0xc0 [ 12.686859] ? __pfx_kthread+0x10/0x10 [ 12.686881] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.686904] ? calculate_sigpending+0x7b/0xa0 [ 12.686931] ? __pfx_kthread+0x10/0x10 [ 12.686954] ret_from_fork+0x116/0x1d0 [ 12.686975] ? __pfx_kthread+0x10/0x10 [ 12.686997] ret_from_fork_asm+0x1a/0x30 [ 12.687060] </TASK> [ 12.687177] [ 12.696209] Allocated by task 154: [ 12.697274] kasan_save_stack+0x45/0x70 [ 12.697842] kasan_save_track+0x18/0x40 [ 12.698013] kasan_save_alloc_info+0x3b/0x50 [ 12.698625] __kasan_kmalloc+0xb7/0xc0 [ 12.698816] __kmalloc_cache_noprof+0x189/0x420 [ 12.699118] kmalloc_oob_right+0xa9/0x7f0 [ 12.699369] kunit_try_run_case+0x1a5/0x480 [ 12.700037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.700458] kthread+0x337/0x6f0 [ 12.700618] ret_from_fork+0x116/0x1d0 [ 12.701086] ret_from_fork_asm+0x1a/0x30 [ 12.701629] [ 12.702050] The buggy address belongs to the object at ffff8881029e8c00 [ 12.702050] which belongs to the cache kmalloc-128 of size 128 [ 12.703154] The buggy address is located 0 bytes to the right of [ 12.703154] allocated 115-byte region [ffff8881029e8c00, ffff8881029e8c73) [ 12.704002] [ 12.704584] The buggy address belongs to the physical page: [ 12.705277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 12.706114] flags: 0x200000000000000(node=0|zone=2) [ 12.706857] page_type: f5(slab) [ 12.707434] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.707749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.708304] page dumped because: kasan: bad access detected [ 12.708631] [ 12.708756] Memory state around the buggy address: [ 12.709599] ffff8881029e8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.710287] ffff8881029e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.711160] >ffff8881029e8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.711932] ^ [ 12.712481] ffff8881029e8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.713291] ffff8881029e8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.714238] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 163.534684] WARNING: CPU: 1 PID: 2766 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 163.535291] Modules linked in: [ 163.535523] CPU: 1 UID: 0 PID: 2766 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 163.536115] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.536533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.537166] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 163.537763] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 163.538777] RSP: 0000:ffff88810a45fc78 EFLAGS: 00010286 [ 163.539135] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 163.539502] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffba432ef4 [ 163.539866] RBP: ffff88810a45fca0 R08: 0000000000000000 R09: ffffed1020630520 [ 163.540351] R10: ffff888103182907 R11: 0000000000000000 R12: ffffffffba432ee0 [ 163.540697] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a45fd38 [ 163.541057] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 163.541708] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.542115] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 163.542646] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 163.542984] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.543467] Call Trace: [ 163.543681] <TASK> [ 163.543881] drm_test_rect_calc_vscale+0x108/0x270 [ 163.544168] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 163.544496] ? __schedule+0x10cc/0x2b60 [ 163.545076] ? __pfx_read_tsc+0x10/0x10 [ 163.545459] ? ktime_get_ts64+0x86/0x230 [ 163.545703] kunit_try_run_case+0x1a5/0x480 [ 163.545934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.546339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.546629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.546893] ? __kthread_parkme+0x82/0x180 [ 163.547157] ? preempt_count_sub+0x50/0x80 [ 163.547458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.547758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.548090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.548501] kthread+0x337/0x6f0 [ 163.548768] ? trace_preempt_on+0x20/0xc0 [ 163.549010] ? __pfx_kthread+0x10/0x10 [ 163.549460] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.549779] ? calculate_sigpending+0x7b/0xa0 [ 163.550048] ? __pfx_kthread+0x10/0x10 [ 163.550408] ret_from_fork+0x116/0x1d0 [ 163.550654] ? __pfx_kthread+0x10/0x10 [ 163.550976] ret_from_fork_asm+0x1a/0x30 [ 163.551358] </TASK> [ 163.551546] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 163.507654] WARNING: CPU: 0 PID: 2764 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 163.508813] Modules linked in: [ 163.509344] CPU: 0 UID: 0 PID: 2764 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 163.509748] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.509966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.511669] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 163.512359] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 163.514442] RSP: 0000:ffff88810ab47c78 EFLAGS: 00010286 [ 163.515052] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 163.515706] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffba432ebc [ 163.516297] RBP: ffff88810ab47ca0 R08: 0000000000000000 R09: ffffed1021a7dac0 [ 163.517081] R10: ffff88810d3ed607 R11: 0000000000000000 R12: ffffffffba432ea8 [ 163.517867] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ab47d38 [ 163.518511] FS: 0000000000000000(0000) GS:ffff88819ec74000(0000) knlGS:0000000000000000 [ 163.518810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.519128] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 163.520307] DR0: ffffffffbc450440 DR1: ffffffffbc450441 DR2: ffffffffbc450443 [ 163.521005] DR3: ffffffffbc450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.522091] Call Trace: [ 163.522591] <TASK> [ 163.522884] drm_test_rect_calc_vscale+0x108/0x270 [ 163.523338] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 163.523553] ? __schedule+0x10cc/0x2b60 [ 163.523721] ? __pfx_read_tsc+0x10/0x10 [ 163.523913] ? ktime_get_ts64+0x86/0x230 [ 163.524127] kunit_try_run_case+0x1a5/0x480 [ 163.524439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.524677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.524945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.525300] ? __kthread_parkme+0x82/0x180 [ 163.525513] ? preempt_count_sub+0x50/0x80 [ 163.525760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.526050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.526291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.526589] kthread+0x337/0x6f0 [ 163.527067] ? trace_preempt_on+0x20/0xc0 [ 163.527401] ? __pfx_kthread+0x10/0x10 [ 163.527613] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.527868] ? calculate_sigpending+0x7b/0xa0 [ 163.528111] ? __pfx_kthread+0x10/0x10 [ 163.528403] ret_from_fork+0x116/0x1d0 [ 163.528599] ? __pfx_kthread+0x10/0x10 [ 163.528755] ret_from_fork_asm+0x1a/0x30 [ 163.528936] </TASK> [ 163.529120] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 163.441721] WARNING: CPU: 0 PID: 2752 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 163.442829] Modules linked in: [ 163.443029] CPU: 0 UID: 0 PID: 2752 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 163.444292] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.444725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.445049] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 163.445398] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 163.446126] RSP: 0000:ffff88810ab87c78 EFLAGS: 00010286 [ 163.446483] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 163.446805] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffba432ec0 [ 163.447141] RBP: ffff88810ab87ca0 R08: 0000000000000000 R09: ffffed1021a7da00 [ 163.447804] R10: ffff88810d3ed007 R11: 0000000000000000 R12: ffffffffba432ea8 [ 163.448367] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ab87d38 [ 163.448804] FS: 0000000000000000(0000) GS:ffff88819ec74000(0000) knlGS:0000000000000000 [ 163.449344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.449621] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 163.449953] DR0: ffffffffbc450440 DR1: ffffffffbc450441 DR2: ffffffffbc450443 [ 163.450539] DR3: ffffffffbc450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.451018] Call Trace: [ 163.451226] <TASK> [ 163.451628] drm_test_rect_calc_hscale+0x108/0x270 [ 163.451916] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 163.452452] ? __schedule+0x10cc/0x2b60 [ 163.452844] ? __pfx_read_tsc+0x10/0x10 [ 163.453489] ? ktime_get_ts64+0x86/0x230 [ 163.453717] kunit_try_run_case+0x1a5/0x480 [ 163.454097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.454809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.455088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.455549] ? __kthread_parkme+0x82/0x180 [ 163.456058] ? preempt_count_sub+0x50/0x80 [ 163.456552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.456829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.457097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.457764] kthread+0x337/0x6f0 [ 163.458128] ? trace_preempt_on+0x20/0xc0 [ 163.458713] ? __pfx_kthread+0x10/0x10 [ 163.459089] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.459668] ? calculate_sigpending+0x7b/0xa0 [ 163.460039] ? __pfx_kthread+0x10/0x10 [ 163.460547] ret_from_fork+0x116/0x1d0 [ 163.460792] ? __pfx_kthread+0x10/0x10 [ 163.460997] ret_from_fork_asm+0x1a/0x30 [ 163.461605] </TASK> [ 163.461753] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 163.466708] WARNING: CPU: 1 PID: 2754 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 163.467533] Modules linked in: [ 163.467873] CPU: 1 UID: 0 PID: 2754 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 163.468672] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.468980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.469751] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 163.470034] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 163.471260] RSP: 0000:ffff88810a45fc78 EFLAGS: 00010286 [ 163.471660] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 163.472011] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffba432ef8 [ 163.472542] RBP: ffff88810a45fca0 R08: 0000000000000000 R09: ffffed1020630480 [ 163.473018] R10: ffff888103182407 R11: 0000000000000000 R12: ffffffffba432ee0 [ 163.473432] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a45fd38 [ 163.473745] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 163.474105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.474767] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 163.475389] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 163.475851] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.476370] Call Trace: [ 163.476535] <TASK> [ 163.476925] drm_test_rect_calc_hscale+0x108/0x270 [ 163.477422] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 163.477725] ? __schedule+0x10cc/0x2b60 [ 163.477973] ? __pfx_read_tsc+0x10/0x10 [ 163.478186] ? ktime_get_ts64+0x86/0x230 [ 163.478508] kunit_try_run_case+0x1a5/0x480 [ 163.478775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.479017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.479310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.479638] ? __kthread_parkme+0x82/0x180 [ 163.479904] ? preempt_count_sub+0x50/0x80 [ 163.480165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.480384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.480813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.481093] kthread+0x337/0x6f0 [ 163.481252] ? trace_preempt_on+0x20/0xc0 [ 163.481496] ? __pfx_kthread+0x10/0x10 [ 163.481959] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.482375] ? calculate_sigpending+0x7b/0xa0 [ 163.482615] ? __pfx_kthread+0x10/0x10 [ 163.482823] ret_from_fork+0x116/0x1d0 [ 163.482996] ? __pfx_kthread+0x10/0x10 [ 163.483214] ret_from_fork_asm+0x1a/0x30 [ 163.483543] </TASK> [ 163.483665] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 162.678684] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 162.678816] WARNING: CPU: 1 PID: 2569 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 162.680171] Modules linked in: [ 162.680593] CPU: 1 UID: 0 PID: 2569 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 162.681234] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 162.681550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 162.682021] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 162.682345] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d 1d 80 00 48 c7 c1 a0 7d 3e ba 4c 89 f2 48 c7 c7 60 7a 3e ba 48 89 c6 e8 a4 d2 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 162.683167] RSP: 0000:ffff88810a357d18 EFLAGS: 00010286 [ 162.683539] RAX: 0000000000000000 RBX: ffff888109110400 RCX: 1ffffffff7624c80 [ 162.683887] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 162.684224] RBP: ffff88810a357d48 R08: 0000000000000000 R09: fffffbfff7624c80 [ 162.684660] R10: 0000000000000003 R11: 0000000000038770 R12: ffff88810a0bc800 [ 162.685002] R13: ffff8881091104f8 R14: ffff888102e16980 R15: ffff88810039fb40 [ 162.685339] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 162.685897] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.686266] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 162.687274] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 162.687892] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 162.688412] Call Trace: [ 162.688586] <TASK> [ 162.689059] ? trace_preempt_on+0x20/0xc0 [ 162.689291] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 162.690103] drm_gem_shmem_free_wrapper+0x12/0x20 [ 162.690609] __kunit_action_free+0x57/0x70 [ 162.690879] kunit_remove_resource+0x133/0x200 [ 162.691431] ? preempt_count_sub+0x50/0x80 [ 162.691817] kunit_cleanup+0x7a/0x120 [ 162.692407] kunit_try_run_case_cleanup+0xbd/0xf0 [ 162.692672] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 162.693087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 162.693797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 162.694148] kthread+0x337/0x6f0 [ 162.694665] ? trace_preempt_on+0x20/0xc0 [ 162.695023] ? __pfx_kthread+0x10/0x10 [ 162.695453] ? _raw_spin_unlock_irq+0x47/0x80 [ 162.695700] ? calculate_sigpending+0x7b/0xa0 [ 162.695953] ? __pfx_kthread+0x10/0x10 [ 162.696537] ret_from_fork+0x116/0x1d0 [ 162.696921] ? __pfx_kthread+0x10/0x10 [ 162.697579] ret_from_fork_asm+0x1a/0x30 [ 162.697839] </TASK> [ 162.698306] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 162.504800] WARNING: CPU: 1 PID: 2550 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 162.506367] Modules linked in: [ 162.506978] CPU: 1 UID: 0 PID: 2550 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 162.508631] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 162.509494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 162.510589] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 162.511422] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 162.513060] RSP: 0000:ffff88810a257b30 EFLAGS: 00010246 [ 162.513758] RAX: dffffc0000000000 RBX: ffff88810a257c28 RCX: 0000000000000000 [ 162.514777] RDX: 1ffff1102144af8e RSI: ffff88810a257c28 RDI: ffff88810a257c70 [ 162.515554] RBP: ffff88810a257b70 R08: ffff88810a386000 R09: ffffffffba3d80e0 [ 162.516558] R10: 0000000000000003 R11: 000000008778722e R12: ffff88810a386000 [ 162.517587] R13: ffff88810039fae8 R14: ffff88810a257ba8 R15: 0000000000000000 [ 162.518507] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 162.519456] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.519998] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 162.521200] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 162.522050] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 162.522946] Call Trace: [ 162.523408] <TASK> [ 162.523879] ? add_dr+0xc1/0x1d0 [ 162.524742] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 162.525832] ? add_dr+0x148/0x1d0 [ 162.526493] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 162.527386] ? __drmm_add_action+0x1a4/0x280 [ 162.527867] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 162.528630] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 162.529557] ? __drmm_add_action_or_reset+0x22/0x50 [ 162.530116] ? __schedule+0x10cc/0x2b60 [ 162.530954] ? __pfx_read_tsc+0x10/0x10 [ 162.531466] ? ktime_get_ts64+0x86/0x230 [ 162.532473] kunit_try_run_case+0x1a5/0x480 [ 162.533218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.533559] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 162.533759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 162.533964] ? __kthread_parkme+0x82/0x180 [ 162.534146] ? preempt_count_sub+0x50/0x80 [ 162.534319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.534506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 162.534708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 162.535224] kthread+0x337/0x6f0 [ 162.535592] ? trace_preempt_on+0x20/0xc0 [ 162.536123] ? __pfx_kthread+0x10/0x10 [ 162.536644] ? _raw_spin_unlock_irq+0x47/0x80 [ 162.537324] ? calculate_sigpending+0x7b/0xa0 [ 162.537937] ? __pfx_kthread+0x10/0x10 [ 162.538461] ret_from_fork+0x116/0x1d0 [ 162.538944] ? __pfx_kthread+0x10/0x10 [ 162.539456] ret_from_fork_asm+0x1a/0x30 [ 162.540066] </TASK> [ 162.540389] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 162.459080] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 162.459322] WARNING: CPU: 1 PID: 2546 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 162.462099] Modules linked in: [ 162.462345] CPU: 1 UID: 0 PID: 2546 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 162.462720] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 162.463040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 162.463913] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 162.464631] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b 3a 87 00 48 c7 c1 c0 2f 3d ba 4c 89 fa 48 c7 c7 20 30 3d ba 48 89 c6 e8 72 ef 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 162.466419] RSP: 0000:ffff88810a3c7b68 EFLAGS: 00010282 [ 162.466820] RAX: 0000000000000000 RBX: ffff88810a3c7c40 RCX: 1ffffffff7624c80 [ 162.467060] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 162.467737] RBP: ffff88810a3c7b90 R08: 0000000000000000 R09: fffffbfff7624c80 [ 162.468642] R10: 0000000000000003 R11: 0000000000036db8 R12: ffff88810a3c7c18 [ 162.469513] R13: ffff88810a213800 R14: ffff88810a382000 R15: ffff888102e69f80 [ 162.470065] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 162.470473] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.471332] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 162.472279] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 162.473030] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 162.473746] Call Trace: [ 162.473891] <TASK> [ 162.474016] drm_test_framebuffer_free+0x1ab/0x610 [ 162.474263] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 162.474820] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 162.475155] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 162.475882] ? __drmm_add_action_or_reset+0x22/0x50 [ 162.476487] ? __schedule+0x10cc/0x2b60 [ 162.476737] ? __pfx_read_tsc+0x10/0x10 [ 162.476971] ? ktime_get_ts64+0x86/0x230 [ 162.477684] kunit_try_run_case+0x1a5/0x480 [ 162.478106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.478437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 162.478692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 162.478960] ? __kthread_parkme+0x82/0x180 [ 162.479810] ? preempt_count_sub+0x50/0x80 [ 162.480409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.480658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 162.480950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 162.481768] kthread+0x337/0x6f0 [ 162.482050] ? trace_preempt_on+0x20/0xc0 [ 162.482537] ? __pfx_kthread+0x10/0x10 [ 162.482755] ? _raw_spin_unlock_irq+0x47/0x80 [ 162.483448] ? calculate_sigpending+0x7b/0xa0 [ 162.483956] ? __pfx_kthread+0x10/0x10 [ 162.484671] ret_from_fork+0x116/0x1d0 [ 162.484920] ? __pfx_kthread+0x10/0x10 [ 162.485386] ret_from_fork_asm+0x1a/0x30 [ 162.486000] </TASK> [ 162.486166] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 160.992598] WARNING: CPU: 0 PID: 1984 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 160.993125] Modules linked in: [ 160.993434] CPU: 0 UID: 0 PID: 1984 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 160.993907] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 160.994441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 160.994868] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 160.995184] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 160.996512] RSP: 0000:ffff88810ea67c90 EFLAGS: 00010246 [ 160.996836] RAX: dffffc0000000000 RBX: ffff88810e914000 RCX: 0000000000000000 [ 160.997145] RDX: 1ffff11021d22832 RSI: ffffffffb7604648 RDI: ffff88810e914190 [ 160.997630] RBP: ffff88810ea67ca0 R08: 1ffff11020073f69 R09: ffffed1021d4cf65 [ 160.998043] R10: 0000000000000003 R11: ffffffffb6b86fa8 R12: 0000000000000000 [ 160.998488] R13: ffff88810ea67d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 160.998847] FS: 0000000000000000(0000) GS:ffff88819ec74000(0000) knlGS:0000000000000000 [ 160.999243] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.999770] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 161.000531] DR0: ffffffffbc450440 DR1: ffffffffbc450441 DR2: ffffffffbc450443 [ 161.000903] DR3: ffffffffbc450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 161.001375] Call Trace: [ 161.001560] <TASK> [ 161.001822] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 161.002280] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 161.002734] ? __schedule+0x10cc/0x2b60 [ 161.002922] ? __pfx_read_tsc+0x10/0x10 [ 161.003554] ? ktime_get_ts64+0x86/0x230 [ 161.003758] kunit_try_run_case+0x1a5/0x480 [ 161.004025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 161.004288] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 161.004693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 161.004971] ? __kthread_parkme+0x82/0x180 [ 161.005322] ? preempt_count_sub+0x50/0x80 [ 161.005591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 161.005840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 161.006164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 161.006619] kthread+0x337/0x6f0 [ 161.006857] ? trace_preempt_on+0x20/0xc0 [ 161.007080] ? __pfx_kthread+0x10/0x10 [ 161.007434] ? _raw_spin_unlock_irq+0x47/0x80 [ 161.007720] ? calculate_sigpending+0x7b/0xa0 [ 161.007961] ? __pfx_kthread+0x10/0x10 [ 161.008214] ret_from_fork+0x116/0x1d0 [ 161.008425] ? __pfx_kthread+0x10/0x10 [ 161.008983] ret_from_fork_asm+0x1a/0x30 [ 161.009465] </TASK> [ 161.009617] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 160.894490] WARNING: CPU: 1 PID: 1976 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 160.895612] Modules linked in: [ 160.896030] CPU: 1 UID: 0 PID: 1976 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 160.897350] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 160.898516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 160.899898] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 160.901022] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 160.902606] RSP: 0000:ffff88810e82fc90 EFLAGS: 00010246 [ 160.903440] RAX: dffffc0000000000 RBX: ffff88810e906000 RCX: 0000000000000000 [ 160.903726] RDX: 1ffff11021d20c32 RSI: ffffffffb7604648 RDI: ffff88810e906190 [ 160.903989] RBP: ffff88810e82fca0 R08: 1ffff11020073f69 R09: ffffed1021d05f65 [ 160.904861] R10: 0000000000000003 R11: ffffffffb6b86fa8 R12: 0000000000000000 [ 160.905668] R13: ffff88810e82fd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 160.906380] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 160.906902] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.907123] CR2: 00007ffff7ffe000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 160.907910] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 160.908714] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 160.909747] Call Trace: [ 160.909923] <TASK> [ 160.910050] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 160.910872] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 160.911848] ? __schedule+0x10cc/0x2b60 [ 160.912039] ? __pfx_read_tsc+0x10/0x10 [ 160.912834] ? ktime_get_ts64+0x86/0x230 [ 160.913474] kunit_try_run_case+0x1a5/0x480 [ 160.913954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 160.914612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 160.914912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 160.915366] ? __kthread_parkme+0x82/0x180 [ 160.915820] ? preempt_count_sub+0x50/0x80 [ 160.916235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 160.916709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 160.916938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 160.917186] kthread+0x337/0x6f0 [ 160.917451] ? trace_preempt_on+0x20/0xc0 [ 160.917707] ? __pfx_kthread+0x10/0x10 [ 160.917889] ? _raw_spin_unlock_irq+0x47/0x80 [ 160.918281] ? calculate_sigpending+0x7b/0xa0 [ 160.918507] ? __pfx_kthread+0x10/0x10 [ 160.918896] ret_from_fork+0x116/0x1d0 [ 160.919076] ? __pfx_kthread+0x10/0x10 [ 160.919304] ret_from_fork_asm+0x1a/0x30 [ 160.919547] </TASK> [ 160.919930] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 125.919952] WARNING: CPU: 1 PID: 674 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 125.920716] Modules linked in: [ 125.920991] CPU: 1 UID: 0 PID: 674 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 125.922066] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 125.922562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.923236] RIP: 0010:intlog10+0x2a/0x40 [ 125.923614] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 125.924778] RSP: 0000:ffff88810c9efcb0 EFLAGS: 00010246 [ 125.925099] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102193dfb4 [ 125.925841] RDX: 1ffffffff7452c94 RSI: 1ffff1102193dfb3 RDI: 0000000000000000 [ 125.926250] RBP: ffff88810c9efd60 R08: 0000000000000000 R09: ffffed1021029800 [ 125.926894] R10: ffff88810814c007 R11: 0000000000000000 R12: 1ffff1102193df97 [ 125.927498] R13: ffffffffba2964a0 R14: 0000000000000000 R15: ffff88810c9efd38 [ 125.927861] FS: 0000000000000000(0000) GS:ffff88819ed74000(0000) knlGS:0000000000000000 [ 125.928489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.928939] CR2: ffff88815a934000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 125.929597] DR0: ffffffffbc450444 DR1: ffffffffbc450449 DR2: ffffffffbc45044a [ 125.929969] DR3: ffffffffbc45044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.930614] Call Trace: [ 125.930928] <TASK> [ 125.931258] ? intlog10_test+0xf2/0x220 [ 125.931753] ? __pfx_intlog10_test+0x10/0x10 [ 125.932385] ? __schedule+0x10cc/0x2b60 [ 125.932616] ? __pfx_read_tsc+0x10/0x10 [ 125.932840] ? ktime_get_ts64+0x86/0x230 [ 125.933058] kunit_try_run_case+0x1a5/0x480 [ 125.933595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.933847] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.934120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.934440] ? __kthread_parkme+0x82/0x180 [ 125.934841] ? preempt_count_sub+0x50/0x80 [ 125.935064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.935273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.935727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.936039] kthread+0x337/0x6f0 [ 125.936388] ? trace_preempt_on+0x20/0xc0 [ 125.936645] ? __pfx_kthread+0x10/0x10 [ 125.936873] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.937084] ? calculate_sigpending+0x7b/0xa0 [ 125.937602] ? __pfx_kthread+0x10/0x10 [ 125.937810] ret_from_fork+0x116/0x1d0 [ 125.938051] ? __pfx_kthread+0x10/0x10 [ 125.938264] ret_from_fork_asm+0x1a/0x30 [ 125.938561] </TASK> [ 125.938710] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 125.878745] WARNING: CPU: 0 PID: 656 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 125.879090] Modules linked in: [ 125.879624] CPU: 0 UID: 0 PID: 656 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 125.880032] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 125.880936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.881550] RIP: 0010:intlog2+0xdf/0x110 [ 125.881911] Code: 29 ba c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 17 9c 86 02 89 45 e4 e8 0f 10 56 ff 8b 45 e4 eb [ 125.883150] RSP: 0000:ffff88810c92fcb0 EFLAGS: 00010246 [ 125.883669] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021925fb4 [ 125.884349] RDX: 1ffffffff7452ce8 RSI: 1ffff11021925fb3 RDI: 0000000000000000 [ 125.884712] RBP: ffff88810c92fd60 R08: 0000000000000000 R09: ffffed102013d2e0 [ 125.885063] R10: ffff8881009e9707 R11: 000000000000001d R12: 1ffff11021925f97 [ 125.885655] R13: ffffffffba296740 R14: 0000000000000000 R15: ffff88810c92fd38 [ 125.886216] FS: 0000000000000000(0000) GS:ffff88819ec74000(0000) knlGS:0000000000000000 [ 125.886704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.887088] CR2: dffffc0000000000 CR3: 0000000071ebc000 CR4: 00000000000006f0 [ 125.887714] DR0: ffffffffbc450440 DR1: ffffffffbc450441 DR2: ffffffffbc450443 [ 125.888094] DR3: ffffffffbc450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.888386] Call Trace: [ 125.888983] <TASK> [ 125.889221] ? intlog2_test+0xf2/0x220 [ 125.889598] ? __pfx_intlog2_test+0x10/0x10 [ 125.889939] ? __schedule+0x10cc/0x2b60 [ 125.890372] ? __pfx_read_tsc+0x10/0x10 [ 125.890720] ? ktime_get_ts64+0x86/0x230 [ 125.891048] kunit_try_run_case+0x1a5/0x480 [ 125.891611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.891916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.892227] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.892469] ? __kthread_parkme+0x82/0x180 [ 125.892725] ? preempt_count_sub+0x50/0x80 [ 125.893000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.893250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.893625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.894037] kthread+0x337/0x6f0 [ 125.894320] ? trace_preempt_on+0x20/0xc0 [ 125.894582] ? __pfx_kthread+0x10/0x10 [ 125.894824] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.895012] ? calculate_sigpending+0x7b/0xa0 [ 125.895255] ? __pfx_kthread+0x10/0x10 [ 125.895715] ret_from_fork+0x116/0x1d0 [ 125.895955] ? __pfx_kthread+0x10/0x10 [ 125.896476] ret_from_fork_asm+0x1a/0x30 [ 125.896764] </TASK> [ 125.896929] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 125.235044] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI