Date
July 6, 2025, 11:09 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.527058] ================================================================== [ 13.528179] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.528482] Read of size 1 at addr ffff8881027a7e10 by task kunit_try_catch/276 [ 13.528869] [ 13.528987] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.529032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.529045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.529066] Call Trace: [ 13.529079] <TASK> [ 13.529131] dump_stack_lvl+0x73/0xb0 [ 13.529161] print_report+0xd1/0x650 [ 13.529185] ? __virt_addr_valid+0x1db/0x2d0 [ 13.529209] ? strcmp+0xb0/0xc0 [ 13.529230] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.529254] ? strcmp+0xb0/0xc0 [ 13.529275] kasan_report+0x141/0x180 [ 13.529297] ? strcmp+0xb0/0xc0 [ 13.529324] __asan_report_load1_noabort+0x18/0x20 [ 13.529348] strcmp+0xb0/0xc0 [ 13.529371] kasan_strings+0x431/0xe80 [ 13.529392] ? trace_hardirqs_on+0x37/0xe0 [ 13.529415] ? __pfx_kasan_strings+0x10/0x10 [ 13.529453] ? finish_task_switch.isra.0+0x153/0x700 [ 13.529521] ? __switch_to+0x47/0xf50 [ 13.529550] ? __schedule+0x10cc/0x2b60 [ 13.529572] ? __pfx_read_tsc+0x10/0x10 [ 13.529593] ? ktime_get_ts64+0x86/0x230 [ 13.529617] kunit_try_run_case+0x1a5/0x480 [ 13.529641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.529663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.529686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.529710] ? __kthread_parkme+0x82/0x180 [ 13.529730] ? preempt_count_sub+0x50/0x80 [ 13.529753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.529778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.529801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.529825] kthread+0x337/0x6f0 [ 13.529844] ? trace_preempt_on+0x20/0xc0 [ 13.529867] ? __pfx_kthread+0x10/0x10 [ 13.529888] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.529909] ? calculate_sigpending+0x7b/0xa0 [ 13.529945] ? __pfx_kthread+0x10/0x10 [ 13.529967] ret_from_fork+0x116/0x1d0 [ 13.529985] ? __pfx_kthread+0x10/0x10 [ 13.530006] ret_from_fork_asm+0x1a/0x30 [ 13.530037] </TASK> [ 13.530049] [ 13.539144] Allocated by task 276: [ 13.539559] kasan_save_stack+0x45/0x70 [ 13.539813] kasan_save_track+0x18/0x40 [ 13.540108] kasan_save_alloc_info+0x3b/0x50 [ 13.540336] __kasan_kmalloc+0xb7/0xc0 [ 13.540674] __kmalloc_cache_noprof+0x189/0x420 [ 13.541004] kasan_strings+0xc0/0xe80 [ 13.541303] kunit_try_run_case+0x1a5/0x480 [ 13.541692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.541994] kthread+0x337/0x6f0 [ 13.542264] ret_from_fork+0x116/0x1d0 [ 13.542611] ret_from_fork_asm+0x1a/0x30 [ 13.542792] [ 13.542883] Freed by task 276: [ 13.543042] kasan_save_stack+0x45/0x70 [ 13.543522] kasan_save_track+0x18/0x40 [ 13.543736] kasan_save_free_info+0x3f/0x60 [ 13.543929] __kasan_slab_free+0x56/0x70 [ 13.544277] kfree+0x222/0x3f0 [ 13.544591] kasan_strings+0x2aa/0xe80 [ 13.544965] kunit_try_run_case+0x1a5/0x480 [ 13.545292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.545694] kthread+0x337/0x6f0 [ 13.545847] ret_from_fork+0x116/0x1d0 [ 13.546041] ret_from_fork_asm+0x1a/0x30 [ 13.546536] [ 13.546764] The buggy address belongs to the object at ffff8881027a7e00 [ 13.546764] which belongs to the cache kmalloc-32 of size 32 [ 13.547532] The buggy address is located 16 bytes inside of [ 13.547532] freed 32-byte region [ffff8881027a7e00, ffff8881027a7e20) [ 13.548356] [ 13.548459] The buggy address belongs to the physical page: [ 13.548697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a7 [ 13.549041] flags: 0x200000000000000(node=0|zone=2) [ 13.549813] page_type: f5(slab) [ 13.549995] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.550850] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 13.551361] page dumped because: kasan: bad access detected [ 13.551782] [ 13.552021] Memory state around the buggy address: [ 13.552382] ffff8881027a7d00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.552933] ffff8881027a7d80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.553391] >ffff8881027a7e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.553718] ^ [ 13.553897] ffff8881027a7e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.554802] ffff8881027a7f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.555233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.501319] ================================================================== [ 13.502038] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.502310] Read of size 1 at addr ffff8881027a7c98 by task kunit_try_catch/274 [ 13.502717] [ 13.502812] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.502858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.502870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.502892] Call Trace: [ 13.502905] <TASK> [ 13.502920] dump_stack_lvl+0x73/0xb0 [ 13.502961] print_report+0xd1/0x650 [ 13.502986] ? __virt_addr_valid+0x1db/0x2d0 [ 13.503010] ? memcmp+0x1b4/0x1d0 [ 13.503028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.503051] ? memcmp+0x1b4/0x1d0 [ 13.503069] kasan_report+0x141/0x180 [ 13.503091] ? memcmp+0x1b4/0x1d0 [ 13.503119] __asan_report_load1_noabort+0x18/0x20 [ 13.503144] memcmp+0x1b4/0x1d0 [ 13.503165] kasan_memcmp+0x18f/0x390 [ 13.503186] ? trace_hardirqs_on+0x37/0xe0 [ 13.503209] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.503230] ? finish_task_switch.isra.0+0x153/0x700 [ 13.503252] ? __switch_to+0x47/0xf50 [ 13.503282] ? __pfx_read_tsc+0x10/0x10 [ 13.503303] ? ktime_get_ts64+0x86/0x230 [ 13.503326] kunit_try_run_case+0x1a5/0x480 [ 13.503349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.503373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.503396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.503421] ? __kthread_parkme+0x82/0x180 [ 13.503442] ? preempt_count_sub+0x50/0x80 [ 13.503518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.503545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.503570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.503593] kthread+0x337/0x6f0 [ 13.503614] ? trace_preempt_on+0x20/0xc0 [ 13.503636] ? __pfx_kthread+0x10/0x10 [ 13.503657] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.503678] ? calculate_sigpending+0x7b/0xa0 [ 13.503702] ? __pfx_kthread+0x10/0x10 [ 13.503724] ret_from_fork+0x116/0x1d0 [ 13.503743] ? __pfx_kthread+0x10/0x10 [ 13.503764] ret_from_fork_asm+0x1a/0x30 [ 13.503795] </TASK> [ 13.503808] [ 13.512084] Allocated by task 274: [ 13.512283] kasan_save_stack+0x45/0x70 [ 13.512491] kasan_save_track+0x18/0x40 [ 13.512664] kasan_save_alloc_info+0x3b/0x50 [ 13.512865] __kasan_kmalloc+0xb7/0xc0 [ 13.513050] __kmalloc_cache_noprof+0x189/0x420 [ 13.513279] kasan_memcmp+0xb7/0x390 [ 13.513440] kunit_try_run_case+0x1a5/0x480 [ 13.513621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.513823] kthread+0x337/0x6f0 [ 13.514000] ret_from_fork+0x116/0x1d0 [ 13.514190] ret_from_fork_asm+0x1a/0x30 [ 13.514606] [ 13.514709] The buggy address belongs to the object at ffff8881027a7c80 [ 13.514709] which belongs to the cache kmalloc-32 of size 32 [ 13.515232] The buggy address is located 0 bytes to the right of [ 13.515232] allocated 24-byte region [ffff8881027a7c80, ffff8881027a7c98) [ 13.515767] [ 13.515846] The buggy address belongs to the physical page: [ 13.516033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a7 [ 13.516275] flags: 0x200000000000000(node=0|zone=2) [ 13.516514] page_type: f5(slab) [ 13.516767] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.517163] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.517397] page dumped because: kasan: bad access detected [ 13.517570] [ 13.517641] Memory state around the buggy address: [ 13.517796] ffff8881027a7b80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.518638] ffff8881027a7c00: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.518994] >ffff8881027a7c80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.519350] ^ [ 13.519548] ffff8881027a7d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.519930] ffff8881027a7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.520245] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 12.032922] ================================================================== [ 12.033645] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.034001] Read of size 1 at addr ffff888102b0ea7f by task kunit_try_catch/211 [ 12.034688] [ 12.034813] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.035051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.035067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.035089] Call Trace: [ 12.035117] <TASK> [ 12.035136] dump_stack_lvl+0x73/0xb0 [ 12.035169] print_report+0xd1/0x650 [ 12.035191] ? __virt_addr_valid+0x1db/0x2d0 [ 12.035213] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.035236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.035258] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.035281] kasan_report+0x141/0x180 [ 12.035303] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.035331] __asan_report_load1_noabort+0x18/0x20 [ 12.035354] ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.035378] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.035400] ? finish_task_switch.isra.0+0x153/0x700 [ 12.035422] ? __switch_to+0x47/0xf50 [ 12.035447] ? __schedule+0x10cc/0x2b60 [ 12.035509] ? __pfx_read_tsc+0x10/0x10 [ 12.035531] ? ktime_get_ts64+0x86/0x230 [ 12.035555] kunit_try_run_case+0x1a5/0x480 [ 12.035579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.035601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.035624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.035646] ? __kthread_parkme+0x82/0x180 [ 12.035666] ? preempt_count_sub+0x50/0x80 [ 12.035688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.035711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.035733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.035756] kthread+0x337/0x6f0 [ 12.035775] ? trace_preempt_on+0x20/0xc0 [ 12.035798] ? __pfx_kthread+0x10/0x10 [ 12.035818] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.035838] ? calculate_sigpending+0x7b/0xa0 [ 12.035862] ? __pfx_kthread+0x10/0x10 [ 12.035883] ret_from_fork+0x116/0x1d0 [ 12.035901] ? __pfx_kthread+0x10/0x10 [ 12.035921] ret_from_fork_asm+0x1a/0x30 [ 12.035964] </TASK> [ 12.035976] [ 12.047966] Allocated by task 211: [ 12.048228] kasan_save_stack+0x45/0x70 [ 12.048574] kasan_save_track+0x18/0x40 [ 12.048748] kasan_save_alloc_info+0x3b/0x50 [ 12.049183] __kasan_kmalloc+0xb7/0xc0 [ 12.049387] __kmalloc_cache_noprof+0x189/0x420 [ 12.049884] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.050124] kunit_try_run_case+0x1a5/0x480 [ 12.050411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.050722] kthread+0x337/0x6f0 [ 12.051032] ret_from_fork+0x116/0x1d0 [ 12.051395] ret_from_fork_asm+0x1a/0x30 [ 12.051757] [ 12.051856] The buggy address belongs to the object at ffff888102b0ea00 [ 12.051856] which belongs to the cache kmalloc-128 of size 128 [ 12.052866] The buggy address is located 12 bytes to the right of [ 12.052866] allocated 115-byte region [ffff888102b0ea00, ffff888102b0ea73) [ 12.053632] [ 12.053876] The buggy address belongs to the physical page: [ 12.054209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 12.054777] flags: 0x200000000000000(node=0|zone=2) [ 12.055125] page_type: f5(slab) [ 12.055322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.055917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.056380] page dumped because: kasan: bad access detected [ 12.056747] [ 12.056835] Memory state around the buggy address: [ 12.057239] ffff888102b0e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.057882] ffff888102b0e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.058214] >ffff888102b0ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.058735] ^ [ 12.059025] ffff888102b0ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.059456] ffff888102b0eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.060152] ================================================================== [ 12.002318] ================================================================== [ 12.003363] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.004829] Read of size 1 at addr ffff888102b0ea78 by task kunit_try_catch/211 [ 12.005259] [ 12.005363] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.005408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.005420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.005441] Call Trace: [ 12.005464] <TASK> [ 12.005483] dump_stack_lvl+0x73/0xb0 [ 12.005515] print_report+0xd1/0x650 [ 12.005539] ? __virt_addr_valid+0x1db/0x2d0 [ 12.005564] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.005587] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.005608] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.005631] kasan_report+0x141/0x180 [ 12.005653] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.005681] __asan_report_load1_noabort+0x18/0x20 [ 12.005705] ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.005728] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.005750] ? finish_task_switch.isra.0+0x153/0x700 [ 12.005773] ? __switch_to+0x47/0xf50 [ 12.005799] ? __schedule+0x10cc/0x2b60 [ 12.005821] ? __pfx_read_tsc+0x10/0x10 [ 12.005842] ? ktime_get_ts64+0x86/0x230 [ 12.005866] kunit_try_run_case+0x1a5/0x480 [ 12.005891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.005912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.005949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.005971] ? __kthread_parkme+0x82/0x180 [ 12.005992] ? preempt_count_sub+0x50/0x80 [ 12.006014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.006036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.006058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.006080] kthread+0x337/0x6f0 [ 12.006100] ? trace_preempt_on+0x20/0xc0 [ 12.006123] ? __pfx_kthread+0x10/0x10 [ 12.006143] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.006163] ? calculate_sigpending+0x7b/0xa0 [ 12.006187] ? __pfx_kthread+0x10/0x10 [ 12.006208] ret_from_fork+0x116/0x1d0 [ 12.006226] ? __pfx_kthread+0x10/0x10 [ 12.006246] ret_from_fork_asm+0x1a/0x30 [ 12.006276] </TASK> [ 12.006287] [ 12.019444] Allocated by task 211: [ 12.020058] kasan_save_stack+0x45/0x70 [ 12.020282] kasan_save_track+0x18/0x40 [ 12.020490] kasan_save_alloc_info+0x3b/0x50 [ 12.021056] __kasan_kmalloc+0xb7/0xc0 [ 12.021256] __kmalloc_cache_noprof+0x189/0x420 [ 12.021489] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.021893] kunit_try_run_case+0x1a5/0x480 [ 12.022276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.022711] kthread+0x337/0x6f0 [ 12.022852] ret_from_fork+0x116/0x1d0 [ 12.023075] ret_from_fork_asm+0x1a/0x30 [ 12.023280] [ 12.023368] The buggy address belongs to the object at ffff888102b0ea00 [ 12.023368] which belongs to the cache kmalloc-128 of size 128 [ 12.024223] The buggy address is located 5 bytes to the right of [ 12.024223] allocated 115-byte region [ffff888102b0ea00, ffff888102b0ea73) [ 12.025258] [ 12.025367] The buggy address belongs to the physical page: [ 12.025621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 12.025981] flags: 0x200000000000000(node=0|zone=2) [ 12.026643] page_type: f5(slab) [ 12.026922] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.027421] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.027921] page dumped because: kasan: bad access detected [ 12.028422] [ 12.028652] Memory state around the buggy address: [ 12.028965] ffff888102b0e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.029435] ffff888102b0e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.029995] >ffff888102b0ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.030475] ^ [ 12.030981] ffff888102b0ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.031558] ffff888102b0eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.031926] ================================================================== [ 11.968379] ================================================================== [ 11.969788] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.970439] Read of size 1 at addr ffff888102b0ea73 by task kunit_try_catch/211 [ 11.971676] [ 11.971816] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.971864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.971877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.971897] Call Trace: [ 11.971910] <TASK> [ 11.971942] dump_stack_lvl+0x73/0xb0 [ 11.971974] print_report+0xd1/0x650 [ 11.971996] ? __virt_addr_valid+0x1db/0x2d0 [ 11.972020] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.972042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.972255] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.972303] kasan_report+0x141/0x180 [ 11.972327] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.972355] __asan_report_load1_noabort+0x18/0x20 [ 11.972419] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.972443] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.972484] ? finish_task_switch.isra.0+0x153/0x700 [ 11.972506] ? __switch_to+0x47/0xf50 [ 11.972533] ? __schedule+0x10cc/0x2b60 [ 11.972555] ? __pfx_read_tsc+0x10/0x10 [ 11.972576] ? ktime_get_ts64+0x86/0x230 [ 11.972599] kunit_try_run_case+0x1a5/0x480 [ 11.972623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.972644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.972667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.972689] ? __kthread_parkme+0x82/0x180 [ 11.972709] ? preempt_count_sub+0x50/0x80 [ 11.972732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.972755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.972777] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.972799] kthread+0x337/0x6f0 [ 11.972818] ? trace_preempt_on+0x20/0xc0 [ 11.972841] ? __pfx_kthread+0x10/0x10 [ 11.972861] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.972882] ? calculate_sigpending+0x7b/0xa0 [ 11.972905] ? __pfx_kthread+0x10/0x10 [ 11.972926] ret_from_fork+0x116/0x1d0 [ 11.972954] ? __pfx_kthread+0x10/0x10 [ 11.972973] ret_from_fork_asm+0x1a/0x30 [ 11.973003] </TASK> [ 11.973015] [ 11.987885] Allocated by task 211: [ 11.988311] kasan_save_stack+0x45/0x70 [ 11.988650] kasan_save_track+0x18/0x40 [ 11.988921] kasan_save_alloc_info+0x3b/0x50 [ 11.989305] __kasan_kmalloc+0xb7/0xc0 [ 11.989646] __kmalloc_cache_noprof+0x189/0x420 [ 11.990004] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.990431] kunit_try_run_case+0x1a5/0x480 [ 11.990859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.991156] kthread+0x337/0x6f0 [ 11.991438] ret_from_fork+0x116/0x1d0 [ 11.991864] ret_from_fork_asm+0x1a/0x30 [ 11.992067] [ 11.992374] The buggy address belongs to the object at ffff888102b0ea00 [ 11.992374] which belongs to the cache kmalloc-128 of size 128 [ 11.993082] The buggy address is located 0 bytes to the right of [ 11.993082] allocated 115-byte region [ffff888102b0ea00, ffff888102b0ea73) [ 11.993660] [ 11.993769] The buggy address belongs to the physical page: [ 11.994319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.994809] flags: 0x200000000000000(node=0|zone=2) [ 11.995182] page_type: f5(slab) [ 11.995471] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.995974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.996399] page dumped because: kasan: bad access detected [ 11.996813] [ 11.996899] Memory state around the buggy address: [ 11.997335] ffff888102b0e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.997941] ffff888102b0e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.998493] >ffff888102b0ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.998904] ^ [ 11.999316] ffff888102b0ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.999818] ffff888102b0eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.000468] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.940563] ================================================================== [ 11.940896] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.941813] Free of addr ffff888101e8f4e0 by task kunit_try_catch/209 [ 11.942179] [ 11.942315] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.942361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.942373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.942394] Call Trace: [ 11.942413] <TASK> [ 11.942430] dump_stack_lvl+0x73/0xb0 [ 11.942460] print_report+0xd1/0x650 [ 11.942482] ? __virt_addr_valid+0x1db/0x2d0 [ 11.942504] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.942525] ? kfree_sensitive+0x2e/0x90 [ 11.942546] kasan_report_invalid_free+0x10a/0x130 [ 11.942570] ? kfree_sensitive+0x2e/0x90 [ 11.942591] ? kfree_sensitive+0x2e/0x90 [ 11.942610] check_slab_allocation+0x101/0x130 [ 11.942632] __kasan_slab_pre_free+0x28/0x40 [ 11.942652] kfree+0xf0/0x3f0 [ 11.942673] ? kfree_sensitive+0x2e/0x90 [ 11.942694] kfree_sensitive+0x2e/0x90 [ 11.942713] kmalloc_double_kzfree+0x19c/0x350 [ 11.942736] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.942759] ? __schedule+0x10cc/0x2b60 [ 11.942781] ? __pfx_read_tsc+0x10/0x10 [ 11.942801] ? ktime_get_ts64+0x86/0x230 [ 11.942824] kunit_try_run_case+0x1a5/0x480 [ 11.942847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.942868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.942890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.942913] ? __kthread_parkme+0x82/0x180 [ 11.942942] ? preempt_count_sub+0x50/0x80 [ 11.942965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.942988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.943009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.943031] kthread+0x337/0x6f0 [ 11.943050] ? trace_preempt_on+0x20/0xc0 [ 11.943072] ? __pfx_kthread+0x10/0x10 [ 11.943092] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.943118] ? calculate_sigpending+0x7b/0xa0 [ 11.943142] ? __pfx_kthread+0x10/0x10 [ 11.943162] ret_from_fork+0x116/0x1d0 [ 11.943179] ? __pfx_kthread+0x10/0x10 [ 11.943199] ret_from_fork_asm+0x1a/0x30 [ 11.943229] </TASK> [ 11.943240] [ 11.951781] Allocated by task 209: [ 11.951914] kasan_save_stack+0x45/0x70 [ 11.952067] kasan_save_track+0x18/0x40 [ 11.952206] kasan_save_alloc_info+0x3b/0x50 [ 11.952404] __kasan_kmalloc+0xb7/0xc0 [ 11.952590] __kmalloc_cache_noprof+0x189/0x420 [ 11.952824] kmalloc_double_kzfree+0xa9/0x350 [ 11.953102] kunit_try_run_case+0x1a5/0x480 [ 11.953259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.953433] kthread+0x337/0x6f0 [ 11.953552] ret_from_fork+0x116/0x1d0 [ 11.953728] ret_from_fork_asm+0x1a/0x30 [ 11.953925] [ 11.954030] Freed by task 209: [ 11.954358] kasan_save_stack+0x45/0x70 [ 11.954653] kasan_save_track+0x18/0x40 [ 11.954812] kasan_save_free_info+0x3f/0x60 [ 11.955020] __kasan_slab_free+0x56/0x70 [ 11.955252] kfree+0x222/0x3f0 [ 11.955421] kfree_sensitive+0x67/0x90 [ 11.955971] kmalloc_double_kzfree+0x12b/0x350 [ 11.956126] kunit_try_run_case+0x1a5/0x480 [ 11.956271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.956443] kthread+0x337/0x6f0 [ 11.956753] ret_from_fork+0x116/0x1d0 [ 11.957136] ret_from_fork_asm+0x1a/0x30 [ 11.957494] [ 11.957638] The buggy address belongs to the object at ffff888101e8f4e0 [ 11.957638] which belongs to the cache kmalloc-16 of size 16 [ 11.958000] The buggy address is located 0 bytes inside of [ 11.958000] 16-byte region [ffff888101e8f4e0, ffff888101e8f4f0) [ 11.958330] [ 11.958445] The buggy address belongs to the physical page: [ 11.958897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e8f [ 11.959550] flags: 0x200000000000000(node=0|zone=2) [ 11.959776] page_type: f5(slab) [ 11.959899] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.960316] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.960840] page dumped because: kasan: bad access detected [ 11.961087] [ 11.961171] Memory state around the buggy address: [ 11.961413] ffff888101e8f380: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.961741] ffff888101e8f400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.962094] >ffff888101e8f480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.962356] ^ [ 11.962596] ffff888101e8f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.963026] ffff888101e8f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.963425] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.907692] ================================================================== [ 11.908352] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.908952] Read of size 1 at addr ffff888101e8f4e0 by task kunit_try_catch/209 [ 11.909292] [ 11.909412] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.909458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.909653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.909678] Call Trace: [ 11.909690] <TASK> [ 11.909707] dump_stack_lvl+0x73/0xb0 [ 11.909739] print_report+0xd1/0x650 [ 11.909762] ? __virt_addr_valid+0x1db/0x2d0 [ 11.909786] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.909808] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.909829] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.909852] kasan_report+0x141/0x180 [ 11.909873] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.909898] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.909921] __kasan_check_byte+0x3d/0x50 [ 11.909956] kfree_sensitive+0x22/0x90 [ 11.909978] kmalloc_double_kzfree+0x19c/0x350 [ 11.910001] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.910024] ? __schedule+0x10cc/0x2b60 [ 11.910046] ? __pfx_read_tsc+0x10/0x10 [ 11.910067] ? ktime_get_ts64+0x86/0x230 [ 11.910092] kunit_try_run_case+0x1a5/0x480 [ 11.910116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.910138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.910161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.910184] ? __kthread_parkme+0x82/0x180 [ 11.910205] ? preempt_count_sub+0x50/0x80 [ 11.910229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.910253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.910275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.910298] kthread+0x337/0x6f0 [ 11.910317] ? trace_preempt_on+0x20/0xc0 [ 11.910339] ? __pfx_kthread+0x10/0x10 [ 11.910360] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.910380] ? calculate_sigpending+0x7b/0xa0 [ 11.910403] ? __pfx_kthread+0x10/0x10 [ 11.910424] ret_from_fork+0x116/0x1d0 [ 11.910442] ? __pfx_kthread+0x10/0x10 [ 11.910504] ret_from_fork_asm+0x1a/0x30 [ 11.910538] </TASK> [ 11.910549] [ 11.922653] Allocated by task 209: [ 11.922852] kasan_save_stack+0x45/0x70 [ 11.923255] kasan_save_track+0x18/0x40 [ 11.923499] kasan_save_alloc_info+0x3b/0x50 [ 11.923816] __kasan_kmalloc+0xb7/0xc0 [ 11.924192] __kmalloc_cache_noprof+0x189/0x420 [ 11.924419] kmalloc_double_kzfree+0xa9/0x350 [ 11.924953] kunit_try_run_case+0x1a5/0x480 [ 11.925198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.925438] kthread+0x337/0x6f0 [ 11.925746] ret_from_fork+0x116/0x1d0 [ 11.926147] ret_from_fork_asm+0x1a/0x30 [ 11.926437] [ 11.926798] Freed by task 209: [ 11.927013] kasan_save_stack+0x45/0x70 [ 11.927238] kasan_save_track+0x18/0x40 [ 11.927423] kasan_save_free_info+0x3f/0x60 [ 11.927915] __kasan_slab_free+0x56/0x70 [ 11.928210] kfree+0x222/0x3f0 [ 11.928375] kfree_sensitive+0x67/0x90 [ 11.928759] kmalloc_double_kzfree+0x12b/0x350 [ 11.929251] kunit_try_run_case+0x1a5/0x480 [ 11.929640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.929875] kthread+0x337/0x6f0 [ 11.930051] ret_from_fork+0x116/0x1d0 [ 11.930227] ret_from_fork_asm+0x1a/0x30 [ 11.930411] [ 11.930761] The buggy address belongs to the object at ffff888101e8f4e0 [ 11.930761] which belongs to the cache kmalloc-16 of size 16 [ 11.931760] The buggy address is located 0 bytes inside of [ 11.931760] freed 16-byte region [ffff888101e8f4e0, ffff888101e8f4f0) [ 11.932616] [ 11.932720] The buggy address belongs to the physical page: [ 11.932980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e8f [ 11.933768] flags: 0x200000000000000(node=0|zone=2) [ 11.934083] page_type: f5(slab) [ 11.934258] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.934736] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.935378] page dumped because: kasan: bad access detected [ 11.935898] [ 11.936138] Memory state around the buggy address: [ 11.936464] ffff888101e8f380: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.937177] ffff888101e8f400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.937703] >ffff888101e8f480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.938291] ^ [ 11.938760] ffff888101e8f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.939263] ffff888101e8f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.939775] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.879423] ================================================================== [ 11.880075] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.880376] Read of size 1 at addr ffff888103a040a8 by task kunit_try_catch/205 [ 11.880737] [ 11.880843] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.880887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.880899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.880920] Call Trace: [ 11.880943] <TASK> [ 11.880960] dump_stack_lvl+0x73/0xb0 [ 11.880990] print_report+0xd1/0x650 [ 11.881013] ? __virt_addr_valid+0x1db/0x2d0 [ 11.881035] ? kmalloc_uaf2+0x4a8/0x520 [ 11.881055] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.881077] ? kmalloc_uaf2+0x4a8/0x520 [ 11.881097] kasan_report+0x141/0x180 [ 11.881119] ? kmalloc_uaf2+0x4a8/0x520 [ 11.881144] __asan_report_load1_noabort+0x18/0x20 [ 11.881167] kmalloc_uaf2+0x4a8/0x520 [ 11.881187] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.881206] ? finish_task_switch.isra.0+0x153/0x700 [ 11.881228] ? __switch_to+0x47/0xf50 [ 11.881254] ? __schedule+0x10cc/0x2b60 [ 11.881276] ? __pfx_read_tsc+0x10/0x10 [ 11.881297] ? ktime_get_ts64+0x86/0x230 [ 11.881320] kunit_try_run_case+0x1a5/0x480 [ 11.881344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.881365] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.881388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.881410] ? __kthread_parkme+0x82/0x180 [ 11.881430] ? preempt_count_sub+0x50/0x80 [ 11.881452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.881475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.881497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.881520] kthread+0x337/0x6f0 [ 11.881540] ? trace_preempt_on+0x20/0xc0 [ 11.881563] ? __pfx_kthread+0x10/0x10 [ 11.881601] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.881622] ? calculate_sigpending+0x7b/0xa0 [ 11.881645] ? __pfx_kthread+0x10/0x10 [ 11.881666] ret_from_fork+0x116/0x1d0 [ 11.881684] ? __pfx_kthread+0x10/0x10 [ 11.881704] ret_from_fork_asm+0x1a/0x30 [ 11.881734] </TASK> [ 11.881745] [ 11.889666] Allocated by task 205: [ 11.889807] kasan_save_stack+0x45/0x70 [ 11.890027] kasan_save_track+0x18/0x40 [ 11.890221] kasan_save_alloc_info+0x3b/0x50 [ 11.890650] __kasan_kmalloc+0xb7/0xc0 [ 11.890862] __kmalloc_cache_noprof+0x189/0x420 [ 11.891134] kmalloc_uaf2+0xc6/0x520 [ 11.891271] kunit_try_run_case+0x1a5/0x480 [ 11.891417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.891745] kthread+0x337/0x6f0 [ 11.891923] ret_from_fork+0x116/0x1d0 [ 11.892126] ret_from_fork_asm+0x1a/0x30 [ 11.892331] [ 11.892449] Freed by task 205: [ 11.892606] kasan_save_stack+0x45/0x70 [ 11.892784] kasan_save_track+0x18/0x40 [ 11.892960] kasan_save_free_info+0x3f/0x60 [ 11.893130] __kasan_slab_free+0x56/0x70 [ 11.893445] kfree+0x222/0x3f0 [ 11.893625] kmalloc_uaf2+0x14c/0x520 [ 11.893780] kunit_try_run_case+0x1a5/0x480 [ 11.893997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.894255] kthread+0x337/0x6f0 [ 11.894428] ret_from_fork+0x116/0x1d0 [ 11.894669] ret_from_fork_asm+0x1a/0x30 [ 11.894814] [ 11.894886] The buggy address belongs to the object at ffff888103a04080 [ 11.894886] which belongs to the cache kmalloc-64 of size 64 [ 11.895252] The buggy address is located 40 bytes inside of [ 11.895252] freed 64-byte region [ffff888103a04080, ffff888103a040c0) [ 11.895762] [ 11.896037] The buggy address belongs to the physical page: [ 11.896327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a04 [ 11.896701] flags: 0x200000000000000(node=0|zone=2) [ 11.896878] page_type: f5(slab) [ 11.897014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.897654] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.898005] page dumped because: kasan: bad access detected [ 11.898242] [ 11.898374] Memory state around the buggy address: [ 11.898616] ffff888103a03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.898916] ffff888103a04000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.899237] >ffff888103a04080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.899588] ^ [ 11.899755] ffff888103a04100: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.899992] ffff888103a04180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.900781] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.853842] ================================================================== [ 11.854309] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.854621] Write of size 33 at addr ffff88810279c380 by task kunit_try_catch/203 [ 11.854925] [ 11.855343] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.855396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.855409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.855432] Call Trace: [ 11.855446] <TASK> [ 11.855465] dump_stack_lvl+0x73/0xb0 [ 11.855498] print_report+0xd1/0x650 [ 11.855522] ? __virt_addr_valid+0x1db/0x2d0 [ 11.855545] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.855567] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.855588] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.855610] kasan_report+0x141/0x180 [ 11.855631] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.855656] kasan_check_range+0x10c/0x1c0 [ 11.855679] __asan_memset+0x27/0x50 [ 11.855698] kmalloc_uaf_memset+0x1a3/0x360 [ 11.855719] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.855741] ? __schedule+0x10cc/0x2b60 [ 11.855763] ? __pfx_read_tsc+0x10/0x10 [ 11.855784] ? ktime_get_ts64+0x86/0x230 [ 11.855810] kunit_try_run_case+0x1a5/0x480 [ 11.855835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.855857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.855880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.855902] ? __kthread_parkme+0x82/0x180 [ 11.855924] ? preempt_count_sub+0x50/0x80 [ 11.855962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.855985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.856007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.856029] kthread+0x337/0x6f0 [ 11.856049] ? trace_preempt_on+0x20/0xc0 [ 11.856129] ? __pfx_kthread+0x10/0x10 [ 11.856153] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.856173] ? calculate_sigpending+0x7b/0xa0 [ 11.856198] ? __pfx_kthread+0x10/0x10 [ 11.856219] ret_from_fork+0x116/0x1d0 [ 11.856238] ? __pfx_kthread+0x10/0x10 [ 11.856258] ret_from_fork_asm+0x1a/0x30 [ 11.856289] </TASK> [ 11.856302] [ 11.863920] Allocated by task 203: [ 11.864146] kasan_save_stack+0x45/0x70 [ 11.864347] kasan_save_track+0x18/0x40 [ 11.864552] kasan_save_alloc_info+0x3b/0x50 [ 11.864772] __kasan_kmalloc+0xb7/0xc0 [ 11.864952] __kmalloc_cache_noprof+0x189/0x420 [ 11.865111] kmalloc_uaf_memset+0xa9/0x360 [ 11.865254] kunit_try_run_case+0x1a5/0x480 [ 11.865482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.865734] kthread+0x337/0x6f0 [ 11.865913] ret_from_fork+0x116/0x1d0 [ 11.866114] ret_from_fork_asm+0x1a/0x30 [ 11.866325] [ 11.866422] Freed by task 203: [ 11.866626] kasan_save_stack+0x45/0x70 [ 11.866793] kasan_save_track+0x18/0x40 [ 11.866942] kasan_save_free_info+0x3f/0x60 [ 11.867212] __kasan_slab_free+0x56/0x70 [ 11.867414] kfree+0x222/0x3f0 [ 11.867572] kmalloc_uaf_memset+0x12b/0x360 [ 11.867762] kunit_try_run_case+0x1a5/0x480 [ 11.867950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.868202] kthread+0x337/0x6f0 [ 11.868329] ret_from_fork+0x116/0x1d0 [ 11.868520] ret_from_fork_asm+0x1a/0x30 [ 11.868720] [ 11.868818] The buggy address belongs to the object at ffff88810279c380 [ 11.868818] which belongs to the cache kmalloc-64 of size 64 [ 11.869193] The buggy address is located 0 bytes inside of [ 11.869193] freed 64-byte region [ffff88810279c380, ffff88810279c3c0) [ 11.869536] [ 11.869627] The buggy address belongs to the physical page: [ 11.869882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10279c [ 11.870626] flags: 0x200000000000000(node=0|zone=2) [ 11.870874] page_type: f5(slab) [ 11.871062] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.871377] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.871729] page dumped because: kasan: bad access detected [ 11.871942] [ 11.872015] Memory state around the buggy address: [ 11.872354] ffff88810279c280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.872765] ffff88810279c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.872996] >ffff88810279c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.873441] ^ [ 11.873956] ffff88810279c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.874519] ffff88810279c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.874748] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.830028] ================================================================== [ 11.830509] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.830820] Read of size 1 at addr ffff888101e8f4c8 by task kunit_try_catch/201 [ 11.831114] [ 11.831256] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.831299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.831311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.831331] Call Trace: [ 11.831344] <TASK> [ 11.831359] dump_stack_lvl+0x73/0xb0 [ 11.831388] print_report+0xd1/0x650 [ 11.831410] ? __virt_addr_valid+0x1db/0x2d0 [ 11.831432] ? kmalloc_uaf+0x320/0x380 [ 11.831452] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.831473] ? kmalloc_uaf+0x320/0x380 [ 11.831494] kasan_report+0x141/0x180 [ 11.831515] ? kmalloc_uaf+0x320/0x380 [ 11.831539] __asan_report_load1_noabort+0x18/0x20 [ 11.831563] kmalloc_uaf+0x320/0x380 [ 11.831582] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.831602] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.831626] ? trace_hardirqs_on+0x37/0xe0 [ 11.831649] ? __pfx_read_tsc+0x10/0x10 [ 11.831669] ? ktime_get_ts64+0x86/0x230 [ 11.831693] kunit_try_run_case+0x1a5/0x480 [ 11.831716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.831739] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.831762] ? __kthread_parkme+0x82/0x180 [ 11.831782] ? preempt_count_sub+0x50/0x80 [ 11.831804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.831828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.831849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.831872] kthread+0x337/0x6f0 [ 11.831891] ? trace_preempt_on+0x20/0xc0 [ 11.831912] ? __pfx_kthread+0x10/0x10 [ 11.831945] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.831966] ? calculate_sigpending+0x7b/0xa0 [ 11.831989] ? __pfx_kthread+0x10/0x10 [ 11.832010] ret_from_fork+0x116/0x1d0 [ 11.832028] ? __pfx_kthread+0x10/0x10 [ 11.832048] ret_from_fork_asm+0x1a/0x30 [ 11.832078] </TASK> [ 11.832089] [ 11.839838] Allocated by task 201: [ 11.840031] kasan_save_stack+0x45/0x70 [ 11.840194] kasan_save_track+0x18/0x40 [ 11.840333] kasan_save_alloc_info+0x3b/0x50 [ 11.840489] __kasan_kmalloc+0xb7/0xc0 [ 11.840675] __kmalloc_cache_noprof+0x189/0x420 [ 11.840902] kmalloc_uaf+0xaa/0x380 [ 11.841162] kunit_try_run_case+0x1a5/0x480 [ 11.841362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.841835] kthread+0x337/0x6f0 [ 11.842011] ret_from_fork+0x116/0x1d0 [ 11.842212] ret_from_fork_asm+0x1a/0x30 [ 11.842351] [ 11.842423] Freed by task 201: [ 11.842534] kasan_save_stack+0x45/0x70 [ 11.842703] kasan_save_track+0x18/0x40 [ 11.842970] kasan_save_free_info+0x3f/0x60 [ 11.843465] __kasan_slab_free+0x56/0x70 [ 11.843763] kfree+0x222/0x3f0 [ 11.843910] kmalloc_uaf+0x12c/0x380 [ 11.844078] kunit_try_run_case+0x1a5/0x480 [ 11.844290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.844649] kthread+0x337/0x6f0 [ 11.844779] ret_from_fork+0x116/0x1d0 [ 11.844910] ret_from_fork_asm+0x1a/0x30 [ 11.845061] [ 11.845134] The buggy address belongs to the object at ffff888101e8f4c0 [ 11.845134] which belongs to the cache kmalloc-16 of size 16 [ 11.845661] The buggy address is located 8 bytes inside of [ 11.845661] freed 16-byte region [ffff888101e8f4c0, ffff888101e8f4d0) [ 11.846213] [ 11.846288] The buggy address belongs to the physical page: [ 11.846459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e8f [ 11.846771] flags: 0x200000000000000(node=0|zone=2) [ 11.847020] page_type: f5(slab) [ 11.847353] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.847996] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.848455] page dumped because: kasan: bad access detected [ 11.848826] [ 11.848912] Memory state around the buggy address: [ 11.849181] ffff888101e8f380: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.849463] ffff888101e8f400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.849741] >ffff888101e8f480: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.849995] ^ [ 11.850168] ffff888101e8f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.850502] ffff888101e8f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.850787] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.807274] ================================================================== [ 11.807832] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.808177] Read of size 64 at addr ffff888102b17f84 by task kunit_try_catch/199 [ 11.808485] [ 11.808598] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.808640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.808652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.808715] Call Trace: [ 11.808728] <TASK> [ 11.808744] dump_stack_lvl+0x73/0xb0 [ 11.808772] print_report+0xd1/0x650 [ 11.808794] ? __virt_addr_valid+0x1db/0x2d0 [ 11.808816] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.808841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.808863] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.808887] kasan_report+0x141/0x180 [ 11.808908] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.808950] kasan_check_range+0x10c/0x1c0 [ 11.808973] __asan_memmove+0x27/0x70 [ 11.808992] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.809016] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.809040] ? __schedule+0x10cc/0x2b60 [ 11.809062] ? __pfx_read_tsc+0x10/0x10 [ 11.809082] ? ktime_get_ts64+0x86/0x230 [ 11.809105] kunit_try_run_case+0x1a5/0x480 [ 11.809128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.809150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.809172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.809194] ? __kthread_parkme+0x82/0x180 [ 11.809213] ? preempt_count_sub+0x50/0x80 [ 11.809236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.809259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.809281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.809303] kthread+0x337/0x6f0 [ 11.809322] ? trace_preempt_on+0x20/0xc0 [ 11.809344] ? __pfx_kthread+0x10/0x10 [ 11.809364] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.809384] ? calculate_sigpending+0x7b/0xa0 [ 11.809407] ? __pfx_kthread+0x10/0x10 [ 11.809427] ret_from_fork+0x116/0x1d0 [ 11.809445] ? __pfx_kthread+0x10/0x10 [ 11.809465] ret_from_fork_asm+0x1a/0x30 [ 11.809495] </TASK> [ 11.809506] [ 11.817255] Allocated by task 199: [ 11.817669] kasan_save_stack+0x45/0x70 [ 11.817859] kasan_save_track+0x18/0x40 [ 11.818042] kasan_save_alloc_info+0x3b/0x50 [ 11.818236] __kasan_kmalloc+0xb7/0xc0 [ 11.818369] __kmalloc_cache_noprof+0x189/0x420 [ 11.818562] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.819003] kunit_try_run_case+0x1a5/0x480 [ 11.819236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.819467] kthread+0x337/0x6f0 [ 11.819614] ret_from_fork+0x116/0x1d0 [ 11.819746] ret_from_fork_asm+0x1a/0x30 [ 11.819901] [ 11.820009] The buggy address belongs to the object at ffff888102b17f80 [ 11.820009] which belongs to the cache kmalloc-64 of size 64 [ 11.820804] The buggy address is located 4 bytes inside of [ 11.820804] allocated 64-byte region [ffff888102b17f80, ffff888102b17fc0) [ 11.821164] [ 11.821237] The buggy address belongs to the physical page: [ 11.821491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 11.822090] flags: 0x200000000000000(node=0|zone=2) [ 11.822322] page_type: f5(slab) [ 11.822502] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.822730] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.823006] page dumped because: kasan: bad access detected [ 11.823471] [ 11.823674] Memory state around the buggy address: [ 11.823906] ffff888102b17e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.824208] ffff888102b17f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.824541] >ffff888102b17f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.824827] ^ [ 11.825022] ffff888102b18000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.825451] ffff888102b18080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.825757] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.783431] ================================================================== [ 11.784979] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.786218] Read of size 18446744073709551614 at addr ffff888102b17f04 by task kunit_try_catch/197 [ 11.786589] [ 11.786716] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.786764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.786776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.786799] Call Trace: [ 11.786813] <TASK> [ 11.786876] dump_stack_lvl+0x73/0xb0 [ 11.786911] print_report+0xd1/0x650 [ 11.786947] ? __virt_addr_valid+0x1db/0x2d0 [ 11.786971] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.786995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.787017] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.787059] kasan_report+0x141/0x180 [ 11.787081] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.787115] kasan_check_range+0x10c/0x1c0 [ 11.787138] __asan_memmove+0x27/0x70 [ 11.787157] kmalloc_memmove_negative_size+0x171/0x330 [ 11.787182] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.787207] ? __schedule+0x10cc/0x2b60 [ 11.787229] ? __pfx_read_tsc+0x10/0x10 [ 11.787250] ? ktime_get_ts64+0x86/0x230 [ 11.787276] kunit_try_run_case+0x1a5/0x480 [ 11.787301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.787323] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.787347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.787369] ? __kthread_parkme+0x82/0x180 [ 11.787390] ? preempt_count_sub+0x50/0x80 [ 11.787414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.787437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.787459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.787482] kthread+0x337/0x6f0 [ 11.787501] ? trace_preempt_on+0x20/0xc0 [ 11.787524] ? __pfx_kthread+0x10/0x10 [ 11.787544] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.787564] ? calculate_sigpending+0x7b/0xa0 [ 11.787590] ? __pfx_kthread+0x10/0x10 [ 11.787610] ret_from_fork+0x116/0x1d0 [ 11.787629] ? __pfx_kthread+0x10/0x10 [ 11.787649] ret_from_fork_asm+0x1a/0x30 [ 11.787679] </TASK> [ 11.787691] [ 11.795735] Allocated by task 197: [ 11.795920] kasan_save_stack+0x45/0x70 [ 11.796216] kasan_save_track+0x18/0x40 [ 11.796369] kasan_save_alloc_info+0x3b/0x50 [ 11.796546] __kasan_kmalloc+0xb7/0xc0 [ 11.796896] __kmalloc_cache_noprof+0x189/0x420 [ 11.797083] kmalloc_memmove_negative_size+0xac/0x330 [ 11.797252] kunit_try_run_case+0x1a5/0x480 [ 11.797454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.797706] kthread+0x337/0x6f0 [ 11.797873] ret_from_fork+0x116/0x1d0 [ 11.798050] ret_from_fork_asm+0x1a/0x30 [ 11.798223] [ 11.798297] The buggy address belongs to the object at ffff888102b17f00 [ 11.798297] which belongs to the cache kmalloc-64 of size 64 [ 11.798719] The buggy address is located 4 bytes inside of [ 11.798719] 64-byte region [ffff888102b17f00, ffff888102b17f40) [ 11.799625] [ 11.799717] The buggy address belongs to the physical page: [ 11.799987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 11.800286] flags: 0x200000000000000(node=0|zone=2) [ 11.800452] page_type: f5(slab) [ 11.800592] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.800947] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.801312] page dumped because: kasan: bad access detected [ 11.801583] [ 11.801731] Memory state around the buggy address: [ 11.801938] ffff888102b17e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.802226] ffff888102b17e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.802459] >ffff888102b17f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.802775] ^ [ 11.802950] ffff888102b17f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.803313] ffff888102b18000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.803562] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.753989] ================================================================== [ 11.755412] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.756728] Write of size 16 at addr ffff888102794369 by task kunit_try_catch/195 [ 11.758007] [ 11.758423] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.758636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.758693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.758716] Call Trace: [ 11.758733] <TASK> [ 11.758753] dump_stack_lvl+0x73/0xb0 [ 11.758787] print_report+0xd1/0x650 [ 11.758810] ? __virt_addr_valid+0x1db/0x2d0 [ 11.758834] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.758856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.758879] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.758902] kasan_report+0x141/0x180 [ 11.758924] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.758962] kasan_check_range+0x10c/0x1c0 [ 11.758986] __asan_memset+0x27/0x50 [ 11.759005] kmalloc_oob_memset_16+0x166/0x330 [ 11.759027] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.759070] ? __schedule+0x10cc/0x2b60 [ 11.759093] ? __pfx_read_tsc+0x10/0x10 [ 11.759120] ? ktime_get_ts64+0x86/0x230 [ 11.759146] kunit_try_run_case+0x1a5/0x480 [ 11.759171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.759193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.759217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.759239] ? __kthread_parkme+0x82/0x180 [ 11.759260] ? preempt_count_sub+0x50/0x80 [ 11.759284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.759307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.759328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.759350] kthread+0x337/0x6f0 [ 11.759370] ? trace_preempt_on+0x20/0xc0 [ 11.759393] ? __pfx_kthread+0x10/0x10 [ 11.759413] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.759433] ? calculate_sigpending+0x7b/0xa0 [ 11.759476] ? __pfx_kthread+0x10/0x10 [ 11.759497] ret_from_fork+0x116/0x1d0 [ 11.759516] ? __pfx_kthread+0x10/0x10 [ 11.759536] ret_from_fork_asm+0x1a/0x30 [ 11.759569] </TASK> [ 11.759581] [ 11.771529] Allocated by task 195: [ 11.771733] kasan_save_stack+0x45/0x70 [ 11.771953] kasan_save_track+0x18/0x40 [ 11.772180] kasan_save_alloc_info+0x3b/0x50 [ 11.772364] __kasan_kmalloc+0xb7/0xc0 [ 11.772523] __kmalloc_cache_noprof+0x189/0x420 [ 11.772709] kmalloc_oob_memset_16+0xac/0x330 [ 11.772922] kunit_try_run_case+0x1a5/0x480 [ 11.773118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.774668] kthread+0x337/0x6f0 [ 11.774811] ret_from_fork+0x116/0x1d0 [ 11.775018] ret_from_fork_asm+0x1a/0x30 [ 11.775199] [ 11.775302] The buggy address belongs to the object at ffff888102794300 [ 11.775302] which belongs to the cache kmalloc-128 of size 128 [ 11.775757] The buggy address is located 105 bytes inside of [ 11.775757] allocated 120-byte region [ffff888102794300, ffff888102794378) [ 11.776238] [ 11.776416] The buggy address belongs to the physical page: [ 11.776637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 11.776951] flags: 0x200000000000000(node=0|zone=2) [ 11.777193] page_type: f5(slab) [ 11.777368] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.777662] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.778014] page dumped because: kasan: bad access detected [ 11.778231] [ 11.778330] Memory state around the buggy address: [ 11.778517] ffff888102794200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.778792] ffff888102794280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.779113] >ffff888102794300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.779423] ^ [ 11.779700] ffff888102794380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.780012] ffff888102794400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.780313] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.725825] ================================================================== [ 11.726337] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.726642] Write of size 8 at addr ffff888102b0e971 by task kunit_try_catch/193 [ 11.727242] [ 11.727362] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.727406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.727418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.727439] Call Trace: [ 11.727451] <TASK> [ 11.727468] dump_stack_lvl+0x73/0xb0 [ 11.727498] print_report+0xd1/0x650 [ 11.727520] ? __virt_addr_valid+0x1db/0x2d0 [ 11.727543] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.727564] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.727586] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.727607] kasan_report+0x141/0x180 [ 11.727629] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.727657] kasan_check_range+0x10c/0x1c0 [ 11.727680] __asan_memset+0x27/0x50 [ 11.727699] kmalloc_oob_memset_8+0x166/0x330 [ 11.727721] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.727743] ? __schedule+0x10cc/0x2b60 [ 11.727765] ? __pfx_read_tsc+0x10/0x10 [ 11.727786] ? ktime_get_ts64+0x86/0x230 [ 11.727810] kunit_try_run_case+0x1a5/0x480 [ 11.727833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.727855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.727878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.727900] ? __kthread_parkme+0x82/0x180 [ 11.727920] ? preempt_count_sub+0x50/0x80 [ 11.727970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.727993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.728015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.728037] kthread+0x337/0x6f0 [ 11.728056] ? trace_preempt_on+0x20/0xc0 [ 11.728079] ? __pfx_kthread+0x10/0x10 [ 11.728099] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.728119] ? calculate_sigpending+0x7b/0xa0 [ 11.728143] ? __pfx_kthread+0x10/0x10 [ 11.728163] ret_from_fork+0x116/0x1d0 [ 11.728181] ? __pfx_kthread+0x10/0x10 [ 11.728201] ret_from_fork_asm+0x1a/0x30 [ 11.728231] </TASK> [ 11.728243] [ 11.735506] Allocated by task 193: [ 11.735699] kasan_save_stack+0x45/0x70 [ 11.736227] kasan_save_track+0x18/0x40 [ 11.736378] kasan_save_alloc_info+0x3b/0x50 [ 11.736528] __kasan_kmalloc+0xb7/0xc0 [ 11.736707] __kmalloc_cache_noprof+0x189/0x420 [ 11.736949] kmalloc_oob_memset_8+0xac/0x330 [ 11.737261] kunit_try_run_case+0x1a5/0x480 [ 11.737411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.737584] kthread+0x337/0x6f0 [ 11.737820] ret_from_fork+0x116/0x1d0 [ 11.738163] ret_from_fork_asm+0x1a/0x30 [ 11.738495] [ 11.738580] The buggy address belongs to the object at ffff888102b0e900 [ 11.738580] which belongs to the cache kmalloc-128 of size 128 [ 11.739187] The buggy address is located 113 bytes inside of [ 11.739187] allocated 120-byte region [ffff888102b0e900, ffff888102b0e978) [ 11.739797] [ 11.739892] The buggy address belongs to the physical page: [ 11.740097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.740564] flags: 0x200000000000000(node=0|zone=2) [ 11.740751] page_type: f5(slab) [ 11.740874] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.741113] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.743989] page dumped because: kasan: bad access detected [ 11.745139] [ 11.745653] Memory state around the buggy address: [ 11.746679] ffff888102b0e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.747325] ffff888102b0e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.748194] >ffff888102b0e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.749068] ^ [ 11.749296] ffff888102b0e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.749517] ffff888102b0ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.749732] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.704430] ================================================================== [ 11.704962] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.705257] Write of size 4 at addr ffff888102794275 by task kunit_try_catch/191 [ 11.705580] [ 11.705684] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.705726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.705738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.705759] Call Trace: [ 11.705771] <TASK> [ 11.705788] dump_stack_lvl+0x73/0xb0 [ 11.705814] print_report+0xd1/0x650 [ 11.705836] ? __virt_addr_valid+0x1db/0x2d0 [ 11.705859] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.705880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.705901] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.705922] kasan_report+0x141/0x180 [ 11.705956] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.705982] kasan_check_range+0x10c/0x1c0 [ 11.706005] __asan_memset+0x27/0x50 [ 11.706025] kmalloc_oob_memset_4+0x166/0x330 [ 11.706046] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.706069] ? __schedule+0x10cc/0x2b60 [ 11.706090] ? __pfx_read_tsc+0x10/0x10 [ 11.706111] ? ktime_get_ts64+0x86/0x230 [ 11.706135] kunit_try_run_case+0x1a5/0x480 [ 11.706159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.706180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.706202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.706224] ? __kthread_parkme+0x82/0x180 [ 11.706244] ? preempt_count_sub+0x50/0x80 [ 11.706268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.706291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.706313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.706335] kthread+0x337/0x6f0 [ 11.706354] ? trace_preempt_on+0x20/0xc0 [ 11.706377] ? __pfx_kthread+0x10/0x10 [ 11.706398] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.706418] ? calculate_sigpending+0x7b/0xa0 [ 11.706441] ? __pfx_kthread+0x10/0x10 [ 11.706463] ret_from_fork+0x116/0x1d0 [ 11.706481] ? __pfx_kthread+0x10/0x10 [ 11.706500] ret_from_fork_asm+0x1a/0x30 [ 11.706530] </TASK> [ 11.706541] [ 11.714214] Allocated by task 191: [ 11.714403] kasan_save_stack+0x45/0x70 [ 11.714799] kasan_save_track+0x18/0x40 [ 11.714978] kasan_save_alloc_info+0x3b/0x50 [ 11.715297] __kasan_kmalloc+0xb7/0xc0 [ 11.715434] __kmalloc_cache_noprof+0x189/0x420 [ 11.715658] kmalloc_oob_memset_4+0xac/0x330 [ 11.716093] kunit_try_run_case+0x1a5/0x480 [ 11.716270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.716520] kthread+0x337/0x6f0 [ 11.716695] ret_from_fork+0x116/0x1d0 [ 11.716829] ret_from_fork_asm+0x1a/0x30 [ 11.717001] [ 11.717098] The buggy address belongs to the object at ffff888102794200 [ 11.717098] which belongs to the cache kmalloc-128 of size 128 [ 11.717831] The buggy address is located 117 bytes inside of [ 11.717831] allocated 120-byte region [ffff888102794200, ffff888102794278) [ 11.718289] [ 11.718390] The buggy address belongs to the physical page: [ 11.718649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 11.719091] flags: 0x200000000000000(node=0|zone=2) [ 11.719311] page_type: f5(slab) [ 11.719434] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.720103] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.720409] page dumped because: kasan: bad access detected [ 11.720748] [ 11.720847] Memory state around the buggy address: [ 11.721054] ffff888102794100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.721313] ffff888102794180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.721770] >ffff888102794200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.722060] ^ [ 11.722315] ffff888102794280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.722779] ffff888102794300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.723068] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.681232] ================================================================== [ 11.681837] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.682164] Write of size 2 at addr ffff888102794177 by task kunit_try_catch/189 [ 11.682452] [ 11.682573] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.682617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.682629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.682650] Call Trace: [ 11.682664] <TASK> [ 11.682682] dump_stack_lvl+0x73/0xb0 [ 11.682712] print_report+0xd1/0x650 [ 11.682735] ? __virt_addr_valid+0x1db/0x2d0 [ 11.682759] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.682780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.682801] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.682822] kasan_report+0x141/0x180 [ 11.682844] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.682870] kasan_check_range+0x10c/0x1c0 [ 11.682893] __asan_memset+0x27/0x50 [ 11.682913] kmalloc_oob_memset_2+0x166/0x330 [ 11.682947] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.682969] ? __schedule+0x10cc/0x2b60 [ 11.682991] ? __pfx_read_tsc+0x10/0x10 [ 11.683013] ? ktime_get_ts64+0x86/0x230 [ 11.683038] kunit_try_run_case+0x1a5/0x480 [ 11.683123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.683149] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.683173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.683195] ? __kthread_parkme+0x82/0x180 [ 11.683217] ? preempt_count_sub+0x50/0x80 [ 11.683241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.683264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.683287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.683309] kthread+0x337/0x6f0 [ 11.683329] ? trace_preempt_on+0x20/0xc0 [ 11.683352] ? __pfx_kthread+0x10/0x10 [ 11.683373] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.683394] ? calculate_sigpending+0x7b/0xa0 [ 11.683418] ? __pfx_kthread+0x10/0x10 [ 11.683439] ret_from_fork+0x116/0x1d0 [ 11.683458] ? __pfx_kthread+0x10/0x10 [ 11.683601] ret_from_fork_asm+0x1a/0x30 [ 11.683638] </TASK> [ 11.683650] [ 11.691752] Allocated by task 189: [ 11.691957] kasan_save_stack+0x45/0x70 [ 11.692106] kasan_save_track+0x18/0x40 [ 11.692310] kasan_save_alloc_info+0x3b/0x50 [ 11.692570] __kasan_kmalloc+0xb7/0xc0 [ 11.692727] __kmalloc_cache_noprof+0x189/0x420 [ 11.692917] kmalloc_oob_memset_2+0xac/0x330 [ 11.693221] kunit_try_run_case+0x1a5/0x480 [ 11.693401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.693743] kthread+0x337/0x6f0 [ 11.693924] ret_from_fork+0x116/0x1d0 [ 11.694096] ret_from_fork_asm+0x1a/0x30 [ 11.694290] [ 11.694365] The buggy address belongs to the object at ffff888102794100 [ 11.694365] which belongs to the cache kmalloc-128 of size 128 [ 11.694894] The buggy address is located 119 bytes inside of [ 11.694894] allocated 120-byte region [ffff888102794100, ffff888102794178) [ 11.695404] [ 11.695566] The buggy address belongs to the physical page: [ 11.695784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 11.696128] flags: 0x200000000000000(node=0|zone=2) [ 11.696481] page_type: f5(slab) [ 11.696716] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.697043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.697371] page dumped because: kasan: bad access detected [ 11.697547] [ 11.697618] Memory state around the buggy address: [ 11.697774] ffff888102794000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.698018] ffff888102794080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.698336] >ffff888102794100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.698666] ^ [ 11.698919] ffff888102794180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.699422] ffff888102794200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.700079] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.657412] ================================================================== [ 11.658192] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.658556] Write of size 128 at addr ffff888102b0e800 by task kunit_try_catch/187 [ 11.658908] [ 11.659236] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.659287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.659299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.659320] Call Trace: [ 11.659334] <TASK> [ 11.659352] dump_stack_lvl+0x73/0xb0 [ 11.659382] print_report+0xd1/0x650 [ 11.659405] ? __virt_addr_valid+0x1db/0x2d0 [ 11.659429] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.659451] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.659473] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.659495] kasan_report+0x141/0x180 [ 11.659517] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.659543] kasan_check_range+0x10c/0x1c0 [ 11.659567] __asan_memset+0x27/0x50 [ 11.659586] kmalloc_oob_in_memset+0x15f/0x320 [ 11.659609] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.659631] ? __schedule+0x10cc/0x2b60 [ 11.659653] ? __pfx_read_tsc+0x10/0x10 [ 11.659674] ? ktime_get_ts64+0x86/0x230 [ 11.659699] kunit_try_run_case+0x1a5/0x480 [ 11.659723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.659745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.659768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.659791] ? __kthread_parkme+0x82/0x180 [ 11.659810] ? preempt_count_sub+0x50/0x80 [ 11.659834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.659857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.659879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.659901] kthread+0x337/0x6f0 [ 11.659920] ? trace_preempt_on+0x20/0xc0 [ 11.659959] ? __pfx_kthread+0x10/0x10 [ 11.659979] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.660000] ? calculate_sigpending+0x7b/0xa0 [ 11.660023] ? __pfx_kthread+0x10/0x10 [ 11.660044] ret_from_fork+0x116/0x1d0 [ 11.660062] ? __pfx_kthread+0x10/0x10 [ 11.660082] ret_from_fork_asm+0x1a/0x30 [ 11.660113] </TASK> [ 11.660124] [ 11.667771] Allocated by task 187: [ 11.667906] kasan_save_stack+0x45/0x70 [ 11.668212] kasan_save_track+0x18/0x40 [ 11.668407] kasan_save_alloc_info+0x3b/0x50 [ 11.668919] __kasan_kmalloc+0xb7/0xc0 [ 11.669078] __kmalloc_cache_noprof+0x189/0x420 [ 11.669236] kmalloc_oob_in_memset+0xac/0x320 [ 11.669448] kunit_try_run_case+0x1a5/0x480 [ 11.669766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.670029] kthread+0x337/0x6f0 [ 11.670189] ret_from_fork+0x116/0x1d0 [ 11.670496] ret_from_fork_asm+0x1a/0x30 [ 11.670676] [ 11.670751] The buggy address belongs to the object at ffff888102b0e800 [ 11.670751] which belongs to the cache kmalloc-128 of size 128 [ 11.671425] The buggy address is located 0 bytes inside of [ 11.671425] allocated 120-byte region [ffff888102b0e800, ffff888102b0e878) [ 11.671946] [ 11.672029] The buggy address belongs to the physical page: [ 11.672281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.672695] flags: 0x200000000000000(node=0|zone=2) [ 11.672925] page_type: f5(slab) [ 11.673060] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.673289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.673579] page dumped because: kasan: bad access detected [ 11.674254] [ 11.674363] Memory state around the buggy address: [ 11.674521] ffff888102b0e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.674738] ffff888102b0e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.675129] >ffff888102b0e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.675451] ^ [ 11.675807] ffff888102b0e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.676163] ffff888102b0e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.676453] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.631279] ================================================================== [ 11.631769] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.632184] Read of size 16 at addr ffff888101e8f4a0 by task kunit_try_catch/185 [ 11.632495] [ 11.632685] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.632733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.632745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.632766] Call Trace: [ 11.632780] <TASK> [ 11.632797] dump_stack_lvl+0x73/0xb0 [ 11.632826] print_report+0xd1/0x650 [ 11.632849] ? __virt_addr_valid+0x1db/0x2d0 [ 11.632872] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.632892] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.632914] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.632948] kasan_report+0x141/0x180 [ 11.632970] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.632995] __asan_report_load16_noabort+0x18/0x20 [ 11.633019] kmalloc_uaf_16+0x47b/0x4c0 [ 11.633040] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.633072] ? __schedule+0x10cc/0x2b60 [ 11.633094] ? __pfx_read_tsc+0x10/0x10 [ 11.633115] ? ktime_get_ts64+0x86/0x230 [ 11.633139] kunit_try_run_case+0x1a5/0x480 [ 11.633163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.633185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.633207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.633230] ? __kthread_parkme+0x82/0x180 [ 11.633250] ? preempt_count_sub+0x50/0x80 [ 11.633275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.633298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.633320] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.633342] kthread+0x337/0x6f0 [ 11.633361] ? trace_preempt_on+0x20/0xc0 [ 11.633385] ? __pfx_kthread+0x10/0x10 [ 11.633405] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.633425] ? calculate_sigpending+0x7b/0xa0 [ 11.633449] ? __pfx_kthread+0x10/0x10 [ 11.633509] ret_from_fork+0x116/0x1d0 [ 11.633532] ? __pfx_kthread+0x10/0x10 [ 11.633552] ret_from_fork_asm+0x1a/0x30 [ 11.633583] </TASK> [ 11.633595] [ 11.641072] Allocated by task 185: [ 11.641207] kasan_save_stack+0x45/0x70 [ 11.641355] kasan_save_track+0x18/0x40 [ 11.641504] kasan_save_alloc_info+0x3b/0x50 [ 11.641716] __kasan_kmalloc+0xb7/0xc0 [ 11.641960] __kmalloc_cache_noprof+0x189/0x420 [ 11.642313] kmalloc_uaf_16+0x15b/0x4c0 [ 11.642474] kunit_try_run_case+0x1a5/0x480 [ 11.642619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.642789] kthread+0x337/0x6f0 [ 11.642968] ret_from_fork+0x116/0x1d0 [ 11.643307] ret_from_fork_asm+0x1a/0x30 [ 11.643568] [ 11.643671] Freed by task 185: [ 11.643837] kasan_save_stack+0x45/0x70 [ 11.644048] kasan_save_track+0x18/0x40 [ 11.644253] kasan_save_free_info+0x3f/0x60 [ 11.644494] __kasan_slab_free+0x56/0x70 [ 11.644702] kfree+0x222/0x3f0 [ 11.644863] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.645041] kunit_try_run_case+0x1a5/0x480 [ 11.645233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.645406] kthread+0x337/0x6f0 [ 11.645846] ret_from_fork+0x116/0x1d0 [ 11.646079] ret_from_fork_asm+0x1a/0x30 [ 11.646264] [ 11.646353] The buggy address belongs to the object at ffff888101e8f4a0 [ 11.646353] which belongs to the cache kmalloc-16 of size 16 [ 11.646824] The buggy address is located 0 bytes inside of [ 11.646824] freed 16-byte region [ffff888101e8f4a0, ffff888101e8f4b0) [ 11.647363] [ 11.647441] The buggy address belongs to the physical page: [ 11.647776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e8f [ 11.648113] flags: 0x200000000000000(node=0|zone=2) [ 11.648490] page_type: f5(slab) [ 11.648654] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.648946] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.649173] page dumped because: kasan: bad access detected [ 11.649344] [ 11.649414] Memory state around the buggy address: [ 11.649739] ffff888101e8f380: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.650065] ffff888101e8f400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.650475] >ffff888101e8f480: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.650685] ^ [ 11.650824] ffff888101e8f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.651051] ffff888101e8f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.651720] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.608547] ================================================================== [ 11.609019] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.609297] Write of size 16 at addr ffff888101e8f440 by task kunit_try_catch/183 [ 11.609610] [ 11.609976] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.610026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.610038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.610060] Call Trace: [ 11.610086] <TASK> [ 11.610103] dump_stack_lvl+0x73/0xb0 [ 11.610134] print_report+0xd1/0x650 [ 11.610157] ? __virt_addr_valid+0x1db/0x2d0 [ 11.610179] ? kmalloc_oob_16+0x452/0x4a0 [ 11.610200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.610222] ? kmalloc_oob_16+0x452/0x4a0 [ 11.610243] kasan_report+0x141/0x180 [ 11.610265] ? kmalloc_oob_16+0x452/0x4a0 [ 11.610290] __asan_report_store16_noabort+0x1b/0x30 [ 11.610310] kmalloc_oob_16+0x452/0x4a0 [ 11.610331] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.610353] ? __schedule+0x10cc/0x2b60 [ 11.610375] ? __pfx_read_tsc+0x10/0x10 [ 11.610395] ? ktime_get_ts64+0x86/0x230 [ 11.610420] kunit_try_run_case+0x1a5/0x480 [ 11.610444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.610484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.610507] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.610530] ? __kthread_parkme+0x82/0x180 [ 11.610551] ? preempt_count_sub+0x50/0x80 [ 11.610574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.610597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.610619] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.610641] kthread+0x337/0x6f0 [ 11.610660] ? trace_preempt_on+0x20/0xc0 [ 11.610684] ? __pfx_kthread+0x10/0x10 [ 11.610704] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.610724] ? calculate_sigpending+0x7b/0xa0 [ 11.610748] ? __pfx_kthread+0x10/0x10 [ 11.610769] ret_from_fork+0x116/0x1d0 [ 11.610787] ? __pfx_kthread+0x10/0x10 [ 11.610807] ret_from_fork_asm+0x1a/0x30 [ 11.610836] </TASK> [ 11.610848] [ 11.618392] Allocated by task 183: [ 11.618614] kasan_save_stack+0x45/0x70 [ 11.618814] kasan_save_track+0x18/0x40 [ 11.619023] kasan_save_alloc_info+0x3b/0x50 [ 11.619248] __kasan_kmalloc+0xb7/0xc0 [ 11.619419] __kmalloc_cache_noprof+0x189/0x420 [ 11.619673] kmalloc_oob_16+0xa8/0x4a0 [ 11.619856] kunit_try_run_case+0x1a5/0x480 [ 11.620046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.620491] kthread+0x337/0x6f0 [ 11.620691] ret_from_fork+0x116/0x1d0 [ 11.620874] ret_from_fork_asm+0x1a/0x30 [ 11.621042] [ 11.621141] The buggy address belongs to the object at ffff888101e8f440 [ 11.621141] which belongs to the cache kmalloc-16 of size 16 [ 11.621786] The buggy address is located 0 bytes inside of [ 11.621786] allocated 13-byte region [ffff888101e8f440, ffff888101e8f44d) [ 11.622303] [ 11.622380] The buggy address belongs to the physical page: [ 11.622558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e8f [ 11.622799] flags: 0x200000000000000(node=0|zone=2) [ 11.623047] page_type: f5(slab) [ 11.623344] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.623781] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.624019] page dumped because: kasan: bad access detected [ 11.624190] [ 11.624262] Memory state around the buggy address: [ 11.624488] ffff888101e8f300: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 11.624821] ffff888101e8f380: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.625152] >ffff888101e8f400: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 11.625471] ^ [ 11.625759] ffff888101e8f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.626358] ffff888101e8f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.626605] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.551785] ================================================================== [ 11.552338] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.552835] Read of size 1 at addr ffff888100aa0200 by task kunit_try_catch/181 [ 11.553336] [ 11.553462] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.553519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.553531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.553553] Call Trace: [ 11.553565] <TASK> [ 11.553583] dump_stack_lvl+0x73/0xb0 [ 11.553613] print_report+0xd1/0x650 [ 11.553734] ? __virt_addr_valid+0x1db/0x2d0 [ 11.553764] ? krealloc_uaf+0x1b8/0x5e0 [ 11.553785] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.553806] ? krealloc_uaf+0x1b8/0x5e0 [ 11.553827] kasan_report+0x141/0x180 [ 11.553849] ? krealloc_uaf+0x1b8/0x5e0 [ 11.553873] ? krealloc_uaf+0x1b8/0x5e0 [ 11.553893] __kasan_check_byte+0x3d/0x50 [ 11.553915] krealloc_noprof+0x3f/0x340 [ 11.553947] krealloc_uaf+0x1b8/0x5e0 [ 11.553968] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.553988] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.554019] ? __pfx_read_tsc+0x10/0x10 [ 11.554040] ? ktime_get_ts64+0x86/0x230 [ 11.554084] kunit_try_run_case+0x1a5/0x480 [ 11.554109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.554131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.554155] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.554177] ? __kthread_parkme+0x82/0x180 [ 11.554199] ? preempt_count_sub+0x50/0x80 [ 11.554224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.554248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.554270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.554292] kthread+0x337/0x6f0 [ 11.554311] ? trace_preempt_on+0x20/0xc0 [ 11.554334] ? __pfx_kthread+0x10/0x10 [ 11.554354] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.554374] ? calculate_sigpending+0x7b/0xa0 [ 11.554399] ? __pfx_kthread+0x10/0x10 [ 11.554420] ret_from_fork+0x116/0x1d0 [ 11.554438] ? __pfx_kthread+0x10/0x10 [ 11.554458] ret_from_fork_asm+0x1a/0x30 [ 11.554531] </TASK> [ 11.554542] [ 11.568109] Allocated by task 181: [ 11.568611] kasan_save_stack+0x45/0x70 [ 11.568777] kasan_save_track+0x18/0x40 [ 11.568913] kasan_save_alloc_info+0x3b/0x50 [ 11.569091] __kasan_kmalloc+0xb7/0xc0 [ 11.569236] __kmalloc_cache_noprof+0x189/0x420 [ 11.569463] krealloc_uaf+0xbb/0x5e0 [ 11.569605] kunit_try_run_case+0x1a5/0x480 [ 11.569789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.570006] kthread+0x337/0x6f0 [ 11.570268] ret_from_fork+0x116/0x1d0 [ 11.570426] ret_from_fork_asm+0x1a/0x30 [ 11.570624] [ 11.570747] Freed by task 181: [ 11.570926] kasan_save_stack+0x45/0x70 [ 11.571174] kasan_save_track+0x18/0x40 [ 11.571339] kasan_save_free_info+0x3f/0x60 [ 11.571537] __kasan_slab_free+0x56/0x70 [ 11.571674] kfree+0x222/0x3f0 [ 11.571832] krealloc_uaf+0x13d/0x5e0 [ 11.572029] kunit_try_run_case+0x1a5/0x480 [ 11.572269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.572513] kthread+0x337/0x6f0 [ 11.572636] ret_from_fork+0x116/0x1d0 [ 11.572825] ret_from_fork_asm+0x1a/0x30 [ 11.573049] [ 11.573335] The buggy address belongs to the object at ffff888100aa0200 [ 11.573335] which belongs to the cache kmalloc-256 of size 256 [ 11.573947] The buggy address is located 0 bytes inside of [ 11.573947] freed 256-byte region [ffff888100aa0200, ffff888100aa0300) [ 11.574454] [ 11.574560] The buggy address belongs to the physical page: [ 11.574902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 11.575278] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.575507] flags: 0x200000000000040(head|node=0|zone=2) [ 11.575926] page_type: f5(slab) [ 11.576160] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.576699] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.577039] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.577357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.577685] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 11.577987] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.578329] page dumped because: kasan: bad access detected [ 11.578610] [ 11.578685] Memory state around the buggy address: [ 11.578872] ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.579352] ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.579582] >ffff888100aa0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.579956] ^ [ 11.580149] ffff888100aa0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.580379] ffff888100aa0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.580760] ================================================================== [ 11.581397] ================================================================== [ 11.582152] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.582406] Read of size 1 at addr ffff888100aa0200 by task kunit_try_catch/181 [ 11.582731] [ 11.582888] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.582942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.583004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.583026] Call Trace: [ 11.583043] <TASK> [ 11.583059] dump_stack_lvl+0x73/0xb0 [ 11.583086] print_report+0xd1/0x650 [ 11.583113] ? __virt_addr_valid+0x1db/0x2d0 [ 11.583136] ? krealloc_uaf+0x53c/0x5e0 [ 11.583156] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.583178] ? krealloc_uaf+0x53c/0x5e0 [ 11.583199] kasan_report+0x141/0x180 [ 11.583220] ? krealloc_uaf+0x53c/0x5e0 [ 11.583246] __asan_report_load1_noabort+0x18/0x20 [ 11.583270] krealloc_uaf+0x53c/0x5e0 [ 11.583291] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.583311] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.583340] ? __pfx_read_tsc+0x10/0x10 [ 11.583361] ? ktime_get_ts64+0x86/0x230 [ 11.583384] kunit_try_run_case+0x1a5/0x480 [ 11.583408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.583429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.583451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.583506] ? __kthread_parkme+0x82/0x180 [ 11.583527] ? preempt_count_sub+0x50/0x80 [ 11.583550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.583574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.583596] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.583619] kthread+0x337/0x6f0 [ 11.583637] ? trace_preempt_on+0x20/0xc0 [ 11.583661] ? __pfx_kthread+0x10/0x10 [ 11.583681] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.583701] ? calculate_sigpending+0x7b/0xa0 [ 11.583724] ? __pfx_kthread+0x10/0x10 [ 11.583745] ret_from_fork+0x116/0x1d0 [ 11.583763] ? __pfx_kthread+0x10/0x10 [ 11.583783] ret_from_fork_asm+0x1a/0x30 [ 11.583813] </TASK> [ 11.583824] [ 11.591013] Allocated by task 181: [ 11.591287] kasan_save_stack+0x45/0x70 [ 11.591443] kasan_save_track+0x18/0x40 [ 11.591578] kasan_save_alloc_info+0x3b/0x50 [ 11.591754] __kasan_kmalloc+0xb7/0xc0 [ 11.591962] __kmalloc_cache_noprof+0x189/0x420 [ 11.592185] krealloc_uaf+0xbb/0x5e0 [ 11.592426] kunit_try_run_case+0x1a5/0x480 [ 11.592790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.593026] kthread+0x337/0x6f0 [ 11.593226] ret_from_fork+0x116/0x1d0 [ 11.593358] ret_from_fork_asm+0x1a/0x30 [ 11.593496] [ 11.593567] Freed by task 181: [ 11.593723] kasan_save_stack+0x45/0x70 [ 11.593915] kasan_save_track+0x18/0x40 [ 11.594319] kasan_save_free_info+0x3f/0x60 [ 11.594490] __kasan_slab_free+0x56/0x70 [ 11.594686] kfree+0x222/0x3f0 [ 11.594811] krealloc_uaf+0x13d/0x5e0 [ 11.595009] kunit_try_run_case+0x1a5/0x480 [ 11.595252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.595512] kthread+0x337/0x6f0 [ 11.595649] ret_from_fork+0x116/0x1d0 [ 11.595835] ret_from_fork_asm+0x1a/0x30 [ 11.595987] [ 11.596059] The buggy address belongs to the object at ffff888100aa0200 [ 11.596059] which belongs to the cache kmalloc-256 of size 256 [ 11.596698] The buggy address is located 0 bytes inside of [ 11.596698] freed 256-byte region [ffff888100aa0200, ffff888100aa0300) [ 11.597360] [ 11.597445] The buggy address belongs to the physical page: [ 11.597691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 11.598028] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.598424] flags: 0x200000000000040(head|node=0|zone=2) [ 11.598598] page_type: f5(slab) [ 11.598717] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.599311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.599659] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.599908] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.600663] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 11.600998] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.601326] page dumped because: kasan: bad access detected [ 11.601523] [ 11.601594] Memory state around the buggy address: [ 11.601747] ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.602094] ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.602425] >ffff888100aa0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.602736] ^ [ 11.602898] ffff888100aa0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.603356] ffff888100aa0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.603696] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.325843] ================================================================== [ 11.326509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.327146] Write of size 1 at addr ffff8881003502ea by task kunit_try_catch/175 [ 11.327741] [ 11.327991] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.328034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.328046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.328066] Call Trace: [ 11.328084] <TASK> [ 11.328102] dump_stack_lvl+0x73/0xb0 [ 11.328130] print_report+0xd1/0x650 [ 11.328153] ? __virt_addr_valid+0x1db/0x2d0 [ 11.328175] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.328197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.328218] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.328241] kasan_report+0x141/0x180 [ 11.328263] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.328302] __asan_report_store1_noabort+0x1b/0x30 [ 11.328322] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.328347] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.328381] ? finish_task_switch.isra.0+0x153/0x700 [ 11.328403] ? __switch_to+0x47/0xf50 [ 11.328428] ? __schedule+0x10cc/0x2b60 [ 11.328449] ? __pfx_read_tsc+0x10/0x10 [ 11.328479] krealloc_less_oob+0x1c/0x30 [ 11.328500] kunit_try_run_case+0x1a5/0x480 [ 11.328523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.328545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.328567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.328589] ? __kthread_parkme+0x82/0x180 [ 11.328609] ? preempt_count_sub+0x50/0x80 [ 11.328631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.328654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.328676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.328698] kthread+0x337/0x6f0 [ 11.328717] ? trace_preempt_on+0x20/0xc0 [ 11.328740] ? __pfx_kthread+0x10/0x10 [ 11.328760] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.328780] ? calculate_sigpending+0x7b/0xa0 [ 11.328803] ? __pfx_kthread+0x10/0x10 [ 11.328824] ret_from_fork+0x116/0x1d0 [ 11.328841] ? __pfx_kthread+0x10/0x10 [ 11.328861] ret_from_fork_asm+0x1a/0x30 [ 11.328890] </TASK> [ 11.328901] [ 11.343122] Allocated by task 175: [ 11.343370] kasan_save_stack+0x45/0x70 [ 11.343810] kasan_save_track+0x18/0x40 [ 11.344012] kasan_save_alloc_info+0x3b/0x50 [ 11.344232] __kasan_krealloc+0x190/0x1f0 [ 11.344640] krealloc_noprof+0xf3/0x340 [ 11.345105] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.345588] krealloc_less_oob+0x1c/0x30 [ 11.346029] kunit_try_run_case+0x1a5/0x480 [ 11.346193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.346368] kthread+0x337/0x6f0 [ 11.346694] ret_from_fork+0x116/0x1d0 [ 11.346833] ret_from_fork_asm+0x1a/0x30 [ 11.347018] [ 11.347210] The buggy address belongs to the object at ffff888100350200 [ 11.347210] which belongs to the cache kmalloc-256 of size 256 [ 11.348400] The buggy address is located 33 bytes to the right of [ 11.348400] allocated 201-byte region [ffff888100350200, ffff8881003502c9) [ 11.349646] [ 11.349721] The buggy address belongs to the physical page: [ 11.349907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.350546] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.350968] flags: 0x200000000000040(head|node=0|zone=2) [ 11.351354] page_type: f5(slab) [ 11.351662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.352502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.353234] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.353803] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.354399] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.354667] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.355354] page dumped because: kasan: bad access detected [ 11.355758] [ 11.355835] Memory state around the buggy address: [ 11.356079] ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.356788] ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.357402] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.358147] ^ [ 11.358606] ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.359186] ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.359978] ================================================================== [ 11.448829] ================================================================== [ 11.449370] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.449706] Write of size 1 at addr ffff888102b720c9 by task kunit_try_catch/179 [ 11.450015] [ 11.450123] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.450167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.450179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.450200] Call Trace: [ 11.450213] <TASK> [ 11.450230] dump_stack_lvl+0x73/0xb0 [ 11.450258] print_report+0xd1/0x650 [ 11.450280] ? __virt_addr_valid+0x1db/0x2d0 [ 11.450302] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.450325] ? kasan_addr_to_slab+0x11/0xa0 [ 11.450344] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.450368] kasan_report+0x141/0x180 [ 11.450389] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.450416] __asan_report_store1_noabort+0x1b/0x30 [ 11.450436] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.450460] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.450483] ? finish_task_switch.isra.0+0x153/0x700 [ 11.450505] ? __switch_to+0x47/0xf50 [ 11.450529] ? __schedule+0x10cc/0x2b60 [ 11.450551] ? __pfx_read_tsc+0x10/0x10 [ 11.450573] krealloc_large_less_oob+0x1c/0x30 [ 11.450595] kunit_try_run_case+0x1a5/0x480 [ 11.450620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.450641] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.450663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.450684] ? __kthread_parkme+0x82/0x180 [ 11.450705] ? preempt_count_sub+0x50/0x80 [ 11.450726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.450748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.450770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.450791] kthread+0x337/0x6f0 [ 11.450811] ? trace_preempt_on+0x20/0xc0 [ 11.450833] ? __pfx_kthread+0x10/0x10 [ 11.450853] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.450873] ? calculate_sigpending+0x7b/0xa0 [ 11.450897] ? __pfx_kthread+0x10/0x10 [ 11.450917] ret_from_fork+0x116/0x1d0 [ 11.450966] ? __pfx_kthread+0x10/0x10 [ 11.450986] ret_from_fork_asm+0x1a/0x30 [ 11.451016] </TASK> [ 11.451027] [ 11.462924] The buggy address belongs to the physical page: [ 11.463228] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.463732] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.464236] flags: 0x200000000000040(head|node=0|zone=2) [ 11.464621] page_type: f8(unknown) [ 11.464793] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.465336] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.465808] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.466300] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.466547] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.466780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.467025] page dumped because: kasan: bad access detected [ 11.467252] [ 11.467349] Memory state around the buggy address: [ 11.467596] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.467871] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.468193] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.468455] ^ [ 11.468707] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.468999] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.469328] ================================================================== [ 11.513518] ================================================================== [ 11.513868] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.514643] Write of size 1 at addr ffff888102b720ea by task kunit_try_catch/179 [ 11.514915] [ 11.515040] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.515092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.515108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.515127] Call Trace: [ 11.515154] <TASK> [ 11.515170] dump_stack_lvl+0x73/0xb0 [ 11.515207] print_report+0xd1/0x650 [ 11.515228] ? __virt_addr_valid+0x1db/0x2d0 [ 11.515249] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.515282] ? kasan_addr_to_slab+0x11/0xa0 [ 11.515302] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.515325] kasan_report+0x141/0x180 [ 11.515347] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.515374] __asan_report_store1_noabort+0x1b/0x30 [ 11.515394] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.515420] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.515443] ? finish_task_switch.isra.0+0x153/0x700 [ 11.515464] ? __switch_to+0x47/0xf50 [ 11.515498] ? __schedule+0x10cc/0x2b60 [ 11.515520] ? __pfx_read_tsc+0x10/0x10 [ 11.515544] krealloc_large_less_oob+0x1c/0x30 [ 11.515577] kunit_try_run_case+0x1a5/0x480 [ 11.515600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.515623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.515655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.515677] ? __kthread_parkme+0x82/0x180 [ 11.515697] ? preempt_count_sub+0x50/0x80 [ 11.515719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.515752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.515774] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.515796] kthread+0x337/0x6f0 [ 11.515824] ? trace_preempt_on+0x20/0xc0 [ 11.515846] ? __pfx_kthread+0x10/0x10 [ 11.515866] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.515896] ? calculate_sigpending+0x7b/0xa0 [ 11.515920] ? __pfx_kthread+0x10/0x10 [ 11.515948] ret_from_fork+0x116/0x1d0 [ 11.515966] ? __pfx_kthread+0x10/0x10 [ 11.515986] ret_from_fork_asm+0x1a/0x30 [ 11.516016] </TASK> [ 11.516027] [ 11.523913] The buggy address belongs to the physical page: [ 11.524212] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.524623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.524923] flags: 0x200000000000040(head|node=0|zone=2) [ 11.525250] page_type: f8(unknown) [ 11.525392] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.525745] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.526019] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.526451] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.526806] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.527244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.527594] page dumped because: kasan: bad access detected [ 11.527836] [ 11.527944] Memory state around the buggy address: [ 11.528199] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.528500] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.528793] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.529142] ^ [ 11.529408] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.529646] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.529856] ================================================================== [ 11.360642] ================================================================== [ 11.360883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.361600] Write of size 1 at addr ffff8881003502eb by task kunit_try_catch/175 [ 11.362381] [ 11.362558] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.362601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.362612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.362633] Call Trace: [ 11.362651] <TASK> [ 11.362669] dump_stack_lvl+0x73/0xb0 [ 11.362697] print_report+0xd1/0x650 [ 11.362719] ? __virt_addr_valid+0x1db/0x2d0 [ 11.362741] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.362785] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362808] kasan_report+0x141/0x180 [ 11.362829] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362856] __asan_report_store1_noabort+0x1b/0x30 [ 11.362876] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362911] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.362951] ? finish_task_switch.isra.0+0x153/0x700 [ 11.362973] ? __switch_to+0x47/0xf50 [ 11.363007] ? __schedule+0x10cc/0x2b60 [ 11.363028] ? __pfx_read_tsc+0x10/0x10 [ 11.363051] krealloc_less_oob+0x1c/0x30 [ 11.363082] kunit_try_run_case+0x1a5/0x480 [ 11.363111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.363133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.363155] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.363178] ? __kthread_parkme+0x82/0x180 [ 11.363198] ? preempt_count_sub+0x50/0x80 [ 11.363220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.363244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.363267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.363289] kthread+0x337/0x6f0 [ 11.363308] ? trace_preempt_on+0x20/0xc0 [ 11.363331] ? __pfx_kthread+0x10/0x10 [ 11.363351] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.363371] ? calculate_sigpending+0x7b/0xa0 [ 11.363394] ? __pfx_kthread+0x10/0x10 [ 11.363418] ret_from_fork+0x116/0x1d0 [ 11.363439] ? __pfx_kthread+0x10/0x10 [ 11.363472] ret_from_fork_asm+0x1a/0x30 [ 11.363504] </TASK> [ 11.363515] [ 11.376379] Allocated by task 175: [ 11.376768] kasan_save_stack+0x45/0x70 [ 11.377162] kasan_save_track+0x18/0x40 [ 11.377561] kasan_save_alloc_info+0x3b/0x50 [ 11.377945] __kasan_krealloc+0x190/0x1f0 [ 11.378344] krealloc_noprof+0xf3/0x340 [ 11.378967] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.379523] krealloc_less_oob+0x1c/0x30 [ 11.379770] kunit_try_run_case+0x1a5/0x480 [ 11.379920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.380192] kthread+0x337/0x6f0 [ 11.380491] ret_from_fork+0x116/0x1d0 [ 11.380915] ret_from_fork_asm+0x1a/0x30 [ 11.381338] [ 11.381505] The buggy address belongs to the object at ffff888100350200 [ 11.381505] which belongs to the cache kmalloc-256 of size 256 [ 11.382365] The buggy address is located 34 bytes to the right of [ 11.382365] allocated 201-byte region [ffff888100350200, ffff8881003502c9) [ 11.383593] [ 11.383794] The buggy address belongs to the physical page: [ 11.384353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.384937] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.385277] flags: 0x200000000000040(head|node=0|zone=2) [ 11.385778] page_type: f5(slab) [ 11.386099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.386909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.387607] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.388319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.388813] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.389563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.389961] page dumped because: kasan: bad access detected [ 11.390267] [ 11.390422] Memory state around the buggy address: [ 11.391049] ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.391760] ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.392019] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.392429] ^ [ 11.393033] ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.393749] ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.394373] ================================================================== [ 11.470137] ================================================================== [ 11.470887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.471228] Write of size 1 at addr ffff888102b720d0 by task kunit_try_catch/179 [ 11.471671] [ 11.471844] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.471885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.471897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.471918] Call Trace: [ 11.471942] <TASK> [ 11.471958] dump_stack_lvl+0x73/0xb0 [ 11.471985] print_report+0xd1/0x650 [ 11.472007] ? __virt_addr_valid+0x1db/0x2d0 [ 11.472030] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.472052] ? kasan_addr_to_slab+0x11/0xa0 [ 11.472072] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.472096] kasan_report+0x141/0x180 [ 11.472118] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.472145] __asan_report_store1_noabort+0x1b/0x30 [ 11.472165] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.472193] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.472218] ? finish_task_switch.isra.0+0x153/0x700 [ 11.472240] ? __switch_to+0x47/0xf50 [ 11.472264] ? __schedule+0x10cc/0x2b60 [ 11.472285] ? __pfx_read_tsc+0x10/0x10 [ 11.472309] krealloc_large_less_oob+0x1c/0x30 [ 11.472331] kunit_try_run_case+0x1a5/0x480 [ 11.472354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.472376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.472398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.472420] ? __kthread_parkme+0x82/0x180 [ 11.472440] ? preempt_count_sub+0x50/0x80 [ 11.472462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.472484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.472506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.472528] kthread+0x337/0x6f0 [ 11.472546] ? trace_preempt_on+0x20/0xc0 [ 11.472569] ? __pfx_kthread+0x10/0x10 [ 11.472589] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.472609] ? calculate_sigpending+0x7b/0xa0 [ 11.472702] ? __pfx_kthread+0x10/0x10 [ 11.472726] ret_from_fork+0x116/0x1d0 [ 11.472744] ? __pfx_kthread+0x10/0x10 [ 11.472765] ret_from_fork_asm+0x1a/0x30 [ 11.472795] </TASK> [ 11.472806] [ 11.485817] The buggy address belongs to the physical page: [ 11.486735] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.487296] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.487526] flags: 0x200000000000040(head|node=0|zone=2) [ 11.487704] page_type: f8(unknown) [ 11.487830] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.489217] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.489798] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.490651] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.491365] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.491689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.492023] page dumped because: kasan: bad access detected [ 11.492694] [ 11.492778] Memory state around the buggy address: [ 11.493207] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.493612] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.494039] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.494492] ^ [ 11.494851] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.495272] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.495576] ================================================================== [ 11.290471] ================================================================== [ 11.291133] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.291725] Write of size 1 at addr ffff8881003502da by task kunit_try_catch/175 [ 11.292403] [ 11.292646] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.292689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.292701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.292724] Call Trace: [ 11.292742] <TASK> [ 11.292759] dump_stack_lvl+0x73/0xb0 [ 11.292789] print_report+0xd1/0x650 [ 11.292811] ? __virt_addr_valid+0x1db/0x2d0 [ 11.292833] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.292855] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.292876] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.292899] kasan_report+0x141/0x180 [ 11.292948] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.292976] __asan_report_store1_noabort+0x1b/0x30 [ 11.292996] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.293020] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.293043] ? finish_task_switch.isra.0+0x153/0x700 [ 11.293064] ? __switch_to+0x47/0xf50 [ 11.293099] ? __schedule+0x10cc/0x2b60 [ 11.293120] ? __pfx_read_tsc+0x10/0x10 [ 11.293144] krealloc_less_oob+0x1c/0x30 [ 11.293165] kunit_try_run_case+0x1a5/0x480 [ 11.293187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.293208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.293230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.293252] ? __kthread_parkme+0x82/0x180 [ 11.293272] ? preempt_count_sub+0x50/0x80 [ 11.293294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.293316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.293339] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.293360] kthread+0x337/0x6f0 [ 11.293379] ? trace_preempt_on+0x20/0xc0 [ 11.293402] ? __pfx_kthread+0x10/0x10 [ 11.293422] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.293442] ? calculate_sigpending+0x7b/0xa0 [ 11.293479] ? __pfx_kthread+0x10/0x10 [ 11.293500] ret_from_fork+0x116/0x1d0 [ 11.293518] ? __pfx_kthread+0x10/0x10 [ 11.293537] ret_from_fork_asm+0x1a/0x30 [ 11.293567] </TASK> [ 11.293579] [ 11.308015] Allocated by task 175: [ 11.308258] kasan_save_stack+0x45/0x70 [ 11.308605] kasan_save_track+0x18/0x40 [ 11.309021] kasan_save_alloc_info+0x3b/0x50 [ 11.309473] __kasan_krealloc+0x190/0x1f0 [ 11.309864] krealloc_noprof+0xf3/0x340 [ 11.310009] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.310184] krealloc_less_oob+0x1c/0x30 [ 11.310580] kunit_try_run_case+0x1a5/0x480 [ 11.310988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.311362] kthread+0x337/0x6f0 [ 11.311484] ret_from_fork+0x116/0x1d0 [ 11.311881] ret_from_fork_asm+0x1a/0x30 [ 11.312297] [ 11.312460] The buggy address belongs to the object at ffff888100350200 [ 11.312460] which belongs to the cache kmalloc-256 of size 256 [ 11.313460] The buggy address is located 17 bytes to the right of [ 11.313460] allocated 201-byte region [ffff888100350200, ffff8881003502c9) [ 11.314548] [ 11.314708] The buggy address belongs to the physical page: [ 11.315282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.315706] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.316172] flags: 0x200000000000040(head|node=0|zone=2) [ 11.316369] page_type: f5(slab) [ 11.316491] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.316733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.317486] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.318396] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.319252] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.320173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.320918] page dumped because: kasan: bad access detected [ 11.321502] [ 11.321685] Memory state around the buggy address: [ 11.322020] ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.322722] ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.323131] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.323369] ^ [ 11.324035] ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.324686] ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.324909] ================================================================== [ 11.222901] ================================================================== [ 11.223580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.223904] Write of size 1 at addr ffff8881003502c9 by task kunit_try_catch/175 [ 11.224138] [ 11.224231] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.224276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.224289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.224310] Call Trace: [ 11.224322] <TASK> [ 11.224340] dump_stack_lvl+0x73/0xb0 [ 11.224367] print_report+0xd1/0x650 [ 11.224390] ? __virt_addr_valid+0x1db/0x2d0 [ 11.224413] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.224436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.224458] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.224482] kasan_report+0x141/0x180 [ 11.224504] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.224532] __asan_report_store1_noabort+0x1b/0x30 [ 11.224552] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.224578] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.224602] ? finish_task_switch.isra.0+0x153/0x700 [ 11.224624] ? __switch_to+0x47/0xf50 [ 11.224650] ? __schedule+0x10cc/0x2b60 [ 11.224672] ? __pfx_read_tsc+0x10/0x10 [ 11.224721] krealloc_less_oob+0x1c/0x30 [ 11.224743] kunit_try_run_case+0x1a5/0x480 [ 11.224767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.224790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.224813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.224836] ? __kthread_parkme+0x82/0x180 [ 11.224857] ? preempt_count_sub+0x50/0x80 [ 11.224880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.224903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.224926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.224962] kthread+0x337/0x6f0 [ 11.224982] ? trace_preempt_on+0x20/0xc0 [ 11.225005] ? __pfx_kthread+0x10/0x10 [ 11.225026] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.225047] ? calculate_sigpending+0x7b/0xa0 [ 11.225072] ? __pfx_kthread+0x10/0x10 [ 11.225093] ret_from_fork+0x116/0x1d0 [ 11.225938] ? __pfx_kthread+0x10/0x10 [ 11.225966] ret_from_fork_asm+0x1a/0x30 [ 11.225998] </TASK> [ 11.226011] [ 11.239741] Allocated by task 175: [ 11.240157] kasan_save_stack+0x45/0x70 [ 11.240460] kasan_save_track+0x18/0x40 [ 11.240813] kasan_save_alloc_info+0x3b/0x50 [ 11.241191] __kasan_krealloc+0x190/0x1f0 [ 11.241522] krealloc_noprof+0xf3/0x340 [ 11.241804] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.242130] krealloc_less_oob+0x1c/0x30 [ 11.242334] kunit_try_run_case+0x1a5/0x480 [ 11.242764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.243041] kthread+0x337/0x6f0 [ 11.243185] ret_from_fork+0x116/0x1d0 [ 11.243367] ret_from_fork_asm+0x1a/0x30 [ 11.243574] [ 11.243657] The buggy address belongs to the object at ffff888100350200 [ 11.243657] which belongs to the cache kmalloc-256 of size 256 [ 11.244734] The buggy address is located 0 bytes to the right of [ 11.244734] allocated 201-byte region [ffff888100350200, ffff8881003502c9) [ 11.245567] [ 11.245669] The buggy address belongs to the physical page: [ 11.246100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.246697] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.247033] flags: 0x200000000000040(head|node=0|zone=2) [ 11.247429] page_type: f5(slab) [ 11.247801] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.248584] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.248893] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.249389] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.249899] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.250637] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.250996] page dumped because: kasan: bad access detected [ 11.251362] [ 11.251634] Memory state around the buggy address: [ 11.252165] ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.252815] ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.253335] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.253921] ^ [ 11.254390] ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.254863] ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.255439] ================================================================== [ 11.531035] ================================================================== [ 11.531426] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.531839] Write of size 1 at addr ffff888102b720eb by task kunit_try_catch/179 [ 11.532381] [ 11.532481] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.532533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.532546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.532566] Call Trace: [ 11.532593] <TASK> [ 11.532609] dump_stack_lvl+0x73/0xb0 [ 11.532636] print_report+0xd1/0x650 [ 11.532658] ? __virt_addr_valid+0x1db/0x2d0 [ 11.532680] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.532705] ? kasan_addr_to_slab+0x11/0xa0 [ 11.532727] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.532753] kasan_report+0x141/0x180 [ 11.532774] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.532801] __asan_report_store1_noabort+0x1b/0x30 [ 11.532830] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.532855] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.532879] ? finish_task_switch.isra.0+0x153/0x700 [ 11.532910] ? __switch_to+0x47/0xf50 [ 11.532943] ? __schedule+0x10cc/0x2b60 [ 11.532964] ? __pfx_read_tsc+0x10/0x10 [ 11.532987] krealloc_large_less_oob+0x1c/0x30 [ 11.533009] kunit_try_run_case+0x1a5/0x480 [ 11.533033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.533054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.533077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.533099] ? __kthread_parkme+0x82/0x180 [ 11.533118] ? preempt_count_sub+0x50/0x80 [ 11.533142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.533165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.533187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.533209] kthread+0x337/0x6f0 [ 11.533229] ? trace_preempt_on+0x20/0xc0 [ 11.533251] ? __pfx_kthread+0x10/0x10 [ 11.533271] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.533291] ? calculate_sigpending+0x7b/0xa0 [ 11.533313] ? __pfx_kthread+0x10/0x10 [ 11.533334] ret_from_fork+0x116/0x1d0 [ 11.533351] ? __pfx_kthread+0x10/0x10 [ 11.533371] ret_from_fork_asm+0x1a/0x30 [ 11.533400] </TASK> [ 11.533410] [ 11.541288] The buggy address belongs to the physical page: [ 11.541690] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.541988] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.542299] flags: 0x200000000000040(head|node=0|zone=2) [ 11.542576] page_type: f8(unknown) [ 11.542874] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.543260] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.543591] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.543822] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.544207] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.544581] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.544950] page dumped because: kasan: bad access detected [ 11.545274] [ 11.545368] Memory state around the buggy address: [ 11.545587] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.545887] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.546247] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.546547] ^ [ 11.546787] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.547077] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.547396] ================================================================== [ 11.496138] ================================================================== [ 11.497188] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.497452] Write of size 1 at addr ffff888102b720da by task kunit_try_catch/179 [ 11.497680] [ 11.497772] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.497816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.497828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.497849] Call Trace: [ 11.497867] <TASK> [ 11.497884] dump_stack_lvl+0x73/0xb0 [ 11.497911] print_report+0xd1/0x650 [ 11.497944] ? __virt_addr_valid+0x1db/0x2d0 [ 11.498215] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.498244] ? kasan_addr_to_slab+0x11/0xa0 [ 11.498288] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.498313] kasan_report+0x141/0x180 [ 11.498512] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.498542] __asan_report_store1_noabort+0x1b/0x30 [ 11.498576] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.498602] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.498625] ? finish_task_switch.isra.0+0x153/0x700 [ 11.498646] ? __switch_to+0x47/0xf50 [ 11.498671] ? __schedule+0x10cc/0x2b60 [ 11.498693] ? __pfx_read_tsc+0x10/0x10 [ 11.498717] krealloc_large_less_oob+0x1c/0x30 [ 11.498739] kunit_try_run_case+0x1a5/0x480 [ 11.498765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.498809] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.498831] ? __kthread_parkme+0x82/0x180 [ 11.498851] ? preempt_count_sub+0x50/0x80 [ 11.498873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.498917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.498951] kthread+0x337/0x6f0 [ 11.498971] ? trace_preempt_on+0x20/0xc0 [ 11.498996] ? __pfx_kthread+0x10/0x10 [ 11.499016] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.499036] ? calculate_sigpending+0x7b/0xa0 [ 11.499067] ? __pfx_kthread+0x10/0x10 [ 11.499088] ret_from_fork+0x116/0x1d0 [ 11.499111] ? __pfx_kthread+0x10/0x10 [ 11.499130] ret_from_fork_asm+0x1a/0x30 [ 11.499161] </TASK> [ 11.499173] [ 11.507032] The buggy address belongs to the physical page: [ 11.507326] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.507742] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.508070] flags: 0x200000000000040(head|node=0|zone=2) [ 11.508327] page_type: f8(unknown) [ 11.508536] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.508835] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.509244] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.509606] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.509916] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.510299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.510633] page dumped because: kasan: bad access detected [ 11.510869] [ 11.510976] Memory state around the buggy address: [ 11.511215] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.511521] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.511832] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.512125] ^ [ 11.512408] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.512683] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.512894] ================================================================== [ 11.257034] ================================================================== [ 11.257367] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.257841] Write of size 1 at addr ffff8881003502d0 by task kunit_try_catch/175 [ 11.258508] [ 11.258818] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.258866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.258879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.258900] Call Trace: [ 11.258913] <TASK> [ 11.259055] dump_stack_lvl+0x73/0xb0 [ 11.259094] print_report+0xd1/0x650 [ 11.259122] ? __virt_addr_valid+0x1db/0x2d0 [ 11.259145] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.259167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.259189] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.259212] kasan_report+0x141/0x180 [ 11.259235] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.259262] __asan_report_store1_noabort+0x1b/0x30 [ 11.259282] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.259307] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.259330] ? finish_task_switch.isra.0+0x153/0x700 [ 11.259351] ? __switch_to+0x47/0xf50 [ 11.259377] ? __schedule+0x10cc/0x2b60 [ 11.259399] ? __pfx_read_tsc+0x10/0x10 [ 11.259422] krealloc_less_oob+0x1c/0x30 [ 11.259443] kunit_try_run_case+0x1a5/0x480 [ 11.259478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.259500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.259522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.259544] ? __kthread_parkme+0x82/0x180 [ 11.259564] ? preempt_count_sub+0x50/0x80 [ 11.259586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.259610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.259631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.259653] kthread+0x337/0x6f0 [ 11.259672] ? trace_preempt_on+0x20/0xc0 [ 11.259695] ? __pfx_kthread+0x10/0x10 [ 11.259716] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.259736] ? calculate_sigpending+0x7b/0xa0 [ 11.259759] ? __pfx_kthread+0x10/0x10 [ 11.259779] ret_from_fork+0x116/0x1d0 [ 11.259797] ? __pfx_kthread+0x10/0x10 [ 11.259816] ret_from_fork_asm+0x1a/0x30 [ 11.259846] </TASK> [ 11.259857] [ 11.272458] Allocated by task 175: [ 11.272794] kasan_save_stack+0x45/0x70 [ 11.273134] kasan_save_track+0x18/0x40 [ 11.273343] kasan_save_alloc_info+0x3b/0x50 [ 11.273769] __kasan_krealloc+0x190/0x1f0 [ 11.274115] krealloc_noprof+0xf3/0x340 [ 11.274343] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.274829] krealloc_less_oob+0x1c/0x30 [ 11.275189] kunit_try_run_case+0x1a5/0x480 [ 11.275485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.275909] kthread+0x337/0x6f0 [ 11.276202] ret_from_fork+0x116/0x1d0 [ 11.276409] ret_from_fork_asm+0x1a/0x30 [ 11.276615] [ 11.277168] The buggy address belongs to the object at ffff888100350200 [ 11.277168] which belongs to the cache kmalloc-256 of size 256 [ 11.278077] The buggy address is located 7 bytes to the right of [ 11.278077] allocated 201-byte region [ffff888100350200, ffff8881003502c9) [ 11.278826] [ 11.278911] The buggy address belongs to the physical page: [ 11.279210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350 [ 11.280114] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.280996] flags: 0x200000000000040(head|node=0|zone=2) [ 11.281557] page_type: f5(slab) [ 11.281850] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.282530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.282785] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.283528] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.284294] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff [ 11.284874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.285238] page dumped because: kasan: bad access detected [ 11.285764] [ 11.285982] Memory state around the buggy address: [ 11.286525] ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.287173] ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.287524] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.288274] ^ [ 11.288725] ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.288977] ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.289638] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.427419] ================================================================== [ 11.427997] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.428672] Write of size 1 at addr ffff888102b720f0 by task kunit_try_catch/177 [ 11.429143] [ 11.429243] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.429287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.429298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.429318] Call Trace: [ 11.429332] <TASK> [ 11.429350] dump_stack_lvl+0x73/0xb0 [ 11.429381] print_report+0xd1/0x650 [ 11.429404] ? __virt_addr_valid+0x1db/0x2d0 [ 11.429428] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.429451] ? kasan_addr_to_slab+0x11/0xa0 [ 11.429471] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.429494] kasan_report+0x141/0x180 [ 11.429516] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.429544] __asan_report_store1_noabort+0x1b/0x30 [ 11.429564] krealloc_more_oob_helper+0x7eb/0x930 [ 11.429586] ? __schedule+0x10cc/0x2b60 [ 11.429608] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.429632] ? finish_task_switch.isra.0+0x153/0x700 [ 11.429654] ? __switch_to+0x47/0xf50 [ 11.429680] ? __schedule+0x10cc/0x2b60 [ 11.429701] ? __pfx_read_tsc+0x10/0x10 [ 11.429725] krealloc_large_more_oob+0x1c/0x30 [ 11.429747] kunit_try_run_case+0x1a5/0x480 [ 11.429773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.429794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.429817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.429840] ? __kthread_parkme+0x82/0x180 [ 11.429860] ? preempt_count_sub+0x50/0x80 [ 11.429883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.429906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.429940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.429962] kthread+0x337/0x6f0 [ 11.429981] ? trace_preempt_on+0x20/0xc0 [ 11.430005] ? __pfx_kthread+0x10/0x10 [ 11.430025] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.430045] ? calculate_sigpending+0x7b/0xa0 [ 11.430071] ? __pfx_kthread+0x10/0x10 [ 11.430092] ret_from_fork+0x116/0x1d0 [ 11.430110] ? __pfx_kthread+0x10/0x10 [ 11.430130] ret_from_fork_asm+0x1a/0x30 [ 11.430160] </TASK> [ 11.430172] [ 11.437860] The buggy address belongs to the physical page: [ 11.438128] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.438436] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.438746] flags: 0x200000000000040(head|node=0|zone=2) [ 11.439009] page_type: f8(unknown) [ 11.439141] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.439372] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.439941] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.440441] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.440671] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.441080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.441425] page dumped because: kasan: bad access detected [ 11.441636] [ 11.441709] Memory state around the buggy address: [ 11.441869] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.442402] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.442709] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.442923] ^ [ 11.443148] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.443565] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.444245] ================================================================== [ 11.399122] ================================================================== [ 11.399773] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.400038] Write of size 1 at addr ffff888102b720eb by task kunit_try_catch/177 [ 11.400659] [ 11.400861] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.400906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.400918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.400950] Call Trace: [ 11.400963] <TASK> [ 11.400980] dump_stack_lvl+0x73/0xb0 [ 11.401009] print_report+0xd1/0x650 [ 11.401031] ? __virt_addr_valid+0x1db/0x2d0 [ 11.401054] ? krealloc_more_oob_helper+0x821/0x930 [ 11.401078] ? kasan_addr_to_slab+0x11/0xa0 [ 11.401098] ? krealloc_more_oob_helper+0x821/0x930 [ 11.401121] kasan_report+0x141/0x180 [ 11.401143] ? krealloc_more_oob_helper+0x821/0x930 [ 11.401171] __asan_report_store1_noabort+0x1b/0x30 [ 11.401191] krealloc_more_oob_helper+0x821/0x930 [ 11.401212] ? __schedule+0x10cc/0x2b60 [ 11.401234] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.401258] ? finish_task_switch.isra.0+0x153/0x700 [ 11.401279] ? __switch_to+0x47/0xf50 [ 11.401304] ? __schedule+0x10cc/0x2b60 [ 11.401324] ? __pfx_read_tsc+0x10/0x10 [ 11.401348] krealloc_large_more_oob+0x1c/0x30 [ 11.401370] kunit_try_run_case+0x1a5/0x480 [ 11.401394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.401416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.401439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.401461] ? __kthread_parkme+0x82/0x180 [ 11.401482] ? preempt_count_sub+0x50/0x80 [ 11.401504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.401538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.401559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.401582] kthread+0x337/0x6f0 [ 11.401601] ? trace_preempt_on+0x20/0xc0 [ 11.401624] ? __pfx_kthread+0x10/0x10 [ 11.401644] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.401664] ? calculate_sigpending+0x7b/0xa0 [ 11.401687] ? __pfx_kthread+0x10/0x10 [ 11.401708] ret_from_fork+0x116/0x1d0 [ 11.401726] ? __pfx_kthread+0x10/0x10 [ 11.401746] ret_from_fork_asm+0x1a/0x30 [ 11.401776] </TASK> [ 11.401788] [ 11.415498] The buggy address belongs to the physical page: [ 11.416077] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70 [ 11.416977] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.417834] flags: 0x200000000000040(head|node=0|zone=2) [ 11.418355] page_type: f8(unknown) [ 11.418632] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.418951] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.419356] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.420210] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.421101] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff [ 11.421785] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.422332] page dumped because: kasan: bad access detected [ 11.422603] [ 11.422762] Memory state around the buggy address: [ 11.423235] ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.423873] ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.424328] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.424805] ^ [ 11.425259] ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.425487] ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.426309] ================================================================== [ 11.157537] ================================================================== [ 11.158011] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.158645] Write of size 1 at addr ffff888100aa00eb by task kunit_try_catch/173 [ 11.159244] [ 11.159366] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.159423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.159435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.159456] Call Trace: [ 11.159479] <TASK> [ 11.159506] dump_stack_lvl+0x73/0xb0 [ 11.159535] print_report+0xd1/0x650 [ 11.159558] ? __virt_addr_valid+0x1db/0x2d0 [ 11.159582] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159604] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.159670] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159696] kasan_report+0x141/0x180 [ 11.159739] ? krealloc_more_oob_helper+0x821/0x930 [ 11.159767] __asan_report_store1_noabort+0x1b/0x30 [ 11.159797] krealloc_more_oob_helper+0x821/0x930 [ 11.159818] ? __schedule+0x10cc/0x2b60 [ 11.159840] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.159863] ? finish_task_switch.isra.0+0x153/0x700 [ 11.159884] ? __switch_to+0x47/0xf50 [ 11.159911] ? __schedule+0x10cc/0x2b60 [ 11.159942] ? __pfx_read_tsc+0x10/0x10 [ 11.159966] krealloc_more_oob+0x1c/0x30 [ 11.159986] kunit_try_run_case+0x1a5/0x480 [ 11.160010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.160031] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.160055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.160077] ? __kthread_parkme+0x82/0x180 [ 11.160098] ? preempt_count_sub+0x50/0x80 [ 11.160120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.160143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.160165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.160187] kthread+0x337/0x6f0 [ 11.160206] ? trace_preempt_on+0x20/0xc0 [ 11.160230] ? __pfx_kthread+0x10/0x10 [ 11.160250] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.160271] ? calculate_sigpending+0x7b/0xa0 [ 11.160294] ? __pfx_kthread+0x10/0x10 [ 11.160315] ret_from_fork+0x116/0x1d0 [ 11.160333] ? __pfx_kthread+0x10/0x10 [ 11.160354] ret_from_fork_asm+0x1a/0x30 [ 11.160385] </TASK> [ 11.160396] [ 11.174078] Allocated by task 173: [ 11.174447] kasan_save_stack+0x45/0x70 [ 11.174775] kasan_save_track+0x18/0x40 [ 11.174916] kasan_save_alloc_info+0x3b/0x50 [ 11.175108] __kasan_krealloc+0x190/0x1f0 [ 11.175496] krealloc_noprof+0xf3/0x340 [ 11.175909] krealloc_more_oob_helper+0x1a9/0x930 [ 11.176416] krealloc_more_oob+0x1c/0x30 [ 11.176874] kunit_try_run_case+0x1a5/0x480 [ 11.177289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.177806] kthread+0x337/0x6f0 [ 11.177954] ret_from_fork+0x116/0x1d0 [ 11.178108] ret_from_fork_asm+0x1a/0x30 [ 11.178495] [ 11.178747] The buggy address belongs to the object at ffff888100aa0000 [ 11.178747] which belongs to the cache kmalloc-256 of size 256 [ 11.179956] The buggy address is located 0 bytes to the right of [ 11.179956] allocated 235-byte region [ffff888100aa0000, ffff888100aa00eb) [ 11.180543] [ 11.180726] The buggy address belongs to the physical page: [ 11.181333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 11.182127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.182663] flags: 0x200000000000040(head|node=0|zone=2) [ 11.183203] page_type: f5(slab) [ 11.183449] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.183958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.184525] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.185235] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.185673] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 11.185907] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.186332] page dumped because: kasan: bad access detected [ 11.186875] [ 11.187070] Memory state around the buggy address: [ 11.187708] ffff888100a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.188457] ffff888100aa0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.189261] >ffff888100aa0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.189820] ^ [ 11.190039] ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.190774] ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.191525] ================================================================== [ 11.192305] ================================================================== [ 11.192914] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.193679] Write of size 1 at addr ffff888100aa00f0 by task kunit_try_catch/173 [ 11.194522] [ 11.194714] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.194758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.194781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.194810] Call Trace: [ 11.194824] <TASK> [ 11.194840] dump_stack_lvl+0x73/0xb0 [ 11.194880] print_report+0xd1/0x650 [ 11.194903] ? __virt_addr_valid+0x1db/0x2d0 [ 11.194925] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.194957] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.194979] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.195002] kasan_report+0x141/0x180 [ 11.195024] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.195052] __asan_report_store1_noabort+0x1b/0x30 [ 11.195072] krealloc_more_oob_helper+0x7eb/0x930 [ 11.195095] ? __schedule+0x10cc/0x2b60 [ 11.195124] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.195148] ? finish_task_switch.isra.0+0x153/0x700 [ 11.195169] ? __switch_to+0x47/0xf50 [ 11.195194] ? __schedule+0x10cc/0x2b60 [ 11.195215] ? __pfx_read_tsc+0x10/0x10 [ 11.195240] krealloc_more_oob+0x1c/0x30 [ 11.195260] kunit_try_run_case+0x1a5/0x480 [ 11.195284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.195306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.195328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.195352] ? __kthread_parkme+0x82/0x180 [ 11.195372] ? preempt_count_sub+0x50/0x80 [ 11.195394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.195417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.195440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.195479] kthread+0x337/0x6f0 [ 11.195499] ? trace_preempt_on+0x20/0xc0 [ 11.195522] ? __pfx_kthread+0x10/0x10 [ 11.195542] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.195563] ? calculate_sigpending+0x7b/0xa0 [ 11.195587] ? __pfx_kthread+0x10/0x10 [ 11.195608] ret_from_fork+0x116/0x1d0 [ 11.195626] ? __pfx_kthread+0x10/0x10 [ 11.195647] ret_from_fork_asm+0x1a/0x30 [ 11.195680] </TASK> [ 11.195693] [ 11.208551] Allocated by task 173: [ 11.208740] kasan_save_stack+0x45/0x70 [ 11.209035] kasan_save_track+0x18/0x40 [ 11.209195] kasan_save_alloc_info+0x3b/0x50 [ 11.209369] __kasan_krealloc+0x190/0x1f0 [ 11.209573] krealloc_noprof+0xf3/0x340 [ 11.209789] krealloc_more_oob_helper+0x1a9/0x930 [ 11.209955] krealloc_more_oob+0x1c/0x30 [ 11.210353] kunit_try_run_case+0x1a5/0x480 [ 11.210595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.210859] kthread+0x337/0x6f0 [ 11.211000] ret_from_fork+0x116/0x1d0 [ 11.211403] ret_from_fork_asm+0x1a/0x30 [ 11.211673] [ 11.211773] The buggy address belongs to the object at ffff888100aa0000 [ 11.211773] which belongs to the cache kmalloc-256 of size 256 [ 11.212354] The buggy address is located 5 bytes to the right of [ 11.212354] allocated 235-byte region [ffff888100aa0000, ffff888100aa00eb) [ 11.213074] [ 11.213181] The buggy address belongs to the physical page: [ 11.213481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 11.213811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.214065] flags: 0x200000000000040(head|node=0|zone=2) [ 11.214303] page_type: f5(slab) [ 11.214472] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.214766] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.215304] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.215694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.216046] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 11.216360] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.216616] page dumped because: kasan: bad access detected [ 11.217133] [ 11.217236] Memory state around the buggy address: [ 11.217519] ffff888100a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.217817] ffff888100aa0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.218128] >ffff888100aa0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.218481] ^ [ 11.218978] ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.219345] ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.219709] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.918547] ================================================================== [ 10.919826] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.920480] Read of size 1 at addr ffff888100fbfadf by task kunit_try_catch/155 [ 10.920953] [ 10.921210] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.921258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.921270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.921303] Call Trace: [ 10.921319] <TASK> [ 10.921337] dump_stack_lvl+0x73/0xb0 [ 10.921370] print_report+0xd1/0x650 [ 10.921424] ? __virt_addr_valid+0x1db/0x2d0 [ 10.921448] ? kmalloc_oob_left+0x361/0x3c0 [ 10.921512] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.921535] ? kmalloc_oob_left+0x361/0x3c0 [ 10.921556] kasan_report+0x141/0x180 [ 10.921577] ? kmalloc_oob_left+0x361/0x3c0 [ 10.921603] __asan_report_load1_noabort+0x18/0x20 [ 10.921626] kmalloc_oob_left+0x361/0x3c0 [ 10.921647] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.921669] ? __schedule+0x10cc/0x2b60 [ 10.921691] ? __pfx_read_tsc+0x10/0x10 [ 10.921712] ? ktime_get_ts64+0x86/0x230 [ 10.921737] kunit_try_run_case+0x1a5/0x480 [ 10.921762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.921783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.921806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.921828] ? __kthread_parkme+0x82/0x180 [ 10.921849] ? preempt_count_sub+0x50/0x80 [ 10.921872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.921895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.921916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.921948] kthread+0x337/0x6f0 [ 10.921969] ? trace_preempt_on+0x20/0xc0 [ 10.921992] ? __pfx_kthread+0x10/0x10 [ 10.922013] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.922033] ? calculate_sigpending+0x7b/0xa0 [ 10.922098] ? __pfx_kthread+0x10/0x10 [ 10.922121] ret_from_fork+0x116/0x1d0 [ 10.922140] ? __pfx_kthread+0x10/0x10 [ 10.922161] ret_from_fork_asm+0x1a/0x30 [ 10.922191] </TASK> [ 10.922203] [ 10.934077] Allocated by task 1: [ 10.934384] kasan_save_stack+0x45/0x70 [ 10.934797] kasan_save_track+0x18/0x40 [ 10.935168] kasan_save_alloc_info+0x3b/0x50 [ 10.935585] __kasan_kmalloc+0xb7/0xc0 [ 10.935760] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.935954] kvasprintf+0xc5/0x150 [ 10.936095] __kthread_create_on_node+0x18b/0x3a0 [ 10.936507] kthread_create_on_node+0xab/0xe0 [ 10.936967] create_worker+0x3e5/0x7b0 [ 10.937357] alloc_unbound_pwq+0x8ea/0xdb0 [ 10.937784] apply_wqattrs_prepare+0x332/0xd20 [ 10.938235] apply_workqueue_attrs_locked+0x4d/0xa0 [ 10.938726] alloc_workqueue+0xcc7/0x1ad0 [ 10.938975] latency_fsnotify_init+0x1b/0x50 [ 10.939258] do_one_initcall+0xd8/0x370 [ 10.939664] kernel_init_freeable+0x420/0x6f0 [ 10.940134] kernel_init+0x23/0x1e0 [ 10.940307] ret_from_fork+0x116/0x1d0 [ 10.940712] ret_from_fork_asm+0x1a/0x30 [ 10.941096] [ 10.941172] The buggy address belongs to the object at ffff888100fbfac0 [ 10.941172] which belongs to the cache kmalloc-16 of size 16 [ 10.941589] The buggy address is located 18 bytes to the right of [ 10.941589] allocated 13-byte region [ffff888100fbfac0, ffff888100fbfacd) [ 10.942709] [ 10.942877] The buggy address belongs to the physical page: [ 10.943500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 10.944212] flags: 0x200000000000000(node=0|zone=2) [ 10.944383] page_type: f5(slab) [ 10.944594] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.945283] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.945988] page dumped because: kasan: bad access detected [ 10.946564] [ 10.946666] Memory state around the buggy address: [ 10.946823] ffff888100fbf980: 00 06 fc fc 00 00 fc fc fa fb fc fc 00 04 fc fc [ 10.947060] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 10.947671] >ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc 00 07 fc fc [ 10.948360] ^ [ 10.948583] ffff888100fbfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.949337] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.950101] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.866986] ================================================================== [ 10.867368] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.868140] Write of size 1 at addr ffff888102794078 by task kunit_try_catch/153 [ 10.868846] [ 10.869030] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.869073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.869085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.869107] Call Trace: [ 10.869125] <TASK> [ 10.869142] dump_stack_lvl+0x73/0xb0 [ 10.869169] print_report+0xd1/0x650 [ 10.869203] ? __virt_addr_valid+0x1db/0x2d0 [ 10.869225] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.869246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.869267] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.869289] kasan_report+0x141/0x180 [ 10.869310] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.869335] __asan_report_store1_noabort+0x1b/0x30 [ 10.869355] kmalloc_oob_right+0x6bd/0x7f0 [ 10.869378] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.869399] ? __schedule+0x10cc/0x2b60 [ 10.869420] ? __pfx_read_tsc+0x10/0x10 [ 10.869441] ? ktime_get_ts64+0x86/0x230 [ 10.869464] kunit_try_run_case+0x1a5/0x480 [ 10.869487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.869508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.869530] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.869552] ? __kthread_parkme+0x82/0x180 [ 10.869570] ? preempt_count_sub+0x50/0x80 [ 10.869594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.869616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.869638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.869660] kthread+0x337/0x6f0 [ 10.869679] ? trace_preempt_on+0x20/0xc0 [ 10.869701] ? __pfx_kthread+0x10/0x10 [ 10.869721] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.869741] ? calculate_sigpending+0x7b/0xa0 [ 10.869764] ? __pfx_kthread+0x10/0x10 [ 10.869785] ret_from_fork+0x116/0x1d0 [ 10.869802] ? __pfx_kthread+0x10/0x10 [ 10.869822] ret_from_fork_asm+0x1a/0x30 [ 10.869851] </TASK> [ 10.869862] [ 10.879546] Allocated by task 153: [ 10.879687] kasan_save_stack+0x45/0x70 [ 10.879941] kasan_save_track+0x18/0x40 [ 10.880329] kasan_save_alloc_info+0x3b/0x50 [ 10.880716] __kasan_kmalloc+0xb7/0xc0 [ 10.881066] __kmalloc_cache_noprof+0x189/0x420 [ 10.881620] kmalloc_oob_right+0xa9/0x7f0 [ 10.882011] kunit_try_run_case+0x1a5/0x480 [ 10.882500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.882986] kthread+0x337/0x6f0 [ 10.883330] ret_from_fork+0x116/0x1d0 [ 10.883676] ret_from_fork_asm+0x1a/0x30 [ 10.884037] [ 10.884210] The buggy address belongs to the object at ffff888102794000 [ 10.884210] which belongs to the cache kmalloc-128 of size 128 [ 10.885260] The buggy address is located 5 bytes to the right of [ 10.885260] allocated 115-byte region [ffff888102794000, ffff888102794073) [ 10.886368] [ 10.886528] The buggy address belongs to the physical page: [ 10.887020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 10.887708] flags: 0x200000000000000(node=0|zone=2) [ 10.888179] page_type: f5(slab) [ 10.888487] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.889140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.889526] page dumped because: kasan: bad access detected [ 10.889698] [ 10.889768] Memory state around the buggy address: [ 10.889924] ffff888102793f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.890159] ffff888102793f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.890782] >ffff888102794000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.891459] ^ [ 10.891674] ffff888102794080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.891885] ffff888102794100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.892133] ================================================================== [ 10.838258] ================================================================== [ 10.839325] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.840518] Write of size 1 at addr ffff888102794073 by task kunit_try_catch/153 [ 10.840949] [ 10.842313] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.842667] Tainted: [N]=TEST [ 10.842700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.842911] Call Trace: [ 10.842990] <TASK> [ 10.843137] dump_stack_lvl+0x73/0xb0 [ 10.843226] print_report+0xd1/0x650 [ 10.843254] ? __virt_addr_valid+0x1db/0x2d0 [ 10.843280] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.843301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.843324] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.843345] kasan_report+0x141/0x180 [ 10.843367] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.843393] __asan_report_store1_noabort+0x1b/0x30 [ 10.843412] kmalloc_oob_right+0x6f0/0x7f0 [ 10.843434] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.843456] ? __schedule+0x10cc/0x2b60 [ 10.843478] ? __pfx_read_tsc+0x10/0x10 [ 10.843500] ? ktime_get_ts64+0x86/0x230 [ 10.843525] kunit_try_run_case+0x1a5/0x480 [ 10.843551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.843573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.843598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.843620] ? __kthread_parkme+0x82/0x180 [ 10.843642] ? preempt_count_sub+0x50/0x80 [ 10.843666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.843689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.843711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.843733] kthread+0x337/0x6f0 [ 10.843752] ? trace_preempt_on+0x20/0xc0 [ 10.843776] ? __pfx_kthread+0x10/0x10 [ 10.843796] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.843816] ? calculate_sigpending+0x7b/0xa0 [ 10.843840] ? __pfx_kthread+0x10/0x10 [ 10.843861] ret_from_fork+0x116/0x1d0 [ 10.843879] ? __pfx_kthread+0x10/0x10 [ 10.843899] ret_from_fork_asm+0x1a/0x30 [ 10.843962] </TASK> [ 10.844028] [ 10.856023] Allocated by task 153: [ 10.856486] kasan_save_stack+0x45/0x70 [ 10.856687] kasan_save_track+0x18/0x40 [ 10.856834] kasan_save_alloc_info+0x3b/0x50 [ 10.857003] __kasan_kmalloc+0xb7/0xc0 [ 10.857230] __kmalloc_cache_noprof+0x189/0x420 [ 10.857423] kmalloc_oob_right+0xa9/0x7f0 [ 10.857577] kunit_try_run_case+0x1a5/0x480 [ 10.857916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.858170] kthread+0x337/0x6f0 [ 10.858288] ret_from_fork+0x116/0x1d0 [ 10.858476] ret_from_fork_asm+0x1a/0x30 [ 10.858705] [ 10.858844] The buggy address belongs to the object at ffff888102794000 [ 10.858844] which belongs to the cache kmalloc-128 of size 128 [ 10.859502] The buggy address is located 0 bytes to the right of [ 10.859502] allocated 115-byte region [ffff888102794000, ffff888102794073) [ 10.860148] [ 10.860306] The buggy address belongs to the physical page: [ 10.860737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 10.861463] flags: 0x200000000000000(node=0|zone=2) [ 10.862054] page_type: f5(slab) [ 10.862531] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.862869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.863523] page dumped because: kasan: bad access detected [ 10.863711] [ 10.863791] Memory state around the buggy address: [ 10.864208] ffff888102793f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.864637] ffff888102793f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.864874] >ffff888102794000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.865169] ^ [ 10.865460] ffff888102794080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.865678] ffff888102794100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.865918] ================================================================== [ 10.892725] ================================================================== [ 10.892992] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.893354] Read of size 1 at addr ffff888102794080 by task kunit_try_catch/153 [ 10.893879] [ 10.894074] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.894118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.894130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.894151] Call Trace: [ 10.894166] <TASK> [ 10.894183] dump_stack_lvl+0x73/0xb0 [ 10.894209] print_report+0xd1/0x650 [ 10.894242] ? __virt_addr_valid+0x1db/0x2d0 [ 10.894265] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894285] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.894306] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894327] kasan_report+0x141/0x180 [ 10.894349] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894374] __asan_report_load1_noabort+0x18/0x20 [ 10.894398] kmalloc_oob_right+0x68a/0x7f0 [ 10.894419] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.894441] ? __schedule+0x10cc/0x2b60 [ 10.894463] ? __pfx_read_tsc+0x10/0x10 [ 10.894483] ? ktime_get_ts64+0x86/0x230 [ 10.894506] kunit_try_run_case+0x1a5/0x480 [ 10.894529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.894550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.894572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.894594] ? __kthread_parkme+0x82/0x180 [ 10.894613] ? preempt_count_sub+0x50/0x80 [ 10.894635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.894658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.894679] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.894701] kthread+0x337/0x6f0 [ 10.894720] ? trace_preempt_on+0x20/0xc0 [ 10.894743] ? __pfx_kthread+0x10/0x10 [ 10.894763] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.894783] ? calculate_sigpending+0x7b/0xa0 [ 10.894806] ? __pfx_kthread+0x10/0x10 [ 10.894827] ret_from_fork+0x116/0x1d0 [ 10.894844] ? __pfx_kthread+0x10/0x10 [ 10.894864] ret_from_fork_asm+0x1a/0x30 [ 10.894894] </TASK> [ 10.894904] [ 10.903130] Allocated by task 153: [ 10.903289] kasan_save_stack+0x45/0x70 [ 10.903433] kasan_save_track+0x18/0x40 [ 10.903569] kasan_save_alloc_info+0x3b/0x50 [ 10.903717] __kasan_kmalloc+0xb7/0xc0 [ 10.903850] __kmalloc_cache_noprof+0x189/0x420 [ 10.904033] kmalloc_oob_right+0xa9/0x7f0 [ 10.904264] kunit_try_run_case+0x1a5/0x480 [ 10.904422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.904598] kthread+0x337/0x6f0 [ 10.904718] ret_from_fork+0x116/0x1d0 [ 10.904850] ret_from_fork_asm+0x1a/0x30 [ 10.904999] [ 10.905094] The buggy address belongs to the object at ffff888102794000 [ 10.905094] which belongs to the cache kmalloc-128 of size 128 [ 10.906132] The buggy address is located 13 bytes to the right of [ 10.906132] allocated 115-byte region [ffff888102794000, ffff888102794073) [ 10.907250] [ 10.907420] The buggy address belongs to the physical page: [ 10.907972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 10.908758] flags: 0x200000000000000(node=0|zone=2) [ 10.909204] page_type: f5(slab) [ 10.909536] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.909788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.910023] page dumped because: kasan: bad access detected [ 10.910218] [ 10.910363] Memory state around the buggy address: [ 10.910656] ffff888102793f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.910869] ffff888102794000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.911131] >ffff888102794080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.911431] ^ [ 10.911546] ffff888102794100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.911759] ffff888102794180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.911983] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 147.527823] WARNING: CPU: 0 PID: 2763 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 147.528136] Modules linked in: [ 147.528293] CPU: 0 UID: 0 PID: 2763 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.529390] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.530158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.530497] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 147.531390] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 147.533101] RSP: 0000:ffff888103857c78 EFLAGS: 00010286 [ 147.533766] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 147.534568] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffaec32ebc [ 147.535161] RBP: ffff888103857ca0 R08: 0000000000000000 R09: ffffed102091dc80 [ 147.535395] R10: ffff8881048ee407 R11: 0000000000000000 R12: ffffffffaec32ea8 [ 147.535622] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103857d38 [ 147.535838] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 147.536078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.536258] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 147.536481] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 147.536700] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.536915] Call Trace: [ 147.537021] <TASK> [ 147.537123] drm_test_rect_calc_vscale+0x108/0x270 [ 147.537302] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 147.538392] ? __schedule+0x10cc/0x2b60 [ 147.538984] ? __pfx_read_tsc+0x10/0x10 [ 147.539395] ? ktime_get_ts64+0x86/0x230 [ 147.539923] kunit_try_run_case+0x1a5/0x480 [ 147.540347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.540889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.541339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.541860] ? __kthread_parkme+0x82/0x180 [ 147.542403] ? preempt_count_sub+0x50/0x80 [ 147.543053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.543590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.544138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.544771] kthread+0x337/0x6f0 [ 147.545169] ? trace_preempt_on+0x20/0xc0 [ 147.545634] ? __pfx_kthread+0x10/0x10 [ 147.546022] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.546447] ? calculate_sigpending+0x7b/0xa0 [ 147.547122] ? __pfx_kthread+0x10/0x10 [ 147.547596] ret_from_fork+0x116/0x1d0 [ 147.548021] ? __pfx_kthread+0x10/0x10 [ 147.548400] ret_from_fork_asm+0x1a/0x30 [ 147.548932] </TASK> [ 147.549190] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 147.557201] WARNING: CPU: 1 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 147.557803] Modules linked in: [ 147.558142] CPU: 1 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.559208] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.559799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.560088] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 147.560276] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 147.561579] RSP: 0000:ffff88810323fc78 EFLAGS: 00010286 [ 147.561786] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 147.562002] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffaec32ef4 [ 147.562219] RBP: ffff88810323fca0 R08: 0000000000000000 R09: ffffed1020920940 [ 147.562449] R10: ffff888104904a07 R11: 0000000000000000 R12: ffffffffaec32ee0 [ 147.562666] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810323fd38 [ 147.562880] FS: 0000000000000000(0000) GS:ffff8881aa574000(0000) knlGS:0000000000000000 [ 147.564081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.564309] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 147.565425] DR0: ffffffffb0c50444 DR1: ffffffffb0c50449 DR2: ffffffffb0c5044a [ 147.566425] DR3: ffffffffb0c5044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.567702] Call Trace: [ 147.567839] <TASK> [ 147.567946] drm_test_rect_calc_vscale+0x108/0x270 [ 147.568132] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 147.568311] ? __schedule+0x10cc/0x2b60 [ 147.569575] ? __pfx_read_tsc+0x10/0x10 [ 147.569747] ? ktime_get_ts64+0x86/0x230 [ 147.570073] kunit_try_run_case+0x1a5/0x480 [ 147.570297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.570762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.571018] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.571266] ? __kthread_parkme+0x82/0x180 [ 147.571607] ? preempt_count_sub+0x50/0x80 [ 147.571833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.572064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.572307] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.572607] kthread+0x337/0x6f0 [ 147.572774] ? trace_preempt_on+0x20/0xc0 [ 147.573381] ? __pfx_kthread+0x10/0x10 [ 147.573539] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.573850] ? calculate_sigpending+0x7b/0xa0 [ 147.574449] ? __pfx_kthread+0x10/0x10 [ 147.574784] ret_from_fork+0x116/0x1d0 [ 147.574971] ? __pfx_kthread+0x10/0x10 [ 147.575155] ret_from_fork_asm+0x1a/0x30 [ 147.575366] </TASK> [ 147.575489] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 147.477067] WARNING: CPU: 0 PID: 2751 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 147.477399] Modules linked in: [ 147.477566] CPU: 0 UID: 0 PID: 2751 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.479085] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.479365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.480014] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 147.480511] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 147.481258] RSP: 0000:ffff88810364fc78 EFLAGS: 00010286 [ 147.481542] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 147.481859] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffaec32ec0 [ 147.482178] RBP: ffff88810364fca0 R08: 0000000000000000 R09: ffffed102091e7c0 [ 147.482490] R10: ffff8881048f3e07 R11: 0000000000000000 R12: ffffffffaec32ea8 [ 147.483025] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810364fd38 [ 147.483311] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 147.483699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.485551] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 147.485847] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 147.486138] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.486403] Call Trace: [ 147.486541] <TASK> [ 147.486761] drm_test_rect_calc_hscale+0x108/0x270 [ 147.487028] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 147.487228] ? __schedule+0x10cc/0x2b60 [ 147.487444] ? __pfx_read_tsc+0x10/0x10 [ 147.487697] ? ktime_get_ts64+0x86/0x230 [ 147.487915] kunit_try_run_case+0x1a5/0x480 [ 147.488140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.488377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.488588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.488946] ? __kthread_parkme+0x82/0x180 [ 147.489122] ? preempt_count_sub+0x50/0x80 [ 147.489353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.489524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.489744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.490110] kthread+0x337/0x6f0 [ 147.490958] ? trace_preempt_on+0x20/0xc0 [ 147.491292] ? __pfx_kthread+0x10/0x10 [ 147.491828] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.492597] ? calculate_sigpending+0x7b/0xa0 [ 147.493022] ? __pfx_kthread+0x10/0x10 [ 147.493454] ret_from_fork+0x116/0x1d0 [ 147.493711] ? __pfx_kthread+0x10/0x10 [ 147.493901] ret_from_fork_asm+0x1a/0x30 [ 147.494102] </TASK> [ 147.494225] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 147.497910] WARNING: CPU: 1 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 147.498437] Modules linked in: [ 147.498692] CPU: 1 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 147.499276] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.499636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.500538] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 147.500957] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 147.501791] RSP: 0000:ffff88810c717c78 EFLAGS: 00010286 [ 147.502073] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 147.502389] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffaec32ef8 [ 147.502673] RBP: ffff88810c717ca0 R08: 0000000000000000 R09: ffffed1020920880 [ 147.503139] R10: ffff888104904407 R11: 0000000000000000 R12: ffffffffaec32ee0 [ 147.503444] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810c717d38 [ 147.503758] FS: 0000000000000000(0000) GS:ffff8881aa574000(0000) knlGS:0000000000000000 [ 147.504311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.504782] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 147.505103] DR0: ffffffffb0c50444 DR1: ffffffffb0c50449 DR2: ffffffffb0c5044a [ 147.505375] DR3: ffffffffb0c5044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 147.505927] Call Trace: [ 147.506082] <TASK> [ 147.506200] drm_test_rect_calc_hscale+0x108/0x270 [ 147.506499] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 147.506871] ? __schedule+0x10cc/0x2b60 [ 147.507090] ? __pfx_read_tsc+0x10/0x10 [ 147.507302] ? ktime_get_ts64+0x86/0x230 [ 147.507494] kunit_try_run_case+0x1a5/0x480 [ 147.507752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.508170] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.508432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 147.508795] ? __kthread_parkme+0x82/0x180 [ 147.509017] ? preempt_count_sub+0x50/0x80 [ 147.509205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 147.509445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.509821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.510090] kthread+0x337/0x6f0 [ 147.510256] ? trace_preempt_on+0x20/0xc0 [ 147.510526] ? __pfx_kthread+0x10/0x10 [ 147.510789] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.510983] ? calculate_sigpending+0x7b/0xa0 [ 147.511227] ? __pfx_kthread+0x10/0x10 [ 147.511424] ret_from_fork+0x116/0x1d0 [ 147.511618] ? __pfx_kthread+0x10/0x10 [ 147.511982] ret_from_fork_asm+0x1a/0x30 [ 147.512343] </TASK> [ 147.512650] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 23.896998] ================================================================== [ 23.897404] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.897404] [ 23.897922] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#137): [ 23.898317] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.898625] kunit_try_run_case+0x1a5/0x480 [ 23.898829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.899113] kthread+0x337/0x6f0 [ 23.899277] ret_from_fork+0x116/0x1d0 [ 23.899476] ret_from_fork_asm+0x1a/0x30 [ 23.899667] [ 23.899775] kfence-#137: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.899775] [ 23.900168] allocated by task 340 on cpu 0 at 23.896766s (0.003399s ago): [ 23.900518] test_alloc+0x364/0x10f0 [ 23.900690] test_kmalloc_aligned_oob_read+0x105/0x560 [ 23.900954] kunit_try_run_case+0x1a5/0x480 [ 23.901174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.901460] kthread+0x337/0x6f0 [ 23.901586] ret_from_fork+0x116/0x1d0 [ 23.901739] ret_from_fork_asm+0x1a/0x30 [ 23.901974] [ 23.902103] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.902587] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.902794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.903212] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 18.073041] ================================================================== [ 18.073416] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 18.073416] [ 18.073984] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#81): [ 18.074681] test_corruption+0x2df/0x3e0 [ 18.074849] kunit_try_run_case+0x1a5/0x480 [ 18.075076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.075318] kthread+0x337/0x6f0 [ 18.075494] ret_from_fork+0x116/0x1d0 [ 18.075682] ret_from_fork_asm+0x1a/0x30 [ 18.075878] [ 18.075993] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.075993] [ 18.076386] allocated by task 328 on cpu 1 at 18.072795s (0.003589s ago): [ 18.076639] test_alloc+0x364/0x10f0 [ 18.076827] test_corruption+0x1cb/0x3e0 [ 18.077040] kunit_try_run_case+0x1a5/0x480 [ 18.077248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.077462] kthread+0x337/0x6f0 [ 18.077788] ret_from_fork+0x116/0x1d0 [ 18.077985] ret_from_fork_asm+0x1a/0x30 [ 18.078170] [ 18.078259] freed by task 328 on cpu 1 at 18.072866s (0.005391s ago): [ 18.078915] test_corruption+0x2df/0x3e0 [ 18.079301] kunit_try_run_case+0x1a5/0x480 [ 18.079511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.079746] kthread+0x337/0x6f0 [ 18.079930] ret_from_fork+0x116/0x1d0 [ 18.080515] ret_from_fork_asm+0x1a/0x30 [ 18.080717] [ 18.080823] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.081524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.081804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.082295] ================================================================== [ 18.176878] ================================================================== [ 18.177407] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 18.177407] [ 18.177794] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#82): [ 18.178417] test_corruption+0x131/0x3e0 [ 18.178620] kunit_try_run_case+0x1a5/0x480 [ 18.178840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.179137] kthread+0x337/0x6f0 [ 18.179275] ret_from_fork+0x116/0x1d0 [ 18.179448] ret_from_fork_asm+0x1a/0x30 [ 18.179638] [ 18.179744] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.179744] [ 18.180061] allocated by task 330 on cpu 0 at 18.176750s (0.003309s ago): [ 18.180389] test_alloc+0x2a6/0x10f0 [ 18.180643] test_corruption+0xe6/0x3e0 [ 18.180781] kunit_try_run_case+0x1a5/0x480 [ 18.181004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.181324] kthread+0x337/0x6f0 [ 18.181497] ret_from_fork+0x116/0x1d0 [ 18.181635] ret_from_fork_asm+0x1a/0x30 [ 18.181776] [ 18.181873] freed by task 330 on cpu 0 at 18.176808s (0.005063s ago): [ 18.182191] test_corruption+0x131/0x3e0 [ 18.182380] kunit_try_run_case+0x1a5/0x480 [ 18.182527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.183038] kthread+0x337/0x6f0 [ 18.183272] ret_from_fork+0x116/0x1d0 [ 18.183444] ret_from_fork_asm+0x1a/0x30 [ 18.183611] [ 18.183711] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.184195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.184341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.184631] ================================================================== [ 17.865016] ================================================================== [ 17.865479] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 17.865479] [ 17.866219] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#79): [ 17.867450] test_corruption+0x2d2/0x3e0 [ 17.867646] kunit_try_run_case+0x1a5/0x480 [ 17.867873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.868164] kthread+0x337/0x6f0 [ 17.868335] ret_from_fork+0x116/0x1d0 [ 17.868546] ret_from_fork_asm+0x1a/0x30 [ 17.868713] [ 17.868819] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.868819] [ 17.869361] allocated by task 328 on cpu 1 at 17.864774s (0.004483s ago): [ 17.869737] test_alloc+0x364/0x10f0 [ 17.869916] test_corruption+0xe6/0x3e0 [ 17.870540] kunit_try_run_case+0x1a5/0x480 [ 17.870756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.871018] kthread+0x337/0x6f0 [ 17.871374] ret_from_fork+0x116/0x1d0 [ 17.871657] ret_from_fork_asm+0x1a/0x30 [ 17.871844] [ 17.871937] freed by task 328 on cpu 1 at 17.864852s (0.007083s ago): [ 17.872535] test_corruption+0x2d2/0x3e0 [ 17.872829] kunit_try_run_case+0x1a5/0x480 [ 17.873062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.873590] kthread+0x337/0x6f0 [ 17.873850] ret_from_fork+0x116/0x1d0 [ 17.874145] ret_from_fork_asm+0x1a/0x30 [ 17.874435] [ 17.874589] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.875080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.875503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.875986] ================================================================== [ 18.488900] ================================================================== [ 18.489327] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 18.489327] [ 18.489607] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#85): [ 18.489890] test_corruption+0x216/0x3e0 [ 18.490172] kunit_try_run_case+0x1a5/0x480 [ 18.490401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.490662] kthread+0x337/0x6f0 [ 18.490794] ret_from_fork+0x116/0x1d0 [ 18.490931] ret_from_fork_asm+0x1a/0x30 [ 18.491086] [ 18.491171] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.491171] [ 18.491448] allocated by task 330 on cpu 0 at 18.488768s (0.002678s ago): [ 18.491670] test_alloc+0x2a6/0x10f0 [ 18.491803] test_corruption+0x1cb/0x3e0 [ 18.491943] kunit_try_run_case+0x1a5/0x480 [ 18.492113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.492289] kthread+0x337/0x6f0 [ 18.492466] ret_from_fork+0x116/0x1d0 [ 18.492657] ret_from_fork_asm+0x1a/0x30 [ 18.492859] [ 18.492972] freed by task 330 on cpu 0 at 18.488824s (0.004146s ago): [ 18.493387] test_corruption+0x216/0x3e0 [ 18.493717] kunit_try_run_case+0x1a5/0x480 [ 18.493938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.494158] kthread+0x337/0x6f0 [ 18.494282] ret_from_fork+0x116/0x1d0 [ 18.494417] ret_from_fork_asm+0x1a/0x30 [ 18.494574] [ 18.494676] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.495018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.495166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.495451] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 49.689403] ================================================================== [ 49.689800] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 49.689800] [ 49.690248] Use-after-free read at 0x(____ptrval____) (in kfence-#146): [ 49.690496] test_krealloc+0x6fc/0xbe0 [ 49.690797] kunit_try_run_case+0x1a5/0x480 [ 49.691011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.691198] kthread+0x337/0x6f0 [ 49.691377] ret_from_fork+0x116/0x1d0 [ 49.691573] ret_from_fork_asm+0x1a/0x30 [ 49.691778] [ 49.691881] kfence-#146: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 49.691881] [ 49.692343] allocated by task 354 on cpu 1 at 49.688797s (0.003544s ago): [ 49.692598] test_alloc+0x364/0x10f0 [ 49.692732] test_krealloc+0xad/0xbe0 [ 49.692862] kunit_try_run_case+0x1a5/0x480 [ 49.693083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.693586] kthread+0x337/0x6f0 [ 49.693785] ret_from_fork+0x116/0x1d0 [ 49.693993] ret_from_fork_asm+0x1a/0x30 [ 49.694339] [ 49.694573] freed by task 354 on cpu 1 at 49.689031s (0.005539s ago): [ 49.694979] krealloc_noprof+0x108/0x340 [ 49.695622] test_krealloc+0x226/0xbe0 [ 49.695810] kunit_try_run_case+0x1a5/0x480 [ 49.696016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.696271] kthread+0x337/0x6f0 [ 49.696436] ret_from_fork+0x116/0x1d0 [ 49.696621] ret_from_fork_asm+0x1a/0x30 [ 49.696829] [ 49.696963] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 49.697445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.697644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 49.698061] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 49.593179] ================================================================== [ 49.593785] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 49.593785] [ 49.594846] Use-after-free read at 0x(____ptrval____) (in kfence-#145): [ 49.595088] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 49.595771] kunit_try_run_case+0x1a5/0x480 [ 49.596442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.597053] kthread+0x337/0x6f0 [ 49.597548] ret_from_fork+0x116/0x1d0 [ 49.598035] ret_from_fork_asm+0x1a/0x30 [ 49.598360] [ 49.598630] kfence-#145: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 49.598630] [ 49.599461] allocated by task 352 on cpu 0 at 49.586686s (0.012772s ago): [ 49.599694] test_alloc+0x2a6/0x10f0 [ 49.599825] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 49.599992] kunit_try_run_case+0x1a5/0x480 [ 49.600270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.600854] kthread+0x337/0x6f0 [ 49.601084] ret_from_fork+0x116/0x1d0 [ 49.601443] ret_from_fork_asm+0x1a/0x30 [ 49.601748] [ 49.601849] freed by task 352 on cpu 0 at 49.586791s (0.015056s ago): [ 49.602146] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 49.602591] kunit_try_run_case+0x1a5/0x480 [ 49.602890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.603139] kthread+0x337/0x6f0 [ 49.603528] ret_from_fork+0x116/0x1d0 [ 49.603717] ret_from_fork_asm+0x1a/0x30 [ 49.603910] [ 49.604018] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 49.604804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.604992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 49.605552] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 24.428932] ================================================================== [ 24.429468] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 24.429468] [ 24.430084] Invalid read at 0x(____ptrval____): [ 24.430667] test_invalid_access+0xf0/0x210 [ 24.430912] kunit_try_run_case+0x1a5/0x480 [ 24.431332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.431544] kthread+0x337/0x6f0 [ 24.431727] ret_from_fork+0x116/0x1d0 [ 24.431893] ret_from_fork_asm+0x1a/0x30 [ 24.432083] [ 24.432627] CPU: 1 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 24.433181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.433351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.433838] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 24.208945] ================================================================== [ 24.209520] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.209520] [ 24.210233] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#140): [ 24.210790] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.211072] kunit_try_run_case+0x1a5/0x480 [ 24.211407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.211656] kthread+0x337/0x6f0 [ 24.211849] ret_from_fork+0x116/0x1d0 [ 24.212020] ret_from_fork_asm+0x1a/0x30 [ 24.212236] [ 24.212423] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 24.212423] [ 24.212803] allocated by task 342 on cpu 1 at 24.208693s (0.004108s ago): [ 24.213182] test_alloc+0x364/0x10f0 [ 24.213355] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 24.213593] kunit_try_run_case+0x1a5/0x480 [ 24.213820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.214097] kthread+0x337/0x6f0 [ 24.214303] ret_from_fork+0x116/0x1d0 [ 24.214507] ret_from_fork_asm+0x1a/0x30 [ 24.214703] [ 24.214789] freed by task 342 on cpu 1 at 24.208827s (0.005960s ago): [ 24.215059] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.215501] kunit_try_run_case+0x1a5/0x480 [ 24.215649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.215909] kthread+0x337/0x6f0 [ 24.216121] ret_from_fork+0x116/0x1d0 [ 24.216303] ret_from_fork_asm+0x1a/0x30 [ 24.216445] [ 24.216547] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 24.217053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.217274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.217735] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.530556] ================================================================== [ 15.531581] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.531846] Read of size 8 at addr ffff8881027aa278 by task kunit_try_catch/298 [ 15.533369] [ 15.533843] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.533901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.533916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.533952] Call Trace: [ 15.533969] <TASK> [ 15.533990] dump_stack_lvl+0x73/0xb0 [ 15.534023] print_report+0xd1/0x650 [ 15.534051] ? __virt_addr_valid+0x1db/0x2d0 [ 15.534402] ? copy_to_kernel_nofault+0x225/0x260 [ 15.534431] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.534480] ? copy_to_kernel_nofault+0x225/0x260 [ 15.534506] kasan_report+0x141/0x180 [ 15.534531] ? copy_to_kernel_nofault+0x225/0x260 [ 15.534563] __asan_report_load8_noabort+0x18/0x20 [ 15.534589] copy_to_kernel_nofault+0x225/0x260 [ 15.534616] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.534643] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.534667] ? finish_task_switch.isra.0+0x153/0x700 [ 15.534692] ? __schedule+0x10cc/0x2b60 [ 15.534715] ? trace_hardirqs_on+0x37/0xe0 [ 15.534749] ? __pfx_read_tsc+0x10/0x10 [ 15.534772] ? ktime_get_ts64+0x86/0x230 [ 15.534798] kunit_try_run_case+0x1a5/0x480 [ 15.534826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.534851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.534876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.534901] ? __kthread_parkme+0x82/0x180 [ 15.534923] ? preempt_count_sub+0x50/0x80 [ 15.534959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.534985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.535009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.535033] kthread+0x337/0x6f0 [ 15.535072] ? trace_preempt_on+0x20/0xc0 [ 15.535099] ? __pfx_kthread+0x10/0x10 [ 15.535126] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.535150] ? calculate_sigpending+0x7b/0xa0 [ 15.535176] ? __pfx_kthread+0x10/0x10 [ 15.535199] ret_from_fork+0x116/0x1d0 [ 15.535221] ? __pfx_kthread+0x10/0x10 [ 15.535244] ret_from_fork_asm+0x1a/0x30 [ 15.535277] </TASK> [ 15.535305] [ 15.549025] Allocated by task 298: [ 15.549176] kasan_save_stack+0x45/0x70 [ 15.549331] kasan_save_track+0x18/0x40 [ 15.549470] kasan_save_alloc_info+0x3b/0x50 [ 15.549624] __kasan_kmalloc+0xb7/0xc0 [ 15.549758] __kmalloc_cache_noprof+0x189/0x420 [ 15.549920] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.550633] kunit_try_run_case+0x1a5/0x480 [ 15.551218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.551693] kthread+0x337/0x6f0 [ 15.551980] ret_from_fork+0x116/0x1d0 [ 15.552117] ret_from_fork_asm+0x1a/0x30 [ 15.552482] [ 15.552643] The buggy address belongs to the object at ffff8881027aa200 [ 15.552643] which belongs to the cache kmalloc-128 of size 128 [ 15.553088] The buggy address is located 0 bytes to the right of [ 15.553088] allocated 120-byte region [ffff8881027aa200, ffff8881027aa278) [ 15.554845] [ 15.555043] The buggy address belongs to the physical page: [ 15.555594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027aa [ 15.556370] flags: 0x200000000000000(node=0|zone=2) [ 15.556643] page_type: f5(slab) [ 15.556974] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.557709] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.558042] page dumped because: kasan: bad access detected [ 15.558592] [ 15.558830] Memory state around the buggy address: [ 15.559386] ffff8881027aa100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.560013] ffff8881027aa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560710] >ffff8881027aa200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.561350] ^ [ 15.561704] ffff8881027aa280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.561923] ffff8881027aa300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.562268] ================================================================== [ 15.563131] ================================================================== [ 15.563445] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.563871] Write of size 8 at addr ffff8881027aa278 by task kunit_try_catch/298 [ 15.564279] [ 15.564492] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.564537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.564551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.564574] Call Trace: [ 15.564589] <TASK> [ 15.564607] dump_stack_lvl+0x73/0xb0 [ 15.564635] print_report+0xd1/0x650 [ 15.564659] ? __virt_addr_valid+0x1db/0x2d0 [ 15.564683] ? copy_to_kernel_nofault+0x99/0x260 [ 15.564707] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.564753] ? copy_to_kernel_nofault+0x99/0x260 [ 15.564791] kasan_report+0x141/0x180 [ 15.564815] ? copy_to_kernel_nofault+0x99/0x260 [ 15.564861] kasan_check_range+0x10c/0x1c0 [ 15.564899] __kasan_check_write+0x18/0x20 [ 15.564921] copy_to_kernel_nofault+0x99/0x260 [ 15.564971] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.564996] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.565021] ? finish_task_switch.isra.0+0x153/0x700 [ 15.565045] ? __schedule+0x10cc/0x2b60 [ 15.565078] ? trace_hardirqs_on+0x37/0xe0 [ 15.565110] ? __pfx_read_tsc+0x10/0x10 [ 15.565132] ? ktime_get_ts64+0x86/0x230 [ 15.565157] kunit_try_run_case+0x1a5/0x480 [ 15.565183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.565206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.565231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.565281] ? __kthread_parkme+0x82/0x180 [ 15.565303] ? preempt_count_sub+0x50/0x80 [ 15.565326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.565353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.565394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.565420] kthread+0x337/0x6f0 [ 15.565454] ? trace_preempt_on+0x20/0xc0 [ 15.565488] ? __pfx_kthread+0x10/0x10 [ 15.565512] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.565535] ? calculate_sigpending+0x7b/0xa0 [ 15.565560] ? __pfx_kthread+0x10/0x10 [ 15.565583] ret_from_fork+0x116/0x1d0 [ 15.565603] ? __pfx_kthread+0x10/0x10 [ 15.565626] ret_from_fork_asm+0x1a/0x30 [ 15.565656] </TASK> [ 15.565671] [ 15.574974] Allocated by task 298: [ 15.575110] kasan_save_stack+0x45/0x70 [ 15.575259] kasan_save_track+0x18/0x40 [ 15.575392] kasan_save_alloc_info+0x3b/0x50 [ 15.575771] __kasan_kmalloc+0xb7/0xc0 [ 15.576104] __kmalloc_cache_noprof+0x189/0x420 [ 15.576335] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.576598] kunit_try_run_case+0x1a5/0x480 [ 15.576903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.577195] kthread+0x337/0x6f0 [ 15.577319] ret_from_fork+0x116/0x1d0 [ 15.577450] ret_from_fork_asm+0x1a/0x30 [ 15.577711] [ 15.577809] The buggy address belongs to the object at ffff8881027aa200 [ 15.577809] which belongs to the cache kmalloc-128 of size 128 [ 15.578575] The buggy address is located 0 bytes to the right of [ 15.578575] allocated 120-byte region [ffff8881027aa200, ffff8881027aa278) [ 15.579044] [ 15.579123] The buggy address belongs to the physical page: [ 15.579365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027aa [ 15.579836] flags: 0x200000000000000(node=0|zone=2) [ 15.580144] page_type: f5(slab) [ 15.580330] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.580761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.581056] page dumped because: kasan: bad access detected [ 15.581308] [ 15.581425] Memory state around the buggy address: [ 15.581663] ffff8881027aa100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.582042] ffff8881027aa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.582381] >ffff8881027aa200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.582751] ^ [ 15.583077] ffff8881027aa280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.583409] ffff8881027aa300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.583787] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 14.309738] ================================================================== [ 14.310003] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.310730] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.311083] [ 14.311237] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.311322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.311337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.311371] Call Trace: [ 14.311389] <TASK> [ 14.311406] dump_stack_lvl+0x73/0xb0 [ 14.311436] print_report+0xd1/0x650 [ 14.311460] ? __virt_addr_valid+0x1db/0x2d0 [ 14.311484] ? kasan_atomics_helper+0x860/0x5450 [ 14.311506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.311532] ? kasan_atomics_helper+0x860/0x5450 [ 14.311555] kasan_report+0x141/0x180 [ 14.311579] ? kasan_atomics_helper+0x860/0x5450 [ 14.311607] kasan_check_range+0x10c/0x1c0 [ 14.311632] __kasan_check_write+0x18/0x20 [ 14.311652] kasan_atomics_helper+0x860/0x5450 [ 14.311677] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.311701] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.311727] ? kasan_save_alloc_info+0x3b/0x50 [ 14.311752] ? kasan_atomics+0x152/0x310 [ 14.311782] kasan_atomics+0x1dc/0x310 [ 14.311807] ? __pfx_kasan_atomics+0x10/0x10 [ 14.311834] ? __pfx_read_tsc+0x10/0x10 [ 14.311856] ? ktime_get_ts64+0x86/0x230 [ 14.311882] kunit_try_run_case+0x1a5/0x480 [ 14.311907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.311931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.311967] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.311992] ? __kthread_parkme+0x82/0x180 [ 14.312013] ? preempt_count_sub+0x50/0x80 [ 14.312038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.312064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.312089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.312114] kthread+0x337/0x6f0 [ 14.312191] ? trace_preempt_on+0x20/0xc0 [ 14.312252] ? __pfx_kthread+0x10/0x10 [ 14.312276] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.312327] ? calculate_sigpending+0x7b/0xa0 [ 14.312365] ? __pfx_kthread+0x10/0x10 [ 14.312402] ret_from_fork+0x116/0x1d0 [ 14.312436] ? __pfx_kthread+0x10/0x10 [ 14.312480] ret_from_fork_asm+0x1a/0x30 [ 14.312529] </TASK> [ 14.312564] [ 14.322846] Allocated by task 282: [ 14.323316] kasan_save_stack+0x45/0x70 [ 14.323568] kasan_save_track+0x18/0x40 [ 14.323768] kasan_save_alloc_info+0x3b/0x50 [ 14.324003] __kasan_kmalloc+0xb7/0xc0 [ 14.324344] __kmalloc_cache_noprof+0x189/0x420 [ 14.324668] kasan_atomics+0x95/0x310 [ 14.324911] kunit_try_run_case+0x1a5/0x480 [ 14.325197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.325461] kthread+0x337/0x6f0 [ 14.325733] ret_from_fork+0x116/0x1d0 [ 14.325929] ret_from_fork_asm+0x1a/0x30 [ 14.326189] [ 14.326311] The buggy address belongs to the object at ffff888103a18380 [ 14.326311] which belongs to the cache kmalloc-64 of size 64 [ 14.326957] The buggy address is located 0 bytes to the right of [ 14.326957] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.327736] [ 14.327839] The buggy address belongs to the physical page: [ 14.328105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.328466] flags: 0x200000000000000(node=0|zone=2) [ 14.328828] page_type: f5(slab) [ 14.328962] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.329197] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.329635] page dumped because: kasan: bad access detected [ 14.329914] [ 14.330030] Memory state around the buggy address: [ 14.330589] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.331104] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.331448] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.331817] ^ [ 14.331993] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.332647] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.333042] ================================================================== [ 15.001827] ================================================================== [ 15.002664] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 15.003352] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.003996] [ 15.004222] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.004269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.004283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.004307] Call Trace: [ 15.004324] <TASK> [ 15.004340] dump_stack_lvl+0x73/0xb0 [ 15.004380] print_report+0xd1/0x650 [ 15.004404] ? __virt_addr_valid+0x1db/0x2d0 [ 15.004428] ? kasan_atomics_helper+0x177f/0x5450 [ 15.004461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.004486] ? kasan_atomics_helper+0x177f/0x5450 [ 15.004509] kasan_report+0x141/0x180 [ 15.004532] ? kasan_atomics_helper+0x177f/0x5450 [ 15.004560] kasan_check_range+0x10c/0x1c0 [ 15.004585] __kasan_check_write+0x18/0x20 [ 15.004606] kasan_atomics_helper+0x177f/0x5450 [ 15.004630] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.004654] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.004679] ? kasan_save_alloc_info+0x3b/0x50 [ 15.004704] ? kasan_atomics+0x152/0x310 [ 15.004732] kasan_atomics+0x1dc/0x310 [ 15.004757] ? __pfx_kasan_atomics+0x10/0x10 [ 15.004783] ? __pfx_read_tsc+0x10/0x10 [ 15.004805] ? ktime_get_ts64+0x86/0x230 [ 15.004831] kunit_try_run_case+0x1a5/0x480 [ 15.004857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.004880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.004905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.004930] ? __kthread_parkme+0x82/0x180 [ 15.004963] ? preempt_count_sub+0x50/0x80 [ 15.004989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.005014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.005038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.005069] kthread+0x337/0x6f0 [ 15.005090] ? trace_preempt_on+0x20/0xc0 [ 15.005114] ? __pfx_kthread+0x10/0x10 [ 15.005135] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.005158] ? calculate_sigpending+0x7b/0xa0 [ 15.005183] ? __pfx_kthread+0x10/0x10 [ 15.005206] ret_from_fork+0x116/0x1d0 [ 15.005226] ? __pfx_kthread+0x10/0x10 [ 15.005248] ret_from_fork_asm+0x1a/0x30 [ 15.005280] </TASK> [ 15.005293] [ 15.018144] Allocated by task 282: [ 15.018488] kasan_save_stack+0x45/0x70 [ 15.018861] kasan_save_track+0x18/0x40 [ 15.019254] kasan_save_alloc_info+0x3b/0x50 [ 15.019535] __kasan_kmalloc+0xb7/0xc0 [ 15.019673] __kmalloc_cache_noprof+0x189/0x420 [ 15.019832] kasan_atomics+0x95/0x310 [ 15.020001] kunit_try_run_case+0x1a5/0x480 [ 15.020378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.020758] kthread+0x337/0x6f0 [ 15.020882] ret_from_fork+0x116/0x1d0 [ 15.021028] ret_from_fork_asm+0x1a/0x30 [ 15.021433] [ 15.021614] The buggy address belongs to the object at ffff888103a18380 [ 15.021614] which belongs to the cache kmalloc-64 of size 64 [ 15.022720] The buggy address is located 0 bytes to the right of [ 15.022720] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.023694] [ 15.023824] The buggy address belongs to the physical page: [ 15.024221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.024470] flags: 0x200000000000000(node=0|zone=2) [ 15.024636] page_type: f5(slab) [ 15.024759] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.025008] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.025341] page dumped because: kasan: bad access detected [ 15.025556] [ 15.025655] Memory state around the buggy address: [ 15.025903] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.026214] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.026535] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.026790] ^ [ 15.027269] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.027521] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.028168] ================================================================== [ 14.288585] ================================================================== [ 14.288953] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.289617] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.289852] [ 14.289952] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.289998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.290012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.290036] Call Trace: [ 14.290054] <TASK> [ 14.290070] dump_stack_lvl+0x73/0xb0 [ 14.290099] print_report+0xd1/0x650 [ 14.290124] ? __virt_addr_valid+0x1db/0x2d0 [ 14.290148] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.290171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.290195] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.290219] kasan_report+0x141/0x180 [ 14.290242] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.290270] kasan_check_range+0x10c/0x1c0 [ 14.290295] __kasan_check_write+0x18/0x20 [ 14.290316] kasan_atomics_helper+0x7c7/0x5450 [ 14.290340] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.290365] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.290391] ? kasan_save_alloc_info+0x3b/0x50 [ 14.290415] ? kasan_atomics+0x152/0x310 [ 14.290444] kasan_atomics+0x1dc/0x310 [ 14.290468] ? __pfx_kasan_atomics+0x10/0x10 [ 14.290494] ? __pfx_read_tsc+0x10/0x10 [ 14.290516] ? ktime_get_ts64+0x86/0x230 [ 14.290542] kunit_try_run_case+0x1a5/0x480 [ 14.290567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.290591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.290616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.290642] ? __kthread_parkme+0x82/0x180 [ 14.290663] ? preempt_count_sub+0x50/0x80 [ 14.290688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.290713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.290736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.290761] kthread+0x337/0x6f0 [ 14.290783] ? trace_preempt_on+0x20/0xc0 [ 14.290806] ? __pfx_kthread+0x10/0x10 [ 14.290829] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.290851] ? calculate_sigpending+0x7b/0xa0 [ 14.290877] ? __pfx_kthread+0x10/0x10 [ 14.290900] ret_from_fork+0x116/0x1d0 [ 14.290920] ? __pfx_kthread+0x10/0x10 [ 14.290951] ret_from_fork_asm+0x1a/0x30 [ 14.290982] </TASK> [ 14.290996] [ 14.299708] Allocated by task 282: [ 14.299848] kasan_save_stack+0x45/0x70 [ 14.300006] kasan_save_track+0x18/0x40 [ 14.300140] kasan_save_alloc_info+0x3b/0x50 [ 14.300285] __kasan_kmalloc+0xb7/0xc0 [ 14.300418] __kmalloc_cache_noprof+0x189/0x420 [ 14.300570] kasan_atomics+0x95/0x310 [ 14.300703] kunit_try_run_case+0x1a5/0x480 [ 14.300847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.301383] kthread+0x337/0x6f0 [ 14.301832] ret_from_fork+0x116/0x1d0 [ 14.302056] ret_from_fork_asm+0x1a/0x30 [ 14.302254] [ 14.302369] The buggy address belongs to the object at ffff888103a18380 [ 14.302369] which belongs to the cache kmalloc-64 of size 64 [ 14.302749] The buggy address is located 0 bytes to the right of [ 14.302749] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.303327] [ 14.303406] The buggy address belongs to the physical page: [ 14.303923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.304579] flags: 0x200000000000000(node=0|zone=2) [ 14.304872] page_type: f5(slab) [ 14.305010] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.305713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.306063] page dumped because: kasan: bad access detected [ 14.306373] [ 14.306576] Memory state around the buggy address: [ 14.306842] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.307291] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.307731] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.308130] ^ [ 14.308289] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.308520] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.308885] ================================================================== [ 14.224813] ================================================================== [ 14.225191] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.225630] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.225989] [ 14.226121] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.226178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.226204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.226228] Call Trace: [ 14.226246] <TASK> [ 14.226264] dump_stack_lvl+0x73/0xb0 [ 14.226325] print_report+0xd1/0x650 [ 14.226351] ? __virt_addr_valid+0x1db/0x2d0 [ 14.226387] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.226410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.226434] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.226517] kasan_report+0x141/0x180 [ 14.226545] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.226574] kasan_check_range+0x10c/0x1c0 [ 14.226620] __kasan_check_write+0x18/0x20 [ 14.226642] kasan_atomics_helper+0x5fe/0x5450 [ 14.226680] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.226717] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.226756] ? kasan_save_alloc_info+0x3b/0x50 [ 14.226781] ? kasan_atomics+0x152/0x310 [ 14.226824] kasan_atomics+0x1dc/0x310 [ 14.226861] ? __pfx_kasan_atomics+0x10/0x10 [ 14.226895] ? __pfx_read_tsc+0x10/0x10 [ 14.226918] ? ktime_get_ts64+0x86/0x230 [ 14.226962] kunit_try_run_case+0x1a5/0x480 [ 14.226987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.227010] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.227036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.227059] ? __kthread_parkme+0x82/0x180 [ 14.227090] ? preempt_count_sub+0x50/0x80 [ 14.227122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.227147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.227170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.227195] kthread+0x337/0x6f0 [ 14.227217] ? trace_preempt_on+0x20/0xc0 [ 14.227241] ? __pfx_kthread+0x10/0x10 [ 14.227263] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.227285] ? calculate_sigpending+0x7b/0xa0 [ 14.227310] ? __pfx_kthread+0x10/0x10 [ 14.227332] ret_from_fork+0x116/0x1d0 [ 14.227353] ? __pfx_kthread+0x10/0x10 [ 14.227374] ret_from_fork_asm+0x1a/0x30 [ 14.227407] </TASK> [ 14.227419] [ 14.237989] Allocated by task 282: [ 14.238216] kasan_save_stack+0x45/0x70 [ 14.238422] kasan_save_track+0x18/0x40 [ 14.238761] kasan_save_alloc_info+0x3b/0x50 [ 14.239077] __kasan_kmalloc+0xb7/0xc0 [ 14.239257] __kmalloc_cache_noprof+0x189/0x420 [ 14.239508] kasan_atomics+0x95/0x310 [ 14.239691] kunit_try_run_case+0x1a5/0x480 [ 14.239884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.240240] kthread+0x337/0x6f0 [ 14.240435] ret_from_fork+0x116/0x1d0 [ 14.240726] ret_from_fork_asm+0x1a/0x30 [ 14.240934] [ 14.241106] The buggy address belongs to the object at ffff888103a18380 [ 14.241106] which belongs to the cache kmalloc-64 of size 64 [ 14.241792] The buggy address is located 0 bytes to the right of [ 14.241792] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.242404] [ 14.242484] The buggy address belongs to the physical page: [ 14.242669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.243276] flags: 0x200000000000000(node=0|zone=2) [ 14.243705] page_type: f5(slab) [ 14.243835] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.244711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.244971] page dumped because: kasan: bad access detected [ 14.245155] [ 14.245228] Memory state around the buggy address: [ 14.245515] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.245966] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.246177] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.246383] ^ [ 14.246534] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.246742] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.247036] ================================================================== [ 15.489184] ================================================================== [ 15.489705] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.490279] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.490891] [ 15.491030] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.491075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.491091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.491122] Call Trace: [ 15.491141] <TASK> [ 15.491159] dump_stack_lvl+0x73/0xb0 [ 15.491189] print_report+0xd1/0x650 [ 15.491212] ? __virt_addr_valid+0x1db/0x2d0 [ 15.491237] ? kasan_atomics_helper+0x5115/0x5450 [ 15.491260] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.491284] ? kasan_atomics_helper+0x5115/0x5450 [ 15.491308] kasan_report+0x141/0x180 [ 15.491331] ? kasan_atomics_helper+0x5115/0x5450 [ 15.491359] __asan_report_load8_noabort+0x18/0x20 [ 15.491386] kasan_atomics_helper+0x5115/0x5450 [ 15.491411] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.491434] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.491460] ? kasan_save_alloc_info+0x3b/0x50 [ 15.491484] ? kasan_atomics+0x152/0x310 [ 15.491512] kasan_atomics+0x1dc/0x310 [ 15.491537] ? __pfx_kasan_atomics+0x10/0x10 [ 15.491563] ? __pfx_read_tsc+0x10/0x10 [ 15.491586] ? ktime_get_ts64+0x86/0x230 [ 15.491612] kunit_try_run_case+0x1a5/0x480 [ 15.491638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.491661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.491685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.491710] ? __kthread_parkme+0x82/0x180 [ 15.491731] ? preempt_count_sub+0x50/0x80 [ 15.491756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.491781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.491806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.491829] kthread+0x337/0x6f0 [ 15.491850] ? trace_preempt_on+0x20/0xc0 [ 15.491875] ? __pfx_kthread+0x10/0x10 [ 15.491897] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.491919] ? calculate_sigpending+0x7b/0xa0 [ 15.491953] ? __pfx_kthread+0x10/0x10 [ 15.491978] ret_from_fork+0x116/0x1d0 [ 15.491998] ? __pfx_kthread+0x10/0x10 [ 15.492020] ret_from_fork_asm+0x1a/0x30 [ 15.492052] </TASK> [ 15.492065] [ 15.499961] Allocated by task 282: [ 15.500658] kasan_save_stack+0x45/0x70 [ 15.500844] kasan_save_track+0x18/0x40 [ 15.501055] kasan_save_alloc_info+0x3b/0x50 [ 15.501251] __kasan_kmalloc+0xb7/0xc0 [ 15.501410] __kmalloc_cache_noprof+0x189/0x420 [ 15.501624] kasan_atomics+0x95/0x310 [ 15.501803] kunit_try_run_case+0x1a5/0x480 [ 15.502016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.502808] kthread+0x337/0x6f0 [ 15.502954] ret_from_fork+0x116/0x1d0 [ 15.503304] ret_from_fork_asm+0x1a/0x30 [ 15.503594] [ 15.503808] The buggy address belongs to the object at ffff888103a18380 [ 15.503808] which belongs to the cache kmalloc-64 of size 64 [ 15.504746] The buggy address is located 0 bytes to the right of [ 15.504746] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.505605] [ 15.505704] The buggy address belongs to the physical page: [ 15.505958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.506444] flags: 0x200000000000000(node=0|zone=2) [ 15.506762] page_type: f5(slab) [ 15.506926] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.507482] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.507805] page dumped because: kasan: bad access detected [ 15.508141] [ 15.508235] Memory state around the buggy address: [ 15.508431] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.508901] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.509378] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.509780] ^ [ 15.510091] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510347] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510660] ================================================================== [ 15.079152] ================================================================== [ 15.079783] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 15.080197] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.080506] [ 15.080614] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.080659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.080673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.080696] Call Trace: [ 15.080714] <TASK> [ 15.080733] dump_stack_lvl+0x73/0xb0 [ 15.080762] print_report+0xd1/0x650 [ 15.080786] ? __virt_addr_valid+0x1db/0x2d0 [ 15.080810] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.080857] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080880] kasan_report+0x141/0x180 [ 15.080903] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080932] kasan_check_range+0x10c/0x1c0 [ 15.080967] __kasan_check_write+0x18/0x20 [ 15.080988] kasan_atomics_helper+0x194a/0x5450 [ 15.081012] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.081037] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.081063] ? kasan_save_alloc_info+0x3b/0x50 [ 15.081088] ? kasan_atomics+0x152/0x310 [ 15.081117] kasan_atomics+0x1dc/0x310 [ 15.081141] ? __pfx_kasan_atomics+0x10/0x10 [ 15.081167] ? __pfx_read_tsc+0x10/0x10 [ 15.081213] ? ktime_get_ts64+0x86/0x230 [ 15.081238] kunit_try_run_case+0x1a5/0x480 [ 15.081264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.081288] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.081314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.081339] ? __kthread_parkme+0x82/0x180 [ 15.081361] ? preempt_count_sub+0x50/0x80 [ 15.081386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.081412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.081436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.081460] kthread+0x337/0x6f0 [ 15.081482] ? trace_preempt_on+0x20/0xc0 [ 15.081506] ? __pfx_kthread+0x10/0x10 [ 15.081529] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.081551] ? calculate_sigpending+0x7b/0xa0 [ 15.081596] ? __pfx_kthread+0x10/0x10 [ 15.081619] ret_from_fork+0x116/0x1d0 [ 15.081639] ? __pfx_kthread+0x10/0x10 [ 15.081661] ret_from_fork_asm+0x1a/0x30 [ 15.081693] </TASK> [ 15.081707] [ 15.089664] Allocated by task 282: [ 15.089831] kasan_save_stack+0x45/0x70 [ 15.090055] kasan_save_track+0x18/0x40 [ 15.090225] kasan_save_alloc_info+0x3b/0x50 [ 15.090386] __kasan_kmalloc+0xb7/0xc0 [ 15.090525] __kmalloc_cache_noprof+0x189/0x420 [ 15.090747] kasan_atomics+0x95/0x310 [ 15.090949] kunit_try_run_case+0x1a5/0x480 [ 15.091161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.091441] kthread+0x337/0x6f0 [ 15.091576] ret_from_fork+0x116/0x1d0 [ 15.091711] ret_from_fork_asm+0x1a/0x30 [ 15.091851] [ 15.091983] The buggy address belongs to the object at ffff888103a18380 [ 15.091983] which belongs to the cache kmalloc-64 of size 64 [ 15.092838] The buggy address is located 0 bytes to the right of [ 15.092838] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.093351] [ 15.093428] The buggy address belongs to the physical page: [ 15.093987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.094268] flags: 0x200000000000000(node=0|zone=2) [ 15.094435] page_type: f5(slab) [ 15.094561] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.095340] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.095716] page dumped because: kasan: bad access detected [ 15.095972] [ 15.096046] Memory state around the buggy address: [ 15.096249] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.096589] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.096808] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.097145] ^ [ 15.097399] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.097745] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.098043] ================================================================== [ 14.897598] ================================================================== [ 14.898332] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.898723] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.899174] [ 14.899265] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.899309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.899322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.899355] Call Trace: [ 14.899373] <TASK> [ 14.899390] dump_stack_lvl+0x73/0xb0 [ 14.899429] print_report+0xd1/0x650 [ 14.899453] ? __virt_addr_valid+0x1db/0x2d0 [ 14.899476] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.899499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.899523] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.899546] kasan_report+0x141/0x180 [ 14.899570] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.899598] __asan_report_store8_noabort+0x1b/0x30 [ 14.899621] kasan_atomics_helper+0x50d4/0x5450 [ 14.899645] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.899668] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.899693] ? kasan_save_alloc_info+0x3b/0x50 [ 14.899717] ? kasan_atomics+0x152/0x310 [ 14.899747] kasan_atomics+0x1dc/0x310 [ 14.899772] ? __pfx_kasan_atomics+0x10/0x10 [ 14.899798] ? __pfx_read_tsc+0x10/0x10 [ 14.899820] ? ktime_get_ts64+0x86/0x230 [ 14.899844] kunit_try_run_case+0x1a5/0x480 [ 14.899871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.899895] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.899920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.899954] ? __kthread_parkme+0x82/0x180 [ 14.899976] ? preempt_count_sub+0x50/0x80 [ 14.900001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.900026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.900050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.900083] kthread+0x337/0x6f0 [ 14.900104] ? trace_preempt_on+0x20/0xc0 [ 14.900128] ? __pfx_kthread+0x10/0x10 [ 14.900151] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.900173] ? calculate_sigpending+0x7b/0xa0 [ 14.900198] ? __pfx_kthread+0x10/0x10 [ 14.900221] ret_from_fork+0x116/0x1d0 [ 14.900241] ? __pfx_kthread+0x10/0x10 [ 14.900262] ret_from_fork_asm+0x1a/0x30 [ 14.900294] </TASK> [ 14.900306] [ 14.907981] Allocated by task 282: [ 14.908176] kasan_save_stack+0x45/0x70 [ 14.908339] kasan_save_track+0x18/0x40 [ 14.908535] kasan_save_alloc_info+0x3b/0x50 [ 14.908694] __kasan_kmalloc+0xb7/0xc0 [ 14.908848] __kmalloc_cache_noprof+0x189/0x420 [ 14.909105] kasan_atomics+0x95/0x310 [ 14.909299] kunit_try_run_case+0x1a5/0x480 [ 14.909486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.909696] kthread+0x337/0x6f0 [ 14.909821] ret_from_fork+0x116/0x1d0 [ 14.909965] ret_from_fork_asm+0x1a/0x30 [ 14.910230] [ 14.910331] The buggy address belongs to the object at ffff888103a18380 [ 14.910331] which belongs to the cache kmalloc-64 of size 64 [ 14.910846] The buggy address is located 0 bytes to the right of [ 14.910846] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.911395] [ 14.911484] The buggy address belongs to the physical page: [ 14.911710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.912048] flags: 0x200000000000000(node=0|zone=2) [ 14.912229] page_type: f5(slab) [ 14.912355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.912657] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.913012] page dumped because: kasan: bad access detected [ 14.913425] [ 14.913500] Memory state around the buggy address: [ 14.913658] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.913876] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.914157] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.914487] ^ [ 14.914716] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915048] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915296] ================================================================== [ 14.268113] ================================================================== [ 14.268588] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.269017] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.269444] [ 14.269655] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.269742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.269758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.269781] Call Trace: [ 14.269799] <TASK> [ 14.269824] dump_stack_lvl+0x73/0xb0 [ 14.269855] print_report+0xd1/0x650 [ 14.269895] ? __virt_addr_valid+0x1db/0x2d0 [ 14.269933] ? kasan_atomics_helper+0x72f/0x5450 [ 14.270001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.270039] ? kasan_atomics_helper+0x72f/0x5450 [ 14.270076] kasan_report+0x141/0x180 [ 14.270110] ? kasan_atomics_helper+0x72f/0x5450 [ 14.270137] kasan_check_range+0x10c/0x1c0 [ 14.270173] __kasan_check_write+0x18/0x20 [ 14.270194] kasan_atomics_helper+0x72f/0x5450 [ 14.270219] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.270243] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.270268] ? kasan_save_alloc_info+0x3b/0x50 [ 14.270293] ? kasan_atomics+0x152/0x310 [ 14.270321] kasan_atomics+0x1dc/0x310 [ 14.270346] ? __pfx_kasan_atomics+0x10/0x10 [ 14.270372] ? __pfx_read_tsc+0x10/0x10 [ 14.270393] ? ktime_get_ts64+0x86/0x230 [ 14.270419] kunit_try_run_case+0x1a5/0x480 [ 14.270462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.270512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.270539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.270738] ? __kthread_parkme+0x82/0x180 [ 14.270770] ? preempt_count_sub+0x50/0x80 [ 14.270796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.270858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.270884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.270919] kthread+0x337/0x6f0 [ 14.270954] ? trace_preempt_on+0x20/0xc0 [ 14.270980] ? __pfx_kthread+0x10/0x10 [ 14.271002] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.271025] ? calculate_sigpending+0x7b/0xa0 [ 14.271050] ? __pfx_kthread+0x10/0x10 [ 14.271081] ret_from_fork+0x116/0x1d0 [ 14.271101] ? __pfx_kthread+0x10/0x10 [ 14.271155] ret_from_fork_asm+0x1a/0x30 [ 14.271202] </TASK> [ 14.271216] [ 14.279865] Allocated by task 282: [ 14.280051] kasan_save_stack+0x45/0x70 [ 14.280198] kasan_save_track+0x18/0x40 [ 14.280356] kasan_save_alloc_info+0x3b/0x50 [ 14.280727] __kasan_kmalloc+0xb7/0xc0 [ 14.280932] __kmalloc_cache_noprof+0x189/0x420 [ 14.281141] kasan_atomics+0x95/0x310 [ 14.281370] kunit_try_run_case+0x1a5/0x480 [ 14.281644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.281963] kthread+0x337/0x6f0 [ 14.282151] ret_from_fork+0x116/0x1d0 [ 14.282372] ret_from_fork_asm+0x1a/0x30 [ 14.282653] [ 14.282758] The buggy address belongs to the object at ffff888103a18380 [ 14.282758] which belongs to the cache kmalloc-64 of size 64 [ 14.283448] The buggy address is located 0 bytes to the right of [ 14.283448] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.284140] [ 14.284266] The buggy address belongs to the physical page: [ 14.284625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.285077] flags: 0x200000000000000(node=0|zone=2) [ 14.285397] page_type: f5(slab) [ 14.285621] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.285861] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.286102] page dumped because: kasan: bad access detected [ 14.286279] [ 14.286352] Memory state around the buggy address: [ 14.286510] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.286730] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.287093] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.287616] ^ [ 14.287783] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.288015] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.288234] ================================================================== [ 14.933560] ================================================================== [ 14.933906] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.934440] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.934783] [ 14.934874] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.934917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.934931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.934965] Call Trace: [ 14.934981] <TASK> [ 14.934996] dump_stack_lvl+0x73/0xb0 [ 14.935025] print_report+0xd1/0x650 [ 14.935049] ? __virt_addr_valid+0x1db/0x2d0 [ 14.935073] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.935096] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.935128] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.935152] kasan_report+0x141/0x180 [ 14.935176] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.935204] kasan_check_range+0x10c/0x1c0 [ 14.935229] __kasan_check_write+0x18/0x20 [ 14.935250] kasan_atomics_helper+0x15b6/0x5450 [ 14.935274] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.935298] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.935335] ? kasan_save_alloc_info+0x3b/0x50 [ 14.935360] ? kasan_atomics+0x152/0x310 [ 14.935389] kasan_atomics+0x1dc/0x310 [ 14.935413] ? __pfx_kasan_atomics+0x10/0x10 [ 14.935439] ? __pfx_read_tsc+0x10/0x10 [ 14.935461] ? ktime_get_ts64+0x86/0x230 [ 14.935486] kunit_try_run_case+0x1a5/0x480 [ 14.935513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.935537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.935561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.935585] ? __kthread_parkme+0x82/0x180 [ 14.935607] ? preempt_count_sub+0x50/0x80 [ 14.935632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.935658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.935682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.935706] kthread+0x337/0x6f0 [ 14.935727] ? trace_preempt_on+0x20/0xc0 [ 14.935751] ? __pfx_kthread+0x10/0x10 [ 14.935774] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.935796] ? calculate_sigpending+0x7b/0xa0 [ 14.935821] ? __pfx_kthread+0x10/0x10 [ 14.935843] ret_from_fork+0x116/0x1d0 [ 14.935863] ? __pfx_kthread+0x10/0x10 [ 14.935886] ret_from_fork_asm+0x1a/0x30 [ 14.935917] </TASK> [ 14.935930] [ 14.944060] Allocated by task 282: [ 14.944248] kasan_save_stack+0x45/0x70 [ 14.944430] kasan_save_track+0x18/0x40 [ 14.944569] kasan_save_alloc_info+0x3b/0x50 [ 14.944792] __kasan_kmalloc+0xb7/0xc0 [ 14.944980] __kmalloc_cache_noprof+0x189/0x420 [ 14.945204] kasan_atomics+0x95/0x310 [ 14.945368] kunit_try_run_case+0x1a5/0x480 [ 14.945575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.945750] kthread+0x337/0x6f0 [ 14.945874] ret_from_fork+0x116/0x1d0 [ 14.946017] ret_from_fork_asm+0x1a/0x30 [ 14.946158] [ 14.946232] The buggy address belongs to the object at ffff888103a18380 [ 14.946232] which belongs to the cache kmalloc-64 of size 64 [ 14.946585] The buggy address is located 0 bytes to the right of [ 14.946585] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.947122] [ 14.947236] The buggy address belongs to the physical page: [ 14.947495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.947850] flags: 0x200000000000000(node=0|zone=2) [ 14.948126] page_type: f5(slab) [ 14.948301] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.948645] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.948994] page dumped because: kasan: bad access detected [ 14.949210] [ 14.949285] Memory state around the buggy address: [ 14.949443] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.949664] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.949900] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.950428] ^ [ 14.950661] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.951004] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.951580] ================================================================== [ 14.201568] ================================================================== [ 14.202003] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.202466] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.202958] [ 14.203170] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.203256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.203271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.203322] Call Trace: [ 14.203341] <TASK> [ 14.203359] dump_stack_lvl+0x73/0xb0 [ 14.203390] print_report+0xd1/0x650 [ 14.203414] ? __virt_addr_valid+0x1db/0x2d0 [ 14.203437] ? kasan_atomics_helper+0x565/0x5450 [ 14.203460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.203569] ? kasan_atomics_helper+0x565/0x5450 [ 14.203623] kasan_report+0x141/0x180 [ 14.203649] ? kasan_atomics_helper+0x565/0x5450 [ 14.203677] kasan_check_range+0x10c/0x1c0 [ 14.203704] __kasan_check_write+0x18/0x20 [ 14.203725] kasan_atomics_helper+0x565/0x5450 [ 14.203750] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.203774] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.203799] ? kasan_save_alloc_info+0x3b/0x50 [ 14.203825] ? kasan_atomics+0x152/0x310 [ 14.203879] kasan_atomics+0x1dc/0x310 [ 14.203904] ? __pfx_kasan_atomics+0x10/0x10 [ 14.203931] ? __pfx_read_tsc+0x10/0x10 [ 14.203970] ? ktime_get_ts64+0x86/0x230 [ 14.203996] kunit_try_run_case+0x1a5/0x480 [ 14.204048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.204118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.204143] ? __kthread_parkme+0x82/0x180 [ 14.204164] ? preempt_count_sub+0x50/0x80 [ 14.204188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.204238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.204262] kthread+0x337/0x6f0 [ 14.204283] ? trace_preempt_on+0x20/0xc0 [ 14.204308] ? __pfx_kthread+0x10/0x10 [ 14.204329] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.204352] ? calculate_sigpending+0x7b/0xa0 [ 14.204377] ? __pfx_kthread+0x10/0x10 [ 14.204400] ret_from_fork+0x116/0x1d0 [ 14.204419] ? __pfx_kthread+0x10/0x10 [ 14.204442] ret_from_fork_asm+0x1a/0x30 [ 14.204557] </TASK> [ 14.204574] [ 14.214362] Allocated by task 282: [ 14.214680] kasan_save_stack+0x45/0x70 [ 14.214880] kasan_save_track+0x18/0x40 [ 14.215080] kasan_save_alloc_info+0x3b/0x50 [ 14.215234] __kasan_kmalloc+0xb7/0xc0 [ 14.215369] __kmalloc_cache_noprof+0x189/0x420 [ 14.215878] kasan_atomics+0x95/0x310 [ 14.216115] kunit_try_run_case+0x1a5/0x480 [ 14.216336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.216715] kthread+0x337/0x6f0 [ 14.216843] ret_from_fork+0x116/0x1d0 [ 14.216992] ret_from_fork_asm+0x1a/0x30 [ 14.217181] [ 14.217286] The buggy address belongs to the object at ffff888103a18380 [ 14.217286] which belongs to the cache kmalloc-64 of size 64 [ 14.218351] The buggy address is located 0 bytes to the right of [ 14.218351] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.218712] [ 14.218807] The buggy address belongs to the physical page: [ 14.219144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.219887] flags: 0x200000000000000(node=0|zone=2) [ 14.220439] page_type: f5(slab) [ 14.220742] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.221149] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.221416] page dumped because: kasan: bad access detected [ 14.221611] [ 14.221843] Memory state around the buggy address: [ 14.222143] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.222574] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.222801] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.223218] ^ [ 14.223618] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.223960] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.224263] ================================================================== [ 15.247739] ================================================================== [ 15.248301] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.248785] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.249024] [ 15.249227] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.249272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.249286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.249309] Call Trace: [ 15.249325] <TASK> [ 15.249342] dump_stack_lvl+0x73/0xb0 [ 15.249370] print_report+0xd1/0x650 [ 15.249392] ? __virt_addr_valid+0x1db/0x2d0 [ 15.249416] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.249449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.249472] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.249495] kasan_report+0x141/0x180 [ 15.249520] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.249548] kasan_check_range+0x10c/0x1c0 [ 15.249573] __kasan_check_write+0x18/0x20 [ 15.249593] kasan_atomics_helper+0x1e12/0x5450 [ 15.249617] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.249641] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.249666] ? kasan_save_alloc_info+0x3b/0x50 [ 15.249691] ? kasan_atomics+0x152/0x310 [ 15.249720] kasan_atomics+0x1dc/0x310 [ 15.249745] ? __pfx_kasan_atomics+0x10/0x10 [ 15.249771] ? __pfx_read_tsc+0x10/0x10 [ 15.249792] ? ktime_get_ts64+0x86/0x230 [ 15.249818] kunit_try_run_case+0x1a5/0x480 [ 15.249842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.249866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.249890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.249915] ? __kthread_parkme+0x82/0x180 [ 15.249937] ? preempt_count_sub+0x50/0x80 [ 15.249976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.250005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.250031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.250056] kthread+0x337/0x6f0 [ 15.250084] ? trace_preempt_on+0x20/0xc0 [ 15.250109] ? __pfx_kthread+0x10/0x10 [ 15.250131] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.250154] ? calculate_sigpending+0x7b/0xa0 [ 15.250178] ? __pfx_kthread+0x10/0x10 [ 15.250202] ret_from_fork+0x116/0x1d0 [ 15.250222] ? __pfx_kthread+0x10/0x10 [ 15.250244] ret_from_fork_asm+0x1a/0x30 [ 15.250277] </TASK> [ 15.250289] [ 15.257931] Allocated by task 282: [ 15.258081] kasan_save_stack+0x45/0x70 [ 15.258274] kasan_save_track+0x18/0x40 [ 15.258472] kasan_save_alloc_info+0x3b/0x50 [ 15.258683] __kasan_kmalloc+0xb7/0xc0 [ 15.258871] __kmalloc_cache_noprof+0x189/0x420 [ 15.259136] kasan_atomics+0x95/0x310 [ 15.259278] kunit_try_run_case+0x1a5/0x480 [ 15.259436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.259694] kthread+0x337/0x6f0 [ 15.259869] ret_from_fork+0x116/0x1d0 [ 15.260076] ret_from_fork_asm+0x1a/0x30 [ 15.260246] [ 15.260336] The buggy address belongs to the object at ffff888103a18380 [ 15.260336] which belongs to the cache kmalloc-64 of size 64 [ 15.260798] The buggy address is located 0 bytes to the right of [ 15.260798] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.261319] [ 15.261415] The buggy address belongs to the physical page: [ 15.261629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.261874] flags: 0x200000000000000(node=0|zone=2) [ 15.262048] page_type: f5(slab) [ 15.262173] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.262442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.263188] page dumped because: kasan: bad access detected [ 15.263371] [ 15.263451] Memory state around the buggy address: [ 15.263622] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.263839] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.264198] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.264526] ^ [ 15.264755] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.265098] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.265426] ================================================================== [ 14.107791] ================================================================== [ 14.108084] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 14.108358] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.109052] [ 14.109222] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.109268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.109282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.109304] Call Trace: [ 14.109323] <TASK> [ 14.109340] dump_stack_lvl+0x73/0xb0 [ 14.109370] print_report+0xd1/0x650 [ 14.109393] ? __virt_addr_valid+0x1db/0x2d0 [ 14.109417] ? kasan_atomics_helper+0x3df/0x5450 [ 14.109450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.109473] ? kasan_atomics_helper+0x3df/0x5450 [ 14.109496] kasan_report+0x141/0x180 [ 14.109529] ? kasan_atomics_helper+0x3df/0x5450 [ 14.109557] kasan_check_range+0x10c/0x1c0 [ 14.109582] __kasan_check_read+0x15/0x20 [ 14.109602] kasan_atomics_helper+0x3df/0x5450 [ 14.109636] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.109660] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.109684] ? kasan_save_alloc_info+0x3b/0x50 [ 14.109709] ? kasan_atomics+0x152/0x310 [ 14.109737] kasan_atomics+0x1dc/0x310 [ 14.109761] ? __pfx_kasan_atomics+0x10/0x10 [ 14.109786] ? __pfx_read_tsc+0x10/0x10 [ 14.109808] ? ktime_get_ts64+0x86/0x230 [ 14.109834] kunit_try_run_case+0x1a5/0x480 [ 14.109860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.109883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.109906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.109931] ? __kthread_parkme+0x82/0x180 [ 14.109964] ? preempt_count_sub+0x50/0x80 [ 14.109988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.110013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.110038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.110234] kthread+0x337/0x6f0 [ 14.110258] ? trace_preempt_on+0x20/0xc0 [ 14.110284] ? __pfx_kthread+0x10/0x10 [ 14.110306] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.110329] ? calculate_sigpending+0x7b/0xa0 [ 14.110354] ? __pfx_kthread+0x10/0x10 [ 14.110378] ret_from_fork+0x116/0x1d0 [ 14.110398] ? __pfx_kthread+0x10/0x10 [ 14.110420] ret_from_fork_asm+0x1a/0x30 [ 14.110451] </TASK> [ 14.110513] [ 14.119956] Allocated by task 282: [ 14.120278] kasan_save_stack+0x45/0x70 [ 14.120430] kasan_save_track+0x18/0x40 [ 14.120832] kasan_save_alloc_info+0x3b/0x50 [ 14.121003] __kasan_kmalloc+0xb7/0xc0 [ 14.121138] __kmalloc_cache_noprof+0x189/0x420 [ 14.121333] kasan_atomics+0x95/0x310 [ 14.121525] kunit_try_run_case+0x1a5/0x480 [ 14.121954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.122273] kthread+0x337/0x6f0 [ 14.122414] ret_from_fork+0x116/0x1d0 [ 14.122684] ret_from_fork_asm+0x1a/0x30 [ 14.122833] [ 14.122907] The buggy address belongs to the object at ffff888103a18380 [ 14.122907] which belongs to the cache kmalloc-64 of size 64 [ 14.123558] The buggy address is located 0 bytes to the right of [ 14.123558] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.123926] [ 14.124150] The buggy address belongs to the physical page: [ 14.124446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.124850] flags: 0x200000000000000(node=0|zone=2) [ 14.125356] page_type: f5(slab) [ 14.125615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.125862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.126298] page dumped because: kasan: bad access detected [ 14.126889] [ 14.126995] Memory state around the buggy address: [ 14.127379] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.127692] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.127998] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.128359] ^ [ 14.128562] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.128953] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.129377] ================================================================== [ 14.153029] ================================================================== [ 14.153448] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.154154] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.154828] [ 14.154987] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.155034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.155050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.155073] Call Trace: [ 14.155092] <TASK> [ 14.155113] dump_stack_lvl+0x73/0xb0 [ 14.155141] print_report+0xd1/0x650 [ 14.155164] ? __virt_addr_valid+0x1db/0x2d0 [ 14.155188] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.155210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.155271] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.155297] kasan_report+0x141/0x180 [ 14.155321] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.155378] kasan_check_range+0x10c/0x1c0 [ 14.155404] __kasan_check_write+0x18/0x20 [ 14.155436] kasan_atomics_helper+0x4a0/0x5450 [ 14.155517] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.155547] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.155572] ? kasan_save_alloc_info+0x3b/0x50 [ 14.155597] ? kasan_atomics+0x152/0x310 [ 14.155627] kasan_atomics+0x1dc/0x310 [ 14.155652] ? __pfx_kasan_atomics+0x10/0x10 [ 14.155678] ? __pfx_read_tsc+0x10/0x10 [ 14.155699] ? ktime_get_ts64+0x86/0x230 [ 14.155725] kunit_try_run_case+0x1a5/0x480 [ 14.155749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.155798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.155824] ? __kthread_parkme+0x82/0x180 [ 14.155845] ? preempt_count_sub+0x50/0x80 [ 14.155870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.155919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.155957] kthread+0x337/0x6f0 [ 14.155978] ? trace_preempt_on+0x20/0xc0 [ 14.156002] ? __pfx_kthread+0x10/0x10 [ 14.156023] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.156046] ? calculate_sigpending+0x7b/0xa0 [ 14.156071] ? __pfx_kthread+0x10/0x10 [ 14.156093] ret_from_fork+0x116/0x1d0 [ 14.156113] ? __pfx_kthread+0x10/0x10 [ 14.156136] ret_from_fork_asm+0x1a/0x30 [ 14.156167] </TASK> [ 14.156180] [ 14.166855] Allocated by task 282: [ 14.167052] kasan_save_stack+0x45/0x70 [ 14.167519] kasan_save_track+0x18/0x40 [ 14.167862] kasan_save_alloc_info+0x3b/0x50 [ 14.168038] __kasan_kmalloc+0xb7/0xc0 [ 14.168246] __kmalloc_cache_noprof+0x189/0x420 [ 14.168654] kasan_atomics+0x95/0x310 [ 14.168877] kunit_try_run_case+0x1a5/0x480 [ 14.169106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.169585] kthread+0x337/0x6f0 [ 14.169796] ret_from_fork+0x116/0x1d0 [ 14.170059] ret_from_fork_asm+0x1a/0x30 [ 14.170282] [ 14.170370] The buggy address belongs to the object at ffff888103a18380 [ 14.170370] which belongs to the cache kmalloc-64 of size 64 [ 14.171285] The buggy address is located 0 bytes to the right of [ 14.171285] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.171861] [ 14.172033] The buggy address belongs to the physical page: [ 14.172423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.172908] flags: 0x200000000000000(node=0|zone=2) [ 14.173115] page_type: f5(slab) [ 14.173353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.173788] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.174157] page dumped because: kasan: bad access detected [ 14.174369] [ 14.174469] Memory state around the buggy address: [ 14.174976] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.175570] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.176001] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.176433] ^ [ 14.176782] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.177121] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.177453] ================================================================== [ 14.669045] ================================================================== [ 14.669599] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.670274] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.670895] [ 14.671149] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.671197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.671222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.671245] Call Trace: [ 14.671262] <TASK> [ 14.671278] dump_stack_lvl+0x73/0xb0 [ 14.671320] print_report+0xd1/0x650 [ 14.671344] ? __virt_addr_valid+0x1db/0x2d0 [ 14.671367] ? kasan_atomics_helper+0x1079/0x5450 [ 14.671390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.671414] ? kasan_atomics_helper+0x1079/0x5450 [ 14.671437] kasan_report+0x141/0x180 [ 14.671503] ? kasan_atomics_helper+0x1079/0x5450 [ 14.671533] kasan_check_range+0x10c/0x1c0 [ 14.671559] __kasan_check_write+0x18/0x20 [ 14.671580] kasan_atomics_helper+0x1079/0x5450 [ 14.671604] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.671627] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.671654] ? kasan_save_alloc_info+0x3b/0x50 [ 14.671679] ? kasan_atomics+0x152/0x310 [ 14.671707] kasan_atomics+0x1dc/0x310 [ 14.671731] ? __pfx_kasan_atomics+0x10/0x10 [ 14.671758] ? __pfx_read_tsc+0x10/0x10 [ 14.671780] ? ktime_get_ts64+0x86/0x230 [ 14.671806] kunit_try_run_case+0x1a5/0x480 [ 14.671831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.671855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.671880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.671905] ? __kthread_parkme+0x82/0x180 [ 14.671928] ? preempt_count_sub+0x50/0x80 [ 14.671966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.671992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.672016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.672041] kthread+0x337/0x6f0 [ 14.672062] ? trace_preempt_on+0x20/0xc0 [ 14.672087] ? __pfx_kthread+0x10/0x10 [ 14.672109] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.672132] ? calculate_sigpending+0x7b/0xa0 [ 14.672157] ? __pfx_kthread+0x10/0x10 [ 14.672181] ret_from_fork+0x116/0x1d0 [ 14.672200] ? __pfx_kthread+0x10/0x10 [ 14.672223] ret_from_fork_asm+0x1a/0x30 [ 14.672255] </TASK> [ 14.672269] [ 14.686726] Allocated by task 282: [ 14.687090] kasan_save_stack+0x45/0x70 [ 14.687535] kasan_save_track+0x18/0x40 [ 14.687915] kasan_save_alloc_info+0x3b/0x50 [ 14.688324] __kasan_kmalloc+0xb7/0xc0 [ 14.688462] __kmalloc_cache_noprof+0x189/0x420 [ 14.688841] kasan_atomics+0x95/0x310 [ 14.689206] kunit_try_run_case+0x1a5/0x480 [ 14.689803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.690382] kthread+0x337/0x6f0 [ 14.690561] ret_from_fork+0x116/0x1d0 [ 14.690988] ret_from_fork_asm+0x1a/0x30 [ 14.691388] [ 14.691475] The buggy address belongs to the object at ffff888103a18380 [ 14.691475] which belongs to the cache kmalloc-64 of size 64 [ 14.691832] The buggy address is located 0 bytes to the right of [ 14.691832] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.692221] [ 14.692354] The buggy address belongs to the physical page: [ 14.692716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.693118] flags: 0x200000000000000(node=0|zone=2) [ 14.693340] page_type: f5(slab) [ 14.693475] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.693901] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.694239] page dumped because: kasan: bad access detected [ 14.694601] [ 14.694693] Memory state around the buggy address: [ 14.694967] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.695359] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.695635] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.695881] ^ [ 14.696114] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.696591] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.696808] ================================================================== [ 14.977242] ================================================================== [ 14.977565] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.977986] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.978280] [ 14.978392] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.978437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.978451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.978475] Call Trace: [ 14.978495] <TASK> [ 14.978512] dump_stack_lvl+0x73/0xb0 [ 14.978540] print_report+0xd1/0x650 [ 14.978575] ? __virt_addr_valid+0x1db/0x2d0 [ 14.978601] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.978624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.978647] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.978671] kasan_report+0x141/0x180 [ 14.978695] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.978736] kasan_check_range+0x10c/0x1c0 [ 14.978761] __kasan_check_write+0x18/0x20 [ 14.978783] kasan_atomics_helper+0x16e7/0x5450 [ 14.978808] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.978831] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.978857] ? kasan_save_alloc_info+0x3b/0x50 [ 14.978883] ? kasan_atomics+0x152/0x310 [ 14.978912] kasan_atomics+0x1dc/0x310 [ 14.978937] ? __pfx_kasan_atomics+0x10/0x10 [ 14.978974] ? __pfx_read_tsc+0x10/0x10 [ 14.978996] ? ktime_get_ts64+0x86/0x230 [ 14.979022] kunit_try_run_case+0x1a5/0x480 [ 14.979048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.979080] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.979104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.979134] ? __kthread_parkme+0x82/0x180 [ 14.979156] ? preempt_count_sub+0x50/0x80 [ 14.979181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.979206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.979230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.979256] kthread+0x337/0x6f0 [ 14.979277] ? trace_preempt_on+0x20/0xc0 [ 14.979301] ? __pfx_kthread+0x10/0x10 [ 14.979324] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.979346] ? calculate_sigpending+0x7b/0xa0 [ 14.979371] ? __pfx_kthread+0x10/0x10 [ 14.979394] ret_from_fork+0x116/0x1d0 [ 14.979414] ? __pfx_kthread+0x10/0x10 [ 14.979436] ret_from_fork_asm+0x1a/0x30 [ 14.979468] </TASK> [ 14.979481] [ 14.986869] Allocated by task 282: [ 14.987070] kasan_save_stack+0x45/0x70 [ 14.987236] kasan_save_track+0x18/0x40 [ 14.987373] kasan_save_alloc_info+0x3b/0x50 [ 14.987529] __kasan_kmalloc+0xb7/0xc0 [ 14.987727] __kmalloc_cache_noprof+0x189/0x420 [ 14.987958] kasan_atomics+0x95/0x310 [ 14.988253] kunit_try_run_case+0x1a5/0x480 [ 14.988452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.988628] kthread+0x337/0x6f0 [ 14.988751] ret_from_fork+0x116/0x1d0 [ 14.988884] ret_from_fork_asm+0x1a/0x30 [ 14.989882] [ 14.990009] The buggy address belongs to the object at ffff888103a18380 [ 14.990009] which belongs to the cache kmalloc-64 of size 64 [ 14.991727] The buggy address is located 0 bytes to the right of [ 14.991727] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.993249] [ 14.993524] The buggy address belongs to the physical page: [ 14.993976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.995210] flags: 0x200000000000000(node=0|zone=2) [ 14.995628] page_type: f5(slab) [ 14.996129] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.996604] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.996844] page dumped because: kasan: bad access detected [ 14.997287] [ 14.997497] Memory state around the buggy address: [ 14.997957] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.998621] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.999270] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.999492] ^ [ 14.999650] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.999867] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.000506] ================================================================== [ 15.052812] ================================================================== [ 15.053192] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 15.053836] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.054205] [ 15.054302] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.054348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.054363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.054387] Call Trace: [ 15.054406] <TASK> [ 15.054437] dump_stack_lvl+0x73/0xb0 [ 15.054497] print_report+0xd1/0x650 [ 15.054521] ? __virt_addr_valid+0x1db/0x2d0 [ 15.054546] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.054568] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.054592] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.054615] kasan_report+0x141/0x180 [ 15.054639] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.054667] kasan_check_range+0x10c/0x1c0 [ 15.054692] __kasan_check_write+0x18/0x20 [ 15.054713] kasan_atomics_helper+0x18b1/0x5450 [ 15.054737] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.054776] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.054802] ? kasan_save_alloc_info+0x3b/0x50 [ 15.054838] ? kasan_atomics+0x152/0x310 [ 15.054867] kasan_atomics+0x1dc/0x310 [ 15.054891] ? __pfx_kasan_atomics+0x10/0x10 [ 15.054917] ? __pfx_read_tsc+0x10/0x10 [ 15.054951] ? ktime_get_ts64+0x86/0x230 [ 15.054977] kunit_try_run_case+0x1a5/0x480 [ 15.055002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.055026] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.055050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.055085] ? __kthread_parkme+0x82/0x180 [ 15.055107] ? preempt_count_sub+0x50/0x80 [ 15.055155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.055180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.055205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.055229] kthread+0x337/0x6f0 [ 15.055251] ? trace_preempt_on+0x20/0xc0 [ 15.055276] ? __pfx_kthread+0x10/0x10 [ 15.055319] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.055342] ? calculate_sigpending+0x7b/0xa0 [ 15.055367] ? __pfx_kthread+0x10/0x10 [ 15.055391] ret_from_fork+0x116/0x1d0 [ 15.055411] ? __pfx_kthread+0x10/0x10 [ 15.055433] ret_from_fork_asm+0x1a/0x30 [ 15.055465] </TASK> [ 15.055478] [ 15.066452] Allocated by task 282: [ 15.066641] kasan_save_stack+0x45/0x70 [ 15.066835] kasan_save_track+0x18/0x40 [ 15.067029] kasan_save_alloc_info+0x3b/0x50 [ 15.067752] __kasan_kmalloc+0xb7/0xc0 [ 15.067973] __kmalloc_cache_noprof+0x189/0x420 [ 15.068445] kasan_atomics+0x95/0x310 [ 15.068807] kunit_try_run_case+0x1a5/0x480 [ 15.069025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.069688] kthread+0x337/0x6f0 [ 15.069900] ret_from_fork+0x116/0x1d0 [ 15.070269] ret_from_fork_asm+0x1a/0x30 [ 15.070473] [ 15.070571] The buggy address belongs to the object at ffff888103a18380 [ 15.070571] which belongs to the cache kmalloc-64 of size 64 [ 15.071065] The buggy address is located 0 bytes to the right of [ 15.071065] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.071589] [ 15.071686] The buggy address belongs to the physical page: [ 15.071925] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.072696] flags: 0x200000000000000(node=0|zone=2) [ 15.073089] page_type: f5(slab) [ 15.073392] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.073898] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.074602] page dumped because: kasan: bad access detected [ 15.075072] [ 15.075237] Memory state around the buggy address: [ 15.075455] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.075749] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.076053] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.076348] ^ [ 15.076557] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.076848] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.077538] ================================================================== [ 15.284186] ================================================================== [ 15.284539] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.284880] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.285231] [ 15.285343] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.285385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.285399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.285421] Call Trace: [ 15.285438] <TASK> [ 15.285456] dump_stack_lvl+0x73/0xb0 [ 15.285484] print_report+0xd1/0x650 [ 15.285507] ? __virt_addr_valid+0x1db/0x2d0 [ 15.285531] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.285554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.285576] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.285600] kasan_report+0x141/0x180 [ 15.285623] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.285650] kasan_check_range+0x10c/0x1c0 [ 15.285674] __kasan_check_write+0x18/0x20 [ 15.285695] kasan_atomics_helper+0x1f43/0x5450 [ 15.285719] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.285741] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.285767] ? kasan_save_alloc_info+0x3b/0x50 [ 15.285791] ? kasan_atomics+0x152/0x310 [ 15.285818] kasan_atomics+0x1dc/0x310 [ 15.285842] ? __pfx_kasan_atomics+0x10/0x10 [ 15.285868] ? __pfx_read_tsc+0x10/0x10 [ 15.285908] ? ktime_get_ts64+0x86/0x230 [ 15.285933] kunit_try_run_case+0x1a5/0x480 [ 15.285970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.285994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.286018] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.286043] ? __kthread_parkme+0x82/0x180 [ 15.286066] ? preempt_count_sub+0x50/0x80 [ 15.286090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.286115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.286140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.286177] kthread+0x337/0x6f0 [ 15.286199] ? trace_preempt_on+0x20/0xc0 [ 15.286224] ? __pfx_kthread+0x10/0x10 [ 15.286245] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.286268] ? calculate_sigpending+0x7b/0xa0 [ 15.286293] ? __pfx_kthread+0x10/0x10 [ 15.286316] ret_from_fork+0x116/0x1d0 [ 15.286336] ? __pfx_kthread+0x10/0x10 [ 15.286358] ret_from_fork_asm+0x1a/0x30 [ 15.286391] </TASK> [ 15.286403] [ 15.294260] Allocated by task 282: [ 15.294453] kasan_save_stack+0x45/0x70 [ 15.294656] kasan_save_track+0x18/0x40 [ 15.294861] kasan_save_alloc_info+0x3b/0x50 [ 15.295095] __kasan_kmalloc+0xb7/0xc0 [ 15.295273] __kmalloc_cache_noprof+0x189/0x420 [ 15.295441] kasan_atomics+0x95/0x310 [ 15.295577] kunit_try_run_case+0x1a5/0x480 [ 15.295724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.295900] kthread+0x337/0x6f0 [ 15.296034] ret_from_fork+0x116/0x1d0 [ 15.296426] ret_from_fork_asm+0x1a/0x30 [ 15.296629] [ 15.296727] The buggy address belongs to the object at ffff888103a18380 [ 15.296727] which belongs to the cache kmalloc-64 of size 64 [ 15.297406] The buggy address is located 0 bytes to the right of [ 15.297406] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.297895] [ 15.298244] The buggy address belongs to the physical page: [ 15.299692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.300134] flags: 0x200000000000000(node=0|zone=2) [ 15.300307] page_type: f5(slab) [ 15.300439] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.300682] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.300921] page dumped because: kasan: bad access detected [ 15.301226] [ 15.301321] Memory state around the buggy address: [ 15.301489] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.301748] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.302094] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.302340] ^ [ 15.302550] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.302880] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.303194] ================================================================== [ 14.577815] ================================================================== [ 14.578341] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.578780] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.579033] [ 14.579268] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.579315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.579341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.579365] Call Trace: [ 14.579381] <TASK> [ 14.579399] dump_stack_lvl+0x73/0xb0 [ 14.579439] print_report+0xd1/0x650 [ 14.579486] ? __virt_addr_valid+0x1db/0x2d0 [ 14.579510] ? kasan_atomics_helper+0xf10/0x5450 [ 14.579543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.579567] ? kasan_atomics_helper+0xf10/0x5450 [ 14.579590] kasan_report+0x141/0x180 [ 14.579614] ? kasan_atomics_helper+0xf10/0x5450 [ 14.579642] kasan_check_range+0x10c/0x1c0 [ 14.579667] __kasan_check_write+0x18/0x20 [ 14.579688] kasan_atomics_helper+0xf10/0x5450 [ 14.579712] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.579735] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.579760] ? kasan_save_alloc_info+0x3b/0x50 [ 14.579785] ? kasan_atomics+0x152/0x310 [ 14.579813] kasan_atomics+0x1dc/0x310 [ 14.579837] ? __pfx_kasan_atomics+0x10/0x10 [ 14.579863] ? __pfx_read_tsc+0x10/0x10 [ 14.579885] ? ktime_get_ts64+0x86/0x230 [ 14.579918] kunit_try_run_case+0x1a5/0x480 [ 14.579957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.579982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.580006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.580031] ? __kthread_parkme+0x82/0x180 [ 14.580067] ? preempt_count_sub+0x50/0x80 [ 14.580093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.580117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.580141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.580166] kthread+0x337/0x6f0 [ 14.580187] ? trace_preempt_on+0x20/0xc0 [ 14.580211] ? __pfx_kthread+0x10/0x10 [ 14.580233] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.580257] ? calculate_sigpending+0x7b/0xa0 [ 14.580282] ? __pfx_kthread+0x10/0x10 [ 14.580306] ret_from_fork+0x116/0x1d0 [ 14.580326] ? __pfx_kthread+0x10/0x10 [ 14.580348] ret_from_fork_asm+0x1a/0x30 [ 14.580381] </TASK> [ 14.580394] [ 14.594889] Allocated by task 282: [ 14.595036] kasan_save_stack+0x45/0x70 [ 14.595188] kasan_save_track+0x18/0x40 [ 14.595326] kasan_save_alloc_info+0x3b/0x50 [ 14.595476] __kasan_kmalloc+0xb7/0xc0 [ 14.595610] __kmalloc_cache_noprof+0x189/0x420 [ 14.595769] kasan_atomics+0x95/0x310 [ 14.595903] kunit_try_run_case+0x1a5/0x480 [ 14.596347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.596836] kthread+0x337/0x6f0 [ 14.597227] ret_from_fork+0x116/0x1d0 [ 14.597692] ret_from_fork_asm+0x1a/0x30 [ 14.598067] [ 14.598226] The buggy address belongs to the object at ffff888103a18380 [ 14.598226] which belongs to the cache kmalloc-64 of size 64 [ 14.600933] The buggy address is located 0 bytes to the right of [ 14.600933] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.602287] [ 14.602411] The buggy address belongs to the physical page: [ 14.602595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.602838] flags: 0x200000000000000(node=0|zone=2) [ 14.603793] page_type: f5(slab) [ 14.604988] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.606162] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.607169] page dumped because: kasan: bad access detected [ 14.607508] [ 14.607718] Memory state around the buggy address: [ 14.607895] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.608864] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.609233] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.609740] ^ [ 14.610093] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610509] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610987] ================================================================== [ 14.083402] ================================================================== [ 14.085039] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 14.085784] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.086045] [ 14.086148] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.086196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.086210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.086233] Call Trace: [ 14.086250] <TASK> [ 14.086266] dump_stack_lvl+0x73/0xb0 [ 14.086296] print_report+0xd1/0x650 [ 14.086319] ? __virt_addr_valid+0x1db/0x2d0 [ 14.086343] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.086365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.086389] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.086411] kasan_report+0x141/0x180 [ 14.086435] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.086462] __asan_report_store4_noabort+0x1b/0x30 [ 14.086484] kasan_atomics_helper+0x4b6e/0x5450 [ 14.086508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.086531] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.086556] ? kasan_save_alloc_info+0x3b/0x50 [ 14.086582] ? kasan_atomics+0x152/0x310 [ 14.086610] kasan_atomics+0x1dc/0x310 [ 14.086633] ? __pfx_kasan_atomics+0x10/0x10 [ 14.086659] ? __pfx_read_tsc+0x10/0x10 [ 14.086681] ? ktime_get_ts64+0x86/0x230 [ 14.086706] kunit_try_run_case+0x1a5/0x480 [ 14.086731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.086755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.086780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.086805] ? __kthread_parkme+0x82/0x180 [ 14.086827] ? preempt_count_sub+0x50/0x80 [ 14.086851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.086876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.086900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.086925] kthread+0x337/0x6f0 [ 14.086957] ? trace_preempt_on+0x20/0xc0 [ 14.086982] ? __pfx_kthread+0x10/0x10 [ 14.087003] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.087026] ? calculate_sigpending+0x7b/0xa0 [ 14.087050] ? __pfx_kthread+0x10/0x10 [ 14.087073] ret_from_fork+0x116/0x1d0 [ 14.087093] ? __pfx_kthread+0x10/0x10 [ 14.087121] ret_from_fork_asm+0x1a/0x30 [ 14.087153] </TASK> [ 14.087166] [ 14.097716] Allocated by task 282: [ 14.097859] kasan_save_stack+0x45/0x70 [ 14.098085] kasan_save_track+0x18/0x40 [ 14.098311] kasan_save_alloc_info+0x3b/0x50 [ 14.098654] __kasan_kmalloc+0xb7/0xc0 [ 14.098860] __kmalloc_cache_noprof+0x189/0x420 [ 14.099035] kasan_atomics+0x95/0x310 [ 14.099178] kunit_try_run_case+0x1a5/0x480 [ 14.099416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.099674] kthread+0x337/0x6f0 [ 14.099847] ret_from_fork+0x116/0x1d0 [ 14.100227] ret_from_fork_asm+0x1a/0x30 [ 14.100379] [ 14.100454] The buggy address belongs to the object at ffff888103a18380 [ 14.100454] which belongs to the cache kmalloc-64 of size 64 [ 14.101182] The buggy address is located 0 bytes to the right of [ 14.101182] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.101776] [ 14.101875] The buggy address belongs to the physical page: [ 14.102139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.102526] flags: 0x200000000000000(node=0|zone=2) [ 14.102773] page_type: f5(slab) [ 14.102897] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.103279] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.103879] page dumped because: kasan: bad access detected [ 14.104074] [ 14.104202] Memory state around the buggy address: [ 14.104458] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.104747] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.105181] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.105399] ^ [ 14.105576] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.106012] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.106537] ================================================================== [ 15.353146] ================================================================== [ 15.353418] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.354554] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.354879] [ 15.355080] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.355139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.355154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.355178] Call Trace: [ 15.355196] <TASK> [ 15.355213] dump_stack_lvl+0x73/0xb0 [ 15.355244] print_report+0xd1/0x650 [ 15.355267] ? __virt_addr_valid+0x1db/0x2d0 [ 15.355291] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.355314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.355338] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.355361] kasan_report+0x141/0x180 [ 15.355384] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.355412] __asan_report_load8_noabort+0x18/0x20 [ 15.355437] kasan_atomics_helper+0x4f98/0x5450 [ 15.355461] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.355484] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.355511] ? kasan_save_alloc_info+0x3b/0x50 [ 15.355535] ? kasan_atomics+0x152/0x310 [ 15.355564] kasan_atomics+0x1dc/0x310 [ 15.355588] ? __pfx_kasan_atomics+0x10/0x10 [ 15.355613] ? __pfx_read_tsc+0x10/0x10 [ 15.355636] ? ktime_get_ts64+0x86/0x230 [ 15.355661] kunit_try_run_case+0x1a5/0x480 [ 15.355686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.355709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.355735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.355759] ? __kthread_parkme+0x82/0x180 [ 15.355779] ? preempt_count_sub+0x50/0x80 [ 15.355804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.355829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.355853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.355878] kthread+0x337/0x6f0 [ 15.355899] ? trace_preempt_on+0x20/0xc0 [ 15.355924] ? __pfx_kthread+0x10/0x10 [ 15.355957] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.355979] ? calculate_sigpending+0x7b/0xa0 [ 15.356004] ? __pfx_kthread+0x10/0x10 [ 15.356027] ret_from_fork+0x116/0x1d0 [ 15.356046] ? __pfx_kthread+0x10/0x10 [ 15.356082] ret_from_fork_asm+0x1a/0x30 [ 15.356114] </TASK> [ 15.356127] [ 15.365662] Allocated by task 282: [ 15.365845] kasan_save_stack+0x45/0x70 [ 15.366012] kasan_save_track+0x18/0x40 [ 15.366390] kasan_save_alloc_info+0x3b/0x50 [ 15.366671] __kasan_kmalloc+0xb7/0xc0 [ 15.366820] __kmalloc_cache_noprof+0x189/0x420 [ 15.367253] kasan_atomics+0x95/0x310 [ 15.367527] kunit_try_run_case+0x1a5/0x480 [ 15.367723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.368103] kthread+0x337/0x6f0 [ 15.368261] ret_from_fork+0x116/0x1d0 [ 15.368427] ret_from_fork_asm+0x1a/0x30 [ 15.368605] [ 15.368692] The buggy address belongs to the object at ffff888103a18380 [ 15.368692] which belongs to the cache kmalloc-64 of size 64 [ 15.369600] The buggy address is located 0 bytes to the right of [ 15.369600] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.370304] [ 15.370561] The buggy address belongs to the physical page: [ 15.370835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.371336] flags: 0x200000000000000(node=0|zone=2) [ 15.371667] page_type: f5(slab) [ 15.371959] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.372521] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.372965] page dumped because: kasan: bad access detected [ 15.373429] [ 15.373635] Memory state around the buggy address: [ 15.373924] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.374475] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.374885] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.375389] ^ [ 15.375625] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.375965] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.376445] ================================================================== [ 15.462693] ================================================================== [ 15.463073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.463406] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.464083] [ 15.464214] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.464260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.464275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.464297] Call Trace: [ 15.464315] <TASK> [ 15.464332] dump_stack_lvl+0x73/0xb0 [ 15.464363] print_report+0xd1/0x650 [ 15.464387] ? __virt_addr_valid+0x1db/0x2d0 [ 15.464410] ? kasan_atomics_helper+0x224c/0x5450 [ 15.464433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.464458] ? kasan_atomics_helper+0x224c/0x5450 [ 15.464481] kasan_report+0x141/0x180 [ 15.464505] ? kasan_atomics_helper+0x224c/0x5450 [ 15.464532] kasan_check_range+0x10c/0x1c0 [ 15.464558] __kasan_check_write+0x18/0x20 [ 15.464580] kasan_atomics_helper+0x224c/0x5450 [ 15.464604] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.464627] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.464652] ? kasan_save_alloc_info+0x3b/0x50 [ 15.464677] ? kasan_atomics+0x152/0x310 [ 15.464705] kasan_atomics+0x1dc/0x310 [ 15.464730] ? __pfx_kasan_atomics+0x10/0x10 [ 15.464755] ? __pfx_read_tsc+0x10/0x10 [ 15.464778] ? ktime_get_ts64+0x86/0x230 [ 15.464803] kunit_try_run_case+0x1a5/0x480 [ 15.464830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.464854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.464878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.464902] ? __kthread_parkme+0x82/0x180 [ 15.464924] ? preempt_count_sub+0x50/0x80 [ 15.464961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.464986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.465012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.465036] kthread+0x337/0x6f0 [ 15.465056] ? trace_preempt_on+0x20/0xc0 [ 15.465090] ? __pfx_kthread+0x10/0x10 [ 15.465113] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.465135] ? calculate_sigpending+0x7b/0xa0 [ 15.465160] ? __pfx_kthread+0x10/0x10 [ 15.465184] ret_from_fork+0x116/0x1d0 [ 15.465204] ? __pfx_kthread+0x10/0x10 [ 15.465226] ret_from_fork_asm+0x1a/0x30 [ 15.465259] </TASK> [ 15.465272] [ 15.475889] Allocated by task 282: [ 15.476303] kasan_save_stack+0x45/0x70 [ 15.476626] kasan_save_track+0x18/0x40 [ 15.476996] kasan_save_alloc_info+0x3b/0x50 [ 15.477329] __kasan_kmalloc+0xb7/0xc0 [ 15.477635] __kmalloc_cache_noprof+0x189/0x420 [ 15.477856] kasan_atomics+0x95/0x310 [ 15.478043] kunit_try_run_case+0x1a5/0x480 [ 15.478494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.478840] kthread+0x337/0x6f0 [ 15.479214] ret_from_fork+0x116/0x1d0 [ 15.479409] ret_from_fork_asm+0x1a/0x30 [ 15.479600] [ 15.479694] The buggy address belongs to the object at ffff888103a18380 [ 15.479694] which belongs to the cache kmalloc-64 of size 64 [ 15.480445] The buggy address is located 0 bytes to the right of [ 15.480445] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.481361] [ 15.481579] The buggy address belongs to the physical page: [ 15.481951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.482688] flags: 0x200000000000000(node=0|zone=2) [ 15.483164] page_type: f5(slab) [ 15.483418] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.483924] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.484375] page dumped because: kasan: bad access detected [ 15.484614] [ 15.484707] Memory state around the buggy address: [ 15.484920] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.485492] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.486091] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.486583] ^ [ 15.487053] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.487407] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.487709] ================================================================== [ 14.247487] ================================================================== [ 14.248008] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.248461] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.248880] [ 14.248987] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.249034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.249048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.249073] Call Trace: [ 14.249090] <TASK> [ 14.249107] dump_stack_lvl+0x73/0xb0 [ 14.249136] print_report+0xd1/0x650 [ 14.249159] ? __virt_addr_valid+0x1db/0x2d0 [ 14.249184] ? kasan_atomics_helper+0x697/0x5450 [ 14.249207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.249230] ? kasan_atomics_helper+0x697/0x5450 [ 14.249254] kasan_report+0x141/0x180 [ 14.249278] ? kasan_atomics_helper+0x697/0x5450 [ 14.249306] kasan_check_range+0x10c/0x1c0 [ 14.249331] __kasan_check_write+0x18/0x20 [ 14.249352] kasan_atomics_helper+0x697/0x5450 [ 14.249376] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.249399] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.249425] ? kasan_save_alloc_info+0x3b/0x50 [ 14.249449] ? kasan_atomics+0x152/0x310 [ 14.249478] kasan_atomics+0x1dc/0x310 [ 14.249502] ? __pfx_kasan_atomics+0x10/0x10 [ 14.249529] ? __pfx_read_tsc+0x10/0x10 [ 14.249551] ? ktime_get_ts64+0x86/0x230 [ 14.249576] kunit_try_run_case+0x1a5/0x480 [ 14.249600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.249624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.249648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.249674] ? __kthread_parkme+0x82/0x180 [ 14.249695] ? preempt_count_sub+0x50/0x80 [ 14.249720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.249746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.249770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.249795] kthread+0x337/0x6f0 [ 14.249816] ? trace_preempt_on+0x20/0xc0 [ 14.249841] ? __pfx_kthread+0x10/0x10 [ 14.249862] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.249885] ? calculate_sigpending+0x7b/0xa0 [ 14.249910] ? __pfx_kthread+0x10/0x10 [ 14.249933] ret_from_fork+0x116/0x1d0 [ 14.249963] ? __pfx_kthread+0x10/0x10 [ 14.249985] ret_from_fork_asm+0x1a/0x30 [ 14.250017] </TASK> [ 14.250030] [ 14.257971] Allocated by task 282: [ 14.258274] kasan_save_stack+0x45/0x70 [ 14.258541] kasan_save_track+0x18/0x40 [ 14.258747] kasan_save_alloc_info+0x3b/0x50 [ 14.258974] __kasan_kmalloc+0xb7/0xc0 [ 14.259243] __kmalloc_cache_noprof+0x189/0x420 [ 14.259468] kasan_atomics+0x95/0x310 [ 14.259667] kunit_try_run_case+0x1a5/0x480 [ 14.260016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.260271] kthread+0x337/0x6f0 [ 14.260422] ret_from_fork+0x116/0x1d0 [ 14.260558] ret_from_fork_asm+0x1a/0x30 [ 14.260701] [ 14.260773] The buggy address belongs to the object at ffff888103a18380 [ 14.260773] which belongs to the cache kmalloc-64 of size 64 [ 14.261123] The buggy address is located 0 bytes to the right of [ 14.261123] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.261475] [ 14.261548] The buggy address belongs to the physical page: [ 14.261754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.262386] flags: 0x200000000000000(node=0|zone=2) [ 14.262809] page_type: f5(slab) [ 14.263001] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.263546] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.264003] page dumped because: kasan: bad access detected [ 14.264604] [ 14.264759] Memory state around the buggy address: [ 14.265043] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.265378] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.265965] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.266356] ^ [ 14.266738] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.267231] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.267667] ================================================================== [ 14.462395] ================================================================== [ 14.463072] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.463426] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.463776] [ 14.463889] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.463934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.463958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.463981] Call Trace: [ 14.463998] <TASK> [ 14.464014] dump_stack_lvl+0x73/0xb0 [ 14.464045] print_report+0xd1/0x650 [ 14.464086] ? __virt_addr_valid+0x1db/0x2d0 [ 14.464111] ? kasan_atomics_helper+0xc70/0x5450 [ 14.464133] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.464157] ? kasan_atomics_helper+0xc70/0x5450 [ 14.464180] kasan_report+0x141/0x180 [ 14.464204] ? kasan_atomics_helper+0xc70/0x5450 [ 14.464232] kasan_check_range+0x10c/0x1c0 [ 14.464257] __kasan_check_write+0x18/0x20 [ 14.464278] kasan_atomics_helper+0xc70/0x5450 [ 14.464301] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.464325] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.464351] ? kasan_save_alloc_info+0x3b/0x50 [ 14.464374] ? kasan_atomics+0x152/0x310 [ 14.464403] kasan_atomics+0x1dc/0x310 [ 14.464426] ? __pfx_kasan_atomics+0x10/0x10 [ 14.464452] ? __pfx_read_tsc+0x10/0x10 [ 14.464474] ? ktime_get_ts64+0x86/0x230 [ 14.464500] kunit_try_run_case+0x1a5/0x480 [ 14.464525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.464548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.464572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.464597] ? __kthread_parkme+0x82/0x180 [ 14.464618] ? preempt_count_sub+0x50/0x80 [ 14.464643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.464667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.464691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.464716] kthread+0x337/0x6f0 [ 14.464736] ? trace_preempt_on+0x20/0xc0 [ 14.464760] ? __pfx_kthread+0x10/0x10 [ 14.464783] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.464804] ? calculate_sigpending+0x7b/0xa0 [ 14.464829] ? __pfx_kthread+0x10/0x10 [ 14.464852] ret_from_fork+0x116/0x1d0 [ 14.464871] ? __pfx_kthread+0x10/0x10 [ 14.464894] ret_from_fork_asm+0x1a/0x30 [ 14.464926] </TASK> [ 14.464948] [ 14.472932] Allocated by task 282: [ 14.473190] kasan_save_stack+0x45/0x70 [ 14.473395] kasan_save_track+0x18/0x40 [ 14.473893] kasan_save_alloc_info+0x3b/0x50 [ 14.474215] __kasan_kmalloc+0xb7/0xc0 [ 14.474368] __kmalloc_cache_noprof+0x189/0x420 [ 14.474727] kasan_atomics+0x95/0x310 [ 14.474918] kunit_try_run_case+0x1a5/0x480 [ 14.475168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.475355] kthread+0x337/0x6f0 [ 14.475478] ret_from_fork+0x116/0x1d0 [ 14.475614] ret_from_fork_asm+0x1a/0x30 [ 14.475806] [ 14.475906] The buggy address belongs to the object at ffff888103a18380 [ 14.475906] which belongs to the cache kmalloc-64 of size 64 [ 14.476418] The buggy address is located 0 bytes to the right of [ 14.476418] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.477257] [ 14.477359] The buggy address belongs to the physical page: [ 14.477750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.478014] flags: 0x200000000000000(node=0|zone=2) [ 14.478182] page_type: f5(slab) [ 14.478450] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.478796] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.479154] page dumped because: kasan: bad access detected [ 14.479411] [ 14.479508] Memory state around the buggy address: [ 14.479839] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.480190] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.480582] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.480830] ^ [ 14.480998] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.481772] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.482045] ================================================================== [ 15.183340] ================================================================== [ 15.183826] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.184375] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.184747] [ 15.184844] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.184886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.184900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.184922] Call Trace: [ 15.184949] <TASK> [ 15.184963] dump_stack_lvl+0x73/0xb0 [ 15.184993] print_report+0xd1/0x650 [ 15.185016] ? __virt_addr_valid+0x1db/0x2d0 [ 15.185039] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.185061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.185097] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.185121] kasan_report+0x141/0x180 [ 15.185144] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.185173] __asan_report_load8_noabort+0x18/0x20 [ 15.185198] kasan_atomics_helper+0x4f30/0x5450 [ 15.185223] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.185246] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.185273] ? kasan_save_alloc_info+0x3b/0x50 [ 15.185298] ? kasan_atomics+0x152/0x310 [ 15.185326] kasan_atomics+0x1dc/0x310 [ 15.185351] ? __pfx_kasan_atomics+0x10/0x10 [ 15.185377] ? __pfx_read_tsc+0x10/0x10 [ 15.185400] ? ktime_get_ts64+0x86/0x230 [ 15.185427] kunit_try_run_case+0x1a5/0x480 [ 15.185453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.185478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.185504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.185531] ? __kthread_parkme+0x82/0x180 [ 15.185552] ? preempt_count_sub+0x50/0x80 [ 15.185578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.185604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.185628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.185653] kthread+0x337/0x6f0 [ 15.185676] ? trace_preempt_on+0x20/0xc0 [ 15.185701] ? __pfx_kthread+0x10/0x10 [ 15.185724] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.185746] ? calculate_sigpending+0x7b/0xa0 [ 15.185772] ? __pfx_kthread+0x10/0x10 [ 15.185794] ret_from_fork+0x116/0x1d0 [ 15.185814] ? __pfx_kthread+0x10/0x10 [ 15.185837] ret_from_fork_asm+0x1a/0x30 [ 15.185868] </TASK> [ 15.185882] [ 15.193383] Allocated by task 282: [ 15.193572] kasan_save_stack+0x45/0x70 [ 15.193775] kasan_save_track+0x18/0x40 [ 15.193955] kasan_save_alloc_info+0x3b/0x50 [ 15.194178] __kasan_kmalloc+0xb7/0xc0 [ 15.194316] __kmalloc_cache_noprof+0x189/0x420 [ 15.194542] kasan_atomics+0x95/0x310 [ 15.194734] kunit_try_run_case+0x1a5/0x480 [ 15.194883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.195069] kthread+0x337/0x6f0 [ 15.195264] ret_from_fork+0x116/0x1d0 [ 15.195458] ret_from_fork_asm+0x1a/0x30 [ 15.195658] [ 15.195757] The buggy address belongs to the object at ffff888103a18380 [ 15.195757] which belongs to the cache kmalloc-64 of size 64 [ 15.196158] The buggy address is located 0 bytes to the right of [ 15.196158] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.196725] [ 15.196826] The buggy address belongs to the physical page: [ 15.197114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.197404] flags: 0x200000000000000(node=0|zone=2) [ 15.197620] page_type: f5(slab) [ 15.197792] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.198133] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.198375] page dumped because: kasan: bad access detected [ 15.198550] [ 15.198624] Memory state around the buggy address: [ 15.198780] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.199110] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.199441] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.199755] ^ [ 15.199913] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.200138] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.200354] ================================================================== [ 15.120293] ================================================================== [ 15.121400] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 15.121662] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.121893] [ 15.121998] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.122043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.122065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.122086] Call Trace: [ 15.122104] <TASK> [ 15.122122] dump_stack_lvl+0x73/0xb0 [ 15.122152] print_report+0xd1/0x650 [ 15.122175] ? __virt_addr_valid+0x1db/0x2d0 [ 15.122199] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.122223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.122247] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.122270] kasan_report+0x141/0x180 [ 15.122293] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.122321] kasan_check_range+0x10c/0x1c0 [ 15.122347] __kasan_check_write+0x18/0x20 [ 15.122368] kasan_atomics_helper+0x1a7f/0x5450 [ 15.122392] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.122415] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.122441] ? kasan_save_alloc_info+0x3b/0x50 [ 15.122466] ? kasan_atomics+0x152/0x310 [ 15.122494] kasan_atomics+0x1dc/0x310 [ 15.122518] ? __pfx_kasan_atomics+0x10/0x10 [ 15.122543] ? __pfx_read_tsc+0x10/0x10 [ 15.122565] ? ktime_get_ts64+0x86/0x230 [ 15.122591] kunit_try_run_case+0x1a5/0x480 [ 15.122617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.122642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.122667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.122691] ? __kthread_parkme+0x82/0x180 [ 15.122713] ? preempt_count_sub+0x50/0x80 [ 15.122739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.122765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.122789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.122814] kthread+0x337/0x6f0 [ 15.122836] ? trace_preempt_on+0x20/0xc0 [ 15.122860] ? __pfx_kthread+0x10/0x10 [ 15.122882] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.122905] ? calculate_sigpending+0x7b/0xa0 [ 15.122929] ? __pfx_kthread+0x10/0x10 [ 15.123262] ret_from_fork+0x116/0x1d0 [ 15.123287] ? __pfx_kthread+0x10/0x10 [ 15.123312] ret_from_fork_asm+0x1a/0x30 [ 15.123526] </TASK> [ 15.123551] [ 15.136193] Allocated by task 282: [ 15.136517] kasan_save_stack+0x45/0x70 [ 15.136793] kasan_save_track+0x18/0x40 [ 15.136990] kasan_save_alloc_info+0x3b/0x50 [ 15.137336] __kasan_kmalloc+0xb7/0xc0 [ 15.137489] __kmalloc_cache_noprof+0x189/0x420 [ 15.137828] kasan_atomics+0x95/0x310 [ 15.138036] kunit_try_run_case+0x1a5/0x480 [ 15.138338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.138664] kthread+0x337/0x6f0 [ 15.138829] ret_from_fork+0x116/0x1d0 [ 15.139161] ret_from_fork_asm+0x1a/0x30 [ 15.139400] [ 15.139486] The buggy address belongs to the object at ffff888103a18380 [ 15.139486] which belongs to the cache kmalloc-64 of size 64 [ 15.140002] The buggy address is located 0 bytes to the right of [ 15.140002] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.140764] [ 15.140987] The buggy address belongs to the physical page: [ 15.141231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.141726] flags: 0x200000000000000(node=0|zone=2) [ 15.142014] page_type: f5(slab) [ 15.142237] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.142661] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.142991] page dumped because: kasan: bad access detected [ 15.143398] [ 15.143480] Memory state around the buggy address: [ 15.143827] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.144174] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.144561] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.144922] ^ [ 15.145172] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.145470] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.145765] ================================================================== [ 14.422709] ================================================================== [ 14.423058] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.423406] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.423699] [ 14.423983] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.424032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.424046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.424069] Call Trace: [ 14.424085] <TASK> [ 14.424102] dump_stack_lvl+0x73/0xb0 [ 14.424132] print_report+0xd1/0x650 [ 14.424156] ? __virt_addr_valid+0x1db/0x2d0 [ 14.424180] ? kasan_atomics_helper+0xac7/0x5450 [ 14.424201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.424225] ? kasan_atomics_helper+0xac7/0x5450 [ 14.424248] kasan_report+0x141/0x180 [ 14.424272] ? kasan_atomics_helper+0xac7/0x5450 [ 14.424299] kasan_check_range+0x10c/0x1c0 [ 14.424325] __kasan_check_write+0x18/0x20 [ 14.424345] kasan_atomics_helper+0xac7/0x5450 [ 14.424369] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.424392] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.424417] ? kasan_save_alloc_info+0x3b/0x50 [ 14.424442] ? kasan_atomics+0x152/0x310 [ 14.424471] kasan_atomics+0x1dc/0x310 [ 14.424498] ? __pfx_kasan_atomics+0x10/0x10 [ 14.424526] ? __pfx_read_tsc+0x10/0x10 [ 14.424548] ? ktime_get_ts64+0x86/0x230 [ 14.424573] kunit_try_run_case+0x1a5/0x480 [ 14.424598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.424622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.424647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.424671] ? __kthread_parkme+0x82/0x180 [ 14.424746] ? preempt_count_sub+0x50/0x80 [ 14.424775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.424801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.424825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.424849] kthread+0x337/0x6f0 [ 14.424871] ? trace_preempt_on+0x20/0xc0 [ 14.424895] ? __pfx_kthread+0x10/0x10 [ 14.424917] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.424950] ? calculate_sigpending+0x7b/0xa0 [ 14.424976] ? __pfx_kthread+0x10/0x10 [ 14.424999] ret_from_fork+0x116/0x1d0 [ 14.425019] ? __pfx_kthread+0x10/0x10 [ 14.425041] ret_from_fork_asm+0x1a/0x30 [ 14.425083] </TASK> [ 14.425096] [ 14.433760] Allocated by task 282: [ 14.433962] kasan_save_stack+0x45/0x70 [ 14.434171] kasan_save_track+0x18/0x40 [ 14.434331] kasan_save_alloc_info+0x3b/0x50 [ 14.434633] __kasan_kmalloc+0xb7/0xc0 [ 14.434832] __kmalloc_cache_noprof+0x189/0x420 [ 14.435049] kasan_atomics+0x95/0x310 [ 14.435234] kunit_try_run_case+0x1a5/0x480 [ 14.435417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.435827] kthread+0x337/0x6f0 [ 14.436034] ret_from_fork+0x116/0x1d0 [ 14.436191] ret_from_fork_asm+0x1a/0x30 [ 14.436400] [ 14.436502] The buggy address belongs to the object at ffff888103a18380 [ 14.436502] which belongs to the cache kmalloc-64 of size 64 [ 14.437051] The buggy address is located 0 bytes to the right of [ 14.437051] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.437552] [ 14.437700] The buggy address belongs to the physical page: [ 14.437902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.438303] flags: 0x200000000000000(node=0|zone=2) [ 14.438571] page_type: f5(slab) [ 14.438698] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.439039] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.439390] page dumped because: kasan: bad access detected [ 14.439569] [ 14.439642] Memory state around the buggy address: [ 14.439800] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.440031] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.440330] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.441060] ^ [ 14.441314] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.441670] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.441965] ================================================================== [ 14.772800] ================================================================== [ 14.773249] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.773622] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.773846] [ 14.773931] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.773984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.773999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.774022] Call Trace: [ 14.774039] <TASK> [ 14.774057] dump_stack_lvl+0x73/0xb0 [ 14.774084] print_report+0xd1/0x650 [ 14.774109] ? __virt_addr_valid+0x1db/0x2d0 [ 14.774131] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.774165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.774189] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.774213] kasan_report+0x141/0x180 [ 14.774236] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.774264] __asan_report_load4_noabort+0x18/0x20 [ 14.774290] kasan_atomics_helper+0x49e8/0x5450 [ 14.774314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.774339] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.774364] ? kasan_save_alloc_info+0x3b/0x50 [ 14.774389] ? kasan_atomics+0x152/0x310 [ 14.774417] kasan_atomics+0x1dc/0x310 [ 14.774442] ? __pfx_kasan_atomics+0x10/0x10 [ 14.774468] ? __pfx_read_tsc+0x10/0x10 [ 14.774489] ? ktime_get_ts64+0x86/0x230 [ 14.774514] kunit_try_run_case+0x1a5/0x480 [ 14.774540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.774563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.774587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.774612] ? __kthread_parkme+0x82/0x180 [ 14.774634] ? preempt_count_sub+0x50/0x80 [ 14.774659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.774684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.774710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.774735] kthread+0x337/0x6f0 [ 14.774756] ? trace_preempt_on+0x20/0xc0 [ 14.774780] ? __pfx_kthread+0x10/0x10 [ 14.774802] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.774825] ? calculate_sigpending+0x7b/0xa0 [ 14.774851] ? __pfx_kthread+0x10/0x10 [ 14.774874] ret_from_fork+0x116/0x1d0 [ 14.774894] ? __pfx_kthread+0x10/0x10 [ 14.774916] ret_from_fork_asm+0x1a/0x30 [ 14.774957] </TASK> [ 14.774970] [ 14.782591] Allocated by task 282: [ 14.782775] kasan_save_stack+0x45/0x70 [ 14.783003] kasan_save_track+0x18/0x40 [ 14.783453] kasan_save_alloc_info+0x3b/0x50 [ 14.783652] __kasan_kmalloc+0xb7/0xc0 [ 14.783784] __kmalloc_cache_noprof+0x189/0x420 [ 14.783950] kasan_atomics+0x95/0x310 [ 14.784086] kunit_try_run_case+0x1a5/0x480 [ 14.784231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.785593] kthread+0x337/0x6f0 [ 14.785775] ret_from_fork+0x116/0x1d0 [ 14.785977] ret_from_fork_asm+0x1a/0x30 [ 14.786540] [ 14.786649] The buggy address belongs to the object at ffff888103a18380 [ 14.786649] which belongs to the cache kmalloc-64 of size 64 [ 14.787699] The buggy address is located 0 bytes to the right of [ 14.787699] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.788652] [ 14.788767] The buggy address belongs to the physical page: [ 14.789373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.789901] flags: 0x200000000000000(node=0|zone=2) [ 14.790354] page_type: f5(slab) [ 14.790645] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.790990] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.791544] page dumped because: kasan: bad access detected [ 14.791979] [ 14.792235] Memory state around the buggy address: [ 14.792463] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.792775] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.793083] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.793381] ^ [ 14.793591] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.793884] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.794554] ================================================================== [ 15.228914] ================================================================== [ 15.229268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.230091] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.230416] [ 15.230532] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.230581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.230595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.230619] Call Trace: [ 15.230638] <TASK> [ 15.230656] dump_stack_lvl+0x73/0xb0 [ 15.230685] print_report+0xd1/0x650 [ 15.230709] ? __virt_addr_valid+0x1db/0x2d0 [ 15.230733] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.230756] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.230780] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.230803] kasan_report+0x141/0x180 [ 15.230826] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.230854] kasan_check_range+0x10c/0x1c0 [ 15.230879] __kasan_check_write+0x18/0x20 [ 15.230899] kasan_atomics_helper+0x1d7a/0x5450 [ 15.230927] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.230964] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.230989] ? kasan_save_alloc_info+0x3b/0x50 [ 15.231014] ? kasan_atomics+0x152/0x310 [ 15.231043] kasan_atomics+0x1dc/0x310 [ 15.231068] ? __pfx_kasan_atomics+0x10/0x10 [ 15.231093] ? __pfx_read_tsc+0x10/0x10 [ 15.231120] ? ktime_get_ts64+0x86/0x230 [ 15.231145] kunit_try_run_case+0x1a5/0x480 [ 15.231171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.231194] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.231220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.231244] ? __kthread_parkme+0x82/0x180 [ 15.231266] ? preempt_count_sub+0x50/0x80 [ 15.231291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.231318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.231342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.231367] kthread+0x337/0x6f0 [ 15.231389] ? trace_preempt_on+0x20/0xc0 [ 15.231413] ? __pfx_kthread+0x10/0x10 [ 15.231435] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.231458] ? calculate_sigpending+0x7b/0xa0 [ 15.231483] ? __pfx_kthread+0x10/0x10 [ 15.231506] ret_from_fork+0x116/0x1d0 [ 15.231526] ? __pfx_kthread+0x10/0x10 [ 15.231548] ret_from_fork_asm+0x1a/0x30 [ 15.231580] </TASK> [ 15.231592] [ 15.239347] Allocated by task 282: [ 15.239485] kasan_save_stack+0x45/0x70 [ 15.239628] kasan_save_track+0x18/0x40 [ 15.239820] kasan_save_alloc_info+0x3b/0x50 [ 15.240074] __kasan_kmalloc+0xb7/0xc0 [ 15.240396] __kmalloc_cache_noprof+0x189/0x420 [ 15.240554] kasan_atomics+0x95/0x310 [ 15.240690] kunit_try_run_case+0x1a5/0x480 [ 15.240838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.241066] kthread+0x337/0x6f0 [ 15.241239] ret_from_fork+0x116/0x1d0 [ 15.241434] ret_from_fork_asm+0x1a/0x30 [ 15.241660] [ 15.241770] The buggy address belongs to the object at ffff888103a18380 [ 15.241770] which belongs to the cache kmalloc-64 of size 64 [ 15.242465] The buggy address is located 0 bytes to the right of [ 15.242465] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.242960] [ 15.243060] The buggy address belongs to the physical page: [ 15.243336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.243676] flags: 0x200000000000000(node=0|zone=2) [ 15.243846] page_type: f5(slab) [ 15.243990] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.244335] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.244840] page dumped because: kasan: bad access detected [ 15.245090] [ 15.245192] Memory state around the buggy address: [ 15.245363] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.245583] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.245837] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.246195] ^ [ 15.246578] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.246948] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.247238] ================================================================== [ 15.146853] ================================================================== [ 15.147226] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 15.147690] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.148264] [ 15.148472] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.148523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.148538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.148562] Call Trace: [ 15.148582] <TASK> [ 15.148600] dump_stack_lvl+0x73/0xb0 [ 15.148631] print_report+0xd1/0x650 [ 15.148655] ? __virt_addr_valid+0x1db/0x2d0 [ 15.148678] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.148703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.148727] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.148751] kasan_report+0x141/0x180 [ 15.148775] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.148803] kasan_check_range+0x10c/0x1c0 [ 15.148828] __kasan_check_write+0x18/0x20 [ 15.148849] kasan_atomics_helper+0x1b22/0x5450 [ 15.148873] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.148896] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.148922] ? kasan_save_alloc_info+0x3b/0x50 [ 15.148960] ? kasan_atomics+0x152/0x310 [ 15.148988] kasan_atomics+0x1dc/0x310 [ 15.149012] ? __pfx_kasan_atomics+0x10/0x10 [ 15.149038] ? __pfx_read_tsc+0x10/0x10 [ 15.149059] ? ktime_get_ts64+0x86/0x230 [ 15.149086] kunit_try_run_case+0x1a5/0x480 [ 15.149112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.149136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.149160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.149185] ? __kthread_parkme+0x82/0x180 [ 15.149206] ? preempt_count_sub+0x50/0x80 [ 15.149231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.149257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.149281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.149306] kthread+0x337/0x6f0 [ 15.149327] ? trace_preempt_on+0x20/0xc0 [ 15.149351] ? __pfx_kthread+0x10/0x10 [ 15.149374] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.149396] ? calculate_sigpending+0x7b/0xa0 [ 15.149422] ? __pfx_kthread+0x10/0x10 [ 15.149444] ret_from_fork+0x116/0x1d0 [ 15.149464] ? __pfx_kthread+0x10/0x10 [ 15.149486] ret_from_fork_asm+0x1a/0x30 [ 15.149518] </TASK> [ 15.149531] [ 15.157287] Allocated by task 282: [ 15.157490] kasan_save_stack+0x45/0x70 [ 15.157662] kasan_save_track+0x18/0x40 [ 15.157802] kasan_save_alloc_info+0x3b/0x50 [ 15.157968] __kasan_kmalloc+0xb7/0xc0 [ 15.158230] __kmalloc_cache_noprof+0x189/0x420 [ 15.158456] kasan_atomics+0x95/0x310 [ 15.158646] kunit_try_run_case+0x1a5/0x480 [ 15.158841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.159122] kthread+0x337/0x6f0 [ 15.159265] ret_from_fork+0x116/0x1d0 [ 15.159457] ret_from_fork_asm+0x1a/0x30 [ 15.159613] [ 15.159712] The buggy address belongs to the object at ffff888103a18380 [ 15.159712] which belongs to the cache kmalloc-64 of size 64 [ 15.160250] The buggy address is located 0 bytes to the right of [ 15.160250] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.160619] [ 15.160695] The buggy address belongs to the physical page: [ 15.160934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.161304] flags: 0x200000000000000(node=0|zone=2) [ 15.161542] page_type: f5(slab) [ 15.161710] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.162319] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.162564] page dumped because: kasan: bad access detected [ 15.162736] [ 15.162810] Memory state around the buggy address: [ 15.163045] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.163389] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.163694] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.163990] ^ [ 15.164273] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.164557] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.164843] ================================================================== [ 15.098690] ================================================================== [ 15.099463] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 15.099757] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.100238] [ 15.100570] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.100620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.100633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.100657] Call Trace: [ 15.100746] <TASK> [ 15.100766] dump_stack_lvl+0x73/0xb0 [ 15.100798] print_report+0xd1/0x650 [ 15.100824] ? __virt_addr_valid+0x1db/0x2d0 [ 15.100849] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.100873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.100897] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.100920] kasan_report+0x141/0x180 [ 15.100959] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.101011] kasan_check_range+0x10c/0x1c0 [ 15.101038] __kasan_check_write+0x18/0x20 [ 15.101059] kasan_atomics_helper+0x19e3/0x5450 [ 15.101112] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.101137] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.101163] ? kasan_save_alloc_info+0x3b/0x50 [ 15.101206] ? kasan_atomics+0x152/0x310 [ 15.101235] kasan_atomics+0x1dc/0x310 [ 15.101259] ? __pfx_kasan_atomics+0x10/0x10 [ 15.101285] ? __pfx_read_tsc+0x10/0x10 [ 15.101308] ? ktime_get_ts64+0x86/0x230 [ 15.101334] kunit_try_run_case+0x1a5/0x480 [ 15.101359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.101383] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.101408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.101433] ? __kthread_parkme+0x82/0x180 [ 15.101454] ? preempt_count_sub+0x50/0x80 [ 15.101479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.101520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.101545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.101570] kthread+0x337/0x6f0 [ 15.101592] ? trace_preempt_on+0x20/0xc0 [ 15.101616] ? __pfx_kthread+0x10/0x10 [ 15.101638] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.101661] ? calculate_sigpending+0x7b/0xa0 [ 15.101687] ? __pfx_kthread+0x10/0x10 [ 15.101710] ret_from_fork+0x116/0x1d0 [ 15.101731] ? __pfx_kthread+0x10/0x10 [ 15.101753] ret_from_fork_asm+0x1a/0x30 [ 15.101786] </TASK> [ 15.101798] [ 15.109686] Allocated by task 282: [ 15.109823] kasan_save_stack+0x45/0x70 [ 15.110047] kasan_save_track+0x18/0x40 [ 15.110255] kasan_save_alloc_info+0x3b/0x50 [ 15.110496] __kasan_kmalloc+0xb7/0xc0 [ 15.110706] __kmalloc_cache_noprof+0x189/0x420 [ 15.110957] kasan_atomics+0x95/0x310 [ 15.111134] kunit_try_run_case+0x1a5/0x480 [ 15.111360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.111604] kthread+0x337/0x6f0 [ 15.111751] ret_from_fork+0x116/0x1d0 [ 15.111980] ret_from_fork_asm+0x1a/0x30 [ 15.112232] [ 15.112341] The buggy address belongs to the object at ffff888103a18380 [ 15.112341] which belongs to the cache kmalloc-64 of size 64 [ 15.112822] The buggy address is located 0 bytes to the right of [ 15.112822] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.113387] [ 15.113495] The buggy address belongs to the physical page: [ 15.113733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.114047] flags: 0x200000000000000(node=0|zone=2) [ 15.114214] page_type: f5(slab) [ 15.114341] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.114933] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.115299] page dumped because: kasan: bad access detected [ 15.115672] [ 15.115748] Memory state around the buggy address: [ 15.115904] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.116242] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.116569] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.116917] ^ [ 15.117081] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.117299] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.118086] ================================================================== [ 14.635719] ================================================================== [ 14.636073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.636441] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.637022] [ 14.637258] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.637324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.637339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.637362] Call Trace: [ 14.637381] <TASK> [ 14.637411] dump_stack_lvl+0x73/0xb0 [ 14.637441] print_report+0xd1/0x650 [ 14.637519] ? __virt_addr_valid+0x1db/0x2d0 [ 14.637547] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.637604] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.637629] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.637663] kasan_report+0x141/0x180 [ 14.637687] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.637732] __asan_report_load4_noabort+0x18/0x20 [ 14.637767] kasan_atomics_helper+0x4a36/0x5450 [ 14.637792] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.637825] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.637851] ? kasan_save_alloc_info+0x3b/0x50 [ 14.637876] ? kasan_atomics+0x152/0x310 [ 14.637904] kasan_atomics+0x1dc/0x310 [ 14.637928] ? __pfx_kasan_atomics+0x10/0x10 [ 14.637964] ? __pfx_read_tsc+0x10/0x10 [ 14.638012] ? ktime_get_ts64+0x86/0x230 [ 14.638039] kunit_try_run_case+0x1a5/0x480 [ 14.638064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.638098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.638122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.638163] ? __kthread_parkme+0x82/0x180 [ 14.638193] ? preempt_count_sub+0x50/0x80 [ 14.638218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.638242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.638277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.638302] kthread+0x337/0x6f0 [ 14.638323] ? trace_preempt_on+0x20/0xc0 [ 14.638347] ? __pfx_kthread+0x10/0x10 [ 14.638370] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.638392] ? calculate_sigpending+0x7b/0xa0 [ 14.638417] ? __pfx_kthread+0x10/0x10 [ 14.638440] ret_from_fork+0x116/0x1d0 [ 14.638460] ? __pfx_kthread+0x10/0x10 [ 14.638491] ret_from_fork_asm+0x1a/0x30 [ 14.638524] </TASK> [ 14.638537] [ 14.653437] Allocated by task 282: [ 14.653849] kasan_save_stack+0x45/0x70 [ 14.654286] kasan_save_track+0x18/0x40 [ 14.654726] kasan_save_alloc_info+0x3b/0x50 [ 14.655085] __kasan_kmalloc+0xb7/0xc0 [ 14.655238] __kmalloc_cache_noprof+0x189/0x420 [ 14.655736] kasan_atomics+0x95/0x310 [ 14.656198] kunit_try_run_case+0x1a5/0x480 [ 14.656354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.656701] kthread+0x337/0x6f0 [ 14.657131] ret_from_fork+0x116/0x1d0 [ 14.657564] ret_from_fork_asm+0x1a/0x30 [ 14.657949] [ 14.658165] The buggy address belongs to the object at ffff888103a18380 [ 14.658165] which belongs to the cache kmalloc-64 of size 64 [ 14.659220] The buggy address is located 0 bytes to the right of [ 14.659220] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.659923] [ 14.660102] The buggy address belongs to the physical page: [ 14.660672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.661691] flags: 0x200000000000000(node=0|zone=2) [ 14.661869] page_type: f5(slab) [ 14.662009] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.662452] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.663269] page dumped because: kasan: bad access detected [ 14.663861] [ 14.664048] Memory state around the buggy address: [ 14.664720] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.665557] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.666030] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.666548] ^ [ 14.667080] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.667576] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.668228] ================================================================== [ 14.717562] ================================================================== [ 14.717996] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.718710] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.719036] [ 14.719142] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.719201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.719215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.719239] Call Trace: [ 14.719254] <TASK> [ 14.719270] dump_stack_lvl+0x73/0xb0 [ 14.719299] print_report+0xd1/0x650 [ 14.719322] ? __virt_addr_valid+0x1db/0x2d0 [ 14.719346] ? kasan_atomics_helper+0x1148/0x5450 [ 14.719369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.719392] ? kasan_atomics_helper+0x1148/0x5450 [ 14.719415] kasan_report+0x141/0x180 [ 14.719439] ? kasan_atomics_helper+0x1148/0x5450 [ 14.719467] kasan_check_range+0x10c/0x1c0 [ 14.719492] __kasan_check_write+0x18/0x20 [ 14.719512] kasan_atomics_helper+0x1148/0x5450 [ 14.719536] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.719560] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.719584] ? kasan_save_alloc_info+0x3b/0x50 [ 14.719609] ? kasan_atomics+0x152/0x310 [ 14.719637] kasan_atomics+0x1dc/0x310 [ 14.719660] ? __pfx_kasan_atomics+0x10/0x10 [ 14.719687] ? __pfx_read_tsc+0x10/0x10 [ 14.719710] ? ktime_get_ts64+0x86/0x230 [ 14.719735] kunit_try_run_case+0x1a5/0x480 [ 14.719760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.719784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.719809] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.719833] ? __kthread_parkme+0x82/0x180 [ 14.719855] ? preempt_count_sub+0x50/0x80 [ 14.719879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.719905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.719929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.719964] kthread+0x337/0x6f0 [ 14.719985] ? trace_preempt_on+0x20/0xc0 [ 14.720010] ? __pfx_kthread+0x10/0x10 [ 14.720032] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.720055] ? calculate_sigpending+0x7b/0xa0 [ 14.720080] ? __pfx_kthread+0x10/0x10 [ 14.720102] ret_from_fork+0x116/0x1d0 [ 14.720122] ? __pfx_kthread+0x10/0x10 [ 14.720144] ret_from_fork_asm+0x1a/0x30 [ 14.720188] </TASK> [ 14.720209] [ 14.728245] Allocated by task 282: [ 14.728430] kasan_save_stack+0x45/0x70 [ 14.728605] kasan_save_track+0x18/0x40 [ 14.728743] kasan_save_alloc_info+0x3b/0x50 [ 14.728894] __kasan_kmalloc+0xb7/0xc0 [ 14.729085] __kmalloc_cache_noprof+0x189/0x420 [ 14.729317] kasan_atomics+0x95/0x310 [ 14.729612] kunit_try_run_case+0x1a5/0x480 [ 14.729758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.729933] kthread+0x337/0x6f0 [ 14.730063] ret_from_fork+0x116/0x1d0 [ 14.730195] ret_from_fork_asm+0x1a/0x30 [ 14.730435] [ 14.730534] The buggy address belongs to the object at ffff888103a18380 [ 14.730534] which belongs to the cache kmalloc-64 of size 64 [ 14.731072] The buggy address is located 0 bytes to the right of [ 14.731072] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.731556] [ 14.731631] The buggy address belongs to the physical page: [ 14.731805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.732319] flags: 0x200000000000000(node=0|zone=2) [ 14.732559] page_type: f5(slab) [ 14.732735] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.733095] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.733395] page dumped because: kasan: bad access detected [ 14.733627] [ 14.733726] Memory state around the buggy address: [ 14.733931] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.734230] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.734501] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.734806] ^ [ 14.735049] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.735334] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.735587] ================================================================== [ 15.265979] ================================================================== [ 15.266443] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.266808] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.267178] [ 15.267286] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.267329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.267342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.267365] Call Trace: [ 15.267381] <TASK> [ 15.267397] dump_stack_lvl+0x73/0xb0 [ 15.267437] print_report+0xd1/0x650 [ 15.267469] ? __virt_addr_valid+0x1db/0x2d0 [ 15.267492] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.267515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.267539] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.267563] kasan_report+0x141/0x180 [ 15.267586] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.267613] kasan_check_range+0x10c/0x1c0 [ 15.267638] __kasan_check_write+0x18/0x20 [ 15.267659] kasan_atomics_helper+0x1eaa/0x5450 [ 15.267684] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.267707] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.267732] ? kasan_save_alloc_info+0x3b/0x50 [ 15.267757] ? kasan_atomics+0x152/0x310 [ 15.267785] kasan_atomics+0x1dc/0x310 [ 15.267809] ? __pfx_kasan_atomics+0x10/0x10 [ 15.267836] ? __pfx_read_tsc+0x10/0x10 [ 15.267858] ? ktime_get_ts64+0x86/0x230 [ 15.267884] kunit_try_run_case+0x1a5/0x480 [ 15.267910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.267933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.267969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.267994] ? __kthread_parkme+0x82/0x180 [ 15.268015] ? preempt_count_sub+0x50/0x80 [ 15.268040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.268065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.268090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.268114] kthread+0x337/0x6f0 [ 15.268136] ? trace_preempt_on+0x20/0xc0 [ 15.268160] ? __pfx_kthread+0x10/0x10 [ 15.268183] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.268206] ? calculate_sigpending+0x7b/0xa0 [ 15.268231] ? __pfx_kthread+0x10/0x10 [ 15.268256] ret_from_fork+0x116/0x1d0 [ 15.268275] ? __pfx_kthread+0x10/0x10 [ 15.268297] ret_from_fork_asm+0x1a/0x30 [ 15.268330] </TASK> [ 15.268344] [ 15.276233] Allocated by task 282: [ 15.276399] kasan_save_stack+0x45/0x70 [ 15.276552] kasan_save_track+0x18/0x40 [ 15.276748] kasan_save_alloc_info+0x3b/0x50 [ 15.276925] __kasan_kmalloc+0xb7/0xc0 [ 15.277100] __kmalloc_cache_noprof+0x189/0x420 [ 15.277302] kasan_atomics+0x95/0x310 [ 15.277474] kunit_try_run_case+0x1a5/0x480 [ 15.277659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.277898] kthread+0x337/0x6f0 [ 15.278084] ret_from_fork+0x116/0x1d0 [ 15.278259] ret_from_fork_asm+0x1a/0x30 [ 15.278437] [ 15.278527] The buggy address belongs to the object at ffff888103a18380 [ 15.278527] which belongs to the cache kmalloc-64 of size 64 [ 15.278878] The buggy address is located 0 bytes to the right of [ 15.278878] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.279260] [ 15.279337] The buggy address belongs to the physical page: [ 15.279512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.280091] flags: 0x200000000000000(node=0|zone=2) [ 15.280347] page_type: f5(slab) [ 15.280521] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.280864] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.281213] page dumped because: kasan: bad access detected [ 15.281674] [ 15.281772] Memory state around the buggy address: [ 15.281955] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.282452] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.282721] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.283028] ^ [ 15.283306] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.283524] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.283740] ================================================================== [ 14.482442] ================================================================== [ 14.482750] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.483009] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.483305] [ 14.483423] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.483467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.483482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.483504] Call Trace: [ 14.483521] <TASK> [ 14.483538] dump_stack_lvl+0x73/0xb0 [ 14.483566] print_report+0xd1/0x650 [ 14.483590] ? __virt_addr_valid+0x1db/0x2d0 [ 14.483613] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.483636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.483659] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.483682] kasan_report+0x141/0x180 [ 14.483705] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.483732] __asan_report_load4_noabort+0x18/0x20 [ 14.483758] kasan_atomics_helper+0x4a84/0x5450 [ 14.483842] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.483866] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.483892] ? kasan_save_alloc_info+0x3b/0x50 [ 14.483917] ? kasan_atomics+0x152/0x310 [ 14.483961] kasan_atomics+0x1dc/0x310 [ 14.483985] ? __pfx_kasan_atomics+0x10/0x10 [ 14.484011] ? __pfx_read_tsc+0x10/0x10 [ 14.484033] ? ktime_get_ts64+0x86/0x230 [ 14.484059] kunit_try_run_case+0x1a5/0x480 [ 14.484086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.484110] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.484134] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.484159] ? __kthread_parkme+0x82/0x180 [ 14.484179] ? preempt_count_sub+0x50/0x80 [ 14.484205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.484230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.484254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.484278] kthread+0x337/0x6f0 [ 14.484298] ? trace_preempt_on+0x20/0xc0 [ 14.484322] ? __pfx_kthread+0x10/0x10 [ 14.484344] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.484367] ? calculate_sigpending+0x7b/0xa0 [ 14.484392] ? __pfx_kthread+0x10/0x10 [ 14.484415] ret_from_fork+0x116/0x1d0 [ 14.484434] ? __pfx_kthread+0x10/0x10 [ 14.484456] ret_from_fork_asm+0x1a/0x30 [ 14.484531] </TASK> [ 14.484544] [ 14.492774] Allocated by task 282: [ 14.492976] kasan_save_stack+0x45/0x70 [ 14.493177] kasan_save_track+0x18/0x40 [ 14.493363] kasan_save_alloc_info+0x3b/0x50 [ 14.493571] __kasan_kmalloc+0xb7/0xc0 [ 14.493740] __kmalloc_cache_noprof+0x189/0x420 [ 14.493919] kasan_atomics+0x95/0x310 [ 14.494065] kunit_try_run_case+0x1a5/0x480 [ 14.494244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.494681] kthread+0x337/0x6f0 [ 14.494830] ret_from_fork+0x116/0x1d0 [ 14.495209] ret_from_fork_asm+0x1a/0x30 [ 14.495366] [ 14.495441] The buggy address belongs to the object at ffff888103a18380 [ 14.495441] which belongs to the cache kmalloc-64 of size 64 [ 14.495805] The buggy address is located 0 bytes to the right of [ 14.495805] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.496387] [ 14.496603] The buggy address belongs to the physical page: [ 14.497085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.497378] flags: 0x200000000000000(node=0|zone=2) [ 14.497547] page_type: f5(slab) [ 14.497670] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.498803] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.499098] page dumped because: kasan: bad access detected [ 14.499340] [ 14.499435] Memory state around the buggy address: [ 14.500000] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.500664] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.501001] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.501634] ^ [ 14.501869] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.502539] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.503328] ================================================================== [ 14.838027] ================================================================== [ 14.838524] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.838782] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.839311] [ 14.839460] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.839506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.839522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.839545] Call Trace: [ 14.839560] <TASK> [ 14.839576] dump_stack_lvl+0x73/0xb0 [ 14.839604] print_report+0xd1/0x650 [ 14.839628] ? __virt_addr_valid+0x1db/0x2d0 [ 14.839651] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.839674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.839698] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.839722] kasan_report+0x141/0x180 [ 14.839745] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.839773] kasan_check_range+0x10c/0x1c0 [ 14.839797] __kasan_check_read+0x15/0x20 [ 14.839818] kasan_atomics_helper+0x13b5/0x5450 [ 14.839843] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.839866] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.839891] ? kasan_save_alloc_info+0x3b/0x50 [ 14.839916] ? kasan_atomics+0x152/0x310 [ 14.839957] kasan_atomics+0x1dc/0x310 [ 14.839981] ? __pfx_kasan_atomics+0x10/0x10 [ 14.840007] ? __pfx_read_tsc+0x10/0x10 [ 14.840030] ? ktime_get_ts64+0x86/0x230 [ 14.840055] kunit_try_run_case+0x1a5/0x480 [ 14.840081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.840105] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.840130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.840154] ? __kthread_parkme+0x82/0x180 [ 14.840175] ? preempt_count_sub+0x50/0x80 [ 14.840201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.840226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.840250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.840274] kthread+0x337/0x6f0 [ 14.840296] ? trace_preempt_on+0x20/0xc0 [ 14.840321] ? __pfx_kthread+0x10/0x10 [ 14.840343] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.840366] ? calculate_sigpending+0x7b/0xa0 [ 14.840391] ? __pfx_kthread+0x10/0x10 [ 14.840414] ret_from_fork+0x116/0x1d0 [ 14.840434] ? __pfx_kthread+0x10/0x10 [ 14.840456] ret_from_fork_asm+0x1a/0x30 [ 14.840488] </TASK> [ 14.840501] [ 14.847956] Allocated by task 282: [ 14.848161] kasan_save_stack+0x45/0x70 [ 14.848309] kasan_save_track+0x18/0x40 [ 14.848447] kasan_save_alloc_info+0x3b/0x50 [ 14.848598] __kasan_kmalloc+0xb7/0xc0 [ 14.848732] __kmalloc_cache_noprof+0x189/0x420 [ 14.848889] kasan_atomics+0x95/0x310 [ 14.849035] kunit_try_run_case+0x1a5/0x480 [ 14.849185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.849361] kthread+0x337/0x6f0 [ 14.849558] ret_from_fork+0x116/0x1d0 [ 14.849747] ret_from_fork_asm+0x1a/0x30 [ 14.849954] [ 14.850053] The buggy address belongs to the object at ffff888103a18380 [ 14.850053] which belongs to the cache kmalloc-64 of size 64 [ 14.851004] The buggy address is located 0 bytes to the right of [ 14.851004] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.851576] [ 14.851652] The buggy address belongs to the physical page: [ 14.851826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.852116] flags: 0x200000000000000(node=0|zone=2) [ 14.852361] page_type: f5(slab) [ 14.852537] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.852891] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.853485] page dumped because: kasan: bad access detected [ 14.853749] [ 14.853853] Memory state around the buggy address: [ 14.854084] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.854338] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.854560] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.854776] ^ [ 14.854933] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.855524] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.855844] ================================================================== [ 14.697552] ================================================================== [ 14.697862] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.698269] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.698672] [ 14.698765] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.698808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.698822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.698845] Call Trace: [ 14.698863] <TASK> [ 14.698880] dump_stack_lvl+0x73/0xb0 [ 14.698911] print_report+0xd1/0x650 [ 14.698935] ? __virt_addr_valid+0x1db/0x2d0 [ 14.698973] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.698995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.699020] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.699044] kasan_report+0x141/0x180 [ 14.699079] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.699107] __asan_report_load4_noabort+0x18/0x20 [ 14.699136] kasan_atomics_helper+0x4a1c/0x5450 [ 14.699161] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.699184] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.699210] ? kasan_save_alloc_info+0x3b/0x50 [ 14.699234] ? kasan_atomics+0x152/0x310 [ 14.699262] kasan_atomics+0x1dc/0x310 [ 14.699287] ? __pfx_kasan_atomics+0x10/0x10 [ 14.699322] ? __pfx_read_tsc+0x10/0x10 [ 14.699345] ? ktime_get_ts64+0x86/0x230 [ 14.699370] kunit_try_run_case+0x1a5/0x480 [ 14.699395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699420] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.699445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.699469] ? __kthread_parkme+0x82/0x180 [ 14.699491] ? preempt_count_sub+0x50/0x80 [ 14.699517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.699565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.699590] kthread+0x337/0x6f0 [ 14.699611] ? trace_preempt_on+0x20/0xc0 [ 14.699636] ? __pfx_kthread+0x10/0x10 [ 14.699658] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.699680] ? calculate_sigpending+0x7b/0xa0 [ 14.699705] ? __pfx_kthread+0x10/0x10 [ 14.699728] ret_from_fork+0x116/0x1d0 [ 14.699747] ? __pfx_kthread+0x10/0x10 [ 14.699770] ret_from_fork_asm+0x1a/0x30 [ 14.699801] </TASK> [ 14.699814] [ 14.708563] Allocated by task 282: [ 14.708753] kasan_save_stack+0x45/0x70 [ 14.708919] kasan_save_track+0x18/0x40 [ 14.709066] kasan_save_alloc_info+0x3b/0x50 [ 14.709414] __kasan_kmalloc+0xb7/0xc0 [ 14.709604] __kmalloc_cache_noprof+0x189/0x420 [ 14.709842] kasan_atomics+0x95/0x310 [ 14.710005] kunit_try_run_case+0x1a5/0x480 [ 14.710358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.710651] kthread+0x337/0x6f0 [ 14.710781] ret_from_fork+0x116/0x1d0 [ 14.710991] ret_from_fork_asm+0x1a/0x30 [ 14.711193] [ 14.711268] The buggy address belongs to the object at ffff888103a18380 [ 14.711268] which belongs to the cache kmalloc-64 of size 64 [ 14.711619] The buggy address is located 0 bytes to the right of [ 14.711619] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.712182] [ 14.712283] The buggy address belongs to the physical page: [ 14.712505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.712793] flags: 0x200000000000000(node=0|zone=2) [ 14.713198] page_type: f5(slab) [ 14.713356] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.713666] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.714160] page dumped because: kasan: bad access detected [ 14.714338] [ 14.714411] Memory state around the buggy address: [ 14.714569] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.714961] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.715666] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.716004] ^ [ 14.716163] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.716378] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.716593] ================================================================== [ 15.425670] ================================================================== [ 15.426019] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.426702] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.427025] [ 15.427166] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.427213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.427226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.427248] Call Trace: [ 15.427263] <TASK> [ 15.427278] dump_stack_lvl+0x73/0xb0 [ 15.427309] print_report+0xd1/0x650 [ 15.427331] ? __virt_addr_valid+0x1db/0x2d0 [ 15.427356] ? kasan_atomics_helper+0x218a/0x5450 [ 15.427378] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.427402] ? kasan_atomics_helper+0x218a/0x5450 [ 15.427425] kasan_report+0x141/0x180 [ 15.427448] ? kasan_atomics_helper+0x218a/0x5450 [ 15.427476] kasan_check_range+0x10c/0x1c0 [ 15.427501] __kasan_check_write+0x18/0x20 [ 15.427521] kasan_atomics_helper+0x218a/0x5450 [ 15.427547] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.427571] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.427596] ? kasan_save_alloc_info+0x3b/0x50 [ 15.427621] ? kasan_atomics+0x152/0x310 [ 15.427649] kasan_atomics+0x1dc/0x310 [ 15.427673] ? __pfx_kasan_atomics+0x10/0x10 [ 15.427699] ? __pfx_read_tsc+0x10/0x10 [ 15.427721] ? ktime_get_ts64+0x86/0x230 [ 15.427746] kunit_try_run_case+0x1a5/0x480 [ 15.427772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.427794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.427819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.427844] ? __kthread_parkme+0x82/0x180 [ 15.427865] ? preempt_count_sub+0x50/0x80 [ 15.427890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.427914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.427938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.427986] kthread+0x337/0x6f0 [ 15.428007] ? trace_preempt_on+0x20/0xc0 [ 15.428031] ? __pfx_kthread+0x10/0x10 [ 15.428053] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.428088] ? calculate_sigpending+0x7b/0xa0 [ 15.428112] ? __pfx_kthread+0x10/0x10 [ 15.428136] ret_from_fork+0x116/0x1d0 [ 15.428156] ? __pfx_kthread+0x10/0x10 [ 15.428179] ret_from_fork_asm+0x1a/0x30 [ 15.428211] </TASK> [ 15.428223] [ 15.435747] Allocated by task 282: [ 15.435905] kasan_save_stack+0x45/0x70 [ 15.436092] kasan_save_track+0x18/0x40 [ 15.436291] kasan_save_alloc_info+0x3b/0x50 [ 15.436500] __kasan_kmalloc+0xb7/0xc0 [ 15.436683] __kmalloc_cache_noprof+0x189/0x420 [ 15.436869] kasan_atomics+0x95/0x310 [ 15.437023] kunit_try_run_case+0x1a5/0x480 [ 15.437361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.437539] kthread+0x337/0x6f0 [ 15.437662] ret_from_fork+0x116/0x1d0 [ 15.437796] ret_from_fork_asm+0x1a/0x30 [ 15.437980] [ 15.438075] The buggy address belongs to the object at ffff888103a18380 [ 15.438075] which belongs to the cache kmalloc-64 of size 64 [ 15.438612] The buggy address is located 0 bytes to the right of [ 15.438612] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.439202] [ 15.439280] The buggy address belongs to the physical page: [ 15.439457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.439702] flags: 0x200000000000000(node=0|zone=2) [ 15.439909] page_type: f5(slab) [ 15.440096] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.440444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.440791] page dumped because: kasan: bad access detected [ 15.441079] [ 15.441157] Memory state around the buggy address: [ 15.441313] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.441538] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.441859] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.442182] ^ [ 15.442631] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.442857] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.443157] ================================================================== [ 14.795749] ================================================================== [ 14.796109] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.796798] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.797232] [ 14.797457] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.797508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.797619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.797645] Call Trace: [ 14.797666] <TASK> [ 14.797684] dump_stack_lvl+0x73/0xb0 [ 14.797716] print_report+0xd1/0x650 [ 14.797741] ? __virt_addr_valid+0x1db/0x2d0 [ 14.797774] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.797798] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.797820] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.797844] kasan_report+0x141/0x180 [ 14.797870] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.797897] kasan_check_range+0x10c/0x1c0 [ 14.797923] __kasan_check_write+0x18/0x20 [ 14.797953] kasan_atomics_helper+0x12e6/0x5450 [ 14.797980] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.798004] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.798030] ? kasan_save_alloc_info+0x3b/0x50 [ 14.798054] ? kasan_atomics+0x152/0x310 [ 14.798111] kasan_atomics+0x1dc/0x310 [ 14.798136] ? __pfx_kasan_atomics+0x10/0x10 [ 14.798161] ? __pfx_read_tsc+0x10/0x10 [ 14.798184] ? ktime_get_ts64+0x86/0x230 [ 14.798209] kunit_try_run_case+0x1a5/0x480 [ 14.798235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.798260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.798284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.798309] ? __kthread_parkme+0x82/0x180 [ 14.798331] ? preempt_count_sub+0x50/0x80 [ 14.798355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.798380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.798404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.798429] kthread+0x337/0x6f0 [ 14.798449] ? trace_preempt_on+0x20/0xc0 [ 14.798474] ? __pfx_kthread+0x10/0x10 [ 14.798496] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.798519] ? calculate_sigpending+0x7b/0xa0 [ 14.798544] ? __pfx_kthread+0x10/0x10 [ 14.798567] ret_from_fork+0x116/0x1d0 [ 14.798587] ? __pfx_kthread+0x10/0x10 [ 14.798608] ret_from_fork_asm+0x1a/0x30 [ 14.798640] </TASK> [ 14.798654] [ 14.809916] Allocated by task 282: [ 14.810345] kasan_save_stack+0x45/0x70 [ 14.810575] kasan_save_track+0x18/0x40 [ 14.810871] kasan_save_alloc_info+0x3b/0x50 [ 14.811217] __kasan_kmalloc+0xb7/0xc0 [ 14.811409] __kmalloc_cache_noprof+0x189/0x420 [ 14.811615] kasan_atomics+0x95/0x310 [ 14.811792] kunit_try_run_case+0x1a5/0x480 [ 14.812001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.812548] kthread+0x337/0x6f0 [ 14.812928] ret_from_fork+0x116/0x1d0 [ 14.813208] ret_from_fork_asm+0x1a/0x30 [ 14.813503] [ 14.813721] The buggy address belongs to the object at ffff888103a18380 [ 14.813721] which belongs to the cache kmalloc-64 of size 64 [ 14.814985] The buggy address is located 0 bytes to the right of [ 14.814985] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.815732] [ 14.815968] The buggy address belongs to the physical page: [ 14.816371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.816707] flags: 0x200000000000000(node=0|zone=2) [ 14.816925] page_type: f5(slab) [ 14.817067] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.817418] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.817689] page dumped because: kasan: bad access detected [ 14.817954] [ 14.818047] Memory state around the buggy address: [ 14.818286] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.818540] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.818865] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.819230] ^ [ 14.819393] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.819719] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.820001] ================================================================== [ 14.178016] ================================================================== [ 14.178398] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.178926] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.179486] [ 14.179748] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.179848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.179932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.179974] Call Trace: [ 14.179992] <TASK> [ 14.180007] dump_stack_lvl+0x73/0xb0 [ 14.180038] print_report+0xd1/0x650 [ 14.180062] ? __virt_addr_valid+0x1db/0x2d0 [ 14.180086] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.180110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.180134] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.180158] kasan_report+0x141/0x180 [ 14.180181] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.180211] __asan_report_store4_noabort+0x1b/0x30 [ 14.180235] kasan_atomics_helper+0x4b3a/0x5450 [ 14.180261] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.180284] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.180310] ? kasan_save_alloc_info+0x3b/0x50 [ 14.180334] ? kasan_atomics+0x152/0x310 [ 14.180362] kasan_atomics+0x1dc/0x310 [ 14.180387] ? __pfx_kasan_atomics+0x10/0x10 [ 14.180413] ? __pfx_read_tsc+0x10/0x10 [ 14.180435] ? ktime_get_ts64+0x86/0x230 [ 14.180523] kunit_try_run_case+0x1a5/0x480 [ 14.180555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.180579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.180605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.180629] ? __kthread_parkme+0x82/0x180 [ 14.180650] ? preempt_count_sub+0x50/0x80 [ 14.180675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.180700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.180725] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.180750] kthread+0x337/0x6f0 [ 14.180771] ? trace_preempt_on+0x20/0xc0 [ 14.180796] ? __pfx_kthread+0x10/0x10 [ 14.180818] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.180840] ? calculate_sigpending+0x7b/0xa0 [ 14.180865] ? __pfx_kthread+0x10/0x10 [ 14.180888] ret_from_fork+0x116/0x1d0 [ 14.180908] ? __pfx_kthread+0x10/0x10 [ 14.180930] ret_from_fork_asm+0x1a/0x30 [ 14.180975] </TASK> [ 14.180988] [ 14.190974] Allocated by task 282: [ 14.191367] kasan_save_stack+0x45/0x70 [ 14.191724] kasan_save_track+0x18/0x40 [ 14.191975] kasan_save_alloc_info+0x3b/0x50 [ 14.192214] __kasan_kmalloc+0xb7/0xc0 [ 14.192347] __kmalloc_cache_noprof+0x189/0x420 [ 14.192500] kasan_atomics+0x95/0x310 [ 14.192959] kunit_try_run_case+0x1a5/0x480 [ 14.193264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.193733] kthread+0x337/0x6f0 [ 14.193928] ret_from_fork+0x116/0x1d0 [ 14.194225] ret_from_fork_asm+0x1a/0x30 [ 14.194415] [ 14.194697] The buggy address belongs to the object at ffff888103a18380 [ 14.194697] which belongs to the cache kmalloc-64 of size 64 [ 14.195200] The buggy address is located 0 bytes to the right of [ 14.195200] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.195874] [ 14.195964] The buggy address belongs to the physical page: [ 14.196248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.196823] flags: 0x200000000000000(node=0|zone=2) [ 14.197103] page_type: f5(slab) [ 14.197297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.197694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.198075] page dumped because: kasan: bad access detected [ 14.198340] [ 14.198457] Memory state around the buggy address: [ 14.198895] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.199251] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.199748] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.200062] ^ [ 14.200305] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.200630] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.201061] ================================================================== [ 15.303711] ================================================================== [ 15.304007] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.304389] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.304803] [ 15.304919] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.304983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.304998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.305022] Call Trace: [ 15.305039] <TASK> [ 15.305056] dump_stack_lvl+0x73/0xb0 [ 15.305094] print_report+0xd1/0x650 [ 15.305118] ? __virt_addr_valid+0x1db/0x2d0 [ 15.305142] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.305165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.305189] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.305213] kasan_report+0x141/0x180 [ 15.305236] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.305264] __asan_report_load8_noabort+0x18/0x20 [ 15.305289] kasan_atomics_helper+0x4f71/0x5450 [ 15.305313] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.305338] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.305363] ? kasan_save_alloc_info+0x3b/0x50 [ 15.305388] ? kasan_atomics+0x152/0x310 [ 15.305416] kasan_atomics+0x1dc/0x310 [ 15.305441] ? __pfx_kasan_atomics+0x10/0x10 [ 15.305466] ? __pfx_read_tsc+0x10/0x10 [ 15.305489] ? ktime_get_ts64+0x86/0x230 [ 15.305515] kunit_try_run_case+0x1a5/0x480 [ 15.305541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.305564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.305589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.305614] ? __kthread_parkme+0x82/0x180 [ 15.305636] ? preempt_count_sub+0x50/0x80 [ 15.305660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.305685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.305709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.305734] kthread+0x337/0x6f0 [ 15.305768] ? trace_preempt_on+0x20/0xc0 [ 15.305793] ? __pfx_kthread+0x10/0x10 [ 15.305815] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.305838] ? calculate_sigpending+0x7b/0xa0 [ 15.305864] ? __pfx_kthread+0x10/0x10 [ 15.305888] ret_from_fork+0x116/0x1d0 [ 15.305909] ? __pfx_kthread+0x10/0x10 [ 15.305932] ret_from_fork_asm+0x1a/0x30 [ 15.305972] </TASK> [ 15.305985] [ 15.314414] Allocated by task 282: [ 15.314581] kasan_save_stack+0x45/0x70 [ 15.314737] kasan_save_track+0x18/0x40 [ 15.314932] kasan_save_alloc_info+0x3b/0x50 [ 15.315199] __kasan_kmalloc+0xb7/0xc0 [ 15.315383] __kmalloc_cache_noprof+0x189/0x420 [ 15.315587] kasan_atomics+0x95/0x310 [ 15.315774] kunit_try_run_case+0x1a5/0x480 [ 15.315961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.316235] kthread+0x337/0x6f0 [ 15.316407] ret_from_fork+0x116/0x1d0 [ 15.316564] ret_from_fork_asm+0x1a/0x30 [ 15.316705] [ 15.316779] The buggy address belongs to the object at ffff888103a18380 [ 15.316779] which belongs to the cache kmalloc-64 of size 64 [ 15.317369] The buggy address is located 0 bytes to the right of [ 15.317369] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.317774] [ 15.317850] The buggy address belongs to the physical page: [ 15.318032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.318278] flags: 0x200000000000000(node=0|zone=2) [ 15.318512] page_type: f5(slab) [ 15.318683] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.319085] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.319396] page dumped because: kasan: bad access detected [ 15.319622] [ 15.319695] Memory state around the buggy address: [ 15.319851] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.320090] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.320416] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.320740] ^ [ 15.320979] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.321358] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.321652] ================================================================== [ 15.378117] ================================================================== [ 15.378380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.378618] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.380743] [ 15.380848] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.380896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.380912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.380934] Call Trace: [ 15.380969] <TASK> [ 15.381104] dump_stack_lvl+0x73/0xb0 [ 15.381356] print_report+0xd1/0x650 [ 15.381385] ? __virt_addr_valid+0x1db/0x2d0 [ 15.381410] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.381433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.381457] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.381481] kasan_report+0x141/0x180 [ 15.381505] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.381534] kasan_check_range+0x10c/0x1c0 [ 15.381559] __kasan_check_write+0x18/0x20 [ 15.381580] kasan_atomics_helper+0x20c8/0x5450 [ 15.381605] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.381628] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.381654] ? kasan_save_alloc_info+0x3b/0x50 [ 15.381678] ? kasan_atomics+0x152/0x310 [ 15.381707] kasan_atomics+0x1dc/0x310 [ 15.381730] ? __pfx_kasan_atomics+0x10/0x10 [ 15.381756] ? __pfx_read_tsc+0x10/0x10 [ 15.381777] ? ktime_get_ts64+0x86/0x230 [ 15.381803] kunit_try_run_case+0x1a5/0x480 [ 15.381828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.381851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.381874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.381899] ? __kthread_parkme+0x82/0x180 [ 15.381920] ? preempt_count_sub+0x50/0x80 [ 15.381970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.381995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.382019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.382302] kthread+0x337/0x6f0 [ 15.382328] ? trace_preempt_on+0x20/0xc0 [ 15.382354] ? __pfx_kthread+0x10/0x10 [ 15.382377] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.382400] ? calculate_sigpending+0x7b/0xa0 [ 15.382425] ? __pfx_kthread+0x10/0x10 [ 15.382447] ret_from_fork+0x116/0x1d0 [ 15.382480] ? __pfx_kthread+0x10/0x10 [ 15.382502] ret_from_fork_asm+0x1a/0x30 [ 15.382534] </TASK> [ 15.382547] [ 15.392962] Allocated by task 282: [ 15.393291] kasan_save_stack+0x45/0x70 [ 15.393660] kasan_save_track+0x18/0x40 [ 15.394202] kasan_save_alloc_info+0x3b/0x50 [ 15.394677] __kasan_kmalloc+0xb7/0xc0 [ 15.395081] __kmalloc_cache_noprof+0x189/0x420 [ 15.395528] kasan_atomics+0x95/0x310 [ 15.395886] kunit_try_run_case+0x1a5/0x480 [ 15.396352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.396926] kthread+0x337/0x6f0 [ 15.397248] ret_from_fork+0x116/0x1d0 [ 15.397622] ret_from_fork_asm+0x1a/0x30 [ 15.397999] [ 15.398200] The buggy address belongs to the object at ffff888103a18380 [ 15.398200] which belongs to the cache kmalloc-64 of size 64 [ 15.399296] The buggy address is located 0 bytes to the right of [ 15.399296] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.400599] [ 15.400776] The buggy address belongs to the physical page: [ 15.401319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.401765] flags: 0x200000000000000(node=0|zone=2) [ 15.401936] page_type: f5(slab) [ 15.402074] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.402310] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.402542] page dumped because: kasan: bad access detected [ 15.402716] [ 15.402789] Memory state around the buggy address: [ 15.402954] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.403239] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.403458] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.404024] ^ [ 15.404392] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.404610] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.405251] ================================================================== [ 14.397423] ================================================================== [ 14.398160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.398992] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.399704] [ 14.399886] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.399932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.399958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.399982] Call Trace: [ 14.400002] <TASK> [ 14.400020] dump_stack_lvl+0x73/0xb0 [ 14.400049] print_report+0xd1/0x650 [ 14.400081] ? __virt_addr_valid+0x1db/0x2d0 [ 14.400104] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.400127] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.400150] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.400173] kasan_report+0x141/0x180 [ 14.400196] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.400224] kasan_check_range+0x10c/0x1c0 [ 14.400249] __kasan_check_write+0x18/0x20 [ 14.400270] kasan_atomics_helper+0xa2b/0x5450 [ 14.400294] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.400318] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.400342] ? kasan_save_alloc_info+0x3b/0x50 [ 14.400366] ? kasan_atomics+0x152/0x310 [ 14.400394] kasan_atomics+0x1dc/0x310 [ 14.400419] ? __pfx_kasan_atomics+0x10/0x10 [ 14.400445] ? __pfx_read_tsc+0x10/0x10 [ 14.400485] ? ktime_get_ts64+0x86/0x230 [ 14.400512] kunit_try_run_case+0x1a5/0x480 [ 14.400537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.400560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.400586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.400610] ? __kthread_parkme+0x82/0x180 [ 14.400632] ? preempt_count_sub+0x50/0x80 [ 14.400657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.400682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.400707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.400731] kthread+0x337/0x6f0 [ 14.400752] ? trace_preempt_on+0x20/0xc0 [ 14.400777] ? __pfx_kthread+0x10/0x10 [ 14.400799] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.400821] ? calculate_sigpending+0x7b/0xa0 [ 14.400846] ? __pfx_kthread+0x10/0x10 [ 14.400870] ret_from_fork+0x116/0x1d0 [ 14.400890] ? __pfx_kthread+0x10/0x10 [ 14.400911] ret_from_fork_asm+0x1a/0x30 [ 14.400953] </TASK> [ 14.400966] [ 14.413421] Allocated by task 282: [ 14.413613] kasan_save_stack+0x45/0x70 [ 14.413824] kasan_save_track+0x18/0x40 [ 14.414036] kasan_save_alloc_info+0x3b/0x50 [ 14.414238] __kasan_kmalloc+0xb7/0xc0 [ 14.414405] __kmalloc_cache_noprof+0x189/0x420 [ 14.414696] kasan_atomics+0x95/0x310 [ 14.415021] kunit_try_run_case+0x1a5/0x480 [ 14.415210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.415386] kthread+0x337/0x6f0 [ 14.415509] ret_from_fork+0x116/0x1d0 [ 14.416045] ret_from_fork_asm+0x1a/0x30 [ 14.416248] [ 14.416326] The buggy address belongs to the object at ffff888103a18380 [ 14.416326] which belongs to the cache kmalloc-64 of size 64 [ 14.417059] The buggy address is located 0 bytes to the right of [ 14.417059] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.417687] [ 14.417794] The buggy address belongs to the physical page: [ 14.418008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.418522] flags: 0x200000000000000(node=0|zone=2) [ 14.418788] page_type: f5(slab) [ 14.418976] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.419352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.419851] page dumped because: kasan: bad access detected [ 14.420101] [ 14.420177] Memory state around the buggy address: [ 14.420478] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.420697] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.421084] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.421417] ^ [ 14.421776] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.422008] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.422272] ================================================================== [ 14.531834] ================================================================== [ 14.532173] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.532408] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.532721] [ 14.532832] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.532875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.532902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.532925] Call Trace: [ 14.532954] <TASK> [ 14.532973] dump_stack_lvl+0x73/0xb0 [ 14.533002] print_report+0xd1/0x650 [ 14.533026] ? __virt_addr_valid+0x1db/0x2d0 [ 14.533050] ? kasan_atomics_helper+0xde0/0x5450 [ 14.533072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.533099] ? kasan_atomics_helper+0xde0/0x5450 [ 14.533122] kasan_report+0x141/0x180 [ 14.533154] ? kasan_atomics_helper+0xde0/0x5450 [ 14.533182] kasan_check_range+0x10c/0x1c0 [ 14.533208] __kasan_check_write+0x18/0x20 [ 14.533230] kasan_atomics_helper+0xde0/0x5450 [ 14.533254] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.533278] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.533304] ? kasan_save_alloc_info+0x3b/0x50 [ 14.533329] ? kasan_atomics+0x152/0x310 [ 14.533357] kasan_atomics+0x1dc/0x310 [ 14.533383] ? __pfx_kasan_atomics+0x10/0x10 [ 14.533409] ? __pfx_read_tsc+0x10/0x10 [ 14.533431] ? ktime_get_ts64+0x86/0x230 [ 14.533457] kunit_try_run_case+0x1a5/0x480 [ 14.533494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.533518] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.533543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.533568] ? __kthread_parkme+0x82/0x180 [ 14.533591] ? preempt_count_sub+0x50/0x80 [ 14.533616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.533641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.533666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.533690] kthread+0x337/0x6f0 [ 14.533712] ? trace_preempt_on+0x20/0xc0 [ 14.533737] ? __pfx_kthread+0x10/0x10 [ 14.533759] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.533782] ? calculate_sigpending+0x7b/0xa0 [ 14.533807] ? __pfx_kthread+0x10/0x10 [ 14.533830] ret_from_fork+0x116/0x1d0 [ 14.533850] ? __pfx_kthread+0x10/0x10 [ 14.533872] ret_from_fork_asm+0x1a/0x30 [ 14.533904] </TASK> [ 14.533918] [ 14.543408] Allocated by task 282: [ 14.543656] kasan_save_stack+0x45/0x70 [ 14.543848] kasan_save_track+0x18/0x40 [ 14.544064] kasan_save_alloc_info+0x3b/0x50 [ 14.544281] __kasan_kmalloc+0xb7/0xc0 [ 14.544470] __kmalloc_cache_noprof+0x189/0x420 [ 14.544718] kasan_atomics+0x95/0x310 [ 14.544879] kunit_try_run_case+0x1a5/0x480 [ 14.545074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.545350] kthread+0x337/0x6f0 [ 14.545561] ret_from_fork+0x116/0x1d0 [ 14.545700] ret_from_fork_asm+0x1a/0x30 [ 14.545845] [ 14.545957] The buggy address belongs to the object at ffff888103a18380 [ 14.545957] which belongs to the cache kmalloc-64 of size 64 [ 14.546772] The buggy address is located 0 bytes to the right of [ 14.546772] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.547371] [ 14.547485] The buggy address belongs to the physical page: [ 14.547696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.548013] flags: 0x200000000000000(node=0|zone=2) [ 14.548379] page_type: f5(slab) [ 14.548585] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.548918] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.549280] page dumped because: kasan: bad access detected [ 14.549533] [ 14.549628] Memory state around the buggy address: [ 14.549796] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.550016] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.550678] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.551003] ^ [ 14.551244] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.551641] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.552002] ================================================================== [ 14.035201] ================================================================== [ 14.035534] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 14.035875] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.036279] [ 14.036366] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.036480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.036495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.036515] Call Trace: [ 14.036541] <TASK> [ 14.036558] dump_stack_lvl+0x73/0xb0 [ 14.036586] print_report+0xd1/0x650 [ 14.036620] ? __virt_addr_valid+0x1db/0x2d0 [ 14.036642] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.036663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.036685] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.036715] kasan_report+0x141/0x180 [ 14.036738] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.036764] __asan_report_store4_noabort+0x1b/0x30 [ 14.036794] kasan_atomics_helper+0x4ba2/0x5450 [ 14.036817] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.036839] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.036863] ? kasan_save_alloc_info+0x3b/0x50 [ 14.036885] ? kasan_atomics+0x152/0x310 [ 14.036912] kasan_atomics+0x1dc/0x310 [ 14.036945] ? __pfx_kasan_atomics+0x10/0x10 [ 14.036969] ? __pfx_read_tsc+0x10/0x10 [ 14.036990] ? ktime_get_ts64+0x86/0x230 [ 14.037013] kunit_try_run_case+0x1a5/0x480 [ 14.037036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.037058] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.037082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.037113] ? __kthread_parkme+0x82/0x180 [ 14.037134] ? preempt_count_sub+0x50/0x80 [ 14.037159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.037193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.037216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.037241] kthread+0x337/0x6f0 [ 14.037270] ? trace_preempt_on+0x20/0xc0 [ 14.037293] ? __pfx_kthread+0x10/0x10 [ 14.037314] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.037335] ? calculate_sigpending+0x7b/0xa0 [ 14.037369] ? __pfx_kthread+0x10/0x10 [ 14.037392] ret_from_fork+0x116/0x1d0 [ 14.037410] ? __pfx_kthread+0x10/0x10 [ 14.037440] ret_from_fork_asm+0x1a/0x30 [ 14.037523] </TASK> [ 14.037538] [ 14.048159] Allocated by task 282: [ 14.048459] kasan_save_stack+0x45/0x70 [ 14.048841] kasan_save_track+0x18/0x40 [ 14.049013] kasan_save_alloc_info+0x3b/0x50 [ 14.049260] __kasan_kmalloc+0xb7/0xc0 [ 14.049875] __kmalloc_cache_noprof+0x189/0x420 [ 14.050081] kasan_atomics+0x95/0x310 [ 14.050333] kunit_try_run_case+0x1a5/0x480 [ 14.050717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.050969] kthread+0x337/0x6f0 [ 14.051309] ret_from_fork+0x116/0x1d0 [ 14.051474] ret_from_fork_asm+0x1a/0x30 [ 14.051820] [ 14.051925] The buggy address belongs to the object at ffff888103a18380 [ 14.051925] which belongs to the cache kmalloc-64 of size 64 [ 14.052627] The buggy address is located 0 bytes to the right of [ 14.052627] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.053357] [ 14.053469] The buggy address belongs to the physical page: [ 14.053922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.054430] flags: 0x200000000000000(node=0|zone=2) [ 14.054837] page_type: f5(slab) [ 14.055107] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.055588] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.056032] page dumped because: kasan: bad access detected [ 14.056316] [ 14.056397] Memory state around the buggy address: [ 14.056855] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.057178] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.057648] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.057982] ^ [ 14.058397] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.058880] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.059190] ================================================================== [ 15.444298] ================================================================== [ 15.444834] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.445243] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.445480] [ 15.445621] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.445664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.445678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.445699] Call Trace: [ 15.445716] <TASK> [ 15.445733] dump_stack_lvl+0x73/0xb0 [ 15.445760] print_report+0xd1/0x650 [ 15.445784] ? __virt_addr_valid+0x1db/0x2d0 [ 15.445806] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.445829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.445854] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.445877] kasan_report+0x141/0x180 [ 15.445902] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.445929] __asan_report_load8_noabort+0x18/0x20 [ 15.445968] kasan_atomics_helper+0x4fa5/0x5450 [ 15.445993] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.446016] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.446041] ? kasan_save_alloc_info+0x3b/0x50 [ 15.446076] ? kasan_atomics+0x152/0x310 [ 15.446104] kasan_atomics+0x1dc/0x310 [ 15.446128] ? __pfx_kasan_atomics+0x10/0x10 [ 15.446154] ? __pfx_read_tsc+0x10/0x10 [ 15.446176] ? ktime_get_ts64+0x86/0x230 [ 15.446201] kunit_try_run_case+0x1a5/0x480 [ 15.446227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.446250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.446274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.446299] ? __kthread_parkme+0x82/0x180 [ 15.446319] ? preempt_count_sub+0x50/0x80 [ 15.446344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.446368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.446392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.446417] kthread+0x337/0x6f0 [ 15.446437] ? trace_preempt_on+0x20/0xc0 [ 15.446461] ? __pfx_kthread+0x10/0x10 [ 15.446483] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.446506] ? calculate_sigpending+0x7b/0xa0 [ 15.446529] ? __pfx_kthread+0x10/0x10 [ 15.446553] ret_from_fork+0x116/0x1d0 [ 15.446573] ? __pfx_kthread+0x10/0x10 [ 15.446595] ret_from_fork_asm+0x1a/0x30 [ 15.446627] </TASK> [ 15.446640] [ 15.454441] Allocated by task 282: [ 15.454605] kasan_save_stack+0x45/0x70 [ 15.454790] kasan_save_track+0x18/0x40 [ 15.454967] kasan_save_alloc_info+0x3b/0x50 [ 15.455271] __kasan_kmalloc+0xb7/0xc0 [ 15.455449] __kmalloc_cache_noprof+0x189/0x420 [ 15.455627] kasan_atomics+0x95/0x310 [ 15.455800] kunit_try_run_case+0x1a5/0x480 [ 15.456022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.456244] kthread+0x337/0x6f0 [ 15.456415] ret_from_fork+0x116/0x1d0 [ 15.456604] ret_from_fork_asm+0x1a/0x30 [ 15.456797] [ 15.456886] The buggy address belongs to the object at ffff888103a18380 [ 15.456886] which belongs to the cache kmalloc-64 of size 64 [ 15.457247] The buggy address is located 0 bytes to the right of [ 15.457247] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.457876] [ 15.457984] The buggy address belongs to the physical page: [ 15.458485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.458739] flags: 0x200000000000000(node=0|zone=2) [ 15.458905] page_type: f5(slab) [ 15.459090] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.459439] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.459784] page dumped because: kasan: bad access detected [ 15.460002] [ 15.460076] Memory state around the buggy address: [ 15.460247] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.460570] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.460895] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.461160] ^ [ 15.461319] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.461622] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.461954] ================================================================== [ 14.952080] ================================================================== [ 14.952427] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.952773] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.953219] [ 14.953319] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.953362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.953376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.953398] Call Trace: [ 14.953414] <TASK> [ 14.953448] dump_stack_lvl+0x73/0xb0 [ 14.953476] print_report+0xd1/0x650 [ 14.953500] ? __virt_addr_valid+0x1db/0x2d0 [ 14.953523] ? kasan_atomics_helper+0x164f/0x5450 [ 14.953548] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.953571] ? kasan_atomics_helper+0x164f/0x5450 [ 14.953596] kasan_report+0x141/0x180 [ 14.953620] ? kasan_atomics_helper+0x164f/0x5450 [ 14.953648] kasan_check_range+0x10c/0x1c0 [ 14.953674] __kasan_check_write+0x18/0x20 [ 14.953695] kasan_atomics_helper+0x164f/0x5450 [ 14.953720] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.953744] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.953769] ? kasan_save_alloc_info+0x3b/0x50 [ 14.953794] ? kasan_atomics+0x152/0x310 [ 14.953822] kasan_atomics+0x1dc/0x310 [ 14.953847] ? __pfx_kasan_atomics+0x10/0x10 [ 14.953873] ? __pfx_read_tsc+0x10/0x10 [ 14.953895] ? ktime_get_ts64+0x86/0x230 [ 14.953920] kunit_try_run_case+0x1a5/0x480 [ 14.953956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.953979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.954004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.954029] ? __kthread_parkme+0x82/0x180 [ 14.954052] ? preempt_count_sub+0x50/0x80 [ 14.954085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.954110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.954135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.954160] kthread+0x337/0x6f0 [ 14.954181] ? trace_preempt_on+0x20/0xc0 [ 14.954206] ? __pfx_kthread+0x10/0x10 [ 14.954228] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.954251] ? calculate_sigpending+0x7b/0xa0 [ 14.954276] ? __pfx_kthread+0x10/0x10 [ 14.954298] ret_from_fork+0x116/0x1d0 [ 14.954317] ? __pfx_kthread+0x10/0x10 [ 14.954339] ret_from_fork_asm+0x1a/0x30 [ 14.954371] </TASK> [ 14.954384] [ 14.967061] Allocated by task 282: [ 14.967751] kasan_save_stack+0x45/0x70 [ 14.968328] kasan_save_track+0x18/0x40 [ 14.968812] kasan_save_alloc_info+0x3b/0x50 [ 14.969424] __kasan_kmalloc+0xb7/0xc0 [ 14.969900] __kmalloc_cache_noprof+0x189/0x420 [ 14.970379] kasan_atomics+0x95/0x310 [ 14.970531] kunit_try_run_case+0x1a5/0x480 [ 14.970689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.970868] kthread+0x337/0x6f0 [ 14.971007] ret_from_fork+0x116/0x1d0 [ 14.971152] ret_from_fork_asm+0x1a/0x30 [ 14.971316] [ 14.971423] The buggy address belongs to the object at ffff888103a18380 [ 14.971423] which belongs to the cache kmalloc-64 of size 64 [ 14.971964] The buggy address is located 0 bytes to the right of [ 14.971964] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.972424] [ 14.972529] The buggy address belongs to the physical page: [ 14.972793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.973220] flags: 0x200000000000000(node=0|zone=2) [ 14.973391] page_type: f5(slab) [ 14.973564] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.973905] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.974172] page dumped because: kasan: bad access detected [ 14.974474] [ 14.974573] Memory state around the buggy address: [ 14.974806] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.975059] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.975346] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.975663] ^ [ 14.975886] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.976116] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.976589] ================================================================== [ 15.322137] ================================================================== [ 15.322489] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.322783] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.323288] [ 15.323381] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.323425] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.323439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.323462] Call Trace: [ 15.323480] <TASK> [ 15.323496] dump_stack_lvl+0x73/0xb0 [ 15.323523] print_report+0xd1/0x650 [ 15.323547] ? __virt_addr_valid+0x1db/0x2d0 [ 15.323570] ? kasan_atomics_helper+0x2006/0x5450 [ 15.323593] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.323616] ? kasan_atomics_helper+0x2006/0x5450 [ 15.323642] kasan_report+0x141/0x180 [ 15.323674] ? kasan_atomics_helper+0x2006/0x5450 [ 15.323702] kasan_check_range+0x10c/0x1c0 [ 15.323727] __kasan_check_write+0x18/0x20 [ 15.323750] kasan_atomics_helper+0x2006/0x5450 [ 15.323775] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.323799] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.323825] ? kasan_save_alloc_info+0x3b/0x50 [ 15.323849] ? kasan_atomics+0x152/0x310 [ 15.323877] kasan_atomics+0x1dc/0x310 [ 15.323901] ? __pfx_kasan_atomics+0x10/0x10 [ 15.323927] ? __pfx_read_tsc+0x10/0x10 [ 15.323959] ? ktime_get_ts64+0x86/0x230 [ 15.323986] kunit_try_run_case+0x1a5/0x480 [ 15.324011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.324034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.324059] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.324093] ? __kthread_parkme+0x82/0x180 [ 15.324113] ? preempt_count_sub+0x50/0x80 [ 15.324139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.324165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.324189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.324214] kthread+0x337/0x6f0 [ 15.324235] ? trace_preempt_on+0x20/0xc0 [ 15.324260] ? __pfx_kthread+0x10/0x10 [ 15.324281] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.324304] ? calculate_sigpending+0x7b/0xa0 [ 15.324329] ? __pfx_kthread+0x10/0x10 [ 15.324351] ret_from_fork+0x116/0x1d0 [ 15.324371] ? __pfx_kthread+0x10/0x10 [ 15.324394] ret_from_fork_asm+0x1a/0x30 [ 15.324426] </TASK> [ 15.324438] [ 15.336297] Allocated by task 282: [ 15.336859] kasan_save_stack+0x45/0x70 [ 15.337375] kasan_save_track+0x18/0x40 [ 15.338004] kasan_save_alloc_info+0x3b/0x50 [ 15.338585] __kasan_kmalloc+0xb7/0xc0 [ 15.338889] __kmalloc_cache_noprof+0x189/0x420 [ 15.339550] kasan_atomics+0x95/0x310 [ 15.339700] kunit_try_run_case+0x1a5/0x480 [ 15.339851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.340042] kthread+0x337/0x6f0 [ 15.340786] ret_from_fork+0x116/0x1d0 [ 15.341241] ret_from_fork_asm+0x1a/0x30 [ 15.341750] [ 15.342083] The buggy address belongs to the object at ffff888103a18380 [ 15.342083] which belongs to the cache kmalloc-64 of size 64 [ 15.343472] The buggy address is located 0 bytes to the right of [ 15.343472] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.343859] [ 15.343938] The buggy address belongs to the physical page: [ 15.344534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.345510] flags: 0x200000000000000(node=0|zone=2) [ 15.346180] page_type: f5(slab) [ 15.346650] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.347529] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.348211] page dumped because: kasan: bad access detected [ 15.348395] [ 15.348471] Memory state around the buggy address: [ 15.348631] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.348851] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.349392] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.350287] ^ [ 15.350930] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.351928] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.352514] ================================================================== [ 14.915793] ================================================================== [ 14.916251] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.916671] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.917055] [ 14.917177] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.917222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.917237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.917260] Call Trace: [ 14.917276] <TASK> [ 14.917293] dump_stack_lvl+0x73/0xb0 [ 14.917322] print_report+0xd1/0x650 [ 14.917346] ? __virt_addr_valid+0x1db/0x2d0 [ 14.917369] ? kasan_atomics_helper+0x151d/0x5450 [ 14.917392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.917416] ? kasan_atomics_helper+0x151d/0x5450 [ 14.917440] kasan_report+0x141/0x180 [ 14.917464] ? kasan_atomics_helper+0x151d/0x5450 [ 14.917491] kasan_check_range+0x10c/0x1c0 [ 14.917516] __kasan_check_write+0x18/0x20 [ 14.917537] kasan_atomics_helper+0x151d/0x5450 [ 14.917560] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.917584] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.917610] ? kasan_save_alloc_info+0x3b/0x50 [ 14.917634] ? kasan_atomics+0x152/0x310 [ 14.917663] kasan_atomics+0x1dc/0x310 [ 14.917689] ? __pfx_kasan_atomics+0x10/0x10 [ 14.917715] ? __pfx_read_tsc+0x10/0x10 [ 14.917738] ? ktime_get_ts64+0x86/0x230 [ 14.917763] kunit_try_run_case+0x1a5/0x480 [ 14.917788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.917811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.917835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.917861] ? __kthread_parkme+0x82/0x180 [ 14.917882] ? preempt_count_sub+0x50/0x80 [ 14.917906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.917932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.917969] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.917994] kthread+0x337/0x6f0 [ 14.918014] ? trace_preempt_on+0x20/0xc0 [ 14.918039] ? __pfx_kthread+0x10/0x10 [ 14.918061] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.918083] ? calculate_sigpending+0x7b/0xa0 [ 14.918108] ? __pfx_kthread+0x10/0x10 [ 14.918131] ret_from_fork+0x116/0x1d0 [ 14.918151] ? __pfx_kthread+0x10/0x10 [ 14.918173] ret_from_fork_asm+0x1a/0x30 [ 14.918204] </TASK> [ 14.918218] [ 14.925411] Allocated by task 282: [ 14.925612] kasan_save_stack+0x45/0x70 [ 14.925814] kasan_save_track+0x18/0x40 [ 14.926019] kasan_save_alloc_info+0x3b/0x50 [ 14.926437] __kasan_kmalloc+0xb7/0xc0 [ 14.926628] __kmalloc_cache_noprof+0x189/0x420 [ 14.926853] kasan_atomics+0x95/0x310 [ 14.927060] kunit_try_run_case+0x1a5/0x480 [ 14.927276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.927488] kthread+0x337/0x6f0 [ 14.927612] ret_from_fork+0x116/0x1d0 [ 14.927749] ret_from_fork_asm+0x1a/0x30 [ 14.927897] [ 14.927983] The buggy address belongs to the object at ffff888103a18380 [ 14.927983] which belongs to the cache kmalloc-64 of size 64 [ 14.928449] The buggy address is located 0 bytes to the right of [ 14.928449] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.929026] [ 14.929125] The buggy address belongs to the physical page: [ 14.929348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.929620] flags: 0x200000000000000(node=0|zone=2) [ 14.929786] page_type: f5(slab) [ 14.929911] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.930531] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.930878] page dumped because: kasan: bad access detected [ 14.931241] [ 14.931343] Memory state around the buggy address: [ 14.931576] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.931849] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.932185] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.932404] ^ [ 14.932561] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.932779] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.933030] ================================================================== [ 15.201185] ================================================================== [ 15.201610] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.202289] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.202517] [ 15.202603] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.202646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.202659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.202682] Call Trace: [ 15.202698] <TASK> [ 15.202715] dump_stack_lvl+0x73/0xb0 [ 15.202742] print_report+0xd1/0x650 [ 15.202766] ? __virt_addr_valid+0x1db/0x2d0 [ 15.202790] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.202813] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.202836] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.202860] kasan_report+0x141/0x180 [ 15.202884] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.202911] kasan_check_range+0x10c/0x1c0 [ 15.202937] __kasan_check_write+0x18/0x20 [ 15.202970] kasan_atomics_helper+0x1ce1/0x5450 [ 15.202996] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.203019] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.203044] ? kasan_save_alloc_info+0x3b/0x50 [ 15.203068] ? kasan_atomics+0x152/0x310 [ 15.203098] kasan_atomics+0x1dc/0x310 [ 15.203132] ? __pfx_kasan_atomics+0x10/0x10 [ 15.203159] ? __pfx_read_tsc+0x10/0x10 [ 15.203181] ? ktime_get_ts64+0x86/0x230 [ 15.203207] kunit_try_run_case+0x1a5/0x480 [ 15.203233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.203257] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.203280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.203305] ? __kthread_parkme+0x82/0x180 [ 15.203327] ? preempt_count_sub+0x50/0x80 [ 15.203352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.203377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.203401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.203426] kthread+0x337/0x6f0 [ 15.203458] ? trace_preempt_on+0x20/0xc0 [ 15.203484] ? __pfx_kthread+0x10/0x10 [ 15.203506] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.203528] ? calculate_sigpending+0x7b/0xa0 [ 15.203554] ? __pfx_kthread+0x10/0x10 [ 15.203577] ret_from_fork+0x116/0x1d0 [ 15.203597] ? __pfx_kthread+0x10/0x10 [ 15.203620] ret_from_fork_asm+0x1a/0x30 [ 15.203651] </TASK> [ 15.203665] [ 15.215868] Allocated by task 282: [ 15.216057] kasan_save_stack+0x45/0x70 [ 15.216255] kasan_save_track+0x18/0x40 [ 15.216437] kasan_save_alloc_info+0x3b/0x50 [ 15.216644] __kasan_kmalloc+0xb7/0xc0 [ 15.216834] __kmalloc_cache_noprof+0x189/0x420 [ 15.217058] kasan_atomics+0x95/0x310 [ 15.217730] kunit_try_run_case+0x1a5/0x480 [ 15.218209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.218524] kthread+0x337/0x6f0 [ 15.218809] ret_from_fork+0x116/0x1d0 [ 15.219242] ret_from_fork_asm+0x1a/0x30 [ 15.219515] [ 15.219734] The buggy address belongs to the object at ffff888103a18380 [ 15.219734] which belongs to the cache kmalloc-64 of size 64 [ 15.220653] The buggy address is located 0 bytes to the right of [ 15.220653] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.221470] [ 15.221569] The buggy address belongs to the physical page: [ 15.221814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.222377] flags: 0x200000000000000(node=0|zone=2) [ 15.222829] page_type: f5(slab) [ 15.223086] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.223536] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.223862] page dumped because: kasan: bad access detected [ 15.224366] [ 15.224463] Memory state around the buggy address: [ 15.224856] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.225390] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.225873] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.226529] ^ [ 15.226820] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.227490] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.227806] ================================================================== [ 14.013774] ================================================================== [ 14.014503] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 14.015038] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.015383] [ 14.015675] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.015725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.015749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.015772] Call Trace: [ 14.015786] <TASK> [ 14.015802] dump_stack_lvl+0x73/0xb0 [ 14.015844] print_report+0xd1/0x650 [ 14.015866] ? __virt_addr_valid+0x1db/0x2d0 [ 14.015891] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.015923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.015954] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.015976] kasan_report+0x141/0x180 [ 14.015998] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.016024] __asan_report_load4_noabort+0x18/0x20 [ 14.016048] kasan_atomics_helper+0x4bbc/0x5450 [ 14.016081] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.016103] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.016128] ? kasan_save_alloc_info+0x3b/0x50 [ 14.016151] ? kasan_atomics+0x152/0x310 [ 14.016179] kasan_atomics+0x1dc/0x310 [ 14.016201] ? __pfx_kasan_atomics+0x10/0x10 [ 14.016225] ? __pfx_read_tsc+0x10/0x10 [ 14.016246] ? ktime_get_ts64+0x86/0x230 [ 14.016272] kunit_try_run_case+0x1a5/0x480 [ 14.016297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.016318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.016342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.016365] ? __kthread_parkme+0x82/0x180 [ 14.016385] ? preempt_count_sub+0x50/0x80 [ 14.016409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.016433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.016457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.016527] kthread+0x337/0x6f0 [ 14.016549] ? trace_preempt_on+0x20/0xc0 [ 14.016573] ? __pfx_kthread+0x10/0x10 [ 14.016595] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.016616] ? calculate_sigpending+0x7b/0xa0 [ 14.016641] ? __pfx_kthread+0x10/0x10 [ 14.016663] ret_from_fork+0x116/0x1d0 [ 14.016682] ? __pfx_kthread+0x10/0x10 [ 14.016702] ret_from_fork_asm+0x1a/0x30 [ 14.016734] </TASK> [ 14.016746] [ 14.025701] Allocated by task 282: [ 14.025884] kasan_save_stack+0x45/0x70 [ 14.026138] kasan_save_track+0x18/0x40 [ 14.026314] kasan_save_alloc_info+0x3b/0x50 [ 14.026596] __kasan_kmalloc+0xb7/0xc0 [ 14.026736] __kmalloc_cache_noprof+0x189/0x420 [ 14.026895] kasan_atomics+0x95/0x310 [ 14.027061] kunit_try_run_case+0x1a5/0x480 [ 14.027297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.027553] kthread+0x337/0x6f0 [ 14.027722] ret_from_fork+0x116/0x1d0 [ 14.027984] ret_from_fork_asm+0x1a/0x30 [ 14.028185] [ 14.028260] The buggy address belongs to the object at ffff888103a18380 [ 14.028260] which belongs to the cache kmalloc-64 of size 64 [ 14.028855] The buggy address is located 0 bytes to the right of [ 14.028855] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.029571] [ 14.029671] The buggy address belongs to the physical page: [ 14.029850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.030317] flags: 0x200000000000000(node=0|zone=2) [ 14.030564] page_type: f5(slab) [ 14.030738] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.031220] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.031622] page dumped because: kasan: bad access detected [ 14.031842] [ 14.031971] Memory state around the buggy address: [ 14.032300] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.032804] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.033118] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.033435] ^ [ 14.033823] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.034185] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.034537] ================================================================== [ 14.059969] ================================================================== [ 14.060219] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 14.061061] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.061430] [ 14.061593] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.061638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.061652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.061672] Call Trace: [ 14.061690] <TASK> [ 14.061706] dump_stack_lvl+0x73/0xb0 [ 14.061734] print_report+0xd1/0x650 [ 14.061756] ? __virt_addr_valid+0x1db/0x2d0 [ 14.061872] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.061900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.061992] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.062018] kasan_report+0x141/0x180 [ 14.062041] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.062078] __asan_report_load4_noabort+0x18/0x20 [ 14.062102] kasan_atomics_helper+0x4b88/0x5450 [ 14.062124] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.062147] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.062171] ? kasan_save_alloc_info+0x3b/0x50 [ 14.062194] ? kasan_atomics+0x152/0x310 [ 14.062222] kasan_atomics+0x1dc/0x310 [ 14.062244] ? __pfx_kasan_atomics+0x10/0x10 [ 14.062268] ? __pfx_read_tsc+0x10/0x10 [ 14.062289] ? ktime_get_ts64+0x86/0x230 [ 14.062314] kunit_try_run_case+0x1a5/0x480 [ 14.062338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.062359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.062384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.062408] ? __kthread_parkme+0x82/0x180 [ 14.062428] ? preempt_count_sub+0x50/0x80 [ 14.062451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.062484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.062507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.062530] kthread+0x337/0x6f0 [ 14.062550] ? trace_preempt_on+0x20/0xc0 [ 14.062573] ? __pfx_kthread+0x10/0x10 [ 14.062595] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.062616] ? calculate_sigpending+0x7b/0xa0 [ 14.062640] ? __pfx_kthread+0x10/0x10 [ 14.062661] ret_from_fork+0x116/0x1d0 [ 14.062679] ? __pfx_kthread+0x10/0x10 [ 14.062700] ret_from_fork_asm+0x1a/0x30 [ 14.062731] </TASK> [ 14.062743] [ 14.071849] Allocated by task 282: [ 14.072031] kasan_save_stack+0x45/0x70 [ 14.072300] kasan_save_track+0x18/0x40 [ 14.072682] kasan_save_alloc_info+0x3b/0x50 [ 14.072863] __kasan_kmalloc+0xb7/0xc0 [ 14.073008] __kmalloc_cache_noprof+0x189/0x420 [ 14.073261] kasan_atomics+0x95/0x310 [ 14.073725] kunit_try_run_case+0x1a5/0x480 [ 14.073926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.074199] kthread+0x337/0x6f0 [ 14.074324] ret_from_fork+0x116/0x1d0 [ 14.074702] ret_from_fork_asm+0x1a/0x30 [ 14.074924] [ 14.075038] The buggy address belongs to the object at ffff888103a18380 [ 14.075038] which belongs to the cache kmalloc-64 of size 64 [ 14.075448] The buggy address is located 0 bytes to the right of [ 14.075448] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.076024] [ 14.076275] The buggy address belongs to the physical page: [ 14.076464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.076818] flags: 0x200000000000000(node=0|zone=2) [ 14.077062] page_type: f5(slab) [ 14.077245] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.077647] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.077967] page dumped because: kasan: bad access detected [ 14.078190] [ 14.078289] Memory state around the buggy address: [ 14.078493] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.078713] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.078978] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.079684] ^ [ 14.079852] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.081372] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.082244] ================================================================== [ 14.552607] ================================================================== [ 14.553021] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.553419] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.553741] [ 14.553851] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.553910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.553924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.553958] Call Trace: [ 14.553984] <TASK> [ 14.554001] dump_stack_lvl+0x73/0xb0 [ 14.554030] print_report+0xd1/0x650 [ 14.554054] ? __virt_addr_valid+0x1db/0x2d0 [ 14.554077] ? kasan_atomics_helper+0xe78/0x5450 [ 14.554100] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.554124] ? kasan_atomics_helper+0xe78/0x5450 [ 14.554157] kasan_report+0x141/0x180 [ 14.554180] ? kasan_atomics_helper+0xe78/0x5450 [ 14.554208] kasan_check_range+0x10c/0x1c0 [ 14.554233] __kasan_check_write+0x18/0x20 [ 14.554254] kasan_atomics_helper+0xe78/0x5450 [ 14.554278] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.554302] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.554327] ? kasan_save_alloc_info+0x3b/0x50 [ 14.554352] ? kasan_atomics+0x152/0x310 [ 14.554380] kasan_atomics+0x1dc/0x310 [ 14.554404] ? __pfx_kasan_atomics+0x10/0x10 [ 14.554430] ? __pfx_read_tsc+0x10/0x10 [ 14.554453] ? ktime_get_ts64+0x86/0x230 [ 14.554478] kunit_try_run_case+0x1a5/0x480 [ 14.554503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.554526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.554551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.554576] ? __kthread_parkme+0x82/0x180 [ 14.554597] ? preempt_count_sub+0x50/0x80 [ 14.554622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.554647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.554671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.554695] kthread+0x337/0x6f0 [ 14.554718] ? trace_preempt_on+0x20/0xc0 [ 14.554743] ? __pfx_kthread+0x10/0x10 [ 14.554765] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.554788] ? calculate_sigpending+0x7b/0xa0 [ 14.554813] ? __pfx_kthread+0x10/0x10 [ 14.554835] ret_from_fork+0x116/0x1d0 [ 14.554855] ? __pfx_kthread+0x10/0x10 [ 14.554877] ret_from_fork_asm+0x1a/0x30 [ 14.554908] </TASK> [ 14.554920] [ 14.564256] Allocated by task 282: [ 14.564537] kasan_save_stack+0x45/0x70 [ 14.564732] kasan_save_track+0x18/0x40 [ 14.564922] kasan_save_alloc_info+0x3b/0x50 [ 14.565235] __kasan_kmalloc+0xb7/0xc0 [ 14.565423] __kmalloc_cache_noprof+0x189/0x420 [ 14.565902] kasan_atomics+0x95/0x310 [ 14.566081] kunit_try_run_case+0x1a5/0x480 [ 14.566316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.566486] kthread+0x337/0x6f0 [ 14.566608] ret_from_fork+0x116/0x1d0 [ 14.566752] ret_from_fork_asm+0x1a/0x30 [ 14.566889] [ 14.566979] The buggy address belongs to the object at ffff888103a18380 [ 14.566979] which belongs to the cache kmalloc-64 of size 64 [ 14.567563] The buggy address is located 0 bytes to the right of [ 14.567563] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.568514] [ 14.568611] The buggy address belongs to the physical page: [ 14.569376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.570676] flags: 0x200000000000000(node=0|zone=2) [ 14.570861] page_type: f5(slab) [ 14.571005] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.571859] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.572620] page dumped because: kasan: bad access detected [ 14.573157] [ 14.573279] Memory state around the buggy address: [ 14.573683] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.574242] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.574790] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.575021] ^ [ 14.575657] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.576335] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.576989] ================================================================== [ 14.820565] ================================================================== [ 14.820890] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.821226] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.821543] [ 14.821632] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.821676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.821689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.821713] Call Trace: [ 14.821732] <TASK> [ 14.821750] dump_stack_lvl+0x73/0xb0 [ 14.821778] print_report+0xd1/0x650 [ 14.821802] ? __virt_addr_valid+0x1db/0x2d0 [ 14.821825] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.821848] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.821872] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.821895] kasan_report+0x141/0x180 [ 14.821919] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.821958] __asan_report_load4_noabort+0x18/0x20 [ 14.821984] kasan_atomics_helper+0x49ce/0x5450 [ 14.822008] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.822031] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.822057] ? kasan_save_alloc_info+0x3b/0x50 [ 14.822092] ? kasan_atomics+0x152/0x310 [ 14.822120] kasan_atomics+0x1dc/0x310 [ 14.822144] ? __pfx_kasan_atomics+0x10/0x10 [ 14.822170] ? __pfx_read_tsc+0x10/0x10 [ 14.822192] ? ktime_get_ts64+0x86/0x230 [ 14.822216] kunit_try_run_case+0x1a5/0x480 [ 14.822242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.822266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.822291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.822315] ? __kthread_parkme+0x82/0x180 [ 14.822337] ? preempt_count_sub+0x50/0x80 [ 14.822362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.822387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.822411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.822436] kthread+0x337/0x6f0 [ 14.822457] ? trace_preempt_on+0x20/0xc0 [ 14.822481] ? __pfx_kthread+0x10/0x10 [ 14.822503] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.822526] ? calculate_sigpending+0x7b/0xa0 [ 14.822551] ? __pfx_kthread+0x10/0x10 [ 14.822575] ret_from_fork+0x116/0x1d0 [ 14.822595] ? __pfx_kthread+0x10/0x10 [ 14.822618] ret_from_fork_asm+0x1a/0x30 [ 14.822649] </TASK> [ 14.822663] [ 14.830103] Allocated by task 282: [ 14.830289] kasan_save_stack+0x45/0x70 [ 14.830482] kasan_save_track+0x18/0x40 [ 14.830627] kasan_save_alloc_info+0x3b/0x50 [ 14.830840] __kasan_kmalloc+0xb7/0xc0 [ 14.831048] __kmalloc_cache_noprof+0x189/0x420 [ 14.831281] kasan_atomics+0x95/0x310 [ 14.831450] kunit_try_run_case+0x1a5/0x480 [ 14.831642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.831858] kthread+0x337/0x6f0 [ 14.832046] ret_from_fork+0x116/0x1d0 [ 14.832232] ret_from_fork_asm+0x1a/0x30 [ 14.832417] [ 14.832490] The buggy address belongs to the object at ffff888103a18380 [ 14.832490] which belongs to the cache kmalloc-64 of size 64 [ 14.832867] The buggy address is located 0 bytes to the right of [ 14.832867] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.833433] [ 14.833528] The buggy address belongs to the physical page: [ 14.833704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.833957] flags: 0x200000000000000(node=0|zone=2) [ 14.834353] page_type: f5(slab) [ 14.834522] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.834869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.835233] page dumped because: kasan: bad access detected [ 14.835471] [ 14.835569] Memory state around the buggy address: [ 14.835754] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.836054] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.836367] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.836593] ^ [ 14.836751] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.836987] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.837453] ================================================================== [ 14.856297] ================================================================== [ 14.858807] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.859132] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.859505] [ 14.859595] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.859640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.859654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.859675] Call Trace: [ 14.859694] <TASK> [ 14.859711] dump_stack_lvl+0x73/0xb0 [ 14.859740] print_report+0xd1/0x650 [ 14.859764] ? __virt_addr_valid+0x1db/0x2d0 [ 14.859788] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.859811] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.859835] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.859859] kasan_report+0x141/0x180 [ 14.859883] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.859969] __asan_report_load8_noabort+0x18/0x20 [ 14.859998] kasan_atomics_helper+0x4eae/0x5450 [ 14.860023] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.860047] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.860083] ? kasan_save_alloc_info+0x3b/0x50 [ 14.860111] ? kasan_atomics+0x152/0x310 [ 14.860141] kasan_atomics+0x1dc/0x310 [ 14.860166] ? __pfx_kasan_atomics+0x10/0x10 [ 14.860193] ? __pfx_read_tsc+0x10/0x10 [ 14.860217] ? ktime_get_ts64+0x86/0x230 [ 14.860245] kunit_try_run_case+0x1a5/0x480 [ 14.860272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.860295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.860320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.860344] ? __kthread_parkme+0x82/0x180 [ 14.860366] ? preempt_count_sub+0x50/0x80 [ 14.860391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.860415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.860441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.860465] kthread+0x337/0x6f0 [ 14.860487] ? trace_preempt_on+0x20/0xc0 [ 14.860512] ? __pfx_kthread+0x10/0x10 [ 14.860535] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.860558] ? calculate_sigpending+0x7b/0xa0 [ 14.860583] ? __pfx_kthread+0x10/0x10 [ 14.860606] ret_from_fork+0x116/0x1d0 [ 14.860627] ? __pfx_kthread+0x10/0x10 [ 14.860649] ret_from_fork_asm+0x1a/0x30 [ 14.860681] </TASK> [ 14.860695] [ 14.871067] Allocated by task 282: [ 14.871211] kasan_save_stack+0x45/0x70 [ 14.871357] kasan_save_track+0x18/0x40 [ 14.871492] kasan_save_alloc_info+0x3b/0x50 [ 14.871637] __kasan_kmalloc+0xb7/0xc0 [ 14.871832] __kmalloc_cache_noprof+0x189/0x420 [ 14.872065] kasan_atomics+0x95/0x310 [ 14.872255] kunit_try_run_case+0x1a5/0x480 [ 14.872459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.872710] kthread+0x337/0x6f0 [ 14.872830] ret_from_fork+0x116/0x1d0 [ 14.872985] ret_from_fork_asm+0x1a/0x30 [ 14.873327] [ 14.873426] The buggy address belongs to the object at ffff888103a18380 [ 14.873426] which belongs to the cache kmalloc-64 of size 64 [ 14.873819] The buggy address is located 0 bytes to the right of [ 14.873819] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.874455] [ 14.874562] The buggy address belongs to the physical page: [ 14.874788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.875133] flags: 0x200000000000000(node=0|zone=2) [ 14.875364] page_type: f5(slab) [ 14.875517] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.875824] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.876914] page dumped because: kasan: bad access detected [ 14.877160] [ 14.877268] Memory state around the buggy address: [ 14.877465] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.877703] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.878003] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.878329] ^ [ 14.878549] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.878842] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.879167] ================================================================== [ 14.879703] ================================================================== [ 14.880037] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.880501] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.880731] [ 14.880846] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.880893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.880907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.880931] Call Trace: [ 14.880959] <TASK> [ 14.880978] dump_stack_lvl+0x73/0xb0 [ 14.881009] print_report+0xd1/0x650 [ 14.881033] ? __virt_addr_valid+0x1db/0x2d0 [ 14.881057] ? kasan_atomics_helper+0x1467/0x5450 [ 14.881079] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.881104] ? kasan_atomics_helper+0x1467/0x5450 [ 14.881128] kasan_report+0x141/0x180 [ 14.881152] ? kasan_atomics_helper+0x1467/0x5450 [ 14.881180] kasan_check_range+0x10c/0x1c0 [ 14.881208] __kasan_check_write+0x18/0x20 [ 14.881230] kasan_atomics_helper+0x1467/0x5450 [ 14.881255] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.881280] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.881305] ? kasan_save_alloc_info+0x3b/0x50 [ 14.881329] ? kasan_atomics+0x152/0x310 [ 14.881357] kasan_atomics+0x1dc/0x310 [ 14.881381] ? __pfx_kasan_atomics+0x10/0x10 [ 14.881407] ? __pfx_read_tsc+0x10/0x10 [ 14.881429] ? ktime_get_ts64+0x86/0x230 [ 14.881455] kunit_try_run_case+0x1a5/0x480 [ 14.881480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.881504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.881544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.881568] ? __kthread_parkme+0x82/0x180 [ 14.881591] ? preempt_count_sub+0x50/0x80 [ 14.881616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.881641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.881666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.881690] kthread+0x337/0x6f0 [ 14.881712] ? trace_preempt_on+0x20/0xc0 [ 14.881736] ? __pfx_kthread+0x10/0x10 [ 14.881758] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.881781] ? calculate_sigpending+0x7b/0xa0 [ 14.881806] ? __pfx_kthread+0x10/0x10 [ 14.881829] ret_from_fork+0x116/0x1d0 [ 14.881848] ? __pfx_kthread+0x10/0x10 [ 14.881870] ret_from_fork_asm+0x1a/0x30 [ 14.881902] </TASK> [ 14.881915] [ 14.889632] Allocated by task 282: [ 14.889823] kasan_save_stack+0x45/0x70 [ 14.890017] kasan_save_track+0x18/0x40 [ 14.890262] kasan_save_alloc_info+0x3b/0x50 [ 14.890476] __kasan_kmalloc+0xb7/0xc0 [ 14.890633] __kmalloc_cache_noprof+0x189/0x420 [ 14.890859] kasan_atomics+0x95/0x310 [ 14.891024] kunit_try_run_case+0x1a5/0x480 [ 14.891319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.891522] kthread+0x337/0x6f0 [ 14.891696] ret_from_fork+0x116/0x1d0 [ 14.891866] ret_from_fork_asm+0x1a/0x30 [ 14.892060] [ 14.892168] The buggy address belongs to the object at ffff888103a18380 [ 14.892168] which belongs to the cache kmalloc-64 of size 64 [ 14.892604] The buggy address is located 0 bytes to the right of [ 14.892604] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.893057] [ 14.893133] The buggy address belongs to the physical page: [ 14.893307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.893550] flags: 0x200000000000000(node=0|zone=2) [ 14.893716] page_type: f5(slab) [ 14.893884] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.894237] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.894733] page dumped because: kasan: bad access detected [ 14.894910] [ 14.894993] Memory state around the buggy address: [ 14.895157] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.895379] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.895597] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.895972] ^ [ 14.896374] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.896710] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.897051] ================================================================== [ 14.611757] ================================================================== [ 14.612098] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.612449] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.612795] [ 14.612914] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.613193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.613209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.613262] Call Trace: [ 14.613282] <TASK> [ 14.613316] dump_stack_lvl+0x73/0xb0 [ 14.613358] print_report+0xd1/0x650 [ 14.613382] ? __virt_addr_valid+0x1db/0x2d0 [ 14.613417] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.613439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.613463] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.613486] kasan_report+0x141/0x180 [ 14.613563] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.613595] kasan_check_range+0x10c/0x1c0 [ 14.613654] __kasan_check_write+0x18/0x20 [ 14.613675] kasan_atomics_helper+0xfa9/0x5450 [ 14.613728] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.613752] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.613779] ? kasan_save_alloc_info+0x3b/0x50 [ 14.613803] ? kasan_atomics+0x152/0x310 [ 14.613831] kasan_atomics+0x1dc/0x310 [ 14.613856] ? __pfx_kasan_atomics+0x10/0x10 [ 14.613881] ? __pfx_read_tsc+0x10/0x10 [ 14.613904] ? ktime_get_ts64+0x86/0x230 [ 14.613930] kunit_try_run_case+0x1a5/0x480 [ 14.613965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.613989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.614013] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.614038] ? __kthread_parkme+0x82/0x180 [ 14.614060] ? preempt_count_sub+0x50/0x80 [ 14.614099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.614124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.614149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.614173] kthread+0x337/0x6f0 [ 14.614195] ? trace_preempt_on+0x20/0xc0 [ 14.614220] ? __pfx_kthread+0x10/0x10 [ 14.614245] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.614268] ? calculate_sigpending+0x7b/0xa0 [ 14.614293] ? __pfx_kthread+0x10/0x10 [ 14.614316] ret_from_fork+0x116/0x1d0 [ 14.614336] ? __pfx_kthread+0x10/0x10 [ 14.614359] ret_from_fork_asm+0x1a/0x30 [ 14.614391] </TASK> [ 14.614404] [ 14.624363] Allocated by task 282: [ 14.624615] kasan_save_stack+0x45/0x70 [ 14.625063] kasan_save_track+0x18/0x40 [ 14.625318] kasan_save_alloc_info+0x3b/0x50 [ 14.625586] __kasan_kmalloc+0xb7/0xc0 [ 14.625816] __kmalloc_cache_noprof+0x189/0x420 [ 14.626061] kasan_atomics+0x95/0x310 [ 14.626264] kunit_try_run_case+0x1a5/0x480 [ 14.626603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.626865] kthread+0x337/0x6f0 [ 14.627100] ret_from_fork+0x116/0x1d0 [ 14.627286] ret_from_fork_asm+0x1a/0x30 [ 14.627571] [ 14.627793] The buggy address belongs to the object at ffff888103a18380 [ 14.627793] which belongs to the cache kmalloc-64 of size 64 [ 14.628376] The buggy address is located 0 bytes to the right of [ 14.628376] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.629587] [ 14.629705] The buggy address belongs to the physical page: [ 14.629887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.630479] flags: 0x200000000000000(node=0|zone=2) [ 14.630667] page_type: f5(slab) [ 14.630842] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.631323] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.631655] page dumped because: kasan: bad access detected [ 14.632106] [ 14.632288] Memory state around the buggy address: [ 14.632723] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.633077] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.633521] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.634064] ^ [ 14.634342] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.634804] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.635176] ================================================================== [ 15.165450] ================================================================== [ 15.165863] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.166133] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.166636] [ 15.166770] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.166814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.166827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.166850] Call Trace: [ 15.166867] <TASK> [ 15.166883] dump_stack_lvl+0x73/0xb0 [ 15.166911] print_report+0xd1/0x650 [ 15.166934] ? __virt_addr_valid+0x1db/0x2d0 [ 15.166969] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.166993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.167019] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.167043] kasan_report+0x141/0x180 [ 15.167068] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.167108] kasan_check_range+0x10c/0x1c0 [ 15.167139] __kasan_check_write+0x18/0x20 [ 15.167160] kasan_atomics_helper+0x1c18/0x5450 [ 15.167185] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.167208] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.167234] ? kasan_save_alloc_info+0x3b/0x50 [ 15.167258] ? kasan_atomics+0x152/0x310 [ 15.167287] kasan_atomics+0x1dc/0x310 [ 15.167311] ? __pfx_kasan_atomics+0x10/0x10 [ 15.167338] ? __pfx_read_tsc+0x10/0x10 [ 15.167361] ? ktime_get_ts64+0x86/0x230 [ 15.167385] kunit_try_run_case+0x1a5/0x480 [ 15.167411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.167434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.167461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.167486] ? __kthread_parkme+0x82/0x180 [ 15.167507] ? preempt_count_sub+0x50/0x80 [ 15.167532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.167558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.167583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.167607] kthread+0x337/0x6f0 [ 15.167629] ? trace_preempt_on+0x20/0xc0 [ 15.167654] ? __pfx_kthread+0x10/0x10 [ 15.167676] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.167699] ? calculate_sigpending+0x7b/0xa0 [ 15.167724] ? __pfx_kthread+0x10/0x10 [ 15.167746] ret_from_fork+0x116/0x1d0 [ 15.167766] ? __pfx_kthread+0x10/0x10 [ 15.167788] ret_from_fork_asm+0x1a/0x30 [ 15.167820] </TASK> [ 15.167834] [ 15.175306] Allocated by task 282: [ 15.175495] kasan_save_stack+0x45/0x70 [ 15.175702] kasan_save_track+0x18/0x40 [ 15.175892] kasan_save_alloc_info+0x3b/0x50 [ 15.176160] __kasan_kmalloc+0xb7/0xc0 [ 15.176332] __kmalloc_cache_noprof+0x189/0x420 [ 15.176525] kasan_atomics+0x95/0x310 [ 15.176715] kunit_try_run_case+0x1a5/0x480 [ 15.176913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.177176] kthread+0x337/0x6f0 [ 15.177305] ret_from_fork+0x116/0x1d0 [ 15.177439] ret_from_fork_asm+0x1a/0x30 [ 15.177579] [ 15.177653] The buggy address belongs to the object at ffff888103a18380 [ 15.177653] which belongs to the cache kmalloc-64 of size 64 [ 15.178014] The buggy address is located 0 bytes to the right of [ 15.178014] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.178731] [ 15.178830] The buggy address belongs to the physical page: [ 15.179079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.179327] flags: 0x200000000000000(node=0|zone=2) [ 15.179494] page_type: f5(slab) [ 15.179623] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.179885] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.180455] page dumped because: kasan: bad access detected [ 15.180714] [ 15.180816] Memory state around the buggy address: [ 15.181056] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.181392] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.181726] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.182056] ^ [ 15.182261] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.182523] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.182767] ================================================================== [ 14.333568] ================================================================== [ 14.334323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.334742] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.335032] [ 14.335198] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.335263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.335291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.335330] Call Trace: [ 14.335359] <TASK> [ 14.335390] dump_stack_lvl+0x73/0xb0 [ 14.335433] print_report+0xd1/0x650 [ 14.335483] ? __virt_addr_valid+0x1db/0x2d0 [ 14.335520] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.335556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.335595] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.335629] kasan_report+0x141/0x180 [ 14.335654] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.335736] kasan_check_range+0x10c/0x1c0 [ 14.335768] __kasan_check_write+0x18/0x20 [ 14.335790] kasan_atomics_helper+0x8f9/0x5450 [ 14.335814] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.335839] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.335864] ? kasan_save_alloc_info+0x3b/0x50 [ 14.335889] ? kasan_atomics+0x152/0x310 [ 14.335918] kasan_atomics+0x1dc/0x310 [ 14.335953] ? __pfx_kasan_atomics+0x10/0x10 [ 14.335979] ? __pfx_read_tsc+0x10/0x10 [ 14.336001] ? ktime_get_ts64+0x86/0x230 [ 14.336027] kunit_try_run_case+0x1a5/0x480 [ 14.336053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.336077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.336103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.336127] ? __kthread_parkme+0x82/0x180 [ 14.336149] ? preempt_count_sub+0x50/0x80 [ 14.336175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.336200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.336224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.336250] kthread+0x337/0x6f0 [ 14.336271] ? trace_preempt_on+0x20/0xc0 [ 14.336296] ? __pfx_kthread+0x10/0x10 [ 14.336318] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.336340] ? calculate_sigpending+0x7b/0xa0 [ 14.336365] ? __pfx_kthread+0x10/0x10 [ 14.336388] ret_from_fork+0x116/0x1d0 [ 14.336408] ? __pfx_kthread+0x10/0x10 [ 14.336430] ret_from_fork_asm+0x1a/0x30 [ 14.336603] </TASK> [ 14.336624] [ 14.353212] Allocated by task 282: [ 14.353404] kasan_save_stack+0x45/0x70 [ 14.353897] kasan_save_track+0x18/0x40 [ 14.354086] kasan_save_alloc_info+0x3b/0x50 [ 14.354364] __kasan_kmalloc+0xb7/0xc0 [ 14.354750] __kmalloc_cache_noprof+0x189/0x420 [ 14.354987] kasan_atomics+0x95/0x310 [ 14.355237] kunit_try_run_case+0x1a5/0x480 [ 14.355634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.356042] kthread+0x337/0x6f0 [ 14.356334] ret_from_fork+0x116/0x1d0 [ 14.356485] ret_from_fork_asm+0x1a/0x30 [ 14.356723] [ 14.356906] The buggy address belongs to the object at ffff888103a18380 [ 14.356906] which belongs to the cache kmalloc-64 of size 64 [ 14.357837] The buggy address is located 0 bytes to the right of [ 14.357837] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.358429] [ 14.358645] The buggy address belongs to the physical page: [ 14.358927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.359350] flags: 0x200000000000000(node=0|zone=2) [ 14.359693] page_type: f5(slab) [ 14.359892] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.360258] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.360646] page dumped because: kasan: bad access detected [ 14.360987] [ 14.361188] Memory state around the buggy address: [ 14.361439] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.361985] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.362401] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.362829] ^ [ 14.363148] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.363438] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.363806] ================================================================== [ 14.442587] ================================================================== [ 14.442887] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.443248] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.443479] [ 14.443566] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.443607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.443621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.443642] Call Trace: [ 14.443661] <TASK> [ 14.443678] dump_stack_lvl+0x73/0xb0 [ 14.443705] print_report+0xd1/0x650 [ 14.443727] ? __virt_addr_valid+0x1db/0x2d0 [ 14.443796] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.443821] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.443846] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.443869] kasan_report+0x141/0x180 [ 14.443894] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.443921] kasan_check_range+0x10c/0x1c0 [ 14.443960] __kasan_check_write+0x18/0x20 [ 14.443981] kasan_atomics_helper+0xb6a/0x5450 [ 14.444005] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.444029] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.444054] ? kasan_save_alloc_info+0x3b/0x50 [ 14.444078] ? kasan_atomics+0x152/0x310 [ 14.444106] kasan_atomics+0x1dc/0x310 [ 14.444130] ? __pfx_kasan_atomics+0x10/0x10 [ 14.444156] ? __pfx_read_tsc+0x10/0x10 [ 14.444177] ? ktime_get_ts64+0x86/0x230 [ 14.444202] kunit_try_run_case+0x1a5/0x480 [ 14.444227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.444274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.444299] ? __kthread_parkme+0x82/0x180 [ 14.444321] ? preempt_count_sub+0x50/0x80 [ 14.444344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.444393] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.444417] kthread+0x337/0x6f0 [ 14.444438] ? trace_preempt_on+0x20/0xc0 [ 14.444620] ? __pfx_kthread+0x10/0x10 [ 14.444652] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.444676] ? calculate_sigpending+0x7b/0xa0 [ 14.444701] ? __pfx_kthread+0x10/0x10 [ 14.444724] ret_from_fork+0x116/0x1d0 [ 14.444745] ? __pfx_kthread+0x10/0x10 [ 14.444767] ret_from_fork_asm+0x1a/0x30 [ 14.444799] </TASK> [ 14.444813] [ 14.453657] Allocated by task 282: [ 14.453792] kasan_save_stack+0x45/0x70 [ 14.453949] kasan_save_track+0x18/0x40 [ 14.454086] kasan_save_alloc_info+0x3b/0x50 [ 14.454237] __kasan_kmalloc+0xb7/0xc0 [ 14.454372] __kmalloc_cache_noprof+0x189/0x420 [ 14.454539] kasan_atomics+0x95/0x310 [ 14.454730] kunit_try_run_case+0x1a5/0x480 [ 14.455202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.455508] kthread+0x337/0x6f0 [ 14.455689] ret_from_fork+0x116/0x1d0 [ 14.455879] ret_from_fork_asm+0x1a/0x30 [ 14.456058] [ 14.456167] The buggy address belongs to the object at ffff888103a18380 [ 14.456167] which belongs to the cache kmalloc-64 of size 64 [ 14.456923] The buggy address is located 0 bytes to the right of [ 14.456923] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.457373] [ 14.457451] The buggy address belongs to the physical page: [ 14.457734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.458195] flags: 0x200000000000000(node=0|zone=2) [ 14.458423] page_type: f5(slab) [ 14.458639] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.458927] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.459371] page dumped because: kasan: bad access detected [ 14.459729] [ 14.459832] Memory state around the buggy address: [ 14.460041] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.460325] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.460788] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.461094] ^ [ 14.461322] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.461679] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.461907] ================================================================== [ 15.028891] ================================================================== [ 15.030121] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 15.030760] Write of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.031444] [ 15.031618] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.031662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.031676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.031699] Call Trace: [ 15.031717] <TASK> [ 15.031734] dump_stack_lvl+0x73/0xb0 [ 15.031762] print_report+0xd1/0x650 [ 15.031785] ? __virt_addr_valid+0x1db/0x2d0 [ 15.031809] ? kasan_atomics_helper+0x1818/0x5450 [ 15.031833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.031857] ? kasan_atomics_helper+0x1818/0x5450 [ 15.031880] kasan_report+0x141/0x180 [ 15.031904] ? kasan_atomics_helper+0x1818/0x5450 [ 15.031931] kasan_check_range+0x10c/0x1c0 [ 15.031969] __kasan_check_write+0x18/0x20 [ 15.031990] kasan_atomics_helper+0x1818/0x5450 [ 15.032014] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.032038] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.032063] ? kasan_save_alloc_info+0x3b/0x50 [ 15.032088] ? kasan_atomics+0x152/0x310 [ 15.032117] kasan_atomics+0x1dc/0x310 [ 15.032140] ? __pfx_kasan_atomics+0x10/0x10 [ 15.032167] ? __pfx_read_tsc+0x10/0x10 [ 15.032190] ? ktime_get_ts64+0x86/0x230 [ 15.032215] kunit_try_run_case+0x1a5/0x480 [ 15.032241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.032264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.032289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.032313] ? __kthread_parkme+0x82/0x180 [ 15.032335] ? preempt_count_sub+0x50/0x80 [ 15.032360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.032385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.032409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.032434] kthread+0x337/0x6f0 [ 15.032455] ? trace_preempt_on+0x20/0xc0 [ 15.032479] ? __pfx_kthread+0x10/0x10 [ 15.032502] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.032525] ? calculate_sigpending+0x7b/0xa0 [ 15.032550] ? __pfx_kthread+0x10/0x10 [ 15.032573] ret_from_fork+0x116/0x1d0 [ 15.032593] ? __pfx_kthread+0x10/0x10 [ 15.032615] ret_from_fork_asm+0x1a/0x30 [ 15.032647] </TASK> [ 15.032661] [ 15.042856] Allocated by task 282: [ 15.043062] kasan_save_stack+0x45/0x70 [ 15.043265] kasan_save_track+0x18/0x40 [ 15.043451] kasan_save_alloc_info+0x3b/0x50 [ 15.043653] __kasan_kmalloc+0xb7/0xc0 [ 15.043831] __kmalloc_cache_noprof+0x189/0x420 [ 15.044052] kasan_atomics+0x95/0x310 [ 15.044622] kunit_try_run_case+0x1a5/0x480 [ 15.044780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.044972] kthread+0x337/0x6f0 [ 15.045098] ret_from_fork+0x116/0x1d0 [ 15.045235] ret_from_fork_asm+0x1a/0x30 [ 15.045378] [ 15.045452] The buggy address belongs to the object at ffff888103a18380 [ 15.045452] which belongs to the cache kmalloc-64 of size 64 [ 15.045805] The buggy address is located 0 bytes to the right of [ 15.045805] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.046969] [ 15.047124] The buggy address belongs to the physical page: [ 15.047578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.048279] flags: 0x200000000000000(node=0|zone=2) [ 15.048732] page_type: f5(slab) [ 15.049042] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.049385] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.049700] page dumped because: kasan: bad access detected [ 15.049937] [ 15.050024] Memory state around the buggy address: [ 15.050187] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.050654] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.050898] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.051393] ^ [ 15.051622] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.051928] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.052201] ================================================================== [ 15.405843] ================================================================== [ 15.406192] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.406918] Read of size 8 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 15.407332] [ 15.407438] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.407483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.407496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.407520] Call Trace: [ 15.407539] <TASK> [ 15.407558] dump_stack_lvl+0x73/0xb0 [ 15.407587] print_report+0xd1/0x650 [ 15.407611] ? __virt_addr_valid+0x1db/0x2d0 [ 15.407638] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.407661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.407686] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.407709] kasan_report+0x141/0x180 [ 15.407733] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.407761] __asan_report_load8_noabort+0x18/0x20 [ 15.407786] kasan_atomics_helper+0x4fb2/0x5450 [ 15.407811] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.407834] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.407858] ? kasan_save_alloc_info+0x3b/0x50 [ 15.407883] ? kasan_atomics+0x152/0x310 [ 15.407911] kasan_atomics+0x1dc/0x310 [ 15.407936] ? __pfx_kasan_atomics+0x10/0x10 [ 15.407974] ? __pfx_read_tsc+0x10/0x10 [ 15.407997] ? ktime_get_ts64+0x86/0x230 [ 15.408022] kunit_try_run_case+0x1a5/0x480 [ 15.408047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.408082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.408107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.408131] ? __kthread_parkme+0x82/0x180 [ 15.408153] ? preempt_count_sub+0x50/0x80 [ 15.408177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.408203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.408227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.408251] kthread+0x337/0x6f0 [ 15.408272] ? trace_preempt_on+0x20/0xc0 [ 15.408296] ? __pfx_kthread+0x10/0x10 [ 15.408317] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.408341] ? calculate_sigpending+0x7b/0xa0 [ 15.408366] ? __pfx_kthread+0x10/0x10 [ 15.408388] ret_from_fork+0x116/0x1d0 [ 15.408408] ? __pfx_kthread+0x10/0x10 [ 15.408431] ret_from_fork_asm+0x1a/0x30 [ 15.408463] </TASK> [ 15.408475] [ 15.416079] Allocated by task 282: [ 15.416278] kasan_save_stack+0x45/0x70 [ 15.416456] kasan_save_track+0x18/0x40 [ 15.416649] kasan_save_alloc_info+0x3b/0x50 [ 15.416830] __kasan_kmalloc+0xb7/0xc0 [ 15.417029] __kmalloc_cache_noprof+0x189/0x420 [ 15.417223] kasan_atomics+0x95/0x310 [ 15.417379] kunit_try_run_case+0x1a5/0x480 [ 15.417592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.417828] kthread+0x337/0x6f0 [ 15.418009] ret_from_fork+0x116/0x1d0 [ 15.418199] ret_from_fork_asm+0x1a/0x30 [ 15.418341] [ 15.418415] The buggy address belongs to the object at ffff888103a18380 [ 15.418415] which belongs to the cache kmalloc-64 of size 64 [ 15.418931] The buggy address is located 0 bytes to the right of [ 15.418931] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 15.419315] [ 15.419390] The buggy address belongs to the physical page: [ 15.419568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 15.420053] flags: 0x200000000000000(node=0|zone=2) [ 15.420300] page_type: f5(slab) [ 15.420519] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.420752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.420991] page dumped because: kasan: bad access detected [ 15.421163] [ 15.421236] Memory state around the buggy address: [ 15.421471] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.421800] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.422225] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.422550] ^ [ 15.422780] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.423117] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.423461] ================================================================== [ 14.130151] ================================================================== [ 14.130597] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.131229] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.131635] [ 14.131800] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.131860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.131874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.131898] Call Trace: [ 14.131916] <TASK> [ 14.131934] dump_stack_lvl+0x73/0xb0 [ 14.131975] print_report+0xd1/0x650 [ 14.131999] ? __virt_addr_valid+0x1db/0x2d0 [ 14.132023] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.132091] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.132115] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.132177] kasan_report+0x141/0x180 [ 14.132202] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.132242] __asan_report_load4_noabort+0x18/0x20 [ 14.132268] kasan_atomics_helper+0x4b54/0x5450 [ 14.132291] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.132315] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.132340] ? kasan_save_alloc_info+0x3b/0x50 [ 14.132364] ? kasan_atomics+0x152/0x310 [ 14.132393] kasan_atomics+0x1dc/0x310 [ 14.132418] ? __pfx_kasan_atomics+0x10/0x10 [ 14.132443] ? __pfx_read_tsc+0x10/0x10 [ 14.132481] ? ktime_get_ts64+0x86/0x230 [ 14.132506] kunit_try_run_case+0x1a5/0x480 [ 14.132532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.132711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.132738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.132794] ? __kthread_parkme+0x82/0x180 [ 14.132816] ? preempt_count_sub+0x50/0x80 [ 14.132854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.132879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.132904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.132944] kthread+0x337/0x6f0 [ 14.132965] ? trace_preempt_on+0x20/0xc0 [ 14.132990] ? __pfx_kthread+0x10/0x10 [ 14.133011] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.133034] ? calculate_sigpending+0x7b/0xa0 [ 14.133060] ? __pfx_kthread+0x10/0x10 [ 14.133094] ret_from_fork+0x116/0x1d0 [ 14.133115] ? __pfx_kthread+0x10/0x10 [ 14.133138] ret_from_fork_asm+0x1a/0x30 [ 14.133184] </TASK> [ 14.133199] [ 14.142313] Allocated by task 282: [ 14.142831] kasan_save_stack+0x45/0x70 [ 14.143102] kasan_save_track+0x18/0x40 [ 14.143254] kasan_save_alloc_info+0x3b/0x50 [ 14.143535] __kasan_kmalloc+0xb7/0xc0 [ 14.143674] __kmalloc_cache_noprof+0x189/0x420 [ 14.143832] kasan_atomics+0x95/0x310 [ 14.144246] kunit_try_run_case+0x1a5/0x480 [ 14.144522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.144762] kthread+0x337/0x6f0 [ 14.144997] ret_from_fork+0x116/0x1d0 [ 14.145321] ret_from_fork_asm+0x1a/0x30 [ 14.145601] [ 14.145685] The buggy address belongs to the object at ffff888103a18380 [ 14.145685] which belongs to the cache kmalloc-64 of size 64 [ 14.146261] The buggy address is located 0 bytes to the right of [ 14.146261] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.147103] [ 14.147209] The buggy address belongs to the physical page: [ 14.147592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.147922] flags: 0x200000000000000(node=0|zone=2) [ 14.148278] page_type: f5(slab) [ 14.148586] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.148893] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.149346] page dumped because: kasan: bad access detected [ 14.149736] [ 14.149834] Memory state around the buggy address: [ 14.150064] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.150366] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.150830] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.151192] ^ [ 14.151623] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.151908] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.152352] ================================================================== [ 14.736196] ================================================================== [ 14.736787] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.737041] Read of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.737745] [ 14.737838] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.737882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.737896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.737919] Call Trace: [ 14.737933] <TASK> [ 14.737959] dump_stack_lvl+0x73/0xb0 [ 14.737987] print_report+0xd1/0x650 [ 14.738010] ? __virt_addr_valid+0x1db/0x2d0 [ 14.738034] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.738056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.738090] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.738113] kasan_report+0x141/0x180 [ 14.738137] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.738165] __asan_report_load4_noabort+0x18/0x20 [ 14.738191] kasan_atomics_helper+0x4a02/0x5450 [ 14.738215] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.738239] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.738265] ? kasan_save_alloc_info+0x3b/0x50 [ 14.738290] ? kasan_atomics+0x152/0x310 [ 14.738317] kasan_atomics+0x1dc/0x310 [ 14.738342] ? __pfx_kasan_atomics+0x10/0x10 [ 14.738368] ? __pfx_read_tsc+0x10/0x10 [ 14.738391] ? ktime_get_ts64+0x86/0x230 [ 14.738416] kunit_try_run_case+0x1a5/0x480 [ 14.738442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.738465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.738490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.738515] ? __kthread_parkme+0x82/0x180 [ 14.738535] ? preempt_count_sub+0x50/0x80 [ 14.738560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.738585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.738610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.738635] kthread+0x337/0x6f0 [ 14.738656] ? trace_preempt_on+0x20/0xc0 [ 14.738681] ? __pfx_kthread+0x10/0x10 [ 14.738703] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.738726] ? calculate_sigpending+0x7b/0xa0 [ 14.738751] ? __pfx_kthread+0x10/0x10 [ 14.738774] ret_from_fork+0x116/0x1d0 [ 14.738794] ? __pfx_kthread+0x10/0x10 [ 14.738816] ret_from_fork_asm+0x1a/0x30 [ 14.738848] </TASK> [ 14.738861] [ 14.746326] Allocated by task 282: [ 14.746515] kasan_save_stack+0x45/0x70 [ 14.746802] kasan_save_track+0x18/0x40 [ 14.746966] kasan_save_alloc_info+0x3b/0x50 [ 14.747123] __kasan_kmalloc+0xb7/0xc0 [ 14.747258] __kmalloc_cache_noprof+0x189/0x420 [ 14.747415] kasan_atomics+0x95/0x310 [ 14.747550] kunit_try_run_case+0x1a5/0x480 [ 14.747743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.748015] kthread+0x337/0x6f0 [ 14.748336] ret_from_fork+0x116/0x1d0 [ 14.748532] ret_from_fork_asm+0x1a/0x30 [ 14.748737] [ 14.748838] The buggy address belongs to the object at ffff888103a18380 [ 14.748838] which belongs to the cache kmalloc-64 of size 64 [ 14.749636] The buggy address is located 0 bytes to the right of [ 14.749636] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.750082] [ 14.750184] The buggy address belongs to the physical page: [ 14.750448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.750766] flags: 0x200000000000000(node=0|zone=2) [ 14.750993] page_type: f5(slab) [ 14.751196] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.751509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.751806] page dumped because: kasan: bad access detected [ 14.752046] [ 14.752145] Memory state around the buggy address: [ 14.752355] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.752577] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.752795] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.753022] ^ [ 14.753181] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.753505] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.753834] ================================================================== [ 14.504061] ================================================================== [ 14.504378] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.505332] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.506165] [ 14.506301] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.506349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.506365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.506387] Call Trace: [ 14.506402] <TASK> [ 14.506419] dump_stack_lvl+0x73/0xb0 [ 14.506449] print_report+0xd1/0x650 [ 14.506632] ? __virt_addr_valid+0x1db/0x2d0 [ 14.506661] ? kasan_atomics_helper+0xd47/0x5450 [ 14.506684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.506709] ? kasan_atomics_helper+0xd47/0x5450 [ 14.506732] kasan_report+0x141/0x180 [ 14.506756] ? kasan_atomics_helper+0xd47/0x5450 [ 14.506783] kasan_check_range+0x10c/0x1c0 [ 14.506809] __kasan_check_write+0x18/0x20 [ 14.506831] kasan_atomics_helper+0xd47/0x5450 [ 14.506856] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.506879] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.506905] ? kasan_save_alloc_info+0x3b/0x50 [ 14.506930] ? kasan_atomics+0x152/0x310 [ 14.506971] kasan_atomics+0x1dc/0x310 [ 14.506996] ? __pfx_kasan_atomics+0x10/0x10 [ 14.507022] ? __pfx_read_tsc+0x10/0x10 [ 14.507044] ? ktime_get_ts64+0x86/0x230 [ 14.507100] kunit_try_run_case+0x1a5/0x480 [ 14.507153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.507331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.507363] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.507390] ? __kthread_parkme+0x82/0x180 [ 14.507412] ? preempt_count_sub+0x50/0x80 [ 14.507437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.507470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.507496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.507520] kthread+0x337/0x6f0 [ 14.507542] ? trace_preempt_on+0x20/0xc0 [ 14.507566] ? __pfx_kthread+0x10/0x10 [ 14.507587] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.507610] ? calculate_sigpending+0x7b/0xa0 [ 14.507634] ? __pfx_kthread+0x10/0x10 [ 14.507658] ret_from_fork+0x116/0x1d0 [ 14.507677] ? __pfx_kthread+0x10/0x10 [ 14.507698] ret_from_fork_asm+0x1a/0x30 [ 14.507730] </TASK> [ 14.507743] [ 14.522659] Allocated by task 282: [ 14.523013] kasan_save_stack+0x45/0x70 [ 14.523506] kasan_save_track+0x18/0x40 [ 14.523885] kasan_save_alloc_info+0x3b/0x50 [ 14.524093] __kasan_kmalloc+0xb7/0xc0 [ 14.524226] __kmalloc_cache_noprof+0x189/0x420 [ 14.524380] kasan_atomics+0x95/0x310 [ 14.524513] kunit_try_run_case+0x1a5/0x480 [ 14.524661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.524965] kthread+0x337/0x6f0 [ 14.525127] ret_from_fork+0x116/0x1d0 [ 14.525291] ret_from_fork_asm+0x1a/0x30 [ 14.525468] [ 14.525561] The buggy address belongs to the object at ffff888103a18380 [ 14.525561] which belongs to the cache kmalloc-64 of size 64 [ 14.525950] The buggy address is located 0 bytes to the right of [ 14.525950] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.526692] [ 14.526768] The buggy address belongs to the physical page: [ 14.526946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.527638] flags: 0x200000000000000(node=0|zone=2) [ 14.527837] page_type: f5(slab) [ 14.528015] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.528289] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.528552] page dumped because: kasan: bad access detected [ 14.528809] [ 14.528905] Memory state around the buggy address: [ 14.529261] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.529556] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.529869] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.530304] ^ [ 14.530588] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.531006] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.531350] ================================================================== [ 14.754403] ================================================================== [ 14.755156] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.755395] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.755616] [ 14.755702] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.755745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.755759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.755781] Call Trace: [ 14.755796] <TASK> [ 14.755811] dump_stack_lvl+0x73/0xb0 [ 14.755841] print_report+0xd1/0x650 [ 14.755864] ? __virt_addr_valid+0x1db/0x2d0 [ 14.755888] ? kasan_atomics_helper+0x1217/0x5450 [ 14.755911] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.755934] ? kasan_atomics_helper+0x1217/0x5450 [ 14.755968] kasan_report+0x141/0x180 [ 14.756009] ? kasan_atomics_helper+0x1217/0x5450 [ 14.756038] kasan_check_range+0x10c/0x1c0 [ 14.756063] __kasan_check_write+0x18/0x20 [ 14.756094] kasan_atomics_helper+0x1217/0x5450 [ 14.756119] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.756142] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.756169] ? kasan_save_alloc_info+0x3b/0x50 [ 14.756193] ? kasan_atomics+0x152/0x310 [ 14.756221] kasan_atomics+0x1dc/0x310 [ 14.756245] ? __pfx_kasan_atomics+0x10/0x10 [ 14.756271] ? __pfx_read_tsc+0x10/0x10 [ 14.756293] ? ktime_get_ts64+0x86/0x230 [ 14.756320] kunit_try_run_case+0x1a5/0x480 [ 14.756344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.756367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.756392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.756417] ? __kthread_parkme+0x82/0x180 [ 14.756438] ? preempt_count_sub+0x50/0x80 [ 14.756463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.756489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.756514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.756539] kthread+0x337/0x6f0 [ 14.756559] ? trace_preempt_on+0x20/0xc0 [ 14.756584] ? __pfx_kthread+0x10/0x10 [ 14.756607] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.756630] ? calculate_sigpending+0x7b/0xa0 [ 14.756655] ? __pfx_kthread+0x10/0x10 [ 14.756677] ret_from_fork+0x116/0x1d0 [ 14.756697] ? __pfx_kthread+0x10/0x10 [ 14.756719] ret_from_fork_asm+0x1a/0x30 [ 14.756751] </TASK> [ 14.756764] [ 14.764590] Allocated by task 282: [ 14.764781] kasan_save_stack+0x45/0x70 [ 14.764947] kasan_save_track+0x18/0x40 [ 14.765173] kasan_save_alloc_info+0x3b/0x50 [ 14.765388] __kasan_kmalloc+0xb7/0xc0 [ 14.765537] __kmalloc_cache_noprof+0x189/0x420 [ 14.765752] kasan_atomics+0x95/0x310 [ 14.765932] kunit_try_run_case+0x1a5/0x480 [ 14.766157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.766397] kthread+0x337/0x6f0 [ 14.766545] ret_from_fork+0x116/0x1d0 [ 14.766694] ret_from_fork_asm+0x1a/0x30 [ 14.766834] [ 14.766908] The buggy address belongs to the object at ffff888103a18380 [ 14.766908] which belongs to the cache kmalloc-64 of size 64 [ 14.767277] The buggy address is located 0 bytes to the right of [ 14.767277] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.767643] [ 14.767718] The buggy address belongs to the physical page: [ 14.767925] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.768723] flags: 0x200000000000000(node=0|zone=2) [ 14.768973] page_type: f5(slab) [ 14.769224] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.769572] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.769816] page dumped because: kasan: bad access detected [ 14.770009] [ 14.770084] Memory state around the buggy address: [ 14.770242] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.770462] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.770682] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.771058] ^ [ 14.771294] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.771630] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.771962] ================================================================== [ 14.364447] ================================================================== [ 14.364797] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.365119] Write of size 4 at addr ffff888103a183b0 by task kunit_try_catch/282 [ 14.365457] [ 14.365821] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.365871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.365886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.365909] Call Trace: [ 14.365928] <TASK> [ 14.365958] dump_stack_lvl+0x73/0xb0 [ 14.365988] print_report+0xd1/0x650 [ 14.366050] ? __virt_addr_valid+0x1db/0x2d0 [ 14.366077] ? kasan_atomics_helper+0x992/0x5450 [ 14.366130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.366154] ? kasan_atomics_helper+0x992/0x5450 [ 14.366177] kasan_report+0x141/0x180 [ 14.366200] ? kasan_atomics_helper+0x992/0x5450 [ 14.366227] kasan_check_range+0x10c/0x1c0 [ 14.366253] __kasan_check_write+0x18/0x20 [ 14.366273] kasan_atomics_helper+0x992/0x5450 [ 14.366297] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.366321] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.366377] ? kasan_save_alloc_info+0x3b/0x50 [ 14.366404] ? kasan_atomics+0x152/0x310 [ 14.366433] kasan_atomics+0x1dc/0x310 [ 14.366456] ? __pfx_kasan_atomics+0x10/0x10 [ 14.366493] ? __pfx_read_tsc+0x10/0x10 [ 14.366514] ? ktime_get_ts64+0x86/0x230 [ 14.366625] kunit_try_run_case+0x1a5/0x480 [ 14.366652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.366702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.366727] ? __kthread_parkme+0x82/0x180 [ 14.366749] ? preempt_count_sub+0x50/0x80 [ 14.366774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.366824] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.366849] kthread+0x337/0x6f0 [ 14.366870] ? trace_preempt_on+0x20/0xc0 [ 14.366896] ? __pfx_kthread+0x10/0x10 [ 14.366918] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.366952] ? calculate_sigpending+0x7b/0xa0 [ 14.366978] ? __pfx_kthread+0x10/0x10 [ 14.367000] ret_from_fork+0x116/0x1d0 [ 14.367021] ? __pfx_kthread+0x10/0x10 [ 14.367043] ret_from_fork_asm+0x1a/0x30 [ 14.367089] </TASK> [ 14.367104] [ 14.382354] Allocated by task 282: [ 14.382558] kasan_save_stack+0x45/0x70 [ 14.382968] kasan_save_track+0x18/0x40 [ 14.383380] kasan_save_alloc_info+0x3b/0x50 [ 14.383914] __kasan_kmalloc+0xb7/0xc0 [ 14.384403] __kmalloc_cache_noprof+0x189/0x420 [ 14.384958] kasan_atomics+0x95/0x310 [ 14.385257] kunit_try_run_case+0x1a5/0x480 [ 14.385636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.386236] kthread+0x337/0x6f0 [ 14.386396] ret_from_fork+0x116/0x1d0 [ 14.386848] ret_from_fork_asm+0x1a/0x30 [ 14.387090] [ 14.387291] The buggy address belongs to the object at ffff888103a18380 [ 14.387291] which belongs to the cache kmalloc-64 of size 64 [ 14.388000] The buggy address is located 0 bytes to the right of [ 14.388000] allocated 48-byte region [ffff888103a18380, ffff888103a183b0) [ 14.389233] [ 14.389426] The buggy address belongs to the physical page: [ 14.390020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 14.390776] flags: 0x200000000000000(node=0|zone=2) [ 14.391282] page_type: f5(slab) [ 14.391598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.392053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.392280] page dumped because: kasan: bad access detected [ 14.392450] [ 14.392677] Memory state around the buggy address: [ 14.393141] ffff888103a18280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.393796] ffff888103a18300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.394682] >ffff888103a18380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.395483] ^ [ 14.396063] ffff888103a18400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.396817] ffff888103a18480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.397044] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.816265] ================================================================== [ 13.816774] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.817112] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.817471] [ 13.817584] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.817627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.817640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.817661] Call Trace: [ 13.817677] <TASK> [ 13.817692] dump_stack_lvl+0x73/0xb0 [ 13.817719] print_report+0xd1/0x650 [ 13.817742] ? __virt_addr_valid+0x1db/0x2d0 [ 13.817778] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.817808] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.817844] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.817874] kasan_report+0x141/0x180 [ 13.817897] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.817950] kasan_check_range+0x10c/0x1c0 [ 13.817975] __kasan_check_write+0x18/0x20 [ 13.817996] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.818037] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.818077] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.818103] ? trace_hardirqs_on+0x37/0xe0 [ 13.818126] ? kasan_bitops_generic+0x92/0x1c0 [ 13.818165] kasan_bitops_generic+0x121/0x1c0 [ 13.818189] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.818226] ? __pfx_read_tsc+0x10/0x10 [ 13.818249] ? ktime_get_ts64+0x86/0x230 [ 13.818273] kunit_try_run_case+0x1a5/0x480 [ 13.818299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.818332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.818356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.818392] ? __kthread_parkme+0x82/0x180 [ 13.818413] ? preempt_count_sub+0x50/0x80 [ 13.818438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.818464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.818500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.818525] kthread+0x337/0x6f0 [ 13.818546] ? trace_preempt_on+0x20/0xc0 [ 13.818579] ? __pfx_kthread+0x10/0x10 [ 13.818601] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.818623] ? calculate_sigpending+0x7b/0xa0 [ 13.818647] ? __pfx_kthread+0x10/0x10 [ 13.818670] ret_from_fork+0x116/0x1d0 [ 13.818690] ? __pfx_kthread+0x10/0x10 [ 13.818720] ret_from_fork_asm+0x1a/0x30 [ 13.818751] </TASK> [ 13.818764] [ 13.831992] Allocated by task 278: [ 13.832345] kasan_save_stack+0x45/0x70 [ 13.832535] kasan_save_track+0x18/0x40 [ 13.832678] kasan_save_alloc_info+0x3b/0x50 [ 13.832830] __kasan_kmalloc+0xb7/0xc0 [ 13.833017] __kmalloc_cache_noprof+0x189/0x420 [ 13.833476] kasan_bitops_generic+0x92/0x1c0 [ 13.833875] kunit_try_run_case+0x1a5/0x480 [ 13.834306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.834795] kthread+0x337/0x6f0 [ 13.835157] ret_from_fork+0x116/0x1d0 [ 13.835512] ret_from_fork_asm+0x1a/0x30 [ 13.835890] [ 13.836146] The buggy address belongs to the object at ffff888100fbfb00 [ 13.836146] which belongs to the cache kmalloc-16 of size 16 [ 13.836800] The buggy address is located 8 bytes inside of [ 13.836800] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.837449] [ 13.837634] The buggy address belongs to the physical page: [ 13.838170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.838856] flags: 0x200000000000000(node=0|zone=2) [ 13.839345] page_type: f5(slab) [ 13.839658] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.840211] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.840434] page dumped because: kasan: bad access detected [ 13.840603] [ 13.840674] Memory state around the buggy address: [ 13.840829] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.841560] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.842033] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.842761] ^ [ 13.843147] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.843375] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.843593] ================================================================== [ 13.844176] ================================================================== [ 13.845099] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.846225] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.846909] [ 13.847209] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.847260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.847272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.847294] Call Trace: [ 13.847383] <TASK> [ 13.847402] dump_stack_lvl+0x73/0xb0 [ 13.847434] print_report+0xd1/0x650 [ 13.847457] ? __virt_addr_valid+0x1db/0x2d0 [ 13.847481] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.847512] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.847536] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.847566] kasan_report+0x141/0x180 [ 13.847588] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.847622] kasan_check_range+0x10c/0x1c0 [ 13.847647] __kasan_check_write+0x18/0x20 [ 13.847669] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.847697] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.847728] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.847754] ? trace_hardirqs_on+0x37/0xe0 [ 13.847778] ? kasan_bitops_generic+0x92/0x1c0 [ 13.847807] kasan_bitops_generic+0x121/0x1c0 [ 13.847832] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.847858] ? __pfx_read_tsc+0x10/0x10 [ 13.847880] ? ktime_get_ts64+0x86/0x230 [ 13.847906] kunit_try_run_case+0x1a5/0x480 [ 13.847931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.847972] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.847997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.848022] ? __kthread_parkme+0x82/0x180 [ 13.848044] ? preempt_count_sub+0x50/0x80 [ 13.848080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.848107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.848133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.848159] kthread+0x337/0x6f0 [ 13.848179] ? trace_preempt_on+0x20/0xc0 [ 13.848203] ? __pfx_kthread+0x10/0x10 [ 13.848225] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.848247] ? calculate_sigpending+0x7b/0xa0 [ 13.848272] ? __pfx_kthread+0x10/0x10 [ 13.848295] ret_from_fork+0x116/0x1d0 [ 13.848315] ? __pfx_kthread+0x10/0x10 [ 13.848336] ret_from_fork_asm+0x1a/0x30 [ 13.848370] </TASK> [ 13.848383] [ 13.858810] Allocated by task 278: [ 13.859007] kasan_save_stack+0x45/0x70 [ 13.859600] kasan_save_track+0x18/0x40 [ 13.859761] kasan_save_alloc_info+0x3b/0x50 [ 13.860123] __kasan_kmalloc+0xb7/0xc0 [ 13.860293] __kmalloc_cache_noprof+0x189/0x420 [ 13.860598] kasan_bitops_generic+0x92/0x1c0 [ 13.860883] kunit_try_run_case+0x1a5/0x480 [ 13.861109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.861483] kthread+0x337/0x6f0 [ 13.861631] ret_from_fork+0x116/0x1d0 [ 13.861918] ret_from_fork_asm+0x1a/0x30 [ 13.862106] [ 13.862419] The buggy address belongs to the object at ffff888100fbfb00 [ 13.862419] which belongs to the cache kmalloc-16 of size 16 [ 13.862900] The buggy address is located 8 bytes inside of [ 13.862900] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.863654] [ 13.863759] The buggy address belongs to the physical page: [ 13.864164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.864550] flags: 0x200000000000000(node=0|zone=2) [ 13.864855] page_type: f5(slab) [ 13.865012] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.865522] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.865841] page dumped because: kasan: bad access detected [ 13.866093] [ 13.866311] Memory state around the buggy address: [ 13.866486] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.866846] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.867297] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.867598] ^ [ 13.867744] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.868060] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.868484] ================================================================== [ 13.869116] ================================================================== [ 13.869834] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.870289] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.870578] [ 13.870685] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.870727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.870739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.870761] Call Trace: [ 13.870778] <TASK> [ 13.870794] dump_stack_lvl+0x73/0xb0 [ 13.870823] print_report+0xd1/0x650 [ 13.870848] ? __virt_addr_valid+0x1db/0x2d0 [ 13.870871] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.870901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.870926] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.870968] kasan_report+0x141/0x180 [ 13.870991] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.871026] kasan_check_range+0x10c/0x1c0 [ 13.871051] __kasan_check_write+0x18/0x20 [ 13.871081] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.871117] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.871149] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.871174] ? trace_hardirqs_on+0x37/0xe0 [ 13.871196] ? kasan_bitops_generic+0x92/0x1c0 [ 13.871237] kasan_bitops_generic+0x121/0x1c0 [ 13.871262] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.871289] ? __pfx_read_tsc+0x10/0x10 [ 13.871311] ? ktime_get_ts64+0x86/0x230 [ 13.871335] kunit_try_run_case+0x1a5/0x480 [ 13.871361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.871384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.871410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.871435] ? __kthread_parkme+0x82/0x180 [ 13.871456] ? preempt_count_sub+0x50/0x80 [ 13.871481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.871505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.871530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.871556] kthread+0x337/0x6f0 [ 13.871576] ? trace_preempt_on+0x20/0xc0 [ 13.871599] ? __pfx_kthread+0x10/0x10 [ 13.871620] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.871643] ? calculate_sigpending+0x7b/0xa0 [ 13.871667] ? __pfx_kthread+0x10/0x10 [ 13.871690] ret_from_fork+0x116/0x1d0 [ 13.871709] ? __pfx_kthread+0x10/0x10 [ 13.871730] ret_from_fork_asm+0x1a/0x30 [ 13.871762] </TASK> [ 13.871773] [ 13.879719] Allocated by task 278: [ 13.879865] kasan_save_stack+0x45/0x70 [ 13.880094] kasan_save_track+0x18/0x40 [ 13.880296] kasan_save_alloc_info+0x3b/0x50 [ 13.880517] __kasan_kmalloc+0xb7/0xc0 [ 13.880707] __kmalloc_cache_noprof+0x189/0x420 [ 13.880950] kasan_bitops_generic+0x92/0x1c0 [ 13.881191] kunit_try_run_case+0x1a5/0x480 [ 13.881377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.881615] kthread+0x337/0x6f0 [ 13.881774] ret_from_fork+0x116/0x1d0 [ 13.881974] ret_from_fork_asm+0x1a/0x30 [ 13.882196] [ 13.882270] The buggy address belongs to the object at ffff888100fbfb00 [ 13.882270] which belongs to the cache kmalloc-16 of size 16 [ 13.882620] The buggy address is located 8 bytes inside of [ 13.882620] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.883066] [ 13.883228] The buggy address belongs to the physical page: [ 13.883479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.883831] flags: 0x200000000000000(node=0|zone=2) [ 13.884091] page_type: f5(slab) [ 13.884260] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.884491] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.884720] page dumped because: kasan: bad access detected [ 13.884968] [ 13.885059] Memory state around the buggy address: [ 13.885271] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.885568] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.885862] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887002] ^ [ 13.887363] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887636] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887931] ================================================================== [ 13.888686] ================================================================== [ 13.889008] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.889415] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.890243] [ 13.890348] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.890393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.890406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.890427] Call Trace: [ 13.890444] <TASK> [ 13.890459] dump_stack_lvl+0x73/0xb0 [ 13.890488] print_report+0xd1/0x650 [ 13.890512] ? __virt_addr_valid+0x1db/0x2d0 [ 13.890537] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.890567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.890590] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.890621] kasan_report+0x141/0x180 [ 13.890643] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.890679] kasan_check_range+0x10c/0x1c0 [ 13.890704] __kasan_check_write+0x18/0x20 [ 13.890725] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.890756] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.890788] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.890815] ? trace_hardirqs_on+0x37/0xe0 [ 13.890838] ? kasan_bitops_generic+0x92/0x1c0 [ 13.890867] kasan_bitops_generic+0x121/0x1c0 [ 13.890893] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.890920] ? __pfx_read_tsc+0x10/0x10 [ 13.890953] ? ktime_get_ts64+0x86/0x230 [ 13.890978] kunit_try_run_case+0x1a5/0x480 [ 13.891002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.891026] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.891071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.891095] ? __kthread_parkme+0x82/0x180 [ 13.891123] ? preempt_count_sub+0x50/0x80 [ 13.891149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.891174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.891199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.891225] kthread+0x337/0x6f0 [ 13.891245] ? trace_preempt_on+0x20/0xc0 [ 13.891269] ? __pfx_kthread+0x10/0x10 [ 13.891291] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.891313] ? calculate_sigpending+0x7b/0xa0 [ 13.891337] ? __pfx_kthread+0x10/0x10 [ 13.891360] ret_from_fork+0x116/0x1d0 [ 13.891379] ? __pfx_kthread+0x10/0x10 [ 13.891400] ret_from_fork_asm+0x1a/0x30 [ 13.891432] </TASK> [ 13.891444] [ 13.899335] Allocated by task 278: [ 13.899506] kasan_save_stack+0x45/0x70 [ 13.899692] kasan_save_track+0x18/0x40 [ 13.899885] kasan_save_alloc_info+0x3b/0x50 [ 13.900127] __kasan_kmalloc+0xb7/0xc0 [ 13.900315] __kmalloc_cache_noprof+0x189/0x420 [ 13.900520] kasan_bitops_generic+0x92/0x1c0 [ 13.900732] kunit_try_run_case+0x1a5/0x480 [ 13.900892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.901177] kthread+0x337/0x6f0 [ 13.901331] ret_from_fork+0x116/0x1d0 [ 13.901486] ret_from_fork_asm+0x1a/0x30 [ 13.901657] [ 13.901729] The buggy address belongs to the object at ffff888100fbfb00 [ 13.901729] which belongs to the cache kmalloc-16 of size 16 [ 13.902118] The buggy address is located 8 bytes inside of [ 13.902118] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.902610] [ 13.902706] The buggy address belongs to the physical page: [ 13.902969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.903357] flags: 0x200000000000000(node=0|zone=2) [ 13.903546] page_type: f5(slab) [ 13.903710] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.903949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.904199] page dumped because: kasan: bad access detected [ 13.904382] [ 13.904481] Memory state around the buggy address: [ 13.904706] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.905066] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.905395] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.905717] ^ [ 13.905891] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.906239] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.906557] ================================================================== [ 13.928148] ================================================================== [ 13.928556] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.928989] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.929524] [ 13.929640] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.929685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.929698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.929719] Call Trace: [ 13.929735] <TASK> [ 13.929748] dump_stack_lvl+0x73/0xb0 [ 13.929779] print_report+0xd1/0x650 [ 13.929803] ? __virt_addr_valid+0x1db/0x2d0 [ 13.929827] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.929857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.929882] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.929912] kasan_report+0x141/0x180 [ 13.929948] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.929982] kasan_check_range+0x10c/0x1c0 [ 13.930007] __kasan_check_write+0x18/0x20 [ 13.930027] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.930077] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.930109] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.930134] ? trace_hardirqs_on+0x37/0xe0 [ 13.930158] ? kasan_bitops_generic+0x92/0x1c0 [ 13.930187] kasan_bitops_generic+0x121/0x1c0 [ 13.930212] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.930238] ? __pfx_read_tsc+0x10/0x10 [ 13.930260] ? ktime_get_ts64+0x86/0x230 [ 13.930285] kunit_try_run_case+0x1a5/0x480 [ 13.930311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.930335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.930360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.930384] ? __kthread_parkme+0x82/0x180 [ 13.930406] ? preempt_count_sub+0x50/0x80 [ 13.930430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.930455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.930480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.930506] kthread+0x337/0x6f0 [ 13.930527] ? trace_preempt_on+0x20/0xc0 [ 13.930549] ? __pfx_kthread+0x10/0x10 [ 13.930571] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.930593] ? calculate_sigpending+0x7b/0xa0 [ 13.930618] ? __pfx_kthread+0x10/0x10 [ 13.930641] ret_from_fork+0x116/0x1d0 [ 13.930661] ? __pfx_kthread+0x10/0x10 [ 13.930682] ret_from_fork_asm+0x1a/0x30 [ 13.930714] </TASK> [ 13.930727] [ 13.938420] Allocated by task 278: [ 13.938601] kasan_save_stack+0x45/0x70 [ 13.938775] kasan_save_track+0x18/0x40 [ 13.938911] kasan_save_alloc_info+0x3b/0x50 [ 13.939137] __kasan_kmalloc+0xb7/0xc0 [ 13.939330] __kmalloc_cache_noprof+0x189/0x420 [ 13.939550] kasan_bitops_generic+0x92/0x1c0 [ 13.939763] kunit_try_run_case+0x1a5/0x480 [ 13.939949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.940218] kthread+0x337/0x6f0 [ 13.940367] ret_from_fork+0x116/0x1d0 [ 13.940538] ret_from_fork_asm+0x1a/0x30 [ 13.940706] [ 13.940803] The buggy address belongs to the object at ffff888100fbfb00 [ 13.940803] which belongs to the cache kmalloc-16 of size 16 [ 13.941306] The buggy address is located 8 bytes inside of [ 13.941306] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.941766] [ 13.941865] The buggy address belongs to the physical page: [ 13.942117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.942434] flags: 0x200000000000000(node=0|zone=2) [ 13.942597] page_type: f5(slab) [ 13.942717] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.942958] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.943326] page dumped because: kasan: bad access detected [ 13.943581] [ 13.943676] Memory state around the buggy address: [ 13.943884] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.944135] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.944352] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.944665] ^ [ 13.944844] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.945211] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.945539] ================================================================== [ 13.907363] ================================================================== [ 13.907750] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.908121] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.908409] [ 13.908519] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.908561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.908574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.908595] Call Trace: [ 13.908610] <TASK> [ 13.908625] dump_stack_lvl+0x73/0xb0 [ 13.908653] print_report+0xd1/0x650 [ 13.908676] ? __virt_addr_valid+0x1db/0x2d0 [ 13.908699] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.908730] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.908754] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.908784] kasan_report+0x141/0x180 [ 13.908807] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.908841] kasan_check_range+0x10c/0x1c0 [ 13.908867] __kasan_check_write+0x18/0x20 [ 13.908889] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.908918] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.908961] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.908986] ? trace_hardirqs_on+0x37/0xe0 [ 13.909009] ? kasan_bitops_generic+0x92/0x1c0 [ 13.909039] kasan_bitops_generic+0x121/0x1c0 [ 13.909084] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.909110] ? __pfx_read_tsc+0x10/0x10 [ 13.909133] ? ktime_get_ts64+0x86/0x230 [ 13.909158] kunit_try_run_case+0x1a5/0x480 [ 13.909183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.909207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.909231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.909256] ? __kthread_parkme+0x82/0x180 [ 13.909277] ? preempt_count_sub+0x50/0x80 [ 13.909302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.909326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.909351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.909377] kthread+0x337/0x6f0 [ 13.909397] ? trace_preempt_on+0x20/0xc0 [ 13.909420] ? __pfx_kthread+0x10/0x10 [ 13.909442] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.909465] ? calculate_sigpending+0x7b/0xa0 [ 13.909488] ? __pfx_kthread+0x10/0x10 [ 13.909511] ret_from_fork+0x116/0x1d0 [ 13.909530] ? __pfx_kthread+0x10/0x10 [ 13.909552] ret_from_fork_asm+0x1a/0x30 [ 13.909584] </TASK> [ 13.909595] [ 13.918766] Allocated by task 278: [ 13.918966] kasan_save_stack+0x45/0x70 [ 13.919459] kasan_save_track+0x18/0x40 [ 13.919746] kasan_save_alloc_info+0x3b/0x50 [ 13.919908] __kasan_kmalloc+0xb7/0xc0 [ 13.920227] __kmalloc_cache_noprof+0x189/0x420 [ 13.920430] kasan_bitops_generic+0x92/0x1c0 [ 13.920641] kunit_try_run_case+0x1a5/0x480 [ 13.920834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.921115] kthread+0x337/0x6f0 [ 13.921277] ret_from_fork+0x116/0x1d0 [ 13.921446] ret_from_fork_asm+0x1a/0x30 [ 13.921650] [ 13.921726] The buggy address belongs to the object at ffff888100fbfb00 [ 13.921726] which belongs to the cache kmalloc-16 of size 16 [ 13.922245] The buggy address is located 8 bytes inside of [ 13.922245] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.922713] [ 13.922800] The buggy address belongs to the physical page: [ 13.922983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.923365] flags: 0x200000000000000(node=0|zone=2) [ 13.923594] page_type: f5(slab) [ 13.923718] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.924033] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.924396] page dumped because: kasan: bad access detected [ 13.924631] [ 13.924727] Memory state around the buggy address: [ 13.924896] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.925208] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.925534] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.925805] ^ [ 13.925928] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.926288] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.926583] ================================================================== [ 13.987557] ================================================================== [ 13.988573] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.989175] Read of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.989728] [ 13.989852] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.989898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.989910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.989932] Call Trace: [ 13.989960] <TASK> [ 13.989977] dump_stack_lvl+0x73/0xb0 [ 13.990009] print_report+0xd1/0x650 [ 13.990033] ? __virt_addr_valid+0x1db/0x2d0 [ 13.990058] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.990113] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.990138] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.990182] kasan_report+0x141/0x180 [ 13.990206] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.990251] __asan_report_load8_noabort+0x18/0x20 [ 13.990276] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.990306] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.990337] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.990362] ? trace_hardirqs_on+0x37/0xe0 [ 13.990386] ? kasan_bitops_generic+0x92/0x1c0 [ 13.990415] kasan_bitops_generic+0x121/0x1c0 [ 13.990440] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.990466] ? __pfx_read_tsc+0x10/0x10 [ 13.990488] ? ktime_get_ts64+0x86/0x230 [ 13.990513] kunit_try_run_case+0x1a5/0x480 [ 13.990538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.990562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.990587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.990611] ? __kthread_parkme+0x82/0x180 [ 13.990635] ? preempt_count_sub+0x50/0x80 [ 13.990660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.990687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.990712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.990737] kthread+0x337/0x6f0 [ 13.990758] ? trace_preempt_on+0x20/0xc0 [ 13.990782] ? __pfx_kthread+0x10/0x10 [ 13.990804] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.990826] ? calculate_sigpending+0x7b/0xa0 [ 13.990851] ? __pfx_kthread+0x10/0x10 [ 13.990874] ret_from_fork+0x116/0x1d0 [ 13.990894] ? __pfx_kthread+0x10/0x10 [ 13.990915] ret_from_fork_asm+0x1a/0x30 [ 13.990957] </TASK> [ 13.990970] [ 13.999847] Allocated by task 278: [ 13.999992] kasan_save_stack+0x45/0x70 [ 14.000135] kasan_save_track+0x18/0x40 [ 14.000302] kasan_save_alloc_info+0x3b/0x50 [ 14.000515] __kasan_kmalloc+0xb7/0xc0 [ 14.000731] __kmalloc_cache_noprof+0x189/0x420 [ 14.000966] kasan_bitops_generic+0x92/0x1c0 [ 14.001119] kunit_try_run_case+0x1a5/0x480 [ 14.001264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.001726] kthread+0x337/0x6f0 [ 14.001896] ret_from_fork+0x116/0x1d0 [ 14.002110] ret_from_fork_asm+0x1a/0x30 [ 14.002304] [ 14.002404] The buggy address belongs to the object at ffff888100fbfb00 [ 14.002404] which belongs to the cache kmalloc-16 of size 16 [ 14.002786] The buggy address is located 8 bytes inside of [ 14.002786] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 14.003472] [ 14.003572] The buggy address belongs to the physical page: [ 14.003827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 14.004155] flags: 0x200000000000000(node=0|zone=2) [ 14.004388] page_type: f5(slab) [ 14.004546] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.004871] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.005261] page dumped because: kasan: bad access detected [ 14.005464] [ 14.005577] Memory state around the buggy address: [ 14.005754] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 14.005975] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 14.006347] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.006625] ^ [ 14.006743] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.006989] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.007636] ================================================================== [ 13.946773] ================================================================== [ 13.947125] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.947444] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.947800] [ 13.947913] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.947966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.947978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.947999] Call Trace: [ 13.948014] <TASK> [ 13.948030] dump_stack_lvl+0x73/0xb0 [ 13.948079] print_report+0xd1/0x650 [ 13.948103] ? __virt_addr_valid+0x1db/0x2d0 [ 13.948126] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.948156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.948180] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.948211] kasan_report+0x141/0x180 [ 13.948234] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.948269] kasan_check_range+0x10c/0x1c0 [ 13.948294] __kasan_check_write+0x18/0x20 [ 13.948316] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.948348] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.948380] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.948406] ? trace_hardirqs_on+0x37/0xe0 [ 13.948429] ? kasan_bitops_generic+0x92/0x1c0 [ 13.948459] kasan_bitops_generic+0x121/0x1c0 [ 13.948484] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.948511] ? __pfx_read_tsc+0x10/0x10 [ 13.948533] ? ktime_get_ts64+0x86/0x230 [ 13.948558] kunit_try_run_case+0x1a5/0x480 [ 13.948583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.948607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.948631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.948656] ? __kthread_parkme+0x82/0x180 [ 13.948678] ? preempt_count_sub+0x50/0x80 [ 13.948702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.948728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.948753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.948779] kthread+0x337/0x6f0 [ 13.948799] ? trace_preempt_on+0x20/0xc0 [ 13.948823] ? __pfx_kthread+0x10/0x10 [ 13.948844] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.948867] ? calculate_sigpending+0x7b/0xa0 [ 13.948892] ? __pfx_kthread+0x10/0x10 [ 13.948915] ret_from_fork+0x116/0x1d0 [ 13.948934] ? __pfx_kthread+0x10/0x10 [ 13.948964] ret_from_fork_asm+0x1a/0x30 [ 13.948996] </TASK> [ 13.949008] [ 13.956680] Allocated by task 278: [ 13.956814] kasan_save_stack+0x45/0x70 [ 13.957029] kasan_save_track+0x18/0x40 [ 13.957251] kasan_save_alloc_info+0x3b/0x50 [ 13.957464] __kasan_kmalloc+0xb7/0xc0 [ 13.957655] __kmalloc_cache_noprof+0x189/0x420 [ 13.957879] kasan_bitops_generic+0x92/0x1c0 [ 13.958130] kunit_try_run_case+0x1a5/0x480 [ 13.958343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.958599] kthread+0x337/0x6f0 [ 13.958753] ret_from_fork+0x116/0x1d0 [ 13.958924] ret_from_fork_asm+0x1a/0x30 [ 13.959151] [ 13.959252] The buggy address belongs to the object at ffff888100fbfb00 [ 13.959252] which belongs to the cache kmalloc-16 of size 16 [ 13.959617] The buggy address is located 8 bytes inside of [ 13.959617] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.959977] [ 13.960082] The buggy address belongs to the physical page: [ 13.960333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.960686] flags: 0x200000000000000(node=0|zone=2) [ 13.960921] page_type: f5(slab) [ 13.961123] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.961467] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.961794] page dumped because: kasan: bad access detected [ 13.962032] [ 13.962126] Memory state around the buggy address: [ 13.962283] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.962500] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.962813] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.963178] ^ [ 13.963357] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.963684] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.963976] ================================================================== [ 13.964881] ================================================================== [ 13.965244] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.965565] Read of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.965895] [ 13.966041] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.966103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.966116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.966137] Call Trace: [ 13.966154] <TASK> [ 13.966169] dump_stack_lvl+0x73/0xb0 [ 13.966197] print_report+0xd1/0x650 [ 13.966222] ? __virt_addr_valid+0x1db/0x2d0 [ 13.966245] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.966274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.966299] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.966329] kasan_report+0x141/0x180 [ 13.966352] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.966386] kasan_check_range+0x10c/0x1c0 [ 13.966411] __kasan_check_read+0x15/0x20 [ 13.966432] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.966463] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.966493] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.966518] ? trace_hardirqs_on+0x37/0xe0 [ 13.966541] ? kasan_bitops_generic+0x92/0x1c0 [ 13.966570] kasan_bitops_generic+0x121/0x1c0 [ 13.966595] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.966622] ? __pfx_read_tsc+0x10/0x10 [ 13.966644] ? ktime_get_ts64+0x86/0x230 [ 13.966669] kunit_try_run_case+0x1a5/0x480 [ 13.966694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.966718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.966743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.966768] ? __kthread_parkme+0x82/0x180 [ 13.966788] ? preempt_count_sub+0x50/0x80 [ 13.966813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.966838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.966862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.966889] kthread+0x337/0x6f0 [ 13.966909] ? trace_preempt_on+0x20/0xc0 [ 13.966932] ? __pfx_kthread+0x10/0x10 [ 13.966963] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.966986] ? calculate_sigpending+0x7b/0xa0 [ 13.967010] ? __pfx_kthread+0x10/0x10 [ 13.967034] ret_from_fork+0x116/0x1d0 [ 13.967071] ? __pfx_kthread+0x10/0x10 [ 13.967093] ret_from_fork_asm+0x1a/0x30 [ 13.967131] </TASK> [ 13.967142] [ 13.974789] Allocated by task 278: [ 13.974951] kasan_save_stack+0x45/0x70 [ 13.975180] kasan_save_track+0x18/0x40 [ 13.975377] kasan_save_alloc_info+0x3b/0x50 [ 13.975591] __kasan_kmalloc+0xb7/0xc0 [ 13.975761] __kmalloc_cache_noprof+0x189/0x420 [ 13.975996] kasan_bitops_generic+0x92/0x1c0 [ 13.976202] kunit_try_run_case+0x1a5/0x480 [ 13.976408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.976645] kthread+0x337/0x6f0 [ 13.976799] ret_from_fork+0x116/0x1d0 [ 13.977002] ret_from_fork_asm+0x1a/0x30 [ 13.977211] [ 13.977284] The buggy address belongs to the object at ffff888100fbfb00 [ 13.977284] which belongs to the cache kmalloc-16 of size 16 [ 13.977715] The buggy address is located 8 bytes inside of [ 13.977715] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.979323] [ 13.979573] The buggy address belongs to the physical page: [ 13.980462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.981226] flags: 0x200000000000000(node=0|zone=2) [ 13.981837] page_type: f5(slab) [ 13.982004] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.982831] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.983898] page dumped because: kasan: bad access detected [ 13.984601] [ 13.984680] Memory state around the buggy address: [ 13.984837] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.985062] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.985415] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.985701] ^ [ 13.985877] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.986384] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.986611] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.685868] ================================================================== [ 13.686642] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.687047] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.687397] [ 13.687505] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.687546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.687557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.687578] Call Trace: [ 13.687592] <TASK> [ 13.687608] dump_stack_lvl+0x73/0xb0 [ 13.687634] print_report+0xd1/0x650 [ 13.687657] ? __virt_addr_valid+0x1db/0x2d0 [ 13.687680] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.687708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.687732] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.687760] kasan_report+0x141/0x180 [ 13.687784] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.687816] kasan_check_range+0x10c/0x1c0 [ 13.687841] __kasan_check_write+0x18/0x20 [ 13.687862] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.687889] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.687919] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.687956] ? trace_hardirqs_on+0x37/0xe0 [ 13.687980] ? kasan_bitops_generic+0x92/0x1c0 [ 13.688009] kasan_bitops_generic+0x116/0x1c0 [ 13.688034] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.688061] ? __pfx_read_tsc+0x10/0x10 [ 13.688096] ? ktime_get_ts64+0x86/0x230 [ 13.688121] kunit_try_run_case+0x1a5/0x480 [ 13.688147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.688171] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.688195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.688220] ? __kthread_parkme+0x82/0x180 [ 13.688241] ? preempt_count_sub+0x50/0x80 [ 13.688265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.688291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.688316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.688342] kthread+0x337/0x6f0 [ 13.688363] ? trace_preempt_on+0x20/0xc0 [ 13.688385] ? __pfx_kthread+0x10/0x10 [ 13.688407] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.688430] ? calculate_sigpending+0x7b/0xa0 [ 13.688455] ? __pfx_kthread+0x10/0x10 [ 13.688477] ret_from_fork+0x116/0x1d0 [ 13.688497] ? __pfx_kthread+0x10/0x10 [ 13.688520] ret_from_fork_asm+0x1a/0x30 [ 13.688552] </TASK> [ 13.688564] [ 13.696336] Allocated by task 278: [ 13.696507] kasan_save_stack+0x45/0x70 [ 13.696677] kasan_save_track+0x18/0x40 [ 13.696867] kasan_save_alloc_info+0x3b/0x50 [ 13.697053] __kasan_kmalloc+0xb7/0xc0 [ 13.697231] __kmalloc_cache_noprof+0x189/0x420 [ 13.697440] kasan_bitops_generic+0x92/0x1c0 [ 13.697591] kunit_try_run_case+0x1a5/0x480 [ 13.697739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.697914] kthread+0x337/0x6f0 [ 13.698046] ret_from_fork+0x116/0x1d0 [ 13.698178] ret_from_fork_asm+0x1a/0x30 [ 13.698319] [ 13.698390] The buggy address belongs to the object at ffff888100fbfb00 [ 13.698390] which belongs to the cache kmalloc-16 of size 16 [ 13.699046] The buggy address is located 8 bytes inside of [ 13.699046] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.699576] [ 13.699672] The buggy address belongs to the physical page: [ 13.699951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.700357] flags: 0x200000000000000(node=0|zone=2) [ 13.700520] page_type: f5(slab) [ 13.700641] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.700870] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.701195] page dumped because: kasan: bad access detected [ 13.701454] [ 13.701552] Memory state around the buggy address: [ 13.701779] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.702178] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.702506] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.702833] ^ [ 13.703025] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.703379] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.703675] ================================================================== [ 13.795910] ================================================================== [ 13.796803] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.797227] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.797524] [ 13.797639] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.797686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.797699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.797721] Call Trace: [ 13.797738] <TASK> [ 13.797753] dump_stack_lvl+0x73/0xb0 [ 13.797783] print_report+0xd1/0x650 [ 13.797807] ? __virt_addr_valid+0x1db/0x2d0 [ 13.797830] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.797858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.797883] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.797911] kasan_report+0x141/0x180 [ 13.797946] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.797978] kasan_check_range+0x10c/0x1c0 [ 13.798003] __kasan_check_write+0x18/0x20 [ 13.798024] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.798052] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.798092] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.798119] ? trace_hardirqs_on+0x37/0xe0 [ 13.798154] ? kasan_bitops_generic+0x92/0x1c0 [ 13.798184] kasan_bitops_generic+0x116/0x1c0 [ 13.798209] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.798236] ? __pfx_read_tsc+0x10/0x10 [ 13.798258] ? ktime_get_ts64+0x86/0x230 [ 13.798283] kunit_try_run_case+0x1a5/0x480 [ 13.798308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.798332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.798357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.798381] ? __kthread_parkme+0x82/0x180 [ 13.798402] ? preempt_count_sub+0x50/0x80 [ 13.798427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.798452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.798477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.798503] kthread+0x337/0x6f0 [ 13.798523] ? trace_preempt_on+0x20/0xc0 [ 13.798547] ? __pfx_kthread+0x10/0x10 [ 13.798569] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.798591] ? calculate_sigpending+0x7b/0xa0 [ 13.798616] ? __pfx_kthread+0x10/0x10 [ 13.798638] ret_from_fork+0x116/0x1d0 [ 13.798657] ? __pfx_kthread+0x10/0x10 [ 13.798679] ret_from_fork_asm+0x1a/0x30 [ 13.798710] </TASK> [ 13.798721] [ 13.807101] Allocated by task 278: [ 13.807249] kasan_save_stack+0x45/0x70 [ 13.807443] kasan_save_track+0x18/0x40 [ 13.807581] kasan_save_alloc_info+0x3b/0x50 [ 13.807802] __kasan_kmalloc+0xb7/0xc0 [ 13.808002] __kmalloc_cache_noprof+0x189/0x420 [ 13.808180] kasan_bitops_generic+0x92/0x1c0 [ 13.808333] kunit_try_run_case+0x1a5/0x480 [ 13.808642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.808912] kthread+0x337/0x6f0 [ 13.809098] ret_from_fork+0x116/0x1d0 [ 13.809235] ret_from_fork_asm+0x1a/0x30 [ 13.809377] [ 13.809448] The buggy address belongs to the object at ffff888100fbfb00 [ 13.809448] which belongs to the cache kmalloc-16 of size 16 [ 13.810205] The buggy address is located 8 bytes inside of [ 13.810205] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.810697] [ 13.810770] The buggy address belongs to the physical page: [ 13.810954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.811544] flags: 0x200000000000000(node=0|zone=2) [ 13.811798] page_type: f5(slab) [ 13.812008] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.812347] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.812582] page dumped because: kasan: bad access detected [ 13.812863] [ 13.812978] Memory state around the buggy address: [ 13.813403] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.813717] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.814018] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.814390] ^ [ 13.814560] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.814866] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.815193] ================================================================== [ 13.732137] ================================================================== [ 13.732472] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.732999] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.733664] [ 13.733861] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.733904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.733917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.733947] Call Trace: [ 13.733965] <TASK> [ 13.733981] dump_stack_lvl+0x73/0xb0 [ 13.734010] print_report+0xd1/0x650 [ 13.734033] ? __virt_addr_valid+0x1db/0x2d0 [ 13.734077] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.734105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.734130] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.734158] kasan_report+0x141/0x180 [ 13.734181] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.734213] kasan_check_range+0x10c/0x1c0 [ 13.734248] __kasan_check_write+0x18/0x20 [ 13.734269] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.734296] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.734336] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.734362] ? trace_hardirqs_on+0x37/0xe0 [ 13.734385] ? kasan_bitops_generic+0x92/0x1c0 [ 13.734413] kasan_bitops_generic+0x116/0x1c0 [ 13.734438] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.734466] ? __pfx_read_tsc+0x10/0x10 [ 13.734488] ? ktime_get_ts64+0x86/0x230 [ 13.734512] kunit_try_run_case+0x1a5/0x480 [ 13.734538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.734562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.734588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.734613] ? __kthread_parkme+0x82/0x180 [ 13.734634] ? preempt_count_sub+0x50/0x80 [ 13.734659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.734685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.734710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.734735] kthread+0x337/0x6f0 [ 13.734756] ? trace_preempt_on+0x20/0xc0 [ 13.734778] ? __pfx_kthread+0x10/0x10 [ 13.734800] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.734822] ? calculate_sigpending+0x7b/0xa0 [ 13.734848] ? __pfx_kthread+0x10/0x10 [ 13.734871] ret_from_fork+0x116/0x1d0 [ 13.734890] ? __pfx_kthread+0x10/0x10 [ 13.734912] ret_from_fork_asm+0x1a/0x30 [ 13.734954] </TASK> [ 13.734966] [ 13.748087] Allocated by task 278: [ 13.748433] kasan_save_stack+0x45/0x70 [ 13.748820] kasan_save_track+0x18/0x40 [ 13.749213] kasan_save_alloc_info+0x3b/0x50 [ 13.749620] __kasan_kmalloc+0xb7/0xc0 [ 13.749991] __kmalloc_cache_noprof+0x189/0x420 [ 13.750429] kasan_bitops_generic+0x92/0x1c0 [ 13.750828] kunit_try_run_case+0x1a5/0x480 [ 13.751095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.751418] kthread+0x337/0x6f0 [ 13.751543] ret_from_fork+0x116/0x1d0 [ 13.751675] ret_from_fork_asm+0x1a/0x30 [ 13.751815] [ 13.751886] The buggy address belongs to the object at ffff888100fbfb00 [ 13.751886] which belongs to the cache kmalloc-16 of size 16 [ 13.752396] The buggy address is located 8 bytes inside of [ 13.752396] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.753316] [ 13.753394] The buggy address belongs to the physical page: [ 13.753575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.753817] flags: 0x200000000000000(node=0|zone=2) [ 13.754003] page_type: f5(slab) [ 13.754203] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.754540] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.754770] page dumped because: kasan: bad access detected [ 13.755054] [ 13.755176] Memory state around the buggy address: [ 13.755401] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.755697] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.755984] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.756376] ^ [ 13.756549] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.756814] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.757179] ================================================================== [ 13.705230] ================================================================== [ 13.705998] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.706492] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.706756] [ 13.706879] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.706924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.706948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.706970] Call Trace: [ 13.706985] <TASK> [ 13.707000] dump_stack_lvl+0x73/0xb0 [ 13.707029] print_report+0xd1/0x650 [ 13.707054] ? __virt_addr_valid+0x1db/0x2d0 [ 13.707077] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.707105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.707137] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.707165] kasan_report+0x141/0x180 [ 13.707188] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.707220] kasan_check_range+0x10c/0x1c0 [ 13.707246] __kasan_check_write+0x18/0x20 [ 13.707267] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.707295] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.707324] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.707351] ? trace_hardirqs_on+0x37/0xe0 [ 13.707374] ? kasan_bitops_generic+0x92/0x1c0 [ 13.707404] kasan_bitops_generic+0x116/0x1c0 [ 13.707429] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.707457] ? __pfx_read_tsc+0x10/0x10 [ 13.707478] ? ktime_get_ts64+0x86/0x230 [ 13.707504] kunit_try_run_case+0x1a5/0x480 [ 13.707531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.707556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.707581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.707606] ? __kthread_parkme+0x82/0x180 [ 13.707628] ? preempt_count_sub+0x50/0x80 [ 13.707652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.707678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.707706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.707733] kthread+0x337/0x6f0 [ 13.707753] ? trace_preempt_on+0x20/0xc0 [ 13.707776] ? __pfx_kthread+0x10/0x10 [ 13.707799] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.707822] ? calculate_sigpending+0x7b/0xa0 [ 13.707848] ? __pfx_kthread+0x10/0x10 [ 13.707871] ret_from_fork+0x116/0x1d0 [ 13.707890] ? __pfx_kthread+0x10/0x10 [ 13.707912] ret_from_fork_asm+0x1a/0x30 [ 13.707954] </TASK> [ 13.707965] [ 13.718879] Allocated by task 278: [ 13.719036] kasan_save_stack+0x45/0x70 [ 13.719843] kasan_save_track+0x18/0x40 [ 13.720469] kasan_save_alloc_info+0x3b/0x50 [ 13.721084] __kasan_kmalloc+0xb7/0xc0 [ 13.721585] __kmalloc_cache_noprof+0x189/0x420 [ 13.722212] kasan_bitops_generic+0x92/0x1c0 [ 13.722432] kunit_try_run_case+0x1a5/0x480 [ 13.722582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.722760] kthread+0x337/0x6f0 [ 13.722880] ret_from_fork+0x116/0x1d0 [ 13.723220] ret_from_fork_asm+0x1a/0x30 [ 13.723593] [ 13.723751] The buggy address belongs to the object at ffff888100fbfb00 [ 13.723751] which belongs to the cache kmalloc-16 of size 16 [ 13.724840] The buggy address is located 8 bytes inside of [ 13.724840] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.725891] [ 13.726083] The buggy address belongs to the physical page: [ 13.726386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.726893] flags: 0x200000000000000(node=0|zone=2) [ 13.727116] page_type: f5(slab) [ 13.727444] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.728184] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.728817] page dumped because: kasan: bad access detected [ 13.729002] [ 13.729122] Memory state around the buggy address: [ 13.729564] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.730211] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.730792] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.731018] ^ [ 13.731151] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.731369] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.731582] ================================================================== [ 13.776702] ================================================================== [ 13.777365] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.777777] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.778054] [ 13.778164] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.778204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.778218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.778239] Call Trace: [ 13.778255] <TASK> [ 13.778270] dump_stack_lvl+0x73/0xb0 [ 13.778301] print_report+0xd1/0x650 [ 13.778325] ? __virt_addr_valid+0x1db/0x2d0 [ 13.778349] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.778376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.778401] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.778428] kasan_report+0x141/0x180 [ 13.778466] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.778509] kasan_check_range+0x10c/0x1c0 [ 13.778534] __kasan_check_write+0x18/0x20 [ 13.778567] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.778595] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.778625] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.778651] ? trace_hardirqs_on+0x37/0xe0 [ 13.778674] ? kasan_bitops_generic+0x92/0x1c0 [ 13.778704] kasan_bitops_generic+0x116/0x1c0 [ 13.778729] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.778757] ? __pfx_read_tsc+0x10/0x10 [ 13.778779] ? ktime_get_ts64+0x86/0x230 [ 13.778803] kunit_try_run_case+0x1a5/0x480 [ 13.778827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.778851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.778876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.778901] ? __kthread_parkme+0x82/0x180 [ 13.778922] ? preempt_count_sub+0x50/0x80 [ 13.778956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.778981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.779006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.779031] kthread+0x337/0x6f0 [ 13.779052] ? trace_preempt_on+0x20/0xc0 [ 13.779074] ? __pfx_kthread+0x10/0x10 [ 13.779096] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.779124] ? calculate_sigpending+0x7b/0xa0 [ 13.779149] ? __pfx_kthread+0x10/0x10 [ 13.779170] ret_from_fork+0x116/0x1d0 [ 13.779190] ? __pfx_kthread+0x10/0x10 [ 13.779211] ret_from_fork_asm+0x1a/0x30 [ 13.779253] </TASK> [ 13.779264] [ 13.787668] Allocated by task 278: [ 13.787826] kasan_save_stack+0x45/0x70 [ 13.788080] kasan_save_track+0x18/0x40 [ 13.788273] kasan_save_alloc_info+0x3b/0x50 [ 13.788484] __kasan_kmalloc+0xb7/0xc0 [ 13.788688] __kmalloc_cache_noprof+0x189/0x420 [ 13.788907] kasan_bitops_generic+0x92/0x1c0 [ 13.789069] kunit_try_run_case+0x1a5/0x480 [ 13.789282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.789571] kthread+0x337/0x6f0 [ 13.789716] ret_from_fork+0x116/0x1d0 [ 13.789902] ret_from_fork_asm+0x1a/0x30 [ 13.790096] [ 13.790204] The buggy address belongs to the object at ffff888100fbfb00 [ 13.790204] which belongs to the cache kmalloc-16 of size 16 [ 13.790627] The buggy address is located 8 bytes inside of [ 13.790627] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.791209] [ 13.791316] The buggy address belongs to the physical page: [ 13.791530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.791775] flags: 0x200000000000000(node=0|zone=2) [ 13.791950] page_type: f5(slab) [ 13.792073] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.792348] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.792689] page dumped because: kasan: bad access detected [ 13.792983] [ 13.793080] Memory state around the buggy address: [ 13.793304] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.793623] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.793949] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794406] ^ [ 13.794533] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794748] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.794985] ================================================================== [ 13.667322] ================================================================== [ 13.667952] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.668366] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.668687] [ 13.668773] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.668814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.668826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.668847] Call Trace: [ 13.668862] <TASK> [ 13.668875] dump_stack_lvl+0x73/0xb0 [ 13.668903] print_report+0xd1/0x650 [ 13.668927] ? __virt_addr_valid+0x1db/0x2d0 [ 13.668962] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.668990] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.669015] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.669043] kasan_report+0x141/0x180 [ 13.669065] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.669098] kasan_check_range+0x10c/0x1c0 [ 13.669123] __kasan_check_write+0x18/0x20 [ 13.669144] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.669172] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.669203] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.669229] ? trace_hardirqs_on+0x37/0xe0 [ 13.669254] ? kasan_bitops_generic+0x92/0x1c0 [ 13.669283] kasan_bitops_generic+0x116/0x1c0 [ 13.669308] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.669335] ? __pfx_read_tsc+0x10/0x10 [ 13.669357] ? ktime_get_ts64+0x86/0x230 [ 13.669382] kunit_try_run_case+0x1a5/0x480 [ 13.669408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.669431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.669456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.669481] ? __kthread_parkme+0x82/0x180 [ 13.669506] ? preempt_count_sub+0x50/0x80 [ 13.669534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.669561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.669586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.669613] kthread+0x337/0x6f0 [ 13.669633] ? trace_preempt_on+0x20/0xc0 [ 13.669656] ? __pfx_kthread+0x10/0x10 [ 13.669678] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.669701] ? calculate_sigpending+0x7b/0xa0 [ 13.669726] ? __pfx_kthread+0x10/0x10 [ 13.669749] ret_from_fork+0x116/0x1d0 [ 13.669769] ? __pfx_kthread+0x10/0x10 [ 13.669791] ret_from_fork_asm+0x1a/0x30 [ 13.669822] </TASK> [ 13.669833] [ 13.677796] Allocated by task 278: [ 13.677996] kasan_save_stack+0x45/0x70 [ 13.678221] kasan_save_track+0x18/0x40 [ 13.678396] kasan_save_alloc_info+0x3b/0x50 [ 13.678552] __kasan_kmalloc+0xb7/0xc0 [ 13.678729] __kmalloc_cache_noprof+0x189/0x420 [ 13.678966] kasan_bitops_generic+0x92/0x1c0 [ 13.679266] kunit_try_run_case+0x1a5/0x480 [ 13.679458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.679689] kthread+0x337/0x6f0 [ 13.679835] ret_from_fork+0x116/0x1d0 [ 13.680014] ret_from_fork_asm+0x1a/0x30 [ 13.680219] [ 13.680317] The buggy address belongs to the object at ffff888100fbfb00 [ 13.680317] which belongs to the cache kmalloc-16 of size 16 [ 13.680779] The buggy address is located 8 bytes inside of [ 13.680779] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.681297] [ 13.681399] The buggy address belongs to the physical page: [ 13.681586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.681877] flags: 0x200000000000000(node=0|zone=2) [ 13.682052] page_type: f5(slab) [ 13.682172] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.682404] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.682630] page dumped because: kasan: bad access detected [ 13.682883] [ 13.682996] Memory state around the buggy address: [ 13.683327] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.683640] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.683920] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.684142] ^ [ 13.684266] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.684479] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.684689] ================================================================== [ 13.649065] ================================================================== [ 13.649530] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.649884] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.650237] [ 13.650356] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.650401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.650413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.650435] Call Trace: [ 13.650448] <TASK> [ 13.650466] dump_stack_lvl+0x73/0xb0 [ 13.650494] print_report+0xd1/0x650 [ 13.650519] ? __virt_addr_valid+0x1db/0x2d0 [ 13.650545] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.650573] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.650597] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.650626] kasan_report+0x141/0x180 [ 13.650649] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.650682] kasan_check_range+0x10c/0x1c0 [ 13.650709] __kasan_check_write+0x18/0x20 [ 13.650730] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.650758] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.650788] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.650814] ? trace_hardirqs_on+0x37/0xe0 [ 13.650838] ? kasan_bitops_generic+0x92/0x1c0 [ 13.650867] kasan_bitops_generic+0x116/0x1c0 [ 13.650892] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.650919] ? __pfx_read_tsc+0x10/0x10 [ 13.650951] ? ktime_get_ts64+0x86/0x230 [ 13.650978] kunit_try_run_case+0x1a5/0x480 [ 13.651003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.651027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.651052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.651077] ? __kthread_parkme+0x82/0x180 [ 13.651100] ? preempt_count_sub+0x50/0x80 [ 13.651130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.651156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.651182] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.651208] kthread+0x337/0x6f0 [ 13.651228] ? trace_preempt_on+0x20/0xc0 [ 13.651253] ? __pfx_kthread+0x10/0x10 [ 13.651275] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.651297] ? calculate_sigpending+0x7b/0xa0 [ 13.651323] ? __pfx_kthread+0x10/0x10 [ 13.651345] ret_from_fork+0x116/0x1d0 [ 13.651366] ? __pfx_kthread+0x10/0x10 [ 13.651388] ret_from_fork_asm+0x1a/0x30 [ 13.651421] </TASK> [ 13.651434] [ 13.659168] Allocated by task 278: [ 13.659355] kasan_save_stack+0x45/0x70 [ 13.659518] kasan_save_track+0x18/0x40 [ 13.659655] kasan_save_alloc_info+0x3b/0x50 [ 13.659807] __kasan_kmalloc+0xb7/0xc0 [ 13.660011] __kmalloc_cache_noprof+0x189/0x420 [ 13.660458] kasan_bitops_generic+0x92/0x1c0 [ 13.660657] kunit_try_run_case+0x1a5/0x480 [ 13.660830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.661016] kthread+0x337/0x6f0 [ 13.661139] ret_from_fork+0x116/0x1d0 [ 13.661298] ret_from_fork_asm+0x1a/0x30 [ 13.661493] [ 13.661588] The buggy address belongs to the object at ffff888100fbfb00 [ 13.661588] which belongs to the cache kmalloc-16 of size 16 [ 13.662178] The buggy address is located 8 bytes inside of [ 13.662178] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.662618] [ 13.662715] The buggy address belongs to the physical page: [ 13.662928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.663294] flags: 0x200000000000000(node=0|zone=2) [ 13.663461] page_type: f5(slab) [ 13.663585] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.663875] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.664224] page dumped because: kasan: bad access detected [ 13.664648] [ 13.664744] Memory state around the buggy address: [ 13.664983] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.665228] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.665443] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.665931] ^ [ 13.666120] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.666435] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.666707] ================================================================== [ 13.757840] ================================================================== [ 13.758519] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.758885] Write of size 8 at addr ffff888100fbfb08 by task kunit_try_catch/278 [ 13.759238] [ 13.759353] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.759408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.759420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.759441] Call Trace: [ 13.759469] <TASK> [ 13.759484] dump_stack_lvl+0x73/0xb0 [ 13.759514] print_report+0xd1/0x650 [ 13.759539] ? __virt_addr_valid+0x1db/0x2d0 [ 13.759563] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.759592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.759616] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.759644] kasan_report+0x141/0x180 [ 13.759668] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.759712] kasan_check_range+0x10c/0x1c0 [ 13.759737] __kasan_check_write+0x18/0x20 [ 13.759758] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.759796] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.759825] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.759852] ? trace_hardirqs_on+0x37/0xe0 [ 13.759875] ? kasan_bitops_generic+0x92/0x1c0 [ 13.759904] kasan_bitops_generic+0x116/0x1c0 [ 13.759929] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.759966] ? __pfx_read_tsc+0x10/0x10 [ 13.759987] ? ktime_get_ts64+0x86/0x230 [ 13.760012] kunit_try_run_case+0x1a5/0x480 [ 13.760038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.760074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.760100] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.760125] ? __kthread_parkme+0x82/0x180 [ 13.760156] ? preempt_count_sub+0x50/0x80 [ 13.760181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.760206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.760232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.760266] kthread+0x337/0x6f0 [ 13.760288] ? trace_preempt_on+0x20/0xc0 [ 13.760310] ? __pfx_kthread+0x10/0x10 [ 13.760342] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.760364] ? calculate_sigpending+0x7b/0xa0 [ 13.760390] ? __pfx_kthread+0x10/0x10 [ 13.760412] ret_from_fork+0x116/0x1d0 [ 13.760432] ? __pfx_kthread+0x10/0x10 [ 13.760453] ret_from_fork_asm+0x1a/0x30 [ 13.760485] </TASK> [ 13.760496] [ 13.768317] Allocated by task 278: [ 13.768474] kasan_save_stack+0x45/0x70 [ 13.768702] kasan_save_track+0x18/0x40 [ 13.768907] kasan_save_alloc_info+0x3b/0x50 [ 13.769188] __kasan_kmalloc+0xb7/0xc0 [ 13.769382] __kmalloc_cache_noprof+0x189/0x420 [ 13.769623] kasan_bitops_generic+0x92/0x1c0 [ 13.769778] kunit_try_run_case+0x1a5/0x480 [ 13.769931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.770306] kthread+0x337/0x6f0 [ 13.770453] ret_from_fork+0x116/0x1d0 [ 13.770649] ret_from_fork_asm+0x1a/0x30 [ 13.770841] [ 13.770946] The buggy address belongs to the object at ffff888100fbfb00 [ 13.770946] which belongs to the cache kmalloc-16 of size 16 [ 13.771492] The buggy address is located 8 bytes inside of [ 13.771492] allocated 9-byte region [ffff888100fbfb00, ffff888100fbfb09) [ 13.772001] [ 13.772096] The buggy address belongs to the physical page: [ 13.772346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbf [ 13.772681] flags: 0x200000000000000(node=0|zone=2) [ 13.772917] page_type: f5(slab) [ 13.773081] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.773333] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.773722] page dumped because: kasan: bad access detected [ 13.773963] [ 13.774055] Memory state around the buggy address: [ 13.774240] ffff888100fbfa00: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 13.774455] ffff888100fbfa80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 13.774671] >ffff888100fbfb00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.774881] ^ [ 13.775015] ffff888100fbfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.775617] ffff888100fbfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.775933] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.621848] ================================================================== [ 13.622265] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.622957] Read of size 1 at addr ffff8881027a7e10 by task kunit_try_catch/276 [ 13.623420] [ 13.623697] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.623745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.623758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.623781] Call Trace: [ 13.623798] <TASK> [ 13.623901] dump_stack_lvl+0x73/0xb0 [ 13.623945] print_report+0xd1/0x650 [ 13.623970] ? __virt_addr_valid+0x1db/0x2d0 [ 13.623991] ? strnlen+0x73/0x80 [ 13.624009] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.624032] ? strnlen+0x73/0x80 [ 13.624050] kasan_report+0x141/0x180 [ 13.624072] ? strnlen+0x73/0x80 [ 13.624095] __asan_report_load1_noabort+0x18/0x20 [ 13.624121] strnlen+0x73/0x80 [ 13.624139] kasan_strings+0x615/0xe80 [ 13.624161] ? trace_hardirqs_on+0x37/0xe0 [ 13.624185] ? __pfx_kasan_strings+0x10/0x10 [ 13.624207] ? finish_task_switch.isra.0+0x153/0x700 [ 13.624229] ? __switch_to+0x47/0xf50 [ 13.624254] ? __schedule+0x10cc/0x2b60 [ 13.624276] ? __pfx_read_tsc+0x10/0x10 [ 13.624296] ? ktime_get_ts64+0x86/0x230 [ 13.624320] kunit_try_run_case+0x1a5/0x480 [ 13.624344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.624366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.624389] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.624411] ? __kthread_parkme+0x82/0x180 [ 13.624432] ? preempt_count_sub+0x50/0x80 [ 13.624454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.624478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.624501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.624524] kthread+0x337/0x6f0 [ 13.624544] ? trace_preempt_on+0x20/0xc0 [ 13.624566] ? __pfx_kthread+0x10/0x10 [ 13.624587] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.624608] ? calculate_sigpending+0x7b/0xa0 [ 13.624631] ? __pfx_kthread+0x10/0x10 [ 13.624653] ret_from_fork+0x116/0x1d0 [ 13.624671] ? __pfx_kthread+0x10/0x10 [ 13.624692] ret_from_fork_asm+0x1a/0x30 [ 13.624722] </TASK> [ 13.624734] [ 13.635223] Allocated by task 276: [ 13.635392] kasan_save_stack+0x45/0x70 [ 13.635606] kasan_save_track+0x18/0x40 [ 13.635822] kasan_save_alloc_info+0x3b/0x50 [ 13.636045] __kasan_kmalloc+0xb7/0xc0 [ 13.636225] __kmalloc_cache_noprof+0x189/0x420 [ 13.636398] kasan_strings+0xc0/0xe80 [ 13.636585] kunit_try_run_case+0x1a5/0x480 [ 13.636817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.637012] kthread+0x337/0x6f0 [ 13.637164] ret_from_fork+0x116/0x1d0 [ 13.637384] ret_from_fork_asm+0x1a/0x30 [ 13.637734] [ 13.637808] Freed by task 276: [ 13.637921] kasan_save_stack+0x45/0x70 [ 13.638194] kasan_save_track+0x18/0x40 [ 13.638401] kasan_save_free_info+0x3f/0x60 [ 13.638606] __kasan_slab_free+0x56/0x70 [ 13.638789] kfree+0x222/0x3f0 [ 13.638985] kasan_strings+0x2aa/0xe80 [ 13.639192] kunit_try_run_case+0x1a5/0x480 [ 13.639409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.639663] kthread+0x337/0x6f0 [ 13.639829] ret_from_fork+0x116/0x1d0 [ 13.640036] ret_from_fork_asm+0x1a/0x30 [ 13.640221] [ 13.640293] The buggy address belongs to the object at ffff8881027a7e00 [ 13.640293] which belongs to the cache kmalloc-32 of size 32 [ 13.640718] The buggy address is located 16 bytes inside of [ 13.640718] freed 32-byte region [ffff8881027a7e00, ffff8881027a7e20) [ 13.641246] [ 13.641325] The buggy address belongs to the physical page: [ 13.641510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a7 [ 13.641876] flags: 0x200000000000000(node=0|zone=2) [ 13.642223] page_type: f5(slab) [ 13.642429] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.642727] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 13.643089] page dumped because: kasan: bad access detected [ 13.643318] [ 13.643433] Memory state around the buggy address: [ 13.643648] ffff8881027a7d00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.643976] ffff8881027a7d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.644318] >ffff8881027a7e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.644588] ^ [ 13.644718] ffff8881027a7e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.644997] ffff8881027a7f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.645325] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.595133] ================================================================== [ 13.595461] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.595922] Read of size 1 at addr ffff8881027a7e10 by task kunit_try_catch/276 [ 13.596638] [ 13.596923] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.596980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.596994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.597016] Call Trace: [ 13.597031] <TASK> [ 13.597047] dump_stack_lvl+0x73/0xb0 [ 13.597084] print_report+0xd1/0x650 [ 13.597108] ? __virt_addr_valid+0x1db/0x2d0 [ 13.597131] ? strlen+0x8f/0xb0 [ 13.597148] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.597170] ? strlen+0x8f/0xb0 [ 13.597188] kasan_report+0x141/0x180 [ 13.597210] ? strlen+0x8f/0xb0 [ 13.597231] __asan_report_load1_noabort+0x18/0x20 [ 13.597256] strlen+0x8f/0xb0 [ 13.597275] kasan_strings+0x57b/0xe80 [ 13.597295] ? trace_hardirqs_on+0x37/0xe0 [ 13.597318] ? __pfx_kasan_strings+0x10/0x10 [ 13.597339] ? finish_task_switch.isra.0+0x153/0x700 [ 13.597360] ? __switch_to+0x47/0xf50 [ 13.597385] ? __schedule+0x10cc/0x2b60 [ 13.597407] ? __pfx_read_tsc+0x10/0x10 [ 13.597428] ? ktime_get_ts64+0x86/0x230 [ 13.597451] kunit_try_run_case+0x1a5/0x480 [ 13.597475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.597497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.597520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.597542] ? __kthread_parkme+0x82/0x180 [ 13.597563] ? preempt_count_sub+0x50/0x80 [ 13.597585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.597609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.597632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.597655] kthread+0x337/0x6f0 [ 13.597675] ? trace_preempt_on+0x20/0xc0 [ 13.597697] ? __pfx_kthread+0x10/0x10 [ 13.597718] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.597739] ? calculate_sigpending+0x7b/0xa0 [ 13.597763] ? __pfx_kthread+0x10/0x10 [ 13.597784] ret_from_fork+0x116/0x1d0 [ 13.597803] ? __pfx_kthread+0x10/0x10 [ 13.597823] ret_from_fork_asm+0x1a/0x30 [ 13.597853] </TASK> [ 13.597866] [ 13.608029] Allocated by task 276: [ 13.608206] kasan_save_stack+0x45/0x70 [ 13.608612] kasan_save_track+0x18/0x40 [ 13.608870] kasan_save_alloc_info+0x3b/0x50 [ 13.609051] __kasan_kmalloc+0xb7/0xc0 [ 13.609397] __kmalloc_cache_noprof+0x189/0x420 [ 13.609682] kasan_strings+0xc0/0xe80 [ 13.609931] kunit_try_run_case+0x1a5/0x480 [ 13.610276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.610503] kthread+0x337/0x6f0 [ 13.610805] ret_from_fork+0x116/0x1d0 [ 13.611116] ret_from_fork_asm+0x1a/0x30 [ 13.611374] [ 13.611473] Freed by task 276: [ 13.611599] kasan_save_stack+0x45/0x70 [ 13.611787] kasan_save_track+0x18/0x40 [ 13.611976] kasan_save_free_info+0x3f/0x60 [ 13.612451] __kasan_slab_free+0x56/0x70 [ 13.612651] kfree+0x222/0x3f0 [ 13.612770] kasan_strings+0x2aa/0xe80 [ 13.613101] kunit_try_run_case+0x1a5/0x480 [ 13.613311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.613676] kthread+0x337/0x6f0 [ 13.613991] ret_from_fork+0x116/0x1d0 [ 13.614229] ret_from_fork_asm+0x1a/0x30 [ 13.614569] [ 13.614668] The buggy address belongs to the object at ffff8881027a7e00 [ 13.614668] which belongs to the cache kmalloc-32 of size 32 [ 13.615243] The buggy address is located 16 bytes inside of [ 13.615243] freed 32-byte region [ffff8881027a7e00, ffff8881027a7e20) [ 13.615976] [ 13.616067] The buggy address belongs to the physical page: [ 13.616318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a7 [ 13.616796] flags: 0x200000000000000(node=0|zone=2) [ 13.617127] page_type: f5(slab) [ 13.617341] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.617731] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 13.618178] page dumped because: kasan: bad access detected [ 13.618424] [ 13.618612] Memory state around the buggy address: [ 13.618788] ffff8881027a7d00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.619277] ffff8881027a7d80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.619681] >ffff8881027a7e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.619931] ^ [ 13.620300] ffff8881027a7e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.620717] ffff8881027a7f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.620970] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.556026] ================================================================== [ 13.556628] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.557253] Read of size 1 at addr ffff8881027a7e10 by task kunit_try_catch/276 [ 13.557653] [ 13.557749] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.557792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.557806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.557829] Call Trace: [ 13.557846] <TASK> [ 13.557865] dump_stack_lvl+0x73/0xb0 [ 13.557894] print_report+0xd1/0x650 [ 13.557916] ? __virt_addr_valid+0x1db/0x2d0 [ 13.557953] ? kasan_strings+0xcbc/0xe80 [ 13.557974] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.557997] ? kasan_strings+0xcbc/0xe80 [ 13.558019] kasan_report+0x141/0x180 [ 13.558042] ? kasan_strings+0xcbc/0xe80 [ 13.558079] __asan_report_load1_noabort+0x18/0x20 [ 13.558104] kasan_strings+0xcbc/0xe80 [ 13.558124] ? trace_hardirqs_on+0x37/0xe0 [ 13.558147] ? __pfx_kasan_strings+0x10/0x10 [ 13.558168] ? finish_task_switch.isra.0+0x153/0x700 [ 13.558190] ? __switch_to+0x47/0xf50 [ 13.558215] ? __schedule+0x10cc/0x2b60 [ 13.558238] ? __pfx_read_tsc+0x10/0x10 [ 13.558258] ? ktime_get_ts64+0x86/0x230 [ 13.558282] kunit_try_run_case+0x1a5/0x480 [ 13.558306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.558329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.558353] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.558376] ? __kthread_parkme+0x82/0x180 [ 13.558397] ? preempt_count_sub+0x50/0x80 [ 13.558419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.558443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.558466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.558491] kthread+0x337/0x6f0 [ 13.558563] ? trace_preempt_on+0x20/0xc0 [ 13.558591] ? __pfx_kthread+0x10/0x10 [ 13.558612] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.558635] ? calculate_sigpending+0x7b/0xa0 [ 13.558659] ? __pfx_kthread+0x10/0x10 [ 13.558681] ret_from_fork+0x116/0x1d0 [ 13.558701] ? __pfx_kthread+0x10/0x10 [ 13.558721] ret_from_fork_asm+0x1a/0x30 [ 13.558752] </TASK> [ 13.558765] [ 13.578251] Allocated by task 276: [ 13.578435] kasan_save_stack+0x45/0x70 [ 13.578624] kasan_save_track+0x18/0x40 [ 13.578799] kasan_save_alloc_info+0x3b/0x50 [ 13.578988] __kasan_kmalloc+0xb7/0xc0 [ 13.579163] __kmalloc_cache_noprof+0x189/0x420 [ 13.579317] kasan_strings+0xc0/0xe80 [ 13.580087] kunit_try_run_case+0x1a5/0x480 [ 13.580298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.580900] kthread+0x337/0x6f0 [ 13.581090] ret_from_fork+0x116/0x1d0 [ 13.581417] ret_from_fork_asm+0x1a/0x30 [ 13.581810] [ 13.581924] Freed by task 276: [ 13.582067] kasan_save_stack+0x45/0x70 [ 13.582391] kasan_save_track+0x18/0x40 [ 13.582804] kasan_save_free_info+0x3f/0x60 [ 13.583143] __kasan_slab_free+0x56/0x70 [ 13.583330] kfree+0x222/0x3f0 [ 13.583671] kasan_strings+0x2aa/0xe80 [ 13.583962] kunit_try_run_case+0x1a5/0x480 [ 13.584118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.584741] kthread+0x337/0x6f0 [ 13.584903] ret_from_fork+0x116/0x1d0 [ 13.585319] ret_from_fork_asm+0x1a/0x30 [ 13.585701] [ 13.585974] The buggy address belongs to the object at ffff8881027a7e00 [ 13.585974] which belongs to the cache kmalloc-32 of size 32 [ 13.586652] The buggy address is located 16 bytes inside of [ 13.586652] freed 32-byte region [ffff8881027a7e00, ffff8881027a7e20) [ 13.587356] [ 13.587664] The buggy address belongs to the physical page: [ 13.587947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a7 [ 13.588429] flags: 0x200000000000000(node=0|zone=2) [ 13.588914] page_type: f5(slab) [ 13.589070] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.589703] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 13.590156] page dumped because: kasan: bad access detected [ 13.590534] [ 13.590626] Memory state around the buggy address: [ 13.590970] ffff8881027a7d00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.591438] ffff8881027a7d80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.591948] >ffff8881027a7e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.592449] ^ [ 13.592623] ffff8881027a7e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.592924] ffff8881027a7f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.593650] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 17.760896] ================================================================== [ 17.761414] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 17.761414] [ 17.761850] Invalid free of 0x(____ptrval____) (in kfence-#78): [ 17.762099] test_invalid_addr_free+0xfb/0x260 [ 17.762330] kunit_try_run_case+0x1a5/0x480 [ 17.762483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.762727] kthread+0x337/0x6f0 [ 17.762908] ret_from_fork+0x116/0x1d0 [ 17.763109] ret_from_fork_asm+0x1a/0x30 [ 17.763322] [ 17.763415] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.763415] [ 17.763730] allocated by task 326 on cpu 1 at 17.760786s (0.002941s ago): [ 17.764067] test_alloc+0x2a6/0x10f0 [ 17.764259] test_invalid_addr_free+0xdb/0x260 [ 17.764412] kunit_try_run_case+0x1a5/0x480 [ 17.764564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.764824] kthread+0x337/0x6f0 [ 17.765011] ret_from_fork+0x116/0x1d0 [ 17.765254] ret_from_fork_asm+0x1a/0x30 [ 17.765452] [ 17.765570] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.765994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.766191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.766504] ================================================================== [ 17.656857] ================================================================== [ 17.657319] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 17.657319] [ 17.657836] Invalid free of 0x(____ptrval____) (in kfence-#77): [ 17.658634] test_invalid_addr_free+0x1e1/0x260 [ 17.658887] kunit_try_run_case+0x1a5/0x480 [ 17.659333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.659600] kthread+0x337/0x6f0 [ 17.659968] ret_from_fork+0x116/0x1d0 [ 17.660294] ret_from_fork_asm+0x1a/0x30 [ 17.660508] [ 17.660605] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.660605] [ 17.661005] allocated by task 324 on cpu 0 at 17.656745s (0.004258s ago): [ 17.661605] test_alloc+0x364/0x10f0 [ 17.661879] test_invalid_addr_free+0xdb/0x260 [ 17.662234] kunit_try_run_case+0x1a5/0x480 [ 17.662534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.662864] kthread+0x337/0x6f0 [ 17.663066] ret_from_fork+0x116/0x1d0 [ 17.663402] ret_from_fork_asm+0x1a/0x30 [ 17.663700] [ 17.663909] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.664477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.664771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.665280] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 17.449069] ================================================================== [ 17.449497] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 17.449497] [ 17.449963] Invalid free of 0x(____ptrval____) (in kfence-#75): [ 17.450672] test_double_free+0x1d3/0x260 [ 17.450893] kunit_try_run_case+0x1a5/0x480 [ 17.451105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.451590] kthread+0x337/0x6f0 [ 17.451793] ret_from_fork+0x116/0x1d0 [ 17.452149] ret_from_fork_asm+0x1a/0x30 [ 17.452362] [ 17.452473] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.452473] [ 17.452822] allocated by task 320 on cpu 0 at 17.448810s (0.004009s ago): [ 17.453059] test_alloc+0x364/0x10f0 [ 17.453198] test_double_free+0xdb/0x260 [ 17.453490] kunit_try_run_case+0x1a5/0x480 [ 17.453764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.453941] kthread+0x337/0x6f0 [ 17.454189] ret_from_fork+0x116/0x1d0 [ 17.454336] ret_from_fork_asm+0x1a/0x30 [ 17.454480] [ 17.454555] freed by task 320 on cpu 0 at 17.448877s (0.005675s ago): [ 17.454767] test_double_free+0x1e0/0x260 [ 17.454909] kunit_try_run_case+0x1a5/0x480 [ 17.455479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.456000] kthread+0x337/0x6f0 [ 17.456753] ret_from_fork+0x116/0x1d0 [ 17.456987] ret_from_fork_asm+0x1a/0x30 [ 17.457184] [ 17.457373] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.457914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.458123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.458533] ================================================================== [ 17.553042] ================================================================== [ 17.553454] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.553454] [ 17.553745] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 17.553983] test_double_free+0x112/0x260 [ 17.554190] kunit_try_run_case+0x1a5/0x480 [ 17.554412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.554670] kthread+0x337/0x6f0 [ 17.554839] ret_from_fork+0x116/0x1d0 [ 17.555035] ret_from_fork_asm+0x1a/0x30 [ 17.555307] [ 17.555410] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.555410] [ 17.555765] allocated by task 322 on cpu 1 at 17.552794s (0.002969s ago): [ 17.556093] test_alloc+0x2a6/0x10f0 [ 17.556249] test_double_free+0xdb/0x260 [ 17.556421] kunit_try_run_case+0x1a5/0x480 [ 17.556626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.556838] kthread+0x337/0x6f0 [ 17.557024] ret_from_fork+0x116/0x1d0 [ 17.557206] ret_from_fork_asm+0x1a/0x30 [ 17.557413] [ 17.557496] freed by task 322 on cpu 1 at 17.552832s (0.004662s ago): [ 17.557759] test_double_free+0xfa/0x260 [ 17.557929] kunit_try_run_case+0x1a5/0x480 [ 17.558175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.558354] kthread+0x337/0x6f0 [ 17.558479] ret_from_fork+0x116/0x1d0 [ 17.558625] ret_from_fork_asm+0x1a/0x30 [ 17.558837] [ 17.558973] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.559488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.559634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.559914] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 17.136886] ================================================================== [ 17.137418] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.137418] [ 17.137800] Use-after-free read at 0x(____ptrval____) (in kfence-#72): [ 17.138199] test_use_after_free_read+0x129/0x270 [ 17.138789] kunit_try_run_case+0x1a5/0x480 [ 17.139282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.139739] kthread+0x337/0x6f0 [ 17.139894] ret_from_fork+0x116/0x1d0 [ 17.140309] ret_from_fork_asm+0x1a/0x30 [ 17.140537] [ 17.140654] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.140654] [ 17.141249] allocated by task 314 on cpu 0 at 17.136758s (0.004488s ago): [ 17.141722] test_alloc+0x2a6/0x10f0 [ 17.141903] test_use_after_free_read+0xdc/0x270 [ 17.142321] kunit_try_run_case+0x1a5/0x480 [ 17.142621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.142878] kthread+0x337/0x6f0 [ 17.143218] ret_from_fork+0x116/0x1d0 [ 17.143500] ret_from_fork_asm+0x1a/0x30 [ 17.143719] [ 17.143823] freed by task 314 on cpu 0 at 17.136800s (0.007020s ago): [ 17.144358] test_use_after_free_read+0xfb/0x270 [ 17.144573] kunit_try_run_case+0x1a5/0x480 [ 17.144841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.145234] kthread+0x337/0x6f0 [ 17.145488] ret_from_fork+0x116/0x1d0 [ 17.145690] ret_from_fork_asm+0x1a/0x30 [ 17.146016] [ 17.146276] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.146740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.147128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.147613] ================================================================== [ 17.032994] ================================================================== [ 17.033429] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.033429] [ 17.033933] Use-after-free read at 0x(____ptrval____) (in kfence-#71): [ 17.034243] test_use_after_free_read+0x129/0x270 [ 17.034454] kunit_try_run_case+0x1a5/0x480 [ 17.034663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.034846] kthread+0x337/0x6f0 [ 17.035045] ret_from_fork+0x116/0x1d0 [ 17.035288] ret_from_fork_asm+0x1a/0x30 [ 17.035552] [ 17.035662] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.035662] [ 17.036051] allocated by task 312 on cpu 1 at 17.032748s (0.003301s ago): [ 17.036308] test_alloc+0x364/0x10f0 [ 17.036475] test_use_after_free_read+0xdc/0x270 [ 17.036706] kunit_try_run_case+0x1a5/0x480 [ 17.036925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.037143] kthread+0x337/0x6f0 [ 17.037267] ret_from_fork+0x116/0x1d0 [ 17.037659] ret_from_fork_asm+0x1a/0x30 [ 17.037870] [ 17.038094] freed by task 312 on cpu 1 at 17.032819s (0.005195s ago): [ 17.038432] test_use_after_free_read+0x1e7/0x270 [ 17.038606] kunit_try_run_case+0x1a5/0x480 [ 17.038794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.039062] kthread+0x337/0x6f0 [ 17.039242] ret_from_fork+0x116/0x1d0 [ 17.039509] ret_from_fork_asm+0x1a/0x30 [ 17.039686] [ 17.039791] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.040365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.040566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.040916] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 16.928847] ================================================================== [ 16.929330] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.929330] [ 16.929751] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#70): [ 16.930111] test_out_of_bounds_write+0x10d/0x260 [ 16.930348] kunit_try_run_case+0x1a5/0x480 [ 16.930505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.930771] kthread+0x337/0x6f0 [ 16.930923] ret_from_fork+0x116/0x1d0 [ 16.931074] ret_from_fork_asm+0x1a/0x30 [ 16.931449] [ 16.931553] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.931553] [ 16.931923] allocated by task 310 on cpu 1 at 16.928782s (0.003138s ago): [ 16.932172] test_alloc+0x2a6/0x10f0 [ 16.932352] test_out_of_bounds_write+0xd4/0x260 [ 16.932600] kunit_try_run_case+0x1a5/0x480 [ 16.932750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.932923] kthread+0x337/0x6f0 [ 16.933055] ret_from_fork+0x116/0x1d0 [ 16.933206] ret_from_fork_asm+0x1a/0x30 [ 16.933350] [ 16.933451] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.933853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.934007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.934279] ================================================================== [ 16.616902] ================================================================== [ 16.617351] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.617351] [ 16.617904] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#67): [ 16.618376] test_out_of_bounds_write+0x10d/0x260 [ 16.618652] kunit_try_run_case+0x1a5/0x480 [ 16.618864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.619279] kthread+0x337/0x6f0 [ 16.619468] ret_from_fork+0x116/0x1d0 [ 16.619652] ret_from_fork_asm+0x1a/0x30 [ 16.619839] [ 16.619936] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.619936] [ 16.620344] allocated by task 308 on cpu 0 at 16.616779s (0.003562s ago): [ 16.620632] test_alloc+0x364/0x10f0 [ 16.620847] test_out_of_bounds_write+0xd4/0x260 [ 16.621045] kunit_try_run_case+0x1a5/0x480 [ 16.621230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.621593] kthread+0x337/0x6f0 [ 16.621894] ret_from_fork+0x116/0x1d0 [ 16.622424] ret_from_fork_asm+0x1a/0x30 [ 16.622804] [ 16.623041] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.623635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.623987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.624631] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 16.200869] ================================================================== [ 16.201320] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.201320] [ 16.201799] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#63): [ 16.202146] test_out_of_bounds_read+0x126/0x4e0 [ 16.202313] kunit_try_run_case+0x1a5/0x480 [ 16.202604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.202925] kthread+0x337/0x6f0 [ 16.203182] ret_from_fork+0x116/0x1d0 [ 16.203392] ret_from_fork_asm+0x1a/0x30 [ 16.203555] [ 16.203633] kfence-#63: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.203633] [ 16.203991] allocated by task 306 on cpu 1 at 16.200808s (0.003181s ago): [ 16.204422] test_alloc+0x2a6/0x10f0 [ 16.204604] test_out_of_bounds_read+0xed/0x4e0 [ 16.204774] kunit_try_run_case+0x1a5/0x480 [ 16.205017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.205496] kthread+0x337/0x6f0 [ 16.205674] ret_from_fork+0x116/0x1d0 [ 16.205863] ret_from_fork_asm+0x1a/0x30 [ 16.206070] [ 16.206214] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.206727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.206938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.207341] ================================================================== [ 15.993865] ================================================================== [ 15.994485] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.994485] [ 15.994967] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#61): [ 15.995400] test_out_of_bounds_read+0x126/0x4e0 [ 15.995631] kunit_try_run_case+0x1a5/0x480 [ 15.995854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.996110] kthread+0x337/0x6f0 [ 15.996272] ret_from_fork+0x116/0x1d0 [ 15.996432] ret_from_fork_asm+0x1a/0x30 [ 15.996710] [ 15.996932] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.996932] [ 15.997523] allocated by task 304 on cpu 1 at 15.992865s (0.004601s ago): [ 15.998076] test_alloc+0x364/0x10f0 [ 15.998291] test_out_of_bounds_read+0xed/0x4e0 [ 15.998527] kunit_try_run_case+0x1a5/0x480 [ 15.998702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.998911] kthread+0x337/0x6f0 [ 15.999109] ret_from_fork+0x116/0x1d0 [ 15.999279] ret_from_fork_asm+0x1a/0x30 [ 15.999538] [ 15.999697] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.000172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.000320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.000797] ================================================================== [ 16.096985] ================================================================== [ 16.097385] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.097385] [ 16.097835] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#62): [ 16.098235] test_out_of_bounds_read+0x216/0x4e0 [ 16.098409] kunit_try_run_case+0x1a5/0x480 [ 16.098629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.098889] kthread+0x337/0x6f0 [ 16.099093] ret_from_fork+0x116/0x1d0 [ 16.099256] ret_from_fork_asm+0x1a/0x30 [ 16.099464] [ 16.099566] kfence-#62: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.099566] [ 16.099972] allocated by task 304 on cpu 1 at 16.096795s (0.003174s ago): [ 16.100309] test_alloc+0x364/0x10f0 [ 16.100460] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.100688] kunit_try_run_case+0x1a5/0x480 [ 16.100877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.101091] kthread+0x337/0x6f0 [ 16.101366] ret_from_fork+0x116/0x1d0 [ 16.101503] ret_from_fork_asm+0x1a/0x30 [ 16.101644] [ 16.101742] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.102182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.102333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.102605] ================================================================== [ 16.408878] ================================================================== [ 16.409329] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.409329] [ 16.409903] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#65): [ 16.410283] test_out_of_bounds_read+0x216/0x4e0 [ 16.410463] kunit_try_run_case+0x1a5/0x480 [ 16.410617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.410897] kthread+0x337/0x6f0 [ 16.411105] ret_from_fork+0x116/0x1d0 [ 16.411354] ret_from_fork_asm+0x1a/0x30 [ 16.411532] [ 16.411608] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.411608] [ 16.412035] allocated by task 306 on cpu 1 at 16.408823s (0.003209s ago): [ 16.412360] test_alloc+0x2a6/0x10f0 [ 16.412529] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.412777] kunit_try_run_case+0x1a5/0x480 [ 16.412997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.413335] kthread+0x337/0x6f0 [ 16.413564] ret_from_fork+0x116/0x1d0 [ 16.413828] ret_from_fork_asm+0x1a/0x30 [ 16.414045] [ 16.414169] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.414490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.414695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.415122] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.740825] ================================================================== [ 15.741083] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.741392] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.741727] [ 15.741907] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.741970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.741983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.742006] Call Trace: [ 15.742024] <TASK> [ 15.742043] dump_stack_lvl+0x73/0xb0 [ 15.742083] print_report+0xd1/0x650 [ 15.742107] ? __virt_addr_valid+0x1db/0x2d0 [ 15.742130] ? strncpy_from_user+0x2e/0x1d0 [ 15.742155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.742177] ? strncpy_from_user+0x2e/0x1d0 [ 15.742212] kasan_report+0x141/0x180 [ 15.742235] ? strncpy_from_user+0x2e/0x1d0 [ 15.742275] kasan_check_range+0x10c/0x1c0 [ 15.742300] __kasan_check_write+0x18/0x20 [ 15.742322] strncpy_from_user+0x2e/0x1d0 [ 15.742346] ? __kasan_check_read+0x15/0x20 [ 15.742377] copy_user_test_oob+0x760/0x10f0 [ 15.742405] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.742440] ? finish_task_switch.isra.0+0x153/0x700 [ 15.742463] ? __switch_to+0x47/0xf50 [ 15.742490] ? __schedule+0x10cc/0x2b60 [ 15.742513] ? __pfx_read_tsc+0x10/0x10 [ 15.742534] ? ktime_get_ts64+0x86/0x230 [ 15.742560] kunit_try_run_case+0x1a5/0x480 [ 15.742595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.742619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.742643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.742679] ? __kthread_parkme+0x82/0x180 [ 15.742700] ? preempt_count_sub+0x50/0x80 [ 15.742735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.742761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.742785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.742810] kthread+0x337/0x6f0 [ 15.742830] ? trace_preempt_on+0x20/0xc0 [ 15.742854] ? __pfx_kthread+0x10/0x10 [ 15.742877] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.742900] ? calculate_sigpending+0x7b/0xa0 [ 15.742925] ? __pfx_kthread+0x10/0x10 [ 15.742956] ret_from_fork+0x116/0x1d0 [ 15.742976] ? __pfx_kthread+0x10/0x10 [ 15.742998] ret_from_fork_asm+0x1a/0x30 [ 15.743039] </TASK> [ 15.743052] [ 15.750603] Allocated by task 302: [ 15.750791] kasan_save_stack+0x45/0x70 [ 15.751026] kasan_save_track+0x18/0x40 [ 15.751438] kasan_save_alloc_info+0x3b/0x50 [ 15.751688] __kasan_kmalloc+0xb7/0xc0 [ 15.751868] __kmalloc_noprof+0x1c9/0x500 [ 15.752016] kunit_kmalloc_array+0x25/0x60 [ 15.752408] copy_user_test_oob+0xab/0x10f0 [ 15.752621] kunit_try_run_case+0x1a5/0x480 [ 15.752841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.753092] kthread+0x337/0x6f0 [ 15.753255] ret_from_fork+0x116/0x1d0 [ 15.753395] ret_from_fork_asm+0x1a/0x30 [ 15.753615] [ 15.753698] The buggy address belongs to the object at ffff888103a21000 [ 15.753698] which belongs to the cache kmalloc-128 of size 128 [ 15.754201] The buggy address is located 0 bytes inside of [ 15.754201] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.754695] [ 15.754791] The buggy address belongs to the physical page: [ 15.755023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.755448] flags: 0x200000000000000(node=0|zone=2) [ 15.755684] page_type: f5(slab) [ 15.755829] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.756159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.756512] page dumped because: kasan: bad access detected [ 15.756894] [ 15.757015] Memory state around the buggy address: [ 15.757281] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.757551] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.757894] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.758235] ^ [ 15.758568] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.758868] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.759168] ================================================================== [ 15.759577] ================================================================== [ 15.759972] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.760297] Write of size 1 at addr ffff888103a21078 by task kunit_try_catch/302 [ 15.760544] [ 15.760630] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.760672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.760685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.760707] Call Trace: [ 15.760723] <TASK> [ 15.760739] dump_stack_lvl+0x73/0xb0 [ 15.760766] print_report+0xd1/0x650 [ 15.760790] ? __virt_addr_valid+0x1db/0x2d0 [ 15.760814] ? strncpy_from_user+0x1a5/0x1d0 [ 15.760837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.760860] ? strncpy_from_user+0x1a5/0x1d0 [ 15.760902] kasan_report+0x141/0x180 [ 15.760925] ? strncpy_from_user+0x1a5/0x1d0 [ 15.760965] __asan_report_store1_noabort+0x1b/0x30 [ 15.760988] strncpy_from_user+0x1a5/0x1d0 [ 15.761014] copy_user_test_oob+0x760/0x10f0 [ 15.761043] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.761080] ? finish_task_switch.isra.0+0x153/0x700 [ 15.761103] ? __switch_to+0x47/0xf50 [ 15.761129] ? __schedule+0x10cc/0x2b60 [ 15.761163] ? __pfx_read_tsc+0x10/0x10 [ 15.761184] ? ktime_get_ts64+0x86/0x230 [ 15.761209] kunit_try_run_case+0x1a5/0x480 [ 15.761235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.761258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.761283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.761308] ? __kthread_parkme+0x82/0x180 [ 15.761330] ? preempt_count_sub+0x50/0x80 [ 15.761356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.761383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.761418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.761443] kthread+0x337/0x6f0 [ 15.761464] ? trace_preempt_on+0x20/0xc0 [ 15.761499] ? __pfx_kthread+0x10/0x10 [ 15.761521] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.761543] ? calculate_sigpending+0x7b/0xa0 [ 15.761568] ? __pfx_kthread+0x10/0x10 [ 15.761591] ret_from_fork+0x116/0x1d0 [ 15.761611] ? __pfx_kthread+0x10/0x10 [ 15.761633] ret_from_fork_asm+0x1a/0x30 [ 15.761664] </TASK> [ 15.761678] [ 15.771435] Allocated by task 302: [ 15.771725] kasan_save_stack+0x45/0x70 [ 15.772000] kasan_save_track+0x18/0x40 [ 15.772296] kasan_save_alloc_info+0x3b/0x50 [ 15.772624] __kasan_kmalloc+0xb7/0xc0 [ 15.772915] __kmalloc_noprof+0x1c9/0x500 [ 15.773135] kunit_kmalloc_array+0x25/0x60 [ 15.773487] copy_user_test_oob+0xab/0x10f0 [ 15.773792] kunit_try_run_case+0x1a5/0x480 [ 15.774089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.774317] kthread+0x337/0x6f0 [ 15.774488] ret_from_fork+0x116/0x1d0 [ 15.774669] ret_from_fork_asm+0x1a/0x30 [ 15.774869] [ 15.774967] The buggy address belongs to the object at ffff888103a21000 [ 15.774967] which belongs to the cache kmalloc-128 of size 128 [ 15.775864] The buggy address is located 0 bytes to the right of [ 15.775864] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.776515] [ 15.776606] The buggy address belongs to the physical page: [ 15.776983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.777501] flags: 0x200000000000000(node=0|zone=2) [ 15.777739] page_type: f5(slab) [ 15.778023] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.778492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.778905] page dumped because: kasan: bad access detected [ 15.779111] [ 15.779380] Memory state around the buggy address: [ 15.779554] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.780021] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.780453] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.780845] ^ [ 15.781165] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.781482] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.781778] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.682684] ================================================================== [ 15.683080] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.683361] Read of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.683746] [ 15.683867] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.683919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.683932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.683971] Call Trace: [ 15.683986] <TASK> [ 15.684002] dump_stack_lvl+0x73/0xb0 [ 15.684033] print_report+0xd1/0x650 [ 15.684056] ? __virt_addr_valid+0x1db/0x2d0 [ 15.684091] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.684149] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684174] kasan_report+0x141/0x180 [ 15.684209] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684238] kasan_check_range+0x10c/0x1c0 [ 15.684264] __kasan_check_read+0x15/0x20 [ 15.684284] copy_user_test_oob+0x4aa/0x10f0 [ 15.684311] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.684335] ? finish_task_switch.isra.0+0x153/0x700 [ 15.684357] ? __switch_to+0x47/0xf50 [ 15.684393] ? __schedule+0x10cc/0x2b60 [ 15.684417] ? __pfx_read_tsc+0x10/0x10 [ 15.684438] ? ktime_get_ts64+0x86/0x230 [ 15.684474] kunit_try_run_case+0x1a5/0x480 [ 15.684500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.684523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.684548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.684572] ? __kthread_parkme+0x82/0x180 [ 15.684593] ? preempt_count_sub+0x50/0x80 [ 15.684617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.684641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.684666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.684690] kthread+0x337/0x6f0 [ 15.684711] ? trace_preempt_on+0x20/0xc0 [ 15.684736] ? __pfx_kthread+0x10/0x10 [ 15.684757] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.684779] ? calculate_sigpending+0x7b/0xa0 [ 15.684804] ? __pfx_kthread+0x10/0x10 [ 15.684827] ret_from_fork+0x116/0x1d0 [ 15.684846] ? __pfx_kthread+0x10/0x10 [ 15.684868] ret_from_fork_asm+0x1a/0x30 [ 15.684900] </TASK> [ 15.684913] [ 15.692379] Allocated by task 302: [ 15.692512] kasan_save_stack+0x45/0x70 [ 15.692661] kasan_save_track+0x18/0x40 [ 15.692802] kasan_save_alloc_info+0x3b/0x50 [ 15.693261] __kasan_kmalloc+0xb7/0xc0 [ 15.693457] __kmalloc_noprof+0x1c9/0x500 [ 15.693683] kunit_kmalloc_array+0x25/0x60 [ 15.693897] copy_user_test_oob+0xab/0x10f0 [ 15.694097] kunit_try_run_case+0x1a5/0x480 [ 15.694330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.694520] kthread+0x337/0x6f0 [ 15.694645] ret_from_fork+0x116/0x1d0 [ 15.694821] ret_from_fork_asm+0x1a/0x30 [ 15.694991] [ 15.695157] The buggy address belongs to the object at ffff888103a21000 [ 15.695157] which belongs to the cache kmalloc-128 of size 128 [ 15.695637] The buggy address is located 0 bytes inside of [ 15.695637] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.696189] [ 15.696287] The buggy address belongs to the physical page: [ 15.696537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.696884] flags: 0x200000000000000(node=0|zone=2) [ 15.697151] page_type: f5(slab) [ 15.697316] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.697622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.697952] page dumped because: kasan: bad access detected [ 15.698229] [ 15.698316] Memory state around the buggy address: [ 15.698537] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.698794] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.699020] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.699242] ^ [ 15.699566] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.699922] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.700443] ================================================================== [ 15.657756] ================================================================== [ 15.658125] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.658754] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.659254] [ 15.659418] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.659478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.659492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.659517] Call Trace: [ 15.659531] <TASK> [ 15.659550] dump_stack_lvl+0x73/0xb0 [ 15.659579] print_report+0xd1/0x650 [ 15.659603] ? __virt_addr_valid+0x1db/0x2d0 [ 15.659636] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.659685] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659721] kasan_report+0x141/0x180 [ 15.659745] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659774] kasan_check_range+0x10c/0x1c0 [ 15.659810] __kasan_check_write+0x18/0x20 [ 15.659830] copy_user_test_oob+0x3fd/0x10f0 [ 15.659857] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.659881] ? finish_task_switch.isra.0+0x153/0x700 [ 15.659905] ? __switch_to+0x47/0xf50 [ 15.659931] ? __schedule+0x10cc/0x2b60 [ 15.659964] ? __pfx_read_tsc+0x10/0x10 [ 15.659986] ? ktime_get_ts64+0x86/0x230 [ 15.660012] kunit_try_run_case+0x1a5/0x480 [ 15.660039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.660107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.660131] ? __kthread_parkme+0x82/0x180 [ 15.660152] ? preempt_count_sub+0x50/0x80 [ 15.660176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.660225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.660250] kthread+0x337/0x6f0 [ 15.660271] ? trace_preempt_on+0x20/0xc0 [ 15.660295] ? __pfx_kthread+0x10/0x10 [ 15.660318] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.660340] ? calculate_sigpending+0x7b/0xa0 [ 15.660365] ? __pfx_kthread+0x10/0x10 [ 15.660388] ret_from_fork+0x116/0x1d0 [ 15.660408] ? __pfx_kthread+0x10/0x10 [ 15.660430] ret_from_fork_asm+0x1a/0x30 [ 15.660461] </TASK> [ 15.660474] [ 15.673430] Allocated by task 302: [ 15.673642] kasan_save_stack+0x45/0x70 [ 15.674024] kasan_save_track+0x18/0x40 [ 15.674275] kasan_save_alloc_info+0x3b/0x50 [ 15.674676] __kasan_kmalloc+0xb7/0xc0 [ 15.674897] __kmalloc_noprof+0x1c9/0x500 [ 15.675271] kunit_kmalloc_array+0x25/0x60 [ 15.675554] copy_user_test_oob+0xab/0x10f0 [ 15.675706] kunit_try_run_case+0x1a5/0x480 [ 15.675854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.676041] kthread+0x337/0x6f0 [ 15.676181] ret_from_fork+0x116/0x1d0 [ 15.676351] ret_from_fork_asm+0x1a/0x30 [ 15.676577] [ 15.676677] The buggy address belongs to the object at ffff888103a21000 [ 15.676677] which belongs to the cache kmalloc-128 of size 128 [ 15.677213] The buggy address is located 0 bytes inside of [ 15.677213] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.677692] [ 15.677795] The buggy address belongs to the physical page: [ 15.678023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.678429] flags: 0x200000000000000(node=0|zone=2) [ 15.678619] page_type: f5(slab) [ 15.678744] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.679158] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.679484] page dumped because: kasan: bad access detected [ 15.679659] [ 15.679732] Memory state around the buggy address: [ 15.679970] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.680403] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.680675] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.680980] ^ [ 15.681268] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.681684] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.681986] ================================================================== [ 15.701028] ================================================================== [ 15.701262] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.701836] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.702251] [ 15.702357] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.702399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.702425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.702446] Call Trace: [ 15.702464] <TASK> [ 15.702482] dump_stack_lvl+0x73/0xb0 [ 15.702515] print_report+0xd1/0x650 [ 15.702539] ? __virt_addr_valid+0x1db/0x2d0 [ 15.702562] ? copy_user_test_oob+0x557/0x10f0 [ 15.702586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.702610] ? copy_user_test_oob+0x557/0x10f0 [ 15.702635] kasan_report+0x141/0x180 [ 15.702658] ? copy_user_test_oob+0x557/0x10f0 [ 15.702687] kasan_check_range+0x10c/0x1c0 [ 15.702711] __kasan_check_write+0x18/0x20 [ 15.702732] copy_user_test_oob+0x557/0x10f0 [ 15.702758] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.702783] ? finish_task_switch.isra.0+0x153/0x700 [ 15.702805] ? __switch_to+0x47/0xf50 [ 15.702831] ? __schedule+0x10cc/0x2b60 [ 15.702854] ? __pfx_read_tsc+0x10/0x10 [ 15.702875] ? ktime_get_ts64+0x86/0x230 [ 15.702899] kunit_try_run_case+0x1a5/0x480 [ 15.702926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.702960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.702984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.703008] ? __kthread_parkme+0x82/0x180 [ 15.703030] ? preempt_count_sub+0x50/0x80 [ 15.703053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.703079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.703103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.703133] kthread+0x337/0x6f0 [ 15.703154] ? trace_preempt_on+0x20/0xc0 [ 15.703179] ? __pfx_kthread+0x10/0x10 [ 15.703201] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.703223] ? calculate_sigpending+0x7b/0xa0 [ 15.703248] ? __pfx_kthread+0x10/0x10 [ 15.703271] ret_from_fork+0x116/0x1d0 [ 15.703291] ? __pfx_kthread+0x10/0x10 [ 15.703313] ret_from_fork_asm+0x1a/0x30 [ 15.703344] </TASK> [ 15.703357] [ 15.711048] Allocated by task 302: [ 15.711247] kasan_save_stack+0x45/0x70 [ 15.711434] kasan_save_track+0x18/0x40 [ 15.711574] kasan_save_alloc_info+0x3b/0x50 [ 15.711762] __kasan_kmalloc+0xb7/0xc0 [ 15.711982] __kmalloc_noprof+0x1c9/0x500 [ 15.712245] kunit_kmalloc_array+0x25/0x60 [ 15.712482] copy_user_test_oob+0xab/0x10f0 [ 15.712719] kunit_try_run_case+0x1a5/0x480 [ 15.712922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.713224] kthread+0x337/0x6f0 [ 15.713368] ret_from_fork+0x116/0x1d0 [ 15.713561] ret_from_fork_asm+0x1a/0x30 [ 15.713795] [ 15.713873] The buggy address belongs to the object at ffff888103a21000 [ 15.713873] which belongs to the cache kmalloc-128 of size 128 [ 15.714345] The buggy address is located 0 bytes inside of [ 15.714345] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.714872] [ 15.714956] The buggy address belongs to the physical page: [ 15.715341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.715688] flags: 0x200000000000000(node=0|zone=2) [ 15.715879] page_type: f5(slab) [ 15.716012] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.716460] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.716687] page dumped because: kasan: bad access detected [ 15.717018] [ 15.717168] Memory state around the buggy address: [ 15.717425] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.717731] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.717959] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.718174] ^ [ 15.718389] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.718740] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.719066] ================================================================== [ 15.719605] ================================================================== [ 15.720204] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.720491] Read of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.720828] [ 15.720916] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.720983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.720996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.721019] Call Trace: [ 15.721046] <TASK> [ 15.721062] dump_stack_lvl+0x73/0xb0 [ 15.721101] print_report+0xd1/0x650 [ 15.721125] ? __virt_addr_valid+0x1db/0x2d0 [ 15.721147] ? copy_user_test_oob+0x604/0x10f0 [ 15.721172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.721196] ? copy_user_test_oob+0x604/0x10f0 [ 15.721220] kasan_report+0x141/0x180 [ 15.721244] ? copy_user_test_oob+0x604/0x10f0 [ 15.721273] kasan_check_range+0x10c/0x1c0 [ 15.721298] __kasan_check_read+0x15/0x20 [ 15.721319] copy_user_test_oob+0x604/0x10f0 [ 15.721345] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.721369] ? finish_task_switch.isra.0+0x153/0x700 [ 15.721391] ? __switch_to+0x47/0xf50 [ 15.721417] ? __schedule+0x10cc/0x2b60 [ 15.721440] ? __pfx_read_tsc+0x10/0x10 [ 15.721462] ? ktime_get_ts64+0x86/0x230 [ 15.721487] kunit_try_run_case+0x1a5/0x480 [ 15.721512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.721536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.721560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.721584] ? __kthread_parkme+0x82/0x180 [ 15.721605] ? preempt_count_sub+0x50/0x80 [ 15.721630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.721654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.721678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.721703] kthread+0x337/0x6f0 [ 15.721724] ? trace_preempt_on+0x20/0xc0 [ 15.721748] ? __pfx_kthread+0x10/0x10 [ 15.721770] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.721791] ? calculate_sigpending+0x7b/0xa0 [ 15.721817] ? __pfx_kthread+0x10/0x10 [ 15.721840] ret_from_fork+0x116/0x1d0 [ 15.721860] ? __pfx_kthread+0x10/0x10 [ 15.721882] ret_from_fork_asm+0x1a/0x30 [ 15.721921] </TASK> [ 15.721934] [ 15.729272] Allocated by task 302: [ 15.729463] kasan_save_stack+0x45/0x70 [ 15.729670] kasan_save_track+0x18/0x40 [ 15.729881] kasan_save_alloc_info+0x3b/0x50 [ 15.730220] __kasan_kmalloc+0xb7/0xc0 [ 15.730417] __kmalloc_noprof+0x1c9/0x500 [ 15.730625] kunit_kmalloc_array+0x25/0x60 [ 15.730819] copy_user_test_oob+0xab/0x10f0 [ 15.731048] kunit_try_run_case+0x1a5/0x480 [ 15.731229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.731407] kthread+0x337/0x6f0 [ 15.731529] ret_from_fork+0x116/0x1d0 [ 15.731691] ret_from_fork_asm+0x1a/0x30 [ 15.731889] [ 15.731995] The buggy address belongs to the object at ffff888103a21000 [ 15.731995] which belongs to the cache kmalloc-128 of size 128 [ 15.732989] The buggy address is located 0 bytes inside of [ 15.732989] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.733531] [ 15.733654] The buggy address belongs to the physical page: [ 15.733896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.734247] flags: 0x200000000000000(node=0|zone=2) [ 15.734487] page_type: f5(slab) [ 15.734656] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.734909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.735737] page dumped because: kasan: bad access detected [ 15.736367] [ 15.736537] Memory state around the buggy address: [ 15.737015] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.737760] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.738236] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.738779] ^ [ 15.739350] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.739816] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.740329] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.627102] ================================================================== [ 15.627420] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.627776] Read of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.628112] [ 15.628232] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.628288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.628301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.628323] Call Trace: [ 15.628338] <TASK> [ 15.628366] dump_stack_lvl+0x73/0xb0 [ 15.628395] print_report+0xd1/0x650 [ 15.628419] ? __virt_addr_valid+0x1db/0x2d0 [ 15.628441] ? _copy_to_user+0x3c/0x70 [ 15.628470] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.628494] ? _copy_to_user+0x3c/0x70 [ 15.628513] kasan_report+0x141/0x180 [ 15.628548] ? _copy_to_user+0x3c/0x70 [ 15.628572] kasan_check_range+0x10c/0x1c0 [ 15.628597] __kasan_check_read+0x15/0x20 [ 15.628617] _copy_to_user+0x3c/0x70 [ 15.628640] copy_user_test_oob+0x364/0x10f0 [ 15.628667] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.628691] ? finish_task_switch.isra.0+0x153/0x700 [ 15.628714] ? __switch_to+0x47/0xf50 [ 15.628740] ? __schedule+0x10cc/0x2b60 [ 15.628763] ? __pfx_read_tsc+0x10/0x10 [ 15.628785] ? ktime_get_ts64+0x86/0x230 [ 15.628820] kunit_try_run_case+0x1a5/0x480 [ 15.628845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.628868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.628902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.628926] ? __kthread_parkme+0x82/0x180 [ 15.628957] ? preempt_count_sub+0x50/0x80 [ 15.628981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.629013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.629037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.629087] kthread+0x337/0x6f0 [ 15.629109] ? trace_preempt_on+0x20/0xc0 [ 15.629135] ? __pfx_kthread+0x10/0x10 [ 15.629159] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.629184] ? calculate_sigpending+0x7b/0xa0 [ 15.629213] ? __pfx_kthread+0x10/0x10 [ 15.629236] ret_from_fork+0x116/0x1d0 [ 15.629257] ? __pfx_kthread+0x10/0x10 [ 15.629279] ret_from_fork_asm+0x1a/0x30 [ 15.629311] </TASK> [ 15.629325] [ 15.642789] Allocated by task 302: [ 15.643003] kasan_save_stack+0x45/0x70 [ 15.644367] kasan_save_track+0x18/0x40 [ 15.644595] kasan_save_alloc_info+0x3b/0x50 [ 15.644764] __kasan_kmalloc+0xb7/0xc0 [ 15.645015] __kmalloc_noprof+0x1c9/0x500 [ 15.645171] kunit_kmalloc_array+0x25/0x60 [ 15.645378] copy_user_test_oob+0xab/0x10f0 [ 15.645568] kunit_try_run_case+0x1a5/0x480 [ 15.645721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.645898] kthread+0x337/0x6f0 [ 15.646080] ret_from_fork+0x116/0x1d0 [ 15.646280] ret_from_fork_asm+0x1a/0x30 [ 15.646474] [ 15.646857] The buggy address belongs to the object at ffff888103a21000 [ 15.646857] which belongs to the cache kmalloc-128 of size 128 [ 15.647512] The buggy address is located 0 bytes inside of [ 15.647512] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.648499] [ 15.648625] The buggy address belongs to the physical page: [ 15.648806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.649293] flags: 0x200000000000000(node=0|zone=2) [ 15.649475] page_type: f5(slab) [ 15.649647] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.649954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.650290] page dumped because: kasan: bad access detected [ 15.650555] [ 15.650628] Memory state around the buggy address: [ 15.651024] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.651350] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.651685] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.651994] ^ [ 15.652369] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.652615] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.653074] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.597269] ================================================================== [ 15.598011] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.599160] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.600041] [ 15.600316] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.600480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.600499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.600525] Call Trace: [ 15.600553] <TASK> [ 15.600575] dump_stack_lvl+0x73/0xb0 [ 15.600645] print_report+0xd1/0x650 [ 15.600672] ? __virt_addr_valid+0x1db/0x2d0 [ 15.600698] ? _copy_from_user+0x32/0x90 [ 15.600718] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.600743] ? _copy_from_user+0x32/0x90 [ 15.600764] kasan_report+0x141/0x180 [ 15.600788] ? _copy_from_user+0x32/0x90 [ 15.600813] kasan_check_range+0x10c/0x1c0 [ 15.600838] __kasan_check_write+0x18/0x20 [ 15.600858] _copy_from_user+0x32/0x90 [ 15.600880] copy_user_test_oob+0x2be/0x10f0 [ 15.600907] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.600931] ? finish_task_switch.isra.0+0x153/0x700 [ 15.600965] ? __switch_to+0x47/0xf50 [ 15.600993] ? __schedule+0x10cc/0x2b60 [ 15.601017] ? __pfx_read_tsc+0x10/0x10 [ 15.601040] ? ktime_get_ts64+0x86/0x230 [ 15.601089] kunit_try_run_case+0x1a5/0x480 [ 15.601117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.601141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.601166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.601191] ? __kthread_parkme+0x82/0x180 [ 15.601214] ? preempt_count_sub+0x50/0x80 [ 15.601240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.601266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.601291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.601315] kthread+0x337/0x6f0 [ 15.601337] ? trace_preempt_on+0x20/0xc0 [ 15.601362] ? __pfx_kthread+0x10/0x10 [ 15.601385] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.601407] ? calculate_sigpending+0x7b/0xa0 [ 15.601433] ? __pfx_kthread+0x10/0x10 [ 15.601456] ret_from_fork+0x116/0x1d0 [ 15.601476] ? __pfx_kthread+0x10/0x10 [ 15.601498] ret_from_fork_asm+0x1a/0x30 [ 15.601530] </TASK> [ 15.601544] [ 15.613036] Allocated by task 302: [ 15.613272] kasan_save_stack+0x45/0x70 [ 15.613479] kasan_save_track+0x18/0x40 [ 15.613640] kasan_save_alloc_info+0x3b/0x50 [ 15.613867] __kasan_kmalloc+0xb7/0xc0 [ 15.614043] __kmalloc_noprof+0x1c9/0x500 [ 15.614448] kunit_kmalloc_array+0x25/0x60 [ 15.614818] copy_user_test_oob+0xab/0x10f0 [ 15.615269] kunit_try_run_case+0x1a5/0x480 [ 15.615659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.616175] kthread+0x337/0x6f0 [ 15.616480] ret_from_fork+0x116/0x1d0 [ 15.616851] ret_from_fork_asm+0x1a/0x30 [ 15.617254] [ 15.617423] The buggy address belongs to the object at ffff888103a21000 [ 15.617423] which belongs to the cache kmalloc-128 of size 128 [ 15.618035] The buggy address is located 0 bytes inside of [ 15.618035] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.619147] [ 15.619333] The buggy address belongs to the physical page: [ 15.619670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.619916] flags: 0x200000000000000(node=0|zone=2) [ 15.620146] page_type: f5(slab) [ 15.620328] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.620630] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.620976] page dumped because: kasan: bad access detected [ 15.621251] [ 15.621357] Memory state around the buggy address: [ 15.621579] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.621879] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.622176] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.622521] ^ [ 15.622807] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.623109] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.623435] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.477313] ================================================================== [ 13.477976] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.478357] Read of size 1 at addr ffff8881039ffc4a by task kunit_try_catch/270 [ 13.478741] [ 13.478886] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.478961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.478974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.478997] Call Trace: [ 13.479010] <TASK> [ 13.479028] dump_stack_lvl+0x73/0xb0 [ 13.479060] print_report+0xd1/0x650 [ 13.479084] ? __virt_addr_valid+0x1db/0x2d0 [ 13.479114] ? kasan_alloca_oob_right+0x329/0x390 [ 13.479137] ? kasan_addr_to_slab+0x11/0xa0 [ 13.479178] ? kasan_alloca_oob_right+0x329/0x390 [ 13.479201] kasan_report+0x141/0x180 [ 13.479223] ? kasan_alloca_oob_right+0x329/0x390 [ 13.479250] __asan_report_load1_noabort+0x18/0x20 [ 13.479275] kasan_alloca_oob_right+0x329/0x390 [ 13.479299] ? finish_task_switch.isra.0+0x153/0x700 [ 13.479322] ? ww_mutex_unlock+0x6e/0x150 [ 13.479345] ? trace_hardirqs_on+0x37/0xe0 [ 13.479371] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.479396] ? __schedule+0x10cc/0x2b60 [ 13.479435] ? __pfx_read_tsc+0x10/0x10 [ 13.479457] ? ktime_get_ts64+0x86/0x230 [ 13.479497] kunit_try_run_case+0x1a5/0x480 [ 13.479523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.479545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.479570] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.479593] ? __kthread_parkme+0x82/0x180 [ 13.479615] ? preempt_count_sub+0x50/0x80 [ 13.479638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.479662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.479685] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.479708] kthread+0x337/0x6f0 [ 13.479728] ? trace_preempt_on+0x20/0xc0 [ 13.479750] ? __pfx_kthread+0x10/0x10 [ 13.479771] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.479792] ? calculate_sigpending+0x7b/0xa0 [ 13.479816] ? __pfx_kthread+0x10/0x10 [ 13.479838] ret_from_fork+0x116/0x1d0 [ 13.479856] ? __pfx_kthread+0x10/0x10 [ 13.479876] ret_from_fork_asm+0x1a/0x30 [ 13.479908] </TASK> [ 13.479920] [ 13.487028] The buggy address belongs to stack of task kunit_try_catch/270 [ 13.487689] [ 13.487776] The buggy address belongs to the physical page: [ 13.488020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ff [ 13.488407] flags: 0x200000000000000(node=0|zone=2) [ 13.488618] raw: 0200000000000000 ffffea00040e7fc8 ffffea00040e7fc8 0000000000000000 [ 13.488947] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.489410] page dumped because: kasan: bad access detected [ 13.489579] [ 13.489663] Memory state around the buggy address: [ 13.489892] ffff8881039ffb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.490183] ffff8881039ffb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.490392] >ffff8881039ffc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.490712] ^ [ 13.490985] ffff8881039ffc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.491272] ffff8881039ffd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.491657] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.458117] ================================================================== [ 13.458844] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.459214] Read of size 1 at addr ffff888103b67c3f by task kunit_try_catch/268 [ 13.459549] [ 13.459660] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.459724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.459736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.459760] Call Trace: [ 13.459772] <TASK> [ 13.459789] dump_stack_lvl+0x73/0xb0 [ 13.459817] print_report+0xd1/0x650 [ 13.459840] ? __virt_addr_valid+0x1db/0x2d0 [ 13.459886] ? kasan_alloca_oob_left+0x320/0x380 [ 13.459909] ? kasan_addr_to_slab+0x11/0xa0 [ 13.459929] ? kasan_alloca_oob_left+0x320/0x380 [ 13.459962] kasan_report+0x141/0x180 [ 13.459984] ? kasan_alloca_oob_left+0x320/0x380 [ 13.460011] __asan_report_load1_noabort+0x18/0x20 [ 13.460035] kasan_alloca_oob_left+0x320/0x380 [ 13.460059] ? finish_task_switch.isra.0+0x153/0x700 [ 13.460081] ? ww_mutex_unlock+0x6e/0x150 [ 13.460103] ? trace_hardirqs_on+0x37/0xe0 [ 13.460128] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.460170] ? __schedule+0x10cc/0x2b60 [ 13.460191] ? __pfx_read_tsc+0x10/0x10 [ 13.460226] ? ktime_get_ts64+0x86/0x230 [ 13.460250] kunit_try_run_case+0x1a5/0x480 [ 13.460274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.460297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.460320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.460344] ? __kthread_parkme+0x82/0x180 [ 13.460366] ? preempt_count_sub+0x50/0x80 [ 13.460389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.460414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.460438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.460461] kthread+0x337/0x6f0 [ 13.460481] ? trace_preempt_on+0x20/0xc0 [ 13.460503] ? __pfx_kthread+0x10/0x10 [ 13.460525] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.460546] ? calculate_sigpending+0x7b/0xa0 [ 13.460570] ? __pfx_kthread+0x10/0x10 [ 13.460592] ret_from_fork+0x116/0x1d0 [ 13.460629] ? __pfx_kthread+0x10/0x10 [ 13.460652] ret_from_fork_asm+0x1a/0x30 [ 13.460683] </TASK> [ 13.460695] [ 13.468203] The buggy address belongs to stack of task kunit_try_catch/268 [ 13.468494] [ 13.468582] The buggy address belongs to the physical page: [ 13.468853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b67 [ 13.469252] flags: 0x200000000000000(node=0|zone=2) [ 13.469514] raw: 0200000000000000 ffffea00040ed9c8 ffffea00040ed9c8 0000000000000000 [ 13.469832] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.470225] page dumped because: kasan: bad access detected [ 13.470501] [ 13.470571] Memory state around the buggy address: [ 13.470741] ffff888103b67b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.471078] ffff888103b67b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.471408] >ffff888103b67c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.471724] ^ [ 13.471884] ffff888103b67c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.472417] ffff888103b67d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.472730] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.435074] ================================================================== [ 13.435989] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.436341] Read of size 1 at addr ffff8881039afd02 by task kunit_try_catch/266 [ 13.436746] [ 13.436893] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.436954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.436968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.436990] Call Trace: [ 13.437021] <TASK> [ 13.437041] dump_stack_lvl+0x73/0xb0 [ 13.437070] print_report+0xd1/0x650 [ 13.437093] ? __virt_addr_valid+0x1db/0x2d0 [ 13.437130] ? kasan_stack_oob+0x2b5/0x300 [ 13.437165] ? kasan_addr_to_slab+0x11/0xa0 [ 13.437186] ? kasan_stack_oob+0x2b5/0x300 [ 13.437206] kasan_report+0x141/0x180 [ 13.437228] ? kasan_stack_oob+0x2b5/0x300 [ 13.437254] __asan_report_load1_noabort+0x18/0x20 [ 13.437279] kasan_stack_oob+0x2b5/0x300 [ 13.437299] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.437319] ? finish_task_switch.isra.0+0x153/0x700 [ 13.437342] ? __switch_to+0x47/0xf50 [ 13.437368] ? __schedule+0x10cc/0x2b60 [ 13.437391] ? __pfx_read_tsc+0x10/0x10 [ 13.437411] ? ktime_get_ts64+0x86/0x230 [ 13.437436] kunit_try_run_case+0x1a5/0x480 [ 13.437517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.437543] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.437567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.437590] ? __kthread_parkme+0x82/0x180 [ 13.437611] ? preempt_count_sub+0x50/0x80 [ 13.437635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.437658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.437682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.437705] kthread+0x337/0x6f0 [ 13.437725] ? trace_preempt_on+0x20/0xc0 [ 13.437749] ? __pfx_kthread+0x10/0x10 [ 13.437770] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.437792] ? calculate_sigpending+0x7b/0xa0 [ 13.437816] ? __pfx_kthread+0x10/0x10 [ 13.437837] ret_from_fork+0x116/0x1d0 [ 13.437857] ? __pfx_kthread+0x10/0x10 [ 13.437877] ret_from_fork_asm+0x1a/0x30 [ 13.437909] </TASK> [ 13.437920] [ 13.446509] The buggy address belongs to stack of task kunit_try_catch/266 [ 13.447024] and is located at offset 138 in frame: [ 13.447257] kasan_stack_oob+0x0/0x300 [ 13.447623] [ 13.447747] This frame has 4 objects: [ 13.448103] [48, 49) '__assertion' [ 13.448136] [64, 72) 'array' [ 13.448344] [96, 112) '__assertion' [ 13.448814] [128, 138) 'stack_array' [ 13.449076] [ 13.449401] The buggy address belongs to the physical page: [ 13.449932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039af [ 13.450361] flags: 0x200000000000000(node=0|zone=2) [ 13.450660] raw: 0200000000000000 ffffea00040e6bc8 ffffea00040e6bc8 0000000000000000 [ 13.450947] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.451319] page dumped because: kasan: bad access detected [ 13.451633] [ 13.451731] Memory state around the buggy address: [ 13.451959] ffff8881039afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.452312] ffff8881039afc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.452817] >ffff8881039afd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.453243] ^ [ 13.453365] ffff8881039afd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.453850] ffff8881039afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.454269] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.412522] ================================================================== [ 13.413527] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.413880] Read of size 1 at addr ffffffffb0c61e8d by task kunit_try_catch/262 [ 13.414384] [ 13.415008] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.415060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.415075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.415098] Call Trace: [ 13.415116] <TASK> [ 13.415133] dump_stack_lvl+0x73/0xb0 [ 13.415165] print_report+0xd1/0x650 [ 13.415189] ? __virt_addr_valid+0x1db/0x2d0 [ 13.415214] ? kasan_global_oob_right+0x286/0x2d0 [ 13.415236] ? kasan_addr_to_slab+0x11/0xa0 [ 13.415257] ? kasan_global_oob_right+0x286/0x2d0 [ 13.415278] kasan_report+0x141/0x180 [ 13.415301] ? kasan_global_oob_right+0x286/0x2d0 [ 13.415328] __asan_report_load1_noabort+0x18/0x20 [ 13.415352] kasan_global_oob_right+0x286/0x2d0 [ 13.415374] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.415398] ? __schedule+0x10cc/0x2b60 [ 13.415421] ? __pfx_read_tsc+0x10/0x10 [ 13.415442] ? ktime_get_ts64+0x86/0x230 [ 13.415468] kunit_try_run_case+0x1a5/0x480 [ 13.415493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.415515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.415539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.415562] ? __kthread_parkme+0x82/0x180 [ 13.415583] ? preempt_count_sub+0x50/0x80 [ 13.415651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.415675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.415698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.415722] kthread+0x337/0x6f0 [ 13.415741] ? trace_preempt_on+0x20/0xc0 [ 13.415765] ? __pfx_kthread+0x10/0x10 [ 13.415786] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.415807] ? calculate_sigpending+0x7b/0xa0 [ 13.415831] ? __pfx_kthread+0x10/0x10 [ 13.415853] ret_from_fork+0x116/0x1d0 [ 13.415872] ? __pfx_kthread+0x10/0x10 [ 13.415893] ret_from_fork_asm+0x1a/0x30 [ 13.415924] </TASK> [ 13.415948] [ 13.424074] The buggy address belongs to the variable: [ 13.424391] global_array+0xd/0x40 [ 13.424692] [ 13.424861] The buggy address belongs to the physical page: [ 13.425207] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17e61 [ 13.425515] flags: 0x100000000002000(reserved|node=0|zone=1) [ 13.425887] raw: 0100000000002000 ffffea00005f9848 ffffea00005f9848 0000000000000000 [ 13.426323] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.426792] page dumped because: kasan: bad access detected [ 13.427054] [ 13.427151] Memory state around the buggy address: [ 13.427565] ffffffffb0c61d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.427839] ffffffffb0c61e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.428081] >ffffffffb0c61e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.428425] ^ [ 13.428810] ffffffffb0c61f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.429186] ffffffffb0c61f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.429560] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.348578] ================================================================== [ 13.349128] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.349614] Free of addr ffff888102794f01 by task kunit_try_catch/258 [ 13.349891] [ 13.350315] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.350369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.350382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.350404] Call Trace: [ 13.350421] <TASK> [ 13.350440] dump_stack_lvl+0x73/0xb0 [ 13.350672] print_report+0xd1/0x650 [ 13.350698] ? __virt_addr_valid+0x1db/0x2d0 [ 13.350724] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.350747] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350774] kasan_report_invalid_free+0x10a/0x130 [ 13.350799] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350827] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350851] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.350874] check_slab_allocation+0x11f/0x130 [ 13.350897] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.350922] mempool_free+0x2ec/0x380 [ 13.350954] ? mempool_alloc_preallocated+0x5b/0x90 [ 13.350977] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.351002] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.351030] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.351073] ? finish_task_switch.isra.0+0x153/0x700 [ 13.351099] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.351129] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.351155] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.351178] ? __pfx_mempool_kfree+0x10/0x10 [ 13.351202] ? __pfx_read_tsc+0x10/0x10 [ 13.351224] ? ktime_get_ts64+0x86/0x230 [ 13.351249] kunit_try_run_case+0x1a5/0x480 [ 13.351275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.351297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.351322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.351345] ? __kthread_parkme+0x82/0x180 [ 13.351367] ? preempt_count_sub+0x50/0x80 [ 13.351390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.351414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.351437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.351477] kthread+0x337/0x6f0 [ 13.351497] ? trace_preempt_on+0x20/0xc0 [ 13.351522] ? __pfx_kthread+0x10/0x10 [ 13.351543] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.351565] ? calculate_sigpending+0x7b/0xa0 [ 13.351590] ? __pfx_kthread+0x10/0x10 [ 13.351612] ret_from_fork+0x116/0x1d0 [ 13.351631] ? __pfx_kthread+0x10/0x10 [ 13.351652] ret_from_fork_asm+0x1a/0x30 [ 13.351683] </TASK> [ 13.351695] [ 13.364916] Allocated by task 258: [ 13.365365] kasan_save_stack+0x45/0x70 [ 13.365680] kasan_save_track+0x18/0x40 [ 13.365973] kasan_save_alloc_info+0x3b/0x50 [ 13.366362] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.366663] remove_element+0x11e/0x190 [ 13.366988] mempool_alloc_preallocated+0x4d/0x90 [ 13.367414] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.367758] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.368008] kunit_try_run_case+0x1a5/0x480 [ 13.368377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.368824] kthread+0x337/0x6f0 [ 13.369004] ret_from_fork+0x116/0x1d0 [ 13.369594] ret_from_fork_asm+0x1a/0x30 [ 13.369892] [ 13.370017] The buggy address belongs to the object at ffff888102794f00 [ 13.370017] which belongs to the cache kmalloc-128 of size 128 [ 13.370799] The buggy address is located 1 bytes inside of [ 13.370799] 128-byte region [ffff888102794f00, ffff888102794f80) [ 13.371614] [ 13.371838] The buggy address belongs to the physical page: [ 13.372301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 13.372655] flags: 0x200000000000000(node=0|zone=2) [ 13.372986] page_type: f5(slab) [ 13.373257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.373579] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 13.373906] page dumped because: kasan: bad access detected [ 13.374511] [ 13.374606] Memory state around the buggy address: [ 13.374774] ffff888102794e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.375430] ffff888102794e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.376045] >ffff888102794f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.376460] ^ [ 13.376595] ffff888102794f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.377125] ffff888102795000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.377683] ================================================================== [ 13.381193] ================================================================== [ 13.382153] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.382729] Free of addr ffff888103b24001 by task kunit_try_catch/260 [ 13.383244] [ 13.383478] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.383529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.383542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.383565] Call Trace: [ 13.383578] <TASK> [ 13.383598] dump_stack_lvl+0x73/0xb0 [ 13.383665] print_report+0xd1/0x650 [ 13.383689] ? __virt_addr_valid+0x1db/0x2d0 [ 13.383713] ? kasan_addr_to_slab+0x11/0xa0 [ 13.383733] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383761] kasan_report_invalid_free+0x10a/0x130 [ 13.383785] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383814] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383838] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.383862] mempool_free+0x2ec/0x380 [ 13.383885] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.383910] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.383950] ? __kasan_check_write+0x18/0x20 [ 13.383971] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.383993] ? finish_task_switch.isra.0+0x153/0x700 [ 13.384019] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.384043] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.384089] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.384112] ? __pfx_mempool_kfree+0x10/0x10 [ 13.384137] ? __pfx_read_tsc+0x10/0x10 [ 13.384158] ? ktime_get_ts64+0x86/0x230 [ 13.384182] kunit_try_run_case+0x1a5/0x480 [ 13.384207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.384253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.384276] ? __kthread_parkme+0x82/0x180 [ 13.384297] ? preempt_count_sub+0x50/0x80 [ 13.384320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.384344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.384367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.384390] kthread+0x337/0x6f0 [ 13.384410] ? trace_preempt_on+0x20/0xc0 [ 13.384434] ? __pfx_kthread+0x10/0x10 [ 13.384471] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.384492] ? calculate_sigpending+0x7b/0xa0 [ 13.384516] ? __pfx_kthread+0x10/0x10 [ 13.384538] ret_from_fork+0x116/0x1d0 [ 13.384557] ? __pfx_kthread+0x10/0x10 [ 13.384577] ret_from_fork_asm+0x1a/0x30 [ 13.384608] </TASK> [ 13.384621] [ 13.396264] The buggy address belongs to the physical page: [ 13.396968] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b24 [ 13.397772] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.398613] flags: 0x200000000000040(head|node=0|zone=2) [ 13.399266] page_type: f8(unknown) [ 13.399683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.400558] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.401317] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.402132] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.402859] head: 0200000000000002 ffffea00040ec901 00000000ffffffff 00000000ffffffff [ 13.403629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.404334] page dumped because: kasan: bad access detected [ 13.404930] [ 13.405117] Memory state around the buggy address: [ 13.405580] ffff888103b23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.406205] ffff888103b23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.406871] >ffff888103b24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.407505] ^ [ 13.407866] ffff888103b24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.408580] ffff888103b24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.409314] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.251646] ================================================================== [ 13.252852] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.253572] Free of addr ffff888102b0ed00 by task kunit_try_catch/252 [ 13.254198] [ 13.254312] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.254363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.254376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.254400] Call Trace: [ 13.254419] <TASK> [ 13.254438] dump_stack_lvl+0x73/0xb0 [ 13.254583] print_report+0xd1/0x650 [ 13.254609] ? __virt_addr_valid+0x1db/0x2d0 [ 13.254636] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.254659] ? mempool_double_free_helper+0x184/0x370 [ 13.254683] kasan_report_invalid_free+0x10a/0x130 [ 13.254707] ? mempool_double_free_helper+0x184/0x370 [ 13.254733] ? mempool_double_free_helper+0x184/0x370 [ 13.254756] ? mempool_double_free_helper+0x184/0x370 [ 13.254777] check_slab_allocation+0x101/0x130 [ 13.254799] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.254824] mempool_free+0x2ec/0x380 [ 13.254848] mempool_double_free_helper+0x184/0x370 [ 13.254872] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.254898] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.254920] ? finish_task_switch.isra.0+0x153/0x700 [ 13.254961] mempool_kmalloc_double_free+0xed/0x140 [ 13.254984] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.255011] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.255034] ? __pfx_mempool_kfree+0x10/0x10 [ 13.255125] ? __pfx_read_tsc+0x10/0x10 [ 13.255150] ? ktime_get_ts64+0x86/0x230 [ 13.255187] kunit_try_run_case+0x1a5/0x480 [ 13.255214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.255237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.255262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.255285] ? __kthread_parkme+0x82/0x180 [ 13.255306] ? preempt_count_sub+0x50/0x80 [ 13.255329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.255353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.255375] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.255398] kthread+0x337/0x6f0 [ 13.255418] ? trace_preempt_on+0x20/0xc0 [ 13.255442] ? __pfx_kthread+0x10/0x10 [ 13.255519] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.255540] ? calculate_sigpending+0x7b/0xa0 [ 13.255566] ? __pfx_kthread+0x10/0x10 [ 13.255587] ret_from_fork+0x116/0x1d0 [ 13.255606] ? __pfx_kthread+0x10/0x10 [ 13.255627] ret_from_fork_asm+0x1a/0x30 [ 13.255659] </TASK> [ 13.255672] [ 13.270792] Allocated by task 252: [ 13.271197] kasan_save_stack+0x45/0x70 [ 13.271351] kasan_save_track+0x18/0x40 [ 13.271492] kasan_save_alloc_info+0x3b/0x50 [ 13.271637] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.271804] remove_element+0x11e/0x190 [ 13.271946] mempool_alloc_preallocated+0x4d/0x90 [ 13.272100] mempool_double_free_helper+0x8a/0x370 [ 13.272282] mempool_kmalloc_double_free+0xed/0x140 [ 13.272518] kunit_try_run_case+0x1a5/0x480 [ 13.272737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.273086] kthread+0x337/0x6f0 [ 13.273370] ret_from_fork+0x116/0x1d0 [ 13.273577] ret_from_fork_asm+0x1a/0x30 [ 13.273740] [ 13.273851] Freed by task 252: [ 13.274118] kasan_save_stack+0x45/0x70 [ 13.274391] kasan_save_track+0x18/0x40 [ 13.274685] kasan_save_free_info+0x3f/0x60 [ 13.274894] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.275131] mempool_free+0x2ec/0x380 [ 13.275318] mempool_double_free_helper+0x109/0x370 [ 13.275652] mempool_kmalloc_double_free+0xed/0x140 [ 13.275922] kunit_try_run_case+0x1a5/0x480 [ 13.276195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.276535] kthread+0x337/0x6f0 [ 13.276736] ret_from_fork+0x116/0x1d0 [ 13.276954] ret_from_fork_asm+0x1a/0x30 [ 13.277173] [ 13.277285] The buggy address belongs to the object at ffff888102b0ed00 [ 13.277285] which belongs to the cache kmalloc-128 of size 128 [ 13.277987] The buggy address is located 0 bytes inside of [ 13.277987] 128-byte region [ffff888102b0ed00, ffff888102b0ed80) [ 13.278609] [ 13.278737] The buggy address belongs to the physical page: [ 13.279039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 13.279435] flags: 0x200000000000000(node=0|zone=2) [ 13.279762] page_type: f5(slab) [ 13.279981] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.280344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.280803] page dumped because: kasan: bad access detected [ 13.281073] [ 13.281225] Memory state around the buggy address: [ 13.281445] ffff888102b0ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.281862] ffff888102b0ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.282206] >ffff888102b0ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.282694] ^ [ 13.282908] ffff888102b0ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.283242] ffff888102b0ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.283627] ================================================================== [ 13.317294] ================================================================== [ 13.317808] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.318073] Free of addr ffff888103af0000 by task kunit_try_catch/256 [ 13.318277] [ 13.318374] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.318423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.318436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.318458] Call Trace: [ 13.318472] <TASK> [ 13.318526] dump_stack_lvl+0x73/0xb0 [ 13.318561] print_report+0xd1/0x650 [ 13.318584] ? __virt_addr_valid+0x1db/0x2d0 [ 13.318611] ? kasan_addr_to_slab+0x11/0xa0 [ 13.318631] ? mempool_double_free_helper+0x184/0x370 [ 13.318656] kasan_report_invalid_free+0x10a/0x130 [ 13.318681] ? mempool_double_free_helper+0x184/0x370 [ 13.318707] ? mempool_double_free_helper+0x184/0x370 [ 13.318730] __kasan_mempool_poison_pages+0x115/0x130 [ 13.318776] mempool_free+0x290/0x380 [ 13.318800] mempool_double_free_helper+0x184/0x370 [ 13.318824] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.318849] ? __kasan_check_write+0x18/0x20 [ 13.318869] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.318891] ? finish_task_switch.isra.0+0x153/0x700 [ 13.318918] mempool_page_alloc_double_free+0xe8/0x140 [ 13.318975] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.319004] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.319024] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.319046] ? __pfx_read_tsc+0x10/0x10 [ 13.319068] ? ktime_get_ts64+0x86/0x230 [ 13.319092] kunit_try_run_case+0x1a5/0x480 [ 13.319159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.319184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.319209] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.319233] ? __kthread_parkme+0x82/0x180 [ 13.319256] ? preempt_count_sub+0x50/0x80 [ 13.319279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.319302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.319344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.319367] kthread+0x337/0x6f0 [ 13.319387] ? trace_preempt_on+0x20/0xc0 [ 13.319410] ? __pfx_kthread+0x10/0x10 [ 13.319431] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.319453] ? calculate_sigpending+0x7b/0xa0 [ 13.319477] ? __pfx_kthread+0x10/0x10 [ 13.319499] ret_from_fork+0x116/0x1d0 [ 13.319517] ? __pfx_kthread+0x10/0x10 [ 13.319537] ret_from_fork_asm+0x1a/0x30 [ 13.319569] </TASK> [ 13.319581] [ 13.336996] The buggy address belongs to the physical page: [ 13.337413] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af0 [ 13.338282] flags: 0x200000000000000(node=0|zone=2) [ 13.338765] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.339401] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.339979] page dumped because: kasan: bad access detected [ 13.340386] [ 13.340591] Memory state around the buggy address: [ 13.341124] ffff888103aeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.341995] ffff888103aeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.342407] >ffff888103af0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.343184] ^ [ 13.343498] ffff888103af0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.343871] ffff888103af0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.344137] ================================================================== [ 13.290007] ================================================================== [ 13.290652] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.291186] Free of addr ffff888102b8c000 by task kunit_try_catch/254 [ 13.291443] [ 13.291853] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.291903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.291917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.291949] Call Trace: [ 13.291964] <TASK> [ 13.291983] dump_stack_lvl+0x73/0xb0 [ 13.292036] print_report+0xd1/0x650 [ 13.292181] ? __virt_addr_valid+0x1db/0x2d0 [ 13.292208] ? kasan_addr_to_slab+0x11/0xa0 [ 13.292229] ? mempool_double_free_helper+0x184/0x370 [ 13.292254] kasan_report_invalid_free+0x10a/0x130 [ 13.292279] ? mempool_double_free_helper+0x184/0x370 [ 13.292306] ? mempool_double_free_helper+0x184/0x370 [ 13.292329] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.292353] mempool_free+0x2ec/0x380 [ 13.292377] mempool_double_free_helper+0x184/0x370 [ 13.292400] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.292426] ? __kasan_check_write+0x18/0x20 [ 13.292447] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.292490] ? finish_task_switch.isra.0+0x153/0x700 [ 13.292517] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.292543] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.292572] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.292597] ? __pfx_mempool_kfree+0x10/0x10 [ 13.292622] ? __pfx_read_tsc+0x10/0x10 [ 13.292645] ? ktime_get_ts64+0x86/0x230 [ 13.292669] kunit_try_run_case+0x1a5/0x480 [ 13.292695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.292717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.292741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.292765] ? __kthread_parkme+0x82/0x180 [ 13.292785] ? preempt_count_sub+0x50/0x80 [ 13.292809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.292835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.292860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.292884] kthread+0x337/0x6f0 [ 13.292903] ? trace_preempt_on+0x20/0xc0 [ 13.292927] ? __pfx_kthread+0x10/0x10 [ 13.292957] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.292979] ? calculate_sigpending+0x7b/0xa0 [ 13.293003] ? __pfx_kthread+0x10/0x10 [ 13.293024] ret_from_fork+0x116/0x1d0 [ 13.293042] ? __pfx_kthread+0x10/0x10 [ 13.293079] ret_from_fork_asm+0x1a/0x30 [ 13.293110] </TASK> [ 13.293122] [ 13.303885] The buggy address belongs to the physical page: [ 13.304206] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b8c [ 13.304515] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.304751] flags: 0x200000000000040(head|node=0|zone=2) [ 13.304951] page_type: f8(unknown) [ 13.305423] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.305999] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.307040] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.308160] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.309082] head: 0200000000000002 ffffea00040ae301 00000000ffffffff 00000000ffffffff [ 13.309433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.309798] page dumped because: kasan: bad access detected [ 13.309991] [ 13.310200] Memory state around the buggy address: [ 13.310790] ffff888102b8bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.311250] ffff888102b8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.311860] >ffff888102b8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.312336] ^ [ 13.312707] ffff888102b8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.313179] ffff888102b8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.313632] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.167481] ================================================================== [ 13.167976] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.168314] Read of size 1 at addr ffff888103af0000 by task kunit_try_catch/246 [ 13.168700] [ 13.168854] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.168903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.168917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.168949] Call Trace: [ 13.168963] <TASK> [ 13.168983] dump_stack_lvl+0x73/0xb0 [ 13.169015] print_report+0xd1/0x650 [ 13.169037] ? __virt_addr_valid+0x1db/0x2d0 [ 13.169063] ? mempool_uaf_helper+0x392/0x400 [ 13.169087] ? kasan_addr_to_slab+0x11/0xa0 [ 13.169119] ? mempool_uaf_helper+0x392/0x400 [ 13.169141] kasan_report+0x141/0x180 [ 13.169164] ? mempool_uaf_helper+0x392/0x400 [ 13.169211] __asan_report_load1_noabort+0x18/0x20 [ 13.169235] mempool_uaf_helper+0x392/0x400 [ 13.169259] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.169296] ? finish_task_switch.isra.0+0x153/0x700 [ 13.169324] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.169348] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.169377] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.169401] ? __pfx_mempool_kfree+0x10/0x10 [ 13.169428] ? __pfx_read_tsc+0x10/0x10 [ 13.169451] ? ktime_get_ts64+0x86/0x230 [ 13.169474] kunit_try_run_case+0x1a5/0x480 [ 13.169501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.169523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.169549] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.169573] ? __kthread_parkme+0x82/0x180 [ 13.169595] ? preempt_count_sub+0x50/0x80 [ 13.169626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.169659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.169682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.169706] kthread+0x337/0x6f0 [ 13.169737] ? trace_preempt_on+0x20/0xc0 [ 13.169762] ? __pfx_kthread+0x10/0x10 [ 13.169783] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.169805] ? calculate_sigpending+0x7b/0xa0 [ 13.169829] ? __pfx_kthread+0x10/0x10 [ 13.169851] ret_from_fork+0x116/0x1d0 [ 13.169871] ? __pfx_kthread+0x10/0x10 [ 13.169892] ret_from_fork_asm+0x1a/0x30 [ 13.169923] </TASK> [ 13.169945] [ 13.178668] The buggy address belongs to the physical page: [ 13.179181] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af0 [ 13.179719] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.180008] flags: 0x200000000000040(head|node=0|zone=2) [ 13.180342] page_type: f8(unknown) [ 13.180696] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.180962] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.181591] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.181948] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.182357] head: 0200000000000002 ffffea00040ebc01 00000000ffffffff 00000000ffffffff [ 13.182762] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.183005] page dumped because: kasan: bad access detected [ 13.183579] [ 13.183810] Memory state around the buggy address: [ 13.184049] ffff888103aeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.184328] ffff888103aeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.184838] >ffff888103af0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.185149] ^ [ 13.185321] ffff888103af0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.185762] ffff888103af0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.186077] ================================================================== [ 13.222651] ================================================================== [ 13.223792] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.224608] Read of size 1 at addr ffff888103af0000 by task kunit_try_catch/250 [ 13.224851] [ 13.224962] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.225009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.225022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.225045] Call Trace: [ 13.225067] <TASK> [ 13.225087] dump_stack_lvl+0x73/0xb0 [ 13.225121] print_report+0xd1/0x650 [ 13.225145] ? __virt_addr_valid+0x1db/0x2d0 [ 13.225170] ? mempool_uaf_helper+0x392/0x400 [ 13.225193] ? kasan_addr_to_slab+0x11/0xa0 [ 13.225215] ? mempool_uaf_helper+0x392/0x400 [ 13.225237] kasan_report+0x141/0x180 [ 13.225260] ? mempool_uaf_helper+0x392/0x400 [ 13.225287] __asan_report_load1_noabort+0x18/0x20 [ 13.225312] mempool_uaf_helper+0x392/0x400 [ 13.225335] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.225359] ? __kasan_check_write+0x18/0x20 [ 13.225380] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.225403] ? finish_task_switch.isra.0+0x153/0x700 [ 13.225429] mempool_page_alloc_uaf+0xed/0x140 [ 13.225453] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.225479] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.225501] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.225523] ? __pfx_read_tsc+0x10/0x10 [ 13.225545] ? ktime_get_ts64+0x86/0x230 [ 13.225570] kunit_try_run_case+0x1a5/0x480 [ 13.225596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.225618] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.225644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.225668] ? __kthread_parkme+0x82/0x180 [ 13.225691] ? preempt_count_sub+0x50/0x80 [ 13.225714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.225738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.225761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.225784] kthread+0x337/0x6f0 [ 13.225804] ? trace_preempt_on+0x20/0xc0 [ 13.225829] ? __pfx_kthread+0x10/0x10 [ 13.225850] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.225872] ? calculate_sigpending+0x7b/0xa0 [ 13.225896] ? __pfx_kthread+0x10/0x10 [ 13.225918] ret_from_fork+0x116/0x1d0 [ 13.225947] ? __pfx_kthread+0x10/0x10 [ 13.225968] ret_from_fork_asm+0x1a/0x30 [ 13.225999] </TASK> [ 13.226012] [ 13.240070] The buggy address belongs to the physical page: [ 13.240703] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af0 [ 13.241254] flags: 0x200000000000000(node=0|zone=2) [ 13.241442] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.242226] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.242893] page dumped because: kasan: bad access detected [ 13.243579] [ 13.243660] Memory state around the buggy address: [ 13.243822] ffff888103aeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.244319] ffff888103aeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.245041] >ffff888103af0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.245745] ^ [ 13.246028] ffff888103af0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.246249] ffff888103af0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.246602] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 13.190335] ================================================================== [ 13.190929] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.191571] Read of size 1 at addr ffff888103a18240 by task kunit_try_catch/248 [ 13.191886] [ 13.192023] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.192072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.192085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.192107] Call Trace: [ 13.192121] <TASK> [ 13.192140] dump_stack_lvl+0x73/0xb0 [ 13.192171] print_report+0xd1/0x650 [ 13.192196] ? __virt_addr_valid+0x1db/0x2d0 [ 13.192222] ? mempool_uaf_helper+0x392/0x400 [ 13.192244] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.192279] ? mempool_uaf_helper+0x392/0x400 [ 13.192301] kasan_report+0x141/0x180 [ 13.192324] ? mempool_uaf_helper+0x392/0x400 [ 13.192362] __asan_report_load1_noabort+0x18/0x20 [ 13.192387] mempool_uaf_helper+0x392/0x400 [ 13.192409] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.192434] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.192458] ? finish_task_switch.isra.0+0x153/0x700 [ 13.192483] mempool_slab_uaf+0xea/0x140 [ 13.192515] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.192541] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.192563] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.192631] ? __pfx_read_tsc+0x10/0x10 [ 13.192655] ? ktime_get_ts64+0x86/0x230 [ 13.192681] kunit_try_run_case+0x1a5/0x480 [ 13.192708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192731] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.192756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.192779] ? __kthread_parkme+0x82/0x180 [ 13.192800] ? preempt_count_sub+0x50/0x80 [ 13.192824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.192871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.192894] kthread+0x337/0x6f0 [ 13.192914] ? trace_preempt_on+0x20/0xc0 [ 13.192948] ? __pfx_kthread+0x10/0x10 [ 13.192970] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.192991] ? calculate_sigpending+0x7b/0xa0 [ 13.193016] ? __pfx_kthread+0x10/0x10 [ 13.193038] ret_from_fork+0x116/0x1d0 [ 13.193057] ? __pfx_kthread+0x10/0x10 [ 13.193077] ret_from_fork_asm+0x1a/0x30 [ 13.193108] </TASK> [ 13.193121] [ 13.202097] Allocated by task 248: [ 13.202342] kasan_save_stack+0x45/0x70 [ 13.202536] kasan_save_track+0x18/0x40 [ 13.202781] kasan_save_alloc_info+0x3b/0x50 [ 13.202942] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.203133] remove_element+0x11e/0x190 [ 13.203404] mempool_alloc_preallocated+0x4d/0x90 [ 13.203661] mempool_uaf_helper+0x96/0x400 [ 13.203906] mempool_slab_uaf+0xea/0x140 [ 13.204162] kunit_try_run_case+0x1a5/0x480 [ 13.204345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.204749] kthread+0x337/0x6f0 [ 13.204996] ret_from_fork+0x116/0x1d0 [ 13.205183] ret_from_fork_asm+0x1a/0x30 [ 13.205390] [ 13.205465] Freed by task 248: [ 13.205578] kasan_save_stack+0x45/0x70 [ 13.205716] kasan_save_track+0x18/0x40 [ 13.205852] kasan_save_free_info+0x3f/0x60 [ 13.206074] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.206314] mempool_free+0x2ec/0x380 [ 13.206589] mempool_uaf_helper+0x11a/0x400 [ 13.206885] mempool_slab_uaf+0xea/0x140 [ 13.207048] kunit_try_run_case+0x1a5/0x480 [ 13.207263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.207457] kthread+0x337/0x6f0 [ 13.207705] ret_from_fork+0x116/0x1d0 [ 13.207906] ret_from_fork_asm+0x1a/0x30 [ 13.208055] [ 13.208128] The buggy address belongs to the object at ffff888103a18240 [ 13.208128] which belongs to the cache test_cache of size 123 [ 13.208595] The buggy address is located 0 bytes inside of [ 13.208595] freed 123-byte region [ffff888103a18240, ffff888103a182bb) [ 13.209379] [ 13.209460] The buggy address belongs to the physical page: [ 13.209635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a18 [ 13.209879] flags: 0x200000000000000(node=0|zone=2) [ 13.210324] page_type: f5(slab) [ 13.210533] raw: 0200000000000000 ffff888101dc2a00 dead000000000122 0000000000000000 [ 13.211232] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.211680] page dumped because: kasan: bad access detected [ 13.212076] [ 13.212174] Memory state around the buggy address: [ 13.212363] ffff888103a18100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.212761] ffff888103a18180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.213272] >ffff888103a18200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.213607] ^ [ 13.213869] ffff888103a18280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.214177] ffff888103a18300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.214497] ================================================================== [ 13.124595] ================================================================== [ 13.125816] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.126185] Read of size 1 at addr ffff888102794b00 by task kunit_try_catch/244 [ 13.127403] [ 13.127697] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.127865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.127882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.127907] Call Trace: [ 13.127923] <TASK> [ 13.127955] dump_stack_lvl+0x73/0xb0 [ 13.127992] print_report+0xd1/0x650 [ 13.128016] ? __virt_addr_valid+0x1db/0x2d0 [ 13.128042] ? mempool_uaf_helper+0x392/0x400 [ 13.128104] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.128130] ? mempool_uaf_helper+0x392/0x400 [ 13.128151] kasan_report+0x141/0x180 [ 13.128174] ? mempool_uaf_helper+0x392/0x400 [ 13.128200] __asan_report_load1_noabort+0x18/0x20 [ 13.128225] mempool_uaf_helper+0x392/0x400 [ 13.128279] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.128304] ? __kasan_check_write+0x18/0x20 [ 13.128324] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.128348] ? finish_task_switch.isra.0+0x153/0x700 [ 13.128374] mempool_kmalloc_uaf+0xef/0x140 [ 13.128397] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 13.128422] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.128448] ? __pfx_mempool_kfree+0x10/0x10 [ 13.128474] ? __pfx_read_tsc+0x10/0x10 [ 13.128497] ? ktime_get_ts64+0x86/0x230 [ 13.128523] kunit_try_run_case+0x1a5/0x480 [ 13.128549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.128571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.128597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.128620] ? __kthread_parkme+0x82/0x180 [ 13.128642] ? preempt_count_sub+0x50/0x80 [ 13.128665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.128688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.128711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.128735] kthread+0x337/0x6f0 [ 13.128755] ? trace_preempt_on+0x20/0xc0 [ 13.128779] ? __pfx_kthread+0x10/0x10 [ 13.128800] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.128822] ? calculate_sigpending+0x7b/0xa0 [ 13.128847] ? __pfx_kthread+0x10/0x10 [ 13.128869] ret_from_fork+0x116/0x1d0 [ 13.128887] ? __pfx_kthread+0x10/0x10 [ 13.128907] ret_from_fork_asm+0x1a/0x30 [ 13.128951] </TASK> [ 13.128964] [ 13.145162] Allocated by task 244: [ 13.145403] kasan_save_stack+0x45/0x70 [ 13.145861] kasan_save_track+0x18/0x40 [ 13.146159] kasan_save_alloc_info+0x3b/0x50 [ 13.146315] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.146635] remove_element+0x11e/0x190 [ 13.147028] mempool_alloc_preallocated+0x4d/0x90 [ 13.147582] mempool_uaf_helper+0x96/0x400 [ 13.147987] mempool_kmalloc_uaf+0xef/0x140 [ 13.148289] kunit_try_run_case+0x1a5/0x480 [ 13.148440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.148624] kthread+0x337/0x6f0 [ 13.148749] ret_from_fork+0x116/0x1d0 [ 13.148884] ret_from_fork_asm+0x1a/0x30 [ 13.149387] [ 13.149625] Freed by task 244: [ 13.150069] kasan_save_stack+0x45/0x70 [ 13.150570] kasan_save_track+0x18/0x40 [ 13.151022] kasan_save_free_info+0x3f/0x60 [ 13.151466] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.152024] mempool_free+0x2ec/0x380 [ 13.152472] mempool_uaf_helper+0x11a/0x400 [ 13.153004] mempool_kmalloc_uaf+0xef/0x140 [ 13.153442] kunit_try_run_case+0x1a5/0x480 [ 13.153640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.154245] kthread+0x337/0x6f0 [ 13.154448] ret_from_fork+0x116/0x1d0 [ 13.154850] ret_from_fork_asm+0x1a/0x30 [ 13.155251] [ 13.155334] The buggy address belongs to the object at ffff888102794b00 [ 13.155334] which belongs to the cache kmalloc-128 of size 128 [ 13.156185] The buggy address is located 0 bytes inside of [ 13.156185] freed 128-byte region [ffff888102794b00, ffff888102794b80) [ 13.157542] [ 13.157686] The buggy address belongs to the physical page: [ 13.157864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 13.158283] flags: 0x200000000000000(node=0|zone=2) [ 13.158899] page_type: f5(slab) [ 13.159305] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.160129] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.160697] page dumped because: kasan: bad access detected [ 13.160884] [ 13.160980] Memory state around the buggy address: [ 13.161179] ffff888102794a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.161543] ffff888102794a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.161804] >ffff888102794b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.162221] ^ [ 13.162366] ffff888102794b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.162711] ffff888102794c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.163055] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 13.066564] ================================================================== [ 13.067281] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.067641] Read of size 1 at addr ffff888103aee001 by task kunit_try_catch/240 [ 13.068111] [ 13.068239] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.068287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.068299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.068323] Call Trace: [ 13.068337] <TASK> [ 13.068355] dump_stack_lvl+0x73/0xb0 [ 13.068388] print_report+0xd1/0x650 [ 13.068412] ? __virt_addr_valid+0x1db/0x2d0 [ 13.068437] ? mempool_oob_right_helper+0x318/0x380 [ 13.068460] ? kasan_addr_to_slab+0x11/0xa0 [ 13.068548] ? mempool_oob_right_helper+0x318/0x380 [ 13.068578] kasan_report+0x141/0x180 [ 13.068621] ? mempool_oob_right_helper+0x318/0x380 [ 13.068650] __asan_report_load1_noabort+0x18/0x20 [ 13.068674] mempool_oob_right_helper+0x318/0x380 [ 13.068697] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.068722] ? __kasan_check_write+0x18/0x20 [ 13.068741] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.068764] ? finish_task_switch.isra.0+0x153/0x700 [ 13.068790] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.068814] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.068842] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.068865] ? __pfx_mempool_kfree+0x10/0x10 [ 13.068890] ? __pfx_read_tsc+0x10/0x10 [ 13.068913] ? ktime_get_ts64+0x86/0x230 [ 13.068954] kunit_try_run_case+0x1a5/0x480 [ 13.069000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.069022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.069048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.069072] ? __kthread_parkme+0x82/0x180 [ 13.069093] ? preempt_count_sub+0x50/0x80 [ 13.069116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.069139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.069162] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.069186] kthread+0x337/0x6f0 [ 13.069206] ? trace_preempt_on+0x20/0xc0 [ 13.069230] ? __pfx_kthread+0x10/0x10 [ 13.069251] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.069272] ? calculate_sigpending+0x7b/0xa0 [ 13.069297] ? __pfx_kthread+0x10/0x10 [ 13.069318] ret_from_fork+0x116/0x1d0 [ 13.069337] ? __pfx_kthread+0x10/0x10 [ 13.069359] ret_from_fork_asm+0x1a/0x30 [ 13.069389] </TASK> [ 13.069402] [ 13.080558] The buggy address belongs to the physical page: [ 13.081230] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aec [ 13.081565] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.082039] flags: 0x200000000000040(head|node=0|zone=2) [ 13.082301] page_type: f8(unknown) [ 13.082540] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.082988] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.083438] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.083809] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.084213] head: 0200000000000002 ffffea00040ebb01 00000000ffffffff 00000000ffffffff [ 13.085000] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.085829] page dumped because: kasan: bad access detected [ 13.086214] [ 13.086290] Memory state around the buggy address: [ 13.086453] ffff888103aedf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.087329] ffff888103aedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.088103] >ffff888103aee000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.088448] ^ [ 13.088810] ffff888103aee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.089409] ffff888103aee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.089923] ================================================================== [ 13.094924] ================================================================== [ 13.096056] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.096633] Read of size 1 at addr ffff888103a142bb by task kunit_try_catch/242 [ 13.096862] [ 13.096987] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.097037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.097060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.097083] Call Trace: [ 13.097098] <TASK> [ 13.097118] dump_stack_lvl+0x73/0xb0 [ 13.097151] print_report+0xd1/0x650 [ 13.097173] ? __virt_addr_valid+0x1db/0x2d0 [ 13.097199] ? mempool_oob_right_helper+0x318/0x380 [ 13.097222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.097244] ? mempool_oob_right_helper+0x318/0x380 [ 13.097268] kasan_report+0x141/0x180 [ 13.097290] ? mempool_oob_right_helper+0x318/0x380 [ 13.097318] __asan_report_load1_noabort+0x18/0x20 [ 13.097342] mempool_oob_right_helper+0x318/0x380 [ 13.097366] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.097392] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.097415] ? finish_task_switch.isra.0+0x153/0x700 [ 13.097441] mempool_slab_oob_right+0xed/0x140 [ 13.097464] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.097490] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.097511] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.097544] ? __pfx_read_tsc+0x10/0x10 [ 13.097565] ? ktime_get_ts64+0x86/0x230 [ 13.097591] kunit_try_run_case+0x1a5/0x480 [ 13.097627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.097674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.097697] ? __kthread_parkme+0x82/0x180 [ 13.097719] ? preempt_count_sub+0x50/0x80 [ 13.097741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.097787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.097810] kthread+0x337/0x6f0 [ 13.097830] ? trace_preempt_on+0x20/0xc0 [ 13.097854] ? __pfx_kthread+0x10/0x10 [ 13.097875] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.097895] ? calculate_sigpending+0x7b/0xa0 [ 13.097921] ? __pfx_kthread+0x10/0x10 [ 13.097952] ret_from_fork+0x116/0x1d0 [ 13.097969] ? __pfx_kthread+0x10/0x10 [ 13.097990] ret_from_fork_asm+0x1a/0x30 [ 13.098022] </TASK> [ 13.098034] [ 13.107927] Allocated by task 242: [ 13.108185] kasan_save_stack+0x45/0x70 [ 13.108395] kasan_save_track+0x18/0x40 [ 13.108776] kasan_save_alloc_info+0x3b/0x50 [ 13.108986] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.109282] remove_element+0x11e/0x190 [ 13.109421] mempool_alloc_preallocated+0x4d/0x90 [ 13.109576] mempool_oob_right_helper+0x8a/0x380 [ 13.109778] mempool_slab_oob_right+0xed/0x140 [ 13.110033] kunit_try_run_case+0x1a5/0x480 [ 13.110332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.110841] kthread+0x337/0x6f0 [ 13.111049] ret_from_fork+0x116/0x1d0 [ 13.111254] ret_from_fork_asm+0x1a/0x30 [ 13.111411] [ 13.111485] The buggy address belongs to the object at ffff888103a14240 [ 13.111485] which belongs to the cache test_cache of size 123 [ 13.111919] The buggy address is located 0 bytes to the right of [ 13.111919] allocated 123-byte region [ffff888103a14240, ffff888103a142bb) [ 13.112566] [ 13.112655] The buggy address belongs to the physical page: [ 13.112834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a14 [ 13.113086] flags: 0x200000000000000(node=0|zone=2) [ 13.113355] page_type: f5(slab) [ 13.113682] raw: 0200000000000000 ffff888101dc28c0 dead000000000122 0000000000000000 [ 13.114086] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.114515] page dumped because: kasan: bad access detected [ 13.114791] [ 13.114895] Memory state around the buggy address: [ 13.115167] ffff888103a14180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.115393] ffff888103a14200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.115800] >ffff888103a14280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.116225] ^ [ 13.116465] ffff888103a14300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.116776] ffff888103a14380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.117105] ================================================================== [ 13.031913] ================================================================== [ 13.032811] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.033202] Read of size 1 at addr ffff888102794773 by task kunit_try_catch/238 [ 13.036209] [ 13.036355] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.036409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.036680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.036706] Call Trace: [ 13.036722] <TASK> [ 13.036744] dump_stack_lvl+0x73/0xb0 [ 13.036784] print_report+0xd1/0x650 [ 13.036809] ? __virt_addr_valid+0x1db/0x2d0 [ 13.036835] ? mempool_oob_right_helper+0x318/0x380 [ 13.036860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.036883] ? mempool_oob_right_helper+0x318/0x380 [ 13.036909] kasan_report+0x141/0x180 [ 13.036931] ? mempool_oob_right_helper+0x318/0x380 [ 13.036970] __asan_report_load1_noabort+0x18/0x20 [ 13.036994] mempool_oob_right_helper+0x318/0x380 [ 13.037018] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.037045] ? finish_task_switch.isra.0+0x153/0x700 [ 13.037095] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.037132] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.037159] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.037184] ? __pfx_mempool_kfree+0x10/0x10 [ 13.037209] ? __pfx_read_tsc+0x10/0x10 [ 13.037231] ? ktime_get_ts64+0x86/0x230 [ 13.037256] kunit_try_run_case+0x1a5/0x480 [ 13.037283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.037305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.037330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.037353] ? __kthread_parkme+0x82/0x180 [ 13.037375] ? preempt_count_sub+0x50/0x80 [ 13.037398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.037421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.037443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.037485] kthread+0x337/0x6f0 [ 13.037504] ? trace_preempt_on+0x20/0xc0 [ 13.037528] ? __pfx_kthread+0x10/0x10 [ 13.037549] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.037570] ? calculate_sigpending+0x7b/0xa0 [ 13.037595] ? __pfx_kthread+0x10/0x10 [ 13.037616] ret_from_fork+0x116/0x1d0 [ 13.037635] ? __pfx_kthread+0x10/0x10 [ 13.037655] ret_from_fork_asm+0x1a/0x30 [ 13.037686] </TASK> [ 13.037699] [ 13.049374] Allocated by task 238: [ 13.049648] kasan_save_stack+0x45/0x70 [ 13.049900] kasan_save_track+0x18/0x40 [ 13.050289] kasan_save_alloc_info+0x3b/0x50 [ 13.050703] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.050958] remove_element+0x11e/0x190 [ 13.051355] mempool_alloc_preallocated+0x4d/0x90 [ 13.051873] mempool_oob_right_helper+0x8a/0x380 [ 13.052244] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.052463] kunit_try_run_case+0x1a5/0x480 [ 13.052911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.053359] kthread+0x337/0x6f0 [ 13.053744] ret_from_fork+0x116/0x1d0 [ 13.053943] ret_from_fork_asm+0x1a/0x30 [ 13.054275] [ 13.054410] The buggy address belongs to the object at ffff888102794700 [ 13.054410] which belongs to the cache kmalloc-128 of size 128 [ 13.055276] The buggy address is located 0 bytes to the right of [ 13.055276] allocated 115-byte region [ffff888102794700, ffff888102794773) [ 13.056192] [ 13.056293] The buggy address belongs to the physical page: [ 13.056845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 13.057246] flags: 0x200000000000000(node=0|zone=2) [ 13.057649] page_type: f5(slab) [ 13.057796] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.058521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.058859] page dumped because: kasan: bad access detected [ 13.059227] [ 13.059354] Memory state around the buggy address: [ 13.060009] ffff888102794600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.060492] ffff888102794680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.060819] >ffff888102794700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.061417] ^ [ 13.061754] ffff888102794780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.062222] ffff888102794800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.062713] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.465446] ================================================================== [ 12.465944] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.466214] Read of size 1 at addr ffff888101dc2640 by task kunit_try_catch/232 [ 12.466568] [ 12.466675] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.466725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.466738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.466761] Call Trace: [ 12.466776] <TASK> [ 12.466796] dump_stack_lvl+0x73/0xb0 [ 12.466831] print_report+0xd1/0x650 [ 12.466854] ? __virt_addr_valid+0x1db/0x2d0 [ 12.466880] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.466904] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.466927] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.466964] kasan_report+0x141/0x180 [ 12.466986] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.467013] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.467039] __kasan_check_byte+0x3d/0x50 [ 12.467062] kmem_cache_destroy+0x25/0x1d0 [ 12.467086] kmem_cache_double_destroy+0x1bf/0x380 [ 12.467113] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.467139] ? finish_task_switch.isra.0+0x153/0x700 [ 12.467162] ? __switch_to+0x47/0xf50 [ 12.467192] ? __pfx_read_tsc+0x10/0x10 [ 12.467213] ? ktime_get_ts64+0x86/0x230 [ 12.467238] kunit_try_run_case+0x1a5/0x480 [ 12.467265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467287] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.467316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.467550] ? __kthread_parkme+0x82/0x180 [ 12.467583] ? preempt_count_sub+0x50/0x80 [ 12.467607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.467632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.467656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.467679] kthread+0x337/0x6f0 [ 12.467699] ? trace_preempt_on+0x20/0xc0 [ 12.467723] ? __pfx_kthread+0x10/0x10 [ 12.467744] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.467765] ? calculate_sigpending+0x7b/0xa0 [ 12.467790] ? __pfx_kthread+0x10/0x10 [ 12.467811] ret_from_fork+0x116/0x1d0 [ 12.467830] ? __pfx_kthread+0x10/0x10 [ 12.467850] ret_from_fork_asm+0x1a/0x30 [ 12.467882] </TASK> [ 12.467894] [ 12.478050] Allocated by task 232: [ 12.478327] kasan_save_stack+0x45/0x70 [ 12.478853] kasan_save_track+0x18/0x40 [ 12.479061] kasan_save_alloc_info+0x3b/0x50 [ 12.479282] __kasan_slab_alloc+0x91/0xa0 [ 12.479450] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.479745] __kmem_cache_create_args+0x169/0x240 [ 12.480006] kmem_cache_double_destroy+0xd5/0x380 [ 12.480424] kunit_try_run_case+0x1a5/0x480 [ 12.480698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.480997] kthread+0x337/0x6f0 [ 12.481205] ret_from_fork+0x116/0x1d0 [ 12.481354] ret_from_fork_asm+0x1a/0x30 [ 12.481567] [ 12.481781] Freed by task 232: [ 12.481954] kasan_save_stack+0x45/0x70 [ 12.482193] kasan_save_track+0x18/0x40 [ 12.482388] kasan_save_free_info+0x3f/0x60 [ 12.482747] __kasan_slab_free+0x56/0x70 [ 12.482975] kmem_cache_free+0x249/0x420 [ 12.483202] slab_kmem_cache_release+0x2e/0x40 [ 12.483409] kmem_cache_release+0x16/0x20 [ 12.483627] kobject_put+0x181/0x450 [ 12.483834] sysfs_slab_release+0x16/0x20 [ 12.484044] kmem_cache_destroy+0xf0/0x1d0 [ 12.484388] kmem_cache_double_destroy+0x14e/0x380 [ 12.484663] kunit_try_run_case+0x1a5/0x480 [ 12.484914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.485192] kthread+0x337/0x6f0 [ 12.485391] ret_from_fork+0x116/0x1d0 [ 12.485580] ret_from_fork_asm+0x1a/0x30 [ 12.485777] [ 12.485856] The buggy address belongs to the object at ffff888101dc2640 [ 12.485856] which belongs to the cache kmem_cache of size 208 [ 12.486513] The buggy address is located 0 bytes inside of [ 12.486513] freed 208-byte region [ffff888101dc2640, ffff888101dc2710) [ 12.486999] [ 12.487104] The buggy address belongs to the physical page: [ 12.487639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101dc2 [ 12.487996] flags: 0x200000000000000(node=0|zone=2) [ 12.488168] page_type: f5(slab) [ 12.488431] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.488782] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.489253] page dumped because: kasan: bad access detected [ 12.489578] [ 12.489654] Memory state around the buggy address: [ 12.489890] ffff888101dc2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.490264] ffff888101dc2580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.490661] >ffff888101dc2600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 12.490977] ^ [ 12.491157] ffff888101dc2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.491698] ffff888101dc2700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.492247] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.399755] ================================================================== [ 12.400302] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.400634] Read of size 1 at addr ffff8881027a3000 by task kunit_try_catch/230 [ 12.400976] [ 12.401085] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.401133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.401146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.401167] Call Trace: [ 12.401181] <TASK> [ 12.401201] dump_stack_lvl+0x73/0xb0 [ 12.401232] print_report+0xd1/0x650 [ 12.401255] ? __virt_addr_valid+0x1db/0x2d0 [ 12.401279] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.401302] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.401324] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.401347] kasan_report+0x141/0x180 [ 12.401369] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.401396] __asan_report_load1_noabort+0x18/0x20 [ 12.401419] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.401442] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.401464] ? finish_task_switch.isra.0+0x153/0x700 [ 12.401486] ? __switch_to+0x47/0xf50 [ 12.401515] ? __pfx_read_tsc+0x10/0x10 [ 12.401536] ? ktime_get_ts64+0x86/0x230 [ 12.401560] kunit_try_run_case+0x1a5/0x480 [ 12.401586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.401607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.401631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.401653] ? __kthread_parkme+0x82/0x180 [ 12.401674] ? preempt_count_sub+0x50/0x80 [ 12.401911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.402038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.402065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.402089] kthread+0x337/0x6f0 [ 12.402122] ? trace_preempt_on+0x20/0xc0 [ 12.402146] ? __pfx_kthread+0x10/0x10 [ 12.402167] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.402189] ? calculate_sigpending+0x7b/0xa0 [ 12.402215] ? __pfx_kthread+0x10/0x10 [ 12.402236] ret_from_fork+0x116/0x1d0 [ 12.402256] ? __pfx_kthread+0x10/0x10 [ 12.402276] ret_from_fork_asm+0x1a/0x30 [ 12.402308] </TASK> [ 12.402320] [ 12.415299] Allocated by task 230: [ 12.415451] kasan_save_stack+0x45/0x70 [ 12.415887] kasan_save_track+0x18/0x40 [ 12.416261] kasan_save_alloc_info+0x3b/0x50 [ 12.416696] __kasan_slab_alloc+0x91/0xa0 [ 12.416908] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.417133] kmem_cache_rcu_uaf+0x155/0x510 [ 12.417563] kunit_try_run_case+0x1a5/0x480 [ 12.417950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.418311] kthread+0x337/0x6f0 [ 12.418437] ret_from_fork+0x116/0x1d0 [ 12.418960] ret_from_fork_asm+0x1a/0x30 [ 12.419348] [ 12.419598] Freed by task 0: [ 12.419811] kasan_save_stack+0x45/0x70 [ 12.419988] kasan_save_track+0x18/0x40 [ 12.420368] kasan_save_free_info+0x3f/0x60 [ 12.420811] __kasan_slab_free+0x56/0x70 [ 12.420974] slab_free_after_rcu_debug+0xe4/0x310 [ 12.421269] rcu_core+0x66f/0x1c40 [ 12.421654] rcu_core_si+0x12/0x20 [ 12.421982] handle_softirqs+0x209/0x730 [ 12.422292] __irq_exit_rcu+0xc9/0x110 [ 12.422430] irq_exit_rcu+0x12/0x20 [ 12.422564] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.422726] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.422894] [ 12.422977] Last potentially related work creation: [ 12.423139] kasan_save_stack+0x45/0x70 [ 12.423275] kasan_record_aux_stack+0xb2/0xc0 [ 12.423427] kmem_cache_free+0x131/0x420 [ 12.423563] kmem_cache_rcu_uaf+0x194/0x510 [ 12.423708] kunit_try_run_case+0x1a5/0x480 [ 12.423854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.424431] kthread+0x337/0x6f0 [ 12.424795] ret_from_fork+0x116/0x1d0 [ 12.425162] ret_from_fork_asm+0x1a/0x30 [ 12.425576] [ 12.425736] The buggy address belongs to the object at ffff8881027a3000 [ 12.425736] which belongs to the cache test_cache of size 200 [ 12.426834] The buggy address is located 0 bytes inside of [ 12.426834] freed 200-byte region [ffff8881027a3000, ffff8881027a30c8) [ 12.428102] [ 12.428303] The buggy address belongs to the physical page: [ 12.428844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a3 [ 12.429601] flags: 0x200000000000000(node=0|zone=2) [ 12.430040] page_type: f5(slab) [ 12.430363] raw: 0200000000000000 ffff888100f77640 dead000000000122 0000000000000000 [ 12.431073] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.431927] page dumped because: kasan: bad access detected [ 12.432315] [ 12.432480] Memory state around the buggy address: [ 12.432722] ffff8881027a2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.432960] ffff8881027a2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.433377] >ffff8881027a3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.434061] ^ [ 12.434404] ffff8881027a3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.435088] ffff8881027a3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.435516] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.349295] ================================================================== [ 12.349780] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.350114] Free of addr ffff888103a0c001 by task kunit_try_catch/228 [ 12.350397] [ 12.350524] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.350569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.350581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.350603] Call Trace: [ 12.350617] <TASK> [ 12.350635] dump_stack_lvl+0x73/0xb0 [ 12.350667] print_report+0xd1/0x650 [ 12.350690] ? __virt_addr_valid+0x1db/0x2d0 [ 12.350715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.350737] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.350762] kasan_report_invalid_free+0x10a/0x130 [ 12.350786] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.350812] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.350835] check_slab_allocation+0x11f/0x130 [ 12.350857] __kasan_slab_pre_free+0x28/0x40 [ 12.350878] kmem_cache_free+0xed/0x420 [ 12.350898] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.350918] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.350957] kmem_cache_invalid_free+0x1d8/0x460 [ 12.350981] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.351004] ? finish_task_switch.isra.0+0x153/0x700 [ 12.351028] ? __switch_to+0x47/0xf50 [ 12.351056] ? __pfx_read_tsc+0x10/0x10 [ 12.351077] ? ktime_get_ts64+0x86/0x230 [ 12.351102] kunit_try_run_case+0x1a5/0x480 [ 12.351132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.351153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.351177] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.351200] ? __kthread_parkme+0x82/0x180 [ 12.351221] ? preempt_count_sub+0x50/0x80 [ 12.351243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.351266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.351288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.351310] kthread+0x337/0x6f0 [ 12.351329] ? trace_preempt_on+0x20/0xc0 [ 12.351353] ? __pfx_kthread+0x10/0x10 [ 12.351373] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.351393] ? calculate_sigpending+0x7b/0xa0 [ 12.351417] ? __pfx_kthread+0x10/0x10 [ 12.351440] ret_from_fork+0x116/0x1d0 [ 12.351458] ? __pfx_kthread+0x10/0x10 [ 12.351478] ret_from_fork_asm+0x1a/0x30 [ 12.351508] </TASK> [ 12.351520] [ 12.359941] Allocated by task 228: [ 12.360130] kasan_save_stack+0x45/0x70 [ 12.360592] kasan_save_track+0x18/0x40 [ 12.360739] kasan_save_alloc_info+0x3b/0x50 [ 12.360965] __kasan_slab_alloc+0x91/0xa0 [ 12.361205] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.361406] kmem_cache_invalid_free+0x157/0x460 [ 12.361689] kunit_try_run_case+0x1a5/0x480 [ 12.361862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.362099] kthread+0x337/0x6f0 [ 12.362271] ret_from_fork+0x116/0x1d0 [ 12.362456] ret_from_fork_asm+0x1a/0x30 [ 12.362600] [ 12.362672] The buggy address belongs to the object at ffff888103a0c000 [ 12.362672] which belongs to the cache test_cache of size 200 [ 12.363127] The buggy address is located 1 bytes inside of [ 12.363127] 200-byte region [ffff888103a0c000, ffff888103a0c0c8) [ 12.363707] [ 12.363807] The buggy address belongs to the physical page: [ 12.364259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 12.364564] flags: 0x200000000000000(node=0|zone=2) [ 12.364818] page_type: f5(slab) [ 12.365015] raw: 0200000000000000 ffff888101dc2500 dead000000000122 0000000000000000 [ 12.365555] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.365859] page dumped because: kasan: bad access detected [ 12.366082] [ 12.366179] Memory state around the buggy address: [ 12.366386] ffff888103a0bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.366693] ffff888103a0bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.367141] >ffff888103a0c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.367360] ^ [ 12.367477] ffff888103a0c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.367913] ffff888103a0c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.368190] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.312743] ================================================================== [ 12.314561] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.315496] Free of addr ffff888103a0a000 by task kunit_try_catch/226 [ 12.315989] [ 12.316397] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.316450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.316612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.316638] Call Trace: [ 12.316652] <TASK> [ 12.316670] dump_stack_lvl+0x73/0xb0 [ 12.316703] print_report+0xd1/0x650 [ 12.316726] ? __virt_addr_valid+0x1db/0x2d0 [ 12.316751] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.316773] ? kmem_cache_double_free+0x1e5/0x480 [ 12.316798] kasan_report_invalid_free+0x10a/0x130 [ 12.316822] ? kmem_cache_double_free+0x1e5/0x480 [ 12.316847] ? kmem_cache_double_free+0x1e5/0x480 [ 12.316870] check_slab_allocation+0x101/0x130 [ 12.316892] __kasan_slab_pre_free+0x28/0x40 [ 12.316912] kmem_cache_free+0xed/0x420 [ 12.316946] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.316966] ? kmem_cache_double_free+0x1e5/0x480 [ 12.316993] kmem_cache_double_free+0x1e5/0x480 [ 12.317016] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.317039] ? finish_task_switch.isra.0+0x153/0x700 [ 12.317070] ? __switch_to+0x47/0xf50 [ 12.317099] ? __pfx_read_tsc+0x10/0x10 [ 12.317120] ? ktime_get_ts64+0x86/0x230 [ 12.317145] kunit_try_run_case+0x1a5/0x480 [ 12.317169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.317191] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.317215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.317237] ? __kthread_parkme+0x82/0x180 [ 12.317258] ? preempt_count_sub+0x50/0x80 [ 12.317281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.317303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.317325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.317347] kthread+0x337/0x6f0 [ 12.317366] ? trace_preempt_on+0x20/0xc0 [ 12.317389] ? __pfx_kthread+0x10/0x10 [ 12.317410] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.317430] ? calculate_sigpending+0x7b/0xa0 [ 12.317453] ? __pfx_kthread+0x10/0x10 [ 12.317495] ret_from_fork+0x116/0x1d0 [ 12.317513] ? __pfx_kthread+0x10/0x10 [ 12.317533] ret_from_fork_asm+0x1a/0x30 [ 12.317564] </TASK> [ 12.317575] [ 12.328668] Allocated by task 226: [ 12.328865] kasan_save_stack+0x45/0x70 [ 12.329071] kasan_save_track+0x18/0x40 [ 12.329656] kasan_save_alloc_info+0x3b/0x50 [ 12.329836] __kasan_slab_alloc+0x91/0xa0 [ 12.330238] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.330639] kmem_cache_double_free+0x14f/0x480 [ 12.330828] kunit_try_run_case+0x1a5/0x480 [ 12.331204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.331606] kthread+0x337/0x6f0 [ 12.331738] ret_from_fork+0x116/0x1d0 [ 12.332079] ret_from_fork_asm+0x1a/0x30 [ 12.332347] [ 12.332444] Freed by task 226: [ 12.332581] kasan_save_stack+0x45/0x70 [ 12.333040] kasan_save_track+0x18/0x40 [ 12.333254] kasan_save_free_info+0x3f/0x60 [ 12.333441] __kasan_slab_free+0x56/0x70 [ 12.333850] kmem_cache_free+0x249/0x420 [ 12.334299] kmem_cache_double_free+0x16a/0x480 [ 12.334463] kunit_try_run_case+0x1a5/0x480 [ 12.334797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.335027] kthread+0x337/0x6f0 [ 12.335196] ret_from_fork+0x116/0x1d0 [ 12.335515] ret_from_fork_asm+0x1a/0x30 [ 12.335683] [ 12.335784] The buggy address belongs to the object at ffff888103a0a000 [ 12.335784] which belongs to the cache test_cache of size 200 [ 12.336292] The buggy address is located 0 bytes inside of [ 12.336292] 200-byte region [ffff888103a0a000, ffff888103a0a0c8) [ 12.336682] [ 12.336786] The buggy address belongs to the physical page: [ 12.336993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0a [ 12.337720] flags: 0x200000000000000(node=0|zone=2) [ 12.337948] page_type: f5(slab) [ 12.338145] raw: 0200000000000000 ffff888101dc23c0 dead000000000122 0000000000000000 [ 12.338435] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.338805] page dumped because: kasan: bad access detected [ 12.339024] [ 12.339114] Memory state around the buggy address: [ 12.339347] ffff888103a09f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.339619] ffff888103a09f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.340019] >ffff888103a0a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.340282] ^ [ 12.340452] ffff888103a0a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.340807] ffff888103a0a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.341128] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.276166] ================================================================== [ 12.277485] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.278494] Read of size 1 at addr ffff888103a080c8 by task kunit_try_catch/224 [ 12.279250] [ 12.279368] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.279417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.279429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.279451] Call Trace: [ 12.279466] <TASK> [ 12.279485] dump_stack_lvl+0x73/0xb0 [ 12.279519] print_report+0xd1/0x650 [ 12.279543] ? __virt_addr_valid+0x1db/0x2d0 [ 12.279567] ? kmem_cache_oob+0x402/0x530 [ 12.279590] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.279611] ? kmem_cache_oob+0x402/0x530 [ 12.279633] kasan_report+0x141/0x180 [ 12.279655] ? kmem_cache_oob+0x402/0x530 [ 12.279681] __asan_report_load1_noabort+0x18/0x20 [ 12.279704] kmem_cache_oob+0x402/0x530 [ 12.279725] ? trace_hardirqs_on+0x37/0xe0 [ 12.279749] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.279770] ? finish_task_switch.isra.0+0x153/0x700 [ 12.279792] ? __switch_to+0x47/0xf50 [ 12.279821] ? __pfx_read_tsc+0x10/0x10 [ 12.279841] ? ktime_get_ts64+0x86/0x230 [ 12.279865] kunit_try_run_case+0x1a5/0x480 [ 12.279891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.279912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.279946] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.279968] ? __kthread_parkme+0x82/0x180 [ 12.279989] ? preempt_count_sub+0x50/0x80 [ 12.280011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.280033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.280055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.280077] kthread+0x337/0x6f0 [ 12.280108] ? trace_preempt_on+0x20/0xc0 [ 12.280129] ? __pfx_kthread+0x10/0x10 [ 12.280148] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.280180] ? calculate_sigpending+0x7b/0xa0 [ 12.280205] ? __pfx_kthread+0x10/0x10 [ 12.280226] ret_from_fork+0x116/0x1d0 [ 12.280244] ? __pfx_kthread+0x10/0x10 [ 12.280263] ret_from_fork_asm+0x1a/0x30 [ 12.280294] </TASK> [ 12.280314] [ 12.288982] Allocated by task 224: [ 12.289209] kasan_save_stack+0x45/0x70 [ 12.289361] kasan_save_track+0x18/0x40 [ 12.289777] kasan_save_alloc_info+0x3b/0x50 [ 12.289983] __kasan_slab_alloc+0x91/0xa0 [ 12.290124] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.290305] kmem_cache_oob+0x157/0x530 [ 12.290667] kunit_try_run_case+0x1a5/0x480 [ 12.290942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.291273] kthread+0x337/0x6f0 [ 12.291397] ret_from_fork+0x116/0x1d0 [ 12.291529] ret_from_fork_asm+0x1a/0x30 [ 12.291885] [ 12.292020] The buggy address belongs to the object at ffff888103a08000 [ 12.292020] which belongs to the cache test_cache of size 200 [ 12.292753] The buggy address is located 0 bytes to the right of [ 12.292753] allocated 200-byte region [ffff888103a08000, ffff888103a080c8) [ 12.293343] [ 12.293444] The buggy address belongs to the physical page: [ 12.293698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a08 [ 12.294066] flags: 0x200000000000000(node=0|zone=2) [ 12.294306] page_type: f5(slab) [ 12.294560] raw: 0200000000000000 ffff888101dc2280 dead000000000122 0000000000000000 [ 12.294892] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.295305] page dumped because: kasan: bad access detected [ 12.295643] [ 12.295737] Memory state around the buggy address: [ 12.295977] ffff888103a07f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.296317] ffff888103a08000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.296653] >ffff888103a08080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.296868] ^ [ 12.297073] ffff888103a08100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.297440] ffff888103a08180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.297753] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.229055] ================================================================== [ 12.229689] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.230431] Read of size 8 at addr ffff88810279d640 by task kunit_try_catch/217 [ 12.230928] [ 12.231137] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.231186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.231198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.231219] Call Trace: [ 12.231233] <TASK> [ 12.231252] dump_stack_lvl+0x73/0xb0 [ 12.231284] print_report+0xd1/0x650 [ 12.231308] ? __virt_addr_valid+0x1db/0x2d0 [ 12.231333] ? workqueue_uaf+0x4d6/0x560 [ 12.231353] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.231374] ? workqueue_uaf+0x4d6/0x560 [ 12.231395] kasan_report+0x141/0x180 [ 12.231417] ? workqueue_uaf+0x4d6/0x560 [ 12.231442] __asan_report_load8_noabort+0x18/0x20 [ 12.231636] workqueue_uaf+0x4d6/0x560 [ 12.231679] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.231702] ? __schedule+0x10cc/0x2b60 [ 12.231726] ? __pfx_read_tsc+0x10/0x10 [ 12.231748] ? ktime_get_ts64+0x86/0x230 [ 12.231773] kunit_try_run_case+0x1a5/0x480 [ 12.231798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.231819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.231843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.231865] ? __kthread_parkme+0x82/0x180 [ 12.231885] ? preempt_count_sub+0x50/0x80 [ 12.231909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.231943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.231965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.231987] kthread+0x337/0x6f0 [ 12.232006] ? trace_preempt_on+0x20/0xc0 [ 12.232030] ? __pfx_kthread+0x10/0x10 [ 12.232049] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.232069] ? calculate_sigpending+0x7b/0xa0 [ 12.232093] ? __pfx_kthread+0x10/0x10 [ 12.232114] ret_from_fork+0x116/0x1d0 [ 12.232132] ? __pfx_kthread+0x10/0x10 [ 12.232151] ret_from_fork_asm+0x1a/0x30 [ 12.232183] </TASK> [ 12.232194] [ 12.244509] Allocated by task 217: [ 12.244661] kasan_save_stack+0x45/0x70 [ 12.244814] kasan_save_track+0x18/0x40 [ 12.244960] kasan_save_alloc_info+0x3b/0x50 [ 12.245118] __kasan_kmalloc+0xb7/0xc0 [ 12.245305] __kmalloc_cache_noprof+0x189/0x420 [ 12.245561] workqueue_uaf+0x152/0x560 [ 12.245698] kunit_try_run_case+0x1a5/0x480 [ 12.245843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.246388] kthread+0x337/0x6f0 [ 12.246777] ret_from_fork+0x116/0x1d0 [ 12.247160] ret_from_fork_asm+0x1a/0x30 [ 12.247682] [ 12.247849] Freed by task 24: [ 12.248164] kasan_save_stack+0x45/0x70 [ 12.248578] kasan_save_track+0x18/0x40 [ 12.248719] kasan_save_free_info+0x3f/0x60 [ 12.248864] __kasan_slab_free+0x56/0x70 [ 12.249015] kfree+0x222/0x3f0 [ 12.249322] workqueue_uaf_work+0x12/0x20 [ 12.249739] process_one_work+0x5ee/0xf60 [ 12.250147] worker_thread+0x758/0x1220 [ 12.250577] kthread+0x337/0x6f0 [ 12.250874] ret_from_fork+0x116/0x1d0 [ 12.251253] ret_from_fork_asm+0x1a/0x30 [ 12.251683] [ 12.251763] Last potentially related work creation: [ 12.251919] kasan_save_stack+0x45/0x70 [ 12.252076] kasan_record_aux_stack+0xb2/0xc0 [ 12.252360] __queue_work+0x626/0xeb0 [ 12.252779] queue_work_on+0xb6/0xc0 [ 12.253174] workqueue_uaf+0x26d/0x560 [ 12.253514] kunit_try_run_case+0x1a5/0x480 [ 12.253954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.254456] kthread+0x337/0x6f0 [ 12.254835] ret_from_fork+0x116/0x1d0 [ 12.255190] ret_from_fork_asm+0x1a/0x30 [ 12.255333] [ 12.255405] The buggy address belongs to the object at ffff88810279d640 [ 12.255405] which belongs to the cache kmalloc-32 of size 32 [ 12.256386] The buggy address is located 0 bytes inside of [ 12.256386] freed 32-byte region [ffff88810279d640, ffff88810279d660) [ 12.257616] [ 12.257785] The buggy address belongs to the physical page: [ 12.258286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10279d [ 12.259168] flags: 0x200000000000000(node=0|zone=2) [ 12.260068] page_type: f5(slab) [ 12.260261] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.260539] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.260767] page dumped because: kasan: bad access detected [ 12.260952] [ 12.261026] Memory state around the buggy address: [ 12.261184] ffff88810279d500: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.261404] ffff88810279d580: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 12.261618] >ffff88810279d600: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 12.261827] ^ [ 12.263382] ffff88810279d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.264595] ffff88810279d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.265711] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.178590] ================================================================== [ 12.179523] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.179759] Read of size 4 at addr ffff888102b1b840 by task swapper/0/0 [ 12.179976] [ 12.180071] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.180118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.180130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.180152] Call Trace: [ 12.180182] <IRQ> [ 12.180202] dump_stack_lvl+0x73/0xb0 [ 12.180303] print_report+0xd1/0x650 [ 12.180492] ? __virt_addr_valid+0x1db/0x2d0 [ 12.180775] ? rcu_uaf_reclaim+0x50/0x60 [ 12.180801] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.180824] ? rcu_uaf_reclaim+0x50/0x60 [ 12.180844] kasan_report+0x141/0x180 [ 12.180866] ? rcu_uaf_reclaim+0x50/0x60 [ 12.180891] __asan_report_load4_noabort+0x18/0x20 [ 12.180914] rcu_uaf_reclaim+0x50/0x60 [ 12.180945] rcu_core+0x66f/0x1c40 [ 12.180975] ? __pfx_rcu_core+0x10/0x10 [ 12.180996] ? ktime_get+0x6b/0x150 [ 12.181017] ? handle_softirqs+0x18e/0x730 [ 12.181042] rcu_core_si+0x12/0x20 [ 12.181062] handle_softirqs+0x209/0x730 [ 12.181081] ? hrtimer_interrupt+0x2fe/0x780 [ 12.181103] ? __pfx_handle_softirqs+0x10/0x10 [ 12.181127] __irq_exit_rcu+0xc9/0x110 [ 12.181147] irq_exit_rcu+0x12/0x20 [ 12.181166] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.181190] </IRQ> [ 12.181222] <TASK> [ 12.181234] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.181328] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.181543] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 9a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.181623] RSP: 0000:ffffffffaf807dd8 EFLAGS: 00010216 [ 12.181710] RAX: ffff8881aa474000 RBX: ffffffffaf81cac0 RCX: ffffffffae6720e5 [ 12.181754] RDX: ffffed102b60618b RSI: 0000000000000004 RDI: 0000000000004f6c [ 12.181796] RBP: ffffffffaf807de0 R08: 0000000000000001 R09: ffffed102b60618a [ 12.181838] R10: ffff88815b030c53 R11: 0000000000070800 R12: 0000000000000000 [ 12.181879] R13: fffffbfff5f03958 R14: ffffffffb03b0e90 R15: 0000000000000000 [ 12.181948] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.182000] ? default_idle+0xd/0x20 [ 12.182022] arch_cpu_idle+0xd/0x20 [ 12.182044] default_idle_call+0x48/0x80 [ 12.182062] do_idle+0x379/0x4f0 [ 12.182087] ? __pfx_do_idle+0x10/0x10 [ 12.182114] cpu_startup_entry+0x5c/0x70 [ 12.182137] rest_init+0x11a/0x140 [ 12.182153] ? acpi_subsystem_init+0x5d/0x150 [ 12.182178] start_kernel+0x330/0x410 [ 12.182203] x86_64_start_reservations+0x1c/0x30 [ 12.182226] x86_64_start_kernel+0x10d/0x120 [ 12.182249] common_startup_64+0x13e/0x148 [ 12.182281] </TASK> [ 12.182293] [ 12.198789] Allocated by task 215: [ 12.199142] kasan_save_stack+0x45/0x70 [ 12.199477] kasan_save_track+0x18/0x40 [ 12.199876] kasan_save_alloc_info+0x3b/0x50 [ 12.200248] __kasan_kmalloc+0xb7/0xc0 [ 12.200440] __kmalloc_cache_noprof+0x189/0x420 [ 12.200838] rcu_uaf+0xb0/0x330 [ 12.201020] kunit_try_run_case+0x1a5/0x480 [ 12.201539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.201790] kthread+0x337/0x6f0 [ 12.201955] ret_from_fork+0x116/0x1d0 [ 12.202155] ret_from_fork_asm+0x1a/0x30 [ 12.202353] [ 12.202451] Freed by task 0: [ 12.203124] kasan_save_stack+0x45/0x70 [ 12.203428] kasan_save_track+0x18/0x40 [ 12.203846] kasan_save_free_info+0x3f/0x60 [ 12.204288] __kasan_slab_free+0x56/0x70 [ 12.204855] kfree+0x222/0x3f0 [ 12.205055] rcu_uaf_reclaim+0x1f/0x60 [ 12.205350] rcu_core+0x66f/0x1c40 [ 12.205709] rcu_core_si+0x12/0x20 [ 12.205900] handle_softirqs+0x209/0x730 [ 12.206581] __irq_exit_rcu+0xc9/0x110 [ 12.206778] irq_exit_rcu+0x12/0x20 [ 12.207158] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.207387] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.207808] [ 12.208164] Last potentially related work creation: [ 12.208389] kasan_save_stack+0x45/0x70 [ 12.208621] kasan_record_aux_stack+0xb2/0xc0 [ 12.209160] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.209655] call_rcu+0x12/0x20 [ 12.209948] rcu_uaf+0x168/0x330 [ 12.210235] kunit_try_run_case+0x1a5/0x480 [ 12.210740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.211023] kthread+0x337/0x6f0 [ 12.211519] ret_from_fork+0x116/0x1d0 [ 12.211837] ret_from_fork_asm+0x1a/0x30 [ 12.212221] [ 12.212453] The buggy address belongs to the object at ffff888102b1b840 [ 12.212453] which belongs to the cache kmalloc-32 of size 32 [ 12.213236] The buggy address is located 0 bytes inside of [ 12.213236] freed 32-byte region [ffff888102b1b840, ffff888102b1b860) [ 12.214299] [ 12.214399] The buggy address belongs to the physical page: [ 12.214907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b1b [ 12.215745] flags: 0x200000000000000(node=0|zone=2) [ 12.216133] page_type: f5(slab) [ 12.216299] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.216955] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.217517] page dumped because: kasan: bad access detected [ 12.217768] [ 12.217883] Memory state around the buggy address: [ 12.218105] ffff888102b1b700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.218921] ffff888102b1b780: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 12.219414] >ffff888102b1b800: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.219953] ^ [ 12.220416] ffff888102b1b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.221093] ffff888102b1b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.221525] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 12.132210] ================================================================== [ 12.132855] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 12.133117] Read of size 1 at addr ffff888102794478 by task kunit_try_catch/213 [ 12.133332] [ 12.133528] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.133572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.133584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.133604] Call Trace: [ 12.133622] <TASK> [ 12.133639] dump_stack_lvl+0x73/0xb0 [ 12.133665] print_report+0xd1/0x650 [ 12.133687] ? __virt_addr_valid+0x1db/0x2d0 [ 12.133709] ? ksize_uaf+0x5e4/0x6c0 [ 12.133729] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.133751] ? ksize_uaf+0x5e4/0x6c0 [ 12.133771] kasan_report+0x141/0x180 [ 12.133792] ? ksize_uaf+0x5e4/0x6c0 [ 12.133842] __asan_report_load1_noabort+0x18/0x20 [ 12.133868] ksize_uaf+0x5e4/0x6c0 [ 12.133891] ? __pfx_ksize_uaf+0x10/0x10 [ 12.133916] ? __schedule+0x10cc/0x2b60 [ 12.133955] ? __pfx_read_tsc+0x10/0x10 [ 12.133976] ? ktime_get_ts64+0x86/0x230 [ 12.133999] kunit_try_run_case+0x1a5/0x480 [ 12.134041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.134062] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.134085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.134107] ? __kthread_parkme+0x82/0x180 [ 12.134126] ? preempt_count_sub+0x50/0x80 [ 12.134149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.134171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.134193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.134215] kthread+0x337/0x6f0 [ 12.134234] ? trace_preempt_on+0x20/0xc0 [ 12.134256] ? __pfx_kthread+0x10/0x10 [ 12.134276] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.134314] ? calculate_sigpending+0x7b/0xa0 [ 12.134337] ? __pfx_kthread+0x10/0x10 [ 12.134358] ret_from_fork+0x116/0x1d0 [ 12.134376] ? __pfx_kthread+0x10/0x10 [ 12.134396] ret_from_fork_asm+0x1a/0x30 [ 12.134426] </TASK> [ 12.134437] [ 12.147604] Allocated by task 213: [ 12.147744] kasan_save_stack+0x45/0x70 [ 12.147890] kasan_save_track+0x18/0x40 [ 12.148042] kasan_save_alloc_info+0x3b/0x50 [ 12.148428] __kasan_kmalloc+0xb7/0xc0 [ 12.148758] __kmalloc_cache_noprof+0x189/0x420 [ 12.149426] ksize_uaf+0xaa/0x6c0 [ 12.149863] kunit_try_run_case+0x1a5/0x480 [ 12.150269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.150902] kthread+0x337/0x6f0 [ 12.151251] ret_from_fork+0x116/0x1d0 [ 12.151588] ret_from_fork_asm+0x1a/0x30 [ 12.151848] [ 12.151921] Freed by task 213: [ 12.152046] kasan_save_stack+0x45/0x70 [ 12.152186] kasan_save_track+0x18/0x40 [ 12.152320] kasan_save_free_info+0x3f/0x60 [ 12.152477] __kasan_slab_free+0x56/0x70 [ 12.152969] kfree+0x222/0x3f0 [ 12.153259] ksize_uaf+0x12c/0x6c0 [ 12.153611] kunit_try_run_case+0x1a5/0x480 [ 12.154071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.154696] kthread+0x337/0x6f0 [ 12.155015] ret_from_fork+0x116/0x1d0 [ 12.155386] ret_from_fork_asm+0x1a/0x30 [ 12.155788] [ 12.155966] The buggy address belongs to the object at ffff888102794400 [ 12.155966] which belongs to the cache kmalloc-128 of size 128 [ 12.157037] The buggy address is located 120 bytes inside of [ 12.157037] freed 128-byte region [ffff888102794400, ffff888102794480) [ 12.157395] [ 12.157481] The buggy address belongs to the physical page: [ 12.158009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 12.158769] flags: 0x200000000000000(node=0|zone=2) [ 12.159327] page_type: f5(slab) [ 12.159694] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.160748] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.161247] page dumped because: kasan: bad access detected [ 12.161420] [ 12.161511] Memory state around the buggy address: [ 12.162005] ffff888102794300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.162706] ffff888102794380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.163452] >ffff888102794400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.163982] ^ [ 12.164471] ffff888102794480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.165324] ffff888102794500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.165731] ================================================================== [ 12.064220] ================================================================== [ 12.065349] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 12.065857] Read of size 1 at addr ffff888102794400 by task kunit_try_catch/213 [ 12.066112] [ 12.066342] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.066388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.066400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.066421] Call Trace: [ 12.066434] <TASK> [ 12.066451] dump_stack_lvl+0x73/0xb0 [ 12.066481] print_report+0xd1/0x650 [ 12.066504] ? __virt_addr_valid+0x1db/0x2d0 [ 12.066843] ? ksize_uaf+0x19d/0x6c0 [ 12.066870] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.066893] ? ksize_uaf+0x19d/0x6c0 [ 12.066914] kasan_report+0x141/0x180 [ 12.066949] ? ksize_uaf+0x19d/0x6c0 [ 12.066973] ? ksize_uaf+0x19d/0x6c0 [ 12.066993] __kasan_check_byte+0x3d/0x50 [ 12.067015] ksize+0x20/0x60 [ 12.067036] ksize_uaf+0x19d/0x6c0 [ 12.067066] ? __pfx_ksize_uaf+0x10/0x10 [ 12.067087] ? __schedule+0x10cc/0x2b60 [ 12.067115] ? __pfx_read_tsc+0x10/0x10 [ 12.067136] ? ktime_get_ts64+0x86/0x230 [ 12.067159] kunit_try_run_case+0x1a5/0x480 [ 12.067184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.067205] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.067228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.067250] ? __kthread_parkme+0x82/0x180 [ 12.067270] ? preempt_count_sub+0x50/0x80 [ 12.067295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.067318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.067341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.067363] kthread+0x337/0x6f0 [ 12.067383] ? trace_preempt_on+0x20/0xc0 [ 12.067405] ? __pfx_kthread+0x10/0x10 [ 12.067426] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.067446] ? calculate_sigpending+0x7b/0xa0 [ 12.067469] ? __pfx_kthread+0x10/0x10 [ 12.067490] ret_from_fork+0x116/0x1d0 [ 12.067508] ? __pfx_kthread+0x10/0x10 [ 12.067528] ret_from_fork_asm+0x1a/0x30 [ 12.067558] </TASK> [ 12.067569] [ 12.080790] Allocated by task 213: [ 12.081240] kasan_save_stack+0x45/0x70 [ 12.081801] kasan_save_track+0x18/0x40 [ 12.082012] kasan_save_alloc_info+0x3b/0x50 [ 12.082279] __kasan_kmalloc+0xb7/0xc0 [ 12.082440] __kmalloc_cache_noprof+0x189/0x420 [ 12.082972] ksize_uaf+0xaa/0x6c0 [ 12.083251] kunit_try_run_case+0x1a5/0x480 [ 12.083447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.083993] kthread+0x337/0x6f0 [ 12.084250] ret_from_fork+0x116/0x1d0 [ 12.084708] ret_from_fork_asm+0x1a/0x30 [ 12.084912] [ 12.085024] Freed by task 213: [ 12.085458] kasan_save_stack+0x45/0x70 [ 12.085820] kasan_save_track+0x18/0x40 [ 12.086055] kasan_save_free_info+0x3f/0x60 [ 12.086411] __kasan_slab_free+0x56/0x70 [ 12.086711] kfree+0x222/0x3f0 [ 12.087099] ksize_uaf+0x12c/0x6c0 [ 12.087270] kunit_try_run_case+0x1a5/0x480 [ 12.087723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.088004] kthread+0x337/0x6f0 [ 12.088355] ret_from_fork+0x116/0x1d0 [ 12.088838] ret_from_fork_asm+0x1a/0x30 [ 12.089180] [ 12.089290] The buggy address belongs to the object at ffff888102794400 [ 12.089290] which belongs to the cache kmalloc-128 of size 128 [ 12.090321] The buggy address is located 0 bytes inside of [ 12.090321] freed 128-byte region [ffff888102794400, ffff888102794480) [ 12.090695] [ 12.090776] The buggy address belongs to the physical page: [ 12.090961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 12.091329] flags: 0x200000000000000(node=0|zone=2) [ 12.091700] page_type: f5(slab) [ 12.092141] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.092659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.093233] page dumped because: kasan: bad access detected [ 12.093797] [ 12.093999] Memory state around the buggy address: [ 12.094309] ffff888102794300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.094757] ffff888102794380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.095429] >ffff888102794400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.096210] ^ [ 12.096373] ffff888102794480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.097175] ffff888102794500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.097408] ================================================================== [ 12.098508] ================================================================== [ 12.099281] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 12.099593] Read of size 1 at addr ffff888102794400 by task kunit_try_catch/213 [ 12.100322] [ 12.100528] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.100573] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.100585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.100606] Call Trace: [ 12.100620] <TASK> [ 12.100636] dump_stack_lvl+0x73/0xb0 [ 12.100663] print_report+0xd1/0x650 [ 12.100685] ? __virt_addr_valid+0x1db/0x2d0 [ 12.100706] ? ksize_uaf+0x5fe/0x6c0 [ 12.100765] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.100787] ? ksize_uaf+0x5fe/0x6c0 [ 12.100808] kasan_report+0x141/0x180 [ 12.100829] ? ksize_uaf+0x5fe/0x6c0 [ 12.100861] __asan_report_load1_noabort+0x18/0x20 [ 12.100884] ksize_uaf+0x5fe/0x6c0 [ 12.100904] ? __pfx_ksize_uaf+0x10/0x10 [ 12.100925] ? __schedule+0x10cc/0x2b60 [ 12.100956] ? __pfx_read_tsc+0x10/0x10 [ 12.100976] ? ktime_get_ts64+0x86/0x230 [ 12.100999] kunit_try_run_case+0x1a5/0x480 [ 12.101023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.101062] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.101086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.101109] ? __kthread_parkme+0x82/0x180 [ 12.101128] ? preempt_count_sub+0x50/0x80 [ 12.101151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.101174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.101195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.101217] kthread+0x337/0x6f0 [ 12.101236] ? trace_preempt_on+0x20/0xc0 [ 12.101260] ? __pfx_kthread+0x10/0x10 [ 12.101279] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.101299] ? calculate_sigpending+0x7b/0xa0 [ 12.101322] ? __pfx_kthread+0x10/0x10 [ 12.101343] ret_from_fork+0x116/0x1d0 [ 12.101361] ? __pfx_kthread+0x10/0x10 [ 12.101381] ret_from_fork_asm+0x1a/0x30 [ 12.101411] </TASK> [ 12.101422] [ 12.112836] Allocated by task 213: [ 12.113239] kasan_save_stack+0x45/0x70 [ 12.113442] kasan_save_track+0x18/0x40 [ 12.113734] kasan_save_alloc_info+0x3b/0x50 [ 12.114286] __kasan_kmalloc+0xb7/0xc0 [ 12.114682] __kmalloc_cache_noprof+0x189/0x420 [ 12.115221] ksize_uaf+0xaa/0x6c0 [ 12.115576] kunit_try_run_case+0x1a5/0x480 [ 12.115888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.116452] kthread+0x337/0x6f0 [ 12.116842] ret_from_fork+0x116/0x1d0 [ 12.116992] ret_from_fork_asm+0x1a/0x30 [ 12.117172] [ 12.117330] Freed by task 213: [ 12.117638] kasan_save_stack+0x45/0x70 [ 12.118047] kasan_save_track+0x18/0x40 [ 12.118466] kasan_save_free_info+0x3f/0x60 [ 12.118897] __kasan_slab_free+0x56/0x70 [ 12.119353] kfree+0x222/0x3f0 [ 12.119548] ksize_uaf+0x12c/0x6c0 [ 12.119840] kunit_try_run_case+0x1a5/0x480 [ 12.120230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.120815] kthread+0x337/0x6f0 [ 12.121194] ret_from_fork+0x116/0x1d0 [ 12.121405] ret_from_fork_asm+0x1a/0x30 [ 12.121857] [ 12.122029] The buggy address belongs to the object at ffff888102794400 [ 12.122029] which belongs to the cache kmalloc-128 of size 128 [ 12.122884] The buggy address is located 0 bytes inside of [ 12.122884] freed 128-byte region [ffff888102794400, ffff888102794480) [ 12.123907] [ 12.123994] The buggy address belongs to the physical page: [ 12.124307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102794 [ 12.125095] flags: 0x200000000000000(node=0|zone=2) [ 12.125619] page_type: f5(slab) [ 12.125928] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.126628] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.127229] page dumped because: kasan: bad access detected [ 12.127752] [ 12.127968] Memory state around the buggy address: [ 12.128283] ffff888102794300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.128973] ffff888102794380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.129274] >ffff888102794400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.129947] ^ [ 12.130326] ffff888102794480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.131062] ffff888102794500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.131431] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 11.139245] ================================================================== [ 11.140101] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.140388] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/171 [ 11.140741] [ 11.140919] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.140978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.140990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.141012] Call Trace: [ 11.141026] <TASK> [ 11.141045] dump_stack_lvl+0x73/0xb0 [ 11.141299] print_report+0xd1/0x650 [ 11.141324] ? __virt_addr_valid+0x1db/0x2d0 [ 11.141350] ? page_alloc_uaf+0x356/0x3d0 [ 11.141371] ? kasan_addr_to_slab+0x11/0xa0 [ 11.141391] ? page_alloc_uaf+0x356/0x3d0 [ 11.141412] kasan_report+0x141/0x180 [ 11.141433] ? page_alloc_uaf+0x356/0x3d0 [ 11.141459] __asan_report_load1_noabort+0x18/0x20 [ 11.141525] page_alloc_uaf+0x356/0x3d0 [ 11.141547] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.141569] ? __schedule+0x10cc/0x2b60 [ 11.141612] ? __pfx_read_tsc+0x10/0x10 [ 11.141635] ? ktime_get_ts64+0x86/0x230 [ 11.141670] kunit_try_run_case+0x1a5/0x480 [ 11.141695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.141721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.141756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.141779] ? __kthread_parkme+0x82/0x180 [ 11.141799] ? preempt_count_sub+0x50/0x80 [ 11.141823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.141846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.141868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.141890] kthread+0x337/0x6f0 [ 11.141909] ? trace_preempt_on+0x20/0xc0 [ 11.141940] ? __pfx_kthread+0x10/0x10 [ 11.141960] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.141981] ? calculate_sigpending+0x7b/0xa0 [ 11.142005] ? __pfx_kthread+0x10/0x10 [ 11.142027] ret_from_fork+0x116/0x1d0 [ 11.142045] ? __pfx_kthread+0x10/0x10 [ 11.142065] ret_from_fork_asm+0x1a/0x30 [ 11.142096] </TASK> [ 11.142107] [ 11.150502] The buggy address belongs to the physical page: [ 11.150779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 11.151224] flags: 0x200000000000000(node=0|zone=2) [ 11.151419] page_type: f0(buddy) [ 11.151756] raw: 0200000000000000 ffff88817fffb5c8 ffff88817fffb5c8 0000000000000000 [ 11.152118] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 11.152494] page dumped because: kasan: bad access detected [ 11.152667] [ 11.152737] Memory state around the buggy address: [ 11.152992] ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.153353] ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.153764] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.153990] ^ [ 11.154221] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.154676] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.155004] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 11.114229] ================================================================== [ 11.114799] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.115083] Free of addr ffff888102954001 by task kunit_try_catch/167 [ 11.115473] [ 11.115614] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.115671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.115684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.115705] Call Trace: [ 11.115729] <TASK> [ 11.115745] dump_stack_lvl+0x73/0xb0 [ 11.115773] print_report+0xd1/0x650 [ 11.115795] ? __virt_addr_valid+0x1db/0x2d0 [ 11.115819] ? kasan_addr_to_slab+0x11/0xa0 [ 11.115839] ? kfree+0x274/0x3f0 [ 11.115860] kasan_report_invalid_free+0x10a/0x130 [ 11.115892] ? kfree+0x274/0x3f0 [ 11.115915] ? kfree+0x274/0x3f0 [ 11.115950] __kasan_kfree_large+0x86/0xd0 [ 11.115971] free_large_kmalloc+0x4b/0x110 [ 11.116002] kfree+0x274/0x3f0 [ 11.116027] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.116049] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.116082] ? __schedule+0x10cc/0x2b60 [ 11.116104] ? __pfx_read_tsc+0x10/0x10 [ 11.116124] ? ktime_get_ts64+0x86/0x230 [ 11.116148] kunit_try_run_case+0x1a5/0x480 [ 11.116171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.116193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.116215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.116237] ? __kthread_parkme+0x82/0x180 [ 11.116266] ? preempt_count_sub+0x50/0x80 [ 11.116289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.116312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.116344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.116366] kthread+0x337/0x6f0 [ 11.116385] ? trace_preempt_on+0x20/0xc0 [ 11.116408] ? __pfx_kthread+0x10/0x10 [ 11.116428] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.116448] ? calculate_sigpending+0x7b/0xa0 [ 11.116471] ? __pfx_kthread+0x10/0x10 [ 11.116492] ret_from_fork+0x116/0x1d0 [ 11.116509] ? __pfx_kthread+0x10/0x10 [ 11.116529] ret_from_fork_asm+0x1a/0x30 [ 11.116577] </TASK> [ 11.116589] [ 11.124626] The buggy address belongs to the physical page: [ 11.124876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102954 [ 11.125455] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.125877] flags: 0x200000000000040(head|node=0|zone=2) [ 11.126176] page_type: f8(unknown) [ 11.126331] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.126707] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.126985] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.127252] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.127699] head: 0200000000000002 ffffea00040a5501 00000000ffffffff 00000000ffffffff [ 11.128238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.128498] page dumped because: kasan: bad access detected [ 11.128754] [ 11.128876] Memory state around the buggy address: [ 11.129182] ffff888102953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.129667] ffff888102953f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.129948] >ffff888102954000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.130393] ^ [ 11.130688] ffff888102954080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.130963] ffff888102954100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.131279] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 11.091402] ================================================================== [ 11.091849] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 11.092247] Read of size 1 at addr ffff888102b6c000 by task kunit_try_catch/165 [ 11.092562] [ 11.092707] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.092764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.092777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.092798] Call Trace: [ 11.092813] <TASK> [ 11.092831] dump_stack_lvl+0x73/0xb0 [ 11.092864] print_report+0xd1/0x650 [ 11.092888] ? __virt_addr_valid+0x1db/0x2d0 [ 11.092912] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.092944] ? kasan_addr_to_slab+0x11/0xa0 [ 11.092964] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.092984] kasan_report+0x141/0x180 [ 11.093015] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.093040] __asan_report_load1_noabort+0x18/0x20 [ 11.093074] kmalloc_large_uaf+0x2f1/0x340 [ 11.093094] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 11.093116] ? __schedule+0x10cc/0x2b60 [ 11.093138] ? __pfx_read_tsc+0x10/0x10 [ 11.093159] ? ktime_get_ts64+0x86/0x230 [ 11.093194] kunit_try_run_case+0x1a5/0x480 [ 11.093219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.093250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.093273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.093295] ? __kthread_parkme+0x82/0x180 [ 11.093317] ? preempt_count_sub+0x50/0x80 [ 11.093341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.093363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.093385] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.093407] kthread+0x337/0x6f0 [ 11.093426] ? trace_preempt_on+0x20/0xc0 [ 11.093450] ? __pfx_kthread+0x10/0x10 [ 11.093489] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.093509] ? calculate_sigpending+0x7b/0xa0 [ 11.093534] ? __pfx_kthread+0x10/0x10 [ 11.093575] ret_from_fork+0x116/0x1d0 [ 11.093593] ? __pfx_kthread+0x10/0x10 [ 11.093613] ret_from_fork_asm+0x1a/0x30 [ 11.093645] </TASK> [ 11.093657] [ 11.105107] The buggy address belongs to the physical page: [ 11.105705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b6c [ 11.106088] flags: 0x200000000000000(node=0|zone=2) [ 11.106439] raw: 0200000000000000 ffffea00040adc08 ffff88815b039f80 0000000000000000 [ 11.106962] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 11.107490] page dumped because: kasan: bad access detected [ 11.107914] [ 11.108023] Memory state around the buggy address: [ 11.108419] ffff888102b6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.108867] ffff888102b6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.109330] >ffff888102b6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.109783] ^ [ 11.109971] ffff888102b6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.110444] ffff888102b6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.111028] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 11.068371] ================================================================== [ 11.069085] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.069449] Write of size 1 at addr ffff88810295200a by task kunit_try_catch/163 [ 11.069844] [ 11.069974] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.070030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.070042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.070075] Call Trace: [ 11.070099] <TASK> [ 11.070116] dump_stack_lvl+0x73/0xb0 [ 11.070144] print_report+0xd1/0x650 [ 11.070165] ? __virt_addr_valid+0x1db/0x2d0 [ 11.070187] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.070218] ? kasan_addr_to_slab+0x11/0xa0 [ 11.070238] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.070260] kasan_report+0x141/0x180 [ 11.070292] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.070318] __asan_report_store1_noabort+0x1b/0x30 [ 11.070338] kmalloc_large_oob_right+0x2e9/0x330 [ 11.070360] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.070382] ? __schedule+0x10cc/0x2b60 [ 11.070404] ? __pfx_read_tsc+0x10/0x10 [ 11.070425] ? ktime_get_ts64+0x86/0x230 [ 11.070449] kunit_try_run_case+0x1a5/0x480 [ 11.070472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.070494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.070516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.070538] ? __kthread_parkme+0x82/0x180 [ 11.070558] ? preempt_count_sub+0x50/0x80 [ 11.070582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.070605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.070676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.070712] kthread+0x337/0x6f0 [ 11.070731] ? trace_preempt_on+0x20/0xc0 [ 11.070755] ? __pfx_kthread+0x10/0x10 [ 11.070775] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.070796] ? calculate_sigpending+0x7b/0xa0 [ 11.070820] ? __pfx_kthread+0x10/0x10 [ 11.070849] ret_from_fork+0x116/0x1d0 [ 11.070867] ? __pfx_kthread+0x10/0x10 [ 11.070887] ret_from_fork_asm+0x1a/0x30 [ 11.070937] </TASK> [ 11.070949] [ 11.079859] The buggy address belongs to the physical page: [ 11.080160] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 11.080470] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.080840] flags: 0x200000000000040(head|node=0|zone=2) [ 11.081112] page_type: f8(unknown) [ 11.081318] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.081660] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.082024] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.082360] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.082861] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 11.083250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.083660] page dumped because: kasan: bad access detected [ 11.083900] [ 11.083986] Memory state around the buggy address: [ 11.084176] ffff888102951f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.084462] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.085153] >ffff888102952000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.085636] ^ [ 11.085789] ffff888102952080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.086168] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.086468] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 11.042055] ================================================================== [ 11.042587] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 11.043182] Write of size 1 at addr ffff888102b45f00 by task kunit_try_catch/161 [ 11.043603] [ 11.043728] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.043772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.043785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.043805] Call Trace: [ 11.043817] <TASK> [ 11.043845] dump_stack_lvl+0x73/0xb0 [ 11.043874] print_report+0xd1/0x650 [ 11.043896] ? __virt_addr_valid+0x1db/0x2d0 [ 11.043996] ? kmalloc_big_oob_right+0x316/0x370 [ 11.044019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.044051] ? kmalloc_big_oob_right+0x316/0x370 [ 11.044073] kasan_report+0x141/0x180 [ 11.044095] ? kmalloc_big_oob_right+0x316/0x370 [ 11.044133] __asan_report_store1_noabort+0x1b/0x30 [ 11.044153] kmalloc_big_oob_right+0x316/0x370 [ 11.044174] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 11.044197] ? __schedule+0x10cc/0x2b60 [ 11.044219] ? __pfx_read_tsc+0x10/0x10 [ 11.044249] ? ktime_get_ts64+0x86/0x230 [ 11.044273] kunit_try_run_case+0x1a5/0x480 [ 11.044297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.044329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.044351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.044373] ? __kthread_parkme+0x82/0x180 [ 11.044394] ? preempt_count_sub+0x50/0x80 [ 11.044417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.044440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.044462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.044484] kthread+0x337/0x6f0 [ 11.044503] ? trace_preempt_on+0x20/0xc0 [ 11.044526] ? __pfx_kthread+0x10/0x10 [ 11.044546] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.044601] ? calculate_sigpending+0x7b/0xa0 [ 11.044627] ? __pfx_kthread+0x10/0x10 [ 11.044660] ret_from_fork+0x116/0x1d0 [ 11.044679] ? __pfx_kthread+0x10/0x10 [ 11.044699] ret_from_fork_asm+0x1a/0x30 [ 11.044729] </TASK> [ 11.044741] [ 11.053669] Allocated by task 161: [ 11.053859] kasan_save_stack+0x45/0x70 [ 11.054245] kasan_save_track+0x18/0x40 [ 11.054390] kasan_save_alloc_info+0x3b/0x50 [ 11.054915] __kasan_kmalloc+0xb7/0xc0 [ 11.055195] __kmalloc_cache_noprof+0x189/0x420 [ 11.055406] kmalloc_big_oob_right+0xa9/0x370 [ 11.055556] kunit_try_run_case+0x1a5/0x480 [ 11.055707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.056040] kthread+0x337/0x6f0 [ 11.056208] ret_from_fork+0x116/0x1d0 [ 11.056557] ret_from_fork_asm+0x1a/0x30 [ 11.056831] [ 11.056915] The buggy address belongs to the object at ffff888102b44000 [ 11.056915] which belongs to the cache kmalloc-8k of size 8192 [ 11.057273] The buggy address is located 0 bytes to the right of [ 11.057273] allocated 7936-byte region [ffff888102b44000, ffff888102b45f00) [ 11.058032] [ 11.058151] The buggy address belongs to the physical page: [ 11.058441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 11.058845] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.059388] flags: 0x200000000000040(head|node=0|zone=2) [ 11.059567] page_type: f5(slab) [ 11.059690] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.060387] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.060812] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.061059] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.061410] head: 0200000000000003 ffffea00040ad001 00000000ffffffff 00000000ffffffff [ 11.061847] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.062300] page dumped because: kasan: bad access detected [ 11.062623] [ 11.062753] Memory state around the buggy address: [ 11.063032] ffff888102b45e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.063326] ffff888102b45e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.063541] >ffff888102b45f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.064152] ^ [ 11.064351] ffff888102b45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.064832] ffff888102b46000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.065150] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.990118] ================================================================== [ 10.991238] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.991758] Write of size 1 at addr ffff888102b0e678 by task kunit_try_catch/159 [ 10.992459] [ 10.992794] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.992849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.992862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.992885] Call Trace: [ 10.992899] <TASK> [ 10.992920] dump_stack_lvl+0x73/0xb0 [ 10.992968] print_report+0xd1/0x650 [ 10.992991] ? __virt_addr_valid+0x1db/0x2d0 [ 10.993016] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.993062] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993086] kasan_report+0x141/0x180 [ 10.993107] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993136] __asan_report_store1_noabort+0x1b/0x30 [ 10.993155] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993179] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.993204] ? __schedule+0x10cc/0x2b60 [ 10.993227] ? __pfx_read_tsc+0x10/0x10 [ 10.993248] ? ktime_get_ts64+0x86/0x230 [ 10.993273] kunit_try_run_case+0x1a5/0x480 [ 10.993298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.993320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.993344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.993366] ? __kthread_parkme+0x82/0x180 [ 10.993387] ? preempt_count_sub+0x50/0x80 [ 10.993411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.993434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.993456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.993477] kthread+0x337/0x6f0 [ 10.993496] ? trace_preempt_on+0x20/0xc0 [ 10.993520] ? __pfx_kthread+0x10/0x10 [ 10.993540] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.993560] ? calculate_sigpending+0x7b/0xa0 [ 10.993584] ? __pfx_kthread+0x10/0x10 [ 10.993604] ret_from_fork+0x116/0x1d0 [ 10.993622] ? __pfx_kthread+0x10/0x10 [ 10.993641] ret_from_fork_asm+0x1a/0x30 [ 10.993672] </TASK> [ 10.993695] [ 11.006352] Allocated by task 159: [ 11.006721] kasan_save_stack+0x45/0x70 [ 11.007139] kasan_save_track+0x18/0x40 [ 11.007348] kasan_save_alloc_info+0x3b/0x50 [ 11.007597] __kasan_kmalloc+0xb7/0xc0 [ 11.008003] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.008673] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.009206] kunit_try_run_case+0x1a5/0x480 [ 11.009572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.009748] kthread+0x337/0x6f0 [ 11.009868] ret_from_fork+0x116/0x1d0 [ 11.010009] ret_from_fork_asm+0x1a/0x30 [ 11.010188] [ 11.010282] The buggy address belongs to the object at ffff888102b0e600 [ 11.010282] which belongs to the cache kmalloc-128 of size 128 [ 11.010855] The buggy address is located 0 bytes to the right of [ 11.010855] allocated 120-byte region [ffff888102b0e600, ffff888102b0e678) [ 11.011334] [ 11.011412] The buggy address belongs to the physical page: [ 11.011666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.012009] flags: 0x200000000000000(node=0|zone=2) [ 11.012373] page_type: f5(slab) [ 11.012611] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.012856] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.013252] page dumped because: kasan: bad access detected [ 11.013534] [ 11.013665] Memory state around the buggy address: [ 11.013819] ffff888102b0e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.014153] ffff888102b0e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.014435] >ffff888102b0e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.014884] ^ [ 11.015118] ffff888102b0e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.015452] ffff888102b0e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.015720] ================================================================== [ 11.016856] ================================================================== [ 11.017631] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018247] Write of size 1 at addr ffff888102b0e778 by task kunit_try_catch/159 [ 11.018721] [ 11.018853] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.018896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.018907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.018938] Call Trace: [ 11.018951] <TASK> [ 11.018965] dump_stack_lvl+0x73/0xb0 [ 11.018993] print_report+0xd1/0x650 [ 11.019015] ? __virt_addr_valid+0x1db/0x2d0 [ 11.019036] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019060] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.019082] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019112] kasan_report+0x141/0x180 [ 11.019133] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019173] __asan_report_store1_noabort+0x1b/0x30 [ 11.019193] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019217] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.019253] ? __schedule+0x10cc/0x2b60 [ 11.019275] ? __pfx_read_tsc+0x10/0x10 [ 11.019296] ? ktime_get_ts64+0x86/0x230 [ 11.019319] kunit_try_run_case+0x1a5/0x480 [ 11.019344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.019387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.019409] ? __kthread_parkme+0x82/0x180 [ 11.019428] ? preempt_count_sub+0x50/0x80 [ 11.019451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.019505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.019527] kthread+0x337/0x6f0 [ 11.019546] ? trace_preempt_on+0x20/0xc0 [ 11.019627] ? __pfx_kthread+0x10/0x10 [ 11.019647] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.019667] ? calculate_sigpending+0x7b/0xa0 [ 11.019690] ? __pfx_kthread+0x10/0x10 [ 11.019711] ret_from_fork+0x116/0x1d0 [ 11.019729] ? __pfx_kthread+0x10/0x10 [ 11.019748] ret_from_fork_asm+0x1a/0x30 [ 11.019778] </TASK> [ 11.019789] [ 11.028254] Allocated by task 159: [ 11.028434] kasan_save_stack+0x45/0x70 [ 11.028711] kasan_save_track+0x18/0x40 [ 11.028899] kasan_save_alloc_info+0x3b/0x50 [ 11.029163] __kasan_kmalloc+0xb7/0xc0 [ 11.029353] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.029702] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.029969] kunit_try_run_case+0x1a5/0x480 [ 11.030290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.030616] kthread+0x337/0x6f0 [ 11.030778] ret_from_fork+0x116/0x1d0 [ 11.031114] ret_from_fork_asm+0x1a/0x30 [ 11.031299] [ 11.031400] The buggy address belongs to the object at ffff888102b0e700 [ 11.031400] which belongs to the cache kmalloc-128 of size 128 [ 11.031861] The buggy address is located 0 bytes to the right of [ 11.031861] allocated 120-byte region [ffff888102b0e700, ffff888102b0e778) [ 11.032403] [ 11.032500] The buggy address belongs to the physical page: [ 11.032822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.033304] flags: 0x200000000000000(node=0|zone=2) [ 11.033627] page_type: f5(slab) [ 11.033825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.034102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.034396] page dumped because: kasan: bad access detected [ 11.034819] [ 11.034912] Memory state around the buggy address: [ 11.035099] ffff888102b0e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.035442] ffff888102b0e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.035804] >ffff888102b0e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.036031] ^ [ 11.036385] ffff888102b0e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.036850] ffff888102b0e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.037298] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.954950] ================================================================== [ 10.956047] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.956708] Read of size 1 at addr ffff888102b2b000 by task kunit_try_catch/157 [ 10.956951] [ 10.957055] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.957100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.957112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.957133] Call Trace: [ 10.957147] <TASK> [ 10.957163] dump_stack_lvl+0x73/0xb0 [ 10.957192] print_report+0xd1/0x650 [ 10.957215] ? __virt_addr_valid+0x1db/0x2d0 [ 10.957238] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.957261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.957282] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.957305] kasan_report+0x141/0x180 [ 10.957327] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.957356] __asan_report_load1_noabort+0x18/0x20 [ 10.957379] kmalloc_node_oob_right+0x369/0x3c0 [ 10.957403] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.957427] ? __schedule+0x10cc/0x2b60 [ 10.957448] ? __pfx_read_tsc+0x10/0x10 [ 10.957469] ? ktime_get_ts64+0x86/0x230 [ 10.957493] kunit_try_run_case+0x1a5/0x480 [ 10.957517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.957560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.957582] ? __kthread_parkme+0x82/0x180 [ 10.957602] ? preempt_count_sub+0x50/0x80 [ 10.957626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.957670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.957692] kthread+0x337/0x6f0 [ 10.957711] ? trace_preempt_on+0x20/0xc0 [ 10.957734] ? __pfx_kthread+0x10/0x10 [ 10.957754] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.957774] ? calculate_sigpending+0x7b/0xa0 [ 10.957797] ? __pfx_kthread+0x10/0x10 [ 10.957818] ret_from_fork+0x116/0x1d0 [ 10.957836] ? __pfx_kthread+0x10/0x10 [ 10.957856] ret_from_fork_asm+0x1a/0x30 [ 10.957886] </TASK> [ 10.957897] [ 10.971640] Allocated by task 157: [ 10.972256] kasan_save_stack+0x45/0x70 [ 10.972468] kasan_save_track+0x18/0x40 [ 10.973376] kasan_save_alloc_info+0x3b/0x50 [ 10.973920] __kasan_kmalloc+0xb7/0xc0 [ 10.974216] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.974702] kmalloc_node_oob_right+0xab/0x3c0 [ 10.974916] kunit_try_run_case+0x1a5/0x480 [ 10.975119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.975585] kthread+0x337/0x6f0 [ 10.975758] ret_from_fork+0x116/0x1d0 [ 10.976032] ret_from_fork_asm+0x1a/0x30 [ 10.976260] [ 10.976363] The buggy address belongs to the object at ffff888102b2a000 [ 10.976363] which belongs to the cache kmalloc-4k of size 4096 [ 10.977340] The buggy address is located 0 bytes to the right of [ 10.977340] allocated 4096-byte region [ffff888102b2a000, ffff888102b2b000) [ 10.978152] [ 10.978238] The buggy address belongs to the physical page: [ 10.978813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b28 [ 10.979559] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.979901] flags: 0x200000000000040(head|node=0|zone=2) [ 10.980332] page_type: f5(slab) [ 10.980700] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.981141] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.981622] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.982030] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.982483] head: 0200000000000003 ffffea00040aca01 00000000ffffffff 00000000ffffffff [ 10.983153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.983617] page dumped because: kasan: bad access detected [ 10.983970] [ 10.984077] Memory state around the buggy address: [ 10.984384] ffff888102b2af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.984923] ffff888102b2af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.985344] >ffff888102b2b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.985813] ^ [ 10.985986] ffff888102b2b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.986469] ffff888102b2b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.986911] ==================================================================
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 146.799721] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 146.799839] WARNING: CPU: 0 PID: 2568 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 146.802027] Modules linked in: [ 146.802204] CPU: 0 UID: 0 PID: 2568 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 146.802651] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.802927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.803821] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 146.804281] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d 1d 80 00 48 c7 c1 a0 7d be ae 4c 89 f2 48 c7 c7 60 7a be ae 48 89 c6 e8 a4 d2 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 146.806137] RSP: 0000:ffff88810cdcfd18 EFLAGS: 00010286 [ 146.806759] RAX: 0000000000000000 RBX: ffff88810aa2f800 RCX: 1ffffffff5f24c80 [ 146.807249] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 146.807525] RBP: ffff88810cdcfd48 R08: 0000000000000000 R09: fffffbfff5f24c80 [ 146.807744] R10: 0000000000000003 R11: 0000000000039ef8 R12: ffff88810cca6000 [ 146.807951] R13: ffff88810aa2f8f8 R14: ffff888104b8fa00 R15: ffff88810039fb40 [ 146.808155] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 146.808398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.808881] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 146.809533] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 146.810132] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.810844] Call Trace: [ 146.811100] <TASK> [ 146.811372] ? trace_preempt_on+0x20/0xc0 [ 146.811895] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 146.812423] drm_gem_shmem_free_wrapper+0x12/0x20 [ 146.812892] __kunit_action_free+0x57/0x70 [ 146.813284] kunit_remove_resource+0x133/0x200 [ 146.813590] ? preempt_count_sub+0x50/0x80 [ 146.813807] kunit_cleanup+0x7a/0x120 [ 146.814084] kunit_try_run_case_cleanup+0xbd/0xf0 [ 146.814830] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 146.815331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.815574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.816104] kthread+0x337/0x6f0 [ 146.816426] ? trace_preempt_on+0x20/0xc0 [ 146.816682] ? __pfx_kthread+0x10/0x10 [ 146.816825] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.816978] ? calculate_sigpending+0x7b/0xa0 [ 146.817129] ? __pfx_kthread+0x10/0x10 [ 146.817263] ret_from_fork+0x116/0x1d0 [ 146.817417] ? __pfx_kthread+0x10/0x10 [ 146.817660] ret_from_fork_asm+0x1a/0x30 [ 146.817867] </TASK> [ 146.817962] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 146.654466] WARNING: CPU: 0 PID: 2549 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 146.655353] Modules linked in: [ 146.655533] CPU: 0 UID: 0 PID: 2549 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 146.655926] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.656196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.656590] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 146.657030] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 146.658347] RSP: 0000:ffff88810c50fb30 EFLAGS: 00010246 [ 146.658644] RAX: dffffc0000000000 RBX: ffff88810c50fc28 RCX: 0000000000000000 [ 146.658972] RDX: 1ffff110218a1f8e RSI: ffff88810c50fc28 RDI: ffff88810c50fc70 [ 146.659276] RBP: ffff88810c50fb70 R08: ffff88810cd71000 R09: ffffffffaebd80e0 [ 146.659684] R10: 0000000000000003 R11: 00000000cd24e467 R12: ffff88810cd71000 [ 146.659982] R13: ffff88810039fae8 R14: ffff88810c50fba8 R15: 0000000000000000 [ 146.660289] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 146.660686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.661058] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 146.661358] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 146.661936] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.662221] Call Trace: [ 146.662344] <TASK> [ 146.662473] ? add_dr+0xc1/0x1d0 [ 146.662950] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 146.663233] ? add_dr+0x148/0x1d0 [ 146.663430] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 146.663907] ? __drmm_add_action+0x1a4/0x280 [ 146.664147] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 146.664410] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 146.664885] ? __drmm_add_action_or_reset+0x22/0x50 [ 146.665186] ? __schedule+0x10cc/0x2b60 [ 146.665393] ? __pfx_read_tsc+0x10/0x10 [ 146.665751] ? ktime_get_ts64+0x86/0x230 [ 146.666069] kunit_try_run_case+0x1a5/0x480 [ 146.666289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.666622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.666972] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.667223] ? __kthread_parkme+0x82/0x180 [ 146.667655] ? preempt_count_sub+0x50/0x80 [ 146.667845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.668087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.668351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.668772] kthread+0x337/0x6f0 [ 146.668948] ? trace_preempt_on+0x20/0xc0 [ 146.669178] ? __pfx_kthread+0x10/0x10 [ 146.669360] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.669539] ? calculate_sigpending+0x7b/0xa0 [ 146.669965] ? __pfx_kthread+0x10/0x10 [ 146.670170] ret_from_fork+0x116/0x1d0 [ 146.670406] ? __pfx_kthread+0x10/0x10 [ 146.670549] ret_from_fork_asm+0x1a/0x30 [ 146.671032] </TASK> [ 146.671200] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 146.617306] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 146.617446] WARNING: CPU: 1 PID: 2545 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 146.620264] Modules linked in: [ 146.620713] CPU: 1 UID: 0 PID: 2545 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 146.622020] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.622788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.623120] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 146.623307] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b 3a 87 00 48 c7 c1 c0 2f bd ae 4c 89 fa 48 c7 c7 20 30 bd ae 48 89 c6 e8 72 ef 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 146.624117] RSP: 0000:ffff88810cc9fb68 EFLAGS: 00010282 [ 146.624351] RAX: 0000000000000000 RBX: ffff88810cc9fc40 RCX: 1ffffffff5f24c80 [ 146.624731] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 146.625101] RBP: ffff88810cc9fb90 R08: 0000000000000000 R09: fffffbfff5f24c80 [ 146.625388] R10: 0000000000000003 R11: 0000000000038588 R12: ffff88810cc9fc18 [ 146.625961] R13: ffff88810c529000 R14: ffff88810cbd1000 R15: ffff88810487bb80 [ 146.626260] FS: 0000000000000000(0000) GS:ffff8881aa574000(0000) knlGS:0000000000000000 [ 146.626929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.627183] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 146.627543] DR0: ffffffffb0c50444 DR1: ffffffffb0c50449 DR2: ffffffffb0c5044a [ 146.627969] DR3: ffffffffb0c5044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.628245] Call Trace: [ 146.628368] <TASK> [ 146.628632] drm_test_framebuffer_free+0x1ab/0x610 [ 146.628897] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 146.629181] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 146.629571] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 146.629883] ? __drmm_add_action_or_reset+0x22/0x50 [ 146.630091] ? __schedule+0x10cc/0x2b60 [ 146.630304] ? __pfx_read_tsc+0x10/0x10 [ 146.630609] ? ktime_get_ts64+0x86/0x230 [ 146.630784] kunit_try_run_case+0x1a5/0x480 [ 146.631026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.631201] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.631388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.631800] ? __kthread_parkme+0x82/0x180 [ 146.632021] ? preempt_count_sub+0x50/0x80 [ 146.632309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.632558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.632890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.633147] kthread+0x337/0x6f0 [ 146.633341] ? trace_preempt_on+0x20/0xc0 [ 146.634020] ? __pfx_kthread+0x10/0x10 [ 146.634235] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.634726] ? calculate_sigpending+0x7b/0xa0 [ 146.634956] ? __pfx_kthread+0x10/0x10 [ 146.635282] ret_from_fork+0x116/0x1d0 [ 146.635777] ? __pfx_kthread+0x10/0x10 [ 146.635981] ret_from_fork_asm+0x1a/0x30 [ 146.636310] </TASK> [ 146.636439] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 145.226761] WARNING: CPU: 0 PID: 1975 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 145.227928] Modules linked in: [ 145.228106] CPU: 0 UID: 0 PID: 1975 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.228451] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.229214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.230095] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 145.231109] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 145.232295] RSP: 0000:ffff88810bd2fc90 EFLAGS: 00010246 [ 145.232856] RAX: dffffc0000000000 RBX: ffff88810be66000 RCX: 0000000000000000 [ 145.233738] RDX: 1ffff110217ccc32 RSI: ffffffffabe04648 RDI: ffff88810be66190 [ 145.234395] RBP: ffff88810bd2fca0 R08: 1ffff11020073f69 R09: ffffed10217a5f65 [ 145.235097] R10: 0000000000000003 R11: ffffffffab386fa8 R12: 0000000000000000 [ 145.235915] R13: ffff88810bd2fd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 145.236531] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 145.237095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.237286] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 145.237877] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 145.238700] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.238981] Call Trace: [ 145.239091] <TASK> [ 145.239198] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 145.239464] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 145.239927] ? __schedule+0x10cc/0x2b60 [ 145.240123] ? __pfx_read_tsc+0x10/0x10 [ 145.240272] ? ktime_get_ts64+0x86/0x230 [ 145.240488] kunit_try_run_case+0x1a5/0x480 [ 145.240792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.240982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.241220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.241527] ? __kthread_parkme+0x82/0x180 [ 145.241727] ? preempt_count_sub+0x50/0x80 [ 145.241938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.242132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.242349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.242690] kthread+0x337/0x6f0 [ 145.242975] ? trace_preempt_on+0x20/0xc0 [ 145.243131] ? __pfx_kthread+0x10/0x10 [ 145.243337] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.243538] ? calculate_sigpending+0x7b/0xa0 [ 145.243908] ? __pfx_kthread+0x10/0x10 [ 145.244089] ret_from_fork+0x116/0x1d0 [ 145.244291] ? __pfx_kthread+0x10/0x10 [ 145.244452] ret_from_fork_asm+0x1a/0x30 [ 145.244764] </TASK> [ 145.244905] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 145.309436] WARNING: CPU: 1 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 145.310653] Modules linked in: [ 145.311036] CPU: 1 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.312380] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.313062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.313777] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 145.314141] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 145.314659] RSP: 0000:ffff88810bcc7c90 EFLAGS: 00010246 [ 145.314847] RAX: dffffc0000000000 RBX: ffff88810c050000 RCX: 0000000000000000 [ 145.315061] RDX: 1ffff1102180a032 RSI: ffffffffabe04648 RDI: ffff88810c050190 [ 145.315273] RBP: ffff88810bcc7ca0 R08: 1ffff11020073f69 R09: ffffed1021798f65 [ 145.316062] R10: 0000000000000003 R11: ffffffffab386fa8 R12: 0000000000000000 [ 145.316818] R13: ffff88810bcc7d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 145.317505] FS: 0000000000000000(0000) GS:ffff8881aa574000(0000) knlGS:0000000000000000 [ 145.318201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.318925] CR2: 00007ffff7ffe000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 145.319651] DR0: ffffffffb0c50444 DR1: ffffffffb0c50449 DR2: ffffffffb0c5044a [ 145.320397] DR3: ffffffffb0c5044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.321235] Call Trace: [ 145.321643] <TASK> [ 145.321904] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 145.322411] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 145.323083] ? __schedule+0x10cc/0x2b60 [ 145.323237] ? __pfx_read_tsc+0x10/0x10 [ 145.323394] ? ktime_get_ts64+0x86/0x230 [ 145.323934] kunit_try_run_case+0x1a5/0x480 [ 145.324476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.324985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.325496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.325948] ? __kthread_parkme+0x82/0x180 [ 145.326100] ? preempt_count_sub+0x50/0x80 [ 145.326252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.326497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.327015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.327657] kthread+0x337/0x6f0 [ 145.328069] ? trace_preempt_on+0x20/0xc0 [ 145.328553] ? __pfx_kthread+0x10/0x10 [ 145.328950] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.329375] ? calculate_sigpending+0x7b/0xa0 [ 145.329879] ? __pfx_kthread+0x10/0x10 [ 145.330026] ret_from_fork+0x116/0x1d0 [ 145.330164] ? __pfx_kthread+0x10/0x10 [ 145.330303] ret_from_fork_asm+0x1a/0x30 [ 145.330597] </TASK> [ 145.330890] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 114.856551] WARNING: CPU: 1 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 114.856860] Modules linked in: [ 114.857067] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 114.857537] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 114.857784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 114.858166] RIP: 0010:intlog10+0x2a/0x40 [ 114.858954] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 114.859979] RSP: 0000:ffff888109f2fcb0 EFLAGS: 00010246 [ 114.860195] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110213e5fb4 [ 114.860661] RDX: 1ffffffff5d52c94 RSI: 1ffff110213e5fb3 RDI: 0000000000000000 [ 114.861011] RBP: ffff888109f2fd60 R08: 0000000000000000 R09: ffffed10212b6c60 [ 114.861374] R10: ffff8881095b6307 R11: 0000000000000000 R12: 1ffff110213e5f97 [ 114.861850] R13: ffffffffaea964a0 R14: 0000000000000000 R15: ffff888109f2fd38 [ 114.862222] FS: 0000000000000000(0000) GS:ffff8881aa574000(0000) knlGS:0000000000000000 [ 114.862718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.863006] CR2: ffff88815a926fe0 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 114.863422] DR0: ffffffffb0c50444 DR1: ffffffffb0c50449 DR2: ffffffffb0c5044a [ 114.863796] DR3: ffffffffb0c5044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 114.864175] Call Trace: [ 114.864287] <TASK> [ 114.864563] ? intlog10_test+0xf2/0x220 [ 114.864938] ? __pfx_intlog10_test+0x10/0x10 [ 114.865263] ? __schedule+0x10cc/0x2b60 [ 114.865782] ? __pfx_read_tsc+0x10/0x10 [ 114.865995] ? ktime_get_ts64+0x86/0x230 [ 114.866223] kunit_try_run_case+0x1a5/0x480 [ 114.866550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 114.866758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 114.866975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 114.867255] ? __kthread_parkme+0x82/0x180 [ 114.867650] ? preempt_count_sub+0x50/0x80 [ 114.867863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 114.868101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 114.868297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 114.868798] kthread+0x337/0x6f0 [ 114.869046] ? trace_preempt_on+0x20/0xc0 [ 114.869241] ? __pfx_kthread+0x10/0x10 [ 114.869437] ? _raw_spin_unlock_irq+0x47/0x80 [ 114.869779] ? calculate_sigpending+0x7b/0xa0 [ 114.870037] ? __pfx_kthread+0x10/0x10 [ 114.870204] ret_from_fork+0x116/0x1d0 [ 114.870455] ? __pfx_kthread+0x10/0x10 [ 114.870654] ret_from_fork_asm+0x1a/0x30 [ 114.870813] </TASK> [ 114.870948] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 114.817086] WARNING: CPU: 0 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 114.817665] Modules linked in: [ 114.818023] CPU: 0 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 114.818610] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 114.819149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 114.820097] RIP: 0010:intlog2+0xdf/0x110 [ 114.820282] Code: a9 ae c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 17 9c 86 02 89 45 e4 e8 0f 10 56 ff 8b 45 e4 eb [ 114.822540] RSP: 0000:ffff888100e37cb0 EFLAGS: 00010246 [ 114.823015] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110201c6fb4 [ 114.823243] RDX: 1ffffffff5d52ce8 RSI: 1ffff110201c6fb3 RDI: 0000000000000000 [ 114.823662] RBP: ffff888100e37d60 R08: 0000000000000000 R09: ffffed10212f0c80 [ 114.824575] R10: ffff888109786407 R11: 0000000000000000 R12: 1ffff110201c6f97 [ 114.825096] R13: ffffffffaea96740 R14: 0000000000000000 R15: ffff888100e37d38 [ 114.825323] FS: 0000000000000000(0000) GS:ffff8881aa474000(0000) knlGS:0000000000000000 [ 114.825940] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.826525] CR2: dffffc0000000000 CR3: 0000000016abc000 CR4: 00000000000006f0 [ 114.827119] DR0: ffffffffb0c50440 DR1: ffffffffb0c50441 DR2: ffffffffb0c50443 [ 114.827348] DR3: ffffffffb0c50445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 114.827946] Call Trace: [ 114.828199] <TASK> [ 114.828448] ? intlog2_test+0xf2/0x220 [ 114.828904] ? __pfx_intlog2_test+0x10/0x10 [ 114.829345] ? __schedule+0x10cc/0x2b60 [ 114.829548] ? __pfx_read_tsc+0x10/0x10 [ 114.829961] ? ktime_get_ts64+0x86/0x230 [ 114.830262] kunit_try_run_case+0x1a5/0x480 [ 114.830572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 114.831003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 114.831285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 114.831721] ? __kthread_parkme+0x82/0x180 [ 114.832281] ? preempt_count_sub+0x50/0x80 [ 114.832586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 114.832955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 114.833143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 114.833353] kthread+0x337/0x6f0 [ 114.833499] ? trace_preempt_on+0x20/0xc0 [ 114.833707] ? __pfx_kthread+0x10/0x10 [ 114.833954] ? _raw_spin_unlock_irq+0x47/0x80 [ 114.834150] ? calculate_sigpending+0x7b/0xa0 [ 114.834348] ? __pfx_kthread+0x10/0x10 [ 114.834550] ret_from_fork+0x116/0x1d0 [ 114.834773] ? __pfx_kthread+0x10/0x10 [ 114.834946] ret_from_fork_asm+0x1a/0x30 [ 114.835164] </TASK> [ 114.835334] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 114.270775] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI